elpatron/hoerdle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): implement bcrypt hashing for admin password and cleanup Dockerfile

Browse Source
This commit is contained in:
Hördle Bot
2025-11-22 22:37:46 +01:00
parent 23e145e05f
commit aff752d4cb
7 changed files with 55 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/api/admin/login/route.ts
View File

@@ -1,16 +1,21 @@
import { NextResponse } from 'next/server';
import bcrypt from 'bcryptjs';
export async function POST(request: Request) {
try {
const { password } = await request.json();
const adminPassword = process.env.ADMIN_PASSWORD || 'admin123'; // Default for dev if not set
// Default is hash for 'admin123'
const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
if (password === adminPassword) {
const isValid = await bcrypt.compare(password, adminPasswordHash);
if (isValid) {
return NextResponse.json({ success: true });
} else {
return NextResponse.json({ error: 'Invalid password' }, { status: 401 });
}
} catch (error) {
console.error('Login error:', error);
return NextResponse.json({ error: 'Internal Server Error' }, { status: 500 });
}
}