code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

use named exports

Browse Source 
for SHA256 & unsign
This commit is contained in:
Mystikfluu 2022-11-19 17:11:08 +01:00
parent 33f63663ec
commit d55de3bf79
2 changed files with 23 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
routes/api/all.js
View File

@ -1,6 +1,6 @@
import fs from "fs";
import SHA from "../../extra_modules/SHA.js";
import unsign from "../../extra_modules/unsign.js";
import {SHA256} from "../../extra_modules/SHA.js";
import {unsign} from "../../extra_modules/unsign.js";
const config = JSON.parse(fs.readFileSync("server_config.json"));
const HASHES_DB = config.cookies.server_hashes;
const HASHES_COOKIE = config.cookies.client_hashes;
@ -14,20 +14,20 @@ export const setup = function (router, con, server) {
next()
return
}
unsigned = unsign.unsign(req.cookies.AUTH_COOKIE, req, res);
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
if (!unsigned){
next()
return
}
}
else {
unsigned = `${req.body.user} ${SHA.SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
unsigned = `${req.body.user} ${SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
//basically we generate the unsigned cookie
res.locals.isbot = true; //only bots use user+pass
}
let sql = `select User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
let values = unsigned.split(" ");
values[1] = SHA.SHA256(values[1], values[0], HASHES_DIFF);
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
res.locals.bio = "";
res.locals.avatar = "";
res.locals.settings = {};

36
server.js
View File

@ -10,9 +10,9 @@ import * as signature from "cookie-signature";
import * as mysql from "mysql";
import * as ws from "ws";
import sharp from "sharp"
import SHA from "./extra_modules/SHA.js";
import {SHA256} from "./extra_modules/SHA.js";
import getIP from "./extra_modules/getip.js";
import unsign from "./extra_modules/unsign.js";
import {unsign} from "./extra_modules/unsign.js";
import { readFileSync, mkdir, existsSync, appendFile, unlinkSync, writeFileSync, readFile } from "fs";
import { format } from "util";
import { setup as optionssetup } from "./routes/api/options.js";
@ -308,7 +308,7 @@ function increaseAccountAPICall(req, res) {
if (!cookie) {
return true;
}
let unsigned = unsign.unsign(cookie, req, res);
let unsigned = unsign(cookie, req, res);
if (!unsigned) {
return true; //if there's no account, why not just ignore it
}
@ -570,7 +570,7 @@ router.get("/api/getalluserinformation", function (req, res) {
unsigned = decodeURIComponent(unsigned);
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`;
let values = unsigned.split(" ");
values[1] = SHA.SHA256(values[1], values[0], HASHES_DIFF);
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
con.query(sql, values, function (err, result) {
if (err)
throw err;
@ -702,8 +702,8 @@ router.post("/api/changePW", function (req, res) {
res.json({ "error": "password is too short" });
return;
}
let hashed_pw = SHA.SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
let hashed_new_pw = SHA.SHA256(req.body.newPW, res.locals.username, HASHES_DB);
let hashed_pw = SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
let hashed_new_pw = SHA256(req.body.newPW, res.locals.username, HASHES_DB);
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`;
let values = [res.locals.username, hashed_pw];
con.query(sql, values, function (err, result) {
@ -716,7 +716,7 @@ router.post("/api/changePW", function (req, res) {
if (err)
throw err;
let ip = getIP(req);
let setTo = res.locals.username + " " + SHA.SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE);
let setTo = res.locals.username + " " + SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE);
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
res.json({ "success": "successfully changed password" });
@ -754,8 +754,8 @@ router.post("/api/changeUsername", function (req, res) {
res.json({ "error": "username can't be the current one" });
return;
}
let hashed_pw = SHA.SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
let hashed_new_pw = SHA.SHA256(req.body.currentPW, req.body.newUsername, HASHES_DB);
let hashed_pw = SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
let hashed_new_pw = SHA256(req.body.currentPW, req.body.newUsername, HASHES_DB);
let sql = `select * from ipost.users where User_Name=?;`; //check if pw is correct
let values = [res.locals.username];
con.query(sql, values, function (err, result) {
@ -777,7 +777,7 @@ router.post("/api/changeUsername", function (req, res) {
if (err)
throw err;
let ip = getIP(req);
let setTo = req.body.newUsername + " " + SHA.SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE);
let setTo = req.body.newUsername + " " + SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE);
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
//updated username in the users table, but not yet on posts
@ -1112,12 +1112,12 @@ router.post("/register", function (req, res) {
res.redirect("/register?success=false&reason=already_exists");
return;
}
let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF);
let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE);
let less_hashed_pw = SHA256(password, username, HASHES_DIFF);
let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE);
let ip = getIP(req);
let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE);
let setTo = username + " " + SHA256(password, username, HASHES_COOKIE);
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
ip = SHA.SHA256(ip, setTo, HASHES_DB);
ip = SHA256(ip, setTo, HASHES_DB);
const default_settings = {};
let values = [encodeURIComponent(username), hashed_pw, Date.now(), ip, ip, JSON.stringify(default_settings)];
let sql = `INSERT INTO ipost.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP, User_Settings) VALUES (?, ?, ?, ?, ?, ?);`;
@ -1182,16 +1182,16 @@ router.post("/login", function (req, res) {
const no_ip_lock = username.endsWith("@unsafe")
username = username.replace("@unsafe","")
let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF);
let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE);
let less_hashed_pw = SHA256(password, username, HASHES_DIFF);
let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE);
let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`;
con.query(userexistssql, [encodeURIComponent(username), hashed_pw], function (error, result) {
if (result && result[0]) {
let ip = getIP(req);
let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE);
let setTo = username + " " + SHA256(password, username, HASHES_COOKIE);
let cookiesigned = signature.sign(setTo, cookiesecret + (!no_ip_lock ? ip : ""));
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
ip = SHA.SHA256(ip, setTo, HASHES_DB);
ip = SHA256(ip, setTo, HASHES_DB);
if (result[0].User_LastIP != ip) {
let sql = `update ipost.users set User_LastIP = ? where User_Name = ?;`;
con.query(sql, [ip, encodeURIComponent(username)], function (error, result) {