From bf6851a57dd183789a4be36cd181177046f49728 Mon Sep 17 00:00:00 2001
From: Iam54r1n4 <iam54r1n40@proton.me>
Date: Fri, 7 Feb 2025 17:58:15 +0000
Subject: [PATCH] Hash admin password in the config file

---
 core/scripts/webpanel/routers/login/login.py | 9 ++++-----
 core/scripts/webpanel/webpanel_shell.sh      | 3 ++-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/core/scripts/webpanel/routers/login/login.py b/core/scripts/webpanel/routers/login/login.py
index 9988227..e65e88b 100644
--- a/core/scripts/webpanel/routers/login/login.py
+++ b/core/scripts/webpanel/routers/login/login.py
@@ -1,10 +1,11 @@
 from fastapi import APIRouter, Depends, Form, Request
 from fastapi.responses import RedirectResponse
 from fastapi.templating import Jinja2Templates
+from hashlib import sha256
 
 from dependency import get_templates, get_session_manager
 from session import SessionManager
-from config import CONFIGS
+from config import CONFIGS  # type: ignore
 
 router = APIRouter()
 
@@ -23,10 +24,8 @@ async def login_post(
     '''
     Handles login form submission.
     '''
-    ADMIN_USERNAME = CONFIGS.ADMIN_USERNAME
-    ADMIN_PASSWORD = CONFIGS.ADMIN_PASSWORD
-
-    if not username == ADMIN_USERNAME or not password == ADMIN_PASSWORD:
+    password_hash = sha256(password.encode()).hexdigest()
+    if not username == CONFIGS.ADMIN_USERNAME or not password_hash == CONFIGS.ADMIN_PASSWORD:  # type: ignore
         return templates.TemplateResponse('login.html', {'request': request, 'error': 'Invalid username or password'})
 
     session_id = session_manager.set_session(username)
diff --git a/core/scripts/webpanel/webpanel_shell.sh b/core/scripts/webpanel/webpanel_shell.sh
index 65e6c4f..d5aa9b0 100644
--- a/core/scripts/webpanel/webpanel_shell.sh
+++ b/core/scripts/webpanel/webpanel_shell.sh
@@ -32,6 +32,7 @@ update_env_file() {
     local port=$2
     local admin_username=$3
     local admin_password=$4
+    local admin_password_hash=$(echo -n "$admin_password" | sha256sum | cut -d' ' -f1) # hash the password
     local expiration_minutes=$5
     local debug=$6
 
@@ -45,7 +46,7 @@ PORT=$port
 ROOT_PATH=$root_path
 API_TOKEN=$api_token
 ADMIN_USERNAME=$admin_username
-ADMIN_PASSWORD=$admin_password
+ADMIN_PASSWORD=$admin_password_hash
 EXPIRATION_MINUTES=$expiration_minutes
 EOL
 }