external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-09 15:40:18 +00:00
Code Issues Releases Wiki Activity

Browser session security improvements.

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2022-07-12 17:45:19 -07:00
parent ef41a18269
commit 66b0315624
2 changed files with 70 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

23
meshcentral.js
View file

@ -3262,6 +3262,29 @@ function CreateMeshCentralServer(config, args) {
});
}
// Encrypt session data
obj.encryptSessionData = function (data, key) {
if (data == null) return null;
if (key == null) { key = obj.loginCookieEncryptionKey; }
try {
const iv = Buffer.from(obj.crypto.randomBytes(12), 'binary'), cipher = obj.crypto.createCipheriv('aes-256-gcm', key.slice(0, 32), iv);
const crypted = Buffer.concat([cipher.update(JSON.stringify(data), 'utf8'), cipher.final()]);
return Buffer.concat([iv, cipher.getAuthTag(), crypted]).toString(obj.args.cookieencoding ? obj.args.cookieencoding : 'base64');
} catch (ex) { return null; }
}
// Decrypt the session data
obj.decryptSessionData = function (data, key) {
if ((typeof data != 'string') || (data.length < 13)) return {};
if (key == null) { key = obj.loginCookieEncryptionKey; }
try {
const buf = Buffer.from(data, 'base64');
const decipher = obj.crypto.createDecipheriv('aes-256-gcm', key.slice(0, 32), buf.slice(0, 12));
decipher.setAuthTag(buf.slice(12, 28));
return JSON.parse(decipher.update(buf.slice(28), 'binary', 'utf8') + decipher.final('utf8'));
} catch (ex) { return {}; }
}
// Generate a cryptographic key used to encode and decode cookies
obj.generateCookieKey = function () {
return Buffer.from(obj.crypto.randomBytes(80), 'binary');