Docker/codex.docs
Docker/codex.docs
1
0
Fork 0
mirror of https://github.com/codex-team/codex.docs.git synced 2025-08-08 06:55:26 +02:00
Code Issues Releases Activity

raw password comparison added

Browse source
This commit is contained in:
Umang G. Patel 2022-04-21 23:53:02 +05:30
parent 2e15ce24d5
commit 1fb4cf3106
2 changed files with 23 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/backend/routes/auth.ts
View file

@ -28,9 +28,9 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) {
router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => { router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
try { try {
const userDoc = await Users.get(); const userDoc = await Users.get();
const passHash = userDoc.passHash; const password = userDoc.password;
if (!passHash) { if (!password) {
res.render('auth', { res.render('auth', {
title: 'Login page', title: 'Login page',
header: 'Password not set', header: 'Password not set',
@ -40,8 +40,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
return; return;
} }
bcrypt.compare(req.body.password, passHash, async (err, result) => { if (req.body.password !== password) {
if (err || result === false) {
res.render('auth', { res.render('auth', {
title: 'Login page', title: 'Login page',
header: 'Wrong password', header: 'Wrong password',
@ -55,7 +54,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
iss: 'Codex Team', iss: 'Codex Team',
sub: 'auth', sub: 'auth',
iat: Date.now(), iat: Date.now(),
}, passHash + config.get('secret')); }, password + config.get('secret'));
res.cookie('authToken', token, { res.cookie('authToken', token, {
httpOnly: true, httpOnly: true,
@ -63,7 +62,6 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
}); });
res.redirect('/'); res.redirect('/');
});
} catch (err) { } catch (err) {
res.render('auth', { res.render('auth', {
title: 'Login page', title: 'Login page',

4
src/backend/routes/middlewares/token.ts
View file

@ -19,14 +19,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex
try { try {
const userDoc = await Users.get(); const userDoc = await Users.get();
if (!userDoc.passHash) { if (!userDoc.password) {
res.locals.isAuthorized = false; res.locals.isAuthorized = false;
next(); next();
return; return;
} }
const decodedToken = jwt.verify(token, userDoc.passHash + config.get('secret')); const decodedToken = jwt.verify(token, userDoc.password + config.get('secret'));
res.locals.isAuthorized = !!decodedToken; res.locals.isAuthorized = !!decodedToken;