Compare commits
2 Commits
7e11b2d531
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| a5aa45759c | |||
| c5b161487b |
@@ -6,13 +6,14 @@ WORKDIR /image_drop
|
||||
ENV PYTHONDONTWRITEBYTECODE=1 \
|
||||
PYTHONUNBUFFERED=1
|
||||
|
||||
# Copy app code
|
||||
COPY . /image_drop
|
||||
|
||||
# Install Python deps
|
||||
COPY requirements.txt .
|
||||
RUN pip install --no-cache-dir -r requirements.txt \
|
||||
&& pip install --no-cache-dir python-multipart
|
||||
|
||||
# Copy app code
|
||||
COPY . /image_drop
|
||||
|
||||
|
||||
# Data dir for SQLite (state.db)
|
||||
#RUN mkdir -p /data
|
||||
|
||||
@@ -234,7 +234,8 @@ def _hash_password(pw: str) -> str:
|
||||
salt = os.urandom(16)
|
||||
iterations = 200_000
|
||||
dk = hashlib.pbkdf2_hmac('sha256', pw.encode('utf-8'), salt, iterations)
|
||||
return f"pbkdf2_sha256${iterations}${binascii.hexlify(salt).decode()}${binascii.hexlify(dk).decode()}"
|
||||
# use - as the delimiter to avoid Docker env variable substitution
|
||||
return f"pbkdf2_sha256-{iterations}-{binascii.hexlify(salt).decode()}-{binascii.hexlify(dk).decode()}"
|
||||
except Exception:
|
||||
return ""
|
||||
|
||||
@@ -243,7 +244,7 @@ def _verify_password(stored: str, pw: Optional[str]) -> bool:
|
||||
if not pw or not stored:
|
||||
return False
|
||||
try:
|
||||
algo, iter_s, salt_hex, hash_hex = stored.split("$")
|
||||
algo, iter_s, salt_hex, hash_hex = stored.split("-")
|
||||
if algo != 'pbkdf2_sha256':
|
||||
return False
|
||||
iterations = int(iter_s)
|
||||
@@ -901,7 +902,7 @@ async def api_login(request: Request) -> JSONResponse:
|
||||
|
||||
stored_password = SETTINGS.admin_password
|
||||
password_ok = False
|
||||
if stored_password.startswith("pbkdf2_sha256$"):
|
||||
if stored_password.startswith("pbkdf2_sha256-"):
|
||||
password_ok = _verify_password(stored_password, password)
|
||||
else:
|
||||
password_ok = (password == stored_password)
|
||||
|
||||
@@ -34,7 +34,8 @@ def _hash_password(pw: str) -> str:
|
||||
salt = os.urandom(16)
|
||||
iterations = 200_000
|
||||
dk = hashlib.pbkdf2_hmac('sha256', pw.encode('utf-8'), salt, iterations)
|
||||
return f"pbkdf2_sha256${iterations}${binascii.hexlify(salt).decode()}${binascii.hexlify(dk).decode()}"
|
||||
# use - as the delimiter to avoid Docker env variable substitution
|
||||
return f"pbkdf2_sha256-{iterations}-{binascii.hexlify(salt).decode()}-{binascii.hexlify(dk).decode()}"
|
||||
except Exception:
|
||||
return ""
|
||||
|
||||
@@ -46,7 +47,7 @@ def load_settings() -> Settings:
|
||||
except Exception:
|
||||
pass
|
||||
admin_password = os.getenv("ADMIN_PASSWORD", "admin") # Default for convenience, should be changed
|
||||
if not admin_password.startswith("pbkdf2_sha256$"):
|
||||
if not admin_password.startswith("pbkdf2_sha256-"):
|
||||
print("="*60)
|
||||
print("WARNING: ADMIN_PASSWORD is in plaintext.")
|
||||
print("For better security, use the hashed password below in your .env file:")
|
||||
|
||||
Reference in New Issue
Block a user