adyxax/tfstated
1
0
Fork 0
Code Issues 44 Pull requests Releases Packages Wiki Activity Actions

fix(tfstated): hash passwords instead of relying on the database encryption key

Browse source
This commit is contained in:
Julien Dessaux 2024-11-16 00:36:17 +01:00
parent 7c96e1b780
commit 5b6da56089
Signed by: adyxax
GPG key ID: F92E51B86E07177E
7 changed files with 66 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/basic_auth/middleware.go
View file

@ -27,7 +27,7 @@ func Middleware(db *database.DB) func(http.Handler) http.Handler {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}
if password != account.Password {
if !account.CheckPassword(password) {
http.Error(w, "Forbidden", http.StatusForbidden)
return
}