diff options
| author | Lia Lenckowski <lialenck@protonmail.com> | 2023-08-20 20:25:32 +0200 |
|---|---|---|
| committer | Lia Lenckowski <lialenck@protonmail.com> | 2023-08-20 20:25:56 +0200 |
| commit | 28290ac9e4aaed9a605bfec734818c28dd4ff51a (patch) | |
| tree | 1edace370532a99b541918baef6edf1d4683e74b /src/Auth.hs | |
| parent | 621a91776a6512fc23664e8b2e7ab796ed9ffcd5 (diff) | |
| download | fastbangs-28290ac9e4aaed9a605bfec734818c28dd4ff51a.tar fastbangs-28290ac9e4aaed9a605bfec734818c28dd4ff51a.tar.bz2 fastbangs-28290ac9e4aaed9a605bfec734818c28dd4ff51a.tar.zst | |
make admin user/password configurable with env vars instead of recompilation
Diffstat (limited to 'src/Auth.hs')
| -rw-r--r-- | src/Auth.hs | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/Auth.hs b/src/Auth.hs index df97e8b..98b4932 100644 --- a/src/Auth.hs +++ b/src/Auth.hs @@ -7,14 +7,13 @@ module Auth ( import Control.Monad (unless) import Crypto.Hash (hash, Digest, SHA512) import Data.ByteArray.Encoding (convertToBase, Base(Base64)) -import Data.ByteString (ByteString) import Data.Text.Encoding (encodeUtf8) import Yesod -ensureAuth :: MonadHandler m => m () -ensureAuth = lookupBasicAuth >>= \case +import Config + +ensureAuth :: MonadHandler m => Config -> m () +ensureAuth cfg = lookupBasicAuth >>= \case Nothing -> notAuthenticated - Just (user, pw) -> unless (hashSha512 pw == hardcodedPw && user == "bleb") $ permissionDenied "Wrong username/password" + Just (user, pw) -> unless (hashSha512 pw == encodeUtf8 (confPwHash cfg) && user == confUser cfg) $ permissionDenied "Wrong username/password" where hashSha512 pw = convertToBase Base64 $ (hash $ encodeUtf8 pw :: Digest SHA512) - hardcodedPw :: ByteString - hardcodedPw = "l2gTDo5UCimSIQcdK4IrAvJtCIE7KPB7IyS5N7EN4ic78/1mI+8pikPTQTn06+W1XTOk39TgqGEX5KfpAQVm4w==" |