diff --git a/foftickets.js b/foftickets.js index 47b1dee..1342b0d 100644 --- a/foftickets.js +++ b/foftickets.js @@ -60,12 +60,19 @@ const QRSalt ="!SaltyMagic5392370662"; // CLAIM ticket email // +function base64ToBase64Url(base64) { + return base64 + .replace(/\+/g, '-') // Replace '+' with '-' + .replace(/\//g, '_') // Replace '/' with '_' + .replace(/=+$/, ''); // Remove trailing '=' +} + function hashEmail(email) { const hash0=crypto.createHash('sha256'); const usersalt=email in users ? (users[email].linksalt ? users[email].linksalt : "") : ""; const hash1=hash0.update(email+EmailSalt+usersalt); const hash=hash1.digest("base64"); - return(hash); + return base64ToBase64Url(hash); } function hashPW(pw) { @@ -78,7 +85,7 @@ function hashPW(pw) { function hashQR(t,ownername) { const hash0=crypto.createHash('sha256'); const hash1=hash0.update(t+QRSalt+ownername); - const hash=hash1.digest("base64").slice(0,6); + const hash=base64ToBase64Url(hash1.digest("base64")).slice(0,6); return(hash); } @@ -88,9 +95,10 @@ function GetMagicLink(email) { function MagicLinkValid(email,hash) { if (HasPW(email)) return false; - return hashEmail(email)==hash; + return hash==hashEmail(email); } + // // In-memory data structures // @@ -379,12 +387,15 @@ app.get("/useticket",(req,res) => { async function EmailTickets(email) { - if (!settings['enable-email']) return; let offered=0; for (const ticket in tickets) if (tickets[ticket].offered==email) offered++; if (offered==0) return; const textbody="You have been offered "+offered+" tickets to Falls On Fire! To claim them, visit this link:\n"+GetMagicLink(email); const htmlbody="You have been offered "+offered+" tickets to Falls On Fire! To claim them, click here."; + if (!settings['enable-email']) { + console.log("Email disabled. Would have sent to "+email+": "+textbody); + return; + } await client.sendEmail({ From: "tickets@fallsonfire.net", To: email, Subject: "Falls on Fire: You've Got Tickets!",