tgpholly/Binato
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

hash/salt changes

Browse source
This commit is contained in:
Holly Stubbs 2022-08-26 12:53:23 +01:00
parent da3dd4c715
commit 81184583c7
Signed by: tgpholly
GPG key ID: B8583C4B7D18119E
2 changed files with 40 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
config.example.json
View file

@ -20,6 +20,10 @@
"username": "username", "username": "username",
"password": "password", "password": "password",
"name": "osu!", "name": "osu!",
"pbkdf2": {
"itterations": 1337,
"keylength": 1337
},
"key": "examplekey" "key": "examplekey"
} }
} }

42
server/loginHelper.js
View file

@ -1,29 +1,47 @@
const osu = require("osu-packet"), const osu = require("osu-packet"),
aes256 = require("aes256"), aes256 = require("aes256"),
crypto = require("crypto"),
config = require("../config.json"); config = require("../config.json");
module.exports = { module.exports = {
checkLogin:async function(loginInfo) { checkLogin: function(loginInfo) {
return new Promise(async (resolve, reject) => {
// Check if there is any login information provided // Check if there is any login information provided
if (loginInfo == null) return incorrectLoginResponse(); if (loginInfo == null) return resolve(incorrectLoginResponse());
const userDBData = await global.DatabaseHelper.query("SELECT * FROM users_info WHERE username = ? LIMIT 1", [loginInfo.username]); const userDBData = await global.DatabaseHelper.query("SELECT * FROM users_info WHERE username = ? LIMIT 1", [loginInfo.username]);
// Make sure a user was found in the database // Make sure a user was found in the database
if (Object.keys(userDBData).length < 1) return incorrectLoginResponse(); if (userDBData == null) return resolve(incorrectLoginResponse());
// Make sure the username is the same as the login info // Make sure the username is the same as the login info
if (userDBData.username !== loginInfo.username) return incorrectLoginResponse(); if (userDBData.username !== loginInfo.username) return resolve(incorrectLoginResponse());
// If the user has an old md5 password /*
if (userDBData.has_old_password == 1) { 1: Old MD5 password
// Make sure the password is the same as the login info 2: Old AES password
if (userDBData.password !== loginInfo.password) return incorrectLoginResponse(); */
if (userDBData.has_old_password === 1) {
if (userDBData.password_hash !== loginInfo.password)
return resolve(incorrectLoginResponse());
return requiredPWChangeResponse(); return resolve(requiredPWChangeResponse());
} else if (userDBData.has_old_password === 2) {
if (aes256.decrypt(config.database.key, userDBData.password_hash) !== loginInfo.password)
return resolve(resolve(incorrectLoginResponse()));
return resolve(requiredPWChangeResponse());
} else { } else {
if (aes256.decrypt(config.database.key, userDBData.password) !== loginInfo.password) return incorrectLoginResponse(); crypto.pbkdf2(loginInfo.password, userDBData.password_salt, config.database.pbkdf2.itterations, config.database.pbkdf2.keylength, "sha512", (err, derivedKey) => {
} if (err) {
return reject(err);
} else {
if (derivedKey.toString("hex") !== userDBData.password_hash)
return resolve(incorrectLoginResponse());
return null; return resolve(null); // We good
}
});
}
});
}, },
incorrectLoginResponse: incorrectLoginResponse incorrectLoginResponse: incorrectLoginResponse
} }