From a122d62f78e5f1fd66efc28994809d720a2841ab Mon Sep 17 00:00:00 2001
From: FChannel <>
Date: Thu, 1 Jul 2021 14:01:52 -0700
Subject: flushed out version of tripcode with secure trips and instancesalt
 added to config

---
 README.md       |   4 +-
 config-init     |   9 ++++-
 go.mod          |   2 +
 go.sum          |  15 ++++++++
 main.go         |  59 ++++++++++++------------------
 static/faq.html |   2 +-
 tripcode.go     | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 164 insertions(+), 38 deletions(-)
 create mode 100644 tripcode.go

diff --git a/README.md b/README.md
index 5559a72..b755924 100644
--- a/README.md
+++ b/README.md
@@ -68,7 +68,9 @@ Any contributions or suggestions are appreciated. Best way to give immediate fee
   `torproxy:127.0.0.1:9050`     Tor proxy route and port, leave blank if you do not want to support
 
   `publicindex:true`     Add instance to the public instance index at https://fchan.xyz if you do not want to be added set this value to `false` If you are on the public index and want to be removed get in contact with FChan dev to be removed.
-  
+
+  `instancesalt:put your salt string here` Used for secure tripcodes currently.
+
 
   Currently e-mail is not implemented to do anything special, but the code is in place
   
diff --git a/config-init b/config-init
index 7e66ae0..eb71163 100644
--- a/config-init
+++ b/config-init
@@ -24,8 +24,15 @@ emailport:
 emailaddress:
 emailpass:
 
+## enter proxy ip and port if you want to have tor connections supported
+## 127.0.0.1:9050 default
+
 torproxy:
 
 ## Change to true if you  want your instance to be added to the public instance index
 
-publicindex:false
\ No newline at end of file
+publicindex:false
+
+## add your instance salt here for secure tripcodes
+
+instancesalt:
\ No newline at end of file
diff --git a/go.mod b/go.mod
index bf2d6d1..65e54be 100644
--- a/go.mod
+++ b/go.mod
@@ -6,4 +6,6 @@ require (
 	github.com/gofrs/uuid v4.0.0+incompatible
 	github.com/gomodule/redigo v2.0.0+incompatible
 	github.com/lib/pq v1.9.0
+	github.com/simia-tech/crypt v0.5.0
+	golang.org/x/text v0.3.6
 )
diff --git a/go.sum b/go.sum
index 40d0876..dacf5be 100644
--- a/go.sum
+++ b/go.sum
@@ -1,6 +1,21 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/lib/pq v1.9.0 h1:L8nSXQQzAYByakOFMTwpjRoHsMJklur4Gi59b6VivR8=
 github.com/lib/pq v1.9.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/simia-tech/crypt v0.5.0 h1:Y8xfAGqgd2wW2o4E63WIy9xr9w4jC1tDsOBHGKiqP0s=
+github.com/simia-tech/crypt v0.5.0/go.mod h1:DMwvjPTzsiHrjqHVW5HvIbF4vUUzMCYDKVLsPWmLdTo=
+github.com/stretchr/testify v1.2.0 h1:LThGCOvhuJic9Gyd1VBCkhyUXmO8vKaBFvBsJ2k03rg=
+github.com/stretchr/testify v1.2.0/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869 h1:kkXA53yGe04D0adEYJwEVQjeBppL01Exg+fnMjfUraU=
+golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/sys v0.0.0-20181116161606-93218def8b18 h1:Wh+XCfg3kNpjhdq2LXrsiOProjtQZKme5XUx7VcxwAw=
+golang.org/x/sys v0.0.0-20181116161606-93218def8b18/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
diff --git a/main.go b/main.go
index 972e69e..9dac9e2 100644
--- a/main.go
+++ b/main.go
@@ -1,25 +1,27 @@
 package main
 
-import "fmt"
-import "strings"
-import "strconv"
-import "net/http"
-import "net/url"
-import "database/sql"
-import _ "github.com/lib/pq"
-import "math/rand"
-import "html/template"
-import "time"
-import "regexp"
-import "os/exec"
-import "bytes"
-import "encoding/json"
-import "io/ioutil"
-import "mime/multipart"
-import "os"
-import "bufio"
-import "io"
-import "github.com/gofrs/uuid"
+import (
+	"fmt"
+	"strings"
+	"strconv"
+	"net/http"
+	"net/url"
+	"database/sql"
+	_ "github.com/lib/pq"
+	"math/rand"
+	"html/template"
+	"time"
+	"regexp"
+	"os/exec"
+	"bytes"
+	"encoding/json"
+	"io/ioutil"
+	"mime/multipart"
+	"os"
+	"bufio"
+	"io"
+	"github.com/gofrs/uuid"
+)
 
 var Port = ":" + GetConfigValue("instanceport")
 var TP   = GetConfigValue("instancetp")
@@ -39,6 +41,8 @@ var TorProxy = GetConfigValue("torproxy") //127.0.0.1:9050
 
 var PublicIndexing = strings.ToLower(GetConfigValue("publicindex"))
 
+var Salt = GetConfigValue("instancesalt")
+
 var activitystreams = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\""
 
 func main() {
@@ -1211,21 +1215,6 @@ func CreateTripCode(input string) string {
 	return code[0]
 }
 
-func CreateNameTripCode(r *http.Request, db *sql.DB) (string, string) {
-	input := r.FormValue("name")
-	re := regexp.MustCompile("#.+")
-	chunck := re.FindString(input)
-	ce := regexp.MustCompile(`(?i)#Admin`)
-	admin := ce.MatchString(chunck)
-	board, modcred := GetPasswordFromSession(r)	
-	if(admin && HasAuth(db, modcred, board)) {
-		return re.ReplaceAllString(input, ""), "#Admin"
-	} else if(chunck != "") {
-		hash := CreateTripCode(chunck)
-		return re.ReplaceAllString(input, ""), "!" + hash[42:50]
-	}
-	return input, ""
-}
 
 func GetActorFromPath(db *sql.DB, location string, prefix string) Actor {
 	pattern := fmt.Sprintf("%s([^/\n]+)(/.+)?", prefix)
diff --git a/static/faq.html b/static/faq.html
index 9851f19..9ce691a 100644
--- a/static/faq.html
+++ b/static/faq.html
@@ -37,7 +37,7 @@
       <p>coming soon(tm).</p>
       
       <h4>Server Version</h4>
-      <p>v0.0.5a</p>
+      <p>v0.0.5b</p>
     </div>
     <div style="width: 500px; margin:0 auto; margin-top: 50px; text-align: center;">
       <a href="/">[Home]</a><a href="/static/rules.html">[Rules]</a><a href="/static/faq.html">[FAQ]</a>
diff --git a/tripcode.go b/tripcode.go
new file mode 100644
index 0000000..7e19cf0
--- /dev/null
+++ b/tripcode.go
@@ -0,0 +1,111 @@
+package main
+
+import (
+	"golang.org/x/text/encoding/japanese"
+	"golang.org/x/text/transform"
+	"github.com/simia-tech/crypt"
+	"strings"
+	"bytes"
+	"regexp"
+	"database/sql"
+	_ "github.com/lib/pq"
+	"net/http"	
+)
+
+const SaltTable = "" +
+	"................................" +
+	".............../0123456789ABCDEF" +
+	"GABCDEFGHIJKLMNOPQRSTUVWXYZabcde" +
+	"fabcdefghijklmnopqrstuvwxyz....." +
+	"................................" +
+	"................................" +
+	"................................" +
+	"................................"
+
+
+func TripCode(pass string) string {
+
+	pass = TripCodeConvert(pass)
+
+	var salt [2]rune
+
+	s := []rune(pass + "H..")[1:3]
+
+	for i, r := range s {
+		salt[i] = rune(SaltTable[r % 256])
+	}
+
+	enc, err := crypt.Crypt(pass, "$1$" + string(salt[:]))
+	
+	CheckError(err, "crypt broke")
+	
+	return enc[len(enc) - 10 : len(enc)]
+}
+
+func TripCodeSecure(pass string) string {
+
+	pass = TripCodeConvert(pass)
+
+	enc, err := crypt.Crypt(pass, "$1$" + Salt)
+	
+	CheckError(err, "crypt secure broke")
+	
+	return enc[len(enc) - 10 : len(enc)]
+}
+
+func TripCodeConvert(str string) string {
+
+	var s bytes.Buffer
+	transform.NewWriter(&s, japanese.ShiftJIS.NewEncoder()).Write([]byte(str))
+
+	re := strings.NewReplacer(
+		"&", "&amp;",
+		"\"", "&quot;",
+		"<", "&lt;",
+		">", "&gt;",
+	)
+
+	return re.Replace(s.String())
+}
+
+func CreateNameTripCode(r *http.Request, db *sql.DB) (string, string) {
+	input := r.FormValue("name")
+
+	tripSecure := regexp.MustCompile("##(.+)?")
+
+	if tripSecure.MatchString(input) {
+		chunck := tripSecure.FindString(input)
+		chunck = strings.Replace(chunck, "##", "", 1)
+		
+		ce := regexp.MustCompile(`(?i)Admin`)		
+		admin := ce.MatchString(chunck)
+		board, modcred := GetPasswordFromSession(r)
+		
+		if(admin && HasAuth(db, modcred, board)) {
+			return tripSecure.ReplaceAllString(input, ""), "#Admin"
+		}
+
+		hash := TripCodeSecure(chunck)
+		return tripSecure.ReplaceAllString(input, ""), "!!" + hash
+	}	
+	
+	trip := regexp.MustCompile("#(.+)?")
+
+	if trip.MatchString(input) {
+		chunck := trip.FindString(input)
+		chunck = strings.Replace(chunck, "#", "", 1)
+		
+		ce := regexp.MustCompile(`(?i)Admin`)		
+		admin := ce.MatchString(chunck)
+		board, modcred := GetPasswordFromSession(r)
+		
+		if(admin && HasAuth(db, modcred, board)) {
+			return trip.ReplaceAllString(input, ""), "#Admin"
+		}
+
+		hash := TripCode(chunck)
+		return trip.ReplaceAllString(input, ""), "!" + hash
+	}
+
+	return input, ""
+}
-- 
cgit v1.2.3