Overlord/Vile-Browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Overlord:e0298c993423ecb9b889196ea85b4cabc5b8d9d3
Branches Tags
Overlord:master
...
compare: Overlord:58849118d8a239466fcfdcc619191b5e5999afbc
Branches Tags
Overlord:master

3 Commits
e0298c9934 ... 58849118d8

Author SHA1 Message Date
Overlord
58849118d8 eod commit 2025-11-27 22:11:13 +01:00
Overlord
09539a9cd0 added jwt, sqlite, build sh 2025-11-27 20:45:50 +01:00
Overlord
6c6dfade42 updated .gitignore 2025-11-27 17:31:00 +01:00
12 changed files with 366 additions and 132 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -16,6 +16,7 @@ main
*.zst *.zst
*.gzip *.gzip
*.env *.env
*.db
bin/ bin/

6
app/build Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
cd src
v install fleximus.argon2
v install thomaspeissl.dotenv
v -prod -cflags "-static" -os linux -o ../../build/app/cdn .

16
app/src/crypto/crypto.v Normal file
View File

@@ -0,0 +1,16 @@
module crypto
import rand
import fleximus.argon2
pub struct Crypto {}
pub fn Crypto.hash_password(password string) !string {
salt := rand.bytes(16) or { return error('failed to generate salt: ${err}') }
hash := argon2.hash(password.bytes(), salt) or { return error('argon2 hash failed: ${err}') }
return hash
}
pub fn Crypto.hash_verify(password string, hash string) !bool {
return argon2.verify(hash, password.bytes()) or { return error('argon2 verify failed: ${err}') }
}

106
app/src/database/db.v
View File

@@ -1,22 +1,14 @@
module database module database
import os import os
import rand import orm
import util import util
// import db.mysql import db.sqlite
// import db.redis
import fleximus.argon2
pub struct Crypto {} pub struct Database {
cfg util.Config
pub fn Crypto.hash_password(password string) !string { mut:
salt := rand.bytes(16) or { return error('failed to generate salt: ${err}') } conn sqlite.DB
hash := argon2.hash(password.bytes(), salt) or { return error('argon2 hash failed: ${err}') }
return hash
}
pub fn Crypto.hash_verify(password string, hash string) !bool {
return argon2.verify(hash, password.bytes()) or { return error('argon2 verify failed: ${err}') }
} }
pub fn get_dummy_exclusion_list(exe string, root string) []string { pub fn get_dummy_exclusion_list(exe string, root string) []string {
@@ -26,42 +18,52 @@ pub fn get_dummy_exclusion_list(exe string, root string) []string {
] ]
} }
// struct Database { fn get_connection(cfg util.Config) !sqlite.DB {
// mut: conn := sqlite.connect(cfg.database)!
// conn mysql.DB
// }
//
// pub fn get_connection(cfg util.Config) !&Database {
// // connection := mysql.connect(mysql.Config{
// // host: cfg.database.host
// // // port: u32(cfg.database.port)
// // dbname: 'CDN_DATABASE'
// // username: cfg.database.username
// // password: cfg.database.password
// // })!
//
// //return &Database{ conn: connection }
// return &Database{}
// }
//
// pub fn (mut db Database) query[T](query_fn fn(conn &mysql.Connection) ![]T) ![]T {
// result := query_fn(db.conn) or {
// // Connection died, reconnect
// db.conn = mysql.connect(db.config)!
// return query_fn(db.conn)!
// }
// return result
// }
//
// pub fn Database.test() {}
// pub fn test() ! { if cfg.debug {
// mut r := redis.connect(redis.Config{ conn.synchronization_mode(.off)!
// host: 'vpn.security-command.org' conn.journal_mode(.memory)!
// port: 6767 }
// password: 'SuperSecretPassword123'
// })! sql conn {
// create table Users
// pong := r.ping() or { panic(err) } create table Files
// println(pong) create table Logins
// } }!
return conn
}
pub fn get_database(cfg util.Config) !&Database {
return &Database{
cfg: cfg
conn: get_connection(cfg)!
}
}
pub fn (mut db Database) query[T](statement orm.QueryBuilder[T]) ![]T {
if !db.conn.validate() or { false } {
db.conn = get_connection(db.cfg)!
}
return statement.query()!
}
pub fn (db Database) get_query_builder[T]() &orm.QueryBuilder[T] {
return orm.new_query[T](db.conn)
}
pub fn test(cfg util.Config) !bool {
mut db := get_database(cfg)!
db.conn.validate()!
db.conn.close()!
mut qb := orm.new_query[Users](db.conn)
result := db.query[Users](qb)!
println(result.str())
return true
}

43
app/src/database/tables.v
View File

@@ -1,23 +1,24 @@
module database module database
// import time
// @[table: 'users']
// struct Users { @[table: 'users']
// id int @[primary; serial] pub struct Users {
// name string @[nonnull; unique] id int @[primary; serial]
// password_hash string @[nonnull] username string @[nonnull; unique]
// } password string @[nonnull]
// }
// @[table: 'login_attempts']
// struct Logins { @[table: 'login_attempts']
// ip string @[primary] pub struct Logins {
// attempts int @[nonnull] ip string @[primary]
// attempt_time string @[default: 'CURRENT_TIMESTAMP'; nonnull] attempts int @[nonnull]
// } attempt_time time.Time @[nonnull]
// }
// @[table: 'files']
// struct Files { @[table: 'files']
// id int @[primary; serial] pub struct Files {
// path string @[nonnull; unique] id int @[primary; serial]
// visible bool @[default: false; nonnull] path string @[nonnull; unique]
// } visible bool @[default: false; nonnull]
}

19
app/src/jwt/algoritm.v Normal file
View File

@@ -0,0 +1,19 @@
module jwt
pub interface Algorithm {
name string
sign(contents string, secretOrKey string) !string
verify(token string, secretOrKey string) !Token
}
pub enum AlgorithmType {
hs256
}
pub fn new_algorithm(algorithmType AlgorithmType) Algorithm {
match algorithmType {
.hs256 {
return HS256{}
}
}
}

33
app/src/jwt/hs256.v Normal file
View File

@@ -0,0 +1,33 @@
module jwt
import crypto.hmac
import crypto.sha256
import encoding.base64
pub struct HS256 {
pub:
name string = 'HS256'
}
pub fn (algorithm HS256) sign(content string, secret string) !string {
signature := base64.url_encode(hmac.new(secret.bytes(), content.bytes(), sha256.sum,
sha256.block_size))
return signature
}
pub fn (algorithm HS256) verify(token_raw string, secret string) !Token {
token := parse_token(token_raw)!
parts := token_raw.split('.')
header := parts[0]
claims := parts[1]
signed := algorithm.sign('${header}.${claims}', secret)!
if signed != token.signature {
return error('Invalid token')
}
if token.is_expired() {
return error('Token already expired')
}
return token
}

40
app/src/jwt/jwt.v Normal file
View File

@@ -0,0 +1,40 @@
module jwt
import json
import time
import x.json2
import encoding.base64
pub fn encode[T](claims T, algorithm Algorithm, secretOrKey string, exp int) !string {
header := new_header(algorithm)
header_b64 := base64.url_encode(json.encode(header).bytes())
mut claims_final := json2.decode[json2.Any](json.encode(claims))!.as_map()
if exp != 0 {
claims_final['exp'] = time.now().unix() + exp
}
claims_b64 := base64.url_encode(claims_final.str().bytes())
contents := '${header_b64}.${claims_b64}'
signature := algorithm.sign(contents, secretOrKey)!
return '${contents}.${signature}'
}
pub fn verify[T](token string, algorithm Algorithm, secretOrKey string) !T {
return algorithm.verify(token, secretOrKey)!.parse_claims[T]()
}
pub struct UserJwt {
pub:
id string
}
pub fn create(user_id string, secret string) !string {
return encode[UserJwt](UserJwt{ id: user_id }, new_algorithm(.hs256), secret, 7 * 24 * 60 * 60)!
}
pub fn decode(token string, secret string) !string {
return verify[UserJwt](token, new_algorithm(.hs256), secret)!.id
}

65
app/src/jwt/structs.v Normal file
View File

@@ -0,0 +1,65 @@
module jwt
import json
import time
import x.json2
import encoding.base64
pub struct JWTHeader {
pub:
alg string
typ string = 'JWT'
}
fn new_header(algorithm Algorithm) JWTHeader {
return JWTHeader{
alg: algorithm.name.str().to_upper()
}
}
struct Token {
pub:
header JWTHeader
claims string
signature string
expiration int
}
pub fn (t Token) parse_claims[T]() !T {
return json.decode(T, t.claims)
}
pub fn (t Token) is_expired() bool {
return t.expiration == -1 || time.unix(t.expiration) < time.now()
}
pub fn parse_token(token_raw string) !Token {
parts := token_raw.split('.')
if parts.len != 3 {
return error('Invalid token')
}
header_raw := if parts[0].len % 4 == 0 { parts[0] } else { parts[0] + '==' }
claims_raw := if parts[1].len % 4 == 0 { parts[1] } else { parts[1] + '==' }
decoded_header := base64.decode_str(header_raw)
decoded_claims := base64.decode_str(claims_raw)
claims := json2.decode[json2.Any](decoded_claims)!.as_map()
mut expiration_given := true
expiration_unix := claims['exp'] or {
expiration_given = false
json2.Null{}
}
token := Token{
header: json.decode(JWTHeader, decoded_header)!
claims: decoded_claims
signature: parts[2]
expiration: if expiration_given { expiration_unix.int() } else { -1 }
}
return token
}

154
app/src/main.v
View File

@@ -2,9 +2,13 @@ module main
import os import os
import veb import veb
import jwt
import util import util
import database import database
import thomaspeissl.dotenv import thomaspeissl.dotenv
import sync
import orm
import time
// structs // structs
@@ -14,12 +18,16 @@ pub mut:
id int id int
} }
pub struct CachedUser {
pub:
user User
expires int // unix seconds
}
pub struct Context { pub struct Context {
veb.Context veb.Context
pub mut: pub mut:
embed util.Embedded user User
user User
session_id string
} }
pub struct App { pub struct App {
@@ -27,8 +35,12 @@ pub struct App {
veb.StaticHandler veb.StaticHandler
veb.Middleware[Context] veb.Middleware[Context]
pub: pub:
cfg &util.Config cfg util.Config
embed util.Embedded embed util.Embedded
cache_lock sync.RwMutex
user_cache map[string]CachedUser
pub mut:
database database.Database
} }
pub struct Auth { pub struct Auth {
@@ -40,8 +52,8 @@ pub:
@['/:path...'] @['/:path...']
pub fn (app &App) root(mut ctx Context, path string) veb.Result { pub fn (app &App) root(mut ctx Context, path string) veb.Result {
abs_root := util.Utility.normalize_path(os.abs_path(app.cfg.root)) abs_root := util.Utility.normalize_path(os.real_path(app.cfg.root))
abs_path := util.Utility.normalize_path(abs_root + os.abs_path(path)) abs_path := util.Utility.normalize_path(os.real_path(os.join_path(abs_root, path)))
if !abs_path.starts_with(abs_root) && abs_path != abs_root { if !abs_path.starts_with(abs_root) && abs_path != abs_root {
return ctx.forbidden() return ctx.forbidden()
@@ -82,10 +94,77 @@ pub fn (auth &Auth) register(mut ctx Context) veb.Result {
return ctx.text('register') return ctx.text('register')
} }
// middleware
fn (mut app &App) prepare() fn (mut Context) bool {
return fn [mut app] (mut ctx Context) bool {
ctx.app = &app
return true
}
}
pub fn session(mut ctx Context) bool {
token := ctx.get_cookie('veb_session') or { '' }
if token == '' {
return true
}
if id := jwt.decode(token, ctx.app.cfg.jwt_key) {
query := ctx.app.database.get_query_builder[database.Users]().where('id = ?', id) or { return true }
result := ctx.app.database.query[database.Users](query) or { return true }
ctx.user = result.first()
}
return true
}
// fn (mut app App) get_user_by_id_cached(id int) ?User {
// key := id.str()
// now := time.now().unix()
//
// // read lock -> quick path
// app.cache_lock.rlock()
// if cu := app.user_cache[key] {
// if cu.expires > int(now) {
// app.cache_lock.runlock()
// return cu.user
// }
// }
// app.cache_lock.runlock()
//
// // miss or expired -> fetch from DB
// // assume you have a DB pool on app or ctx.db gives you a connection
// // This example uses app-level DB access via a helper; adapt if your DB is on ctx.
// row := app.get_db().exec_param('SELECT id, name FROM users WHERE id = $1', key) or {
// return error('db error')
// }
// if row.len == 0 {
// return error('not found')
// }
//
// fetched := User{
// id: row[0].valint(0)
// name: row[0].vals[1]
// }
//
// // write lock -> populate cache
// app.cache_lock.lock()
// app.user_cache[key] = CachedUser{
// user: fetched
// expires: int(now) + 60 // TTL = 60s, tune to taste
// }
// app.cache_lock.unlock()
//
// return fetched
// }
// utility // utility
fn (mut ctx Context) error_page(code int, short string, long string) string { fn (mut ctx Context) error_page(code int, short string, long string) string {
style := ctx.embed.error_css.clone() style := ctx.app.embed.error_css.clone()
return $tmpl('template/error.html') return $tmpl('template/error.html')
} }
@@ -111,65 +190,42 @@ pub fn (mut ctx Context) server_error(msg string) veb.Result {
// main // main
fn populate() (&util.Config, &util.Embedded) { fn populate() (util.Config, util.Embedded) {
dotenv.load() dotenv.load()
dotenv.require('CDN_DB_HOST', 'CDN_DB_PORT')
executable := os.executable() executable := os.executable()
def_root := os.dir(executable) def_root := os.dir(executable)
def_port := int($d('port', 6767)) def_port := int($d('port', 6767))
def_user := $d('username', 'cdn') def_sqlt := $d('database', 'cdn_web.db')
def_pass := $d('password', 'totallySafeCdnDatabasePassword1235') def_jwt := $d('jwt', 'supersecurejwttokenkey')
return &util.Config{ // vfmt off
return util.Config{
exe: util.Utility.normalize_path(executable) exe: util.Utility.normalize_path(executable)
root: util.Utility.normalize_path(if os.getenv('CDN_ROOT') != '' { root: util.Utility.normalize_path(if os.getenv('CDN_ROOT') != '' { util.Utility.resolve_path(def_root, os.getenv('CDN_ROOT').str()) } else { def_root })
util.Utility.resolve_path(def_root, os.getenv('CDN_ROOT').str()) port: if os.getenv('CDN_PORT') != '' { os.getenv('CDN_PORT').int() } else { def_port }
} else { jwt_key: if os.getenv('CDN_JWT_KEY') != '' { os.getenv('CDN_JWT_KEY').str() } else { def_jwt }
def_root database: if os.getenv('CDN_SQL_DSN') != '' { os.getenv('CDN_SQL_DSN').str() } else { def_sqlt }
}) }, util.Embedded{
port: if os.getenv('CDN_PORT') != '' { os.getenv('CDN_PORT').int() } else { def_port }
database: &util.Database{
host: os.getenv('CDN_DB_HOST').str()
port: os.getenv('CDN_DB_PORT').int()
username: if os.getenv('CDN_DB_USERNAME') != '' {
os.getenv('CDN_DB_USERNAME').str()
} else {
def_user
}
password: if os.getenv('CDN_DB_PASSWORD') != '' {
os.getenv('CDN_DB_PASSWORD').str()
} else {
def_pass
}
}
}, &util.Embedded{
style_css: $embed_file('template/assets/style.css', .zlib).to_string() style_css: $embed_file('template/assets/style.css', .zlib).to_string()
error_css: $embed_file('template/assets/error.css', .zlib).to_string() error_css: $embed_file('template/assets/error.css', .zlib).to_string()
} }
// vfmt on
} }
fn main() { fn main() {
cfg, mut embed := populate() // vfmt off
mut app := &App{ mut cfg, mut embed := populate()
cfg: cfg mut app := &App{ cfg: cfg, embed: embed, database: database.get_database(cfg)! }
embed: embed mut auth := &Auth{ app: &app }
} // vfmt on
mut auth := &Auth{
app: &app
}
app.register_controller[Auth, Context]('/auth', mut auth)! app.register_controller[Auth, Context]('/auth', mut auth)!
app.enable_static_compression = true app.enable_static_compression = true
app.use(veb.encode_auto[Context]()) app.use(veb.encode_auto[Context]())
app.use(handler: app.prepare())
app.use(veb.MiddlewareOptions[Context]{ app.use(handler: session)
handler: fn [mut embed] (mut ctx Context) bool {
ctx.embed = embed
return true
}
})
veb.run[App, Context](mut app, app.cfg.port) veb.run[App, Context](mut app, app.cfg.port)
} }

1
app/src/util/http.v Normal file
View File

@@ -0,0 +1 @@
module util

14
app/src/util/structs.v
View File

@@ -5,20 +5,14 @@ import os
import time import time
import encoding.base64 import encoding.base64
pub struct Database {
pub:
host string
port int
username string
password string
}
pub struct Config { pub struct Config {
pub: pub:
exe string exe string
root string root string
port int port int
database Database debug bool
jwt_key string
database string
} }
pub struct Embedded { pub struct Embedded {
@@ -159,7 +153,7 @@ pub fn Utility.list_files(dir_path string, relative string, exclude []string) ![
} }
pub fn Utility.normalize_path(path string) string { pub fn Utility.normalize_path(path string) string {
return path.replace('\\', '/') return path.replace('\\', '/').replace('//', '/')
} }
pub struct HtmlBuilder {} pub struct HtmlBuilder {}