KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-12-08 20:48:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Started work for having session-logins instead of sending passwords back and forth

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-03-13 16:26:51 +01:00
parent 8c1c0011a2
commit 82140ace20
24 changed files with 1371 additions and 1078 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
package-lock.json generated
View File

@@ -2436,6 +2436,11 @@
"version": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
"integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4="
},
"q": {
"version": "1.5.1",
"resolved": "https://registry.npmjs.org/q/-/q-1.5.1.tgz",
"integrity": "sha1-fjL3W0E4EpHQRhHxvxQQmsAGUdc="
},
"qs": {
"version": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
"integrity": "sha1-NJzfbu+J7EXBLX1es/wMhwNDptg="

1
package.json
View File

@@ -56,6 +56,7 @@
"nodemailer": "^4.0.1",
"passport": "^0.4.0",
"passport-local": "^1.0.0",
"q": "^1.5.1",
"redis": "^2.8.0",
"request": "^2.72.0",
"socket.io": "^2.0.4",

23
server/apps/client.js
View File

@@ -1,4 +1,18 @@
VERSION = require(pathThumbnails + '/VERSION.js');
var secure = false;
try {
var cert_config = require(path.join(path.join(__dirname, 'config'), 'cert_config.js'));
var fs = require('fs');
var privateKey = fs.readFileSync(cert_config.privateKey).toString();
var certificate = fs.readFileSync(cert_config.certificate).toString();
var ca = fs.readFileSync(cert_config.ca).toString();
var credentials = {
key: privateKey,
cert: certificate,
ca: ca
};
secure = true;
} catch(err){}
var add = "";
var path = require('path');
@@ -20,7 +34,8 @@ app.enable('view cache');
app.set('views', publicPath);
var bodyParser = require('body-parser');
var cookieParser = require('cookie-parser')
var cookieParser = require("cookie-parser");
var cookies = require("cookie");
app.use( bodyParser.json() ); // to support JSON-encoded bodies
app.use(bodyParser.urlencoded({ // to support URL-encoded bodies
extended: true
@@ -70,8 +85,10 @@ app.get('/robots.txt', function (req, res) {
app.use(function (req, res, next) {
var cookie = req.cookies._uI;
if (cookie === undefined) {
var user_name = Functions.rndName(uniqid.time(), 15);
res.cookie('_uI',user_name, { maxAge: 365 * 10000 * 3600000 });
var user_name = Functions.hash_pass(Functions.rndName(uniqid.time(), 15));
res.cookie('_uI', user_name, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure });
} else {
res.cookie('_uI', cookie, { maxAge: 365 * 10000 * 3600000, httpOnly: true, secure: secure });
}
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

34
server/handlers/chat.js
View File

@@ -1,4 +1,4 @@
function get_history(channel, all, socket, pass) {
function get_history(channel, all, socket) {
var query = {};
if(all) {
query = {
@@ -10,7 +10,10 @@ function get_history(channel, all, socket, pass) {
channel: channel,
};
}
var pass = "";
if(!query.all) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) {
pass = userpass;
db.collection(channel + "_settings").find({id: "config"}, function(err, conf) {
if(conf.length > 0) {
if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, pass)).digest('base64')) {
@@ -18,6 +21,7 @@ function get_history(channel, all, socket, pass) {
}
}
});
});
} else {
getAndSendLogs(channel, all, socket, pass, query);
}
@@ -40,9 +44,7 @@ function getAndSendLogs(channel, all, socket, pass, query) {
function chat(msg, guid, offline, socket) {
if(typeof(msg) !== 'object' || !msg.hasOwnProperty('data') ||
!msg.hasOwnProperty('channel') || !msg.hasOwnProperty('pass') ||
typeof(msg.data) != "string" || typeof(msg.channel) != "string" ||
typeof(msg.pass) != "string") {
!msg.hasOwnProperty('channel') || typeof(msg.data) != "string" || typeof(msg.channel) != "string") {
var result = {
data: {
expected: "string",
@@ -61,6 +63,8 @@ function chat(msg, guid, offline, socket) {
return;
}
var coll = msg.channel.toLowerCase();
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) {
msg.pass = userpass;
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socket.zoff_id, msg.pass)).digest("base64")))) {
var data = msg.data;
@@ -86,6 +90,7 @@ function chat(msg, guid, offline, socket) {
socket.emit('auth_required');
}
});
});
}
function all_chat(msg, guid, offline, socket) {
@@ -135,6 +140,8 @@ function namechange(data, guid, socket, tried) {
var pw = "";
var new_password;
var first = false;
Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) {
var name = data.name;
if(data.hasOwnProperty("first")) {
first = data.first;
}
@@ -145,8 +152,12 @@ function namechange(data, guid, socket, tried) {
pw = data.old_password;
new_password = Functions.decrypt_string(socket.zoff_id, data.new_password);
}
if(data.hasOwnProperty("first") && data.first) {
pw = pass;
name = name;
new_password = false;
}
var password = Functions.decrypt_string(socket.zoff_id, pw);
var name = data.name;
db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) {
var accepted_password = false;
var icon = false;
@@ -155,14 +166,18 @@ function namechange(data, guid, socket, tried) {
return;
}
accepted_password = true;
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {});
});
} else if(docs[0].password == Functions.hash_pass(password)) {
if(docs[0].icon) {
icon = docs[0].icon;
}
accepted_password = true;
if(new_password) {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {});
});
}
}
if(accepted_password) {
@@ -172,7 +187,7 @@ function namechange(data, guid, socket, tried) {
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function() {});
db.collection("user_names").update({"guid": guid}, {$set: {name: name, icon: icon}}, function(err, docs) {
db.collection("user_names").update({"_id": "all_names"}, {$addToSet: {names: name}}, function(err, docs) {
socket.emit('name', {type: "name", accepted: true});
//socket.emit('name', {type: "name", accepted: true});
if(old_name != name && !first) {
io.to(data.channel).emit('chat', {from: old_name, msg: " changed name to " + name});
io.sockets.emit('chat.all', {from: old_name , msg: " changed name to " + name, channel: data.channel});
@@ -192,17 +207,20 @@ function namechange(data, guid, socket, tried) {
socket.emit('name', {type: "name", accepted: false});
}
});
});
}
function removename(guid, coll) {
function removename(guid, coll, socket) {
db.collection("user_names").find({"guid": guid}, function(err, docs) {
if(docs.length == 1) {
var old_name = docs[0].name;
Functions.removeSessionChatPass(Functions.getSession(socket), function() {
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) {
db.collection("user_names").remove({"guid": guid}, function(err, removed) {
get_name(guid, {announce: true, old_name: old_name, channel: coll});
});
});
});
}
});
}
@@ -234,7 +252,7 @@ function generate_name(guid, announce_payload, second) {
})
}
function get_name(guid, announce_payload) {
function get_name(guid, announce_payload, first) {
db.collection("user_names").find({"guid": guid}, function(err, docs) {
if(docs.length == 0) {
Chat.generate_name(guid, announce_payload);

3
server/handlers/db.js
View File

@@ -8,6 +8,7 @@ try {
}
var mongojs = require('mongojs');
var db = mongojs('mongodb://' + mongo_config.host + '/' + mongo_config.config);
var connected_db = mongojs('mongodb://' + mongo_config.host + '/user_credentials');
var ObjectId = mongojs.ObjectId;
db.collection("chat_logs").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 600 });
@@ -15,7 +16,7 @@ db.collection("timeout_api").createIndex({ "createdAt": 1 }, { expireAfterSecond
db.collection("api_links").createIndex({ "createdAt": 1 }, { expireAfterSeconds: 86400 });
db.on('connected', function(err) {
console.log("connected");
})
});
db.on('error',function(err) {
console.log("\n" + new Date().toString() + "\n Database error: ", err);

134
server/handlers/functions.js
View File

@@ -1,3 +1,13 @@
var path = require('path');
try {
var mongo_config = require(path.join(path.join(__dirname, '../config/'), 'mongo_config.js'));
} catch(e) {
console.log("Error - missing file");
console.log("Seems you forgot to create the file mongo_config.js in /server/config/. Have a look at mongo_config.example.js.");
process.exit();
}
var mongojs = require('mongojs');
var connected_db = mongojs('mongodb://' + mongo_config.host + '/user_credentials');
function remove_unique_id(short_id) {
db.collection("unique_ids").update({"_id": "unique_ids"}, {$pull: {unique_ids: short_id}}, function(err, docs) {});
@@ -9,6 +19,17 @@ function remove_name_from_db(guid, name) {
});
}
function getSession(socket) {
try {
var cookieParser = require("cookie-parser");
var cookie = require("cookie");
var parsedCookies = cookie.parse(socket.handshake.headers.cookie);
return parsedCookies["_uI"];
} catch(e) {
return "empty";
}
}
function remove_from_array(array, element){
if(Functions.contains(array, element)){
var index = array.indexOf(element);
@@ -139,6 +160,119 @@ function hash_pass(adminpass, hex) {
return crypto.createHash('sha256').update(adminpass).digest('base64');
}
function setSessionAdminPass(id, adminpass, list, callback) {
try {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).update({_id: list}, {$set: {adminpass: adminpass}}, {upsert: true}, function(e, d){
callback();
return;
});
} catch(e) {
}
}
function setSessionChatPass(id, name, pass, callback) {
try {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) {
callback();
return;
})
} catch(e) {
callback();
return;
}
}
function getSessionChatPass(id, callback) {
try {
if(id == "empty") {
callback("", "", false);
return;
}
connected_db.collection(id).find({_id: "_chat_"}, function(e, d) {
if(d.length > 0) {
var name = "";
var pass = "";
if(d[0].name != undefined) name = d[0].name;
if(d[0].password != undefined) pass = d[0].password;
callback(name, password);
return;
} else {
callback("", "", false);
return;
}
})
} catch(e) {
callback();
return;
}
}
function setSessionUserPass(id, userpass, list, callback) {
try {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).update({_id: list}, {$set: {userpass: userpass}}, {upsert: true}, function(e, d){
callback();
return;
});
} catch(e) {
callback();
}
}
function getSessionAdminUser(id, list, callback) {
try {
if(id == "empty") {
callback("", "", false);
return;
}
connected_db.collection(id).find({_id: list}, function(e, d) {
var userpass = "";
var adminpass = "";
if(d.length > 0) {
if(d[0].userpass != undefined) userpass = d[0].userpass;
if(d[0].adminpass != undefined) adminpass = d[0].adminpass;
}
callback(userpass, adminpass, true);
})
} catch(e) {
callback("", "", false);
}
}
function removeSessionChatPass(id, callback) {
if(id == "empty") {
callback();
return;
}
connected_db.collection(id).remove({_id: "_chat_"}, function() {
callback();
return;
});
}
module.exports.getSessionChatPass = getSessionChatPass;
module.exports.setSessionChatPass = setSessionChatPass;
module.exports.removeSessionChatPass = removeSessionChatPass;
module.exports.setSessionAdminPass = setSessionAdminPass;
module.exports.setSessionUserPass = setSessionUserPass;
module.exports.getSessionAdminUser = getSessionAdminUser;
module.exports.getSession = getSession;
module.exports.generate_channel_name = generate_channel_name;
module.exports.remove_unique_id = remove_unique_id;
module.exports.remove_name_from_db = remove_name_from_db;

34
server/handlers/io.js
View File

@@ -44,6 +44,10 @@ module.exports = function() {
}
});
socket.on("logout", function() {
Functions.setSessionAdminPass(Functions.getSession(socket), "", coll, function() {})
});
socket.on('chromecast', function(msg) {
try {
if(typeof(msg) == "object" && msg.hasOwnProperty("guid") &&
@@ -51,6 +55,14 @@ module.exports = function() {
typeof(msg.channel) == "string" && typeof(msg.socket_id) == "string") {
db.collection("connected_users").find({"_id": msg.channel}, function(err, connected_users_channel) {
if(connected_users_channel.length > 0 && connected_users_channel[0].users.indexOf(msg.guid) > -1) {
var q = socket.handshake.headers.cookie.split(" ");
for(var i = 0; i < q.length; i++) {
if(q[i].substring(0,4) == "_uI=") {
q[i] = "_uI=rpmFLmS2QvgRavsU6uTNYLAOWjXj5UUi0a4P24eqbao%3D; ";
break;
}
}
socket.handshake.headers.cookie = q.join(" ");
guid = msg.guid;
socketid = msg.socket_id;
socket.zoff_id = socketid;
@@ -66,6 +78,10 @@ module.exports = function() {
}
});
socket.on("get_id", function() {
socket.emit("id_chromecast", Functions.getSession(socket));
});
socket.on("error_video", function(msg) {
try {
var _list = msg.channel;
@@ -117,7 +133,7 @@ module.exports = function() {
socket.emit('update_required', result);
return;
}
Chat.removename(guid, msg.channel);
Chat.removename(guid, msg.channel, socket);
});
socket.on("offline", function(msg){
@@ -179,9 +195,7 @@ module.exports = function() {
socket.on('get_history', function(msg) {
if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("all") ||
!msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" ||
typeof(msg.channel) != "string" || typeof(msg.all) != "boolean") {
console.log("here");
var result = {
all: {
expected: "boolean",
@@ -199,7 +213,7 @@ module.exports = function() {
socket.emit('update_required', result);
return;
}
Chat.get_history(msg.channel, msg.all, socket, msg.pass);
Chat.get_history(msg.channel, msg.all, socket);
});
socket.on('chat', function (msg) {
@@ -399,8 +413,7 @@ module.exports = function() {
socket.on('pos', function(obj)
{
if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" ||
(obj.hasOwnProperty("pass") && typeof(obj.pass) != "string"))
if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string")
if(coll !== undefined) {
try {
coll = obj.channel.toLowerCase();
@@ -414,8 +427,7 @@ module.exports = function() {
}
}
if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string" ||
!obj.hasOwnProperty("pass") || typeof(obj.pass) != "string") {
if(!obj.hasOwnProperty("channel") || typeof(obj.channel) != "string") {
var result = {
channel: {
expected: "string",
@@ -431,6 +443,8 @@ module.exports = function() {
}
db.collection(coll + "_settings").find(function(err, docs) {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
obj.pass = userpass;
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) {
Functions.check_inlist(coll, guid, socket, offline);
List.send_play(coll, socket);
@@ -441,8 +455,12 @@ module.exports = function() {
});
});
});
//send_ping();
}
/*
function send_ping() {
db.collection("connected_users").update({users: {$exists: true}}, {$set: {users: []}}, {multi: true}, function(err, docs){

32
server/handlers/list.js
View File

@@ -22,9 +22,13 @@ function list(msg, guid, coll, offline, socket) {
if(typeof(msg) === 'object' && msg !== undefined && msg !== null)
{
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") || !msg.hasOwnProperty("pass") ||
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) {
msg.pass = userpass;
}
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") ||
msg.version != VERSION || msg.version == undefined ||
typeof(msg.channel) != "string" || typeof(msg.pass) != "string") {
typeof(msg.channel) != "string") {
var result = {
channel: {
expected: "string",
@@ -50,8 +54,12 @@ function list(msg, guid, coll, offline, socket) {
db.collection(coll + "_settings").find(function(err, docs) {
if(docs.length == 0 || (docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || docs[0].userpass == pass))) {
if(docs.length > 0 && docs[0].hasOwnProperty('userpass') && docs[0].userpass != "" && docs[0].userpass == pass) {
Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){})
socket.emit("auth_accepted", {value: true});
}
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, adminpass), true))) {
socket.emit("pw", true);
}
in_list = true;
socket.join(coll);
Functions.check_inlist(coll, guid, socket, offline);
@@ -80,6 +88,7 @@ function list(msg, guid, coll, offline, socket) {
});
}
});
});
} else {
var result = {
msg: {
@@ -109,10 +118,8 @@ function skip(list, guid, coll, offline, socket) {
return;
}
}
if(!list.hasOwnProperty("pass") || !list.hasOwnProperty("userpass") ||
!list.hasOwnProperty("id") || !list.hasOwnProperty("channel") ||
typeof(list.pass) != "string" || typeof(list.id) != "string" ||
typeof(list.channel) != "string" || typeof(list.userpass) != "string") {
if(!list.hasOwnProperty("id") || !list.hasOwnProperty("channel") ||
typeof(list.id) != "string" || typeof(list.channel) != "string") {
var result = {
channel: {
expected: "string",
@@ -134,6 +141,10 @@ function skip(list, guid, coll, offline, socket) {
socket.emit('update_required', result);
return;
}
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
list.pass = adminpass;
list.userpass = userpass;
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, list.userpass)).digest("base64")))) {
@@ -201,6 +212,7 @@ function skip(list, guid, coll, offline, socket) {
socket.emit("auth_required");
}
});
});
} else {
var result = {
msg: {
@@ -480,9 +492,8 @@ function end(obj, coll, guid, offline, socket) {
if(id !== undefined && id !== null && id !== "") {
if(!obj.hasOwnProperty("id") || !obj.hasOwnProperty("channel") || !obj.hasOwnProperty("pass") ||
typeof(obj.id) != "string" || typeof(obj.channel) != "string" ||
typeof(obj.pass) != "string") {
if(!obj.hasOwnProperty("id") || !obj.hasOwnProperty("channel") ||
typeof(obj.id) != "string" || typeof(obj.channel) != "string") {
var result = {
channel: {
expected: "string",
@@ -500,6 +511,8 @@ function end(obj, coll, guid, offline, socket) {
socket.emit("update_required", result);
return;
}
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) {
obj.pass = userpass;
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, obj.pass)).digest("base64")))) {
@@ -529,6 +542,7 @@ function end(obj, coll, guid, offline, socket) {
socket.emit("auth_required");
}
});
});
} else {
var result = {
msg: {

35
server/handlers/list_change.js
View File

@@ -43,8 +43,7 @@ function add_function(arr, coll, guid, offline, socket) {
typeof(arr.end) != "number" || typeof(arr.title) != "string" ||
typeof(arr.list) != "string" || typeof(arr.duration) != "number" ||
typeof(arr.playlist) != "boolean" || typeof(arr.num) != "number" ||
typeof(arr.total) != "number" || typeof(arr.pass) != "string" ||
typeof(arr.adminpass) != "string") {
typeof(arr.total) != "number") {
var result = {
start: {
expected: "number or string that can be cast to int",
@@ -90,7 +89,9 @@ function add_function(arr, coll, guid, offline, socket) {
socket.emit('update_required', result);
return;
}
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
arr.adminpass = adminpass;
arr.userpass = userpass;
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, arr.pass)).digest("base64")))) {
@@ -228,6 +229,7 @@ function add_function(arr, coll, guid, offline, socket) {
socket.emit("auth_required");
}
});
});
} else {
var result = {
arr: {
@@ -248,10 +250,8 @@ function voteUndecided(msg, coll, guid, offline, socket) {
if(typeof(msg) === 'object' && msg !== undefined && msg !== null){
if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("id") ||
!msg.hasOwnProperty("type") || !msg.hasOwnProperty("adminpass") ||
!msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" ||
typeof(msg.channel) != "string" || typeof(msg.id) != "string" ||
typeof(msg.type) != "string" || typeof(msg.adminpass) != "string") {
!msg.hasOwnProperty("type") || typeof(msg.channel) != "string" ||
typeof(msg.id) != "string" || typeof(msg.type) != "string") {
var result = {
channel: {
expected: "string",
@@ -278,6 +278,9 @@ function voteUndecided(msg, coll, guid, offline, socket) {
return;
}
coll = msg.channel.toLowerCase();;
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
msg.adminpass = adminpass;
msg.pass = userpass;
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) {
@@ -300,6 +303,7 @@ function voteUndecided(msg, coll, guid, offline, socket) {
socket.emit("auth_required");
}
});
});
} else {
var result = {
msg: {
@@ -315,9 +319,7 @@ function shuffle(msg, coll, guid, offline, socket) {
var socketid = socket.zoff_id;
if(!msg.hasOwnProperty("adminpass") || !msg.hasOwnProperty("channel") ||
!msg.hasOwnProperty("pass") || typeof(msg.adminpass) != "string" ||
typeof(msg.channel) != "string" || typeof(msg.pass) != "string") {
if(!msg.hasOwnProperty("channel") || typeof(msg.channel) != "string") {
var result = {
channel: {
expected: "string",
@@ -337,6 +339,9 @@ function shuffle(msg, coll, guid, offline, socket) {
}
coll = msg.channel.toLowerCase();
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
msg.adminpass = adminpass;
msg.pass = userpass;
db.collection("timeout_api").find({
type: "shuffle",
guid: coll,
@@ -394,6 +399,7 @@ function shuffle(msg, coll, guid, offline, socket) {
};
});
});
});
}
function del(params, socket, socketid) {
@@ -427,9 +433,7 @@ function del(params, socket, socketid) {
function delete_all(msg, coll, guid, offline, socket) {
var socketid = socket.zoff_id;
if(typeof(msg) == 'object' ) {
if(!msg.hasOwnProperty('channel') || !msg.hasOwnProperty('adminpass') ||
!msg.hasOwnProperty('pass') || typeof(msg.channel) != "string" ||
typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") {
if(!msg.hasOwnProperty('channel') || typeof(msg.channel) != "string") {
var result = {
channel: {
expected: "string",
@@ -447,7 +451,9 @@ function delete_all(msg, coll, guid, offline, socket) {
socket.emit('update_required', result);
return;
}
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
msg.adminpass = adminpass;
msg.pass = userpass;
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true));
var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64");
db.collection(coll + "_settings").find(function(err, conf) {
@@ -464,6 +470,7 @@ function delete_all(msg, coll, guid, offline, socket) {
}
}
});
});
} else {
var result = {
msg: {

42
server/handlers/list_settings.js
View File

@@ -1,4 +1,6 @@
function password(inp, coll, guid, offline, socket) {
var sessionId = Functions.getSession(socket);
if(sessionId == "") sessionId = "empty";
if(inp !== undefined && inp !== null && inp !== "")
{
if(!inp.hasOwnProperty("password") || !inp.hasOwnProperty("channel") ||
@@ -17,7 +19,6 @@ function password(inp, coll, guid, offline, socket) {
return;
}
pw = inp.password;
opw = inp.password;
try {
coll = inp.channel;
if(coll.length == 0) return;
@@ -32,28 +33,40 @@ function password(inp, coll, guid, offline, socket) {
uncrypted = pw;
pw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, pw), true);
Functions.check_inlist(coll, guid, socket, offline);
if(inp.oldpass)
{
opw = inp.oldpass;
}
opw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, opw), true);
Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) {
db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0)
{
if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(opw))
if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(pw))
{
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(inp.oldpass)
if(adminpass != pw) {
socket.emit("toast", "changedpass");
else
} else {
socket.emit("toast", "correctpass");
}
socket.emit("pw", true);
});
}else
});
} else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass), true))) {
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(adminpass != pw) {
socket.emit("toast", "changedpass");
}
socket.emit("pw", true);
});
});
} else {
Functions.setSessionAdminPass(Functions.getSession(socket), "", coll, function() {
socket.emit("toast", "wrongpass");
socket.emit("pw", false);
});
}
}
});
});
} else {
var result = {
@@ -89,7 +102,12 @@ function conf_function(params, coll, guid, offline, socket) {
Functions.check_inlist(coll, guid, socket, offline);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(gotten) {
params.adminpass = adminpass;
if(!params.userpass_changed) params.userpass = userpass;
}
if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') ||
!params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') ||
!params.hasOwnProperty('allvideos') || !params.hasOwnProperty('removeplay') ||
@@ -192,6 +210,7 @@ function conf_function(params, coll, guid, offline, socket) {
db.collection(coll + "_settings").update({ id: "config" }, {
$set:obj
}, function(err, docs){
Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() {
db.collection(coll + "_settings").find(function(err, docs){
if(docs[0].adminpass !== "") docs[0].adminpass = true;
if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true;
@@ -205,10 +224,12 @@ function conf_function(params, coll, guid, offline, socket) {
{upsert:true}, function(err, docs){});
});
});
});
} else {
socket.emit("toast", "wrongpass");
}
});
});
} else {
var result = {
params: {
@@ -218,6 +239,7 @@ function conf_function(params, coll, guid, offline, socket) {
}
socket.emit('update_required', result);
}
}
module.exports.password = password;

21
server/handlers/suggestions.js
View File

@@ -1,7 +1,7 @@
function thumbnail(msg, coll, guid, offline, socket) {
if(msg.thumbnail && msg.channel && msg.adminpass && msg.thumbnail.indexOf("i.imgur.com") > -1){
if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string" ||
typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") {
if(msg.thumbnail && msg.channel && msg.thumbnail.indexOf("i.imgur.com") > -1){
if(typeof(msg.channel) != "string" || typeof(msg.thumbnail) != "string")
{
var result = {
channel: {
expected: "string",
@@ -23,6 +23,10 @@ function thumbnail(msg, coll, guid, offline, socket) {
socket.emit("update_required", result);
return;
}
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
msg.userpass = userpass;
msg.adminpass = adminpass;
msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, "");
if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail;
var channel = msg.channel.toLowerCase();
@@ -39,15 +43,15 @@ function thumbnail(msg, coll, guid, offline, socket) {
socket.emit("auth_required");
}
});
});
} else {
socket.emit("toast", "thumbnail_denied");
}
}
function description(msg, coll, guid, offline, socket) {
if(msg.description && msg.channel && msg.adminpass && msg.description.length < 100){
if(typeof(msg.channel) != "string" || typeof(msg.description) != "string" ||
typeof(msg.adminpass) != "string" || typeof(msg.pass) != "string") {
if(msg.description && msg.channel && msg.description.length < 100){
if(typeof(msg.channel) != "string" || typeof(msg.description) != "string") {
var result = {
channel: {
expected: "string",
@@ -69,6 +73,10 @@ function description(msg, coll, guid, offline, socket) {
socket.emit("update_required", result);
return;
}
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
msg.userpass = userpass;
msg.adminpass = adminpass;
var channel = msg.channel.toLowerCase();
var hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, msg.adminpass));
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
@@ -83,6 +91,7 @@ function description(msg, coll, guid, offline, socket) {
socket.emit("auth_required");
}
});
});
} else {
socket.emit("toast", "description_denied");
}

43
server/public/assets/js/admin.js
View File

@@ -1,16 +1,18 @@
var Admin = {
beginning:true,
logged_in: false,
pw: function(msg) {
Admin.logged_in = msg;
if(!msg) return;
w_p = false;
if(adminpass == undefined || adminpass == "") {
adminpass = Crypt.get_pass(chan.toLowerCase());
//adminpass = Crypt.get_pass(chan.toLowerCase());
}
names = ["vote","addsongs","longsongs","frontpage", "allvideos",
"removeplay", "skip", "shuffle", "userpass"];
Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass);
//Crypt.set_pass(chan.toLowerCase(), Crypt.tmp_pass);
for (var i = 0; i < names.length; i++) {
$("input[name="+names[i]+"]").attr("disabled", false);
@@ -57,11 +59,11 @@ var Admin = {
conf: function(msg) {
if(msg[0].adminpass == ""){
Crypt.remove_pass(chan.toLowerCase());
////Crypt.remove_pass(chan.toLowerCase());
}
Admin.set_conf(msg[0]);
if(msg[0].adminpass !== "" && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Admin.beginning && Crypt.get_pass(chan.toLowerCase()) !== "")){
emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()});
if(msg[0].adminpass !== "" && Admin.beginning){
//emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()});
Admin.beginning = false;
}
},
@@ -69,7 +71,7 @@ var Admin = {
pass_save: function() {
if(!w_p) {
//emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))});
emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase(), oldpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))});
emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()});
} else {
//emit('password', {password: Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), channel: chan.toLowerCase()});
emit('password', {password: Crypt.crypt_pass(document.getElementById("password").value), channel: chan.toLowerCase()});
@@ -78,9 +80,11 @@ var Admin = {
log_out: function() {
before_toast();
if(Crypt.get_pass(chan.toLowerCase())) {
Crypt.remove_pass(chan.toLowerCase());
/*if(Crypt.get_pass(chan.toLowerCase())) {*/
//Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
if(Admin.logged_in) {
socket.emit("logout");
Materialize.toast("Logged out", 4000);
} else {
Materialize.toast("Not logged in", 4000);
@@ -92,7 +96,6 @@ var Admin = {
adminpass = "";
names = ["vote","addsongs","longsongs","frontpage", "allvideos",
"removeplay", "skip", "shuffle"];
document.getElementById("password").value = "";
$("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none");
@@ -152,21 +155,13 @@ var Admin = {
"removeplay", "skip", "shuffle", "userpass"];
if(conf_array.adminpass === "" || !w_p){
hasadmin = false;
if(!Helper.mobilecheck()) {
//$(".playlist-tabs").removeClass("hide");
//$("#wrapper").toggleClass("tabs_height");
}
}
else hasadmin = true;
hasadmin = conf_array.adminpass != "";
for (var i = 0; i < names.length; i++) {
document.getElementsByName(names[i])[0].checked = (conf_array[names[i]] === true);
$("input[name="+names[i]+"]").attr("disabled", hasadmin);
$("input[name="+names[i]+"]").attr("disabled", !Admin.logged_in);
}
if((hasadmin)) {
if((hasadmin) && !Admin.logged_in) {
if($("#admin-lock").html() != "lock") Admin.display_logged_out();
} else if(!hasadmin && Crypt.get_pass(chan.toLowerCase()) === undefined) {
if(!Helper.contains($(".playlist-tabs").attr("class").split(" "), "hide")) {
@@ -182,7 +177,7 @@ var Admin = {
if(!$(".password_protected").prop("checked") && !$(".change_user_pass").hasClass("hide")) {
$(".change_user_pass").addClass("hide");
Crypt.remove_userpass(chan.toLowerCase());
//Crypt.remove_userpass(chan.toLowerCase());
}
if(conf_array.thumbnail != undefined && conf_array.thumbnail != "") {
@@ -220,7 +215,7 @@ var Admin = {
userpass_changed: userpass_changed
};
if(userpass_changed){
Crypt.set_userpass(chan.toLowerCase(), userpass);
//Crypt.set_userpass(chan.toLowerCase(), userpass);
}
emit("conf", configs);
},
@@ -231,9 +226,9 @@ var Admin = {
shuffle: function() {
if(!offline) {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
//var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
emit('shuffle', {adminpass: adminpass !== undefined ? Crypt.crypt_pass(adminpass) : "", channel: chan.toLowerCase(), pass: embed ? '' : u});
emit('shuffle', {channel: chan.toLowerCase()});
} else {
for(var x = 0; x < full_playlist.length; x++){
var num = Math.floor(Math.random()*1000000);

12
server/public/assets/js/channel.js
View File

@@ -17,7 +17,7 @@ var Channel = {
$(".pagination-results").addClass("client-pagination-height");
$(".control-list").addClass("client-control-list");
}
Admin.display_logged_out();
if(!Admin.logged_in) Admin.display_logged_out();
number_suggested = 0;
var no_socket = true;
@@ -532,7 +532,7 @@ var Channel = {
var add = "";
w_p = true;
if(private_channel) add = Crypt.getCookie("_uI") + "_";
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
} else if(url_split[3] === "") {
/*if(client) {
var host = window.location.hostname.split(".");
@@ -682,12 +682,12 @@ var Channel = {
function get_history() {
if(socket && socket.id) {
var p = Crypt.get_userpass();
/*var p = Crypt.get_userpass();
if(p == undefined) p = "";
var c = Crypt.crypt_pass(p, true);
if(c == undefined) c = "";
socket.emit("get_history", {channel: chan.toLowerCase(), all: false, pass: embed ? '' : c});
socket.emit("get_history", {channel: chan.toLowerCase(), all: true, pass: ""});
if(c == undefined) c = "";*/
socket.emit("get_history", {channel: chan.toLowerCase(), all: false});
socket.emit("get_history", {channel: chan.toLowerCase(), all: true});
} else {
setTimeout(function() {
get_history();

8
server/public/assets/js/chat.js
View File

@@ -9,8 +9,7 @@ var Chat = {
if(input.length == 2) {
var name = input[0];
var password = input[1];
temp_name = name;
temp_pass = password;
password = Crypt.crypt_chat_pass(password);
socket.emit("namechange", {name: name, channel: chan.toLowerCase(), password: password, first: first});
} else if(input.length == 3) {
@@ -18,8 +17,7 @@ var Chat = {
var new_password = input[1];
var old_password = input[2];
temp_name = name;
temp_pass = password;
new_password = Crypt.crypt_chat_pass(new_password);
old_password = Crypt.crypt_chat_pass(old_password);
@@ -83,7 +81,7 @@ var Chat = {
} else if($(".chat-tab-li a.active").attr("href") == "#all_chat") {
socket.emit("all,chat", {channel: chan.toLowerCase(), data: data.value});
} else {
socket.emit("chat", {channel: chan.toLowerCase(), data: data.value, pass: embed ? '' : Crypt.crypt_chat_pass(Crypt.get_userpass(chan.toLowerCase()))});
socket.emit("chat", {channel: chan.toLowerCase(), data: data.value});
}
data.value = "";
return;

8
server/public/assets/js/crypt.js
View File

@@ -23,9 +23,9 @@ var Crypt = {
if(window.location.pathname != "/") {
try {
Crypt.conf_pass = Crypt.decrypt(Crypt.getCookie(chan.toLowerCase()), chan.toLowerCase());
//Crypt.conf_pass = Crypt.decrypt(Crypt.getCookie(chan.toLowerCase()), chan.toLowerCase());
} catch(err) {
Crypt.conf_pass = Crypt.decrypt(Crypt.create_cookie(chan.toLowerCase()), chan.toLowerCase());
//Crypt.conf_pass = Crypt.decrypt(Crypt.create_cookie(chan.toLowerCase()), chan.toLowerCase());
}
Hostcontroller.change_enabled(conf_arr.remote);
@@ -148,7 +148,7 @@ var Crypt = {
return Crypt.getCookie(name);
},
set_pass: function(chan, pass) {
/*set_pass: function(chan, pass) {
Crypt.conf_pass.passwords[chan] = pass;
Crypt.encrypt(Crypt.conf_pass, chan);
},
@@ -166,7 +166,7 @@ var Crypt = {
remove_userpass:function(chan) {
delete Crypt.conf_pass.passwords["userpass"];
Crypt.encrypt(Crypt.conf_pass, chan.toLowerCase());
},
},*/
set_name:function(name, pass) {
conf_arr.name = encodeURIComponent(name).replace(/\W/g, '');

4
server/public/assets/js/embed.js
View File

@@ -195,7 +195,7 @@ function toast(msg) {
case "wrongpass":
if(embed) return;
msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]);
Crypt.remove_pass(chan.toLowerCase());
//Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
$("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none");
@@ -242,7 +242,7 @@ function toast(msg) {
}
tried_again = false;
msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]);
Crypt.remove_pass(chan.toLowerCase());
//Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
$("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none");

73
server/public/assets/js/functions.js
View File

@@ -97,7 +97,7 @@ function hide_native(way) {
$("#chromecast_text").html("");
$("#playing_on").css("display", "none");
if(!offline){
socket.emit('pos', {channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
socket.emit('pos', {channel: chan.toLowerCase()});
} else {
Player.loadVideoById(video_id);
}
@@ -111,14 +111,14 @@ function chromecastListener(evt, data) {
if(offline){
Player.playNext();
} else {
socket.emit("end", {id: json_parsed.videoId, channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
socket.emit("end", {id: json_parsed.videoId, channel: chan.toLowerCase()});
}
break;
case 0:
if(offline){
Player.playNext();
} else {
emit("skip", {error: json_parsed.data_code, id: json_parsed.videoId, pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
emit("skip", {error: json_parsed.data_code, id: json_parsed.videoId, channel: chan.toLowerCase()});
}
break;
case 1:
@@ -142,7 +142,7 @@ function start_auth() {
$("#player_overlay").removeClass("hide");
$("#player_overlay").css("display", "block");
$("#user_password").modal("open");
Crypt.remove_userpass(chan.toLowerCase());
//Crypt.remove_userpass(chan.toLowerCase());
before_toast();
Materialize.toast("That is not the correct password, try again..", 4000);
}
@@ -151,10 +151,10 @@ function start_auth() {
function emit_list() {
var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_";
var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(p == undefined) p = "";
/*var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(p == undefined) p = "";*/
if(socket.id) {
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : p});
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
} else {
setTimeout(function(){
emit_list();
@@ -163,14 +163,11 @@ function emit_list() {
}
function get_list_ajax() {
var c = Crypt.get_userpass(chan.toLowerCase());
if(c == "" || c == undefined) {
c = "";
}
//var c = Crypt.get_userpass(chan.toLowerCase());
$.ajax({
type: "POST",
data: {
userpass: c,
userpass: "",
},
url: "/api/list/" + chan.toLowerCase(),
success: function(response) {
@@ -198,12 +195,12 @@ function get_list_ajax() {
}
function get_np_ajax() {
var c = Crypt.get_userpass(chan.toLowerCase());
if(c == undefined) c = "";
/*var c = Crypt.get_userpass(chan.toLowerCase());
if(c == undefined) c = "";*/
$.ajax({
type: "POST",
data: {
userpass: c,
userpass: "",
fetch_song: true
},
url: "/api/list/" + chan.toLowerCase() + "/__np__",
@@ -223,15 +220,15 @@ function get_np_ajax() {
}
function del_ajax(id) {
var a = Crypt.get_pass(chan.toLowerCase());
/*var a = Crypt.get_pass(chan.toLowerCase());
var u = Crypt.get_userpass(chan.toLowerCase());
if(a == undefined) a = "";
if(u == undefined) u = "";
if(u == undefined) u = "";*/
$.ajax({
type: "DELETE",
data: {
adminpass: a,
userpass: u
adminpass: "",
userpass: ""
},
url: "/api/list/" + chan.toLowerCase() + "/" + id,
success: function(response) {
@@ -250,15 +247,15 @@ function del_ajax(id) {
}
function add_ajax(id, title, duration, playlist, num, full_num, start, end) {
var a = Crypt.get_pass(chan.toLowerCase());
/*var a = Crypt.get_pass(chan.toLowerCase());
var u = Crypt.get_userpass(chan.toLowerCase());
if(a == undefined) a = "";
if(u == undefined) u = "";
if(u == undefined) u = "";*/
$.ajax({
type: "POST",
data: {
adminpass: a,
userpass: u,
adminpass: "",
userpass: "",
title: title,
duration: duration,
end_time: end,
@@ -281,15 +278,15 @@ function add_ajax(id, title, duration, playlist, num, full_num, start, end) {
}
function vote_ajax(id) {
var a = Crypt.get_pass(chan.toLowerCase());
/*var a = Crypt.get_pass(chan.toLowerCase());
var u = Crypt.get_userpass(chan.toLowerCase());
if(a == undefined) a = "";
if(u == undefined) u = "";
if(u == undefined) u = "";*/
$.ajax({
type: "PUT",
data: {
adminpass: a,
userpass: u
adminpass: "",
userpass: ""
},
url: "/api/list/" + chan.toLowerCase() + "/" + id,
success: function(response) {
@@ -316,7 +313,7 @@ function setup_auth_listener() {
if(msg.hasOwnProperty("value") && msg.value) {
if(temp_user_pass != "") {
userpass = temp_user_pass;
Crypt.set_userpass(chan.toLowerCase(), userpass);
//Crypt.set_userpass(chan.toLowerCase(), userpass);
}
}
});
@@ -347,11 +344,15 @@ function setup_youtube_listener(){
function get_list_listener(){
socket.on("get_list", function(){
var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_";
var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(p == undefined) p = "";
socket.emit("list", { offline: offline, version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : p});
//if(private_channel) add = Crypt.getCookie("_uI") + "_";
/*var p = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(p == undefined) p = "";*/
socket.emit("list", { offline: offline, version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
});
socket.on("id_chromecast", function(msg) {
chromecast_specs_sent = true;
castSession.sendMessage("urn:x-cast:zoff.me", {type: "mobilespecs", guid: msg, socketid: socket.id})
})
}
function setup_suggested_listener(){
@@ -538,10 +539,10 @@ function change_offline(enabled, already_offline){
$("#controls").off("click", Channel.seekToClick);
$("#seekToDuration").remove();
if(window.location.pathname != "/"){
socket.emit("pos", {channel: chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
socket.emit("pos", {channel: chan.toLowerCase()});
var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_";
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
if($("#controls").hasClass("ewresize")) $("#controls").removeClass("ewresize");
}
}
@@ -591,7 +592,7 @@ function toast(msg) {
case "wrongpass":
if(embed) return;
msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."]);
Crypt.remove_pass(chan.toLowerCase());
//Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
$("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none");
@@ -638,7 +639,7 @@ function toast(msg) {
}
tried_again = false;
msg=Helper.rnd(["I'm sorry, but you have to be an admin to do that!", "Only admins can do that", "You're not allowed to do that, try logging in!", "I can't let you do that", "Please log in to do that"]);
Crypt.remove_pass(chan.toLowerCase());
//Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
$("#thumbnail_form").css("display", "none");
$("#description_form").css("display", "none");

2
server/public/assets/js/hostcontroller.js
View File

@@ -47,7 +47,7 @@ var Hostcontroller = {
w_p = true;
var add = "";
if(private_channel) add = Crypt.getCookie("_uI") + "_";
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase(), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
socket.emit("list", {version: parseInt(localStorage.getItem("VERSION")), channel: add + chan.toLowerCase()});
window.history.pushState("object or string", "Title", "/"+chan.toLowerCase());
} else if(arr.type == "pause") {

12
server/public/assets/js/list.js
View File

@@ -557,9 +557,9 @@ var List = {
return;
}
if(!offline || (vote == "del" && (hasadmin && (!w_p && adminpass != "")))){
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
emit('vote', {channel: chan, id: id, type: vote, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
emit('vote', {channel: chan, id: id, type: vote});
} else {
if(vote == "pos"){
List.voted_song(id, (new Date()).getTime()/1000);
@@ -572,9 +572,9 @@ var List = {
skip: function(way) {
if(!offline){
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
emit('skip', {pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), id:video_id, channel: chan.toLowerCase(), userpass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
emit('skip', {id:video_id, channel: chan.toLowerCase()});
} else {
if(way) {
Player.playNext();

17
server/public/assets/js/listeners.js
View File

@@ -196,9 +196,9 @@ $().ready(function(){
if(offline) {
socket.emit("offline", {status: true, channel: chan != undefined ? chan.toLowerCase() : ""});
}
if(chan != undefined && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Crypt.get_pass(chan.toLowerCase()) !== "")){
/*if(chan != undefined && (Crypt.get_pass(chan.toLowerCase()) !== undefined && Crypt.get_pass(chan.toLowerCase()) !== "")){
emit("password", {password: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), channel: chan.toLowerCase()});
}
}*/
if(chan != undefined && conf_arr.name !== undefined && conf_arr.name !== "" && conf_arr.chat_pass !== undefined && conf_arr.chat_pass !== ""){
setTimeout(function() {
Chat.namechange(conf_arr.name + " " + conf_arr.chat_pass, true);
@@ -212,7 +212,7 @@ $().ready(function(){
});
socket.on("name", function(data) {
/*socket.on("name", function(data) {
if(data.type == "name" && data.accepted) {
Crypt.set_name(temp_name, temp_pass);
temp_name = "";
@@ -221,7 +221,7 @@ $().ready(function(){
temp_name = "";
temp_pass = "";
}
});
});*/
socket.on("self_ping", function() {
if(chan != undefined && chan.toLowerCase() != "") {
@@ -268,8 +268,7 @@ initializeCastApi = function() {
castSession.sendMessage("urn:x-cast:zoff.me", {type: "nextVideo", videoId: full_playlist[0].id, title: full_playlist[0].title})
if(Helper.mobilecheck() && !chromecast_specs_sent) {
chromecast_specs_sent = true;
castSession.sendMessage("urn:x-cast:zoff.me", {type: "mobilespecs", guid: guid, socketid: socket.id, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)})
socket.emit("get_id");
}
hide_native(1);
if(Helper.mobilecheck()) {
@@ -382,7 +381,7 @@ $(document).on("click", ".pagination-results a", function(e) {
$(document).on("click", ".accept-delete", function(e) {
e.preventDefault();
emit("delete_all", {channel: chan.toLowerCase(), adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
emit("delete_all", {channel: chan.toLowerCase()});
$("#delete_song_alert").modal("close");
});
@@ -475,13 +474,13 @@ $(document).on("click", "#offline-mode", function(e){
$(document).on("submit", "#thumbnail_form", function(e){
e.preventDefault();
emit("suggest_thumbnail", {channel: chan, thumbnail: $("#chan_thumbnail").val(), adminpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
emit("suggest_thumbnail", {channel: chan, thumbnail: $("#chan_thumbnail").val()});
$("#chan_thumbnail").val("");
});
$(document).on("submit", "#description_form", function(e){
e.preventDefault();
emit("suggest_description", {channel: chan, description: $("#chan_description").val(), adminpass: Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), pass: embed ? '' : Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true)});
emit("suggest_description", {channel: chan, description: $("#chan_description").val()});
$("#chan_description").val("");
});

24
server/public/assets/js/player.js
View File

@@ -274,9 +274,9 @@ var Player = {
paused = false;
if(!offline) {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
socket.emit("end", {id: video_id, channel: chan.toLowerCase(), pass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
socket.emit("end", {id: video_id, channel: chan.toLowerCase()});
} else {
Player.playNext();
}
@@ -310,9 +310,9 @@ var Player = {
$("#pause").toggleClass("hide");
}
if((paused || was_stopped) && !offline) {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
socket.emit('pos', {channel: chan.toLowerCase(), pass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
socket.emit('pos', {channel: chan.toLowerCase()});
paused = false;
was_stopped = false;
}
@@ -555,9 +555,9 @@ var Player = {
if(!user_auth_started) {
if(newState.data == 5 || newState.data == 100 || newState.data == 101 || newState.data == 150) {
curr_playing = Player.player.getVideoUrl().replace("https://www.youtube.com/watch?v=", "");
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
emit("skip", {error: newState.data, id: video_id, pass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), channel: chan.toLowerCase(), userpass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
emit("skip", {error: newState.data, id: video_id, channel: chan.toLowerCase()});
} else if(video_id !== undefined) {
Player.loadVideoById(video_id, duration);
@@ -754,9 +754,9 @@ var Player = {
if(!offline) {
Player.player.pauseVideo();
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
socket.emit("end", {id: video_id, channel: chan.toLowerCase(), pass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
socket.emit("end", {id: video_id, channel: chan.toLowerCase()});
} else {
Player.playNext();
}

6
server/public/assets/js/search.js
View File

@@ -453,9 +453,9 @@ var Search = {
List.vote(id, "pos");
}
} else {
var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";
emit("add", {id: id, start: start, end: end, title: title, adminpass: adminpass == "" ? "" : Crypt.crypt_pass(adminpass), list: chan.toLowerCase(), duration: duration, playlist: playlist, num: num, total: full_num, pass: embed ? '' : u});
/*var u = Crypt.crypt_pass(Crypt.get_userpass(chan.toLowerCase()), true);
if(u == undefined) u = "";*/
emit("add", {id: id, start: start, end: end, title: title, list: chan.toLowerCase(), duration: duration, playlist: playlist, num: num, total: full_num});
}//[id, decodeURIComponent(title), adminpass, duration, playlist]);
},

60
server/routing/client/api.js
View File

@@ -4,6 +4,8 @@ var path = require('path');
var mongojs = require('mongojs');
var ObjectId = mongojs.ObjectId;
var token_db = mongojs("tokens");
var cookieParser = require("cookie-parser");
var cookies = require("cookie");
var toShowChannel = {
start: 1,
@@ -166,6 +168,15 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -220,6 +231,7 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
});
});
});
});
router.route('/api/conf/:channel_name').put(function(req, res) {
res.header("Access-Control-Allow-Origin", "*");
@@ -307,7 +319,14 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
res.status(400).send(JSON.stringify(result));
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -380,6 +399,7 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
});
});
});
});
router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
res.header("Access-Control-Allow-Origin", "*");
@@ -421,7 +441,14 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
res.status(400).send(JSON.stringify(to_send));
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -471,6 +498,7 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
});
});
});
});
router.route('/api/list/:channel_name/__np__').post(function(req, res) {
res.header("Access-Control-Allow-Origin", "*");
@@ -506,6 +534,11 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
res.status(400).send(JSON.stringify(to_send));
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -546,6 +579,7 @@ router.route('/api/list/:channel_name/__np__').post(function(req, res) {
});
});
});
});
router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
res.header("Access-Control-Allow-Origin", "*");
@@ -617,7 +651,14 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
res.status(400).send(JSON.stringify(to_send));
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = _a;
}
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
if(token_docs.length == 1 && token_docs[0].token == token) {
@@ -710,6 +751,7 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
});
});
});
});
router.route('/api/list/:channel_name').get(function(req, res) {
res.header("Access-Control-Allow-Origin", "*");
@@ -835,6 +877,11 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
res.status(400).send(JSON.stringify(to_send));
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -882,6 +929,7 @@ router.route('/api/conf/:channel_name').post(function(req, res) {
});
});
});
});
function checkOveruseApiToken(authorized, token_docs, res, callback) {
if(!authorized || (authorized && token_docs[0].limit == 0)) {
@@ -947,6 +995,11 @@ router.route('/api/list/:channel_name').post(function(req, res) {
return;
}
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -990,6 +1043,7 @@ router.route('/api/list/:channel_name').post(function(req, res) {
});
});
});
});
function incrementToken(token) {
token_db.collection("api_token").update({token: token}, {$inc: {usage: 1}}, function(err, doc) {