API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 5th, 2017
72
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.31 KB | None | 0 0
raw download clone embed print report
  1.  
  2. /* Establishes all requirements for the server. */
  3. var client = require("socket.io").listen(8001).sockets;
  4. var mysql = require("mysql");
  5. var colors = require("colors");
  6. var crypto = require("crypto");
  7. var sanitizer = require("sanitizer");
  8. var fs = require("fs");
  9.  
  10. /* Declares all variables for the server config "file". */
  11. var config = {
  12. host: "localhost",
  13. user: "root",
  14. password: "",
  15. database: "login"
  16. };
  17.  
  18. /* Contains all users within the database. */
  19. var users = {};
  20. var awaitingReset = {};
  21.  
  22. /* The connection variable for the SQL database. */
  23. var con;
  24.  
  25. /* Used to log any information with the current time and coloring. */
  26. function log(text, color) {
  27. let d = new Date(),
  28. h = d.getHours(),
  29. m = d.getMinutes(),
  30. ap = "AM";
  31.  
  32. if (h > 12) { h -= 12; ap = "PM"; }
  33. if (h === 12) { ap = "PM"; }
  34. if (m < 10) { m = "0" + m; }
  35. time = h + ":" + m + " " + ap;
  36.  
  37. if (typeof(color) == "undefined") console.log(colors.grey(time) + ": " + text);
  38.  
  39. console.log(colors.grey(time) + ": " + colors[color](text));
  40. }
  41.  
  42. /* Attempts to establish a connection to the SQL database. */
  43. function handleConnection() {
  44. con = mysql.createConnection(config);
  45.  
  46. con.connect(function(err) {
  47. if (err) {
  48. log("An error has occurred while connection: " + err, "red");
  49. setTimeout(handleConnection, 2000);
  50. } else {
  51. log("Connection successful.", "green");
  52. }
  53. });
  54.  
  55. con.on("error", function(err) {
  56. console.log("Error: " + err);
  57. if (err.code === "PROTOCOL_CONNECTION_LOST") {
  58. handleConnection();
  59. }
  60.  
  61. throw err;
  62. });
  63. }
  64.  
  65. /* Updates the SQL database when called. */
  66. function updateSQLDatabase() {
  67. let set = [];
  68.  
  69. for (let user in users) {
  70. set.push({username: user, password: users[user].password,
  71. question: users[user].question, answer: users[user].answer});
  72. }
  73.  
  74. con.query("TRUNCATE TABLE user", function(err, res) {
  75. if (err) log(err, "red");
  76. });
  77.  
  78. for (let i = 0; i < set.length; i++) {
  79. con.query("INSERT INTO user SET ?", set[i], function(err, res) {
  80. if (err) log(err, "red");
  81. });
  82. }
  83. }
  84.  
  85. function login(socket, data) {
  86. let cleanedUsername = sanitizer.sanitize(data["username"]),
  87. secret = 'tcL7YThah4PzdjTDSfJT',
  88. salt = '1DNmIP5Y51xu5E9hggHU',
  89. hashedPassword = crypto.createHmac('sha256', salt + data.password).update(secret).digest('hex');
  90.  
  91. if (users[cleanedUsername] !== undefined) {
  92. if (users[cleanedUsername].password === hashedPassword) {
  93. socket.emit("login", {result: 0, info: "Successfully logged in.", username: cleanedUsername, code: genID(20)});
  94. log("> LOGIN: " + cleanedUsername, "cyan");
  95. } else {
  96. socket.emit("login", {result: 1, info: "Username or password is incorrect."});
  97. }
  98. } else {
  99. socket.emit("login", {result: 1, info: "Username or password is incorrect."});
  100. }
  101. }
  102.  
  103. function register(socket, data) {
  104. let cleanedUsername = sanitizer.sanitize(data["username"]),
  105. secret = 'tcL7YThah4PzdjTDSfJT',
  106. salt = '1DNmIP5Y51xu5E9hggHU',
  107. hashedConfirmation = crypto.createHmac('sha256', salt + data.confirm).update(secret).digest('hex');
  108. hashedPassword = crypto.createHmac('sha256', salt + data.password).update(secret).digest('hex');
  109.  
  110. if (users[cleanedUsername] === undefined) {
  111. if (hashedConfirmation === hashedPassword) {
  112. users[cleanedUsername] = {
  113. password: hashedPassword,
  114. question: data.question,
  115. answer: data.answer
  116. };
  117.  
  118. socket.emit("register", {result: 0, info: "Successfully registered."});
  119. log("> REGISTER: " + cleanedUsername, "cyan");
  120. login(socket, data);
  121. updateSQLDatabase();
  122.  
  123. } else {
  124. socket.emit("register", {result: 1, info: "Passwords do not match."});
  125. }
  126. } else {
  127. socket.emit("register", {result: 1, info: "Username already exists."});
  128. }
  129. }
  130.  
  131. /* Adds all users from the SQL database to the users variable. */
  132. function getUserList() {
  133. if (con) {
  134. con.query("SELECT * FROM user", function(err, res) {
  135. if (err) log(err, "red");
  136.  
  137. for (let result in res) {
  138. users[res[result].username] = {
  139. password: res[result].password,
  140. question: res[result].question,
  141. answer: res[result].answer
  142. };
  143. }
  144.  
  145. log("All current users have been loaded.", "green");
  146. });
  147. } else {
  148. log("Cannot load users as connection has not been established.", "red");
  149. }
  150. }
  151.  
  152. /* Generates an alphanumeric string (also includes - and _) of desired length. */
  153. function genID(length) {
  154. let chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVYXYZ-_',
  155. result = '';
  156.  
  157. for (var i = length; i > 0; --i) result += chars[Math.floor(Math.random() * chars.length)];
  158.  
  159. return result;
  160. }
  161.  
  162. /* Methods/functions called upon server start up. */
  163. handleConnection();
  164. getUserList();
  165.  
  166. /* Declares all socket "on" and "emit" upon client connection. */
  167. client.on("connection", function(socket) {
  168.  
  169. connectedClients.push(socket);
  170.  
  171. socket.on("disconnect", function(data) {
  172. if (connectedClients.indexOf(socket) > -1) connectedClients.splice(socket, 1);
  173. });
  174.  
  175. socket.on("login", function(data) {
  176. login(socket, data);
  177. });
  178.  
  179. socket.on("register", function(data) {
  180. register(socket, data);
  181. });
  182.  
  183. socket.on("recovery", function(data) {
  184. switch (data.type) {
  185. case 0:
  186. if (users[data.username] !== undefined) {
  187. socket.emit("recovery", {type: 0, question: users[data.username].question});
  188. }
  189. break;
  190.  
  191. case 1:
  192. if (users[data.username] !== undefined) {
  193. if (users[data.username].answer === data.answer) {
  194. awaitingReset[data.username] = {code: genID(20)};
  195. socket.emit("recovery", {type: 2, resetCode: awaitingReset[data.username].code})
  196. } else {
  197. socket.emit("recovery", {type: 3, info: "You answered the security question incorrectly."});
  198. }
  199. }
  200. break;
  201.  
  202. case 4:
  203. let secret = 'tcL7YThah4PzdjTDSfJT',
  204. salt = '1DNmIP5Y51xu5E9hggHU';
  205.  
  206. if (awaitingReset[data.username] !== undefined) {
  207. if (data.resetCode === awaitingReset[data.username].code) {
  208. users[data.username].password = crypto.createHmac('sha256', salt + data.password).update(secret).digest('hex');
  209. updateSQLDatabase();
  210. socket.emit("recovery", {type: 5});
  211. awaitingReset[data.username] = null;
  212. log(data.username + " has recovered their password.", "cyan");
  213. } else {
  214. log("Reset code incorrect for " + data.username + " - potential hack attempt.", "yellow");
  215. }
  216. }
  217.  
  218. break;
  219. }
  220. });
  221.  
  222. });
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!