Added config toml

config.toml

@@ -0,0 +1,8 @@
+# Sellery configuration file
+
+# This is the SHA512 digest to check the password against
+PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea'
+
+# Sessions stay valid this many seconds, if inactive. Default: 600 (=10 minutes)
+SESSION_DURATION = 600
+

package-lock.json

@@ -124,6 +124,11 @@
       "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
       "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ=="
     },
+    "toml": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/toml/-/toml-3.0.0.tgz",
+      "integrity": "sha512-y/mWCZinnvxjTKYhJ+pYxwD0mRLVvOtdS2Awbgxln6iEnt4rk0yBxeSBHkGJcPucRiG0e55mwWp+g/05rsrd6w=="
+    },
     "typedarray-to-buffer": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz",

package.json

@@ -13,6 +13,7 @@
     "crypto": "^1.0.1",
     "http": "0.0.1-security",
     "querystring": "^0.2.1",
-    "session-file-store": "^1.5.0"
+    "session-file-store": "^1.5.0",
+    "toml": "^3.0.0"
   }
 }

server.js

@@ -3,10 +3,10 @@ var fs = require('fs');
 var path = require('path');
 var querystring = require('querystring');
 var crypto = require('crypto');
-var execSync = require('child_process').execSync;
+var toml = require('toml');
 
-//! How many seconds (from the last interaction) a session stays valid
+// Parse config file
-const SESSION_DURATION = 10*60;
+const config = toml.parse(fs.readFileSync('config.toml', 'utf-8'));
 
 // Just a few mime types
 const contentTypes = {
@@ -58,7 +58,7 @@ function isSessisionValid(id) {
   var sessionById = filteredSessions[0];
 
   // Is the session still valid?
-  if (Date.now() - sessionById.timestamp > SESSION_DURATION * 1000) {
+  if (Date.now() - sessionById.timestamp > config.SESSION_DURATION * 1000) {
     console.log('Session is no longer valid, because it expired... Removing it...');
 
     // Remove the session from the list of sessions
@@ -118,9 +118,6 @@ function serveAuthenticatePage(request, response) {
   });
 }
 
-// FIX THIS BS!
-const PASSWD_HASH = 'a3c1443b087cf5338d3696f6029fdf791ee4829a27e19c9f257a06ca0d88b5b518ac9868bb13199e807553bda62d3dc15b6354862f34fcab0a7c4c45530349ea';
-
 function testAuthentication(request, response) {
     // Wait for the request to have been received completely (including request body)
     console.log('Request is trying to authenticate... Waiting for request body...');
@@ -144,7 +141,7 @@ function testAuthentication(request, response) {
       const passwordHash = SHA512Digest(password);
 
       // Is the password good?
-      if (passwordHash === PASSWD_HASH) {
+      if (passwordHash === config.PASSWD_HASH) {
         // Yes, it is:
         // Create session
         const sessionId = createSession();
@@ -159,7 +156,7 @@ function testAuthentication(request, response) {
         response.writeHead(401, {
           'Content-Type': 'text/html'
         });
-        response.end('WOOP! WOOP! Invalid password!<br><br>Need to reset your password? Replace the password hash in access.yaml with a new one.<br>This password hashes to: <em>' + passwordHash + '</em>.');
+        response.end('WOOP! WOOP! Invalid password!<br><br>Need to reset your password? Replace the password hash in config.yaml with a new one.<br>This password hashes to: <em>' + passwordHash + '</em>.');
         return;
       }
 
@@ -212,7 +209,6 @@ var server = http.createServer(function (request, response) {
 
     // Parse request cookies
     const cookies = parseCookies(request);
-    console.log(cookies);
 
     // Check if the user is authenticated
     if ((cookies.hasOwnProperty('sesid')) && (isSessisionValid(cookies['sesid']))) {