raw password comparison added

src/backend/routes/auth.ts

@@ -28,9 +28,9 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) {
 router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
   try {
     const userDoc = await Users.get();
-    const passHash = userDoc.passHash;
+    const password = userDoc.password;
 
-    if (!passHash) {
+    if (!password) {
       res.render('auth', {
         title: 'Login page',
         header: 'Password not set',
@@ -40,8 +40,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
       return;
     }
 
-    bcrypt.compare(req.body.password, passHash, async (err, result) => {
-      if (err || result === false) {
+    if (req.body.password !== password) {
       res.render('auth', {
         title: 'Login page',
         header: 'Wrong password',
@@ -55,7 +54,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
       iss: 'Codex Team',
       sub: 'auth',
       iat: Date.now(),
-      }, passHash + config.get('secret'));
+    }, password + config.get('secret'));
 
     res.cookie('authToken', token, {
       httpOnly: true,
@@ -63,7 +62,6 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
     });
 
     res.redirect('/');
-    });
   } catch (err) {
     res.render('auth', {
       title: 'Login page',

src/backend/routes/middlewares/token.ts

@@ -19,14 +19,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex
   try {
     const userDoc = await Users.get();
 
-    if (!userDoc.passHash) {
+    if (!userDoc.password) {
       res.locals.isAuthorized = false;
       next();
 
       return;
     }
 
-    const decodedToken = jwt.verify(token, userDoc.passHash + config.get('secret'));
+    const decodedToken = jwt.verify(token, userDoc.password + config.get('secret'));
 
     res.locals.isAuthorized = !!decodedToken;