2.5.3

Bump find-my-way from 3.0.4 to 3.0.5

.github/workflows/node.js.yml

@@ -23,5 +23,6 @@ jobs:
         uses: actions/setup-node@v1
         with:
           node-version: ${{ matrix.node-version }}
-      - run: npm ci
-      - run: npm run build --if-present
+      - run: npm i -g yarn
+      - run: yarn
+      - run: yarn build

README.md

@@ -10,8 +10,6 @@
 ![David](https://img.shields.io/david/dicedtomatoreal/zipline)
 ![David](https://img.shields.io/david/dev/dicedtomatoreal/zipline)
 ![GitHub package.json dependency version (prod)](https://img.shields.io/github/package-json/dependency-version/dicedtomatoreal/zipline/react)
-![GitHub package.json dependency version (prod)](https://img.shields.io/github/package-json/dependency-version/dicedtomatoreal/zipline/next)
-![GitHub package.json dependency version (prod)](https://img.shields.io/github/package-json/dependency-version/dicedtomatoreal/zipline/fastify)
 
 # Zipline
 The best and only **React + Next.js** ShareX / File Uploader you would ever want.
@@ -32,6 +30,9 @@ Wondering how Zipline compares to other popular uploaders? We have done some ben
 - Fast (API)
 - Built with Next.js & React
 - Support for **multible database types** (*literally the only one that supports multiple dbs*, mongo soon)
+- Token protected uploading
+- MFA with Authy/Google Authenticator
+- Easy setup instructions on [docs](https://zipline.diced.wtf/docs)
 
 # Installing
 [See how to install here](https://zipline.diced.wtf/docs/)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "zipline-next",
-  "version": "2.2.0",
+  "version": "2.5.3",
   "private": true,
   "dependencies": {
     "@dicedtomato/colors": "^1.0.3",
@@ -26,12 +26,14 @@
     "material-ui-dropzone": "^3.5.0",
     "next": "^9.5.4",
     "pg": "^8.4.1",
+    "qrcode": "^1.4.4",
     "react": "^16.13.1",
     "react-dom": "^16.13.1",
     "react-helmet": "^6.1.0",
     "react-redux": "^7.2.1",
     "redux": "^4.0.5",
     "redux-persist": "^6.0.0",
+    "speakeasy": "^2.0.0",
     "toml-patch": "^0.2.3",
     "typeorm": "^0.2.28"
   },
@@ -49,6 +51,7 @@
     "@types/crypto-js": "^3.1.47",
     "@types/mongodb": "^3.5.27",
     "@types/node": "^14.11.2",
+    "@types/qrcode": "^1.3.5",
     "@types/react": "^16.9.49",
     "@types/react-redux": "^7.1.9",
     "@types/semver": "^7.3.4",
@@ -61,4 +64,4 @@
     "ts-node": "^9.0.0",
     "typescript": "^4.0.3"
   }
-}
+}

release.js

@@ -0,0 +1,3 @@
+module.exports = async (markdown) => {
+  return markdown;
+};

setup.js

@@ -4,7 +4,7 @@ const { stringify } = require('toml-patch');
 const { writeFileSync } = require('fs');
 const { join } = require('path');
 
-const createDockerCompose = (port) => {
+const createDockerCompose = port => {
   return `version: "3"
 services:
   zipline:
@@ -25,7 +25,14 @@ const base = {
       'https://github.githubassets.com/images/modules/open_graph/github-mark.png',
     color: '#128377'
   },
-  core: { secret: 'my-secret', port: 3000 },
+  core: {
+    secret: 'my-secret',
+    port: 3000,
+    host: '127.0.0.1',
+    theme: 'dark',
+    secure: false,
+    mfa: false
+  },
   uploader: {
     directory: './uploads',
     route: '/u',
@@ -33,7 +40,7 @@ const base = {
     original: false,
     blacklisted: []
   },
-  urls: { route: '/s', length: 4, vanity: false }
+  urls: { route: '/go', length: 4, vanity: true }
 };
 
 (async () => {
@@ -48,35 +55,33 @@ const base = {
         { name: 'mysql' },
         { name: 'mariadb' },
         { name: 'mssql' },
-        { name: 'sqlite' },
-        { name: 'sqlite3' },
-        { name: 'mongodb', extra: 'No support yet' }
+        { name: 'sqlite3' }
       ]
     },
     {
       type: 'input',
       name: 'host',
-      message: 'Database Host'
+      message: 'Database Host (leave blank if sqlite3)'
     },
     {
       type: 'number',
       name: 'port',
-      message: 'Database Port'
+      message: 'Database Port (leave blank if sqlite3)'
     },
     {
       type: 'input',
       name: 'database',
-      message: 'Database Name'
+      message: 'Database Name (db path if sqlite3)'
     },
     {
       type: 'input',
       name: 'username',
-      message: 'Database User'
+      message: 'Database User (leave blank if sqlite3)'
     },
     {
       type: 'password',
       name: 'password',
-      message: 'Database Password'
+      message: 'Database Password (leave blank if sqlite3)'
     }
   ]);
 
@@ -92,6 +97,20 @@ const base = {
       type: 'number',
       name: 'port',
       message: 'Serve on Port'
+    },
+    {
+      type: 'list',
+      name: 'theme',
+      message: 'Theme',
+      choices: [
+        { name: 'Dark Theme (recomended)' },
+        { name: 'Light Theme (warning for eyes)' }
+      ]
+    },
+    {
+      type: 'confirm',
+      name: 'mfa',
+      message: 'Enable MFA with Authy/Google Authenticator'
     }
   ]);
 
@@ -106,7 +125,7 @@ const base = {
     {
       type: 'confirm',
       name: 'original',
-      message: 'Keep Original?'
+      message: 'Keep Original File names?'
     }
   ]);
 
@@ -138,10 +157,14 @@ const base = {
     urls: { ...base.urls, ...urls }
   };
 
-  writeFileSync('Zipline.toml', stringify(config));
-
   if (docker.useDocker) {
+    config.core.host = '0.0.0.0';
     console.log('Generating docker-compose.yml...');
     writeFileSync('docker-compose.yml', createDockerCompose(config.core.port));
+    console.log(
+      'Head to https://zipline.diced.wtf/docs/docker to learn how to run with docker.'
+    );
   }
+
+  writeFileSync('Zipline.toml', stringify(config));
 })();

src/components/Login.tsx

@@ -6,6 +6,10 @@ import Button from '@material-ui/core/Button';
 import Card from '@material-ui/core/Card';
 import CardContent from '@material-ui/core/CardContent';
 import CardActions from '@material-ui/core/CardActions';
+import Dialog from '@material-ui/core/Dialog';
+import DialogActions from '@material-ui/core/DialogActions';
+import DialogContent from '@material-ui/core/DialogContent';
+import DialogTitle from '@material-ui/core/DialogTitle';
 import Snackbar from '@material-ui/core/Snackbar';
 import Alert from '@material-ui/lab/Alert';
 import makeStyles from '@material-ui/core/styles/makeStyles';
@@ -26,8 +30,11 @@ export default function Login() {
   const classes = useStyles();
   const router = useRouter();
   const dispatch = useDispatch();
+  const [error, setError] = useState(false);
   const [username, setUsername] = useState('');
   const [password, setPassword] = useState('');
+  const [authOpen, setAuthOpen] = useState(false);
+  const [token, setToken] = useState('');
   const [open, setOpen] = useState(false);
 
   const handleClose = (event, reason) => {
@@ -37,17 +44,48 @@ export default function Login() {
 
   const handleLogin = async () => {
     const d = await (
-      await fetch('/api/user/login', {
+      await fetch('/api/user/verify-login', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ username, password })
       })
     ).json();
     if (!d.error) {
-      dispatch({ type: UPDATE_USER, payload: d });
+      if (d.mfa) {
+        setAuthOpen(true);
+      } else {
+        const payload = await (
+          await fetch('/api/user/login', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ username, password })
+          })
+        ).json();
+        if (!payload.error) {
+          dispatch({ type: UPDATE_USER, payload });
+          dispatch({ type: LOGIN });
+          router.push('/dash');
+        }
+      }
+    } else setOpen(true);
+  };
+
+  const tryChecking = async () => {
+    const verified = await (
+      await fetch(`/api/mfa/verify?token=${token}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ username, password })
+      })
+    ).json();
+    if (!verified.passed) setError(true);
+    else {
+      setError(false);
+      setAuthOpen(false);
+      dispatch({ type: UPDATE_USER, payload: verified.user });
       dispatch({ type: LOGIN });
       router.push('/dash');
-    } else setOpen(true);
+    }
   };
 
   return (
@@ -65,30 +103,63 @@ export default function Login() {
           Could not login!
         </Alert>
       </Snackbar>
-      <Card>
-        <CardContent>
-          <Typography variant='h4'>Login</Typography>
+      <Dialog
+        open={authOpen}
+        onClose={() => setAuthOpen(false)}
+        aria-labelledby='enable-mfa'
+        aria-describedby='mfa-desc'
+      >
+        <DialogTitle id='enable-mfa'>2FA</DialogTitle>
+        <DialogContent>
           <TextField
-            label='Username'
+            label='Code'
+            helperText={error ? 'Incorrect code' : ''}
+            value={token}
             className={classes.field}
-            onChange={e => setUsername(e.target.value)}
+            onChange={e => setToken(e.target.value)}
+            error={error}
           />
-          <TextField
-            label='Password'
-            type='password'
-            className={classes.field}
-            onChange={e => setPassword(e.target.value)}
-          />
-        </CardContent>
-        <CardActions>
-          <Button
-            color='primary'
-            className={classes.field}
-            onClick={handleLogin}
-          >
-            Login
+        </DialogContent>
+        <DialogActions>
+          <Button color='primary' autoFocus onClick={tryChecking}>
+            Check
           </Button>
-        </CardActions>
+        </DialogActions>
+      </Dialog>
+      <Card>
+        <form>
+          <CardContent>
+            <Typography variant='h4'>Login</Typography>
+            <TextField
+              label='Username'
+              InputLabelProps={{
+                htmlFor: 'username'
+              }}
+              id='username'
+              className={classes.field}
+              onChange={e => setUsername(e.target.value)}
+            />
+            <TextField
+              label='Password'
+              type='password'
+              InputLabelProps={{
+                htmlFor: 'password'
+              }}
+              id='password'
+              className={classes.field}
+              onChange={e => setPassword(e.target.value)}
+            />
+          </CardContent>
+          <CardActions>
+            <Button
+              color='primary'
+              className={classes.field}
+              onClick={handleLogin}
+            >
+              Login
+            </Button>
+          </CardActions>
+        </form>
       </Card>
     </React.Fragment>
   );

src/components/ManageUser.tsx

@@ -3,14 +3,21 @@ import Typography from '@material-ui/core/Typography';
 import Card from '@material-ui/core/Card';
 import CardContent from '@material-ui/core/CardContent';
 import CardActions from '@material-ui/core/CardActions';
+import Dialog from '@material-ui/core/Dialog';
+import DialogActions from '@material-ui/core/DialogActions';
+import DialogContent from '@material-ui/core/DialogContent';
+import DialogContentText from '@material-ui/core/DialogContentText';
+import DialogTitle from '@material-ui/core/DialogTitle';
 import Button from '@material-ui/core/Button';
 import TextField from '@material-ui/core/TextField';
 import Snackbar from '@material-ui/core/Snackbar';
+import Grid from '@material-ui/core/Grid';
 import Alert from '@material-ui/lab/Alert';
 import { makeStyles } from '@material-ui/core';
 import { UPDATE_USER } from '../reducer';
 import { store } from '../store';
 import { useDispatch } from 'react-redux';
+import { Config } from '../lib/Config';
 
 const useStyles = makeStyles({
   margin: {
@@ -27,27 +34,70 @@ const useStyles = makeStyles({
   }
 });
 
-export default function ManageUser() {
+export default function ManageUser({ config }: { config: Config }) {
   const classes = useStyles();
   const dispatch = useDispatch();
   const state = store.getState();
   const [alertOpen, setAlertOpen] = useState(false);
+  const [mfaDialogOpen, setMfaDialogOpen] = useState(false);
+  const [qrcode, setQRCode] = useState(null);
   const [username, setUsername] = useState(state.user.username);
   const [password, setPassword] = useState('');
+  const [mfaToken, setMfaToken] = useState('');
+  const [email, setEmail] = useState('');
+  const [error, setError] = useState(false);
 
   const handleUpdateUser = async () => {
     const d = await (
       await fetch('/api/user', {
         method: 'PATCH',
         headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ username, password })
+        body: JSON.stringify({
+          username,
+          password: password.trim() === '' ? null : password,
+          email
+        })
       })
     ).json();
+
     if (!d.error) {
       dispatch({ type: UPDATE_USER, payload: d });
       setAlertOpen(true);
     }
   };
+
+  const disableMFA = async () => {
+    await fetch('/api/mfa/disable');
+    const d = await (await fetch('/api/user')).json();
+
+    if (!d.error) {
+      dispatch({ type: UPDATE_USER, payload: d });
+      setAlertOpen(true);
+    }
+  };
+  const enableMFA = async () => {
+    setMfaDialogOpen(true);
+    const { dataURL } = await (await fetch('/api/mfa/qrcode')).json();
+    setQRCode(dataURL);
+  };
+  const tryEnablingMfa = async () => {
+    const verified = await (
+      await fetch(`/api/mfa/verify?token=${mfaToken}`)
+    ).json();
+    if (!verified) setError(true);
+    else {
+      setError(false);
+      setMfaDialogOpen(false);
+      setAlertOpen(true);
+      const d = await (await fetch('/api/user')).json();
+
+      if (!d.error) {
+        dispatch({ type: UPDATE_USER, payload: d });
+        setAlertOpen(true);
+      }
+    }
+  };
+
   return (
     <React.Fragment>
       <Snackbar
@@ -63,6 +113,41 @@ export default function ManageUser() {
           Updated <b>{state.user.username}</b>
         </Alert>
       </Snackbar>
+      <Dialog
+        open={mfaDialogOpen}
+        onClose={() => setMfaDialogOpen(false)}
+        aria-labelledby='enable-mfa'
+        aria-describedby='mfa-desc'
+      >
+        <DialogTitle id='enable-mfa'>Enable 2FA</DialogTitle>
+        <DialogContent>
+          <DialogContentText id='mfa-desc'>
+            When enabling 2FA/MFA you can use <b>Authy</b> or{' '}
+            <b>Google Authenticator</b> to authenticate before logging into
+            Zipline.
+          </DialogContentText>
+          <Grid container spacing={2}>
+            <Grid item xs={6}>
+              <img src={qrcode} />
+            </Grid>
+            <Grid item xs={6}>
+              <TextField
+                label='Code'
+                helperText='After scanning the QRCode, enter the authentication code here'
+                value={mfaToken}
+                className={classes.field}
+                onChange={e => setMfaToken(e.target.value)}
+                error={error}
+              />
+            </Grid>
+          </Grid>
+        </DialogContent>
+        <DialogActions>
+          <Button color='primary' autoFocus onClick={tryEnablingMfa}>
+            Enable
+          </Button>
+        </DialogActions>
+      </Dialog>
       <Card>
         <CardContent>
           <Typography color='textSecondary' variant='h4' gutterBottom>
@@ -82,6 +167,14 @@ export default function ManageUser() {
             className={classes.field}
             onChange={e => setPassword(e.target.value)}
           />
+          <TextField
+            label='Email'
+            type='email'
+            helperText='Used for a Gravatar Avatar'
+            value={email}
+            className={classes.field}
+            onChange={e => setEmail(e.target.value)}
+          />
         </CardContent>
         <CardActions>
           <Button
@@ -91,6 +184,15 @@ export default function ManageUser() {
           >
             Update
           </Button>
+          {config.core.mfa ? (
+            <Button
+              className={classes.button}
+              color='primary'
+              onClick={state.user.secretMfaKey ? disableMFA : enableMFA}
+            >
+              {state.user.secretMfaKey ? 'Disable MFA' : 'Enable MFA'}
+            </Button>
+          ) : null}
         </CardActions>
       </Card>
     </React.Fragment>

src/components/UI.tsx

@@ -5,6 +5,7 @@ import Box from '@material-ui/core/Box';
 import Menu from '@material-ui/core/Menu';
 import MenuItem from '@material-ui/core/MenuItem';
 import Drawer from '@material-ui/core/Drawer';
+import Avatar from '@material-ui/core/Avatar';
 import Hidden from '@material-ui/core/Hidden';
 import List from '@material-ui/core/List';
 import ListItem from '@material-ui/core/ListItem';
@@ -39,6 +40,7 @@ import { makeStyles, useTheme, withStyles } from '@material-ui/core/styles';
 import { useRouter } from 'next/router';
 import { useDispatch } from 'react-redux';
 import { store } from '../store';
+import { MD5 } from 'crypto-js';
 
 const drawerWidth = 240;
 
@@ -101,6 +103,7 @@ export default function UI({ children }) {
   const state = store.getState();
   const router = useRouter();
   const dispatch = useDispatch();
+  const [emailHash, setEmailHash] = useState('');
   const [mobileOpen, setMobileOpen] = useState(false);
   const [admin, setAdmin] = useState(false);
   const [anchorEl, setAnchorEl] = useState(null);
@@ -119,6 +122,8 @@ export default function UI({ children }) {
         router.push('/user/login');
       } else setAdmin(d.administrator);
     })();
+
+    setEmailHash(MD5(state.user.email).toString());
   }, []);
 
   const handleCopyTokenThenClose = async () => {
@@ -174,16 +179,31 @@ export default function UI({ children }) {
           </IconButton>
           <Typography variant='h6'>Zipline</Typography>
           <Box className={classes.rightButton}>
-            <IconButton
-              aria-label='account of current user'
-              aria-controls='menu-appbar'
-              aria-haspopup='true'
-              onClick={event => setAnchorEl(event.currentTarget)}
-              color='inherit'
-              className={classes.rightButton}
-            >
-              <AccountCircleIcon className={classes.rightButton} />
-            </IconButton>
+            {state.user.email ? (
+              <Button
+                aria-label='account of current user'
+                aria-controls='menu-appbar'
+                aria-haspopup='true'
+                onClick={event => setAnchorEl(event.currentTarget)}
+                color='inherit'
+                className={classes.rightButton}
+              >
+                <Avatar src={`https://www.gravatar.com/avatar/${emailHash}.jpg`}>
+                  {state.user.username[0].toUpperCase()}
+                </Avatar>
+              </Button>
+            ) : (
+              <IconButton
+                aria-label='account of current user'
+                aria-controls='menu-appbar'
+                aria-haspopup='true'
+                onClick={event => setAnchorEl(event.currentTarget)}
+                color='inherit'
+                className={classes.rightButton}
+              >
+                <AccountCircleIcon className={classes.rightButton} />
+              </IconButton>
+            )}
           </Box>
 
           <Menu

src/components/UIPlaceholder.tsx

@@ -1,175 +1,21 @@
 import React from 'react';
-import AppBar from '@material-ui/core/AppBar';
-import Drawer from '@material-ui/core/Drawer';
-import Hidden from '@material-ui/core/Hidden';
-import IconButton from '@material-ui/core/IconButton';
-import List from '@material-ui/core/List';
-import ListItem from '@material-ui/core/ListItem';
-import Toolbar from '@material-ui/core/Toolbar';
-import Typography from '@material-ui/core/Typography';
+import Backdrop from '@material-ui/core/Backdrop';
 import CircularProgress from '@material-ui/core/CircularProgress';
-import Grid from '@material-ui/core/Grid';
-import MenuIcon from '@material-ui/icons/Menu';
-import Skeleton from '@material-ui/lab/Skeleton';
-import { makeStyles, useTheme } from '@material-ui/core/styles';
+import { makeStyles } from '@material-ui/core';
 
 const useStyles = makeStyles(theme => ({
-  root: {
-    display: 'flex'
-  },
-  drawer: {
-    [theme.breakpoints.up('sm')]: {
-      width: 240,
-      flexShrink: 0
-    }
-  },
-  appBar: {
-    [theme.breakpoints.up('sm')]: {
-      width: 'calc(100%)',
-      marginLeft: 240
-    }
-  },
-  menuButton: {
-    marginRight: theme.spacing(2),
-    [theme.breakpoints.up('sm')]: {
-      display: 'none'
-    }
-  },
-  rightButton: {
-    marginLeft: 'auto'
-  },
-  // necessary for content to be below app bar
-  toolbar: theme.mixins.toolbar,
-  drawerPaper: {
-    width: 240
-  },
-  content: {
-    flexGrow: 1,
-    padding: theme.spacing(3)
-  },
-  fullWidth: {
-    width: '100%'
+  backdrop: {
+    zIndex: theme.zIndex.drawer + 1,
+    color: '#000'
   }
 }));
 
 export default function UIPlaceholder() {
   const classes = useStyles();
-  const theme = useTheme();
-  const [mobileOpen, setMobileOpen] = React.useState(false);
-
-  const handleDrawerToggle = () => {
-    setMobileOpen(!mobileOpen);
-  };
-
-  const drawer = (
-    <div>
-      <Toolbar>
-        <AppBar position='fixed' className={classes.appBar} elevation={0}>
-          <Toolbar>
-            <IconButton
-              color='inherit'
-              aria-label='open drawer'
-              edge='start'
-              onClick={handleDrawerToggle}
-              className={classes.menuButton}
-            >
-              <MenuIcon />
-            </IconButton>
-            <Typography variant='h6' noWrap>
-              Zipline
-            </Typography>
-            <div className={classes.rightButton}>
-              <Skeleton animation='wave' className={classes.fullWidth} />
-            </div>
-          </Toolbar>
-        </AppBar>
-      </Toolbar>
-
-      <List>
-        <ListItem button key='Home'>
-          <Skeleton animation='wave' className={classes.fullWidth} />
-        </ListItem>
-        <ListItem button key='Statistics'>
-          <Skeleton animation='wave' className={classes.fullWidth} />
-        </ListItem>
-        <ListItem button key='Images'>
-          <Skeleton animation='wave' className={classes.fullWidth} />
-        </ListItem>
-        <ListItem button key='URLs'>
-          <Skeleton animation='wave' className={classes.fullWidth} />
-        </ListItem>
-      </List>
-    </div>
-  );
-
-  const container =
-    typeof window !== 'undefined' ? () => window.document.body : undefined;
 
   return (
-    <div className={classes.root}>
-      <AppBar position='fixed' className={classes.appBar} elevation={0}>
-        <Toolbar>
-          <IconButton
-            color='inherit'
-            aria-label='open drawer'
-            edge='start'
-            onClick={handleDrawerToggle}
-            className={classes.menuButton}
-          >
-            <MenuIcon />
-          </IconButton>
-          <Typography variant='h6' noWrap>
-            Zipline
-          </Typography>
-        </Toolbar>
-      </AppBar>
-      <nav className={classes.drawer} aria-label='mailbox folders'>
-        <Hidden smUp implementation='css'>
-          <Drawer
-            container={container}
-            variant='temporary'
-            anchor={theme.direction === 'rtl' ? 'right' : 'left'}
-            open={mobileOpen}
-            onClose={handleDrawerToggle}
-            classes={{
-              paper: classes.drawerPaper
-            }}
-            ModalProps={{
-              keepMounted: true // Better open performance on mobile.
-            }}
-          >
-            {drawer}
-          </Drawer>
-        </Hidden>
-        <Hidden xsDown implementation='css'>
-          <Drawer
-            classes={{
-              paper: classes.drawerPaper
-            }}
-            variant='permanent'
-            open
-            PaperProps={{ style: { border: 'none' } }}
-          >
-            {drawer}
-          </Drawer>
-        </Hidden>
-      </nav>
-
-      <main className={classes.content}>
-        <div className={classes.toolbar} />
-        <Grid
-          container
-          spacing={0}
-          direction='column'
-          alignItems='center'
-          justify='center'
-          style={{ minHeight: '80vh' }}
-        >
-          <Grid item xs={3}>
-            <CircularProgress size={100} />
-          </Grid>
-        </Grid>
-      </main>
-    </div>
+    <Backdrop className={classes.backdrop} open={true}>
+      <CircularProgress color='inherit' />
+    </Backdrop>
   );
 }

src/index.ts

@@ -12,22 +12,35 @@ import { Console } from './lib/logger';
 import { AddressInfo } from 'net';
 import { magenta, bold, green, reset, blue, red } from '@dicedtomato/colors';
 import { Configuration } from './lib/Config';
-import { UserController } from './controllers/UserController';
-import { RootController } from './controllers/RootController';
+import { UserController } from './lib/api/controllers/UserController';
+import { RootController } from './lib/api/controllers/RootController';
 import { join } from 'path';
-import { ImagesController } from './controllers/ImagesController';
-import { URLSController } from './controllers/URLSController';
-import { URL } from './entities/URL';
+import { ImagesController } from './lib/api/controllers/ImagesController';
+import { URLSController } from './lib/api/controllers/URLSController';
 import { checkVersion } from './lib/Util';
-import { readFileSync } from 'fs';
+import { existsSync, readFileSync } from 'fs';
+import { Image } from './lib/entities/Image';
+import { User } from './lib/entities/User';
+import { Zipline } from './lib/entities/Zipline';
+import { URL } from './lib/entities/URL';
+import { MultiFactorController } from './lib/api/controllers/MultiFactorController';
 const dev = process.env.NODE_ENV !== 'production';
 
-(async () => { if (await checkVersion()) Console.logger('Zipline').info('running an outdated version of zipline, please update soon!'); })();
+(async () => {
+  if (await checkVersion())
+    Console.logger('Zipline').info(
+      'running an outdated version of zipline, please update soon!'
+    );
+})();
 
 console.log(`
 ${magenta(text('Zipline'))}
 
-Version : ${blue(process.env.npm_package_version || readFileSync(join(process.cwd(), 'package.json'), 'utf8'))}
+Version : ${blue(
+    process.env.npm_package_version ||
+    JSON.parse(readFileSync(join(process.cwd(), 'package.json'), 'utf8'))
+      .version
+  )}
 GitHub  : ${blue('https://github.com/ZiplineProject/zipline')}
 Issues  : ${blue('https://github.com/ZiplineProject/zipline/issues')}
 Docs    : ${blue('https://zipline.diced.wtf/')}
@@ -106,11 +119,38 @@ server.get(`${config.urls.route}/:id`, async function (
   return reply.redirect(urlId.url);
 });
 
+server.get(`${config.uploader.rich_content_route || '/a'}/:id`, async function (
+  req: FastifyRequest<{ Params: { id: string } }>,
+  reply: FastifyReply
+) {
+  if (!existsSync(join(config.uploader.directory, req.params.id))) {
+    await app.render404(req.raw, reply.raw);
+    return (reply.sent = true);
+  }
+
+  return reply.type('text/html').send(`
+  <html>
+  <head>
+      <meta property="theme-color" content="${config.meta.color}">
+      <meta property="og:title" content="${req.params.id}">
+      <meta property="og:url" content="${config.uploader.route}/${req.params.id}">
+      <meta property="og:image" content="${config.uploader.route}/${req.params.id}">
+      <meta property="twitter:card" content="summary_large_image">
+  </head>
+  <body>
+    <div style="text-align:center;vertical-align:middle;">
+      <img src="${config.uploader.route}/${req.params.id}" >
+    </div>
+  </body>
+  </html>
+  `);
+});
+
 server.register(fastifyMultipart);
 
 server.register(fastifyTypeorm, {
   ...config.database,
-  entities: [dev ? './src/entities/**/*.ts' : './dist/entities/**/*.js'],
+  entities: [Image, URL, User, Zipline],
   synchronize: true,
   logging: false
 });
@@ -120,7 +160,8 @@ server.register(bootstrap, {
     UserController,
     RootController,
     ImagesController,
-    URLSController
+    URLSController,
+    MultiFactorController
   ]
 });
 
@@ -141,19 +182,24 @@ server.register(fastifyStatic, {
 
 server.register(fastifyFavicon);
 
-server.listen({
-  port: config.core.port,
-  host: config.core.host
-}, err => {
-  if (err) throw err;
-  const info = server.server.address() as AddressInfo;
+server.listen(
+  {
+    port: config.core.port,
+    host: config.core.host
+  },
+  err => {
+    if (err) throw err;
+    const info = server.server.address() as AddressInfo;
 
-  Console.logger('Server').info(
-    `server listening on ${bold(
-      `${green(info.address)}${reset(':')}${bold(green(info.port.toString()))}`
-    )}`
-  );
-});
+    Console.logger('Server').info(
+      `server listening on ${bold(
+        `${green(info.address)}${reset(':')}${bold(
+          green(info.port.toString())
+        )}`
+      )}`
+    );
+  }
+);
 
 server.addHook('preHandler', async (req, reply) => {
   if (

src/lib/Config.ts

@@ -23,6 +23,7 @@ export interface ConfigMeta {
 export interface ConfigUploader {
   directory: string;
   route: string;
+  rich_content_route?: string;
   length: number;
   blacklisted: string[];
   original: boolean;
@@ -47,6 +48,7 @@ export interface ConfigCore {
   blacklisted_ips?: string[];
   ratelimiter?: ConfigCoreRateLimiter;
   theme?: 'dark' | 'light';
+  mfa?: boolean;
 }
 
 export interface ConfigWebhooks {

src/lib/Util.ts

@@ -3,7 +3,7 @@ import { compareSync, hashSync } from 'bcrypt';
 import { Configuration } from './Config';
 import { Connection } from 'typeorm';
 import { compare } from 'semver';
-import { Zipline } from '../entities/Zipline';
+import { Zipline } from './entities/Zipline';
 import { readFileSync } from 'fs';
 import { join } from 'path';
 

src/lib/Webhooks.ts

@@ -1,6 +1,6 @@
-import { Image } from '../entities/Image';
-import { URL } from '../entities/URL';
-import { User } from '../entities/User';
+import { Image } from './entities/Image';
+import { URL } from './entities/URL';
+import { User } from './entities/User';
 import { Config, Configuration, ConfigWebhooks } from './Config';
 import { Console } from './logger';
 

src/lib/api/controllers/ImagesController.ts

@@ -9,12 +9,12 @@ import {
   DELETE
 } from 'fastify-decorators';
 import { Repository } from 'typeorm';
-import { Image } from '../entities/Image';
-import { LoginError } from '../lib/api/APIErrors';
-import { Configuration, ConfigWebhooks } from '../lib/Config';
-import { Console } from '../lib/logger';
-import { readBaseCookie } from '../lib/Util';
-import { WebhookHelper, WebhookType } from '../lib/Webhooks';
+import { Image } from '../../entities/Image';
+import { LoginError } from '../APIErrors';
+import { Configuration, ConfigWebhooks } from '../../Config';
+import { Console } from '../../logger';
+import { readBaseCookie } from '../../Util';
+import { WebhookHelper, WebhookType } from '../../Webhooks';
 
 const config = Configuration.readConfig();
 

src/lib/api/controllers/MultiFactorController.ts

@@ -0,0 +1,127 @@
+import { FastifyReply, FastifyRequest, FastifyInstance } from 'fastify';
+import {
+  Controller,
+  GET,
+  FastifyInstanceToken,
+  Inject,
+  POST
+} from 'fastify-decorators';
+import { Repository } from 'typeorm';
+import { User } from '../../entities/User';
+import { totp, generateSecret, otpauthURL } from 'speakeasy';
+import { toDataURL } from 'qrcode';
+import { checkPassword, createBaseCookie, readBaseCookie } from '../../Util';
+import { LoginError, MissingBodyData, UserNotFoundError } from '../APIErrors';
+import { Console } from '../../logger';
+import { WebhookType, WebhookHelper } from '../../Webhooks';
+import { Configuration, ConfigWebhooks } from '../../Config';
+
+const config = Configuration.readConfig();
+
+@Controller('/api/mfa')
+export class MultiFactorController {
+  @Inject(FastifyInstanceToken)
+  private instance!: FastifyInstance;
+
+  private users: Repository<User> = this.instance.orm.getRepository(User);
+  private logger: Console = Console.logger(User);
+  private webhooks: ConfigWebhooks = WebhookHelper.conf(config);
+
+  @GET('/qrcode')
+  async qrcode(req: FastifyRequest, reply: FastifyReply) {
+    if (!req.cookies.zipline) throw new LoginError('Not logged in.');
+    let user = await this.users.findOne({
+      where: {
+        id: readBaseCookie(req.cookies.zipline)
+      }
+    });
+
+    if (!user.secretMfaKey) {
+      const secret = generateSecret({
+        issuer: 'Zipline',
+        length: 128,
+        name: user.username
+      });
+      user.secretMfaKey = secret.base32;
+      user = await this.users.save(user);
+    }
+
+    const dataURL = await toDataURL(
+      otpauthURL({
+        secret: user.secretMfaKey,
+        label: user.email || 'none',
+        issuer: 'Zipline',
+        encoding: 'base32'
+      })
+    );
+
+    return reply.send({
+      dataURL
+    });
+  }
+
+  @GET('/disable')
+  async disable(req: FastifyRequest, reply: FastifyReply) {
+    if (!req.cookies.zipline) throw new LoginError('Not logged in.');
+    const user = await this.users.findOne({
+      where: {
+        id: readBaseCookie(req.cookies.zipline)
+      }
+    });
+
+    user.secretMfaKey = null;
+
+    this.users.save(user);
+
+    reply.send({ disabled: true });
+  }
+
+  @POST('/verify')
+  async verify(
+    req: FastifyRequest<{
+      Querystring: { token: string };
+      Body: { username: string; password: string };
+    }>,
+    reply: FastifyReply
+  ) {
+    if (req.cookies.zipline) throw new LoginError('Already logged in.');
+    if (!req.body.username) throw new MissingBodyData('Missing username.');
+    if (!req.body.password) throw new MissingBodyData('Missing uassword.');
+
+    const user = await this.users.findOne({
+      where: {
+        username: req.body.username
+      }
+    });
+
+    if (!user)
+      throw new UserNotFoundError(`User "${req.body.username}" was not found.`);
+    if (!checkPassword(req.body.password, user.password)) {
+      this.logger.error(
+        `${user.username} (${user.id}) tried to login but failed`
+      );
+      throw new LoginError('Wrong credentials!');
+    }
+    delete user.password;
+
+    const passed = totp.verify({
+      encoding: 'base32',
+      token: req.query.token,
+      secret: user.secretMfaKey
+    });
+
+    this.logger.verbose(`set cookie for ${user.username} (${user.id})`);
+    reply.setCookie('zipline', createBaseCookie(user.id), {
+      path: '/',
+      maxAge: 1036800000
+    });
+
+    this.logger.info(`${user.username} (${user.id}) logged in`);
+    if (this.webhooks.events.includes(WebhookType.LOGIN))
+      WebhookHelper.sendWebhook(this.webhooks.login.content, {
+        user
+      });
+
+    return reply.send({ user, passed });
+  }
+}

src/lib/api/controllers/RootController.ts

@@ -12,18 +12,25 @@ import { join } from 'path';
 import { Repository } from 'typeorm';
 import { pipeline } from 'stream';
 import { promisify } from 'util';
-import { Image } from '../entities/Image';
-import { User } from '../entities/User';
-import { AuthError } from '../lib/api/APIErrors';
-import { Configuration, ConfigWebhooks } from '../lib/Config';
-import { createRandomId, getFirst } from '../lib/Util';
-import { Console } from '../lib/logger';
-import { WebhookHelper, WebhookType } from '../lib/Webhooks';
+import { Image } from '../../entities/Image';
+import { User } from '../../entities/User';
+import { AuthError } from '../APIErrors';
+import { Configuration, ConfigWebhooks } from '../../Config';
+import { createRandomId, getFirst } from '../../Util';
+import { Console } from '../../logger';
+import { WebhookHelper, WebhookType } from '../../Webhooks';
 const pump = promisify(pipeline);
 
 const config = Configuration.readConfig();
 const rateLimiterConfig = config.core.ratelimiter
-  ? { config: { rateLimit: { max: config.core.ratelimiter.requests, timeWindow: config.core.ratelimiter.retry_after } } }
+  ? {
+    config: {
+      rateLimit: {
+        max: config.core.ratelimiter.requests,
+        timeWindow: config.core.ratelimiter.retry_after
+      }
+    }
+  }
   : {};
 
 @Controller('/api')
@@ -135,14 +142,18 @@ export class RootController {
       `image ${fileName}.${ext} was uploaded by ${user.username} (${user.id})`
     );
 
+    const host = `${config.core.secure ? 'https' : 'http'}://${req.hostname}${
+      config.uploader.rich_content_route
+        ? config.uploader.rich_content_route
+        : config.uploader.route
+    }/${fileName}.${ext}`;
+
     if (this.webhooks.events.includes(WebhookType.UPLOAD))
       WebhookHelper.sendWebhook(this.webhooks.upload.content, {
         image,
-        host: `${config.core.secure ? 'https' : 'http'}://${req.hostname}${config.uploader.route}/`
+        host
       });
 
-    reply.send(
-      `${config.core.secure ? 'https' : 'http'}://${req.hostname}${config.uploader.route}/${fileName}.${ext}`
-    );
+    reply.send(host);
   }
 }

src/lib/api/controllers/URLSController.ts

@@ -8,13 +8,13 @@ import {
   POST
 } from 'fastify-decorators';
 import { Repository } from 'typeorm';
-import { URL } from '../entities/URL';
-import { User } from '../entities/User';
-import { LoginError } from '../lib/api/APIErrors';
-import { Configuration, ConfigWebhooks } from '../lib/Config';
-import { Console } from '../lib/logger';
-import { createRandomId, readBaseCookie } from '../lib/Util';
-import { WebhookType, WebhookHelper } from '../lib/Webhooks';
+import { URL } from '../../entities/URL';
+import { User } from '../../entities/User';
+import { LoginError } from '../APIErrors';
+import { Configuration, ConfigWebhooks } from '../../Config';
+import { Console } from '../../logger';
+import { createRandomId, readBaseCookie } from '../../Util';
+import { WebhookType, WebhookHelper } from '../../Webhooks';
 
 const config = Configuration.readConfig();
 

src/lib/api/controllers/UserController.ts

@@ -9,16 +9,16 @@ import {
   DELETE
 } from 'fastify-decorators';
 import { Repository } from 'typeorm';
-import { User } from '../entities/User';
-import { Zipline } from '../entities/Zipline';
+import { User } from '../../entities/User';
+import { Zipline } from '../../entities/Zipline';
 import {
   UserNotFoundError,
   MissingBodyData,
   LoginError,
   UserExistsError
-} from '../lib/api/APIErrors';
-import { Configuration, ConfigWebhooks } from '../lib/Config';
-import { Console } from '../lib/logger';
+} from '../APIErrors';
+import { Configuration, ConfigWebhooks } from '../../Config';
+import { Console } from '../../logger';
 import {
   checkPassword,
   createBaseCookie,
@@ -26,8 +26,8 @@ import {
   encryptPassword,
   getFirst,
   readBaseCookie
-} from '../lib/Util';
-import { WebhookType, WebhookHelper } from '../lib/Webhooks';
+} from '../../Util';
+import { WebhookType, WebhookHelper } from '../../Webhooks';
 
 const config = Configuration.readConfig();
 
@@ -63,7 +63,9 @@ export class UserController {
 
   @PATCH('/')
   async editUser(
-    req: FastifyRequest<{ Body: { username: string; password: string } }>,
+    req: FastifyRequest<{
+      Body: { username: string; password: string; email: string };
+    }>,
     reply: FastifyReply
   ) {
     if (!req.cookies.zipline) throw new LoginError('Not logged in.');
@@ -78,7 +80,8 @@ export class UserController {
 
     this.logger.verbose(`attempting to save ${user.username} (${user.id})`);
     user.username = req.body.username;
-    user.password = encryptPassword(req.body.password);
+    if (req.body.password) user.password = encryptPassword(req.body.password);
+    if (req.body.email) user.email = req.body.email;
     await this.users.save(user);
 
     this.logger.info(`saved ${user.username} (${user.id})`);
@@ -91,6 +94,35 @@ export class UserController {
     return reply.send(user);
   }
 
+  @POST('/verify-login')
+  async verify(
+    req: FastifyRequest<{ Body: { username: string; password: string } }>,
+    reply: FastifyReply
+  ) {
+    if (req.cookies.zipline) throw new LoginError('Already logged in.');
+    if (!req.body.username) throw new MissingBodyData('Missing username.');
+    if (!req.body.password) throw new MissingBodyData('Missing uassword.');
+
+    const user = await this.users.findOne({
+      where: {
+        username: req.body.username
+      }
+    });
+
+    if (!user)
+      throw new UserNotFoundError(`User "${req.body.username}" was not found.`);
+    if (!checkPassword(req.body.password, user.password)) {
+      this.logger.error(
+        `${user.username} (${user.id}) tried to verify their credentials but failed`
+      );
+      throw new LoginError('Wrong credentials!');
+    }
+
+    reply.send({
+      mfa: !!user.secretMfaKey
+    });
+  }
+
   @POST('/login')
   async login(
     req: FastifyRequest<{ Body: { username: string; password: string } }>,
@@ -236,9 +268,7 @@ export class UserController {
       this.logger.verbose(
         `attempting to delete ${existing.username} (${existing.id})`
       );
-      await this.users.delete({
-        id: existing.id
-      });
+      await this.users.remove(existing);
 
       this.logger.info(`deleted ${existing.username} (${existing.id})`);
       if (this.webhooks.events.includes(WebhookType.USER_DELETE))
@@ -251,7 +281,6 @@ export class UserController {
       throw new Error(`Could not delete user: ${e.message}`);
     }
   }
-
   // @Hook('preValidation')
   // public async preValidation(req: FastifyRequest, reply: FastifyReply) {
   //   // const adminRoutes = ['/api/user/create'];

src/lib/entities/User.ts

@@ -11,12 +11,18 @@ export class User {
   @Column('text')
   public password: string;
 
+  @Column('text', { default: null }) /* used for gravatar avatar! */
+  public email: string;
+
   @Column('boolean', { default: false })
   public administrator: boolean;
 
   @Column('text')
   public token: string;
 
+  @Column('simple-json', { default: null })
+  public secretMfaKey: string;
+
   public constructor(
     username: string,
     password: string,
@@ -25,7 +31,9 @@ export class User {
   ) {
     this.username = username;
     this.password = password;
+    this.email = null;
     this.administrator = administrator;
     this.token = token;
+    this.secretMfaKey = null;
   }
 }

src/lib/logger/Console.ts

@@ -9,6 +9,7 @@ declare global {
   }
 }
 
+
 if (!global.logr) global.logr = { formatter: null };
 
 export enum ConsoleLevel {

src/pages/_app.tsx

@@ -5,7 +5,7 @@ import { Provider } from 'react-redux';
 import { PersistGate } from 'redux-persist/integration/react';
 import { store, persistor } from '../store';
 import ZiplineTheming from '../components/ZiplineTheming';
-
+import UIPlaceholder from '../components/UIPlaceholder';
 
 function MyApp({ Component, pageProps }) {
   const [theme, setTheme] = useState<'dark' | 'light'>('dark');
@@ -19,7 +19,6 @@ function MyApp({ Component, pageProps }) {
     })();
   }, []);
   return (
-
     <React.Fragment>
       <Head>
         <title>Zipline</title>
@@ -30,8 +29,12 @@ function MyApp({ Component, pageProps }) {
       </Head>
 
       <Provider store={store}>
-        <PersistGate loading={<div>Loading...</div>} persistor={persistor}>
-          <ZiplineTheming Component={Component} pageProps={pageProps} theme={theme} />
+        <PersistGate loading={<UIPlaceholder />} persistor={persistor}>
+          <ZiplineTheming
+            Component={Component}
+            pageProps={pageProps}
+            theme={theme}
+          />
         </PersistGate>
       </Provider>
     </React.Fragment>
@@ -43,4 +46,4 @@ MyApp.propTypes = {
   pageProps: PropTypes.object.isRequired
 };
 
-export default MyApp;
+export default MyApp;

src/pages/dash/images.tsx

@@ -16,7 +16,7 @@ import UI from '../../components/UI';
 import UIPlaceholder from '../../components/UIPlaceholder';
 import { makeStyles } from '@material-ui/core';
 import { store } from '../../store';
-import { Image } from '../../entities/Image';
+import { Image } from '../../lib/entities/Image';
 import { Configuration } from '../../lib/Config';
 
 const useStyles = makeStyles(theme => ({

src/pages/dash/urls.tsx

@@ -24,7 +24,7 @@ import copy from 'copy-to-clipboard';
 import UI from '../../components/UI';
 import UIPlaceholder from '../../components/UIPlaceholder';
 import { makeStyles } from '@material-ui/core';
-import { URL as URLEntity } from '../../entities/URL';
+import { URL as URLEntity } from '../../lib/entities/URL';
 import { Configuration } from '../../lib/Config';
 
 const useStyles = makeStyles(theme => ({

src/pages/user/manage.tsx

@@ -4,18 +4,25 @@ import UI from '../../components/UI';
 import UIPlaceholder from '../../components/UIPlaceholder';
 import ManageUser from '../../components/ManageUser';
 import { store } from '../../store';
+import { Configuration } from '../../lib/Config';
 
-export default function Manage() {
+export default function Manage({ config }) {
   const router = useRouter();
   const state = store.getState();
 
-  if (typeof window !== 'undefined' && !state.loggedIn) router.push('/user/login');
+  if (typeof window !== 'undefined' && !state.loggedIn)
+    router.push('/user/login');
   else {
     return (
       <UI>
-        <ManageUser />
+        <ManageUser config={config} />
       </UI>
     );
   }
   return <UIPlaceholder />;
 }
+
+export async function getStaticProps() {
+  const config = Configuration.readConfig();
+  return { props: { config } };
+}

src/reducer.ts

@@ -1,5 +1,5 @@
 /* eslint-disable indent */
-import { User } from './entities/User';
+import { User } from './lib/entities/User';
 
 export const LOGIN = 'LOGIN';
 export const LOGOUT = 'LOGOUT';