code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

update api documentation

Browse Source 
add authentication
This commit is contained in:
Mystikfluu 2023-04-21 00:17:05 +02:00
parent 213368d34c
commit 0ea07f9ec8
16 changed files with 2254 additions and 1136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -7,4 +7,5 @@ ignore/*
avatars/*
etc/*
*newrelic*
user_uploads/*
user_uploads/*
swagger-api.json

130
routes/api/all.js
View File

@ -10,76 +10,67 @@ export const setup = function (router, con, server) {
router.use("/*", (req, res, next) => {
res.set("Access-Control-Allow-Origin", "*"); //we'll allow it for now
let unsigned;
if (req.body.user === undefined || req.body.pass === undefined) {
if(typeof req.get("ipost-auth-token") === "string") {
try{
req.body.auth = JSON.parse(req.get("ipost-auth-token"))
} catch(err) {
console.log("error parsing header",err)
}
if(typeof req.get("ipost-auth-token") === "string") {
try{
req.body.auth = JSON.parse(req.get("ipost-auth-token"))
} catch(err) {
console.log("error parsing header",err)
}
if(req.body.auth !== undefined && req.originalUrl !== "/redeemauthcode") {
if(typeof req.body.auth === "string") {
try{
req.body.auth = JSON.parse(req.body.auth)
} catch(err) {
console.log("error parsing",err)
}
} else
if(
typeof req.body.auth !== "object" ||
typeof req.body.auth.secret !== "string" ||
typeof req.body.auth.appid !== "number" ||
typeof req.body.auth.auth_token !== "string" ||
req.body.auth.secret.length !== 200 ||
req.body.auth.auth_token.length !== 200 ||
Buffer.from(req.body.auth.secret,"base64").length !== 150
) {
res.status(420).send("invalid authentication object")
return;
} else {
//secret : string(200 chars)
//appid : number
//auth_token: string(200 chars)
let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?"
con.query(sql,[SHA256(req.body.auth.auth_token,req.body.auth.appid, HASHES_DB),SHA256(req.body.auth.secret,req.body.auth.appid, HASHES_DB),req.body.auth.appid],(err,result) => {
if(err) throw err;
if(result.length !== 1) {
res.status(420).send("invalid authentication object (or server error?)")
return;
}
res.locals.userid = result[0].User_ID;
res.locals.username = result[0].User_Name;
res.locals.bio = result[0].User_Bio || "";
res.locals.avatar = result[0].User_Avatar || "";
res.locals.settings = result[0].User_Settings || {};
res.locals.isbot = true; //only apps/bots use auth tokens
next()
})
return;
}
} else {
if(!req.cookies.AUTH_COOKIE) {
next()
return
}
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
if (!unsigned){
next()
return
}
}
}
else {
unsigned = `${req.body.user} ${SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
res.set("message","user+pass authentication is deprecated as of february 2023, consider switching to auth tokens")
//basically we generate the unsigned cookie
res.locals.isbot = true; //only bots use user+pass
if(req.body.auth !== undefined && req.originalUrl !== "/redeemauthcode") {
if(typeof req.body.auth === "string") {
try{
req.body.auth = JSON.parse(req.body.auth)
} catch(err) {
console.log("error parsing",err)
}
} else
if(
typeof req.body.auth !== "object" ||
typeof req.body.auth.secret !== "string" ||
typeof req.body.auth.appid !== "number" ||
typeof req.body.auth.auth_token !== "string" ||
req.body.auth.secret.length !== 200 ||
req.body.auth.auth_token.length !== 200 ||
Buffer.from(req.body.auth.secret,"base64").length !== 150
) {
res.status(420).send("invalid authentication object")
return;
} else {
//secret : string(200 chars)
//appid : number
//auth_token: string(200 chars)
let sql = "select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.auth_tokens inner join ipost.application on auth_token_isfrom_application_id=application_id inner join ipost.users on auth_token_u_id=User_ID where auth_token=? and application_secret=? and application_id=?"
con.query(sql,[SHA256(req.body.auth.auth_token,req.body.auth.appid, HASHES_DB),SHA256(req.body.auth.secret,req.body.auth.appid, HASHES_DB),req.body.auth.appid],(err,result) => {
if(err) throw err;
if(result.length !== 1) {
res.status(420).send("invalid authentication object (or server error?)")
return;
}
res.locals.userid = result[0].User_ID;
res.locals.username = result[0].User_Name;
res.locals.bio = result[0].User_Bio || "";
res.locals.avatar = result[0].User_Avatar || "";
res.locals.settings = result[0].User_Settings || {};
res.locals.isbot = true; //only apps/bots use auth tokens
next()
})
return;
}
} else {
if(!req.cookies.AUTH_COOKIE) {
next()
return
}
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
if (!unsigned){
next()
return
}
}
let sql = `select User_ID,User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
let values = unsigned.split(" ");
@ -118,6 +109,9 @@ export const setup = function (router, con, server) {
res.status(402);
res.json({ "error": "you cannot access the api without being logged in" });
}
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
};
export default {

12
routes/api/dms/PersonalMessages.js
View File

@ -20,6 +20,9 @@ export const setup = function (router, con, server) {
throw err;
res.json(result);
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/dms/conversations", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
@ -30,10 +33,16 @@ export const setup = function (router, con, server) {
throw err;
res.json(result);
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/dms/encrypt.js", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
res.send(web_version());
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
//
router.get("/api/dms/getDM", function (req, res) {
@ -52,6 +61,9 @@ export const setup = function (router, con, server) {
res.json({ "error": "there is no such dm!" });
}
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
};
export default {

7
routes/api/dms/post.js
View File

@ -19,6 +19,9 @@ export const setup = function (router, con, server) {
router.get("/api/dms/pid", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
res.json({ "pid": createPID() });
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.post("/api/dms/post", function (req, res) {
if (!req.body.message) {
@ -89,6 +92,10 @@ export const setup = function (router, con, server) {
console.log(5, `posted new dm by ${res.locals.username} to ${otherperson} : ${xor(encodeURIComponent(res.locals.username), otherperson)}`);
});
//TODO: bring dms up-to-date with normal posts
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
return createPID
};

7
routes/api/getFileIcon.js
View File

@ -31,8 +31,8 @@ async function addTextOnImage(text,buf) {
}
export const setup = function (router, con, server) {
router.get("/api/getFileIcon/*",async function(req,res){
let path = req.path.split("/api/getFileIcon/")[1]
router.get("/api/getFileIcon/:icon",async function(req,res){
let path = req.params.icon
if(path.length > 4) {
res.status(410).json({"error":"file ending is too long"})
return;
@ -41,5 +41,8 @@ export const setup = function (router, con, server) {
res.set("content-type","image/png")
res.send(buf)
})
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
})
}

13
routes/api/getPosts.js
View File

@ -1,8 +1,4 @@
export const setup = function (router, con, server) {
router.get("/api/getPosts/*", function (_req, res) {
res.set("Access-Control-Allow-Origin", "");
res.redirect("/api/getPosts");
});
router.get("/api/getPosts", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
if (req.query.channel !== undefined) {
@ -21,6 +17,9 @@ export const setup = function (router, con, server) {
res.json(result);
});
}
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/getPostsLowerThan", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
@ -40,6 +39,9 @@ export const setup = function (router, con, server) {
res.json(result);
});
}
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/getPost", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
@ -56,5 +58,8 @@ export const setup = function (router, con, server) {
res.json({ "error": "there is no such post!" });
}
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
}

6
routes/api/post.js
View File

@ -32,6 +32,9 @@ export const setup = function (router, con, server) {
router.get("/api/pid", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
res.json({ "pid": createPID() });
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
function validateMessage(message) {
@ -204,6 +207,9 @@ export const setup = function (router, con, server) {
res.json({"error":"internal server error", "status": 500})
}
}
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
return createPID
};

4
routes/api/search.js
View File

@ -34,5 +34,9 @@ export const setup = function (router, con, server) {
else {
res.json({ "error": "invalid type passed along, expected `user` or `post`", "message": "search has been deprecated as of 11/30/2022"});
}
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
}

8
routes/api/settingshandler.js
View File

@ -4,6 +4,10 @@ const allowed_settings = {
export const setup = function (router, con, server) {
router.get("/api/settings", function (req, res) {
res.json(res.locals.settings);
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.post("/api/settings", function (req, res) {
if (!req.body.setting) {
@ -45,6 +49,10 @@ export const setup = function (router, con, server) {
}
res.json({ "status": "success" });
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
};
export default {

20
routes/api/userRoutes.js
View File

@ -47,10 +47,16 @@ export const setup = function (router, con, server) {
res.json({ "success": "updated avatar" });
});
})
});
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/getuser", function (_req, res) {
res.json({ "username": res.locals.username, "bio": res.locals.bio, "avatar": res.locals.avatar, "userid": res.locals.userid });
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/getalluserinformation", function (req, res) {
res.set("Access-Control-Allow-Origin", ""); //we don't want that here
@ -73,6 +79,9 @@ export const setup = function (router, con, server) {
res.json({ "error": "you cannot access the api without being logged in" });
}
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.get("/api/getotheruser", function (req, res) {
res.set("Access-Control-Allow-Origin", "*");
@ -109,6 +118,9 @@ export const setup = function (router, con, server) {
throw err;
res.json({ "success": "updated bio" });
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.post("/api/changePW", (req, res) => {
res.set("Access-Control-Allow-Origin", "");
@ -149,6 +161,9 @@ export const setup = function (router, con, server) {
res.json({ "error": "invalid password" });
}
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
router.post("/api/changeUsername", function (req, res) {
res.set("Access-Control-Allow-Origin", "");
@ -212,5 +227,8 @@ export const setup = function (router, con, server) {
res.json({ "error": "invalid password" });
}
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
}

8
routes/authorize.js
View File

@ -59,6 +59,10 @@ export const setup = function (router, con, server) {
}
res.redirect(`/authorize?id=${req.body.application_id}`)
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
})
router.post("/redeemauthcode", (req,res) => {
@ -124,4 +128,8 @@ export const setup = function (router, con, server) {
})
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
}

37
routes/serve_static_files.js
View File

@ -5,43 +5,43 @@ export const setup = function (router, con, server) {
const __dirname = server.dirname
const dir = __dirname + "/"
router.get("/users/*", function (req, res) {
router.get("/users/:user", function (req, res) {
if (!increaseUSERCall(req, res))
return;
res.sendFile(dir + "views/otheruser.html");
});
router.get("/css/*", (request, response) => {
router.get("/css/:file", (request, response) => {
if (!increaseUSERCall(request, response))
return;
if (existsSync(__dirname + request.originalUrl)) {
response.sendFile(__dirname + request.originalUrl);
if (existsSync(`${__dirname}/css/${request.params.file}`)) {
response.sendFile(`${__dirname}/css/${request.params.file}`);
}
else {
response.status(404).send("no file with that name found");
}
return;
});
router.get("/js/*", (request, response) => {
router.get("/js/:file", (request, response) => {
if (!increaseUSERCall(request, response))
return;
if (existsSync(__dirname + request.originalUrl)) {
response.sendFile(__dirname + request.originalUrl);
if (existsSync(`${__dirname}/js/${request.params.file}`)) {
response.sendFile(`${__dirname}/js/${request.params.file}`);
}
else {
response.status(404).send("no file with that name found");
}
return;
});
router.get("/images/*", (request, response) => {
router.get("/images/:file", (request, response) => {
if (!increaseUSERCall(request, response))
return;
if (existsSync(__dirname + request.originalUrl)) {
if (existsSync(`${__dirname}/images/${request.params.file}`)) {
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
response.sendFile(__dirname + request.originalUrl);
response.sendFile(`${__dirname}/images/${request.params.file}`);
}
else if(existsSync(__dirname + request.originalUrl.toLowerCase())){
else if(existsSync(`${__dirname}/images/${request.params.file.toLowerCase()}`)){
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
response.sendFile(__dirname + request.originalUrl.toLowerCase());
response.sendFile(`${__dirname}/images/${request.params.file.toLowerCase()}`);
}
else {
response.status(404).send("no file with that name found");
@ -49,12 +49,12 @@ export const setup = function (router, con, server) {
return;
});
router.get("/user_uploads/*", (request, response) => {
router.get("/user_uploads/:file", (request, response) => {
if (!increaseUSERCall(request, response))
return;
if (existsSync(__dirname + request.originalUrl)) {
if (existsSync(`${__dirname}/user_uploads/${request.params.file}`)) {
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
response.sendFile(__dirname + request.originalUrl);
response.sendFile(`${__dirname}/user_uploads/${request.params.file}`);
}
else {
response.status(404).send("no file with that name found");
@ -62,13 +62,12 @@ export const setup = function (router, con, server) {
return;
});
router.get("/avatars/*", (request, response) => {
router.get("/avatars/:avatar", (request, response) => {
if (!increaseUSERCall(request, response))
return;
response.set('Cache-Control', 'public, max-age=2592000'); //cache it for one month-ish
let originalUrl = request.originalUrl.split("?").shift();
if (existsSync(dir + originalUrl)) {
return response.sendFile(dir + originalUrl);
if (existsSync(`${__dirname}/avatars/${request.params.avatar}`)) {
return response.sendFile(`${__dirname}/avatars/${request.params.avatar}`);
}
response.status(404).send("No avatar with that name found");
});

42
routes/userfiles.js
View File

@ -70,6 +70,10 @@ export const setup = function (router, con, server) {
function getAppWithId(appid) {
appid = Number(appid)
return new Promise((res,rej) => {
if(isNaN(appid)) {
res({})
return
}
if(appId_Cache.has(appid)) {
res(appId_Cache.get(appid) || {})
return
@ -111,7 +115,9 @@ export const setup = function (router, con, server) {
if (!increaseUSERCall(request, response))return;
if(typeof overrideurl !== "string")overrideurl = undefined;
let originalUrl = overrideurl || request.originalUrl.split("?").shift();
let originalUrl = overrideurl
|| request.params.file
|| request.originalUrl.split("?").shift(); //backup in case anything goes wrong
let path = ""
if (existsSync(dir + "views" + originalUrl)) {
@ -136,10 +142,11 @@ export const setup = function (router, con, server) {
path = dir + "views" + originalUrl + ".html"
}
if(path !== "" && originalUrl !== "/favicon.ico" && originalUrl !== "/api/documentation/") {
if(path !== "" && originalUrl !== "favicon.ico" && originalUrl !== "api_documentation" && originalUrl !== "api_documentation.html") {
console.log(originalUrl)
global_page_variables.user = { "username": response.locals.username, "bio": response.locals.bio, "avatar": response.locals.avatar }
global_page_variables.query = request.query
if(originalUrl === "/authorize") {
if(originalUrl === "authorize") {
global_page_variables.application = await getAppWithId(request.query.id)
}
ejs.renderFile(path,global_page_variables,{async: true},async function(err,str){
@ -176,20 +183,20 @@ export const setup = function (router, con, server) {
})
return;
}
if(originalUrl === "/favicon.ico") {
if(originalUrl === "api_documentation" || originalUrl === "api_documentation.html") {
response.set('Cache-Control', 'public, max-age=2592000');
response.set('Content-Type', 'text/html')
response.send(load_var("./views/api_documentation.html"))
return
}
if(originalUrl === "favicon.ico") {
response.set('Cache-Control', 'public, max-age=2592000');
response.sendFile(dir + "/views/favicon.ico")
return
}
if(originalUrl === "/api/documentation/") {
readFile(path,function(_err,res){
response.send(res.toString())
})
return
}
console.log(5,"no file found",originalUrl);
try {
response.status(404).send("No file with that name found");
@ -197,13 +204,14 @@ export const setup = function (router, con, server) {
console.error(err)
}
}
/**
/**
* Handle default URI as /index (interpreted redirect: "localhost" -> "localhost/index" )
*/
router.get("/", function (req, res) {
req.params.file = "index"
handleUserFiles(req,res,"/index")
});
router.get("/*", handleUserFiles);
router.get("/:file", handleUserFiles);
}

3
server.js
View File

@ -358,6 +358,9 @@ router.get("/api/getChannels", function (_req, res) {
throw err;
res.json(result);
});
/* #swagger.security = [{
"appTokenAuthHeader": []
}] */
});
/*

54
swagger.cjs
View File

@ -8,9 +8,18 @@ const doc = {
},
host: 'ipost.rocks',
schemes: ['https'],
securityDefinitions: {
appTokenAuthHeader: {
type: 'apiKey',
in: 'header', // can be 'header', 'query' or 'cookie'
name: 'ipost-auth-token', // name of the header, query parameter or cookie
description: 'authenticate using the authentication object in the header'
}
}
};
const outputFile = './swagger-output.json';
const outputFile = './swagger-api.json';
const tempFile = './swagger-output.json';
const endpointsFiles = ['./server.js'];
function pushdirectory(currentpath) {
@ -27,10 +36,43 @@ function pushdirectory(currentpath) {
pushdirectory("./routes/");
console.log(endpointsFiles)
swaggerAutogen(tempFile, endpointsFiles, doc);
/* NOTE: if you use the express Router, you must pass in the
'endpointsFiles' only the root file where the route starts,
such as index.js, app.js, routes.js, ... */
/*
Replace some error codes with own error codes, as described in error_codes.txt
*/
const to_replace = {
"401": "login error (invalid cookie)",
"402": "login error (bad cookie)",
"403": "login error (no cookie)",
"410": "argument/data error",
"411": "argument/data error",
"412": "argument/data error",
"413": "argument/data error",
"414": "argument/data error",
"415": "argument/data error",
"416": "argument/data error",
"417": "argument/data error",
"418": "argument/data error",
"419": "argument/data error",
"420": "invalid authetication object",
}
swaggerAutogen(outputFile, endpointsFiles, doc);
let file = JSON.parse(fs.readFileSync(tempFile, 'utf8'));
for (let path in file.paths) {
for (let method in file.paths[path]) {
for (let response in file.paths[path][method].responses) {
if (to_replace[response]) {
file.paths[path][method].responses[response].description = to_replace[response];
}
}
}
}
file = JSON.stringify(file);
console.log(file)
fs.writeFileSync(outputFile, file);
fs.rmSync(tempFile);

3036
views/api/documentation/index.html → views/api_documentation.html
View File

File diff suppressed because it is too large Load Diff