From 7f59612f4ad1061c99ae53ef92baf04511b7f9af Mon Sep 17 00:00:00 2001
From: Joel Kronqvist <joelkronqvist@proton.me>
Date: Sat, 24 Jun 2023 07:49:18 +0000
Subject: Changed to PBKDF2

---
 Cont/panel/index.html      |  7 ++-----
 Functions/pbkdf2promise.js | 14 ++++++++++++++
 server.js                  | 14 ++++++++++----
 3 files changed, 26 insertions(+), 9 deletions(-)
 create mode 100644 Functions/pbkdf2promise.js

diff --git a/Cont/panel/index.html b/Cont/panel/index.html
index ab607c6..a1a700b 100644
--- a/Cont/panel/index.html
+++ b/Cont/panel/index.html
@@ -32,16 +32,13 @@
 				<textarea name="exceptions" rows="16" style="text-align: left;">\(exceptions\)</textarea>
 				<br>
 				<br>
-				<label for="password">Syötä salasana</label>
-				<input type="password" name="password" id="password" required>
+				<label for="password">Syötä salalause:</label>
+				<input type="password" name="password" id="password" style="text-align: left;" required>
 				<br>
 				<br>
 				<input type="submit" id="send" class="highlight" value="Päivitä">
 				<br>
 				<br>
-				<p>Painikkeen painamisen jälkeen seuraavan sivun latautumisessa kestää, koska serveri käsittelee syötteesi loppuun asti ennen vastaamista, jotta se voi kertoa, onnistuiko päivitys.</p>
-				
-
 			</form>
 			<p>Etkö tahtonutkaan päivittää mitään? Alta pääset takaisin etusivulle.</p>
 			<a class="back" href="/"><img src="/Images/back.png" alt="Takaisin etusivulle"></a>
diff --git a/Functions/pbkdf2promise.js b/Functions/pbkdf2promise.js
new file mode 100644
index 0000000..ac63f43
--- /dev/null
+++ b/Functions/pbkdf2promise.js
@@ -0,0 +1,14 @@
+const crypto  = require('node:crypto');
+
+function pbkdf2(password, salt, iterations, keylen, digest) {
+	return new Promise((resolve, reject) => {
+		crypto.pbkdf2(password, salt, iterations, keylen, digest, (err, res) => {
+			if (err)
+				reject(err);
+			else
+				resolve(res);
+		});
+	});
+}
+
+exports.pbkdf2 = pbkdf2;
diff --git a/server.js b/server.js
index c3155d2..52d580f 100644
--- a/server.js
+++ b/server.js
@@ -9,7 +9,7 @@ const open	= require("./Functions/open.js");
 const strFuncs	= require("./Functions/stringFuncs.js");
 const dateFuncs	= require("./Functions/dateFuncs.js");
 const updateDB  = require("./update.js");
-const { createHash} = require("node:crypto");
+const { pbkdf2 } = require("./Functions/pbkdf2promise.js");
 
 const SHIFTPATH = "../Updation/shifts.txt";
 const CLASSPATH = "../Updation/classes.txt";
@@ -100,9 +100,15 @@ async function init()
 					return;
 				}
 
-				const hashObj = createHash("sha256");
-				hashObj.update(suppliedPassword);
-				let suppliedPassHash = hashObj.digest('hex');
+				
+				let suppliedPassHash = await pbkdf2(
+					suppliedPassword,
+					'salts protect from dictionary attacks, but we will have ~1 password.',
+					10000,
+					64,
+					'sha512',
+				);
+				suppliedPassHash = suppliedPassHash.toString('hex');
 				console.log(suppliedPassHash);
 				let passHashes = await open.file(PASSPATH);
 				passHashes = passHashes.toString('utf-8').split("\n");
-- 
cgit v1.2.3