shpaq/Jackett-Jackett
1
0
Fork 0
mirror of https://github.com/Jackett/Jackett.git synced 2025-09-17 17:34:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

core: clean up login code (#13861)

Browse Source
This commit is contained in:
Diego Heras
2023-01-07 14:52:15 +01:00
committed by GitHub
parent 1ca2edf9b7
commit ad635c442b
3 changed files with 19 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Jackett.Common/Services/Interfaces/ISecurityService.cs
View File

@@ -4,9 +4,7 @@ namespace Jackett.Common.Services.Interfaces
{ {
public interface ISecurityService public interface ISecurityService
{ {
bool CheckAuthorised(HttpRequestMessage request); bool CheckAuthorised(string password);
string HashPassword(string input); string HashPassword(string input);
void Login(HttpResponseMessage request);
void Logout(HttpResponseMessage request);
} }
} }

4
src/Jackett.Server/Controllers/UIController.cs
View File

@@ -60,10 +60,8 @@ namespace Jackett.Server.Controllers
[AllowAnonymous] [AllowAnonymous]
public async Task<IActionResult> Dashboard([FromForm] string password) public async Task<IActionResult> Dashboard([FromForm] string password)
{ {
if (password != null && securityService.HashPassword(password) == serverConfig.AdminPassword) if (securityService.CheckAuthorised(password))
{
await MakeUserAuthenticated(); await MakeUserAuthenticated();
}
return Redirect("Dashboard"); return Redirect("Dashboard");
} }

54
src/Jackett.Server/Services/SecurityService.cs
View File

@@ -1,5 +1,4 @@
using System.Linq; using System.Linq;
using System.Net.Http;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Text; using System.Text;
using Jackett.Common.Models.Config; using Jackett.Common.Models.Config;
@@ -9,55 +8,36 @@ namespace Jackett.Server.Services
{ {
internal class SecurityService : ISecurityService internal class SecurityService : ISecurityService
{ {
private const string COOKIENAME = "JACKETT";
private readonly ServerConfig _serverConfig; private readonly ServerConfig _serverConfig;
public SecurityService(ServerConfig sc) => _serverConfig = sc; public SecurityService(ServerConfig sc) => _serverConfig = sc;
public bool CheckAuthorised(string password)
{
if (string.IsNullOrEmpty(_serverConfig.AdminPassword))
return true;
if (!string.IsNullOrEmpty(password) && HashPassword(password) == _serverConfig.AdminPassword)
return true;
return false;
}
public string HashPassword(string input) public string HashPassword(string input)
{ {
if (input == null) if (input == null)
return null; return null;
// Append key as salt
input += _serverConfig.APIKey;
var UE = new UnicodeEncoding();
byte[] hashValue;
var message = UE.GetBytes(input);
var ue = new UnicodeEncoding();
#pragma warning disable SYSLIB0021 #pragma warning disable SYSLIB0021
var hashString = new SHA512Managed(); var hashString = new SHA512Managed();
#pragma warning restore SYSLIB0021 #pragma warning restore SYSLIB0021
hashValue = hashString.ComputeHash(message); // Append key as salt
var hex = ""; input += _serverConfig.APIKey;
foreach (var x in hashValue) var message = ue.GetBytes(input);
{ var hashValue = hashString.ComputeHash(message);
hex += string.Format("{0:x2}", x); return hashValue.Aggregate("", (current, x) => current + $"{x:x2}");
}
return hex;
}
public void Login(HttpResponseMessage response) => response.Headers.Add("Set-Cookie", COOKIENAME + "=" + _serverConfig.AdminPassword + "; path=/");
public void Logout(HttpResponseMessage response) => response.Headers.Add("Set-Cookie", COOKIENAME + "=; path=/");
public bool CheckAuthorised(HttpRequestMessage request)
{
if (string.IsNullOrEmpty(_serverConfig.AdminPassword))
return true;
try
{
var cookie = request.Headers.GetValues(COOKIENAME).FirstOrDefault();
if (cookie != null)
{
return cookie == _serverConfig.AdminPassword;
}
}
catch { }
return false;
} }
} }
} }