Merge a4151800f1 into 4aed647865

Merge pull request #254 from Upellift99/main
Enabling use of underscores in configuration name
2024-02-02 15:01:56 +02:00 · 2024-02-01 18:39:05 -05:00 · 2024-02-01 09:53:04 +01:00 · 2024-02-01 09:47:52 +01:00 · 2023-12-05 04:47:40 -08:00 · 2023-12-05 04:44:01 -08:00
3 changed files with 40 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -568,7 +568,8 @@ Bug Fixed:
  - [jQuery](https://jquery.com) `v3.5.1`
 - Python
  - [Flask](https://pypi.org/project/Flask/) `v2.0.1`
-  - [ifcfg](https://pypi.org/project/ifcfg/) `v0.21`
+  - [ifcfg](https://pypi.org/project/ifcfg/) `v0.24`
+  - [psutil](https://pypi.org/project/psutil/) `v5.9.8`
  - [icmplib](https://pypi.org/project/icmplib/) `v2.1.1`
  - [flask-qrcode](https://pypi.org/project/Flask-QRcode/) `v3.0.0`

--- a/src/dashboard.py
+++ b/src/dashboard.py
@ -5,7 +5,7 @@ Under Apache-2.0 License

 import sqlite3
 import configparser
-import hashlib
+import bcrypt
 import ipaddress
 import json
 # Python Built-in Library
@ -21,6 +21,7 @@ from datetime import datetime, timedelta
 from operator import itemgetter
 # PIP installed library
 import ifcfg
+import psutil
 from flask import Flask, request, render_template, redirect, url_for, session, jsonify, g
 from flask_qrcode import QRcode
 from icmplib import ping, traceroute
@ -472,8 +473,8 @@ def get_conf_status(config_name):
    @param config_name:
    @return: Return a string indicate the running status
    """
-    ifconfig = dict(ifcfg.interfaces().items())
-    return "running" if config_name in ifconfig.keys() else "stopped"
+    addrs = psutil.net_if_addrs()
+    return "running" if config_name in addrs else "stopped"


 def get_conf_list():
@ -705,16 +706,20 @@ def auth():
    """
    data = request.get_json()
    config = get_dashboard_conf()
-    password = hashlib.sha256(data['password'].encode())
-    if password.hexdigest() == config["Account"]["password"] \
-            and data['username'] == config["Account"]["username"]:
+    saved_password_hash = config["Account"]["password"]
+    
+    # Verify the password using bcrypt
+    if bcrypt.checkpw(data['password'].encode(), saved_password_hash.encode()):
        session['username'] = data['username']
        config.clear()
        return jsonify({"status": True, "msg": ""})
+    
    config.clear()
    return jsonify({"status": False, "msg": "Username or Password is incorrect."})


+
+
 """
 Index Page
 """
@ -857,6 +862,7 @@ def update_peer_default_config():
        return redirect(url_for("settings"))


+
 # Update dashboard password
@app.route('/update_pwd', methods=['POST'])
 def update_pwd():
@ -866,10 +872,19 @@ def update_pwd():
    """

    config = get_dashboard_conf()
-    if hashlib.sha256(request.form['currentpass'].encode()).hexdigest() == config.get("Account", "password"):
-        if hashlib.sha256(request.form['newpass'].encode()).hexdigest() == hashlib.sha256(
-                request.form['repnewpass'].encode()).hexdigest():
-            config.set("Account", "password", hashlib.sha256(request.form['repnewpass'].encode()).hexdigest())
+    saved_password_hash = config.get("Account", "password")
+    current_password = request.form['currentpass']
+    new_password = request.form['newpass']
+    rep_new_password = request.form['repnewpass']
+
+    # Verify the current password using bcrypt
+    if bcrypt.checkpw(current_password.encode(), saved_password_hash.encode()):
+        # Check if the new passwords match
+        if new_password == rep_new_password:
+            # Hash the new password and update the config
+            new_password_hash = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt())
+            config.set("Account", "password", new_password_hash.decode())
+
            try:
                set_dashboard_conf(config)
                session['message'] = "Password update successfully!"
@ -893,6 +908,7 @@ def update_pwd():
        return redirect(url_for("settings"))


+
@app.route('/update_app_ip_port', methods=['POST'])
 def update_app_ip_port():
    """
@ -1610,7 +1626,15 @@ def init_dashboard():
    if "username" not in config['Account']:
        config['Account']['username'] = 'admin'
    if "password" not in config['Account']:
-        config['Account']['password'] = '8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918'
+        wg_dash_pass = "admin"
+        #wg_dash_pass = os.environ.get('WG_DASH_PASS')
+        # Hash the password using bcrypt
+        salt = bcrypt.gensalt(rounds=12)
+        hashed_password_bytes = bcrypt.hashpw(wg_dash_pass.encode('utf-8'), salt)
+        # Convert the hashed password bytes to a string and remove the leading 'b'
+        hashed_password_str = hashed_password_bytes.decode('utf-8').lstrip('b')
+        hashpassword_output = f"{hashed_password_str}"
+        config['Account']['password'] = hashpassword_output
    # Default dashboard server setting
    if "Server" not in config:
        config['Server'] = {}
--- a/src/requirements.txt
+++ b/src/requirements.txt
@ -1,6 +1,8 @@
 Flask
 ifcfg
+psutil
 icmplib
+bcrypt
 flask-qrcode
 gunicorn
-certbot
+certbot
Author	SHA1	Message	Date
Noxcis	46da2c3537	Merge `a4151800f1` into `4aed647865`	2024-02-02 15:01:56 +02:00
Donald Zou	4aed647865	Merge pull request #254 from Upellift99/main Enabling use of underscores in configuration name	2024-02-01 18:39:05 -05:00
John	74ab7aaa3d	Enabling use of underscores in configuration name.	2024-02-01 09:53:04 +01:00
John	dcf2055851	Enabling use of underscores in configuration name.	2024-02-01 09:47:52 +01:00
Noxcis	a4151800f1	Update requirements.txt	2023-12-05 04:47:40 -08:00
Noxcis	932f24c966	Update dashboard.py	2023-12-05 04:44:01 -08:00