KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into feature/kick-ban-in-chat

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-09-27 12:29:26 +02:00
parent e1781c4f11 c0864b3311
commit c0d36b368c
9 changed files with 181 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
server/handlers/chat.js
View File

@@ -3,9 +3,9 @@ var crypto = require('crypto');
var Filter = require('bad-words');
var filter = new Filter({ placeHolder: 'x'});
/*var filter = {
clean: function(str) {
return str;
}
clean: function(str) {
return str;
}
}*/
var db = require(pathThumbnails + '/handlers/db.js');
@@ -26,11 +26,13 @@ function get_history(channel, all, socket) {
if(!query.all) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) {
if(userpass != "" || pass == undefined) {
pass = userpass;
pass = userpass
} else {
pass = crypto.createHash('sha256').update(Functions.decrypt_string(pass)).digest('base64')
}
db.collection(channel + "_settings").find({id: "config"}, function(err, conf) {
if(conf.length > 0) {
if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(pass)).digest('base64')) {
if(conf[0].userpass == "" || conf[0].userpass == pass) {
getAndSendLogs(channel, all, socket, pass, query);
}
}
@@ -56,47 +58,52 @@ function getAndSendLogs(channel, all, socket, pass, query) {
});
}
function checkIfUserIsBanned(channel, socket, callback) {
function checkIfUserIsBanned(channel, socket, guid, callback) {
var connection_id = Functions.hash_pass(socket.handshake.headers["user-agent"] + socket.handshake.address + socket.handshake.headers["accept-language"]);
db.collection(channel + "_banned_chat").find({connection_id: connection_id}, function(err, docs) {
if(docs.length == 0) callback();
else {
socket.emit('chat', {from: "System", msg: ": You can't chat in this channel, you are banned. The reason is: " + docs[0].reason, icon: "https://zoff.me/assets/images/favicon-32x32.png"});
return;
db.collection("user_names").update({guid, guid}, {$addToSet:{channels: channel}}, function(){
socket.emit('chat', {from: "System", msg: ": You can't chat in this channel, you are banned. The reason is: " + docs[0].reason, icon: "https://zoff.me/assets/images/favicon-32x32.png"});
return;
});
}
})
}
function chat(msg, guid, offline, socket) {
if(typeof(msg) !== 'object' || !msg.hasOwnProperty('data') ||
!msg.hasOwnProperty('channel') || typeof(msg.data) != "string" || typeof(msg.channel) != "string") {
var result = {
data: {
expected: "string",
got: msg.hasOwnProperty("data") ? typeof(msg.data) : undefined,
},
channel: {
expected: "string",
got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined
},
pass: {
expected: "string",
got: msg.hasOwnProperty("pass") ? typeof(msg.pass) : undefined
}
};
!msg.hasOwnProperty('channel') || typeof(msg.data) != "string" || typeof(msg.channel) != "string") {
var result = {
data: {
expected: "string",
got: msg.hasOwnProperty("data") ? typeof(msg.data) : undefined,
},
channel: {
expected: "string",
got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined
},
pass: {
expected: "string",
got: msg.hasOwnProperty("pass") ? typeof(msg.pass) : undefined
}
};
socket.emit('update_required', result);
return;
}
var coll = msg.channel.toLowerCase();//.replace(/ /g,'');
coll = Functions.removeEmojis(coll).toLowerCase();
//coll = filter.clean(coll);
checkIfUserIsBanned(coll, socket, function() {
checkIfUserIsBanned(coll, socket, guid, function() {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass;
} else {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
db.collection(coll + "_settings").find(function(err, conf){
if(conf.length > 0 && (conf[0].userpass == undefined || conf[0].userpass == "" || (msg.hasOwnProperty('pass') && conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
if(conf.length > 0 && (conf[0].userpass == undefined || conf[0].userpass == "" || (msg.hasOwnProperty('pass') && conf[0].userpass == msg.pass))) {
var data = msg.data;
Functions.check_inlist(coll, guid, socket, offline, function() {
@@ -113,7 +120,7 @@ function chat(msg, guid, offline, socket) {
var splitData = data.split(" ");
if((data.startsWith("/ban") && splitData.length >= 3) || (data.startsWith("/unban") && splitData.length >= 2)) {
if(splitData[1].length > 0) {
var passToCompare = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))
var passToCompare = Functions.hash_pass(adminpass);
if(passToCompare == conf[0].adminpass) {
db.collection("user_names").find({name: splitData[1]}, function(err, name) {
if(name.length == 1) {
@@ -192,18 +199,18 @@ function chat(msg, guid, offline, socket) {
function all_chat(msg, guid, offline, socket) {
if(typeof(msg) !== 'object' || !msg.hasOwnProperty("channel") ||
!msg.hasOwnProperty("data") || typeof(msg.data) != "string" ||
typeof(msg.channel) != "string") {
var result = {
data: {
expected: "string",
got: msg.hasOwnProperty("data") ? typeof(msg.data) : undefined,
},
channel: {
expected: "string",
got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined
}
};
!msg.hasOwnProperty("data") || typeof(msg.data) != "string" ||
typeof(msg.channel) != "string") {
var result = {
data: {
expected: "string",
got: msg.hasOwnProperty("data") ? typeof(msg.data) : undefined,
},
channel: {
expected: "string",
got: msg.hasOwnProperty("channel") ? typeof(msg.channel) : undefined
}
};
socket.emit('update_required', result);
return;
}
@@ -234,12 +241,13 @@ function all_chat(msg, guid, offline, socket) {
function namechange(data, guid, socket, tried, callback) {
/*if(!data.hasOwnProperty("channel") ||
typeof(data.channel) != "string") return;*/
checkIfUserIsBanned(data.channel, socket, function() {
typeof(data.channel) != "string") return;*/
checkIfUserIsBanned(data.channel, socket, guid, function() {
var pw = "";
var new_password;
var first = false;
Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) {
var fetched = false;
if(data.hasOwnProperty("first") && data.first) {
pw = pass;
name = name;
@@ -250,6 +258,8 @@ function namechange(data, guid, socket, tried, callback) {
if(typeof(callback) == "function") callback();
return;
}
fetched = true;
password = pw;
} else {
var name = data.name;
if(data.hasOwnProperty("first")) {
@@ -262,13 +272,17 @@ function namechange(data, guid, socket, tried, callback) {
pw = data.old_password;
new_password = Functions.decrypt_string(data.new_password);
}
password = Functions.decrypt_string(pw);
password = Functions.hash_pass(password);
doubled = true;
}
if(name == "") {
if(typeof(callback) == "function") callback();
return;
}
var password = Functions.decrypt_string(pw);
db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) {
var accepted_password = false;
var icon = false;
@@ -279,36 +293,37 @@ function namechange(data, guid, socket, tried, callback) {
}
accepted_password = true;
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() {
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: password}}, {upsert: true}, function() {
});
});
} else if(docs[0].password == Functions.hash_pass(password)) {
} else if(docs[0].password == password) {
if(docs[0].icon) {
icon = docs[0].icon;
}
accepted_password = true;
if(new_password) {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {
db.collection("registered_users").update({"_id": name.toLowerCase(), password: password}, {$set: {password: Functions.hash_pass(new_password)}}, function() {
});
});
} else {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), fetched ? data.password : Functions.hash_pass(Functions.decrypt_string(data.password)), function() {
});
}
}
if(accepted_password) {
db.collection("user_names").find({"guid": guid}, function(err, names) {
if(names.length > 0 || (docs.length != 0 && docs[0].password == Functions.hash_pass(password))) {
if(names.length > 0 || (docs.length != 0 && docs[0].password == password)) {
var no_name = false;
if(names.length == 0) no_name = true;
if(!no_name) {
var old_name = names[0].name;
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function() {});
}
var connection_id = Functions.hash_pass(socket.handshake.headers["user-agent"] + socket.handshake.address + socket.handshake.headers["accept-language"]);
var updateElement = {$set: {name: name, icon: icon, connection_id: connection_id}};
var updateElement = {$set: {name: name, icon: icon}};
if(data.hasOwnProperty("channel") && data.channel != "") {
updateElement["$addToSet"] = {channels: data.channel};
}
@@ -325,7 +340,7 @@ function namechange(data, guid, socket, tried, callback) {
});
});
} else {
if(tried < 3 || tried == undefined) {
if(tried < 3 || tried == undefined) {
if(tried == undefined) {
tried = 1;
}

6
server/handlers/functions.js
View File

@@ -236,6 +236,7 @@ function contains(a, obj) {
}
function hash_pass(adminpass, hex) {
if(adminpass == undefined || adminpass == "") return "";
if(hex) return crypto.createHash('sha256').update(adminpass).digest('hex');
return crypto.createHash('sha256').update(adminpass).digest('base64');
}
@@ -247,7 +248,7 @@ function setSessionAdminPass(id, adminpass, list, callback) {
return;
}
connected_db.collection(id).update({_id: list}, {$set: {adminpass: adminpass}}, {upsert: true}, function(e, d){
connected_db.collection(id).update({_id: list}, {$set: {adminpass: hash_pass(decrypt_string(adminpass), true)}}, {upsert: true}, function(e, d){
callback();
return;
});
@@ -262,7 +263,6 @@ function setSessionChatPass(id, name, pass, callback) {
callback();
return;
}
connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) {
callback();
return;
@@ -373,7 +373,7 @@ function removeSessionAdminPass(id, channel, callback) {
callback();
return;
}
connected_db.collection(id).remove({_id: channel}, function() {
connected_db.collection(id).update({_id: channel}, {$set: {"adminpass": ""}}, function() {
callback();
return;
});

4
server/handlers/io.js
View File

@@ -698,8 +698,10 @@ module.exports = function() {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(userpass != "" || obj.pass == undefined) {
obj.pass = userpass;
} else {
obj.pass = crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64")
}
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == obj.pass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 4");
List.send_play(coll, socket);
} else {

29
server/handlers/list.js
View File

@@ -37,7 +37,10 @@ function list(msg, guid, coll, offline, socket) {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) {
msg.pass = userpass;
} else {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
adminpass = Functions.hash_pass(adminpass);
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") ||
msg.version != VERSION || msg.version == undefined ||
typeof(msg.channel) != "string") {
@@ -61,7 +64,7 @@ function list(msg, guid, coll, offline, socket) {
coll = msg.channel.toLowerCase(); //.replace(/ /g,'');
coll = Functions.removeEmojis(coll).toLowerCase();
//coll = filter.clean(coll);
var pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
var pass = msg.pass;
db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){
if(frontpage_lists.length == 1) {
db.collection(coll + "_settings").find(function(err, docs) {
@@ -70,7 +73,10 @@ function list(msg, guid, coll, offline, socket) {
Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){})
socket.emit("auth_accepted", {value: true});
}
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) {
if(docs.length > 0 && docs[0].userpass != pass) {
Functions.setSessionUserPass(Functions.getSession(socket), "", coll, function(){})
}
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == adminpass) {
socket.emit("pw", true);
}
in_list = true;
@@ -161,14 +167,20 @@ function skip(list, guid, coll, offline, socket) {
list.id = list.id + "";
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || list.pass == undefined) {
list.pass = adminpass;
list.pass = Functions.hash_pass(adminpass);
} else if(list.pass != "") {
list.pass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(list.pass),true));;
} else {
list.pass = "";
}
if(userpass != "" || list.userpass == undefined) {
list.userpass = userpass;
} else {
list.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(list.userpass)).digest("base64");
}
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(list.userpass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == list.userpass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 12");
@@ -184,10 +196,7 @@ function skip(list, guid, coll, offline, socket) {
error = true;
}
if(adminpass !== undefined && adminpass !== null && adminpass !== "")
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass),true));
else
hash = "";
hash = adminpass;
//db.collection(coll + "_settings").find(function(err, docs){
@@ -611,8 +620,10 @@ function end(obj, coll, guid, offline, socket) {
callback_function(Functions.getSession(socket), coll, function(userpass) {
if(userpass != "" || obj.pass == undefined) {
obj.pass = userpass;
} else {
obj.pass = crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64");
}
if(!authentication_needed || (authentication_needed && obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64"))) {
if(!authentication_needed || (authentication_needed && obj.hasOwnProperty('pass') && docs[0].userpass == obj.pass)) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 13");
db.collection(coll).find({now_playing:true}, function(err, np){
if(err !== null) console.log(err);

78
server/handlers/list_change.js
View File

@@ -41,14 +41,20 @@ function addFromOtherList(arr, guid, offline, socket) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) {
if(userpass != "" || arr.userpass == undefined) {
arr.userpass = userpass;
} else {
arr.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest('base64')
}
if(adminpass != "" || arr.adminpass == undefined) {
arr.adminpass = adminpass;
arr.adminpass = Functions.hash_pass(adminpass);
} else {
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
}
Functions.getSessionAdminUser(Functions.getSession(socket), new_channel, function(userpass) {
var otheruser = "";
if(userpass != "") {
otheruser = userpass;
} else {
otheruser = crypto.createHash('sha256').update(Functions.decrypt_string(otheruser)).digest("base64");
}
db.collection(channel).find({now_playing: true}, function(e, np) {
@@ -72,10 +78,10 @@ function addFromOtherList(arr, guid, offline, socket) {
to_set_np = false;
}
db.collection(new_channel + "_settings").find({id: "config"}, function(e, this_conf) {
if(this_conf.length > 0 && (this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(otheruser)).digest("base64"))) {
if(this_conf.length > 0 && (this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == otheruser)) {
db.collection(channel + "_settings").find({id: "config"}, function(e, this_conf) {
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
if((this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64"))) {
var hash = arr.adminpass;
if((this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == arr.userpass)) {
if(((this_conf[0].addsongs === true && (hash == this_conf[0].adminpass || this_conf[0].adminpass === "")) ||
this_conf[0].addsongs === false)) {
db.collection(new_channel).aggregate([
@@ -105,8 +111,7 @@ function addFromOtherList(arr, guid, offline, socket) {
db.collection(channel).find({now_playing: true}, function(e, np_docs) {
to_change.id = np_docs[0].id;
to_change.title = np_docs[0].title;
db.collection("frontpage_lists").find({_id: coll}, function(e, doc) {
db.collection("frontpage_lists").find({_id: new_channel}, function(e, doc) {
if(doc.length > 0 && ((doc[0].thumbnail != "" && doc[0].thumbnail != undefined && (doc[0].thumbnail.indexOf("https://i1.sndcdn.com") > -1 || doc[0].thumbnail.indexOf("https://w1.sndcdn.com") > -1)) || (doc[0].thumbnail == "" || doc[0].thumbnail == undefined))) {
to_change.thumbnail = np_docs[0].thumbnail;
}
@@ -181,9 +186,13 @@ function addPlaylist(arr, guid, offline, socket) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) {
if(userpass != "" || arr.userpass == undefined) {
arr.userpass = userpass;
} else {
arr.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64");
}
if(adminpass != "" || arr.adminpass == undefined) {
arr.adminpass = adminpass;
arr.adminpass = Functions.hash_pass(adminpass);
} else {
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true))
}
db.collection(channel).find({now_playing: true}, function(e, np) {
var now_playing = false;
@@ -194,8 +203,8 @@ function addPlaylist(arr, guid, offline, socket) {
return;
}
if(conf.length > 0) {
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
if((conf[0].userpass == "" || !conf[0].userpass || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64"))) {
var hash = arr.adminpass;
if((conf[0].userpass == "" || !conf[0].userpass || conf[0].userpass == arr.userpass)) {
if(((conf[0].addsongs === true && (hash == conf[0].adminpass || conf[0].adminpass === "")) ||
conf[0].addsongs === false)) {
var path = require('path');
@@ -386,18 +395,22 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = coll.replace(/ /g,'');
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || arr.adminpass == undefined) {
arr.adminpass = adminpass;
arr.adminpass = Functions.hash_pass(adminpass);
} else {
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
}
if(userpass != "" || arr.userpass == undefined) {
arr.userpass = userpass;
if(userpass != "" || arr.pass == undefined) {
arr.pass = userpass;
} else {
arr.pass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.pass)).digest("base64");
}
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.pass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == arr.pass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 5");
var id = arr.id + "";
var title = arr.title;
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
var hash = arr.adminpass;
var duration = parseInt(arr.duration);
var source = arr.source;
/*db.collection(coll + "_settings").find(function(err, docs)
@@ -541,14 +554,18 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass;
msg.adminpass = Functions.hash_pass(adminpass);
} else {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
}
if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")){
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 6");
@@ -556,7 +573,7 @@ function add_function(arr, coll, guid, offline, socket) {
del(msg, socket, socketid);
} else {
var id = msg.id;
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
var hash = msg.adminpass;
if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) ||
docs[0].vote === false)) {
vote(coll, id, guid, socket);
@@ -605,10 +622,16 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass;
msg.adminpass = Functions.hash_pass(adminpass);
} else if(msg.adminpass != ""){
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
} else {
msg.adminpass = "";
}
if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")) {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
db.collection("timeout_api").find({
type: "shuffle",
@@ -633,11 +656,10 @@ function add_function(arr, coll, guid, offline, socket) {
},
}, {upsert: true}, function(err, docs) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 7");
var hash;
if(msg.adminpass === "") hash = msg.adminpass;
else hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
var hash = msg.adminpass;
db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash && docs[0].adminpass != "") || docs[0].shuffle === false))
{
db.collection(coll).find({now_playing:false}).forEach(function(err, docs){
@@ -677,7 +699,7 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll);
db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0 && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(params.adminpass),true)))
if(docs !== null && docs.length !== 0 && docs[0].adminpass == params.adminpass)
{
db.collection(coll).find({id:params.id}, function(err, docs){
var dont_increment = false;
@@ -727,13 +749,17 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass;
msg.adminpass = Functions.hash_pass(adminpass);
} else if(msg.adminpass != "") {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
}
if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass;
} else {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
var hash = msg.adminpass;
var hash_userpass = msg.pass;
db.collection(coll + "_settings").find(function(err, conf) {
if(conf.length == 1 && conf) {
conf = conf[0];

17
server/handlers/list_settings.js
View File

@@ -45,7 +45,7 @@ function password(inp, coll, guid, offline, socket) {
pw = Functions.hash_pass(Functions.decrypt_string(pw), true);
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 8");
Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) {
adminpass = Functions.hash_pass(adminpass);
db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0)
{
@@ -61,7 +61,7 @@ function password(inp, coll, guid, offline, socket) {
socket.emit("pw", true);
});
});
} else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) {
} else if(docs[0].adminpass === "" || docs[0].adminpass == adminpass) {
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(adminpass != pw) {
@@ -117,7 +117,6 @@ function conf_function(params, coll, guid, offline, socket) {
if(gotten) {
params.adminpass = adminpass;
if(!params.userpass_changed) params.userpass = userpass;
}
if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') ||
!params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') ||
@@ -191,13 +190,19 @@ function conf_function(params, coll, guid, offline, socket) {
var description = "";
var hash;
if(params.description) description = params.description;
if(adminpass !== "") {
if(adminpass !== "" && !gotten) {
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true));
} else if(adminpass !== "" && gotten) {
hash = Functions.hash_pass(adminpass);
} else {
hash = adminpass;
}
if(userpass != "") {
userpass = crypto.createHash('sha256').update(userpass).digest("base64");
if(!params.userpass_changed && gotten) {
} else {
userpass = crypto.createHash('sha256').update(userpass).digest("base64");
}
}
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) {
@@ -221,7 +226,7 @@ function conf_function(params, coll, guid, offline, socket) {
db.collection(coll + "_settings").update({ id: "config" }, {
$set:obj
}, function(err, docs){
Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() {
Functions.setSessionUserPass(Functions.getSession(socket), crypto.createHash('sha256').update(Functions.decrypt_string(params.userpass)).digest('base64'), coll, function() {
db.collection(coll + "_settings").find(function(err, docs){
if(docs[0].adminpass !== "") docs[0].adminpass = true;
if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true;

28
server/handlers/suggestions.js
View File

@@ -30,20 +30,24 @@ function thumbnail(msg, coll, guid, offline, socket) {
}
//coll = coll.replace(/ /g,'');
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(userpass != "" || msg.userpass == undefined) {
msg.userpass = userpass;
if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")){
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass;
msg.adminpass = Functions.hash_pass(adminpass);
} else {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
}
if(msg.thumbnail != "") {
msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, "");
if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail;
}
var channel = msg.channel.toLowerCase();
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
var hash = msg.adminpass;
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){
db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){
Notifications.requested_change("thumbnail", msg.thumbnail, channel);
@@ -86,16 +90,20 @@ function description(msg, coll, guid, offline, socket) {
}
//coll = coll.replace(/ /g,'');
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(userpass != "" || msg.userpass == undefined) {
msg.userpass = userpass;
if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")) {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
}
if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass;
msg.adminpass = Functions.hash_pass(adminpass);
} else {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
}
var channel = msg.channel.toLowerCase();
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
var hash = msg.adminpass;
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) {
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){
db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){
Notifications.requested_change("description", msg.description, channel);

1
server/public/assets/js/listeners.js
View File

@@ -1646,6 +1646,7 @@ function addDynamicListeners() {
document.querySelector("#import") != document.activeElement &&
document.querySelector("#find_input") != document.activeElement &&
document.querySelector("#import_spotify") != document.activeElement &&
document.querySelector("#import_zoff") != document.activeElement &&
document.querySelector("#import_soundcloud") != document.activeElement) {
if(chromecastAvailable) {
event.preventDefault();

18
server/routing/client/api.js
View File

@@ -189,10 +189,10 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -344,10 +344,10 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -470,10 +470,10 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -703,10 +703,10 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -1102,7 +1102,7 @@ router.route('/api/list/:channel_name').post(function(req, res) {
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
//userpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(_u)))
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {