KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-12-08 20:48:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Started work for having session-logins instead of sending passwords back and forth

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-03-13 16:26:51 +01:00
parent 8c1c0011a2
commit 82140ace20
24 changed files with 1371 additions and 1078 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
package-lock.json generated
View File

@@ -2436,6 +2436,11 @@
"version": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz", "version": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
"integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4=" "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4="
}, },
"q": {
"version": "1.5.1",
"resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",
"integrity": "sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc="
},
"qs": { "qs": {
"version": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz", "version": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
"integrity": "sha1-NJzfbu+J7EXBLX1es/wMhwNDptg=" "integrity": "sha1-NJzfbu+J7EXBLX1es/wMhwNDptg="

1
package.json
View File

@@ -56,6 +56,7 @@
"nodemailer": "^4.0.1", "nodemailer": "^4.0.1",
"passport": "^0.4.0", "passport": "^0.4.0",
"passport-local": "^1.0.0", "passport-local": "^1.0.0",
"q": "^1.5.1",
"redis": "^2.8.0", "redis": "^2.8.0",
"request": "^2.72.0", "request": "^2.72.0",
"socket.io": "^2.0.4", "socket.io": "^2.0.4",

23
server/apps/client.js
View File

@@ -1,4 +1,18 @@
VERSION = require(pathThumbnails + '/VERSION.js'); VERSION = require(pathThumbnails + '/VERSION.js');
var secure = false;
try {
var cert_config = require(path.join(path.join(__dirname, 'config'), 'cert_config.js'));
var fs = require('fs');
var privateKey = fs.readFileSync(cert_config.privateKey).toString();
var certificate = fs.readFileSync(cert_config.certificate).toString();
var ca = fs.readFileSync(cert_config.ca).toString();
var credentials = {
key: privateKey,
cert: certificate,
ca: ca
};
secure = true;
} catch(err){}
var add = ""; var add = "";
var path = require('path'); var path = require('path');
@@ -20,7 +34,8 @@ app.enable('view cache');
app.set('views', publicPath); app.set('views', publicPath);
var bodyParser = require('body-parser'); var bodyParser = require('body-parser');
var cookieParser = require('cookie-parser') var cookieParser = require("cookie-parser");
var cookies = require("cookie");
app.use( bodyParser.json() ); // to support JSON-encoded bodies app.use( bodyParser.json() ); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true extended: true
@@ -70,8 +85,10 @@ app.get('/robots.txt', function (req, res) {
app.use(function (req, res, next) { app.use(function (req, res, next) {
var cookie = req.cookies._uI; var cookie = req.cookies._uI;
if (cookie === undefined) { if (cookie === undefined) {
var user_name = Functions.rndName(uniqid.time(), 15); var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15));
res.cookie('_uI',user_name, { maxAge: 365 * 10000 * 3600000 }); res.cookie('_uI', user_name, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure });
} else {
res.cookie('_uI', cookie, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure });
} }
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

34
server/handlers/chat.js
View File

@@ -1,4 +1,4 @@
function get_history(channel, all, socket, pass) { function get_history(channel, all, socket) {
var query = {}; var query = {};
if(all) { if(all) {
query = { query = {
@@ -10,7 +10,10 @@ function get_history(channel, all, socket, pass) {
channel: channel, channel: channel,
}; };
} }
var pass = "";
if(!query.all) { if(!query.all) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) {
pass = userpass;
db.collection(channel + "_settings").find({id: "config"}, function(err, conf) { db.collection(channel + "_settings").find({id: "config"}, function(err, conf) {
if(conf.length > 0) { if(conf.length > 0) {
if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, pass)).digest('base64')) { if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, pass)).digest('base64')) {
@@ -18,6 +21,7 @@ function get_history(channel, all, socket, pass) {
} }
} }
}); });
});
} else { } else {
getAndSendLogs(channel, all, socket, pass, query); getAndSendLogs(channel, all, socket, pass, query);
} }
@@ -40,9 +44,7 @@ function getAndSendLogs(channel, all, socket, pass, query) {
function chat(msg, guid, offline, socket) { function chat(msg, guid, offline, socket) {
if(typeof(msg) !== 'object' || !msg.hasOwnProperty('data') || if(typeof(msg) !== 'object' || !msg.hasOwnProperty('data') ||
!msg.hasOwnProperty('channel') || !msg.hasOwnProperty('pass') || !msg.hasOwnProperty('channel') || typeof(msg.data) != "string" || typeof(msg.channel) != "string") {
typeof(msg.data) != "string" || typeof(msg.channel) != "string" ||
typeof(msg.pass) != "string") {
var result = { var result = {
data: { data: {
expected: "string", expected: "string",
@@ -61,6 +63,8 @@ function chat(msg, guid, offline, socket) {
return; return;
} }
var coll = msg.channel.toLowerCase(); var coll = msg.channel.toLowerCase();
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) {
msg.pass = userpass;
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, msg.pass)).digest("base64")))) {
var data = msg.data; var data = msg.data;
@@ -86,6 +90,7 @@ function chat(msg, guid, offline, socket) {
socket.emit('auth_required'); socket.emit('auth_required');
} }
}); });
});
} }
function all_chat(msg, guid, offline, socket) { function all_chat(msg, guid, offline, socket) {
@@ -135,6 +140,8 @@ function namechange(data, guid, socket, tried) {
var pw = ""; var pw = "";
var new_password; var new_password;
var first = false; var first = false;
Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) {
var name = data.name;
if(data.hasOwnProperty("first")) { if(data.hasOwnProperty("first")) {
first = data.first; first = data.first;
} }
@@ -145,8 +152,12 @@ function namechange(data, guid, socket, tried) {
pw = data.old_password; pw = data.old_password;
new_password = Functions.decrypt_string(socket.zoff_id, data.new_password); new_password = Functions.decrypt_string(socket.zoff_id, data.new_password);
} }
if(data.hasOwnProperty("first") && data.first) {
pw = pass;
name = name;
new_password = false;
}
var password = Functions.decrypt_string(socket.zoff_id, pw); var password = Functions.decrypt_string(socket.zoff_id, pw);
var name = data.name;
db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) { db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) {
var accepted_password = false; var accepted_password = false;
var icon = false; var icon = false;
@@ -155,14 +166,18 @@ function namechange(data, guid, socket, tried) {
return; return;
} }
accepted_password = true; accepted_password = true;
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {}); db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {});
});
} else if(docs[0].password == Functions.hash_pass(password)) { } else if(docs[0].password == Functions.hash_pass(password)) {
if(docs[0].icon) { if(docs[0].icon) {
icon = docs[0].icon; icon = docs[0].icon;
} }
accepted_password = true; accepted_password = true;
if(new_password) { if(new_password) {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {}); db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {});
});
} }
} }
if(accepted_password) { if(accepted_password) {
@@ -172,7 +187,7 @@ function namechange(data, guid, socket, tried) {
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function() {}); db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function() {});
db.collection("user_names").update({"guid": guid}, {$set: {name: name, icon: icon}}, function(err, docs) { db.collection("user_names").update({"guid": guid}, {$set: {name: name, icon: icon}}, function(err, docs) {
db.collection("user_names").update({"_id": "all_names"}, {$addToSet: {names: name}}, function(err, docs) { db.collection("user_names").update({"_id": "all_names"}, {$addToSet: {names: name}}, function(err, docs) {
socket.emit('name', {type: "name", accepted: true}); //socket.emit('name', {type: "name", accepted: true});
if(old_name != name && !first) { if(old_name != name && !first) {
io.to(data.channel).emit('chat', {from: old_name, msg: " changed name to " + name}); io.to(data.channel).emit('chat', {from: old_name, msg: " changed name to " + name});
io.sockets.emit('chat.all', {from: old_name , msg: " changed name to " + name, channel: data.channel}); io.sockets.emit('chat.all', {from: old_name , msg: " changed name to " + name, channel: data.channel});
@@ -192,17 +207,20 @@ function namechange(data, guid, socket, tried) {
socket.emit('name', {type: "name", accepted: false}); socket.emit('name', {type: "name", accepted: false});
} }
}); });
});
} }
function removename(guid, coll) { function removename(guid, coll, socket) {
db.collection("user_names").find({"guid": guid}, function(err, docs) { db.collection("user_names").find({"guid": guid}, function(err, docs) {
if(docs.length == 1) { if(docs.length == 1) {
var old_name = docs[0].name; var old_name = docs[0].name;
Functions.removeSessionChatPass(Functions.getSession(socket), function() {
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) { db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) {
db.collection("user_names").remove({"guid": guid}, function(err, removed) { db.collection("user_names").remove({"guid": guid}, function(err, removed) {
get_name(guid, {announce: true, old_name: old_name, channel: coll}); get_name(guid, {announce: true, old_name: old_name, channel: coll});
}); });
}); });
});
} }
}); });
} }
@@ -234,7 +252,7 @@ function generate_name(guid, announce_payload, second) {
}) })
} }
function get_name(guid, announce_payload) { function get_name(guid, announce_payload, first) {
db.collection("user_names").find({"guid": guid}, function(err, docs) { db.collection("user_names").find({"guid": guid}, function(err, docs) {
if(docs.length == 0) { if(docs.length == 0) {
Chat.generate_name(guid, announce_payload); Chat.generate_name(guid, announce_payload);

3
server/handlers/db.js
View File

@@ -8,6 +8,7 @@ try {
} }
var mongojs = require('mongojs'); var mongojs = require('mongojs');
var db = mongojs('mongodb://' + mongo_config.host + '/' + mongo_config.config); var db = mongojs('mongodb://' + mongo_config.host + '/' + mongo_config.config);
var connected_db = mongojs('mongodb://' + mongo_config.host + '/user_credentials');
var ObjectId = mongojs.ObjectId; var ObjectId = mongojs.ObjectId;
db.collection("chat_logs").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 600 }); db.collection("chat_logs").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 600 });
@@ -15,7 +16,7 @@ db.collection("timeout_api").createIndex({ "createdAt": 1 }, { expireAfterSecond
db.collection("api_links").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 86400 }); db.collection("api_links").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 86400 });
db.on('connected', function(err) { db.on('connected', function(err) {
console.log("connected"); console.log("connected");
}) });
db.on('error',function(err) { db.on('error',function(err) {
console.log("\n" + new Date().toString() + "\n Database error: ", err); console.log("\n" + new Date().toString() + "\n Database error: ", err);

134
server/handlers/functions.js
View File

@@ -1,3 +1,13 @@
var path = require('path');
try {
var mongo_config = require(path.join(path.join(__dirname, '../config/'), 'mongo_config.js'));
} catch(e) {
console.log("Error - missing file");
console.log("Seems you forgot to create the file mongo_config.js in /server/config/. Have a look at mongo_config.example.js.");
process.exit();
}
var mongojs = require('mongojs');
var connected_db = mongojs('mongodb://' + mongo_config.host + '/user_credentials');
function remove_unique_id(short_id) { function remove_unique_id(short_id) {
db.collection("unique_ids").update({"_id": "unique_ids"}, {$pull: {unique_ids: short_id}}, function(err, docs) {}); db.collection("unique_ids").update({"_id": "unique_ids"}, {$pull: {unique_ids: short_id}}, function(err, docs) {});
@@ -9,6 +19,17 @@ function remove_name_from_db(guid, name) {
}); });
} }
function getSession(socket) {
try {
var cookieParser = require("cookie-parser");
var cookie = require("cookie");
var parsedCookies = cookie.parse(socket.handshake.headers.cookie);
return parsedCookies["_uI"];
} catch(e) {
return "empty";
}
}
function remove_from_array(array, element){ function remove_from_array(array, element){
if(Functions.contains(array, element)){ if(Functions.contains(array, element)){
var index = array.indexOf(element); var index = array.indexOf(element);
@@ -139,6 +160,119 @@ function hash_pass(adminpass, hex) {
return crypto.createHash('sha256').update(adminpass).digest('base64'); return crypto.createHash('sha256').update(adminpass).digest('base64');
} }
function setSessionAdminPass(id, adminpass, list, callback) {
try {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).update({_id: list}, {$set: {adminpass: adminpass}}, {upsert: true}, function(e, d){
callback();
return;
});
} catch(e) {
}
}
function setSessionChatPass(id, name, pass, callback) {
try {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) {
callback();
return;
})
} catch(e) {
callback();
return;
}
}
function getSessionChatPass(id, callback) {
try {
if(id == "empty") {
callback("", "", false);
return;
}
connected_db.collection(id).find({_id: "_chat_"}, function(e, d) {
if(d.length > 0) {
var name = "";
var pass = "";
if(d[0].name != undefined) name = d[0].name;
if(d[0].password != undefined) pass = d[0].password;
callback(name, password);
return;
} else {
callback("", "", false);
return;
}
})
} catch(e) {
callback();
return;
}
}
function setSessionUserPass(id, userpass, list, callback) {
try {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).update({_id: list}, {$set: {userpass: userpass}}, {upsert: true}, function(e, d){
callback();
return;
});
} catch(e) {
callback();
}
}
function getSessionAdminUser(id, list, callback) {
try {
if(id == "empty") {
callback("", "", false);
return;
}
connected_db.collection(id).find({_id: list}, function(e, d) {
var userpass = "";
var adminpass = "";
if(d.length > 0) {
if(d[0].userpass != undefined) userpass = d[0].userpass;
if(d[0].adminpass != undefined) adminpass = d[0].adminpass;
}
callback(userpass, adminpass, true);
})
} catch(e) {
callback("", "", false);
}
}
function removeSessionChatPass(id, callback) {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).remove({_id: "_chat_"}, function() {
callback();
return;
});
}
module.exports.getSessionChatPass = getSessionChatPass;
module.exports.setSessionChatPass = setSessionChatPass;
module.exports.removeSessionChatPass = removeSessionChatPass;
module.exports.setSessionAdminPass = setSessionAdminPass;
module.exports.setSessionUserPass = setSessionUserPass;
module.exports.getSessionAdminUser = getSessionAdminUser;
module.exports.getSession = getSession;
module.exports.generate_channel_name = generate_channel_name; module.exports.generate_channel_name = generate_channel_name;
module.exports.remove_unique_id = remove_unique_id; module.exports.remove_unique_id = remove_unique_id;
module.exports.remove_name_from_db = remove_name_from_db; module.exports.remove_name_from_db = remove_name_from_db;

34
server/handlers/io.js
View File

@@ -44,6 +44,10 @@ module.exports = function() {
} }
}); });
socket.on("logout", function() {
Functions.setSessionAdminPass(Functions.getSession(socket), "", coll, function() {})
});
socket.on('chromecast', function(msg) { socket.on('chromecast', function(msg) {
try { try {
if(typeof(msg) == "object" && msg.hasOwnProperty("guid") && if(typeof(msg) == "object" && msg.hasOwnProperty("guid") &&
@@ -51,6 +55,14 @@ module.exports = function() {
typeof(msg.channel) == "string" && typeof(msg.socket_id) == "string") { typeof(msg.channel) == "string" && typeof(msg.socket_id) == "string") {
db.collection("connected_users").find({"_id": msg.channel}, function(err, connected_users_channel) { db.collection("connected_users").find({"_id": msg.channel}, function(err, connected_users_channel) {
if(connected_users_channel.length > 0 && connected_users_channel[0].users.indexOf(msg.guid) > -1) { if(connected_users_channel.length > 0 && connected_users_channel[0].users.indexOf(msg.guid) > -1) {
var q = socket.handshake.headers.cookie.split(" ");
for(var i = 0; i < q.length; i++) {
if(q[i].substring(0,4) == "_uI=") {
q[i] = "_uI=rpmFLmS2QvgRavsU6uTNYLAOWjXj5UUi0a4P24eqbao%3D; ";
break;
}
}
socket.handshake.headers.cookie = q.join(" ");
guid = msg.guid; guid = msg.guid;
socketid = msg.socket_id; socketid = msg.socket_id;
socket.zoff_id = socketid; socket.zoff_id = socketid;
@@ -66,6 +78,10 @@ module.exports = function() {
} }
}); });
socket.on("get_id", function() {
socket.emit("id_chromecast", Functions.getSession(socket));
});
socket.on("error_video", function(msg) { socket.on("error_video", function(msg) {
try { try {
var _list = msg.channel; var _list = msg.channel;
@@ -117,7 +133,7 @@ module.exports = function() {
socket.emit('update_required', result); socket.emit('update_required', result);
return; return;
} }
Chat.removename(guid, msg.channel); Chat.removename(guid, msg.channel, socket);
}); });
socket.on("offline", function(msg){ socket.on("offline", function(msg){
@@ -179,9 +195,7 @@ module.exports = function() {
socket.on('get_history', function(msg) { socket.on('get_history', function(msg) {
if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("all") || if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("all") ||
!msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" ||
typeof(msg.channel) != "string" || typeof(msg.all) != "boolean") { typeof(msg.channel) != "string" || typeof(msg.all) != "boolean") {
console.log("here");
var result = { var result = {
all: { all: {
expected: "boolean", expected: "boolean",
@@ -199,7 +213,7 @@ module.exports = function() {
socket.emit('update_required', result); socket.emit('update_required', result);
return; return;
} }
Chat.get_history(msg.channel, msg.all, socket, msg.pass); Chat.get_history(msg.channel, msg.all, socket);
}); });
socket.on('chat', function (msg) { socket.on('chat', function (msg) {
@@ -399,8 +413,7 @@ module.exports = function() {
socket.on('pos', function(obj) socket.on('pos', function(obj)
{ {
if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" || if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string")
(obj.hasOwnProperty("pass") && typeof(obj.pass) != "string"))
if(coll !== undefined) { if(coll !== undefined) {
try { try {
coll = obj.channel.toLowerCase(); coll = obj.channel.toLowerCase();
@@ -414,8 +427,7 @@ module.exports = function() {
} }
} }
if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" || if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string") {
!obj.hasOwnProperty("pass") || typeof(obj.pass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -431,6 +443,8 @@ module.exports = function() {
} }
db.collection(coll + "_settings").find(function(err, docs) { db.collection(coll + "_settings").find(function(err, docs) {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
obj.pass = userpass;
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) {
Functions.check_inlist(coll, guid, socket, offline); Functions.check_inlist(coll, guid, socket, offline);
List.send_play(coll, socket); List.send_play(coll, socket);
@@ -441,8 +455,12 @@ module.exports = function() {
}); });
}); });
});
//send_ping(); //send_ping();
} }
/* /*
function send_ping() { function send_ping() {
db.collection("connected_users").update({users: {$exists: true}}, {$set: {users: []}}, {multi: true}, function(err, docs){ db.collection("connected_users").update({users: {$exists: true}}, {$set: {users: []}}, {multi: true}, function(err, docs){

32
server/handlers/list.js
View File

@@ -22,9 +22,13 @@ function list(msg, guid, coll, offline, socket) {
if(typeof(msg) === 'object' && msg !== undefined && msg !== null) if(typeof(msg) === 'object' && msg !== undefined && msg !== null)
{ {
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") || !msg.hasOwnProperty("pass") || Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) {
msg.pass = userpass;
}
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") ||
msg.version != VERSION || msg.version == undefined || msg.version != VERSION || msg.version == undefined ||
typeof(msg.channel) != "string" || typeof(msg.pass) != "string") { typeof(msg.channel) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -50,8 +54,12 @@ function list(msg, guid, coll, offline, socket) {
db.collection(coll + "_settings").find(function(err, docs) { db.collection(coll + "_settings").find(function(err, docs) {
if(docs.length == 0 || (docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || docs[0].userpass == pass))) { if(docs.length == 0 || (docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || docs[0].userpass == pass))) {
if(docs.length > 0 && docs[0].hasOwnProperty('userpass') && docs[0].userpass != "" && docs[0].userpass == pass) { if(docs.length > 0 && docs[0].hasOwnProperty('userpass') && docs[0].userpass != "" && docs[0].userpass == pass) {
Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){})
socket.emit("auth_accepted", {value: true}); socket.emit("auth_accepted", {value: true});
} }
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, adminpass), true))) {
socket.emit("pw", true);
}
in_list = true; in_list = true;
socket.join(coll); socket.join(coll);
Functions.check_inlist(coll, guid, socket, offline); Functions.check_inlist(coll, guid, socket, offline);
@@ -80,6 +88,7 @@ function list(msg, guid, coll, offline, socket) {
}); });
} }
}); });
});
} else { } else {
var result = { var result = {
msg: { msg: {
@@ -109,10 +118,8 @@ function skip(list, guid, coll, offline, socket) {
return; return;
} }
} }
if(!list.hasOwnProperty("pass") || !list.hasOwnProperty("userpass") || if(!list.hasOwnProperty("id") || !list.hasOwnProperty("channel") ||
!list.hasOwnProperty("id") || !list.hasOwnProperty("channel") || typeof(list.id) != "string" || typeof(list.channel) != "string") {
typeof(list.pass) != "string" || typeof(list.id) != "string" ||
typeof(list.channel) != "string" || typeof(list.userpass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -134,6 +141,10 @@ function skip(list, guid, coll, offline, socket) {
socket.emit('update_required', result); socket.emit('update_required', result);
return; return;
} }
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
list.pass = adminpass;
list.userpass = userpass;
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, list.userpass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, list.userpass)).digest("base64")))) {
@@ -201,6 +212,7 @@ function skip(list, guid, coll, offline, socket) {
socket.emit("auth_required"); socket.emit("auth_required");
} }
}); });
});
} else { } else {
var result = { var result = {
msg: { msg: {
@@ -480,9 +492,8 @@ function end(obj, coll, guid, offline, socket) {
if(id !== undefined && id !== null && id !== "") { if(id !== undefined && id !== null && id !== "") {
if(!obj.hasOwnProperty("id") || !obj.hasOwnProperty("channel") || !obj.hasOwnProperty("pass") || if(!obj.hasOwnProperty("id") || !obj.hasOwnProperty("channel") ||
typeof(obj.id) != "string" || typeof(obj.channel) != "string" || typeof(obj.id) != "string" || typeof(obj.channel) != "string") {
typeof(obj.pass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -500,6 +511,8 @@ function end(obj, coll, guid, offline, socket) {
socket.emit("update_required", result); socket.emit("update_required", result);
return; return;
} }
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) {
obj.pass = userpass;
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) {
@@ -529,6 +542,7 @@ function end(obj, coll, guid, offline, socket) {
socket.emit("auth_required"); socket.emit("auth_required");
} }
}); });
});
} else { } else {
var result = { var result = {
msg: { msg: {

35
server/handlers/list_change.js
View File

@@ -43,8 +43,7 @@ function add_function(arr, coll, guid, offline, socket) {
typeof(arr.end) != "number" || typeof(arr.title) != "string" || typeof(arr.end) != "number" || typeof(arr.title) != "string" ||
typeof(arr.list) != "string" || typeof(arr.duration) != "number" || typeof(arr.list) != "string" || typeof(arr.duration) != "number" ||
typeof(arr.playlist) != "boolean" || typeof(arr.num) != "number" || typeof(arr.playlist) != "boolean" || typeof(arr.num) != "number" ||
typeof(arr.total) != "number" || typeof(arr.pass) != "string" || typeof(arr.total) != "number") {
typeof(arr.adminpass) != "string") {
var result = { var result = {
start: { start: {
expected: "number or string that can be cast to int", expected: "number or string that can be cast to int",
@@ -90,7 +89,9 @@ function add_function(arr, coll, guid, offline, socket) {
socket.emit('update_required', result); socket.emit('update_required', result);
return; return;
} }
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
arr.adminpass = adminpass;
arr.userpass = userpass;
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, arr.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, arr.pass)).digest("base64")))) {
@@ -228,6 +229,7 @@ function add_function(arr, coll, guid, offline, socket) {
socket.emit("auth_required"); socket.emit("auth_required");
} }
}); });
});
} else { } else {
var result = { var result = {
arr: { arr: {
@@ -248,10 +250,8 @@ function voteUndecided(msg, coll, guid, offline, socket) {
if(typeof(msg) === 'object' && msg !== undefined && msg !== null){ if(typeof(msg) === 'object' && msg !== undefined && msg !== null){
if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("id") || if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("id") ||
!msg.hasOwnProperty("type") || !msg.hasOwnProperty("adminpass") || !msg.hasOwnProperty("type") || typeof(msg.channel) != "string" ||
!msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" || typeof(msg.id) != "string" || typeof(msg.type) != "string") {
typeof(msg.channel) != "string" || typeof(msg.id) != "string" ||
typeof(msg.type) != "string" || typeof(msg.adminpass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -278,6 +278,9 @@ function voteUndecided(msg, coll, guid, offline, socket) {
return; return;
} }
coll = msg.channel.toLowerCase();; coll = msg.channel.toLowerCase();;
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
msg.adminpass = adminpass;
msg.pass = userpass;
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) {
@@ -300,6 +303,7 @@ function voteUndecided(msg, coll, guid, offline, socket) {
socket.emit("auth_required"); socket.emit("auth_required");
} }
}); });
});
} else { } else {
var result = { var result = {
msg: { msg: {
@@ -315,9 +319,7 @@ function shuffle(msg, coll, guid, offline, socket) {
var socketid = socket.zoff_id; var socketid = socket.zoff_id;
if(!msg.hasOwnProperty("adminpass") || !msg.hasOwnProperty("channel") || if(!msg.hasOwnProperty("channel") || typeof(msg.channel) != "string") {
!msg.hasOwnProperty("pass") || typeof(msg.adminpass) != "string" ||
typeof(msg.channel) != "string" || typeof(msg.pass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -337,6 +339,9 @@ function shuffle(msg, coll, guid, offline, socket) {
} }
coll = msg.channel.toLowerCase(); coll = msg.channel.toLowerCase();
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
msg.adminpass = adminpass;
msg.pass = userpass;
db.collection("timeout_api").find({ db.collection("timeout_api").find({
type: "shuffle", type: "shuffle",
guid: coll, guid: coll,
@@ -394,6 +399,7 @@ function shuffle(msg, coll, guid, offline, socket) {
}; };
}); });
}); });
});
} }
function del(params, socket, socketid) { function del(params, socket, socketid) {
@@ -427,9 +433,7 @@ function del(params, socket, socketid) {
function delete_all(msg, coll, guid, offline, socket) { function delete_all(msg, coll, guid, offline, socket) {
var socketid = socket.zoff_id; var socketid = socket.zoff_id;
if(typeof(msg) == 'object' ) { if(typeof(msg) == 'object' ) {
if(!msg.hasOwnProperty('channel') || !msg.hasOwnProperty('adminpass') || if(!msg.hasOwnProperty('channel') || typeof(msg.channel) != "string") {
!msg.hasOwnProperty('pass') || typeof(msg.channel) != "string" ||
typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -447,7 +451,9 @@ function delete_all(msg, coll, guid, offline, socket) {
socket.emit('update_required', result); socket.emit('update_required', result);
return; return;
} }
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
msg.adminpass = adminpass;
msg.pass = userpass;
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true)); var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true));
var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64"); var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64");
db.collection(coll + "_settings").find(function(err, conf) { db.collection(coll + "_settings").find(function(err, conf) {
@@ -464,6 +470,7 @@ function delete_all(msg, coll, guid, offline, socket) {
} }
} }
}); });
});
} else { } else {
var result = { var result = {
msg: { msg: {

42
server/handlers/list_settings.js
View File

@@ -1,4 +1,6 @@
function password(inp, coll, guid, offline, socket) { function password(inp, coll, guid, offline, socket) {
var sessionId = Functions.getSession(socket);
if(sessionId == "") sessionId = "empty";
if(inp !== undefined && inp !== null && inp !== "") if(inp !== undefined && inp !== null && inp !== "")
{ {
if(!inp.hasOwnProperty("password") || !inp.hasOwnProperty("channel") || if(!inp.hasOwnProperty("password") || !inp.hasOwnProperty("channel") ||
@@ -17,7 +19,6 @@ function password(inp, coll, guid, offline, socket) {
return; return;
} }
pw = inp.password; pw = inp.password;
opw = inp.password;
try { try {
coll = inp.channel; coll = inp.channel;
if(coll.length == 0) return; if(coll.length == 0) return;
@@ -32,28 +33,40 @@ function password(inp, coll, guid, offline, socket) {
uncrypted = pw; uncrypted = pw;
pw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, pw), true); pw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, pw), true);
Functions.check_inlist(coll, guid, socket, offline); Functions.check_inlist(coll, guid, socket, offline);
if(inp.oldpass) Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) {
{
opw = inp.oldpass;
}
opw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, opw), true);
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0) if(docs !== null && docs.length !== 0)
{ {
if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(opw)) if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(pw))
{ {
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){ db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(inp.oldpass) if(adminpass != pw) {
socket.emit("toast", "changedpass"); socket.emit("toast", "changedpass");
else } else {
socket.emit("toast", "correctpass"); socket.emit("toast", "correctpass");
}
socket.emit("pw", true); socket.emit("pw", true);
}); });
}else });
} else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass), true))) {
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(adminpass != pw) {
socket.emit("toast", "changedpass");
}
socket.emit("pw", true);
});
});
} else {
Functions.setSessionAdminPass(Functions.getSession(socket), "", coll, function() {
socket.emit("toast", "wrongpass"); socket.emit("toast", "wrongpass");
socket.emit("pw", false); socket.emit("pw", false);
});
} }
}
});
}); });
} else { } else {
var result = { var result = {
@@ -89,7 +102,12 @@ function conf_function(params, coll, guid, offline, socket) {
Functions.check_inlist(coll, guid, socket, offline); Functions.check_inlist(coll, guid, socket, offline);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(gotten) {
params.adminpass = adminpass;
if(!params.userpass_changed) params.userpass = userpass;
}
if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') || if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') ||
!params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') || !params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') ||
!params.hasOwnProperty('allvideos') || !params.hasOwnProperty('removeplay') || !params.hasOwnProperty('allvideos') || !params.hasOwnProperty('removeplay') ||
@@ -192,6 +210,7 @@ function conf_function(params, coll, guid, offline, socket) {
db.collection(coll + "_settings").update({ id: "config" }, { db.collection(coll + "_settings").update({ id: "config" }, {
$set:obj $set:obj
}, function(err, docs){ }, function(err, docs){
Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() {
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs[0].adminpass !== "") docs[0].adminpass = true; if(docs[0].adminpass !== "") docs[0].adminpass = true;
if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true; if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true;
@@ -205,10 +224,12 @@ function conf_function(params, coll, guid, offline, socket) {
{upsert:true}, function(err, docs){}); {upsert:true}, function(err, docs){});
}); });
}); });
});
} else { } else {
socket.emit("toast", "wrongpass"); socket.emit("toast", "wrongpass");
} }
}); });
});
} else { } else {
var result = { var result = {
params: { params: {
@@ -218,6 +239,7 @@ function conf_function(params, coll, guid, offline, socket) {
} }
socket.emit('update_required', result); socket.emit('update_required', result);
} }
} }
module.exports.password = password; module.exports.password = password;

21
server/handlers/suggestions.js
View File

@@ -1,7 +1,7 @@
function thumbnail(msg, coll, guid, offline, socket) { function thumbnail(msg, coll, guid, offline, socket) {
if(msg.thumbnail && msg.channel && msg.adminpass && msg.thumbnail.indexOf("i.imgur.com") > -1){ if(msg.thumbnail && msg.channel && msg.thumbnail.indexOf("i.imgur.com") > -1){
if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string" || if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string")
typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") { {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -23,6 +23,10 @@ function thumbnail(msg, coll, guid, offline, socket) {
socket.emit("update_required", result); socket.emit("update_required", result);
return; return;
} }
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
msg.userpass = userpass;
msg.adminpass = adminpass;
msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, ""); msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, "");
if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail; if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail;
var channel = msg.channel.toLowerCase(); var channel = msg.channel.toLowerCase();
@@ -39,15 +43,15 @@ function thumbnail(msg, coll, guid, offline, socket) {
socket.emit("auth_required"); socket.emit("auth_required");
} }
}); });
});
} else { } else {
socket.emit("toast", "thumbnail_denied"); socket.emit("toast", "thumbnail_denied");
} }
} }
function description(msg, coll, guid, offline, socket) { function description(msg, coll, guid, offline, socket) {
if(msg.description && msg.channel && msg.adminpass && msg.description.length < 100){ if(msg.description && msg.channel && msg.description.length < 100){
if(typeof(msg.channel) != "string" || typeof(msg.description) != "string" || if(typeof(msg.channel) != "string" || typeof(msg.description) != "string") {
typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") {
var result = { var result = {
channel: { channel: {
expected: "string", expected: "string",
@@ -69,6 +73,10 @@ function description(msg, coll, guid, offline, socket) {
socket.emit("update_required", result); socket.emit("update_required", result);
return; return;
} }
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
msg.userpass = userpass;
msg.adminpass = adminpass;
var channel = msg.channel.toLowerCase(); var channel = msg.channel.toLowerCase();
var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass)); var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass));
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
@@ -83,6 +91,7 @@ function description(msg, coll, guid, offline, socket) {
socket.emit("auth_required"); socket.emit("auth_required");
} }
}); });
});
} else { } else {
socket.emit("toast", "description_denied"); socket.emit("toast", "description_denied");
} }

43
server/public/assets/js/admin.js
View File

@@ -1,16 +1,18 @@
var Admin = { var Admin = {
beginning:true, beginning:true,
logged_in: false,
pw: function(msg) { pw: function(msg) {
Admin.logged_in = msg;
if(!msg) return; if(!msg) return;
w_p = false; w_p = false;
if(adminpass == undefined || adminpass == "") { if(adminpass == undefined || adminpass == "") {
adminpass = Crypt.get_pass(chan.toLowerCase()); //adminpass = Crypt.get_pass(chan.toLowerCase());
} }
names = ["vote","addsongs","longsongs","frontpage", "allvideos", names = ["vote","addsongs","longsongs","frontpage", "allvideos",
"removeplay", "skip", "shuffle", "userpass"]; "removeplay", "skip", "shuffle", "userpass"];
Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass); //Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass);
for (var i = 0; i < names.length; i++) { for (var i = 0; i < names.length; i++) {
$("input[name="+names[i]+"]").attr("disabled", false); $("input[name="+names[i]+"]").attr("disabled", false);
@@ -57,11 +59,11 @@ var Admin = {
conf: function(msg) { conf: function(msg) {
if(msg[0].adminpass == ""){ if(msg[0].adminpass == ""){
Crypt.remove_pass(chan.toLowerCase()); ////Crypt.remove_pass(chan.toLowerCase());
} }
Admin.set_conf(msg[0]); Admin.set_conf(msg[0]);
if(msg[0].adminpass !== "" && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Admin.beginning && Crypt.get_pass(chan.toLowerCase()) !== "")){ if(msg[0].adminpass !== "" && Admin.beginning){
emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()}); //emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()});
Admin.beginning = false; Admin.beginning = false;
} }
}, },
@@ -69,7 +71,7 @@ var Admin = {
pass_save: function() { pass_save: function() {
if(!w_p) { if(!w_p) {
//emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))}); //emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))});
emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))}); emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()});
} else { } else {
//emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase()}); //emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase()});
emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()}); emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()});
@@ -78,9 +80,11 @@ var Admin = {
log_out: function() { log_out: function() {
before_toast(); before_toast();
if(Crypt.get_pass(chan.toLowerCase())) { /*if(Crypt.get_pass(chan.toLowerCase())) {*/
Crypt.remove_pass(chan.toLowerCase()); //Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out(); Admin.display_logged_out();
if(Admin.logged_in) {
socket.emit("logout");
Materialize.toast("Logged out", 4000); Materialize.toast("Logged out", 4000);
} else { } else {
Materialize.toast("Not logged in", 4000); Materialize.toast("Not logged in", 4000);
@@ -92,7 +96,6 @@ var Admin = {
adminpass = ""; adminpass = "";
names = ["vote","addsongs","longsongs","frontpage", "allvideos", names = ["vote","addsongs","longsongs","frontpage", "allvideos",
"removeplay", "skip", "shuffle"]; "removeplay", "skip", "shuffle"];
document.getElementById("password").value = ""; document.getElementById("password").value = "";
$("#thumbnail_form").css("display", "none"); $("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none"); $("#description_form").css("display", "none");
@@ -152,21 +155,13 @@ var Admin = {
"removeplay", "skip", "shuffle", "userpass"]; "removeplay", "skip", "shuffle", "userpass"];
if(conf_array.adminpass === "" || !w_p){ hasadmin = conf_array.adminpass != "";
hasadmin = false;
if(!Helper.mobilecheck()) {
//$(".playlist-tabs").removeClass("hide");
//$("#wrapper").toggleClass("tabs_height");
}
}
else hasadmin = true;
for (var i = 0; i < names.length; i++) { for (var i = 0; i < names.length; i++) {
document.getElementsByName(names[i])[0].checked = (conf_array[names[i]] === true); document.getElementsByName(names[i])[0].checked = (conf_array[names[i]] === true);
$("input[name="+names[i]+"]").attr("disabled", hasadmin); $("input[name="+names[i]+"]").attr("disabled", !Admin.logged_in);
} }
if((hasadmin) && !Admin.logged_in) {
if((hasadmin)) {
if($("#admin-lock").html() != "lock") Admin.display_logged_out(); if($("#admin-lock").html() != "lock") Admin.display_logged_out();
} else if(!hasadmin && Crypt.get_pass(chan.toLowerCase()) === undefined) { } else if(!hasadmin && Crypt.get_pass(chan.toLowerCase()) === undefined) {
if(!Helper.contains($(".playlist-tabs").attr("class").split(" "), "hide")) { if(!Helper.contains($(".playlist-tabs").attr("class").split(" "), "hide")) {
@@ -182,7 +177,7 @@ var Admin = {
if(!$(".password_protected").prop("checked") && !$(".change_user_pass").hasClass("hide")) { if(!$(".password_protected").prop("checked") && !$(".change_user_pass").hasClass("hide")) {
$(".change_user_pass").addClass("hide"); $(".change_user_pass").addClass("hide");
Crypt.remove_userpass(chan.toLowerCase()); //Crypt.remove_userpass(chan.toLowerCase());
} }
if(conf_array.thumbnail != undefined && conf_array.thumbnail != "") { if(conf_array.thumbnail != undefined && conf_array.thumbnail != "") {
@@ -220,7 +215,7 @@ var Admin = {
userpass_changed: userpass_changed userpass_changed: userpass_changed
}; };
if(userpass_changed){ if(userpass_changed){
Crypt.set_userpass(chan.toLowerCase(), userpass); //Crypt.set_userpass(chan.toLowerCase(), userpass);
} }
emit("conf", configs); emit("conf", configs);
}, },
@@ -231,9 +226,9 @@ var Admin = {
shuffle: function() { shuffle: function() {
if(!offline) { if(!offline) {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); //var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";
emit('shuffle', {adminpass: adminpass !== undefined ? Crypt.crypt_pass(adminpass) : "", channel: chan.toLowerCase(), pass: embed ? '' : u}); emit('shuffle', {channel: chan.toLowerCase()});
} else { } else {
for(var x = 0; x < full_playlist.length; x++){ for(var x = 0; x < full_playlist.length; x++){
var num = Math.floor(Math.random()*1000000); var num = Math.floor(Math.random()*1000000);

12
server/public/assets/js/channel.js
View File

@@ -17,7 +17,7 @@ var Channel = {
$(".pagination-results").addClass("client-pagination-height"); $(".pagination-results").addClass("client-pagination-height");
$(".control-list").addClass("client-control-list"); $(".control-list").addClass("client-control-list");
} }
Admin.display_logged_out(); if(!Admin.logged_in) Admin.display_logged_out();
number_suggested = 0; number_suggested = 0;
var no_socket = true; var no_socket = true;
@@ -532,7 +532,7 @@ var Channel = {
var add = ""; var add = "";
w_p = true; w_p = true;
if(private_channel) add = Crypt.getCookie("_uI") + "_"; if(private_channel) add = Crypt.getCookie("_uI") + "_";
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
} else if(url_split[3] === "") { } else if(url_split[3] === "") {
/*if(client) { /*if(client) {
var host = window.location.hostname.split("."); var host = window.location.hostname.split(".");
@@ -682,12 +682,12 @@ var Channel = {
function get_history() { function get_history() {
if(socket && socket.id) { if(socket && socket.id) {
var p = Crypt.get_userpass(); /*var p = Crypt.get_userpass();
if(p == undefined) p = ""; if(p == undefined) p = "";
var c = Crypt.crypt_pass(p, true); var c = Crypt.crypt_pass(p, true);
if(c == undefined) c = ""; if(c == undefined) c = "";*/
socket.emit("get_history", {channel: chan.toLowerCase(), all: false, pass: embed ? '' : c}); socket.emit("get_history", {channel: chan.toLowerCase(), all: false});
socket.emit("get_history", {channel: chan.toLowerCase(), all: true, pass: ""}); socket.emit("get_history", {channel: chan.toLowerCase(), all: true});
} else { } else {
setTimeout(function() { setTimeout(function() {
get_history(); get_history();

8
server/public/assets/js/chat.js
View File

@@ -9,8 +9,7 @@ var Chat = {
if(input.length == 2) { if(input.length == 2) {
var name = input[0]; var name = input[0];
var password = input[1]; var password = input[1];
temp_name = name;
temp_pass = password;
password = Crypt.crypt_chat_pass(password); password = Crypt.crypt_chat_pass(password);
socket.emit("namechange", {name: name, channel: chan.toLowerCase(), password: password, first: first}); socket.emit("namechange", {name: name, channel: chan.toLowerCase(), password: password, first: first});
} else if(input.length == 3) { } else if(input.length == 3) {
@@ -18,8 +17,7 @@ var Chat = {
var new_password = input[1]; var new_password = input[1];
var old_password = input[2]; var old_password = input[2];
temp_name = name;
temp_pass = password;
new_password = Crypt.crypt_chat_pass(new_password); new_password = Crypt.crypt_chat_pass(new_password);
old_password = Crypt.crypt_chat_pass(old_password); old_password = Crypt.crypt_chat_pass(old_password);
@@ -83,7 +81,7 @@ var Chat = {
} else if($(".chat-tab-li a.active").attr("href") == "#all_chat") { } else if($(".chat-tab-li a.active").attr("href") == "#all_chat") {
socket.emit("all,chat", {channel: chan.toLowerCase(), data: data.value}); socket.emit("all,chat", {channel: chan.toLowerCase(), data: data.value});
} else { } else {
socket.emit("chat", {channel: chan.toLowerCase(), data: data.value, pass: embed ? '' : Crypt.crypt_chat_pass(Crypt.get_userpass(chan.toLowerCase()))}); socket.emit("chat", {channel: chan.toLowerCase(), data: data.value});
} }
data.value = ""; data.value = "";
return; return;

8
server/public/assets/js/crypt.js
View File

@@ -23,9 +23,9 @@ var Crypt = {
if(window.location.pathname != "/") { if(window.location.pathname != "/") {
try { try {
Crypt.conf_pass = Crypt.decrypt(Crypt.getCookie(chan.toLowerCase()), chan.toLowerCase()); //Crypt.conf_pass = Crypt.decrypt(Crypt.getCookie(chan.toLowerCase()), chan.toLowerCase());
} catch(err) { } catch(err) {
Crypt.conf_pass = Crypt.decrypt(Crypt.create_cookie(chan.toLowerCase()), chan.toLowerCase()); //Crypt.conf_pass = Crypt.decrypt(Crypt.create_cookie(chan.toLowerCase()), chan.toLowerCase());
} }
Hostcontroller.change_enabled(conf_arr.remote); Hostcontroller.change_enabled(conf_arr.remote);
@@ -148,7 +148,7 @@ var Crypt = {
return Crypt.getCookie(name); return Crypt.getCookie(name);
}, },
set_pass: function(chan, pass) { /*set_pass: function(chan, pass) {
Crypt.conf_pass.passwords[chan] = pass; Crypt.conf_pass.passwords[chan] = pass;
Crypt.encrypt(Crypt.conf_pass, chan); Crypt.encrypt(Crypt.conf_pass, chan);
}, },
@@ -166,7 +166,7 @@ var Crypt = {
remove_userpass:function(chan) { remove_userpass:function(chan) {
delete Crypt.conf_pass.passwords["userpass"]; delete Crypt.conf_pass.passwords["userpass"];
Crypt.encrypt(Crypt.conf_pass, chan.toLowerCase()); Crypt.encrypt(Crypt.conf_pass, chan.toLowerCase());
}, },*/
set_name:function(name, pass) { set_name:function(name, pass) {
conf_arr.name = encodeURIComponent(name).replace(/\W/g, ''); conf_arr.name = encodeURIComponent(name).replace(/\W/g, '');

4
server/public/assets/js/embed.js
View File

@@ -195,7 +195,7 @@ function toast(msg) {
case "wrongpass": case "wrongpass":
if(embed) return; if(embed) return;
msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]); msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]);
Crypt.remove_pass(chan.toLowerCase()); //Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out(); Admin.display_logged_out();
$("#thumbnail_form").css("display", "none"); $("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none"); $("#description_form").css("display", "none");
@@ -242,7 +242,7 @@ function toast(msg) {
} }
tried_again = false; tried_again = false;
msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]); msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]);
Crypt.remove_pass(chan.toLowerCase()); //Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out(); Admin.display_logged_out();
$("#thumbnail_form").css("display", "none"); $("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none"); $("#description_form").css("display", "none");

73
server/public/assets/js/functions.js
View File

@@ -97,7 +97,7 @@ function hide_native(way) {
$("#chromecast_text").html(""); $("#chromecast_text").html("");
$("#playing_on").css("display", "none"); $("#playing_on").css("display", "none");
if(!offline){ if(!offline){
socket.emit('pos', {channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); socket.emit('pos', {channel: chan.toLowerCase()});
} else { } else {
Player.loadVideoById(video_id); Player.loadVideoById(video_id);
} }
@@ -111,14 +111,14 @@ function chromecastListener(evt, data) {
if(offline){ if(offline){
Player.playNext(); Player.playNext();
} else { } else {
socket.emit("end", {id: json_parsed.videoId, channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); socket.emit("end", {id: json_parsed.videoId, channel: chan.toLowerCase()});
} }
break; break;
case 0: case 0:
if(offline){ if(offline){
Player.playNext(); Player.playNext();
} else { } else {
emit("skip", {error: json_parsed.data_code, id: json_parsed.videoId, pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); emit("skip", {error: json_parsed.data_code, id: json_parsed.videoId, channel: chan.toLowerCase()});
} }
break; break;
case 1: case 1:
@@ -142,7 +142,7 @@ function start_auth() {
$("#player_overlay").removeClass("hide"); $("#player_overlay").removeClass("hide");
$("#player_overlay").css("display", "block"); $("#player_overlay").css("display", "block");
$("#user_password").modal("open"); $("#user_password").modal("open");
Crypt.remove_userpass(chan.toLowerCase()); //Crypt.remove_userpass(chan.toLowerCase());
before_toast(); before_toast();
Materialize.toast("That is not the correct password, try again..", 4000); Materialize.toast("That is not the correct password, try again..", 4000);
} }
@@ -151,10 +151,10 @@ function start_auth() {
function emit_list() { function emit_list() {
var add = ""; var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_"; if(private_channel) add = Crypt.getCookie("_uI") + "_";
var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(p == undefined) p = ""; if(p == undefined) p = "";*/
if(socket.id) { if(socket.id) {
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : p}); socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
} else { } else {
setTimeout(function(){ setTimeout(function(){
emit_list(); emit_list();
@@ -163,14 +163,11 @@ function emit_list() {
} }
function get_list_ajax() { function get_list_ajax() {
var c = Crypt.get_userpass(chan.toLowerCase()); //var c = Crypt.get_userpass(chan.toLowerCase());
if(c == "" || c == undefined) {
c = "";
}
$.ajax({ $.ajax({
type: "POST", type: "POST",
data: { data: {
userpass: c, userpass: "",
}, },
url: "/api/list/" + chan.toLowerCase(), url: "/api/list/" + chan.toLowerCase(),
success: function(response) { success: function(response) {
@@ -198,12 +195,12 @@ function get_list_ajax() {
} }
function get_np_ajax() { function get_np_ajax() {
var c = Crypt.get_userpass(chan.toLowerCase()); /*var c = Crypt.get_userpass(chan.toLowerCase());
if(c == undefined) c = ""; if(c == undefined) c = "";*/
$.ajax({ $.ajax({
type: "POST", type: "POST",
data: { data: {
userpass: c, userpass: "",
fetch_song: true fetch_song: true
}, },
url: "/api/list/" + chan.toLowerCase() + "/__np__", url: "/api/list/" + chan.toLowerCase() + "/__np__",
@@ -223,15 +220,15 @@ function get_np_ajax() {
} }
function del_ajax(id) { function del_ajax(id) {
var a = Crypt.get_pass(chan.toLowerCase()); /*var a = Crypt.get_pass(chan.toLowerCase());
var u = Crypt.get_userpass(chan.toLowerCase()); var u = Crypt.get_userpass(chan.toLowerCase());
if(a == undefined) a = ""; if(a == undefined) a = "";
if(u == undefined) u = ""; if(u == undefined) u = "";*/
$.ajax({ $.ajax({
type: "DELETE", type: "DELETE",
data: { data: {
adminpass: a, adminpass: "",
userpass: u userpass: ""
}, },
url: "/api/list/" + chan.toLowerCase() + "/" + id, url: "/api/list/" + chan.toLowerCase() + "/" + id,
success: function(response) { success: function(response) {
@@ -250,15 +247,15 @@ function del_ajax(id) {
} }
function add_ajax(id, title, duration, playlist, num, full_num, start, end) { function add_ajax(id, title, duration, playlist, num, full_num, start, end) {
var a = Crypt.get_pass(chan.toLowerCase()); /*var a = Crypt.get_pass(chan.toLowerCase());
var u = Crypt.get_userpass(chan.toLowerCase()); var u = Crypt.get_userpass(chan.toLowerCase());
if(a == undefined) a = ""; if(a == undefined) a = "";
if(u == undefined) u = ""; if(u == undefined) u = "";*/
$.ajax({ $.ajax({
type: "POST", type: "POST",
data: { data: {
adminpass: a, adminpass: "",
userpass: u, userpass: "",
title: title, title: title,
duration: duration, duration: duration,
end_time: end, end_time: end,
@@ -281,15 +278,15 @@ function add_ajax(id, title, duration, playlist, num, full_num, start, end) {
} }
function vote_ajax(id) { function vote_ajax(id) {
var a = Crypt.get_pass(chan.toLowerCase()); /*var a = Crypt.get_pass(chan.toLowerCase());
var u = Crypt.get_userpass(chan.toLowerCase()); var u = Crypt.get_userpass(chan.toLowerCase());
if(a == undefined) a = ""; if(a == undefined) a = "";
if(u == undefined) u = ""; if(u == undefined) u = "";*/
$.ajax({ $.ajax({
type: "PUT", type: "PUT",
data: { data: {
adminpass: a, adminpass: "",
userpass: u userpass: ""
}, },
url: "/api/list/" + chan.toLowerCase() + "/" + id, url: "/api/list/" + chan.toLowerCase() + "/" + id,
success: function(response) { success: function(response) {
@@ -316,7 +313,7 @@ function setup_auth_listener() {
if(msg.hasOwnProperty("value") && msg.value) { if(msg.hasOwnProperty("value") && msg.value) {
if(temp_user_pass != "") { if(temp_user_pass != "") {
userpass = temp_user_pass; userpass = temp_user_pass;
Crypt.set_userpass(chan.toLowerCase(), userpass); //Crypt.set_userpass(chan.toLowerCase(), userpass);
} }
} }
}); });
@@ -347,11 +344,15 @@ function setup_youtube_listener(){
function get_list_listener(){ function get_list_listener(){
socket.on("get_list", function(){ socket.on("get_list", function(){
var add = ""; var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_"; //if(private_channel) add = Crypt.getCookie("_uI") + "_";
var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(p == undefined) p = ""; if(p == undefined) p = "";*/
socket.emit("list", { offline: offline, version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : p}); socket.emit("list", { offline: offline, version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
}); });
socket.on("id_chromecast", function(msg) {
chromecast_specs_sent = true;
castSession.sendMessage("urn:x-cast:zoff.me", {type: "mobilespecs", guid: msg, socketid: socket.id})
})
} }
function setup_suggested_listener(){ function setup_suggested_listener(){
@@ -538,10 +539,10 @@ function change_offline(enabled, already_offline){
$("#controls").off("click", Channel.seekToClick); $("#controls").off("click", Channel.seekToClick);
$("#seekToDuration").remove(); $("#seekToDuration").remove();
if(window.location.pathname != "/"){ if(window.location.pathname != "/"){
socket.emit("pos", {channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); socket.emit("pos", {channel: chan.toLowerCase()});
var add = ""; var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_"; if(private_channel) add = Crypt.getCookie("_uI") + "_";
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
if($("#controls").hasClass("ewresize")) $("#controls").removeClass("ewresize"); if($("#controls").hasClass("ewresize")) $("#controls").removeClass("ewresize");
} }
} }
@@ -591,7 +592,7 @@ function toast(msg) {
case "wrongpass": case "wrongpass":
if(embed) return; if(embed) return;
msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]); msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]);
Crypt.remove_pass(chan.toLowerCase()); //Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out(); Admin.display_logged_out();
$("#thumbnail_form").css("display", "none"); $("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none"); $("#description_form").css("display", "none");
@@ -638,7 +639,7 @@ function toast(msg) {
} }
tried_again = false; tried_again = false;
msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]); msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]);
Crypt.remove_pass(chan.toLowerCase()); //Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out(); Admin.display_logged_out();
$("#thumbnail_form").css("display", "none"); $("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none"); $("#description_form").css("display", "none");

2
server/public/assets/js/hostcontroller.js
View File

@@ -47,7 +47,7 @@ var Hostcontroller = {
w_p = true; w_p = true;
var add = ""; var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_"; if(private_channel) add = Crypt.getCookie("_uI") + "_";
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
window.history.pushState("object or string", "Title", "/"+chan.toLowerCase()); window.history.pushState("object or string", "Title", "/"+chan.toLowerCase());
} else if(arr.type == "pause") { } else if(arr.type == "pause") {

12
server/public/assets/js/list.js
View File

@@ -557,9 +557,9 @@ var List = {
return; return;
} }
if(!offline || (vote == "del" && (hasadmin && (!w_p && adminpass != "")))){ if(!offline || (vote == "del" && (hasadmin && (!w_p && adminpass != "")))){
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
emit('vote', {channel: chan, id: id, type: vote, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : u}); emit('vote', {channel: chan, id: id, type: vote});
} else { } else {
if(vote == "pos"){ if(vote == "pos"){
List.voted_song(id, (new Date()).getTime()/1000); List.voted_song(id, (new Date()).getTime()/1000);
@@ -572,9 +572,9 @@ var List = {
skip: function(way) { skip: function(way) {
if(!offline){ if(!offline){
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
emit('skip', {pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), id:video_id, channel: chan.toLowerCase(), userpass: embed ? '' : u}); emit('skip', {id:video_id, channel: chan.toLowerCase()});
} else { } else {
if(way) { if(way) {
Player.playNext(); Player.playNext();

17
server/public/assets/js/listeners.js
View File

@@ -196,9 +196,9 @@ $().ready(function(){
if(offline) { if(offline) {
socket.emit("offline", {status: true, channel: chan != undefined ? chan.toLowerCase() : ""}); socket.emit("offline", {status: true, channel: chan != undefined ? chan.toLowerCase() : ""});
} }
if(chan != undefined && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Crypt.get_pass(chan.toLowerCase()) !== "")){ /*if(chan != undefined && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Crypt.get_pass(chan.toLowerCase()) !== "")){
emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()}); emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()});
} }*/
if(chan != undefined && conf_arr.name !== undefined && conf_arr.name !== "" && conf_arr.chat_pass !== undefined && conf_arr.chat_pass !== ""){ if(chan != undefined && conf_arr.name !== undefined && conf_arr.name !== "" && conf_arr.chat_pass !== undefined && conf_arr.chat_pass !== ""){
setTimeout(function() { setTimeout(function() {
Chat.namechange(conf_arr.name + " " + conf_arr.chat_pass, true); Chat.namechange(conf_arr.name + " " + conf_arr.chat_pass, true);
@@ -212,7 +212,7 @@ $().ready(function(){
}); });
socket.on("name", function(data) { /*socket.on("name", function(data) {
if(data.type == "name" && data.accepted) { if(data.type == "name" && data.accepted) {
Crypt.set_name(temp_name, temp_pass); Crypt.set_name(temp_name, temp_pass);
temp_name = ""; temp_name = "";
@@ -221,7 +221,7 @@ $().ready(function(){
temp_name = ""; temp_name = "";
temp_pass = ""; temp_pass = "";
} }
}); });*/
socket.on("self_ping", function() { socket.on("self_ping", function() {
if(chan != undefined && chan.toLowerCase() != "") { if(chan != undefined && chan.toLowerCase() != "") {
@@ -268,8 +268,7 @@ initializeCastApi = function() {
castSession.sendMessage("urn:x-cast:zoff.me", {type: "nextVideo", videoId: full_playlist[0].id, title: full_playlist[0].title}) castSession.sendMessage("urn:x-cast:zoff.me", {type: "nextVideo", videoId: full_playlist[0].id, title: full_playlist[0].title})
if(Helper.mobilecheck() && !chromecast_specs_sent) { if(Helper.mobilecheck() && !chromecast_specs_sent) {
chromecast_specs_sent = true; socket.emit("get_id");
castSession.sendMessage("urn:x-cast:zoff.me", {type: "mobilespecs", guid: guid, socketid: socket.id, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)})
} }
hide_native(1); hide_native(1);
if(Helper.mobilecheck()) { if(Helper.mobilecheck()) {
@@ -382,7 +381,7 @@ $(document).on("click", ".pagination-results a", function(e) {
$(document).on("click", ".accept-delete", function(e) { $(document).on("click", ".accept-delete", function(e) {
e.preventDefault(); e.preventDefault();
emit("delete_all", {channel: chan.toLowerCase(), adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); emit("delete_all", {channel: chan.toLowerCase()});
$("#delete_song_alert").modal("close"); $("#delete_song_alert").modal("close");
}); });
@@ -475,13 +474,13 @@ $(document).on("click", "#offline-mode", function(e){
$(document).on("submit", "#thumbnail_form", function(e){ $(document).on("submit", "#thumbnail_form", function(e){
e.preventDefault(); e.preventDefault();
emit("suggest_thumbnail", {channel: chan, thumbnail: $("#chan_thumbnail").val(), adminpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); emit("suggest_thumbnail", {channel: chan, thumbnail: $("#chan_thumbnail").val()});
$("#chan_thumbnail").val(""); $("#chan_thumbnail").val("");
}); });
$(document).on("submit", "#description_form", function(e){ $(document).on("submit", "#description_form", function(e){
e.preventDefault(); e.preventDefault();
emit("suggest_description", {channel: chan, description: $("#chan_description").val(), adminpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)}); emit("suggest_description", {channel: chan, description: $("#chan_description").val()});
$("#chan_description").val(""); $("#chan_description").val("");
}); });

24
server/public/assets/js/player.js
View File

@@ -274,9 +274,9 @@ var Player = {
paused = false; paused = false;
if(!offline) { if(!offline) {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
socket.emit("end", {id: video_id, channel: chan.toLowerCase(), pass: embed ? '' : u}); socket.emit("end", {id: video_id, channel: chan.toLowerCase()});
} else { } else {
Player.playNext(); Player.playNext();
} }
@@ -310,9 +310,9 @@ var Player = {
$("#pause").toggleClass("hide"); $("#pause").toggleClass("hide");
} }
if((paused || was_stopped) && !offline) { if((paused || was_stopped) && !offline) {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
socket.emit('pos', {channel: chan.toLowerCase(), pass: embed ? '' : u}); socket.emit('pos', {channel: chan.toLowerCase()});
paused = false; paused = false;
was_stopped = false; was_stopped = false;
} }
@@ -555,9 +555,9 @@ var Player = {
if(!user_auth_started) { if(!user_auth_started) {
if(newState.data == 5 || newState.data == 100 || newState.data == 101 || newState.data == 150) { if(newState.data == 5 || newState.data == 100 || newState.data == 101 || newState.data == 150) {
curr_playing = Player.player.getVideoUrl().replace("https://www.youtube.com/watch?v=", ""); curr_playing = Player.player.getVideoUrl().replace("https://www.youtube.com/watch?v=", "");
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
emit("skip", {error: newState.data, id: video_id, pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : u}); emit("skip", {error: newState.data, id: video_id, channel: chan.toLowerCase()});
} else if(video_id !== undefined) { } else if(video_id !== undefined) {
Player.loadVideoById(video_id, duration); Player.loadVideoById(video_id, duration);
@@ -754,9 +754,9 @@ var Player = {
if(!offline) { if(!offline) {
Player.player.pauseVideo(); Player.player.pauseVideo();
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
socket.emit("end", {id: video_id, channel: chan.toLowerCase(), pass: embed ? '' : u}); socket.emit("end", {id: video_id, channel: chan.toLowerCase()});
} else { } else {
Player.playNext(); Player.playNext();
} }

6
server/public/assets/js/search.js
View File

@@ -453,9 +453,9 @@ var Search = {
List.vote(id, "pos"); List.vote(id, "pos");
} }
} else { } else {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true); /*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = ""; if(u == undefined) u = "";*/
emit("add", {id: id, start: start, end: end, title: title, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), list: chan.toLowerCase(), duration: duration, playlist: playlist, num: num, total: full_num, pass: embed ? '' : u}); emit("add", {id: id, start: start, end: end, title: title, list: chan.toLowerCase(), duration: duration, playlist: playlist, num: num, total: full_num});
}//[id, decodeURIComponent(title), adminpass, duration, playlist]); }//[id, decodeURIComponent(title), adminpass, duration, playlist]);
}, },

60
server/routing/client/api.js
View File

@@ -4,6 +4,8 @@ var path = require('path');
var mongojs = require('mongojs'); var mongojs = require('mongojs');
var ObjectId = mongojs.ObjectId; var ObjectId = mongojs.ObjectId;
var token_db = mongojs("tokens"); var token_db = mongojs("tokens");
var cookieParser = require("cookie-parser");
var cookies = require("cookie");
var toShowChannel = { var toShowChannel = {
start: 1, start: 1,
@@ -166,6 +168,15 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -220,6 +231,7 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
}); });
}); });
}); });
});
router.route('/api/conf/:channel_name').put(function(req, res) { router.route('/api/conf/:channel_name').put(function(req, res) {
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
@@ -307,7 +319,14 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
res.status(400).send(JSON.stringify(result)); res.status(400).send(JSON.stringify(result));
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -380,6 +399,7 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
}); });
}); });
}); });
});
router.route('/api/list/:channel_name/:video_id').put(function(req,res) { router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
@@ -421,7 +441,14 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
res.status(400).send(JSON.stringify(to_send)); res.status(400).send(JSON.stringify(to_send));
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -471,6 +498,7 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
}); });
}); });
}); });
});
router.route('/api/list/:channel_name/__np__').post(function(req, res) { router.route('/api/list/:channel_name/__np__').post(function(req, res) {
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
@@ -506,6 +534,11 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
res.status(400).send(JSON.stringify(to_send)); res.status(400).send(JSON.stringify(to_send));
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -546,6 +579,7 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
}); });
}); });
}); });
});
router.route('/api/list/:channel_name/:video_id').post(function(req,res) { router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
@@ -617,7 +651,14 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
res.status(400).send(JSON.stringify(to_send)); res.status(400).send(JSON.stringify(to_send));
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) { if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -710,6 +751,7 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
}); });
}); });
}); });
});
router.route('/api/list/:channel_name').get(function(req, res) { router.route('/api/list/:channel_name').get(function(req, res) {
res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Origin", "*");
@@ -835,6 +877,11 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
res.status(400).send(JSON.stringify(to_send)); res.status(400).send(JSON.stringify(to_send));
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
@@ -882,6 +929,7 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
}); });
}); });
}); });
});
function checkOveruseApiToken(authorized, token_docs, res, callback) { function checkOveruseApiToken(authorized, token_docs, res, callback) {
if(!authorized || (authorized && token_docs[0].limit == 0)) { if(!authorized || (authorized && token_docs[0].limit == 0)) {
@@ -947,6 +995,11 @@ router.route('/api/list/:channel_name').post(function(req, res) {
return; return;
} }
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
@@ -990,6 +1043,7 @@ router.route('/api/list/:channel_name').post(function(req, res) {
}); });
}); });
}); });
});
function incrementToken(token) { function incrementToken(token) {
token_db.collection("api_token").update({token: token}, {$inc: {usage: 1}}, function(err, doc) { token_db.collection("api_token").update({token: token}, {$inc: {usage: 1}}, function(err, doc) {