Prevent accidental deployment with default credentials

- Removed: Default password hash from config-sample.php and inc.php
- Clear instructions recommending users set a password hash

Fix create.php api:
- perform str_replace if acceptLang value is true to allow create.php via manual curl command for testing to work
- curl -X POST http://localhost:8080/api/create.php -d "dur=300&int=5&pwd=hauk-test-password" will now work
This commit is contained in:
Dakota Gravitt 2025-07-25 22:43:17 -05:00
parent 7a2f3e0976
commit c60bbb6468
2 changed files with 7 additions and 6 deletions

View file

@ -74,10 +74,10 @@
// data to Hauk. To generate this value on the terminal:
// - MD5 (insecure!): openssl passwd -1
// - bcrypt (secure): htpasswd -nBC 10 "" | tail -c +2
"password_hash" => '$2y$10$4ZP1iY8A3dZygXoPgsXYV.S3gHzBbiT9nSfONjhWrvMxVPkcFq1Ka',
// Default value above is empty string (no password) and is VERY INSECURE.
// Trust me, you really should change this unless you intentionally want a
// public instance that anyone in the world can use freely.
"password_hash" => '',
// REQUIRED: You MUST set a password hash before using Hauk!
// The default empty value will not allow any connections.
// Generate a secure password hash using: htpasswd -nBC 10 "" | tail -c +2
//
// Also note that users have the option to save the server password locally on
// their devices using a "Remember password" checkbox. If they choose to do so,

View file

@ -64,8 +64,9 @@ const METERS_PER_SECOND = array(
include(__DIR__."/lang/en/texts.php");
// Load the preferred language.
$acceptLang = str_replace("-", "_", filter_input(INPUT_SERVER, "HTTP_ACCEPT_LANGUAGE"));
$acceptLang = filter_input(INPUT_SERVER, "HTTP_ACCEPT_LANGUAGE");
if ($acceptLang) {
$acceptLang = str_replace("-", "_", $acceptLang);
// Split the Accept-Language header into an array of possible languages.
preg_match_all("/(([a-z]{1,8})(_([a-zA-Z]{1,8}))?)(\s*;\s*q\s*=\s*([01](\.\d{0,3})?))?\s*(,|$)/i", $acceptLang, $clientReq, PREG_SET_ORDER);
@ -124,7 +125,7 @@ const DEFAULTS = array(
"redis_auth" => '',
"redis_prefix" => 'hauk',
"auth_method" => PASSWORD,
"password_hash" => '$2y$10$4ZP1iY8A3dZygXoPgsXYV.S3gHzBbiT9nSfONjhWrvMxVPkcFq1Ka',
"password_hash" => '',
"htpasswd_path" => '/etc/hauk/users.htpasswd',
"ldap_uri" => 'ldaps://ldap.example.com:636',
"ldap_start_tls" => false,