Password protection

[NovaSurfer]

What about password protection for this plugin?

[ghost]

It runs at localhost:4000/admin

[jaredly]

My current usage is in conjunction with a statically generated site, so the admin only runs locally, and I don't need password protection. If someone wants to implement some auth, I certainly wouldn't be opposed.

[wodCZ]

+1

[jaredly]

What do you envision this looking like? I see a few options.

The easiest is probably to have a hashed password entered as a config variable and then you input the password when you get to /admin, and the hashed version of the password is sent as token auth or something.

SHA3 for javascript is available here

[wodCZ]

Storing strongly hashed password in config would be good enough and easy to implement I think. Also, please consider adding admin path as another variable to config file. That shouldn't be hard and you'll get some security through obscurity.

[jaredly]

mmmm I'd hope that no one would rely on that... but yeah, easy to add. PRs welcome :) if not I'll probably get to it in the next few weeks. On Sat Jan 24 2015 at 2:47:11 AM Martin Janeček notifications@github.com wrote:

Storing strongly hashed password in config would be good enough and easy to implement I think. Also, please consider adding admin path as another variable to config file. That shouldn't be hard and you'll get some security through obscurity.

— Reply to this email directly or view it on GitHub https://github.com/jaredly/hexo-admin/issues/13#issuecomment-71307931.

[wodCZ]

I'd like to PR, but I'm PHP dev, not experienced in JS - consumer only, sorry :)

[bourvill]

+1 for login protection

[yarax]

I've sent a pull request with base authentication. See, please

[jaredly]

Thanks to @yarax for getting this going! Password protection is now available in the just-published 0.3.0 version on npm. Let me know how it goes! Information on how to get it running is available in the Readme.

[bourvill]

Amazing ! Thx!