From 26806438b715803745522b398e89f081c857ea69 Mon Sep 17 00:00:00 2001 From: holly Date: Sat, 25 Sep 2021 16:35:01 +0100 Subject: [PATCH] aes --- config.example.json | 3 ++- osu!.sql | 12 +++++++++--- package.json | 1 + server/loginHelper.js | 41 ++++++++++++++++++++++++++++++++--------- 4 files changed, 44 insertions(+), 13 deletions(-) mode change 100644 => 100755 osu!.sql diff --git a/config.example.json b/config.example.json index eda8dc7..990db59 100644 --- a/config.example.json +++ b/config.example.json @@ -7,5 +7,6 @@ "databasePort": 3306, "databaseUsername": "username", "databasePassword": "password", - "databaseName": "osu!" + "databaseName": "osu!", + "databaseKey": "examplekey" } \ No newline at end of file diff --git a/osu!.sql b/osu!.sql old mode 100644 new mode 100755 index 2039df2..d95a428 --- a/osu!.sql +++ b/osu!.sql @@ -46,7 +46,8 @@ CREATE TABLE `users_info` ( `supporter` tinyint(1) NOT NULL, `web_session` varchar(64) NOT NULL, `verification_needed` tinyint(1) NOT NULL DEFAULT '0', - `password_change_required` tinyint(1) NOT NULL + `password_change_required` tinyint(1) NOT NULL, + `has_old_password` tinyint(1) NOT NULL DEFAULT '0' ) ENGINE=InnoDB DEFAULT CHARSET=latin1; CREATE TABLE `users_modes_info` ( @@ -91,6 +92,7 @@ CREATE TABLE `web_titles` ( `title` varchar(32) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; + ALTER TABLE `scores` ADD PRIMARY KEY (`id`); @@ -111,9 +113,13 @@ ALTER TABLE `web_titles` ADD PRIMARY KEY (`id`); +ALTER TABLE `scores` + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=0; + ALTER TABLE `users_info` - MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4; + MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=100; + ALTER TABLE `users_modes_info` MODIFY `n` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=0; -INSERT INTO `web_info` (`i`, `HomepageText`) VALUES ('0', 'A default Binato instance!'); +INSERT INTO `web_info` (`i`, `HomepageText`) VALUES ('0', 'A default Binato instance!'); \ No newline at end of file diff --git a/package.json b/package.json index d03af25..4f8f715 100644 --- a/package.json +++ b/package.json @@ -8,6 +8,7 @@ "author": "", "license": "MIT", "dependencies": { + "aes256": "^1.1.0", "chalk": "^4.1.0", "compression": "^1.7.4", "express": "^4.17.1", diff --git a/server/loginHelper.js b/server/loginHelper.js index ff471ea..59b263b 100644 --- a/server/loginHelper.js +++ b/server/loginHelper.js @@ -1,21 +1,28 @@ -const osu = require("osu-packet"); +const osu = require("osu-packet"), + aes256 = require("aes256"), + config = require("../config.json"); module.exports = { checkLogin:async function(loginInfo) { - // Queue up incorrect login response - const incorrectDetailsResponse = incorrectLoginResponse(); // Check if there is any login information provided - if (loginInfo == null) return incorrectDetailsResponse; + if (loginInfo == null) return incorrectLoginResponse(); const userDBData = await global.DatabaseHelper.query(`SELECT * FROM users_info WHERE username = "${loginInfo.username}" LIMIT 1`); // Make sure a user was found in the database - if (Object.keys(userDBData).length < 1) return incorrectDetailsResponse; + if (Object.keys(userDBData).length < 1) return incorrectLoginResponse(); // Make sure the username is the same as the login info - if (userDBData.username !== loginInfo.username) return incorrectDetailsResponse; - // Make sure the password is the same as the login info - if (userDBData.password !== loginInfo.password) return incorrectDetailsResponse; - + if (userDBData.username !== loginInfo.username) return incorrectLoginResponse(); + // If the user has an old md5 password + if (userDBData.has_old_password == 1) { + // Make sure the password is the same as the login info + if (userDBData.password !== loginInfo.password) return incorrectLoginResponse(); + + return requiredPWChangeResponse(); + } else { + if (aes256.decrypt(config.databaseKey, userDBData.password) !== loginInfo.password) return incorrectLoginResponse(); + } + return null; } } @@ -33,4 +40,20 @@ function incorrectLoginResponse() { 'Content-Type': 'text/html; charset=UTF-8' } ]; +} + +function requiredPWChangeResponse() { + const osuPacketWriter = new osu.Bancho.Writer; + osuPacketWriter.Announce("As part of migration to a new password system you are required to change your password. Please login on the website and change your password."); + osuPacketWriter.LoginReply(-1); + return [ + osuPacketWriter.toBuffer, + { + 'cho-token': 'No', + 'cho-protocol': global.protocolVersion, + 'Connection': 'keep-alive', + 'Keep-Alive': 'timeout=5, max=100', + 'Content-Type': 'text/html; charset=UTF-8' + } + ]; } \ No newline at end of file