Browse Source

Sessionless HTTP API authentication by using the WG_PASSWORD in the Authorization header

pull/586/head
James Stokes 3 years ago
parent
commit
3a9f7e443b
  1. 17
      src/lib/Server.js

17
src/lib/Server.js

@ -1,6 +1,7 @@
'use strict';
const path = require('path');
const crypto = require('crypto');
const express = require('express');
const expressSession = require('express-session');
@ -75,6 +76,22 @@ module.exports = class Server {
return next();
}
if (req.path.startsWith('/api/') && req.headers['authorization']) {
const authorizationHash = crypto.createHash('sha256')
.update(req.headers['authorization'])
.digest('hex');
const passwordHash = crypto.createHash('sha256')
.update(PASSWORD)
.digest('hex');
if (crypto.timingSafeEqual(Buffer.from(authorizationHash), Buffer.from(passwordHash))) {
return next();
}
return res.status(401).json({
error: 'Incorrect Password',
});
}
return res.status(401).json({
error: 'Not Logged In',
});

Loading…
Cancel
Save