feat: Enhance authentication and logging in API endpoints and HTTP server

2026-06-28 14:01:59 +02:00 · 2025-12-30 23:01:35 +00:00
parent b6f30d59e1
commit 6fdad00933
2 changed files with 34 additions and 13 deletions
@@ -185,8 +185,17 @@ class AuthEndpoints:
            
            # Validate credentials against config
            # Check if username is 'admin' and password matches config
-            security_config = self.config.get('security', {})
-            config_password = security_config.get('admin_password', 'admin123')
+            repeater_config = self.config.get('repeater', {})
+            security_config = repeater_config.get('security', {})
+            config_password = security_config.get('admin_password', '')
+            
+            # Don't allow login with empty or unconfigured password
+            if not config_password:
+                logger.warning(f"Login attempt rejected - password not configured")
+                return json.dumps({
+                    'success': False,
+                    'error': 'System not configured. Please complete setup wizard.'
+                }).encode('utf-8')
            
            if username == 'admin' and password == config_password:
                # Create JWT token
@@ -398,8 +407,16 @@ class AuthEndpoints:
                }).encode('utf-8')
            
            # Verify current password
-            security_config = self.config.get('security', {})
-            config_password = security_config.get('admin_password', 'admin123')
+            repeater_config = self.config.get('repeater', {})
+            security_config = repeater_config.get('security', {})
+            config_password = security_config.get('admin_password', '')
+            
+            if not config_password:
+                cherrypy.response.status = 500
+                return json.dumps({
+                    'success': False,
+                    'error': 'System configuration error'
+                }).encode('utf-8')
            
            if current_password != config_password:
                cherrypy.response.status = 401
@@ -409,10 +426,12 @@ class AuthEndpoints:
                }).encode('utf-8')
            
            # Update password in config
-            if 'security' not in self.config:
-                self.config['security'] = {}
+            if 'repeater' not in self.config:
+                self.config['repeater'] = {}
+            if 'security' not in self.config['repeater']:
+                self.config['repeater']['security'] = {}
            
-            self.config['security']['admin_password'] = new_password
+            self.config['repeater']['security']['admin_password'] = new_password
            
            # Save to config file using ConfigManager
            if self.config_manager:
@@ -185,15 +185,15 @@ class HTTPStatsServer:

    def _init_auth_handlers(self):
        """Initialize JWT handler and API token manager."""
-        # Get or generate JWT secret
-        security_config = self.config.get("security", {})
+        # Get or generate JWT secret from repeater.security
+        repeater_config = self.config.get("repeater", {})
+        security_config = repeater_config.get("security", {})
        jwt_secret = security_config.get("jwt_secret", "")
        
        if not jwt_secret:
            # Auto-generate JWT secret
            jwt_secret = secrets.token_hex(32)
            logger.warning("No JWT secret found in config, auto-generated one. Please save this to config.yaml:")
-            logger.warning(f"security.jwt_secret: {jwt_secret}")
            
            # Try to save to config if config_path is available
            if self.config_path:
@@ -202,9 +202,11 @@ class HTTPStatsServer:
                    with open(self.config_path, 'r') as f:
                        config_data = yaml.safe_load(f) or {}
                    
-                    if 'security' not in config_data:
-                        config_data['security'] = {}
-                    config_data['security']['jwt_secret'] = jwt_secret
+                    if 'repeater' not in config_data:
+                        config_data['repeater'] = {}
+                    if 'security' not in config_data['repeater']:
+                        config_data['repeater']['security'] = {}
+                    config_data['repeater']['security']['jwt_secret'] = jwt_secret
                    
                    with open(self.config_path, 'w') as f:
                        yaml.dump(config_data, f, default_flow_style=False)