change token generation and more

femdevs · Mar 20, 2024 · c9b0494 · c9b0494
1 parent 42277c5
commit c9b0494
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 33 deletions.
diff --git a/functions/crypto.js b/functions/crypto.js
@@ -1,40 +1,44 @@
 const crypto = require('crypto');
 const { Buffer } = require('buffer');
+const assert = require('assert/strict');
 require('dotenv').config();
 
-const privateKey = crypto.createPrivateKey(process.env.CRYPT_PRIV);
+let cd = {
+    hashAlgorithm: 'RSA-RIPEMD160',
+    crypt: crypto.getCipherInfo("chacha20-poly1305"),
+    encoding: 'base64url',
+};
+
+Object.assign(cd, Object.fromEntries(['key', 'iv'].map(k => [k, Buffer.from(process.env[`C_${k}`.toUpperCase()], cd.encoding)])))
 
 class TokenManager {
-    static generate = (data) => {
-        const stringPayload = JSON.stringify(data);
-        const payloadBuffer = Buffer.from(stringPayload, 'utf8');
-        const hashedPayload = crypto
-            .createHash('ssl3-sha1')
-            .update(payloadBuffer)
-            .digest('base64url');
-        const signedPayload = crypto
-            .createSign('ssl3-sha1')
-            .update(Buffer.from(hashedPayload, 'base64url'))
-            .end()
-            .sign(privateKey, 'base64url')
-        const hashedSignedPayload = crypto
-            .createHash('id-rsassa-pkcs1-v1_5-with-sha3-224')
-            .update(Buffer.from(signedPayload, 'base64url'))
-            .digest('base64url');
-        return `${hashedPayload}.${hashedSignedPayload}`;
+    static generate = (id) => {
+        const {iv, key, hashAlgorithm: ha, encoding: e} = cd
+        const ed = crypto.createCipheriv(cd.crypt.name, key, iv).update(id)
+        const ph = crypto.createHash(ha).update(ed).digest(e)
+        const d = ed.toString(e)
+        return `${d}.${ph}`
     }
     static verify = (token) => {
-        const [hashedPayload, hashedSignedPayloadA] = token.split('.');
-        const signedPayload = crypto
-            .createSign('ssl3-sha1')
-            .update(Buffer.from(hashedPayload, 'base64url'))
-            .end()
-            .sign(privateKey, 'base64url')
-        const hashedSignedPayloadB = crypto
-            .createHash('id-rsassa-pkcs1-v1_5-with-sha3-224')
-            .update(Buffer.from(signedPayload, 'base64url'))
-            .digest('base64url');
-        return hashedSignedPayloadA === hashedSignedPayloadB;
+        const [d, ph] = token.split('.')
+        const {iv, key, hashAlgorithm: ha, encoding: e} = cd
+        const fd = Buffer.from(d, e)
+        const pvh = crypto.createHash(ha).update(fd).digest(e)
+        try {
+            assert.equal(ph, pvh)
+            crypto.createDecipheriv(cd.crypt.name, key, iv).update(fd).toString('utf-8')
+        } catch (e) {
+            return false
+        }
+        return true
+    }
+    decode = (token) => {
+        const [d, ph] = token.split('.')
+        const {iv, key, hashAlgorithm: ha, encoding: e} = cd
+        const fd = Buffer.from(d, e)
+        const pvh = crypto.createHash(ha).update(fd).digest(e)
+        assert.equal(ph, pvh)
+        return crypto.createDecipheriv(cd.crypt.name, key, iv).update(fd).toString('utf-8')
     }
 }
 

diff --git a/functions/mail.js b/functions/mail.js
@@ -0,0 +1,37 @@
+const nodemailer = require('nodemailer');
+require('dotenv').config();
+
+class Mail {
+    constructor() {
+        this.transporter = nodemailer.createTransport({
+            auth: {
+                user: process.env.MAIL_USER,
+                pass: process.env.MAIL_PASS,
+            },
+            host: "stmp.forwardemail.net",
+            port: 465,
+            secure: true,
+        }, {
+            from: process.env.MAIL_FROM,
+            replyTo: process.env.MAIL_REPLYTO,
+            sender: {
+                name: process.env.MAIL_SENDER_NAME,
+            }
+        });
+    }
+    sendEmail(to, subject, content, type) {
+        this.transporter.sendMail({
+            encoding: 'utf-8',
+            textEncoding: 'base64',
+            envelope: {
+                from: this.transporter.options.from,
+                to: to,
+            },
+            to: to,
+            subject: subject,
+            [(type === 'text/plain') ? 'text' : 'html']: content,
+        });
+    }
+}
+
+module.exports = Mail;
diff --git a/index.js b/index.js
@@ -94,7 +94,7 @@ app
     .use(vhost('security.thefemdevs.com', require('./web/security/')))
     .use(vhost('thefemdevs.com', require('./web/core/')))
     .use(vhost('www.thefemdevs.com', require('./web/core')))
-    .use(vhost('localhost', require('./web/core/')))
+    .use(vhost('localhost', require(`./web/${process.env.LOCALHOST_PAGE || 'core'}`)))
     .use((req, res, next) => {
         const { path } = req;
         const methodUsed = req.method.toUpperCase();

diff --git a/modules/CCrypto.js b/modules/CCrypto.js
@@ -12,8 +12,7 @@ class CCrypto {
         const
             data = { iv: '', key: '', prehash: '', posthash: '', data: '' },
             input = Buffer.from(inputData),
-            generatedIV = crypto.randomBytes(cryptoDefaults.crypt.ivLength),
-            key = crypto.randomBytes(cryptoDefaults.crypt.keyLength)
+            [generatedIV, key] = ['iv', 'key'].map(k => crypto.randomBytes(cryptoDefaults.crypt[`${k}Length`]))
         data.prehash = crypto
             .createHash(cryptoDefaults.hashAlgorithm)
             .update(input)

diff --git a/package.json b/package.json
@@ -64,6 +64,7 @@
     "memorystore": "^1.6.7",
     "node-cron": "^3.0.2",
     "node-ipinfo": "^3.4.6",
+    "nodemailer": "^6.9.13",
     "nodemon": "^3.0.1",
     "pg": "^8.11.3",
     "postcss": "^8.4.31",
@@ -79,6 +80,7 @@
   },
   "devDependencies": {
     "@types/express": "^4.17.19",
+    "@types/nodemailer": "^6.4.14",
     "@types/stripe": "^8.0.417",
     "uuid": "^9.0.1"
   }

diff --git a/web/api/routes/token.js b/web/api/routes/token.js
@@ -1,6 +1,7 @@
 const router = require('express').Router();
 const User = require('../../../functions/userMgr');
 const TokenManager = require('../../../functions/crypto');
+const crypto = require('crypto');
 
 
 router
@@ -19,7 +20,7 @@ router
         };
         const { firebaseuid } = req.body
         if (!firebaseuid) return res.status(400).json({ error: 'No firebaseuid provided' });
-        const generatedToken = TokenManager.generate({ firebaseuid, username: userRows[0].displayName });
+        const generatedToken = TokenManager.generate(`${firebaseuid}.${userRows[0].displayname}:${crypto.randomBytes(16).toString('base64url')}`);
         req.Database.emit('token', { generatedToken, firebaseuid });
         res.status(201).json({token: generatedToken})
         connection.release();