rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Finished up with email password reset system.

Browse source
This commit is contained in:
rainbow napkin 2024-12-28 15:36:42 -05:00
parent 3671b43789
commit 478edeeddf
13 changed files with 233 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
config.example.json
View file

@ -11,5 +11,12 @@
"database": "canopy", "database": "canopy",
"user": "canopy", "user": "canopy",
"pass": "CHANGE_ME" "pass": "CHANGE_ME"
},
"mail":{
"host": "mail.42069.weed",
"port": 465,
"secure": true,
"address": "toke@42069.weed",
"pass": "CHANGE_ME"
} }
} }

1
package.json
View file

@ -14,6 +14,7 @@
"express-validator": "^7.2.0", "express-validator": "^7.2.0",
"mongoose": "^8.4.3", "mongoose": "^8.4.3",
"node-cron": "^3.0.3", "node-cron": "^3.0.3",
"nodemailer": "^6.9.16",
"socket.io": "^4.8.1" "socket.io": "^4.8.1"
}, },
"scripts": { "scripts": {

6
src/controllers/api/account/passwordResetController.js
View file

@ -14,18 +14,16 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Config
const config = require('../../../../config.json');
//NPM Imports //NPM Imports
const {validationResult, matchedData} = require('express-validator'); const {validationResult, matchedData} = require('express-validator');
//local imports //local imports
const passwordResetModel = require('../../../schemas/passwordResetSchema'); const passwordResetModel = require('../../../schemas/passwordResetSchema');
const altchaUtils = require('../../../utils/altchaUtils');
const sessionUtils = require('../../../utils/sessionUtils'); const sessionUtils = require('../../../utils/sessionUtils');
const altchaUtils = require('../../../utils/altchaUtils');
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils'); const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
//gateway for resetting password
module.exports.post = async function(req, res){ module.exports.post = async function(req, res){
try{ try{
//Check for validation errors //Check for validation errors

88
src/controllers/api/account/passwordResetRequestController.js Normal file
View file

@ -0,0 +1,88 @@
/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Config
const config = require('../../../../config.json');
//NPM Imports
const {validationResult, matchedData} = require('express-validator');
//local imports
const {userModel} = require('../../../schemas/userSchema');
const passwordResetModel = require('../../../schemas/passwordResetSchema');
const mailUtils = require('../../../utils/mailUtils');
const altchaUtils = require('../../../utils/altchaUtils');
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
//Gateway for generating request token and having it emailed to the user
module.exports.post = async function(req, res){
try{
//Check for validation errors
const validResult = validationResult(req);
//If there are none
if(validResult.isEmpty()){
//Get sanatized/validated data
const {user} = matchedData(req);
//Verify Altcha Payload
const verified = await altchaUtils.verify(req.body.verification);
//If altcha verification failed
if(!verified){
return errorHandler(res, 'Altcha verification failed, Please refresh the page!', 'unauthorized');
}
//Play dumb, don't let them know how long this request takes or what happens.
res.sendStatus(200);
//Find user model from DB
const userDB = await userModel.findOne({user});
//If we have an invalid user
if(userDB == null){
return;
}
//If this user has no registered email
if(userDB.email == null || userDB.email == ""){
//Play dumb
return;
}
//Generate the password reset link
const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: req.ip});
//Send the reset url via email
const mailInfo = await mailUtils.mailem(
userDB.email,
`Password Reset Request - ${userDB.user}`,
`<h1>Password Reset Request</h1>
<p>A password reset request for the ${config.instanceName} account '${userDB.user}' has been requested.<br>
<a href="${requestDB.getResetURL()}">Click here</a> to reset your password.</p>
<sup>If you received this email without request, please contact the server adminsitrator! -Tokebot</sup>`,
true
);
//Wash our hands of the request
return;
}else{
res.status(400);
return res.send({errors: validResult.array()});
}
}catch(err){
return exceptionHandler(res, err);
}
}

4
src/controllers/api/admin/passwordResetController.js
View file

@ -41,9 +41,9 @@ module.exports.post = async function(req, res){
} }
//Generate the password reset link //Generate the password reset link
const requestDB = await passwordResetModel.create({user: userDB._id}); const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: req.ip});
//send successful response //send URL
res.status(200); res.status(200);
return res.send({url: requestDB.getResetURL()}); return res.send({url: requestDB.getResetURL()});
//otherwise scream //otherwise scream

19
src/routers/api/accountRouter.js
View file

@ -24,6 +24,7 @@ const logoutController = require("../../controllers/api/account/logoutController
const registerController = require("../../controllers/api/account/registerController"); const registerController = require("../../controllers/api/account/registerController");
const updateController = require("../../controllers/api/account/updateController"); const updateController = require("../../controllers/api/account/updateController");
const rankEnumController = require("../../controllers/api/account/rankEnumController"); const rankEnumController = require("../../controllers/api/account/rankEnumController");
const passwordResetRequestController = require("../../controllers/api/account/passwordResetRequestController");
const passwordResetController = require("../../controllers/api/account/passwordResetController"); const passwordResetController = require("../../controllers/api/account/passwordResetController");
const deleteController = require("../../controllers/api/account/deleteController"); const deleteController = require("../../controllers/api/account/deleteController");
@ -31,28 +32,30 @@ const deleteController = require("../../controllers/api/account/deleteController
const router = Router(); const router = Router();
//routing functions //routing functions
//login
router.post('/login', accountValidator.user(), accountValidator.pass(), loginController.post); router.post('/login', accountValidator.user(), accountValidator.pass(), loginController.post);
//logout
router.get('/logout', logoutController.get); router.get('/logout', logoutController.get);
//register
router.post('/register', accountValidator.user(), router.post('/register', accountValidator.user(),
accountValidator.securePass(), accountValidator.securePass(),
accountValidator.pass('passConfirm'), accountValidator.pass('passConfirm'),
accountValidator.email(), registerController.post); accountValidator.email(), registerController.post);
//update profile
router.post('/update', accountValidator.img(), router.post('/update', accountValidator.img(),
accountValidator.bio(), accountValidator.bio(),
accountValidator.signature(), accountValidator.signature(),
accountValidator.pass('passChange.oldPass'), accountValidator.pass('passChange.oldPass'),
accountValidator.securePass('passChange.newPass'), accountValidator.securePass('passChange.newPass'),
accountValidator.pass('passChange.confirmPass'), updateController.post); accountValidator.pass('passChange.confirmPass'), updateController.post);
//rankEnum
//This might seem silly, but it allows us to cleanly get the current rank list to compare against, without storing it in multiple places //This might seem silly, but it allows us to cleanly get the current rank list to compare against, without storing it in multiple places
router.get('/rankEnum', rankEnumController.get); router.get('/rankEnum', rankEnumController.get);
//password reset request
router.post('/passwordReset', accountValidator.securityToken(), accountValidator.securePass(), accountValidator.pass('confirmPass'), passwordResetController.post) router.post('/passwordResetRequest', accountValidator.user(), passwordResetRequestController.post);
//password reset
router.post('/passwordReset', accountValidator.securityToken(), accountValidator.securePass(), accountValidator.pass('confirmPass'), passwordResetController.post);
//account deletion
router.post('/delete', accountValidator.pass(), deleteController.post); router.post('/delete', accountValidator.pass(), deleteController.post);
module.exports = router; module.exports = router;

25
src/schemas/passwordResetSchema.js
View file

@ -26,6 +26,9 @@ const crypto = require("node:crypto");
//NPM Imports //NPM Imports
const {mongoose} = require('mongoose'); const {mongoose} = require('mongoose');
//Local Imports
const hashUtil = require('../utils/hashUtils');
const daysToExpire = 7; const daysToExpire = 7;
const passwordResetSchema = new mongoose.Schema({ const passwordResetSchema = new mongoose.Schema({
@ -40,19 +43,35 @@ const passwordResetSchema = new mongoose.Schema({
//Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our reset token //Use a cryptographically secure algorythm to create a random hex string from 16 bytes as our reset token
default: ()=>{return crypto.randomBytes(16).toString('hex')} default: ()=>{return crypto.randomBytes(16).toString('hex')}
}, },
ipHash: {
type: mongoose.SchemaTypes.String,
required: true
},
date: { date: {
type: mongoose.SchemaTypes.Date, type: mongoose.SchemaTypes.Date,
required: true, required: true,
default: new Date() default: new Date()
} }
}); });
//Presave function
passwordResetSchema.pre('save', async function (next){
//If we're saving an ip
if(this.isModified('ipHash')){
//Hash that sunnuvabitch
this.ipHash = hashUtil.hashIP(this.ipHash);
}
next();
});
//statics //statics
passwordResetSchema.statics.processExpiredRequests = async function(){ passwordResetSchema.statics.processExpiredRequests = async function(){
//Pull all requests from the DB //Pull all requests from the DB
const requestDB = await this.find({}); const requestDB = await this.find({});
//Fire em all off at once without waiting for the last one to complete since we don't fuckin' need to
requestDB.forEach(async (request) => { requestDB.forEach(async (request) => {
//If the request hasn't been processed and it's been expired //If the request hasn't been processed and it's been expired
if(request.getDaysUntilExpiration() <= 0){ if(request.getDaysUntilExpiration() <= 0){
@ -97,11 +116,11 @@ passwordResetSchema.methods.getResetURL = function(){
} }
passwordResetSchema.methods.getDaysUntilExpiration = function(){ passwordResetSchema.methods.getDaysUntilExpiration = function(){
//Get ban date //Get request date
const expirationDate = new Date(this.date); const expirationDate = new Date(this.date);
//Get expiration days and calculate expiration date //Get expiration days and calculate expiration date
expirationDate.setDate(expirationDate.getDate() + daysToExpire); expirationDate.setDate(expirationDate.getDate() + daysToExpire);
//Calculate and return days until ban expiration //Calculate and return days until request expiration
return ((expirationDate - new Date()) / (1000 * 60 * 60 * 24)).toFixed(1); return ((expirationDate - new Date()) / (1000 * 60 * 60 * 24)).toFixed(1);
} }

14
src/schemas/userSchema.js
View file

@ -14,10 +14,6 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Built-In Imports
const crypto = require('node:crypto');
//NPM Imports //NPM Imports
const {mongoose} = require('mongoose'); const {mongoose} = require('mongoose');
@ -515,14 +511,8 @@ userSchema.methods.deleteEmote = async function(name){
} }
userSchema.methods.tattooIPRecord = async function(ip){ userSchema.methods.tattooIPRecord = async function(ip){
//Create hash //Hash the users ip
const hashObj = crypto.createHash('md5'); const ipHash = hashUtil.hashIP(ip);
//add IP to the hash
hashObj.update(ip);
//Store the IP hash as a string
const ipHash = hashObj.digest('hex');
//Look for a pre-existing entry for this ipHash //Look for a pre-existing entry for this ipHash
const foundIndex = this.recentIPs.findIndex(checkHash); const foundIndex = this.recentIPs.findIndex(checkHash);

15
src/utils/hashUtils.js
View file

@ -14,6 +14,10 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Node Imports
const crypto = require('node:crypto');
//NPM Imports
const bcrypt = require('bcrypt'); const bcrypt = require('bcrypt');
module.exports.hashPassword = function(pass){ module.exports.hashPassword = function(pass){
@ -23,4 +27,15 @@ module.exports.hashPassword = function(pass){
module.exports.comparePassword = function(pass, hash){ module.exports.comparePassword = function(pass, hash){
return bcrypt.compareSync(pass, hash); return bcrypt.compareSync(pass, hash);
}
module.exports.hashIP = function(ip){
//Create hash object
const hashObj = crypto.createHash('md5');
//add IP to the hash
hashObj.update(ip);
//return the IP hash as a string
return hashObj.digest('hex');
} }

57
src/utils/mailUtils.js Normal file
View file

@ -0,0 +1,57 @@
/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024 Rainbownapkin and the TTN Community
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Config
const config = require('../../config.json');
//NPM imports
const nodeMailer = require("nodemailer");
//Setup mail transport
const transporter = nodeMailer.createTransport({
host: config.mail.host,
port: config.mail.port,
secure: config.mail.secure,
auth: {
user: config.mail.address,
pass: config.mail.pass
}
});
module.exports.mailem = async function(to, subject, body, htmlBody = false){
//Create mail object
const mailObj = {
from: `"Tokebot🤖💨"<${config.mail.address}>`,
to,
subject
};
//If we're sending HTML
if(htmlBody){
//set body as html
mailObj.html = body;
//If we're sending plaintext
}else{
//Set body as plaintext
mailObj.text = body
}
//Send mail based on mail object
const sentMail = await transporter.sendMail(mailObj);
//return the mail info
return sentMail;
}

6
www/js/passwordReset.js
View file

@ -54,7 +54,7 @@ class registerPrompt{
this.verification = event.detail.payload; this.verification = event.detail.payload;
} }
register(){ async register(){
//If altcha verification isn't complete //If altcha verification isn't complete
if(this.verification == null){ if(this.verification == null){
//don't bother //don't bother
@ -63,7 +63,7 @@ class registerPrompt{
//If we're initiating a password change request //If we're initiating a password change request
if(this.initiating){ if(this.initiating){
await utils.ajax.requestPasswordReset(this.user.value, this.verification);
//If we're completing a password change //If we're completing a password change
}else{ }else{
//if the confirmation password doesn't match //if the confirmation password doesn't match
@ -74,7 +74,7 @@ class registerPrompt{
} }
//Send the registration informaiton off to the server //Send the registration informaiton off to the server
utils.ajax.resetPassword(this.token , this.pass.value , this.passConfirm.value , this.verification); await utils.ajax.resetPassword(this.token , this.pass.value , this.passConfirm.value , this.verification);
} }
} }
} }

2
www/js/register.js
View file

@ -66,4 +66,4 @@ class registerPrompt{
} }
} }
const registerForm = new resetPrompt(); const registerForm = new registerPrompt();

23
www/js/utils.js
View file

@ -481,6 +481,27 @@ class canopyAjaxUtils{
} }
} }
async requestPasswordReset(user, verification){
const response = await fetch(`/api/account/passwordResetRequest`,{
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({user, verification})
});
//If we received a successful response
if(response.status == 200){
//Create pop-up
const popup = new canopyUXUtils.popup("A password reset link has been sent to the email associated with the account requested assuming it has one!");
//Go to home-page on pop-up closure
popup.popupDiv.addEventListener("close", ()=>{window.location = '/'});
//Otherwise
}else{
utils.ux.displayResponseError(await response.json());
}
}
async resetPassword(token, pass, confirmPass, verification){ async resetPassword(token, pass, confirmPass, verification){
const response = await fetch(`/api/account/passwordReset`,{ const response = await fetch(`/api/account/passwordReset`,{
method: "POST", method: "POST",
@ -493,7 +514,7 @@ class canopyAjaxUtils{
//If we received a successful response //If we received a successful response
if(response.status == 200){ if(response.status == 200){
//Create pop-up //Create pop-up
const popup = new canopyUXUtils.popup("Your password has been reset!"); const popup = new canopyUXUtils.popup("Your password has been reset, and all devices have been logged out of your account!");
//Go to home-page on pop-up closure //Go to home-page on pop-up closure
popup.popupDiv.addEventListener("close", ()=>{window.location = '/'}); popup.popupDiv.addEventListener("close", ()=>{window.location = '/'});
//Otherwise //Otherwise