shockrah/bubble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Safely generating passwords for admin users

Browse Source
This commit is contained in:
shockrah 2025-03-19 21:26:14 -07:00
parent 6cf8a02100
commit 99a3b57cf6
5 changed files with 78 additions and 2388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2433
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

3
Cargo.toml
View File

@ -2,6 +2,5 @@
resolver = "2" resolver = "2"
members = [ members = [
"admin-cli", "admin-cli"
"api"
] ]

1
admin-cli/Cargo.toml
View File

@ -10,3 +10,4 @@ base64 = "0.22.1"
serde = { version = "1.0.215", features = ["derive"] } serde = { version = "1.0.215", features = ["derive"] }
serde_json = "1.0.133" serde_json = "1.0.133"
argon2 = "0.5.3" argon2 = "0.5.3"
rand_core = { version = "0.9.3", features = [ "os_rng" ] }

16
admin-cli/src/main.rs
View File

@ -1,11 +1,13 @@
use std::env; use std::env;
use std::fs; use std::fs;
use std::io::Read; use std::io::Read;
use argon2::password_hash::Salt;
use clap::Parser; use clap::Parser;
use postgres::{Client, NoTls}; use postgres::{Client, NoTls};
use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _}; use base64::{engine::general_purpose::URL_SAFE_NO_PAD, Engine as _};
use base64::engine::general_purpose::STANDARD_NO_PAD;
use serde::Serialize; use serde::Serialize;
use argon2::{Argon2, PasswordHasher, password_hash::Salt}; use argon2::{Argon2, PasswordHasher};
const PASSWORD_LENGTH: usize = 64; const PASSWORD_LENGTH: usize = 64;
@ -43,10 +45,18 @@ fn random_string(size: usize) -> String {
URL_SAFE_NO_PAD.encode(buffer) URL_SAFE_NO_PAD.encode(buffer)
} }
fn random_b64_std(size: usize) -> String {
let mut buffer = vec![0; size];
let mut f = std::fs::File::open("/dev/urandom").unwrap();
f.read_exact(&mut buffer).unwrap();
STANDARD_NO_PAD.encode(buffer)
}
fn salt_and_hash(password: &str) -> String { fn salt_and_hash(password: &str) -> String {
// Generates a salted and hashed variation of the given password // Generates a salted and hashed variation of the given password
let salt_str = random_string(8); let salt_str = random_b64_std(8);
let salt: Salt = salt_str.as_str().try_into().unwrap(); let salt = Salt::from_b64(&salt_str).unwrap();
let a2 = Argon2::default(); let a2 = Argon2::default();
let hash = a2.hash_password(password.as_bytes(), salt).unwrap(); let hash = a2.hash_password(password.as_bytes(), salt).unwrap();
hash.to_string() hash.to_string()

13
dev.py
View File

@ -23,6 +23,12 @@ if __name__ == '__main__':
'--check-container', '--check-container',
help='Execs into the given container with bash for debugging' help='Execs into the given container with bash for debugging'
) )
parser.add_argument(
'-s',
'--server',
help='Run a debug server (assumes db is ready)',
action='store_true'
)
args = parser.parse_args() args = parser.parse_args()
os.environ['DB_CONNECTION_STRING'] = args.db_url os.environ['DB_CONNECTION_STRING'] = args.db_url
if args.init_db: if args.init_db:
@ -33,3 +39,10 @@ if __name__ == '__main__':
) )
if args.check_container: if args.check_container:
run(f'docker exec -it {args.check_container} bash'.split()) run(f'docker exec -it {args.check_container} bash'.split())
if args.server:
run(
f'npm run debug',
env=os.environ,
cwd='api',
shell=True
)