aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/html/admin.html4
-rw-r--r--src/index.js4
-rw-r--r--src/server.js12
3 files changed, 17 insertions, 3 deletions
diff --git a/src/html/admin.html b/src/html/admin.html
index 01a39b4..a97af06 100644
--- a/src/html/admin.html
+++ b/src/html/admin.html
@@ -28,6 +28,10 @@
</head>
<body>
+ <h1>
+ <a class="navigation" href="/" title="marks.kitchen">&lt;</a>
+ Admin
+ </h1>
<div>
<h1>Create Post</h1>
<div class="form">
diff --git a/src/index.js b/src/index.js
index 1214038..c6a5a18 100644
--- a/src/index.js
+++ b/src/index.js
@@ -68,6 +68,10 @@ function setUpModels(){
password: {
type: Sequelize.STRING,
allowNull: false,
+ },
+ salt: {
+ type: Sequelize.STRING,
+ allowNull: false,
},}),
"requests": database.define('requests', {
session: Sequelize.STRING,
diff --git a/src/server.js b/src/server.js
index 4355adf..0629d31 100644
--- a/src/server.js
+++ b/src/server.js
@@ -39,6 +39,12 @@ function listen(port) {
server.listen(port, () => console.info(`Listening on port ${port}!`));
}
+function hashWithSalt(password, salt){
+ var hash = crypto.createHmac('sha512', salt);
+ hash.update(password);
+ return hash.digest("base64");
+};
+
function setUpRoutes(models, jwtFunctions, database) {
// Authentication routine
server.use(function (req, res, next) {
@@ -164,9 +170,9 @@ function setUpRoutes(models, jwtFunctions, database) {
}
})
server.post('/login', async (req, res, next) => {
- const hash = crypto.createHash("sha512").update(req.body.password, "binary").digest("base64");
- const user = await models.users.findOne({ where: { username: req.body.username, password: hash } })
- if (user) {
+ const user = await models.users.findOne({ where: { username: req.body.username} })
+ const hash = hashWithSalt(req.body.password, user.salt)
+ if (user.password == hash) {
const token = jwtFunctions.sign(user.username);
res.cookie('authorization', token, { expires: new Date(Date.now() + (1000 * 60 * 60)) });
console.debug("Redirecting to admin - logged in")