From e7724e24fd97015b58c89d23c4478a01b6851c9f Mon Sep 17 00:00:00 2001
From: MinusGix <minusgix@gmail.com>
Date: Sun, 30 Sep 2018 14:41:28 -0500
Subject: Made admin pass stored as trip and handled by trip. Admin can now be
 an admin as long as they use the same password

---
 server/src/commands/core/join.js | 13 ++++++-------
 server/src/managers/config.js    | 15 +++++++++++----
 2 files changed, 17 insertions(+), 11 deletions(-)

(limited to 'server')

diff --git a/server/src/commands/core/join.js b/server/src/commands/core/join.js
index 31bc3c1..21badaf 100644
--- a/server/src/commands/core/join.js
+++ b/server/src/commands/core/join.js
@@ -32,13 +32,12 @@ exports.parseNickname = (core, data) => {
   }
 
   let password = nickArray[1];
-  if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) {
-    if (password !== core.config.adminPass) {
-      return 'You are not the admin, liar!';
-    } else {
-      userInfo.uType = 'admin';
-      userInfo.trip = 'Admin';
-    }
+  
+  if (hash(password + core.config.tripSalt) === core.config.adminTrip) {
+    userInfo.uType = 'admin';
+    userInfo.trip = 'Admin';
+  } else if (userInfo.nick.toLowerCase() == core.config.adminName.toLowerCase()) { // they've got the main-admin name while not being an admin
+    return 'You are not the admin, liar!';
   } else if (password) {
     userInfo.trip = hash(password + core.config.tripSalt);
   }
diff --git a/server/src/managers/config.js b/server/src/managers/config.js
index 26d4ba2..97961ce 100644
--- a/server/src/managers/config.js
+++ b/server/src/managers/config.js
@@ -50,6 +50,8 @@ class ConfigManager {
     * @param {Object} optionalConfigs optional (non-core) module config
     */
   getQuestions (currentConfig, optionalConfigs) {
+    let salt = null; // this is so it can be accessed from adminTrip.
+
     // core server setup questions
     const questions = {
       properties: {
@@ -59,6 +61,10 @@ class ConfigManager {
           default: currentConfig.tripSalt,
           hidden: true,
           replace: '*',
+          before: value => {
+            salt = value;
+            return salt;
+          }
         },
         adminName: {
           pattern: /^"?[a-zA-Z0-9_]+"?$/,
@@ -68,13 +74,14 @@ class ConfigManager {
           default: currentConfig.adminName,
           before: value => value.replace(/"/g, '')
         },
-        adminPass: {
+        adminTrip: {
           type: 'string',
-          required: !currentConfig.adminPass,
-          default: currentConfig.adminPass,
+          required: !currentConfig.adminTrip,
+          default: currentConfig.adminTrip,
           hidden: true,
           replace: '*',
-          before: value => hash(value)
+          description: 'adminPass',
+          before: value => hash(value + salt)
         },
         websocketPort: {
           type: 'number',
-- 
cgit v1.2.1