added checks

.password_hash_gen/generator.js

@@ -1,19 +1,41 @@
 const bcrypt = require('bcryptjs');
+const fs = require('fs');
+const path = require('path');
 
-// Get the password from the command-line arguments
 const password = process.argv[2];
 
 if (!password) {
     console.log('Please provide a password as a command-line argument.');
-    process.exit(1);  // Exit the program if no password is provided
+    process.exit(1);
 }
 
 const saltRounds = 10;
 
-// Generate bcrypt hash asynchronously
+const configFilePath = path.join(__dirname, '../panel.config.ts');
+
 bcrypt.hash(password, saltRounds)
     .then(hash => {
         console.log('Generated bcrypt hash:', hash);
+
+        fs.readFile(configFilePath, 'utf8', (err, data) => {
+            if (err) {
+                console.error('Error reading the config file:', err);
+                process.exit(1);
+            }
+
+            const passwordHashRegex = /password_hash:\s*"[^"]*"/;
+
+            const updatedData = data.replace(passwordHashRegex, `password_hash: "${hash}"`) || data.replace(/(password_hash:\s*".*")/, `password_hash: "${hash}"`);
+
+            fs.writeFile(configFilePath, updatedData, 'utf8', (err) => {
+                if (err) {
+                    console.error('Error writing the config file:', err);
+                    process.exit(1);
+                }
+
+                console.log('Updated the password hash in panel.config.ts');
+            });
+        });
     })
     .catch(err => {
         console.error('Error generating hash:', err);

package.json

@@ -8,7 +8,7 @@
     "generate": "nuxt generate",
     "preview": "nuxt preview",
     "postinstall": "nuxt prepare",
-    "password_generator": "node .password_hash_gen/generator.js"
+    "password_gen": "node .password_hash_gen/generator.js"
   },
   "dependencies": {
     "nuxt": "^3.15.4",

panel.config.ts

@@ -24,7 +24,5 @@ export const settings = reactive({
         "libvirt",
         "frp"
     ],
-    password:{
+    password_hash: ""
-        hash: "$2y$10$04HVBBemPypGbaMhTmUxX.DUMir1HA4hT6cst.dGabot1ZWR5IQ.6",
-    },
 });

server/api/login.ts

@@ -14,7 +14,7 @@ export default defineEventHandler(async (event) => {
             return sendError(event, createError({ statusCode: 400, message: 'password is required' }));
         }
 
-        const isMatch = await bcrypt.compare(password, settings.password.hash);
+        const isMatch = await bcrypt.compare(password, settings.password_hash);
         if (!isMatch) {
             Logger.error("Invalid credentials! password");
             return sendError(event, createError({ statusCode: 400, message: 'Invalid credentials!' }));

server/plugins/init.ts

@@ -3,12 +3,22 @@ import { reactive } from "vue";
 import * as crypto from 'crypto';
 import {jwt_globals} from "~/core/globals";
 import Logger from "~/core/logger";
+import {settings} from "~/panel.config";
 
 export default defineNitroPlugin((nitroApp) => {
     Logger.info("Running init...");
+    if(settings.password_hash == ""){
+        throw new Error("The password hash is missing. Please use \"npm run password_gen <password>\" to set the password and then \"npm run build\" rebuild the server files");
+    }
+    if(!isValidBcryptHash(settings.password_hash)){
+        throw new Error("The password hash is invalid. Please use \"npm run password_gen <password>\" to set the password and then \"npm run build\" rebuild the server files");
+    }
     Logger.info("Generating jwt secret...")
     jwt_globals.secret = crypto.randomBytes(32).toString('base64');
     Logger.success("secret: " + jwt_globals.secret)
 });
 
-
+function isValidBcryptHash(hash: string): boolean {
+    const bcryptPattern = /^\$2[aby]\$.{56}$/;
+    return bcryptPattern.test(hash);
+}