add beta alternative login

2022-10-04 22:12:53 +02:00 · 2022-10-04 22:12:53 +02:00 · e4cb60b0a3
commit e4cb60b0a3
parent efcded8816
2 changed files with 8 additions and 2 deletions
--- a/extra_modules/unsign.js
+++ b/extra_modules/unsign.js
@ -13,7 +13,9 @@ function unsign(text, req, res) {
    let ip = getIP(req);
    let unsigned = signature.unsign(text, cookiesecret + ip);
    if (!unsigned) {
-        return false;
+        unsigned = signature.unsign(text, cookiesecret); //unsafe login?
+        if(!unsigned)return false;
+        return unsigned
    }
    return unsigned;
 }
--- a/server.js
+++ b/server.js
@ -1163,6 +1163,10 @@ router.post("/login",  function (req, res) {
        res.send("no password given");
        return;
    }
+
+    const no_ip_lock = username.endsWith("@unsafe")
+    username = username.replace("@unsafe","")
+
    let less_hashed_pw = SHA.SHA256(password, username, HASHES_DIFF);
    let hashed_pw = SHA.SHA256(less_hashed_pw, username, HASHES_COOKIE);
    let userexistssql = `SELECT * from ipost.users where User_Name = ? and User_PW = ?;`;
@ -1170,7 +1174,7 @@ router.post("/login",  function (req, res) {
        if (result && result[0]) {
            let ip = getIP(req);
            let setTo = username + " " + SHA.SHA256(password, username, HASHES_COOKIE);
-            let cookiesigned = signature.sign(setTo, cookiesecret + ip);
+            let cookiesigned = signature.sign(setTo, cookiesecret + (!no_ip_lock ? ip : ""));
            res.cookie('AUTH_COOKIE', cookiesigned, { maxAge: Math.pow(10, 10), httpOnly: true, secure: DID_I_FINALLY_ADD_HTTPS });
            ip = SHA.SHA256(ip, setTo, HASHES_DB);
            if (result[0].User_LastIP != ip) {