diff --git a/config.toml b/config.toml
new file mode 100644
index 0000000..aa4985e
--- /dev/null
+++ b/config.toml
@@ -0,0 +1,8 @@
+# Sellery configuration file
+
+# This is the SHA512 digest to check the password against
+PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea'
+
+# Sessions stay valid this many seconds, if inactive. Default: 600 (=10 minutes)
+SESSION_DURATION = 600
+
diff --git a/package-lock.json b/package-lock.json
index 301ea09..666a788 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -124,6 +124,11 @@
"resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
"integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ=="
},
+ "toml": {
+ "version": "3.0.0",
+ "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz",
+ "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w=="
+ },
"typedarray-to-buffer": {
"version": "3.1.5",
"resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz",
diff --git a/package.json b/package.json
index bcb26b7..332b826 100644
--- a/package.json
+++ b/package.json
@@ -13,6 +13,7 @@
"crypto": "^1.0.1",
"http": "0.0.1-security",
"querystring": "^0.2.1",
- "session-file-store": "^1.5.0"
+ "session-file-store": "^1.5.0",
+ "toml": "^3.0.0"
}
}
diff --git a/server.js b/server.js
index b51c402..05ce5d9 100755
--- a/server.js
+++ b/server.js
@@ -3,10 +3,10 @@ var fs = require('fs');
var path = require('path');
var querystring = require('querystring');
var crypto = require('crypto');
-var execSync = require('child_process').execSync;
+var toml = require('toml');
-//! How many seconds (from the last interaction) a session stays valid
-const SESSION_DURATION = 10*60;
+// Parse config file
+const config = toml.parse(fs.readFileSync('config.toml', 'utf-8'));
// Just a few mime types
const contentTypes = {
@@ -58,7 +58,7 @@ function isSessisionValid(id) {
var sessionById = filteredSessions[0];
// Is the session still valid?
- if (Date.now() - sessionById.timestamp > SESSION_DURATION * 1000) {
+ if (Date.now() - sessionById.timestamp > config.SESSION_DURATION * 1000) {
console.log('Session is no longer valid, because it expired... Removing it...');
// Remove the session from the list of sessions
@@ -118,9 +118,6 @@ function serveAuthenticatePage(request, response) {
});
}
-// FIX THIS BS!
-const PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea';
-
function testAuthentication(request, response) {
// Wait for the request to have been received completely (including request body)
console.log('Request is trying to authenticate... Waiting for request body...');
@@ -144,7 +141,7 @@ function testAuthentication(request, response) {
const passwordHash = SHA512Digest(password);
// Is the password good?
- if (passwordHash === PASSWD_HASH) {
+ if (passwordHash === config.PASSWD_HASH) {
// Yes, it is:
// Create session
const sessionId = createSession();
@@ -159,7 +156,7 @@ function testAuthentication(request, response) {
response.writeHead(401, {
'Content-Type': 'text/html'
});
- response.end('WOOP! WOOP! Invalid password!
Need to reset your password? Replace the password hash in access.yaml with a new one.
This password hashes to: ' + passwordHash + '.');
+ response.end('WOOP! WOOP! Invalid password!
Need to reset your password? Replace the password hash in config.yaml with a new one.
This password hashes to: ' + passwordHash + '.');
return;
}
@@ -212,7 +209,6 @@ var server = http.createServer(function (request, response) {
// Parse request cookies
const cookies = parseCookies(request);
- console.log(cookies);
// Check if the user is authenticated
if ((cookies.hasOwnProperty('sesid')) && (isSessisionValid(cookies['sesid']))) {