UniqueSoft/wireadmin
2
0
Fork 0
mirror of https://github.com/wireadmin/wireadmin synced 2025-02-26 05:48:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: Improve password hasher and env loader (#6)

Browse Source
This commit is contained in:
Shahrad Elahi 2024-04-26 23:16:07 +03:30 committed by GitHub
parent ec152ca3a2
commit 4820cfd764
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -20,7 +20,7 @@ RUN apk add -U --no-cache \
wireguard-tools \ wireguard-tools \
tor &&\ tor &&\
# NPM packages # NPM packages
npm install -g @litehex/node-checksum &&\ npm install -g @litehex/node-checksum@0.2 &&\
# Clear APK cache # Clear APK cache
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*

2
Dockerfile-Dev
View File

@ -20,7 +20,7 @@ RUN apk add -U --no-cache \
wireguard-tools \ wireguard-tools \
tor &&\ tor &&\
# NPM packages # NPM packages
npm install -g @litehex/node-checksum &&\ npm install -g @litehex/node-checksum@0.2 &&\
# Clear APK cache # Clear APK cache
rm -rf /var/cache/apk/* rm -rf /var/cache/apk/*

4
docker-entrypoint.sh
View File

@ -75,12 +75,12 @@ EOF
fi fi
# Checking if there is `UI_PASSWORD` environment variable # Checking if there is `UI_PASSWORD` environment variable
# if there was, converting it to hex and storing it to # if there was, converting it to sha256 and storing it to
# the .env # the .env
if [ -n "$UI_PASSWORD" ]; then if [ -n "$UI_PASSWORD" ]; then
sed -i '/^HASHED_PASSWORD/d' "${ENV_FILE}" sed -i '/^HASHED_PASSWORD/d' "${ENV_FILE}"
tee -a "${ENV_FILE}" &>/dev/null <<EOF tee -a "${ENV_FILE}" &>/dev/null <<EOF
HASHED_PASSWORD=$(printf "%s" "${UI_PASSWORD}" | od -A n -t x1 | tr -d ' \n') HASHED_PASSWORD=$(checksum hash -a sha256 -C "${UI_PASSWORD}")
EOF EOF
unset UI_PASSWORD unset UI_PASSWORD
else else

6
web/src/lib/env.ts
View File

@ -1,16 +1,18 @@
import { createEnv } from '@t3-oss/env-core'; import { createEnv } from '@t3-oss/env-core';
import { z } from 'zod'; import { z } from 'zod';
import { hex, sha256 } from '$lib/hash'; import { sha256 } from '$lib/hash';
import { randomUUID } from 'node:crypto'; import { randomUUID } from 'node:crypto';
import 'dotenv/config'; import 'dotenv/config';
export const env = createEnv({ export const env = createEnv({
runtimeEnv: process.env, runtimeEnv: process.env,
emptyStringAsUndefined: true,
server: { server: {
NODE_ENV: z.enum(['development', 'production', 'test']).default('development'), NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
STORAGE_PATH: z.string().default('/data/storage.pack'), STORAGE_PATH: z.string().default('/data/storage.pack'),
AUTH_SECRET: z.string().default(sha256(randomUUID())), AUTH_SECRET: z.string().default(sha256(randomUUID())),
HASHED_PASSWORD: z.string().default(hex('insecure-password')), HASHED_PASSWORD: z.string().default(sha256('insecure-password')),
ORIGIN: z.string().optional(), ORIGIN: z.string().optional(),
}, },
}); });

3
web/src/routes/login/+page.server.ts
View File

@ -8,6 +8,7 @@ import logger from '$lib/logger';
import { zod } from 'sveltekit-superforms/adapters'; import { zod } from 'sveltekit-superforms/adapters';
import { env } from '$lib/env'; import { env } from '$lib/env';
import { AUTH_COOKIE } from '$lib/constants'; import { AUTH_COOKIE } from '$lib/constants';
import { sha256 } from '$lib/hash';
export const load: PageServerLoad = async () => { export const load: PageServerLoad = async () => {
return { return {
@ -29,7 +30,7 @@ export const actions: Actions = {
const { password } = form.data; const { password } = form.data;
const hashed = HASHED_PASSWORD.toLowerCase(); const hashed = HASHED_PASSWORD.toLowerCase();
const receivedHashed = Buffer.from(password.toString()).toString('hex').toLowerCase(); const receivedHashed = sha256(password).toLowerCase();
if (hashed !== receivedHashed) { if (hashed !== receivedHashed) {
return setError(form, 'password', 'Incorrect password.'); return setError(form, 'password', 'Incorrect password.');