forks/amnezia-wg-easy
1
0
Fork 0
forked from mirrors/amnezia-wg-easy
Code Pull requests Activity

fixup: bcrypt implementation

Browse source
This commit is contained in:
Philip H. 2023-12-29 15:43:26 +00:00 committed by GitHub
parent 96420d6f51
commit e3fd6cf8b4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/lib/Server.js
View file

@ -82,16 +82,9 @@ module.exports = class Server {
} }
if (req.path.startsWith('/api/') && req.headers['authorization']) { if (req.path.startsWith('/api/') && req.headers['authorization']) {
const authorizationHash = bcrypt.createHash('bcrypt') if (bcrypt.compareSync(req.headers['authorization'], bcrypt.hashSync(PASSWORD, 10))) {
.update(req.headers['authorization'])
.digest('hex');
const passwordHash = bcrypt.createHash('bcrypt')
.update(PASSWORD)
.digest('hex');
if (bcrypt.timingSafeEqual(Buffer.from(authorizationHash), Buffer.from(passwordHash))) {
return next(); return next();
} }
return res.status(401).json({ return res.status(401).json({
error: 'Incorrect Password', error: 'Incorrect Password',
}); });