amelia/kanna
2
2
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

updated security

Browse source
This commit is contained in:
grant-kun 2022-10-07 13:44:38 -05:00
parent 91d052a46a
commit 8a8992451a
8 changed files with 169 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -4,4 +4,4 @@ node_modules/
certs/
/pass.json
json/user.json

27
html/index.html
View file

@ -96,6 +96,28 @@
return (promise)
}
let pub = ''
function setCookie(name, value, days) {
var expires = "";
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + (value || "") + expires + "; path=/";
}
function getCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[i];
while (c.charAt(0) == ' ') c = c.substring(1, c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
}
return null;
}
function eraseCookie(name) {
document.cookie = name + '=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
function submit() {
//{body:{json:boolean,enc:boolean,data:string,sid:keyof keyring}}
var xhr = new XMLHttpRequest();
@ -107,6 +129,11 @@
if (JSON.parse(xhr.responseText).html) {
document.body.innerHTML = dec
}
if (JSON.parse(xhr.responseText).json && JSON.parse(xhr.responseText).type == 'key') {
let decc = new TextDecoder().decode(dec)
//console.log(JSON.parse(decc))
setCookie('login_key', JSON.parse(decc).login_key, 7)
}
}
}
let user = document.getElementById('user').value

47
html/mail.html
View file

@ -3,12 +3,45 @@
<head>
<title>mail</title>
<script src="/src/bundle.js"></script>
<style>
.split {
height: 100%;
width: 50%;
position: fixed;
z-index: 1;
top: 0;
overflow-x: hidden;
padding-top: 20px;
}
</style>
</head>
<body onload="load()">
<script>
const sid = makeid(20)
window.sid = sid
function setCookie(name, value, days) {
var expires = "";
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + (value || "") + expires + "; path=/";
}
function getCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[i];
while (c.charAt(0) == ' ') c = c.substring(1, c.length);
if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
}
return null;
}
function eraseCookie(name) {
document.cookie = name + '=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';
}
function makeid(length) {
var result = '';
var characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
@ -63,13 +96,18 @@
let emails = []
function update() {
//console.log('hi')
sendenc('/get', { 'user': 'root', 'pass': 'password' }).then(res => {
sendenc('/get', { 'user': 'root', 'pass': 'password', 'requested': 0, 'login_key': getCookie('login_key') }).then(res => {
res = JSON.parse(res)
console.log('parsed')
emails = res.reverse()
})
}
let mypriv, mypub, pub, kekw
let preview = -1
async function lm(index) {
console.log()
document.getElementById('view').innerHTML = emails[index]['body[1]']
}
async function load() {
kekw = await nodersa({ b: 512 })
@ -87,7 +125,7 @@
c = '#395B64'
}
evo = !evo
ret += '<div style="color:#A5C9CA;border-radius:10px;max-width:50%;min-width:400px;padding:20px;background-color:' + c + ';">'
ret += '<div onclick="lm(' + emails.indexOf(email) + ')" style="color:#A5C9CA;border-radius:10px;max-width:40%;min-width:400px;padding:20px;background-color:' + c + ';">'
ret += '<tt><b><font size="4">sub:' + email.envelope.subject + '</font></b></br>frm:' + email.envelope.from[0].address + '</br><sub style="color:#E7F6F2;">' + email.envelope.date + '</sub></tt></br></div><div style="height:2px;"></div>'
}
@ -97,6 +135,11 @@
//<button onclick="update()">update mail</button>
</script>
<div id="emails"></div>
<div id="box" class="split" style="background-color:red;right:0;margin:40px;">
<div id="view">
fneoutvbnoruitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>uitnvorntvo</br>
</div>
</div>
</body>

91
index.ts
View file

@ -1,4 +1,4 @@
import { readFileSync } from "fs"
import { readFileSync, writeFileSync } from "fs"
var privateKey = readFileSync('certs/selfsigned.key', 'utf8');
var certificate = readFileSync('certs/selfsigned.crt', 'utf8');
var http = require('http');
@ -12,10 +12,35 @@ app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
const NodeRSA = require('node-rsa');
var ip = require("ip")
var crypt = require('crypto');
const IV = "5183666c72eec9e4"; //!not really sure what this is lol
//TODO: learn what IV is
var encrypt = ((val:any,ENC_KEY:any) => {
let cipher = crypt.createCipheriv('aes-256-cbc', ENC_KEY, IV);
let encrypted = cipher.update(val, 'utf8', 'base64');
encrypted += cipher.final('base64');
return encrypted;
});
var decrypt = ((encrypted:any,ENC_KEY:any) => {
try{
let decipher = crypt.createDecipheriv('aes-256-cbc', ENC_KEY, IV);
let decrypted = decipher.update(encrypted, 'base64', 'utf8');
return (decrypted + decipher.final('utf8'));
} catch(err){
return('false')
}
});
//
function log(m:any){
var date = new Date;
console.log('['+date.getHours()+':'+date.getMinutes()+':'+date.getSeconds()+'] ' + m.toString())
}
function d(){
var date = new Date;
return(date.getHours()+''+date.getMinutes()+''+date.getSeconds())
}
interface keyring{
[sid: string]: {
mypub:string,
@ -26,24 +51,37 @@ interface keyring{
let keyring = {} as keyring
let key:any;
var ImapClient = require('emailjs-imap-client').default
let pass = JSON.parse(readFileSync('pass.json').toString()).pass
//let pass = JSON.parse(readFileSync('pass.json').toString()).pass
app.post('/mail/get',(req:any,res:any)=>{
var client = new ImapClient('disroot.org', 993, {
const key = new NodeRSA({b: 1024})
key.importKey(keyring[req.body.sid].mypriv,'pkcs1-private')
let dec:any = JSON.parse((atob(key.decrypt(req.body.data,'base64','base64'))))
//console.log(key)
//console.log(dec.data.login_key)
let users = JSON.parse(readFileSync('json/user.json').toString())
let logkey,mail
for(let user of users){
//console.log(user,dec)
if(user.name==dec.data.user){
logkey = (decrypt(user.login_key,dec.data.login_key))
mail =JSON.parse(decrypt(user.mail,logkey)).emails[parseInt(dec.data.requested)]
}
}
//console.log(JSON.parse(decrypt(users[0].mail,logkey)).emails)
var client = new ImapClient(mail.host, parseInt(mail.port), {
auth: {
user: 'grantsquires',
pass: pass
user: mail.address,
pass: mail.creds
}
});
client.connect().then(()=>{
//['uid', 'flags','envelope'] for just header stuff
//['uid', 'flags','envelope','body']
//body 0 is plani, 1 is html
client.listMessages('INBOX', '1:*', ['uid', 'flags','envelope','bodystructure'/*,'body[1]'*/]).then((messages:any) => {
//console.log(messages[2]['body[]'])
client.listMessages('INBOX', '1:*', ['uid', 'flags','envelope','bodystructure','body[1]' ]).then((messages:any) => {
const skey = new NodeRSA()
console.log(keyring[req.body.sid])
//res.send(JSON.stringify({'data':'hello'}))
skey.importKey(keyring[req.body.sid].theirpub,'pkcs8-public')
res.send(JSON.stringify({data:skey.encrypt(JSON.stringify(messages),'base64'),enc:true,html:true}))
client.close()
@ -58,10 +96,13 @@ app.get('/mail', (req:any, res:any) => {
var httpServer = http.createServer(app);
var credentials = {key: privateKey, cert: certificate};
var httpsServer = https.createServer(credentials, app);
httpServer.listen(80,'0.0.0.0', () => {
app.listen(8080,()=>{
log(`kanna is local http://${ip.address()}:8080`)
})
httpServer.listen(80, () => {
log(`kanna is on http://${ip.address()} click on me click on me! :3`)
})
httpsServer.listen(443,'0.0.0.0', () => {
httpsServer.listen(443, () => {
log(`kanna is secure now too!! https://${ip.address()}`)
})
//end
@ -89,7 +130,7 @@ app.post('/pub.key', async (req:{body:{json:boolean,sid:keyof keyring,pub:string
mypub:key.exportKey('pkcs8-public'),
theirpub:req.body.pub}
res.send(key.exportKey('pkcs8-public'))
console.log(keyring)
//console.log(keyring)
}
})
@ -102,12 +143,34 @@ app.post('/login/submit', async (req:{body:{json:boolean,enc:boolean,data:string
let users = JSON.parse(readFileSync('json/user.json').toString())
for(let user of users){
let use=user as typeof users
if(user.name==dec.user&&user.pass==dec.pass){
let hash = crypt.createHash('md5').update(dec.pass).digest('hex');
if(user.name==dec.user&&hash==decrypt(user.hash,hash)){
const skey = new NodeRSA()
skey.importKey(keyring[req.body.sid].theirpub,'pkcs8-public')
res.send(JSON.stringify({data:skey.encrypt('<h1>hello!</h1>','base64'),enc:true,html:true}))
let logkey = crypt.createHash('md5').update(crypt.randomBytes(64).toString('hex')).digest('hex')
res.send(JSON.stringify({data:skey.encrypt(JSON.stringify({login_key:logkey}),'base64'),enc:true,html:false,json:true,type:'key'}))
users[users.indexOf(user)].login_key = encrypt(hash,logkey)
console.log(users[users.indexOf(user)].login_key,logkey,hash)
//console.log(users)
writeFileSync('./json/user.json',JSON.stringify(users))
}
}
})
/*let l = (encrypt(JSON.stringify({
'emails':[{
'address':'grantsquires@disroot.org',
'host':'disroot.org',
'port':'993',
'creds':pass,
'salt':crypt.randomBytes(64).toString('hex')
}], //how much salt do you want? 'all of it'
'salt':[
d(),crypt.randomBytes(64).toString('hex'),crypt.randomBytes(64).toString('base64'),d()
],
'storage':'./storage/'+user.name,
}),hash))
*/

11
json/user.example.json Normal file
View file

@ -0,0 +1,11 @@
[
{
"name": "root",
"hash": "OTVYg/fHYeVbtyrusPl8fV+zQcp1ImjzbP+3Cy+3lk14fl2icYhzlULKtbTpOx4E",
"sudo": true,
"last_login": "",
"alias": "root",
"login_key": "",
"mail": ""
}
]

9
json/user.json
View file

@ -1,8 +1 @@
[{
"name":"root",
"pass":"password",
"sudo":true,
"last_login":"",
"alias":"root",
"login_key":""
}]
[{"name":"root","hash":"OTVYg/fHYeVbtyrusPl8fV+zQcp1ImjzbP+3Cy+3lk14fl2icYhzlULKtbTpOx4E","sudo":true,"last_login":"","alias":"root","login_key":"Q67f8ylkefiCao2ykXV/wDJvgeNLuVK+7FzRdiWK/Ap4gPZzV8L3hndX3PgU3YeW","mail":"X2vLkGESm6Q8owhEH5RR99g9Fb5ukZ5f0+ZbjF/oFLhF+uoAnRRjXxrzUYwFR8b688xG2zKWUx30xEoRkvB24HkDLXf6BW3kB+dWtIltdROnyNlZIyZIfPaZJ6z+XNz53xPFj6MwIwfbexQFLVz8sVzdRaKr27qvYQrI+ubrwK8nRvrErbTTMzjjsVwiqvvNWGs5L4i8VThvQ9iyVfH+ZLpeabd/CfesbntqWtzt86dBU5Z7ZS2Is5klHqnjk1zUUTXEfegqsQYXFXkb0EykfP1adfLrxmd5s/4QIGIRDBPIGYAqzSvXC1wyRkDKZwL/qmde/0rSqeSZej1JazAYQXwLxez/c80buTHaJGvlGT8dt3IpSYHGBbKG8SYAixqSChiJOodT1hcc00YVLWu+pFSWsCgCBkTjteVbI0OEOQG4O9hr+7ccTA465TYpsFRoN1WyB+s5psTADmYahuFV+OIq6etCNh4qi/Y7cN9rk3sbBZeLQr7LrROXwpeAx7aUiT/m7O1yjuNgsdjYexk/6tr54qLmE8H1+qFPq3kj4j0VjKiC+8SLaW7QkCjnra7ZXuFlYmZ8+uH0cSZLz4/Ok79gaXIeYhfqMl4J8fSElMnLurbF22fVE2NcVUyL1H6ixwpcJJ/qXrCxchBR9OdjfVhbrhD9bwbJ5jE1di9mz0grwa28E9hiKN4Wbw2QPQmU"}]

6
package.json
View file

@ -18,11 +18,15 @@
},
"homepage": "https://github.com/squiresgrant/kanna-site#readme",
"dependencies": {
"bcrypt": "^5.1.0",
"bcryptjs": "^2.4.3",
"body-parser": "^1.20.0",
"express": "^4.18.1",
"fs": "^0.0.1-security",
"ip": "^1.1.8",
"node-rsa": "^1.1.1"
"md5": "^2.3.0",
"node-rsa": "^1.1.1",
"openpgp": "^5.5.0"
},
"devDependencies": {
"emailjs-imap-client": "^3.1.0"

2
readme.md
View file

@ -29,3 +29,5 @@ visit the [main git](https://git.disroot.org/grantsquires/kanna-site) or the [gi
- [ ] learning how mail works
- [ ] imap cli
FeMail (iron mail)