mirror
/
wg-easy
mirror of https://github.com/wg-easy/wg-easy
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

add: setup page 

- add: in-memory database provider
- create a new account (signup)
- login with username and password
- first setup page to create an account
- PASSWORD_HASH was removed from environment and files was updated/removed due to that change
pull/1330/head
tetuaoro 9 months ago
parent
07cead5bf2
commit
21a38eb3c8
26 changed files with 376 additions and 258 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      How_to_generate_an_bcrypt_hash.md
  2. 46
      README.md
  3. 1
      docker-compose.dev.yml
  4. 1
      docker-compose.yml
  5. 82
      src/adapters/database/inmemory.ts
  6. 5
      src/composables/useDatabase.ts
  7. 17
      src/pages/login.vue
  8. 60
      src/pages/setup.vue
  9. 15
      src/plugins/database.server.ts
  10. 53
      src/ports/database.ts
  11. 15
      src/ports/types.ts
  12. 4
      src/ports/user/interface.ts
  13. 14
      src/ports/user/model.ts
  14. 22
      src/server/api/account/new.post.ts
  15. 5
      src/server/api/lang.get.ts
  16. 15
      src/server/api/session.post.ts
  17. 12
      src/server/middleware/session.ts
  18. 16
      src/server/middleware/setup.ts
  19. 16
      src/server/utils/Database.ts
  20. 3
      src/server/utils/config.ts
  21. 42
      src/server/utils/password.ts
  22. 5
      src/server/utils/types.ts
  23. 14
      src/stores/auth.ts
  24. 17
      src/utils/api.ts
  25. 49
      src/wgpw.js
  26. 5
      src/wgpw.sh

36
How_to_generate_an_bcrypt_hash.md
View File

@ -1,36 +0,0 @@
# wg-password
`wg-password` (wgpw) is a script that generates bcrypt password hashes for use with `wg-easy`, enhancing security by requiring passwords.
## Features
- Generate bcrypt password hashes.
- Easily integrate with `wg-easy` to enforce password requirements.
## Usage with Docker
To generate a bcrypt password hash using docker, run the following command :
```sh
docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD
PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD
```
**Important** : make sure to enclose your password in **single quotes** when you run `docker run` command :
```bash
$ echo $2b$12$coPqCsPtcF <-- not correct
b2
$ echo "$2b$12$coPqCsPtcF" <-- not correct
b2
$ echo '$2b$12$coPqCsPtcF' <-- correct
$2b$12$coPqCsPtcF
```
**Important** : Please note: don't wrap the generated hash password in single quotes when you use `docker-compose.yml`. Instead, replace each `$` symbol with two `$$` symbols. For example:
``` yaml
- PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG
```
This hash is for the password 'foobar123', obtained using the command `docker run ghcr.io/wg-easy/wg-easy wgpw foobar123` and then inserted an additional `$` before each existing `$` symbal.

46
README.md
View File

@ -14,25 +14,25 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
## Features
* All-in-one: WireGuard + Web UI.
* Easy installation, simple to use.
* List, create, edit, delete, enable & disable clients.
* Show a client's QR code.
* Download a client's configuration file.
* Statistics for which clients are connected.
* Tx/Rx charts for each connected client.
* Gravatar support.
* Automatic Light / Dark Mode
* Multilanguage Support
* Traffic Stats (default off)
* One Time Links (default off)
* Client Expiry (default off)
* Prometheus metrics support
- All-in-one: WireGuard + Web UI.
- Easy installation, simple to use.
- List, create, edit, delete, enable & disable clients.
- Show a client's QR code.
- Download a client's configuration file.
- Statistics for which clients are connected.
- Tx/Rx charts for each connected client.
- Gravatar support.
- Automatic Light / Dark Mode
- Multilanguage Support
- Traffic Stats (default off)
- One Time Links (default off)
- Client Expiry (default off)
- Prometheus metrics support
## Requirements
* A host with a kernel that supports WireGuard (all modern kernels).
* A host with Docker installed.
- A host with a kernel that supports WireGuard (all modern kernels).
- A host with Docker installed.
## Versions
@ -40,7 +40,7 @@ We provide more then 1 docker image to get, this will help you decide which one
For **stable** versions instead of nightly or development please read **README** from the **production** branch!
| tag | Branch | Example | Description |
| - | - | - | - |
| ------------- | ------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
| `latest` | production | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | stable as possbile get bug fixes quickly when needed, deployed against `production`. |
| `13` | production | `ghcr.io/wg-easy/wg-easy:13` | same as latest, stick to a version tag. |
| `nightly` | master | `ghcr.io/wg-easy/wg-easy:nightly` | mostly unstable gets frequent package and code updates, deployed against `master`. |
@ -69,7 +69,6 @@ To automatically install & run wg-easy, simply run:
--name=wg-easy \
-e LANG=de \
-e WG_HOST=<🚨YOUR_SERVER_IP> \
-e PASSWORD_HASH=<🚨YOUR_ADMIN_PASSWORD_HASH> \
-e PORT=51821 \
-e WG_PORT=51820 \
-v ~/.wg-easy:/etc/wireguard \
@ -84,8 +83,6 @@ To automatically install & run wg-easy, simply run:
```
> 💡 Replace `YOUR_SERVER_IP` with your WAN IP, or a Dynamic DNS hostname.
>
> 💡 Replace `YOUR_ADMIN_PASSWORD_HASH` with a bcrypt password hash to log in on the Web UI. See [How_to_generate_an_bcrypt_hash.md](./How_to_generate_an_bcrypt_hash.md) for know how generate the hash.
The Web UI will now be available on `http://0.0.0.0:51821`.
@ -106,14 +103,13 @@ Are you enjoying this project? [Buy Emile a beer!](https://github.com/sponsors/W
These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command.
| Env | Default | Example | Description |
| - | - | - |------------------------------------------------------------------------------------------------------------------------------------------------------|
| ----------------------------- | ----------------- | ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `PORT` | `51821` | `6789` | TCP port for Web UI. |
| `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to. |
| `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md") for know how generate the hash. |
| `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server. |
| `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through. |
| `WG_PORT` | `51820` | `12345` | The public UDP port of your VPN server. WireGuard will listen on that (othwise default) inside the Docker container. |
| `WG_CONFIG_PORT`| `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy)
| `WG_CONFIG_PORT` | `51820` | `12345` | The UDP port used on [Home Assistant Plugin](https://github.com/adriy-be/homeassistant-addons-jdeath/tree/main/wgeasy) |
| `WG_MTU` | `null` | `1420` | The MTU the clients will use. Server uses default WG MTU. |
| `WG_PERSISTENT_KEEPALIVE` | `0` | `25` | Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. |
| `WG_DEFAULT_ADDRESS` | `10.8.0.x` | `10.6.0.x` | Clients IP address range. |
@ -157,7 +153,7 @@ was pulled.
## Common Use Cases
* [Using WireGuard-Easy with Pi-Hole](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-Pi-Hole)
* [Using WireGuard-Easy with nginx/SSL](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL)
- [Using WireGuard-Easy with Pi-Hole](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-Pi-Hole)
- [Using WireGuard-Easy with nginx/SSL](https://github.com/wg-easy/wg-easy/wiki/Using-WireGuard-Easy-with-nginx-SSL)
For less common or specific edge-case scenarios, please refer to the detailed information provided in the [Wiki](https://github.com/wg-easy/wg-easy/wiki).

1
docker-compose.dev.yml
View File

@ -15,7 +15,6 @@ services:
- NET_ADMIN
- SYS_MODULE
environment:
- PASSWORD_HASH=$$2y$$10$$Vhi2tF1i2c/ReW3LdLOru.z7LDITqBgb2wrSVw6sa.KEtbpYgSAf2 # foobar123
- WG_HOST=192.168.1.233
# folders should be generated inside container

1
docker-compose.yml
View File

@ -12,7 +12,6 @@ services:
- WG_HOST=raspberrypi.local
# Optional:
# - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
# - PORT=51821
# - WG_PORT=51820
# - WG_CONFIG_PORT=92820

82
src/adapters/database/inmemory.ts
View File

@ -1,14 +1,18 @@
import debug from 'debug';
import packageJson from '@/package.json';
import DatabaseProvider from '~/ports/database';
import DatabaseProvider, { DatabaseError } from '~/ports/database';
import { ChartType, Lang } from '~/ports/types';
import { ROLE } from '~/ports/user/model';
import type { SessionConfig } from 'h3';
import type { System } from '~/ports/system/model';
import type { User } from '~/ports/user/model';
import type { Identity } from '~/ports/types';
import type { Identity, String } from '~/ports/types';
import {
hashPasswordWithBcrypt,
isPasswordStrong,
} from '~/server/utils/password';
const INMDP_DEBUG = debug('InMemoryDP');
@ -19,10 +23,10 @@ type InMemoryData = {
};
// In-Memory Database Provider
export class InMemory extends DatabaseProvider {
export default class InMemory extends DatabaseProvider {
protected data: InMemoryData = { users: [] };
override async connect() {
async connect() {
INMDP_DEBUG('Connection...');
const system: System = {
release: packageJson.release.version,
@ -73,11 +77,11 @@ export class InMemory extends DatabaseProvider {
INMDP_DEBUG('Connection done');
}
override async disconnect() {
async disconnect() {
this.data = { users: [] };
}
override async getSystem() {
async getSystem() {
INMDP_DEBUG('Get System');
return this.data.system;
}
@ -87,53 +91,69 @@ export class InMemory extends DatabaseProvider {
this.data.system = system;
}
override async getLang() {
async getLang() {
return this.data.system?.lang || Lang.EN;
}
override async getUsers() {
async getUsers() {
return this.data.users;
}
override async getUser(id: Identity<User>) {
async getUser(id: Identity<User>) {
INMDP_DEBUG('Get User');
if (typeof id === 'string') {
if (typeof id === 'string' || typeof id === 'number') {
return this.data.users.find((user) => user.id === id);
}
return this.data.users.find((user) => user.id === id.id);
}
override async saveUser(user: User) {
async newUserWithPassword(username: String, password: String) {
INMDP_DEBUG('New User');
if (username.length < 8) {
throw new DatabaseError(DatabaseError.ERROR_USERNAME_LEN);
}
if (!isPasswordStrong(password)) {
throw new DatabaseError(DatabaseError.ERROR_PASSWORD_REQ);
}
const isUserExist = this.data.users.find(
(user) => user.username === username
);
if (isUserExist) {
throw new DatabaseError(DatabaseError.ERROR_USER_EXIST);
}
const now = new Date();
const isUserEmpty = this.data.users.length == 0;
const newUser: User = {
id: `${this.data.users.length + 1}`,
password: hashPasswordWithBcrypt(password),
username,
role: isUserEmpty ? ROLE.ADMIN : ROLE.CLIENT,
enabled: true,
createdAt: now,
updatedAt: now,
};
this.data.users.push(newUser);
}
async saveUser(user: User) {
let _user = await this.getUser(user);
if (_user) {
INMDP_DEBUG('Update User');
_user = user;
} else {
INMDP_DEBUG('New User');
if (this.data.users.length == 0) {
// first user is admin
user.role = ROLE.ADMIN;
}
this.data.users.push(user);
}
}
override async deleteUser(id: Identity<User>) {
const _id = typeof id === 'string' ? id : id.id;
async deleteUser(id: Identity<User>) {
INMDP_DEBUG('Delete User');
const _id = typeof id === 'string' || typeof id === 'number' ? id : id.id;
const idx = this.data.users.findIndex((user) => user.id == _id);
if (idx !== -1) {
this.data.users.splice(idx, 1);
}
}
}
export default function initInMemoryProvider() {
const provider = new InMemory();
provider.connect().catch((err) => {
console.error(err);
process.exit(1);
});
return provider;
}

5
src/composables/useDatabase.ts
View File

@ -1,5 +0,0 @@
import type { InMemory } from '~/adapters/database/inmemory';
export default (): InMemory => {
return useNuxtApp().$database;
};

17
src/pages/login.vue
View File

@ -18,6 +18,15 @@
<IconsAvatar class="w-10 h-10 m-5 text-white dark:text-white" />
</div>
<input
v-model="username"
type="text"
name="username"
:placeholder="$t('username')"
autocomplete="username"
class="px-3 py-2 text-sm dark:bg-neutral-700 text-gray-500 dark:text-gray-500 mb-5 border-2 border-gray-100 dark:border-neutral-800 rounded-lg w-full focus:border-red-800 dark:focus:border-red-800 dark:placeholder:text-neutral-400 outline-none"
/>
<input
v-model="password"
type="password"
@ -77,6 +86,7 @@
<script setup lang="ts">
const authenticating = ref(false);
const remember = ref(false);
const username = ref<string>();
const password = ref<null | string>(null);
const authStore = useAuthStore();
const globalStore = useGlobalStore();
@ -84,12 +94,17 @@ const globalStore = useGlobalStore();
async function login(e: Event) {
e.preventDefault();
if (!username.value) return;
if (!password.value) return;
if (authenticating.value) return;
authenticating.value = true;
try {
const res = await authStore.login(password.value, remember.value);
const res = await authStore.login(
username.value,
password.value,
remember.value
);
if (res) {
await navigateTo('/');
}

60
src/pages/setup.vue
View File

@ -0,0 +1,60 @@
<template>
<main>
<div>
<h1>Welcome to your first setup of wg-easy !</h1>
<p>Please first enter an admin username and a strong password.</p>
<form @submit="newAccount">
<div>
<label for="username">Username</label>
<input
id="username"
v-model="username"
type="text"
name="username"
autocomplete="username"
/>
</div>
<div>
<label for="password">New Password</label>
<input
id="password"
v-model="password"
type="password"
name="password"
autocomplete="new-password"
/>
</div>
<div>
<label for="accept">I accept the condition.</label>
<input id="accept" type="checkbox" name="accept" />
</div>
<button type="submit">Save</button>
</form>
</div>
</main>
</template>
<script setup lang="ts">
const username = ref<string>();
const password = ref<string>();
const authStore = useAuthStore();
async function newAccount(e: Event) {
e.preventDefault();
if (!username.value) return;
if (!password.value) return;
try {
const res = await authStore.signup(username.value, password.value);
if (res) {
navigateTo('/login');
}
} catch (error) {
if (error instanceof Error) {
// TODO: replace alert with actual ui error message
alert(error.message || error.toString());
}
}
}
</script>

15
src/plugins/database.server.ts
View File

@ -1,15 +0,0 @@
/**
* Changing the Database Provider
* This design allows for easy swapping of different database implementations.
*
*/
import initInMemoryProvider from '~/adapters/database/inmemory';
export default defineNuxtPlugin(() => {
return {
provide: {
database: initInMemoryProvider(),
},
};
});

53
src/ports/database.ts
View File

@ -1,12 +1,15 @@
import type SystemRepository from './system/interface';
import type UserRepository from './user/interface';
import type { Identity, Undefined, Lang } from './types';
import type { Identity, Undefined, Lang, String } from './types';
import type { User } from './user/model';
import type { System } from './system/model';
/**
* Abstract class for database operations.
* Provides methods to connect, disconnect, and interact with system and user data.
*
* *Note : Throw with `DatabaseError` to ensure API handling errors.*
*
*/
export default abstract class DatabaseProvider
implements SystemRepository, UserRepository
@ -14,33 +17,37 @@ export default abstract class DatabaseProvider
/**
* Connects to the database.
*/
connect(): Promise<void> {
throw new Error('Method not implemented.');
}
abstract connect(): Promise<void>;
/**
* Disconnects from the database.
*/
disconnect(): Promise<void> {
throw new Error('Method not implemented.');
}
abstract disconnect(): Promise<void>;
getSystem(): Promise<System | Undefined> {
throw new Error('Method not implemented.');
}
getLang(): Promise<Lang> {
throw new Error('Method not implemented.');
}
abstract getSystem(): Promise<System | Undefined>;
abstract getLang(): Promise<Lang>;
getUsers(): Promise<Array<User>> {
throw new Error('Method not implemented.');
abstract getUsers(): Promise<Array<User>>;
abstract getUser(_id: Identity<User>): Promise<User | Undefined>;
abstract newUserWithPassword(
_username: String,
_password: String
): Promise<void>;
abstract saveUser(_user: User): Promise<void>;
abstract deleteUser(_id: Identity<User>): Promise<void>;
}
getUser(_id: Identity<User>): Promise<User | Undefined> {
throw new Error('Method not implemented.');
}
saveUser(_user: User): Promise<void> {
throw new Error('Method not implemented.');
}
deleteUser(_id: Identity<User>): Promise<void> {
throw new Error('Method not implemented.');
export class DatabaseError extends Error {
static readonly ERROR_PASSWORD_REQ =
'Password does not meet the strength requirements. It must be at least 12 characters long, with at least one uppercase letter, one lowercase letter, one number, and one special character.';
static readonly ERROR_USER_EXIST = 'User already exists.';
static readonly ERROR_DATABASE_CONNECTION =
'Failed to connect to the database.';
static readonly ERROR_USERNAME_LEN =
'Username must be longer than 8 characters.';
constructor(message: string) {
super(message);
this.name = 'DatabaseError';
}
}

15
src/ports/types.ts
View File

@ -6,11 +6,12 @@ export enum Lang {
FR = 'fr',
}
export type String = string;
export type ID = String;
export type Number = number;
export type ID = String | Number;
export type Boolean = boolean;
export type Version = String;
export type SessionTimeOut = number;
export type Port = number;
export type SessionTimeOut = Number;
export type Port = Number;
export type Address = String;
export type HashPassword = String;
export type Command = String;
@ -27,8 +28,8 @@ export type WGInterface = {
address: Address;
};
export type WGConfig = {
mtu: number;
persistentKeepalive: number;
mtu: Number;
persistentKeepalive: Number;
rangeAddress: Address;
defaultDns: Array<Address>;
allowedIps: Array<Address>;
@ -40,11 +41,11 @@ export enum ChartType {
Bar = 3,
}
export type TrafficStats = {
enabled: boolean;
enabled: Boolean;
type: ChartType;
};
export type Prometheus = {
enabled: boolean;
enabled: Boolean;
password?: HashPassword | Undefined;
};
/**

4
src/ports/user/interface.ts
View File

@ -1,4 +1,4 @@
import type { Identity, Undefined } from '../types';
import type { Identity, String, Undefined } from '../types';
import type { User } from './model';
/**
@ -20,6 +20,8 @@ export default interface UserRepository {
*/
getUser(id: Identity<User>): Promise<User | Undefined>;
newUserWithPassword(username: String, password: String): Promise<void>;
/**
* Creates or updates a user in the database.
* @param {User} user - The user to be saved.

14
src/ports/user/model.ts
View File

@ -1,4 +1,4 @@
import type { Address, ID, Key, HashPassword, String } from '../types';
import type { Address, ID, Key, HashPassword, String, Boolean } from '../types';
export enum ROLE {
/* Full permissions to any resources (app, database...) */
@ -17,12 +17,12 @@ export type User = {
role: ROLE;
username: String;
password: HashPassword;
name: String;
address: Address;
privateKey: Key;
publicKey: Key;
preSharedKey: String;
name?: String;
address?: Address;
privateKey?: Key;
publicKey?: Key;
preSharedKey?: String;
createdAt: Date;
updatedAt: Date;
enabled: boolean;
enabled: Boolean;
};

22
src/server/api/account/new.post.ts
View File

@ -0,0 +1,22 @@
import { DatabaseError } from '~/ports/database';
type Request = { username: string; password: string };
export default defineEventHandler(async (event) => {
setHeader(event, 'Content-Type', 'application/json');
try {
// TODO use zod
const { username, password } = await readBody<Request>(event);
await Database.newUserWithPassword(username, password);
return { success: true };
} catch (error) {
if (error instanceof DatabaseError) {
throw createError({
statusCode: 400,
statusMessage: error.message,
});
} else {
throw createError('Something happened !');
}
}
});

5
src/server/api/lang.get.ts
View File

@ -1,7 +1,4 @@
import useDatabase from '~/composables/useDatabase';
export default defineEventHandler(async (event) => {
setHeader(event, 'Content-Type', 'application/json');
const db = useDatabase();
return db.getLang();
return await Database.getLang();
});

15
src/server/api/session.post.ts
View File

@ -1,7 +1,7 @@
import type { SessionConfig } from 'h3';
export default defineEventHandler(async (event) => {
const { password, remember } = await readValidatedBody(
const { username, password, remember } = await readValidatedBody(
event,
validateZod(passwordType)
);
@ -14,7 +14,17 @@ export default defineEventHandler(async (event) => {
statusMessage: 'Invalid state',
});
}
if (!isPasswordValid(password, PASSWORD_HASH)) {
const users = await Database.getUsers();
const user = users.find((user) => user.username == username);
if (!user)
throw createError({
statusCode: 400,
statusMessage: 'User with username does not exist',
});
const userHashPassword = user.password;
if (!isPasswordValid(password, userHashPassword)) {
throw createError({
statusCode: 401,
statusMessage: 'Incorrect Password',
@ -35,6 +45,7 @@ export default defineEventHandler(async (event) => {
const data = await session.update({
authenticated: true,
userId: user.id,
});
SERVER_DEBUG(`New Session: ${data.id}`);

12
src/server/middleware/session.ts
View File

@ -3,6 +3,7 @@ export default defineEventHandler(async (event) => {
if (
!REQUIRES_PASSWORD ||
!url.pathname.startsWith('/api/') ||
url.pathname === '/api/account/new' ||
url.pathname === '/api/session' ||
url.pathname === '/api/lang' ||
url.pathname === '/api/release' ||
@ -18,7 +19,16 @@ export default defineEventHandler(async (event) => {
const authorization = getHeader(event, 'Authorization');
if (url.pathname.startsWith('/api/') && authorization) {
if (isPasswordValid(authorization, PASSWORD_HASH)) {
const users = await Database.getUsers();
const user = users.find((user) => user.id == session.data.userId);
if (!user)
throw createError({
statusCode: 401,
statusMessage: 'Session failed',
});
const userHashPassword = user.password;
if (isPasswordValid(authorization, userHashPassword)) {
return;
}
throw createError({

16
src/server/middleware/setup.ts
View File

@ -0,0 +1,16 @@
/* First setup of wg-easy app */
export default defineEventHandler(async (event) => {
const url = getRequestURL(event);
if (
url.pathname.startsWith('/setup') ||
url.pathname === '/api/account/new'
) {
return;
}
const users = await Database.getUsers();
if (users.length === 0) {
return sendRedirect(event, '/setup', 302);
}
});

16
src/server/utils/Database.ts
View File

@ -0,0 +1,16 @@
/**
* Changing the Database Provider
* This design allows for easy swapping of different database implementations.
*
*/
import InMemory from '~/adapters/database/inmemory';
const provider = new InMemory();
provider.connect().catch((err) => {
console.error(err);
process.exit(1);
});
export default provider;

3
src/server/utils/config.ts
View File

@ -7,7 +7,6 @@ const version = packageJSON.release.version;
export const RELEASE = version;
export const PORT = process.env.PORT || '51821';
export const WEBUI_HOST = process.env.WEBUI_HOST || '0.0.0.0';
export const PASSWORD_HASH = process.env.PASSWORD_HASH;
export const MAX_AGE = process.env.MAX_AGE
? parseInt(process.env.MAX_AGE, 10) * 60
: 0;
@ -64,7 +63,7 @@ export const ENABLE_PROMETHEUS_METRICS =
export const PROMETHEUS_METRICS_PASSWORD =
process.env.PROMETHEUS_METRICS_PASSWORD;
export const REQUIRES_PASSWORD = !!PASSWORD_HASH;
export const REQUIRES_PASSWORD = true;
export const REQUIRES_PROMETHEUS_PASSWORD = !!PROMETHEUS_METRICS_PASSWORD;
export const SESSION_CONFIG = {

42
src/server/utils/password.ts
View File

@ -1,17 +1,47 @@
import bcrypt from 'bcryptjs';
/**
* Checks if `password` matches the PASSWORD_HASH.
*
* If environment variable is not set, the password is always invalid.
* Checks if `password` matches the user password.
*
* @param {string} password String to test
* @returns {boolean} true if matching environment, otherwise false
* @returns {boolean} `true` if matching user password, otherwise `false`
*/
export function isPasswordValid(password: string, hash?: string): boolean {
if (hash) {
export function isPasswordValid(password: string, hash: string): boolean {
return bcrypt.compareSync(password, hash);
}
/**
* Checks if a password is strong based on following criteria :
*
* - minimum length of 12 characters
* - contains at least one uppercase letter
* - contains at least one lowercase letter
* - contains at least one number
* - contains at least one special character (e.g., !@#$%^&*(),.?":{}|<>).
*
* @param {string} password - The password to validate
* @returns {boolean} `true` if the password is strong, otherwise `false`
*/
export function isPasswordStrong(password: string): boolean {
if (password.length < 12) {
return false;
}
const hasUpperCase = /[A-Z]/.test(password);
const hasLowerCase = /[a-z]/.test(password);
const hasNumber = /\d/.test(password);
const hasSpecialChar = /[!@#$%^&*(),.?":{}|<>]/.test(password);
return hasUpperCase && hasLowerCase && hasNumber && hasSpecialChar;
}
/**
* Hashes a password using the bcrypt algorithm.
*
* @param {string} password - The plaintext password to hash
* @returns {string} The bcrypt hash of the password
*/
export function hashPasswordWithBcrypt(password: string): string {
return bcrypt.hashSync(password, 12);
}

5
src/server/utils/types.ts
View File

@ -26,6 +26,10 @@ const file = z
.string({ message: 'File must be a valid string' })
.pipe(safeStringRefine);
const username = z
.string({ message: 'Username must be a valid string' })
.pipe(safeStringRefine);
const password = z
.string({ message: 'Password must be a valid string' })
.pipe(safeStringRefine);
@ -83,6 +87,7 @@ export const fileType = z.object(
export const passwordType = z.object(
{
username: username,
password: password,
remember: remember,
},

14
src/stores/auth.ts
View File

@ -4,8 +4,16 @@ export const useAuthStore = defineStore('Auth', () => {
/**
* @throws if unsuccessful
*/
async function login(password: string, remember: boolean) {
const response = await api.createSession({ password, remember });
async function signup(username: string, password: string) {
const response = await api.newAccount({ username, password });
return response.success;
}
/**
* @throws if unsuccessful
*/
async function login(username: string, password: string, remember: boolean) {
const response = await api.createSession({ username, password, remember });
requiresPassword.value = response.requiresPassword;
return true as const;
}
@ -26,5 +34,5 @@ export const useAuthStore = defineStore('Auth', () => {
requiresPassword.value = session.requiresPassword;
}
return { requiresPassword, login, logout, update };
return { requiresPassword, login, logout, update, signup };
});

17
src/utils/api.ts
View File

@ -49,15 +49,17 @@ class API {
}
async createSession({
username,
password,
remember,
}: {
username: string;
password: string | null;
remember: boolean;
}) {
return $fetch('/api/session', {
method: 'post',
body: { password, remember },
body: { username, password, remember },
});
}
@ -161,6 +163,19 @@ class API {
method: 'get',
});
}
async newAccount({
username,
password,
}: {
username: string;
password: string;
}) {
return $fetch('/api/account/new', {
method: 'post',
body: { username, password },
});
}
}
type WGClientReturn = Awaited<

49
src/wgpw.js
View File

@ -1,49 +0,0 @@
// Import needed libraries
import bcrypt from 'bcryptjs';
// Function to generate hash
const generateHash = async (password) => {
try {
const salt = await bcrypt.genSalt(12);
const hash = await bcrypt.hash(password, salt);
console.log(`PASSWORD_HASH='${hash}'`);
} catch (error) {
throw new Error(`Failed to generate hash : ${error}`);
}
};
// Function to compare password with hash
const comparePassword = async (password, hash) => {
try {
const match = await bcrypt.compare(password, hash);
if (match) {
console.log('Password matches the hash !');
} else {
console.log('Password does not match the hash.');
}
} catch (error) {
throw new Error(`Failed to compare password and hash : ${error}`);
}
};
(async () => {
try {
// Retrieve command line arguments
const args = process.argv.slice(2); // Ignore the first two arguments
if (args.length > 2) {
throw new Error('Usage : wgpw YOUR_PASSWORD [HASH]');
}
const [password, hash] = args;
if (password && hash) {
await comparePassword(password, hash);
} else if (password) {
await generateHash(password);
}
} catch (error) {
console.error(error);
process.exit(1);
}
})();

5
src/wgpw.sh
View File

@ -1,5 +0,0 @@
#!/bin/sh
# This script is intended to be run only inside a docker container, not on the development host machine
set -e
# proxy command
node /app/wgpw.mjs "$@"
Write Preview
Loading…
Cancel
Save