From 28290ac9e4aaed9a605bfec734818c28dd4ff51a Mon Sep 17 00:00:00 2001
From: Lia Lenckowski <lialenck@protonmail.com>
Date: Sun, 20 Aug 2023 20:25:32 +0200
Subject: make admin user/password configurable with env vars instead of
 recompilation

---
 src/Auth.hs | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'src/Auth.hs')

diff --git a/src/Auth.hs b/src/Auth.hs
index df97e8b..98b4932 100644
--- a/src/Auth.hs
+++ b/src/Auth.hs
@@ -7,14 +7,13 @@ module Auth (
 import Control.Monad (unless)
 import Crypto.Hash (hash, Digest, SHA512)
 import Data.ByteArray.Encoding (convertToBase, Base(Base64))
-import Data.ByteString (ByteString)
 import Data.Text.Encoding (encodeUtf8)
 import Yesod
 
-ensureAuth :: MonadHandler m => m ()
-ensureAuth = lookupBasicAuth >>= \case
+import Config
+
+ensureAuth :: MonadHandler m => Config -> m ()
+ensureAuth cfg = lookupBasicAuth >>= \case
     Nothing -> notAuthenticated
-    Just (user, pw) -> unless (hashSha512 pw == hardcodedPw && user == "bleb") $ permissionDenied "Wrong username/password"
+    Just (user, pw) -> unless (hashSha512 pw == encodeUtf8 (confPwHash cfg) && user == confUser cfg) $ permissionDenied "Wrong username/password"
   where hashSha512 pw = convertToBase Base64 $ (hash $ encodeUtf8 pw :: Digest SHA512)
-        hardcodedPw :: ByteString
-        hardcodedPw = "l2gTDo5UCimSIQcdK4IrAvJtCIE7KPB7IyS5N7EN4ic78/1mI+8pikPTQTn06+W1XTOk39TgqGEX5KfpAQVm4w=="
-- 
cgit v1.2.3-70-g09d2