From be100a142046dfdd34d065c407ab11c21a836308 Mon Sep 17 00:00:00 2001 From: ghost Date: Fri, 16 Feb 2024 17:59:06 +0200 Subject: [PATCH] implement form tokens --- src/Controller/ModuleController.php | 43 +++++++++++--- src/Controller/RoomController.php | 43 ++++++++++++++ src/Controller/UserController.php | 76 ++++++++++++++++++++++++- templates/default/module/post.html.twig | 1 + templates/default/module/room.html.twig | 1 + templates/default/user/join.html.twig | 1 + templates/default/user/login.html.twig | 1 + 7 files changed, 158 insertions(+), 8 deletions(-) diff --git a/src/Controller/ModuleController.php b/src/Controller/ModuleController.php index fe96d82..a486158 100644 --- a/src/Controller/ModuleController.php +++ b/src/Controller/ModuleController.php @@ -129,18 +129,28 @@ class ModuleController extends AbstractController Request $request ): Response { + // Connect memcached + $memcached = new \Memcached(); + $memcached->addServer( + $this->getParameter('app.memcached.host'), + $this->getParameter('app.memcached.port') + ); + + // Create token + $token = crc32( + microtime(true) + rand() + ); + + $memcached->add( + $token, + time() + ); + // Check user session exist $username = false; if (!empty($request->cookies->get('KEVACHAT_SESSION')) && preg_match('/[A-z0-9]{32}/', $request->cookies->get('KEVACHAT_SESSION'))) { - // Connect memcached - $memcached = new \Memcached(); - $memcached->addServer( - $this->getParameter('app.memcached.host'), - $this->getParameter('app.memcached.port') - ); - // Check username exist for this session if ($value = $memcached->get($request->cookies->get('KEVACHAT_SESSION'))) { @@ -203,6 +213,7 @@ class ModuleController extends AbstractController 'error' => $request->get('error'), 'warning' => $request->get('warning'), 'sign' => $sign, + 'token' => $token, 'message' => $message, 'username' => $username, 'cost' => $this->getParameter('app.add.post.cost.kva'), @@ -223,10 +234,28 @@ class ModuleController extends AbstractController Request $request ): Response { + // Connect memcached + $memcached = new \Memcached(); + $memcached->addServer( + $this->getParameter('app.memcached.host'), + $this->getParameter('app.memcached.port') + ); + + // Create token + $token = crc32( + microtime(true) + rand() + ); + + $memcached->add( + $token, + time() + ); + return $this->render( 'default/module/room.html.twig', [ 'request' => $request, + 'token' => $token, 'cost' => $this->getParameter('app.add.room.cost.kva') ] ); diff --git a/src/Controller/RoomController.php b/src/Controller/RoomController.php index fa66ef8..0db6b28 100644 --- a/src/Controller/RoomController.php +++ b/src/Controller/RoomController.php @@ -442,6 +442,29 @@ class RoomController extends AbstractController } */ + // Validate form token + if ($memcached->get($request->get('token'))) + { + $memcached->delete( + $request->get('token') + ); + } + + else + { + return $this->redirectToRoute( + 'room_namespace', + [ + 'mode' => $request->get('mode'), + 'namespace' => $request->get('namespace'), + 'message' => $request->get('message'), + 'sign' => $request->get('sign'), + 'error' => $translator->trans('Session token expired'), + '_fragment' => 'latest' + ] + ); + } + // Validate access to the room namespace if ( @@ -794,6 +817,26 @@ class RoomController extends AbstractController $request->get('name') ); + // Validate form token + if ($memcached->get($request->get('token'))) + { + $memcached->delete( + $request->get('token') + ); + } + + else + { + return $this->redirectToRoute( + 'room_list', + [ + 'mode' => $request->get('mode'), + 'name' => $name, + 'error' => $translator->trans('Session token expired') + ] + ); + } + // Validate kevacoin key requirements if (mb_strlen($name) < 1 || mb_strlen($name) > 520) { diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php index e11768f..3bf1bd7 100644 --- a/src/Controller/UserController.php +++ b/src/Controller/UserController.php @@ -159,6 +159,23 @@ class UserController extends AbstractController ?Request $request ): Response { + // Connect memcached + $memcached = new \Memcached(); + $memcached->addServer( + $this->getParameter('app.memcached.host'), + $this->getParameter('app.memcached.port') + ); + + // Create token + $token = crc32( + microtime(true) + rand() + ); + + $memcached->add( + $token, + time() + ); + // Check user session does not exist to continue if (!empty($request->cookies->get('KEVACHAT_SESSION'))) { @@ -172,6 +189,7 @@ class UserController extends AbstractController 'default/user/join.html.twig', [ 'request' => $request, + 'token' => $token, 'cost' => $this->getParameter('app.add.user.cost.kva') ] ); @@ -189,6 +207,23 @@ class UserController extends AbstractController ?Request $request ): Response { + // Connect memcached + $memcached = new \Memcached(); + $memcached->addServer( + $this->getParameter('app.memcached.host'), + $this->getParameter('app.memcached.port') + ); + + // Create token + $token = crc32( + microtime(true) + rand() + ); + + $memcached->add( + $token, + time() + ); + // Check user session does not exist to continue if (!empty($request->cookies->get('KEVACHAT_SESSION'))) { @@ -201,7 +236,8 @@ class UserController extends AbstractController return $this->render( 'default/user/login.html.twig', [ - 'request' => $request + 'request' => $request, + 'token' => $token ] ); } @@ -298,6 +334,25 @@ class UserController extends AbstractController ), ); + // Validate form token + if ($memcached->get($request->get('token'))) + { + $memcached->delete( + $request->get('token') + ); + } + + else + { + return $this->redirectToRoute( + 'user_add', + [ + 'username' => $request->get('username'), + 'error' => $translator->trans('Session token expired') + ] + ); + } + // Validate remote IP limits if ($delay = (int) $memcached->get($memory)) { @@ -629,6 +684,25 @@ class UserController extends AbstractController $this->getParameter('app.memcached.port') ); + // Validate form token + if ($memcached->get($request->get('token'))) + { + $memcached->delete( + $request->get('token') + ); + } + + else + { + return $this->redirectToRoute( + 'user_login', + [ + 'username' => $request->get('username'), + 'error' => $translator->trans('Session token expired') + ] + ); + } + // Check client connection if (!$client = $this->_client()) { diff --git a/templates/default/module/post.html.twig b/templates/default/module/post.html.twig index 0c3a8e5..a7a2b32 100644 --- a/templates/default/module/post.html.twig +++ b/templates/default/module/post.html.twig @@ -34,5 +34,6 @@ {% if cost %} {{ 'cost: %s KVA' | format(cost) | trans }} {% endif %} + {% endif %} \ No newline at end of file diff --git a/templates/default/module/room.html.twig b/templates/default/module/room.html.twig index cc8e0f4..4f538c8 100644 --- a/templates/default/module/room.html.twig +++ b/templates/default/module/room.html.twig @@ -10,4 +10,5 @@ {% if cost %} {{ 'cost: %s KVA' | format(cost) | trans }} {% endif %} + \ No newline at end of file diff --git a/templates/default/user/join.html.twig b/templates/default/user/join.html.twig index 6437b64..c71d7cb 100644 --- a/templates/default/user/join.html.twig +++ b/templates/default/user/join.html.twig @@ -19,5 +19,6 @@ {% if cost %} {{ 'cost: %s KVA' | format(cost) | trans }} {% endif %} + {% endblock %} \ No newline at end of file diff --git a/templates/default/user/login.html.twig b/templates/default/user/login.html.twig index 959f9cd..9256686 100644 --- a/templates/default/user/login.html.twig +++ b/templates/default/user/login.html.twig @@ -11,5 +11,6 @@ {{ 'Create account' | trans }} + {% endblock %} \ No newline at end of file