diff --git a/src/util/CommunityPostGen.js b/src/util/CommunityPostGen.js index eecdf02..5d390db 100644 --- a/src/util/CommunityPostGen.js +++ b/src/util/CommunityPostGen.js @@ -200,7 +200,6 @@ class CommunityPostGen { .e("topics"); for (const community of communities) { let posts = await database.getPostsByCommunity(community, 30); - console.log(posts.length); xml = xml.e('topic') .e('empathy_count', community.empathy_count).up() .e('has_shop_page', community.has_shop_page).up() diff --git a/src/util/authentication.js b/src/util/authentication.js index 6efa7c9..7fedaa1 100644 --- a/src/util/authentication.js +++ b/src/util/authentication.js @@ -101,11 +101,11 @@ let methods = { return decryptedBody; } - const cryptoPath = `${__dirname}/../certs/access`; + const cryptoPath = `${__dirname}/certs/access`; const cryptoOptions = { private_key: fs.readFileSync(`${cryptoPath}/private.pem`), - hmac_secret: config.secret + hmac_secret: config.account_server_secret }; const privateKey = new NodeRSA(cryptoOptions.private_key, 'pkcs1-private-pem', { @@ -115,12 +115,18 @@ let methods = { } }); - const cryptoConfig = token.subarray(0, 0x90); - const signature = token.subarray(0x90, 0xA4); - const encryptedBody = token.subarray(0xA4); + const cryptoConfig = token.subarray(0, 0x82); + const signature = token.subarray(0x82, 0x96); + const encryptedBody = token.subarray(0x96); const encryptedAESKey = cryptoConfig.subarray(0, 128); - const iv = cryptoConfig.subarray(128); + const point1 = cryptoConfig.readInt8(0x80); + const point2 = cryptoConfig.readInt8(0x81); + + const iv = Buffer.concat([ + Buffer.from(encryptedAESKey.subarray(point1, point1 + 8)), + Buffer.from(encryptedAESKey.subarray(point2, point2 + 8)) + ]); const decryptedAESKey = privateKey.decrypt(encryptedAESKey); @@ -128,12 +134,15 @@ let methods = { let decryptedBody = decipher.update(encryptedBody); decryptedBody = Buffer.concat([decryptedBody, decipher.final()]); + const hmac = crypto.createHmac('sha1', cryptoOptions.hmac_secret).update(decryptedBody); const calculatedSignature = hmac.digest(); - if (!calculatedSignature.equals(signature)) { + + if (calculatedSignature !== signature) { console.log('Token signature did not match'); return null; } + return decryptedBody; }, processPainting: function (painting) {