Subsequential commit

chee · Sep 24, 2019 · 3995f42 · 3995f42
1 parent 1d8d87d
commit 3995f42
Show file tree

Hide file tree

Showing 11 changed files with 331 additions and 23 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 node_modules/
+succeed/target/
diff --git a/config/sshd b/config/sshd
@@ -0,0 +1,19 @@
+Port 2424
+ListenAddress auth.snoot.club
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
+LoginGraceTime 1m
+PermitRootLogin no
+MaxAuthTries 1
+MaxSessions 1
+PubkeyAuthentication yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+UsePAM no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog yes
+PidFile /run/sshd.auth.snoot.club.pid
+ForceCommand /snoots/auth/bin/succeed
diff --git a/index.js b/index.js
@@ -1,7 +1,105 @@
 let {send} = require("micro")
+let execa = require("execa")
+let net = require("net")
+let fs = require("fs").promises
+let {router, get} = require("microrouter")
+let crypto = require("crypto")
 
-function await
+async function getSnoot(name) {
+	let {stdout: snootid} = await execa("id", ["-u", name]).catch(() => ({}))
+	return snootid
+}
+
+async function authenticate(request, response, name) {
+	let snootid = await getSnoot(name)
+
+	if (!snootid) {
+		return send(response, 401, `${name} is NOT a snoot`)
+	}
+
+	return `<!doctype html>
+<meta charset="utf-8">
+<title>authenticate ${name}</title>
+<h1>authenticate yourself</h1>
+
+<p>hello, ${name}</p>
+
+<p>click this:</p>
+
+<p><a href="/listen/${name}">listen</a></p>
+
+<p>then run this in your terminal!</p>
+
+<pre><code>
+ssh ${name}@auth.snoot.club -p 2424
+</code></pre>
+`
+}
+
+async function listen(request, response, name) {
+	let snootid = await getSnoot(name)
+
+	if (!snootid) {
+		return send(response, 401, `${name} is NOT a snoot`)
+	}
+
+	let sockPath = `/snoots/auth/socks/${snootid}.sock`
+
+	fs.unlink(sockPath).catch(() => ({}))
+	let timeout
+	let server = net.createServer(function(client) {
+		let data = ""
+		client.on("data", d => {
+			data += d.toString()
+		})
+		client.on("end", async _ => {
+			if (data == "success") {
+				clearTimeout(timeout)
+				let token = `${name}.${crypto.randomBytes(22).toString("base64")}`
+				await fs.writeFile(`/snoots/auth/sessions/${name}`, token)
+				response.setHeader(
+					"Set-Cookie",
+					`session=${token}; Domain=snoot.club; Secure;`
+				)
+				send(response, 200, "Thanks ! Enjoy your cookie")
+			} else {
+				clearTimeout(timeout)
+				return send(response, 401, "Something naughty happened.")
+			}
+		})
+		client.on("error", () => {
+			clearTimeout(timeout)
+			return send(response, 400, "The ssh client errored out :(")
+		})
+	})
+	timeout = setTimeout(() => {
+		server.close(function() {
+			send(response, 408, "That took too long! please try again")
+		})
+	}, 60000)
+	server.listen(sockPath)
+}
+
+async function notfound(request, response) {
+	return send(
+		response,
+		404,
+		"go to https://auth.snoot.club/start/your_snoot_name"
+	)
+}
 
 module.exports = (request, response) => {
-	send(
+	let parts = request.url.split("/").filter(Boolean)
+
+	if (parts.length == 1) {
+		let [name] = parts
+		return authenticate(request, response, name)
+	}
+
+	if (parts.length == 2 && parts[0] == "listen") {
+		let [, name] = parts
+		return listen(request, response, name)
+	}
+
+	return notfound(request, response)
 }
diff --git a/jsconfig.json b/jsconfig.json
@@ -0,0 +1,3 @@
+{
+	"lib": "es2019"
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -13,6 +13,11 @@
 	"description": "auth application on snoot.club",
 	"dependencies": {
 		"@snootclub/boop": "^0.0.14",
-		"micro": "^9.3.3"
+		"execa": "^2.0.4",
+		"micro": "^9.3.3",
+		"microrouter": "^3.1.3"
+	},
+	"devDependencies": {
+		"@types/node": "^12.7.5"
 	}
 }