From 295147ae86bae955332cc6f877c6dc4e9bbae50e Mon Sep 17 00:00:00 2001 From: Hippo Date: Sun, 12 Mar 2023 14:09:23 +0530 Subject: [PATCH] Make compatible serialisers on script import The new make_serialiser function allows you to import things to a separate script and still use the standard secret key when making serialisers. During the process, we also realised we weren't salting values properly, so thankfully that's been fixed! :P --- server/index.js | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/server/index.js b/server/index.js index 235c910..85b2052 100644 --- a/server/index.js +++ b/server/index.js @@ -15,7 +15,7 @@ if (process.env.DEBUG || process.env.CROWDFUNDING_SITE_DEBUG) { DEBUG = false } -if (DEBUG) console.log('Starting website in debug mode') +if (DEBUG) console.log('Loading website in debug mode') // set up secret key let secretKey @@ -31,6 +31,11 @@ if (process.env.CROWDFUNDING_SITE_SECRET_KEY) { } } +// helper function to make the serialiser +function makeSerialiser(value) { + return URLSafeTimedSerializer(secretKey, {salt: value}) +} + // set up nodemailer (if configured) let mailer let emailFrom @@ -490,7 +495,7 @@ router.post('/pledge', async (req, res) => { } // generate verification link - let serialiser = URLSafeTimedSerializer(secretKey, pledge.get('email')) + let serialiser = makeSerialiser(pledge.get('email')) let verificationLink = `${req.protocol}://${req.hostname}/verify?email=${encodeURIComponent(pledge.get('email'))}&key=${encodeURIComponent(serialiser.dumps(pledge.get('amount')))}` // send out the email, along with existing pledge deets @@ -528,7 +533,7 @@ router.get('/verify', async (req, res) => { if (DEBUG) console.debug('Validating pledge:', req.query) // unpack verification link (unless it's expired) - let serialiser = URLSafeTimedSerializer(secretKey, req.query.email) + let serialiser = makeSerialiser(req.query.email) let amount try { @@ -746,4 +751,5 @@ module.exports = { Pledge, UnverifiedPledge, router, + makeSerialiser, }