Browse Source

sessionless auth

pull/597/head
babadzhanov 3 years ago
parent
commit
260b790a3e
  1. 17
      src/lib/Server.js

17
src/lib/Server.js

@ -1,6 +1,7 @@
'use strict'; 'use strict';
const path = require('path'); const path = require('path');
const crypto = require('crypto');
const express = require('express'); const express = require('express');
const expressSession = require('express-session'); const expressSession = require('express-session');
@ -75,6 +76,22 @@ module.exports = class Server {
return next(); return next();
} }
if (req.path.startsWith('/api/') && req.headers['authorization']) {
const authorizationHash = crypto.createHash('sha256')
.update(req.headers['authorization'])
.digest('hex');
const passwordHash = crypto.createHash('sha256')
.update(PASSWORD)
.digest('hex');
if (crypto.timingSafeEqual(Buffer.from(authorizationHash), Buffer.from(passwordHash))) {
return next();
}
return res.status(401).json({
error: 'Incorrect Password',
});
}
return res.status(401).json({ return res.status(401).json({
error: 'Not Logged In', error: 'Not Logged In',
}); });

Loading…
Cancel
Save