From 891e77a43f0c5b751b5cb5be4a4804789a5f4859 Mon Sep 17 00:00:00 2001 From: Matthew R Date: Mon, 29 Jun 2020 18:07:10 -0400 Subject: [PATCH] add utility for revoking bearer tokens --- src/api/routes/Root.ts | 3 +-- src/class/Security.ts | 1 + src/commands/bearer.ts | 4 +++- src/commands/bearer_revoke.ts | 29 +++++++++++++++++++++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 src/commands/bearer_revoke.ts diff --git a/src/api/routes/Root.ts b/src/api/routes/Root.ts index 4b96550..dd7be74 100644 --- a/src/api/routes/Root.ts +++ b/src/api/routes/Root.ts @@ -28,8 +28,7 @@ export default class Root extends Route { cpuClock: os.cpus()[0].speed / 1000, cpuCores: os.cpus().length, hostname: os.hostname(), - ipv4: os.networkInterfaces().eth0.filter((r) => r.family === 'IPv4')[0].address, - ipv6: os.networkInterfaces().eth0.filter((r) => r.family === 'IPv6')[0].address, + ipv4: os.networkInterfaces().enp0s3.filter((r) => r.family === 'IPv4')[0].address, }, }; res.status(200).json({ code: this.constants.codes.SUCCESS, message: response }); diff --git a/src/class/Security.ts b/src/class/Security.ts index 2a3a126..105b34a 100644 --- a/src/class/Security.ts +++ b/src/class/Security.ts @@ -40,6 +40,7 @@ export default class Security { const res: any = jwt.verify(bearer, this.keys.key, { issuer: 'Library of Code sp-us | CSD' }); const account = await this.client.db.Account.findOne({ _id: res.id }); if (!account) return null; + if (account.revokedBearers?.includes(bearer)) return null; return account; } catch { return null; diff --git a/src/commands/bearer.ts b/src/commands/bearer.ts index 4cd92d0..039ebb0 100644 --- a/src/commands/bearer.ts +++ b/src/commands/bearer.ts @@ -1,5 +1,6 @@ import { Message } from 'eris'; import { Client, Command } from '../class'; +import Bearer_Revoke from './bearer_revoke'; export default class Bearer extends Command { constructor(client: Client) { @@ -7,6 +8,7 @@ export default class Bearer extends Command { this.name = 'bearer'; this.description = 'Creates a bearer token.'; this.usage = `${this.client.config.prefix}bearer`; + this.subcmds = [Bearer_Revoke]; this.guildOnly = false; this.enabled = true; } @@ -19,7 +21,7 @@ export default class Bearer extends Command { const bearer = await this.client.server.security.createBearer(account._id); const dm = await this.client.getDMChannel(message.author.id); const msg = await dm.createMessage(`__**Library of Code sp-us | Cloud Services [API]**__\n*This message will automatically be deleted in 60 seconds, copy the token and save it. You cannot recover it.*\n\n${bearer}`); - this.error(message.channel, 'Bearer token sent to direct messages.'); + this.success(message.channel, 'Bearer token sent to direct messages.'); return setTimeout(() => { msg.delete(); }, 60000); diff --git a/src/commands/bearer_revoke.ts b/src/commands/bearer_revoke.ts new file mode 100644 index 0000000..fc4d418 --- /dev/null +++ b/src/commands/bearer_revoke.ts @@ -0,0 +1,29 @@ +import { Message } from 'eris'; +import { Client, Command } from '../class'; + +export default class Bearer_Revoke extends Command { + constructor(client: Client) { + super(client); + this.name = 'revoke'; + this.description = 'Revokes an API bearer token.'; + this.usage = `${this.client.config.prefix}bearer revoke `; + this.enabled = true; + this.guildOnly = false; + } + + public async run(message: Message, args: string[]) { + try { + if (!args[0]) return this.client.commands.get('help').run(message, ['bearer', this.name]); + const account = await this.client.db.Account.findOne({ userID: message.author.id }); + if (!account) return this.error(message.channel, 'You do not have an account.'); + + const bearerVerify = await this.client.server.security.checkBearer(args[0]); + if (!bearerVerify || bearerVerify?.userID !== account.userID) return this.error(message.channel, 'Permission denied.'); + if (account.revokedBearers?.includes(args[0])) return this.error(message.channel, 'This bearer token is already revoked.'); + await account.updateOne({ $addToSet: { revokedBearers: args[0] } }); + return this.success(message.channel, 'Revoked bearer token.'); + } catch (err) { + return this.client.util.handleError(err, message, this); + } + } +}