Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: api v2 #68

Merged
merged 37 commits into from
Oct 12, 2024
Merged

feat: api v2 #68

merged 37 commits into from
Oct 12, 2024

Conversation

zijiren233
Copy link
Contributor

No description provided.

zijiren233 and others added 30 commits October 4, 2024 21:40
@zijiren233
init
ecb3453
@zijiren233
opt: login room
61ea915
@zijiren233
feat: pwd signup and refactor signup page
cc4ca25
@zijiren233
fix: confirm change password
dac3929
@zijiren233
fix
8c14ed4
@zijiren233
chore: bump ts-proto
46bf380
@zijiren233
fix: get myinfo
1f5b1a4
@zijiren233
feat: change setting loading
0fcdb5e
@zijiren233
fix: if no more source or quality, donot show
8b80921
@zijiren233
feat: joined room list
c9542c2
@zijiren233
feat: login with email
5427f08
@zijiren233
fix: login tab need hide no showed
5dfa98b
@zijiren233
fix: fast forward
5994d5c
@zijiren233
feat: audio reack
ca12ebb
@zijiren233
fix: subtitle offset range
c56c222
@zijiren233
fix: admin icon
36d8efe
@zijiren233
fix: reg button
49089a6
@zijiren233
fix: approve controller
bf49aa2
@zijiren233
refactor: table and page
b1d0fe5
@zijiren233
fix: movie path
b02ee8d
@zijiren233
fix: share room url
f7ee02e
@zijiren233
fix: login room password box
bd3d71e
@zijiren233
feat: keyboard fastforward
1f1ee58
@zijiren233
opt: hotkey
5c015f5
@zijiren233
typo: 非广播
7e4caee
@zijiren233
feat: login and join status check
e727876
@zijiren233
feat: room list my create can delete direct
1855a63
@zijiren233
fix: send test mail box
02096b5
@zijiren233
fix: email show
52606a9
@LazyCreeper
fix: room list style
742f521
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 12, 2024
View reviewed changes
src/hooks/useRoom.ts
title: "加入成功",
type: "success"
});
if (password) localStorage.setItem(`room-${roomId}-pwd`, password);

Check failure

Code scanning / CodeQL

Clear text storage of sensitive information High

This stores sensitive data returned by
an access to password
Loading
as clear text.

Copilot Autofix AI 3 months ago

To fix the problem, we need to ensure that the password is encrypted before storing it in localStorage. We can use the crypto module from Node.js to encrypt the password. The encrypted password can then be safely stored in localStorage. When retrieving the password, we will need to decrypt it.

  1. Import the crypto module.
  2. Create functions to encrypt and decrypt the password.
  3. Encrypt the password before storing it in localStorage.
  4. Decrypt the password when retrieving it from localStorage.
Suggested changeset 1
src/hooks/useRoom.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/hooks/useRoom.ts b/src/hooks/useRoom.ts
--- a/src/hooks/useRoom.ts
+++ b/src/hooks/useRoom.ts
@@ -11,2 +11,22 @@
 import { RoomMemberPermission, RoomAdminPermission, MEMBER_STATUS, RoomStatus } from "@/types/Room";
+import * as crypto from 'crypto';
+
+const algorithm = 'aes-256-ctr';
+const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3'; // This should be stored securely
+const iv = crypto.randomBytes(16);
+
+const encrypt = (text) => {
+  const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
+  const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
+  return iv.toString('hex') + ':' + encrypted.toString('hex');
+};
+
+const decrypt = (hash) => {
+  const parts = hash.split(':');
+  const iv = Buffer.from(parts.shift(), 'hex');
+  const encryptedText = Buffer.from(parts.join(':'), 'hex');
+  const decipher = crypto.createDecipheriv(algorithm, secretKey, iv);
+  const decrypted = Buffer.concat([decipher.update(encryptedText), decipher.final()]);
+  return decrypted.toString();
+};
 
@@ -124,3 +144,3 @@
           });
-          if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
+          if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
           router.replace(`/cinema/${roomId}`);
@@ -180,3 +200,3 @@
         });
-        if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
+        if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
         router.replace(`/cinema/${roomId}`);
EOF
@@ -11,2 +11,22 @@
import { RoomMemberPermission, RoomAdminPermission, MEMBER_STATUS, RoomStatus } from "@/types/Room";
import * as crypto from 'crypto';

const algorithm = 'aes-256-ctr';
const secretKey = 'vOVH6sdmpNWjRRIqCc7rdxs01lwHzfr3'; // This should be stored securely
const iv = crypto.randomBytes(16);

const encrypt = (text) => {
const cipher = crypto.createCipheriv(algorithm, secretKey, iv);
const encrypted = Buffer.concat([cipher.update(text), cipher.final()]);
return iv.toString('hex') + ':' + encrypted.toString('hex');
};

const decrypt = (hash) => {
const parts = hash.split(':');
const iv = Buffer.from(parts.shift(), 'hex');
const encryptedText = Buffer.from(parts.join(':'), 'hex');
const decipher = crypto.createDecipheriv(algorithm, secretKey, iv);
const decrypted = Buffer.concat([decipher.update(encryptedText), decipher.final()]);
return decrypted.toString();
};

@@ -124,3 +144,3 @@
});
if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
router.replace(`/cinema/${roomId}`);
@@ -180,3 +200,3 @@
});
if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
router.replace(`/cinema/${roomId}`);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
src/hooks/useRoom.ts
title: "加入成功",
type: "success"
});
if (password) localStorage.setItem(`room-${roomId}-pwd`, password);

Check failure

Code scanning / CodeQL

Clear text storage of sensitive information High

This stores sensitive data returned by
an access to password
Loading
as clear text.

Copilot Autofix AI 3 months ago

To fix the problem, we need to ensure that the password is encrypted before storing it in localStorage. We can use the crypto module from Node.js to encrypt the password. The encrypted password can then be safely stored in localStorage. When retrieving the password, we will need to decrypt it.

  1. Import the crypto module.
  2. Create functions to encrypt and decrypt the password.
  3. Use the encryption function before storing the password in localStorage.
  4. Use the decryption function when retrieving the password from localStorage.
Suggested changeset 1
src/hooks/useRoom.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/src/hooks/useRoom.ts b/src/hooks/useRoom.ts
--- a/src/hooks/useRoom.ts
+++ b/src/hooks/useRoom.ts
@@ -1,2 +1,3 @@
 import { ref } from "vue";
+import crypto from "crypto";
 import { ElNotification } from "element-plus";
@@ -12,2 +13,14 @@
 
+const encryptionKey = "your-encryption-key"; // Replace with your actual encryption key
+
+function encrypt(text: string): string {
+  const cipher = crypto.createCipher('aes-256-ctr', encryptionKey);
+  return cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
+}
+
+function decrypt(text: string): string {
+  const decipher = crypto.createDecipher('aes-256-ctr', encryptionKey);
+  return decipher.update(text, 'hex', 'utf8') + decipher.final('utf8');
+}
+
 // 获取用户信息
@@ -124,3 +137,3 @@
           });
-          if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
+          if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
           router.replace(`/cinema/${roomId}`);
@@ -180,3 +193,3 @@
         });
-        if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
+        if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
         router.replace(`/cinema/${roomId}`);
EOF
@@ -1,2 +1,3 @@
import { ref } from "vue";
import crypto from "crypto";
import { ElNotification } from "element-plus";
@@ -12,2 +13,14 @@

const encryptionKey = "your-encryption-key"; // Replace with your actual encryption key

function encrypt(text: string): string {
const cipher = crypto.createCipher('aes-256-ctr', encryptionKey);
return cipher.update(text, 'utf8', 'hex') + cipher.final('hex');
}

function decrypt(text: string): string {
const decipher = crypto.createDecipher('aes-256-ctr', encryptionKey);
return decipher.update(text, 'hex', 'utf8') + decipher.final('utf8');
}

// 获取用户信息
@@ -124,3 +137,3 @@
});
if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
router.replace(`/cinema/${roomId}`);
@@ -180,3 +193,3 @@
});
if (password) localStorage.setItem(`room-${roomId}-pwd`, password);
if (password) localStorage.setItem(`room-${roomId}-pwd`, encrypt(password));
router.replace(`/cinema/${roomId}`);
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
@zijiren233 zijiren233 merged commit 0d5f246 into main Oct 12, 2024
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zijiren233 @LazyCreeper