#development

no its in New York

Dubai is 6,850 miles from it

speedtest cli decided to do it in dubai idk why

Ah

you forgot the parameter in the ()

ah so

  console.log(raw);
});

ye

rawrawraw

alright

rawr

rawr

basically, when you login, the first event you receive is a hello event, with an array of guild ids

https://tenor.com/view/rawr-minions-gif-19161086

hm ok

afterwards you will receive a number of GUILD_CREATE events equal to the number of guilds in the array

if there is a bugged guild, the GUILD_CREATE event for that guild will not arrive

after a while, djs will give up waiting and emit ready anyway

you can check which guild you are not receiving, that is your bugged guild

hmmm but if im sharding, the shard doesnt go ready

it times out

and then respawns the shard

then thats a different issue

check if you receive anything at all in the raw events first

alright

i should prob store all this in a JSON so i dont lose it

@quartz kindle op HELLO is just the heartbeat timeout and some other data while the client is unauthenticated. The client authenticates then receives a READY event which has the guild ID Array and the current user info. Then GUILD_CREATEs

does djs emit the hello too?

Idk

i dont remember either, but yeah, hello then guild array then guild creates

welp we'll find out rn once i restart

console going crazy

why…

saving data in the json

ww

that file's boutta be 1tb

wow

its 19 MB

thats crazy for a json

yeah my computer is not liking this json

lmao

alr im switching to txt this json is very hard to read

LMFAO

what did bro put in that json file 💀

i have a geocoding database stored in 2 text files

one is 25mb, the other is 95mb

xd

txt is disappointing

i dont want to read the json 😢

gotta stringify it bro

theres a heartbeat

then a ready

then it shows all the guild ids

then the GUILD_CREATEs?

or it stops in the guild ids?

yeah i see exactly

513 GUILD_CREATE

well its working now

Shard went ready

all gucci then

Ye

🤷 hopefully it stays this way

It will stay that way

for a whole 5 minutes

:^)

this seems so fake

(catbox.moe)

how is a file storage service

requiring 1.4k a month

a tb of google data storage is 23 dollars

server bills? you mean your rent? 😭

You don't know who their provider is. For important data, you also wanna do 3-2-1. 3 different service providers with the data mirrored. 2 physical backups with 1 of them being offsite

Also stuff like CPU time isnt free

its a free upload service with 200mb files 👀

I'm spending over $100 a month for my webhook service right now... and it JUST forwards webhooks from top.gg to discord. not file storage, just redundancy and high availability makes it expensive

good job sis

I can understand that

Bandwidth is expensive

It’s a popular service too

For context, my api which literally just returns JSON uses over 1tb of bandwidth a month from a few million requests

time to turn that into 2tb

lol

Damn must be a lot of people using it. Are you sure there's no attacks there? Using cloudflare?

CF, and no attacks

How many unique users every month?

last 24h

2.3k

💀

last 30d

Must be a lot of users requesting data consistently

What does the backend do

just queries a datbase

Query a database for information?

Ah ok

Are you using mongodb 😟

Redis 😋

Mysql / mariadb is meh

mongodb and redis

Why do you need 2 databases?

I see a lot of people do it I'm confused why you would need it.

its not 2 databases

redis is for caching frequently accessed items

to save on expensive database queries

So I can use redis to cache my mysql queries?

redis should never be used as a database

yes

But how does that work in the backend you query redis and it checks cache and if it's not there it asks mongodb or mysql?

yes

Hmmm I did not know this

what is redis' min ram+core requirement?

const cached = await redis.get(`cache-key`)
if (cached) return cached
else {
  const result = await db.query(`whatever`)
  await redis.set(`cache-key`, JSON.stringify(result), "EX", 60 * 10)
  return result
}```

etc

that caches it for 10 minutes

why use redis when you can just use a {} and a setTimeout

you can remove the "EX" part and make it cache forever, but that relies on you resetting the value if the intended value changes

less memory saving ❌

wdym

i can't store 1.2b records in {}

but i can with redis

!

so

you use mongodb and redis for caching

yes

icic

why not use Postgres over MongoDB

wait it depends on what API

the 1.2b one is postgres

the rest are mongo

why not stick to one

because i've always used mongo

but people told me to use postgres for the other one

cassamdra

so pro

nnah ez

for u

cuz u pro

boooo

cassandra is bloated

fr?

yes

you just own a $2k pc takiyo

devlopment

development

i got to channel manager

nah my free do vps can handle cassandra too

idk how i should store user / channel data in server side

as well as socket

socketio if you don't want to use native websocket or whatever it called in nodejs

u use socketio?

my bad

socket.io my BELOVED

😔 bully me pls for using socket.io

what

im not saying its bad

im using socket.io for my computer science NEA project

just because its so easy to setup and use

socket.io looks pretty nice

ooo

mfw insomnia doesn't support socket io

it's good for lazy people like me

same

my last project was using that as well

ooo

the auto reconnect is just...

idk if i should switch to use postman

since postman supports socketio

the client frontend is not available yet and i wanna test it

socket.io users realising it's just a websocket that sends and receives json

its not

why not

just use the ws library 😏

Rustacean mindset

socket.io is boring

it does all the heavy lifting for you

thats not fun

might as well make your own Websocket implementation in C with OpenSSL fr fr /s

yknow what

not a bad idea

tim knows the ws specification

i will just get him to do it /s

omw to rewrite cc in c

wait a minute

something aint adding up here

Hm?

@sharp geyser c++ macro abuse

yknow I have no idea what any of that means

but I support it

not for this

because im too lazy to properly intergrate all of that

since i dont get examined on the code, i get examined on the final product

oh wait

what are you making

I didnt read any of the prior messages

kahoot clone

bro what for

😭

computer science project

has to be a working project that meets their specification requirements, and i have to write a 5k word thing to go with it

just get unlimited..

and 1tb extra bandwidth is like €2

all I'll say is don't choose an overambitious project

make a relatively simple but complex project that demonstrates all the cs buzzwords like oop, databases, etc

your report is what gets you the marks not really the project itself but you need a decent project so you can talk about it

Unless a kahoot clone is the project

i love ai

if you somehow also fit agile development and methodologies the examiners will also start drooling

ew redis

what, like my media project website

they do mark you on the presentation of your website for this NEA

not the coding but just how it looks and how easy it is to use

and yes i am replacing the school bus with a tour bus

not that ambitous

Same

Damn my bot literally turned off 3 minutes before someone reviewed it

why is implementing sftp so annoying tf

This is called "bad luck"

MY EYES

Hello brain

Glad to see you for your weekly visit to top.gg

lol

i decided to give up and make the top.gg C++ SDK purely use D++

electron ughhhhh

It could always be worse tbh

it gets better tho

lemme record a vid

ignore the fact it speeds up

thats a bug

Not bad

thats like a few hours work

can I have role bot developer ?

it might seem crazy what im about to say

haha I am jokking

Good one

can I hab booster role

also they renamed the booster chat, why dont they rename the role as well

what did they rename it to

john hamburger

Hy, One question: How to Create Multi Language commands? Example: Select Eng Language slash command /help or select hun language /segitseg ?

What programming language do you use?

Node Js

https://discordjs.guide/slash-commands/advanced-creation.html#localizations

There is a Booster Chat?

as far as making sure your command names/descriptions are localized you can do so easily as discord provides this ability for you and it will use the user's settings to determine that

I don't have a Booster chat

in regards to anything you set, you will need to use i18n

#boomers

Ty

Thanks:>

script type

ai is gonna take over ‼️

how do i get access without relinquishing control of a small portion of my funds (United States Dollars) to Discord Incorporated permanently?

Boost

long loooooong var

long long long long long long long num = 999999999999999999999999999999999999999999;

lul

was referencing the long looooong man ad

lmao

discord rolling out some cool new features

lame

what if they are trying to make friends

smh

yes they are

:^)

Im just saying

what if they were

😔

at LAST an useful feature

"I am a professional artist and my dog is dying and I have cancer I need to pay medical bills"

i have an amazing investment opportunity for you, join my crypto company

Shit if you say it's true I might

Woah, can I get in on it

what yall think of the chatbot so far

me personally i think it's hella hot

its speaking in tongues

looks good

https://tenor.com/view/dancing-cat-dance-cat-cat-meme-chinese-cat-gif-12629347036627000898

I dislike that

it is unnatural

https://tenor.com/view/dance-dancing-dancing-cat-cat-cat-dance-gif-4990417705814603993

what about this

i bet it's 100% real

that one I like more

thats a scsm

@oak cliff is it your birthday in 10 days?

yas

happy early birthday

wait fuck wrong channel

I swear I clicked on general

mines in 14

I didnt ask for your age

nah im kidding happy early bday to you as well bun

omg bun old enough for br

I've been old enough

for the past 2 years almost

applying when i can

i've been trying to apply for years

I've applied 2 times

😔

mostly because i know the site so well and i want to help out

I think I gotta apply again tbh cause all my other apps were on the old account

I dont know the site as well as you, but i've grown a passion to help top.gg more, hence my recent activity in #support

i've had tht channel muted for the past 3 years

i try to help in support but people always snap in before me

i could literally use the site with a blindfold on tbh

I am just up at all hours of the night so I literally am available 16/7

well idk when we'll need new brs but id be happy to have yall imo

just remove all mods and brs and put me and misty instead

here's to hoping

got that grind

Maybe 3rd time really is the charm

I'd like to see more American mods ngl

https://tenor.com/view/jerma-gif-14663292704966997212

same

im so lonely

more bri ish

top.gg goes silent for like 6h

and thats when the crazies come out

lol

there was a night where you left and then an hour later someone posted malware

💀

oopsies

am I not enough for you? 😦

we're so lonely*

communism detected

💀

Dont think I wont steal your role from you 😠

our role

we wont steal

are you officially locked to only development

Code always returns failure no matter what even when User and password is right

code:

const express = require("express");
const app = express();
const passport = require('passport');
const LocalStrategy = require('passport-local').Strategy;
const session = require('express-session');
const cors = require('cors');
const bodyParser = require('body-parser');
const User = require("./schemas/PanelUser.js");
const bcrypt = require('bcrypt');
const config = require('./env.json');
const connectDB = require('./db');
const fs = require('node:fs');
const path = require('node:path');
const { Client, Collection, GatewayIntentBits } = require('discord.js');

const client = new Client({ intents: [GatewayIntentBits.Guilds] });

require("./Deploy.js");



app.use(cors());
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(session({
    secret: 'SCPWebPanel-1',
    resave: false,
    saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
app.set('view engine', 'ejs');
app.set('views', __dirname + '/views');

passport.use(new LocalStrategy(
    async (username, password, done) => {
        try {
            const user = await User.findOne({ username });
            if (!user) {
                return done(null, false, { message: 'Incorrect username.' });
            }
            const isMatch = await bcrypt.compare(password, user.password);
            if (!isMatch) {
                return done(null, false, { message: 'Incorrect password.' });
            }
            return done(null, user);
        } catch (err) {
            return done(err);
        }
    }
));

passport.serializeUser((user, done) => {
    done(null, user.id);
});

passport.deserializeUser((id, done) => {
    User.findById(id, (err, user) => {
        done(err, user);
    });
});

function isAuthenticated(req, res, next) {
    if (req.isAuthenticated()) {
        return next();
    }
    res.redirect('/');
}

app.post('/login', passport.authenticate('local', {
    successRedirect: '/success',
    failureRedirect: '/failure'
}));

app.get('/login', (req, res) => {
    res.render('login');
});

app.get('/success', isAuthenticated, (req, res) => {
    res.send('Login successful');
});

app.get('/failure', (req, res) => {
    res.send('Login failed');
});

const PORT = 8040;
app.listen(PORT, () => {
    console.log(`Server is running on port ${PORT}`);
});

are you doing a get or a post? because you have passport on post, but only ejs on get

im doing a post on the login page

imagine using passport

well obviously you are failing at authenticating

Is the user & pass correct

passport isn’t horrible

thank you

it is for oauth2

yeah

if you are using local then its fine

Not for this though

anyway back to this

this is to allow certain users to login into the developer pane;

passport is failing because you are not entering the correct details

ok this is the Local:

passport.use(new LocalStrategy(
    async (username, password, done) => {
        try {
            const user = await User.findOne({ username });
            if (!user) {
                return done(null, false, { message: 'Incorrect username.' });
            }
            const isMatch = await bcrypt.compare(password, user.password);
            if (!isMatch) {
                return done(null, false, { message: 'Incorrect password.' });
            }
            return done(null, user);
        } catch (err) {
            return done(err);
        }
    }
));

i am?

either that or your logic is fucked

add some console.logs to that

am now

Add logs after each if statement

That's where its most likely to fail

add logs after each new line

for some reason its not logging

after each new character

Its not being called then

could it be bc of the 2 login urls?

I haven't used passport in a while so this is where I step out before I mislead ya

add logs to the routes themselves

unlikely, ones post the other is get

so it will show whatever is appropriate

if you are visiting it will render the login page, if you are posting it will do the other one

ok so the Post isnt being called

check your html

check console log on the browser side

^

check network tab

hmm its 302

its correct

thats normal?

ye

yes

ok

302 is temporary redirect

im checking the passport docs

in their examples they show how to define a "name" for your strategy

for example

hm

hmm

i'll try it

also

on the post route, try removing passport and adding a console.log for the raw body instead

just to check if the post route is receiving correct data

thats something

welp, user not found

brody forgot to add himself

hmmm

i exist

thats an awefully short password

ik

its a testing one

dont tell me you are storing it plaintext

you are not a developer

:^)

👀

i didnt set the command to do that yet

Sounds like you're working out of order then

seing capitalized db rows make me mad for some reason

its also just a data value not really used

the password is?

what

make sure you aren't passing along any whitespace

idk if the client lib handles that or if the db can handle it

but better to .trim

i read that as .trip

just to clafiry, this is the log for the username variable and the response from the User.findOne call?

yes

ive trimed it and still

are the keys in the db case sensitive?

uhh idk

the key in the db is Username, but you search for { username }

try changing it to { Username: username }

this work?

oh yeah!

there you go

remember all your db keys are capitalized

so user.Password

exdee

this hash and data error is annoying

why is it annoying?

just fix it

I HAVE

dafuq

thats not how you fix it

oh wait

how did you save the password in your db?

you're supposed to save the hash, not the password

oh

wait a second

no way bro actually stores plaintext passwords

😭

not anymore im guessing

hopefully

i still am 💀

bc it just creates the instance

You should NEVER store plaintext passwords

ok ill do it now

i hashed it

thats like rule #1

everyone knows this

😭

👍

apparently not me

exdee

the idea is, you hash the password, store the hash, then compare the plain text password they used to login, against the hash from the db

hashes are the same no matter where or how many times you hash it

for example you hash 123 it will always result in the same hash

providing you are using the same algo

and they aren't modifying it in someway

thats how bcrypt.compare works

ok well now its broken

it takes in a plaintext and a hashed password, it hashses the plain text and then compares the two hashes

creating a password:
user -> "mypassword" -> hash() -> "giwuegf9w7gb99w7hg9wughowu" -> save in database

checking a password:
user -> "mypassword" -> hash() -> "giwuegf9w7gb99w7hg9wughowu" -> compare with hash in database

thats how file checksums work as well

they generate a hash for the file and when you download it, you are meant to hash it as well to compare the two

and make sure what you downloaded is indeed the correct file

WHY IS THIS COMMAND CRASHING

show code

Command code:

const { ButtonBuilder, ActionRowBuilder, ButtonStyle, SlashCommandBuilder, EmbedBuilder, ModalBuilder, TextInputBuilder, TextInputStyle, PermissionFlagsBits } = require('discord.js');
const PanelUser = require("../../schemas/PanelUser")

module.exports = {
    data: new SlashCommandBuilder()
    .setName("adduser")
    .setDescription("Add's a User to the Web Panel (TW Only)"),
        async execute(interaction) {
            if (interaction.user.id === "919674489581731842") {
                const Modal = new ModalBuilder()
                      .setCustomId('AddUserModal')
                      .setTitle("Add a user to the panel")

                const Username = new TextInputBuilder()
                    .setCustomId("Username")
                    .setLabel("Username of the New User")
                    .setStyle(TextInputStyle.Short)

                const UserPass = new TextInputBuilder()
                .setCustomId("Password")
                .setLabel("Password of the New User")
                .setStyle(TextInputStyle.Short)

                const FRow = new ActionRowBuilder().addComponents(Username)
                const SRow = new ActionRowBuilder().addComponents(UserPass)

                Modal.addComponents(FRow, SRow)

                await interaction.showModal(Modal)

            } else {
                return interaction.reply("L you tried lmao -tw")
            }
        }    
}

interactionCreate:

const bcrypt = require('bcrypt');
const { Events } = require('discord.js');
const PanelUser = require("../schemas/PanelUser");

module.exports = {
    name: Events.InteractionCreate,
    async execute(interaction) {
        if (!interaction.isModalSubmit()) return;

        if (interaction.customId === "AddUserModal") {
            const NUsername = interaction.fields.getTextInputValue("Username");
            const NPassword = interaction.fields.getTextInputValue("Password");

            const hashedPassword = await bcrypt.hash(NPassword, 10);

            const UserData = new PanelUser({ Username: NUsername, Password: hashedPassword });
            await UserData.save();
        }

        if (!interaction.isChatInputCommand()) return;

        const command = interaction.client.commands.get(interaction.commandName);

        if (!command) {
            console.error(`No command matching ${interaction.commandName} was found.`);
            return;
        }

        try {
            await command.execute(interaction);
        } catch (error) {
            console.error(error);
            if (interaction.replied || interaction.deferred) {
                await interaction.followUp({ content: 'There was an error while executing this command!', ephemeral: true });
            } else {
                await interaction.reply({ content: 'There was an error while executing this command!', ephemeral: true });
            }
        }
    },
};

there is a lot of places it can fail

This is also why you can't just get a password for a site, you have to reset it entirely if you forget it. It's meant to be one-way, so that even if a leak happens, your password is still secure (Unless it gets bruteforced, hence why they usually like you to have a more complex password than something like "abcd")

i finally started using event files

well first off you are checking if isModalSubmit and returning if its not

ye, also using secure hashes like bcrypt/scrypt/argon2 which are designed to be resistant against brute forcing by being slow on purpose

so uh thats an issue

yea

already there

I can read

thats the problem most likely

if they are using a slashcommand that will stop all execution

no like it wont even prompt it

buddy, if its not a modal submit then it returns stopping execution

because modalSubmit is fired when the user fills out the modal

You can't submit the modal if you can't even trigger it

AKA if I do /ping then that will be false and return

A modal is a response to an interaction

AHHHH

lmao

you should be checking if it is and doing something with it

you are checking if ALL interactions are modal submit

especially if you are wanting to handle a lot of cases

and refusing to run them if they are not

ok so

ive narrowed it down

its the interactionCreate file

well obviously

thats what we've been saying?

cant even run another command im gonna try removing the hashing and see if it works?

the issue is literally this

oh

lmao

ur in hD?

HD*

yea

nice

I used to do roblox game development

💀

ah

I made a postgres database wrapper

yeah

wait what

hm?

I mean it wasn't wrapped around postgres itself

there was an api as the middle man

but it communicated with pg rather well

wow

you dont really need to hide password hashes

I mean....

definitely don't just show em to anyone

yeah nobody here cares

omfg

they are also extremely hard to break

but we aren't going to brute force your password for a roblox bot panel

you aren't passing something correctly to bcrypt

watch it be literally 12345678

make sure its not undefined

I use 12345 as my test passwords

user.Password

oh yea

lmao

i literally said that half an hour ago

AHHHHH

oh shit

^

tim if you haven't noticed, this guy missed an entire conversation

i did

where we told him the problem with his interactionCreate

no i fixed it

yea after we told you again

i was watching fireworks

0 and 4000 is crazy

i dont care to add limits

4000 character long password

ultra mega secure

you should

unbreakable for 1000 years

im the only one who can run the cmd

erm actually it'd be 1000 quintillion

bruh like thats the example

oh im a dumbass

i did it!

neat

was very easy lmao

passport.use('password', new LocalStrategy(
    async (username, password, done) => {
        try {
            const saltRounds = 10

            const trimmedUsername = username.trim();
            const trimmedPassword = password.trim();

            console.log('Looking for user:', trimmedUsername)

            const user = await User.findOne({ Username: trimmedUsername });
            if (!user) {
                console.log('User not found');
                return done(null, false, { message: 'Incorrect username.' });
            }

            console.log('User found:', user)

            const Password = trimmedPassword

            bcrypt.genSalt(saltRounds, function(err, salt) {
                bcrypt.hash(Password, salt, function(err, hash) {
                    bcrypt.compare(Password, hash, function(err, result) {
                        return done(null, user);
                    })
                })
            })
        } catch (err) {
            console.log('Error during authentication:', err);
            return done(err);
        }
    }

I am so confused

const trimmedPassword then const Password = trimmedPassword

Also what are you doing

idk

it works

no

thats not what you are supposed to do

            bcrypt.genSalt(saltRounds, function(err, salt) {
                bcrypt.hash(Password, salt, function(err, hash) {
                    bcrypt.compare(Password, hash, function(err, result) {
                        return done(null, user);
                    })
                })
            })

this is wrong

entirely

I dread the security of your application

😔

How it should be is that you're storing a hash of the password which it seems you are doing. You then hash what the browser sends and compare that hash with the existing hash

Alternatively, the browser can hash the password for transport safety

I think

What you're currently doing is hashing the password the browser just sent and then comparing the password the browser just sent to the hash you just generated of said password

@hidden gorge

You don't check the result or if there are any errors of the compare

the only reason it works is because you continue regardless of the result

Looks like this isnt recommended because you'd be exposing your salt

All the passwords should be sent via https anyway, which is encrypted

Also looks like you need to store the salt in the DB since that's important?? Not too familiar with hashing

I'll just refrain from giving advice with generation specifically

What someone looks like they're describing is on hashed password creation, you store the hash itself and the salt and then when you check it, the browser sends the plaintext password and you use the previously generated salt and password to get the hash and compare against the existing hash

Someone more experienced in the subject please correct me if I'm wrong. I've only used token based systems

There seems to be a lot of contradicting info on the subject. Some going as far as saying even sending over plaintext in HTTPS isnt enough

what hes doing is incorrect either way

hes hashing the plaintext password then comparing the hash against itself

he should be grabbing the hash from the db and comparing the hashed plaintext against that

the thing is, you can just compare directly

there's no need to regenerate the hash

compare(passwordInput, hash)

did you read the docs 😔

AM I the only one seeing that he is directly hashing the password from the user input, then comparing it AGAIN to the user input

yeah, there's that

Basically he did
User Inputs Password -> Hashes that password -> Compares the user input password against the hash he generated with said password

there's not a single reference from user

except return [null, user]

I mean if thats how he wants t odo it by all means go ahead

but he definitely is not getting hired anywhere dealing with cyber sec

💀

if (!await bcrypt.compare(trimmedPassword, user.Password)) {
    console.log('Incorrect password');
    return done(null, false, { message: 'Incorrect password.' });
}

sayu

you use tailwind right?

@hidden gorge

const trimmedUsername = username.trim();
const trimmedPassword = password.trim();
                        ^^^^^^^^^^^^^^^
                        are those coming straight from user-controlled source?
                        or from your controller

a bit, yes

I needs help

😔

may not be enough to help you lmao

ask away

I am trying to get Home to align to the end

I am using flex and I went through all the alignment options

margin left auto

or justify space between

lemme see

well that kind of works

wait

what's the html structure

<MantineProvider theme={theme}>
          <AppShell className="dark">
            <AppShellHeader className="flex flex-row removeBorder shadow-sm shadow-night">
              <h1 className="pl-3 text-3xl">CollegeCrafts</h1>
              <div className="flex m-auto">
                <p>Home</p>
              </div>
            </AppShellHeader>
            <AppShellMain>
              {children}
            </AppShellMain>
          </AppShell>
</MantineProvider>

I use a comp lib called mantine

https://mantine.dev

make changes as follows

AppShellHeader class:+justify-between
    div class:-m-auto

:o thanks

m-auto will evenly space on all 4 sides

https://tailwindcss.com/docs/justify-content

ah

https://tailwindcss.com/docs if you need quick refs

ew now the text isnt centered

align-center

that would vertically center

actually it might be the overhead from the div

oh

nah

the div wraps around its children

then why is it like that?

make changes as follows

AppShellHeader class:+items-center

thank you sayu

by default, align item behaviour is stretch, which stretches the bounding box of children to fit the flex container on the off-axis

This is the first time i've touched web dev in like 4 years

😭

Im stressing out

dw, i'm doing ws

i'm immensely fucked

wanna trade?

i'd rather do ws than this shit

you help me, i help you

y'all doing web?

i'm doing cmake

cmake is nothing compared to web

bruh

lets trade then

i'd rather due cmake configuration than web development

what are you needing to do

being able to use third party dependencies

i was surprised that you can read my language

huh

its not that hard

also remove m-auto on that 2nd div

+ class name
- class name

Brain happened to be very helpful with providing documentation for linking with his library, but not sure for other libraries

what does the + and - mean

add/remove?

if you use git, you will know

i've never had to use + and - in git

git diff

export default function Home() {

  const items = [
    <li>A</li>,
    <li>B</li>,
    <li>C</li>
  ]

  return (
    <div className="flex min-h-screen flex-col items-center justify-between p-24">
      <h1>{...items}</h1>
    </div>
  );
}```
is this really how you gotta do it

😭

hmm?

@civic scroll sis do u know cmake

If you had an array of items, you'd have to map it into the element you want it to list as

then to display it you'd have to spread it

right?

{<Array>.map(fn => JSX.Component)}

huh

const friends = ['misty', 'sayiyu', 'nully'];

return (
  <div className="flex min-h-screen flex-col items-center justify-between p-24">
    my friends are:
    {friends.map(friend => (
       <li>{friend}</li>
    ))}
  </div>
);

<h1>{items.map(item => <li key={item}>{item}</li>)}</h1>
```?

yeah and key as well

i forgor

Alrighty then

thanks

gaming

I wonder how subdomains will work

with next

you have to assign manually

or use its dns

honestly ima just scratch that idea then

cause fuck that

i don't rember much, check project settings

my idea was to give each place its own subdomain

but nah

https://medium.com/@jfbaraky/using-subdomains-as-paths-on-next-js-e5aab5c28c28 yea nah this too much work

fuck that

how come we aren't added as friends

You’re not accepting friend requests

try again

ok

did you test with a wrong password to see if the wrong password fails correctly?

https://tenor.com/bOGXs.gif

why test if it fails

so long as it works

😏

its fails if its wrong

There is no possible way

the literal only fail point in that code is if the username is wrong

or it somehow generates the wrong hash

i reckon there is at least 5 authentication bypass vulnerabilities in that code right there

yea but did you enter the correct username

does the username exist

i didnt

there you go

now enter the correct username but an incorrect password

does user e exist?

FUCK

https://tenor.com/bdzS4.gif

i entered my username and the wrong password and it still let me in

yes

want to know why?

you are cooked

yes

Well here's the thing.

You are literally just hashing the password they entered, and then comparing that hash against the password they entered

LMAO

Thats not how you do that.

LMAO

LAMAO

LOMA

WHAT THE FUCK DO I DO

kappa chungus deluxe

I literally told you several times yesterday

your code is all wrong, as you've been told yesterday, but you didnt listen

you hash the password when they sign up, store that.

When they login, grab the HASHED password from the database, compare that hash against the password they entered

rip

when i saw that code i didnt even need to look at it indepth to know it was cooked

but misty beat me to it

I have to take any chance I get

there's not many with battleless "gone"

i wonder why

#development message
thought you'd read

turns out my asumptions disappointed me

even before that we told him as well

💀

and yet he still came up with that monstrosity

blud kept fucking around after finding out 😔

One message removed from a suspended account.

One message removed from a suspended account.

What do I put for the hash

bro

I've told you 3 times now

what

hashed user credentials, from db

here

Time #1 #development message
Time #2 #development message
Time #3 #development message

Each time you completely ignored what i said

like this?

passport.use('password', new LocalStrategy(
    async (username, password, done) => {
        try {
            const trimmedUsername = username.trim();
            const trimmedPassword = password.trim();

            console.log('Looking for user:', trimmedUsername);

            const user = await User.findOne({ Username: trimmedUsername });
            if (!user) {
                console.log('User not found');
                return done(null, false, { message: 'Incorrect username.' });
            }

            console.log('User found:', user);

            const isMatch = await bcrypt.compare(trimmedPassword, user.Password);
            
            if (isMatch) {
                return done(null, user);
            } else {
                return done(null, false, { message: 'Incorrect password.' });
            }
        } catch (err) {
            console.log('Error during authentication:', err);
            return done(err);
        }
    }
));

yea

but user.Password has to be a hashed password

so when they are signing up hash the password they used

omfg

the idea is, you store the hash in the db

then you grab the hash when they login and compare that against hte plaintext password they provide

so i hash trimmedPassword?

YOUR MAKING NO SENSE

I am making perfect sense

not to me

you just dont understand

could u please simplify it for me?

Remember when I said never store plain text passwords in your database?

yes and i dont

well...you were

mines hashed tho

oh good, now you hash them

now im confused

well since you already hash them then its fine

user.Password is the hash

trimmedPassword is the plaintext password

you compare the two and if it matches return the user, if not return an error

like yo uare currently doing

👍

why does it return failure tho?

I was still under the assumption that earlier when you weren't hashing the password

password is incorrect

One message removed from a suspended account.

or username is

even with the correct creds it still says failure

oh wait

well you have 3 points of failure.

Username wrong, Password Doesn't match, or that catch block

it works!

👍

thank you

I'd definitely watch a video on password hashing just to brush up on it

yeah im gonna

because your user password is hashed, you can use it directly in compare

yeah thx

finally working?

amen jesus

krishna budha allah quetzacoatl

💀

there's probably a flaw where I can still log in without touching the login page

yeah and it works

whats the website

like the url?

ye

http://scp.rosearcher.xyz:8040/login

its only http rn since my host hasnt proxied the url

can i save emails though

cuz i don't really see a way to send confirmation mails etc if it's hashed

yeah usually only the password is hashed, everything else is clear text, or at least with some sort of reversible encryption

although reversible encryptions are useless if their keys are stored in the same server

why uppercase..

usually clear text because any reversible encryption in a database is pointless

though if the encryption key is in the source code and the database is encrypted with it, if your database is compromised the data is safe until it can be decrypted

aws kms

that sounds so wrong

hcp vault

models :

const mongoose = require('mongoose');

const playerStatsSchema  = new mongoose.Schema({
    uuid: String,
    data: [
        {
            date: String,
            data: {
                faction: String,
                jobs: {
                    alchemist: {
                        level: Number,
                        xp: Number
                    },
                    farmer: {
                        level: Number,
                        xp: Number
                    },
                    hunter: {
                        level: Number,
                        xp: Number
                    },
                    miner: {
                        level: Number,
                        xp: Number
                    }
                },
                money: Number,
                rank: String,
                timePlayed: Number
            }
        }
    ]
});

module.exports = mongoose.model('PlayerStats', playerStatsSchema);```

My try

```js
const date = new Date();
const formattedDate = `${date.getDate()}-${date.getMonth() + 1}-${date.getFullYear()}`;
const listing = await Model.find({
    'data.date': { $ne: formattedDate }
});

console.log(listing)