|
|
|
@ -1,6 +1,7 @@ |
|
|
|
'use strict'; |
|
|
|
|
|
|
|
const path = require('path'); |
|
|
|
const crypto = require('crypto'); |
|
|
|
|
|
|
|
const express = require('express'); |
|
|
|
const expressSession = require('express-session'); |
|
|
|
@ -75,6 +76,22 @@ module.exports = class Server { |
|
|
|
return next(); |
|
|
|
} |
|
|
|
|
|
|
|
if (req.path.startsWith('/api/') && req.headers['authorization']) { |
|
|
|
const authorizationHash = crypto.createHash('sha256') |
|
|
|
.update(req.headers['authorization']) |
|
|
|
.digest('hex'); |
|
|
|
const passwordHash = crypto.createHash('sha256') |
|
|
|
.update(PASSWORD) |
|
|
|
.digest('hex'); |
|
|
|
if (crypto.timingSafeEqual(Buffer.from(authorizationHash), Buffer.from(passwordHash))) { |
|
|
|
return next(); |
|
|
|
} |
|
|
|
|
|
|
|
return res.status(401).json({ |
|
|
|
error: 'Incorrect Password', |
|
|
|
}); |
|
|
|
} |
|
|
|
|
|
|
|
return res.status(401).json({ |
|
|
|
error: 'Not Logged In', |
|
|
|
}); |
|
|
|
|