From fa9daa12fbc5ade131c34bffaf77a2ce29193aaa Mon Sep 17 00:00:00 2001 From: Shahrad Elahi Date: Fri, 26 Apr 2024 23:10:08 +0330 Subject: [PATCH] fix --- web/src/lib/env.ts | 6 ++++-- web/src/routes/login/+page.server.ts | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/web/src/lib/env.ts b/web/src/lib/env.ts index c5bad9f..d02af4f 100644 --- a/web/src/lib/env.ts +++ b/web/src/lib/env.ts @@ -1,16 +1,18 @@ import { createEnv } from '@t3-oss/env-core'; import { z } from 'zod'; -import { hex, sha256 } from '$lib/hash'; +import { sha256 } from '$lib/hash'; import { randomUUID } from 'node:crypto'; + import 'dotenv/config'; export const env = createEnv({ runtimeEnv: process.env, + emptyStringAsUndefined: true, server: { NODE_ENV: z.enum(['development', 'production', 'test']).default('development'), STORAGE_PATH: z.string().default('/data/storage.pack'), AUTH_SECRET: z.string().default(sha256(randomUUID())), - HASHED_PASSWORD: z.string().default(hex('insecure-password')), + HASHED_PASSWORD: z.string().default(sha256('insecure-password')), ORIGIN: z.string().optional(), }, }); diff --git a/web/src/routes/login/+page.server.ts b/web/src/routes/login/+page.server.ts index 0d048d6..5ec4e14 100644 --- a/web/src/routes/login/+page.server.ts +++ b/web/src/routes/login/+page.server.ts @@ -8,6 +8,7 @@ import logger from '$lib/logger'; import { zod } from 'sveltekit-superforms/adapters'; import { env } from '$lib/env'; import { AUTH_COOKIE } from '$lib/constants'; +import { sha256 } from '$lib/hash'; export const load: PageServerLoad = async () => { return { @@ -29,7 +30,7 @@ export const actions: Actions = { const { password } = form.data; const hashed = HASHED_PASSWORD.toLowerCase(); - const receivedHashed = Buffer.from(password.toString()).toString('hex').toLowerCase(); + const receivedHashed = sha256(password).toLowerCase(); if (hashed !== receivedHashed) { return setError(form, 'password', 'Incorrect password.');