reorganization of source code

2025-11-04 20:36:13 +01:00 · 2017-10-15 19:47:05 -04:00
parent 38b95a743b
commit 0c823a2927
315 changed files with 99 additions and 530 deletions
--- a/services/change_password.js
+++ b/services/change_password.js
@@ -0,0 +1,72 @@
+const sql = require('./sql');
+const my_scrypt = require('./my_scrypt');
+const utils = require('./utils');
+const audit_category = require('./audit_category');
+const crypto = require('crypto');
+const aesjs = require('./aes');
+
+async function changePassword(currentPassword, newPassword, req = null) {
+    const current_password_hash = utils.toBase64(await my_scrypt.getVerificationHash(currentPassword));
+
+    if (current_password_hash !== await sql.getOption('password_verification_hash')) {
+        return {
+            'success': false,
+            'message': "Given current password doesn't match hash"
+        };
+    }
+
+    const currentPasswordDerivedKey = await my_scrypt.getPasswordDerivedKey(currentPassword);
+
+    const newPasswordVerificationKey = utils.toBase64(await my_scrypt.getVerificationHash(newPassword));
+    const newPasswordEncryptionKey = await my_scrypt.getPasswordDerivedKey(newPassword);
+
+    function decrypt(encryptedBase64) {
+        const encryptedBytes = utils.fromBase64(encryptedBase64);
+
+        const aes = getAes(currentPasswordDerivedKey);
+        return aes.decrypt(encryptedBytes).slice(4);
+    }
+
+    function encrypt(plainText) {
+        const aes = getAes(newPasswordEncryptionKey);
+
+        const digest = crypto.createHash('sha256').update(aesjs.utils.utf8.toBytes(plainText)).digest().slice(0, 4);
+
+        console.log("Digest:", digest);
+
+        const encryptedBytes = aes.encrypt(Buffer.concat([digest, aesjs.utils.utf8.toBytes(plainText)]));
+
+        console.log("Encrypted", encryptedBytes);
+
+        return utils.toBase64(encryptedBytes);
+    }
+
+    function getAes(key) {
+        return new aesjs.ModeOfOperation.ctr(key, new aesjs.Counter(5));
+    }
+
+    const encryptedDataKey = await sql.getOption('encrypted_data_key');
+
+    const decryptedDataKey = decrypt(encryptedDataKey);
+
+    const newEncryptedDataKey = encrypt(decryptedDataKey);
+
+    await sql.beginTransaction();
+
+    await sql.setOption('encrypted_data_key', newEncryptedDataKey);
+
+    await sql.setOption('password_verification_hash', newPasswordVerificationKey);
+
+    await sql.addAudit(audit_category.CHANGE_PASSWORD, req);
+
+    await sql.commit();
+
+    return {
+        'success': true,
+        'new_encrypted_data_key': newEncryptedDataKey
+    };
+}
+
+module.exports = {
+    changePassword
+};