From e908495c0c385e4b10061ee921327fb5ebc0ca9b Mon Sep 17 00:00:00 2001
From: Kelvin Ly <kelvin.ly1618@gmail.com>
Date: Tue, 16 May 2023 13:49:55 -0400
Subject: [PATCH] Switch to auth_secret file that's compiled in at runtime
 instead of a hardcoded string

---
 .gitignore       | 1 +
 shroom_server.go | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index a6ad0a0..99b0e96 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 shroom_server
 shrooms.db
+auth_secret
diff --git a/shroom_server.go b/shroom_server.go
index f565cda..feb918c 100644
--- a/shroom_server.go
+++ b/shroom_server.go
@@ -21,6 +21,9 @@ import (
 	"time"
 )
 
+//go:embed auth_secret
+var auth_secret string
+
 //go:embed static/*
 var content embed.FS
 
@@ -138,10 +141,10 @@ func main() {
 			return
 		}
 
-		// TODO switch to embedded secret
-		if adminReq.Auth != "password" {
+		// switch to embedded secret
+		if adminReq.Auth != auth_secret {
 			w.WriteHeader(401)
-			w.Write([]byte(err.Error()))
+			w.Write([]byte("invalid secret"))
 			return
 		}