KevinMidboe/zoff
1
0
Fork 0
mirror of https://github.com/KevinMidboe/zoff.git synced 2025-10-29 18:00:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Better hiding of passwords, hiding cookie-logins better

Browse Source
This commit is contained in:
Kasper Rynning-Tønnesen
2018-09-26 22:33:33 +02:00
parent 7ab5d4f399
commit c136199269
9 changed files with 140 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
server/handlers/chat.js
View File

@@ -26,11 +26,13 @@ function get_history(channel, all, socket) {
if(!query.all) { if(!query.all) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) { Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass) {
if(userpass != "" || pass == undefined) { if(userpass != "" || pass == undefined) {
pass = userpass; pass = userpass
} else {
pass = crypto.createHash('sha256').update(Functions.decrypt_string(pass)).digest('base64')
} }
db.collection(channel + "_settings").find({id: "config"}, function(err, conf) { db.collection(channel + "_settings").find({id: "config"}, function(err, conf) {
if(conf.length > 0) { if(conf.length > 0) {
if(conf[0].userpass == "" || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(pass)).digest('base64')) { if(conf[0].userpass == "" || conf[0].userpass == pass) {
getAndSendLogs(channel, all, socket, pass, query); getAndSendLogs(channel, all, socket, pass, query);
} }
} }
@@ -83,9 +85,11 @@ function chat(msg, guid, offline, socket) {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass) {
if(userpass != "" || msg.pass == undefined) { if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass; msg.pass = userpass;
} else {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
var data = msg.data; var data = msg.data;
Functions.check_inlist(coll, guid, socket, offline, function() { Functions.check_inlist(coll, guid, socket, offline, function() {
@@ -169,6 +173,7 @@ function namechange(data, guid, socket, tried, callback) {
var new_password; var new_password;
var first = false; var first = false;
Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) { Functions.getSessionChatPass(Functions.getSession(socket), function(name, pass) {
var fetched = false;
if(data.hasOwnProperty("first") && data.first) { if(data.hasOwnProperty("first") && data.first) {
pw = pass; pw = pass;
name = name; name = name;
@@ -179,6 +184,8 @@ function namechange(data, guid, socket, tried, callback) {
if(typeof(callback) == "function") callback(); if(typeof(callback) == "function") callback();
return; return;
} }
fetched = true;
password = pw;
} else { } else {
var name = data.name; var name = data.name;
if(data.hasOwnProperty("first")) { if(data.hasOwnProperty("first")) {
@@ -191,13 +198,17 @@ function namechange(data, guid, socket, tried, callback) {
pw = data.old_password; pw = data.old_password;
new_password = Functions.decrypt_string(data.new_password); new_password = Functions.decrypt_string(data.new_password);
} }
password = Functions.decrypt_string(pw);
password = Functions.hash_pass(password);
doubled = true;
} }
if(name == "") { if(name == "") {
if(typeof(callback) == "function") callback(); if(typeof(callback) == "function") callback();
return; return;
} }
var password = Functions.decrypt_string(pw);
db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) { db.collection("registered_users").find({"_id": name.toLowerCase()}, function(err, docs) {
var accepted_password = false; var accepted_password = false;
var icon = false; var icon = false;
@@ -208,28 +219,30 @@ function namechange(data, guid, socket, tried, callback) {
} }
accepted_password = true; accepted_password = true;
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() { Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: Functions.hash_pass(password)}}, {upsert: true}, function() { db.collection("registered_users").update({"_id": name.toLowerCase()}, {$set: {password: password}}, {upsert: true}, function() {
}); });
}); });
} else if(docs[0].password == Functions.hash_pass(password)) { } else if(docs[0].password == password) {
if(docs[0].icon) { if(docs[0].icon) {
icon = docs[0].icon; icon = docs[0].icon;
} }
accepted_password = true; accepted_password = true;
if(new_password) { if(new_password) {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() { Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.new_password, function() {
db.collection("registered_users").update({"_id": name.toLowerCase(), password: Functions.hash_pass(password)}, {$set: {password: Functions.hash_pass(new_password)}}, function() {
db.collection("registered_users").update({"_id": name.toLowerCase(), password: password}, {$set: {password: Functions.hash_pass(new_password)}}, function() {
}); });
}); });
} else { } else {
Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), data.password, function() { Functions.setSessionChatPass(Functions.getSession(socket), name.toLowerCase(), fetched ? data.password : Functions.hash_pass(Functions.decrypt_string(data.password)), function() {
}); });
} }
} }
if(accepted_password) { if(accepted_password) {
db.collection("user_names").find({"guid": guid}, function(err, names) { db.collection("user_names").find({"guid": guid}, function(err, names) {
if(names.length > 0 || (docs.length != 0 && docs[0].password == Functions.hash_pass(password))) { if(names.length > 0 || (docs.length != 0 && docs[0].password == password)) {
var no_name = false; var no_name = false;
if(names.length == 0) no_name = true; if(names.length == 0) no_name = true;
if(!no_name) { if(!no_name) {
@@ -278,7 +291,7 @@ function removename(guid, coll, socket) {
Functions.removeSessionChatPass(Functions.getSession(socket), function() { Functions.removeSessionChatPass(Functions.getSession(socket), function() {
db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) { db.collection("user_names").update({"_id": "all_names"}, {$pull: {names: old_name}}, function(err, updated) {
db.collection("user_names").remove({"guid": guid}, function(err, removed) { db.collection("user_names").remove({"guid": guid}, function(err, removed) {
get_name(guid, {announce: true, old_name: old_name, channel: coll}); get_name(guid, {announce: true, old_name: old_name, channel: coll, socket: socket});
}); });
}); });
}); });
@@ -349,7 +362,7 @@ function get_name(guid, announce_payload, first) {
function get_name_generate(guid, announce_payload, first, channel) { function get_name_generate(guid, announce_payload, first, channel) {
db.collection("user_names").find({"guid": guid}, function(err, docs) { db.collection("user_names").find({"guid": guid}, function(err, docs) {
if(docs.length == 0) { if(docs.length == 0) {
generate_name(guid, announce_payload, channel); generate_name(guid, announce_payload, undefined);
} else { } else {
name = docs[0].name; name = docs[0].name;
} }

6
server/handlers/functions.js
View File

@@ -236,6 +236,7 @@ function contains(a, obj) {
} }
function hash_pass(adminpass, hex) { function hash_pass(adminpass, hex) {
if(adminpass == undefined || adminpass == "") return "";
if(hex) return crypto.createHash('sha256').update(adminpass).digest('hex'); if(hex) return crypto.createHash('sha256').update(adminpass).digest('hex');
return crypto.createHash('sha256').update(adminpass).digest('base64'); return crypto.createHash('sha256').update(adminpass).digest('base64');
} }
@@ -247,7 +248,7 @@ function setSessionAdminPass(id, adminpass, list, callback) {
return; return;
} }
connected_db.collection(id).update({_id: list}, {$set: {adminpass: adminpass}}, {upsert: true}, function(e, d){ connected_db.collection(id).update({_id: list}, {$set: {adminpass: hash_pass(decrypt_string(adminpass), true)}}, {upsert: true}, function(e, d){
callback(); callback();
return; return;
}); });
@@ -262,7 +263,6 @@ function setSessionChatPass(id, name, pass, callback) {
callback(); callback();
return; return;
} }
connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) { connected_db.collection(id).update({_id: "_chat_"}, {$set: {password: pass, name: name}}, {upsert: true}, function(e) {
callback(); callback();
return; return;
@@ -373,7 +373,7 @@ function removeSessionAdminPass(id, channel, callback) {
callback(); callback();
return; return;
} }
connected_db.collection(id).remove({_id: channel}, function() { connected_db.collection(id).update({_id: channel}, {$set: {"adminpass": ""}}, function() {
callback(); callback();
return; return;
}); });

4
server/handlers/io.js
View File

@@ -698,8 +698,10 @@ module.exports = function() {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(userpass != "" || obj.pass == undefined) { if(userpass != "" || obj.pass == undefined) {
obj.pass = userpass; obj.pass = userpass;
} else {
obj.pass = crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64")
} }
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (obj.hasOwnProperty('pass') && docs[0].userpass == obj.pass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 4"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 4");
List.send_play(coll, socket); List.send_play(coll, socket);
} else { } else {

28
server/handlers/list.js
View File

@@ -35,9 +35,14 @@ function list(msg, guid, coll, offline, socket) {
if(typeof(msg) === 'object' && msg !== undefined && msg !== null) if(typeof(msg) === 'object' && msg !== undefined && msg !== null)
{ {
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
console.log(gotten, userpass, msg.hasOwnProperty("pass"));
if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) { if(gotten && userpass != "" && !msg.hasOwnProperty("pass")) {
msg.pass = userpass; msg.pass = userpass;
} else {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
console.log(msg.pass);
adminpass = Functions.hash_pass(adminpass);
if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") || if(!msg.hasOwnProperty('version') || !msg.hasOwnProperty("channel") ||
msg.version != VERSION || msg.version == undefined || msg.version != VERSION || msg.version == undefined ||
typeof(msg.channel) != "string") { typeof(msg.channel) != "string") {
@@ -61,7 +66,7 @@ function list(msg, guid, coll, offline, socket) {
coll = msg.channel.toLowerCase(); //.replace(/ /g,''); coll = msg.channel.toLowerCase(); //.replace(/ /g,'');
coll = Functions.removeEmojis(coll).toLowerCase(); coll = Functions.removeEmojis(coll).toLowerCase();
//coll = filter.clean(coll); //coll = filter.clean(coll);
var pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64"); var pass = msg.pass;
db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){ db.collection('frontpage_lists').find({"_id": coll}, function(err, frontpage_lists){
if(frontpage_lists.length == 1) { if(frontpage_lists.length == 1) {
db.collection(coll + "_settings").find(function(err, docs) { db.collection(coll + "_settings").find(function(err, docs) {
@@ -70,7 +75,7 @@ function list(msg, guid, coll, offline, socket) {
Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){}) Functions.setSessionUserPass(Functions.getSession(socket), msg.pass, coll, function(){})
socket.emit("auth_accepted", {value: true}); socket.emit("auth_accepted", {value: true});
} }
if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) { if(docs.length > 0 && docs[0].hasOwnProperty("adminpass") && docs[0].adminpass != "" && docs[0].adminpass == adminpass) {
socket.emit("pw", true); socket.emit("pw", true);
} }
in_list = true; in_list = true;
@@ -161,14 +166,20 @@ function skip(list, guid, coll, offline, socket) {
list.id = list.id + ""; list.id = list.id + "";
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || list.pass == undefined) { if(adminpass != "" || list.pass == undefined) {
list.pass = adminpass; list.pass = Functions.hash_pass(adminpass);
} else if(list.pass != "") {
list.pass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(list.pass),true));;
} else {
list.pass = "";
} }
if(userpass != "" || list.userpass == undefined) { if(userpass != "" || list.userpass == undefined) {
list.userpass = userpass; list.userpass = userpass;
} else {
list.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(list.userpass)).digest("base64");
} }
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(list.userpass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (list.hasOwnProperty('userpass') && docs[0].userpass == list.userpass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 12"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 12");
@@ -184,10 +195,7 @@ function skip(list, guid, coll, offline, socket) {
error = true; error = true;
} }
if(adminpass !== undefined && adminpass !== null && adminpass !== "") hash = adminpass;
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass),true));
else
hash = "";
//db.collection(coll + "_settings").find(function(err, docs){ //db.collection(coll + "_settings").find(function(err, docs){
@@ -611,8 +619,10 @@ function end(obj, coll, guid, offline, socket) {
callback_function(Functions.getSession(socket), coll, function(userpass) { callback_function(Functions.getSession(socket), coll, function(userpass) {
if(userpass != "" || obj.pass == undefined) { if(userpass != "" || obj.pass == undefined) {
obj.pass = userpass; obj.pass = userpass;
} else {
obj.pass = crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64");
} }
if(!authentication_needed || (authentication_needed && obj.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(obj.pass)).digest("base64"))) { if(!authentication_needed || (authentication_needed && obj.hasOwnProperty('pass') && docs[0].userpass == obj.pass)) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 13"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 13");
db.collection(coll).find({now_playing:true}, function(err, np){ db.collection(coll).find({now_playing:true}, function(err, np){
if(err !== null) console.log(err); if(err !== null) console.log(err);

78
server/handlers/list_change.js
View File

@@ -41,14 +41,20 @@ function addFromOtherList(arr, guid, offline, socket) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) {
if(userpass != "" || arr.userpass == undefined) { if(userpass != "" || arr.userpass == undefined) {
arr.userpass = userpass; arr.userpass = userpass;
} else {
arr.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest('base64')
} }
if(adminpass != "" || arr.adminpass == undefined) { if(adminpass != "" || arr.adminpass == undefined) {
arr.adminpass = adminpass; arr.adminpass = Functions.hash_pass(adminpass);
} else {
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
} }
Functions.getSessionAdminUser(Functions.getSession(socket), new_channel, function(userpass) { Functions.getSessionAdminUser(Functions.getSession(socket), new_channel, function(userpass) {
var otheruser = ""; var otheruser = "";
if(userpass != "") { if(userpass != "") {
otheruser = userpass; otheruser = userpass;
} else {
otheruser = crypto.createHash('sha256').update(Functions.decrypt_string(otheruser)).digest("base64");
} }
db.collection(channel).find({now_playing: true}, function(e, np) { db.collection(channel).find({now_playing: true}, function(e, np) {
@@ -72,10 +78,10 @@ function addFromOtherList(arr, guid, offline, socket) {
to_set_np = false; to_set_np = false;
} }
db.collection(new_channel + "_settings").find({id: "config"}, function(e, this_conf) { db.collection(new_channel + "_settings").find({id: "config"}, function(e, this_conf) {
if(this_conf.length > 0 && (this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(otheruser)).digest("base64"))) { if(this_conf.length > 0 && (this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == otheruser)) {
db.collection(channel + "_settings").find({id: "config"}, function(e, this_conf) { db.collection(channel + "_settings").find({id: "config"}, function(e, this_conf) {
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true)); var hash = arr.adminpass;
if((this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64"))) { if((this_conf[0].userpass == "" || !this_conf[0].userpass || this_conf[0].userpass == arr.userpass)) {
if(((this_conf[0].addsongs === true && (hash == this_conf[0].adminpass || this_conf[0].adminpass === "")) || if(((this_conf[0].addsongs === true && (hash == this_conf[0].adminpass || this_conf[0].adminpass === "")) ||
this_conf[0].addsongs === false)) { this_conf[0].addsongs === false)) {
db.collection(new_channel).aggregate([ db.collection(new_channel).aggregate([
@@ -105,8 +111,7 @@ function addFromOtherList(arr, guid, offline, socket) {
db.collection(channel).find({now_playing: true}, function(e, np_docs) { db.collection(channel).find({now_playing: true}, function(e, np_docs) {
to_change.id = np_docs[0].id; to_change.id = np_docs[0].id;
to_change.title = np_docs[0].title; to_change.title = np_docs[0].title;
db.collection("frontpage_lists").find({_id: new_channel}, function(e, doc) {
db.collection("frontpage_lists").find({_id: coll}, function(e, doc) {
if(doc.length > 0 && ((doc[0].thumbnail != "" && doc[0].thumbnail != undefined && (doc[0].thumbnail.indexOf("https://i1.sndcdn.com") > -1 || doc[0].thumbnail.indexOf("https://w1.sndcdn.com") > -1)) || (doc[0].thumbnail == "" || doc[0].thumbnail == undefined))) { if(doc.length > 0 && ((doc[0].thumbnail != "" && doc[0].thumbnail != undefined && (doc[0].thumbnail.indexOf("https://i1.sndcdn.com") > -1 || doc[0].thumbnail.indexOf("https://w1.sndcdn.com") > -1)) || (doc[0].thumbnail == "" || doc[0].thumbnail == undefined))) {
to_change.thumbnail = np_docs[0].thumbnail; to_change.thumbnail = np_docs[0].thumbnail;
} }
@@ -181,9 +186,13 @@ function addPlaylist(arr, guid, offline, socket) {
Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), channel, function(userpass, adminpass) {
if(userpass != "" || arr.userpass == undefined) { if(userpass != "" || arr.userpass == undefined) {
arr.userpass = userpass; arr.userpass = userpass;
} else {
arr.userpass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64");
} }
if(adminpass != "" || arr.adminpass == undefined) { if(adminpass != "" || arr.adminpass == undefined) {
arr.adminpass = adminpass; arr.adminpass = Functions.hash_pass(adminpass);
} else {
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true))
} }
db.collection(channel).find({now_playing: true}, function(e, np) { db.collection(channel).find({now_playing: true}, function(e, np) {
var now_playing = false; var now_playing = false;
@@ -194,8 +203,8 @@ function addPlaylist(arr, guid, offline, socket) {
return; return;
} }
if(conf.length > 0) { if(conf.length > 0) {
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true)); var hash = arr.adminpass;
if((conf[0].userpass == "" || !conf[0].userpass || conf[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.userpass)).digest("base64"))) { if((conf[0].userpass == "" || !conf[0].userpass || conf[0].userpass == arr.userpass)) {
if(((conf[0].addsongs === true && (hash == conf[0].adminpass || conf[0].adminpass === "")) || if(((conf[0].addsongs === true && (hash == conf[0].adminpass || conf[0].adminpass === "")) ||
conf[0].addsongs === false)) { conf[0].addsongs === false)) {
var path = require('path'); var path = require('path');
@@ -386,18 +395,22 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = coll.replace(/ /g,''); //coll = coll.replace(/ /g,'');
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || arr.adminpass == undefined) { if(adminpass != "" || arr.adminpass == undefined) {
arr.adminpass = adminpass; arr.adminpass = Functions.hash_pass(adminpass);
} else {
arr.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true));
} }
if(userpass != "" || arr.userpass == undefined) { if(userpass != "" || arr.pass == undefined) {
arr.userpass = userpass; arr.pass = userpass;
} else {
arr.pass = crypto.createHash('sha256').update(Functions.decrypt_string(arr.pass)).digest("base64");
} }
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(arr.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (arr.hasOwnProperty('pass') && docs[0].userpass == arr.pass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 5"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 5");
var id = arr.id + ""; var id = arr.id + "";
var title = arr.title; var title = arr.title;
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(arr.adminpass), true)); var hash = arr.adminpass;
var duration = parseInt(arr.duration); var duration = parseInt(arr.duration);
var source = arr.source; var source = arr.source;
/*db.collection(coll + "_settings").find(function(err, docs) /*db.collection(coll + "_settings").find(function(err, docs)
@@ -541,14 +554,18 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll); //coll = filter.clean(coll);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || msg.adminpass == undefined) { if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass; msg.adminpass = Functions.hash_pass(adminpass);
} else {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
} }
if(userpass != "" || msg.pass == undefined) { if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass; msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")){
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 6"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 6");
@@ -556,7 +573,7 @@ function add_function(arr, coll, guid, offline, socket) {
del(msg, socket, socketid); del(msg, socket, socketid);
} else { } else {
var id = msg.id; var id = msg.id;
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true)); var hash = msg.adminpass;
if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) || if(docs !== null && docs.length !== 0 && ((docs[0].vote === true && (hash == docs[0].adminpass || docs[0].adminpass === "")) ||
docs[0].vote === false)) { docs[0].vote === false)) {
vote(coll, id, guid, socket); vote(coll, id, guid, socket);
@@ -605,10 +622,16 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll); //coll = filter.clean(coll);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(adminpass != "" || msg.adminpass == undefined) { if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass; msg.adminpass = Functions.hash_pass(adminpass);
} else if(msg.adminpass != ""){
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
} else {
msg.adminpass = "";
} }
if(userpass != "" || msg.pass == undefined) { if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass; msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")) {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
db.collection("timeout_api").find({ db.collection("timeout_api").find({
type: "shuffle", type: "shuffle",
@@ -633,11 +656,10 @@ function add_function(arr, coll, guid, offline, socket) {
}, },
}, {upsert: true}, function(err, docs) { }, {upsert: true}, function(err, docs) {
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 7"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 7");
var hash; var hash = msg.adminpass;
if(msg.adminpass === "") hash = msg.adminpass;
else hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash && docs[0].adminpass != "") || docs[0].shuffle === false)) if(docs !== null && docs.length !== 0 && ((docs[0].adminpass == hash && docs[0].adminpass != "") || docs[0].shuffle === false))
{ {
db.collection(coll).find({now_playing:false}).forEach(function(err, docs){ db.collection(coll).find({now_playing:false}).forEach(function(err, docs){
@@ -677,7 +699,7 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll); //coll = filter.clean(coll);
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0 && docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(params.adminpass),true))) if(docs !== null && docs.length !== 0 && docs[0].adminpass == params.adminpass)
{ {
db.collection(coll).find({id:params.id}, function(err, docs){ db.collection(coll).find({id:params.id}, function(err, docs){
var dont_increment = false; var dont_increment = false;
@@ -727,13 +749,17 @@ function add_function(arr, coll, guid, offline, socket) {
//coll = filter.clean(coll); //coll = filter.clean(coll);
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(adminpass != "" || msg.adminpass == undefined) { if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass; msg.adminpass = Functions.hash_pass(adminpass);
} else if(msg.adminpass != "") {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
} }
if(userpass != "" || msg.pass == undefined) { if(userpass != "" || msg.pass == undefined) {
msg.pass = userpass; msg.pass = userpass;
} else {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true)); var hash = msg.adminpass;
var hash_userpass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64"); var hash_userpass = msg.pass;
db.collection(coll + "_settings").find(function(err, conf) { db.collection(coll + "_settings").find(function(err, conf) {
if(conf.length == 1 && conf) { if(conf.length == 1 && conf) {
conf = conf[0]; conf = conf[0];

15
server/handlers/list_settings.js
View File

@@ -45,7 +45,7 @@ function password(inp, coll, guid, offline, socket) {
pw = Functions.hash_pass(Functions.decrypt_string(pw), true); pw = Functions.hash_pass(Functions.decrypt_string(pw), true);
Functions.check_inlist(coll, guid, socket, offline, undefined, "place 8"); Functions.check_inlist(coll, guid, socket, offline, undefined, "place 8");
Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) { Functions.getSessionAdminUser(sessionId, coll, function(userpass, adminpass) {
adminpass = Functions.hash_pass(adminpass);
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs !== null && docs.length !== 0) if(docs !== null && docs.length !== 0)
{ {
@@ -61,7 +61,7 @@ function password(inp, coll, guid, offline, socket) {
socket.emit("pw", true); socket.emit("pw", true);
}); });
}); });
} else if(docs[0].adminpass === "" || docs[0].adminpass == Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true))) { } else if(docs[0].adminpass === "" || docs[0].adminpass == adminpass) {
Functions.setSessionAdminPass(sessionId, inp.password, coll, function() { Functions.setSessionAdminPass(sessionId, inp.password, coll, function() {
db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){ db.collection(coll + "_settings").update({ id: "config" }, {$set:{adminpass:Functions.hash_pass(pw)}}, function(err, docs){
if(adminpass != pw) { if(adminpass != pw) {
@@ -117,7 +117,6 @@ function conf_function(params, coll, guid, offline, socket) {
if(gotten) { if(gotten) {
params.adminpass = adminpass; params.adminpass = adminpass;
if(!params.userpass_changed) params.userpass = userpass; if(!params.userpass_changed) params.userpass = userpass;
} }
if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') || if(!params.hasOwnProperty('voting') || !params.hasOwnProperty('addsongs') ||
!params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') || !params.hasOwnProperty('longsongs') || !params.hasOwnProperty('frontpage') ||
@@ -191,14 +190,20 @@ function conf_function(params, coll, guid, offline, socket) {
var description = ""; var description = "";
var hash; var hash;
if(params.description) description = params.description; if(params.description) description = params.description;
if(adminpass !== "") { if(adminpass !== "" && !gotten) {
hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true)); hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(adminpass), true));
} else if(adminpass !== "" && gotten) {
hash = Functions.hash_pass(adminpass);
} else { } else {
hash = adminpass; hash = adminpass;
} }
if(userpass != "") { if(userpass != "") {
if(!params.userpass_changed && gotten) {
} else {
userpass = crypto.createHash('sha256').update(userpass).digest("base64"); userpass = crypto.createHash('sha256').update(userpass).digest("base64");
} }
}
db.collection(coll + "_settings").find({id: "config"}, function(err, docs){ db.collection(coll + "_settings").find({id: "config"}, function(err, docs){
if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) { if(docs !== null && docs.length !== 0 && (docs[0].adminpass === "" || docs[0].adminpass == hash)) {
var obj = { var obj = {
@@ -221,7 +226,7 @@ function conf_function(params, coll, guid, offline, socket) {
db.collection(coll + "_settings").update({ id: "config" }, { db.collection(coll + "_settings").update({ id: "config" }, {
$set:obj $set:obj
}, function(err, docs){ }, function(err, docs){
Functions.setSessionUserPass(Functions.getSession(socket), params.userpass, coll, function() { Functions.setSessionUserPass(Functions.getSession(socket), crypto.createHash('sha256').update(Functions.decrypt_string(params.userpass)).digest('base64'), coll, function() {
db.collection(coll + "_settings").find(function(err, docs){ db.collection(coll + "_settings").find(function(err, docs){
if(docs[0].adminpass !== "") docs[0].adminpass = true; if(docs[0].adminpass !== "") docs[0].adminpass = true;
if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true; if(docs[0].hasOwnProperty("userpass") && docs[0].userpass != "") docs[0].userpass = true;

28
server/handlers/suggestions.js
View File

@@ -30,20 +30,24 @@ function thumbnail(msg, coll, guid, offline, socket) {
} }
//coll = coll.replace(/ /g,''); //coll = coll.replace(/ /g,'');
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass) {
if(userpass != "" || msg.userpass == undefined) { if(userpass != "" || msg.pass == undefined) {
msg.userpass = userpass; msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")){
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
if(adminpass != "" || msg.adminpass == undefined) { if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass; msg.adminpass = Functions.hash_pass(adminpass);
} else {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true));
} }
if(msg.thumbnail != "") { if(msg.thumbnail != "") {
msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, ""); msg.thumbnail = msg.thumbnail.replace(/^https?\:\/\//i, "");
if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail; if(msg.thumbnail.substring(0,2) != "//") msg.thumbnail = "//" + msg.thumbnail;
} }
var channel = msg.channel.toLowerCase(); var channel = msg.channel.toLowerCase();
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass),true)); var hash = msg.adminpass;
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){
db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){ db.collection("suggested_thumbnails").update({channel: channel}, {$set:{thumbnail: msg.thumbnail}}, {upsert:true}, function(err, docs){
Notifications.requested_change("thumbnail", msg.thumbnail, channel); Notifications.requested_change("thumbnail", msg.thumbnail, channel);
@@ -86,16 +90,20 @@ function description(msg, coll, guid, offline, socket) {
} }
//coll = coll.replace(/ /g,''); //coll = coll.replace(/ /g,'');
Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) { Functions.getSessionAdminUser(Functions.getSession(socket), coll, function(userpass, adminpass, gotten) {
if(userpass != "" || msg.userpass == undefined) { if(userpass != "" || msg.pass == undefined) {
msg.userpass = userpass; msg.pass = userpass;
} else if(msg.hasOwnProperty("pass")) {
msg.pass = crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64");
} }
if(adminpass != "" || msg.adminpass == undefined) { if(adminpass != "" || msg.adminpass == undefined) {
msg.adminpass = adminpass; msg.adminpass = Functions.hash_pass(adminpass);
} else {
msg.adminpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true));
} }
var channel = msg.channel.toLowerCase(); var channel = msg.channel.toLowerCase();
var hash = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(msg.adminpass), true)); var hash = msg.adminpass;
db.collection(channel + "_settings").find({id: "config"}, function(err, docs){ db.collection(channel + "_settings").find({id: "config"}, function(err, docs){
if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == crypto.createHash('sha256').update(Functions.decrypt_string(msg.pass)).digest("base64")))) { if(docs.length > 0 && (docs[0].userpass == undefined || docs[0].userpass == "" || (msg.hasOwnProperty('pass') && docs[0].userpass == msg.pass))) {
if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){ if(docs !== null && docs.length !== 0 && docs[0].adminpass !== "" && docs[0].adminpass == hash){
db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){ db.collection("suggested_descriptions").update({channel: channel}, {$set:{description: msg.description}}, {upsert:true}, function(err, docs){
Notifications.requested_change("description", msg.description, channel); Notifications.requested_change("description", msg.description, channel);

1
server/public/assets/js/listeners.js
View File

@@ -1646,6 +1646,7 @@ function addDynamicListeners() {
document.querySelector("#import") != document.activeElement && document.querySelector("#import") != document.activeElement &&
document.querySelector("#find_input") != document.activeElement && document.querySelector("#find_input") != document.activeElement &&
document.querySelector("#import_spotify") != document.activeElement && document.querySelector("#import_spotify") != document.activeElement &&
document.querySelector("#import_zoff") != document.activeElement &&
document.querySelector("#import_soundcloud") != document.activeElement) { document.querySelector("#import_soundcloud") != document.activeElement) {
if(chromecastAvailable) { if(chromecastAvailable) {
event.preventDefault(); event.preventDefault();

18
server/routing/client/api.js
View File

@@ -189,10 +189,10 @@ router.route('/api/list/:channel_name/:video_id').delete(function(req, res) {
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") { if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex")); adminpass = Functions.hash_pass(_a);
} }
if(req.body.userpass == "") { if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64"); userpass = _u;
} }
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
@@ -344,10 +344,10 @@ router.route('/api/conf/:channel_name').put(function(req, res) {
var cookie = req.cookies._uI; var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") { if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex")); adminpass = Functions.hash_pass(_a);
} }
if(req.body.userpass == "") { if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64"); userpass = _u;
} }
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
@@ -470,10 +470,10 @@ router.route('/api/list/:channel_name/:video_id').put(function(req,res) {
var cookie = req.cookies._uI; var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") { if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex")); adminpass = Functions.hash_pass(_a);
} }
if(req.body.userpass == "") { if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64"); userpass = _u;
} }
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
@@ -703,10 +703,10 @@ router.route('/api/list/:channel_name/:video_id').post(function(req,res) {
var cookie = req.cookies._uI; var cookie = req.cookies._uI;
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.adminpass == "") { if(req.body.adminpass == "") {
adminpass = Functions.hash_pass(crypto.createHash('sha256').update(Functions.decrypt_string(_a), 'utf8').digest("hex")); adminpass = Functions.hash_pass(_a);
} }
if(req.body.userpass == "") { if(req.body.userpass == "") {
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64"); userpass = _u;
} }
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {
var authorized = false; var authorized = false;
@@ -1102,7 +1102,7 @@ router.route('/api/list/:channel_name').post(function(req, res) {
Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) { Functions.getSessionAdminUser(cookie, channel_name, function(_u, _a) {
if(req.body.userpass == "") { if(req.body.userpass == "") {
//userpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(_u))) //userpass = Functions.hash_pass(Functions.hash_pass(Functions.decrypt_string(_u)))
userpass = crypto.createHash('sha256').update(Functions.decrypt_string(_u), 'utf8').digest("base64"); userpass = _u;
} }
token_db.collection("api_token").find({token: token}, function(err, token_docs) { token_db.collection("api_token").find({token: token}, function(err, token_docs) {