Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/MHSanaei/3x-ui.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/controller/setting.go5
-rw-r--r--web/service/user.go29
2 files changed, 27 insertions, 7 deletions
diff --git a/web/controller/setting.go b/web/controller/setting.go
index d04969dc..1ca65b07 100644
--- a/web/controller/setting.go
+++ b/web/controller/setting.go
@@ -4,6 +4,7 @@ import (
"errors"
"time"
+ "x-ui/util/crypto"
"x-ui/web/entity"
"x-ui/web/service"
"x-ui/web/session"
@@ -84,7 +85,7 @@ func (a *SettingController) updateUser(c *gin.Context) {
return
}
user := session.GetLoginUser(c)
- if user.Username != form.OldUsername || user.Password != form.OldPassword {
+ if user.Username != form.OldUsername || !crypto.CheckPasswordHash(user.Password, form.OldPassword) {
jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), errors.New(I18nWeb(c, "pages.settings.toasts.originalUserPassIncorrect")))
return
}
@@ -95,7 +96,7 @@ func (a *SettingController) updateUser(c *gin.Context) {
err = a.userService.UpdateUser(user.Id, form.NewUsername, form.NewPassword)
if err == nil {
user.Username = form.NewUsername
- user.Password = form.NewPassword
+ user.Password, _ = crypto.HashPasswordAsBcrypt(form.NewPassword)
session.SetLoginUser(c, user)
}
jsonMsg(c, I18nWeb(c, "pages.settings.toasts.modifyUser"), err)
diff --git a/web/service/user.go b/web/service/user.go
index 7438cf1a..72ae25a2 100644
--- a/web/service/user.go
+++ b/web/service/user.go
@@ -6,6 +6,7 @@ import (
"x-ui/database"
"x-ui/database/model"
"x-ui/logger"
+ "x-ui/util/crypto"
"gorm.io/gorm"
)
@@ -29,8 +30,9 @@ func (s *UserService) CheckUser(username string, password string, secret string)
db := database.GetDB()
user := &model.User{}
+
err := db.Model(model.User{}).
- Where("username = ? and password = ? and login_secret = ?", username, password, secret).
+ Where("username = ? and login_secret = ?", username, secret).
First(user).
Error
if err == gorm.ErrRecordNotFound {
@@ -39,14 +41,25 @@ func (s *UserService) CheckUser(username string, password string, secret string)
logger.Warning("check user err:", err)
return nil
}
- return user
+
+ if crypto.CheckPasswordHash(user.Password, password) {
+ return user
+ }
+
+ return nil
}
func (s *UserService) UpdateUser(id int, username string, password string) error {
db := database.GetDB()
+ hashedPassword, err := crypto.HashPasswordAsBcrypt(password)
+
+ if err != nil {
+ return err
+ }
+
return db.Model(model.User{}).
Where("id = ?", id).
- Updates(map[string]any{"username": username, "password": password}).
+ Updates(map[string]any{"username": username, "password": hashedPassword}).
Error
}
@@ -100,17 +113,23 @@ func (s *UserService) UpdateFirstUser(username string, password string) error {
} else if password == "" {
return errors.New("password can not be empty")
}
+ hashedPassword, er := crypto.HashPasswordAsBcrypt(password)
+
+ if er != nil {
+ return er
+ }
+
db := database.GetDB()
user := &model.User{}
err := db.Model(model.User{}).First(user).Error
if database.IsNotFound(err) {
user.Username = username
- user.Password = password
+ user.Password = hashedPassword
return db.Model(model.User{}).Create(user).Error
} else if err != nil {
return err
}
user.Username = username
- user.Password = password
+ user.Password = hashedPassword
return db.Save(user).Error
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-25 08:16:58 +0300