code002lover/IPost
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

allowing api calls with user+pass instead of cookie

Browse Source
This commit is contained in:
Mystikfluu 2022-06-10 22:18:45 +02:00
parent 0fc8eed5a7
commit 8f619fc793
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server.js
View File

@ -320,8 +320,16 @@ START /API/*
router.use("/api/*",async function(req,res,next) {
if(!increaseAPICall(req,res))return;
let unsigned = getunsigned(req,res)
if(!unsigned)return
let unsigned;
if(req.body.user == undefined || req.body.pass == undefined) {
unsigned = getunsigned(req,res)
if(!unsigned)return
} else {
unsigned = `${req.body.user} ${SHA256(req.body.pass,req.body.user,HASHES_COOKIE)}`
//basically we generate the unsigned cookie
res.set("Access-Control-Allow-Origin","*") //we'll allow it for now
}
let sql = `select User_Name,User_Bio from zerotwohub.users where User_Name=? and User_PW=?;`
let values = unsigned.split(" ")
values[1] = SHA256(values[1],values[0],HASHES_DIFF)