diff --git a/package-lock.json b/package-lock.json index 58d6c225..d6e7c2ac 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2436,6 +2436,11 @@ "version": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=" }, + "q": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz", + "integrity": "sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc=" + }, "qs": { "version": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz", "integrity": "sha1-NJzfbu+J7EXBLX1es/wMhwNDptg=" diff --git a/package.json b/package.json index 01b9997c..4950c912 100644 --- a/package.json +++ b/package.json @@ -56,6 +56,7 @@ "nodemailer": "^4.0.1", "passport": "^0.4.0", "passport-local": "^1.0.0", + "q": "^1.5.1", "redis": "^2.8.0", "request": "^2.72.0", "socket.io": "^2.0.4", diff --git a/server/apps/client.js b/server/apps/client.js index f8357973..c22f6e90 100755 --- a/server/apps/client.js +++ b/server/apps/client.js @@ -1,4 +1,18 @@ VERSION = require(pathThumbnails + '/VERSION.js'); +var secure = false; +try { + var cert_config = require(path.join(path.join(__dirname, 'config'), 'cert_config.js')); + var fs = require('fs'); + var privateKey = fs.readFileSync(cert_config.privateKey).toString(); + var certificate = fs.readFileSync(cert_config.certificate).toString(); + var ca = fs.readFileSync(cert_config.ca).toString(); + var credentials = { + key: privateKey, + cert: certificate, + ca: ca + }; + secure = true; +} catch(err){} var add = ""; var path = require('path'); @@ -20,7 +34,8 @@ app.enable('view cache'); app.set('views', publicPath); var bodyParser = require('body-parser'); -var cookieParser = require('cookie-parser') +var cookieParser = require("cookie-parser"); +var cookies = require("cookie"); app.use( bodyParser.json() ); // to support JSON-encoded bodies app.use(bodyParser.urlencoded({ // to support URL-encoded bodies extended: true @@ -70,8 +85,10 @@ app.get('/robots.txt', function (req, res) { app.use(function (req, res, next) { var cookie = req.cookies._uI; if (cookie === undefined) { - var user_name = Functions.rndName(uniqid.time(), 15); - res.cookie('_uI',user_name, { maxAge: 365 * 10000 * 3600000 }); + var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15)); + res.cookie('_uI', user_name, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure }); + } else { + res.cookie('_uI', cookie, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure }); } res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); diff --git a/server/handlers/chat.js b/server/handlers/chat.js index e46fb0f0..f1302812 100644 --- a/server/handlers/chat.js +++ b/server/handlers/chat.js @@ -1,4 +1,4 @@ -function get_history(channel, all, socket, pass) { +function get_history(channel, all, socket) { var query = {}; if(all) { query = { @@ -10,13 +10,17 @@ function get_history(channel, all, socket, pass) { channel: channel, }; } + var pass = ""; if(!query.all) { - db.collection(channel + "_settings").find({id: "config"}, function(err, conf) { - if(conf.length > 0) { - if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, pass)).digest('base64')) { - getAndSendLogs(channel, all, socket, pass, query); + Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) { + pass = userpass; + db.collection(channel + "_settings").find({id: "config"}, function(err, conf) { + if(conf.length > 0) { + if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, pass)).digest('base64')) { + getAndSendLogs(channel, all, socket, pass, query); + } } - } + }); }); } else { getAndSendLogs(channel, all, socket, pass, query); @@ -40,9 +44,7 @@ function getAndSendLogs(channel, all, socket, pass, query) { function chat(msg, guid, offline, socket) { if(typeof(msg) !== 'object' || !msg.hasOwnProperty('data') || - !msg.hasOwnProperty('channel') || !msg.hasOwnProperty('pass') || - typeof(msg.data) != "string" || typeof(msg.channel) != "string" || - typeof(msg.pass) != "string") { + !msg.hasOwnProperty('channel') || typeof(msg.data) != "string" || typeof(msg.channel) != "string") { var result = { data: { expected: "string", @@ -61,30 +63,33 @@ function chat(msg, guid, offline, socket) { return; } var coll = msg.channel.toLowerCase(); - db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, msg.pass)).digest("base64")))) { - var data = msg.data; - Functions.check_inlist(coll, guid, socket, offline); - if(data !== "" && data !== undefined && data !== null && - data.length < 151 && data.replace(/\s/g, '').length){ - db.collection("user_names").find({"guid": guid}, function(err, docs) { - if(docs.length == 1) { - db.collection("registered_users").find({"_id": docs[0].name}, function(err, n) { - var icon = false; - if(n.length > 0 && n[0].icon) { - icon = n[0].icon; - } - db.collection("chat_logs").insert({ "createdAt": new Date(), all: false, channel: coll, from: docs[0].name, msg: ": " + data, icon: icon }); - io.to(coll).emit('chat', {from: docs[0].name, msg: ": " + data, icon: icon}); - }); - } else if(docs.length == 0){ - get_name(guid, {announce: false, channel: coll, message: data, all: false}); - } - }); + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) { + msg.pass = userpass; + db.collection(coll + "_settings").find(function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, msg.pass)).digest("base64")))) { + var data = msg.data; + Functions.check_inlist(coll, guid, socket, offline); + if(data !== "" && data !== undefined && data !== null && + data.length < 151 && data.replace(/\s/g, '').length){ + db.collection("user_names").find({"guid": guid}, function(err, docs) { + if(docs.length == 1) { + db.collection("registered_users").find({"_id": docs[0].name}, function(err, n) { + var icon = false; + if(n.length > 0 && n[0].icon) { + icon = n[0].icon; + } + db.collection("chat_logs").insert({ "createdAt": new Date(), all: false, channel: coll, from: docs[0].name, msg: ": " + data, icon: icon }); + io.to(coll).emit('chat', {from: docs[0].name, msg: ": " + data, icon: icon}); + }); + } else if(docs.length == 0){ + get_name(guid, {announce: false, channel: coll, message: data, all: false}); + } + }); + } + } else { + socket.emit('auth_required'); } - } else { - socket.emit('auth_required'); - } + }); }); } @@ -135,72 +140,85 @@ function namechange(data, guid, socket, tried) { var pw = ""; var new_password; var first = false; - if(data.hasOwnProperty("first")) { - first = data.first; - } - if(data.hasOwnProperty("password")) { - pw = data.password; - new_password = false; - } else if(data.hasOwnProperty("new_password") && data.hasOwnProperty("old_password")) { - pw = data.old_password; - new_password = Functions.decrypt_string(socket.zoff_id, data.new_password); - } - var password = Functions.decrypt_string(socket.zoff_id, pw); - var name = data.name; - db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) { - var accepted_password = false; - var icon = false; - if(docs.length == 0) { - if(new_password) { - return; - } - accepted_password = true; - db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {}); - } else if(docs[0].password == Functions.hash_pass(password)) { - if(docs[0].icon) { - icon = docs[0].icon; - } - accepted_password = true; - if(new_password) { - db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {}); - } + Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) { + var name = data.name; + if(data.hasOwnProperty("first")) { + first = data.first; } - if(accepted_password) { - db.collection("user_names").find({"guid": guid}, function(err, names) { - if(names.length > 0) { - var old_name = names[0].name; - db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function() {}); - db.collection("user_names").update({"guid": guid}, {$set: {name: name, icon: icon}}, function(err, docs) { - db.collection("user_names").update({"_id": "all_names"}, {$addToSet: {names: name}}, function(err, docs) { - socket.emit('name', {type: "name", accepted: true}); - if(old_name != name && !first) { - io.to(data.channel).emit('chat', {from: old_name, msg: " changed name to " + name}); - io.sockets.emit('chat.all', {from: old_name , msg: " changed name to " + name, channel: data.channel}); - } - }); - }); - } else { - if(tried < 3 || tried == undefined) { - if(tried == undefined) { - tried = 1; - } - namechange(data, guid, socket, tried + 1); - } + if(data.hasOwnProperty("password")) { + pw = data.password; + new_password = false; + } else if(data.hasOwnProperty("new_password") && data.hasOwnProperty("old_password")) { + pw = data.old_password; + new_password = Functions.decrypt_string(socket.zoff_id, data.new_password); + } + if(data.hasOwnProperty("first") && data.first) { + pw = pass; + name = name; + new_password = false; + } + var password = Functions.decrypt_string(socket.zoff_id, pw); + db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) { + var accepted_password = false; + var icon = false; + if(docs.length == 0) { + if(new_password) { + return; } - }); - } else { - socket.emit('name', {type: "name", accepted: false}); - } + accepted_password = true; + Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() { + db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {}); + }); + } else if(docs[0].password == Functions.hash_pass(password)) { + if(docs[0].icon) { + icon = docs[0].icon; + } + accepted_password = true; + if(new_password) { + Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() { + db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {}); + }); + } + } + if(accepted_password) { + db.collection("user_names").find({"guid": guid}, function(err, names) { + if(names.length > 0) { + var old_name = names[0].name; + db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function() {}); + db.collection("user_names").update({"guid": guid}, {$set: {name: name, icon: icon}}, function(err, docs) { + db.collection("user_names").update({"_id": "all_names"}, {$addToSet: {names: name}}, function(err, docs) { + //socket.emit('name', {type: "name", accepted: true}); + if(old_name != name && !first) { + io.to(data.channel).emit('chat', {from: old_name, msg: " changed name to " + name}); + io.sockets.emit('chat.all', {from: old_name , msg: " changed name to " + name, channel: data.channel}); + } + }); + }); + } else { + if(tried < 3 || tried == undefined) { + if(tried == undefined) { + tried = 1; + } + namechange(data, guid, socket, tried + 1); + } + } + }); + } else { + socket.emit('name', {type: "name", accepted: false}); + } + }); }); } -function removename(guid, coll) { +function removename(guid, coll, socket) { db.collection("user_names").find({"guid": guid}, function(err, docs) { if(docs.length == 1) { var old_name = docs[0].name; - db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) { - db.collection("user_names").remove({"guid": guid}, function(err, removed) { - get_name(guid, {announce: true, old_name: old_name, channel: coll}); + Functions.removeSessionChatPass(Functions.getSession(socket), function() { + db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) { + db.collection("user_names").remove({"guid": guid}, function(err, removed) { + get_name(guid, {announce: true, old_name: old_name, channel: coll}); + }); }); }); } @@ -234,7 +252,7 @@ function generate_name(guid, announce_payload, second) { }) } -function get_name(guid, announce_payload) { +function get_name(guid, announce_payload, first) { db.collection("user_names").find({"guid": guid}, function(err, docs) { if(docs.length == 0) { Chat.generate_name(guid, announce_payload); diff --git a/server/handlers/db.js b/server/handlers/db.js index 75639232..b45c146c 100644 --- a/server/handlers/db.js +++ b/server/handlers/db.js @@ -8,6 +8,7 @@ try { } var mongojs = require('mongojs'); var db = mongojs('mongodb://' + mongo_config.host + '/' + mongo_config.config); +var connected_db = mongojs('mongodb://' + mongo_config.host + '/user_credentials'); var ObjectId = mongojs.ObjectId; db.collection("chat_logs").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 600 }); @@ -15,7 +16,7 @@ db.collection("timeout_api").createIndex({ "createdAt": 1 }, { expireAfterSecond db.collection("api_links").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 86400 }); db.on('connected', function(err) { console.log("connected"); -}) +}); db.on('error',function(err) { console.log("\n" + new Date().toString() + "\n Database error: ", err); diff --git a/server/handlers/functions.js b/server/handlers/functions.js index 67f7f3a8..27708348 100644 --- a/server/handlers/functions.js +++ b/server/handlers/functions.js @@ -1,3 +1,13 @@ +var path = require('path'); +try { + var mongo_config = require(path.join(path.join(__dirname, '../config/'), 'mongo_config.js')); +} catch(e) { + console.log("Error - missing file"); + console.log("Seems you forgot to create the file mongo_config.js in /server/config/. Have a look at mongo_config.example.js."); + process.exit(); +} +var mongojs = require('mongojs'); +var connected_db = mongojs('mongodb://' + mongo_config.host + '/user_credentials'); function remove_unique_id(short_id) { db.collection("unique_ids").update({"_id": "unique_ids"}, {$pull: {unique_ids: short_id}}, function(err, docs) {}); @@ -9,6 +19,17 @@ function remove_name_from_db(guid, name) { }); } +function getSession(socket) { + try { + var cookieParser = require("cookie-parser"); + var cookie = require("cookie"); + var parsedCookies = cookie.parse(socket.handshake.headers.cookie); + return parsedCookies["_uI"]; + } catch(e) { + return "empty"; + } +} + function remove_from_array(array, element){ if(Functions.contains(array, element)){ var index = array.indexOf(element); @@ -139,6 +160,119 @@ function hash_pass(adminpass, hex) { return crypto.createHash('sha256').update(adminpass).digest('base64'); } +function setSessionAdminPass(id, adminpass, list, callback) { + try { + if(id == "empty") { + callback(); + return; + } + + connected_db.collection(id).update({_id: list}, {$set: {adminpass: adminpass}}, {upsert: true}, function(e, d){ + callback(); + return; + }); + } catch(e) { + + } +} + +function setSessionChatPass(id, name, pass, callback) { + try { + if(id == "empty") { + callback(); + return; + } + + connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) { + callback(); + return; + }) + } catch(e) { + callback(); + return; + } +} + +function getSessionChatPass(id, callback) { + try { + if(id == "empty") { + callback("", "", false); + return; + } + + connected_db.collection(id).find({_id: "_chat_"}, function(e, d) { + if(d.length > 0) { + var name = ""; + var pass = ""; + if(d[0].name != undefined) name = d[0].name; + if(d[0].password != undefined) pass = d[0].password; + callback(name, password); + return; + } else { + callback("", "", false); + return; + } + }) + } catch(e) { + callback(); + return; + } +} + +function setSessionUserPass(id, userpass, list, callback) { + try { + if(id == "empty") { + callback(); + return; + } + + connected_db.collection(id).update({_id: list}, {$set: {userpass: userpass}}, {upsert: true}, function(e, d){ + callback(); + return; + }); + } catch(e) { + callback(); + } +} + +function getSessionAdminUser(id, list, callback) { + try { + if(id == "empty") { + callback("", "", false); + return; + } + connected_db.collection(id).find({_id: list}, function(e, d) { + var userpass = ""; + var adminpass = ""; + if(d.length > 0) { + if(d[0].userpass != undefined) userpass = d[0].userpass; + if(d[0].adminpass != undefined) adminpass = d[0].adminpass; + } + callback(userpass, adminpass, true); + }) + } catch(e) { + callback("", "", false); + } +} + +function removeSessionChatPass(id, callback) { + if(id == "empty") { + callback(); + return; + } + connected_db.collection(id).remove({_id: "_chat_"}, function() { + callback(); + return; + }); +} + +module.exports.getSessionChatPass = getSessionChatPass; +module.exports.setSessionChatPass = setSessionChatPass; +module.exports.removeSessionChatPass = removeSessionChatPass; +module.exports.setSessionAdminPass = setSessionAdminPass; +module.exports.setSessionUserPass = setSessionUserPass; +module.exports.getSessionAdminUser = getSessionAdminUser; +module.exports.getSession = getSession; module.exports.generate_channel_name = generate_channel_name; module.exports.remove_unique_id = remove_unique_id; module.exports.remove_name_from_db = remove_name_from_db; diff --git a/server/handlers/io.js b/server/handlers/io.js index a2946071..f8deda96 100644 --- a/server/handlers/io.js +++ b/server/handlers/io.js @@ -44,6 +44,10 @@ module.exports = function() { } }); + socket.on("logout", function() { + Functions.setSessionAdminPass(Functions.getSession(socket), "", coll, function() {}) + }); + socket.on('chromecast', function(msg) { try { if(typeof(msg) == "object" && msg.hasOwnProperty("guid") && @@ -51,6 +55,14 @@ module.exports = function() { typeof(msg.channel) == "string" && typeof(msg.socket_id) == "string") { db.collection("connected_users").find({"_id": msg.channel}, function(err, connected_users_channel) { if(connected_users_channel.length > 0 && connected_users_channel[0].users.indexOf(msg.guid) > -1) { + var q = socket.handshake.headers.cookie.split(" "); + for(var i = 0; i < q.length; i++) { + if(q[i].substring(0,4) == "_uI=") { + q[i] = "_uI=rpmFLmS2QvgRavsU6uTNYLAOWjXj5UUi0a4P24eqbao%3D; "; + break; + } + } + socket.handshake.headers.cookie = q.join(" "); guid = msg.guid; socketid = msg.socket_id; socket.zoff_id = socketid; @@ -66,6 +78,10 @@ module.exports = function() { } }); + socket.on("get_id", function() { + socket.emit("id_chromecast", Functions.getSession(socket)); + }); + socket.on("error_video", function(msg) { try { var _list = msg.channel; @@ -117,7 +133,7 @@ module.exports = function() { socket.emit('update_required', result); return; } - Chat.removename(guid, msg.channel); + Chat.removename(guid, msg.channel, socket); }); socket.on("offline", function(msg){ @@ -179,9 +195,7 @@ module.exports = function() { socket.on('get_history', function(msg) { if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("all") || - !msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" || typeof(msg.channel) != "string" || typeof(msg.all) != "boolean") { - console.log("here"); var result = { all: { expected: "boolean", @@ -199,7 +213,7 @@ module.exports = function() { socket.emit('update_required', result); return; } - Chat.get_history(msg.channel, msg.all, socket, msg.pass); + Chat.get_history(msg.channel, msg.all, socket); }); socket.on('chat', function (msg) { @@ -399,8 +413,7 @@ module.exports = function() { socket.on('pos', function(obj) { - if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" || - (obj.hasOwnProperty("pass") && typeof(obj.pass) != "string")) + if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string") if(coll !== undefined) { try { coll = obj.channel.toLowerCase(); @@ -414,8 +427,7 @@ module.exports = function() { } } - if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" || - !obj.hasOwnProperty("pass") || typeof(obj.pass) != "string") { + if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string") { var result = { channel: { expected: "string", @@ -431,18 +443,24 @@ module.exports = function() { } db.collection(coll + "_settings").find(function(err, docs) { - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { - Functions.check_inlist(coll, guid, socket, offline); - List.send_play(coll, socket); - } else { - socket.emit("auth_required"); - } + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { + obj.pass = userpass; + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { + Functions.check_inlist(coll, guid, socket, offline); + List.send_play(coll, socket); + } else { + socket.emit("auth_required"); + } + }); }); }); + }); //send_ping(); } + + /* function send_ping() { db.collection("connected_users").update({users: {$exists: true}}, {$set: {users: []}}, {multi: true}, function(err, docs){ diff --git a/server/handlers/list.js b/server/handlers/list.js index e55a9812..e53dd7ba 100644 --- a/server/handlers/list.js +++ b/server/handlers/list.js @@ -22,63 +22,72 @@ function list(msg, guid, coll, offline, socket) { if(typeof(msg) === 'object' && msg !== undefined && msg !== null) { - if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") || !msg.hasOwnProperty("pass") || - msg.version != VERSION || msg.version == undefined || - typeof(msg.channel) != "string" || typeof(msg.pass) != "string") { - var result = { - channel: { - expected: "string", - got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined, - }, - version: { - expected: VERSION, - got: msg.version, - }, - pass: { - expected: "string", - got: msg.hasOwnProperty("pass") ? typeof(msg.pass) : undefined, - }, - }; - socket.emit('update_required', result); - return; - } - coll = msg.channel.toLowerCase(); - var pass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); - db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){ - if(frontpage_lists.length == 1) - { - db.collection(coll + "_settings").find(function(err, docs) { - if(docs.length == 0 || (docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || docs[0].userpass == pass))) { - if(docs.length > 0 && docs[0].hasOwnProperty('userpass') && docs[0].userpass != "" && docs[0].userpass == pass) { - socket.emit("auth_accepted", {value: true}); - } - in_list = true; - socket.join(coll); - Functions.check_inlist(coll, guid, socket, offline); - - if(frontpage_lists.viewers != undefined){ - io.to(coll).emit("viewers", frontpage_lists.viewers); - } else { - io.to(coll).emit("viewers", 1); - } - - List.send_list(coll, socket, true, false, true); - - } else { - socket.emit("auth_required"); - } - }); - } else { - db.createCollection(coll, function(err, docs){ - var configs = {"addsongs":false, "adminpass":"", "allvideos":true, "frontpage":true, "longsongs":false, "removeplay": false, "shuffle": true, "skip": false, "skips": [], "startTime":Functions.get_time(), "views": [], "vote": false, "desc": "", userpass: "", id: "config"}; - db.collection(coll + "_settings").insert(configs, function(err, docs){ - socket.join(coll); - List.send_list(coll, socket, true, false, true); - db.collection("frontpage_lists").insert({"_id": coll, "count" : 0, "frontpage": true, "accessed": Functions.get_time(), "viewers": 1}); - Functions.check_inlist(coll, guid, socket, offline); - }); - }); + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { + if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) { + msg.pass = userpass; } + if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") || + msg.version != VERSION || msg.version == undefined || + typeof(msg.channel) != "string") { + var result = { + channel: { + expected: "string", + got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined, + }, + version: { + expected: VERSION, + got: msg.version, + }, + pass: { + expected: "string", + got: msg.hasOwnProperty("pass") ? typeof(msg.pass) : undefined, + }, + }; + socket.emit('update_required', result); + return; + } + coll = msg.channel.toLowerCase(); + var pass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); + db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){ + if(frontpage_lists.length == 1) + { + db.collection(coll + "_settings").find(function(err, docs) { + if(docs.length == 0 || (docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || docs[0].userpass == pass))) { + if(docs.length > 0 && docs[0].hasOwnProperty('userpass') && docs[0].userpass != "" && docs[0].userpass == pass) { + Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){}) + socket.emit("auth_accepted", {value: true}); + } + if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, adminpass), true))) { + socket.emit("pw", true); + } + in_list = true; + socket.join(coll); + Functions.check_inlist(coll, guid, socket, offline); + + if(frontpage_lists.viewers != undefined){ + io.to(coll).emit("viewers", frontpage_lists.viewers); + } else { + io.to(coll).emit("viewers", 1); + } + + List.send_list(coll, socket, true, false, true); + + } else { + socket.emit("auth_required"); + } + }); + } else { + db.createCollection(coll, function(err, docs){ + var configs = {"addsongs":false, "adminpass":"", "allvideos":true, "frontpage":true, "longsongs":false, "removeplay": false, "shuffle": true, "skip": false, "skips": [], "startTime":Functions.get_time(), "views": [], "vote": false, "desc": "", userpass: "", id: "config"}; + db.collection(coll + "_settings").insert(configs, function(err, docs){ + socket.join(coll); + List.send_list(coll, socket, true, false, true); + db.collection("frontpage_lists").insert({"_id": coll, "count" : 0, "frontpage": true, "accessed": Functions.get_time(), "viewers": 1}); + Functions.check_inlist(coll, guid, socket, offline); + }); + }); + } + }); }); } else { var result = { @@ -109,10 +118,8 @@ function skip(list, guid, coll, offline, socket) { return; } } - if(!list.hasOwnProperty("pass") || !list.hasOwnProperty("userpass") || - !list.hasOwnProperty("id") || !list.hasOwnProperty("channel") || - typeof(list.pass) != "string" || typeof(list.id) != "string" || - typeof(list.channel) != "string" || typeof(list.userpass) != "string") { + if(!list.hasOwnProperty("id") || !list.hasOwnProperty("channel") || + typeof(list.id) != "string" || typeof(list.channel) != "string") { var result = { channel: { expected: "string", @@ -134,72 +141,77 @@ function skip(list, guid, coll, offline, socket) { socket.emit('update_required', result); return; } - db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, list.userpass)).digest("base64")))) { + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { + list.pass = adminpass; + list.userpass = userpass; - Functions.check_inlist(coll, guid, socket, offline); + db.collection(coll + "_settings").find(function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, list.userpass)).digest("base64")))) { - adminpass = ""; - video_id = list.id; - err = list.error; - var error = false; - var video_id; - if(err != "5" && err != "100" && err != "101" && err != "150") - { - adminpass = list.pass; - }else if(err == "5" || err == "100" || err == "101" || err == "150"){ - error = true; - } + Functions.check_inlist(coll, guid, socket, offline); - if(adminpass !== undefined && adminpass !== null && adminpass !== "") - hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, adminpass),true)); - else - hash = ""; - - db.collection(coll + "_settings").find(function(err, docs){ - - if(docs !== null && docs.length !== 0) + adminpass = ""; + video_id = list.id; + err = list.error; + var error = false; + var video_id; + if(err != "5" && err != "100" && err != "101" && err != "150") { - if(!docs[0].skip || (docs[0].adminpass == hash && docs[0].adminpass !== "") || error) - { - db.collection("frontpage_lists").find({"_id": coll}, function(err, frontpage_viewers){ - if((frontpage_viewers[0].viewers/2 <= docs[0].skips.length+1 && !Functions.contains(docs[0].skips, guid) && frontpage_viewers[0].viewers != 2) || - (frontpage_viewers[0].viewers == 2 && docs[0].skips.length+1 == 2 && !Functions.contains(docs[0].skips, guid)) || - (docs[0].adminpass == hash && docs[0].adminpass !== "" && docs[0].skip)) - { - List.change_song(coll, error, video_id); - socket.emit("toast", "skip"); - db.collection("user_names").find({"guid": guid}, function(err, docs) { - if(docs.length == 1) { - db.collection("registered_users").find({"_id": docs[0].name}, function(err, n) { - var icon = false; - if(n.length > 0 && n[0].icon) { - icon = n[0].icon; - } - io.to(coll).emit('chat', {from: docs[0].name, icon: icon, msg: " skipped"}); - }); - } - }); - }else if(!Functions.contains(docs[0].skips, guid)){ - db.collection(coll + "_settings").update({ id: "config" }, {$push:{skips:guid}}, function(err, d){ - if(frontpage_viewers[0].viewers == 2) - to_skip = 1; - else - to_skip = (Math.ceil(frontpage_viewers[0].viewers/2) - docs[0].skips.length-1); - socket.emit("toast", to_skip + " more are needed to skip!"); - socket.to(coll).emit('chat', {from: name, msg: " voted to skip"}); - }); - }else{ - socket.emit("toast", "alreadyskip"); - } - }); - }else - socket.emit("toast", "noskip"); + adminpass = list.pass; + }else if(err == "5" || err == "100" || err == "101" || err == "150"){ + error = true; } - }); - } else { - socket.emit("auth_required"); - } + + if(adminpass !== undefined && adminpass !== null && adminpass !== "") + hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, adminpass),true)); + else + hash = ""; + + db.collection(coll + "_settings").find(function(err, docs){ + + if(docs !== null && docs.length !== 0) + { + if(!docs[0].skip || (docs[0].adminpass == hash && docs[0].adminpass !== "") || error) + { + db.collection("frontpage_lists").find({"_id": coll}, function(err, frontpage_viewers){ + if((frontpage_viewers[0].viewers/2 <= docs[0].skips.length+1 && !Functions.contains(docs[0].skips, guid) && frontpage_viewers[0].viewers != 2) || + (frontpage_viewers[0].viewers == 2 && docs[0].skips.length+1 == 2 && !Functions.contains(docs[0].skips, guid)) || + (docs[0].adminpass == hash && docs[0].adminpass !== "" && docs[0].skip)) + { + List.change_song(coll, error, video_id); + socket.emit("toast", "skip"); + db.collection("user_names").find({"guid": guid}, function(err, docs) { + if(docs.length == 1) { + db.collection("registered_users").find({"_id": docs[0].name}, function(err, n) { + var icon = false; + if(n.length > 0 && n[0].icon) { + icon = n[0].icon; + } + io.to(coll).emit('chat', {from: docs[0].name, icon: icon, msg: " skipped"}); + }); + } + }); + }else if(!Functions.contains(docs[0].skips, guid)){ + db.collection(coll + "_settings").update({ id: "config" }, {$push:{skips:guid}}, function(err, d){ + if(frontpage_viewers[0].viewers == 2) + to_skip = 1; + else + to_skip = (Math.ceil(frontpage_viewers[0].viewers/2) - docs[0].skips.length-1); + socket.emit("toast", to_skip + " more are needed to skip!"); + socket.to(coll).emit('chat', {from: name, msg: " voted to skip"}); + }); + }else{ + socket.emit("toast", "alreadyskip"); + } + }); + }else + socket.emit("toast", "noskip"); + } + }); + } else { + socket.emit("auth_required"); + } + }); }); } else { var result = { @@ -480,9 +492,8 @@ function end(obj, coll, guid, offline, socket) { if(id !== undefined && id !== null && id !== "") { - if(!obj.hasOwnProperty("id") || !obj.hasOwnProperty("channel") || !obj.hasOwnProperty("pass") || - typeof(obj.id) != "string" || typeof(obj.channel) != "string" || - typeof(obj.pass) != "string") { + if(!obj.hasOwnProperty("id") || !obj.hasOwnProperty("channel") || + typeof(obj.id) != "string" || typeof(obj.channel) != "string") { var result = { channel: { expected: "string", @@ -500,34 +511,37 @@ function end(obj, coll, guid, offline, socket) { socket.emit("update_required", result); return; } + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) { + obj.pass = userpass; - db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { + db.collection(coll + "_settings").find(function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { - Functions.check_inlist(coll, guid, socket, offline); - db.collection(coll).find({now_playing:true}, function(err, np){ - if(err !== null) console.log(err); - if(np !== null && np !== undefined && np.length == 1 && np[0].id == id){ - db.collection(coll + "_settings").find(function(err, docs){ - var startTime = docs[0].startTime; - if(docs[0].removeplay === true && startTime+parseInt(np[0].duration)<=Functions.get_time()+5) - { - db.collection(coll).remove({now_playing:true}, function(err, docs){ - List.change_song_post(coll); - db.collection("frontpage_lists").update({_id:coll, count: {$gt: 0}}, {$inc:{count:-1}, $set:{accessed: Functions.get_time()}}, {upsert:true}, function(err, docs){}); - }); - }else{ - if(startTime+parseInt(np[0].duration)<=Functions.get_time()+5) + Functions.check_inlist(coll, guid, socket, offline); + db.collection(coll).find({now_playing:true}, function(err, np){ + if(err !== null) console.log(err); + if(np !== null && np !== undefined && np.length == 1 && np[0].id == id){ + db.collection(coll + "_settings").find(function(err, docs){ + var startTime = docs[0].startTime; + if(docs[0].removeplay === true && startTime+parseInt(np[0].duration)<=Functions.get_time()+5) { - List.change_song(coll, false, id); + db.collection(coll).remove({now_playing:true}, function(err, docs){ + List.change_song_post(coll); + db.collection("frontpage_lists").update({_id:coll, count: {$gt: 0}}, {$inc:{count:-1}, $set:{accessed: Functions.get_time()}}, {upsert:true}, function(err, docs){}); + }); + }else{ + if(startTime+parseInt(np[0].duration)<=Functions.get_time()+5) + { + List.change_song(coll, false, id); + } } - } - }); - } - }); - } else { - socket.emit("auth_required"); - } + }); + } + }); + } else { + socket.emit("auth_required"); + } + }); }); } else { var result = { diff --git a/server/handlers/list_change.js b/server/handlers/list_change.js index 6b8310af..d053d9d4 100644 --- a/server/handlers/list_change.js +++ b/server/handlers/list_change.js @@ -43,8 +43,7 @@ function add_function(arr, coll, guid, offline, socket) { typeof(arr.end) != "number" || typeof(arr.title) != "string" || typeof(arr.list) != "string" || typeof(arr.duration) != "number" || typeof(arr.playlist) != "boolean" || typeof(arr.num) != "number" || - typeof(arr.total) != "number" || typeof(arr.pass) != "string" || - typeof(arr.adminpass) != "string") { + typeof(arr.total) != "number") { var result = { start: { expected: "number or string that can be cast to int", @@ -90,143 +89,146 @@ function add_function(arr, coll, guid, offline, socket) { socket.emit('update_required', result); return; } + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { + arr.adminpass = adminpass; + arr.userpass = userpass; + db.collection(coll + "_settings").find(function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, arr.pass)).digest("base64")))) { - db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, arr.pass)).digest("base64")))) { + Functions.check_inlist(coll, guid, socket, offline); - Functions.check_inlist(coll, guid, socket, offline); - - var id = arr.id; - var title = arr.title; - var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, arr.adminpass), true)); - var duration = parseInt(arr.duration); - var full_list = arr.playlist; - var last = arr.num == arr.total - 1; - var num = arr.num; - var total = arr.total; - /*db.collection(coll + "_settings").find(function(err, docs) - {*/ - conf = docs; - if(docs !== null && docs.length !== 0 && ((docs[0].addsongs === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) || - docs[0].addsongs === false)) - { - db.collection(coll).find({id:id, type:{$ne:"suggested"}}, function(err, docs){ - if(docs !== null && docs.length === 0) - { - var guids = full_list === true ? [] : [guid]; - var votes; - var added; - if(full_list) { - var time = Functions.get_time()-total; - time = time.toString(); - var total_len = total.toString().length; - var now_len = num.toString().length; - var to_add = num.toString(); - while(now_len < total_len) { - to_add = "0" + to_add; - now_len = to_add.length; + var id = arr.id; + var title = arr.title; + var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, arr.adminpass), true)); + var duration = parseInt(arr.duration); + var full_list = arr.playlist; + var last = arr.num == arr.total - 1; + var num = arr.num; + var total = arr.total; + /*db.collection(coll + "_settings").find(function(err, docs) + {*/ + conf = docs; + if(docs !== null && docs.length !== 0 && ((docs[0].addsongs === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) || + docs[0].addsongs === false)) + { + db.collection(coll).find({id:id, type:{$ne:"suggested"}}, function(err, docs){ + if(docs !== null && docs.length === 0) + { + var guids = full_list === true ? [] : [guid]; + var votes; + var added; + if(full_list) { + var time = Functions.get_time()-total; + time = time.toString(); + var total_len = total.toString().length; + var now_len = num.toString().length; + var to_add = num.toString(); + while(now_len < total_len) { + to_add = "0" + to_add; + now_len = to_add.length; + } + time = time.substring(0, time.length - total_len); + time = time + to_add; + time = parseInt(time); + added = time; + votes = 0; + } else { + added = Functions.get_time(); + votes = 1; } - time = time.substring(0, time.length - total_len); - time = time + to_add; - time = parseInt(time); - added = time; - votes = 0; - } else { - added = Functions.get_time(); - votes = 1; - } - db.collection(coll).find({now_playing:true}, function(err, docs){ - if((docs !== null && docs.length === 0)){ - np = true; - if(full_list && num === 0){ + db.collection(coll).find({now_playing:true}, function(err, docs){ + if((docs !== null && docs.length === 0)){ np = true; - time = time.toString(); - total += 1; - var total_len = total.toString().length; - var now_len = total.toString().length; - var to_add = total.toString(); - while(now_len < total_len) { - to_add = "0" + to_add; - now_len = to_add.length; + if(full_list && num === 0){ + np = true; + time = time.toString(); + total += 1; + var total_len = total.toString().length; + var now_len = total.toString().length; + var to_add = total.toString(); + while(now_len < total_len) { + to_add = "0" + to_add; + now_len = to_add.length; + } + time = time.substring(0, time.length - total_len); + time = parseInt(time).toString() + to_add; + time = parseInt(time); + added = time; + votes = 0; + } else if(full_list) { + np = false; } - time = time.substring(0, time.length - total_len); - time = parseInt(time).toString() + to_add; - time = parseInt(time); - added = time; - votes = 0; - } else if(full_list) { + } else { np = false; } - } else { - np = false; - } - var new_song = {"added": added,"guids":guids,"id":id,"now_playing":np,"title":title,"votes":votes, "duration":duration, "start": parseInt(start), "end": parseInt(end), "type": "video"}; - db.collection(coll).update({id: id}, new_song, {upsert: true}, function(err, docs){ - new_song._id = "asd"; - if(np) { - List.send_list(coll, undefined, false, true, false); - db.collection(coll + "_settings").update({ id: "config" }, {$set:{startTime: Functions.get_time()}}); - List.send_play(coll, undefined); - Frontpage.update_frontpage(coll, id, title); - if(!full_list) Search.get_correct_info(new_song, coll, false); - } else { - io.to(coll).emit("channel", {type: "added", value: new_song}); - if(!full_list) Search.get_correct_info(new_song, coll, true); + var new_song = {"added": added,"guids":guids,"id":id,"now_playing":np,"title":title,"votes":votes, "duration":duration, "start": parseInt(start), "end": parseInt(end), "type": "video"}; + db.collection(coll).update({id: id}, new_song, {upsert: true}, function(err, docs){ + new_song._id = "asd"; + if(np) { + List.send_list(coll, undefined, false, true, false); + db.collection(coll + "_settings").update({ id: "config" }, {$set:{startTime: Functions.get_time()}}); + List.send_play(coll, undefined); + Frontpage.update_frontpage(coll, id, title); + if(!full_list) Search.get_correct_info(new_song, coll, false); + } else { + io.to(coll).emit("channel", {type: "added", value: new_song}); + if(!full_list) Search.get_correct_info(new_song, coll, true); + } + db.collection("frontpage_lists").update({_id:coll}, {$inc:{count:1}, $set:{accessed: Functions.get_time()}}, {upsert:true}, function(err, docs){}); + List.getNextSong(coll); + }); + if(!full_list) { + socket.emit("toast", "addedsong"); + } else if(full_list && last) { + socket.emit("toast", "addedplaylist"); } - db.collection("frontpage_lists").update({_id:coll}, {$inc:{count:1}, $set:{accessed: Functions.get_time()}}, {upsert:true}, function(err, docs){}); - List.getNextSong(coll); }); - if(!full_list) { - socket.emit("toast", "addedsong"); - } else if(full_list && last) { + } else if(!full_list) { + ListChange.vote(coll, id, guid, socket, full_list, last); + if(full_list && last) { socket.emit("toast", "addedplaylist"); } - }); - } else if(!full_list) { - ListChange.vote(coll, id, guid, socket, full_list, last); - if(full_list && last) { + } else if(full_list && last) { socket.emit("toast", "addedplaylist"); } - } else if(full_list && last) { - socket.emit("toast", "addedplaylist"); + }); + } else if(!full_list) { + db.collection(coll).find({id: id}, function(err, docs) { + if(docs.length === 0) { + db.collection(coll).update({id: id}, {$set:{ + "added":Functions.get_time(), + "guids": [guid], + "id":id, + "now_playing": false, + "title":title, + "votes":1, + "duration":duration, + "start": start, + "end": end, + "type":"suggested"} + }, + {upsert:true}, function(err, docs){ + socket.emit("toast", "suggested"); + io.to(coll).emit("suggested", {id: id, title: title, duration: duration}); + }); + } else if(docs[0].now_playing === true){ + socket.emit("toast", "alreadyplay"); + } else{ + if(conf[0].vote === false) ListChange.vote(coll, id, guid, socket, full_list, last); + else socket.emit("toast", "listhaspass"); + } + }); + } else if (full_list){ + if(arr.num == 0) { + socket.emit("toast", "listhaspass"); } - }); - } else if(!full_list) { - db.collection(coll).find({id: id}, function(err, docs) { - if(docs.length === 0) { - db.collection(coll).update({id: id}, {$set:{ - "added":Functions.get_time(), - "guids": [guid], - "id":id, - "now_playing": false, - "title":title, - "votes":1, - "duration":duration, - "start": start, - "end": end, - "type":"suggested"} - }, - {upsert:true}, function(err, docs){ - socket.emit("toast", "suggested"); - io.to(coll).emit("suggested", {id: id, title: title, duration: duration}); - }); - } else if(docs[0].now_playing === true){ - socket.emit("toast", "alreadyplay"); - } else{ - if(conf[0].vote === false) ListChange.vote(coll, id, guid, socket, full_list, last); - else socket.emit("toast", "listhaspass"); - } - }); - } else if (full_list){ - if(arr.num == 0) { - socket.emit("toast", "listhaspass"); } - } - //}); - } else { - socket.emit("auth_required"); - } + //}); + } else { + socket.emit("auth_required"); + } + }); }); } else { var result = { @@ -248,10 +250,8 @@ function voteUndecided(msg, coll, guid, offline, socket) { if(typeof(msg) === 'object' && msg !== undefined && msg !== null){ if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("id") || - !msg.hasOwnProperty("type") || !msg.hasOwnProperty("adminpass") || - !msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" || - typeof(msg.channel) != "string" || typeof(msg.id) != "string" || - typeof(msg.type) != "string" || typeof(msg.adminpass) != "string") { + !msg.hasOwnProperty("type") || typeof(msg.channel) != "string" || + typeof(msg.id) != "string" || typeof(msg.type) != "string") { var result = { channel: { expected: "string", @@ -278,27 +278,31 @@ function voteUndecided(msg, coll, guid, offline, socket) { return; } coll = msg.channel.toLowerCase();; + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { + msg.adminpass = adminpass; + msg.pass = userpass; - db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { + db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { - Functions.check_inlist(coll, guid, socket, offline); + Functions.check_inlist(coll, guid, socket, offline); - if(msg.type == "del") { - ListChange.del(msg, socket, socketid); - } else { - var id = msg.id; - var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass), true)); - if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) || - docs[0].vote === false)) { - ListChange.vote(coll, id, guid, socket, false, false); + if(msg.type == "del") { + ListChange.del(msg, socket, socketid); } else { - socket.emit("toast", "listhaspass"); + var id = msg.id; + var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass), true)); + if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) || + docs[0].vote === false)) { + ListChange.vote(coll, id, guid, socket, false, false); + } else { + socket.emit("toast", "listhaspass"); + } } + } else { + socket.emit("auth_required"); } - } else { - socket.emit("auth_required"); - } + }); }); } else { var result = { @@ -315,9 +319,7 @@ function shuffle(msg, coll, guid, offline, socket) { var socketid = socket.zoff_id; - if(!msg.hasOwnProperty("adminpass") || !msg.hasOwnProperty("channel") || - !msg.hasOwnProperty("pass") || typeof(msg.adminpass) != "string" || - typeof(msg.channel) != "string" || typeof(msg.pass) != "string") { + if(!msg.hasOwnProperty("channel") || typeof(msg.channel) != "string") { var result = { channel: { expected: "string", @@ -337,61 +339,65 @@ function shuffle(msg, coll, guid, offline, socket) { } coll = msg.channel.toLowerCase(); - db.collection("timeout_api").find({ - type: "shuffle", - guid: coll, - }, function(err, docs) { - if(docs.length > 0) { - var date = new Date(docs[0].createdAt); - date.setSeconds(date.getSeconds() + 5); - var now = new Date(); - var retry_in = (date.getTime() - now.getTime()) / 1000; - if(retry_in > 0) { - socket.emit("toast", "wait_longer"); - return; + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { + msg.adminpass = adminpass; + msg.pass = userpass; + db.collection("timeout_api").find({ + type: "shuffle", + guid: coll, + }, function(err, docs) { + if(docs.length > 0) { + var date = new Date(docs[0].createdAt); + date.setSeconds(date.getSeconds() + 5); + var now = new Date(); + var retry_in = (date.getTime() - now.getTime()) / 1000; + if(retry_in > 0) { + socket.emit("toast", "wait_longer"); + return; + } } - } - var now_date = new Date(); - db.collection("timeout_api").update({type: "shuffle", guid: coll}, { - $set: { - "createdAt": now_date, - type: "shuffle", - guid: coll, - }, - }, {upsert: true}, function(err, docs) { - Functions.check_inlist(coll, guid, socket, offline); - var hash; - if(msg.adminpass === "") hash = msg.adminpass; - else hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true)); - db.collection(coll + "_settings").find(function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { - if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash || docs[0].adminpass === "") || docs[0].shuffle === false)) + var now_date = new Date(); + db.collection("timeout_api").update({type: "shuffle", guid: coll}, { + $set: { + "createdAt": now_date, + type: "shuffle", + guid: coll, + }, + }, {upsert: true}, function(err, docs) { + Functions.check_inlist(coll, guid, socket, offline); + var hash; + if(msg.adminpass === "") hash = msg.adminpass; + else hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true)); + db.collection(coll + "_settings").find(function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { + if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash || docs[0].adminpass === "") || docs[0].shuffle === false)) + { + db.collection(coll).find({now_playing:false}).forEach(function(err, docs){ + if(!docs){ + List.send_list(coll, undefined, false, true, false, true); + socket.emit("toast", "shuffled"); + + return; + }else{ + num = Math.floor(Math.random()*1000000); + db.collection(coll).update({id:docs.id}, {$set:{added:num}}); + } + }); + }else + socket.emit("toast", "wrongpass"); + } else { + socket.emit("auth_required"); + } + }); + + var complete = function(tot, curr){ + if(tot == curr) { - db.collection(coll).find({now_playing:false}).forEach(function(err, docs){ - if(!docs){ - List.send_list(coll, undefined, false, true, false, true); - socket.emit("toast", "shuffled"); - - return; - }else{ - num = Math.floor(Math.random()*1000000); - db.collection(coll).update({id:docs.id}, {$set:{added:num}}); - } - }); - }else - socket.emit("toast", "wrongpass"); - } else { - socket.emit("auth_required"); - } + List.send_list(coll, undefined, false, true, false); + List.getNextSong(coll); + } + }; }); - - var complete = function(tot, curr){ - if(tot == curr) - { - List.send_list(coll, undefined, false, true, false); - List.getNextSong(coll); - } - }; }); }); } @@ -427,9 +433,7 @@ function del(params, socket, socketid) { function delete_all(msg, coll, guid, offline, socket) { var socketid = socket.zoff_id; if(typeof(msg) == 'object' ) { - if(!msg.hasOwnProperty('channel') || !msg.hasOwnProperty('adminpass') || - !msg.hasOwnProperty('pass') || typeof(msg.channel) != "string" || - typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { + if(!msg.hasOwnProperty('channel') || typeof(msg.channel) != "string") { var result = { channel: { expected: "string", @@ -447,22 +451,25 @@ function delete_all(msg, coll, guid, offline, socket) { socket.emit('update_required', result); return; } - - var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true)); - var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); - db.collection(coll + "_settings").find(function(err, conf) { - if(conf.length == 1 && conf) { - conf = conf[0]; - if(conf.adminpass == hash && conf.adminpass != "" && (conf.userpass == "" || conf.userpass == undefined || (conf.userpass != "" && conf.userpass != undefined && conf.pass == hash_userpass))) { - db.collection(coll).remove({views: {$exists: false}}, {multi: true}, function(err, succ) { - List.send_list(coll, false, true, true, true); - db.collection("frontpage_lists").update({_id: coll}, {$set: {count: 0, accessed: Functions.get_time()}}, {upsert: true}, function(err, docs) {}); - socket.emit("toast", "deleted_songs"); - }); - } else { - socket.emit("toast", "listhaspass"); - } - } + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { + msg.adminpass = adminpass; + msg.pass = userpass; + var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true)); + var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); + db.collection(coll + "_settings").find(function(err, conf) { + if(conf.length == 1 && conf) { + conf = conf[0]; + if(conf.adminpass == hash && conf.adminpass != "" && (conf.userpass == "" || conf.userpass == undefined || (conf.userpass != "" && conf.userpass != undefined && conf.pass == hash_userpass))) { + db.collection(coll).remove({views: {$exists: false}}, {multi: true}, function(err, succ) { + List.send_list(coll, false, true, true, true); + db.collection("frontpage_lists").update({_id: coll}, {$set: {count: 0, accessed: Functions.get_time()}}, {upsert: true}, function(err, docs) {}); + socket.emit("toast", "deleted_songs"); + }); + } else { + socket.emit("toast", "listhaspass"); + } + } + }); }); } else { var result = { diff --git a/server/handlers/list_settings.js b/server/handlers/list_settings.js index 04264220..3d94d62d 100644 --- a/server/handlers/list_settings.js +++ b/server/handlers/list_settings.js @@ -1,4 +1,6 @@ function password(inp, coll, guid, offline, socket) { + var sessionId = Functions.getSession(socket); + if(sessionId == "") sessionId = "empty"; if(inp !== undefined && inp !== null && inp !== "") { if(!inp.hasOwnProperty("password") || !inp.hasOwnProperty("channel") || @@ -17,7 +19,6 @@ function password(inp, coll, guid, offline, socket) { return; } pw = inp.password; - opw = inp.password; try { coll = inp.channel; if(coll.length == 0) return; @@ -32,28 +33,40 @@ function password(inp, coll, guid, offline, socket) { uncrypted = pw; pw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, pw), true); Functions.check_inlist(coll, guid, socket, offline); - if(inp.oldpass) - { - opw = inp.oldpass; - } - opw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, opw), true); + Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) { - db.collection(coll + "_settings").find(function(err, docs){ - if(docs !== null && docs.length !== 0) - { - if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(opw)) + db.collection(coll + "_settings").find(function(err, docs){ + if(docs !== null && docs.length !== 0) { - db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){ - if(inp.oldpass) - socket.emit("toast", "changedpass"); - else - socket.emit("toast", "correctpass"); - socket.emit("pw", true); - }); - }else - socket.emit("toast", "wrongpass"); - socket.emit("pw", false); - } + if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(pw)) + { + Functions.setSessionAdminPass(sessionId, inp.password, coll, function() { + db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){ + if(adminpass != pw) { + socket.emit("toast", "changedpass"); + } else { + socket.emit("toast", "correctpass"); + } + socket.emit("pw", true); + }); + }); + } else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass), true))) { + Functions.setSessionAdminPass(sessionId, inp.password, coll, function() { + db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){ + if(adminpass != pw) { + socket.emit("toast", "changedpass"); + } + socket.emit("pw", true); + }); + }); + } else { + Functions.setSessionAdminPass(Functions.getSession(socket), "", coll, function() { + socket.emit("toast", "wrongpass"); + socket.emit("pw", false); + }); + } + } + }); }); } else { var result = { @@ -89,125 +102,133 @@ function conf_function(params, coll, guid, offline, socket) { Functions.check_inlist(coll, guid, socket, offline); + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { + if(gotten) { + params.adminpass = adminpass; + if(!params.userpass_changed) params.userpass = userpass; - if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') || - !params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') || - !params.hasOwnProperty('allvideos') || !params.hasOwnProperty('removeplay') || - !params.hasOwnProperty('adminpass') || !params.hasOwnProperty('skipping') || - !params.hasOwnProperty('shuffling') || !params.hasOwnProperty('channel') || - typeof(params.userpass) != "string" || typeof(params.adminpass) != "string" || - typeof(params.voting) != "boolean" || typeof(params.addsongs) != "boolean" || - typeof(params.longsongs) != "boolean" || typeof(params.frontpage) != "boolean" || - typeof(params.allvideos) != "boolean" || typeof(params.removeplay) != "boolean" || - typeof(params.skipping) != "boolean" || typeof(params.shuffling) != "boolean" || - typeof(params.userpass_changed) != "boolean") { - var result = { - adminpass: { - expected: "string", - got: params.hasOwnProperty("adminpass") ? typeof(params.adminpass) : undefined, - }, - userpass: { - expected: "string", - got: params.hasOwnProperty("userpass") ? typeof(params.userpass) : undefined, - }, - vote: { - expected: "boolean", - got: params.hasOwnProperty("vote") ? typeof(params.vote) : undefined, - }, - addsongs: { - expected: "boolean", - got: params.hasOwnProperty("addsongs") ? typeof(params.addsongs) : undefined, - }, - longsongs: { - expected: "boolean", - got: params.hasOwnProperty("longsongs") ? typeof(params.longsongs) : undefined, - }, - frontpage: { - expected: "boolean", - got: params.hasOwnProperty("frontpage") ? typeof(params.frontpage) : undefined, - }, - skipping: { - expected: "boolean", - got: params.hasOwnProperty("skipping") ? typeof(params.skipping) : undefined, - }, - shuffling: { - expected: "boolean", - got: params.hasOwnProperty("shuffling") ? typeof(params.shuffling) : undefined, - }, - userpass_changed: { - expected: "boolean", - got: params.hasOwnProperty("userpass_changed") ? typeof(params.userpass_changed) : undefined, - } - }; - socket.emit("update_required", result); - return; } - var voting = params.voting; - var addsongs = params.addsongs; - var longsongs = params.longsongs; - var frontpage = params.frontpage; - var allvideos = params.allvideos; - var removeplay = params.removeplay; - var adminpass = params.adminpass; - var skipping = params.skipping; - var shuffling = params.shuffling; - var userpass = Functions.decrypt_string(socket.zoff_id, params.userpass); - - - if((!params.userpass_changed && frontpage) || (params.userpass_changed && userpass == "")) { - userpass = ""; - } else if(params.userpass_changed && userpass != "") { - frontpage = false; - } - var description = ""; - var hash; - if(params.description) description = params.description; - if(adminpass !== "") { - hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass), true)); - } else { - hash = adminpass; - } - if(userpass != "") { - userpass = crypto.createHash('sha256').update(userpass).digest("base64"); - } - db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ - if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) { - var obj = { - addsongs:addsongs, - allvideos:allvideos, - frontpage:frontpage, - skip:skipping, - vote:voting, - removeplay:removeplay, - shuffle:shuffling, - longsongs:longsongs, - adminpass:hash, - desc: description, - }; - if(params.userpass_changed) { - obj["userpass"] = userpass; - } else if (frontpage) { - obj["userpass"] = ""; - } - db.collection(coll + "_settings").update({ id: "config" }, { - $set:obj - }, function(err, docs){ - db.collection(coll + "_settings").find(function(err, docs){ - if(docs[0].adminpass !== "") docs[0].adminpass = true; - if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true; - else docs[0].userpass = false; - io.to(coll).emit("conf", docs); - socket.emit("toast", "savedsettings"); - - db.collection("frontpage_lists").update({_id: coll}, {$set:{ - frontpage:frontpage, accessed: Functions.get_time()} + if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') || + !params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') || + !params.hasOwnProperty('allvideos') || !params.hasOwnProperty('removeplay') || + !params.hasOwnProperty('adminpass') || !params.hasOwnProperty('skipping') || + !params.hasOwnProperty('shuffling') || !params.hasOwnProperty('channel') || + typeof(params.userpass) != "string" || typeof(params.adminpass) != "string" || + typeof(params.voting) != "boolean" || typeof(params.addsongs) != "boolean" || + typeof(params.longsongs) != "boolean" || typeof(params.frontpage) != "boolean" || + typeof(params.allvideos) != "boolean" || typeof(params.removeplay) != "boolean" || + typeof(params.skipping) != "boolean" || typeof(params.shuffling) != "boolean" || + typeof(params.userpass_changed) != "boolean") { + var result = { + adminpass: { + expected: "string", + got: params.hasOwnProperty("adminpass") ? typeof(params.adminpass) : undefined, }, - {upsert:true}, function(err, docs){}); - }); - }); - } else { - socket.emit("toast", "wrongpass"); + userpass: { + expected: "string", + got: params.hasOwnProperty("userpass") ? typeof(params.userpass) : undefined, + }, + vote: { + expected: "boolean", + got: params.hasOwnProperty("vote") ? typeof(params.vote) : undefined, + }, + addsongs: { + expected: "boolean", + got: params.hasOwnProperty("addsongs") ? typeof(params.addsongs) : undefined, + }, + longsongs: { + expected: "boolean", + got: params.hasOwnProperty("longsongs") ? typeof(params.longsongs) : undefined, + }, + frontpage: { + expected: "boolean", + got: params.hasOwnProperty("frontpage") ? typeof(params.frontpage) : undefined, + }, + skipping: { + expected: "boolean", + got: params.hasOwnProperty("skipping") ? typeof(params.skipping) : undefined, + }, + shuffling: { + expected: "boolean", + got: params.hasOwnProperty("shuffling") ? typeof(params.shuffling) : undefined, + }, + userpass_changed: { + expected: "boolean", + got: params.hasOwnProperty("userpass_changed") ? typeof(params.userpass_changed) : undefined, + } + }; + socket.emit("update_required", result); + return; + } + var voting = params.voting; + var addsongs = params.addsongs; + var longsongs = params.longsongs; + var frontpage = params.frontpage; + var allvideos = params.allvideos; + var removeplay = params.removeplay; + var adminpass = params.adminpass; + var skipping = params.skipping; + var shuffling = params.shuffling; + var userpass = Functions.decrypt_string(socket.zoff_id, params.userpass); + + + if((!params.userpass_changed && frontpage) || (params.userpass_changed && userpass == "")) { + userpass = ""; + } else if(params.userpass_changed && userpass != "") { + frontpage = false; } + var description = ""; + var hash; + if(params.description) description = params.description; + if(adminpass !== "") { + hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass), true)); + } else { + hash = adminpass; + } + if(userpass != "") { + userpass = crypto.createHash('sha256').update(userpass).digest("base64"); + } + db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ + if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) { + var obj = { + addsongs:addsongs, + allvideos:allvideos, + frontpage:frontpage, + skip:skipping, + vote:voting, + removeplay:removeplay, + shuffle:shuffling, + longsongs:longsongs, + adminpass:hash, + desc: description, + }; + if(params.userpass_changed) { + obj["userpass"] = userpass; + } else if (frontpage) { + obj["userpass"] = ""; + } + db.collection(coll + "_settings").update({ id: "config" }, { + $set:obj + }, function(err, docs){ + Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() { + db.collection(coll + "_settings").find(function(err, docs){ + if(docs[0].adminpass !== "") docs[0].adminpass = true; + if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true; + else docs[0].userpass = false; + io.to(coll).emit("conf", docs); + socket.emit("toast", "savedsettings"); + + db.collection("frontpage_lists").update({_id: coll}, {$set:{ + frontpage:frontpage, accessed: Functions.get_time()} + }, + {upsert:true}, function(err, docs){}); + }); + }); + }); + } else { + socket.emit("toast", "wrongpass"); + } + }); }); } else { var result = { @@ -218,6 +239,7 @@ function conf_function(params, coll, guid, offline, socket) { } socket.emit('update_required', result); } + } module.exports.password = password; diff --git a/server/handlers/suggestions.js b/server/handlers/suggestions.js index 109a782c..dad39fdd 100644 --- a/server/handlers/suggestions.js +++ b/server/handlers/suggestions.js @@ -1,7 +1,7 @@ function thumbnail(msg, coll, guid, offline, socket) { - if(msg.thumbnail && msg.channel && msg.adminpass && msg.thumbnail.indexOf("i.imgur.com") > -1){ - if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string" || - typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { + if(msg.thumbnail && msg.channel && msg.thumbnail.indexOf("i.imgur.com") > -1){ + if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string") + { var result = { channel: { expected: "string", @@ -23,21 +23,26 @@ function thumbnail(msg, coll, guid, offline, socket) { socket.emit("update_required", result); return; } - msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, ""); - if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail; - var channel = msg.channel.toLowerCase(); - var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); - db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { - if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ - db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){ - Notifications.requested_change("thumbnail", msg.thumbnail, channel); - socket.emit("toast", "suggested_thumbnail"); - }); + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { + msg.userpass = userpass; + msg.adminpass = adminpass; + + msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, ""); + if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail; + var channel = msg.channel.toLowerCase(); + var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); + db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { + if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ + db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){ + Notifications.requested_change("thumbnail", msg.thumbnail, channel); + socket.emit("toast", "suggested_thumbnail"); + }); + } + } else { + socket.emit("auth_required"); } - } else { - socket.emit("auth_required"); - } + }); }); } else { socket.emit("toast", "thumbnail_denied"); @@ -45,9 +50,8 @@ function thumbnail(msg, coll, guid, offline, socket) { } function description(msg, coll, guid, offline, socket) { - if(msg.description && msg.channel && msg.adminpass && msg.description.length < 100){ - if(typeof(msg.channel) != "string" || typeof(msg.description) != "string" || - typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { + if(msg.description && msg.channel && msg.description.length < 100){ + if(typeof(msg.channel) != "string" || typeof(msg.description) != "string") { var result = { channel: { expected: "string", @@ -69,19 +73,24 @@ function description(msg, coll, guid, offline, socket) { socket.emit("update_required", result); return; } - var channel = msg.channel.toLowerCase(); - var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); - db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ - if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { - if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ - db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){ - Notifications.requested_change("description", msg.description, channel); - socket.emit("toast", "suggested_description"); - }); + + Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { + msg.userpass = userpass; + msg.adminpass = adminpass; + var channel = msg.channel.toLowerCase(); + var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); + db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ + if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { + if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ + db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){ + Notifications.requested_change("description", msg.description, channel); + socket.emit("toast", "suggested_description"); + }); + } + } else { + socket.emit("auth_required"); } - } else { - socket.emit("auth_required"); - } + }); }); } else { socket.emit("toast", "description_denied"); diff --git a/server/public/assets/js/admin.js b/server/public/assets/js/admin.js index a808cc96..cef0d58b 100755 --- a/server/public/assets/js/admin.js +++ b/server/public/assets/js/admin.js @@ -1,16 +1,18 @@ var Admin = { beginning:true, + logged_in: false, pw: function(msg) { + Admin.logged_in = msg; if(!msg) return; w_p = false; if(adminpass == undefined || adminpass == "") { - adminpass = Crypt.get_pass(chan.toLowerCase()); + //adminpass = Crypt.get_pass(chan.toLowerCase()); } names = ["vote","addsongs","longsongs","frontpage", "allvideos", "removeplay", "skip", "shuffle", "userpass"]; - Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass); + //Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass); for (var i = 0; i < names.length; i++) { $("input[name="+names[i]+"]").attr("disabled", false); @@ -57,11 +59,11 @@ var Admin = { conf: function(msg) { if(msg[0].adminpass == ""){ - Crypt.remove_pass(chan.toLowerCase()); + ////Crypt.remove_pass(chan.toLowerCase()); } Admin.set_conf(msg[0]); - if(msg[0].adminpass !== "" && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Admin.beginning && Crypt.get_pass(chan.toLowerCase()) !== "")){ - emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()}); + if(msg[0].adminpass !== "" && Admin.beginning){ + //emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()}); Admin.beginning = false; } }, @@ -69,7 +71,7 @@ var Admin = { pass_save: function() { if(!w_p) { //emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))}); - emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))}); + emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()}); } else { //emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase()}); emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()}); @@ -78,9 +80,11 @@ var Admin = { log_out: function() { before_toast(); - if(Crypt.get_pass(chan.toLowerCase())) { - Crypt.remove_pass(chan.toLowerCase()); - Admin.display_logged_out(); + /*if(Crypt.get_pass(chan.toLowerCase())) {*/ + //Crypt.remove_pass(chan.toLowerCase()); + Admin.display_logged_out(); + if(Admin.logged_in) { + socket.emit("logout"); Materialize.toast("Logged out", 4000); } else { Materialize.toast("Not logged in", 4000); @@ -92,7 +96,6 @@ var Admin = { adminpass = ""; names = ["vote","addsongs","longsongs","frontpage", "allvideos", "removeplay", "skip", "shuffle"]; - document.getElementById("password").value = ""; $("#thumbnail_form").css("display", "none"); $("#description_form").css("display", "none"); @@ -152,21 +155,13 @@ var Admin = { "removeplay", "skip", "shuffle", "userpass"]; - if(conf_array.adminpass === "" || !w_p){ - hasadmin = false; - if(!Helper.mobilecheck()) { - //$(".playlist-tabs").removeClass("hide"); - //$("#wrapper").toggleClass("tabs_height"); - } - } - else hasadmin = true; + hasadmin = conf_array.adminpass != ""; for (var i = 0; i < names.length; i++) { document.getElementsByName(names[i])[0].checked = (conf_array[names[i]] === true); - $("input[name="+names[i]+"]").attr("disabled", hasadmin); + $("input[name="+names[i]+"]").attr("disabled", !Admin.logged_in); } - - if((hasadmin)) { + if((hasadmin) && !Admin.logged_in) { if($("#admin-lock").html() != "lock") Admin.display_logged_out(); } else if(!hasadmin && Crypt.get_pass(chan.toLowerCase()) === undefined) { if(!Helper.contains($(".playlist-tabs").attr("class").split(" "), "hide")) { @@ -182,7 +177,7 @@ var Admin = { if(!$(".password_protected").prop("checked") && !$(".change_user_pass").hasClass("hide")) { $(".change_user_pass").addClass("hide"); - Crypt.remove_userpass(chan.toLowerCase()); + //Crypt.remove_userpass(chan.toLowerCase()); } if(conf_array.thumbnail != undefined && conf_array.thumbnail != "") { @@ -220,7 +215,7 @@ var Admin = { userpass_changed: userpass_changed }; if(userpass_changed){ - Crypt.set_userpass(chan.toLowerCase(), userpass); + //Crypt.set_userpass(chan.toLowerCase(), userpass); } emit("conf", configs); }, @@ -231,9 +226,9 @@ var Admin = { shuffle: function() { if(!offline) { - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + //var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); if(u == undefined) u = ""; - emit('shuffle', {adminpass: adminpass !== undefined ? Crypt.crypt_pass(adminpass) : "", channel: chan.toLowerCase(), pass: embed ? '' : u}); + emit('shuffle', {channel: chan.toLowerCase()}); } else { for(var x = 0; x < full_playlist.length; x++){ var num = Math.floor(Math.random()*1000000); diff --git a/server/public/assets/js/channel.js b/server/public/assets/js/channel.js index 0530388e..e640307c 100644 --- a/server/public/assets/js/channel.js +++ b/server/public/assets/js/channel.js @@ -17,7 +17,7 @@ var Channel = { $(".pagination-results").addClass("client-pagination-height"); $(".control-list").addClass("client-control-list"); } - Admin.display_logged_out(); + if(!Admin.logged_in) Admin.display_logged_out(); number_suggested = 0; var no_socket = true; @@ -532,7 +532,7 @@ var Channel = { var add = ""; w_p = true; if(private_channel) add = Crypt.getCookie("_uI") + "_"; - socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()}); } else if(url_split[3] === "") { /*if(client) { var host = window.location.hostname.split("."); @@ -682,12 +682,12 @@ var Channel = { function get_history() { if(socket && socket.id) { - var p = Crypt.get_userpass(); + /*var p = Crypt.get_userpass(); if(p == undefined) p = ""; var c = Crypt.crypt_pass(p, true); - if(c == undefined) c = ""; - socket.emit("get_history", {channel: chan.toLowerCase(), all: false, pass: embed ? '' : c}); - socket.emit("get_history", {channel: chan.toLowerCase(), all: true, pass: ""}); + if(c == undefined) c = "";*/ + socket.emit("get_history", {channel: chan.toLowerCase(), all: false}); + socket.emit("get_history", {channel: chan.toLowerCase(), all: true}); } else { setTimeout(function() { get_history(); diff --git a/server/public/assets/js/chat.js b/server/public/assets/js/chat.js index 39e1b65c..0bf8c340 100755 --- a/server/public/assets/js/chat.js +++ b/server/public/assets/js/chat.js @@ -9,8 +9,7 @@ var Chat = { if(input.length == 2) { var name = input[0]; var password = input[1]; - temp_name = name; - temp_pass = password; + password = Crypt.crypt_chat_pass(password); socket.emit("namechange", {name: name, channel: chan.toLowerCase(), password: password, first: first}); } else if(input.length == 3) { @@ -18,8 +17,7 @@ var Chat = { var new_password = input[1]; var old_password = input[2]; - temp_name = name; - temp_pass = password; + new_password = Crypt.crypt_chat_pass(new_password); old_password = Crypt.crypt_chat_pass(old_password); @@ -83,7 +81,7 @@ var Chat = { } else if($(".chat-tab-li a.active").attr("href") == "#all_chat") { socket.emit("all,chat", {channel: chan.toLowerCase(), data: data.value}); } else { - socket.emit("chat", {channel: chan.toLowerCase(), data: data.value, pass: embed ? '' : Crypt.crypt_chat_pass(Crypt.get_userpass(chan.toLowerCase()))}); + socket.emit("chat", {channel: chan.toLowerCase(), data: data.value}); } data.value = ""; return; diff --git a/server/public/assets/js/crypt.js b/server/public/assets/js/crypt.js index 844fa2c0..2f552809 100755 --- a/server/public/assets/js/crypt.js +++ b/server/public/assets/js/crypt.js @@ -23,9 +23,9 @@ var Crypt = { if(window.location.pathname != "/") { try { - Crypt.conf_pass = Crypt.decrypt(Crypt.getCookie(chan.toLowerCase()), chan.toLowerCase()); + //Crypt.conf_pass = Crypt.decrypt(Crypt.getCookie(chan.toLowerCase()), chan.toLowerCase()); } catch(err) { - Crypt.conf_pass = Crypt.decrypt(Crypt.create_cookie(chan.toLowerCase()), chan.toLowerCase()); + //Crypt.conf_pass = Crypt.decrypt(Crypt.create_cookie(chan.toLowerCase()), chan.toLowerCase()); } Hostcontroller.change_enabled(conf_arr.remote); @@ -148,7 +148,7 @@ var Crypt = { return Crypt.getCookie(name); }, - set_pass: function(chan, pass) { + /*set_pass: function(chan, pass) { Crypt.conf_pass.passwords[chan] = pass; Crypt.encrypt(Crypt.conf_pass, chan); }, @@ -166,7 +166,7 @@ var Crypt = { remove_userpass:function(chan) { delete Crypt.conf_pass.passwords["userpass"]; Crypt.encrypt(Crypt.conf_pass, chan.toLowerCase()); - }, + },*/ set_name:function(name, pass) { conf_arr.name = encodeURIComponent(name).replace(/\W/g, ''); diff --git a/server/public/assets/js/embed.js b/server/public/assets/js/embed.js index 776cb1b2..766fd126 100755 --- a/server/public/assets/js/embed.js +++ b/server/public/assets/js/embed.js @@ -195,7 +195,7 @@ function toast(msg) { case "wrongpass": if(embed) return; msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]); - Crypt.remove_pass(chan.toLowerCase()); + //Crypt.remove_pass(chan.toLowerCase()); Admin.display_logged_out(); $("#thumbnail_form").css("display", "none"); $("#description_form").css("display", "none"); @@ -242,7 +242,7 @@ function toast(msg) { } tried_again = false; msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]); - Crypt.remove_pass(chan.toLowerCase()); + //Crypt.remove_pass(chan.toLowerCase()); Admin.display_logged_out(); $("#thumbnail_form").css("display", "none"); $("#description_form").css("display", "none"); diff --git a/server/public/assets/js/functions.js b/server/public/assets/js/functions.js index 1b454b2b..1f29a60d 100644 --- a/server/public/assets/js/functions.js +++ b/server/public/assets/js/functions.js @@ -97,7 +97,7 @@ function hide_native(way) { $("#chromecast_text").html(""); $("#playing_on").css("display", "none"); if(!offline){ - socket.emit('pos', {channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + socket.emit('pos', {channel: chan.toLowerCase()}); } else { Player.loadVideoById(video_id); } @@ -111,14 +111,14 @@ function chromecastListener(evt, data) { if(offline){ Player.playNext(); } else { - socket.emit("end", {id: json_parsed.videoId, channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + socket.emit("end", {id: json_parsed.videoId, channel: chan.toLowerCase()}); } break; case 0: if(offline){ Player.playNext(); } else { - emit("skip", {error: json_parsed.data_code, id: json_parsed.videoId, pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + emit("skip", {error: json_parsed.data_code, id: json_parsed.videoId, channel: chan.toLowerCase()}); } break; case 1: @@ -142,7 +142,7 @@ function start_auth() { $("#player_overlay").removeClass("hide"); $("#player_overlay").css("display", "block"); $("#user_password").modal("open"); - Crypt.remove_userpass(chan.toLowerCase()); + //Crypt.remove_userpass(chan.toLowerCase()); before_toast(); Materialize.toast("That is not the correct password, try again..", 4000); } @@ -151,10 +151,10 @@ function start_auth() { function emit_list() { var add = ""; if(private_channel) add = Crypt.getCookie("_uI") + "_"; - var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(p == undefined) p = ""; + /*var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(p == undefined) p = "";*/ if(socket.id) { - socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : p}); + socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()}); } else { setTimeout(function(){ emit_list(); @@ -163,14 +163,11 @@ function emit_list() { } function get_list_ajax() { - var c = Crypt.get_userpass(chan.toLowerCase()); - if(c == "" || c == undefined) { - c = ""; - } + //var c = Crypt.get_userpass(chan.toLowerCase()); $.ajax({ type: "POST", data: { - userpass: c, + userpass: "", }, url: "/api/list/" + chan.toLowerCase(), success: function(response) { @@ -198,12 +195,12 @@ function get_list_ajax() { } function get_np_ajax() { - var c = Crypt.get_userpass(chan.toLowerCase()); - if(c == undefined) c = ""; + /*var c = Crypt.get_userpass(chan.toLowerCase()); + if(c == undefined) c = "";*/ $.ajax({ type: "POST", data: { - userpass: c, + userpass: "", fetch_song: true }, url: "/api/list/" + chan.toLowerCase() + "/__np__", @@ -223,15 +220,15 @@ function get_np_ajax() { } function del_ajax(id) { - var a = Crypt.get_pass(chan.toLowerCase()); + /*var a = Crypt.get_pass(chan.toLowerCase()); var u = Crypt.get_userpass(chan.toLowerCase()); if(a == undefined) a = ""; - if(u == undefined) u = ""; + if(u == undefined) u = "";*/ $.ajax({ type: "DELETE", data: { - adminpass: a, - userpass: u + adminpass: "", + userpass: "" }, url: "/api/list/" + chan.toLowerCase() + "/" + id, success: function(response) { @@ -250,15 +247,15 @@ function del_ajax(id) { } function add_ajax(id, title, duration, playlist, num, full_num, start, end) { - var a = Crypt.get_pass(chan.toLowerCase()); + /*var a = Crypt.get_pass(chan.toLowerCase()); var u = Crypt.get_userpass(chan.toLowerCase()); if(a == undefined) a = ""; - if(u == undefined) u = ""; + if(u == undefined) u = "";*/ $.ajax({ type: "POST", data: { - adminpass: a, - userpass: u, + adminpass: "", + userpass: "", title: title, duration: duration, end_time: end, @@ -281,15 +278,15 @@ function add_ajax(id, title, duration, playlist, num, full_num, start, end) { } function vote_ajax(id) { - var a = Crypt.get_pass(chan.toLowerCase()); + /*var a = Crypt.get_pass(chan.toLowerCase()); var u = Crypt.get_userpass(chan.toLowerCase()); if(a == undefined) a = ""; - if(u == undefined) u = ""; + if(u == undefined) u = "";*/ $.ajax({ type: "PUT", data: { - adminpass: a, - userpass: u + adminpass: "", + userpass: "" }, url: "/api/list/" + chan.toLowerCase() + "/" + id, success: function(response) { @@ -316,7 +313,7 @@ function setup_auth_listener() { if(msg.hasOwnProperty("value") && msg.value) { if(temp_user_pass != "") { userpass = temp_user_pass; - Crypt.set_userpass(chan.toLowerCase(), userpass); + //Crypt.set_userpass(chan.toLowerCase(), userpass); } } }); @@ -347,11 +344,15 @@ function setup_youtube_listener(){ function get_list_listener(){ socket.on("get_list", function(){ var add = ""; - if(private_channel) add = Crypt.getCookie("_uI") + "_"; - var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(p == undefined) p = ""; - socket.emit("list", { offline: offline, version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : p}); + //if(private_channel) add = Crypt.getCookie("_uI") + "_"; + /*var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(p == undefined) p = "";*/ + socket.emit("list", { offline: offline, version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()}); }); + socket.on("id_chromecast", function(msg) { + chromecast_specs_sent = true; + castSession.sendMessage("urn:x-cast:zoff.me", {type: "mobilespecs", guid: msg, socketid: socket.id}) + }) } function setup_suggested_listener(){ @@ -538,10 +539,10 @@ function change_offline(enabled, already_offline){ $("#controls").off("click", Channel.seekToClick); $("#seekToDuration").remove(); if(window.location.pathname != "/"){ - socket.emit("pos", {channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + socket.emit("pos", {channel: chan.toLowerCase()}); var add = ""; if(private_channel) add = Crypt.getCookie("_uI") + "_"; - socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()}); if($("#controls").hasClass("ewresize")) $("#controls").removeClass("ewresize"); } } @@ -591,7 +592,7 @@ function toast(msg) { case "wrongpass": if(embed) return; msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]); - Crypt.remove_pass(chan.toLowerCase()); + //Crypt.remove_pass(chan.toLowerCase()); Admin.display_logged_out(); $("#thumbnail_form").css("display", "none"); $("#description_form").css("display", "none"); @@ -638,7 +639,7 @@ function toast(msg) { } tried_again = false; msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]); - Crypt.remove_pass(chan.toLowerCase()); + //Crypt.remove_pass(chan.toLowerCase()); Admin.display_logged_out(); $("#thumbnail_form").css("display", "none"); $("#description_form").css("display", "none"); diff --git a/server/public/assets/js/hostcontroller.js b/server/public/assets/js/hostcontroller.js index 7def0998..90426494 100755 --- a/server/public/assets/js/hostcontroller.js +++ b/server/public/assets/js/hostcontroller.js @@ -47,7 +47,7 @@ var Hostcontroller = { w_p = true; var add = ""; if(private_channel) add = Crypt.getCookie("_uI") + "_"; - socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()}); window.history.pushState("object or string", "Title", "/"+chan.toLowerCase()); } else if(arr.type == "pause") { diff --git a/server/public/assets/js/list.js b/server/public/assets/js/list.js index 2f5417e4..a34fc1b4 100755 --- a/server/public/assets/js/list.js +++ b/server/public/assets/js/list.js @@ -557,9 +557,9 @@ var List = { return; } if(!offline || (vote == "del" && (hasadmin && (!w_p && adminpass != "")))){ - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - emit('vote', {channel: chan, id: id, type: vote, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + emit('vote', {channel: chan, id: id, type: vote}); } else { if(vote == "pos"){ List.voted_song(id, (new Date()).getTime()/1000); @@ -572,9 +572,9 @@ var List = { skip: function(way) { if(!offline){ - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - emit('skip', {pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), id:video_id, channel: chan.toLowerCase(), userpass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + emit('skip', {id:video_id, channel: chan.toLowerCase()}); } else { if(way) { Player.playNext(); diff --git a/server/public/assets/js/listeners.js b/server/public/assets/js/listeners.js index b9e8b2cc..a84654a2 100755 --- a/server/public/assets/js/listeners.js +++ b/server/public/assets/js/listeners.js @@ -196,9 +196,9 @@ $().ready(function(){ if(offline) { socket.emit("offline", {status: true, channel: chan != undefined ? chan.toLowerCase() : ""}); } - if(chan != undefined && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Crypt.get_pass(chan.toLowerCase()) !== "")){ + /*if(chan != undefined && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Crypt.get_pass(chan.toLowerCase()) !== "")){ emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()}); - } + }*/ if(chan != undefined && conf_arr.name !== undefined && conf_arr.name !== "" && conf_arr.chat_pass !== undefined && conf_arr.chat_pass !== ""){ setTimeout(function() { Chat.namechange(conf_arr.name + " " + conf_arr.chat_pass, true); @@ -212,7 +212,7 @@ $().ready(function(){ }); - socket.on("name", function(data) { + /*socket.on("name", function(data) { if(data.type == "name" && data.accepted) { Crypt.set_name(temp_name, temp_pass); temp_name = ""; @@ -221,7 +221,7 @@ $().ready(function(){ temp_name = ""; temp_pass = ""; } - }); + });*/ socket.on("self_ping", function() { if(chan != undefined && chan.toLowerCase() != "") { @@ -268,8 +268,7 @@ initializeCastApi = function() { castSession.sendMessage("urn:x-cast:zoff.me", {type: "nextVideo", videoId: full_playlist[0].id, title: full_playlist[0].title}) if(Helper.mobilecheck() && !chromecast_specs_sent) { - chromecast_specs_sent = true; - castSession.sendMessage("urn:x-cast:zoff.me", {type: "mobilespecs", guid: guid, socketid: socket.id, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}) + socket.emit("get_id"); } hide_native(1); if(Helper.mobilecheck()) { @@ -382,7 +381,7 @@ $(document).on("click", ".pagination-results a", function(e) { $(document).on("click", ".accept-delete", function(e) { e.preventDefault(); - emit("delete_all", {channel: chan.toLowerCase(), adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + emit("delete_all", {channel: chan.toLowerCase()}); $("#delete_song_alert").modal("close"); }); @@ -475,13 +474,13 @@ $(document).on("click", "#offline-mode", function(e){ $(document).on("submit", "#thumbnail_form", function(e){ e.preventDefault(); - emit("suggest_thumbnail", {channel: chan, thumbnail: $("#chan_thumbnail").val(), adminpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + emit("suggest_thumbnail", {channel: chan, thumbnail: $("#chan_thumbnail").val()}); $("#chan_thumbnail").val(""); }); $(document).on("submit", "#description_form", function(e){ e.preventDefault(); - emit("suggest_description", {channel: chan, description: $("#chan_description").val(), adminpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); + emit("suggest_description", {channel: chan, description: $("#chan_description").val()}); $("#chan_description").val(""); }); diff --git a/server/public/assets/js/player.js b/server/public/assets/js/player.js index 757703af..06d78255 100755 --- a/server/public/assets/js/player.js +++ b/server/public/assets/js/player.js @@ -274,9 +274,9 @@ var Player = { paused = false; if(!offline) { - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - socket.emit("end", {id: video_id, channel: chan.toLowerCase(), pass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + socket.emit("end", {id: video_id, channel: chan.toLowerCase()}); } else { Player.playNext(); } @@ -310,9 +310,9 @@ var Player = { $("#pause").toggleClass("hide"); } if((paused || was_stopped) && !offline) { - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - socket.emit('pos', {channel: chan.toLowerCase(), pass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + socket.emit('pos', {channel: chan.toLowerCase()}); paused = false; was_stopped = false; } @@ -555,9 +555,9 @@ var Player = { if(!user_auth_started) { if(newState.data == 5 || newState.data == 100 || newState.data == 101 || newState.data == 150) { curr_playing = Player.player.getVideoUrl().replace("https://www.youtube.com/watch?v=", ""); - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - emit("skip", {error: newState.data, id: video_id, pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + emit("skip", {error: newState.data, id: video_id, channel: chan.toLowerCase()}); } else if(video_id !== undefined) { Player.loadVideoById(video_id, duration); @@ -754,9 +754,9 @@ var Player = { if(!offline) { Player.player.pauseVideo(); - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - socket.emit("end", {id: video_id, channel: chan.toLowerCase(), pass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + socket.emit("end", {id: video_id, channel: chan.toLowerCase()}); } else { Player.playNext(); } diff --git a/server/public/assets/js/search.js b/server/public/assets/js/search.js index 8714b527..c0ea01ce 100755 --- a/server/public/assets/js/search.js +++ b/server/public/assets/js/search.js @@ -453,9 +453,9 @@ var Search = { List.vote(id, "pos"); } } else { - var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); - if(u == undefined) u = ""; - emit("add", {id: id, start: start, end: end, title: title, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), list: chan.toLowerCase(), duration: duration, playlist: playlist, num: num, total: full_num, pass: embed ? '' : u}); + /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); + if(u == undefined) u = "";*/ + emit("add", {id: id, start: start, end: end, title: title, list: chan.toLowerCase(), duration: duration, playlist: playlist, num: num, total: full_num}); }//[id, decodeURIComponent(title), adminpass, duration, playlist]); }, diff --git a/server/public/assets/js/token_apply.js b/server/public/assets/js/token_apply.js index dfd857c6..51760d06 100644 --- a/server/public/assets/js/token_apply.js +++ b/server/public/assets/js/token_apply.js @@ -6,7 +6,7 @@ $(document).ready(function() { $("#contact-container").empty(); $("#contact-container").html("Send a mail to us: contact@zoff.me"); $("#submit-contact-form").hide(); - + ga('send', 'pageview'); if(!Helper.mobilecheck()) { diff --git a/server/routing/client/api.js b/server/routing/client/api.js index cb15cf0f..936dce6a 100644 --- a/server/routing/client/api.js +++ b/server/routing/client/api.js @@ -4,6 +4,8 @@ var path = require('path'); var mongojs = require('mongojs'); var ObjectId = mongojs.ObjectId; var token_db = mongojs("tokens"); +var cookieParser = require("cookie-parser"); +var cookies = require("cookie"); var toShowChannel = { start: 1, @@ -166,54 +168,64 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) { return; } - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.adminpass == "") { + adminpass = _a; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "DELETE", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - validateLogin(adminpass, userpass, channel_name, "delete", res, function(exists) { - if(!exists) { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; + if(req.body.userpass == "") { + userpass = _u; + } + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "DELETE", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + }); } - db.collection(channel_name).find({id:video_id, now_playing: false}, function(err, docs){ - if(docs.length == 0) { - res.status(404).send(JSON.stringify(error.not_found.local)); + validateLogin(adminpass, userpass, channel_name, "delete", res, function(exists) { + if(!exists) { + res.status(404).send(JSON.stringify(error.not_found.list)); return; } - var dont_increment = false; - if(docs[0]){ - if(docs[0].type == "suggested"){ - dont_increment = true; + db.collection(channel_name).find({id:video_id, now_playing: false}, function(err, docs){ + if(docs.length == 0) { + res.status(404).send(JSON.stringify(error.not_found.local)); + return; } - db.collection(channel_name).remove({id:video_id}, function(err, docs){ - if(authorized) { - incrementToken(token); + var dont_increment = false; + if(docs[0]){ + if(docs[0].type == "suggested"){ + dont_increment = true; } - io.to(channel_name).emit("channel", {type:"deleted", value: video_id}); - if(!dont_increment) { - db.collection("frontpage_lists").update({_id: channel_name, count: {$gt: 0}}, {$inc: {count: -1}, $set:{accessed: Functions.get_time()}}, {upsert: true}, function(err, docs){ + db.collection(channel_name).remove({id:video_id}, function(err, docs){ + if(authorized) { + incrementToken(token); + } + io.to(channel_name).emit("channel", {type:"deleted", value: video_id}); + if(!dont_increment) { + db.collection("frontpage_lists").update({_id: channel_name, count: {$gt: 0}}, {$inc: {count: -1}, $set:{accessed: Functions.get_time()}}, {upsert: true}, function(err, docs){ + updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { + res.status(200).send(JSON.stringify(error.no_error)); + return; + }); + }); + } else { updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { res.status(200).send(JSON.stringify(error.no_error)); return; }); - }); - } else { - updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { - res.status(200).send(JSON.stringify(error.no_error)); - return; - }); - } - }); - } + } + }); + } + }); }); }); }); @@ -307,71 +319,79 @@ router.route('/api/conf/:channel_name').put(function(req, res) { res.status(400).send(JSON.stringify(result)); return; } - - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.adminpass == "") { + adminpass = _a; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "CONFIG", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "CONFIG", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - validateLogin(adminpass, userpass, channel_name, "config", res, function(exists, conf) { - if(!exists && conf.length == 0) { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; + if(req.body.userpass == "") { + userpass = _u; + } + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "CONFIG", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "CONFIG", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + }); } + validateLogin(adminpass, userpass, channel_name, "config", res, function(exists, conf) { + if(!exists && conf.length == 0) { + res.status(404).send(JSON.stringify(error.not_found.list)); + return; + } - if((!userpass_changed && frontpage) || (userpass_changed && userpass == "")) { - userpass = ""; - } else if(userpass_changed && userpass != "") { - frontpage = false; - } - var description = ""; + if((!userpass_changed && frontpage) || (userpass_changed && userpass == "")) { + userpass = ""; + } else if(userpass_changed && userpass != "") { + frontpage = false; + } + var description = ""; - var obj = { - addsongs:addsongs, - allvideos:allvideos, - frontpage:frontpage, - skip:skipping, - vote:voting, - removeplay:removeplay, - shuffle:shuffling, - longsongs:longsongs, - adminpass:adminpass, - desc: description, - }; - if(userpass_changed) { - obj["userpass"] = userpass; - } else if (frontpage) { - obj["userpass"] = ""; - } - db.collection(channel_name + "_settings").update({views:{$exists:true}}, { - $set:obj - }, function(err, docs){ + var obj = { + addsongs:addsongs, + allvideos:allvideos, + frontpage:frontpage, + skip:skipping, + vote:voting, + removeplay:removeplay, + shuffle:shuffling, + longsongs:longsongs, + adminpass:adminpass, + desc: description, + }; + if(userpass_changed) { + obj["userpass"] = userpass; + } else if (frontpage) { + obj["userpass"] = ""; + } + db.collection(channel_name + "_settings").update({views:{$exists:true}}, { + $set:obj + }, function(err, docs){ - if(obj.adminpass !== "") obj.adminpass = true; - if(obj.hasOwnProperty("userpass") && obj.userpass != "") obj.userpass = true; - else obj.userpass = false; - io.to(channel_name).emit("conf", [obj]); + if(obj.adminpass !== "") obj.adminpass = true; + if(obj.hasOwnProperty("userpass") && obj.userpass != "") obj.userpass = true; + else obj.userpass = false; + io.to(channel_name).emit("conf", [obj]); - db.collection("frontpage_lists").update({_id: channel_name}, {$set:{ - frontpage:frontpage, accessed: Functions.get_time()} - }, - {upsert:true}, function(err, docs){ - if(authorized) { - incrementToken(token); - } - updateTimeout(guid, res, authorized, "CONFIG", function(err, docs) { - var to_return = error.no_error; - to_return.results = [obj]; - res.status(200).send(JSON.stringify(to_return)); - return; + db.collection("frontpage_lists").update({_id: channel_name}, {$set:{ + frontpage:frontpage, accessed: Functions.get_time()} + }, + {upsert:true}, function(err, docs){ + if(authorized) { + incrementToken(token); + } + updateTimeout(guid, res, authorized, "CONFIG", function(err, docs) { + var to_return = error.no_error; + to_return.results = [obj]; + res.status(200).send(JSON.stringify(to_return)); + return; + }); }); }); }); @@ -421,51 +441,59 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) { res.status(400).send(JSON.stringify(to_send)); return; } - - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.adminpass == "") { + adminpass = _a; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "PUT", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "PUT", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - validateLogin(adminpass, userpass, channel_name, "vote", res, function(exists) { - if(!exists) { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; + if(req.body.userpass == "") { + userpass = _u; + } + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "PUT", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "PUT", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + }); } - db.collection(channel_name).find({id: video_id, now_playing: false, type:"video"}, function(err, song) { - if(song.length == 0) { - res.status(404).send(JSON.stringify(error.not_found.local)); + validateLogin(adminpass, userpass, channel_name, "vote", res, function(exists) { + if(!exists) { + res.status(404).send(JSON.stringify(error.not_found.list)); return; - } else if(song[0].guids.indexOf(guid) > -1) { - res.status(409).send(JSON.stringify(error.conflicting)); - return; - } else { - song[0].votes += 1; - song[0].guids.push(guid); - db.collection(channel_name).update({id: video_id}, {$inc:{votes:1}, $set:{added:Functions.get_time(), type: "video"}, $push :{guids: guid}}, function(err, success) { - if(authorized) { - incrementToken(token); - } - io.to(channel_name).emit("channel", {type: "vote", value: video_id, time: Functions.get_time()}); - List.getNextSong(channel_name, function() { - updateTimeout(guid, res, authorized, "PUT", function(err, docs) { - var to_return = error.no_error; - to_return.results = song; - res.status(200).send(JSON.stringify(to_return)); - return; + } + db.collection(channel_name).find({id: video_id, now_playing: false, type:"video"}, function(err, song) { + if(song.length == 0) { + res.status(404).send(JSON.stringify(error.not_found.local)); + return; + } else if(song[0].guids.indexOf(guid) > -1) { + res.status(409).send(JSON.stringify(error.conflicting)); + return; + } else { + song[0].votes += 1; + song[0].guids.push(guid); + db.collection(channel_name).update({id: video_id}, {$inc:{votes:1}, $set:{added:Functions.get_time(), type: "video"}, $push :{guids: guid}}, function(err, success) { + if(authorized) { + incrementToken(token); + } + io.to(channel_name).emit("channel", {type: "vote", value: video_id, time: Functions.get_time()}); + List.getNextSong(channel_name, function() { + updateTimeout(guid, res, authorized, "PUT", function(err, docs) { + var to_return = error.no_error; + to_return.results = song; + res.status(200).send(JSON.stringify(to_return)); + return; + }); }); }); - }); - } - }) + } + }) + }); }); }); }); @@ -506,41 +534,47 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) { res.status(400).send(JSON.stringify(to_send)); return; } - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.userpass == "") { + userpass = _u; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "POST", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "POST", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - db.collection(channel_name).find({now_playing: true}, toShowChannel, function(err, list) { - if(list.length > 0) { - db.collection(channel_name + "_settings").find({ id: "config" }, function(err, conf) { - if(authorized) { - incrementToken(token); - } - if(conf.length == 0) { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; - } else if(conf[0].userpass != userpass && conf[0].userpass != "") { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - } - updateTimeout(guid, res, authorized, "POST", function(err, docs) { - var to_return = error.no_error; - to_return.results = list; - res.status(200).send(JSON.stringify(to_return)); - }); + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "POST", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "POST", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; }); - } else { - res.status(404).send(JSON.stringify(error.not_found.list)); } + db.collection(channel_name).find({now_playing: true}, toShowChannel, function(err, list) { + if(list.length > 0) { + db.collection(channel_name + "_settings").find({ id: "config" }, function(err, conf) { + if(authorized) { + incrementToken(token); + } + if(conf.length == 0) { + res.status(404).send(JSON.stringify(error.not_found.list)); + return; + } else if(conf[0].userpass != userpass && conf[0].userpass != "") { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + } + updateTimeout(guid, res, authorized, "POST", function(err, docs) { + var to_return = error.no_error; + to_return.results = list; + res.status(200).send(JSON.stringify(to_return)); + }); + }); + } else { + res.status(404).send(JSON.stringify(error.not_found.list)); + } + }); }); }); }); @@ -617,93 +651,101 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) { res.status(400).send(JSON.stringify(to_send)); return; } - - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.adminpass == "") { + adminpass = _a; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "POST", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "POST", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - var type = fetch_only ? "fetch_song" : "add"; - validateLogin(adminpass, userpass, channel_name, type, res, function(exists, conf, authenticated) { - db.collection(channel_name).find({id: video_id}, function(err, result) { - if(result.length == 0 || result[0].type == "suggested") { - var song_type = authenticated ? "video" : "suggested"; - if(fetch_only && result.length == 0) { - res.status(404).send(JSON.stringify(error.not_found.local)); + if(req.body.userpass == "") { + userpass = _u; + } + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "POST", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "POST", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + }); + } + var type = fetch_only ? "fetch_song" : "add"; + validateLogin(adminpass, userpass, channel_name, type, res, function(exists, conf, authenticated) { + db.collection(channel_name).find({id: video_id}, function(err, result) { + if(result.length == 0 || result[0].type == "suggested") { + var song_type = authenticated ? "video" : "suggested"; + if(fetch_only && result.length == 0) { + res.status(404).send(JSON.stringify(error.not_found.local)); + return; + } + db.collection(channel_name).find({now_playing: true}, function(err, now_playing) { + var set_np = false; + if(now_playing.length == 0 && authenticated) { + set_np = true; + } + var new_song = {"added": Functions.get_time(),"guids":[guid],"id":video_id,"now_playing":set_np,"title":title,"votes":1, "duration":duration, "start": parseInt(start_time), "end": parseInt(end_time), "type": song_type}; + Search.get_correct_info(new_song, channel_name, false, function(element, found) { + if(!found) { + res.status(404).send(JSON.stringify(error.not_found.youtube)); + return; + } + new_song = element; + db.collection("frontpage_lists").find({"_id": channel_name}, function(err, count) { + var create_frontpage_lists = false; + if(count.length == 0) { + create_frontpage_lists = true; + } + if(!exists) { + var configs = {"addsongs":false, "adminpass":"", "allvideos":true, "frontpage":true, "longsongs":false, "removeplay": false, "shuffle": true, "skip": false, "skips": [], "startTime":Functions.get_time(), "views": [], "vote": false, "desc": ""}; + db.collection(channel_name + "_settings").insert(configs, function(err, docs){ + io.to(channel_name).emit("conf", configs); + }); + } + db.collection(channel_name).update({"id": new_song.id}, new_song, {upsert: true}, function(err, success) { + if(authorized) { + incrementToken(token); + } + if(create_frontpage_lists) { + db.collection("frontpage_lists").update({"_id": channel_name, "count" : (authenticated ? 1 : 0), "frontpage": true, "accessed": Functions.get_time(), "viewers": 1}, {upsert: true}, function(err, docs) { + if(authenticated) { + io.to(channel_name).emit("channel", {type: "added", value: new_song}); + } else { + io.to(channel_name).emit("suggested", new_song); + } + postEnd(channel_name, configs, new_song, guid, res, authenticated, authorized); + }); + } else if(set_np) { + Frontpage.update_frontpage(channel_name, video_id, title, function() { + io.to(channel_name).emit("np", {np: [new_song], conf: [conf]}); + postEnd(channel_name, configs, new_song, guid, res, authenticated, authorized); + }); + } else { + db.collection("frontpage_lists").update({"_id": channel_name}, {$inc: {count: (authenticated ? 1 : 0)}}, function(err, docs) { + if(authenticated) { + io.to(channel_name).emit("channel", {type: "added", value: new_song}); + } else { + io.to(channel_name).emit("suggested", new_song); + } + postEnd(channel_name, configs, new_song, guid, res, authenticated, authorized); + }); + } + }); + }) + }); + }); + } else if(fetch_only) { + var to_return = error.no_error; + to_return.results = result; + res.status(200).send(JSON.stringify(to_return)); + return; + } else { + res.status(409).send(JSON.stringify(error.conflicting)); return; } - db.collection(channel_name).find({now_playing: true}, function(err, now_playing) { - var set_np = false; - if(now_playing.length == 0 && authenticated) { - set_np = true; - } - var new_song = {"added": Functions.get_time(),"guids":[guid],"id":video_id,"now_playing":set_np,"title":title,"votes":1, "duration":duration, "start": parseInt(start_time), "end": parseInt(end_time), "type": song_type}; - Search.get_correct_info(new_song, channel_name, false, function(element, found) { - if(!found) { - res.status(404).send(JSON.stringify(error.not_found.youtube)); - return; - } - new_song = element; - db.collection("frontpage_lists").find({"_id": channel_name}, function(err, count) { - var create_frontpage_lists = false; - if(count.length == 0) { - create_frontpage_lists = true; - } - if(!exists) { - var configs = {"addsongs":false, "adminpass":"", "allvideos":true, "frontpage":true, "longsongs":false, "removeplay": false, "shuffle": true, "skip": false, "skips": [], "startTime":Functions.get_time(), "views": [], "vote": false, "desc": ""}; - db.collection(channel_name + "_settings").insert(configs, function(err, docs){ - io.to(channel_name).emit("conf", configs); - }); - } - db.collection(channel_name).update({"id": new_song.id}, new_song, {upsert: true}, function(err, success) { - if(authorized) { - incrementToken(token); - } - if(create_frontpage_lists) { - db.collection("frontpage_lists").update({"_id": channel_name, "count" : (authenticated ? 1 : 0), "frontpage": true, "accessed": Functions.get_time(), "viewers": 1}, {upsert: true}, function(err, docs) { - if(authenticated) { - io.to(channel_name).emit("channel", {type: "added", value: new_song}); - } else { - io.to(channel_name).emit("suggested", new_song); - } - postEnd(channel_name, configs, new_song, guid, res, authenticated, authorized); - }); - } else if(set_np) { - Frontpage.update_frontpage(channel_name, video_id, title, function() { - io.to(channel_name).emit("np", {np: [new_song], conf: [conf]}); - postEnd(channel_name, configs, new_song, guid, res, authenticated, authorized); - }); - } else { - db.collection("frontpage_lists").update({"_id": channel_name}, {$inc: {count: (authenticated ? 1 : 0)}}, function(err, docs) { - if(authenticated) { - io.to(channel_name).emit("channel", {type: "added", value: new_song}); - } else { - io.to(channel_name).emit("suggested", new_song); - } - postEnd(channel_name, configs, new_song, guid, res, authenticated, authorized); - }); - } - }); - }) - }); - }); - } else if(fetch_only) { - var to_return = error.no_error; - to_return.results = result; - res.status(200).send(JSON.stringify(to_return)); - return; - } else { - res.status(409).send(JSON.stringify(error.conflicting)); - return; - } + }); }); }); }); @@ -835,48 +877,54 @@ router.route('/api/conf/:channel_name').post(function(req, res) { res.status(400).send(JSON.stringify(to_send)); return; } - - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.userpass == "") { + userpass = _u; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "POST", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - db.collection(channel_name + "_settings").find({ id: "config" }, toShowConfig, function(err, docs) { - if(docs.length > 0 && docs[0].userpass == userpass) { - var conf = docs[0]; - if(conf.adminpass != "") { - conf.adminpass = true; - } else { - conf.adminpass = false; - } - if(conf.userpass != "") { - conf.userpass = true; - } else { - conf.userpass = false; - } - if(authorized) { - incrementToken(token); - } - updateTimeout(guid, res, authorized, "POST", function(err, docs) { - var to_return = error.no_error; - to_return.results = conf; - res.status(200).send(JSON.stringify(to_return)); + + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "POST", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "DELETE", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; }); - } else if(docs.length > 0 && docs[0].userpass != userpass) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - } else { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; } + db.collection(channel_name + "_settings").find({ id: "config" }, toShowConfig, function(err, docs) { + if(docs.length > 0 && docs[0].userpass == userpass) { + var conf = docs[0]; + if(conf.adminpass != "") { + conf.adminpass = true; + } else { + conf.adminpass = false; + } + if(conf.userpass != "") { + conf.userpass = true; + } else { + conf.userpass = false; + } + if(authorized) { + incrementToken(token); + } + updateTimeout(guid, res, authorized, "POST", function(err, docs) { + var to_return = error.no_error; + to_return.results = conf; + res.status(200).send(JSON.stringify(to_return)); + }); + } else if(docs.length > 0 && docs[0].userpass != userpass) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + } else { + res.status(404).send(JSON.stringify(error.not_found.list)); + return; + } + }); }); }); }); @@ -947,44 +995,50 @@ router.route('/api/list/:channel_name').post(function(req, res) { return; } - - token_db.collection("api_token").find({token: token}, function(err, token_docs) { - var authorized = false; - if(token_docs.length == 1 && token_docs[0].token == token) { - authorized = true; + var cookie = req.cookies._uI; + Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { + if(req.body.userpass == "") { + userpass = _u; } - checkOveruseApiToken(authorized, token_docs, res, function() { - checkTimeout(guid, res, authorized, "POST", function() { - if(token != "" && !authorized) { - updateTimeout(guid, res, authorized, "POST", function(err, docs) { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - }); - } - db.collection(channel_name).find({views: {$exists: false}}, toShowChannel, function(err, list) { - if(list.length > 0) { - db.collection(channel_name + "_settings").find({ id: "config" }, function(err, conf) { - if(conf.length == 0) { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; - } else if(conf[0].userpass != userpass && conf[0].userpass != "") { - res.status(403).send(JSON.stringify(error.not_authenticated)); - return; - } - if(authorized) { - incrementToken(token); - } - updateTimeout(guid, res, authorized, "POST", function(err, docs) { - var to_return = error.no_error; - to_return.results = list; - res.status(200).send(JSON.stringify(to_return)); - return; - }); + + token_db.collection("api_token").find({token: token}, function(err, token_docs) { + var authorized = false; + if(token_docs.length == 1 && token_docs[0].token == token) { + authorized = true; + } + checkOveruseApiToken(authorized, token_docs, res, function() { + checkTimeout(guid, res, authorized, "POST", function() { + if(token != "" && !authorized) { + updateTimeout(guid, res, authorized, "POST", function(err, docs) { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; }); - } else { - res.status(404).send(JSON.stringify(error.not_found.list)); - return; } + db.collection(channel_name).find({views: {$exists: false}}, toShowChannel, function(err, list) { + if(list.length > 0) { + db.collection(channel_name + "_settings").find({ id: "config" }, function(err, conf) { + if(conf.length == 0) { + res.status(404).send(JSON.stringify(error.not_found.list)); + return; + } else if(conf[0].userpass != userpass && conf[0].userpass != "") { + res.status(403).send(JSON.stringify(error.not_authenticated)); + return; + } + if(authorized) { + incrementToken(token); + } + updateTimeout(guid, res, authorized, "POST", function(err, docs) { + var to_return = error.no_error; + to_return.results = list; + res.status(200).send(JSON.stringify(to_return)); + return; + }); + }); + } else { + res.status(404).send(JSON.stringify(error.not_found.list)); + return; + } + }); }); }); });