From bb969aa39a453b4df4cc603d024ec7b67dd69452 Mon Sep 17 00:00:00 2001
From: Mystikfluu <Mystikfluu@gmail.com>
Date: Wed, 25 May 2022 17:41:04 +0200
Subject: [PATCH] better ip handling no longer stores ips as plaintext, instead
 hashes them

---
 server.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/server.js b/server.js
index 7606ee0..c243321 100644
--- a/server.js
+++ b/server.js
@@ -442,12 +442,13 @@ router.post("/register",async function(req,res) {
     }
     let hashed_pw = SHA256(password,username,HASHES_DB)
     let ip = req.socket.remoteAddress
+    let cookiesigned = signature.sign(setTo, cookiesecret+ip);
+    let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
+    ip = SHA256(ip,setTo,HASHES_DB)
     let values = [b64(encodeURIComponent(username)),hashed_pw, Date.now(), ip, ip]
     let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);`
     con.query(sql, values, function (err, result) {
       if (err) throw err;
-      let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
-      let cookiesigned = signature.sign(setTo, cookiesecret+ip);
       res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
       res.redirect("/user?success=true")
     });
@@ -492,6 +493,9 @@ router.post("/login",async function(req,res) {
       let cookiesigned = signature.sign(setTo, cookiesecret+ip);
       res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
       res.redirect("/user?success=true")
+
+      ip = SHA256(ip,setTo,HASHES_DB)
+
       if(result[0].User_LastIP != ip) {
         let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;`
         con.query(sql,[ip,b64(encodeURIComponent(username))],function(error,result) {