PUSH

-> its to late for me
MythicalLTD · Nov 30, 2024 · 3b1f31f · 3b1f31f
1 parent 4a51575
commit 3b1f31f
Show file tree

Hide file tree

Showing 17 changed files with 204 additions and 61 deletions.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -5,6 +5,7 @@
         "Predis",
         "recommand",
         "Regen",
+        "SOURCECODE",
         "Swal",
         "sweetalert"
     ]

diff --git a/backend/app/Api/User/Auth/ForgotPassword.php b/backend/app/Api/User/Auth/ForgotPassword.php
@@ -31,6 +31,7 @@
 
 use MythicalClient\App;
 use MythicalClient\Chat\User;
+use MythicalClient\CloudFlare\CloudFlareRealIP;
 use MythicalSystems\CloudFlare\Turnstile;
 use MythicalClient\Config\ConfigInterface;
 use MythicalSystems\CloudFlare\CloudFlare;
@@ -60,7 +61,7 @@
             $appInstance->BadRequest('Bad Request', ['error_code' => 'TURNSTILE_FAILED']);
         }
         $cfTurnstileResponse = $_POST['turnstileResponse'];
-        if (!Turnstile::validate($cfTurnstileResponse, CloudFlare::getRealUserIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
+        if (!Turnstile::validate($cfTurnstileResponse, CloudFlareRealIP::getRealIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
             $appInstance->BadRequest('Invalid TurnStile Key', ['error_code' => 'TURNSTILE_FAILED']);
         }
     }

diff --git a/backend/app/Api/User/Auth/Login.php b/backend/app/Api/User/Auth/Login.php
@@ -31,6 +31,7 @@
 
 use MythicalClient\App;
 use MythicalClient\Chat\User;
+use MythicalClient\CloudFlare\CloudFlareRealIP;
 use MythicalClient\Mail\Mail;
 use MythicalSystems\CloudFlare\Turnstile;
 use MythicalClient\Config\ConfigInterface;
@@ -66,7 +67,7 @@
             $appInstance->BadRequest('Bad Request', ['error_code' => 'TURNSTILE_FAILED']);
         }
         $cfTurnstileResponse = $_POST['turnstileResponse'];
-        if (!Turnstile::validate($cfTurnstileResponse, CloudFlare::getRealUserIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
+        if (!Turnstile::validate($cfTurnstileResponse, CloudFlareRealIP::getRealIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
             $appInstance->BadRequest('Invalid TurnStile Key', ['error_code' => 'TURNSTILE_FAILED']);
         }
     }

diff --git a/backend/app/Api/User/Auth/Register.php b/backend/app/Api/User/Auth/Register.php
@@ -31,6 +31,7 @@
 
 use MythicalClient\App;
 use MythicalClient\Chat\User;
+use MythicalClient\CloudFlare\CloudFlareRealIP;
 use MythicalSystems\CloudFlare\Turnstile;
 use MythicalClient\Config\ConfigInterface;
 use MythicalSystems\CloudFlare\CloudFlare;
@@ -74,7 +75,7 @@
             $appInstance->BadRequest('Bad Request', ['error_code' => 'TURNSTILE_FAILED']);
         }
         $cfTurnstileResponse = $_POST['turnstileResponse'];
-        if (!Turnstile::validate($cfTurnstileResponse, CloudFlare::getRealUserIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
+        if (!Turnstile::validate($cfTurnstileResponse, CloudFlareRealIP::getRealIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
             $appInstance->BadRequest('Invalid TurnStile Key', ['error_code' => 'TURNSTILE_FAILED']);
         }
     }
@@ -97,7 +98,7 @@
         if (User::exists(UserColumns::EMAIL, $email)) {
             $appInstance->BadRequest('Bad Request', ['error_code' => 'EMAIL_ALREADY_IN_USE']);
         }
-        User::register($username, $password, $email, $firstName, $lastName, CloudFlare::getRealUserIP());
+        User::register($username, $password, $email, $firstName, $lastName, CloudFlareRealIP::getRealIP());
         App::OK('User registered', []);
 
     } catch (Exception $e) {

diff --git a/backend/app/Api/User/Auth/ResetPassword.php b/backend/app/Api/User/Auth/ResetPassword.php
@@ -32,6 +32,7 @@
 use MythicalClient\App;
 use MythicalClient\Chat\User;
 use MythicalClient\Chat\Verification;
+use MythicalClient\CloudFlare\CloudFlareRealIP;
 use MythicalSystems\CloudFlare\Turnstile;
 use MythicalClient\Config\ConfigInterface;
 use MythicalSystems\CloudFlare\CloudFlare;
@@ -94,7 +95,7 @@
             $appInstance->BadRequest('Bad Request', ['error_code' => 'TURNSTILE_FAILED']);
         }
         $cfTurnstileResponse = $_POST['turnstileResponse'];
-        if (!Turnstile::validate($cfTurnstileResponse, CloudFlare::getRealUserIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
+        if (!Turnstile::validate($cfTurnstileResponse, CloudFlareRealIP::getRealIP(), $config->getSetting(ConfigInterface::TURNSTILE_KEY_PRIV, 'XXXX'))) {
             $appInstance->BadRequest('Invalid TurnStile Key', ['error_code' => 'TURNSTILE_FAILED']);
         }
     }

diff --git a/backend/app/Api/User/Auth/Verify.php b/backend/app/Api/User/Auth/Verify.php
@@ -0,0 +1,68 @@
+<?php
+
+/*
+ * This file is part of MythicalClient.
+ * Please view the LICENSE file that was distributed with this source code.
+ *
+ * MIT License
+ *
+ * (c) MythicalSystems <mythicalsystems.xyz> - All rights reserved
+ * (c) NaysKutzu <nayskutzu.xyz> - All rights reserved
+ * (c) Cassian Gherman <nayskutzu.xyz> - All rights reserved
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+use MythicalClient\App;
+use MythicalClient\Chat\User;
+use MythicalClient\Chat\Verification;
+use MythicalClient\Chat\columns\UserColumns;
+use MythicalClient\Chat\columns\EmailVerificationColumns;
+
+$router->get('/api/user/auth/verify', function (): void {
+    App::init();
+    $appInstance = App::getInstance(true);
+    $config = $appInstance->getConfig();
+
+    $appInstance->allowOnlyGET();
+
+    if (isset($_GET['code']) && $_GET['code'] != '') {
+        $code = $_GET['code'];
+
+        if (Verification::verify($code, EmailVerificationColumns::$type_verify)) {
+            if (User::exists(UserColumns::UUID, Verification::getUserUUID($code))) {
+                $token = User::getInfo(User::getTokenFromUUID(Verification::getUserUUID($code)), UserColumns::ACCOUNT_TOKEN, false);
+                if ($token != null && $token != '') {
+                    setcookie('user_token', $token, time() + 3600, '/');
+                    User::updateInfo(User::getTokenFromUUID(Verification::getUserUUID($code)), UserColumns::VERIFIED, 'true', false);
+                    Verification::delete($code);
+                    die(header('location: /'));
+                } else {
+                    $appInstance->BadRequest('Bad Request', ['error_code' => 'INVALID_USER','email_code' => $code]);
+                }
+            } else {
+                $appInstance->BadRequest('Bad Request', ['error_code' => 'INVALID_USER','email_code' => $code]);
+            }
+        } else {
+            $appInstance->BadRequest('Bad Request', ['error_code' => 'INVALID_CODE', 'email_code' => $code]);
+        }
+    } else {
+        $appInstance->BadRequest('Bad Request', ['error_code' => 'MISSING_CODE']);
+    }
+});
diff --git a/backend/app/Api/User/Session.php b/backend/app/Api/User/Session.php
@@ -36,14 +36,42 @@
 use MythicalClient\Chat\Session;
 use MythicalClient\Chat\columns\UserColumns;
 
-$router->post('/api/user/session', function (): void {
+$router->post('/api/user/session/info/update', function (): void {
     App::init();
     $appInstance = App::getInstance(true);
     $config = $appInstance->getConfig();
 
     $appInstance->allowOnlyPOST();
     $session = new Session($appInstance);
 
+    try {
+        if (!isset($_POST['first_name']) && $_POST['first_name'] == '') {
+            $appInstance->BadRequest('First name is missing!', ['error_code' => 'FIRST_NAME_MISSING']);
+        }
+        if (!isset($_POST['last_name']) && $_POST['last_name'] == '') {
+            $appInstance->BadRequest('Last name is missing!', ['error_code' => 'LAST_NAME_MISSING']);
+        }
+        if (!isset($_POST['email']) && $_POST['email'] == '') {
+            $appInstance->BadRequest('Email is missing!', ['error_code' => 'EMAIL_MISSING']);
+        }
+        if (!isset($_POST['avatar']) && $_POST['avatar'] == '') {
+            $appInstance->BadRequest('Avatar is missing!', ['error_code' => 'AVATAR_MISSING']);
+        }
+        if (!isset($_POST['background']) && $_POST['background'] == '') {
+            $appInstance->BadRequest('Background is missing!', ['error_code' => 'BACKGROUND_MISSING']);
+        }
+
+        $session->setInfo(UserColumns::FIRST_NAME, $_POST['first_name'],true);
+        $session->setInfo(UserColumns::LAST_NAME, $_POST['last_name'],true);
+        $session->setInfo(UserColumns::EMAIL, $_POST['email'],false);
+        $session->setInfo(UserColumns::AVATAR, $_POST['avatar'],false);
+        $session->setInfo(UserColumns::BACKGROUND,$_POST['background'],false);
+
+        $appInstance->OK('User info updated successfully!', []);
+    } catch (Exception $e) {
+        $appInstance->getLogger()->error('Failed to update user info! ' . $e->getMessage());
+        $appInstance->BadRequest('Bad Request', ['error_code' => 'DB_ERROR', 'error' => $e->getMessage()]);
+    }
 });
 
 $router->post('/api/user/session/billing/update', function (): void {
@@ -113,7 +141,11 @@
     $config = $appInstance->getConfig();
 
     $appInstance->allowOnlyGET();
+
     $session = new Session($appInstance);
+    if (isset($_GET['ip']) && $_GET['ip'] != '') {
+        $session->setInfo(UserColumns::LAST_IP, $_GET['ip'], false);   
+    }
     $accountToken = $session->SESSION_KEY;
     try {
         $billing = Billing::getBillingData(User::getInfo($accountToken, UserColumns::UUID, false));
@@ -136,7 +168,7 @@
                 'deleted' => User::getInfo($accountToken, UserColumns::DELETED, false),
                 'last_seen' => User::getInfo($accountToken, UserColumns::LAST_SEEN, false),
                 'first_seen' => User::getInfo($accountToken, UserColumns::FIRST_SEEN, false),
-                'background' => User::getInfo($accountToken, UserColumns::BACKGROUND, true),
+                'background' => User::getInfo($accountToken, UserColumns::BACKGROUND, false),
                 'role_name' => Roles::getUserRoleName(User::getInfo($accountToken, UserColumns::UUID, false)),
                 'role_real_name' => Roles::getUserRoleName(User::getInfo($accountToken, UserColumns::UUID, false)),
             ],

diff --git a/backend/app/App.php b/backend/app/App.php
@@ -103,9 +103,7 @@ public function __construct(bool $softBoot)
         } catch (\Exception $e) {
             self::init();
             self::InternalServerError($e->getMessage(), null);
-
         }
-
     }
 
     /**
@@ -258,4 +256,12 @@ public function decrypt(string $data): string
     {
         return XChaCha20::decrypt($data, $_ENV['DATABASE_ENCRYPTION_KEY'], true);
     }
+
+    public function generateCode() : string {
+        $code = base64_encode(random_bytes(64));
+        $code = str_replace('=', '', $code);
+        $code = str_replace('+','', $code);
+        $code = str_replace('/','', $code);
+        return $code;
+    }
 }
diff --git a/backend/app/Chat/Session.php b/backend/app/Chat/Session.php
@@ -33,6 +33,8 @@
 
 use MythicalClient\App;
 use MythicalClient\Chat\columns\UserColumns;
+use MythicalClient\CloudFlare\CloudFlareRealIP;
+use MythicalSystems\CloudFlare\CloudFlare;
 
 class Session extends Database
 {
@@ -44,6 +46,9 @@ public function __construct(App $app)
         if (isset($_COOKIE['user_token']) && !$_COOKIE['user_token'] == '') {
             if (User::exists(UserColumns::ACCOUNT_TOKEN, $_COOKIE['user_token'])) {
                 try {
+                    header("Access-Control-Allow-Origin: *");
+                    header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
+                    header("Access-Control-Allow-Headers: Content-Type, Authorization");
                     $this->app = $app;
                     $this->SESSION_KEY = $_COOKIE['user_token'];
                     $this->updateLastSeen();
@@ -84,7 +89,10 @@ public function updateLastSeen(): void
     {
         try {
             $con = self::getPdoConnection();
+            $ip = CloudFlareRealIP::getRealIP();
+            $this->app->getLogger()->info('Updating last seen for ' . $this->SESSION_KEY . ' with IP: ' . $ip);
             $con->exec('UPDATE ' . User::TABLE_NAME . ' SET last_seen = NOW() WHERE token = "' . $this->SESSION_KEY . '";');
+            $con->exec('UPDATE ' . User::TABLE_NAME . ' SET last_ip = "'.$ip.'" WHERE token = "' . $this->SESSION_KEY . '";');
         } catch (\Exception $e) {
             $this->app->getLogger()->error('Failed to update last seen: ' . $e->getMessage());
         }

diff --git a/backend/app/Chat/User.php b/backend/app/Chat/User.php
@@ -121,7 +121,7 @@ public static function register(string $username, string $password, string $emai
              */
             if (Mail::isEnabled()) {
                 try {
-                    $verify_token = base64_encode(random_bytes(16));
+                    $verify_token = App::getInstance(true)->generateCode();
                     Verification::add($verify_token, $uuid, EmailVerificationColumns::$type_verify);
                     Verify::sendMail($uuid, $verify_token);
                 } catch (\Exception $e) {
@@ -170,7 +170,7 @@ public static function forgotPassword(string $email): bool
             if ($user) {
                 if (Mail::isEnabled()) {
                     try {
-                        $verify_token = base64_encode(random_bytes(16));
+                        $verify_token = $verify_token = App::getInstance(true)->generateCode();
                         Verification::add($verify_token, $user['uuid'], EmailVerificationColumns::$type_password);
                         ResetPassword::sendMail($user['uuid'], $verify_token);
                     } catch (\Exception $e) {

diff --git a/backend/app/CloudFlare/CloudFlareRealIP.php b/backend/app/CloudFlare/CloudFlareRealIP.php
@@ -0,0 +1,15 @@
+<?php
+
+namespace MythicalClient\CloudFlare;
+
+class CloudFlareRealIP {
+    public static function getRealIP() {
+        if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+            return $_SERVER['HTTP_CF_CONNECTING_IP'];
+        } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+            return $_SERVER['HTTP_X_FORWARDED_FOR'];
+        } else {
+            return $_SERVER['REMOTE_ADDR'];
+        }
+    }
+}
diff --git a/backend/app/Mail/Mail.php b/backend/app/Mail/Mail.php
@@ -31,6 +31,7 @@
 
 namespace MythicalClient\Mail;
 
+use MythicalClient\App;
 use MythicalClient\Chat\Database;
 use MythicalClient\Config\ConfigFactory;
 use MythicalClient\Config\ConfigInterface;
@@ -48,7 +49,11 @@ class Mail
     public static function send(string $to, string $subject, string $message): void
     {
         // TODO: Add more drivers
-        SMTPServer::send($to, $subject, $message);
+        try {
+            SMTPServer::send($to, $subject, $message);
+        } catch (\Exception $e) {
+            App::getInstance(true)->getLogger()->error('(' . APP_SOURCECODE_DIR . '/Mail/Mail.php) [send] Failed to send email: ' . $e->getMessage());
+        }
     }
 
     /**