From 15938526acc1a4588e9dd0ab7467222f0abe3c7e Mon Sep 17 00:00:00 2001
From: Leonetienne <leon@etiennes.de>
Date: Sun, 10 Apr 2022 16:19:25 +0200
Subject: [PATCH 1/2] Password hashing now uses a salt and a kdf

---
 config.toml |  2 +-
 server.js   | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/config.toml b/config.toml
index 3303ea7..5753968 100644
--- a/config.toml
+++ b/config.toml
@@ -8,7 +8,7 @@
 WEBROOT = '$WORKING_DIR'
 
 # This is the SHA512 digest to check the password against
-PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea'
+PASSWD_HASH = '034ff213a060a0888230c3934cfb1cb1f80ab3f211a114b713598efac2d1a68f8d3402c6b08ace2f3990c4c029351d1141cf47ebc378fc9a83a5dddda6e38a8c'
 
 # Sessions stay valid this many seconds, if inactive. Default: 600 (=10 minutes)
 SESSION_DURATION = 600
diff --git a/server.js b/server.js
index 1734141..c68e6af 100755
--- a/server.js
+++ b/server.js
@@ -103,6 +103,20 @@ function SHA512Digest(string) {
   return crypto.createHash('sha512').update(string, 'utf-8').digest('hex');
 }
 
+//! Duh?
+function hashPassword(password) {
+  // Salt it
+  password = 'PQoFvPytZyi7yW/uX4IQ5I' + password + 'ZNUwEfVyn55pI91Myp2+RrOXWFtx5';
+
+  // Shake it
+  for (let i = 0; i < password.length * 500; i++) {
+    password = SHA512Digest(password + 'z4J7qWugOOfjd8FBbpcFyANjfe4axc4fM2Dj65IMr')
+  }
+
+  // Serve it
+  return password;
+}
+
 //! This function simply serves the authentication page
 function serveAuthenticatePage(request, response) {
   fs.readFile(__dirname + '/authenticate.html', function (error, data) {
@@ -146,7 +160,7 @@ function testAuthentication(request, response) {
       // Extract password from the request and hash it
       const postData = querystring.parse(requestBody);
       const password = postData['password'];
-      const passwordHash = SHA512Digest(password);
+      const passwordHash = hashPassword(password);
 
       // Is the password good?
       if (passwordHash === config.PASSWD_HASH) {

From 9d1f364f05d6d82d90dd058336751292261d74ae Mon Sep 17 00:00:00 2001
From: Leonetienne <leon@etiennes.de>
Date: Sun, 10 Apr 2022 16:20:16 +0200
Subject: [PATCH 2/2] Removed commented out code from docker entrypoint

---
 entrypoint.sh | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 986df35..40fb389 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -1,18 +1,5 @@
 #!/bin/bash
 
-# # CD into our application directory
-# echo CD into our application directory
-# cd /app
-# 
-# # Use the correct node version
-# echo Use the correct node version
-# npm install -g n
-# n install `cat .nvmrc`
-# 
-# # Install all our packages
-# echo Install all our packages
-# npm install
-
 # Start the server
 echo Start the server
 exec $@