Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
export const createUser = cloudFunctions.auth.user().onCreate(async (firebaseUser) => {
const tanamConfig = configService.getConfig();
const tanamConfigRole = tanamConfig.users ? tanamConfig.users[firebaseUser.email] : null;
const envRole = firebaseUser.email === process.env.TANAM_SUPER_ADMIN ? 'superAdmin' : null;
const initialRole = envRole || tanamConfigRole;
// Use gravatar as default if photoUrl isn't specified in user data
// https://en.gravatar.com/site/implement/images/
const gravatarHash = MD5(firebaseUser.email || firebaseUser.uid).toString().toLowerCase();
const user = {
uid: firebaseUser.uid,
name: firebaseUser.displayName || firebaseUser.email,
email: firebaseUser.email,
photoUrl: firebaseUser.photoURL || `https://www.gravatar.com/avatar/${gravatarHash}.jpg?s=1024&d=identicon`,
roles: !!initialRole ? [initialRole] : [],
};
console.log(`Creating account: ${JSON.stringify({ user })}`);
return Promise.all([
siteService.initializeSite(),
admin.firestore()
.collection('tanam').doc(process.env.GCLOUD_PROJECT)
.collection('users').doc(firebaseUser.uid)
.set(user),
setUserRoleToAuth(user),
parse: function(attributes) {
// todo: move this feature into ImageBookmarksStore
attributes.isFavorited = true; //response.is_bookmarked;
attributes.start_date = moment(attributes.start_date);
attributes.end_date = moment(attributes.end_date); // might be null, which is an Invalid Date
attributes.description = attributes.description || "";
attributes.uuid_hash =
attributes.uuid_hash ||
CryptoJS.MD5(attributes.uuid.toString()).toString();
return attributes;
},
exports.register = async (ctx, next) => {
const email = /^([\w-_]+(?:\.[\w-_]+)*)@((?:[a-z0-9]+(?:-[a-zA-Z0-9]+)*)+\.[a-z]{2,6})$/i
if (ctx.request.body.password.length < 6 || ctx.request.body.password.length > 18) {
ctx.throw(401, '密码长度有误')
} else if (!email.test(ctx.request.body.email)) {
ctx.throw(401, '邮箱有误')
} else {
let user = null
let result = null
const req = request({
url: `https://cn.gravatar.com/${MD5(ctx.request.body.email.trim().toLowerCase())}.json`,
headers: {
'User-Agent': 'request',
},
})
await new Promise(async resolve => {
req.on('data', async data => {
if (JSON.parse(data.toString()).entry) {
data = JSON.parse(data.toString()).entry[0]
data.thumbnailUrl = data.thumbnailUrl.replace(/^(http:)/, 'https:')
} else {
data = {
preferredUsername: ctx.request.body.email.split('@')[0],
thumbnailUrl: '/img/avatar.png',
}
}
user = new UserModel({
if (algorithm === MD5_SESS) {
A0 = crypto.MD5(username + COLON + realm + COLON + password).toString();
A1 = A0 + COLON + nonce + COLON + clientNonce;
}
else {
A1 = username + COLON + realm + COLON + password;
}
if (qop === AUTH_INT) {
A2 = method + COLON + uri + COLON + crypto.MD5(params.body);
}
else {
A2 = method + COLON + uri;
}
hashA1 = crypto.MD5(A1).toString();
hashA2 = crypto.MD5(A2).toString();
if (qop === AUTH || qop === AUTH_INT) {
reqDigest = crypto.MD5([hashA1, nonce, nonceCount, clientNonce, qop, hashA2].join(COLON)).toString();
}
else {
reqDigest = crypto.MD5([hashA1, nonce, hashA2].join(COLON)).toString();
}
headerParams = [USERNAME_EQUALS_QUOTE + username + QUOTE,
REALM_EQUALS_QUOTE + realm + QUOTE,
NONCE_EQUALS_QUOTE + nonce + QUOTE,
URI_EQUALS_QUOTE + uri + QUOTE
];
algorithm && headerParams.push(ALGORITHM_EQUALS_QUOTE + algorithm + QUOTE);
getAccountByAccountName(account).then(function (response) {
if (response.data.password === String(CryptoJS.MD5(password))) {
if (response.data.account_profile) {
profile.email_address = response.data.account_profile[0].email_address;
profile = [profile].concat(response.data.account_profile);
} else {
profile = [profile];
}
return putProfile(account, profile);
} else {
res.status(400).json({ error: 'Password incorrect' });
}
}).then(function (response) {
res.status(200).json({ success: true });
function getWikipediaImageUrl(filename) {
var base = imageBase;
var hash = CryptoJS.MD5(filename).toString();
return base + hash.substr(0, 1) + '/' + hash.substr(0, 2) + '/' + filename;
}
.concat(
CryptoJS.lib.WordArray.create(
[
((obj & 0xff) << 24) |
((obj & 0xff00) << 8) |
((obj >> 8) & 0xff00) |
(gen & 0xff),
(gen & 0xff00) << 16
],
5
)
);
}
if (this.version === 1 || this.version === 2) {
let key = CryptoJS.MD5(digest);
key.sigBytes = Math.min(16, this.keyBits / 8 + 5);
return buffer =>
wordArrayToBuffer(
CryptoJS.RC4.encrypt(CryptoJS.lib.WordArray.create(buffer), key)
.ciphertext
);
}
let key;
if (this.version === 4) {
key = CryptoJS.MD5(
digest.concat(CryptoJS.lib.WordArray.create([0x73416c54], 4))
);
} else {
key = this.encryptionKey;
}
}
if (qop === AUTH_INT) {
A2 = method + COLON + uri + COLON + crypto.MD5(params.body);
}
else {
A2 = method + COLON + uri;
}
hashA1 = crypto.MD5(A1).toString();
hashA2 = crypto.MD5(A2).toString();
if (qop === AUTH || qop === AUTH_INT) {
reqDigest = crypto.MD5([hashA1, nonce, nonceCount, clientNonce, qop, hashA2].join(COLON)).toString();
}
else {
reqDigest = crypto.MD5([hashA1, nonce, hashA2].join(COLON)).toString();
}
headerParams = [USERNAME_EQUALS_QUOTE + username + QUOTE,
REALM_EQUALS_QUOTE + realm + QUOTE,
NONCE_EQUALS_QUOTE + nonce + QUOTE,
URI_EQUALS_QUOTE + uri + QUOTE
];
algorithm && headerParams.push(ALGORITHM_EQUALS_QUOTE + algorithm + QUOTE);
if (qop === AUTH || qop === AUTH_INT) {
headerParams.push(QOP_EQUALS + qop);
}
if (qop === AUTH || qop === AUTH_INT || algorithm === MD5_SESS) {
nonceCount && headerParams.push(NC_EQUALS + nonceCount);
function getOwnerPasswordR2R3R4(
r,
keyBits,
paddedUserPassword,
paddedOwnerPassword
) {
let digest = paddedOwnerPassword;
let round = r >= 3 ? 51 : 1;
for (let i = 0; i < round; i++) {
digest = CryptoJS.MD5(digest);
}
const key = digest.clone();
key.sigBytes = keyBits / 8;
let cipher = paddedUserPassword;
round = r >= 3 ? 20 : 1;
for (let i = 0; i < round; i++) {
const xorRound = Math.ceil(key.sigBytes / 4);
for (let j = 0; j < xorRound; j++) {
key.words[j] = digest.words[j] ^ (i | (i << 8) | (i << 16) | (i << 24));
}
cipher = CryptoJS.RC4.encrypt(cipher, key).ciphertext;
}
return cipher;
}
if (query && Object.keys(query).length > 0) {
url = `${url}?${querystring.stringify(query)}`;
}
headers = Object.assign(this.buildHeaders(), this.config.headers, headers);
let postBody;
if (body) {
let str: string;
if (typeof body === 'string') {
str = body;
headers['content-type'] = 'application/octet-stream';
} else {
str = JSON.stringify(body);
headers['content-type'] = 'application/json';
}
const digest = MD5(str).toString(enc.Hex);
const md5 = enc.Base64.stringify(enc.Utf8.parse(digest));
headers['content-md5'] = md5;
postBody = str;
}
let queriesToSign;
if (path.startsWith('/proxy/')) {
queriesToSign = query || {};
}
const signature = Client.getSignature(this.config.accessKeyId, this.config.accessKeySecret, method, `/${this.version}${path}`, headers, queriesToSign);
headers['authorization'] = signature;
const response = await this.timeout(this.config.timeout, fetch(url, {
method,
headers,
body: postBody
}));