Hash admin password in the config file

2025-02-07 17:58:15 +00:00
parent 9dcace9792
commit bf6851a57d
2 changed files with 6 additions and 6 deletions
--- a/core/scripts/webpanel/routers/login/login.py
+++ b/core/scripts/webpanel/routers/login/login.py
@ -1,10 +1,11 @@
 from fastapi import APIRouter, Depends, Form, Request
 from fastapi.responses import RedirectResponse
 from fastapi.templating import Jinja2Templates
+from hashlib import sha256

 from dependency import get_templates, get_session_manager
 from session import SessionManager
-from config import CONFIGS
+from config import CONFIGS  # type: ignore

 router = APIRouter()

@ -23,10 +24,8 @@ async def login_post(
    '''
    Handles login form submission.
    '''
-    ADMIN_USERNAME = CONFIGS.ADMIN_USERNAME
-    ADMIN_PASSWORD = CONFIGS.ADMIN_PASSWORD
-
-    if not username == ADMIN_USERNAME or not password == ADMIN_PASSWORD:
+    password_hash = sha256(password.encode()).hexdigest()
+    if not username == CONFIGS.ADMIN_USERNAME or not password_hash == CONFIGS.ADMIN_PASSWORD:  # type: ignore
        return templates.TemplateResponse('login.html', {'request': request, 'error': 'Invalid username or password'})

    session_id = session_manager.set_session(username)
--- a/core/scripts/webpanel/webpanel_shell.sh
+++ b/core/scripts/webpanel/webpanel_shell.sh
@ -32,6 +32,7 @@ update_env_file() {
    local port=$2
    local admin_username=$3
    local admin_password=$4
+    local admin_password_hash=$(echo -n "$admin_password" | sha256sum | cut -d' ' -f1) # hash the password
    local expiration_minutes=$5
    local debug=$6

@ -45,7 +46,7 @@ PORT=$port
 ROOT_PATH=$root_path
 API_TOKEN=$api_token
 ADMIN_USERNAME=$admin_username
-ADMIN_PASSWORD=$admin_password
+ADMIN_PASSWORD=$admin_password_hash
 EXPIRATION_MINUTES=$expiration_minutes
 EOL
 }