mirror of
https://github.com/wireadmin/wireadmin
synced 2025-06-26 18:28:06 +00:00
fix
This commit is contained in:
parent
3309450063
commit
fa9daa12fb
@ -1,16 +1,18 @@
|
||||
import { createEnv } from '@t3-oss/env-core';
|
||||
import { z } from 'zod';
|
||||
import { hex, sha256 } from '$lib/hash';
|
||||
import { sha256 } from '$lib/hash';
|
||||
import { randomUUID } from 'node:crypto';
|
||||
|
||||
import 'dotenv/config';
|
||||
|
||||
export const env = createEnv({
|
||||
runtimeEnv: process.env,
|
||||
emptyStringAsUndefined: true,
|
||||
server: {
|
||||
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
|
||||
STORAGE_PATH: z.string().default('/data/storage.pack'),
|
||||
AUTH_SECRET: z.string().default(sha256(randomUUID())),
|
||||
HASHED_PASSWORD: z.string().default(hex('insecure-password')),
|
||||
HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
|
||||
ORIGIN: z.string().optional(),
|
||||
},
|
||||
});
|
||||
|
@ -8,6 +8,7 @@ import logger from '$lib/logger';
|
||||
import { zod } from 'sveltekit-superforms/adapters';
|
||||
import { env } from '$lib/env';
|
||||
import { AUTH_COOKIE } from '$lib/constants';
|
||||
import { sha256 } from '$lib/hash';
|
||||
|
||||
export const load: PageServerLoad = async () => {
|
||||
return {
|
||||
@ -29,7 +30,7 @@ export const actions: Actions = {
|
||||
const { password } = form.data;
|
||||
|
||||
const hashed = HASHED_PASSWORD.toLowerCase();
|
||||
const receivedHashed = Buffer.from(password.toString()).toString('hex').toLowerCase();
|
||||
const receivedHashed = sha256(password).toLowerCase();
|
||||
|
||||
if (hashed !== receivedHashed) {
|
||||
return setError(form, 'password', 'Incorrect password.');
|
||||
|
Loading…
Reference in New Issue
Block a user