nizar/server-master
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove insecure defaults and backdoor-like bootstrap credentials

Browse source
This commit is contained in:
nizar 2026-02-23 23:36:39 +01:00
parent 376a8fcbd8
commit a9b43aae99
4 changed files with 27 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
srcs/PhoenixLib.DAL.EFCore.PGSQL/PgSqlDatabaseConfiguration.cs
View file

@ -28,7 +28,8 @@ namespace PhoenixLib.DAL.EFCore.PGSQL
{ {
string ip = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_IP") ?? "localhost"; string ip = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_IP") ?? "localhost";
string username = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_USER") ?? "postgres"; string username = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_USER") ?? "postgres";
string password = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PASSWORD") ?? "postgres"; string password = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PASSWORD")
?? throw new InvalidOperationException("POSTGRES_DATABASE_PASSWORD environment variable is required");
string database = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_NAME") ?? "postgres"; string database = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_NAME") ?? "postgres";
if (!ushort.TryParse(Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PORT") ?? "5432", out ushort port)) if (!ushort.TryParse(Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PORT") ?? "5432", out ushort port))
{ {
@ -38,6 +39,6 @@ namespace PhoenixLib.DAL.EFCore.PGSQL
return new PgSqlDatabaseConfiguration<TDbContext>(ip, username, password, database, port); return new PgSqlDatabaseConfiguration<TDbContext>(ip, username, password, database, port);
} }
public override string ToString() => $"Server={Ip};Port={Port};Database={Database};User Id={Username};Password={Password};"; public override string ToString() => $"Server={Ip};Port={Port};Database={Database};User Id={Username};Password=***;";
} }
} }

19
srcs/Toolkit/CommandHandlers/CreateAccountCommandHandler.cs
View file

@ -1,5 +1,6 @@
using System; using System;
using System.Linq; using System.Linq;
using System.Security.Cryptography;
using System.Threading.Tasks; using System.Threading.Tasks;
using dotenv.net; using dotenv.net;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
@ -65,20 +66,22 @@ public class CreateAccountCommandHandler
return 0; return 0;
} }
context.Account.Add(new AccountEntity string adminUsername = Environment.GetEnvironmentVariable("TOOLKIT_ADMIN_USERNAME") ?? "admin";
string adminPassword = Environment.GetEnvironmentVariable("TOOLKIT_ADMIN_PASSWORD");
if (string.IsNullOrWhiteSpace(adminPassword))
{ {
Authority = AuthorityType.Root, byte[] generatedPasswordBytes = new byte[24];
Language = AccountLanguage.EN, RandomNumberGenerator.Fill(generatedPasswordBytes);
Name = "admin", adminPassword = Convert.ToBase64String(generatedPasswordBytes);
Password = "test".ToSha512() Log.Warn($"[DEFAULT ACCOUNT] TOOLKIT_ADMIN_PASSWORD is missing. Generated temporary password for '{adminUsername}': {adminPassword}");
}); }
context.Account.Add(new AccountEntity context.Account.Add(new AccountEntity
{ {
Authority = AuthorityType.Root, Authority = AuthorityType.Root,
Language = AccountLanguage.EN, Language = AccountLanguage.EN,
Name = "test", Name = adminUsername,
Password = "test".ToSha512() Password = adminPassword.ToSha512()
}); });
await context.SaveChangesAsync(); await context.SaveChangesAsync();
Log.Info("[DEFAULT ACCOUNT] Accounts created!"); Log.Info("[DEFAULT ACCOUNT] Accounts created!");

2
srcs/_plugins/Plugin.DB.EF/DB/DatabaseConfiguration.cs
View file

@ -39,7 +39,7 @@ namespace Plugin.Database.DB
public override string ToString() => $"Host={Ip};Port={Port.ToString()}" public override string ToString() => $"Host={Ip};Port={Port.ToString()}"
+ $";Database={Database}" + $";Database={Database}"
+ $";Username={Username}" + $";Username={Username}"
+ $";Password={Password}" + $";Password=***"
+ $";Read Buffer Size={ReadBufferSize.ToString()}" + $";Read Buffer Size={ReadBufferSize.ToString()}"
+ $";Write Buffer Size={WriteBufferSize.ToString()}" + $";Write Buffer Size={WriteBufferSize.ToString()}"
+ $";Include Error Detail={IncludeErrorDetail.ToString()}"; + $";Include Error Detail={IncludeErrorDetail.ToString()}";

17
srcs/_plugins/Plugin.MongoLogs/Utils/MongoLogsConfiguration.cs
View file

@ -19,15 +19,22 @@ namespace Plugin.MongoLogs.Utils
public string Username { get; } public string Username { get; }
public string Password { get; } public string Password { get; }
public static MongoLogsConfiguration FromEnv() => public static MongoLogsConfiguration FromEnv()
new( {
string username = Environment.GetEnvironmentVariable("WINGSEMU_MONGO_USERNAME")
?? throw new InvalidOperationException("WINGSEMU_MONGO_USERNAME environment variable is required");
string password = Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PWD")
?? throw new InvalidOperationException("WINGSEMU_MONGO_PWD environment variable is required");
return new MongoLogsConfiguration(
Environment.GetEnvironmentVariable("WINGSEMU_MONGO_HOST") ?? "localhost", Environment.GetEnvironmentVariable("WINGSEMU_MONGO_HOST") ?? "localhost",
short.Parse(Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PORT") ?? "27017"), short.Parse(Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PORT") ?? "27017"),
Environment.GetEnvironmentVariable("WINGSEMU_MONGO_DB") ?? "wingsemu_logs", Environment.GetEnvironmentVariable("WINGSEMU_MONGO_DB") ?? "wingsemu_logs",
Environment.GetEnvironmentVariable("WINGSEMU_MONGO_USERNAME") ?? "root", username,
Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PWD") ?? "root" password
); );
}
public override string ToString() => $"mongodb://{Username}:{Password}@{Host}:{Port}"; public override string ToString() => $"mongodb://***:***@{Host}:{Port}";
} }
} }