KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Major update on cryptosystem, all passwords now obsolete..

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2017-05-16 15:15:47 +02:00
parent b6b19cc8b7
commit 0db90fe416
7 changed files with 77 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/public/assets/dist/embed.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
server/public/assets/dist/main.min.js vendored
View File

File diff suppressed because one or more lines are too long

4
server/public/assets/js/admin.js
View File

@@ -98,11 +98,11 @@ var Admin = {
pw: function(msg) pw: function(msg)
{ {
w_p = false; w_p = false;
adminpass = msg; adminpass = Crypt.tmp_pass;
names = ["vote","addsongs","longsongs","frontpage", "allvideos", names = ["vote","addsongs","longsongs","frontpage", "allvideos",
"removeplay", "skip", "shuffle", "userpass"]; "removeplay", "skip", "shuffle", "userpass"];
Crypt.set_pass(chan.toLowerCase(), Crypt.decrypt_pass(msg)); Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass);
for (var i = 0; i < names.length; i++) { for (var i = 0; i < names.length; i++) {
$("input[name="+names[i]+"]").attr("disabled", false); $("input[name="+names[i]+"]").attr("disabled", false);

59
server/public/assets/js/crypt.js
View File

@@ -2,6 +2,7 @@ var Crypt = {
conf_pass: undefined, conf_pass: undefined,
user_pass: undefined, user_pass: undefined,
tmp_pass: "",
init: function(){ init: function(){
@@ -36,9 +37,11 @@ var Crypt = {
if(Crypt.getCookie(name) === undefined) { if(Crypt.getCookie(name) === undefined) {
cookie = Crypt.create_cookie(name); cookie = Crypt.create_cookie(name);
} }
var key = btoa("0103060703080703080701") + btoa("0103060703080703080701");
key = key.substring(0,32);
key = btoa(key);
var decrypted = CryptoJS.AES.decrypt( var decrypted = CryptoJS.AES.decrypt(
cookie,"0103060703080703080701", cookie,key,
{ {
mode: CryptoJS.mode.CBC, mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 padding: CryptoJS.pad.Pkcs7
@@ -49,8 +52,11 @@ var Crypt = {
}, },
decrypt_pass: function(pass){ decrypt_pass: function(pass){
var key = btoa(socket.id) + btoa(socket.id);
key = key.substring(0,32);
key = btoa(key);
var decrypted = CryptoJS.AES.decrypt( var decrypted = CryptoJS.AES.decrypt(
pass,socket.id, pass,key,
{ {
mode: CryptoJS.mode.CBC, mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 padding: CryptoJS.pad.Pkcs7
@@ -62,10 +68,12 @@ var Crypt = {
encrypt: function(json_formated, cookie){ encrypt: function(json_formated, cookie){
var to_encrypt = JSON.stringify(json_formated); var to_encrypt = JSON.stringify(json_formated);
var key = btoa("0103060703080703080701") + btoa("0103060703080703080701");
key = key.substring(0,32);
key = btoa(key);
var encrypted = CryptoJS.AES.encrypt( var encrypted = CryptoJS.AES.encrypt(
to_encrypt, to_encrypt,
"0103060703080703080701", key,
{ {
mode: CryptoJS.mode.CBC, mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 padding: CryptoJS.pad.Pkcs7
@@ -81,18 +89,6 @@ var Crypt = {
} }
}, },
encrypt_string: function(string){
var encrypted = CryptoJS.AES.encrypt(
string,
socket.id,
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
return encrypted.toString();
},
get_volume: function(){ get_volume: function(){
return Crypt.decrypt(Crypt.getCookie("_opt"), "_opt").volume; return Crypt.decrypt(Crypt.getCookie("_opt"), "_opt").volume;
//return conf_arr.volume; //return conf_arr.volume;
@@ -118,10 +114,12 @@ var Crypt = {
else cookie_object = {passwords: {}}; else cookie_object = {passwords: {}};
var string_it = JSON.stringify(cookie_object); var string_it = JSON.stringify(cookie_object);
var key = btoa("0103060703080703080701") + btoa("0103060703080703080701");
key = key.substring(0,32);
key = btoa(key);
var encrypted = CryptoJS.AES.encrypt( var encrypted = CryptoJS.AES.encrypt(
string_it, string_it,
"0103060703080703080701", key,
{ {
mode: CryptoJS.mode.CBC, mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 padding: CryptoJS.pad.Pkcs7
@@ -196,15 +194,32 @@ var Crypt = {
}, },
crypt_pass: function(pass){ crypt_pass: function(pass){
Crypt.tmp_pass = pass;
var key = btoa(socket.id) + btoa(socket.id);
key = key.substring(0,32);
key = btoa(key);
var iv = btoa(Crypt.makeiv());
var encrypted = CryptoJS.AES.encrypt( var encrypted = CryptoJS.AES.encrypt(
pass, pass,
socket.id, CryptoJS.enc.Base64.parse(key),
{ {
mode: CryptoJS.mode.CBC, mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7 padding: CryptoJS.pad.Pkcs7,
iv: CryptoJS.enc.Base64.parse(iv),
} }
); );
return encrypted.toString(); window.encrypted = encrypted;
return encrypted.toString() + "$" + iv;
},
makeiv: function(){
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i < 16; i++ )
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}, },
get_width: function(){ get_width: function(){

2
server/public/assets/js/list.js
View File

@@ -366,7 +366,7 @@ var List = {
}, 305); }, 305);
if(removed) { if(removed) {
$("#"+deleted).remove(); $("#"+deleted).remove();
full_playlist.splice(List.getIndexOfSong(deleted), 1); full_playlist.splice(List.getIndexOfSong(deleted), 1);
} }
} catch(err) { } catch(err) {

1
server/public/assets/js/player.js
View File

@@ -15,7 +15,6 @@ var Player = {
}catch(e){ }catch(e){
state = null; state = null;
} }
console.log(video_id);
if((((!offline && (state != null || from_frontpage)) || (offline && (!(state != null) || from_frontpage))|| (!offline && (!(state != null) || from_frontpage)) || (offline && state == -1)) && !(offline && prev_chan_player == chan)) || (offline && video_id == undefined)){ if((((!offline && (state != null || from_frontpage)) || (offline && (!(state != null) || from_frontpage))|| (!offline && (!(state != null) || from_frontpage)) || (offline && state == -1)) && !(offline && prev_chan_player == chan)) || (offline && video_id == undefined)){
prev_chan_player = chan; prev_chan_player = chan;
from_frontpage = false; from_frontpage = false;

44
server/server.js
View File

@@ -755,7 +755,7 @@ io.on('connection', function(socket){
socket.emit("toast", "changedpass"); socket.emit("toast", "changedpass");
else else
socket.emit("toast", "correctpass"); socket.emit("toast", "correctpass");
socket.emit("pw", uncrypted); socket.emit("pw", true);
}); });
}else }else
socket.emit("toast", "wrongpass"); socket.emit("toast", "wrongpass");
@@ -1091,15 +1091,41 @@ io.on('connection', function(socket){
}); });
function decrypt_string(socket_id, pw){ function decrypt_string(socket_id, pw){
var decrypted = CryptoJS.AES.decrypt( try {
pw,socket_id, /*
{ var key = (new Buffer(socket_id).toString('base64')) + (new Buffer(socket_id).toString('base64'));
mode: CryptoJS.mode.CBC, key = key.substring(0,32);
padding: CryptoJS.pad.Pkcs7 var decrypted = CryptoJS.AES.decrypt(
} pw, key,
); {
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
return decrypted.toString(CryptoJS.enc.Utf8); return decrypted.toString(CryptoJS.enc.Utf8);*/
var input = pw.split("$");
pw = input[0];
var testKey = ((new Buffer(socket_id).toString('base64')) + (new Buffer(socket_id).toString('base64'))).substring(0,32);
var keyNew = (new Buffer(testKey)).toString('base64');
var encrypted = CryptoJS.enc.Base64.parse(pw);
var key = CryptoJS.enc.Base64.parse(keyNew);
var iv = CryptoJS.enc.Base64.parse(input[1]);
var decrypted = CryptoJS.enc.Utf8.stringify(
CryptoJS.AES.decrypt({
ciphertext: encrypted
},
key,
// edit: changed to Pkcs5
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7,
iv: iv,
}));
return decrypted;
} catch(e) {
return "";
}
} }
function left_channel(coll, guid, name, short_id, in_list, socket, change) function left_channel(coll, guid, name, short_id, in_list, socket, change)