rezidir/GeoShare
1
0
Fork 0
Code Issues 49 Pull Requests Actions Packages Projects Releases Wiki Activity

store plaintext secret key in .env, hash at startup

Browse Source
This commit is contained in:
dmit.b
2026-06-25 16:43:49 +03:00
parent 9644b64a90
commit 8df9af86e6
4 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
bin/routes/auth_routes.dart
+9 -5
View File
@@ -12,8 +12,15 @@ import 'dart:io';
class AuthRoutes {
final DatabaseProvider database;
final Map<String, DateTime> _lastRequest = {};
final String _registrationKeyHash;
AuthRoutes(this.database);
AuthRoutes(this.database) : _registrationKeyHash = _loadRegistrationKeyHash();
static String _loadRegistrationKeyHash() {
final dotenv = DotEnv();
final key = dotenv['REGISTRATION_SECRET_KEY'] ?? '';
return BCrypt.hashpw(key, BCrypt.gensalt());
}
Router get routes {
final router = Router();
@@ -112,10 +119,7 @@ class AuthRoutes {
return response;
}
final envDotenv = DotEnv();
final storedHash = envDotenv['REGISTRATION_SECRET_KEY'] ?? '';
if (!BCrypt.checkpw(secretKey, storedHash)) {
if (!BCrypt.checkpw(secretKey, _registrationKeyHash)) {
stopwatch.stop();
final response = Response(403, body: jsonEncode({'error': 'Invalid registration key'}), headers: {'Content-Type': 'application/json'});
logRequest(method: 'POST', url: '/reg', status: 403, duration: stopwatch.elapsed, body: body, responseHeaders: response.headers);