feat: hashing user passwords

solves problems #2944, #2783
author: Columbiysky <c.7843543@gmail.com> 2025-05-03 12:27:53 +0300
committer: GitHub <noreply@github.com> 2025-05-03 12:27:53 +0300
commit: 85cbad3ef420ffdd7fec8657d247fdfe5e03903d (patch)
tree: 56036fc74abb46dd5de231bd8eeeeea50e6fcf0c /database/db.go
parent: 3d54e330514293e9385258da773be1a0e927a7f5 (diff)
1 files changed, 54 insertions, 3 deletions
diff --git a/database/db.go b/database/db.go
index 744f1401..2fe18478 100644
--- a/database/db.go
+++ b/database/db.go
@@ -7,9 +7,11 @@ import (
 	"log"
 	"os"
 	"path"
+	"slices"
 
 	"x-ui/config"
 	"x-ui/database/model"
+	"x-ui/util/crypto"
 	"x-ui/xray"
 
 	"gorm.io/driver/sqlite"
@@ -33,6 +35,7 @@ func initModels() error {
 		&model.Setting{},
 		&model.InboundClientIps{},
 		&xray.ClientTraffic{},
+		&model.HistoryOfSeeders{},
 	}
 	for _, model := range models {
 		if err := db.AutoMigrate(model); err != nil {
@@ -50,9 +53,16 @@ func initUser() error {
 		return err
 	}
 	if empty {
+		hashedPassword, err := crypto.HashPasswordAsBcrypt(defaultPassword)
+
+		if err != nil {
+			log.Printf("Error hashing default password: %v", err)
+			return err
+		}
+
 		user := &model.User{
 			Username:    defaultUsername,
-			Password:    defaultPassword,
+			Password:    hashedPassword,
 			LoginSecret: defaultSecret,
 		}
 		return db.Create(user).Error
@@ -60,6 +70,45 @@ func initUser() error {
 	return nil
 }
 
+func runSeeders(isUsersEmpty bool) error {
+	empty, err := isTableEmpty("history_of_seeders")
+	if err != nil {
+		log.Printf("Error checking if users table is empty: %v", err)
+		return err
+	}
+
+	if empty && isUsersEmpty {
+		hashSeeder := &model.HistoryOfSeeders{
+			SeederName: "UserPasswordHash",
+		}
+		return db.Create(hashSeeder).Error
+	} else {
+		var seedersHistory []string
+		db.Model(&model.HistoryOfSeeders{}).Pluck("seeder_name", &seedersHistory)
+
+		if !slices.Contains(seedersHistory, "UserPasswordHash") && !isUsersEmpty {
+			var users []model.User
+			db.Find(&users)
+
+			for _, user := range users {
+				hashedPassword, err := crypto.HashPasswordAsBcrypt(user.Password)
+				if err != nil {
+					log.Printf("Error hashing password for user '%s': %v", user.Username, err)
+					return err
+				}
+				db.Model(&user).Update("password", hashedPassword)
+			}
+
+			hashSeeder := &model.HistoryOfSeeders{
+				SeederName: "UserPasswordHash",
+			}
+			return db.Create(hashSeeder).Error
+		}
+	}
+
+	return nil
+}
+
 func isTableEmpty(tableName string) (bool, error) {
 	var count int64
 	err := db.Table(tableName).Count(&count).Error
@@ -92,11 +141,13 @@ func InitDB(dbPath string) error {
 	if err := initModels(); err != nil {
 		return err
 	}
+
+	isUsersEmpty, err := isTableEmpty("users")
+
 	if err := initUser(); err != nil {
 		return err
 	}
-
-	return nil
+	return runSeeders(isUsersEmpty)
 }
 
 func CloseDB() error {
author	Columbiysky <c.7843543@gmail.com>	2025-05-03 12:27:53 +0300
committer	GitHub <noreply@github.com>	2025-05-03 12:27:53 +0300
commit	85cbad3ef420ffdd7fec8657d247fdfe5e03903d (patch)
tree	56036fc74abb46dd5de231bd8eeeeea50e6fcf0c /database/db.go
parent	3d54e330514293e9385258da773be1a0e927a7f5 (diff)