From ec6ed5e1af54cdb8e7229d46d5d31f5e8f6a856d Mon Sep 17 00:00:00 2001 From: SKP Date: Sat, 30 Mar 2019 23:01:47 +0100 Subject: [PATCH] Moved htpasswd file to traffic and changed hashing algo to bcrypt --- dist/setup.sh | 62 +++++++++---------- install/Dockerfile | 2 +- .../generators/app/index.js | 3 +- .../generators/app/lib/cert.js | 18 +----- .../generators/app/lib/htpasswd.js | 21 +++++++ .../app/prompters/010_gatekeeper.js | 2 +- .../generators/app/prompters/030_traefik.js | 2 +- .../app/templates/gatekeeper/htpasswd | 1 - .../generators/app/templates/traefik/htpasswd | 1 + 9 files changed, 58 insertions(+), 54 deletions(-) create mode 100644 install/generator-cyphernode/generators/app/lib/htpasswd.js delete mode 100644 install/generator-cyphernode/generators/app/templates/gatekeeper/htpasswd create mode 100644 install/generator-cyphernode/generators/app/templates/traefik/htpasswd diff --git a/dist/setup.sh b/dist/setup.sh index e6e33e9..8a871d4 100755 --- a/dist/setup.sh +++ b/dist/setup.sh @@ -366,42 +366,40 @@ install_docker() { next fi - if [ -d $GATEKEEPER_DATAPATH ]; then - if [[ ! -f $GATEKEEPER_DATAPATH/installation.json ]]; then - # prevent mounting installation.json as a directory - sudo_if_required touch $GATEKEEPER_DATAPATH/installation.json - fi - - if [[ ! -d $GATEKEEPER_DATAPATH/certs ]]; then - sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/certs > /dev/null 2>&1 - fi - - if [[ ! -d $GATEKEEPER_DATAPATH/private ]]; then - sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/private > /dev/null 2>&1 - fi - - copy_file $current_path/gatekeeper/api.properties $GATEKEEPER_DATAPATH/api.properties 1 $SUDO_REQUIRED - copy_file $current_path/gatekeeper/keys.properties $GATEKEEPER_DATAPATH/keys.properties 1 $SUDO_REQUIRED - copy_file $current_path/config.7z $GATEKEEPER_DATAPATH/config.7z 1 $SUDO_REQUIRED - copy_file $current_path/client.7z $GATEKEEPER_DATAPATH/client.7z 1 $SUDO_REQUIRED - copy_file $current_path/gatekeeper/cert.pem $GATEKEEPER_DATAPATH/certs/cert.pem 1 $SUDO_REQUIRED - copy_file $current_path/gatekeeper/key.pem $GATEKEEPER_DATAPATH/private/key.pem 1 $SUDO_REQUIRED - copy_file $current_path/gatekeeper/htpasswd $GATEKEEPER_DATAPATH/htpasswd 1 $SUDO_REQUIRED - copy_file $current_path/lightning/c-lightning/nginx-spark-conf $GATEKEEPER_DATAPATH/nginx-spark-conf 1 $SUDO_REQUIRED + if [[ ! -f $GATEKEEPER_DATAPATH/installation.json ]]; then + # prevent mounting installation.json as a directory + sudo_if_required touch $GATEKEEPER_DATAPATH/installation.json fi - if [[ $FEATURE_TRAEFIK == true ]]; then - if [ ! -d $TRAEFIK_DATAPATH ]; then - step " create $TRAEFIK_DATAPATH" - sudo_if_required mkdir -p $TRAEFIK_DATAPATH - next - fi - - copy_file $current_path/traefik/acme.json $TRAEFIK_DATAPATH/acme.json 1 $SUDO_REQUIRED - copy_file $current_path/traefik/traefik.toml $TRAEFIK_DATAPATH/traefik.toml 1 $SUDO_REQUIRED - + if [[ ! -d $GATEKEEPER_DATAPATH/certs ]]; then + sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/certs > /dev/null 2>&1 fi + if [[ ! -d $GATEKEEPER_DATAPATH/private ]]; then + sudo_if_required mkdir -p $GATEKEEPER_DATAPATH/private > /dev/null 2>&1 + fi + + copy_file $current_path/gatekeeper/api.properties $GATEKEEPER_DATAPATH/api.properties 1 $SUDO_REQUIRED + copy_file $current_path/gatekeeper/keys.properties $GATEKEEPER_DATAPATH/keys.properties 1 $SUDO_REQUIRED + copy_file $current_path/config.7z $GATEKEEPER_DATAPATH/config.7z 1 $SUDO_REQUIRED + copy_file $current_path/client.7z $GATEKEEPER_DATAPATH/client.7z 1 $SUDO_REQUIRED + copy_file $current_path/gatekeeper/cert.pem $GATEKEEPER_DATAPATH/certs/cert.pem 1 $SUDO_REQUIRED + copy_file $current_path/gatekeeper/key.pem $GATEKEEPER_DATAPATH/private/key.pem 1 $SUDO_REQUIRED + copy_file $current_path/lightning/c-lightning/nginx-spark-conf $GATEKEEPER_DATAPATH/nginx-spark-conf 1 $SUDO_REQUIRED + copy_file $current_path/traefik/htpasswd $GATEKEEPER_DATAPATH/htpasswd 1 $SUDO_REQUIRED + + + if [ ! -d $TRAEFIK_DATAPATH ]; then + step " create $TRAEFIK_DATAPATH" + sudo_if_required mkdir -p $TRAEFIK_DATAPATH + next + fi + + copy_file $current_path/traefik/acme.json $TRAEFIK_DATAPATH/acme.json 1 $SUDO_REQUIRED + copy_file $current_path/traefik/traefik.toml $TRAEFIK_DATAPATH/traefik.toml 1 $SUDO_REQUIRED + copy_file $current_path/traefik/htpasswd $TRAEFIK_DATAPATH/htpasswd 1 $SUDO_REQUIRED + + if [ ! -d $PROXY_DATAPATH ]; then step " create $PROXY_DATAPATH" sudo_if_required mkdir -p $PROXY_DATAPATH diff --git a/install/Dockerfile b/install/Dockerfile index 7d8e6d3..dd55465 100644 --- a/install/Dockerfile +++ b/install/Dockerfile @@ -1,6 +1,6 @@ FROM node:11.1-alpine -RUN apk add --update bash su-exec p7zip openssl nano && rm -rf /var/cache/apk/* +RUN apk add --update bash su-exec p7zip openssl nano apache2-utils && rm -rf /var/cache/apk/* RUN mkdir -p /app RUN mkdir /.config RUN chmod a+rwx /.config diff --git a/install/generator-cyphernode/generators/app/index.js b/install/generator-cyphernode/generators/app/index.js index 8d9366c..aafc2c8 100644 --- a/install/generator-cyphernode/generators/app/index.js +++ b/install/generator-cyphernode/generators/app/index.js @@ -10,6 +10,7 @@ const name = require('./lib/name.js'); const Archive = require('./lib/archive.js'); const ApiKey = require('./lib/apikey.js'); const Cert = require('./lib/cert.js'); +const htpasswd = require( './lib/htpasswd.js') const featureChoices = require('./features.json'); const uaCommentRegexp = /^[a-zA-Z0-9 \.,:_\-\?\/@]+$/; // TODO: look for spec of unsafe chars @@ -219,7 +220,7 @@ module.exports = class extends Generator { // migrate here } - this.props.gatekeeper_statuspw = await new Cert().passwd(this.configurationPassword); + this.props.initial_admin_password = await htpasswd(this.configurationPassword); if( versionOverride ) { delete this.props.gatekeeper_version; diff --git a/install/generator-cyphernode/generators/app/lib/cert.js b/install/generator-cyphernode/generators/app/lib/cert.js index 1a61c99..3049906 100644 --- a/install/generator-cyphernode/generators/app/lib/cert.js +++ b/install/generator-cyphernode/generators/app/lib/cert.js @@ -113,21 +113,5 @@ module.exports = class Cert { getFullPath() { return path.join( this.folder, this.filename ); } - - async passwd( pw ) { - const openssl = spawn('openssl', [ "passwd", pw ], {stdio: ['ignore', 'pipe', 'ignore' ]}); - - const result = await new Promise( function(resolve, reject ) { - let result = ''; - openssl.stdout.on('data', (data) => { - result += data.toString(); - }); - - openssl.on('exit', (code) => { - resolve(result); - }); - }); - - return result; - } + } diff --git a/install/generator-cyphernode/generators/app/lib/htpasswd.js b/install/generator-cyphernode/generators/app/lib/htpasswd.js new file mode 100644 index 0000000..7531794 --- /dev/null +++ b/install/generator-cyphernode/generators/app/lib/htpasswd.js @@ -0,0 +1,21 @@ +const exec = require('child_process').exec; + +module.exports = async ( password ) => { + + if( !password ) { + return null; + } + + return await new Promise( (resolve) => { + exec('htpasswd -bnB admin '+password+' | cut -sd \':\' -f2', (error, stdout, stderr) => { + if (error) { + return resolve(null); + } + // remove newline at the end + resolve(stdout.substr(0,stdout.length-1)); + }); + }); + + +}; + diff --git a/install/generator-cyphernode/generators/app/prompters/010_gatekeeper.js b/install/generator-cyphernode/generators/app/prompters/010_gatekeeper.js index 7bc1993..194b1da 100644 --- a/install/generator-cyphernode/generators/app/prompters/010_gatekeeper.js +++ b/install/generator-cyphernode/generators/app/prompters/010_gatekeeper.js @@ -107,6 +107,6 @@ module.exports = { }]; }, templates: function( props ) { - return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem', 'htpasswd' ]; + return [ 'keys.properties', 'api.properties', 'cert.pem', 'key.pem' ]; } }; diff --git a/install/generator-cyphernode/generators/app/prompters/030_traefik.js b/install/generator-cyphernode/generators/app/prompters/030_traefik.js index 353b449..7561e97 100644 --- a/install/generator-cyphernode/generators/app/prompters/030_traefik.js +++ b/install/generator-cyphernode/generators/app/prompters/030_traefik.js @@ -10,6 +10,6 @@ module.exports = { return []; }, templates: function( props ) { - return [ 'acme.json', 'traefik.toml' ]; + return [ 'acme.json', 'traefik.toml', 'htpasswd' ]; } }; diff --git a/install/generator-cyphernode/generators/app/templates/gatekeeper/htpasswd b/install/generator-cyphernode/generators/app/templates/gatekeeper/htpasswd deleted file mode 100644 index 7cf9383..0000000 --- a/install/generator-cyphernode/generators/app/templates/gatekeeper/htpasswd +++ /dev/null @@ -1 +0,0 @@ -admin:<%- gatekeeper_statuspw %> diff --git a/install/generator-cyphernode/generators/app/templates/traefik/htpasswd b/install/generator-cyphernode/generators/app/templates/traefik/htpasswd new file mode 100644 index 0000000..fba8148 --- /dev/null +++ b/install/generator-cyphernode/generators/app/templates/traefik/htpasswd @@ -0,0 +1 @@ +admin:<%- initial_admin_password %>