andyburke/autonomous.contact
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: require password verification

Browse source 
chore: styling work
This commit is contained in:
Andy Burke 2026-03-09 14:57:11 -07:00
parent 7977fe9ea7
commit 86fa2b6d4b
16 changed files with 348 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

6
deno.json
View file

@ -46,10 +46,10 @@
"@andyburke/lurid": "jsr:@andyburke/lurid@^0.2.0",
"@andyburke/serverus": "jsr:@andyburke/serverus@^0.16.0",
"@da/bcrypt": "jsr:@da/bcrypt@^1.0.1",
"@std/assert": "jsr:@std/assert@^1.0.17",
"@std/assert": "jsr:@std/assert@^1.0.19",
"@std/encoding": "jsr:@std/encoding@^1.0.10",
"@std/fs": "jsr:@std/fs@^1.0.22",
"@std/http": "jsr:@std/http@^1.0.23",
"@std/fs": "jsr:@std/fs@^1.0.23",
"@std/http": "jsr:@std/http@^1.0.25",
"@std/media-types": "jsr:@std/media-types@^1.1.0",
"@std/path": "jsr:@std/path@^1.1.4"
}

63
deno.lock generated
View file

@ -6,28 +6,27 @@
"jsr:@andyburke/serverus@0.16": "0.16.0",
"jsr:@da/bcrypt@*": "1.0.1",
"jsr:@da/bcrypt@^1.0.1": "1.0.1",
"jsr:@std/assert@^1.0.17": "1.0.17",
"jsr:@std/cli@^1.0.19": "1.0.25",
"jsr:@std/cli@^1.0.20": "1.0.25",
"jsr:@std/cli@^1.0.21": "1.0.25",
"jsr:@std/cli@^1.0.25": "1.0.25",
"jsr:@std/assert@^1.0.19": "1.0.19",
"jsr:@std/cli@^1.0.19": "1.0.28",
"jsr:@std/cli@^1.0.20": "1.0.28",
"jsr:@std/cli@^1.0.21": "1.0.28",
"jsr:@std/cli@^1.0.28": "1.0.28",
"jsr:@std/encoding@^1.0.10": "1.0.10",
"jsr:@std/fmt@^1.0.6": "1.0.8",
"jsr:@std/fmt@^1.0.8": "1.0.8",
"jsr:@std/fs@^1.0.18": "1.0.22",
"jsr:@std/fs@^1.0.19": "1.0.22",
"jsr:@std/fs@^1.0.21": "1.0.22",
"jsr:@std/fs@^1.0.22": "1.0.22",
"jsr:@std/fmt@^1.0.6": "1.0.9",
"jsr:@std/fmt@^1.0.9": "1.0.9",
"jsr:@std/fs@^1.0.18": "1.0.23",
"jsr:@std/fs@^1.0.19": "1.0.23",
"jsr:@std/fs@^1.0.23": "1.0.23",
"jsr:@std/html@^1.0.5": "1.0.5",
"jsr:@std/http@^1.0.20": "1.0.23",
"jsr:@std/http@^1.0.23": "1.0.23",
"jsr:@std/http@^1.0.20": "1.0.25",
"jsr:@std/http@^1.0.25": "1.0.25",
"jsr:@std/internal@^1.0.12": "1.0.12",
"jsr:@std/media-types@^1.1.0": "1.1.0",
"jsr:@std/net@^1.0.6": "1.0.6",
"jsr:@std/path@^1.1.0": "1.1.4",
"jsr:@std/path@^1.1.1": "1.1.4",
"jsr:@std/path@^1.1.4": "1.1.4",
"jsr:@std/streams@^1.0.16": "1.0.16",
"jsr:@std/streams@^1.0.17": "1.0.17",
"npm:@types/node@*": "22.15.15"
},
"jsr": {
@ -59,23 +58,23 @@
"@da/bcrypt@1.0.1": {
"integrity": "d2172d3acbcff52e0465557a1a48b1ff1c92df08c90712dae5372255a8c45eb3"
},
"@std/assert@1.0.17": {
"integrity": "df5ebfffe77c03b3fa1401e11c762cc8f603d51021c56c4d15a8c7ab45e90dbe",
"@std/assert@1.0.19": {
"integrity": "eaada96ee120cb980bc47e040f82814d786fe8162ecc53c91d8df60b8755991e",
"dependencies": [
"jsr:@std/internal"
]
},
"@std/cli@1.0.25": {
"integrity": "1f85051b370c97a7a9dfc6ba626e7ed57a91bea8c081597276d1e78d929d8c91"
"@std/cli@1.0.28": {
"integrity": "74ef9b976db59ca6b23a5283469c9072be6276853807a83ec6c7ce412135c70a"
},
"@std/encoding@1.0.10": {
"integrity": "8783c6384a2d13abd5e9e87a7ae0520a30e9f56aeeaa3bdf910a3eaaf5c811a1"
},
"@std/fmt@1.0.8": {
"integrity": "71e1fc498787e4434d213647a6e43e794af4fd393ef8f52062246e06f7e372b7"
"@std/fmt@1.0.9": {
"integrity": "2487343e8899fb2be5d0e3d35013e54477ada198854e52dd05ed0422eddcabe0"
},
"@std/fs@1.0.22": {
"integrity": "de0f277a58a867147a8a01bc1b181d0dfa80bfddba8c9cf2bacd6747bcec9308",
"@std/fs@1.0.23": {
"integrity": "3ecbae4ce4fee03b180fa710caff36bb5adb66631c46a6460aaad49515565a37",
"dependencies": [
"jsr:@std/internal",
"jsr:@std/path@^1.1.4"
@ -84,13 +83,13 @@
"@std/html@1.0.5": {
"integrity": "4e2d693f474cae8c16a920fa5e15a3b72267b94b84667f11a50c6dd1cb18d35e"
},
"@std/http@1.0.23": {
"integrity": "6634e9e034c589bf35101c1b5ee5bbf052a5987abca20f903e58bdba85c80dee",
"@std/http@1.0.25": {
"integrity": "577b4252290af1097132812b339fffdd55fb0f4aeb98ff11bdbf67998aa17193",
"dependencies": [
"jsr:@std/cli@^1.0.25",
"jsr:@std/cli@^1.0.28",
"jsr:@std/encoding",
"jsr:@std/fmt@^1.0.8",
"jsr:@std/fs@^1.0.21",
"jsr:@std/fmt@^1.0.9",
"jsr:@std/fs@^1.0.23",
"jsr:@std/html",
"jsr:@std/media-types",
"jsr:@std/net",
@ -113,8 +112,8 @@
"jsr:@std/internal"
]
},
"@std/streams@1.0.16": {
"integrity": "85030627befb1767c60d4f65cb30fa2f94af1d6ee6e5b2515b76157a542e89c4"
"@std/streams@1.0.17": {
"integrity": "7859f3d9deed83cf4b41f19223d4a67661b3d3819e9fc117698f493bf5992140"
}
},
"npm": {
@ -137,10 +136,10 @@
"jsr:@andyburke/lurid@0.2",
"jsr:@andyburke/serverus@0.16",
"jsr:@da/bcrypt@^1.0.1",
"jsr:@std/assert@^1.0.17",
"jsr:@std/assert@^1.0.19",
"jsr:@std/encoding@^1.0.10",
"jsr:@std/fs@^1.0.22",
"jsr:@std/http@^1.0.23",
"jsr:@std/fs@^1.0.23",
"jsr:@std/http@^1.0.25",
"jsr:@std/media-types@^1.1.0",
"jsr:@std/path@^1.1.4"
]

7
public/api/events/index.ts
View file

@ -41,13 +41,6 @@ export async function GET(request: Request, meta: Record<string, any>): Promise<
event_id
} = /^.*\/events\/.*\/(?<event_type>.*?)\:(?<event_id>[A-Za-z-]+)\.json$/.exec(entry.path)?.groups ?? {};
console.dir({
entry,
event_type,
event_id,
query: meta.query
});
if (meta.query.after_id && event_id <= meta.query.after_id) {
return false;
}

16
public/api/users/index.ts
View file

@ -139,6 +139,22 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
});
}
const password_verification_hash: string = body.password_verification_hash ?? (typeof body.password_verification === 'string'
? encodeBase64(
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(body.password_verification))
)
: '');
if (password_verification_hash !== password_hash) {
return Response.json({
error: {
cause: 'invalid password verification hash',
message: 'Password and verification must be identical.'
}
}, {
status: 400
});
}
const at_least_one_existing_user = (await USERS.all({
limit: 1,
offset: 0

81
public/base.css
View file

@ -2,45 +2,61 @@
:root {
--base-color: #234;
--bg: hsl(from var(--base-color) h 20% 7.5%);
--bg-darker: hsl(from var(--base-color) h 20% 5%);
--bg-lighter: hsl(from var(--base-color) h 20% 10%);
--bg: hsl(from var(--base-color) h 20% 10%);
--bg-darker: hsl(from var(--base-color) h 20% 7.5%);
--bg-lighter: hsl(from var(--base-color) h 20% 12.5%);
--bg-card: hsl(from var(--base-color) h 20% 15%);
--bg-card-hover: hsl(from var(--base-color) h 20% 16%);
--text-primary: hsl(from var(--base-color) h 5% 95%);
--text-secondary: hsl(from var(--base-color) h 5% 85%);
--text-muted: hsl(from var(--base-color) h 5% 75%);
--accent: hsl(from var(--base-color) h clamp(0, calc(s + 10), 100) clamp(0, calc(l + 20), 100));
--accent-dark: hsl(from var(--base-color) h clamp(0, calc(s + 5), 100) clamp(0, calc(l - 5), 100));
--border-subtle: hsl(from var(--base-color) h 50% 90%);
--border-normal: hsl(from var(--base-color) h 50% 80%);
--border-highlight: hsl(from var(--base-color) h 50% 25%);
--shadow-sm: 0 1px 2px rgba(0, 0, 0, 0.05);
--shadow-md: 0 4px 6px rgba(0, 0, 0, 0.1);
--shadow-lg: 0 10px 15px rgba(0, 0, 0, 0.1);
--shadow-xl: 0 20px 25px rgba(0, 0, 0, 0.1);
--blur-radius: 8px;
--text: hsl(from var(--base-color) h 5% 100%);
--accent: hsl(from var(--base-color) h clamp(0, calc(s + 10), 100) clamp(0, calc(l + 20), 100));
--border-subtle: hsl(from var(--base-color) h 50% 25%);
--border-normal: hsl(from var(--base-color) h 50% 50%);
--border-highlight: hsl(from var(--base-color) h 50% 75%);
--icon-scale: 1;
--border-radius: 4px;
--border-radius: 8px;
--border-radius-lg: 12px;
--space-xxs: 0.25rem;
--space-xs: 0.5rem;
--space-sm: 0.75rem;
--space-md: 1rem;
--space-lg: 1.5rem;
--space-xl: 2rem;
--space-xxl: 3rem;
}
@media (prefers-color-scheme: light) {
:root {
--bg: hsl(from var(--base-color) h 20% 93%);
--bg-darker: hsl(from var(--base-color) h 20% 88%);
--bg-lighter: hsl(from var(--base-color) h 20% 98%);
--bg: hsl(from var(--base-color) h 20% 98%);
--bg-darker: hsl(from var(--base-color) h 20% 96%);
--bg-lighter: hsl(from var(--base-color) h 20% 99%);
--bg-card: hsl(from var(--base-color) h 20% 100%);
--bg-card-hover: hsl(from var(--base-color) h 20% 98%);
--text: hsl(from var(--base-color) h 5% 5%);
--accent: hsl(from var(--base-color) h calc(s + 10) calc(l + 20));
--text-primary: hsl(from var(--base-color) h 5% 5%);
--text-secondary: hsl(from var(--base-color) h 5% 30%);
--text-muted: hsl(from var(--base-color) h 5% 50%);
--border-subtle: hsl(from var(--base-color) h 50% 90%);
--border-normal: hsl(from var(--base-color) h 50% 50%);
--border-highlight: hsl(from var var(--base-color) h 50% 25%);
--border-subtle: hsl(from var(--base-color) h 50% 85%);
--border-normal: hsl(from var(--base-color) h 50% 70%);
--border-highlight: hsl(from var(--base-color) h 50% 35%);
}
}
/* Box sizing rules */
*,
*::before,
*::after {
box-sizing: border-box;
}
/* Remove default margin in favour of better control in authored CSS */
body,
h1,
@ -157,7 +173,7 @@ textarea:not([rows]) {
body {
font-family: sans-serif;
color: var(--text);
color: var(--text-primary);
background-color: var(--bg);
display: flex;
flex-direction: column;
@ -201,7 +217,7 @@ textarea:focus {
.avatar-container {
display: block;
margin: 0.5rem auto;
margin: 0 auto 1rem;
width: 3rem;
height: 3rem;
border-radius: var(--border-radius);
@ -281,7 +297,7 @@ label:has(input[collapse-toggle]) {
display: block;
max-width: fit-content;
cursor: pointer;
border: 1px solid var(--text);
border: 1px solid var(--border-subtle);
border-radius: var(--border-radius);
padding: 0.5rem;
margin-bottom: 2rem;
@ -334,14 +350,15 @@ form input:focus {
form button {
width: 100%;
padding: 20px;
border: 1px solid var(--text);
border: 1px solid var(--border-subtle);
font-size: 20px;
background-color: var(--bg);
color: var(--text);
color: var(--text-primary);
margin-top: 1rem;
}
form button.primary {
border-color: var(--border-highlight);
background-color: var(--accent);
}
@ -349,7 +366,7 @@ button {
background: inherit;
color: inherit;
padding: 0.5rem;
border: 1px solid var(--text);
border: 1px solid var(--text-primary);
border-radius: var(--border-radius);
cursor: pointer;
}

43
public/icons.css
View file

@ -582,6 +582,49 @@
left: -6px;
}
/* ICON - MIC */
.icon.mic {
box-sizing: border-box;
position: relative;
display: block;
transform: scale(var(--icon-scale, 1));
width: 16px;
height: 12px;
border-bottom-left-radius: 120px;
border-bottom-right-radius: 120px;
border: 2px solid;
border-top: 0;
margin-top: 3px;
}
.icon.mic::after,
.icon.mic::before {
content: "";
display: block;
box-sizing: border-box;
position: absolute;
}
.icon.mic::after {
border: 2px solid;
width: 8px;
height: 18px;
left: 2px;
top: -10px;
border-radius: 4px;
}
.icon.mic::before {
width: 10px;
height: 4px;
top: 12px;
left: 1px;
border-right: 4px solid transparent;
box-shadow:
0 2px 0,
inset -2px 0 0;
}
/* ICON - MINUS */
.icon.minus {
box-sizing: border-box;

2
public/js/embeds/vimeo.js
View file

@ -27,7 +27,7 @@ function embed_vimeo(link_info) {
<iframe
src="https://player.vimeo.com/video/${video_id}"
frameborder="0"
allow="fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share"
allow="fullscreen; picture-in-picture; clipboard-write; encrypted-media;"
referrerpolicy="strict-origin-when-cross-origin"
title="Star Trek: Legacy"
loading="lazy"></iframe>

2
public/js/embeds/youtube.js
View file

@ -29,7 +29,7 @@ function embed_youtube(link_info) {
<iframe
src="https://www.youtube.com/embed/${video_id}"
title="YouTube video player"
allow="clipboard-write; encrypted-media; picture-in-picture; web-share;"
allow="clipboard-write; encrypted-media; picture-in-picture;"
referrerpolicy="strict-origin-when-cross-origin"
allowfullscreen
loading="lazy"

8
public/sidebar/sidebar.html
View file

@ -145,7 +145,7 @@
padding: 1rem;
display: flex;
align-items: center;
color: var(--text);
color: var(--text-primary);
letter-spacing: 0.5px;
transition:
background 0.25s,
@ -257,7 +257,7 @@
padding: 0.75rem;
margin: 0 0.75rem 1rem 0;
background: none;
color: var(--text);
color: var(--text-primary);
border: 1px solid var(--border-highlight);
border-radius: var(--border-radius);
box-shadow: none;
@ -364,7 +364,7 @@
top: 0;
left: 0;
bottom: 0;
padding: 0.75rem;
padding: 1rem;
width: 6rem;
border-right: 1px solid var(--border-subtle);
overflow-y: auto;
@ -421,7 +421,7 @@
#server-info {
position: relative;
height: 100%;
padding: 0.75rem;
padding: 1rem 2rem;
}
</style>
<div id="server-info">

4
public/signup_login_wall.html
View file

@ -98,6 +98,10 @@
<input id="signup-password" type="password" name="password" required />
<label class="placeholder" for="signup-password">password</label>
</div>
<div>
<input id="signup-password-verification" type="password" name="password_verification" required />
<label class="placeholder" for="signup-password-verification">verify password</label>
</div>
<div>
<script>
APP.on( 'load', () => {

2
public/tabs/chat/channel_sidebar.html
View file

@ -159,7 +159,7 @@
font-weight: bold;
font-size: x-large;
content: "#";
color: var(--text);
color: var(--text-primary);
}
#channel-list-container .channel-list > li.channel a {

2
public/tabs/chat/chat.css
View file

@ -131,7 +131,7 @@
position: absolute;
top: 0.1rem;
right: 0.1rem;
color: rgb(from var(--text) r g b / 0.7);
color: rgb(from var(--text-primary) r g b / 0.7);
border: none;
z-index: 10;
}

4
public/tabs/chat/chat.html
View file

@ -152,7 +152,8 @@
method="POST"
class="post-creation-form collapsible"
style="
margin-top: 1rem
position: relative;
margin-top: 1rem;
width: 100%;
transition: all 0.5s;
"
@ -221,6 +222,7 @@
reset-on-submit
focus-on-submit
enter-key-submits
accept-speech
></textarea>
<button id="chat-send" class="primary" aria-label="Send a message">

180
tests/01_create_user.test.ts
View file

@ -27,10 +27,188 @@ Deno.test({
const password_hash = encodeBase64(
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
);
const password_verification_hash = encodeBase64(
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
);
const info = await get_new_user(client, {
username,
password_hash
password_hash,
password_verification_hash
});
asserts.assert(info);
asserts.assert(info.user);
asserts.assert(info.session);
asserts.assert(info.headers);
const user: USER = info.user;
asserts.assertEquals(user.username, username);
await delete_user(client, info);
} finally {
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});
Deno.test({
name: 'API - USERS - Create (fail on mismatched password verification hash)',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const username = random_username();
const password = 'password';
const password_hash = encodeBase64(
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password))
);
const password_verification_hash = encodeBase64(
await crypto.subtle.digest('SHA-256', new TextEncoder().encode(password + '1'))
);
try {
const info = await get_new_user(client, {
username,
password_hash,
password_verification_hash
});
asserts.fail('allowed user creation with mismatched password_verification_hash')
}
catch( error ) {
asserts.assert( error );
}
} finally {
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});
Deno.test({
name: 'API - USERS - Create (mismatched password_verification)',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const username = random_username();
const password = 'password';
try {
const info = await get_new_user(client, {
username,
password,
password_verification: password + '1'
});
asserts.fail( 'allowed account creation with mismatched password_verification' );
}
catch( error ) {
asserts.assert( error );
}
} finally {
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});
Deno.test({
name: 'API - USERS - Create (auto-generate password in testing)',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const username = random_username();
const info = await get_new_user(client, {
username,
});
asserts.assert(info);
asserts.assert(info.user);
asserts.assert(info.session);
asserts.assert(info.headers);
const user: USER = info.user;
asserts.assertEquals(user.username, username);
await delete_user(client, info);
} finally {
if (test_server_info) {
await test_server_info?.server?.stop();
}
}
}
});
Deno.test({
name: 'API - USERS - Create (auto-generate password_verification in testing)',
permissions: {
env: true,
read: true,
write: true,
net: true
},
fn: async () => {
let test_server_info: EPHEMERAL_SERVER | null = null;
try {
test_server_info = await get_ephemeral_listen_server();
const client: API_CLIENT = api({
prefix: '/api',
hostname: test_server_info.hostname,
port: test_server_info.port
});
const username = random_username();
const password = 'password';
const info = await get_new_user(client, {
username,
password
});
asserts.assert(info);

12
tests/helpers.ts
View file

@ -119,6 +119,18 @@ export async function get_new_user(client: API_CLIENT, user_info?: Record<string
new_user_request_json.password = `${Math.round(Math.random() * 10)} - ${random_username()} ! ${random_username()}`;
}
if (
!((typeof new_user_request_json.password_verification === 'string' && new_user_request_json.password_verification.length) ||
(typeof new_user_request_json.password_verification_hash === 'string' && new_user_request_json.password_verification_hash.length))
) {
if ( typeof new_user_request_json.password === 'string' ) {
new_user_request_json.password_verification = new_user_request_json.password;
}
else if ( typeof new_user_request_json.password_hash === 'string' ) {
new_user_request_json.password_verification_hash = new_user_request_json.password_hash;
}
}
if (inviting_user_info) {
const invite_code = await client.fetch(`/users/${inviting_user_info.user?.id}/invites`, {
method: 'POST',

4
utils/prechecks.ts
View file

@ -36,10 +36,6 @@ export function require_user(
meta: Record<string, any>
): undefined | Response {
if (!meta.user) {
console.dir({
require_user: true,
meta
});
return CANNED_RESPONSES.permission_denied();
}
}