Krow/Krow-workspace
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(launchpad): implement secure email hashing for access control

Browse Source 
This commit introduces a more secure method for verifying user
access to the internal launchpad by hashing email addresses.

- Replaces the plain-text email list with SHA-256 hashes.
- Adds a script to generate these hashes from `iap-users.txt`.
- Updates the launchpad HTML to hash the input email and compare
 it against the `allowed-hashes.json` file.
- Updates Makefile to generate hashes before deploy and serve.
- Adds .keep file for krow_client folder.
This commit is contained in:
bwnyasse
2026-01-10 11:48:54 -05:00
parent ba938be7ad
commit a5a4eae255
7 changed files with 59 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
firebase/internal-launchpad/index.html
View File

@@ -398,19 +398,20 @@
async function checkAccess(email) {
try {
// Fetch the whitelist
const res = await fetch('iap-users.txt');
// 1. Fetch the secure list of hashes
const res = await fetch('allowed-hashes.json');
if (!res.ok) return false;
const text = await res.text();
const allowedHashes = await res.json();
// Parse lines
const lines = text.split('\n');
const allowedEmails = lines
.map(line => line.trim())
.filter(line => line && !line.startsWith('#'))
.map(line => line.replace(/^user:/, '').trim());
return allowedEmails.includes(email);
// 2. Hash the user's email (SHA-256)
const normalizedEmail = email.trim().toLowerCase();
const msgBuffer = new TextEncoder().encode(normalizedEmail);
const hashBuffer = await crypto.subtle.digest('SHA-256', msgBuffer);
const hashArray = Array.from(new Uint8Array(hashBuffer));
const hashHex = hashArray.map(b => b.toString(16).padStart(2, '0')).join('');
// 3. Compare
return allowedHashes.includes(hashHex);
} catch (e) {
console.error("Failed to check access list:", e);
return false;