我需要破译用户名和密码,但不断从节点收到内部服务器错误

I need to decipher a username and password but keep getting internal server error from node

我很困惑为什么我的节点服务器在尝试从来自 ReactJS 应用程序的 axios post 请求中解密用户名和密码时抛出错误 500。

这是我的 React 代码:

import React from "react";
import { Container, Row, Col, Form, Jumbotron } from "react-bootstrap";
import { Button } from "../styled-components/button";
import { ButtonBase } from "@material-ui/core";
import { Fade } from "react-reveal";
import axios from "axios";
import { createCipheriv, randomBytes } from "crypto";
//create random 16bytes
let iv = "NcRfUjXn2r5u8x/A";
//encryption key that is used
let key = "gVkYp3s6v8y/B?E(H+MbQeThWmZq4t7w";

export default function Login(props) {
  //set State for the user application
  const [username, setUsername] = React.useState("");
  const [password, setPassword] = React.useState("");
  //set error message state if data returned is invalid
  const [error, setError] = React.useState(false);
  //create handlers for state change and assign value to the state
  const handleUsernameChange = (e) => {
    setUsername(e.target.value);
  };
  const handlePasswordChange = (e) => {
    setPassword(e.target.value);
  };
  //handle submission to the server
  const handleFormSubmit = (e) => {
    e.preventDefault();
    //start encryption process
    let cipher = createCipheriv("aes-256-cbc", key, iv);
    //username encryption
    let encryptedUsername = cipher.update(username, "utf-8", "hex");
    encryptedUsername += cipher.final("hex");
    //password encryption process
    let encryptedPassword = cipher.update(password, "utf-8", "hex");
    encryptedPassword += cipher.final("hex");

    console.log(encryptedUsername + " " + encryptedPassword);
    //post the encrypted data to the server
    axios
      .post("/users", {
        username: encryptedUsername,
        password: encryptedPassword,
      })
      .then((res) => {
        //receive the response from the server and mark the username & password correct/invalid
        if (res.data === "invalid") {
          setError(true);
          //if username and password are valid, then transfer user to the home page and create a session
        } else if (
          encryptedUsername === res.data[0].username &&
          encryptedPassword === res.data[0].password
        ) {
          //window.location = "/home";
        }
      })
      .catch((err) => {
        console.log(err);
      });
  };

  return (
    <Fade>
      <Container style={{ marginTop: "5%" }}>
        <Row>
          <Col lg={12} style={{ textAlign: "center" }}>
            <h3>Please Login to see all your daily To-Do Tasks</h3>
          </Col>
          <Col lg={12}>
            <Form onSubmit={handleFormSubmit}>
              <Jumbotron>
                <Row>
                  <Col>
                    <Form.Label>Username:</Form.Label>
                    <Form.Control
                      onChange={handleUsernameChange}
                      placeholder="Username:"
                      value={username}
                      required
                    ></Form.Control>
                  </Col>
                  <Col>
                    <Form.Label>Password:</Form.Label>
                    <Form.Control
                      onChange={handlePasswordChange}
                      placeholder="Password:"
                      value={password}
                      required
                      type="password"
                    ></Form.Control>
                  </Col>
                </Row>
                <Row>
                  <Col>
                    {error ? (
                      <Fade>
                        <b style={{ color: "red" }}>
                          Invalid username or password
                        </b>
                      </Fade>
                    ) : (
                      <></>
                    )}
                  </Col>
                </Row>
                <Row style={{ marginTop: "5%" }}>
                  <Col>
                    <ButtonBase style={{ float: "right" }}>
                      <Button
                        color="primary"
                        style={{ float: "right" }}
                        type="submit"
                      >
                        Login
                      </Button>
                    </ButtonBase>
                  </Col>
                </Row>
                <Row>
                  <Col style={{ marginTop: "5%" }}>
                    <p style={{ float: "right" }}>
                      Need to register?{" "}
                      <a href="https://google.com/"> click here</a>
                    </p>
                  </Col>
                </Row>
              </Jumbotron>
            </Form>
          </Col>
        </Row>
      </Container>
    </Fade>
  );
}

现在这是我的 node.js 用于处理该请求的快速代码:

我更新了方法并放置了两个函数以在用户名和密码登陆时调用,我注意到用户名正在记录并且是一个字符串,但是当我在破译后尝试记录我的密码时它显示都是奇怪的字符,所以密码破译方法肯定有问题,因为当我登录我的服务器时密码的typeof是什么,它显示它是一个字符串,并且它显示它与加密密码对应从客户端发送,但是当它通过解密方法时,它会将它加扰并吐出那些奇怪的字符。

const express = require("express");
const router = express.Router();
const connection = require("../database/connection");
const logger = require("../logger/logger");
const crypto = require("crypto");
//create initial vector
let iv = "NcRfUjXn2r5u8x/A";
//create the crypto key for deciphering the username/password
let key = "gVkYp3s6v8y/B?E(H+MbQeThWmZq4t7w";
/* GET users listing. */
router.post("/", function (req, res, next) {
  console.log(req.body);

  let reqUser = req.body.username;
  let reqPass = req.body.pass;

  function decryptUsername() {
    //create decipcher API
    let decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
    //decipher the username before sending it to MySQL
    let decryptedUsername = decipher.update(reqUser, "hex", "utf-8");
    decryptedUsername += decipher.final("utf-8");

    console.log(decryptedUsername);

    return decryptedUsername;
  }

  function decryptPassword() {
    //create decipcher API
    let decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
    //decipher the password before sending it to MySQL
    let decryptedPassword = decipher.update(reqPass, "hex", "utf-8");
    decryptedPassword += decipher.final("utf-8");

    console.log(typeof decryptedPassword);

    return decryptedPassword;
  }

  let username = decryptUsername(reqUser);
  console.log(username);

  let password = decryptPassword(reqPass);

  //Establish connection to MySQL Database
  connection.getConnection((err) => {
    if (err) throw err;
    //MySQL database query to check username & password exists
    connection.query(
      "SELECT username, password FROM users WHERE username = ? AND password = ?",
      [username, password],
      function (err, results) {
        if (results.length === 0) {
          //log the credentails that are invalid/un-authenticated
          logger.log({
            level: "error",
            message: `failed user login: username: ${username} password: ${password}`,
          });
          //send invalid response to let the server know that credentials are incorrect
          res.send("invalid");
        } else {
          //logger to log access control to the access.log file
          logger.log({
            level: "info",
            message: `user ${username} logged in at:`,
          });
          //send response to user
          console.log(results);
          res.send(results);
        }
      }
    );
  });
});

module.exports = router;

我的加密数据也被正确发送,服务器端和客户端共享静态密钥和初始化向量,但是当我在服务器端尝试解密时,它只是抛出错误 500

任何帮助将不胜感激:)

这是服务器错误的片段POST /users 500

这是当我console.log(解密)

logging the decipher method

Strange characters that it is spitting out

首先,

  1. 您应该使用 useEffect 进行所有休息调用。如果你需要制作方法,我有一个示例库,我可以分享。
  2. 服务器路由上的 /users 路径在哪里?
  3. 你最后应该有 res.send。日志记录也需要在上面。否则,您将在 server-side.
  4. 上得到一个 warning/error
  5. 你怎么知道 decipher 给出了 500 错误?您看到任何错误信息了吗?

所以我发现导致我的加密密码被解析为奇怪字符的问题,我必须为每个加密和解密方法创建一个模块,将值传递给解密模块,然后 return值,现在它工作得很好