mirror of https://git.tuxpa.in/a/code-server.git
refactor: password logic in http w/ isCookieValid
This commit is contained in:
parent
6020480b30
commit
923761cd78
|
@ -8,7 +8,7 @@ import { normalize, Options } from "../common/util"
|
||||||
import { AuthType, DefaultedArgs } from "./cli"
|
import { AuthType, DefaultedArgs } from "./cli"
|
||||||
import { commit, rootPath } from "./constants"
|
import { commit, rootPath } from "./constants"
|
||||||
import { Heart } from "./heart"
|
import { Heart } from "./heart"
|
||||||
import { isHashMatch } from "./util"
|
import { getPasswordMethod, handlePasswordValidation, IsCookieValidArgs, isCookieValid, isHashMatch } from "./util"
|
||||||
|
|
||||||
declare global {
|
declare global {
|
||||||
// eslint-disable-next-line @typescript-eslint/no-namespace
|
// eslint-disable-next-line @typescript-eslint/no-namespace
|
||||||
|
@ -68,14 +68,16 @@ export const authenticated = async (req: express.Request): Promise<boolean> => {
|
||||||
return true
|
return true
|
||||||
case AuthType.Password:
|
case AuthType.Password:
|
||||||
// The password is stored in the cookie after being hashed.
|
// The password is stored in the cookie after being hashed.
|
||||||
// TODO@jsjoeio this also needs to be refactored to check if they're using the legacy password
|
const hashedPasswordFromArgs = req.args["hashed-password"]
|
||||||
// or the new one. we can't assume hashed-password means legacy
|
const passwordMethod = getPasswordMethod(hashedPasswordFromArgs)
|
||||||
return !!(
|
const isCookieValidArgs: IsCookieValidArgs = {
|
||||||
req.cookies.key &&
|
passwordMethod,
|
||||||
(req.args["hashed-password"]
|
cookieKey: req.cookies.key as string,
|
||||||
? safeCompare(req.cookies.key, req.args["hashed-password"])
|
passwordFromArgs: req.args.password || "",
|
||||||
: req.args.password && (await isHashMatch(req.args.password, req.cookies.key)))
|
hashedPasswordFromArgs: req.args["hashed-password"],
|
||||||
)
|
}
|
||||||
|
|
||||||
|
return await isCookieValid(isCookieValidArgs)
|
||||||
default:
|
default:
|
||||||
throw new Error(`Unsupported auth type ${req.args.auth}`)
|
throw new Error(`Unsupported auth type ${req.args.auth}`)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue