apps/wg-easy
1
0
Fork 0
mirror of https://github.com/wg-easy/wg-easy.git synced 2025-10-05 15:47:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

bring password hash back

Browse Source 
users want to have this instead cleartext password. Mitigates security issues.
This commit is contained in:
Philip H
2024-06-16 16:14:19 +02:00
parent 390b72c94a
commit b5372f0dbc
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/lib/Server.js
View File

@@ -1,5 +1,6 @@
'use strict';
const bcrypt = require('bcryptjs');
const crypto = require('node:crypto');
const { createServer } = require('node:http');
const { stat, readFile } = require('node:fs/promises');
@@ -117,6 +118,15 @@ module.exports = class Server {
return next();
}
if (req.url.startsWith('/api/') && req.headers['authorization']) {
if (bcrypt.compareSync(req.headers['authorization'], bcrypt.hashSync(PASSWORD, 10))) {
return next();
}
return res.status(401).json({
error: 'Incorrect Password',
});
}
return res.status(401).json({
error: 'Not Logged In',
});