Docker/codex.docs
Docker/codex.docs
1
0
Fork 0
mirror of https://github.com/codex-team/codex.docs.git synced 2025-08-08 06:55:26 +02:00
Code Issues Releases Activity

use password from appConfig

Browse source
This commit is contained in:
Nikita Melnikov 2022-09-28 20:46:28 +08:00
parent 0b25ffcdf6
commit 97257e185c
5 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -43,7 +43,7 @@ Here is our [Demo Application](https://docs-demo.codex.so/) where you can try Co
git clone https://github.com/codex-team/codex.docs
```
### 2. Fill the appConfig
### 2. Fill the config
Read about available [configuration](https://docs.codex.so/configuration) options.

2
app-config.yaml
View file

@ -1,7 +1,7 @@
port: 4000
host: "localhost"
uploads: "./uploads"
password: secretpassword
frontend:
title: "CodeX Docs"
description: "A block-styled editor with clean JSON output"

6
src/backend/routes/auth.ts
View file

@ -22,7 +22,7 @@ router.get('/auth', csrfProtection, function (req: Request, res: Response) {
*/
router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Response) => {
try {
if (!process.env.PASSWORD) {
if (!appConfig.password) {
res.render('auth', {
title: 'Login page',
header: 'Password not set',
@ -32,7 +32,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
return;
}
if (req.body.password !== process.env.PASSWORD) {
if (req.body.password !== appConfig.password) {
res.render('auth', {
title: 'Login page',
header: 'Wrong password',
@ -46,7 +46,7 @@ router.post('/auth', parseForm, csrfProtection, async (req: Request, res: Respon
iss: 'Codex Team',
sub: 'auth',
iat: Date.now(),
}, process.env.PASSWORD + appConfig.auth.secret);
}, appConfig.password + appConfig.auth.secret);
res.cookie('authToken', token, {
httpOnly: true,

4
src/backend/routes/middlewares/token.ts
View file

@ -14,14 +14,14 @@ export default async function verifyToken(req: Request, res: Response, next: Nex
const token = req.cookies.authToken;
try {
if (!process.env.PASSWORD) {
if (!appConfig.password) {
res.locals.isAuthorized = false;
next();
return;
}
const decodedToken = jwt.verify(token, process.env.PASSWORD + appConfig.auth.secret);
const decodedToken = jwt.verify(token, appConfig.password + appConfig.auth.secret);
res.locals.isAuthorized = !!decodedToken;

1
src/backend/utils/appConfig.ts
View file

@ -45,6 +45,7 @@ const AppConfig = z.object({
favicon: z.string().optional(), // Path or URL to favicon
uploads: z.string(), // Path to uploads folder
hawk: HawkConfig.optional().nullable(), // Hawk configuration
password: z.string(), // Password for admin panel
frontend: FrontendConfig, // Frontend configuration
auth: AuthConfig, // Auth configuration
database: LocalDatabaseConfig, // Database configuration