elpatron/hoerdle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add logout function and ADMIN_PASSWORD environment validation

Browse Source
This commit is contained in:
Hördle Bot
2025-11-24 09:42:58 +01:00
parent 2d6481a42f
commit 831adcaf17
2 changed files with 39 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
lib/auth.ts
View File

@@ -22,6 +22,16 @@ export async function requireAdminAuth(request: NextRequest): Promise<NextRespon
*/
export async function verifyAdminPassword(password: string): Promise<boolean> {
const bcrypt = await import('bcryptjs');
// Validate that ADMIN_PASSWORD is set (security best practice)
if (!process.env.ADMIN_PASSWORD) {
console.error('SECURITY WARNING: ADMIN_PASSWORD environment variable is not set!');
// Fallback to default hash only in development
if (process.env.NODE_ENV === 'production') {
throw new Error('ADMIN_PASSWORD environment variable is required in production');
}
}
const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
return bcrypt.compare(password, adminPasswordHash);
}