Enhance security by preventing the creation of default admin credentials in chat-users.json. Update chat.js to ensure command output does not pollute conversation history, and add chat-users.json to .gitignore to prevent tracking of sensitive user data.
This commit is contained in:
Torsten Schulz (local)
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,6 +1,7 @@
|
|||||||
.git/*
|
.git/*
|
||||||
build/*
|
build/*
|
||||||
logs/*.log
|
logs/*.log
|
||||||
|
logs/chat-users.json
|
||||||
|
|
||||||
# Build-Artefakte (werden auf dem Server neu gebaut)
|
# Build-Artefakte (werden auf dem Server neu gebaut)
|
||||||
client/dist/
|
client/dist/
|
||||||
|
|||||||
@@ -293,25 +293,13 @@ export const useChatStore = defineStore('chat', () => {
|
|||||||
break;
|
break;
|
||||||
case 'commandResult': {
|
case 'commandResult': {
|
||||||
const lines = Array.isArray(data.lines) ? data.lines : [];
|
const lines = Array.isArray(data.lines) ? data.lines : [];
|
||||||
if (!currentConversation.value) {
|
// Command output is global and must not pollute per-conversation history.
|
||||||
errorMessage.value = lines.join(' | ');
|
errorMessage.value = lines.join(' | ');
|
||||||
setTimeout(() => {
|
setTimeout(() => {
|
||||||
errorMessage.value = null;
|
errorMessage.value = null;
|
||||||
}, 5000);
|
}, 5000);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
const timestamp = new Date().toISOString();
|
|
||||||
for (const line of lines) {
|
|
||||||
messages.value.push({
|
|
||||||
from: 'System',
|
|
||||||
message: String(line),
|
|
||||||
timestamp,
|
|
||||||
self: false,
|
|
||||||
isImage: false
|
|
||||||
});
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
case 'unreadChats':
|
case 'unreadChats':
|
||||||
unreadChatsCount.value = data.count || 0;
|
unreadChatsCount.value = data.count || 0;
|
||||||
break;
|
break;
|
||||||
|
|||||||
7
logs/chat-users.example.json
Normal file
7
logs/chat-users.example.json
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
[
|
||||||
|
{
|
||||||
|
"username": "admin",
|
||||||
|
"passwordHash": "sha256:REPLACE_WITH_REAL_HASH",
|
||||||
|
"rights": ["stat", "kick"]
|
||||||
|
}
|
||||||
|
]
|
||||||
@@ -83,15 +83,12 @@ function ensureChatUsersFile(__dirname) {
|
|||||||
if (existsSync(usersPath)) {
|
if (existsSync(usersPath)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
// Security: never create predictable default credentials.
|
||||||
const defaultUsers = [
|
// Admin users must be configured explicitly in logs/chat-users.json.
|
||||||
{
|
writeFileSync(usersPath, '[]\n', 'utf-8');
|
||||||
username: 'admin',
|
console.warn(
|
||||||
passwordHash: `sha256:${sha256('changeme123')}`,
|
`[Auth] ${CHAT_USERS_FILE_NAME} wurde neu erstellt. Bitte mindestens einen Admin-User mit Passwort-Hash konfigurieren.`
|
||||||
rights: [CHAT_RIGHTS.STAT, CHAT_RIGHTS.KICK]
|
);
|
||||||
}
|
|
||||||
];
|
|
||||||
writeFileSync(usersPath, JSON.stringify(defaultUsers, null, 2), 'utf-8');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function loadChatUsers(__dirname) {
|
function loadChatUsers(__dirname) {
|
||||||
|
|||||||
Reference in New Issue
Block a user