diff --git a/src/cobalt.js b/src/cobalt.js index 93a5b3f2..c8169ce7 100644 --- a/src/cobalt.js +++ b/src/cobalt.js @@ -3,6 +3,9 @@ import "dotenv/config"; import express from "express"; import cors from "cors"; import rateLimit from "express-rate-limit"; +import { randomBytes } from "crypto"; + +process.env.streamSalt = randomBytes(64).toString('hex'); import path from 'path'; import { fileURLToPath } from 'url'; diff --git a/src/modules/setup.js b/src/modules/setup.js index 1ca41afc..4fca6c53 100644 --- a/src/modules/setup.js +++ b/src/modules/setup.js @@ -1,4 +1,3 @@ -import { randomBytes } from "crypto"; import { existsSync, unlinkSync, appendFileSync } from "fs"; import { createInterface } from "readline"; import { Cyan, Bright, Green } from "./sub/consoleText.js"; @@ -6,7 +5,7 @@ import { execSync } from "child_process"; let envPath = './.env'; let q = `${Cyan('?')} \x1b[1m`; -let ob = { streamSalt: randomBytes(64).toString('hex') } +let ob = {} let rl = createInterface({ input: process.stdin, output: process.stdout }); let final = () => { diff --git a/src/modules/stream/manage.js b/src/modules/stream/manage.js index 827af46c..ebc9b97b 100644 --- a/src/modules/stream/manage.js +++ b/src/modules/stream/manage.js @@ -5,7 +5,6 @@ import { sha256 } from "../sub/crypto.js"; import { streamLifespan } from "../config.js"; const streamCache = new NodeCache({ stdTTL: streamLifespan/1000, checkperiod: 10, deleteOnExpire: true }); -const salt = process.env.streamSalt; streamCache.on("expired", (key) => { streamCache.del(key); @@ -14,7 +13,7 @@ streamCache.on("expired", (key) => { export function createStream(obj) { let streamID = nanoid(), exp = Math.floor(new Date().getTime()) + streamLifespan, - ghmac = sha256(`${streamID},${obj.ip},${obj.service},${exp}`, salt); + ghmac = sha256(`${streamID},${obj.ip},${obj.service},${exp}`, process.env.streamSalt); if (!streamCache.has(streamID)) { streamCache.set(streamID, { @@ -47,7 +46,7 @@ export function verifyStream(ip, id, hmac, exp) { let streamInfo = streamCache.get(id); if (!streamInfo) return { error: 'this stream token does not exist', status: 400 }; - let ghmac = sha256(`${id},${ip},${streamInfo.service},${exp}`, salt); + let ghmac = sha256(`${id},${ip},${streamInfo.service},${exp}`, process.env.streamSalt); if (String(hmac) === ghmac && String(exp) === String(streamInfo.exp) && ghmac === String(streamInfo.hmac) && String(ip) === streamInfo.ip && Number(exp) > Math.floor(new Date().getTime())) { return streamInfo;