rainbownapkin/canopy
1
0
Fork 0
Code Issues 2 Pull requests Actions Packages Projects Releases Wiki Activity

Added instance-unique salt to IP hashes

Browse source
This commit is contained in:
rainbow napkin 2025-04-27 08:08:39 -04:00
parent 8b6aa69c51
commit cc5c63d3b1
4 changed files with 11 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config.example.json
View file

@ -7,6 +7,7 @@
"domain": "localhost", "domain": "localhost",
"sessionSecret": "CHANGE_ME", "sessionSecret": "CHANGE_ME",
"altchaSecret": "CHANGE_ME", "altchaSecret": "CHANGE_ME",
"ipSecret": "CHANGE_ME",
"ssl":{ "ssl":{
"cert": "./server.cert", "cert": "./server.cert",
"key": "./server.key" "key": "./server.key"

2
src/server.js
View file

@ -180,8 +180,6 @@ app.use(errorMiddleware);
//Basic 404 handler //Basic 404 handler
app.use(fileNotFoundController); app.use(fileNotFoundController);
//Increment launch counter //Increment launch counter
statModel.incrementLaunchCount(); statModel.incrementLaunchCount();

6
src/utils/configCheck.js
View file

@ -47,6 +47,11 @@ module.exports.securityCheck = function(){
loggerUtil.consoleWarn("Insecure Altcha Secret! Change Altcha Secret!"); loggerUtil.consoleWarn("Insecure Altcha Secret! Change Altcha Secret!");
} }
//check ipHash secret
if(!validator.isStrongPassword(config.ipSecret) || config.ipSecret == "CHANGE_ME"){
loggerUtil.consoleWarn("Insecure IP Hashing Secret! Change IP Hashing Secret!");
}
//check DB pass //check DB pass
if(!validator.isStrongPassword(config.db.pass) || config.db.pass == "CHANGE_ME" || config.db.pass == config.db.user){ if(!validator.isStrongPassword(config.db.pass) || config.db.pass == "CHANGE_ME" || config.db.pass == config.db.user){
loggerUtil.consoleWarn("Insecure Database Password! Change Database password!"); loggerUtil.consoleWarn("Insecure Database Password! Change Database password!");
@ -56,5 +61,4 @@ module.exports.securityCheck = function(){
if(!validator.isStrongPassword(config.mail.pass) || config.mail.pass == "CHANGE_ME"){ if(!validator.isStrongPassword(config.mail.pass) || config.mail.pass == "CHANGE_ME"){
loggerUtil.consoleWarn("Insecure Email Password! Change Email password!"); loggerUtil.consoleWarn("Insecure Email Password! Change Email password!");
} }
} }

7
src/utils/hashUtils.js
View file

@ -14,6 +14,9 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.*/ along with this program. If not, see <https://www.gnu.org/licenses/>.*/
//Config
const config = require('../../config.json');
//Node Imports //Node Imports
const crypto = require('node:crypto'); const crypto = require('node:crypto');
@ -33,8 +36,8 @@ module.exports.hashIP = function(ip){
//Create hash object //Create hash object
const hashObj = crypto.createHash('md5'); const hashObj = crypto.createHash('md5');
//add IP to the hash //add IP and salt to the hash
hashObj.update(ip); hashObj.update(`${ip}${config.ipSecret}`);
//return the IP hash as a string //return the IP hash as a string
return hashObj.digest('hex'); return hashObj.digest('hex');