Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-05-07 02:16:50 +02:00
Code Issues Packages Projects Releases Wiki Activity

security improvments

Browse Source
This commit is contained in:
usmannasir
2024-01-22 17:03:01 +05:00
parent d1151684dc
commit 01e7fa6f7a
7 changed files with 66 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
plogical/acl.py
View File

@@ -147,7 +147,7 @@ class ACLManager:
or value.find("`") > -1 or value.find("$") > -1 or value.find("(") > -1 or value.find(")") > -1 \
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
"{") > -1 or value.find("}") > -1 \
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1 or value.find("&") > -1:
return 1
else:
return 0

41
plogical/hashPassword.py
View File

@@ -1,18 +1,35 @@
import uuid
import hashlib
# import uuid
# import hashlib
# import base64
#
# def hash_password(password):
# # uuid is used to generate a random number
# salt = uuid.uuid4().hex
# return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
#
#
# def check_password(hashed_password, user_password):
# password, salt = hashed_password.split(':')
# return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
#
# def generateToken(serverUserName, serverPassword):
# credentials = '{0}:{1}'.format(serverUserName, serverPassword).encode()
# encoded_credentials = base64.b64encode(credentials).decode()
# return 'Basic {0}'.format(encoded_credentials)
import bcrypt
import base64
import secrets
def hash_password(password):
# uuid is used to generate a random number
salt = uuid.uuid4().hex
return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
salt = bcrypt.gensalt()
hashed_password = bcrypt.hashpw(password.encode(), salt)
return hashed_password.decode()
def check_password(hashed_password, user_password):
password, salt = hashed_password.split(':')
return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
return bcrypt.checkpw(user_password.encode(), hashed_password.encode())
def generateToken(serverUserName, serverPassword):
credentials = '{0}:{1}'.format(serverUserName, serverPassword).encode()
encoded_credentials = base64.b64encode(credentials).decode()
return 'Basic {0}'.format(encoded_credentials)
def generate_token():
token = base64.urlsafe_b64encode(secrets.token_bytes(32)).decode()
return token