KristyF/PartyJukebox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adding files i forgot last time (new to command line git, sorry

Browse source
This commit is contained in:
Kristy Fournier 2026-03-30 09:36:49 -04:00
parent 2d70c5306e
commit 1230ce60b3
2 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
readme.md
View file

@ -33,8 +33,9 @@ webbyBits.py
* *If getting images, this process may take a long time with a large amount of mp3 files* * *If getting images, this process may take a long time with a large amount of mp3 files*
4. Run `webbyBits.py` 4. Run `webbyBits.py`
* *The port can be customized by editing the `.env` file* * *The port can be customized by editing the `.env` file*
* *You can add an admin password at runtime with* `-a AdminPass` *as an atribute* * *You can add an admin password at runtime with* `-a True` *as an atribute*
* ***NOTE: Do not reuse ANY password for this, it is hashed but 100% unsecure. The best option is just a random string you write down once*** * ***NOTE: Do not reuse ANY password for this, it is hashed but 100% unsecure. The best option is just a random string you write down once***
* You will be prompted in console for a password to be used
* If this attribute isn't included a random string will be generated as the admin password * If this attribute isn't included a random string will be generated as the admin password
* This is intended for protecting certain features for small closed events, not for public security * This is intended for protecting certain features for small closed events, not for public security
@ -97,14 +98,15 @@ From left to right:
The exact process of the password's plaintext scope is as follows The exact process of the password's plaintext scope is as follows
- On the server, you type in the password on the server in the console, the python script takes that plaintext, hashes it, then stores that hash as a variable. The plaintext is also technically a variable, but it's not accessed after that initial hashing. (It's also going to be visible in your console history) - On the server, you type in the password on the server in the console, the python script takes that input directly, hashes it, then stores that hash as a variable. The plaintext could be in memory, but it's not accessible in the code after that initial hashing. If you typed your own password, it won't be visible in the console history after it is typed.
- On the client, you type in the password and press enter. A function reads the value of the password box, saves the hash of that password to a variable, and sends it with all your requests. The plaintext is still stored in the inputbox, but if you delete it and don't press enter on the box again, the hash will be stored without keeping the plaintext. (I may change this behaviour so this box auto-clears when enter is pressed, maybe) - On the client, you type in the password and press enter. A function reads the value of the password box, saves the hash of that password to a variable, and sends it with all your requests. The plaintext is still stored in the input box, but if you delete it and don't press enter on the box again, the hash will be stored without keeping the plaintext. (I may change this behaviour so this box auto-clears when enter is pressed)
None of this is "secure", but it's better than sending plaintext passwords, which is what I was doing before. Hypothetically somebody who intercepted your packet where you sent the password can't get back the original plaintext, just the hash. None of this is "secure", but it's better than sending plaintext passwords, which is what I was doing before. Hypothetically somebody who intercepted any packets with the password can't get back the original plaintext, just the hash.
## External Credits ## External Credits
- QR Code Generator: JS file found [here](https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js) - QR Code Generator: JS file found [here](https://cdnjs.cloudflare.com/ajax/libs/qrcodejs/1.0.0/qrcode.min.js)
- Cookie Popup: JS file found [here](https://cookieconsent.popupsmart.com/src/js/popper.js) - Socket.io: JS file found [here](https://cdn.socket.io/4.7.5/socket.io.min.js)
- SHA256 over http: JS file found [here](https://cdnjs.cloudflare.com/ajax/libs/js-sha256/0.11.0/sha256.min.js)
*See `LICENSE.md` for redistribution and editing details.* *See `LICENSE.md` for redistribution and editing details.*

3
wishlist.md
View file

@ -9,11 +9,12 @@
- [ ] Refactoring existing code - [ ] Refactoring existing code
- [x] Remove old comments - [x] Remove old comments
- [ ] Update the SQL -> Server -> Client pipeline when searching and building playlist - [ ] Update the SQL -> Server -> Client pipeline when searching and building playlist
- Moving to mongo might make more sense to maintain a dictionary/JSON like format, but that needs a server
- [ ] Verify all if-else sequences are correct and not redundant - [ ] Verify all if-else sequences are correct and not redundant
- [ ] Security Updates - [ ] Security Updates
- [x] `.env` file for the api keys and other runtime info to be set, rather than in the `.py` files - [x] `.env` file for the api keys and other runtime info to be set, rather than in the `.py` files
- [x] Hashing rather than plaintext sending passwords (that way at least the password text itself isn't transmitted over the network) - [x] Hashing rather than plaintext sending passwords (that way at least the password text itself isn't transmitted over the network)
- [ ] Actually use SSL, for posting (CORS seems like an issue) - [ ] Actually use TLS, for posting (CORS seems like an issue)
- [ ] Accessibility - [ ] Accessibility
- [ ] Better use of semantic HTML tags - [ ] Better use of semantic HTML tags
- [ ] Full keyboard control (tab, enter to select, tab between control buttons) - [ ] Full keyboard control (tab, enter to select, tab between control buttons)