Skip to content

Commit

Permalink
fix: password authentication
Browse files Browse the repository at this point in the history
  • Loading branch information
Glitch18 committed Dec 9, 2024
1 parent 978b921 commit 48eb314
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions src/gui-commands.ts
Original file line number Diff line number Diff line change
Expand Up @@ -177,14 +177,19 @@ export function registerGuiCommands(program: Command) {
.command('login')
.arguments('<password>')
.description('verify GUI password')
.action(password => {
if (
!timingSafeEqual(Buffer.from(password), Buffer.from(config.gui.pass))
) {
console.log(yaml.dump({login: 'unauthorized'}));
return;
.action(async password => {
try {
// Verify the password with saved hash
const isValid = await argon2id.verify(config.gui.pass, password);
if (!isValid) {
console.log(yaml.dump({login: 'unauthorized'}));
return;
}
console.log(yaml.dump({login: 'authorized'}));
} catch (err) {
console.error('Error during password verification:', err);
console.log(yaml.dump({login: 'unauthorized'})); // Fail-safe unauthorized output
}
console.log(yaml.dump({login: 'authorized'}));
});

function startGui() {
Expand Down

0 comments on commit 48eb314

Please sign in to comment.