feat(server): Server.Auth.verify_password/1

2026-04-21 22:48:36 +02:00 · 2026-04-21 22:48:36 +02:00 · 9c457c1f68
commit 9c457c1f68
parent 58f22243a5
2 changed files with 44 additions and 0 deletions
--- a/server/lib/server/auth.ex
+++ b/server/lib/server/auth.ex
@ -0,0 +1,16 @@
+defmodule Server.Auth do
+  @moduledoc "Single-user dashboard authentication."
+
+  @spec verify_password(term()) :: :ok | :error
+  def verify_password(password) when is_binary(password) do
+    hash = Application.fetch_env!(:server, :dashboard_password_hash)
+
+    if Argon2.verify_pass(password, hash) do
+      :ok
+    else
+      :error
+    end
+  end
+
+  def verify_password(_), do: :error
+end
--- a/server/test/server/auth_test.exs
+++ b/server/test/server/auth_test.exs
@ -0,0 +1,28 @@
+defmodule Server.AuthTest do
+  use ExUnit.Case, async: true
+
+  alias Server.Auth
+
+  setup do
+    hash = Argon2.hash_pwd_salt("testpass")
+    prev = Application.get_env(:server, :dashboard_password_hash)
+    Application.put_env(:server, :dashboard_password_hash, hash)
+    on_exit(fn -> Application.put_env(:server, :dashboard_password_hash, prev) end)
+    :ok
+  end
+
+  describe "verify_password/1" do
+    test "returns :ok for correct password" do
+      assert Auth.verify_password("testpass") == :ok
+    end
+
+    test "returns :error for wrong password" do
+      assert Auth.verify_password("wrong") == :error
+    end
+
+    test "returns :error for non-binary input" do
+      assert Auth.verify_password(nil) == :error
+      assert Auth.verify_password(123) == :error
+    end
+  end
+end