first commit

2024-03-21 23:20:24 +03:00
commit c4fb3c9070
29 changed files with 2185 additions and 0 deletions
--- a/routes/index.go
+++ b/routes/index.go
@ -0,0 +1,90 @@
+package routes
+
+import (
+	"log"
+	"math"
+	"strconv"
+	"strings"
+
+	"git.matterlinux.xyz/matter/security/lib"
+	"github.com/gofiber/fiber/v2"
+)
+
+var PAGE_SIZE = 32
+
+func GetPage(c *fiber.Ctx) (int, int, int) {
+  page, err := strconv.Atoi(c.Query("p"))
+  if err != nil || page <= 0 {
+    page = 1
+  }
+  
+  return page, page*PAGE_SIZE, (page*PAGE_SIZE)-PAGE_SIZE
+}
+
+func GETDetails(c *fiber.Ctx) error {
+  id := c.Params("id")
+  if id == "" || !strings.HasPrefix(id, "MPSI-") {
+    return lib.RenderError(c, 404)
+  }
+
+  v, suc := lib.FindVuln(id)
+  if !suc {
+    return lib.RenderError(c, 404)
+  }
+  
+  return c.Render("details", fiber.Map{
+    "v": v,
+  })
+}
+
+func GETIndex(c *fiber.Ctx) error {
+  cur, max, min := GetPage(c)
+  search_qu := c.Query("q")
+  search_in := c.Query("i")
+
+  vulns, err := lib.LoadVulns()
+  if err != nil {
+    log.Printf("Failed to load vulns: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  results := []lib.Vuln{}
+  for i := len(vulns)-1; i >= 0; i-- {
+    if i >= max || i < min {
+      continue
+    } 
+    
+    switch search_in {
+    case "desc":
+      if !lib.ContainsCase(vulns[i].Desc, search_qu){
+        continue
+      }
+    case "id":
+      if !lib.ContainsCase(vulns[i].ID, search_qu) {
+        continue
+      }
+    case "pkg":
+      if !lib.ContainsCase(vulns[i].Package, search_qu) {
+        continue
+      }
+    case "status":
+      if !lib.ContainsCase(vulns[i].Status, search_qu) {
+        continue
+      }
+    }
+
+    results = append(results, vulns[i])
+
+  }
+
+  pages := int64(math.Ceil(float64(len(results))/float64(PAGE_SIZE)))
+  return c.Render("index", fiber.Map{
+    "pages": pages,
+    "current": cur,
+    "next": cur+1,
+    "prev": cur-1,
+    "vulns": results,
+    "query": search_qu,
+    "in": search_in,
+  })
+}
--- a/routes/login.go
+++ b/routes/login.go
@ -0,0 +1,54 @@
+package routes
+
+import (
+	"log"
+
+	"git.matterlinux.xyz/matter/security/lib"
+	"github.com/gofiber/fiber/v2"
+)
+
+func POSTLogin(c *fiber.Ctx) error {
+  body := struct{
+    Username string `form:"username"`
+    Password string `form:"password"`
+  }{}
+
+  err := c.BodyParser(&body)
+  if err != nil {
+    return lib.RenderError(c, 400)
+  }
+
+  users, err := lib.LoadUsers()
+  if err != nil {
+    log.Printf("Failed to load users: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  for _, u := range users {
+    if u.Username == u.Username &&
+       u.Password == lib.GetSHA256([]byte(body.Password)) {
+      u.Cookie = lib.GetRandom()
+      c.Cookie(&fiber.Cookie{
+        Name: "auth",
+        Value: u.Cookie,
+      })
+      err = lib.UpdateUser(u)
+      if err != nil {
+        log.Printf("Failed to update user: %s", err.Error())
+        return lib.RenderError(c, 500)
+      }
+      return c.Redirect("/manage")
+    } 
+  }
+
+  c.Status(403)
+  return c.Render("login", fiber.Map{})
+}
+
+func GETLogin(c *fiber.Ctx) error {
+  if c.Cookies("auth") != "" {
+    return c.Redirect("/manage")
+  }
+
+  return c.Render("login", fiber.Map{})
+}
--- a/routes/manage.go
+++ b/routes/manage.go
@ -0,0 +1,56 @@
+package routes
+
+import (
+	"log"
+
+	"git.matterlinux.xyz/matter/security/lib"
+	"github.com/gofiber/fiber/v2"
+)
+
+func MiddleAuth(c *fiber.Ctx) error {
+  cookie := c.Cookies("auth")
+
+  if cookie == "" {
+    return c.Redirect("/login")
+  }
+
+  users, err := lib.LoadUsers()
+  if err != nil {
+    log.Printf("Failed to load users: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  for _, u := range users {
+    if u.Cookie == "notset" || u.Cookie == "" {
+      continue
+    }
+
+    if cookie == u.Cookie {
+      return c.Next()
+    }
+  }
+
+  c.ClearCookie("auth")
+  return c.Redirect("/login")
+}
+
+func GETManage(c *fiber.Ctx) error {
+  return c.Render("manage", fiber.Map{})
+}
+
+func GETLogout(c *fiber.Ctx) error {
+  user, err := lib.GetUser(c)
+  if err != nil {
+    log.Printf("Failed to load user: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  user.Cookie = "notset"
+  err = lib.UpdateUser(user)
+  if err != nil {
+    log.Printf("Failed to save users: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  return c.Redirect("/login")
+}
--- a/routes/new.go
+++ b/routes/new.go
@ -0,0 +1,55 @@
+package routes
+
+import (
+	"log"
+
+	"git.matterlinux.xyz/matter/security/lib"
+	"github.com/gofiber/fiber/v2"
+)
+
+func POSTNew(c *fiber.Ctx) error {
+  body := struct{
+    Desc     string `form:"desc"`
+    Source   string `form:"source"`
+    Severity string `form:"severity"`
+    Package  string `form:"package"`
+    Versions string `form:"versions"`
+  }{}
+  
+  err := c.BodyParser(&body)
+  if err != nil {
+    return lib.RenderError(c, 400)
+  }
+
+  user, err := lib.GetUser(c)
+  if err != nil {
+    log.Printf("Failed to get the user: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  if !lib.ValidSeverity(body.Severity){
+    return lib.RenderError(c, 400)
+  }
+
+  v := lib.Vuln{
+    ID: lib.GetID(),
+    Desc: body.Desc,
+    Source: body.Source,
+    Severity: body.Severity,
+    Package: body.Package,
+    Versions: body.Versions,
+    Status: "Waiting for review",
+    Message: "This vulnerability is waiting for a review from the maintainers",
+    Author: user.Username,
+    Date: lib.GetFTime(),
+    Updated: lib.GetFTime(),
+  }
+
+  err = lib.AddVuln(v)
+  if err != nil {
+    log.Printf("Failed to add vuln: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  return c.Redirect("/manage")
+}
--- a/routes/status.go
+++ b/routes/status.go
@ -0,0 +1,48 @@
+package routes
+
+import (
+	"log"
+	"strings"
+
+	"git.matterlinux.xyz/matter/security/lib"
+	"github.com/gofiber/fiber/v2"
+	_ "github.com/mattn/go-sqlite3"
+)
+
+func POSTStatus(c *fiber.Ctx) error {
+  body := struct{
+    ID      string `form:"id"`
+    Status  string `form:"status"`
+    Message string `form:"message"`
+  }{}
+  
+  err := c.BodyParser(&body)
+  if err != nil {
+    return lib.RenderError(c, 400)
+  }
+
+  user, err := lib.GetUser(c)
+  if err != nil {
+    log.Printf("Failed to get the user: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  vuln, suc := lib.FindVuln(body.ID)
+  if !suc {
+    return lib.RenderError(c, 404)
+  }
+
+  vuln.Message = body.Message
+  vuln.Status = body.Status
+  if vuln.Author != user.Username && !strings.Contains(vuln.Author, ", "+user.Username){
+    vuln.Author += ", "+user.Username
+  }
+
+  err = lib.UpdateVuln(vuln)
+  if err != nil {
+    log.Printf("Failed to update the vuln: %s", err.Error())
+    return lib.RenderError(c, 500)
+  }
+
+  return c.Redirect("/manage")
+}