Browse Source
bring password hash back
users want to have this instead cleartext password. Mitigates security issues.
pull/1113/head
Philip H
10 months ago
No known key found for this signature in database
GPG Key ID: DA39C2199C603FA5
2 changed files with
11 additions and
0 deletions
-
src/lib/Server.js
-
src/package.json
|
|
|
@ -1,5 +1,6 @@ |
|
|
|
'use strict'; |
|
|
|
|
|
|
|
const bcrypt = require('bcryptjs'); |
|
|
|
const crypto = require('node:crypto'); |
|
|
|
const { createServer } = require('node:http'); |
|
|
|
const { stat, readFile } = require('node:fs/promises'); |
|
|
|
@ -117,6 +118,15 @@ module.exports = class Server { |
|
|
|
return next(); |
|
|
|
} |
|
|
|
|
|
|
|
if (req.url.startsWith('/api/') && req.headers['authorization']) { |
|
|
|
if (bcrypt.compareSync(req.headers['authorization'], bcrypt.hashSync(PASSWORD, 10))) { |
|
|
|
return next(); |
|
|
|
} |
|
|
|
return res.status(401).json({ |
|
|
|
error: 'Incorrect Password', |
|
|
|
}); |
|
|
|
} |
|
|
|
|
|
|
|
return res.status(401).json({ |
|
|
|
error: 'Not Logged In', |
|
|
|
}); |
|
|
|
|
|
|
|
@ -13,6 +13,7 @@ |
|
|
|
"author": "Emile Nijssen", |
|
|
|
"license": "CC BY-NC-SA 4.0", |
|
|
|
"dependencies": { |
|
|
|
"bcryptjs": "^2.4.3", |
|
|
|
"debug": "^4.3.5", |
|
|
|
"express-session": "^1.18.0", |
|
|
|
"h3": "^1.11.1", |
|
|
|
|
