Nomchy/discord.js
1
0
Fork 0
mirror of https://github.com/discordjs/discord.js.git synced 2026-03-09 16:13:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Privacy improvement over token caching

Browse Source 
e-mail is no longer visible in caches
This commit is contained in:
Amish Shah
2015-12-14 18:28:27 +00:00
parent 8f5722d242
commit 8f8504810a
2 changed files with 27 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/Util/TokenCacher.js
View File

@@ -21,10 +21,14 @@ var _crypto = require("crypto");
var _crypto2 = _interopRequireDefault(_crypto);
var savePaths = [process.env.APPDATA || (process.platform == 'darwin' ? process.env.HOME + 'Library/Preference' : '/var/local'), process.env[process.platform == 'win32' ? 'USERPROFILE' : 'HOME']];
var savePaths = [process.env.APPDATA || (process.platform == "darwin" ? process.env.HOME + "Library/Preference" : "/var/local"), process.env[process.platform == "win32" ? "USERPROFILE" : "HOME"], process.cwd()];
var algo = "aes-256-ctr";
function secureEmail(email, password) {
return new Buffer(_crypto2["default"].createHash("sha256").update(email + password, "utf8").digest()).toString("hex");
}
var TokenCacher = (function (_EventEmitter) {
_inherits(TokenCacher, _EventEmitter);
@@ -40,10 +44,10 @@ var TokenCacher = (function (_EventEmitter) {
}
TokenCacher.prototype.setToken = function setToken(email, password, token) {
console.log("wanting to cache", token);
email = secureEmail(email, password);
var cipher = _crypto2["default"].createCipher(algo, password);
var crypted = cipher.update("valid" + token, 'utf8', 'hex');
crypted += cipher.final('hex');
var crypted = cipher.update("valid" + token, "utf8", "hex");
crypted += cipher.final("hex");
this.data[email] = crypted;
this.save();
};
@@ -54,15 +58,17 @@ var TokenCacher = (function (_EventEmitter) {
TokenCacher.prototype.getToken = function getToken(email, password) {
email = secureEmail(email, password);
if (this.data[email]) {
try {
var decipher = _crypto2["default"].createDecipher(algo, password);
var dec = decipher.update(this.data[email], "hex", 'utf8');
dec += decipher.final('utf8');
var dec = decipher.update(this.data[email], "hex", "utf8");
dec += decipher.final("utf8");
return dec.indexOf("valid") === 0 ? dec.substr(5) : false;
} catch (e) {
console.log(e);
// not a valid token
return null;
}
} else {

21
src/Util/TokenCacher.js
View File

@@ -6,12 +6,17 @@ import EventEmitter from "events";
import crypto from "crypto";
var savePaths = [
process.env.APPDATA || (process.platform == 'darwin' ? process.env.HOME + 'Library/Preference' : '/var/local'),
process.env[(process.platform == 'win32') ? 'USERPROFILE' : 'HOME']
process.env.APPDATA || (process.platform == "darwin" ? process.env.HOME + "Library/Preference" : "/var/local"),
process.env[(process.platform == "win32") ? "USERPROFILE" : "HOME"],
process.cwd()
];
var algo = "aes-256-ctr";
function secureEmail(email, password) {
return new Buffer(crypto.createHash("sha256").update(email + password, "utf8").digest()).toString("hex");
}
export default class TokenCacher extends EventEmitter {
constructor(client, options) {
@@ -24,10 +29,10 @@ export default class TokenCacher extends EventEmitter {
}
setToken(email, password, token) {
console.log("wanting to cache", token);
email = secureEmail(email, password);
var cipher = crypto.createCipher(algo, password)
var crypted = cipher.update("valid" + token, 'utf8', 'hex')
crypted += cipher.final('hex');
var crypted = cipher.update("valid" + token, "utf8", "hex")
crypted += cipher.final("hex");
this.data[email] = crypted;
this.save();
}
@@ -38,12 +43,14 @@ export default class TokenCacher extends EventEmitter {
getToken(email, password) {
email = secureEmail(email, password);
if (this.data[email]) {
try {
var decipher = crypto.createDecipher(algo, password)
var dec = decipher.update(this.data[email], "hex", 'utf8');
dec += decipher.final('utf8');
var dec = decipher.update(this.data[email], "hex", "utf8");
dec += decipher.final("utf8");
return (dec.indexOf("valid") === 0 ? dec.substr(5) : false);
} catch (e) {
// not a valid token