move keys to config

zefie_wtvp_minisrv/includes/classes/WTVClientSessionData.js

@@ -27,13 +27,14 @@ class WTVClientSessionData {
     baddisk = false;
     clientAddress = null;
     user_id = 0;
-    cryptoKey = "PNa$WN7gz}!T=t6X7^=|Ii##CEB~p\EP";
+    cryptoKey = null;
 
     constructor(minisrv_config, ssid) {
         if (!minisrv_config) throw ("minisrv_config required");
         var WTVShared = require("./WTVShared.js")['WTVShared'];
         var WTVMime = require("./WTVMime.js");
         this.minisrv_config = minisrv_config;
+        this.cryptoKey = this.minisrv_config.config.keys.userdata;
         this.wtvshared = new WTVShared(minisrv_config);
         this.wtvmime = new WTVMime(minisrv_config);
         this.lockdown = false;

zefie_wtvp_minisrv/includes/classes/WTVSec.js

@@ -45,7 +45,7 @@ class WTVSec {
      */
     constructor(minisrv_config, wtv_incarnation = 1) {
         this.minisrv_config = minisrv_config;
-        this.initial_shared_key = CryptoJS.enc.Base64.parse(this.initial_shared_key_b64);
+        this.initial_shared_key = CryptoJS.enc.Base64.parse(this.minisrv_config.config.keys.initial_shared_key);
 
         if (this.initial_shared_key.sigBytes === 8) {
             this.incarnation = wtv_incarnation;

zefie_wtvp_minisrv/includes/config.json

@@ -45,7 +45,7 @@
     "unauthorized_url": "wtv-1800:/unauthorized?", // Where to send unauthorized users
     "enable_port_isolation": true, // Only respond to services on their correct ports
     "allow_guests": true, // Allow users to experience the server without registering
-    "domain_name": "wtv.zefie.com", // For usenet and future stuff, no need to change just yet
+    "domain_name": "wtv.zefie.com", // For usenet and future stuff, no need to change just yet,
     "user_accounts": { // user account settings
       "max_users_per_account": 6, // Max total users (including primary) per account
       "min_username_length": 5, // minimum username length
@@ -60,6 +60,10 @@
         "null"
       ]
     },
+    "keys": {
+      "initial_shared_key": "CC5rWmRUE0o=", // Used for the initial RC4 rolling key. Changing this is untested and unsupported.
+      "user_data_key": "PNa$WN7gz}!T=t6X7^=|Ii##CEB~p\\EP" // Currently used to cipher user passwords in configs. Changing this while there are registered accounts will make it impossible to decrypt existing account passwords
+    },
     "passwords": {
       // password configuration
       "enabled": true, // allow users to password protect their account
@@ -68,7 +72,7 @@
       "form_size": 16 // width of the form on the password prompt screen
     },
     "errorMessages": {
-      // define custom error messages here
+      // custom error messages
       "400": "${service_name} ran into a technical problem. Please try again.",
       "401": "Authorization Required.",
       "403": "The publisher of that page has not authorized you to view it.",