Merge pull request #7 from Arkanic/password

Password for dashboard
Arkanic · Apr 11, 2023 · deb608f · deb608f
2 parents d55210c + a41ee73
commit deb608f
Show file tree

Hide file tree

Showing 9 changed files with 75 additions and 9 deletions.
diff --git a/doc/INSTALL.md b/doc/INSTALL.md
@@ -42,10 +42,14 @@ npm start
 The program will exit with the following message:
 
 ```
+Automatically generating password...
+ua2dhh6s
 blender.tar.xz not found in /data!!!
 download it from blender.org, later versions can be installed from client.
 ```
 
+First off, write this password down somewhere. It is required to perform any really destructive actions from the dashboard, to prevent misuse. 
+
 You need to go to the [official blender website](https://blender.org) and download the .tar.xz blender download that fits both your system and cpu architecture of your workers. Presuming the workers all are on an x64 system, the package will look something like `blender-3.4.1-linux-x64.tar.xz`. Rename this file to `blender.tar.xz` and put it inside of the `data` folder that has now appeared in the `server` directory. Your file structure should now look something like this:
 
 ```

diff --git a/doc/USAGE.md b/doc/USAGE.md
@@ -138,4 +138,8 @@ If a new blender version comes out you can use this option to upload a new blend
 
 ##### Purge the database
 
-If thinks get really broken, you can delete the entire database and crash the renderfarm. **NOTE:** this will delete all of the renders, all projects, and all progress on unfinished scenes! use at your own risk!!!
+If thinks get really broken, you can delete the entire database and crash the renderfarm. **NOTE:** this will delete all of the renders, all projects, and all progress on unfinished scenes! use at your own risk!!!
+
+##### Custom password
+
+The dashboard password can be modified by running `server/tools/genpassword.js` to generate a new password hash. Stop the server, replace the hash in `server/data/shadow` with your own, and start the server again. The new password should now be your custom one.
diff --git a/server/dashboard/ts/settings.ts b/server/dashboard/ts/settings.ts
@@ -32,12 +32,19 @@ export default async function settings() {
         let listOfFunnyWords = ["DIE DIE DIE", "KILL", "DEATH", "BURN IT ALL", "please work"];
         let word = listOfFunnyWords[Math.floor(Math.random() * listOfFunnyWords.length)];
 
+        let password = prompt("Please provide the password");
+
         confirmation = prompt(`Are you really really sure? Type '${word}' to continue`);
         if(confirmation === null || confirmation !== word) return;
 
-        await axios.post(`${apiurl()}/api/cleardb`, {}, networkOptions());
+        let res = await axios.post(`${apiurl()}/api/cleardb`, {password}, networkOptions());
 
-        alert("Done!\nHave a nice day")
+        if(res.status == 401) {
+            alert("Password was incorrect!");
+        } else {
+            alert("Done!\nHave a nice day");
+            window.location.reload();
+        }
     });
 
     // now the user wants to upload a blender file

diff --git a/server/package.json b/server/package.json
@@ -24,6 +24,7 @@
   "homepage": "https://github.com/Arkanic/renderfarm#readme",
   "dependencies": {
     "axios": "^1.3.4",
+    "bcrypt": "^5.1.0",
     "better-sqlite3": "^8.1.0",
     "check-disk-space": "^3.3.1",
     "cors": "^2.8.5",
@@ -39,13 +40,15 @@
     "ts-json-schema-generator": "^1.2.0"
   },
   "devDependencies": {
+    "@types/bcrypt": "^5.0.0",
     "@types/cors": "^2.8.13",
     "@types/express": "^4.17.17",
     "@types/express-fileupload": "^1.4.1",
     "@types/imagemagick": "^0.0.31",
     "@types/nanoid": "^3.0.0",
     "@types/webpack": "^5.28.0",
     "clean-webpack-plugin": "^4.0.0",
+    "prompt-sync": "^4.2.0",
     "terser-webpack-plugin": "^5.3.6",
     "ts-loader": "^9.4.2",
     "typescript": "^4.9.5",

diff --git a/server/server/constants.ts b/server/server/constants.ts
@@ -7,5 +7,6 @@ export default {
     HEARTBEAT_INTERVAL: 1000 * 60, // one minute
     TASK_WAIT_TIME: 1000 * 60, // one minute
     MAX_PROJ_ERRORS: 15, // maximum errors that can occur from a project before ditching it,
-    WORKER_LOG_NEWLINE_LENGTH: 50 // remember the previous 50 lines of the log per worker
-}
+    WORKER_LOG_NEWLINE_LENGTH: 50, // remember the previous 50 lines of the log per worker
+    BCRYPT_SALT_ROUNDS: 16
+}
diff --git a/server/server/routes/orchestrator.ts b/server/server/routes/orchestrator.ts
@@ -304,6 +304,11 @@ export default (ctx:Context) => {
         if(!valid(proto, req.body, "ClearDBRequest")) return next();
         let data:types.ClearDBRequest = req.body;
 
+        if(!ctx.verifyPassword(data.password)) return res.status(401).json({
+            success: false,
+            message: "Password is incorrect."
+        });
+
         fs.renameSync(path.join(constants.DATA_DIR, "blender.tar.xz"), "blender.tar.xz");
         fs.rmSync(constants.DATA_DIR, {force: true, recursive: true}); // HAHAHHA
         fs.mkdirSync(constants.DATA_DIR);

diff --git a/server/server/server.ts b/server/server/server.ts
@@ -1,7 +1,8 @@
 import express from "express";
 import fs from "fs";
 import crypto from "crypto"
-import {nanoid} from "nanoid";
+import bcrypt from "bcrypt";
+import {nanoid, customAlphabet} from "nanoid";
 
 import database, {DbConnection} from "./db";
 import constants from "./constants";
@@ -17,7 +18,8 @@ export interface Context {
     dbc:DbConnection,
     orchestrator:Orchestrator,
     serverhash:string,
-    blenderhash:string
+    blenderhash:string,
+    verifyPassword:(pass:string) => boolean
 }
 
 let ctx:Context = null as any as Context;
@@ -58,13 +60,33 @@ database("production").then(async db => {
     }
     console.log(serverHash);
 
+
+    let passwordLocation = `./${constants.DATA_DIR}/shadow`;
+    let password = "";
+    if(!fs.existsSync(passwordLocation)) {
+        console.log("No password has been set!\nAutomatically generating password...");
+        let rawPassword = customAlphabet("abcdefghijklmnnopqrstuvwxyz0123456789", Math.floor(Math.random() * 4) + 8)();
+        console.log(`The password for the dashboard is\n${rawPassword}`);
+
+        let salt = bcrypt.genSaltSync(constants.BCRYPT_SALT_ROUNDS);
+        password = bcrypt.hashSync(rawPassword, salt);
+
+        fs.writeFileSync(passwordLocation, password);
+    } else {
+        password = fs.readFileSync(passwordLocation).toString().split("\n")[0];
+    }
+
+
     ctx = {
         dashboard,
         api,
         dbc: dbConnection,
         orchestrator:null as unknown as Orchestrator, //need to initially set orchestrator to null to prevent recursive definition,
         serverhash: serverHash,
-        blenderhash: "placeholder"
+        blenderhash: "placeholder",
+        verifyPassword: (pass:string) => {
+            return bcrypt.compareSync(pass, password);
+        }
     }
 
     updateBlenderHash();

diff --git a/server/server/types/api.ts b/server/server/types/api.ts
@@ -66,7 +66,9 @@ export interface UploadBlenderRequest {}
 export interface UploadBlenderResponse extends Response {}
 
 // Purge database with flames and suffering, etc etc
-export interface ClearDBRequest {}
+export interface ClearDBRequest {
+    password:string
+}
 export interface ClearDBResponse extends Response {}
 
 // request to join renderfarm

diff --git a/server/tools/genpassword.js b/server/tools/genpassword.js
@@ -0,0 +1,18 @@
+const bcrypt = require("bcrypt");
+const prompt = require("prompt-sync")({ sigint: true });
+
+const saltRounds = 16;
+
+let salt = bcrypt.genSaltSync(saltRounds);
+
+const password = prompt("Input password: ");
+const passwordCheck = prompt("Repeat password: ");
+
+if(password !== passwordCheck) {
+    console.error("Passwords are not the same!");
+    exit(1);
+}
+
+let hash = bcrypt.hashSync(password, saltRounds);
+
+console.log(hash);