root/nezha_dash
1
0
Fork 0
mirror of https://github.com/hamster1963/nezha-dash.git synced 2025-04-24 21:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 7: Use of password hash with insufficient computational effort

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
仓鼠 2025-03-25 15:31:27 +08:00 committed by GitHub
parent e5a4c2f410
commit 37adab9208
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth.ts
View File

@ -1,12 +1,12 @@
import getEnv from "@/lib/env-entry" import getEnv from "@/lib/env-entry"
import CryptoJS from "crypto-js" import bcrypt from "bcrypt"
import NextAuth from "next-auth" import NextAuth from "next-auth"
import CredentialsProvider from "next-auth/providers/credentials" import CredentialsProvider from "next-auth/providers/credentials"
export const { handlers, signIn, signOut, auth } = NextAuth({ export const { handlers, signIn, signOut, auth } = NextAuth({
secret: secret:
process.env.AUTH_SECRET ?? process.env.AUTH_SECRET ??
CryptoJS.MD5(`this_is_nezha_dash_web_secret_${getEnv("SitePassword")}`).toString(), bcrypt.hashSync(`this_is_nezha_dash_web_secret_${getEnv("SitePassword")}`, 10),
trustHost: (process.env.AUTH_TRUST_HOST as boolean | undefined) ?? true, trustHost: (process.env.AUTH_TRUST_HOST as boolean | undefined) ?? true,
providers: [ providers: [
CredentialsProvider({ CredentialsProvider({

3
package.json
View File

@ -57,7 +57,8 @@
"sharp": "^0.33.5", "sharp": "^0.33.5",
"swr": "^2.3.3", "swr": "^2.3.3",
"tailwind-merge": "^2.6.0", "tailwind-merge": "^2.6.0",
"tailwindcss-animate": "^1.0.7" "tailwindcss-animate": "^1.0.7",
"bcrypt": "^5.1.1"
}, },
"devDependencies": { "devDependencies": {
"@biomejs/biome": "1.9.4", "@biomejs/biome": "1.9.4",