From 3583c1cf74df7ddd78a7658ed93d3d2ff704ceaa Mon Sep 17 00:00:00 2001 From: Giorgio Ravera Date: Tue, 3 Feb 2026 17:32:12 +0100 Subject: [PATCH] security fixies --- backend/db/users.py | 3 --- backend/main.py | 10 +++++----- backend/routes/dhcp.py | 19 ++++++++++++------- backend/routes/dns.py | 5 ++++- backend/routes/health.py | 7 +++++-- 5 files changed, 26 insertions(+), 18 deletions(-) diff --git a/backend/db/users.py b/backend/db/users.py index c3ff7ff..9b74a45 100644 --- a/backend/db/users.py +++ b/backend/db/users.py @@ -75,9 +75,6 @@ def init_db_users_table(cur): "active" )) - logger.info("USERS DB: Admin user: %s with password %s - %s" , - settings.ADMIN_USER, settings.ADMIN_PASSWORD, settings.ADMIN_PASSWORD_HASH) - # ----------------------------- # Create User # ----------------------------- diff --git a/backend/main.py b/backend/main.py index 20f971c..d7b7cf5 100644 --- a/backend/main.py +++ b/backend/main.py @@ -32,9 +32,9 @@ logger = get_logger("backend.main") # Welcome log # ------------------------------------------------------------------------------ def print_welcome(): - safe_secret = "****" if settings.SECRET_KEY else "undefined" - safe_admin_pwd = "****" if settings.ADMIN_PASSWORD else "undefined" - safe_admin_hash = "****" if settings.ADMIN_PASSWORD_HASH else "undefined" + masked_secret = "****" if settings.SECRET_KEY else "undefined" + masked_admin_pwd = "****" if settings.ADMIN_PASSWORD else "undefined" + masked_admin_hash = "****" if settings.ADMIN_PASSWORD_HASH else "undefined" logger.info( "%s starting | app_version=%s | baseimg_version=%s", @@ -42,7 +42,7 @@ def print_welcome(): ) logger.info( "App settings: frontend=%s | port=%d | secret=%s", - settings.FRONTEND_DIR, settings.HTTP_PORT, safe_secret + settings.FRONTEND_DIR, settings.HTTP_PORT, masked_secret ) logger.info( "Database: file=%s | reset=%s", @@ -54,7 +54,7 @@ def print_welcome(): ) logger.info( "Users: admin=%s | password=%s | hash=%s | hash_file=%s", - settings.ADMIN_USER, safe_admin_pwd, safe_admin_hash, settings.ADMIN_PASSWORD_HASH_FILE + settings.ADMIN_USER, masked_admin_pwd, masked_admin_hash, settings.ADMIN_PASSWORD_HASH_FILE ) logger.info( "DNS: path=%s | host file=%s | alias file=%s | reverse file=%s", diff --git a/backend/routes/dhcp.py b/backend/routes/dhcp.py index e9c4c52..8287e93 100644 --- a/backend/routes/dhcp.py +++ b/backend/routes/dhcp.py @@ -12,6 +12,8 @@ import time from backend.db.hosts import get_hosts # Import Settings from settings.settings import settings +# Import Logging +from log.log import setup_logging, get_logger # Create Router router = APIRouter() @@ -39,30 +41,33 @@ async def apt_dhcp_reload(request: Request): for h in hosts: if h.get("ipv4") and h.get("mac"): kea4_hosts.append({ - "hostname": h.get("name"), "hw-address": h.get("mac"), "ip-address": h.get("ipv4"), + "hostname": h.get("name"), }) if h.get("ipv6") and h.get("mac"): kea6_hosts.append({ - "hostname": h.get("name"), - "hw-address": h.get("mac"), - "ip-address": h.get("ipv6"), + "duid": h.get("mac"), + "ip-addresses": h.get("ipv6"), + "hostname": h.get("name"), }) # Save DHCP4 Configuration path = settings.DHCP4_HOST_FILE + data = {"hosts": kea4_hosts} with open(path, "w", encoding="utf-8") as f: - json.dump(kea4_hosts, f, indent=4, ensure_ascii=False) + json.dump(data, f, indent=4, ensure_ascii=False) # Save DHCP6 Configuration path = settings.DHCP6_HOST_FILE + data = {"hosts": kea6_hosts} with open(path, "w", encoding="utf-8") as f: - json.dump(kea6_hosts, f, indent=4, ensure_ascii=False) + json.dump(data, f, indent=4, ensure_ascii=False) except Exception as err: + get_logger("dhcp").exception("Error reloading DHCP: " + str(err).strip()) error = True - message = str(err).strip() + #message = str(err).strip() if error: code = "DHCP_RELOAD_ERROR" diff --git a/backend/routes/dns.py b/backend/routes/dns.py index 92bde01..f068551 100644 --- a/backend/routes/dns.py +++ b/backend/routes/dns.py @@ -12,6 +12,8 @@ import time from backend.db.hosts import get_hosts # Import Settings from settings.settings import settings +# Import Logging +from log.log import setup_logging, get_logger # Create Router router = APIRouter() @@ -52,8 +54,9 @@ async def apt_dns_reload(request: Request): f.write(line) except Exception as err: + get_logger("dns").exception("Error reloading DNS: " + str(err).strip()) error = True - message = str(err).strip() + #message = str(err).strip() if error: code = "DNS_RELOAD_ERROR" diff --git a/backend/routes/health.py b/backend/routes/health.py index bd3e766..574f7e6 100644 --- a/backend/routes/health.py +++ b/backend/routes/health.py @@ -7,6 +7,8 @@ import time import os # Import Settings from settings.settings import settings +# Import Logging +from log.log import setup_logging, get_logger # Create Router router = APIRouter() @@ -37,9 +39,10 @@ def health(): db_size = round(os.path.getsize(settings.DB_FILE) / (1024 * 1024), 2) - except Exception as e: + except Exception as err: + get_logger("health").exception("Database health check failed: " + str(err).strip()) db_status = "error" - db_version = str(e) + db_version = None latency = round((time.time() - start) * 1000, 2) -- 2.47.3