fixed

2022-09-26 11:29:53 -05:00 · 2022-09-26 11:29:53 -05:00 · ef9d69cee8
parent 5f4a473f0f
commit ef9d69cee8
11 changed files with 109 additions and 1770 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-node_modules
+node_modules/
--- a/browserify.js
+++ b/browserify.js
@ -0,0 +1,2 @@
+let nodersa = require("node-rsa");
+window.nodersa = nodersa;
--- a/html/index.html
+++ b/html/index.html
@ -3,10 +3,7 @@
    <title>
        worst website ever (real)
    </title>
-    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
-    <script src="/src/jsencrypt.min.js"></script>
-    <script src="/src/crypto.js"></script>
-    
+    <script src="/src/bundle.js"></script>
    <style>
        abbr {
  font-style: italic;
@ -80,55 +77,51 @@ return(promise)
 }    
 let pub = ''
 function submit(){
+    //{body:{json:boolean,enc:boolean,data:string,sid:keyof keyring}}
    var xhr = new XMLHttpRequest();
+    xhr.open("POST", window.location.href + 'login/submit', true);
+    xhr.setRequestHeader('Content-Type', 'application/json');
    xhr.onreadystatechange = function() {
    if (xhr.readyState == XMLHttpRequest.DONE) {
        alert(xhr.responseText);
+        }
    }
-}
-                    xhr.open("POST", window.location.href + 'login/submit', true);
-                    xhr.setRequestHeader('Content-Type', 'application/json');
-                    
-                    let user = document.getElementById("user").value
-                    let pass = document.getElementById("pass").value
-                    
-                    var singed = (JSON.stringify({'date':Date().toString(),'user':user,'pass':pass,sid:sid}))
-                    //console.log(singed,keys.publicKey)
-                    
-                    //console.log(JSON.stringify({'data':singed}))
-                    console.log("preview of request: "+JSON.stringify({enc:true,json:true,data:singed,sid:sid}))
-                    xhr.send(JSON.stringify({enc:true,json:true,data:singed,sid:sid}))
-                    }
-    function sendRequest(location,encrypt,key,request){
-        var xhr = new XMLHttpRequest();
-        var promise = new Promise((resolve, reject) => {
-    xhr.onreadystatechange = function() {
-    if (xhr.readyState == XMLHttpRequest.DONE) {
-        
-        resolve(xhr.responseText);
+    let user = document.getElementById('user').value
+    let pass = document.getElementById('pass').value
+    let out = {}
+    Object.assign(out,{json:true,enc:true,sid:sid},{data:nodersa(pub,'pkcs8-public').encrypt({user:user,pass:pass,date: new Date()},'base64')})
+
+    xhr.send(JSON.stringify(out))
    }
-}
-        })
+    function sendenc(location,content){
+    var xhr = new XMLHttpRequest();
    xhr.open("POST", window.location.href + location, true);
    xhr.setRequestHeader('Content-Type', 'application/json');
-    
-    if(encrypt){     
-    let sign = new JSEncrypt()
-    sign.setPublicKey(key)       
-    var singed = sign.encrypt(JSON.stringify({'date':Date().toString()},request))
-    console.log("preview of request: "+JSON.stringify({enc:true,json:true,data:singed}))
-    xhr.send(JSON.stringify({enc:true,json:true,data:singed}))
-    } else {
-    var notsinged= JSON.stringify({'date':Date().toString()},request)
-    console.log("preview of request: "+JSON.stringify({enc:false,json:true,data:notsinged}))
-    xhr.send(JSON.stringify({enc:false,json:true,data:notsinged,sid:sid}))   
+    xhr.onreadystatechange = function() {
+    if (xhr.readyState == XMLHttpRequest.DONE) {
+        pub=(xhr.responseText);
+        }
    }
-    return(promise)
+    let out = {}
+    Object.assign(out,{json:true,enc:false},{data:nodersa(pub,'pkcs8-public').encrypt(content,{date: new Date()},'base64')})
+    xhr.send(JSON.stringify(out))
+    }
+    function sendnoenc(location,content){
+    var xhr = new XMLHttpRequest();
+    xhr.open("POST", window.location.href + location, true);
+    xhr.setRequestHeader('Content-Type', 'application/json');
+    xhr.onreadystatechange = function() {
+    if (xhr.readyState == XMLHttpRequest.DONE) {
+        pub=(xhr.responseText);
+        }
+    }
+    let out = {}
+    Object.assign(out,{json:true,enc:false},content)
+    xhr.send(JSON.stringify(out))
    }
-
    async function load(){
-        console.log(CryptoJS.SHA512("Message"));
-        pub=await sendRequest('pub.key',false,'',{sid:sid})
+        sendnoenc('pub.key',{sid:sid})
+        
        //console.log(SubtleCrypto.encrypt('RSA-OAEP',SubtleCrypto.importKey('raw',pub,'RSA-OAEP',true)))
        readTextFile("kanna.txt").then((kanna)=>{
            let left = -300;
--- a/index.ts
+++ b/index.ts
@ -4,113 +4,57 @@ const express = require('express')
 const app = express()
 const port = 3001
 const fs = require('fs')
-const crypt = require("crypto")
 const bodyParser = require("body-parser");
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(bodyParser.json());
+const NodeRSA = require('node-rsa');
 //let priv = '';

-
 interface keyring{
  [sid: string]: string,
 }
 let keyring = {} as keyring
 let key:any;
-function decryptMessage(encryptedMessage:any, privateKey:any) {
-  const rsaPrivateKey = {
-    key: privateKey,
-    passphrase: '',
-    padding: crypt.constants.RSA_PKCS1_PADDING,
-  };

-  const decryptedMessage = crypt.privateDecrypt(
-    rsaPrivateKey,
-    Buffer.from(encryptedMessage, 'base64'),
-  );
-
-  return decryptedMessage.toString('utf8');
-}
 app.get('/', (req:any, res:any) => {
  res.sendFile(__dirname+"/html/index.html")
 })
 app.get('/kanna.txt', (req:any, res:any) => {
  res.sendFile(__dirname+"/kanna.txt")
 })
-app.get('/src/jsencrypt.min.js', (req:any, res:any) => {
-  res.sendFile(__dirname+'/src/jsencrypt.min.js')
-})
-app.get('/src/crypto.js', (req:any, res:any) => {
-  res.sendFile(__dirname+'/src/crypto.js')
+app.get('/src/bundle.js', (req:any, res:any) => {
+  res.sendFile(__dirname+'/src/bundle.js')
 })
 app.get('/src/lights-out.gif', (req:any, res:any) => {
  res.sendFile(__dirname+'/src/lights-out.gif')
 })
 app.post('/pub.key', async (req:{body:{json:boolean,sid:keyof keyring}}, res:any) => {
  if(req.body.json){
-    const { publicKey, privateKey } = crypt.generateKeyPairSync("rsa", {
-      // The standard secure default length for RSA keys is 2048 bits
-      modulusLength: 1024,
-      publicKeyEncoding: {
-        type: 'pkcs1',
-        format: 'pem'
-      },
-      privateKeyEncoding: {
-        type: 'pkcs8',
-        format: 'pem',
-      }
-    })
-    res.send(publicKey.toString("base64"))
-    console.log(publicKey,privateKey)
    
    
+    const key = new NodeRSA({b: 1024});
+    keyring[req.body.sid]=key.exportKey('pkcs1-private')
+    res.send(key.exportKey('pkcs8-public'))
  }
 })

 app.post('/login/submit', async (req:{body:{json:boolean,enc:boolean,data:string,sid:keyof keyring}}, res:any) => {
-  //console.log(req.body)
-  //console.log(keyring,req.body.sid)
+  const key = new NodeRSA({b: 1024})
+
+  key.importKey(keyring[req.body.sid],'pkcs1-private')
+  let dec:{user:string,pass:string} = JSON.parse((atob(key.decrypt(req.body.data,'base64','base64'))))
  
-  if(req.body.enc,req.body.json){
-    try{
-      console.log(key)
-      // @ts-ignore
-      /*
-  let request = await decryptMessage(req.body.data, crypt.createPrivateKey({
-            key: Buffer.from(key, 'base64'),
-            padding:crypt.constants.RSA_PKCS1_PADDING,
-          }))*/
-          console.log(req.body)
-          const decryptedData = crypt.privateDecrypt(
-            {
-              key: key,
-              // In order to decrypt the data, we need to specify the
-              // same hashing function and padding scheme that we used to
-              // encrypt the data in the previous step
-              padding: crypt.constants.RSA_PKCS1_OAEP_PADDING,
-              oaepHash: "sha256",
-            },
-            req.body.data
-          )
-          //console.log(req.body)
-          let request=JSON.parse(decryptedData)
-          console.log(request)
-          //console.log(request.user,request.pass)
-          //if(request.date==null){return}
-    let user:any=readFileSync("json/user.json")
-    //console.log(user)
-    for(let i of JSON.parse(user)){
-      //console.log(i)
-    if(request.user.trim() == i['user'] && request.pass.trim() == i['pass']){
-      res.send("logged in")
+  let users = JSON.parse(readFileSync('json/user.json').toString())
+  for(let user of users){
+    let use=user as typeof users
+    console.log(use)
+    if(user.name==dec.user&&user.pass==dec.pass){
+      res.send('logged in, hello!')
    }
-    
-  }}catch(err){
-    console.log(err)
-    
  }
-}
-  
 })
+  
+
 app.listen(port,'0.0.0.0', () => {
  console.log(`Example app listening on port ${port}`)
 })
--- a/json/user.json
+++ b/json/user.json
@ -1,5 +1,5 @@
 [{
-    "user":"root",
+    "name":"root",
    "pass":"password",
    "sudo":true,
    "last_login":"",
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@ -21,6 +21,14 @@
      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
    },
+    "node_modules/asn1": {
+      "version": "0.2.6",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
+      "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
+      "dependencies": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
    "node_modules/body-parser": {
      "version": "1.20.0",
      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
@ -375,6 +383,14 @@
        "node": ">= 0.6"
      }
    },
+    "node_modules/node-rsa": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
+      "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
+      "dependencies": {
+        "asn1": "^0.2.4"
+      }
+    },
    "node_modules/object-inspect": {
      "version": "1.12.2",
      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
--- a/package-lock.json
+++ b/package-lock.json
@ -12,7 +12,8 @@
        "body-parser": "^1.20.0",
        "crypto": "^1.0.1",
        "express": "^4.18.1",
-        "fs": "^0.0.1-security"
+        "fs": "^0.0.1-security",
+        "node-rsa": "^1.1.1"
      }
    },
    "node_modules/accepts": {
@ -32,6 +33,14 @@
      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
    },
+    "node_modules/asn1": {
+      "version": "0.2.6",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
+      "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
+      "dependencies": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
    "node_modules/body-parser": {
      "version": "1.20.0",
      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
@ -386,6 +395,14 @@
        "node": ">= 0.6"
      }
    },
+    "node_modules/node-rsa": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
+      "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
+      "dependencies": {
+        "asn1": "^0.2.4"
+      }
+    },
    "node_modules/object-inspect": {
      "version": "1.12.2",
      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
@ -618,6 +635,14 @@
      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
    },
+    "asn1": {
+      "version": "0.2.6",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
+      "integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
    "body-parser": {
      "version": "1.20.0",
      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
@ -885,6 +910,14 @@
      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
    },
+    "node-rsa": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
+      "integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
+      "requires": {
+        "asn1": "^0.2.4"
+      }
+    },
    "object-inspect": {
      "version": "1.12.2",
      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
--- a/package.json
+++ b/package.json
@ -21,6 +21,7 @@
    "body-parser": "^1.20.0",
    "crypto": "^1.0.1",
    "express": "^4.18.1",
-    "fs": "^0.0.1-security"
+    "fs": "^0.0.1-security",
+    "node-rsa": "^1.1.1"
  }
 }
--- a/src/bundle.js
+++ b/src/bundle.js
--- a/src/crypto.js
+++ b/src/crypto.js
--- a/src/jsencrypt.min.js
+++ b/src/jsencrypt.min.js