KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-12-08 20:48:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Better hiding of passwords, hiding cookie-logins better

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-09-26 22:33:33 +02:00
parent 7ab5d4f399
commit c136199269
9 changed files with 140 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
server/routing/client/api.js
View File

@@ -189,10 +189,10 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -344,10 +344,10 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -470,10 +470,10 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -703,10 +703,10 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex"));
adminpass = Functions.hash_pass(_a);
}
if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false;
@@ -1102,7 +1102,7 @@ router.route('/api/list/:channel_name').post(function(req, res) {
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") {
//userpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(_u)))
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64");
userpass = _u;
}
token_db.collection("api_token").find({token: token}, function(err, token_docs) {