From b5372f0dbc0d6c081f0488f0df1314f83a7fe935 Mon Sep 17 00:00:00 2001
From: Philip H <47042125+pheiduck@users.noreply.github.com>
Date: Sun, 16 Jun 2024 16:14:19 +0200
Subject: [PATCH] bring password hash back users want to have this instead
 cleartext password. Mitigates security issues.

---
 src/lib/Server.js | 10 ++++++++++
 src/package.json  |  1 +
 2 files changed, 11 insertions(+)

diff --git a/src/lib/Server.js b/src/lib/Server.js
index 1366eac..1b30612 100644
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@@ -1,5 +1,6 @@
 'use strict';
 
+const bcrypt = require('bcryptjs');
 const crypto = require('node:crypto');
 const { createServer } = require('node:http');
 const { stat, readFile } = require('node:fs/promises');
@@ -117,6 +118,15 @@ module.exports = class Server {
           return next();
         }
 
+        if (req.url.startsWith('/api/') && req.headers['authorization']) {
+          if (bcrypt.compareSync(req.headers['authorization'], bcrypt.hashSync(PASSWORD, 10))) {
+            return next();
+          }
+          return res.status(401).json({
+            error: 'Incorrect Password',
+          });
+        }
+
         return res.status(401).json({
           error: 'Not Logged In',
         });
diff --git a/src/package.json b/src/package.json
index 97cb221..8a3954d 100644
--- a/src/package.json
+++ b/src/package.json
@@ -13,6 +13,7 @@
   "author": "Emile Nijssen",
   "license": "CC BY-NC-SA 4.0",
   "dependencies": {
+    "bcryptjs": "^2.4.3",
     "debug": "^4.3.5",
     "express-session": "^1.18.0",
     "h3": "^1.11.1",