-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgenerate_hash.js
More file actions
30 lines (21 loc) · 1.07 KB
/
generate_hash.js
File metadata and controls
30 lines (21 loc) · 1.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
// generate_hash.js
const crypto = require("crypto");
const fs = require("fs");
const path = require("path");
const password = process.env.SITE_PASSWORD;
if (!password) {
console.error("ERROR: SITE_PASSWORD environment variable is required.");
process.exit(1);
}
const templatePath = path.join(__dirname, "protect.template.js");
const outPath = path.join(__dirname, "protect.js");
const iterations = 200000; // PBKDF2 iterations (tune as desired)
const dkLen = 32; // 32 bytes = 256 bits
const saltBytes = crypto.randomBytes(16);
const saltBase64 = saltBytes.toString("base64");
const derivedKey = crypto.pbkdf2Sync(password, saltBytes, iterations, dkLen, "sha256");
const derivedKeyBase64 = derivedKey.toString("base64");
let template = fs.readFileSync(templatePath, "utf8");
template = template.replace("%%SALT%%", saltBase64).replace("%%ITERATIONS%%", String(iterations)).replace("%%KEY%%", derivedKeyBase64);
fs.writeFileSync(outPath, template, { encoding: "utf8", mode: 0o600 });
console.log("protect.js generated (not committed). Salt and derived key injected for deployment.");