From e3fd6cf8b46186d6163215fc73dedb94d81425c2 Mon Sep 17 00:00:00 2001
From: "Philip H." <47042125+pheiduck@users.noreply.github.com>
Date: Fri, 29 Dec 2023 15:43:26 +0000
Subject: [PATCH] fixup: bcrypt implementation

---
 src/lib/Server.js | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/lib/Server.js b/src/lib/Server.js
index b92ca7a2..a76e0f47 100644
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@@ -82,16 +82,9 @@ module.exports = class Server {
         }
 
         if (req.path.startsWith('/api/') && req.headers['authorization']) {
-          const authorizationHash = bcrypt.createHash('bcrypt')
-            .update(req.headers['authorization'])
-            .digest('hex');
-          const passwordHash = bcrypt.createHash('bcrypt')
-            .update(PASSWORD)
-            .digest('hex');
-          if (bcrypt.timingSafeEqual(Buffer.from(authorizationHash), Buffer.from(passwordHash))) {
+          if (bcrypt.compareSync(req.headers['authorization'], bcrypt.hashSync(PASSWORD, 10))) {
             return next();
           }
-
           return res.status(401).json({
             error: 'Incorrect Password',
           });