From d5d33f0e9b9eb04c1bb318772000ec61b48993b0 Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Wed, 31 Jul 2019 23:32:25 -0400 Subject: [PATCH] Reformatted and fixed missing parameters. --- index.js | 45 ++++++++++++++++++++++----------------------- 1 file changed, 22 insertions(+), 23 deletions(-) diff --git a/index.js b/index.js index 08eb1d7..a086606 100644 --- a/index.js +++ b/index.js @@ -1,6 +1,5 @@ var express = require('express'); var http = require('http'); -var BehindProxy = true // Create a service (the app object is just a callback). var app = express(); @@ -13,14 +12,6 @@ var db = new sqlite3.Database('./databases/sponsorTimes.db'); //where the more sensitive data such as IP addresses are stored var privateDB = new sqlite3.Database('./databases/private.db'); -function hash (value, times=5000) { // Should be bcrypt!!! - for (let i = 0; i < times; i++) { - let hashCreator = crypto.createHash('sha256'); - value = hashCreator.update(value).digest('hex'); - } - return value; -} - // Create an HTTP service. http.createServer(app).listen(80); @@ -28,6 +19,9 @@ http.createServer(app).listen(80); // make it even harder for someone to decode the ip var globalSalt = "49cb0d52-1aec-4b89-85fc-fab2c53062fb"; // Should not be global +//if so, it will use the x-forwarded header instead of the ip address of the connection +var behindProxy = true; + //setup CORS correctly app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); @@ -84,8 +78,8 @@ app.get('/api/getVideoSponsorTimes', function (req, res) { }); }); -function GetIP (req) { - return BehindProxy ? req.headers['x-forwarded-for'] || req.connection.remoteAddress; +function getIP(req) { + return behindProxy ? req.headers['x-forwarded-for'] : req.connection.remoteAddress; } //add the post function @@ -104,10 +98,10 @@ app.get('/api/postVideoSponsorTimes', function (req, res) { } //hash the userID - userID = getHashedUserID(userID); + userID = getHash(userID); //hash the ip 5000 times so no one can get it from the database - let hashedIP = hash(GetIP() + globalSalt); + let hashedIP = getHash(getIP(req) + globalSalt); startTime = parseFloat(startTime); endTime = parseFloat(endTime); @@ -182,13 +176,13 @@ app.get('/api/voteOnSponsorTime', function (req, res) { } //hash the userID - userID = getHashedUserID(userID + UUID); + userID = getHash(userID + UUID); //x-forwarded-for if this server is behind a proxy - let ip = GetIP(); + let ip = getIP(req); //hash the ip 5000 times so no one can get it from the database - let hashedIP = hash(ip + globalSalt); + let hashedIP = getHash(ip + globalSalt); //check if vote has already happened privateDB.prepare("SELECT type FROM votes WHERE userID = ? AND UUID = ?").get(userID, UUID, function(err, row) { @@ -269,7 +263,7 @@ app.get('/api/getViewsForUser', function (req, res) { } //hash the userID - userID = getHashedUserID(userID); + userID = getHash(userID); //up the view count by one db.prepare("SELECT SUM(views) as viewCount FROM sponsorTimes WHERE userID = ?").get(userID, function(err, row) { @@ -289,11 +283,6 @@ app.get('/database.db', function (req, res) { res.sendFile("./databases/sponsorTimes.db", { root: __dirname }); }); -function getHashedUserID(userID) { - //hash the userID 5000 times so no one can get it from the database - return hash(userID); -} - //This function will find sponsor times that are contained inside of eachother, called similar sponsor times //Only one similar time will be returned, randomly generated based on the sqrt of votes. //This allows new less voted items to still sometimes appear to give them a chance at getting votes. @@ -453,7 +442,8 @@ function getWeightedRandomChoice(choices, weights, amountOfChoices) { } //iterate and find amountOfChoices choices - let randomNumber = Math.random(); // Not cryptographically-secure + let randomNumber = Math.random(); + //this array will keep adding to this variable each time one sqrt vote has been dealt with //this is the sum of all the sqrtVotes under this index let currentVoteNumber = 0; @@ -484,3 +474,12 @@ function getWeightedRandomChoice(choices, weights, amountOfChoices) { choicesDealtWith: choicesDealtWith }; } + +function getHash(value, times=5000) { + for (let i = 0; i < times; i++) { + let hashCreator = crypto.createHash('sha256'); + value = hashCreator.update(value).digest('hex'); + } + + return value; +} \ No newline at end of file