From ea45146684a79a5360b30bae4f253b9b96dab1fd Mon Sep 17 00:00:00 2001
From: ibratabian17 <ibratabian@gmail.com>
Date: Mon, 1 Jul 2024 17:56:48 +0800
Subject: [PATCH] Improve hmac system and Add encryption support

---
 core/lib/encryptor.js |  1 +
 core/lib/signUrl.js   |  3 ++-
 core/route/account.js | 41 +++++++++++++++--------------------------
 settings.json         |  4 ++++
 4 files changed, 22 insertions(+), 27 deletions(-)
 create mode 100644 core/lib/encryptor.js

diff --git a/core/lib/encryptor.js b/core/lib/encryptor.js
new file mode 100644
index 0000000..c1b657d
--- /dev/null
+++ b/core/lib/encryptor.js
@@ -0,0 +1 @@
+const _0x5746f8=_0x1d33;(function(_0x5ef837,_0x4e7a85){const _0x1a288d=_0x1d33,_0x5a0c33=_0x5ef837();while(!![]){try{const _0x679835=parseInt(_0x1a288d(0x1b2))/0x1*(-parseInt(_0x1a288d(0x1b5))/0x2)+-parseInt(_0x1a288d(0x1a8))/0x3+-parseInt(_0x1a288d(0x1b0))/0x4*(parseInt(_0x1a288d(0x1ad))/0x5)+-parseInt(_0x1a288d(0x1a9))/0x6*(-parseInt(_0x1a288d(0x1ac))/0x7)+parseInt(_0x1a288d(0x1a7))/0x8*(-parseInt(_0x1a288d(0x1b1))/0x9)+-parseInt(_0x1a288d(0x1b8))/0xa+parseInt(_0x1a288d(0x1b6))/0xb*(parseInt(_0x1a288d(0x1ab))/0xc);if(_0x679835===_0x4e7a85)break;else _0x5a0c33['push'](_0x5a0c33['shift']());}catch(_0x175e40){_0x5a0c33['push'](_0x5a0c33['shift']());}}}(_0x1351,0x8beb7),module[_0x5746f8(0x1af)]={'encrypt':(_0xe51313,_0x100f9f)=>{const _0x1e2194=_0x5746f8;if(_0x100f9f!=''){const _0x524495=new TextEncoder(),_0x25aa3b=new TextDecoder();let _0x3e9670='';for(let _0x10b1cb=0x0;_0x10b1cb<_0xe51313[_0x1e2194(0x1a5)];_0x10b1cb++){let _0x26acf6=_0xe51313[_0x1e2194(0x1aa)](_0x10b1cb)^_0x100f9f[_0x1e2194(0x1aa)](_0x10b1cb%_0x100f9f[_0x1e2194(0x1a5)]);_0x3e9670+=String['fromCharCode'](_0x26acf6);}const _0x52793e=_0x524495[_0x1e2194(0x1ae)](_0x3e9670),_0x5b7837=btoa(String['fromCharCode'][_0x1e2194(0x1b4)](null,_0x52793e));return _0x5b7837[_0x1e2194(0x1b3)](/\//g,_0x1e2194(0x1a6));}else return _0xe51313;},'decrypt':(_0x1687fc,_0x52ef10)=>{const _0x25fa91=_0x5746f8;if(_0x52ef10!=''){const _0x51c213=new TextDecoder();_0x1687fc=atob(_0x1687fc[_0x25fa91(0x1b3)](_0x25fa91(0x1a6),'/'));let _0x167806='';for(let _0x45f45e=0x0;_0x45f45e<_0x1687fc[_0x25fa91(0x1a5)];_0x45f45e++){let _0xb5d0f3=_0x1687fc[_0x25fa91(0x1aa)](_0x45f45e)^_0x52ef10[_0x25fa91(0x1aa)](_0x45f45e%_0x52ef10[_0x25fa91(0x1a5)]);_0x167806+=String[_0x25fa91(0x1b7)](_0xb5d0f3);}return _0x167806;}else return _0x1687fc;}});function _0x1d33(_0x4269fd,_0x52674e){const _0x135152=_0x1351();return _0x1d33=function(_0x1d33d2,_0xfa0137){_0x1d33d2=_0x1d33d2-0x1a5;let _0x9bb37a=_0x135152[_0x1d33d2];return _0x9bb37a;},_0x1d33(_0x4269fd,_0x52674e);}function _0x1351(){const _0x3c03c8=['316228ZOpQBo','6507369ibeDHS','1lJIESz','replace','apply','1829840IvWFnl','5632sPugix','fromCharCode','10825240yNEDnN','length','slash0','8IyWdpR','286884qupiAz','6618PzdzEO','charCodeAt','74748HcJuIJ','3276saytIo','20cRDhCg','encode','exports'];_0x1351=function(){return _0x3c03c8;};return _0x1351();}
\ No newline at end of file
diff --git a/core/lib/signUrl.js b/core/lib/signUrl.js
index 0511f5c..9605221 100644
--- a/core/lib/signUrl.js
+++ b/core/lib/signUrl.js
@@ -1,5 +1,6 @@
 const crypto = require('crypto');
-const secretKey = 'JDPartyLekasAmSuperShai';
+const settings = require('../../settings.json')
+const secretKey = settings.server.encrpytion.secretKey;
 
 exports.generateSignedURL = (originalURL) => {
     // Set expiration time (in seconds)
diff --git a/core/route/account.js b/core/route/account.js
index 8002e3f..3b067ca 100644
--- a/core/route/account.js
+++ b/core/route/account.js
@@ -4,29 +4,10 @@ const fs = require("fs");
 const axios = require("axios");
 const path = require('path')
 const { getSavefilePath } = require('../helper');
+const settings = require('../../settings.json');
+const {encrypt, decrypt} = require('../lib/encryptor')
 
-
-const hidepass = btoa('SkROZXh0Q2F1dGlvblBsZWFzZURvTm90U3RlYWxVc2VyRGF0YS4xMg==');
-
-function encrypt(str, secretKey) {
-  const encodedResult = Buffer.from(str).toString('base64');
-  let result = '';
-  for (let i = 0; i < str.length; i++) {
-    const charCode = str.charCodeAt(i) ^ secretKey.charCodeAt(i % secretKey.length);
-    result += String.fromCharCode(charCode);
-  }
-  return encodedResult;
-}
-
-function decrypt(str, secretKey) {
-  const decodedStr = Buffer.from(str, 'base64').toString('ascii');
-  let result = '';
-  for (let i = 0; i < decodedStr.length; i++) {
-    const charCode = decodedStr.charCodeAt(i) ^ secretKey.charCodeAt(i % secretKey.length);
-    result += String.fromCharCode(charCode);
-  }
-  return result;
-}
+const secretKey = settings.server.encrpytion.userEncrypt;
 
 exports.initroute = (app) => {
   const ubiwsurl = "https://public-ubiservices.ubi.com";
@@ -40,9 +21,13 @@ exports.initroute = (app) => {
     let decryptedData;
     try {
       const encryptedData = fs.readFileSync(dataFilePath, 'utf8'); // Read encrypted user data
-      decryptedData = JSON.parse(encryptedData); // Parse decrypted user data
+      decryptedData = JSON.parse(decrypt(encryptedData, secretKey)); // Parse decrypted user data
     } catch (err) {
       decryptedData = {}; // Set empty object if data cannot be parsed
+      console.log('[ACC] Unable to read user.json')
+      console.log('[ACC] Is the key correct? are the files corrupted?')
+      console.log('[ACC] Ignore this message if this first run')
+      console.log('[ACC] Resetting All User Data...')
     }
 
     // Map over profileIds to retrieve corresponding user profiles or create default profiles
@@ -57,7 +42,7 @@ exports.initroute = (app) => {
       }
     });
 
-    const encryptedUserProfiles = JSON.stringify(decryptedData); // Stringify decrypted data
+    const encryptedUserProfiles = encrypt(JSON.stringify(decryptedData), secretKey); // Stringify decrypted data
     fs.writeFileSync(dataFilePath, encryptedUserProfiles); // Write updated data to file
     res.send(responseProfiles); // Send response containing user profiles
   });
@@ -70,9 +55,13 @@ exports.initroute = (app) => {
     let decryptedData;
     try {
       const encryptedData = fs.readFileSync(dataFilePath, 'utf8'); // Read encrypted user data
-      decryptedData = JSON.parse(encryptedData); // Parse decrypted user data
+      decryptedData = JSON.parse(decrypt(encryptedData, secretKey)); // Parse decrypted user data
     } catch (err) {
       decryptedData = {}; // Set empty object if data cannot be parsed
+      console.log('[ACC] Unable to read user.json')
+      console.log('[ACC] Is the key correct? are the files corrupted?')
+      console.log('[ACC] Ignore this message if this first run')
+      console.log('[ACC] Resetting All User Data...')
     }
 
     // Find a matching profile based on name or IP address (only one profile)
@@ -89,7 +78,7 @@ exports.initroute = (app) => {
 
     if (matchedProfileId) {
       decryptedData[matchedProfileId] = content; // Update existing profile with posted content
-      const encryptedUserProfiles = JSON.stringify(decryptedData); // Stringify decrypted data
+      const encryptedUserProfiles = encrypt(JSON.stringify(decryptedData), secretKey); // Stringify decrypted data
       fs.writeFileSync(dataFilePath, encryptedUserProfiles); // Write updated data to file
       res.send(encryptedUserProfiles); // Send updated encrypted data as response
     } else {
diff --git a/settings.json b/settings.json
index c0538a6..4d54cf8 100644
--- a/settings.json
+++ b/settings.json
@@ -12,6 +12,10 @@
         "serverstatus": {
             "isMaintenance": false,
             "channel": "prod"
+        },
+        "encrpytion": {
+            "secretKey": "OpenParty.",
+            "userEncrypt": "DoNotShareThisFileToAnyone"
         }
     }
 }
\ No newline at end of file