From 5172ffc251b7c26b5e74f1ef85b2c442c1bda19c Mon Sep 17 00:00:00 2001 From: fatchan Date: Thu, 27 Jun 2019 09:29:59 +0000 Subject: [PATCH] who decided that was a good way to do tripcodes --- configs/main.json.example | 11 ++++++----- db/trips.js | 20 -------------------- helpers/render.js | 6 +++--- helpers/tripcode.js | 21 +++++---------------- models/pages/captcha.js | 6 +----- wipe.js | 2 -- 6 files changed, 15 insertions(+), 51 deletions(-) delete mode 100644 db/trips.js diff --git a/configs/main.json.example b/configs/main.json.example index d1caf596..5cfb8bc0 100644 --- a/configs/main.json.example +++ b/configs/main.json.example @@ -1,11 +1,12 @@ { - "dbURL": "mongodb://username:password@localhost:27017", + "dbURL": "mongodb://username:password@host:port", "port": 7000, - "sessionSecret": "CHANGE ME", + "sessionSecret": "long random string", + "tripcodeSecret": "long random string", "cacheTemplates": true, - "refererRegex": "^https?:\\/\\/(?:www\\.)?DOMAIN\\.TLD\\/", + "refererRegex": "^https?:\\/\\/(?:www\\.)?domain\\.com\\/", "openGraph": { - "siteName": "CHANGE ME", - "url": "https://DOMAIN.TLD" + "siteName": "site name", + "url": "https://domain.com" } } diff --git a/db/trips.js b/db/trips.js deleted file mode 100644 index c284388e..00000000 --- a/db/trips.js +++ /dev/null @@ -1,20 +0,0 @@ -'use strict'; - -const Mongo = require(__dirname+'/db.js') - , db = Mongo.client.db('jschan').collection('tripcodes'); - -module.exports = { - - findOne: (password) => { - return db.findOne({ '_id': password }); - }, - - insertOne: (password, trip) => { - return db.insertOne({ '_id': password, 'code': trip }); - }, - - deleteAll: () => { - return db.deleteMany({}); - }, - -} diff --git a/helpers/render.js b/helpers/render.js index e0003c36..168a29ba 100644 --- a/helpers/render.js +++ b/helpers/render.js @@ -1,13 +1,13 @@ 'use strict'; -const configs = require(__dirname+'/../configs/main.json') - , outputFile = require('fs-extra').outputFile +const { cacheTemplates, openGraph }= require(__dirname+'/../configs/main.json') + , { outputFile } = require('fs-extra') , pug = require('pug') , path = require('path') , uploadDirectory = require(__dirname+'/uploadDirectory.js') , templateDirectory = path.join(__dirname+'/../views/pages/'); module.exports = async (htmlName, templateName, options) => { - const html = pug.renderFile(`${templateDirectory}${templateName}`, { ...options, renderStart: Date.now(), cache: configs.cacheTemplates, openGraph: configs.openGraph }); + const html = pug.renderFile(`${templateDirectory}${templateName}`, { ...options, renderStart: Date.now(), cache: cacheTemplates, openGraph: openGraph }); return outputFile(`${uploadDirectory}html/${htmlName}`, html); }; diff --git a/helpers/tripcode.js b/helpers/tripcode.js index 64298741..ab815484 100644 --- a/helpers/tripcode.js +++ b/helpers/tripcode.js @@ -1,23 +1,12 @@ 'use strict'; -const Tripcodes = require(__dirname+'/../db/trips.js') - , util = require('util') - , crypto = require('crypto') - , randomBytes = util.promisify(crypto.randomBytes); +const { tripcodeSecret } = require(__dirname+'/../configs/main.json') + , { createHash } = require('crypto') module.exports = async (password) => { - //return existing trip if exists - let existing = await Tripcodes.findOne(password); - if (existing) { - return existing.code; - } - - //fix, not sure how secure - const salt = (await randomBytes(128)).toString('hex'); - const fullTripCodeHash = crypto.createHash('sha256').update(password + salt).digest('base64'); - const trip = fullTripCodeHash.substring(fullTripCodeHash.length-10); - await Tripcodes.insertOne(password, trip); - return trip; + const tripcodeHash = createHash('sha256').update(password + tripcodeSecret).digest('base64'); + const tripcode = tripcodeHash.substring(tripcodeHash.length-10); + return tripcode; } diff --git a/models/pages/captcha.js b/models/pages/captcha.js index abbc84d8..f7b3c6b0 100644 --- a/models/pages/captcha.js +++ b/models/pages/captcha.js @@ -1,16 +1,12 @@ 'use strict'; -const { randomBytes } = require('crypto') - , Captchas = require(__dirname+'/../../db/captchas.js') +const Captchas = require(__dirname+'/../../db/captchas.js') , generateCaptcha = require(__dirname+'/../../helpers/captchagenerate.js'); module.exports = async (req, res, next) => { - // if we got here, they dont have a cookie so we need to - // gen a captcha, set their cookie and redirect to the captcha let captchaId; try { -// const text = await randomBytes(3).toString('hex').substring(0,6); const text = Math.random().toString(36).substr(2,6); captchaId = await Captchas.insertOne(text).then(r => r.insertedId); //get id of document as filename and captchaid await generateCaptcha(text, captchaId); diff --git a/wipe.js b/wipe.js index e1491361..fbc12a1f 100644 --- a/wipe.js +++ b/wipe.js @@ -14,7 +14,6 @@ const Mongo = require(__dirname+'/db/db.js') const Boards = require(__dirname+'/db/boards.js') , Posts = require(__dirname+'/db/posts.js') , Bans = require(__dirname+'/db/bans.js') - , Trips = require(__dirname+'/db/trips.js') , Captchas = require(__dirname+'/db/captchas.js') , Accounts = require(__dirname+'/db/accounts.js'); console.log('deleting captchas') @@ -30,7 +29,6 @@ const Mongo = require(__dirname+'/db/db.js') await Boards.deleteIncrement('b'); await Boards.deleteIncrement('t'); await Boards.deleteAll(); - await Trips.deleteAll(); console.log('deleting bans'); await Bans.deleteAll(); console.log('adding boards')