Allow having multiple users for admin login.

* Use password hashes via bcrypt. * Trying to reduce the risk of timing attacks against login.
2022-07-07 13:10:57 +02:00 · 2022-07-07 13:10:57 +02:00 · ad2db3427d
commit ad2db3427d
parent 2eb0aab89f
6 changed files with 317 additions and 41 deletions
--- a/config.json.example
+++ b/config.json.example
@ -14,8 +14,12 @@

        "internal": {
            "active": false,
-            "user": "admin",
-            "password": "secret"
+            "users": [
+                {
+                    "user": "admin",
+                    "passwordHash": "$2b$05$VPAg8XHOjhEXlY03SOe7huG1NE.UFvPLdukS0VMiolajdZjrdgj.W"
+                }
+            ]
        },

        "email": {