diff --git a/server/REST.md b/server/REST.md index cbd29b26..3309c9af 100644 --- a/server/REST.md +++ b/server/REST.md @@ -105,7 +105,7 @@ Get song in channel (protected) POST /api/list/:channel_name/:video_id { "fetch_song": ANYTHING_HERE, - "userpass": SHA256(USERPASS) + "userpass": USERPASS } Returns 400 for bad request @@ -128,7 +128,7 @@ Get list (protected) // Important fetch_song is present, or else the request will try to add a song to the channel POST /api/list/:channel_name/ { - "userpass": SHA256(USERPASS) + "userpass": USERPASS } Returns 400 for bad request @@ -150,7 +150,7 @@ Get channelsettings (protected) ``` POST /api/conf/:channel_name/ { - "userpass": SHA256(USERPASS) + "userpass": USERPASS } Returns 400 for bad request @@ -173,7 +173,7 @@ Get now playing song (protected) ``` POST /api/list/:channel_name/__np__ { - "userpass": SHA256(USERPASS) + "userpass": USERPASS } Returns 400 for bad request diff --git a/server/handlers/chat.js b/server/handlers/chat.js index b4978f7a..e46fb0f0 100644 --- a/server/handlers/chat.js +++ b/server/handlers/chat.js @@ -13,7 +13,7 @@ function get_history(channel, all, socket, pass) { if(!query.all) { db.collection(channel + "_settings").find({id: "config"}, function(err, conf) { if(conf.length > 0) { - if(conf[0].userpass == "" || conf[0].userpass == Functions.decrypt_string(socket.zoff_id, pass)) { + if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, pass)).digest('base64')) { getAndSendLogs(channel, all, socket, pass, query); } } @@ -62,7 +62,7 @@ function chat(msg, guid, offline, socket) { } var coll = msg.channel.toLowerCase(); db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socket.zoff_id, msg.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, msg.pass)).digest("base64")))) { var data = msg.data; Functions.check_inlist(coll, guid, socket, offline); if(data !== "" && data !== undefined && data !== null && diff --git a/server/handlers/io.js b/server/handlers/io.js index 148aff25..9bb67c0c 100644 --- a/server/handlers/io.js +++ b/server/handlers/io.js @@ -423,7 +423,7 @@ module.exports = function() { } db.collection(coll + "_settings").find(function(err, docs) { - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, obj.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { Functions.check_inlist(coll, guid, socket, offline); List.send_play(coll, socket); } else { diff --git a/server/handlers/list.js b/server/handlers/list.js index 5bc7b092..c6bb4324 100644 --- a/server/handlers/list.js +++ b/server/handlers/list.js @@ -43,7 +43,7 @@ function list(msg, guid, coll, offline, socket) { return; } coll = msg.channel.toLowerCase(); - var pass = Functions.decrypt_string(socketid, msg.pass); + var pass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){ if(frontpage_lists.length == 1) { @@ -135,7 +135,7 @@ function skip(list, guid, coll, offline, socket) { return; } db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == Functions.decrypt_string(socketid, list.userpass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, list.userpass)).digest("base64")))) { Functions.check_inlist(coll, guid, socket, offline); @@ -502,7 +502,7 @@ function end(obj, coll, guid, offline, socket) { } db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, obj.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { Functions.check_inlist(coll, guid, socket, offline); db.collection(coll).find({now_playing:true}, function(err, np){ diff --git a/server/handlers/list_change.js b/server/handlers/list_change.js index fe90fe10..86767173 100644 --- a/server/handlers/list_change.js +++ b/server/handlers/list_change.js @@ -92,7 +92,7 @@ function add_function(arr, coll, guid, offline, socket) { } db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, arr.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, arr.pass)).digest("base64")))) { Functions.check_inlist(coll, guid, socket, offline); @@ -280,7 +280,7 @@ function voteUndecided(msg, coll, guid, offline, socket) { coll = msg.channel.toLowerCase();; db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, msg.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { Functions.check_inlist(coll, guid, socket, offline); @@ -364,7 +364,7 @@ function shuffle(msg, coll, guid, offline, socket) { if(msg.adminpass === "") hash = msg.adminpass; else hash = Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass)); db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, msg.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash || docs[0].adminpass === "") || docs[0].shuffle === false)) { db.collection(coll).find({now_playing:false}).forEach(function(err, docs){ @@ -449,7 +449,7 @@ function delete_all(msg, coll, guid, offline, socket) { } var hash = Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass)); - var hash_userpass = Functions.decrypt_string(socketid, msg.pass); + var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); db.collection(coll + "_settings").find(function(err, conf) { if(conf.length == 1 && conf) { conf = conf[0]; diff --git a/server/handlers/list_settings.js b/server/handlers/list_settings.js index 854cbb9a..0dbb880e 100644 --- a/server/handlers/list_settings.js +++ b/server/handlers/list_settings.js @@ -167,6 +167,9 @@ function conf_function(params, coll, guid, offline, socket) { } else { hash = adminpass; } + if(userpass != "") { + userpass = crypto.createHash('sha256').update(userpass).digest("base64"); + } db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) { var obj = { diff --git a/server/handlers/suggestions.js b/server/handlers/suggestions.js index 60318e06..109a782c 100644 --- a/server/handlers/suggestions.js +++ b/server/handlers/suggestions.js @@ -28,7 +28,7 @@ function thumbnail(msg, coll, guid, offline, socket) { var channel = msg.channel.toLowerCase(); var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, msg.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){ Notifications.requested_change("thumbnail", msg.thumbnail, channel); @@ -72,7 +72,7 @@ function description(msg, coll, guid, offline, socket) { var channel = msg.channel.toLowerCase(); var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == Functions.decrypt_string(socketid, msg.pass)))) { + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){ Notifications.requested_change("description", msg.description, channel); diff --git a/server/public/assets/js/admin.js b/server/public/assets/js/admin.js index 43606362..0b4cfb71 100755 --- a/server/public/assets/js/admin.js +++ b/server/public/assets/js/admin.js @@ -202,7 +202,7 @@ var Admin = { removeplay = form.removeplay.checked; skipping = form.skip.checked; shuffling = form.shuffle.checked; - var pass_send = userpass == '' ? userpass : CryptoJS.SHA256(userpass).toString(); + var pass_send = userpass_changed && !form.userpass.checked ? "" : userpass; configs = { channel: chan.toLowerCase(), voting: voting, @@ -218,7 +218,7 @@ var Admin = { userpass_changed: userpass_changed }; if(userpass_changed){ - Crypt.set_userpass(chan.toLowerCase(), CryptoJS.SHA256(userpass).toString()); + Crypt.set_userpass(chan.toLowerCase(), userpass); } emit("conf", configs); }, diff --git a/server/public/assets/js/channel.js b/server/public/assets/js/channel.js index 475d6b5c..257643c0 100644 --- a/server/public/assets/js/channel.js +++ b/server/public/assets/js/channel.js @@ -243,36 +243,11 @@ var Channel = { if(!client) { setup_chat_listener(); get_history(); - //console.log(Crypt.get_userpass(chan.toLowerCase())); - } else { - var c = Crypt.get_userpass(chan.toLowerCase()); - if(c == "" || c == undefined) { - c = ""; - } - $.ajax({ - type: "POST", - data: { - userpass: c, - }, - url: "/api/list/" + chan.toLowerCase(), - success: function(response) { - if(response.results.length > 0) { - $("#channel-load").remove(); - if(response.status == 403) { - start_auth(); - } - $("#channel-load").remove(); - List.populate_list(response.results); - } - }, - error: function(response) { - if(response.responseJSON.status == 403) { - start_auth(); - } - $("#channel-load").remove(); - //List.populate_list(response.responseJSON.results); - } - }); + } + if(client || Helper.mobilecheck()){ + get_list_ajax(); + get_np_ajax(); + } if(!Helper.msieversion() && !Helper.mobilecheck() && !client) Notification.requestPermission(); diff --git a/server/public/assets/js/functions.js b/server/public/assets/js/functions.js index 69892fa6..31809aaa 100644 --- a/server/public/assets/js/functions.js +++ b/server/public/assets/js/functions.js @@ -160,6 +160,150 @@ function emit_list() { } } +function get_list_ajax() { + var c = Crypt.get_userpass(chan.toLowerCase()); + if(c == "" || c == undefined) { + c = ""; + } + $.ajax({ + type: "POST", + data: { + userpass: c, + }, + url: "/api/list/" + chan.toLowerCase(), + success: function(response) { + if(response.results.length > 0) { + $("#channel-load").remove(); + if(response.status == 403) { + start_auth(); + } + $("#channel-load").remove(); + List.populate_list(response.results); + } + }, + error: function(response) { + if(response.responseJSON.status == 403) { + start_auth(); + } else if(response.responseJSON.status == 429) { + setTimeout(function() { + get_list_ajax(); + }, response.getResponseHeader("Retry-After") * 1000) + } + $("#channel-load").remove(); + //List.populate_list(response.responseJSON.results); + } + }); +} + +function get_np_ajax() { + var c = Crypt.get_userpass(chan.toLowerCase()); + $.ajax({ + type: "POST", + data: { + userpass: c, + fetch_song: true + }, + url: "/api/list/" + chan.toLowerCase() + "/__np__", + success: function(response) { + Player.getTitle(response.results[0].title, 1); + }, + error: function(response) { + if(response.responseJSON.status == 403) { + start_auth(); + } else if(response.responseJSON.status == 429) { + setTimeout(function() { + get_np_ajax(); + }, response.getResponseHeader("Retry-After") * 1000) + } + } + }) +} + +function del_ajax(id) { + var a = Crypt.get_pass(chan.toLowerCase()); + var u = Crypt.get_userpass(chan.toLowerCase()); + if(a == undefined) a = ""; + if(u == undefined) u = ""; + $.ajax({ + type: "DELETE", + data: { + adminpass: a, + userpass: u + }, + url: "/api/list/" + chan.toLowerCase() + "/" + id, + success: function(response) { + toast("deletesong"); + }, + error: function(response) { + if(response.responseJSON.status == 403) { + start_auth(); + } else if(response.responseJSON.status == 429) { + setTimeout(function() { + vote_ajax(id); + }, response.getResponseHeader("Retry-After") * 1000); + } + } + }) +} + +function add_ajax(id, title, duration, playlist, num, full_num, start, end) { + var a = Crypt.get_pass(chan.toLowerCase()); + var u = Crypt.get_userpass(chan.toLowerCase()); + if(a == undefined) a = ""; + if(u == undefined) u = ""; + $.ajax({ + type: "POST", + data: { + adminpass: a, + userpass: u, + title: title, + duration: duration, + end_time: end, + start_time: start, + }, + url: "/api/list/" + chan.toLowerCase() + "/" + id, + success: function(response) { + toast("addedsong"); + }, + error: function(response) { + if(response.responseJSON.status == 409) { + vote_ajax(id); + } else if(response.responseJSON.status == 429) { + setTimeout(function() { + add_ajax(id, title, duration, playlist, num, full_num, start, end); + }, response.getResponseHeader("Retry-After") * 1000); + } + } + }); +} + +function vote_ajax(id) { + var a = Crypt.get_pass(chan.toLowerCase()); + var u = Crypt.get_userpass(chan.toLowerCase()); + if(a == undefined) a = ""; + if(u == undefined) u = ""; + $.ajax({ + type: "PUT", + data: { + adminpass: a, + userpass: u + }, + url: "/api/list/" + chan.toLowerCase() + "/" + id, + success: function(response) { + toast("voted"); + }, + error: function(response) { + if(response.responseJSON.status == 403) { + start_auth(); + } else if(response.responseJSON.status == 429) { + setTimeout(function() { + vote_ajax(id); + }, response.getResponseHeader("Retry-After") * 1000); + } + } + }) +} + function setup_auth_listener() { socket.on('auth_required', function() { start_auth(); @@ -288,6 +432,10 @@ function embed_code(autoplay, width, height, color, embed_code){ } function change_offline(enabled, already_offline){ + if(client) { + offline = false; + return; + } Crypt.set_offline(enabled); offline = enabled; ga('send', 'event', "button-click", "offline", "", offline ? 1 : 0); diff --git a/server/public/assets/js/list.js b/server/public/assets/js/list.js index b295c062..808b0d1f 100755 --- a/server/public/assets/js/list.js +++ b/server/public/assets/js/list.js @@ -554,6 +554,14 @@ var List = { }, vote: function(id, vote) { + if(client && !socket.connected) { + if(vote != "del") { + vote_ajax(id); + } else { + del_ajax(id); + } + return; + } if(!offline || (vote == "del" && (hasadmin && (!w_p && adminpass != "")))){ emit('vote', {channel: chan, id: id, type: vote, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); } else { diff --git a/server/public/assets/js/listeners.js b/server/public/assets/js/listeners.js index 58db923a..b9e8b2cc 100755 --- a/server/public/assets/js/listeners.js +++ b/server/public/assets/js/listeners.js @@ -572,7 +572,7 @@ $(document).on("change", ".password_protected", function(e) { $(document).on("submit", "#user-password-channel-form", function(e) { e.preventDefault(); if(user_auth_started) { - temp_user_pass = CryptoJS.SHA256($("#user-pass-input").val()).toString(); + temp_user_pass = $("#user-pass-input").val(); $("#user-pass-input").val(""); socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: chan.toLowerCase(), pass: Crypt.crypt_pass(temp_user_pass)}); @@ -595,7 +595,7 @@ $(document).on("click", ".change_user_pass_btn", function(e) { $(document).on("click", ".submit-user-password", function(e) { e.preventDefault(); if(user_auth_started) { - temp_user_pass = CryptoJS.SHA256($("#user-pass-input").val()).toString(); + temp_user_pass = $("#user-pass-input").val(); $("#user-pass-input").val(""); socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: chan.toLowerCase(), pass: Crypt.crypt_pass(temp_user_pass)}); } else { diff --git a/server/public/assets/js/search.js b/server/public/assets/js/search.js index b2ad9666..fe1f183b 100755 --- a/server/public/assets/js/search.js +++ b/server/public/assets/js/search.js @@ -436,6 +436,10 @@ var Search = { }, submit: function(id,title,duration, playlist, num, full_num, start, end){ + if(client && !socket.connected) { + add_ajax(id, title, duration, playlist, num, full_num, start, end); + return; + } if(offline && document.getElementsByName("addsongs")[0].checked && document.getElementsByName("addsongs")[0].disabled){ var found_array = []; found_array = $.map(full_playlist, function(obj, index) { diff --git a/server/routing/client/api.js b/server/routing/client/api.js index 59ee28e8..cb15cf0f 100644 --- a/server/routing/client/api.js +++ b/server/routing/client/api.js @@ -142,7 +142,7 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); var adminpass = req.body.adminpass == "" ? "" : Functions.hash_pass(crypto.createHash('sha256').update(req.body.adminpass, 'utf8').digest("hex")); - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; var channel_name = cleanChannelName(req.params.channel_name); var video_id = req.params.video_id; @@ -243,7 +243,7 @@ router.route('/api/conf/:channel_name').put(function(req, res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); var adminpass = req.body.adminpass == "" ? "" : Functions.hash_pass(crypto.createHash('sha256').update(req.body.adminpass, 'utf8').digest("hex")); - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; var voting = req.body.vote; var addsongs = req.body.addsongs; @@ -398,7 +398,7 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); var adminpass = req.body.adminpass == "" ? "" : Functions.hash_pass(crypto.createHash('sha256').update(req.body.adminpass, 'utf8').digest("hex")); - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; var channel_name = cleanChannelName(req.params.channel_name); var video_id = req.params.video_id; @@ -485,7 +485,7 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); var channel_name = req.params.channel_name; - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; var token = ""; if(req.body.hasOwnProperty("token")) { @@ -569,7 +569,7 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; var channel_name = cleanChannelName(req.params.channel_name); var video_id = req.params.video_id; @@ -817,7 +817,7 @@ router.route('/api/conf/:channel_name').post(function(req, res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); var channel_name = req.params.channel_name; - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; if(typeof(userpass) != "string") { @@ -928,7 +928,7 @@ router.route('/api/list/:channel_name').post(function(req, res) { var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress; var guid = Functions.hash_pass(req.get('User-Agent') + ip + req.headers["accept-language"]); var channel_name = req.params.channel_name; - req.body.userpass = req.body.userpass == "" ? "" : req.body.userpass; + req.body.userpass = req.body.userpass == "" ? "" : crypto.createHash('sha256').update(req.body.userpass, 'utf8').digest("base64"); var userpass = req.body.userpass; if(typeof(userpass) != "string") { @@ -944,6 +944,7 @@ router.route('/api/list/:channel_name').post(function(req, res) { var to_send = error.formatting; to_send.results.push(result); res.status(400).send(JSON.stringify(to_send)); + return; }