fix: Improve password hasher and env loader (#6)

Dockerfile

@@ -20,7 +20,7 @@ RUN apk add -U --no-cache \
   wireguard-tools \
   tor &&\
   # NPM packages
-  npm install -g @litehex/node-checksum &&\
+  npm install -g @litehex/node-checksum@0.2 &&\
   # Clear APK cache
   rm -rf /var/cache/apk/*
 

Dockerfile-Dev

@@ -20,7 +20,7 @@ RUN apk add -U --no-cache \
   wireguard-tools \
   tor &&\
   # NPM packages
-  npm install -g @litehex/node-checksum &&\
+  npm install -g @litehex/node-checksum@0.2 &&\
   # Clear APK cache
   rm -rf /var/cache/apk/*
 

docker-entrypoint.sh

@@ -75,12 +75,12 @@ EOF
 fi
 
 # Checking if there is `UI_PASSWORD` environment variable
-# if there was, converting it to hex and storing it to
+# if there was, converting it to sha256 and storing it to
 # the .env
 if [ -n "$UI_PASSWORD" ]; then
   sed -i '/^HASHED_PASSWORD/d' "${ENV_FILE}"
   tee -a "${ENV_FILE}" &>/dev/null <<EOF
-HASHED_PASSWORD=$(printf "%s" "${UI_PASSWORD}" | od -A n -t x1 | tr -d ' \n')
+HASHED_PASSWORD=$(checksum hash -a sha256 -C "${UI_PASSWORD}")
 EOF
   unset UI_PASSWORD
 else

web/src/lib/env.ts

@@ -1,16 +1,18 @@
 import { createEnv } from '@t3-oss/env-core';
 import { z } from 'zod';
-import { hex, sha256 } from '$lib/hash';
+import { sha256 } from '$lib/hash';
 import { randomUUID } from 'node:crypto';
+
 import 'dotenv/config';
 
 export const env = createEnv({
   runtimeEnv: process.env,
+  emptyStringAsUndefined: true,
   server: {
     NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
     STORAGE_PATH: z.string().default('/data/storage.pack'),
     AUTH_SECRET: z.string().default(sha256(randomUUID())),
-    HASHED_PASSWORD: z.string().default(hex('insecure-password')),
+    HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
     ORIGIN: z.string().optional(),
   },
 });

web/src/routes/login/+page.server.ts

@@ -8,6 +8,7 @@ import logger from '$lib/logger';
 import { zod } from 'sveltekit-superforms/adapters';
 import { env } from '$lib/env';
 import { AUTH_COOKIE } from '$lib/constants';
+import { sha256 } from '$lib/hash';
 
 export const load: PageServerLoad = async () => {
   return {
@@ -29,7 +30,7 @@ export const actions: Actions = {
       const { password } = form.data;
 
       const hashed = HASHED_PASSWORD.toLowerCase();
-      const receivedHashed = Buffer.from(password.toString()).toString('hex').toLowerCase();
+      const receivedHashed = sha256(password).toLowerCase();
 
       if (hashed !== receivedHashed) {
         return setError(form, 'password', 'Incorrect password.');