Removed some aes/sha256 from dependencies on clientside

server/handlers/functions.js

@@ -89,7 +89,7 @@ function rndName(seed, len) {
 
 function decrypt_string(socket_id, pw){
     try {
-        var input = pw.split("$");
+        /*var input = pw.split("$");
         pw = input[0];
         var testKey = ((new Buffer(socket_id).toString('base64')) + (new Buffer(socket_id).toString('base64'))).substring(0,32);
         var keyNew = (new Buffer(testKey)).toString('base64');
@@ -104,8 +104,10 @@ function decrypt_string(socket_id, pw){
                 padding: CryptoJS.pad.Pkcs7,
                 iv: iv,
             })
-        );
-        return decrypted;
+        );*/
+        //return atob(pw);
+        return Buffer.from(pw, 'base64').toString('ascii')
+        //return decrypted;
     } catch(e) {
         return "";
     }
@@ -132,7 +134,8 @@ function contains(a, obj) {
     }
 }
 
-function hash_pass(adminpass) {
+function hash_pass(adminpass, hex) {
+    if(hex) return crypto.createHash('sha256').update(adminpass).digest('hex');
     return crypto.createHash('sha256').update(adminpass).digest('base64');
 }
 

server/handlers/io.js

@@ -181,6 +181,7 @@ module.exports = function() {
             if(!msg.hasOwnProperty("channel") || !msg.hasOwnProperty("all") ||
             !msg.hasOwnProperty("pass") || typeof(msg.pass) != "string" ||
             typeof(msg.channel) != "string" || typeof(msg.all) != "boolean") {
+                console.log("here");
                 var result = {
                     all: {
                         expected: "boolean",

server/handlers/list.js

@@ -152,7 +152,7 @@ function skip(list, guid, coll, offline, socket) {
                 }
 
                 if(adminpass !== undefined && adminpass !== null && adminpass !== "")
-                hash = Functions.hash_pass(Functions.decrypt_string(socketid, adminpass));
+                hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, adminpass),true));
                 else
                 hash = "";
 

server/handlers/list_change.js

@@ -98,7 +98,7 @@ function add_function(arr, coll, guid, offline, socket) {
 
                 var id = arr.id;
                 var title = arr.title;
-                var hash = Functions.hash_pass(Functions.decrypt_string(socketid, arr.adminpass));
+                var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, arr.adminpass), true));
                 var duration = parseInt(arr.duration);
                 var full_list = arr.playlist;
                 var last = arr.num == arr.total - 1;
@@ -288,7 +288,7 @@ function voteUndecided(msg, coll, guid, offline, socket) {
                     ListChange.del(msg, socket, socketid);
                 } else {
                     var id = msg.id;
-                    var hash = Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass));
+                    var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass), true));
                     if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) ||
                     docs[0].vote === false)) {
                         ListChange.vote(coll, id, guid, socket, false, false);
@@ -324,7 +324,7 @@ function shuffle(msg, coll, guid, offline, socket) {
                     got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined,
                 },
                 adminpass: {
-                    expected: "adminpass",
+                    expected: "string",
                     got: msg.hasOwnProperty("adminpass") ? typeof(msg.adminpass) : undefined,
                 },
                 pass: {
@@ -362,7 +362,7 @@ function shuffle(msg, coll, guid, offline, socket) {
             Functions.check_inlist(coll, guid, socket, offline);
             var hash;
             if(msg.adminpass === "") hash = msg.adminpass;
-            else hash = Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass));
+            else hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true));
             db.collection(coll + "_settings").find(function(err, docs){
                 if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64")))) {
                     if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash || docs[0].adminpass === "") || docs[0].shuffle === false))
@@ -403,7 +403,7 @@ function del(params, socket, socketid) {
         coll = encodeURIComponent(coll).replace(/\W/g, '');
         coll = filter.clean(coll);
         db.collection(coll + "_settings").find(function(err, docs){
-            if(docs !== null && docs.length !== 0 && docs[0].adminpass == Functions.hash_pass(Functions.decrypt_string(socketid, params.adminpass)))
+            if(docs !== null && docs.length !== 0 && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, params.adminpass),true)))
             {
                 db.collection(coll).find({id:params.id}, function(err, docs){
                     var dont_increment = false;
@@ -448,7 +448,7 @@ function delete_all(msg, coll, guid, offline, socket) {
                 return;
             }
 
-            var hash = Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass));
+            var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socketid, msg.adminpass),true));
             var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(socketid, msg.pass)).digest("base64");
         db.collection(coll + "_settings").find(function(err, conf) {
             if(conf.length == 1 && conf) {

server/handlers/list_settings.js

@@ -30,13 +30,13 @@ function password(inp, coll, guid, offline, socket) {
         }
 
         uncrypted = pw;
-        pw = Functions.decrypt_string(socket.zoff_id, pw);
+        pw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, pw), true);
         Functions.check_inlist(coll, guid, socket, offline);
         if(inp.oldpass)
         {
             opw = inp.oldpass;
         }
-        opw = Functions.decrypt_string(socket.zoff_id, opw);
+        opw = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, opw), true);
 
         db.collection(coll + "_settings").find(function(err, docs){
             if(docs !== null && docs.length !== 0)
@@ -153,6 +153,7 @@ function conf_function(params, coll, guid, offline, socket) {
         var shuffling = params.shuffling;
         var userpass = Functions.decrypt_string(socket.zoff_id, params.userpass);
 
+
         if((!params.userpass_changed && frontpage) || (params.userpass_changed && userpass == "")) {
             userpass = "";
         } else if(params.userpass_changed && userpass != "") {
@@ -161,9 +162,8 @@ function conf_function(params, coll, guid, offline, socket) {
         var description = "";
         var hash;
         if(params.description) description = params.description;
-
         if(adminpass !== "") {
-            hash = Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass));
+            hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(socket.zoff_id, adminpass), true));
         } else {
             hash = adminpass;
         }