Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-11-07 22:06:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

update jwt secret

Browse Source
This commit is contained in:
usmannasir
2025-05-18 18:16:33 +05:00
parent 1506c802d4
commit 624246c68a
5 changed files with 59 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
fastapi_ssh_server.py
View File

@@ -11,7 +11,8 @@ from jose import jwt, JWTError
import logging import logging
app = FastAPI() app = FastAPI()
JWT_SECRET = "YOUR_SECRET_KEY" # JWT_SECRET = "YOUR_SECRET_KEY"
JWT_SECRET = "REPLACE_ME_WITH_INSTALLER"
JWT_ALGORITHM = "HS256" JWT_ALGORITHM = "HS256"
# Allow CORS for local dev/testing # Allow CORS for local dev/testing

18
install/install.py
View File

@@ -13,6 +13,7 @@ import socket
from os.path import * from os.path import *
from stat import * from stat import *
import stat import stat
import secrets
VERSION = '2.4' VERSION = '2.4'
BUILD = 0 BUILD = 0
@@ -2639,6 +2640,20 @@ vmail
command = f'chmod +x {filePath}' command = f'chmod +x {filePath}'
preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR) preFlightsChecks.call(command, self.distro, command, command, 1, 0, os.EX_OSERR)
def configure_jwt_secret():
import secrets
secret = secrets.token_urlsafe(32)
fastapi_file = os.path.join(os.path.dirname(os.path.dirname(__file__)), 'fastapi_ssh_server.py')
with open(fastapi_file, 'r') as f:
lines = f.readlines()
with open(fastapi_file, 'w') as f:
for line in lines:
if line.strip().startswith('JWT_SECRET'):
f.write(f'JWT_SECRET = "{secret}"\n')
else:
f.write(line)
print(f"Configured JWT_SECRET in fastapi_ssh_server.py")
def main(): def main():
parser = argparse.ArgumentParser(description='CyberPanel Installer') parser = argparse.ArgumentParser(description='CyberPanel Installer')
parser.add_argument('publicip', help='Please enter public IP for your VPS or dedicated server.') parser.add_argument('publicip', help='Please enter public IP for your VPS or dedicated server.')
@@ -2855,6 +2870,9 @@ echo $oConfig->Save() ? 'Done' : 'Error';
pass pass
checks.fixCyberPanelPermissions() checks.fixCyberPanelPermissions()
checks.configure_jwt_secret()
#
logging.InstallLog.writeToFile("CyberPanel installation successfully completed!,80") logging.InstallLog.writeToFile("CyberPanel installation successfully completed!,80")

3
plogical/upgrade.py
View File

@@ -3704,6 +3704,9 @@ pm.max_spare_servers = 3
Upgrade.installDNS_CyberPanelACMEFile() Upgrade.installDNS_CyberPanelACMEFile()
command = 'systemctl restart fastapi_ssh_server'
Upgrade.executioner(command, command, 0)
Upgrade.stdOut("Upgrade Completed.") Upgrade.stdOut("Upgrade Completed.")
### remove log file path incase its there ### remove log file path incase its there

17
websiteFunctions/views.py
View File

@@ -23,6 +23,8 @@ import jwt
from datetime import datetime, timedelta from datetime import datetime, timedelta
import OpenSSL import OpenSSL
from plogical.processUtilities import ProcessUtilities from plogical.processUtilities import ProcessUtilities
import os
import re
def loadWebsitesHome(request): def loadWebsitesHome(request):
val = request.session['userID'] val = request.session['userID']
@@ -2016,12 +2018,25 @@ def get_terminal_jwt(request):
return JsonResponse({'status': 0, 'error_message': 'SSH user not configured for this website.'}) return JsonResponse({'status': 0, 'error_message': 'SSH user not configured for this website.'})
from datetime import datetime, timedelta from datetime import datetime, timedelta
import jwt as pyjwt import jwt as pyjwt
# Read JWT_SECRET from fastapi_ssh_server.py
jwt_secret = None
try:
with open(os.path.join(os.path.dirname(os.path.dirname(__file__)), '../fastapi_ssh_server.py')) as f:
for line in f:
m = re.match(r'\s*JWT_SECRET\s*=\s*[\'"](.+)[\'"]', line)
if m and m.group(1) != 'REPLACE_ME_WITH_INSTALLER':
jwt_secret = m.group(1)
break
except Exception as e:
logger.error(f"Could not read JWT_SECRET: {e}")
if not jwt_secret:
jwt_secret = 'YOUR_SECRET_KEY' # fallback, should not be used in production
payload = { payload = {
'user_id': user_id, 'user_id': user_id,
'ssh_user': ssh_user, 'ssh_user': ssh_user,
'exp': datetime.utcnow() + timedelta(minutes=10) 'exp': datetime.utcnow() + timedelta(minutes=10)
} }
token = pyjwt.encode(payload, 'YOUR_SECRET_KEY', algorithm='HS256') token = pyjwt.encode(payload, jwt_secret, algorithm='HS256')
logger.error(f"JWT generated: {token}") logger.error(f"JWT generated: {token}")
return JsonResponse({'status': 1, 'token': token, 'ssh_user': ssh_user}) return JsonResponse({'status': 1, 'token': token, 'ssh_user': ssh_user})
except Exception as e: except Exception as e:

20
websiteFunctions/website.py
View File

@@ -4981,6 +4981,26 @@ StrictHostKeyChecking no
website = Websites.objects.get(domain=self.domain) website = Websites.objects.get(domain=self.domain)
externalApp = website.externalApp externalApp = website.externalApp
#### update jwt secret if needed
import secrets
import re
import os
from plogical.processUtilities import ProcessUtilities
fastapi_file = os.path.join(os.path.dirname(os.path.dirname(__file__)), '../fastapi_ssh_server.py')
try:
with open(fastapi_file, 'r') as f:
content = f.read()
m = re.search(r'JWT_SECRET\s*=\s*[\'"](.+)[\'"]', content)
if m and m.group(1) in ['REPLACE_ME_WITH_INSTALLER', 'YOUR_SECRET_KEY']:
new_secret = secrets.token_urlsafe(32)
# Use sed to replace the line in-place (macOS compatible)
sed_cmd = f"sed -i '' 's|JWT_SECRET = \"{m.group(1)}\"|JWT_SECRET = \"{new_secret}\"|' '{fastapi_file}'"
ProcessUtilities.outputExecutioner(sed_cmd)
except Exception as e:
pass
##### #####
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter