Switch to auth_secret file that's compiled in at runtime instead of a hardcoded string
This commit is contained in:
parent
35e7a5641f
commit
e908495c0c
|
|
@ -1,2 +1,3 @@
|
||||||
shroom_server
|
shroom_server
|
||||||
shrooms.db
|
shrooms.db
|
||||||
|
auth_secret
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,9 @@ import (
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
//go:embed auth_secret
|
||||||
|
var auth_secret string
|
||||||
|
|
||||||
//go:embed static/*
|
//go:embed static/*
|
||||||
var content embed.FS
|
var content embed.FS
|
||||||
|
|
||||||
|
|
@ -138,10 +141,10 @@ func main() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO switch to embedded secret
|
// switch to embedded secret
|
||||||
if adminReq.Auth != "password" {
|
if adminReq.Auth != auth_secret {
|
||||||
w.WriteHeader(401)
|
w.WriteHeader(401)
|
||||||
w.Write([]byte(err.Error()))
|
w.Write([]byte("invalid secret"))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue