38 lines
1.2 KiB
C#
38 lines
1.2 KiB
C#
|
using System.Security.Cryptography;
|
||
|
|
using System.Text;
|
||
|
|
|
||
|
|
namespace SoroushAsadi.Services;
|
||
|
|
|
||
|
|
/// <summary>Single-password authentication for the admin panel.</summary>
|
||
|
|
public class AuthService(IConfiguration config, IWebHostEnvironment env)
|
||
|
|
{
|
||
|
|
private string? GetPassword()
|
||
|
|
{
|
||
|
|
var pw = config["ADMIN_PASSWORD"] ?? Environment.GetEnvironmentVariable("ADMIN_PASSWORD");
|
||
|
|
if (!string.IsNullOrEmpty(pw)) return pw;
|
||
|
|
// Allow "admin" in Development only
|
||
|
|
return env.IsDevelopment() ? "admin" : null;
|
||
|
|
}
|
||
|
|
|
||
|
|
/// <summary>True when the submitted password matches the configured one (constant-time).</summary>
|
||
|
|
public bool VerifyPassword(string input)
|
||
|
|
{
|
||
|
|
var expected = GetPassword();
|
||
|
|
if (expected is null) return false;
|
||
|
|
|
||
|
|
var a = SHA256Hash(input);
|
||
|
|
var b = SHA256Hash(expected);
|
||
|
|
return CryptographicOperations.FixedTimeEquals(
|
||
|
|
Encoding.UTF8.GetBytes(a),
|
||
|
|
Encoding.UTF8.GetBytes(b));
|
||
|
|
}
|
||
|
|
|
||
|
|
public bool IsConfigured() => GetPassword() is not null;
|
||
|
|
|
||
|
|
private static string SHA256Hash(string input)
|
||
|
|
{
|
||
|
|
var bytes = SHA256.HashData(Encoding.UTF8.GetBytes(input));
|
||
|
|
return Convert.ToHexString(bytes).ToLowerInvariant();
|
||
|
|
}
|
||
|
|
}
|