StarMirror/hack-chat-main
1
0
Fork 0
mirror of https://github.com/hack-chat/main.git synced 2024-03-22 13:20:33 +08:00
Code Issues Projects Releases Wiki Activity

Merge pull request #38 from MinusGix/master

Browse Source 
Admin pass stored as trip
This commit is contained in:
marzavec 2018-10-04 17:26:56 -07:00 committed by GitHub
commit 7718a367d7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 36 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
server/src/commands/core/join.js
View File

@ -32,13 +32,12 @@ exports.parseNickname = (core, data) => {
}
let password = nickArray[1];
if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) {
if (password !== core.config.adminPass) {
return 'You are not the admin, liar!';
} else {
userInfo.uType = 'admin';
userInfo.trip = 'Admin';
}
if (hash(password + core.config.tripSalt) === core.config.adminTrip) {
userInfo.uType = 'admin';
userInfo.trip = 'Admin';
} else if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) { // they've got the main-admin name while not being an admin
return 'You are not the admin, liar!';
} else if (password) {
userInfo.trip = hash(password + core.config.tripSalt);
}

43
server/src/managers/config.js
View File

@ -16,6 +16,15 @@ const prompt = require('prompt');
const path = require('path');
const deSync = require('deasync');
// For hashing the admin's password into a trip.
const crypto = require('crypto');
const hash = (password) => {
let sha = crypto.createHash('sha256');
sha.update(password);
return sha.digest('base64').substr(0, 6);
};
class ConfigManager {
/**
* Create a `ConfigManager` instance for (re)loading classes and config
@ -41,9 +50,22 @@ class ConfigManager {
* @param {Object} optionalConfigs optional (non-core) module config
*/
getQuestions (currentConfig, optionalConfigs) {
let salt = null; // this is so it can be accessed from adminTrip.
// core server setup questions
const questions = {
properties: {
tripSalt: {
type: 'string',
required: !currentConfig.tripSalt,
default: currentConfig.tripSalt,
hidden: true,
replace: '*',
before: value => {
salt = value;
return salt;
}
},
adminName: {
pattern: /^"?[a-zA-Z0-9_]+"?$/,
type: 'string',
@ -52,24 +74,19 @@ class ConfigManager {
default: currentConfig.adminName,
before: value => value.replace(/"/g, '')
},
adminPass: {
adminTrip: {
type: 'string',
required: !currentConfig.adminPass,
default: currentConfig.adminPass,
required: !currentConfig.adminTrip,
default: currentConfig.adminTrip,
hidden: true,
replace: '*',
description: 'adminPass',
before: value => hash(value + salt)
},
websocketPort: {
type: 'number',
required: !currentConfig.websocketPort,
default: currentConfig.websocketPort || 6060
},
tripSalt: {
type: 'string',
required: !currentConfig.tripSalt,
default: currentConfig.tripSalt,
hidden: true,
replace: '*',
}
}
};
@ -98,9 +115,9 @@ class ConfigManager {
let conf = {};
conf = this.load();
// trip salt is the last core config question, wait until it's been populated
// websocketport is the last core config question, wait until it's been populated
// TODO: update this to work with new plugin support
while(conf === null || typeof conf.tripSalt === 'undefined') {
while(conf === null || typeof conf.websocketPort === 'undefined') {
deSync.sleep(100);
}
@ -127,10 +144,10 @@ class ConfigManager {
${chalk.white('Note:')} ${chalk.green('npm/yarn run config')} will re-run this utility.
You will now be asked for the following:
- ${chalk.magenta(' Salt')}, the salt for username trip
- ${chalk.magenta('Admin Name')}, the initial admin username
- ${chalk.magenta('Admin Pass')}, the initial admin password
- ${chalk.magenta(' Port')}, the port for the websocket
- ${chalk.magenta(' Salt')}, the salt for username trip
\u200b
`);