mirror of
https://github.com/wireadmin/wireadmin
synced 2025-06-26 18:28:06 +00:00
fix
This commit is contained in:
parent
3309450063
commit
fa9daa12fb
@ -1,16 +1,18 @@
|
|||||||
import { createEnv } from '@t3-oss/env-core';
|
import { createEnv } from '@t3-oss/env-core';
|
||||||
import { z } from 'zod';
|
import { z } from 'zod';
|
||||||
import { hex, sha256 } from '$lib/hash';
|
import { sha256 } from '$lib/hash';
|
||||||
import { randomUUID } from 'node:crypto';
|
import { randomUUID } from 'node:crypto';
|
||||||
|
|
||||||
import 'dotenv/config';
|
import 'dotenv/config';
|
||||||
|
|
||||||
export const env = createEnv({
|
export const env = createEnv({
|
||||||
runtimeEnv: process.env,
|
runtimeEnv: process.env,
|
||||||
|
emptyStringAsUndefined: true,
|
||||||
server: {
|
server: {
|
||||||
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
||||||
STORAGE_PATH: z.string().default('/data/storage.pack'),
|
STORAGE_PATH: z.string().default('/data/storage.pack'),
|
||||||
AUTH_SECRET: z.string().default(sha256(randomUUID())),
|
AUTH_SECRET: z.string().default(sha256(randomUUID())),
|
||||||
HASHED_PASSWORD: z.string().default(hex('insecure-password')),
|
HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
|
||||||
ORIGIN: z.string().optional(),
|
ORIGIN: z.string().optional(),
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
|
@ -8,6 +8,7 @@ import logger from '$lib/logger';
|
|||||||
import { zod } from 'sveltekit-superforms/adapters';
|
import { zod } from 'sveltekit-superforms/adapters';
|
||||||
import { env } from '$lib/env';
|
import { env } from '$lib/env';
|
||||||
import { AUTH_COOKIE } from '$lib/constants';
|
import { AUTH_COOKIE } from '$lib/constants';
|
||||||
|
import { sha256 } from '$lib/hash';
|
||||||
|
|
||||||
export const load: PageServerLoad = async () => {
|
export const load: PageServerLoad = async () => {
|
||||||
return {
|
return {
|
||||||
@ -29,7 +30,7 @@ export const actions: Actions = {
|
|||||||
const { password } = form.data;
|
const { password } = form.data;
|
||||||
|
|
||||||
const hashed = HASHED_PASSWORD.toLowerCase();
|
const hashed = HASHED_PASSWORD.toLowerCase();
|
||||||
const receivedHashed = Buffer.from(password.toString()).toString('hex').toLowerCase();
|
const receivedHashed = sha256(password).toLowerCase();
|
||||||
|
|
||||||
if (hashed !== receivedHashed) {
|
if (hashed !== receivedHashed) {
|
||||||
return setError(form, 'password', 'Incorrect password.');
|
return setError(form, 'password', 'Incorrect password.');
|
||||||
|
Loading…
Reference in New Issue
Block a user