forks
/
amnezia-wg-easy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bring password hash back 

users want to have this instead cleartext password. Mitigates security issues.
This commit is contained in:
Philip H 2024-06-16 16:14:19 +02:00
parent 390b72c94a
commit b5372f0dbc
No known key found for this signature in database
GPG Key ID: DA39C2199C603FA5
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/lib/Server.js
View File

@ -1,5 +1,6 @@
'use strict'; 'use strict';
const bcrypt = require('bcryptjs');
const crypto = require('node:crypto'); const crypto = require('node:crypto');
const { createServer } = require('node:http'); const { createServer } = require('node:http');
const { stat, readFile } = require('node:fs/promises'); const { stat, readFile } = require('node:fs/promises');
@ -117,6 +118,15 @@ module.exports = class Server {
return next(); return next();
} }
if (req.url.startsWith('/api/') && req.headers['authorization']) {
if (bcrypt.compareSync(req.headers['authorization'], bcrypt.hashSync(PASSWORD, 10))) {
return next();
}
return res.status(401).json({
error: 'Incorrect Password',
});
}
return res.status(401).json({ return res.status(401).json({
error: 'Not Logged In', error: 'Not Logged In',
}); });

1
src/package.json
View File

@ -13,6 +13,7 @@
"author": "Emile Nijssen", "author": "Emile Nijssen",
"license": "CC BY-NC-SA 4.0", "license": "CC BY-NC-SA 4.0",
"dependencies": { "dependencies": {
"bcryptjs": "^2.4.3",
"debug": "^4.3.5", "debug": "^4.3.5",
"express-session": "^1.18.0", "express-session": "^1.18.0",
"h3": "^1.11.1", "h3": "^1.11.1",