Remove insecure defaults and backdoor-like bootstrap credentials

2026-02-23 23:36:39 +01:00 · 2026-02-23 23:36:39 +01:00 · a9b43aae99
commit a9b43aae99
parent 376a8fcbd8
4 changed files with 27 additions and 16 deletions
--- a/srcs/PhoenixLib.DAL.EFCore.PGSQL/PgSqlDatabaseConfiguration.cs
+++ b/srcs/PhoenixLib.DAL.EFCore.PGSQL/PgSqlDatabaseConfiguration.cs
@ -28,7 +28,8 @@ namespace PhoenixLib.DAL.EFCore.PGSQL
        {
            string ip = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_IP") ?? "localhost";
            string username = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_USER") ?? "postgres";
-            string password = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PASSWORD") ?? "postgres";
+            string password = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PASSWORD")
+                              ?? throw new InvalidOperationException("POSTGRES_DATABASE_PASSWORD environment variable is required");
            string database = Environment.GetEnvironmentVariable("POSTGRES_DATABASE_NAME") ?? "postgres";
            if (!ushort.TryParse(Environment.GetEnvironmentVariable("POSTGRES_DATABASE_PORT") ?? "5432", out ushort port))
            {
@ -38,6 +39,6 @@ namespace PhoenixLib.DAL.EFCore.PGSQL
            return new PgSqlDatabaseConfiguration<TDbContext>(ip, username, password, database, port);
        }

-        public override string ToString() => $"Server={Ip};Port={Port};Database={Database};User Id={Username};Password={Password};";
+        public override string ToString() => $"Server={Ip};Port={Port};Database={Database};User Id={Username};Password=***;";
    }
 }
--- a/srcs/Toolkit/CommandHandlers/CreateAccountCommandHandler.cs
+++ b/srcs/Toolkit/CommandHandlers/CreateAccountCommandHandler.cs
@ -1,5 +1,6 @@
 using System;
 using System.Linq;
+using System.Security.Cryptography;
 using System.Threading.Tasks;
 using dotenv.net;
 using Microsoft.EntityFrameworkCore;
@ -65,20 +66,22 @@ public class CreateAccountCommandHandler
                return 0;
            }

-            context.Account.Add(new AccountEntity
+            string adminUsername = Environment.GetEnvironmentVariable("TOOLKIT_ADMIN_USERNAME") ?? "admin";
+            string adminPassword = Environment.GetEnvironmentVariable("TOOLKIT_ADMIN_PASSWORD");
+            if (string.IsNullOrWhiteSpace(adminPassword))
            {
-                Authority = AuthorityType.Root,
-                Language = AccountLanguage.EN,
-                Name = "admin",
-                Password = "test".ToSha512()
-            });
+                byte[] generatedPasswordBytes = new byte[24];
+                RandomNumberGenerator.Fill(generatedPasswordBytes);
+                adminPassword = Convert.ToBase64String(generatedPasswordBytes);
+                Log.Warn($"[DEFAULT ACCOUNT] TOOLKIT_ADMIN_PASSWORD is missing. Generated temporary password for '{adminUsername}': {adminPassword}");
+            }

            context.Account.Add(new AccountEntity
            {
                Authority = AuthorityType.Root,
                Language = AccountLanguage.EN,
-                Name = "test",
-                Password = "test".ToSha512()
+                Name = adminUsername,
+                Password = adminPassword.ToSha512()
            });
            await context.SaveChangesAsync();
            Log.Info("[DEFAULT ACCOUNT] Accounts created!");
--- a/srcs/_plugins/Plugin.DB.EF/DB/DatabaseConfiguration.cs
+++ b/srcs/_plugins/Plugin.DB.EF/DB/DatabaseConfiguration.cs
@ -39,7 +39,7 @@ namespace Plugin.Database.DB
        public override string ToString() => $"Host={Ip};Port={Port.ToString()}"
            + $";Database={Database}"
            + $";Username={Username}"
-            + $";Password={Password}"
+            + $";Password=***"
            + $";Read Buffer Size={ReadBufferSize.ToString()}"
            + $";Write Buffer Size={WriteBufferSize.ToString()}"
            + $";Include Error Detail={IncludeErrorDetail.ToString()}";
--- a/srcs/_plugins/Plugin.MongoLogs/Utils/MongoLogsConfiguration.cs
+++ b/srcs/_plugins/Plugin.MongoLogs/Utils/MongoLogsConfiguration.cs
@ -19,15 +19,22 @@ namespace Plugin.MongoLogs.Utils
        public string Username { get; }
        public string Password { get; }

-        public static MongoLogsConfiguration FromEnv() =>
-            new(
+        public static MongoLogsConfiguration FromEnv()
+        {
+            string username = Environment.GetEnvironmentVariable("WINGSEMU_MONGO_USERNAME")
+                              ?? throw new InvalidOperationException("WINGSEMU_MONGO_USERNAME environment variable is required");
+            string password = Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PWD")
+                              ?? throw new InvalidOperationException("WINGSEMU_MONGO_PWD environment variable is required");
+
+            return new MongoLogsConfiguration(
                Environment.GetEnvironmentVariable("WINGSEMU_MONGO_HOST") ?? "localhost",
                short.Parse(Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PORT") ?? "27017"),
                Environment.GetEnvironmentVariable("WINGSEMU_MONGO_DB") ?? "wingsemu_logs",
-                Environment.GetEnvironmentVariable("WINGSEMU_MONGO_USERNAME") ?? "root",
-                Environment.GetEnvironmentVariable("WINGSEMU_MONGO_PWD") ?? "root"
+                username,
+                password
            );
+        }

-        public override string ToString() => $"mongodb://{Username}:{Password}@{Host}:{Port}";
+        public override string ToString() => $"mongodb://***:***@{Host}:{Port}";
    }
 }