Make compatible serialisers on script import

The new make_serialiser function allows you to import things to a separate script and still use the standard secret key when making serialisers. During the process, we also realised we weren't salting values properly, so thankfully that's been fixed! :P
2023-03-12 14:09:23 +05:30 · 2023-03-12 14:09:23 +05:30 · 295147ae86
commit 295147ae86
parent 11cefdada0
1 changed files with 9 additions and 3 deletions
--- a/server/index.js
+++ b/server/index.js
@ -15,7 +15,7 @@ if (process.env.DEBUG || process.env.CROWDFUNDING_SITE_DEBUG) {
  DEBUG = false
 }

-if (DEBUG) console.log('Starting website in debug mode')
+if (DEBUG) console.log('Loading website in debug mode')

 // set up secret key
 let secretKey
@ -31,6 +31,11 @@ if (process.env.CROWDFUNDING_SITE_SECRET_KEY) {
  }
 }

+// helper function to make the serialiser
+function makeSerialiser(value) {
+  return URLSafeTimedSerializer(secretKey, {salt: value})
+}
+
 // set up nodemailer (if configured)
 let mailer
 let emailFrom
@ -490,7 +495,7 @@ router.post('/pledge', async (req, res) => {
  }

  // generate verification link
-  let serialiser = URLSafeTimedSerializer(secretKey, pledge.get('email'))
+  let serialiser = makeSerialiser(pledge.get('email'))
  let verificationLink = `${req.protocol}://${req.hostname}/verify?email=${encodeURIComponent(pledge.get('email'))}&key=${encodeURIComponent(serialiser.dumps(pledge.get('amount')))}`

  // send out the email, along with existing pledge deets
@ -528,7 +533,7 @@ router.get('/verify', async (req, res) => {
  if (DEBUG) console.debug('Validating pledge:', req.query)

  // unpack verification link (unless it's expired)
-  let serialiser = URLSafeTimedSerializer(secretKey, req.query.email)
+  let serialiser = makeSerialiser(req.query.email)
  let amount

  try {
@ -746,4 +751,5 @@ module.exports = {
  Pledge,
  UnverifiedPledge,
  router,
+  makeSerialiser,
 }