1
0
mirror of https://git.tuxpa.in/a/code-server.git synced 2025-01-12 19:08:44 +00:00

refactor: password logic in http w/ isCookieValid

This commit is contained in:
Joe Previte 2021-06-02 17:24:37 -07:00
parent 6020480b30
commit 923761cd78
No known key found for this signature in database
GPG Key ID: 2C91590C6B742C24

View File

@ -8,7 +8,7 @@ import { normalize, Options } from "../common/util"
import { AuthType, DefaultedArgs } from "./cli" import { AuthType, DefaultedArgs } from "./cli"
import { commit, rootPath } from "./constants" import { commit, rootPath } from "./constants"
import { Heart } from "./heart" import { Heart } from "./heart"
import { isHashMatch } from "./util" import { getPasswordMethod, handlePasswordValidation, IsCookieValidArgs, isCookieValid, isHashMatch } from "./util"
declare global { declare global {
// eslint-disable-next-line @typescript-eslint/no-namespace // eslint-disable-next-line @typescript-eslint/no-namespace
@ -68,14 +68,16 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {
return true return true
case AuthType.Password: case AuthType.Password:
// The password is stored in the cookie after being hashed. // The password is stored in the cookie after being hashed.
// TODO@jsjoeio this also needs to be refactored to check if they're using the legacy password const hashedPasswordFromArgs = req.args["hashed-password"]
// or the new one. we can't assume hashed-password means legacy const passwordMethod = getPasswordMethod(hashedPasswordFromArgs)
return !!( const isCookieValidArgs: IsCookieValidArgs = {
req.cookies.key && passwordMethod,
(req.args["hashed-password"] cookieKey: req.cookies.key as string,
? safeCompare(req.cookies.key, req.args["hashed-password"]) passwordFromArgs: req.args.password || "",
: req.args.password && (await isHashMatch(req.args.password, req.cookies.key))) hashedPasswordFromArgs: req.args["hashed-password"],
) }
return await isCookieValid(isCookieValidArgs)
default: default:
throw new Error(`Unsupported auth type ${req.args.auth}`) throw new Error(`Unsupported auth type ${req.args.auth}`)
} }