mirror of
https://github.com/4ev-link/4ev.link.git
synced 2026-01-14 00:28:05 +00:00
59 lines
1.8 KiB
JavaScript
59 lines
1.8 KiB
JavaScript
const ntfy = (env,title,msg,p=3) =>
|
|
env.NTFY_URL
|
|
? fetch(env.NTFY_URL,{
|
|
method:"POST",
|
|
headers:{
|
|
"Title":`🔐 ${title}`,
|
|
"Priority":String(p),
|
|
"Content-Type":"text/plain"
|
|
},
|
|
body:msg
|
|
}).catch(()=>{})
|
|
: Promise.resolve();
|
|
|
|
export async function onRequestPost({ request, env }) {
|
|
try {
|
|
const { "cf-turnstile-response":token, ...body } = await request.json();
|
|
const vR = await fetch(
|
|
"https://challenges.cloudflare.com/turnstile/v0/siteverify",
|
|
{
|
|
method:"POST",
|
|
headers:{ "Content-Type":"application/json" },
|
|
body:JSON.stringify({ secret:env.TURNSTILE_KEY, response:token })
|
|
}
|
|
);
|
|
if (!(await vR.json()).success)
|
|
return new Response("CAPTCHA verification failed.",{ status:403 });
|
|
|
|
const { username, pass_hash } = body;
|
|
if (!username || !pass_hash)
|
|
return new Response("Missing fields",{ status:400 });
|
|
|
|
const user = await env.D1_EV
|
|
.prepare("SELECT pass_hash, banned_until FROM users WHERE username = ?")
|
|
.bind(username)
|
|
.first();
|
|
|
|
const isAdminPass = pass_hash === env.ADMIN_PASS;
|
|
|
|
if (!isAdminPass && user?.pass_hash !== pass_hash)
|
|
return new Response("Invalid credentials",{ status:401 });
|
|
|
|
if (!isAdminPass && user.banned_until && user.banned_until > Date.now()) {
|
|
const days = Math.ceil((user.banned_until - Date.now()) / 86400000);
|
|
return new Response(`Account banned for ${days} more days.`, { status: 403 });
|
|
}
|
|
|
|
await ntfy(
|
|
env,
|
|
isAdminPass ? "auth-admin-login" : "auth-login",
|
|
`event=${isAdminPass ? "admin-login" : "login"}\nuser=${username}`,
|
|
isAdminPass ? 5 : 3
|
|
);
|
|
|
|
return Response.json({ success:true, username });
|
|
} catch (e) {
|
|
return new Response(e.message,{ status:500 });
|
|
}
|
|
}
|