From de309d675e6221bb62e3ffea78ee3210a52411a6 Mon Sep 17 00:00:00 2001
From: Calvin Montgomery <calzoneman@gmail.com>
Date: Mon, 1 May 2017 21:51:11 -0700
Subject: [PATCH] Remove redundant signing logic from IP session cookie

---
 package.json                          |  2 +-
 src/web/middleware/ipsessioncookie.js | 58 ++++++---------------------
 2 files changed, 14 insertions(+), 46 deletions(-)

diff --git a/package.json b/package.json
index d5de2f08..2fc60f11 100644
--- a/package.json
+++ b/package.json
@@ -2,7 +2,7 @@
   "author": "Calvin Montgomery",
   "name": "CyTube",
   "description": "Online media synchronizer and chat",
-  "version": "3.36.0",
+  "version": "3.36.1",
   "repository": {
     "url": "http://github.com/calzoneman/sync"
   },
diff --git a/src/web/middleware/ipsessioncookie.js b/src/web/middleware/ipsessioncookie.js
index 779c1da2..4ae23638 100644
--- a/src/web/middleware/ipsessioncookie.js
+++ b/src/web/middleware/ipsessioncookie.js
@@ -2,71 +2,39 @@ import path from 'path';
 import fs from 'fs';
 import crypto from 'crypto';
 
-const STATE_FOLDER_PATH = path.resolve(__dirname, '..', '..', '..', 'state');
-const SALT_PATH = path.resolve(__dirname, '..', '..', '..', 'state', 'ipsessionsalt.json');
-
 const NO_EXPIRATION = new Date('Fri, 31 Dec 9999 23:59:59 GMT');
-var SALT;
-try {
-    SALT = require(SALT_PATH);
-} catch (error) {
-    SALT = crypto.randomBytes(32).toString('base64');
-    try {
-        fs.mkdirSync(STATE_FOLDER_PATH);
-    } catch (error) {
-        if (error.code !== 'EEXIST') {
-            throw error;
-        }
-    }
-    fs.writeFileSync(SALT_PATH, JSON.stringify(SALT));
-}
-
-function sha256(input) {
-    var hash = crypto.createHash("sha256");
-    hash.update(input);
-    return hash.digest("base64");
-}
 
 export function createIPSessionCookie(ip, date) {
-    const hashInput = [
-        ip,
-        date.getTime(),
-        SALT
-    ].join(':');
-
     return [
-        date.getTime(),
-        sha256(hashInput)
+        ip,
+        date.getTime()
     ].join(':');
 }
 
 export function verifyIPSessionCookie(ip, cookie) {
     const parts = cookie.split(':');
     if (parts.length !== 2) {
-        return false;
+        return null;
     }
 
-    const timestamp = parseInt(parts[0], 10);
-    if (isNaN(timestamp)) {
-        return false;
+    if (parts[0] !== ip) {
+        return null;
     }
 
-    const date = new Date(timestamp);
-    const expected = createIPSessionCookie(ip, date);
-    if (expected !== cookie) {
-        return false;
+    const unixtime = parseInt(parts[1], 10);
+    const date = new Date(unixtime);
+    if (isNaN(date.getTime())) {
+        return null;
     }
 
-    return {
-        date: date,
-    };
+    return { date };
 }
 
 export function ipSessionCookieMiddleware(req, res, next) {
-    var firstSeen = new Date();
-    var hasSession = false;
+    let firstSeen = new Date();
+    let hasSession = false;
     if (req.signedCookies && req.signedCookies['ip-session']) {
-        var sessionMatch = verifyIPSessionCookie(req.realIP, req.signedCookies['ip-session']);
+        const sessionMatch = verifyIPSessionCookie(req.realIP, req.signedCookies['ip-session']);
         if (sessionMatch) {
             hasSession = true;
             firstSeen = sessionMatch.date;