replace password with hash

docker-compose.yaml

@@ -13,6 +13,6 @@ services:
     build: ./traque-back
     restart: always
     environment:
-      ADMIN_PASSWORD: 'traquebdsbanger'
+      ADMIN_PASSWORD_HASH: '23e3c6886ff8fcba302deac05c46612ed3af99e40a2a14252810f540f3c186aa'
       HOST: '0.0.0.0'
       PORT: 3001

readme.md

@@ -4,12 +4,12 @@ lang: en-GB
 
 # The game
 ## General principle
-La traque is a IRL team game where the goal is to catch another team without being catched by another team.
+La traque is an IRL team game where the goal is to catch another team without being caught by another team.
 Each team starts with the starting position of the tracked team as well as a picture of them, they don't know who they are being tracked by.
-To get the latest known position of the tracked team, a team can update their lastest known position as their own position.
+To get the latest known position of the tracked team, a team can update their latest known position as their own position.
 Once the tracked team is captured, the tracked team becomes the team previously tracked by the captured team, the game continues until two teams are left.
-Each team has to update their location at a given interval, if they don't, they recieve a penalty.
-The game is played in a zone, if a team goes outside of the zone for a given time, they recieve a penalty.
+Each team has to update their location at a given interval, if they don't, they receive a penalty.
+The game is played in a zone, if a team goes outside the zone for a given time, they receive a penalty.
 For further information see the pdf in the doc folder.
 
 ## The zone
@@ -22,55 +22,58 @@ A penalty can be given to a team for going outside the zone or not updating thei
 # Structure of the app
 The app is divided in two parts, a Next.js front end and a Node.js back end.
 The front end is divided in a team section and an admin section.
-The backend manages the game state and the teams, and communicates with the front end through socket.io
+The backend manages the game state and the teams, and communicates with the front end through `socket.io`
 
 # Setting up the app
 ## Development environment
 ### Front end configuration
-Edit the .env file in traque-front and add specify the following values:
+Edit the .env file in `traque-front` and add specify the following values:
 ```
 NEXT_PUBLIC_SOCKET_HOST = 'example.com'
 NEXT_PUBLIC_SOCKET_PORT = 3001
 ```
 Where NEXT_PUBLIC_SOCKET_HOST is the host of the socket server and NEXT_PUBLIC_SOCKET_PORT is the port of the socket server.
 ### Back end configuration
-Edit the .env file in traque-back and add specify the following values:
+Edit the .env file in `traque-back` and add specify the following values:
 ```
 HOST = 'example.com'
 PORT = 3001
 SSL_KEY = "/path/to/privkey.pem"
 SSL_CERT = "/path/to/cert.pem"
-ADMIN_PASSWORD = 'admin_password_here'
+ADMIN_PASSWORD_HASH = 'admin_password_sha256_hash_here'
 ```
 
-Where ADMIN_PASSWORD is the password for the admin user, HOST is the host of the server, PORT is the port of the server, SSL_KEY is the path to the key file and SSL_CERT is the path to the certificate file. 
+Where ADMIN_PASSWORD_HASH is the password for the admin user, HOST is the host of the server, PORT is the port of the server, SSL_KEY is the path to the key file and SSL_CERT is the path to the certificate file. 
 The SSL_KEY and SSL_CERT are used for HTTPS and are required for the server to work. This is because the browser will block the GeoLocation API if the connection is not secure.
 
 Note : make sure PORT and NEXT_PUBLIC_SOCKET_PORT are the same
 
 ### Running the project
+#### Reverse proxy
+You need a reverse proxy to redirect requests to the right service (frontend or backend). Requests with URL starting with `/back/` are redirected to the backend (usually port 3001), all others to the front (usually port 3000).
+
 #### Front end
-To run the front end, navigate to the traque-front directory and run the following commands:
+To run the front end, navigate to the `traque-front` directory and run the following commands:
 ```
 npm install
 npm run dev
 ```
 #### Back end
-To run the back end, navigate to the traque-back directory and run the following commands:
+To run the back end, navigate to the `traque-back` directory and run the following commands:
 ```
 npm install
 npm start
 ```
 Then navigate to the host and port specified in the .env file to access the application.
 ```
-https://example.com:3000
+https://example.com
 ```
 
 ## Deployment
-Put your certificate and private key in the `proxy/ssl` folder. They need to be named `cert.pem` and `privkey.pem`.
 You can then deploy the docker application with `docker compose up`.
 
 You can change the production environment variables for the backend in the `docker-compose.yml` file. The frontend environment variables can be changed in the `.env` file in the `traque-front` directory.
 
 # Authors
 - [Quentin Roussel](mailto:quentin.roussel11@gmail.com) (initial version)
+- Mathieu Oriol ()

traque-back/admin_socket.js

@@ -8,11 +8,12 @@ import game from "./game.js"
 import zone from "./zone_manager.js"
 import penaltyController from "./penalty_controller.js";
 import { playersBroadcast, sendUpdatedTeamInformations } from "./team_socket.js";
+import { sha256 } from "./util.js";
 
 import { config } from "dotenv";
 config()
 
-const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD;
+const ADMIN_PASSWORD_HASH = process.env.ADMIN_PASSWORD_HASH;
 
 /**
  * Send a message to all logged in admin sockets
@@ -45,7 +46,8 @@ export function initAdminSocketHandler() {
 
         //User is attempting to log in
         socket.on("login", (password) => {
-            if (password === ADMIN_PASSWORD && !loggedIn) {
+            const hash = sha256(password);
+            if (hash === ADMIN_PASSWORD_HASH && !loggedIn) {
                 //Attempt successful
                 socket.emit("login_response", true);
                 loggedInSockets.push(socket.id);

traque-back/readme.md

@@ -1,10 +1,8 @@
 # template of the .env file
 ```
-ADMIN_PASSWORD = 'admin password here'
+ADMIN_PASSWORD_HASH = 'admin password SHA256 hash here'
 HOST = 'traque.rezel.net'
 PORT = 3001
-SSL_KEY = "ssl/privkey.pem"
-SSL_CERT = "ssl/cert.pem"
 ```
 # Run dev version
 First install the dependencies

traque-back/util.js

@@ -1,3 +1,5 @@
+import { createHash } from "crypto";
+
 /**
  * Scale a value that is known to be in a range to a new range
  * for instance map(50,0,100,1000,2000) will return 1500 as 50 is halfway between 0 and 100 and 1500 is halfway through 1000 and 2000
@@ -11,3 +13,7 @@
 export function map(value, oldMin, oldMax, newMin, newMax) {
     return ((value - oldMin) / (oldMax - oldMin)) * (newMax - newMin) + newMin;
 }
+
+export function sha256(password) {
+    return createHash('sha256').update(password).digest('hex');;
+}

traque-front/Dockerfile

@@ -6,7 +6,6 @@ FROM base AS deps
 RUN apk add --no-cache libc6-compat
 WORKDIR /app
 
-# Install dependencies based on the preferred package manager
 COPY package.json package-lock.json* ./
 RUN npm ci
 

traque-front/package.json

@@ -4,7 +4,7 @@
   "private": true,
   "author": "Quentin Roussel",
   "scripts": {
-    "dev": "next dev --experimental-https",
+    "dev": "next dev",
     "build": "next build",
     "start": "next start",
     "lint": "next lint"