Switch to auth_secret file that's compiled in at runtime instead of a hardcoded string

2023-05-16 13:49:55 -04:00 · 2023-05-16 13:49:55 -04:00 · e908495c0c
parent 35e7a5641f
commit e908495c0c
2 changed files with 7 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
 shroom_server
 shrooms.db
+auth_secret
--- a/shroom_server.go
+++ b/shroom_server.go
@ -21,6 +21,9 @@ import (
 	"time"
 )

+//go:embed auth_secret
+var auth_secret string
+
 //go:embed static/*
 var content embed.FS

@ -138,10 +141,10 @@ func main() {
 			return
 		}

-		// TODO switch to embedded secret
-		if adminReq.Auth != "password" {
+		// switch to embedded secret
+		if adminReq.Auth != auth_secret {
 			w.WriteHeader(401)
-			w.Write([]byte(err.Error()))
+			w.Write([]byte("invalid secret"))
 			return
 		}