Xefir/pilotwings
1
1
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: 🔒 fix timing attack (thx azlux)
All checks were successful
pilotwings / python (push) Successful in 2m27s
Details
pilotwings / node (push) Successful in 33s
Details
pilotwings / docker (push) Successful in 2m23s
Details

Browse Source
This commit is contained in:
Michel Roux 2024-11-07 00:19:38 +01:00
parent 16e4120b24
commit 4ffbf79adc
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
backend/security.py
View File

@ -1,4 +1,5 @@
from os import getenv from os import getenv
from secrets import compare_digest
from typing import Annotated from typing import Annotated
from fastapi import Depends, HTTPException, Request from fastapi import Depends, HTTPException, Request
@ -29,7 +30,7 @@ async def check_auth(
user_index = usernames.index(credentials.username) user_index = usernames.index(credentials.username)
password = passwords[user_index] password = passwords[user_index]
if credentials.password != password: if not compare_digest(credentials.password.encode(), password.encode()):
raise http_401() raise http_401()
return credentials return credentials