From f47f6e410ccf6a67059e4d49b4f442bbdfcd1fbd Mon Sep 17 00:00:00 2001 From: Leonetienne Date: Fri, 8 Apr 2022 21:00:17 +0200 Subject: [PATCH] Added config toml --- config.toml | 8 ++++++++ package-lock.json | 5 +++++ package.json | 3 ++- server.js | 16 ++++++---------- 4 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 config.toml diff --git a/config.toml b/config.toml new file mode 100644 index 0000000..aa4985e --- /dev/null +++ b/config.toml @@ -0,0 +1,8 @@ +# Sellery configuration file + +# This is the SHA512 digest to check the password against +PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea' + +# Sessions stay valid this many seconds, if inactive. Default: 600 (=10 minutes) +SESSION_DURATION = 600 + diff --git a/package-lock.json b/package-lock.json index 301ea09..666a788 100644 --- a/package-lock.json +++ b/package-lock.json @@ -124,6 +124,11 @@ "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz", "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==" }, + "toml": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz", + "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w==" + }, "typedarray-to-buffer": { "version": "3.1.5", "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz", diff --git a/package.json b/package.json index bcb26b7..332b826 100644 --- a/package.json +++ b/package.json @@ -13,6 +13,7 @@ "crypto": "^1.0.1", "http": "0.0.1-security", "querystring": "^0.2.1", - "session-file-store": "^1.5.0" + "session-file-store": "^1.5.0", + "toml": "^3.0.0" } } diff --git a/server.js b/server.js index b51c402..05ce5d9 100755 --- a/server.js +++ b/server.js @@ -3,10 +3,10 @@ var fs = require('fs'); var path = require('path'); var querystring = require('querystring'); var crypto = require('crypto'); -var execSync = require('child_process').execSync; +var toml = require('toml'); -//! How many seconds (from the last interaction) a session stays valid -const SESSION_DURATION = 10*60; +// Parse config file +const config = toml.parse(fs.readFileSync('config.toml', 'utf-8')); // Just a few mime types const contentTypes = { @@ -58,7 +58,7 @@ function isSessisionValid(id) { var sessionById = filteredSessions[0]; // Is the session still valid? - if (Date.now() - sessionById.timestamp > SESSION_DURATION * 1000) { + if (Date.now() - sessionById.timestamp > config.SESSION_DURATION * 1000) { console.log('Session is no longer valid, because it expired... Removing it...'); // Remove the session from the list of sessions @@ -118,9 +118,6 @@ function serveAuthenticatePage(request, response) { }); } -// FIX THIS BS! -const PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea'; - function testAuthentication(request, response) { // Wait for the request to have been received completely (including request body) console.log('Request is trying to authenticate... Waiting for request body...'); @@ -144,7 +141,7 @@ function testAuthentication(request, response) { const passwordHash = SHA512Digest(password); // Is the password good? - if (passwordHash === PASSWD_HASH) { + if (passwordHash === config.PASSWD_HASH) { // Yes, it is: // Create session const sessionId = createSession(); @@ -159,7 +156,7 @@ function testAuthentication(request, response) { response.writeHead(401, { 'Content-Type': 'text/html' }); - response.end('WOOP! WOOP! Invalid password!

Need to reset your password? Replace the password hash in access.yaml with a new one.
This password hashes to: ' + passwordHash + '.'); + response.end('WOOP! WOOP! Invalid password!

Need to reset your password? Replace the password hash in config.yaml with a new one.
This password hashes to: ' + passwordHash + '.'); return; } @@ -212,7 +209,6 @@ var server = http.createServer(function (request, response) { // Parse request cookies const cookies = parseCookies(request); - console.log(cookies); // Check if the user is authenticated if ((cookies.hasOwnProperty('sesid')) && (isSessisionValid(cookies['sesid']))) {