diff --git a/pass/routes/key.js b/pass/routes/key.js
index 1ce42276b14efdc11c28764bdbb415fe485713e0..00586b1e5e305b93b10b6ef25b7ebffc63459013 100644
--- a/pass/routes/key.js
+++ b/pass/routes/key.js
@@ -46,7 +46,9 @@ router.post("/create", (req, res) => {
let key = req.body.key;
Key.GET_KEY(key, false).then((key) => {
res.redirect(
- `${res.locals.baseDir}/key/` + encodeURIComponent(key.get_key()) + "#charge"
+ `${res.locals.baseDir}/key/` +
+ encodeURIComponent(key.get_key()) +
+ "#charge"
);
});
});
@@ -96,7 +98,11 @@ router.get("/enter", function (req, res, next) {
if (typeof req.headers.referer === "undefined") {
res.render("login/key");
}
- let matches = req.header("referer").match(/\?.*key=([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/);
+ let matches = req
+ .header("referer")
+ .match(
+ /\?.*key=([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/
+ );
if (matches) {
let key_from_referer = matches[1];
Key.GET_KEY(key_from_referer, false).then((key) => {
@@ -122,6 +128,7 @@ const upload = multer({
router.post("/enter", upload.single("file"), async (req, res, next) => {
/** @type {Key} */
let key = null;
+ let error = null;
if (typeof req.body.key === "string" && req.body.key.length > 0) {
let input = req.body.key.trim();
// Login via Login code
@@ -133,22 +140,58 @@ router.post("/enter", upload.single("file"), async (req, res, next) => {
await __redis_client.del(prefix + key_from_code);
input = key_from_code;
} else {
- res.render("login/key", { errors: "The login code is invalid. Please check your input." });
- return;
+ error = "invalid_login_code";
+ }
+ } else {
+ if (input.match(/^[0-9A-F]{32}$/i)) {
+ input = [
+ input.slice(0, 8),
+ input.slice(8, 12),
+ input.slice(12, 16),
+ input.slice(16, 20),
+ input.slice(20, 32),
+ ].join("-");
+ }
+ if (Key.IS_VALID_UUID(input) || input.match(/^[0-9a-zA-Z]{6}$/)) {
+ key = await Key.GET_KEY(input).then((key) => key.get_key());
+ } else {
+ error = "invalid_key";
}
}
- if (input.match(/^[0-9A-F]{32}$/i)) {
- input = [input.slice(0, 8), input.slice(8, 12), input.slice(12, 16), input.slice(16, 20), input.slice(20, 32)].join("-");
- }
- if (Key.IS_VALID_UUID(input) || input.match(/^[0-9a-zA-Z]{6}$/)) {
- key = await Key.GET_KEY(input).then((key) => key.get_key());
+ }
+
+ if (error != null) {
+ try {
+ let redirect_url = new URL(req.body.redirect_error);
+ redirect_url.searchParams.set("key_error", error);
+ redirect_url.searchParams.set("invalid_key", req.body.key.trim());
+ if (req.host == redirect_url.hostname) {
+ res.redirect(redirect_url.toString());
+ return;
+ }
+ } catch (error) {}
+ if (error == "invalid_login_code") {
+ res.render("login/key", {
+ errors: "The login code is invalid. Please check your input.",
+ });
+ return;
} else {
- res.render("login/key", { errors: "The entered key is invalid. Please check your input." });
+ res.render("login/key", {
+ errors: "The entered key is invalid. Please check your input.",
+ });
return;
}
}
if (key !== null) {
+ try {
+ let redirect_url = new URL(req.body.redirect_success);
+ redirect_url.searchParams.set("key", req.body.key.trim());
+ if (req.host == redirect_url.hostname) {
+ res.redirect(redirect_url.toString());
+ return;
+ }
+ } catch (error) {}
res.redirect(`${res.locals.baseDir}/key/` + key);
} else if (typeof req.file === "undefined") {
res.render("login/key", { errors: "File not provided or invalid" });
@@ -250,15 +293,14 @@ router.get("/:key", async (req, res) => {
if (req.data.admin) {
res.redirect(`${res.locals.baseDir}/logout`);
return;
- } else if ((
- !req.cookies.key ||
- req.cookies.key !== req.data.key.key.get_key()) &&
+ } else if (
+ (!req.cookies.key || req.cookies.key !== req.data.key.key.get_key()) &&
(!req.headers.key || req.headers.key !== req.data.key.key.get_key())
) {
res.cookie("key", req.data.key.key.get_key(), {
sameSite: "lax",
maxAge: 5 * 365 * 24 * 60 * 60 * 1000, // Store for 5 years
- secure: true
+ secure: true,
});
}
res.render("key", req.data);