Fix OpenAPI documentation login

Signed-off-by: DL6ER <dl6er@dl6er.de>

src/api/docs/CMakeLists.txt

@@ -16,7 +16,6 @@ set(sources
         hex/external/rapidoc-min.js.map
         hex/external/highlight.min.js
         hex/external/highlight-default.min.css
-        hex/external/geraintluff-sha256.min.js
         hex/images/logo.svg
         hex/specs/action.yaml
         hex/specs/auth.yaml

src/api/docs/content/external/geraintluff-sha256.min.js

@@ -1 +0,0 @@
-var sha256=function a(b){function c(a,b){return a>>>b|a<<32-b}for(var d,e,f=Math.pow,g=f(2,32),h="length",i="",j=[],k=8*b[h],l=a.h=a.h||[],m=a.k=a.k||[],n=m[h],o={},p=2;64>n;p++)if(!o[p]){for(d=0;313>d;d+=p)o[d]=p;l[n]=f(p,.5)*g|0,m[n++]=f(p,1/3)*g|0}for(b+="\x80";b[h]%64-56;)b+="\x00";for(d=0;d<b[h];d++){if(e=b.charCodeAt(d),e>>8)return;j[d>>2]|=e<<(3-d)%4*8}for(j[j[h]]=k/g|0,j[j[h]]=k,e=0;e<j[h];){var q=j.slice(e,e+=16),r=l;for(l=l.slice(0,8),d=0;64>d;d++){var s=q[d-15],t=q[d-2],u=l[0],v=l[4],w=l[7]+(c(v,6)^c(v,11)^c(v,25))+(v&l[5]^~v&l[6])+m[d]+(q[d]=16>d?q[d]:q[d-16]+(c(s,7)^c(s,18)^s>>>3)+q[d-7]+(c(t,17)^c(t,19)^t>>>10)|0),x=(c(u,2)^c(u,13)^c(u,22))+(u&l[1]^u&l[2]^l[1]&l[2]);l=[w+x|0].concat(l),l[4]=l[4]+w|0}for(d=0;8>d;d++)l[d]=l[d]+r[d]|0}for(d=0;8>d;d++)for(e=3;e+1;e--){var y=l[d]>>8*e&255;i+=(16>y?0:"")+y.toString(16)}return i};

src/api/docs/content/index.html

@@ -7,7 +7,6 @@
         <!--<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,600&display=swap" rel="stylesheet">-->
         <link rel="stylesheet" href="external/highlight-default.min.css">
         <script src="external/highlight.min.js"></script>
-        <script src="external/geraintluff-sha256.min.js"></script>
         <script type='text/javascript' src='external/rapidoc-min.js'></script>
         <script type="text/javascript" src="pi-hole.js"></script>
         <link href='index.css' rel='stylesheet'>
@@ -48,7 +47,7 @@
               <div>Pi-hole API Documentation</div>
               <div>
                 <input id='loginpw' type='password' size="4">
-                <button class='btn' id='loginbtn' onclick='login()'>Login</button>
+                <button class='btn' id='loginbtn' onclick='loginout()'>Login</button>
               </div>
             </div>
             <!-- content at the bottom -->

src/api/docs/content/pi-hole.js

@@ -5,13 +5,6 @@
  *  This file is copyright under the latest version of the EUPL.
  *  Please see LICENSE file for your rights under this license. */
 
-function computeResponse(password, challenge) {
-	// Compute password hash twice to mitigate rainbow
-	// table vulnerability
-	console.log(password, challenge);
-	return sha256(challenge + ":" + sha256(sha256(password)));
-}
-
 // GET implementation
 async function getData(url = '') {
 	const response = await fetch(url, {
@@ -39,22 +32,6 @@ async function postData(url = '', data = {}) {
 	return response.json();
 }
 
-// Send response
-function login2(response) {
-	postData('/api/auth', {response: response})
-	.then(data => {
-		if(data.session.valid === true) {
-			loginOk(data.session.sid);
-		} else {
-			loginFAIL();
-		}
-	})
-	.catch((error) => {
-		loginFAIL();
-		console.error('Error:', error);
-	});
-}
-
 // Mark login as OK
 function loginOk(sid) {
 	const docEl = document.getElementById('thedoc');
@@ -84,31 +61,24 @@ function logoutOk() {
 	btn.classList.remove('red');
 	btn.textContent = 'Login';
 }
-function login1(pw)
-{
-	getData('/api/auth')
-	.then(data => {
-		if("challenge" in data && data.challenge !== null) {
-			var response = computeResponse(pw, data.challenge);
-			login2(response);
-		} else if(data.session.valid === true) {
-			loginOk(data.session.sid);
-		} else {
-			loginFAIL();
-		}
-	})
-	.catch((error) => {
-		loginFAIL();
-		console.error('Error:', error);
-	});
-}
 
-// Start login sequence by getting challenge
-function login(){
+// Login using password
+function loginout(){
 	const docEl = document.getElementById('thedoc');
 	if(docEl.attributes["api-key-value"].value === '-') {
 		var pw = document.getElementById('loginpw').value;
-		login1(pw);
+    postData('/api/auth', {password: pw})
+    .then(data => {
+      if(data.session.valid === true) {
+        loginOk(data.session.sid);
+      } else {
+        loginFAIL();
+      }
+    })
+    .catch((error) => {
+      loginFAIL();
+      console.error('Error:', error);
+    });
 	} else {
 		deleteData('/api/auth')
 		.then(logoutOk())

src/api/docs/docs.h

@@ -32,7 +32,7 @@ static const unsigned char rapidoc_min_js[] = {
 #include "hex/external/rapidoc-min.js"
 };
 
-static const unsigned char rapidoc_min_map_js[] = {
+static const unsigned char rapidoc_min_js_map[] = {
 #include "hex/external/rapidoc-min.js.map"
 };
 
@@ -40,10 +40,6 @@ static const unsigned char highlight_default_min_css[] = {
 #include "hex/external/highlight-default.min.css"
 };
 
-static const unsigned char geraintluff_sha256_min_js[] = {
-#include "hex/external/geraintluff-sha256.min.js"
-};
-
 static const unsigned char highlight_min_js[] = {
 #include "hex/external/highlight.min.js"
 };
@@ -139,10 +135,9 @@ struct {
     {"index.css", "text/css", (const char*)index_css, sizeof(index_css)},
     {"pi-hole.js", "application/javascript", (const char*)pi_hole_js, sizeof(pi_hole_js)},
     {"external/rapidoc-min.js", "application/javascript", (const char*)rapidoc_min_js, sizeof(rapidoc_min_js)},
-    {"external/rapidoc-min.map.js", "text/plain", (const char*)rapidoc_min_map_js, sizeof(rapidoc_min_map_js)},
+    {"external/rapidoc-min.js.map", "text/plain", (const char*)rapidoc_min_js_map, sizeof(rapidoc_min_js_map)},
     {"external/highlight-default.min.css", "text/css", (const char*)highlight_default_min_css, sizeof(highlight_default_min_css)},
     {"external/highlight.min.js", "application/javascript", (const char*)highlight_min_js, sizeof(highlight_min_js)},
-    {"external/geraintluff-sha256.min.js", "application/javascript", (const char*)geraintluff_sha256_min_js, sizeof(geraintluff_sha256_min_js)},
     {"images/logo.svg", "image/svg+xml", (const char*)images_logo_svg, sizeof(images_logo_svg)},
     {"specs/auth.yaml", "text/plain", (const char*)specs_auth_yaml, sizeof(specs_auth_yaml)},
     {"specs/clients.yaml", "text/plain", (const char*)specs_clients_yaml, sizeof(specs_clients_yaml)},