use named exports
for SHA256 & unsign
This commit is contained in:
Mystikfluu
parent
33f63663ec
commit
d55de3bf79
@ -1,6 +1,6 @@
|
|||||||
import fs from "fs";
|
import fs from "fs";
|
||||||
import SHA from "../../extra_modules/SHA.js";
|
import {SHA256} from "../../extra_modules/SHA.js";
|
||||||
import unsign from "../../extra_modules/unsign.js";
|
import {unsign} from "../../extra_modules/unsign.js";
|
||||||
const config = JSON.parse(fs.readFileSync("server_config.json"));
|
const config = JSON.parse(fs.readFileSync("server_config.json"));
|
||||||
const HASHES_DB = config.cookies.server_hashes;
|
const HASHES_DB = config.cookies.server_hashes;
|
||||||
const HASHES_COOKIE = config.cookies.client_hashes;
|
const HASHES_COOKIE = config.cookies.client_hashes;
|
||||||
@ -14,20 +14,20 @@ export const setup = function (router, con, server) {
|
|||||||
next()
|
next()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
unsigned = unsign.unsign(req.cookies.AUTH_COOKIE, req, res);
|
unsigned = unsign(req.cookies.AUTH_COOKIE, req, res);
|
||||||
if (!unsigned){
|
if (!unsigned){
|
||||||
next()
|
next()
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
unsigned = `${req.body.user} ${SHA.SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
|
unsigned = `${req.body.user} ${SHA256(req.body.pass, req.body.user, HASHES_COOKIE)}`;
|
||||||
//basically we generate the unsigned cookie
|
//basically we generate the unsigned cookie
|
||||||
res.locals.isbot = true; //only bots use user+pass
|
res.locals.isbot = true; //only bots use user+pass
|
||||||
}
|
}
|
||||||
let sql = `select User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
|
let sql = `select User_Name,User_Bio,User_Avatar,User_Settings from ipost.users where User_Name=? and User_PW=?;`;
|
||||||
let values = unsigned.split(" ");
|
let values = unsigned.split(" ");
|
||||||
values[1] = SHA.SHA256(values[1], values[0], HASHES_DIFF);
|
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
|
||||||
res.locals.bio = "";
|
res.locals.bio = "";
|
||||||
res.locals.avatar = "";
|
res.locals.avatar = "";
|
||||||
res.locals.settings = {};
|
res.locals.settings = {};
|
||||||
|
|||||||
36
server.js
36
server.js
@ -10,9 +10,9 @@ import * as signature from "cookie-signature";
|
|||||||
import * as mysql from "mysql";
|
import * as mysql from "mysql";
|
||||||
import * as ws from "ws";
|
import * as ws from "ws";
|
||||||
import sharp from "sharp"
|
import sharp from "sharp"
|
||||||
import SHA from "./extra_modules/SHA.js";
|
import {SHA256} from "./extra_modules/SHA.js";
|
||||||
import getIP from "./extra_modules/getip.js";
|
import getIP from "./extra_modules/getip.js";
|
||||||
import unsign from "./extra_modules/unsign.js";
|
import {unsign} from "./extra_modules/unsign.js";
|
||||||
import { readFileSync, mkdir, existsSync, appendFile, unlinkSync, writeFileSync, readFile } from "fs";
|
import { readFileSync, mkdir, existsSync, appendFile, unlinkSync, writeFileSync, readFile } from "fs";
|
||||||
import { format } from "util";
|
import { format } from "util";
|
||||||
import { setup as optionssetup } from "./routes/api/options.js";
|
import { setup as optionssetup } from "./routes/api/options.js";
|
||||||
@ -308,7 +308,7 @@ function increaseAccountAPICall(req, res) {
|
|||||||
if (!cookie) {
|
if (!cookie) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
let unsigned = unsign.unsign(cookie, req, res);
|
let unsigned = unsign(cookie, req, res);
|
||||||
if (!unsigned) {
|
if (!unsigned) {
|
||||||
return true; //if there's no account, why not just ignore it
|
return true; //if there's no account, why not just ignore it
|
||||||
}
|
}
|
||||||
@ -570,7 +570,7 @@ router.get("/api/getalluserinformation", function (req, res) {
|
|||||||
unsigned = decodeURIComponent(unsigned);
|
unsigned = decodeURIComponent(unsigned);
|
||||||
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`;
|
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`;
|
||||||
let values = unsigned.split(" ");
|
let values = unsigned.split(" ");
|
||||||
values[1] = SHA.SHA256(values[1], values[0], HASHES_DIFF);
|
values[1] = SHA256(values[1], values[0], HASHES_DIFF);
|
||||||
con.query(sql, values, function (err, result) {
|
con.query(sql, values, function (err, result) {
|
||||||
if (err)
|
if (err)
|
||||||
throw err;
|
throw err;
|
||||||
@ -702,8 +702,8 @@ router.post("/api/changePW", function (req, res) {
|
|||||||
res.json({ "error": "password is too short" });
|
res.json({ "error": "password is too short" });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
let hashed_pw = SHA.SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
|
let hashed_pw = SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
|
||||||
let hashed_new_pw = SHA.SHA256(req.body.newPW, res.locals.username, HASHES_DB);
|
let hashed_new_pw = SHA256(req.body.newPW, res.locals.username, HASHES_DB);
|
||||||
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`;
|
let sql = `select * from ipost.users where User_Name=? and User_PW=?;`;
|
||||||
let values = [res.locals.username, hashed_pw];
|
let values = [res.locals.username, hashed_pw];
|
||||||
con.query(sql, values, function (err, result) {
|
con.query(sql, values, function (err, result) {
|
||||||
@ -716,7 +716,7 @@ router.post("/api/changePW", function (req, res) {
|
|||||||
if (err)
|
if (err)
|
||||||
throw err;
|
throw err;
|
||||||
let ip = getIP(req);
|
let ip = getIP(req);
|
||||||
let setTo = res.locals.username + " " + SHA.SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE);
|
let setTo = res.locals.username + " " + SHA256(req.body.newPW, res.locals.username, HASHES_COOKIE);
|
||||||
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
||||||
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
||||||
res.json({ "success": "successfully changed password" });
|
res.json({ "success": "successfully changed password" });
|
||||||
@ -754,8 +754,8 @@ router.post("/api/changeUsername", function (req, res) {
|
|||||||
res.json({ "error": "username can't be the current one" });
|
res.json({ "error": "username can't be the current one" });
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
let hashed_pw = SHA.SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
|
let hashed_pw = SHA256(req.body.currentPW, res.locals.username, HASHES_DB);
|
||||||
let hashed_new_pw = SHA.SHA256(req.body.currentPW, req.body.newUsername, HASHES_DB);
|
let hashed_new_pw = SHA256(req.body.currentPW, req.body.newUsername, HASHES_DB);
|
||||||
let sql = `select * from ipost.users where User_Name=?;`; //check if pw is correct
|
let sql = `select * from ipost.users where User_Name=?;`; //check if pw is correct
|
||||||
let values = [res.locals.username];
|
let values = [res.locals.username];
|
||||||
con.query(sql, values, function (err, result) {
|
con.query(sql, values, function (err, result) {
|
||||||
@ -777,7 +777,7 @@ router.post("/api/changeUsername", function (req, res) {
|
|||||||
if (err)
|
if (err)
|
||||||
throw err;
|
throw err;
|
||||||
let ip = getIP(req);
|
let ip = getIP(req);
|
||||||
let setTo = req.body.newUsername + " " + SHA.SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE);
|
let setTo = req.body.newUsername + " " + SHA256(req.body.currentPW, req.body.newUsername, HASHES_COOKIE);
|
||||||
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
||||||
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
||||||
//updated username in the users table, but not yet on posts
|
//updated username in the users table, but not yet on posts
|
||||||
@ -1112,12 +1112,12 @@ router.post("/register", function (req, res) {
|
|||||||
res.redirect("/register?success=false&reason=already_exists");
|
res.redirect("/register?success=false&reason=already_exists");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF);
|
let less_hashed_pw = SHA256(password, username, HASHES_DIFF);
|
||||||
let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE);
|
let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE);
|
||||||
let ip = getIP(req);
|
let ip = getIP(req);
|
||||||
let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE);
|
let setTo = username + " " + SHA256(password, username, HASHES_COOKIE);
|
||||||
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
let cookiesigned = signature.sign(setTo, cookiesecret + ip);
|
||||||
ip = SHA.SHA256(ip, setTo, HASHES_DB);
|
ip = SHA256(ip, setTo, HASHES_DB);
|
||||||
const default_settings = {};
|
const default_settings = {};
|
||||||
let values = [encodeURIComponent(username), hashed_pw, Date.now(), ip, ip, JSON.stringify(default_settings)];
|
let values = [encodeURIComponent(username), hashed_pw, Date.now(), ip, ip, JSON.stringify(default_settings)];
|
||||||
let sql = `INSERT INTO ipost.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP, User_Settings) VALUES (?, ?, ?, ?, ?, ?);`;
|
let sql = `INSERT INTO ipost.users (User_Name, User_PW, User_CreationStamp, User_CreationIP, User_LastIP, User_Settings) VALUES (?, ?, ?, ?, ?, ?);`;
|
||||||
@ -1182,16 +1182,16 @@ router.post("/login", function (req, res) {
|
|||||||
const no_ip_lock = username.endsWith("@unsafe")
|
const no_ip_lock = username.endsWith("@unsafe")
|
||||||
username = username.replace("@unsafe","")
|
username = username.replace("@unsafe","")
|
||||||
|
|
||||||
let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF);
|
let less_hashed_pw = SHA256(password, username, HASHES_DIFF);
|
||||||
let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE);
|
let hashed_pw = SHA256(less_hashed_pw, username, HASHES_COOKIE);
|
||||||
let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`;
|
let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`;
|
||||||
con.query(userexistssql, [encodeURIComponent(username), hashed_pw], function (error, result) {
|
con.query(userexistssql, [encodeURIComponent(username), hashed_pw], function (error, result) {
|
||||||
if (result && result[0]) {
|
if (result && result[0]) {
|
||||||
let ip = getIP(req);
|
let ip = getIP(req);
|
||||||
let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE);
|
let setTo = username + " " + SHA256(password, username, HASHES_COOKIE);
|
||||||
let cookiesigned = signature.sign(setTo, cookiesecret + (!no_ip_lock ? ip : ""));
|
let cookiesigned = signature.sign(setTo, cookiesecret + (!no_ip_lock ? ip : ""));
|
||||||
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
|
||||||
ip = SHA.SHA256(ip, setTo, HASHES_DB);
|
ip = SHA256(ip, setTo, HASHES_DB);
|
||||||
if (result[0].User_LastIP != ip) {
|
if (result[0].User_LastIP != ip) {
|
||||||
let sql = `update ipost.users set User_LastIP = ? where User_Name = ?;`;
|
let sql = `update ipost.users set User_LastIP = ? where User_Name = ?;`;
|
||||||
con.query(sql, [ip, encodeURIComponent(username)], function (error, result) {
|
con.query(sql, [ip, encodeURIComponent(username)], function (error, result) {
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user