diff options
author | marzavec <admin@marzavec.com> | 2018-10-05 02:26:56 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-10-05 02:26:56 +0200 |
commit | 7718a367d7d7e7ac45092c602544cf8ce91a9cbf (patch) | |
tree | ca9ebbee3dff1c271695412b3e800d8f25b49b10 /server | |
parent | Added hooks, modules and cleaned up code (diff) | |
parent | Made admin pass stored as trip and handled by trip. Admin can now be an admin... (diff) | |
download | hackchat-7718a367d7d7e7ac45092c602544cf8ce91a9cbf.tar.gz hackchat-7718a367d7d7e7ac45092c602544cf8ce91a9cbf.zip |
Merge pull request #38 from MinusGix/master
Admin pass stored as trip
Diffstat (limited to '')
-rw-r--r-- | server/src/commands/core/join.js | 13 | ||||
-rw-r--r-- | server/src/managers/config.js | 43 |
2 files changed, 36 insertions, 20 deletions
diff --git a/server/src/commands/core/join.js b/server/src/commands/core/join.js index 31bc3c1..21badaf 100644 --- a/server/src/commands/core/join.js +++ b/server/src/commands/core/join.js @@ -32,13 +32,12 @@ exports.parseNickname = (core, data) => { } let password = nickArray[1]; - if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) { - if (password !== core.config.adminPass) { - return 'You are not the admin, liar!'; - } else { - userInfo.uType = 'admin'; - userInfo.trip = 'Admin'; - } + + if (hash(password + core.config.tripSalt) === core.config.adminTrip) { + userInfo.uType = 'admin'; + userInfo.trip = 'Admin'; + } else if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) { // they've got the main-admin name while not being an admin + return 'You are not the admin, liar!'; } else if (password) { userInfo.trip = hash(password + core.config.tripSalt); } diff --git a/server/src/managers/config.js b/server/src/managers/config.js index 2865d00..97961ce 100644 --- a/server/src/managers/config.js +++ b/server/src/managers/config.js @@ -16,6 +16,15 @@ const prompt = require('prompt'); const path = require('path'); const deSync = require('deasync'); +// For hashing the admin's password into a trip. +const crypto = require('crypto'); + +const hash = (password) => { + let sha = crypto.createHash('sha256'); + sha.update(password); + return sha.digest('base64').substr(0, 6); +}; + class ConfigManager { /** * Create a `ConfigManager` instance for (re)loading classes and config @@ -41,9 +50,22 @@ class ConfigManager { * @param {Object} optionalConfigs optional (non-core) module config */ getQuestions (currentConfig, optionalConfigs) { + let salt = null; // this is so it can be accessed from adminTrip. + // core server setup questions const questions = { properties: { + tripSalt: { + type: 'string', + required: !currentConfig.tripSalt, + default: currentConfig.tripSalt, + hidden: true, + replace: '*', + before: value => { + salt = value; + return salt; + } + }, adminName: { pattern: /^"?[a-zA-Z0-9_]+"?$/, type: 'string', @@ -52,24 +74,19 @@ class ConfigManager { default: currentConfig.adminName, before: value => value.replace(/"/g, '') }, - adminPass: { + adminTrip: { type: 'string', - required: !currentConfig.adminPass, - default: currentConfig.adminPass, + required: !currentConfig.adminTrip, + default: currentConfig.adminTrip, hidden: true, replace: '*', + description: 'adminPass', + before: value => hash(value + salt) }, websocketPort: { type: 'number', required: !currentConfig.websocketPort, default: currentConfig.websocketPort || 6060 - }, - tripSalt: { - type: 'string', - required: !currentConfig.tripSalt, - default: currentConfig.tripSalt, - hidden: true, - replace: '*', } } }; @@ -98,9 +115,9 @@ class ConfigManager { let conf = {}; conf = this.load(); - // trip salt is the last core config question, wait until it's been populated + // websocketport is the last core config question, wait until it's been populated // TODO: update this to work with new plugin support - while(conf === null || typeof conf.tripSalt === 'undefined') { + while(conf === null || typeof conf.websocketPort === 'undefined') { deSync.sleep(100); } @@ -127,10 +144,10 @@ class ConfigManager { ${chalk.white('Note:')} ${chalk.green('npm/yarn run config')} will re-run this utility. You will now be asked for the following: + - ${chalk.magenta(' Salt')}, the salt for username trip - ${chalk.magenta('Admin Name')}, the initial admin username - ${chalk.magenta('Admin Pass')}, the initial admin password - ${chalk.magenta(' Port')}, the port for the websocket - - ${chalk.magenta(' Salt')}, the salt for username trip \u200b `); |