Created
July 16, 2016 03:09
-
-
Save arxenix/abf03a4a24c96eb9be3df09f750489ed to your computer and use it in GitHub Desktop.
EncryptionApp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var http = require('http'); | |
| var express = require('express'); | |
| var path = require('path'); | |
| var cookieParser = require('cookie-parser'); | |
| var bodyParser = require('body-parser'); | |
| var crypto = require('crypto'); | |
| var secrets = require('./secrets'); | |
| var app = express(); | |
| app.set('views', path.join(__dirname, 'views')); | |
| app.set('view engine', 'ejs'); | |
| app.use(bodyParser.json()); | |
| app.use(bodyParser.urlencoded({ extended: false })); | |
| app.use(cookieParser()); | |
| console.log("Starting server..."); | |
| var encrypt = function(data) { | |
| var cipher = crypto.createCipheriv('aes-192-cbc', secrets.key, secrets.iv); | |
| cipher.setAutoPadding(true); | |
| var ctxt = cipher.update(data, 'ascii', 'hex'); | |
| ctxt += cipher.final('hex'); | |
| return ctxt; | |
| }; | |
| var decrypt = function(data) { | |
| var decipher = crypto.createDecipheriv('aes-192-cbc', secrets.key, secrets.iv); | |
| decipher.setAutoPadding(true); | |
| var ptxt = decipher.update(data, 'hex', 'ascii'); | |
| ptxt += decipher.final('ascii'); | |
| return ptxt; | |
| }; | |
| app.get('/', function(req, res) { | |
| if(req.cookies.auth) { | |
| var auth = decrypt(req.cookies.auth).replace(/[^0-9a-zA-Z{}":, ]+/g, ''); | |
| auth = JSON.parse(auth); | |
| res.render('index', {auth: auth, flag: secrets.flag}); | |
| } | |
| else { | |
| res.render('index', {auth: false, flag: secrets.flag}); | |
| } | |
| }); | |
| app.post('/logout', function(req, res) { | |
| res.append('Set-Cookie', 'auth=; Path=/; HttpOnly'); | |
| res.redirect('/'); | |
| }); | |
| app.post('/login', function(req, res) { | |
| if(req.body.username && req.body.password) { | |
| var admin = "false"; | |
| if(req.body.username===secrets.username && req.body.password===secrets.password) | |
| admin = "true"; | |
| var auth = {username: req.body.username, password: req.body.password, admin: admin}; | |
| auth = encrypt(JSON.stringify(auth)); | |
| res.append('Set-Cookie', 'auth='+auth+'; Path=/; HttpOnly'); | |
| res.redirect('/'); | |
| } | |
| }); | |
| // catch 404 | |
| app.use(function(req, res, next) { | |
| var err = new Error('Not Found'); | |
| err.status = 404; | |
| next(err); | |
| }); | |
| // error handler | |
| app.use(function(err, req, res, next) { | |
| console.log(err); | |
| res.status(err.status || 500); | |
| res.render('error', { | |
| status: err.status | |
| }); | |
| }); | |
| var server = http.createServer(app).listen(3001, function(){ | |
| console.log("HTTP server listening on port 3001!"); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment