@ -435,7 +435,12 @@ app.get('/miner/:address/stats', function (req, res) {
// Authentication
app . post ( '/authenticate' , function ( req , res ) {
let hmac = crypto . createHmac ( 'sha256' , global . config . api . secKey ) . update ( req . body . password ) . digest ( 'hex' ) ;
let hmac ;
try {
hmac = crypto . createHmac ( 'sha256' , global . config . api . secKey ) . update ( req . body . password ) . digest ( 'hex' ) ;
} catch ( e ) {
return res . status ( 401 ) . send ( { 'success' : false , msg : 'Invalid username/password' } ) ;
}
global . mysql . query ( "SELECT * FROM users WHERE username = ? AND ((pass IS null AND email = ?) OR (pass = ?))" , [ req . body . username , req . body . password , hmac ] ) . then ( function ( rows ) {
if ( rows . length === 0 ) {
return res . status ( 401 ) . send ( { 'success' : false , msg : 'Invalid username/password' } ) ;