Encrypted username in user_auth
All checks were successful
ci/woodpecker/manual/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/manual/woodpecker Pipeline was successful
This commit is contained in:
parent
c3a2d5e616
commit
a53c02cc66
@ -43,6 +43,15 @@ if (!CORS_ALLOWED_ORIGINS) {
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
// Username lookup helper (HMAC-SHA256 hash for encrypted username querying)
|
||||
function usernameLookup(username) {
|
||||
const USERNAME_INDEX_KEY = process.env.USERNAME_INDEX_SECRET || JWT_SECRET;
|
||||
return crypto
|
||||
.createHmac('sha256', USERNAME_INDEX_KEY)
|
||||
.update(String(username).trim().toLowerCase())
|
||||
.digest('hex');
|
||||
}
|
||||
|
||||
// SendGrid configuration (match server2.js exactly)
|
||||
const SENDGRID_KEY = (process.env.SUPPORT_SENDGRID_API_KEY || '')
|
||||
.trim()
|
||||
@ -817,12 +826,15 @@ app.post('/api/admin/auth/login', adminLoginLimiter, async (req, res) => {
|
||||
}
|
||||
|
||||
try {
|
||||
// Use username_lookup hash for querying (username is encrypted)
|
||||
const usernameLookupVal = usernameLookup(username);
|
||||
|
||||
const [authResults] = await pool.execute(`
|
||||
SELECT ua.user_id, ua.hashed_password
|
||||
FROM user_auth ua
|
||||
WHERE ua.username = ?
|
||||
WHERE ua.username_lookup = ?
|
||||
LIMIT 1
|
||||
`, [username]);
|
||||
`, [usernameLookupVal]);
|
||||
|
||||
if (!authResults || authResults.length === 0) {
|
||||
return res.status(401).json({ error: 'Invalid credentials' });
|
||||
|
||||
Loading…
Reference in New Issue
Block a user