mirror of https://github.com/IoTcat/ushio-auth.git
parent
8f28f34d27
commit
15f52a26a6
8 changed files with 209 additions and 151 deletions
@ -1,84 +0,0 @@ |
||||
<html> |
||||
<head> |
||||
<title>Ushio Auth</title> |
||||
<script src="https://cdn.jsdelivr.net/npm/fp3@3.0.3/dist/fp.min.js"></script> |
||||
<script> |
||||
/* func define */ |
||||
var cookie={set:function(e,r,a){if(a==undefined)var a=3e3;var t=new Date;t.setTime(t.getTime()+a*24*60*60*1e3);document.cookie=e+"="+escape(r)+";expires="+t.toGMTString()+";path=/"},get:function(e){var r,a=new RegExp("(^| )"+e+"=([^;]*)(;|$)");if(r=document.cookie.match(a)){return unescape(r[2])}else{return null}},del:function(e){var r=new Date;r.setTime(r.getTime()-1);var a,t=new RegExp("(^| )"+e+"=([^;]*)(;|$)");if(a=document.cookie.match(t)){var n=unescape(a[2])}else{var n=null}if(n!=null){document.cookie=e+"="+n+";expires="+r.toGMTString()}}} |
||||
|
||||
function getQueryString(name) { |
||||
let reg = new RegExp("(^|&)" + name + "=([^&]*)(&|$)", "i"); |
||||
let r = window.location.search.substr(1).match(reg); |
||||
if (r != null) { |
||||
return decodeURIComponent(r[2]); |
||||
}; |
||||
return null; |
||||
} |
||||
function randomStr(length) { |
||||
var result = '', chars = '0123456789abcdefghijklmnopqrstuvwxyz'; |
||||
for (var i = length; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)]; |
||||
return result; |
||||
} |
||||
|
||||
|
||||
|
||||
/* get Ip */ |
||||
var ip = ''; |
||||
function getIp(){ |
||||
return new Promise((resolve, reject)=>{ |
||||
var ajax = new XMLHttpRequest(); |
||||
ajax.onreadystatechange = function(){ |
||||
if(ajax.readyState == 4 && ajax.status == 200){ |
||||
var data = JSON.parse(ajax.responseText); |
||||
ip = data.ip; |
||||
resolve(ip); |
||||
} |
||||
} |
||||
ajax.open('get','https://log.yimian.xyz/iis.php'); |
||||
ajax.send(null); |
||||
}); |
||||
} |
||||
|
||||
|
||||
/* get father page mask */ |
||||
var mask = getQueryString('mask'); |
||||
|
||||
/* break cookie rule */ |
||||
document.cookie = 'cross-site-cookie2=noneCookie; SameSite=None; Secure'; |
||||
var isCrossDomain = true; |
||||
cookie.set('_icd', '15'); |
||||
if(cookie.get('_icd') == '15'){ |
||||
isCrossDomain = false; |
||||
} |
||||
|
||||
|
||||
var token = ''; |
||||
console.log(cookie.get('_token')) |
||||
/* get local token */ |
||||
if(cookie.get('_token')){ |
||||
token = cookie.get('_token'); |
||||
}else{ |
||||
if(!isCrossDomain){ |
||||
token = randomStr(64); |
||||
cookie.set('_token', token); |
||||
} |
||||
} |
||||
|
||||
|
||||
/* web request */ |
||||
;(async function(){ |
||||
var ajax = new XMLHttpRequest(); |
||||
var fp_v = await fp; |
||||
var ip = await getIp(); |
||||
if(token){ |
||||
ajax.open('get','checkin.php?fp='+fp_v+'&token='+token+'&mask='+mask+'&ip='+ip); |
||||
if(fp_v && mask && token) ajax.send(null); |
||||
}else{ |
||||
ajax.open('get','checkin.php?fp='+fp_v+'&ip='+ip+'&mask='+mask); |
||||
if(fp_v && mask && ip) ajax.send(null); |
||||
} |
||||
})() |
||||
</script> |
||||
</head> |
||||
<body></body> |
||||
</html> |
@ -1 +0,0 @@ |
||||
<script>window.location.href="https://ushio.cool/"</script> |
@ -0,0 +1,48 @@ |
||||
<?php |
||||
|
||||
include './functions.php'; |
||||
|
||||
$seed = $_REQUEST['seed']; |
||||
$ip = $_REQUEST['ip']; |
||||
$fp = $_REQUEST['fp']; |
||||
|
||||
if(!isset($seed) || strlen($seed)!=64 || !isset($ip) || strlen($ip)<8 || strlen($ip)>16 || !isset($fp) || strlen($fp)!=6) { |
||||
header('status: 505 Illegal Params'); |
||||
die(); |
||||
}; |
||||
|
||||
|
||||
header("Content-Type: application/json;charset=utf-8"); |
||||
|
||||
$fip = md5($fp.$ip); |
||||
|
||||
|
||||
// bad seed |
||||
if(!$redis->exists('auth/seed/'.$seed)){ |
||||
echo json_encode(array( |
||||
"code"=>400, |
||||
"message"=>"Bad Seed!" |
||||
)); |
||||
die(); |
||||
} |
||||
|
||||
|
||||
$token = $redis->get('auth/seed/'.$seed); |
||||
|
||||
//bad token |
||||
if(strlen($token)!=64){ |
||||
echo json_encode(array( |
||||
"code"=>500, |
||||
"message"=>"Bad token!" |
||||
)); |
||||
die(); |
||||
} |
||||
|
||||
|
||||
//good |
||||
$redis->set('auth/fip/'.$fip, $token); |
||||
$redis->expire('auth/fip/'.$fip, 60); |
||||
echo json_encode(array( |
||||
"code"=>200 |
||||
)); |
||||
|
@ -0,0 +1,86 @@ |
||||
<?php |
||||
|
||||
header('Access-Control-Allow-Origin:*'); |
||||
|
||||
include './functions.php'; |
||||
|
||||
$mask = $_REQUEST['mask']; |
||||
$ip = $_REQUEST['ip']; |
||||
$fp = $_REQUEST['fp']; |
||||
|
||||
if(!isset($mask) || strlen($mask)!=64 || !isset($ip) || strlen($ip)<8 || strlen($ip)>16 || !isset($fp) || strlen($fp)!=6) { |
||||
header('status: 505 Illegal Params'); |
||||
die(); |
||||
}; |
||||
|
||||
/* special php program */ |
||||
set_time_limit(0); |
||||
ob_end_clean(); |
||||
header("Connection: close"); |
||||
header("HTTP/1.1 200 OK"); |
||||
header("Content-Type: application/json;charset=utf-8"); |
||||
header('Access-Control-Allow-Origin:*'); |
||||
ob_start(); |
||||
|
||||
|
||||
|
||||
$cnn = db__connect(); |
||||
|
||||
if(db__rowNum($cnn, "mask", "mask", $mask)){ |
||||
$token = db__getData($cnn, "mask", "mask", $mask)[0]['token']; |
||||
echo json_encode(array( |
||||
"code"=> 200 |
||||
)); |
||||
}else{ |
||||
$fip = md5($fp.$ip); |
||||
if($redis->exists('auth/fip/'.$fip)){ |
||||
$token = $redis->get('auth/fip/'.$fip); |
||||
db__pushData($cnn, "mask", array( |
||||
"mask"=>$mask, |
||||
"token"=>$token, |
||||
"created_at"=>date("Y-m-d H:i:s", time()) |
||||
), array( |
||||
"mask"=>$mask |
||||
)); |
||||
echo json_encode(array( |
||||
"code"=> 200 |
||||
)); |
||||
}else{ |
||||
echo json_encode(array( |
||||
"code"=> 404 |
||||
)); |
||||
} |
||||
die(); |
||||
} |
||||
|
||||
|
||||
/* close connection */ |
||||
ob_end_flush(); |
||||
flush(); |
||||
if (function_exists("fastcgi_finish_request")) { |
||||
fastcgi_finish_request(); |
||||
} |
||||
sleep(2); |
||||
ignore_user_abort(true); |
||||
set_time_limit(0); |
||||
|
||||
if(db__rowNum($cnn, "fip", "token", $token, "mask", $mask, "fp", $fp, "ip", $ip)){ |
||||
db__pushData($cnn, "fip", array( |
||||
"updated_at"=>date("Y-m-d H:i:s", time()) |
||||
), array( |
||||
"token"=>$token, |
||||
"mask"=>$mask, |
||||
"fp"=>$fp, |
||||
"ip"=>$ip |
||||
)); |
||||
}else{ |
||||
db__pushData($cnn, "fip", array( |
||||
"token"=>$token, |
||||
"mask"=>$mask, |
||||
"fp"=>$fp, |
||||
"ip"=>$ip, |
||||
"created_at"=>date("Y-m-d H:i:s", time()) |
||||
)); |
||||
} |
||||
|
||||
die(); |
Loading…
Reference in new issue