andyburke/autonomous.contact
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: andyburke:dev
Branches Tags
andyburke:dev
tim:dev
tim:tr-fixes
..
compare: tim:tr-fixes
Branches Tags
tim:dev
tim:tr-fixes
andyburke:dev

No commits in common. "dev" and "tr-fixes" have entirely different histories.
dev ... tr-fixes

11 changed files with 88 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,4 +1,4 @@
data/ data/
.fsdb* .fsdb
public/files/* public/files/*
.vscode/* .vscode/*

4
public/api/topics/:topic_id/events/index.ts
View file

@ -204,6 +204,10 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
}); });
} }
console.dir({
event
});
await events.create(event); await events.create(event);
return Response.json(event, { return Response.json(event, {

15
public/api/users/index.ts
View file

@ -10,6 +10,7 @@ import * as CANNED_RESPONSES from '../../../utils/canned_responses.ts';
import * as bcrypt from '@da/bcrypt'; import * as bcrypt from '@da/bcrypt';
import { INVITE_CODE, INVITE_CODES } from '../../../models/invites.ts'; import { INVITE_CODE, INVITE_CODES } from '../../../models/invites.ts';
// TODO: figure out a better solution for doling out permissions // TODO: figure out a better solution for doling out permissions
const DEFAULT_USER_PERMISSIONS: string[] = [ const DEFAULT_USER_PERMISSIONS: string[] = [
'files.write.own', 'files.write.own',
@ -38,16 +39,10 @@ const DEFAULT_USER_PERMISSIONS: string[] = [
// TODO: figure out a better solution for doling out permissions // TODO: figure out a better solution for doling out permissions
const DEFAULT_SUPERUSER_PERMISSIONS: string[] = [ const DEFAULT_SUPERUSER_PERMISSIONS: string[] = [
...DEFAULT_USER_PERMISSIONS, ...DEFAULT_USER_PERMISSIONS,
'files.write.all', 'topics.create',
'invites.read.all', 'topics.delete',
'signups.read.all', 'topics.write',
'topics.create',
'topics.delete',
'topics.write',
'users.write',
'watches.read.all',
'watches.write.all'
]; ];
export const PRECHECKS: PRECHECK_TABLE = {}; export const PRECHECKS: PRECHECK_TABLE = {};

2
public/base.css
View file

@ -16,7 +16,7 @@
--border-highlight: hsl(from var(--base-color) h 50% 75%); --border-highlight: hsl(from var(--base-color) h 50% 75%);
--icon-scale: 1; --icon-scale: 1;
--border-radius: 4px; --border-radius: 12px;
} }
@media (prefers-color-scheme: light) { @media (prefers-color-scheme: light) {

12
public/js/app.js
View file

@ -2,7 +2,6 @@ const HASH_EXTRACTOR = /^\#\/topic\/(?<topic_id>[A-Za-z\-]+)\/?(?<view>\w+)?/gm;
const UPDATE_TOPICS_FREQUENCY = 60_000; const UPDATE_TOPICS_FREQUENCY = 60_000;
const APP = { const APP = {
user: undefined,
user_servers: [], user_servers: [],
user_watches: [], user_watches: [],
@ -57,19 +56,16 @@ const APP = {
groups: {}, groups: {},
}; };
/*
console.dir({ console.dir({
url: window.location.href, url: window.location.href,
hash: window.location.hash, hash: window.location.hash,
topic_id, topic_id,
view, view,
}); });
*/
if (!document.body.dataset.topic || document.body.dataset.topic !== topic_id) { if (!document.body.dataset.topic || document.body.dataset.topic !== topic_id) {
const previous = document.body.dataset.topic; const previous = document.body.dataset.topic;
/*
console.dir({ console.dir({
topic_changed: { topic_changed: {
detail: { detail: {
@ -78,7 +74,6 @@ const APP = {
}, },
}, },
}); });
*/
document.body.dataset.topic = topic_id; document.body.dataset.topic = topic_id;
@ -99,7 +94,6 @@ const APP = {
const previous = document.body.dataset.view; const previous = document.body.dataset.view;
document.body.dataset.view = view; document.body.dataset.view = view;
/*
console.dir({ console.dir({
view_changed: { view_changed: {
detail: { detail: {
@ -108,7 +102,6 @@ const APP = {
}, },
}, },
}); });
*/
this._emit( 'view_changed', { this._emit( 'view_changed', {
previous, previous,
@ -156,9 +149,8 @@ const APP = {
this._emit( 'load', this ); this._emit( 'load', this );
}, },
update_user: async function( user ) { update_user: async function( updated_user ) {
this.user = user; const user = this.user = updated_user;
document.body.dataset.user = JSON.stringify(user); document.body.dataset.user = JSON.stringify(user);
document.body.dataset.perms = user.permissions.join(":"); document.body.dataset.perms = user.permissions.join(":");

3
public/sidebar/sidebar.html
View file

@ -809,10 +809,9 @@
form.on_reply = (new_topic) => { form.on_reply = (new_topic) => {
const topic_list = document.getElementById("topic-list"); const topic_list = document.getElementById("topic-list");
topic_list.querySelectorAll( 'li' ).forEach( (li) => li.classList.remove( 'active' ) );
topic_list.insertAdjacentHTML( topic_list.insertAdjacentHTML(
"beforeend", "beforeend",
`<li id="topic-selector-${new_topic.id}" class="topic active"><a href="#/topic/${new_topic.id}">${new_topic.name}</a></li>`, `<li id="topic-selector-${new_topic.id}" class="topic"><a href="#/topic/${new_topic.id}">${new_topic.name}</a></li>`,
); );
new_topic_name_input.value = ""; new_topic_name_input.value = "";

7
public/signup_login_wall.html
View file

@ -105,7 +105,12 @@
const form = document.currentScript.closest("form"); const form = document.currentScript.closest("form");
form.on_reply = (response) => { form.on_reply = (response) => {
const user = response.user; const user = response.user;
APP.login( user ); document.body.dataset.user = JSON.stringify(user);
document.body.dataset.perms = user.permissions.join(":");
document.dispatchEvent(
new CustomEvent("user_logged_in", { detail: { user } }),
);
}; };
} }
</script> </script>

2
tests/03_login.test.ts
View file

@ -44,7 +44,7 @@ Deno.test({
} }
}); });
const _authed_user: USER | undefined = auth_response.user; const authed_user: USER | undefined = auth_response.user;
const authed_session: Record<string, any> | undefined = auth_response.session; const authed_session: Record<string, any> | undefined = auth_response.session;
cookies.push({ cookies.push({

39
tests/04_create_topic.test.ts
View file

@ -22,34 +22,14 @@ Deno.test({
port: test_server_info.port port: test_server_info.port
}); });
const root_user_info = await get_new_user(client); const info = await get_new_user(client);
try {
const root_user_topic = await client.fetch('/topics', {
method: 'POST',
headers: {
'x-session_id': root_user_info.session.id,
'x-totp': await generateTotp(root_user_info.session.secret)
},
json: {
name: 'this is the root user topic'
}
});
asserts.assert(root_user_topic);
} catch (error) {
const reason: string = (error as Error).cause as string ?? (error as Error).toString();
asserts.fail(reason);
}
const regular_user_info = await get_new_user(client, {}, root_user_info);
try { try {
const _permission_denied_topic = await client.fetch('/topics', { const _permission_denied_topic = await client.fetch('/topics', {
method: 'POST', method: 'POST',
headers: { headers: {
'x-session_id': regular_user_info.session.id, 'x-session_id': info.session.id,
'x-totp': await generateTotp(regular_user_info.session.secret) 'x-totp': await generateTotp(info.session.secret)
}, },
json: { json: {
name: 'this should not be allowed' name: 'this should not be allowed'
@ -61,14 +41,14 @@ Deno.test({
asserts.assertEquals((error as Error).cause, 'permission_denied'); asserts.assertEquals((error as Error).cause, 'permission_denied');
} }
await set_user_permissions(client, regular_user_info.user, regular_user_info.session, [...regular_user_info.user.permissions, 'topics.create']); await set_user_permissions(client, info.user, info.session, [...info.user.permissions, 'topics.create']);
try { try {
const _too_long_name_topic = await client.fetch('/topics', { const _too_long_name_topic = await client.fetch('/topics', {
method: 'POST', method: 'POST',
headers: { headers: {
'x-session_id': regular_user_info.session.id, 'x-session_id': info.session.id,
'x-totp': await generateTotp(regular_user_info.session.secret) 'x-totp': await generateTotp(info.session.secret)
}, },
json: { json: {
name: 'X'.repeat(1024) name: 'X'.repeat(1024)
@ -83,8 +63,8 @@ Deno.test({
const new_topic = await client.fetch('/topics', { const new_topic = await client.fetch('/topics', {
method: 'POST', method: 'POST',
headers: { headers: {
'x-session_id': regular_user_info.session.id, 'x-session_id': info.session.id,
'x-totp': await generateTotp(regular_user_info.session.secret) 'x-totp': await generateTotp(info.session.secret)
}, },
json: { json: {
name: 'test topic' name: 'test topic'
@ -93,8 +73,7 @@ Deno.test({
asserts.assert(new_topic); asserts.assert(new_topic);
await delete_user(client, regular_user_info); await delete_user(client, info);
await delete_user(client, root_user_info);
} finally { } finally {
clear_topic_events_cache(); clear_topic_events_cache();
if (test_server_info) { if (test_server_info) {

67
tests/11_file_uploads.test.ts
View file

@ -1,7 +1,8 @@
import { api, API_CLIENT } from '../utils/api.ts'; import { api, API_CLIENT } from '../utils/api.ts';
import * as asserts from '@std/assert'; import * as asserts from '@std/assert';
import { USER } from '../models/user.ts';
import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, random_username, set_user_permissions } from './helpers.ts'; import { delete_user, EPHEMERAL_SERVER, get_ephemeral_listen_server, get_new_user, random_username, set_user_permissions } from './helpers.ts';
import { Cookie } from '@std/http/cookie'; import { Cookie, getSetCookies } from '@std/http/cookie';
import { generateTotp } from '../utils/totp.ts'; import { generateTotp } from '../utils/totp.ts';
import * as fs from '@std/fs'; import * as fs from '@std/fs';
import * as path from '@std/path'; import * as path from '@std/path';
@ -135,11 +136,55 @@ Deno.test({
port: test_server_info.port port: test_server_info.port
}); });
const root_user_info = await get_new_user(client); const username = random_username();
asserts.assert(root_user_info); const password = 'password';
const regular_user_info = await get_new_user(client, {}, root_user_info); const user_creation_response: Record<string, any> = await client.fetch('/users', {
asserts.assert(regular_user_info); method: 'POST',
json: {
username,
password
}
});
asserts.assert(user_creation_response?.user);
asserts.assert(user_creation_response?.session);
let cookies: Cookie[] = [];
const auth_response: any = await client.fetch('/auth', {
method: 'POST',
json: {
username,
password: 'password'
},
done: (response) => {
cookies = getSetCookies(response.headers);
}
});
const user: USER | undefined = auth_response.user;
asserts.assert(user);
asserts.assert(user.id);
const session: Record<string, any> | undefined = auth_response.session;
asserts.assert(session);
cookies.push({
name: 'totp',
value: await generateTotp(session?.secret ?? ''),
maxAge: 30,
expires: Date.now() + 30_000,
path: '/'
});
const headers_for_upload_request = new Headers();
for (const cookie of cookies) {
headers_for_upload_request.append(`x-${cookie.name}`, cookie.value);
}
headers_for_upload_request.append(
'cookie',
cookies.map((cookie) => `${cookie.name}=${cookie.value}`).join('; ')
);
const upload_body = new FormData(); const upload_body = new FormData();
upload_body.append( upload_body.append(
@ -151,10 +196,7 @@ Deno.test({
`http://${test_server_info.hostname}:${test_server_info.port}/files/test_uploading_to_root_dir.txt`, `http://${test_server_info.hostname}:${test_server_info.port}/files/test_uploading_to_root_dir.txt`,
{ {
method: 'PUT', method: 'PUT',
headers: { headers: headers_for_upload_request,
'x-session_id': regular_user_info.session.id,
'x-totp': await generateTotp(regular_user_info.session.secret)
},
body: upload_body body: upload_body
} }
); );
@ -162,16 +204,13 @@ Deno.test({
asserts.assert(!disallowed_upload_response.ok); asserts.assert(!disallowed_upload_response.ok);
await disallowed_upload_response.text(); await disallowed_upload_response.text();
await set_user_permissions(client, regular_user_info.user, regular_user_info.session, [...regular_user_info.user.permissions, 'files.write.all']); await set_user_permissions(client, user, session, [...user.permissions, 'files.write.all']);
const allowed_upload_response = await fetch( const allowed_upload_response = await fetch(
`http://${test_server_info.hostname}:${test_server_info.port}/files/test_uploading_to_root_dir.txt`, `http://${test_server_info.hostname}:${test_server_info.port}/files/test_uploading_to_root_dir.txt`,
{ {
method: 'PUT', method: 'PUT',
headers: { headers: headers_for_upload_request,
'x-session_id': regular_user_info.session.id,
'x-totp': await generateTotp(regular_user_info.session.secret)
},
body: upload_body body: upload_body
} }
); );

9
utils/totp.ts
View file

@ -7,10 +7,9 @@ import { decodeBase32 } from '@std/encoding';
* *
* @ignore * @ignore
*/ */
export function counterToBuffer(counter: number): ArrayBuffer { export function counterToBuffer(counter: number): DataView {
const buffer = new ArrayBuffer(8); const buffer = new DataView(new ArrayBuffer(8));
const view = new DataView(buffer); buffer.setBigUint64(0, BigInt(counter), false);
view.setBigUint64(0, BigInt(counter), false);
return buffer; return buffer;
} }
@ -24,7 +23,7 @@ export async function generateHmacSha1(
): Promise<Uint8Array> { ): Promise<Uint8Array> {
const importedKey = await crypto.subtle.importKey( const importedKey = await crypto.subtle.importKey(
'raw', 'raw',
new Uint8Array(key), key,
{ name: 'HMAC', hash: 'SHA-1' }, { name: 'HMAC', hash: 'SHA-1' },
false, false,
['sign'] ['sign']