Compare commits

..

6 commits

Author SHA1 Message Date
0638ed6601 fix frontend 2024-01-17 20:24:14 +03:00
79a00f0866 Merge remote-tracking branch 'origin/frontend' 2024-01-17 20:08:31 +03:00
e6bf86caa9 feat: web 2024-01-16 12:09:51 +03:00
04fb803330 refactor 2024-01-15 21:03:57 +03:00
850d0af0bb modify html 2024-01-15 20:58:19 +03:00
9e02980415 modify html 2024-01-15 20:19:23 +03:00
4 changed files with 105 additions and 50 deletions

View file

@ -1,7 +1,7 @@
{ {
"ContractCheckSum": "none", "ContractCheckSum": "5e4375b9e8214ed4183659114735a94ac26033d7",
"AuthServerPort": 9096, "AuthServerPort": 9096,
"WalletFile": "none", "WalletFile": "../../frostfs-aio/morph/node-wallet.json",
"EndpointUrl": "url", "EndpointUrl": "http://localhost:30333",
"AccountSecret": "one" "AccountSecret": "one"
} }

View file

@ -3,10 +3,6 @@ package main
import ( import (
"auth-server/logic" "auth-server/logic"
"context" "context"
"net/url"
"os"
"strconv"
"github.com/go-oauth2/oauth2/v4/errors" "github.com/go-oauth2/oauth2/v4/errors"
"github.com/go-oauth2/oauth2/v4/manage" "github.com/go-oauth2/oauth2/v4/manage"
"github.com/go-oauth2/oauth2/v4/server" "github.com/go-oauth2/oauth2/v4/server"
@ -16,10 +12,12 @@ import (
"github.com/nspcc-dev/neo-go/pkg/rpcclient/actor" "github.com/nspcc-dev/neo-go/pkg/rpcclient/actor"
"github.com/nspcc-dev/neo-go/pkg/util" "github.com/nspcc-dev/neo-go/pkg/util"
"github.com/nspcc-dev/neo-go/pkg/wallet" "github.com/nspcc-dev/neo-go/pkg/wallet"
"log" "log"
"log/slog" "log/slog"
"net/http" "net/http"
"net/url"
"os"
"strconv"
) )
func main() { func main() {
@ -98,12 +96,12 @@ func main() {
r.Form.Add("grant_type", r.URL.Query().Get("grant_type")) r.Form.Add("grant_type", r.URL.Query().Get("grant_type"))
r.Form.Add("scope", r.URL.Query().Get("scope")) r.Form.Add("scope", r.URL.Query().Get("scope"))
srv.HandleTokenRequest(w, r) // verifying secret srv.HandleTokenRequest(w, r) // grants access token
}) })
http.HandleFunc("/register", func(writer http.ResponseWriter, request *http.Request) { http.HandleFunc("/register", func(writer http.ResponseWriter, request *http.Request) {
id := request.Header.Get("client_id") id := request.URL.Query().Get("client_id")
secret := request.Header.Get("client_secret") secret := request.URL.Query().Get("client_secret")
// check whether client exists // check whether client exists
_, err := blockchainStorage.GetByID(context.Background(), id) _, err := blockchainStorage.GetByID(context.Background(), id)
@ -115,16 +113,6 @@ func main() {
return return
} }
/* redundant
// add client's credentials to in memory storage
err = logic.AddInMemoryClient(id, "", "", false)
if err != nil {
slog.Error("Fault during setting client credentials", err)
writer.WriteHeader(http.StatusInternalServerError)
return
}
*/
// add client's credentials to blockchain // add client's credentials to blockchain
err = blockchainStorage.Set(&logic.StorageClientInfo{ err = blockchainStorage.Set(&logic.StorageClientInfo{
Id: id, Id: id,
@ -137,14 +125,10 @@ func main() {
return return
} }
writer.WriteHeader(http.StatusOK) redirectURL := "/login.html"
http.Redirect(writer, request, redirectURL, http.StatusSeeOther)
}) })
// for tests, can access only with valid token (when logged in)
http.HandleFunc("/protected", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Hello, I'm protected"))
}, srv))
// can access only with valid token (when logged in), deletes client // can access only with valid token (when logged in), deletes client
http.HandleFunc("/delete", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) { http.HandleFunc("/delete", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) {
id := r.Header.Get("client_id") id := r.Header.Get("client_id")
@ -167,10 +151,6 @@ func main() {
w.Write([]byte(errorMessage)) w.Write([]byte(errorMessage))
} }
/* redundant
logic.DeleteInMemoryClient(id)
*/
}, srv)) }, srv))
// can access only with valid token (when logged in), deletes client and creates new one with another secret // can access only with valid token (when logged in), deletes client and creates new one with another secret
@ -196,21 +176,6 @@ func main() {
w.Write([]byte(errorMessage)) w.Write([]byte(errorMessage))
} }
/* redundant
logic.DeleteInMemoryClient(id)
*/
/*
// add client with new credentials to in memory storage
err = logic.AddInMemoryClient(id, "", "", false)
if err != nil {
slog.Error(errorMessage+" (caused by in memory storage) for client with id: "+id, err)
w.WriteHeader(http.StatusInternalServerError)
w.Write([]byte(errorMessage))
return
}
*/
// add client with new credentials to blockchain // add client with new credentials to blockchain
err = blockchainStorage.Set(&logic.StorageClientInfo{ err = blockchainStorage.Set(&logic.StorageClientInfo{
Id: id, Id: id,
@ -233,6 +198,11 @@ func main() {
outputHTML(w, r, "static/register.html") outputHTML(w, r, "static/register.html")
}) })
// can access only with valid token (when logged in)
http.HandleFunc("/verify", logic.ValidateToken(func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusOK)
}, srv))
log.Fatal(http.ListenAndServe(":"+strconv.Itoa(config.AuthServerPort), nil)) log.Fatal(http.ListenAndServe(":"+strconv.Itoa(config.AuthServerPort), nil))
} }

View file

@ -12,9 +12,11 @@
background-color: black; background-color: black;
color: white; color: white;
} }
label { label {
font-size: 20px; font-size: 20px;
} }
input { input {
background-color: #282828; background-color: #282828;
border: none; border: none;
@ -24,6 +26,7 @@
margin-bottom: 20px; margin-bottom: 20px;
padding: 10px; padding: 10px;
} }
button { button {
background-color: #4CAF50; background-color: #4CAF50;
border: none; border: none;
@ -32,6 +35,7 @@
padding: 10px 20px; padding: 10px 20px;
margin-top: 20px; margin-top: 20px;
} }
button:hover { button:hover {
background-color: #3e8e41; background-color: #3e8e41;
} }
@ -60,11 +64,11 @@
const userLogin = document.querySelector('input[name="user_login"]').value; const userLogin = document.querySelector('input[name="user_login"]').value;
const clientSecret = document.querySelector('input[name="client_secret"]').value; const clientSecret = document.querySelector('input[name="client_secret"]').value;
const backRedirectionAddress = new URLSearchParams(window.location.search).get('back_redirection_address'); const backRedirectionAddress = new URLSearchParams(window.location.search).get('back_redirection_address');
fetch(`http://auth-server/login?user_login=${userLogin}&client_secret=${clientSecret}`) fetch(`http://localhost:9096/login?client_id=${userLogin}&client_secret=${clientSecret}&scope=all&grant_type=client_credentials`)
.then(response => response.json()) .then(response => response.json())
.then(data => { .then(data => {
const accessToken = data.access_token;
window.location.href = `${backRedirectionAddress}?access_token=${accessToken}&user_login=${userLogin}`; window.location.href = `https://${backRedirectionAddress}?access_token=${accessToken}&user_login=${userLogin}`;
}) })
.catch(error => console.error(error)); .catch(error => console.error(error));
}); });
@ -72,3 +76,9 @@
</body> </body>
</html> </html>
<style>
.btn-primary {
margin-top: 10px;
}
</style>

75
index.html Normal file
View file

@ -0,0 +1,75 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Hacker Token Verifier</title>
<script src="script.js"></script>
<style> body {
background-color: #000;
color: #0f0;
font-family: 'Courier New', monospace;
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
margin: 0;
}
.container {
text-align: center;
}
button, input {
background-color: #000;
color: #0f0;
border: 2px solid #0f0;
padding: 5px 10px;
font-size: 16px;
cursor: pointer;
}
input[type="text"] {
margin-top: 10px;
width: 300px;
}
.message {
margin-top: 10px;
} </style>
</head>
<body>
<div class="container">
<button id="login">Login via oauth</button>
<div class="message"></div>
<input type="text" id="input-token" placeholder="Enter token">
<button id="verify-token">Verify Token</button>
</div>
</body>
<script>
const generateTokenButton = document.getElementById('login');
const inputToken = document.getElementById('input-token');
const verifyTokenButton = document.getElementById('verify-token');
const message = document.querySelector('.message');
generateTokenButton.addEventListener('click', () => {
// ALARM ТУТ ЗАХАРДКОЖЕНОООООО
const token = '12345';
navigator.clipboard.writeText(token);
message.textContent = 'Token copied to clipboard: ' + token;
});
verifyTokenButton.addEventListener('click', () => {
const token = inputToken.value;
// ALARM ТУТ ЗАХАРДКОЖЕНОООООО
const correctToken = '12345';
if (token === correctToken) {
message.textContent = 'Token is correct';
} else {
message.textContent = 'Token is incorrect';
}
});
</script>