feat: introduce PASSWORD_HASH and deprecate PASSWORD

wg-easy / wg-easy

The easiest way to run WireGuard VPN + Web-based Admin UI.

Other

14.38k stars 1.42k forks source link

feat: introduce PASSWORD_HASH and deprecate PASSWORD #1116

Closed RobertHeim closed 3 months ago

RobertHeim commented 3 months ago

Hey,

This implements PASSWORD_HASH and deprecates PASSWORD usage, because clear text passwords should not be part of any environment variable (neither in the container nor in the docker environment). See #1105

Why do we have the tested password sourced from two different places?

req.headers['authorization']
readBody(event)

Anyway, I made the password validation DRY and moved it to isPasswordValid.

Kind regards Robert

pheiduck commented 3 months ago

@RobertHeim please fix lint errors.

RobertHeim commented 3 months ago

sure, done

offizium-berndstorath commented 3 months ago

@pheiduck Consider using a more modern hashing algo like argon2 to support passwords upwards of 72 bytes

pheiduck commented 3 months ago

nvm, I have get it to work :D