code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add beta alternative login

Browse Source
This commit is contained in:
Mystikfluu 2022-10-04 22:12:53 +02:00
parent efcded8816
commit e4cb60b0a3
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
extra_modules/unsign.js
View File

@ -13,7 +13,9 @@ function unsign(text, req, res) {
let ip = getIP(req); let ip = getIP(req);
let unsigned = signature.unsign(text, cookiesecret + ip); let unsigned = signature.unsign(text, cookiesecret + ip);
if (!unsigned) { if (!unsigned) {
return false; unsigned = signature.unsign(text, cookiesecret); //unsafe login?
if(!unsigned)return false;
return unsigned
} }
return unsigned; return unsigned;
} }

6
server.js
View File

@ -1163,6 +1163,10 @@ router.post("/login", function (req, res) {
res.send("no password given"); res.send("no password given");
return; return;
} }
const no_ip_lock = username.endsWith("@unsafe")
username = username.replace("@unsafe","")
let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF); let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF);
let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE); let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE);
let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`; let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`;
@ -1170,7 +1174,7 @@ router.post("/login", function (req, res) {
if (result && result[0]) { if (result && result[0]) {
let ip = getIP(req); let ip = getIP(req);
let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE); let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE);
let cookiesigned = signature.sign(setTo, cookiesecret + ip); let cookiesigned = signature.sign(setTo, cookiesecret + (!no_ip_lock ? ip : ""));
res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS }); res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
ip = SHA.SHA256(ip, setTo, HASHES_DB); ip = SHA.SHA256(ip, setTo, HASHES_DB);
if (result[0].User_LastIP != ip) { if (result[0].User_LastIP != ip) {