This commit is contained in:
Shahrad Elahi 2024-04-26 23:10:08 +03:30
parent 3309450063
commit fa9daa12fb
2 changed files with 6 additions and 3 deletions

View File

@ -1,16 +1,18 @@
import { createEnv } from '@t3-oss/env-core'; import { createEnv } from '@t3-oss/env-core';
import { z } from 'zod'; import { z } from 'zod';
import { hex, sha256 } from '$lib/hash'; import { sha256 } from '$lib/hash';
import { randomUUID } from 'node:crypto'; import { randomUUID } from 'node:crypto';
import 'dotenv/config'; import 'dotenv/config';
export const env = createEnv({ export const env = createEnv({
runtimeEnv: process.env, runtimeEnv: process.env,
emptyStringAsUndefined: true,
server: { server: {
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'), NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
STORAGE_PATH: z.string().default('/data/storage.pack'), STORAGE_PATH: z.string().default('/data/storage.pack'),
AUTH_SECRET: z.string().default(sha256(randomUUID())), AUTH_SECRET: z.string().default(sha256(randomUUID())),
HASHED_PASSWORD: z.string().default(hex('insecure-password')), HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
ORIGIN: z.string().optional(), ORIGIN: z.string().optional(),
}, },
}); });

View File

@ -8,6 +8,7 @@ import logger from '$lib/logger';
import { zod } from 'sveltekit-superforms/adapters'; import { zod } from 'sveltekit-superforms/adapters';
import { env } from '$lib/env'; import { env } from '$lib/env';
import { AUTH_COOKIE } from '$lib/constants'; import { AUTH_COOKIE } from '$lib/constants';
import { sha256 } from '$lib/hash';
export const load: PageServerLoad = async () => { export const load: PageServerLoad = async () => {
return { return {
@ -29,7 +30,7 @@ export const actions: Actions = {
const { password } = form.data; const { password } = form.data;
const hashed = HASHED_PASSWORD.toLowerCase(); const hashed = HASHED_PASSWORD.toLowerCase();
const receivedHashed = Buffer.from(password.toString()).toString('hex').toLowerCase(); const receivedHashed = sha256(password).toLowerCase();
if (hashed !== receivedHashed) { if (hashed !== receivedHashed) {
return setError(form, 'password', 'Incorrect password.'); return setError(form, 'password', 'Incorrect password.');