1
0
mirror of https://github.com/donaldzou/WGDashboard.git synced 2024-11-06 16:00:28 +01:00
This commit is contained in:
Noxcis 2024-08-18 21:34:42 -05:00
commit ed1c05dec9
2 changed files with 34 additions and 10 deletions

View File

@ -5,7 +5,7 @@ Under Apache-2.0 License
import sqlite3 import sqlite3
import configparser import configparser
import hashlib import bcrypt
import ipaddress import ipaddress
import json import json
# Python Built-in Library # Python Built-in Library
@ -706,16 +706,20 @@ def auth():
""" """
data = request.get_json() data = request.get_json()
config = get_dashboard_conf() config = get_dashboard_conf()
password = hashlib.sha256(data['password'].encode()) saved_password_hash = config["Account"]["password"]
if password.hexdigest() == config["Account"]["password"] \
and data['username'] == config["Account"]["username"]: # Verify the password using bcrypt
if bcrypt.checkpw(data['password'].encode(), saved_password_hash.encode()):
session['username'] = data['username'] session['username'] = data['username']
config.clear() config.clear()
return jsonify({"status": True, "msg": ""}) return jsonify({"status": True, "msg": ""})
config.clear() config.clear()
return jsonify({"status": False, "msg": "Username or Password is incorrect."}) return jsonify({"status": False, "msg": "Username or Password is incorrect."})
""" """
Index Page Index Page
""" """
@ -858,6 +862,7 @@ def update_peer_default_config():
return redirect(url_for("settings")) return redirect(url_for("settings"))
# Update dashboard password # Update dashboard password
@app.route('/update_pwd', methods=['POST']) @app.route('/update_pwd', methods=['POST'])
def update_pwd(): def update_pwd():
@ -867,10 +872,19 @@ def update_pwd():
""" """
config = get_dashboard_conf() config = get_dashboard_conf()
if hashlib.sha256(request.form['currentpass'].encode()).hexdigest() == config.get("Account", "password"): saved_password_hash = config.get("Account", "password")
if hashlib.sha256(request.form['newpass'].encode()).hexdigest() == hashlib.sha256( current_password = request.form['currentpass']
request.form['repnewpass'].encode()).hexdigest(): new_password = request.form['newpass']
config.set("Account", "password", hashlib.sha256(request.form['repnewpass'].encode()).hexdigest()) rep_new_password = request.form['repnewpass']
# Verify the current password using bcrypt
if bcrypt.checkpw(current_password.encode(), saved_password_hash.encode()):
# Check if the new passwords match
if new_password == rep_new_password:
# Hash the new password and update the config
new_password_hash = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt())
config.set("Account", "password", new_password_hash.decode())
try: try:
set_dashboard_conf(config) set_dashboard_conf(config)
session['message'] = "Password updated successfully!" session['message'] = "Password updated successfully!"
@ -894,6 +908,7 @@ def update_pwd():
return redirect(url_for("settings")) return redirect(url_for("settings"))
@app.route('/update_app_ip_port', methods=['POST']) @app.route('/update_app_ip_port', methods=['POST'])
def update_app_ip_port(): def update_app_ip_port():
""" """
@ -1647,7 +1662,15 @@ def init_dashboard():
if "username" not in config['Account']: if "username" not in config['Account']:
config['Account']['username'] = 'admin' config['Account']['username'] = 'admin'
if "password" not in config['Account']: if "password" not in config['Account']:
config['Account']['password'] = '8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918' wg_dash_pass = "admin"
#wg_dash_pass = os.environ.get('WG_DASH_PASS')
# Hash the password using bcrypt
salt = bcrypt.gensalt(rounds=12)
hashed_password_bytes = bcrypt.hashpw(wg_dash_pass.encode('utf-8'), salt)
# Convert the hashed password bytes to a string and remove the leading 'b'
hashed_password_str = hashed_password_bytes.decode('utf-8').lstrip('b')
hashpassword_output = f"{hashed_password_str}"
config['Account']['password'] = hashpassword_output
# Default dashboard server setting # Default dashboard server setting
if "Server" not in config: if "Server" not in config:
config['Server'] = {} config['Server'] = {}

View File

@ -2,6 +2,7 @@ Flask
ifcfg ifcfg
psutil psutil
icmplib icmplib
bcrypt
flask-qrcode flask-qrcode
gunicorn gunicorn
certbot certbot