Docker/codex.docs
Docker/codex.docs
1
0
Fork 0
mirror of https://github.com/codex-team/codex.docs.git synced 2025-08-08 06:55:26 +02:00
Code Issues Releases Activity

raw password comparison added

Browse source
This commit is contained in:
Umang G. Patel 2022-04-21 23:53:02 +05:30
parent 2e15ce24d5
commit 1fb4cf3106
2 changed files with 23 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/backend/routes/auth.ts
View file

@ -28,9 +28,9 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) {
router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => { router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
try { try {
const userDoc = await Users.get(); const userDoc = await Users.get();
const passHash = userDoc.passHash; const password = userDoc.password;
if (!passHash) { if (!password) {
res.render('auth', { res.render('auth', {
title: 'Login page', title: 'Login page',
header: 'Password not set', header: 'Password not set',
@ -40,30 +40,28 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
return; return;
} }
bcrypt.compare(req.body.password, passHash, async (err, result) => { if (req.body.password !== password) {
if (err || result === false) { res.render('auth', {
res.render('auth', { title: 'Login page',
title: 'Login page', header: 'Wrong password',
header: 'Wrong password', csrfToken: req.csrfToken(),
csrfToken: req.csrfToken(),
});
return;
}
const token = jwt.sign({
iss: 'Codex Team',
sub: 'auth',
iat: Date.now(),
}, passHash + config.get('secret'));
res.cookie('authToken', token, {
httpOnly: true,
expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
}); });
res.redirect('/'); return;
}
const token = jwt.sign({
iss: 'Codex Team',
sub: 'auth',
iat: Date.now(),
}, password + config.get('secret'));
res.cookie('authToken', token, {
httpOnly: true,
expires: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
}); });
res.redirect('/');
} catch (err) { } catch (err) {
res.render('auth', { res.render('auth', {
title: 'Login page', title: 'Login page',

4
src/backend/routes/middlewares/token.ts
View file

@ -19,14 +19,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex
try { try {
const userDoc = await Users.get(); const userDoc = await Users.get();
if (!userDoc.passHash) { if (!userDoc.password) {
res.locals.isAuthorized = false; res.locals.isAuthorized = false;
next(); next();
return; return;
} }
const decodedToken = jwt.verify(token, userDoc.passHash + config.get('secret')); const decodedToken = jwt.verify(token, userDoc.password + config.get('secret'));
res.locals.isAuthorized = !!decodedToken; res.locals.isAuthorized = !!decodedToken;