Mirror/SponsorBlockServer
1
0
Fork 0
mirror of https://github.com/ajayyy/SponsorBlockServer.git synced 2025-12-08 20:47:02 +03:00
Code Issues Packages Projects Releases Wiki Activity

Made it run the hash function 5000 times to ensure no one will brute force the IPs.

Browse Source
This commit is contained in:
Ajay Ramachandran
2019-07-22 17:10:23 -04:00
parent 930c0bc6a3
commit cd36e2b64b
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
index.js
View File

@@ -94,8 +94,12 @@ app.get('/api/postVideoSponsorTimes', function (req, res) {
let ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
//hash the ip so no one can get it from the database
let hashCreator = crypto.createHash('sha256');
let hashedIP = hashCreator.update(ip + globalSalt).digest('hex');
let hashedIP = ip + globalSalt;
//hash it 5000 times, this makes it very hard to brute force
for (let i = 0; i < 5000; i++) {
let hashCreator = crypto.createHash('sha512');
hashedIP = hashCreator.update(hashedIP).digest('hex');
}
startTime = parseFloat(startTime);
endTime = parseFloat(endTime);