From 6ea013c1ad6d5e5e17891567adf01f9f5ef0f8d0 Mon Sep 17 00:00:00 2001 From: Finn Date: Mon, 19 Jan 2026 17:49:05 +0100 Subject: [PATCH] Bug fixes --- .../oac2web/frontend/dashboard.java | 22 ++++++--------- .../oac2web/frontend/index.java | 6 ++-- .../oac2web/frontend/login.java | 14 ++++++---- .../oac2web/frontend/register.java | 28 ++++++++----------- .../oac2web/utils/Pbkdf2PasswordHasher.java | 3 +- 5 files changed, 31 insertions(+), 42 deletions(-) diff --git a/src/main/java/org/openautonomousconnection/oac2web/frontend/dashboard.java b/src/main/java/org/openautonomousconnection/oac2web/frontend/dashboard.java index 035f1f7..2842c2c 100644 --- a/src/main/java/org/openautonomousconnection/oac2web/frontend/dashboard.java +++ b/src/main/java/org/openautonomousconnection/oac2web/frontend/dashboard.java @@ -42,6 +42,9 @@ public final class dashboard implements WebPage { return new WebResponsePacket(401, "text/plain", new HashMap<>(), Html.utf8("Invalid session user.")); } + Oac2WebApp app = Oac2WebApp.get(); + RegistrarDao dao = app.dao(); + String msg = null; String err = null; @@ -50,9 +53,6 @@ public final class dashboard implements WebPage { String action = p.getOr("action", "").trim(); try { - Oac2WebApp app = Oac2WebApp.get(); - RegistrarDao dao = app.dao(); - if ("create_infoname".equalsIgnoreCase(action)) { String tln = p.get("tln"); String info = p.get("infoname"); @@ -90,6 +90,7 @@ public final class dashboard implements WebPage { String value = p.get("value"); int ttl = p.getInt("ttl", 3600); + Integer priority = (p.get("priority") == null) ? null : p.getInt("priority", 0); Integer port = (p.get("port") == null) ? null : p.getInt("port", 0); Integer weight = (p.get("weight") == null) ? null : p.getInt("weight", 0); @@ -110,12 +111,11 @@ public final class dashboard implements WebPage { } } - return render(ctx, userId, msg, err); + return render(userId, msg, err, dao); } - private WebResponsePacket render(WebPageContext ctx, int userId, String msg, String err) throws Exception { - Oac2WebApp app = Oac2WebApp.get(); - RegistrarDao.InfoNameRow[] owned = app.dao().listOwnedInfoNames(userId); + private WebResponsePacket render(int userId, String msg, String err, RegistrarDao dao) throws Exception { + RegistrarDao.InfoNameRow[] owned = dao.listOwnedInfoNames(userId); StringBuilder list = new StringBuilder(); if (owned.length == 0) { @@ -151,7 +151,7 @@ public final class dashboard implements WebPage { %s
-
Home
+
Home
""".formatted( @@ -164,12 +164,6 @@ public final class dashboard implements WebPage { String html = Html.page("Dashboard", body); Map headers = new HashMap<>(); - // keep the same session header visible to client, if needed - if (ctx.request.getHeaders() != null) { - String sess = ctx.request.getHeaders().get("session"); - if (sess != null) headers.put("session", sess); - } - return new WebResponsePacket(200, "text/html", headers, Html.utf8(html)); } } diff --git a/src/main/java/org/openautonomousconnection/oac2web/frontend/index.java b/src/main/java/org/openautonomousconnection/oac2web/frontend/index.java index acadd4f..5cbe9be 100644 --- a/src/main/java/org/openautonomousconnection/oac2web/frontend/index.java +++ b/src/main/java/org/openautonomousconnection/oac2web/frontend/index.java @@ -21,9 +21,9 @@ public final class index implements WebPage {

OAC INS Registrar

Server-side pages (oac2web). No extra endpoints.

-
Login
-
Register
-
Dashboard
+
Login
+
Register
+
Dashboard

POST parameters are expected via headers (e.g. username, password, action).

diff --git a/src/main/java/org/openautonomousconnection/oac2web/frontend/login.java b/src/main/java/org/openautonomousconnection/oac2web/frontend/login.java index 7fc0434..a293066 100644 --- a/src/main/java/org/openautonomousconnection/oac2web/frontend/login.java +++ b/src/main/java/org/openautonomousconnection/oac2web/frontend/login.java @@ -1,6 +1,8 @@ package org.openautonomousconnection.oac2web.frontend; -import org.openautonomousconnection.oac2web.utils.*; +import org.openautonomousconnection.oac2web.utils.Oac2WebApp; +import org.openautonomousconnection.oac2web.utils.RegistrarDao; +import org.openautonomousconnection.oac2web.utils.Sha256; import org.openautonomousconnection.protocol.packets.v1_0_0.beta.web.WebResponsePacket; import org.openautonomousconnection.protocol.side.web.ProtocolWebServer; import org.openautonomousconnection.protocol.side.web.managers.SessionManager; @@ -41,9 +43,9 @@ public final class login implements WebPage { } Oac2WebApp app = Oac2WebApp.get(); - String usernameHash = Sha256.hex(username.trim()); - RegistrarDao.UserRow u = app.dao().findUserByUsernameHash(usernameHash).orElse(null); + String usernameHashHex = Sha256.hex(username.trim()); + RegistrarDao.UserRow u = app.dao().findUserByUsernameHash(usernameHashHex).orElse(null); if (u == null) return renderForm("Invalid credentials."); boolean ok = app.passwordHasher().verify(password, u.passwordEncoded()); @@ -59,7 +61,7 @@ public final class login implements WebPage { Map headers = new HashMap<>(); headers.put("session", session); - headers.put("location", "/dashboard"); + headers.put("location", "/ins/dashboard"); return new WebResponsePacket(302, "text/plain", headers, new byte[0]); } @@ -70,8 +72,8 @@ public final class login implements WebPage { %s

Send a POST request with headers username and password.

-
Register
-
Home
+
Register
+
Home
""".formatted(err == null ? "" : "

" + Html.esc(err) + "

"); diff --git a/src/main/java/org/openautonomousconnection/oac2web/frontend/register.java b/src/main/java/org/openautonomousconnection/oac2web/frontend/register.java index 7df4aff..e4c9463 100644 --- a/src/main/java/org/openautonomousconnection/oac2web/frontend/register.java +++ b/src/main/java/org/openautonomousconnection/oac2web/frontend/register.java @@ -23,7 +23,7 @@ import java.util.Map; * - password * * Stores: - * - users.username = sha256(username) + * - users.username = sha256(username) as HEX (64 chars) * - users.password = PBKDF2$sha256$... */ @Route(path = "ins/register") @@ -32,7 +32,7 @@ public final class register implements WebPage { @Override public WebResponsePacket handle(WebPageContext ctx) throws Exception { if (ctx.request.getMethod() != WebRequestMethod.POST) { - return renderForm(null, null); + return renderForm(null); } RequestParams p = new RequestParams(ctx.request); @@ -41,16 +41,16 @@ public final class register implements WebPage { String password = p.get("password"); if (username == null || username.isBlank() || password == null || password.isBlank()) { - return renderForm("Missing username/password (send via headers).", null); + return renderForm("Missing username/password (send via headers)."); } Oac2WebApp app = Oac2WebApp.get(); - String usernameHash = Sha256.hex(username.trim()); + String usernameHashHex = Sha256.hex(username.trim()); String passwordEnc = app.passwordHasher().hash(password); try { - int userId = app.dao().createUser(usernameHash, passwordEnc); + int userId = app.dao().createUser(usernameHashHex, passwordEnc); String ip = (ctx.client.getConnection().getSocket() != null && ctx.client.getConnection().getSocket().getInetAddress() != null) ? ctx.client.getConnection().getSocket().getInetAddress().getHostAddress() @@ -58,37 +58,31 @@ public final class register implements WebPage { String ua = ctx.request.getHeaders() != null ? ctx.request.getHeaders().getOrDefault("user-agent", "") : ""; - // SessionManager user string: we store numeric users.id as string. String session = SessionManager.create(String.valueOf(userId), ip, ua, (ProtocolWebServer) ctx.client.getServer()); Map headers = new HashMap<>(); headers.put("session", session); - headers.put("location", "/dashboard"); + headers.put("location", "/ins/dashboard"); return new WebResponsePacket(302, "text/plain", headers, new byte[0]); } catch (Exception e) { - // likely UNIQUE violation on users.username (hashed) - return renderForm("Register failed: " + e.getMessage(), null); + return renderForm("Register failed: " + e.getMessage()); } } - private WebResponsePacket renderForm(String err, String ok) { + private WebResponsePacket renderForm(String err) { String body = """

Register

%s - %s

Send a POST request with headers username and password.

-
Login
-
Home
+
Login
+
Home
- """.formatted( - err == null ? "" : "

" + Html.esc(err) + "

", - ok == null ? "" : "

" + Html.esc(ok) + "

" - ); + """.formatted(err == null ? "" : "

" + Html.esc(err) + "

"); String html = Html.page("Register", body); return new WebResponsePacket(200, "text/html", new HashMap<>(), Html.utf8(html)); diff --git a/src/main/java/org/openautonomousconnection/oac2web/utils/Pbkdf2PasswordHasher.java b/src/main/java/org/openautonomousconnection/oac2web/utils/Pbkdf2PasswordHasher.java index 77ba4d7..118e91b 100644 --- a/src/main/java/org/openautonomousconnection/oac2web/utils/Pbkdf2PasswordHasher.java +++ b/src/main/java/org/openautonomousconnection/oac2web/utils/Pbkdf2PasswordHasher.java @@ -7,9 +7,8 @@ import java.util.Objects; /** * PBKDF2 password hashing (PBKDF2WithHmacSHA256). - * * Storage format: - * PBKDF2$sha256$$$ + * {@code PBKDF2$sha256$ITERATIONS$SALT_HEX$HASH_HEX} */ public final class Pbkdf2PasswordHasher {