Add tests for authentication and security features

- Implement unit tests for password handling in `auth_test.ts`, covering bcrypt and legacy password hashes. - Create a fake database for user management to facilitate testing of the `AdminHandler`. - Validate JWT-based identity verification against database records. - Introduce tests for credential encryption and registry management in `security_test.ts`. - Ensure registry passwords are securely stored and can be decrypted correctly, including legacy support. - Add utility functions for password hashing and verification in `auth.ts`.
2026-04-19 01:30:54 +00:00
parent 0c9eb0653d
commit 618d4d674f
34 changed files with 585 additions and 255 deletions
@@ -6,6 +6,7 @@

 import * as plugins from '../plugins.ts';
 import { logger } from '../logging.ts';
+import { hashPassword, needsPasswordUpgrade, verifyPassword } from '../utils/auth.ts';
 import { getErrorMessage } from '../utils/error.ts';
 import type { Onebox } from './onebox.ts';
 import type {
@@ -404,15 +405,17 @@ export class OneboxHttpServer {

      logger.info(`User found: ${username}, checking password...`);

-      // Verify password (simple base64 comparison for now)
-      const passwordHash = btoa(password);
-      logger.info(`Password hash: ${passwordHash}, stored hash: ${user.passwordHash}`);
-
-      if (passwordHash !== user.passwordHash) {
+      const passwordMatches = await verifyPassword(password, user.passwordHash);
+      if (!passwordMatches) {
        logger.info(`Password mismatch for user: ${username}`);
        return this.jsonResponse({ success: false, error: 'Invalid credentials' }, 401);
      }

+      if (needsPasswordUpgrade(user.passwordHash)) {
+        const upgradedHash = await hashPassword(password);
+        this.oneboxRef.database.updateUserPassword(user.username, upgradedHash);
+      }
+
      // Generate simple token (in production, use proper JWT)
      const token = btoa(`${user.username}:${Date.now()}`);

@@ -1324,7 +1327,7 @@ export class OneboxHttpServer {
          type: 'service',
          name: service.name,
          domain: service.domain || null,
-          targetHost: service.containerIP || 'unknown',
+          targetHost: service.containerID || 'unknown',
          targetPort: service.port || 80,
          status: service.status,
        });
@@ -1380,6 +1383,7 @@ export class OneboxHttpServer {
      rabbitmq: 5672,
      caddy: 80,
      clickhouse: 8123,
+      mariadb: 3306,
    };
    return ports[type] || 0;
  }
@@ -1396,11 +1400,11 @@ export class OneboxHttpServer {
        success: true,
        data: {
          proxy: {
-            running: proxyStatus.running,
-            httpPort: proxyStatus.httpPort,
-            httpsPort: proxyStatus.httpsPort,
+            running: proxyStatus.http.running || proxyStatus.https.running,
+            httpPort: proxyStatus.http.port,
+            httpsPort: proxyStatus.https.port,
            routes: proxyStatus.routes,
-            certificates: proxyStatus.certificates,
+            certificates: proxyStatus.https.certificates,
          },
          logReceiver: {
            running: logReceiverStats.running,