Password protection about hexo-admin HOT 11 CLOSED

It runs at localhost:4000/admin

from hexo-admin.

My current usage is in conjunction with a statically generated site, so the admin only runs locally, and I don't need password protection. If someone wants to implement some auth, I certainly wouldn't be opposed.

from hexo-admin.

+1

from hexo-admin.

What do you envision this looking like?
I see a few options.

The easiest is probably to have a hashed password entered as a config variable and then you input the password when you get to /admin, and the hashed version of the password is sent as token auth or something.

SHA3 for javascript is available here

from hexo-admin.

Storing strongly hashed password in config would be good enough and easy to implement I think.
Also, please consider adding admin path as another variable to config file. That shouldn't be hard and you'll get some security through obscurity.

from hexo-admin.

mmmm I'd hope that no one would rely on that... but yeah, easy to add.
PRs welcome :) if not I'll probably get to it in the next few weeks.
On Sat Jan 24 2015 at 2:47:11 AM Martin Janeček [email protected]
wrote:

Storing strongly hashed password in config would be good enough and easy
to implement I think.
Also, please consider adding admin path as another variable to config
file. That shouldn't be hard and you'll get some security through obscurity.

—
Reply to this email directly or view it on GitHub
#13 (comment).

from hexo-admin.

I'd like to PR, but I'm PHP dev, not experienced in JS - consumer only, sorry :)

from hexo-admin.

+1 for login protection

from hexo-admin.

I've sent a pull request with base authentication. See, please

from hexo-admin.

Thanks to @yarax for getting this going! Password protection is now available in the just-published 0.3.0 version on npm. Let me know how it goes! Information on how to get it running is available in the Readme.

from hexo-admin.

Amazing ! Thx!

from hexo-admin.