added jwt, sqlite, build sh

2025-11-27 20:45:50 +01:00
parent 6c6dfade42
commit 09539a9cd0
11 changed files with 278 additions and 115 deletions
--- a/app/build
+++ b/app/build
@@ -0,0 +1,6 @@
 #!/bin/bash
 cd src
 v install fleximus.argon2
 v install thomaspeissl.dotenv
 v -prod -cflags "-static" -os linux -o ../../build/app/cdn .
--- a/app/src/crypto/crypto.v
+++ b/app/src/crypto/crypto.v
@@ -0,0 +1,16 @@
 module crypto
 import rand
 import fleximus.argon2
 pub struct Crypto {}
 pub fn Crypto.hash_password(password string) !string {
 	salt := rand.bytes(16) or { return error('failed to generate salt: ${err}') }
 	hash := argon2.hash(password.bytes(), salt) or { return error('argon2 hash failed: ${err}') }
 	return hash
 }
 pub fn Crypto.hash_verify(password string, hash string) !bool {
 	return argon2.verify(hash, password.bytes()) or { return error('argon2 verify failed: ${err}') }
 }
--- a/app/src/database/db.v
+++ b/app/src/database/db.v
@@ -1,22 +1,14 @@
 module database
 import os
-import rand
+import orm
 import util
-// import db.mysql
+import db.sqlite
 // import db.redis
 import fleximus.argon2
-pub struct Crypto {}
+pub struct Database {
-
+	cfg util.Config
-pub fn Crypto.hash_password(password string) !string {
+mut:
-	salt := rand.bytes(16) or { return error('failed to generate salt: ${err}') }
+	conn sqlite.DB
 	hash := argon2.hash(password.bytes(), salt) or { return error('argon2 hash failed: ${err}') }
 	return hash
 }
 pub fn Crypto.hash_verify(password string, hash string) !bool {
 	return argon2.verify(hash, password.bytes()) or { return error('argon2 verify failed: ${err}') }
 }
 pub fn get_dummy_exclusion_list(exe string, root string) []string {
@@ -26,42 +18,48 @@ pub fn get_dummy_exclusion_list(exe string, root string) []string {
 	]
 }
-// struct Database {
+fn Database.get_connection(cfg util.Config) !sqlite.DB {
-// mut:
+	conn := sqlite.connect(cfg.database)!
 // 	conn mysql.DB
 // }
 //
 // pub fn get_connection(cfg util.Config) !&Database {
 // 	// connection := mysql.connect(mysql.Config{
 // 	// 	host:     cfg.database.host
 // 	// 	// port:     u32(cfg.database.port)
 // 	// 	dbname:   'CDN_DATABASE'
 // 	// 	username: cfg.database.username
 // 	// 	password: cfg.database.password
 // 	// })!
 //
 // 	//return &Database{ conn: connection }
 // 	return &Database{}
 // }
 //
 // pub fn (mut db Database) query[T](query_fn fn(conn &mysql.Connection) ![]T) ![]T {
 // 	result := query_fn(db.conn) or {
 // 		// Connection died, reconnect
 // 		db.conn = mysql.connect(db.config)!
 // 		return query_fn(db.conn)!
 // 	}
 // 	return result
 // }
 //
 // pub fn Database.test() {}
-// pub fn test() ! {
+	if cfg.debug {
-// 	mut r := redis.connect(redis.Config{
+		conn.synchronization_mode(.off)!
-// 		host:     'vpn.security-command.org'
+		conn.journal_mode(.memory)!
-// 		port:     6767
+	}
-// 		password: 'SuperSecretPassword123'
+
-// 	})!
+	sql conn {
-//
+		create table Users
-// 	pong := r.ping() or { panic(err) }
+		create table Files
-// 	println(pong)
+		create table Logins
-// }
+	}!
 	return conn
 }
 pub fn Database.get_database(cfg util.Config) !&Database {
 	return &Database{
 		cfg:  cfg
 		conn: Database.get_connection(cfg)!
 	}
 }
 pub fn (mut db Database) query[T](statement orm.QueryBuilder[T]) ![]T {
 	if !db.conn.validate() or { false } {
 		db.conn = Database.get_connection(db.cfg)!
 	}
 	return statement.query()!
 }
 pub fn test(cfg util.Config) !bool {
 	mut db := Database.get_database(cfg)!
 	db.conn.validate()!
 	db.conn.close()!
 	mut qb := orm.new_query[Users](db.conn)
 	result := db.query[Users](qb)!
 	println(result.str())
 	return true
 }
--- a/app/src/database/tables.v
+++ b/app/src/database/tables.v
@@ -1,23 +1,24 @@
 module database
-//
+import time
-// @[table: 'users']
+
-// struct Users {
+@[table: 'users']
-// 	id            int    @[primary; serial]
+struct Users {
-// 	name          string @[nonnull; unique]
+	id       int    @[primary; serial]
-// 	password_hash string @[nonnull]
+	username string @[nonnull; unique]
-// }
+	password string @[nonnull]
-//
+}
-// @[table: 'login_attempts']
+
-// struct Logins {
+@[table: 'login_attempts']
-// 	ip           string @[primary]
+struct Logins {
-// 	attempts     int    @[nonnull]
+	ip           string    @[primary]
-// 	attempt_time string @[default: 'CURRENT_TIMESTAMP'; nonnull]
+	attempts     int       @[nonnull]
-// }
+	attempt_time time.Time @[nonnull]
-//
+}
-// @[table: 'files']
+
-// struct Files {
+@[table: 'files']
-// 	id      int    @[primary; serial]
+struct Files {
-// 	path    string @[nonnull; unique]
+	id      int    @[primary; serial]
-// 	visible bool   @[default: false; nonnull]
+	path    string @[nonnull; unique]
-// }
+	visible bool   @[default: false; nonnull]
 }
--- a/app/src/jwt/algoritm.v
+++ b/app/src/jwt/algoritm.v
@@ -0,0 +1,19 @@
 module jwt
 pub interface Algorithm {
 	name string
 	sign(contents string, secretOrKey string) !string
 	verify(token string, secretOrKey string) !Token
 }
 pub enum AlgorithmType {
 	hs256
 }
 pub fn new_algorithm(algorithmType AlgorithmType) Algorithm {
 	match algorithmType {
 		.hs256 {
 			return HS256{}
 		}
 	}
 }
--- a/app/src/jwt/hs256.v
+++ b/app/src/jwt/hs256.v
@@ -0,0 +1,34 @@
 module jwt
 import crypto.hmac
 import crypto.sha256
 import encoding.base64
 pub struct HS256 {
 pub:
 	name string = 'HS256'
 }
 pub fn (algorithm HS256) sign(content string, secret string) !string {
 	signature := base64.url_encode(hmac.new(secret.bytes(), content.bytes(), sha256.sum,
 		sha256.block_size))
 	return signature
 }
 pub fn (algorithm HS256) verify(token_raw string, secret string) !Token {
 	token := parse_token(token_raw)!
 	parts := token_raw.split('.')
 	header := parts[0]
 	claims := parts[1]
 	signed := algorithm.sign('${header}.${claims}', secret)!
 	if signed != token.signature {
 		return error('Invalid token')
 	}
 	if token.is_expired() {
 		return error('Token already expired')
 	}
 	return token
 }
--- a/app/src/jwt/jwt.v
+++ b/app/src/jwt/jwt.v
@@ -0,0 +1,45 @@
 module jwt
 import json
 import time
 import x.json2
 import encoding.base64
 pub fn encode[T](claims T, algorithm Algorithm, secretOrKey string, exp int) !string {
 	header := new_header(algorithm)
 	header_b64 := base64.url_encode(json.encode(header).bytes())
 	mut claims_final := json2.raw_decode(json.encode(claims))!.as_map()
 	if exp != 0 {
 		claims_final["exp"] = time.now().unix_time() + exp
 	}
 	claims_b64 := base64.url_encode(claims_final.str().bytes())
 	contents := '${header_b64}.${claims_b64}'
 	signature := algorithm.sign(contents, secretOrKey)!
 	return '${contents}.${signature}'
 }
 pub fn verify[T](token string, algorithm Algorithm, secretOrKey string) !T {
 	return algorithm.verify(token, secretOrKey)!.parse_claims<T>()
 }
 pub fn create_jwt(user_id int) string {
 	alg := new_algorithm(jwt.AlgorithmType.hs256)
 	token := jwt.encode({ 'id': user_id }, alg, secret_key, 7 * 24 * 60 * 60 * 1000) or {
 		error('JWT encode error: $err')
 	}
 	return token
 }
 pub fn verify_jwt(token string) !int {
 	alg := jwt.new_algorithm(jwt.AlgorithmType.hs256)
 	claims := jwt.verify[token](token, alg, secret_key) or {
 		return error('Invalid token: $err')
 	}
 	return claims['id'].int() or { return error('ID not found in token') }
 }
--- a/app/src/jwt/structs.v
+++ b/app/src/jwt/structs.v
@@ -0,0 +1,65 @@
 module jwt
 import json
 import time
 import x.json2
 import encoding.base64
 pub struct JWTHeader {
 pub:
 	alg string
 	typ string = 'JWT'
 }
 fn new_header(algorithm Algorithm) JWTHeader {
 	return JWTHeader{
 		alg: algorithm.name.str().to_upper()
 	}
 }
 struct Token {
 pub:
 	header     JWTHeader
 	claims     string
 	signature  string
 	expiration int
 }
 pub fn (t Token) parse_claims[T]() !T {
 	return json.decode(T, t.claims)
 }
 pub fn (t Token) is_expired() bool {
 	return t.expiration == -1 || time.unix(t.expiration) < time.now()
 }
 pub fn parse_token(token_raw string) !Token {
 	parts := token_raw.split('.')
 	if parts.len != 3 {
 		return error('Invalid token')
 	}
 	header_raw := if parts[0].len % 4 == 0 { parts[0] } else { parts[0] + '==' }
 	claims_raw := if parts[1].len % 4 == 0 { parts[1] } else { parts[1] + '==' }
 	decoded_header := base64.decode_str(header_raw)
 	decoded_claims := base64.decode_str(claims_raw)
 	claims := json2.raw_decode(decoded_claims)!.as_map()
 	mut expiration_given := true
 	expiration_unix := claims['exp'] or {
 		expiration_given = false
 		json2.Null{}
 	}
 	token := Token{
 		header:     json.decode(JWTHeader, decoded_header)!
 		claims:     decoded_claims
 		signature:  parts[2]
 		expiration: if expiration_given { expiration_unix.int() } else { -1 }
 	}
 	return token
 }
--- a/app/src/main.v
+++ b/app/src/main.v
@@ -40,8 +40,8 @@ pub:
@['/:path...']
 pub fn (app &App) root(mut ctx Context, path string) veb.Result {
-	abs_root := util.Utility.normalize_path(os.abs_path(app.cfg.root))
+	abs_root := util.Utility.normalize_path(os.real_path(app.cfg.root))
-	abs_path := util.Utility.normalize_path(abs_root + os.abs_path(path))
+	abs_path := util.Utility.normalize_path(os.real_path(os.join_path(abs_root, path)))
 	if !abs_path.starts_with(abs_root) && abs_path != abs_root {
 		return ctx.forbidden()
@@ -113,51 +113,35 @@ pub fn (mut ctx Context) server_error(msg string) veb.Result {
 fn populate() (&util.Config, &util.Embedded) {
 	dotenv.load()
 	dotenv.require('CDN_DB_HOST', 'CDN_DB_PORT')
 	executable := os.executable()
 	def_root := os.dir(executable)
 	def_port := int($d('port', 6767))
-	def_user := $d('username', 'cdn')
+	def_sqlt := $d('database', 'cdn_web.db')
-	def_pass := $d('password', 'totallySafeCdnDatabasePassword1235')
+	def_jwt := $d('jwt', 'supersecurejwttokenkey')
 	// vfmt off
 	return &util.Config{
 		exe:      util.Utility.normalize_path(executable)
-		root:     util.Utility.normalize_path(if os.getenv('CDN_ROOT') != '' {
+		root:     util.Utility.normalize_path(if os.getenv('CDN_ROOT') != '' { util.Utility.resolve_path(def_root, os.getenv('CDN_ROOT').str()) } else { def_root })
 			util.Utility.resolve_path(def_root, os.getenv('CDN_ROOT').str())
 		} else {
 			def_root
 		})
 		port:     if os.getenv('CDN_PORT')    != '' { os.getenv('CDN_PORT').int()    } else { def_port }
-		database: &util.Database{
+		jwt_key:  if os.getenv('CDN_JWT_KEY') != '' { os.getenv('CDN_JWT_KEY').str() } else { def_jwt  }
-			host:     os.getenv('CDN_DB_HOST').str()
+		database: if os.getenv('CDN_SQL_DSN') != '' { os.getenv('CDN_SQL_DSN').str() } else { def_sqlt }
 			port:     os.getenv('CDN_DB_PORT').int()
 			username: if os.getenv('CDN_DB_USERNAME') != '' {
 				os.getenv('CDN_DB_USERNAME').str()
 			} else {
 				def_user
 			}
 			password: if os.getenv('CDN_DB_PASSWORD') != '' {
 				os.getenv('CDN_DB_PASSWORD').str()
 			} else {
 				def_pass
 			}
 		}
 	}, &util.Embedded{
 		style_css: $embed_file('template/assets/style.css', .zlib).to_string()
 		error_css: $embed_file('template/assets/error.css', .zlib).to_string()
 	}
 	// vfmt on
 }
 fn main() {
 	// vfmt off
 	cfg, mut embed := populate()
-	mut app := &App{
+	mut app := &App{ cfg: cfg, embed: embed }
-		cfg:   cfg
+	mut auth := &Auth{ app: &app }
-		embed: embed
+	// vfmt on
-	}
+
-	mut auth := &Auth{
+	database.test(cfg)!
 		app: &app
 	}
 	app.register_controller[Auth, Context]('/auth', mut auth)!
--- a/app/src/util/http.v
+++ b/app/src/util/http.v
@@ -0,0 +1 @@
 module util
--- a/app/src/util/structs.v
+++ b/app/src/util/structs.v
@@ -5,20 +5,14 @@ import os
 import time
 import encoding.base64
 pub struct Database {
 pub:
 	host     string
 	port     int
 	username string
 	password string
 }
 pub struct Config {
 pub:
 	exe      string
 	root     string
 	port     int
-	database Database
+	debug    bool
 	jwt_key  string
 	database string
 }
 pub struct Embedded {
@@ -159,7 +153,7 @@ pub fn Utility.list_files(dir_path string, relative string, exclude []string) ![
 }
 pub fn Utility.normalize_path(path string) string {
-	return path.replace('\\', '/')
+	return path.replace('\\', '/').replace('//', '/')
 }
 pub struct HtmlBuilder {}