bennetgallein/vat-api.eu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vat-api.eu/server/middleware/adminAuth.ts
Bennet Gallein f2b690f3f5 fix: add admin
2026-02-14 10:14:49 +01:00

34 lines
1.0 KiB
TypeScript
Raw Permalink Blame History

import { createHmac, timingSafeEqual } from "node:crypto";
function getSecret(): string {
return useRuntimeConfig().adminPassword || "changeme";
}
export function signToken(payload: string): string {
return createHmac("sha256", getSecret()).update(payload).digest("hex");
}
export function verifyToken(payload: string, signature: string): boolean {
const expected = signToken(payload);
try {
return timingSafeEqual(Buffer.from(expected), Buffer.from(signature));
} catch {
return false;
}
}
export default defineEventHandler((event) => {
const path = getRequestURL(event).pathname;
if (!path.startsWith("/api/admin/") || path === "/api/admin/login") return;
const cookie = getCookie(event, "admin-session");
if (!cookie) {
throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
}
const [payload, signature] = cookie.split(".");
if (!payload || !signature || !verifyToken(payload, signature)) {
throw createError({ statusCode: 401, statusMessage: "Unauthorized" });
}
});
Reference in New Issue View Git Blame Copy Permalink