BreizhHardware/Jellystat
1
0
Fork 0
mirror of https://github.com/BreizhHardware/Jellystat.git synced 2026-01-18 16:27:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security Patch

Browse Source 
This addresses issue #44 and #42
This commit is contained in:
Thegan Govender
2023-06-01 19:05:12 +02:00
parent 4b34a3769d
commit 1d4f08ecf6
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
backend/auth.js
View File

@@ -3,7 +3,11 @@ const db = require("./db");
const jwt = require('jsonwebtoken');
const JWT_SECRET = process.env.JWT_SECRET ||'my-secret-jwt-key';
const JWT_SECRET = process.env.JWT_SECRET;
if (JWT_SECRET === undefined) {
console.log('JWT Secret cannot be undefined');
process.exit(1); // end the program with error status code
}
const router = express.Router();
@@ -13,8 +17,9 @@ router.post('/login', async (req, res) => {
try{
const { username, password } = req.body;
const { rows : login } = await db.query(`SELECT * FROM app_config where ("APP_USER"='${username}' and "APP_PASSWORD"='${password}') OR "REQUIRE_LOGIN"=false`);
const query = 'SELECT * FROM app_config WHERE ("APP_USER" = $1 AND "APP_PASSWORD" = $2) OR "REQUIRE_LOGIN" = false';
const values = [username, password];
const { rows: login } = await db.query(query, values);
if(login.length>0)
{
const user = { id: 1, username: username };

2
backend/server.js
View File

@@ -23,7 +23,7 @@ const db = knex(knexConfig.development);
const PORT = process.env.PORT || 3003;
const LISTEN_IP = '127.0.0.1';
const JWT_SECRET = process.env.JWT_SECRET ||'my-secret-jwt-key';
const JWT_SECRET = process.env.JWT_SECRET;
if (JWT_SECRET === undefined) {
console.log('JWT Secret cannot be undefined');