Add automatic SSL certificate generation

2026-01-06 15:22:41 -05:00 · 2026-01-06 15:22:41 -05:00 · 42855330c0
commit 42855330c0
parent e13fffdaac
11 changed files with 105 additions and 38 deletions
--- a/backend/src/controllers/UserController.cpp
+++ b/backend/src/controllers/UserController.cpp
@ -598,6 +598,12 @@ void UserController::addPgpKey(const HttpRequestPtr &req,
        
        std::string publicKey = (*json)["publicKey"].asString();
        std::string fingerprint = (*json)["fingerprint"].asString();
+        std::string origin = (*json).get("origin", "imported").asString();
+
+        // Validate origin value
+        if (origin != "generated" && origin != "imported") {
+            origin = "imported";
+        }

        if (publicKey.empty() || fingerprint.empty()) {
            callback(jsonError("Missing key data"));
@ -609,14 +615,14 @@ void UserController::addPgpKey(const HttpRequestPtr &req,
        // Check if fingerprint already exists
        *dbClient << "SELECT id FROM pgp_keys WHERE fingerprint = $1"
                  << fingerprint
-                  >> [dbClient, user, publicKey, fingerprint, callback](const Result& r) {
+                  >> [dbClient, user, publicKey, fingerprint, origin, callback](const Result& r) {
                      if (!r.empty()) {
                          callback(jsonError("This PGP key is already registered"));
                          return;
                      }

-                      *dbClient << "INSERT INTO pgp_keys (user_id, public_key, fingerprint) VALUES ($1, $2, $3)"
-                               << user.id << publicKey << fingerprint
+                      *dbClient << "INSERT INTO pgp_keys (user_id, public_key, fingerprint, key_origin) VALUES ($1, $2, $3, $4)"
+                               << user.id << publicKey << fingerprint << origin
                               >> [callback](const Result&) {
                                   Json::Value resp;
                                   resp["success"] = true;
@ -641,7 +647,7 @@ void UserController::getPgpKeys(const HttpRequestPtr &req,
        }
        
        auto dbClient = app().getDbClient();
-        *dbClient << "SELECT public_key, fingerprint, created_at FROM pgp_keys "
+        *dbClient << "SELECT public_key, fingerprint, key_origin, created_at FROM pgp_keys "
                     "WHERE user_id = $1 ORDER BY created_at DESC"
                  << user.id
                  >> [callback](const Result& r) {
@ -653,6 +659,7 @@ void UserController::getPgpKeys(const HttpRequestPtr &req,
                          Json::Value key;
                          key["publicKey"] = row["public_key"].as<std::string>();
                          key["fingerprint"] = row["fingerprint"].as<std::string>();
+                          key["keyOrigin"] = row["key_origin"].isNull() ? "imported" : row["key_origin"].as<std::string>();
                          key["createdAt"] = row["created_at"].as<std::string>();
                          keys.append(key);
                      }
@ -1038,7 +1045,7 @@ void UserController::getUserPgpKeys(const HttpRequestPtr &,
    try {
        // Public endpoint - no authentication required
        auto dbClient = app().getDbClient();
-        *dbClient << "SELECT pk.public_key, pk.fingerprint, pk.created_at "
+        *dbClient << "SELECT pk.public_key, pk.fingerprint, pk.key_origin, pk.created_at "
                     "FROM pgp_keys pk JOIN users u ON pk.user_id = u.id "
                     "WHERE u.username = $1 ORDER BY pk.created_at DESC"
                  << username
@ -1051,6 +1058,7 @@ void UserController::getUserPgpKeys(const HttpRequestPtr &,
                          Json::Value key;
                          key["publicKey"] = row["public_key"].as<std::string>();
                          key["fingerprint"] = row["fingerprint"].as<std::string>();
+                          key["keyOrigin"] = row["key_origin"].isNull() ? "imported" : row["key_origin"].as<std::string>();
                          key["createdAt"] = row["created_at"].as<std::string>();
                          keys.append(key);
                      }
--- a/database/init.sql
+++ b/database/init.sql
@ -20,6 +20,7 @@ CREATE TABLE IF NOT EXISTS pgp_keys (
    user_id BIGINT NOT NULL REFERENCES users(id) ON DELETE CASCADE,
    public_key TEXT NOT NULL,
    fingerprint VARCHAR(40) UNIQUE NOT NULL,
+    key_origin VARCHAR(20) DEFAULT 'imported',
    created_at TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP
 );

--- a/frontend/src/lib/chat/chatWebSocket.js
+++ b/frontend/src/lib/chat/chatWebSocket.js
@ -152,6 +152,8 @@ class ChatWebSocket {
 					...info,
 					username: data.newName
 				}));
+				// Persist to localStorage for reconnection
+				localStorage.setItem('guestName', data.newName);
 				console.log('Rename successful:', data.newName);
 				break;

@ -173,7 +175,10 @@ class ChatWebSocket {

 			case 'error':
 				console.error('Chat error:', data.error);
-				// Optionally show error to user
+				// Show error to user
+				if (data.error && typeof window !== 'undefined') {
+					alert(data.error);
+				}
 				break;

 			case 'mod_action_success':
--- a/frontend/src/lib/components/chat/ChatMessage.svelte
+++ b/frontend/src/lib/components/chat/ChatMessage.svelte
@ -144,7 +144,7 @@
 				msg = msg.replace(/^#\s+:(\w+):$/gm, (match, stickerName) => {
 					const stickerKey = stickerName.toLowerCase();
 					if (stickersMap[stickerKey]) {
-						return `# <img src="${stickersMap[stickerKey]}" alt="${stickerName}" title="${stickerName}" data-sticker="${stickerName}" class="sticker-img" />`;
+						return `# <img src="${stickersMap[stickerKey]}" alt="${stickerName}" title="${stickerName}" data-sticker="${stickerName}" class="sticker-img" onerror="this.onerror=null;this.src='/dlive2.gif';" />`;
 					}
 					return match;
 				});
@ -153,7 +153,7 @@
 				msg = msg.replace(/^##\s+:(\w+):$/gm, (match, stickerName) => {
 					const stickerKey = stickerName.toLowerCase();
 					if (stickersMap[stickerKey]) {
-						return `## <img src="${stickersMap[stickerKey]}" alt="${stickerName}" title="${stickerName}" data-sticker="${stickerName}" class="sticker-img" />`;
+						return `## <img src="${stickersMap[stickerKey]}" alt="${stickerName}" title="${stickerName}" data-sticker="${stickerName}" class="sticker-img" onerror="this.onerror=null;this.src='/dlive2.gif';" />`;
 					}
 					return match;
 				});
@ -164,7 +164,7 @@
 			msg = msg.replace(/:(\w+):/g, (match, stickerName) => {
 				const stickerKey = stickerName.toLowerCase();
 				if (stickersMap[stickerKey]) {
-					return `<img src="${stickersMap[stickerKey]}" alt="${stickerName}" title="${stickerName}" data-sticker="${stickerName}" class="sticker-img" />`;
+					return `<img src="${stickersMap[stickerKey]}" alt="${stickerName}" title="${stickerName}" data-sticker="${stickerName}" class="sticker-img" onerror="this.onerror=null;this.src='/dlive2.gif';" />`;
 				}
 				return match;
 			});
@ -185,7 +185,7 @@
 		// Step 5: Sanitize with DOMPurify - allow img tags and safe CSS
 		html = DOMPurify.sanitize(html, {
 			ALLOWED_TAGS: ['p', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'img', 'br', 'strong', 'em', 'code', 'pre', 'del', 'span'],
-			ALLOWED_ATTR: ['src', 'alt', 'title', 'class', 'style', 'data-sticker'],
+			ALLOWED_ATTR: ['src', 'alt', 'title', 'class', 'style', 'data-sticker', 'onerror'],
 			FORBID_TAGS: ['a', 'button', 'script'],
 			ALLOW_DATA_ATTR: false
 		});
--- a/frontend/src/lib/components/chat/ChatPanel.svelte
+++ b/frontend/src/lib/components/chat/ChatPanel.svelte
@ -271,16 +271,9 @@
 		}

 		// Send rename message to server
+		// Note: State updates (localStorage + store) happen in rename_success handler
+		// to avoid updating UI before server confirms the rename
 		if (chatWebSocket.sendRename(newGuestName.trim())) {
-			// Store in localStorage for persistence
-			localStorage.setItem('guestName', newGuestName.trim());
-
-			// Update local store
-			chatUserInfo.update(info => ({
-				...info,
-				username: newGuestName.trim()
-			}));
-
 			showRenameModal = false;
 			newGuestName = '';
 		} else {
--- a/frontend/src/routes/forums/[slug]/+page.svelte
+++ b/frontend/src/routes/forums/[slug]/+page.svelte
@ -138,7 +138,7 @@
        preview = preview.replace(/:(\w+):/g, (match, name) => {
            const key = name.toLowerCase();
            if (stickerMap && stickerMap[key]) {
-                return `<img src="${stickerMap[key]}" alt="${name}" class="sticker-img-small" />`;
+                return `<img src="${stickerMap[key]}" alt="${name}" class="sticker-img-small" onerror="this.onerror=null;this.src='/dlive2.gif';" />`;
            }
            return match;
        });
@ -147,7 +147,7 @@

        return DOMPurify.sanitize(html, {
            ALLOWED_TAGS: ['p', 'img', 'br', 'strong', 'em', 'code', 'del', 'span'],
-            ALLOWED_ATTR: ['src', 'alt', 'class'],
+            ALLOWED_ATTR: ['src', 'alt', 'class', 'onerror'],
            FORBID_TAGS: ['a', 'button', 'script']
        });
    }
--- a/frontend/src/routes/forums/[slug]/thread/[threadId]/+page.svelte
+++ b/frontend/src/routes/forums/[slug]/thread/[threadId]/+page.svelte
@ -113,7 +113,7 @@
        msg = msg.replace(/:(\w+):/g, (match, name) => {
            const key = name.toLowerCase();
            if (stickerMap && stickerMap[key]) {
-                return `<img src="${stickerMap[key]}" alt="${name}" title="${name}" class="sticker-img" />`;
+                return `<img src="${stickerMap[key]}" alt="${name}" title="${name}" class="sticker-img" onerror="this.onerror=null;this.src='/dlive2.gif';" />`;
            }
            return match;
        });
@ -125,7 +125,7 @@

        return DOMPurify.sanitize(html, {
            ALLOWED_TAGS: ['p', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'img', 'br', 'strong', 'em', 'code', 'pre', 'del', 'span'],
-            ALLOWED_ATTR: ['src', 'alt', 'title', 'class', 'style'],
+            ALLOWED_ATTR: ['src', 'alt', 'title', 'class', 'style', 'onerror'],
            FORBID_TAGS: ['a', 'button', 'script']
        });
    }
--- a/frontend/src/routes/profile/[username]/+page.svelte
+++ b/frontend/src/routes/profile/[username]/+page.svelte
@ -394,10 +394,38 @@
        flex: 1;
    }
    
+    .fingerprint-row {
+        display: flex;
+        align-items: center;
+        gap: 0.5rem;
+        margin-bottom: 0.25rem;
+        flex-wrap: wrap;
+    }
+
    .fingerprint-display {
        font-family: monospace;
        font-size: 0.9rem;
-        margin-bottom: 0.25rem;
+    }
+
+    .key-origin-tag {
+        display: inline-block;
+        padding: 0.15rem 0.4rem;
+        border-radius: 4px;
+        font-size: 0.7rem;
+        font-weight: 600;
+        text-transform: uppercase;
+    }
+
+    .key-origin-tag.generated {
+        background: rgba(40, 167, 69, 0.15);
+        color: #28a745;
+        border: 1px solid rgba(40, 167, 69, 0.3);
+    }
+
+    .key-origin-tag.imported {
+        background: rgba(0, 123, 255, 0.15);
+        color: #007bff;
+        border: 1px solid rgba(0, 123, 255, 0.3);
    }

    .key-date {
@ -804,7 +832,12 @@
                                tabindex="0"
                            >
                                <div class="pgp-key-info">
+                                    <div class="fingerprint-row">
                                        <div class="fingerprint-display">{key.fingerprint}</div>
+                                        <span class="key-origin-tag {key.keyOrigin || 'imported'}">
+                                            {key.keyOrigin === 'generated' ? 'Generated' : 'Imported'}
+                                        </span>
+                                    </div>
                                    <div class="key-date">Added {new Date(key.createdAt).toLocaleDateString()}</div>
                                </div>
                                <span class="expand-icon" class:expanded={expandedKeys[key.fingerprint]}>
--- a/frontend/src/routes/settings/+page.svelte
+++ b/frontend/src/routes/settings/+page.svelte
@ -932,7 +932,8 @@
                credentials: 'include',
                body: JSON.stringify({
                    publicKey: generatedPublicKey,
-                    fingerprint: fingerprint
+                    fingerprint: fingerprint,
+                    origin: 'generated'
                })
            });
            
@ -987,7 +988,8 @@
                credentials: 'include',
                body: JSON.stringify({
                    publicKey: newPublicKey,
-                    fingerprint
+                    fingerprint,
+                    origin: 'imported'
                })
            });
            
--- a/frontend/static/dlive2.gif
+++ b/frontend/static/dlive2.gif
--- a/openresty/nginx.conf
+++ b/openresty/nginx.conf
@ -675,6 +675,31 @@ http {
            return 403;
        }

+        # Public stickers endpoint - no authentication required (guests need stickers for chat)
+        location = /api/admin/stickers {
+            # CORS headers
+            add_header Access-Control-Allow-Origin $cors_origin always;
+            add_header Access-Control-Allow-Methods "GET, OPTIONS" always;
+            add_header Access-Control-Allow-Headers "Content-Type" always;
+            add_header Access-Control-Allow-Credentials "true" always;
+
+            if ($request_method = 'OPTIONS') {
+                add_header Content-Length 0;
+                add_header Content-Type text/plain;
+                return 204;
+            }
+
+            proxy_pass http://backend;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # Cache stickers list for 5 minutes
+            expires 5m;
+            add_header Cache-Control "public, max-age=300" always;
+        }
+
        # Other API endpoints (authenticated)
        location /api/ {
            limit_req zone=api_limit burst=20 nodelay;