From c56a146def4fc0ed7acc1ee61fd5886572262833 Mon Sep 17 00:00:00 2001
From: WeeXnes <somtrigi@gmail.com>
Date: Fri, 28 Feb 2025 21:39:49 +0100
Subject: [PATCH] added checks

---
 .password_hash_gen/generator.js | 28 +++++++++++++++++++++++++---
 package.json                    |  2 +-
 panel.config.ts                 |  4 +---
 server/api/login.ts             |  2 +-
 server/plugins/init.ts          | 12 +++++++++++-
 5 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/.password_hash_gen/generator.js b/.password_hash_gen/generator.js
index e9aa871..18624e8 100644
--- a/.password_hash_gen/generator.js
+++ b/.password_hash_gen/generator.js
@@ -1,19 +1,41 @@
 const bcrypt = require('bcryptjs');
+const fs = require('fs');
+const path = require('path');
 
-// Get the password from the command-line arguments
 const password = process.argv[2];
 
 if (!password) {
     console.log('Please provide a password as a command-line argument.');
-    process.exit(1);  // Exit the program if no password is provided
+    process.exit(1);
 }
 
 const saltRounds = 10;
 
-// Generate bcrypt hash asynchronously
+const configFilePath = path.join(__dirname, '../panel.config.ts');
+
 bcrypt.hash(password, saltRounds)
     .then(hash => {
         console.log('Generated bcrypt hash:', hash);
+
+        fs.readFile(configFilePath, 'utf8', (err, data) => {
+            if (err) {
+                console.error('Error reading the config file:', err);
+                process.exit(1);
+            }
+
+            const passwordHashRegex = /password_hash:\s*"[^"]*"/;
+
+            const updatedData = data.replace(passwordHashRegex, `password_hash: "${hash}"`) || data.replace(/(password_hash:\s*".*")/, `password_hash: "${hash}"`);
+
+            fs.writeFile(configFilePath, updatedData, 'utf8', (err) => {
+                if (err) {
+                    console.error('Error writing the config file:', err);
+                    process.exit(1);
+                }
+
+                console.log('Updated the password hash in panel.config.ts');
+            });
+        });
     })
     .catch(err => {
         console.error('Error generating hash:', err);
diff --git a/package.json b/package.json
index 5465229..c5c95fd 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
     "generate": "nuxt generate",
     "preview": "nuxt preview",
     "postinstall": "nuxt prepare",
-    "password_generator": "node .password_hash_gen/generator.js"
+    "password_gen": "node .password_hash_gen/generator.js"
   },
   "dependencies": {
     "nuxt": "^3.15.4",
diff --git a/panel.config.ts b/panel.config.ts
index a448412..e0b5ecc 100644
--- a/panel.config.ts
+++ b/panel.config.ts
@@ -24,7 +24,5 @@ export const settings = reactive({
         "libvirt",
         "frp"
     ],
-    password:{
-        hash: "$2y$10$04HVBBemPypGbaMhTmUxX.DUMir1HA4hT6cst.dGabot1ZWR5IQ.6",
-    },
+    password_hash: ""
 });
\ No newline at end of file
diff --git a/server/api/login.ts b/server/api/login.ts
index 3635e2c..53f2096 100644
--- a/server/api/login.ts
+++ b/server/api/login.ts
@@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => {
             return sendError(event, createError({ statusCode: 400, message: 'password is required' }));
         }
 
-        const isMatch = await bcrypt.compare(password, settings.password.hash);
+        const isMatch = await bcrypt.compare(password, settings.password_hash);
         if (!isMatch) {
             Logger.error("Invalid credentials! password");
             return sendError(event, createError({ statusCode: 400, message: 'Invalid credentials!' }));
diff --git a/server/plugins/init.ts b/server/plugins/init.ts
index 5e45a31..cd88604 100644
--- a/server/plugins/init.ts
+++ b/server/plugins/init.ts
@@ -3,12 +3,22 @@ import { reactive } from "vue";
 import * as crypto from 'crypto';
 import {jwt_globals} from "~/core/globals";
 import Logger from "~/core/logger";
+import {settings} from "~/panel.config";
 
 export default defineNitroPlugin((nitroApp) => {
     Logger.info("Running init...");
+    if(settings.password_hash == ""){
+        throw new Error("The password hash is missing. Please use \"npm run password_gen <password>\" to set the password and then \"npm run build\" rebuild the server files");
+    }
+    if(!isValidBcryptHash(settings.password_hash)){
+        throw new Error("The password hash is invalid. Please use \"npm run password_gen <password>\" to set the password and then \"npm run build\" rebuild the server files");
+    }
     Logger.info("Generating jwt secret...")
     jwt_globals.secret = crypto.randomBytes(32).toString('base64');
     Logger.success("secret: " + jwt_globals.secret)
 });
 
-
+function isValidBcryptHash(hash: string): boolean {
+    const bcryptPattern = /^\$2[aby]\$.{56}$/;
+    return bcryptPattern.test(hash);
+}