From a7783947a1ba393b23f30301c2d276e9af4533ef Mon Sep 17 00:00:00 2001 From: MinusGix Date: Sun, 30 Sep 2018 12:50:44 -0500 Subject: Put tripsalt question before password question. --- server/src/managers/config.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'server/src') diff --git a/server/src/managers/config.js b/server/src/managers/config.js index 2865d00..7929641 100644 --- a/server/src/managers/config.js +++ b/server/src/managers/config.js @@ -44,6 +44,13 @@ class ConfigManager { // core server setup questions const questions = { properties: { + tripSalt: { + type: 'string', + required: !currentConfig.tripSalt, + default: currentConfig.tripSalt, + hidden: true, + replace: '*', + }, adminName: { pattern: /^"?[a-zA-Z0-9_]+"?$/, type: 'string', @@ -63,13 +70,6 @@ class ConfigManager { type: 'number', required: !currentConfig.websocketPort, default: currentConfig.websocketPort || 6060 - }, - tripSalt: { - type: 'string', - required: !currentConfig.tripSalt, - default: currentConfig.tripSalt, - hidden: true, - replace: '*', } } }; @@ -100,7 +100,7 @@ class ConfigManager { // trip salt is the last core config question, wait until it's been populated // TODO: update this to work with new plugin support - while(conf === null || typeof conf.tripSalt === 'undefined') { + while(conf === null || typeof conf.websocketPort === 'undefined') { deSync.sleep(100); } @@ -127,10 +127,10 @@ class ConfigManager { ${chalk.white('Note:')} ${chalk.green('npm/yarn run config')} will re-run this utility. You will now be asked for the following: + - ${chalk.magenta(' Salt')}, the salt for username trip - ${chalk.magenta('Admin Name')}, the initial admin username - ${chalk.magenta('Admin Pass')}, the initial admin password - ${chalk.magenta(' Port')}, the port for the websocket - - ${chalk.magenta(' Salt')}, the salt for username trip \u200b `); -- cgit v1.2.1 From 2a852fe13e5e8b149431e56245557f6137e4330d Mon Sep 17 00:00:00 2001 From: MinusGix Date: Sun, 30 Sep 2018 13:41:18 -0500 Subject: Made Admin password saved as a trip. --- server/src/managers/config.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'server/src') diff --git a/server/src/managers/config.js b/server/src/managers/config.js index 7929641..26d4ba2 100644 --- a/server/src/managers/config.js +++ b/server/src/managers/config.js @@ -16,6 +16,15 @@ const prompt = require('prompt'); const path = require('path'); const deSync = require('deasync'); +// For hashing the admin's password into a trip. +const crypto = require('crypto'); + +const hash = (password) => { + let sha = crypto.createHash('sha256'); + sha.update(password); + return sha.digest('base64').substr(0, 6); +}; + class ConfigManager { /** * Create a `ConfigManager` instance for (re)loading classes and config @@ -65,6 +74,7 @@ class ConfigManager { default: currentConfig.adminPass, hidden: true, replace: '*', + before: value => hash(value) }, websocketPort: { type: 'number', @@ -98,7 +108,7 @@ class ConfigManager { let conf = {}; conf = this.load(); - // trip salt is the last core config question, wait until it's been populated + // websocketport is the last core config question, wait until it's been populated // TODO: update this to work with new plugin support while(conf === null || typeof conf.websocketPort === 'undefined') { deSync.sleep(100); -- cgit v1.2.1 From e7724e24fd97015b58c89d23c4478a01b6851c9f Mon Sep 17 00:00:00 2001 From: MinusGix Date: Sun, 30 Sep 2018 14:41:28 -0500 Subject: Made admin pass stored as trip and handled by trip. Admin can now be an admin as long as they use the same password --- server/src/commands/core/join.js | 13 ++++++------- server/src/managers/config.js | 15 +++++++++++---- 2 files changed, 17 insertions(+), 11 deletions(-) (limited to 'server/src') diff --git a/server/src/commands/core/join.js b/server/src/commands/core/join.js index 31bc3c1..21badaf 100644 --- a/server/src/commands/core/join.js +++ b/server/src/commands/core/join.js @@ -32,13 +32,12 @@ exports.parseNickname = (core, data) => { } let password = nickArray[1]; - if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) { - if (password !== core.config.adminPass) { - return 'You are not the admin, liar!'; - } else { - userInfo.uType = 'admin'; - userInfo.trip = 'Admin'; - } + + if (hash(password + core.config.tripSalt) === core.config.adminTrip) { + userInfo.uType = 'admin'; + userInfo.trip = 'Admin'; + } else if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) { // they've got the main-admin name while not being an admin + return 'You are not the admin, liar!'; } else if (password) { userInfo.trip = hash(password + core.config.tripSalt); } diff --git a/server/src/managers/config.js b/server/src/managers/config.js index 26d4ba2..97961ce 100644 --- a/server/src/managers/config.js +++ b/server/src/managers/config.js @@ -50,6 +50,8 @@ class ConfigManager { * @param {Object} optionalConfigs optional (non-core) module config */ getQuestions (currentConfig, optionalConfigs) { + let salt = null; // this is so it can be accessed from adminTrip. + // core server setup questions const questions = { properties: { @@ -59,6 +61,10 @@ class ConfigManager { default: currentConfig.tripSalt, hidden: true, replace: '*', + before: value => { + salt = value; + return salt; + } }, adminName: { pattern: /^"?[a-zA-Z0-9_]+"?$/, @@ -68,13 +74,14 @@ class ConfigManager { default: currentConfig.adminName, before: value => value.replace(/"/g, '') }, - adminPass: { + adminTrip: { type: 'string', - required: !currentConfig.adminPass, - default: currentConfig.adminPass, + required: !currentConfig.adminTrip, + default: currentConfig.adminTrip, hidden: true, replace: '*', - before: value => hash(value) + description: 'adminPass', + before: value => hash(value + salt) }, websocketPort: { type: 'number', -- cgit v1.2.1