Moved htpasswd file to traffic and changed hashing algo to bcrypt

2026-02-04 12:04:27 +01:00 · 2019-03-30 23:01:47 +01:00
parent c4159b628f
commit ec6ed5e1af
9 changed files with 58 additions and 54 deletions
--- a/dist/setup.sh
+++ b/dist/setup.sh
@@ -366,42 +366,40 @@ install_docker() {
    next
  fi

-  if [ -d $GATEKEEPER_DATAPATH ]; then
-    if [[ ! -f $GATEKEEPER_DATAPATH/installation.json ]]; then
-      # prevent mounting installation.json as a directory
-      sudo_if_required touch $GATEKEEPER_DATAPATH/installation.json
-    fi
-
-    if [[ ! -d $GATEKEEPER_DATAPATH/certs ]]; then
-      sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/certs > /dev/null 2>&1
-    fi
-
-    if [[ ! -d $GATEKEEPER_DATAPATH/private ]]; then
-      sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/private > /dev/null 2>&1
-    fi
-
-    copy_file $current_path/gatekeeper/api.properties $GATEKEEPER_DATAPATH/api.properties 1 $SUDO_REQUIRED
-    copy_file $current_path/gatekeeper/keys.properties $GATEKEEPER_DATAPATH/keys.properties 1 $SUDO_REQUIRED
-    copy_file $current_path/config.7z $GATEKEEPER_DATAPATH/config.7z 1 $SUDO_REQUIRED
-    copy_file $current_path/client.7z $GATEKEEPER_DATAPATH/client.7z 1 $SUDO_REQUIRED
-    copy_file $current_path/gatekeeper/cert.pem $GATEKEEPER_DATAPATH/certs/cert.pem 1 $SUDO_REQUIRED
-    copy_file $current_path/gatekeeper/key.pem $GATEKEEPER_DATAPATH/private/key.pem 1 $SUDO_REQUIRED
-    copy_file $current_path/gatekeeper/htpasswd $GATEKEEPER_DATAPATH/htpasswd 1 $SUDO_REQUIRED
-    copy_file $current_path/lightning/c-lightning/nginx-spark-conf $GATEKEEPER_DATAPATH/nginx-spark-conf 1 $SUDO_REQUIRED
+  if [[ ! -f $GATEKEEPER_DATAPATH/installation.json ]]; then
+    # prevent mounting installation.json as a directory
+    sudo_if_required touch $GATEKEEPER_DATAPATH/installation.json
  fi

-  if [[ $FEATURE_TRAEFIK == true ]]; then
-    if [ ! -d $TRAEFIK_DATAPATH ]; then
-      step "   [32mcreate[0m $TRAEFIK_DATAPATH"
-      sudo_if_required mkdir -p $TRAEFIK_DATAPATH
-      next
-    fi
-
-    copy_file $current_path/traefik/acme.json $TRAEFIK_DATAPATH/acme.json 1 $SUDO_REQUIRED
-    copy_file $current_path/traefik/traefik.toml $TRAEFIK_DATAPATH/traefik.toml 1 $SUDO_REQUIRED
-
+  if [[ ! -d $GATEKEEPER_DATAPATH/certs ]]; then
+    sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/certs > /dev/null 2>&1
  fi

+  if [[ ! -d $GATEKEEPER_DATAPATH/private ]]; then
+    sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/private > /dev/null 2>&1
+  fi
+
+  copy_file $current_path/gatekeeper/api.properties $GATEKEEPER_DATAPATH/api.properties 1 $SUDO_REQUIRED
+  copy_file $current_path/gatekeeper/keys.properties $GATEKEEPER_DATAPATH/keys.properties 1 $SUDO_REQUIRED
+  copy_file $current_path/config.7z $GATEKEEPER_DATAPATH/config.7z 1 $SUDO_REQUIRED
+  copy_file $current_path/client.7z $GATEKEEPER_DATAPATH/client.7z 1 $SUDO_REQUIRED
+  copy_file $current_path/gatekeeper/cert.pem $GATEKEEPER_DATAPATH/certs/cert.pem 1 $SUDO_REQUIRED
+  copy_file $current_path/gatekeeper/key.pem $GATEKEEPER_DATAPATH/private/key.pem 1 $SUDO_REQUIRED
+  copy_file $current_path/lightning/c-lightning/nginx-spark-conf $GATEKEEPER_DATAPATH/nginx-spark-conf 1 $SUDO_REQUIRED
+  copy_file $current_path/traefik/htpasswd $GATEKEEPER_DATAPATH/htpasswd 1 $SUDO_REQUIRED
+
+
+  if [ ! -d $TRAEFIK_DATAPATH ]; then
+    step "   [32mcreate[0m $TRAEFIK_DATAPATH"
+    sudo_if_required mkdir -p $TRAEFIK_DATAPATH
+    next
+  fi
+
+  copy_file $current_path/traefik/acme.json $TRAEFIK_DATAPATH/acme.json 1 $SUDO_REQUIRED
+  copy_file $current_path/traefik/traefik.toml $TRAEFIK_DATAPATH/traefik.toml 1 $SUDO_REQUIRED
+  copy_file $current_path/traefik/htpasswd $TRAEFIK_DATAPATH/htpasswd 1 $SUDO_REQUIRED
+
+
  if [ ! -d $PROXY_DATAPATH ]; then
    step "   [32mcreate[0m $PROXY_DATAPATH"
    sudo_if_required mkdir -p $PROXY_DATAPATH
--- a/install/Dockerfile
+++ b/install/Dockerfile
@@ -1,6 +1,6 @@
 FROM node:11.1-alpine

-RUN apk add --update bash su-exec p7zip openssl nano && rm -rf /var/cache/apk/*
+RUN apk add --update bash su-exec p7zip openssl nano apache2-utils && rm -rf /var/cache/apk/*
 RUN mkdir -p /app
 RUN mkdir /.config
 RUN chmod a+rwx /.config
--- a/install/generator-cyphernode/generators/app/index.js
+++ b/install/generator-cyphernode/generators/app/index.js
@@ -10,6 +10,7 @@ const name = require('./lib/name.js');
 const Archive = require('./lib/archive.js');
 const ApiKey = require('./lib/apikey.js');
 const Cert = require('./lib/cert.js');
+const htpasswd = require( './lib/htpasswd.js')

 const featureChoices = require('./features.json');
 const uaCommentRegexp = /^[a-zA-Z0-9 \.,:_\-\?\/@]+$/; // TODO: look for spec of unsafe chars
@@ -219,7 +220,7 @@ module.exports = class extends Generator {
      // migrate here
    }

-    this.props.gatekeeper_statuspw = await new Cert().passwd(this.configurationPassword);
+    this.props.initial_admin_password = await htpasswd(this.configurationPassword);

    if( versionOverride ) {
      delete this.props.gatekeeper_version;
--- a/install/generator-cyphernode/generators/app/lib/cert.js
+++ b/install/generator-cyphernode/generators/app/lib/cert.js
@@ -113,21 +113,5 @@ module.exports = class Cert {
 	getFullPath() {
 		return path.join( this.folder, this.filename );
 	}
-
-	async passwd( pw ) {
-		const openssl = spawn('openssl', [ "passwd", pw ], {stdio: ['ignore', 'pipe', 'ignore' ]});
-
-    const result = await new Promise( function(resolve, reject ) {
-      let result = '';
-      openssl.stdout.on('data', (data) => {
-        result += data.toString();
-      });
-
-			openssl.on('exit', (code) => {
-				resolve(result);
-			});
-    });
-
-		return result;
-	}
+	
 }
--- a/install/generator-cyphernode/generators/app/lib/htpasswd.js
+++ b/install/generator-cyphernode/generators/app/lib/htpasswd.js
@@ -0,0 +1,21 @@
+const exec = require('child_process').exec;
+
+module.exports = async ( password ) => {
+
+  if( !password ) {
+    return null;
+  }
+
+  return await new Promise( (resolve) => {
+    exec('htpasswd -bnB admin '+password+' | cut -sd \':\' -f2', (error, stdout, stderr) => {
+      if (error) {
+        return resolve(null);
+      }
+      // remove newline at the end
+      resolve(stdout.substr(0,stdout.length-1));
+    });
+  });
+
+
+};
+
--- a/install/generator-cyphernode/generators/app/prompters/010_gatekeeper.js
+++ b/install/generator-cyphernode/generators/app/prompters/010_gatekeeper.js
@@ -107,6 +107,6 @@ module.exports = {
    }];
  },
  templates: function( props ) {
-    return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem', 'htpasswd' ];
+    return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem' ];
  }
 };
--- a/install/generator-cyphernode/generators/app/prompters/030_traefik.js
+++ b/install/generator-cyphernode/generators/app/prompters/030_traefik.js
@@ -10,6 +10,6 @@ module.exports = {
    return [];
  },
  templates: function( props ) {
-    return [ 'acme.json', 'traefik.toml' ];
+    return [ 'acme.json', 'traefik.toml', 'htpasswd' ];
  }
 };
--- a/install/generator-cyphernode/generators/app/templates/gatekeeper/htpasswd
+++ b/install/generator-cyphernode/generators/app/templates/gatekeeper/htpasswd
@@ -1 +0,0 @@
-admin:<%- gatekeeper_statuspw %>
--- a/install/generator-cyphernode/generators/app/templates/traefik/htpasswd
+++ b/install/generator-cyphernode/generators/app/templates/traefik/htpasswd
@@ -0,0 +1 @@
+admin:<%- initial_admin_password %>