diff --git a/sunshine/confighttp.cpp b/sunshine/confighttp.cpp index 503a8c2f..2f60eda8 100644 --- a/sunshine/confighttp.cpp +++ b/sunshine/confighttp.cpp @@ -98,7 +98,7 @@ void not_found(resp_https_t response, req_https_t request) { void getIndexPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "index.html"); response->write(header + content); @@ -106,7 +106,7 @@ void getIndexPage(resp_https_t response, req_https_t request) { void getPinPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "pin.html"); response->write(header + content); @@ -114,7 +114,7 @@ void getPinPage(resp_https_t response, req_https_t request) { void getAppsPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "apps.html"); response->write(header + content); @@ -122,7 +122,7 @@ void getAppsPage(resp_https_t response, req_https_t request) { void getClientsPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "clients.html"); response->write(header + content); @@ -130,7 +130,7 @@ void getClientsPage(resp_https_t response, req_https_t request) { void getConfigPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "config.html"); response->write(header + content); @@ -138,7 +138,7 @@ void getConfigPage(resp_https_t response, req_https_t request) { void getPasswordPage(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string header = read_file(WEB_DIR "header.html"); std::string content = read_file(WEB_DIR "password.html"); response->write(header + content); @@ -146,14 +146,14 @@ void getPasswordPage(resp_https_t response, req_https_t request) { void getApps(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::string content = read_file(SUNSHINE_ASSETS_DIR "/" APPS_JSON); response->write(content); } void saveApp(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::stringstream ss; ss << request->content.rdbuf(); pt::ptree outputTree; @@ -172,10 +172,10 @@ void saveApp(resp_https_t response, req_https_t request) { int index = inputTree.get("index"); if(inputTree.get_child("prep-cmd").empty()) inputTree.erase("prep-cmd"); - + if(inputTree.get_child("detached").empty()) inputTree.erase("detached"); - + inputTree.erase("index"); if(index == -1) { apps_node.push_back(std::make_pair("", inputTree)); @@ -210,7 +210,7 @@ void saveApp(resp_https_t response, req_https_t request) { void deleteApp(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; @@ -256,7 +256,7 @@ void deleteApp(resp_https_t response, req_https_t request) { void getConfig(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + pt::ptree outputTree; auto g = util::fail_guard([&]() { std::ostringstream data; @@ -293,7 +293,7 @@ void getConfig(resp_https_t response, req_https_t request) { void saveConfig(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::stringstream ss; std::stringstream configStream; ss << request->content.rdbuf(); @@ -311,7 +311,7 @@ void saveConfig(resp_https_t response, req_https_t request) { for(const auto &kv : inputTree) { std::string value = inputTree.get(kv.first); if(value.length() == 0 || value.compare("null") == 0) continue; - + configStream << kv.first << " = " << value << std::endl; } http::write_file(SUNSHINE_ASSETS_DIR "/sunshine.conf", configStream.str()); @@ -326,19 +326,19 @@ void saveConfig(resp_https_t response, req_https_t request) { void savePassword(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::stringstream ss; std::stringstream configStream; ss << request->content.rdbuf(); - - pt::ptree inputTree,outputTree,fileTree; - + + pt::ptree inputTree, outputTree, fileTree; + auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); - + try { //TODO: Input Validation pt::read_json(ss, inputTree); @@ -347,23 +347,24 @@ void savePassword(resp_https_t response, req_https_t request) { std::string password = inputTree.get("currentPassword"); std::string newPassword = inputTree.get("newPassword"); std::string confirmPassword = inputTree.get("confirmNewPassword"); - if(newUsername.length() == 0) newUsername = username; - + if(newUsername.length() == 0) newUsername = username; + std::string hash = util::hex(crypto::hash(password + config::sunshine.salt)).to_string(); - if(username == config::sunshine.username && hash == config::sunshine.password){ - if(newPassword != confirmPassword){ - outputTree.put("status",false); - outputTree.put("error","Password Mismatch"); + if(username == config::sunshine.username && hash == config::sunshine.password) { + if(newPassword != confirmPassword) { + outputTree.put("status", false); + outputTree.put("error", "Password Mismatch"); } - fileTree.put("username",newUsername); - fileTree.put("password",util::hex(crypto::hash(newPassword + config::sunshine.salt)).to_string()); - fileTree.put("salt",config::sunshine.salt); - pt::write_json(config::sunshine.credentials_file,fileTree); + fileTree.put("username", newUsername); + fileTree.put("password", util::hex(crypto::hash(newPassword + config::sunshine.salt)).to_string()); + fileTree.put("salt", config::sunshine.salt); + pt::write_json(config::sunshine.credentials_file, fileTree); http::reload_user_creds(config::sunshine.credentials_file); - outputTree.put("status",true); - } else { - outputTree.put("status",false); - outputTree.put("error","Invalid Current Credentials"); + outputTree.put("status", true); + } + else { + outputTree.put("status", false); + outputTree.put("error", "Invalid Current Credentials"); } } catch(std::exception &e) { @@ -374,25 +375,25 @@ void savePassword(resp_https_t response, req_https_t request) { } } -void savePin(resp_https_t response, req_https_t request){ +void savePin(resp_https_t response, req_https_t request) { if(!authenticate(response, request)) return; - + std::stringstream ss; ss << request->content.rdbuf(); - - pt::ptree inputTree,outputTree; - + + pt::ptree inputTree, outputTree; + auto g = util::fail_guard([&]() { std::ostringstream data; pt::write_json(data, outputTree); response->write(data.str()); }); - + try { //TODO: Input Validation pt::read_json(ss, inputTree); std::string pin = inputTree.get("pin"); - outputTree.put("status",nvhttp::pin(pin)); + outputTree.put("status", nvhttp::pin(pin)); } catch(std::exception &e) { BOOST_LOG(warning) << e.what(); diff --git a/sunshine/crypto.cpp b/sunshine/crypto.cpp index 58053a03..d1f2e55c 100644 --- a/sunshine/crypto.cpp +++ b/sunshine/crypto.cpp @@ -340,21 +340,13 @@ void md_ctx_destroy(EVP_MD_CTX *ctx) { EVP_MD_CTX_destroy(ctx); } -std::string rand_string(std::size_t bytes) { - std::string alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!%&()=-"; - std::string value = rand(bytes); +std::string rand_alphabet(std::size_t bytes, const std::string_view &alphabet) { + auto value = rand(bytes); + for(std::size_t i = 0; i != value.size(); ++i) { value[i] = alphabet[value[i] % alphabet.length()]; } return value; } -std::string hash_hexstr(const std::string_view &plaintext) { - sha256_t hashBytes = crypto::hash(plaintext); - std::ostringstream hashStream; - hashStream << std::hex << std::setfill('0'); - std::for_each(hashBytes.cbegin(), hashBytes.cend(), [&](int c) { hashStream << std::setw(2) << c; }); - std::string hashString = hashStream.str(); - return hashString; -} } // namespace crypto \ No newline at end of file diff --git a/sunshine/crypto.h b/sunshine/crypto.h index 369a417c..30de5495 100644 --- a/sunshine/crypto.h +++ b/sunshine/crypto.h @@ -36,7 +36,7 @@ using bio_t = util::safe_ptr; using pkey_t = util::safe_ptr; sha256_t hash(const std::string_view &plaintext); -std::string hash_hexstr(const std::string_view &plaintext); + aes_t gen_aes_key(const std::array &salt, const std::string_view &pin); x509_t x509(const std::string_view &x); @@ -52,7 +52,8 @@ creds_t gen_creds(const std::string_view &cn, std::uint32_t key_bits); std::string_view signature(const x509_t &x); std::string rand(std::size_t bytes); -std::string rand_string(std::size_t bytes); +std::string rand_alphabet(std::size_t bytes, + const std::string_view &alphabet = std::string_view { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!%&()=-" }); class cert_chain_t { public: diff --git a/sunshine/httpcommon.cpp b/sunshine/httpcommon.cpp index 1eb36924..e30d1d68 100644 --- a/sunshine/httpcommon.cpp +++ b/sunshine/httpcommon.cpp @@ -68,8 +68,8 @@ int generate_user_creds(const std::string &file) { pt::ptree outputTree; try { std::string username = "sunshine"; - std::string plainPassword = crypto::rand_string(16); - std::string salt = crypto::rand_string(16); + std::string plainPassword = crypto::rand_alphabet(16); + std::string salt = crypto::rand_alphabet(16); outputTree.put("username", "sunshine"); outputTree.put("salt", salt); outputTree.put("password", util::hex(crypto::hash(plainPassword + salt)).to_string());