From bf4d8d2f7d60153ee4e2f56450512d699b5b2cd7 Mon Sep 17 00:00:00 2001 From: zefie Date: Thu, 1 Dec 2022 06:51:35 -0500 Subject: [PATCH] move keys to config --- .../includes/classes/WTVClientSessionData.js | 3 ++- zefie_wtvp_minisrv/includes/classes/WTVSec.js | 2 +- zefie_wtvp_minisrv/includes/config.json | 8 ++++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js b/zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js index a0475369..77232dcd 100644 --- a/zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js +++ b/zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js @@ -27,13 +27,14 @@ class WTVClientSessionData { baddisk = false; clientAddress = null; user_id = 0; - cryptoKey = "PNa$WN7gz}!T=t6X7^=|Ii##CEB~p\EP"; + cryptoKey = null; constructor(minisrv_config, ssid) { if (!minisrv_config) throw ("minisrv_config required"); var WTVShared = require("./WTVShared.js")['WTVShared']; var WTVMime = require("./WTVMime.js"); this.minisrv_config = minisrv_config; + this.cryptoKey = this.minisrv_config.config.keys.userdata; this.wtvshared = new WTVShared(minisrv_config); this.wtvmime = new WTVMime(minisrv_config); this.lockdown = false; diff --git a/zefie_wtvp_minisrv/includes/classes/WTVSec.js b/zefie_wtvp_minisrv/includes/classes/WTVSec.js index 935cc034..265bcfed 100644 --- a/zefie_wtvp_minisrv/includes/classes/WTVSec.js +++ b/zefie_wtvp_minisrv/includes/classes/WTVSec.js @@ -45,7 +45,7 @@ class WTVSec { */ constructor(minisrv_config, wtv_incarnation = 1) { this.minisrv_config = minisrv_config; - this.initial_shared_key = CryptoJS.enc.Base64.parse(this.initial_shared_key_b64); + this.initial_shared_key = CryptoJS.enc.Base64.parse(this.minisrv_config.config.keys.initial_shared_key); if (this.initial_shared_key.sigBytes === 8) { this.incarnation = wtv_incarnation; diff --git a/zefie_wtvp_minisrv/includes/config.json b/zefie_wtvp_minisrv/includes/config.json index 46160c59..91d60e76 100644 --- a/zefie_wtvp_minisrv/includes/config.json +++ b/zefie_wtvp_minisrv/includes/config.json @@ -45,7 +45,7 @@ "unauthorized_url": "wtv-1800:/unauthorized?", // Where to send unauthorized users "enable_port_isolation": true, // Only respond to services on their correct ports "allow_guests": true, // Allow users to experience the server without registering - "domain_name": "wtv.zefie.com", // For usenet and future stuff, no need to change just yet + "domain_name": "wtv.zefie.com", // For usenet and future stuff, no need to change just yet, "user_accounts": { // user account settings "max_users_per_account": 6, // Max total users (including primary) per account "min_username_length": 5, // minimum username length @@ -60,6 +60,10 @@ "null" ] }, + "keys": { + "initial_shared_key": "CC5rWmRUE0o=", // Used for the initial RC4 rolling key. Changing this is untested and unsupported. + "user_data_key": "PNa$WN7gz}!T=t6X7^=|Ii##CEB~p\\EP" // Currently used to cipher user passwords in configs. Changing this while there are registered accounts will make it impossible to decrypt existing account passwords + }, "passwords": { // password configuration "enabled": true, // allow users to password protect their account @@ -68,7 +72,7 @@ "form_size": 16 // width of the form on the password prompt screen }, "errorMessages": { - // define custom error messages here + // custom error messages "400": "${service_name} ran into a technical problem. Please try again.", "401": "Authorization Required.", "403": "The publisher of that page has not authorized you to view it.",