desloratadyna/fluff
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: desloratadyna:083590e1051197cfe8ca6b74d99c9bd39203e4d41f03be55be9003f200a8cec3
Branches Tags
desloratadyna:main
...
compare: desloratadyna:main
Branches Tags
desloratadyna:main

10 Commits
083590e105 ... main

Author SHA256 Message Date
deslokitty
38ed485bd8 fix: fix the geoip localhost hack 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 15:21:15 +01:00
deslokitty
a64cb5b4de chore: replace amy's localhost hack 
ya so basically it is either reverse proxy or everyone gets access granted in
shit yourself if you dont use a reverse proxy

Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 12:58:56 +01:00
WlodekM
490c1cc724 fix error when accessing from localhost 2026-01-08 13:19:55 +02:00
WlodekM
ef9f6ba9c7 satanize ampersand 2026-01-08 13:18:03 +02:00
deslokitty
7bc1e8d928 chore: bloom: fix query parameter count 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 08:31:00 +01:00
deslokitty
59d5c0076b chore: fix function call in bloom 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 08:29:50 +01:00
deslokitty
deff76e107 chore: add hmac secret generation on bloom 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 08:28:26 +01:00
deslokitty
d64dfed0c4 chore: more generic name for bloomdb.js 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 08:15:20 +01:00
deslokitty
1797d5253e funny: make the port 42420 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 07:53:53 +01:00
deslokitty
5603f42e4a chore: add endpoint link to scheme 
Signed-off-by: deslokitty <deslokitty@desloratadyna.net>
 2026-01-08 07:23:32 +01:00
2 changed files with 12 additions and 5 deletions
Expand all files Collapse all files

9
bloomdb.js → bloom.js
View File

@@ -1,3 +1,6 @@
const crypto = require("node:crypto");
const fs = require("node:fs");
const sqlite = require("better-sqlite3");
const uuid = require("uuid");
@@ -10,7 +13,7 @@ database.prepare("DROP TABLE IF EXISTS fluff_logins;").run();
database.prepare("CREATE TABLE fluff_authorised_services(id TEXT PRIMARY KEY, serviceId TEXT, userId TEXT, authorisedAt INTEGER);").run();
database.prepare("CREATE TABLE fluff_authentication_base(id TEXT PRIMARY KEY, identifier TEXT UNIQUE, passhash TEXT, quote TEXT, admin INTEGER)").run();
database.prepare("CREATE TABLE fluff_services(id TEXT PRIMARY KEY, displayName TEXT, shortDescription, tosLink TEXT, ppLink TEXT, ownerId TEXT, approved INT);").run();
database.prepare("CREATE TABLE fluff_services(id TEXT PRIMARY KEY, displayName TEXT, shortDescription, tosLink TEXT, ppLink TEXT, endpointLink TEXT, ownerId TEXT, approved INT);").run();
database.prepare("CREATE TABLE fluff_logins(id TEXT PRIMARY KEY, timestamp INTEGER, ip TEXT)").run();
const deslokittyuuid = uuid.v7();
@@ -18,8 +21,10 @@ const chatuuid = uuid.v7();
const authid = uuid.v7();
database.prepare("INSERT INTO fluff_authentication_base(id, identifier, passhash, quote, admin) VALUES (?, ?, ?, ?, ?)").run(deslokittyuuid, "deslokitty", "$2b$12$GAfuSvAwwwmzRP3HOaZiIeuz0IQFTqDZH1wdD9xGIJ5FOkqim9QRS", "meow meow >w<", 1);
database.prepare("INSERT INTO fluff_services(id, displayName, shortDescription, tosLink, ppLink, ownerId, approved) VALUES (?, ?, ?, ?, ?, ?, ?)").run(chatuuid, "chat domestique", "chat domestique is a heavily opinionated chat platform for silly kibbies >w<", "https://chatdomestique.fr/legal/termsofuse", "https://chatdomestique.fr/legal/privacypolicy", deslokittyuuid, 1);
database.prepare("INSERT INTO fluff_services(id, displayName, shortDescription, tosLink, ppLink, endpointLink, ownerId, approved) VALUES (?, ?, ?, ?, ?, ?, ?, ?)").run(chatuuid, "chat domestique", "chat domestique is a heavily opinionated chat platform for silly kibbies >w<", "https://chatdomestique.fr/legal/termsofuse", "https://chatdomestique.fr/legal/privacypolicy", "https://internal.chatdomestique.fr/endpoint/desloratadyna", deslokittyuuid, 1);
database.prepare("INSERT INTO fluff_authorised_services(id, serviceId, userId, authorisedAt) VALUES (?, ?, ?, ?)").run(authid, chatuuid, deslokittyuuid, Date.now());
fs.writeFileSync("./hmacsecret", crypto.randomBytes(16).toString("base64url"));
database.close();

8
index.js
View File

@@ -53,7 +53,7 @@ function verifyToken(token) {
return split[0];
}
function sanitiseStringHTML(str) {
return str.replaceAll(">", "&gt;").replaceAll("<", "&lt;");
return str.replaceAll("&", "&amp;").replaceAll(">", "&gt;").replaceAll("<", "&lt;");
}
app.use(express.urlencoded());
@@ -75,6 +75,8 @@ app.use((req, res, next) => {
});
app.use((req, res, next) => {
req.userId = verifyToken(req.cookies.token);
if (!req.headers['x-forwarded-for']) return next();
const geo = geoip.lookup(req.headers['x-forwarded-for']);
console.log(geo);
@@ -165,6 +167,6 @@ app.get("/cgi-bin/primarypage", async (req, res, next) => {
res.end();
});
// haha almost 420
app.listen(42424);
// haha 420
app.listen(42420);