freya/xssbook2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

things

Browse source
This commit is contained in:
Freya Murphy 2024-05-21 21:11:19 -04:00
parent d752d34752
commit 8d544d58af
Signed by: freya
GPG key ID: 744AB800E383AE52
12 changed files with 109 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
conf/nginx/site.conf
View file

@ -30,41 +30,13 @@ server {
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
location /api/ {
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin $http_origin' always;
# Om nom nom cookies
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# Custom headers and headers various browsers *should* be OK with but aren't
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# Tell client that this pre-flight info is valid for 20 days
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin $http_origin' always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin $http_origin' always;
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header Accept-Encoding "";
proxy_redirect off;
default_type application/json;
add_header 'Access-Control-Allow-Origin' '*';
add_header Content-Location /api/$upstream_http_content_location;
proxy_set_header Connection "";
proxy_http_version 1.1;
@ -72,21 +44,25 @@ server {
}
location /apidocs {
add_header 'Access-Control-Allow-Origin' '*';
proxy_http_version 1.1;
proxy_pass http://swagger;
}
location /favicon.ico {
add_header 'Access-Control-Allow-Origin' '*';
root /opt/xssbook/public;
add_header Cache-Control "public, max-age=108000";
}
location /public {
add_header 'Access-Control-Allow-Origin' '*';
try_files $uri =404;
add_header Cache-Control "public, max-age=108000";
}
location / {
add_header 'Access-Control-Allow-Origin' '*';
root /opt/xssbook/web;
include fastcgi_params;
fastcgi_pass php:9000;

1
src/db/rest/rest.sql
View file

@ -26,6 +26,7 @@ GRANT USAGE ON SCHEMA _api TO rest_anon, rest_user;
\i /db/rest/user/api_user_insert.sql;
\i /db/rest/user/api_user_update.sql;
\i /db/rest/user/api_user_delete.sql;
\i /db/rest/user/api_update_password.sql;
-- post
\i /db/rest/post/api_post.sql;

44
src/db/rest/user/api_update_password.sql Normal file
View file

@ -0,0 +1,44 @@
CREATE FUNCTION api.update_password(
current_password TEXT,
new_password TEXT
)
RETURNS void
LANGUAGE plpgsql VOLATILE
AS $BODY$
DECLARE
_user_id INTEGER;
_real_password TEXT;
BEGIN
_user_id = _api.get_user_id();
PERFORM _api.validate_text(
_text => new_password,
_column => 'password',
_min => 1,
_max => 256
);
SELECT password
INTO _real_password
FROM admin.user
WHERE id = _user_id;
IF _real_password <> current_password THEN
PERFORM _api.raise(
_msg => 'api_invalid_password'
);
END IF;
UPDATE
admin.user
SET
"password" = new_password
WHERE
id = _user_id;
END
$BODY$;
GRANT EXECUTE ON FUNCTION api.update_password(TEXT, TEXT)
TO rest_user;
GRANT SELECT, UPDATE ON TABLE admin.user
TO rest_user;

20
src/db/rest/user/api_user_update.sql
View file

@ -32,25 +32,6 @@ BEGIN
_changed = TRUE;
END IF;
-- password
SELECT password
INTO OLD.password
FROM admin.user
WHERE id = OLD.id;
NEW.password = COALESCE(NEW.password, OLD.password);
NEW.password := _api.trim(NEW.password);
PERFORM _api.validate_text(
_text => NEW.password,
_column => 'password',
_min => 1,
_max => 256
);
IF NEW.password IS DISTINCT FROM OLD.password THEN
_changed = TRUE;
END IF;
-- first name
NEW.first_name = COALESCE(NEW.first_name, OLD.first_name);
NEW.first_name := _api.trim(NEW.first_name);
@ -138,7 +119,6 @@ BEGIN
IF _changed THEN
UPDATE admin.user SET
username = NEW.username,
password = NEW.password,
first_name = NEW.first_name,
last_name = NEW.last_name,
middle_name = NEW.middle_name,

2
src/public/css/home.css
View file

@ -13,7 +13,7 @@
font-size: 1.5rem;
margin: 1rem 0;
width: 100%;
height: 70%;
height: 10rem;
flex-grow: 1;
background-color: transparent;
color: var(--text);

48
src/web/_views/apps/settings/main.php
View file

@ -54,6 +54,23 @@ function handleSubmit(e) {
}
function handlePassword(e) {
e.preventDefault();
let el = e.target.elements;
let curr = el.curr_password.value;
let newp = el.new_password.value;
$.ajax({
url: '/api/rpc/update_password',
method: 'POST',
data: JSON.stringify({
new_password: newp,
current_password: curr
}),
success: onSuccess
})
}
const toBase64 = file => new Promise((resolve, reject) => {
const reader = new FileReader();
reader.readAsDataURL(file);
@ -111,6 +128,37 @@ function resetMedia(media_type) {
<?=__create_form($user, 'last_name')?>
<?=__create_form($user, 'gender')?>
<hr class="mt">
<h2><?=ucfirst(lang('security_title'))?></h2>
<strong><?=ucfirst(lang('security_desc'))?></strong>
<form action="" class="col mt settings-form" onsubmit="handlePassword(event)">
<div class="rel mb" style="flex: 1">
<input
type="password"
name="curr_password"
id="curr_password"
placeholder=" "
>
<label for="curr_password">
<?=ucwords(lang('ph_current_pass'))?>
</label>
</div>
<div class="rel mb" style="flex: 1">
<input
type="password"
name="new_password"
id="new_password"
placeholder=" "
>
<label for="new_password">
<?=ucwords(lang('ph_new_pass'))?>
</label>
</div>
<button
class="btn btn-wide btn-submit"
style="flex: 0; height: fit-content;"
><?=lang('update')?></button>
</form>
<hr class="mt">
<h2><?=ucfirst(lang('media_title'))?></h2>
<strong><?=ucfirst(lang('media_desc'))?></strong>
<h3><?=ucfirst(lang('ph_avatar'))?></h3>

7
src/web/_views/modal/about.php
View file

@ -2,11 +2,10 @@
<?php /* vi: syntax=php */ ?>
<div id="about-modal-body">
<span class="logo">xssbook</span>
<hr>
<span class="mb"><?=ucfirst(lang('version'))?></span>
<span><?=ucfirst(lang('copyright'))?></span>
<hr>
<a class="btn btn-blue" href="https://g.freya.cat/freya/xssbook2">Source Code</a>
<a class="btn btn-blue mt" href="https://g.freya.cat/freya/xssbook2">Source Code</a>
<p>For reports of abuse, please email <a class="btn-blue" href="mailto:contact@freyacat.org">contact@freyacat.org</a></p>
</div>
<style>
#about-modal-body {
@ -15,8 +14,6 @@
flex-direction: column;
justify-content: center;
align-items: center;
font-weight: bold;
font-size: 1.1rem;
padding: 1rem;
}
#about-modal-body .logo {

19
src/web/lang/Makefile
View file

@ -1,19 +0,0 @@
#
# en_CAT generator from en_US
# uwuify and awk required
#
LANG_SRC = $(shell find en_US -type f)
LANG_OBJ = $(patsubst en_US/%,en_CAT/%,$(LANG_SRC))
.PHONY: all
all: $(LANG_OBJ)
$(LANG_OBJ): en_CAT/% : en_US/%
@printf "\033[35m UWU \033[0m%s\n" $<
@mkdir -p $(@D)
@./_bin/transpile.sh $< $@
clean:
@rm -fr "en_CAT"

30
src/web/lang/_bin/transpile.sh
View file

@ -1,30 +0,0 @@
#!/usr/bin/env bash
lang_part() {
echo "$1" | awk "{split(\$0,a,\" = \"); print a[$2]}"
}
export -f lang_part
handle_line() {
line="$1"
left=$(lang_part "$line" 1)
right=$(lang_part "$line" 2)
echo "$left" | grep -Ev '_content|_line' > /dev/null
code=$?
if [ $code -eq 0 ]; then
right=$(echo "$right" | uwuify)
fi;
right=${right%;};
echo "$left = $right;"
}
export -f handle_line
transpile() {
file="$1"
out="$2"
printf "" > "$out"
printf "<?php /* Copyright (c) 2024 Freya Murphy */\n\n" > "$out";
grep "\$lang" < "$file" | xargs -n1 -I{} bash -c 'handle_line "$@"' _ {} >> "$out"
}
transpile "$1" "$2"

1
src/web/lang/en_US/api_lang.php
View file

@ -24,6 +24,7 @@ $lang['api_unique_value'] = '%s is not available (not unique)';
$lang['api_min_value'] = '%s length cannot be less than %s';
$lang['api_max_value'] = '%s length cannot exceed %s';
$lang['api_invalid_login'] = 'Invalid username or password';
$lang['api_invalid_password'] = 'Invalid password';
$lang['api_unknown'] = 'An unknown error as occurred';
// toast messages

6
src/web/lang/en_US/apps/settings.php
View file

@ -7,11 +7,17 @@ $lang['settings_success'] = 'Updated successfully';
$lang['general_title'] = 'Account Information';
$lang['general_desc'] = 'Modify your general account information.';
$lang['security_title'] = 'Account Security';
$lang['security_desc'] = 'Modify your account authentication information.';
$lang['media_title'] = 'Account Media';
$lang['media_desc'] = 'Modify your profiles avatar and banner.';
$lang['ph_avatar'] = 'Avatar';
$lang['ph_banner'] = 'Banner';
$lang['ph_current_pass'] = 'Current Password';
$lang['ph_new_pass'] = 'New Passowrd';
$lang['update'] = 'Update';
$lang['reset'] = 'Reset';

2
src/web/lang/en_US/common_lang.php
View file

@ -1,6 +1,6 @@
<?php /* Copyright (c) 2024 Freya Murphy */
$lang['version'] = 'Version 2.0.3';
$lang['version'] = 'Version 2.0.4';
$lang['copyright'] = 'Freya Murphy © 2024';
// Navigation Bar Lang