Update password stored as a SHA256 hash in cookie

packages/app/browser/src/app.ts

@@ -2,6 +2,7 @@
 import { MDCTextField } from "@material/textfield";
 //@ts-ignore
 import { MDCCheckbox } from "@material/checkbox";
+import { createHash } from "crypto";
 import "material-components-web/dist/material-components-web.css";
 import "./app.scss";
 
@@ -26,9 +27,13 @@ if (!form) {
 	throw new Error("No password form found");
 }
 
+const hash = (guid: string): string => {
+	return createHash("sha256").update(guid).digest("hex");
+};
+
 form.addEventListener("submit", (e) => {
 	e.preventDefault();
-	document.cookie = `password=${password.value}; `
+	document.cookie = `password=${hash(password.value)}; `
 		+ `path=${location.pathname.replace(/\/login\/?$/, "/")}; `
 		+ `domain=${location.hostname}`;
 	location.reload();

packages/server/src/server.ts

@@ -22,6 +22,7 @@ import * as url from "url";
 import * as ws from "ws";
 import { buildDir } from "./constants";
 import { createPortScanner } from "./portScanner";
+import { createHash } from "crypto";
 import safeCompare = require("safe-compare");
 
 interface CreateAppOptions {
@@ -87,7 +88,7 @@ export const createApp = async (options: CreateAppOptions): Promise<{
 			// Try/catch placed here just in case
 			const cookies = parseCookies(req);
 			if (cookies.password) {
-				if (!safeCompare(cookies.password, options.password)) {
+				if (!safeCompare(cookies.password, hash(options.password))) {
 					let userAgent = req.headers["user-agent"];
 					let timestamp = Math.floor(new Date().getTime() / 1000);
 					if (Array.isArray(userAgent)) {
@@ -120,6 +121,10 @@ export const createApp = async (options: CreateAppOptions): Promise<{
 		return (socket as any).encrypted;
 	};
 
+	const hash = (guid: string): string => {
+		return createHash("sha256").update(guid).digest("hex");
+	};
+
 	const app = express();
 	if (options.registerMiddleware) {
 		options.registerMiddleware(app);