password is a setting

yeah not terribly elegant, but still better

closes #2
This commit is contained in:
boyska 2022-08-17 19:34:53 +02:00
parent 82fcc75429
commit 1b78cd9fee
2 changed files with 4 additions and 3 deletions

View file

@ -1,3 +1,4 @@
STORAGE_DIR="/home/puz/my/hackmeeting/numeretti/pizzicore/storage/"
APP_NAME="Numeretti hackmeeting"
QUEUES_NUMBER=2
ADMIN_PASSWORD="superSecure123"

View file

@ -18,6 +18,7 @@ class Settings(BaseSettings):
app_name: str = "Numeretti"
storage_dir: Path = Path("/var/lib/pizzicore")
queues_number: int = 1
admin_password: str = "changeme!"
class Config:
env_file = "pizzicore.env"
@ -125,9 +126,8 @@ class Value(BaseModel):
def get_current_role(credentials: HTTPBasicCredentials = Depends(security)):
# XXX: read user/pass from config
correct_username = secrets.compare_digest(credentials.username, "avanti")
correct_password = secrets.compare_digest(credentials.password, "prossimo")
correct_username = secrets.compare_digest(credentials.username, "admin")
correct_password = secrets.compare_digest(credentials.password, settings.admin_password)
if not (correct_username and correct_password):
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,