fixed
This commit is contained in:
parent
5f4a473f0f
commit
ef9d69cee8
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1 +1 @@
|
|||
node_modules
|
||||
node_modules/
|
2
browserify.js
Normal file
2
browserify.js
Normal file
|
@ -0,0 +1,2 @@
|
|||
let nodersa = require("node-rsa");
|
||||
window.nodersa = nodersa;
|
|
@ -3,10 +3,7 @@
|
|||
<title>
|
||||
worst website ever (real)
|
||||
</title>
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
|
||||
<script src="/src/jsencrypt.min.js"></script>
|
||||
<script src="/src/crypto.js"></script>
|
||||
|
||||
<script src="/src/bundle.js"></script>
|
||||
<style>
|
||||
abbr {
|
||||
font-style: italic;
|
||||
|
@ -80,55 +77,51 @@ return(promise)
|
|||
}
|
||||
let pub = ''
|
||||
function submit(){
|
||||
//{body:{json:boolean,enc:boolean,data:string,sid:keyof keyring}}
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", window.location.href + 'login/submit', true);
|
||||
xhr.setRequestHeader('Content-Type', 'application/json');
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
alert(xhr.responseText);
|
||||
}
|
||||
}
|
||||
}
|
||||
xhr.open("POST", window.location.href + 'login/submit', true);
|
||||
xhr.setRequestHeader('Content-Type', 'application/json');
|
||||
|
||||
let user = document.getElementById("user").value
|
||||
let pass = document.getElementById("pass").value
|
||||
|
||||
var singed = (JSON.stringify({'date':Date().toString(),'user':user,'pass':pass,sid:sid}))
|
||||
//console.log(singed,keys.publicKey)
|
||||
|
||||
//console.log(JSON.stringify({'data':singed}))
|
||||
console.log("preview of request: "+JSON.stringify({enc:true,json:true,data:singed,sid:sid}))
|
||||
xhr.send(JSON.stringify({enc:true,json:true,data:singed,sid:sid}))
|
||||
}
|
||||
function sendRequest(location,encrypt,key,request){
|
||||
var xhr = new XMLHttpRequest();
|
||||
var promise = new Promise((resolve, reject) => {
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
|
||||
resolve(xhr.responseText);
|
||||
let user = document.getElementById('user').value
|
||||
let pass = document.getElementById('pass').value
|
||||
let out = {}
|
||||
Object.assign(out,{json:true,enc:true,sid:sid},{data:nodersa(pub,'pkcs8-public').encrypt({user:user,pass:pass,date: new Date()},'base64')})
|
||||
|
||||
xhr.send(JSON.stringify(out))
|
||||
}
|
||||
}
|
||||
})
|
||||
function sendenc(location,content){
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", window.location.href + location, true);
|
||||
xhr.setRequestHeader('Content-Type', 'application/json');
|
||||
|
||||
if(encrypt){
|
||||
let sign = new JSEncrypt()
|
||||
sign.setPublicKey(key)
|
||||
var singed = sign.encrypt(JSON.stringify({'date':Date().toString()},request))
|
||||
console.log("preview of request: "+JSON.stringify({enc:true,json:true,data:singed}))
|
||||
xhr.send(JSON.stringify({enc:true,json:true,data:singed}))
|
||||
} else {
|
||||
var notsinged= JSON.stringify({'date':Date().toString()},request)
|
||||
console.log("preview of request: "+JSON.stringify({enc:false,json:true,data:notsinged}))
|
||||
xhr.send(JSON.stringify({enc:false,json:true,data:notsinged,sid:sid}))
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
pub=(xhr.responseText);
|
||||
}
|
||||
}
|
||||
return(promise)
|
||||
let out = {}
|
||||
Object.assign(out,{json:true,enc:false},{data:nodersa(pub,'pkcs8-public').encrypt(content,{date: new Date()},'base64')})
|
||||
xhr.send(JSON.stringify(out))
|
||||
}
|
||||
function sendnoenc(location,content){
|
||||
var xhr = new XMLHttpRequest();
|
||||
xhr.open("POST", window.location.href + location, true);
|
||||
xhr.setRequestHeader('Content-Type', 'application/json');
|
||||
xhr.onreadystatechange = function() {
|
||||
if (xhr.readyState == XMLHttpRequest.DONE) {
|
||||
pub=(xhr.responseText);
|
||||
}
|
||||
}
|
||||
let out = {}
|
||||
Object.assign(out,{json:true,enc:false},content)
|
||||
xhr.send(JSON.stringify(out))
|
||||
}
|
||||
|
||||
async function load(){
|
||||
console.log(CryptoJS.SHA512("Message"));
|
||||
pub=await sendRequest('pub.key',false,'',{sid:sid})
|
||||
sendnoenc('pub.key',{sid:sid})
|
||||
|
||||
//console.log(SubtleCrypto.encrypt('RSA-OAEP',SubtleCrypto.importKey('raw',pub,'RSA-OAEP',true)))
|
||||
readTextFile("kanna.txt").then((kanna)=>{
|
||||
let left = -300;
|
||||
|
|
92
index.ts
92
index.ts
|
@ -4,113 +4,57 @@ const express = require('express')
|
|||
const app = express()
|
||||
const port = 3001
|
||||
const fs = require('fs')
|
||||
const crypt = require("crypto")
|
||||
const bodyParser = require("body-parser");
|
||||
app.use(bodyParser.urlencoded({ extended: false }));
|
||||
app.use(bodyParser.json());
|
||||
const NodeRSA = require('node-rsa');
|
||||
//let priv = '';
|
||||
|
||||
|
||||
interface keyring{
|
||||
[sid: string]: string,
|
||||
}
|
||||
let keyring = {} as keyring
|
||||
let key:any;
|
||||
function decryptMessage(encryptedMessage:any, privateKey:any) {
|
||||
const rsaPrivateKey = {
|
||||
key: privateKey,
|
||||
passphrase: '',
|
||||
padding: crypt.constants.RSA_PKCS1_PADDING,
|
||||
};
|
||||
|
||||
const decryptedMessage = crypt.privateDecrypt(
|
||||
rsaPrivateKey,
|
||||
Buffer.from(encryptedMessage, 'base64'),
|
||||
);
|
||||
|
||||
return decryptedMessage.toString('utf8');
|
||||
}
|
||||
app.get('/', (req:any, res:any) => {
|
||||
res.sendFile(__dirname+"/html/index.html")
|
||||
})
|
||||
app.get('/kanna.txt', (req:any, res:any) => {
|
||||
res.sendFile(__dirname+"/kanna.txt")
|
||||
})
|
||||
app.get('/src/jsencrypt.min.js', (req:any, res:any) => {
|
||||
res.sendFile(__dirname+'/src/jsencrypt.min.js')
|
||||
})
|
||||
app.get('/src/crypto.js', (req:any, res:any) => {
|
||||
res.sendFile(__dirname+'/src/crypto.js')
|
||||
app.get('/src/bundle.js', (req:any, res:any) => {
|
||||
res.sendFile(__dirname+'/src/bundle.js')
|
||||
})
|
||||
app.get('/src/lights-out.gif', (req:any, res:any) => {
|
||||
res.sendFile(__dirname+'/src/lights-out.gif')
|
||||
})
|
||||
app.post('/pub.key', async (req:{body:{json:boolean,sid:keyof keyring}}, res:any) => {
|
||||
if(req.body.json){
|
||||
const { publicKey, privateKey } = crypt.generateKeyPairSync("rsa", {
|
||||
// The standard secure default length for RSA keys is 2048 bits
|
||||
modulusLength: 1024,
|
||||
publicKeyEncoding: {
|
||||
type: 'pkcs1',
|
||||
format: 'pem'
|
||||
},
|
||||
privateKeyEncoding: {
|
||||
type: 'pkcs8',
|
||||
format: 'pem',
|
||||
}
|
||||
})
|
||||
res.send(publicKey.toString("base64"))
|
||||
console.log(publicKey,privateKey)
|
||||
|
||||
|
||||
const key = new NodeRSA({b: 1024});
|
||||
keyring[req.body.sid]=key.exportKey('pkcs1-private')
|
||||
res.send(key.exportKey('pkcs8-public'))
|
||||
}
|
||||
})
|
||||
|
||||
app.post('/login/submit', async (req:{body:{json:boolean,enc:boolean,data:string,sid:keyof keyring}}, res:any) => {
|
||||
//console.log(req.body)
|
||||
//console.log(keyring,req.body.sid)
|
||||
const key = new NodeRSA({b: 1024})
|
||||
|
||||
key.importKey(keyring[req.body.sid],'pkcs1-private')
|
||||
let dec:{user:string,pass:string} = JSON.parse((atob(key.decrypt(req.body.data,'base64','base64'))))
|
||||
|
||||
if(req.body.enc,req.body.json){
|
||||
try{
|
||||
console.log(key)
|
||||
// @ts-ignore
|
||||
/*
|
||||
let request = await decryptMessage(req.body.data, crypt.createPrivateKey({
|
||||
key: Buffer.from(key, 'base64'),
|
||||
padding:crypt.constants.RSA_PKCS1_PADDING,
|
||||
}))*/
|
||||
console.log(req.body)
|
||||
const decryptedData = crypt.privateDecrypt(
|
||||
{
|
||||
key: key,
|
||||
// In order to decrypt the data, we need to specify the
|
||||
// same hashing function and padding scheme that we used to
|
||||
// encrypt the data in the previous step
|
||||
padding: crypt.constants.RSA_PKCS1_OAEP_PADDING,
|
||||
oaepHash: "sha256",
|
||||
},
|
||||
req.body.data
|
||||
)
|
||||
//console.log(req.body)
|
||||
let request=JSON.parse(decryptedData)
|
||||
console.log(request)
|
||||
//console.log(request.user,request.pass)
|
||||
//if(request.date==null){return}
|
||||
let user:any=readFileSync("json/user.json")
|
||||
//console.log(user)
|
||||
for(let i of JSON.parse(user)){
|
||||
//console.log(i)
|
||||
if(request.user.trim() == i['user'] && request.pass.trim() == i['pass']){
|
||||
res.send("logged in")
|
||||
let users = JSON.parse(readFileSync('json/user.json').toString())
|
||||
for(let user of users){
|
||||
let use=user as typeof users
|
||||
console.log(use)
|
||||
if(user.name==dec.user&&user.pass==dec.pass){
|
||||
res.send('logged in, hello!')
|
||||
}
|
||||
|
||||
}}catch(err){
|
||||
console.log(err)
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
})
|
||||
|
||||
|
||||
app.listen(port,'0.0.0.0', () => {
|
||||
console.log(`Example app listening on port ${port}`)
|
||||
})
|
|
@ -1,5 +1,5 @@
|
|||
[{
|
||||
"user":"root",
|
||||
"name":"root",
|
||||
"pass":"password",
|
||||
"sudo":true,
|
||||
"last_login":"",
|
||||
|
|
16
node_modules/.package-lock.json
generated
vendored
16
node_modules/.package-lock.json
generated
vendored
|
@ -21,6 +21,14 @@
|
|||
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
|
||||
"integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
|
||||
},
|
||||
"node_modules/asn1": {
|
||||
"version": "0.2.6",
|
||||
"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
|
||||
"integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
|
||||
"dependencies": {
|
||||
"safer-buffer": "~2.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/body-parser": {
|
||||
"version": "1.20.0",
|
||||
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
|
||||
|
@ -375,6 +383,14 @@
|
|||
"node": ">= 0.6"
|
||||
}
|
||||
},
|
||||
"node_modules/node-rsa": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
|
||||
"integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
|
||||
"dependencies": {
|
||||
"asn1": "^0.2.4"
|
||||
}
|
||||
},
|
||||
"node_modules/object-inspect": {
|
||||
"version": "1.12.2",
|
||||
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
|
||||
|
|
35
package-lock.json
generated
35
package-lock.json
generated
|
@ -12,7 +12,8 @@
|
|||
"body-parser": "^1.20.0",
|
||||
"crypto": "^1.0.1",
|
||||
"express": "^4.18.1",
|
||||
"fs": "^0.0.1-security"
|
||||
"fs": "^0.0.1-security",
|
||||
"node-rsa": "^1.1.1"
|
||||
}
|
||||
},
|
||||
"node_modules/accepts": {
|
||||
|
@ -32,6 +33,14 @@
|
|||
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
|
||||
"integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
|
||||
},
|
||||
"node_modules/asn1": {
|
||||
"version": "0.2.6",
|
||||
"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
|
||||
"integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
|
||||
"dependencies": {
|
||||
"safer-buffer": "~2.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/body-parser": {
|
||||
"version": "1.20.0",
|
||||
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
|
||||
|
@ -386,6 +395,14 @@
|
|||
"node": ">= 0.6"
|
||||
}
|
||||
},
|
||||
"node_modules/node-rsa": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
|
||||
"integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
|
||||
"dependencies": {
|
||||
"asn1": "^0.2.4"
|
||||
}
|
||||
},
|
||||
"node_modules/object-inspect": {
|
||||
"version": "1.12.2",
|
||||
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
|
||||
|
@ -618,6 +635,14 @@
|
|||
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
|
||||
"integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
|
||||
},
|
||||
"asn1": {
|
||||
"version": "0.2.6",
|
||||
"resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.6.tgz",
|
||||
"integrity": "sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==",
|
||||
"requires": {
|
||||
"safer-buffer": "~2.1.0"
|
||||
}
|
||||
},
|
||||
"body-parser": {
|
||||
"version": "1.20.0",
|
||||
"resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.0.tgz",
|
||||
|
@ -885,6 +910,14 @@
|
|||
"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
|
||||
"integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
|
||||
},
|
||||
"node-rsa": {
|
||||
"version": "1.1.1",
|
||||
"resolved": "https://registry.npmjs.org/node-rsa/-/node-rsa-1.1.1.tgz",
|
||||
"integrity": "sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==",
|
||||
"requires": {
|
||||
"asn1": "^0.2.4"
|
||||
}
|
||||
},
|
||||
"object-inspect": {
|
||||
"version": "1.12.2",
|
||||
"resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
"body-parser": "^1.20.0",
|
||||
"crypto": "^1.0.1",
|
||||
"express": "^4.18.1",
|
||||
"fs": "^0.0.1-security"
|
||||
"fs": "^0.0.1-security",
|
||||
"node-rsa": "^1.1.1"
|
||||
}
|
||||
}
|
||||
|
|
BIN
src/bundle.js
Normal file
BIN
src/bundle.js
Normal file
Binary file not shown.
1648
src/crypto.js
1648
src/crypto.js
File diff suppressed because it is too large
Load diff
2
src/jsencrypt.min.js
vendored
2
src/jsencrypt.min.js
vendored
File diff suppressed because one or more lines are too long
Loading…
Reference in a new issue