diff options
| author | RaindropsSys <contact@minteck.org> | 2023-05-12 16:43:04 +0200 |
|---|---|---|
| committer | RaindropsSys <contact@minteck.org> | 2023-05-12 16:43:04 +0200 |
| commit | 0e4f6cea6a4f8d1f860ded405a66f9fca9d93d96 (patch) | |
| tree | f8dcad460d9120442e23c8c567ba246eed39f71a /pages | |
| parent | 761c84c0c17c04113608a20e8401270023741c7e (diff) | |
| download | pluralconnect-0e4f6cea6a4f8d1f860ded405a66f9fca9d93d96.tar.gz pluralconnect-0e4f6cea6a4f8d1f860ded405a66f9fca9d93d96.tar.bz2 pluralconnect-0e4f6cea6a4f8d1f860ded405a66f9fca9d93d96.zip | |
Updated 5 files and added 29 files (automated)
Diffstat (limited to 'pages')
| -rw-r--r-- | pages/api/reauthenticate.php | 19 | ||||
| -rw-r--r-- | pages/pair.inc | 188 |
2 files changed, 207 insertions, 0 deletions
diff --git a/pages/api/reauthenticate.php b/pages/api/reauthenticate.php new file mode 100644 index 0000000..50657cc --- /dev/null +++ b/pages/api/reauthenticate.php @@ -0,0 +1,19 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/functions.inc"; +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/util/session.inc"; global $isLoggedIn; global $isLowerLoggedIn; + +header("Content-Type: text/plain"); + +if (!$isLoggedIn || $isLowerLoggedIn) { + header("Location: /-/login"); + die(); +} + +$newToken = generateToken(); + +if (isset($_COOKIE['PEH2_SESSION_TOKEN'])) { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $newToken, file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $_COOKIE['PEH2_SESSION_TOKEN'])); +} + +die($newToken);
\ No newline at end of file diff --git a/pages/pair.inc b/pages/pair.inc new file mode 100644 index 0000000..7f57420 --- /dev/null +++ b/pages/pair.inc @@ -0,0 +1,188 @@ +<?php + +require_once $_SERVER['DOCUMENT_ROOT'] . "/includes/init.inc"; global $title; global $isLoggedIn; global $isLowerLoggedIn; global $lang; global $pages; +require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/components/header.inc'; global $_PROFILE; + +?> + +<br> +<div class="container"> + <h1>Pair a new device</h1> + + <div class="alert alert-success alert-dismissible" id="pair-confirm" style="display: none;"> + <button type="button" class="btn-close" onclick="document.getElementById('pair-confirm').style.display='none';"></button> + Successfully paired "<span id="paired-name-1">-</span>" with your Cold Haze account. You may now close this page. + </div> + + <div class="alert alert-danger alert-dismissible" id="pair-cancel" style="display: none;"> + <button type="button" class="btn-close" onclick="document.getElementById('pair-cancel').style.display='none';"></button> + Cancelled pairing "<span id="paired-name-2">-</span>", this device does not have access to your account. You may now close this page. + </div> + + <p>Pairing allows a connected device that cannot normally use Cold Haze to gather data. This device will get full access to your account as if they were acting on your behalf, so make sure you trust the device and/or application you are using.</p> + + <p>Equestria.dev may not have verified the application you use, always check for a signature. Enter the pairing code displayed on your device below:</p> + + <input autofocus type="text" placeholder="Pairing code" class="form-control" style="margin-bottom:15px;color:white;background:#111;border-color:#222;" id="code"> +</div> + +<div class="modal fade" id="confirm"> + <div class="modal-dialog"> + <div class="modal-content"> + + <div class="modal-header"> + <h4 class="modal-title">Confirm pairing request</h4> + <button type="button" class="btn-close" onclick="reject();"></button> + </div> + + <div class="modal-body"> + <p>You are about to pair the following device with your Cold Haze account:</p> + <blockquote style="display: grid; grid-template-columns: max-content 1fr; grid-gap: 10px;"> + <div style="display: flex; align-items: center; justify-content: center;"> + <img src="/assets/logo/newlogo3.png" style="width: 32px; height: 32px;"> + </div> + <div> + <b>Name:</b> <span id="device-name">-</span><br> + <b>Address:</b> <span id="device-address">-</span> + </div> + </blockquote> + <p class="text-danger">Only enter pairing codes coming from your physical device, not a screenshot or a photo. Never use a code sent to you by another user, even if you trust them.</p> + <span class="btn btn-success disabled" id="modal-button" style="margin-right: 5px;" onclick="confirm();">Confirm</span><span class="btn btn-outline-secondary" onclick="reject();">Cancel</span> + </div> + </div> + </div> +</div> + +<style> + .modal-header { + border-bottom: 1px solid #353738; + } + + .modal-content { + border: 1px solid rgba(255, 255, 255, .2); + background-color: #111; + } + + .btn-close { + filter: invert(1); + } + + .alert-dismissible .btn-close { + filter: none !important; + } + + blockquote { + margin-left: 5px; + padding-left: 10px; + border-left: 3px solid rgba(255, 255, 255, .25); + } +</style> + +<script src="/assets/editor/ua-parser.js"></script> +<script> + const modal = new bootstrap.Modal(document.getElementById("confirm")); + + (async () => { + const token = await (await fetch("/api/token")).text(); + let ws = window.ws = new WebSocket("wss://ponies.equestria.horse/_PairingServices-WebSocket-EntryPoint/socket"); + + ws.onopen = (event) => { + console.log(event); + } + + ws.onclose = (event) => { + console.log(event); + } + + ws.onmessage = (event) => { + let data = JSON.parse(event.data); + console.log(event, data); + + if (data.type === "init") { + ws.send(JSON.stringify({ + type: "init", + token + })); + } else if (data.type === "invalid") { + document.getElementById("code").value = ""; + document.getElementById("code").disabled = false; + modal.hide(); + document.getElementById("code").focus(); + } else if (data.type === "device") { + document.getElementById("device-name").innerText = document.getElementById("paired-name-1").innerText = document.getElementById("paired-name-2").innerText = data.identity.name; + document.getElementById("device-address").innerText = data.identity.address; + document.getElementById("modal-button").classList.add("disabled"); + modal.show(); + + setTimeout(() => { + document.getElementById("modal-button").classList.remove("disabled"); + }, 3000); + } + } + })(); + + document.getElementById("code").onkeyup = document.getElementById("code").onkeydown = () => { + if (document.getElementById("code").value.length > 0) { + document.getElementById("pair-confirm").style.display = "none"; + document.getElementById("pair-cancel").style.display = "none"; + } + + if (document.getElementById("code").value.length === 5) { + document.getElementById("code").disabled = true; + pair(document.getElementById("code").value); + } + } + + window.currentCode = null; + + function pair(code) { + const ua = new UAParser(navigator.userAgent).getResult(); + const username = `<?= $_PROFILE["name"] ?>`; + + window.currentCode = code; + + ws.send(JSON.stringify({ + type: "fetch", + identity: { + name: username, + platform: ua.browser.name + " " + ua.browser.major + " on " + ua.os.name + }, + code + })); + } + + async function confirm() { + document.getElementById("pair-confirm").style.display = ""; + + document.getElementById("code").value = ""; + document.getElementById("code").disabled = false; + modal.hide(); + document.getElementById("code").focus(); + + ws.send(JSON.stringify({ + type: "confirm", + code: window.currentCode, + token: (await (await fetch("/api/reauthenticate")).text()).trim() + })); + } + + async function reject() { + document.getElementById("pair-cancel").style.display = ""; + + document.getElementById("code").value = ""; + document.getElementById("code").disabled = false; + modal.hide(); + document.getElementById("code").focus(); + + ws.send(JSON.stringify({ + type: "reject", + code: window.currentCode + })); + } + + window.onload = () => { + document.getElementById("code").focus(); + } +</script> + +<?php require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/components/footer.inc'; ?> |