code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

better ip handling

Browse Source 
no longer stores ips as plaintext, instead hashes them
This commit is contained in:
Mystikfluu 2022-05-25 17:41:04 +02:00
parent 06e9924777
commit bb969aa39a
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
server.js
View File

@ -442,12 +442,13 @@ router.post("/register",async function(req,res) {
} }
let hashed_pw = SHA256(password,username,HASHES_DB) let hashed_pw = SHA256(password,username,HASHES_DB)
let ip = req.socket.remoteAddress let ip = req.socket.remoteAddress
let cookiesigned = signature.sign(setTo, cookiesecret+ip);
let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
ip = SHA256(ip,setTo,HASHES_DB)
let values = [b64(encodeURIComponent(username)),hashed_pw, Date.now(), ip, ip] let values = [b64(encodeURIComponent(username)),hashed_pw, Date.now(), ip, ip]
let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);` let sql = `INSERT INTO zerotwohub.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP) VALUES (?, ?, ?, ? ,?);`
con.query(sql, values, function (err, result) { con.query(sql, values, function (err, result) {
if (err) throw err; if (err) throw err;
let setTo = username + " " + SHA256(password,username,HASHES_COOKIE)
let cookiesigned = signature.sign(setTo, cookiesecret+ip);
res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.redirect("/user?success=true") res.redirect("/user?success=true")
}); });
@ -492,6 +493,9 @@ router.post("/login",async function(req,res) {
let cookiesigned = signature.sign(setTo, cookiesecret+ip); let cookiesigned = signature.sign(setTo, cookiesecret+ip);
res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); res.cookie('AUTH_COOKIE',cookiesigned, { maxAge: Math.pow(10,10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.redirect("/user?success=true") res.redirect("/user?success=true")
ip = SHA256(ip,setTo,HASHES_DB)
if(result[0].User_LastIP != ip) { if(result[0].User_LastIP != ip) {
let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;` let sql = `update zerotwohub.users set User_LastIP = ? where User_Name = ?;`
con.query(sql,[ip,b64(encodeURIComponent(username))],function(error,result) { con.query(sql,[ip,b64(encodeURIComponent(username))],function(error,result) {