KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

major security update

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2015-11-23 20:27:55 +01:00
parent 41158df022
commit abf77a27d6
40 changed files with 21014 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
static/js/admin.js
View File

@@ -1,7 +1,10 @@
var Admin = {
beginning:true,
admin_listener: function()
{
socket.on("toast", function(msg)
{
switch(msg) {
@@ -13,9 +16,7 @@ var Admin = {
break;
case "wrongpass":
msg=Helper.rnd(["That's not the right password!", "Wrong! Better luck next time...", "You seem to have mistyped the password", "Incorrect. Have you tried meditating?","Nope, wrong password!", "Wrong password. The authorities have been notified."])
if(localStorage[chan.toLowerCase()]){
localStorage.removeItem(chan.toLowerCase());
}
Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
w_p = true;
break;
@@ -64,7 +65,7 @@ var Admin = {
names = ["vote","addsongs","longsongs","frontpage", "allvideos",
"removeplay", "skip", "shuffle"];
localStorage.setItem(chan.toLowerCase(), msg);
Crypt.set_pass(chan.toLowerCase(), Crypt.decrypt_pass(msg))
for (var i = 0; i < names.length; i++) {
$("input[name="+names[i]+"]").attr("disabled", false);
@@ -82,20 +83,29 @@ var Admin = {
socket.on("conf", function(msg)
{
Admin.set_conf(msg[0]);
Crypt.init();
if(Crypt.get_pass(chan.toLowerCase()) !== undefined && Admin.beginning && Crypt.get_pass(chan.toLowerCase()) != ""){
socket.emit("password", [Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase())), chan.toLowerCase()]);
Admin.beginning = false;
}
});
},
pass_save: function()
{
if(!w_p)
socket.emit('password', [CryptoJS.SHA256(document.getElementById("password").value).toString(), chan.toLowerCase(), localStorage[chan.toLowerCase()]]);
{
socket.emit('password', [Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), chan.toLowerCase(), Crypt.crypt_pass(Crypt.get_pass(chan.toLowerCase()))]);
}
else
socket.emit('password', [CryptoJS.SHA256(document.getElementById("password").value).toString(), chan.toLowerCase()]);
{
socket.emit('password', [Crypt.crypt_pass(CryptoJS.SHA256(document.getElementById("password").value).toString()), chan.toLowerCase()]);
}
},
log_out: function(){
if(localStorage[chan.toLowerCase()]){
localStorage.removeItem(chan.toLowerCase());
if(Crypt.get_pass(chan.toLowerCase())){
Crypt.remove_pass(chan.toLowerCase());
Admin.display_logged_out();
Materialize.toast("Logged out", 4000);
}else{
@@ -151,9 +161,9 @@ var Admin = {
$("input[name="+names[i]+"]").attr("disabled", hasadmin);
}
if((hasadmin && !localStorage[chan.toLowerCase()])){
if((hasadmin)){
Admin.display_logged_out();
}else if(!hasadmin && !localStorage[chan.toLowerCase()]){
}else if(!hasadmin){
$("#password").attr("placeholder", "Create channel password");
}

131
static/js/crypt.js Normal file
View File

@@ -0,0 +1,131 @@
var Crypt = {
conf_arr: {},
init: function(){
conf_arr = Crypt.decrypt(Crypt.getCookie("_opts"));
Hostcontroller.change_enabled(conf_arr.remote);
},
decrypt: function(cookie){
if(Crypt.getCookie("_opts") === undefined) {
cookie = Crypt.create_cookie();
}
var decrypted = CryptoJS.AES.decrypt(
cookie,navigator.userAgent+navigator.languages,
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
return $.parseJSON(decrypted.toString(CryptoJS.enc.Utf8));
},
decrypt_pass: function(pass){
var decrypted = CryptoJS.AES.decrypt(
pass,socket.io.engine.id,
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
return decrypted.toString(CryptoJS.enc.Utf8);
},
encrypt: function(json_formated){
var to_encrypt = JSON.stringify(json_formated);
var encrypted = CryptoJS.AES.encrypt(
to_encrypt,
navigator.userAgent+navigator.languages,
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
var CookieDate = new Date;
CookieDate.setFullYear(CookieDate.getFullYear( ) +1);
document.cookie = "_opts="+encrypted.toString()+";expires="+CookieDate.toGMTString()+";path=/;"
},
get_volume: function(){
return Crypt.decrypt(Crypt.getCookie("_opts")).volume;
//return conf_arr.volume;
},
set_volume: function(val){
conf_arr.volume = val;
Crypt.encrypt(conf_arr);
},
create_cookie: function(){
cookie_object = {volume: 100, width: 100, remote: true, passwords: {}};
var string_it = JSON.stringify(cookie_object);
var encrypted = CryptoJS.AES.encrypt(
string_it,
navigator.userAgent+navigator.languages,
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
var CookieDate = new Date;
CookieDate.setFullYear(CookieDate.getFullYear( ) +1);
document.cookie = "_opts="+encrypted.toString()+";expires="+CookieDate.toGMTString()+";path=/;"
return Crypt.getCookie("_opts");
},
set_pass: function(chan, pass){
conf_arr.passwords[chan] = pass;
Crypt.encrypt(conf_arr);
},
remove_pass:function(chan){
delete conf_arr.passwords[chan];
Crypt.encrypt(conf_arr);
},
get_pass: function(chan){
return conf_arr.passwords[chan];
},
set_remote: function(val){
conf_arr.remote = val;
Crypt.encrypt(conf_arr);
},
get_remote: function(val){
return conf_arr.remote;
},
crypt_pass: function(pass){
var encrypted = CryptoJS.AES.encrypt(
pass,
socket.io.engine.id,
{
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
}
);
return encrypted.toString();
},
getCookie: function(name) {
var value = "; " + document.cookie;
var parts = value.split("; " + name + "=");
if (parts.length == 2) return parts.pop().split(";").shift();
}
}

8
static/js/hostcontroller.js
View File

@@ -1,10 +1,10 @@
var Hostcontroller = {
enabled: true,
host_listener: function() {
var old_id;
var enabled = true;
socket.on("id", function(id)
{
@@ -63,6 +63,12 @@ var Hostcontroller = {
$('input[class=remote_switch_class]').change(function()
{
enabled = document.getElementsByName("remote_switch")[0].checked;
Crypt.set_remote(enabled);
});
},
change_enabled:function(val){
enabled = val;
document.getElementsByName("remote_switch")[0].checked = enabled;
}
}

4
static/js/listeners.js
View File

@@ -80,14 +80,14 @@ $(document).ready(function()
handles: "e",
minWidth: 350
});
/*
if(localStorage[chan.toLowerCase()])
{
if(localStorage[chan.toLowerCase()].length != 64)
localStorage.removeItem(chan.toLowerCase());
else
socket.emit("password", [localStorage[chan.toLowerCase()], chan.toLowerCase()]);
}
}*/
if(window.mobilecheck()){
document.getElementById("search").blur();

4
static/js/nochan.js
View File

@@ -127,7 +127,9 @@ $(document).ready(function (){
socket.emit('frontpage_lists');
socket.on('playlists', function(msg){
Nochan.populate_channels(msg);
})
});
window.socket = socket;
var pad = 0;
document.getElementById("zicon").addEventListener("click", function(){

11
static/js/playercontrols.js
View File

@@ -15,12 +15,14 @@ var Playercontrols = {
initSlider: function()
{
if(localStorage.volume)
if(Crypt.getCookie("_opts"))
{
vol = localStorage.getItem("volume");
//vol = localStorage.getItem("volume");
vol = (Crypt.get_volume());
}else{
vol = 100;
localStorage.setItem("volume", vol);
//localStorage.setItem("volume", vol);
Crypt.set_volume(vol);
}
$("#volume").slider({
min: 0,
@@ -30,7 +32,8 @@ var Playercontrols = {
animate: true,
slide: function(event, ui) {
Playercontrols.setVolume(ui.value);
localStorage.setItem("volume", ui.value);
//localStorage.setItem("volume", ui.value);
Crypt.set_volume(ui.value);
}
});
Playercontrols.choose_button(vol, false);