MCMi460/3DS-RPC
1
Fork 0
mirror of https://github.com/MCMi460/3DS-RPC.git synced 2025-06-19 05:55:36 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Slight update to authentication

Browse Source 
Introduce redirection retention!
This commit is contained in:
Deltaion Lee 2022-11-25 15:25:25 -06:00
parent 7dbd1472c6
commit ae82d30e63
7 changed files with 88 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
server/server.py
View File

@ -4,7 +4,7 @@ from flask import Flask, make_response, request, redirect, render_template
from flask_limiter import Limiter from flask_limiter import Limiter
from flask_limiter.util import get_remote_address from flask_limiter.util import get_remote_address
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
import sqlite3, requests, sys, os, time, json, random, string, hashlib, secrets import sqlite3, requests, sys, os, time, json, random, string, hashlib, secrets, urllib
sys.path.append('../') sys.path.append('../')
from api import * from api import *
@ -116,8 +116,6 @@ def verifyAccount(friendCode:int, password:str):
h = hashlib.md5(password.encode('utf-8')).hexdigest() h = hashlib.md5(password.encode('utf-8')).hexdigest()
result = db.session.execute('SELECT password FROM auth WHERE friendCode = \'%s\'' % str(friendCode).zfill(12)) result = db.session.execute('SELECT password FROM auth WHERE friendCode = \'%s\'' % str(friendCode).zfill(12))
result = result.fetchone() result = result.fetchone()
print(password)
print(result,h)
if not result: if not result:
return False return False
if not result[0]: if not result[0]:
@ -187,7 +185,13 @@ def loginPage():
key = request.cookies.get('token') key = request.cookies.get('token')
if key: if key:
return redirect('/') return redirect('/')
return render_template('dist/login.html') redirectURL = request.args.get('redirectFrom')
data = {}
if redirectURL:
data = {
'redirectFrom': '?redirectFrom=' + urllib.parse.quote_plus(redirectURL),
}
return render_template('dist/login.html', data = data)
# Register page # Register page
@app.route('/register.html') @app.route('/register.html')
@ -203,7 +207,7 @@ def registerPage():
def authPage(): def authPage():
try: try:
fc = request.form['fc'] fc = request.form['fc']
fc = convertPrincipalIdtoFriendCode(convertFriendCodeToPrincipalId(fc)) fc = str(convertPrincipalIdtoFriendCode(convertFriendCodeToPrincipalId(fc))).zfill(12)
if checkVerification(fc): if checkVerification(fc):
raise Exception() raise Exception()
except: except:
@ -222,7 +226,7 @@ def authPage():
# Auth page # Auth page
@app.route('/password.html') @app.route('/password.html')
#@limiter.limit('1/minute') @limiter.limit('1/minute')
def passPage(): def passPage():
try: try:
fc = request.args['fc'] fc = request.args['fc']
@ -280,6 +284,11 @@ def invalid2():
def invalid3(): def invalid3():
return render_template('dist/invalid3.html') return render_template('dist/invalid3.html')
# Invalid4 page
@app.route('/invalid4.html')
def invalid4():
return render_template('dist/invalid4.html')
# 500 page # 500 page
@app.route('/500.html') @app.route('/500.html')
def fiveHundred(): def fiveHundred():
@ -347,8 +356,7 @@ def cdnImage(file:str):
def addFriend(friendCode:int): def addFriend(friendCode:int):
key = request.cookies.get('token') key = request.cookies.get('token')
if not key: if not key:
response = make_response(redirect('/login.html')) response = make_response(redirect('/login.html' + '?redirectFrom=' + urllib.parse.quote_plus('f/' + str(friendCode))))
response.headers['redirectFrom'] = friendCode
return response return response
try: try:
fc = getFCFromKey(key) fc = getFCFromKey(key)
@ -373,18 +381,25 @@ def login():
try: try:
fc = convertPrincipalIdtoFriendCode(convertFriendCodeToPrincipalId(fc)) fc = convertPrincipalIdtoFriendCode(convertFriendCodeToPrincipalId(fc))
createUser(fc) createUser(fc)
except:
return redirect('/invalid.html')
try:
key = verifyAccount(fc, password) key = verifyAccount(fc, password)
if not key: if not key:
raise Exception() raise Exception()
response = make_response(redirect('/')) redirectURL = request.args.get('redirectFrom')
url = '/'
if redirectURL:
url = url + redirectURL
response = make_response(redirect(url))
response.set_cookie('token', str(key)) response.set_cookie('token', str(key))
return response return response
except: except:
return redirect('/invalid.html') return redirect('/invalid4.html')
# Register # Register
@app.route('/register', methods=['POST']) @app.route('/register', methods=['POST'])
@limiter.limit('2/minute') @limiter.limit('1/minute')
def register(): def register():
try: try:
password = request.form['password'] password = request.form['password']
@ -396,8 +411,7 @@ def register():
if len(password) < 5 or len(password) > 32 or not password.isalnum(): if len(password) < 5 or len(password) > 32 or not password.isalnum():
return redirect('/invalid3.html') return redirect('/invalid3.html')
createAccount(fc, password) createAccount(fc, password)
except Exception as e: except:
print(e)
return 'Invalid registration' return 'Invalid registration'
try: try:
return redirect('/login.html') return redirect('/login.html')

5
server/templates/dist/invalid2.html vendored
View File

@ -20,10 +20,7 @@
<div class="text-center mt-4"> <div class="text-center mt-4">
<h1 class="display-1">Invalid Auth Code</h1> <h1 class="display-1">Invalid Auth Code</h1>
<p class="lead">Verification has failed</p> <p class="lead">Verification has failed</p>
<a href="index.html"> <div class="small">(Press the back button and then wait a few minutes before pressing continue again if you know that you've entered the authentication code correctly)</div>
<i class="fas fa-arrow-left me-1"></i>
Return to Home
</a>
</div> </div>
</div> </div>
</div> </div>

44
server/templates/dist/invalid4.html vendored Normal file
View File

@ -0,0 +1,44 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>404 Error | 3DS-RPC</title>
<link href="{{ url_for('static',filename='css/styles.css') }}" rel="stylesheet" />
<script src="https://use.fontawesome.com/releases/v6.1.0/js/all.js" crossorigin="anonymous"></script>
</head>
<body>
<div id="layoutError">
<div id="layoutError_content">
<main>
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-6">
<div class="text-center mt-4">
<h1 class="display-1">Invalid Password</h1>
<p class="lead">An incorrect password has been entered.</p>
<a href="login.html">
<i class="fas fa-arrow-left me-1"></i>
Back
</a>
</div>
</div>
</div>
</div>
</main>
</div>
<div id="layoutError_footer">
<footer class="py-4 bg-light mt-auto">
<div class="container-fluid px-4">
<div class="d-flex align-items-center justify-content-between small"><div class="text-muted">Copyright &copy; 3DS-RPC 2022</div></div>
</div>
</footer>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js" crossorigin="anonymous"></script>
<script src="{{ url_for('static',filename='js/scripts.js') }}"></script>
</body>
</html>

2
server/templates/dist/login.html vendored
View File

@ -20,7 +20,7 @@
<div class="card shadow-lg border-0 rounded-lg mt-5"> <div class="card shadow-lg border-0 rounded-lg mt-5">
<div class="card-header"><h3 class="text-center font-weight-light my-4">Login</h3></div> <div class="card-header"><h3 class="text-center font-weight-light my-4">Login</h3></div>
<div class="card-body"> <div class="card-body">
<form action="/login" method="POST"> <form action='/login{{ data["redirectFrom"] }}' method="POST">
<div class="form-floating mb-3"> <div class="form-floating mb-3">
<input class="form-control" id="inputFC" type="text" placeholder="1234-5678-9012" name="fc" value="" /> <input class="form-control" id="inputFC" type="text" placeholder="1234-5678-9012" name="fc" value="" />
<label for="inputFC">Friend Code</label> <label for="inputFC">Friend Code</label>

5
server/templates/src/pug/pages/invalid2.pug
View File

@ -7,6 +7,5 @@ block content
.text-center.mt-4 .text-center.mt-4
h1.display-1 Invalid Auth Code h1.display-1 Invalid Auth Code
p.lead Verification has failed p.lead Verification has failed
a(href='index.html') .small
i.fas.fa-arrow-left.me-1 | (Press the back button and then wait a few minutes before pressing continue again if you know that you've entered the authentication code correctly)
| Return to Home

12
server/templates/src/pug/pages/invalid4.pug Normal file
View File

@ -0,0 +1,12 @@
extends ../layouts/error.pug
block content
.container
.row.justify-content-center
.col-lg-6
.text-center.mt-4
h1.display-1 Invalid Password
p.lead An incorrect password has been entered.
a(href='login.html')
i.fas.fa-arrow-left.me-1
| Back

2
server/templates/src/pug/pages/login.pug
View File

@ -11,7 +11,7 @@ block content
.card-header .card-header
h3.text-center.font-weight-light.my-4 Login h3.text-center.font-weight-light.my-4 Login
.card-body .card-body
form(action='/login', method='POST') form(action='/login{{ data["redirectFrom"] }}', method='POST')
.form-floating.mb-3 .form-floating.mb-3
input#inputFC.form-control(type='text', placeholder='1234-5678-9012', name='fc', value='') input#inputFC.form-control(type='text', placeholder='1234-5678-9012', name='fc', value='')
label(for='inputFC') Friend Code label(for='inputFC') Friend Code