Externalize key for flag HMACs

bkimminich · bkimminich · commit 4930dc241590 · 2017-01-27T09:57:15.000+01:00
(refactoring for juice-shop#260)
diff --git a/ctf.key b/ctf.key
@@ -0,0 +1 @@
+TRwzkRJnHOTckssAeyJbysWgP!Qc2T
diff --git a/lib/utils.js b/lib/utils.js
@@ -1,6 +1,7 @@
 /* jslint node: true */
 'use strict'
 
+var fs = require('fs')
 var colors = require('colors/safe')
 var notifications = require('../data/datacache').notifications
 var packageJson = require('../package.json')
@@ -11,6 +12,14 @@ var entities = new Entities()
 
 var months = ['JAN', 'FEB', 'MAR', 'APR', 'MAY', 'JUN', 'JUL', 'AUG', 'SEP', 'OCT', 'NOV', 'DEC']
 
+var ctfKey
+fs.readFile('ctf.key', 'utf8', function (err, data) {
+  if (err) {
+    throw err
+  }
+  ctfKey = data
+})
+
 exports.queryResultToJson = function (data, status) {
   var wrappedData = {}
   if (data) {
@@ -69,7 +78,7 @@ exports.version = function (module) {
 
 exports.toHmac = function (text) {
   var shaObj = new jsSHA('SHA-1', 'TEXT') // eslint-disable-line new-cap
-  shaObj.setHMACKey('TRwzkRJnHOTckssAeyJbysWgP!Qc2T', 'TEXT')
+  shaObj.setHMACKey(ctfKey, 'TEXT')
   shaObj.update(text)
   return shaObj.getHMAC('HEX')
 }
@@ -85,7 +94,7 @@ exports.solve = function (challenge) {
     console.log(colors.green('Solved') + ' challenge ' + colors.cyan(challenge.name) + ' (' + challenge.description + ')')
     notifications.push({challenge: challenge.description, flag: flag})
     if (global.io) {
-      global.io.emit('challenge solved', {id: challenge.name, challenge: challenge.description, flag: flag})
+      global.io.emit('challenge solved', {challenge: challenge.description, flag: flag})
     }
   })
 }
diff --git a/server.js b/server.js
@@ -161,7 +161,7 @@ app.use(errorhandler())
 io.on('connection', function (socket) {
   // send all outstanding notifications on (re)connect
   notifications.forEach(function (notification) {
-    socket.emit('challenge solved', { id: notification.id, challenge: notification.challenge, flag: notification.flag })
+    socket.emit('challenge solved', {challenge: notification.challenge, flag: notification.flag })
   })
   socket.on('notification received', function (data) {
     var i = notifications.indexOf(data)
