Add encryption

2024-03-15 10:45:30 +00:00 · 2024-03-15 10:45:30 +00:00 · 3649eda7d2
commit 3649eda7d2
parent 9739a2264d
5 changed files with 53 additions and 16 deletions
--- a/JavaScript/Client.js
+++ b/JavaScript/Client.js
@ -27,6 +27,15 @@ class LonaDB {

        let encryptionKey = crypto.createHash('sha256').update(processID).digest('base64');

+        switch(action){
+            case "create_user":
+                data.user.password = await this.encryptPassword(data.user.password, encryptionKey);
+                break;
+            case "check_password":
+                data.checkPass.pass = await this.encryptPassword(data.checkPass.pass, encryptionKey);
+                break;
+        }
+
        let encryptedPassword = await this.encryptPassword(this.password, encryptionKey);

        let request = JSON.stringify({
@ -63,7 +72,6 @@ class LonaDB {
        });
    }

-
    encryptPassword(password, key) {
        const iv = crypto.randomBytes(16);
        const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(key, 'base64'), iv);
--- a/JavaScript/package.json
+++ b/JavaScript/package.json
@ -1,6 +1,6 @@
 {
  "name": "lonadb-client",
-  "version": "4.5.1",
+  "version": "4.5.2",
  "description": "A client for the LonaDB Prototype",
  "main": "Client.js",
  "scripts": {
--- a/PHP/Client.php
+++ b/PHP/Client.php
@ -50,6 +50,15 @@ class LonaDB {
    }

    $processID = $this->makeid(5);
+
+    switch($action){
+      case "create_user":
+        $data['user']['password'] = $this->encryptPassword($data['user']['password'], $processID);
+        break;
+      case "check_password":
+        $data['checkPass']['pass'] = $this->encryptPassword($data['checkPass']['pass'], $processID);
+        break;
+    }
 		
 		$encryptedPassword = $this->encryptPassword($this->password, $processID);

--- a/Python/lonadb_client/lonadb_client.py
+++ b/Python/lonadb_client/lonadb_client.py
@ -1,5 +1,9 @@
 import json
 import socket
+import random
+import hashlib
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes

 class LonaDB:
    def __init__(self, host, port, name, password):
@ -9,28 +13,41 @@ class LonaDB:
        self.password = password

    def make_id(self, length):
-        import random
-        import string
-        return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(length))
+        characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890abcdefghijklmnopqrstuvwxyz'
+        return ''.join(random.choice(characters) for _ in range(length))

-    def send_request(self, action, data):
+    async def send_request(self, action, data):
        process_id = self.make_id(5)
+        encryption_key = hashlib.sha256(process_id.encode()).digest().hex()
+
+        if action == "create_user":
+            data["user"]["password"] = await self.encrypt_password(data["user"]["password"], encryption_key)
+        elif action == "check_password":
+            data["checkPass"]["pass"] = await self.encrypt_password(data["checkPass"]["pass"], encryption_key)
+
+        encrypted_password = await self.encrypt_password(self.password, encryption_key)
+
        request = json.dumps({
-            'action': action,
-            'login': {
-                'name': self.name,
-                'password': self.password
+            "action": action,
+            "login": {
+                "name": self.name,
+                "password": encrypted_password
            },
-            'process': process_id,
+            "process": process_id,
            **data
        })

-        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
-            s.connect((self.host, self.port))
+        with socket.create_connection((self.host, self.port)) as s:
            s.sendall(request.encode())
-            response = s.recv(4096).decode()
+            response = s.recv(1024).decode()
            return json.loads(response)

+    async def encrypt_password(self, password, key):
+        iv = get_random_bytes(16)
+        cipher = AES.new(key.encode(), AES.MODE_CBC, iv)
+        encrypted = cipher.encrypt(password.encode())
+        return iv.hex() + ':' + encrypted.hex()
+
    def create_function(self, name, content):
        data = {
            'function': {
@ -143,4 +160,4 @@ class LonaDB:

    def eval(self, func):
        data = {'function': func}
-        return self.send_request('eval', data)
+        return self.send_request('eval', data)
--- a/Python/setup.py
+++ b/Python/setup.py
@ -6,7 +6,7 @@ long_description = (this_directory / "README.md").read_text()

 setup(
    name="lonadb-client",
-    version="2.1",
+    version="2.2",
    author="Collin Buchkamer",
    author_email="collin@lona-development.org",
    description="A client library for interacting with LonaDB server",
@ -27,4 +27,7 @@ setup(
    ],
    keywords="lonadb client database",
    platforms="any",
+    install_requires=[
+        "pycryptodome>=3.10.1"
+    ]
 )