hypermc/panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

remove logger

Browse Source
This commit is contained in:
MCHost
2025-06-16 14:25:25 -04:00
parent 1d99fa2efc
commit e92790383d
1 changed files with 14 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
includes/auth.js
View File

@ -4,20 +4,6 @@ import { RateLimiterMemory } from 'rate-limiter-flexible';
import sanitizeHtml from 'sanitize-html'; import sanitizeHtml from 'sanitize-html';
import helmet from 'helmet'; import helmet from 'helmet';
import csurf from 'csurf'; import csurf from 'csurf';
import winston from 'winston';
import validator from 'validator';
// Initialize logger
const logger = winston.createLogger({
level: 'info',
format: winston.format.combine(
winston.format.timestamp(),
winston.format.json()
),
transports: [
new winston.transports.File({ filename: 'security.log' })
]
});
// Environment variable validation // Environment variable validation
const requiredEnvVars = [ const requiredEnvVars = [
@ -33,7 +19,7 @@ const requiredEnvVars = [
for (const envVar of requiredEnvVars) { for (const envVar of requiredEnvVars) {
if (!process.env[envVar]) { if (!process.env[envVar]) {
logger.error(`Missing required environment variable: ${envVar}`); console.log(`Missing required environment variable: ${envVar}`);
process.exit(1); process.exit(1);
} }
} }
@ -54,7 +40,7 @@ setInterval(() => {
for (const [linkId, linkData] of temporaryLinks.entries()) { for (const [linkId, linkData] of temporaryLinks.entries()) {
if (linkData.expiresAt < now) { if (linkData.expiresAt < now) {
temporaryLinks.delete(linkId); temporaryLinks.delete(linkId);
logger.info(`Cleaned up expired link: ${linkId}`); console.log(`Cleaned up expired link: ${linkId}`);
} }
} }
}, cleanupInterval); }, cleanupInterval);
@ -62,12 +48,12 @@ setInterval(() => {
// Input sanitization and validation // Input sanitization and validation
const sanitizeInput = (input) => { const sanitizeInput = (input) => {
if (typeof input !== 'string') { if (typeof input !== 'string') {
logger.warn(`Invalid input type: expected string, got ${typeof input}`); console.log(`Invalid input type: expected string, got ${typeof input}`);
return null; return null;
} }
// Allow alphanumeric characters and underscores // Allow alphanumeric characters and underscores
if (!/^[a-zA-Z0-9_]+$/.test(input)) { if (!/^[a-zA-Z0-9_]+$/.test(input)) {
logger.warn(`Invalid input format: ${input}`); console.log(`Invalid input format: ${input}`);
return null; return null;
} }
return sanitizeHtml(input); return sanitizeHtml(input);
@ -117,13 +103,13 @@ export async function generateLoginLink(req, res) {
// Validate inputs // Validate inputs
if (!sanitizeInput(secretKey) || secretKey !== process.env.ADMIN_SECRET_KEY) { if (!sanitizeInput(secretKey) || secretKey !== process.env.ADMIN_SECRET_KEY) {
logger.warn(`Invalid secret key attempt from IP: ${req.ip}`); console.log(`Invalid secret key attempt from IP: ${req.ip}`);
return res.status(401).json({ error: 'Unauthorized' }); return res.status(401).json({ error: 'Unauthorized' });
} }
const sanitizedUsername = sanitizeInput(username); const sanitizedUsername = sanitizeInput(username);
if (!sanitizedUsername) { if (!sanitizedUsername) {
logger.warn(`Invalid username attempt from IP: ${req.ip}, username: ${username}`); console.log(`Invalid username attempt from IP: ${req.ip}, username: ${username}`);
return res.status(400).json({ error: 'Invalid username' }); return res.status(400).json({ error: 'Invalid username' });
} }
@ -139,7 +125,7 @@ export async function generateLoginLink(req, res) {
.timeout(5000); .timeout(5000);
if (!tokenResponse.body.token) { if (!tokenResponse.body.token) {
logger.error(`Failed to generate API key for username: ${sanitizedUsername}`); console.log(`Failed to generate API key for username: ${sanitizedUsername}`);
return res.status(500).json({ error: 'Authentication service error' }); return res.status(500).json({ error: 'Authentication service error' });
} }
@ -159,14 +145,14 @@ export async function generateLoginLink(req, res) {
// Secure timeout // Secure timeout
setTimeout(() => { setTimeout(() => {
temporaryLinks.delete(linkId); temporaryLinks.delete(linkId);
logger.info(`Expired link removed: ${linkId}`); console.log(`Expired link removed: ${linkId}`);
}, Math.min(3600000, parseInt(process.env.LINK_EXPIRY_SECONDS, 10) * 1000)); }, Math.min(3600000, parseInt(process.env.LINK_EXPIRY_SECONDS, 10) * 1000));
logger.info(`Generated login link for username: ${sanitizedUsername} from IP: ${req.ip}, userAgent: ${req.get('User-Agent') || 'Unknown'}`); console.log(`Generated login link for username: ${sanitizedUsername} from IP: ${req.ip}, userAgent: ${req.get('User-Agent') || 'Unknown'}`);
res.json({ loginLink }); res.json({ loginLink });
}); });
} catch (error) { } catch (error) {
logger.error(`Error generating login link: ${error.message}`); console.log(`Error generating login link: ${error.message}`);
res.status(500).json({ error: 'Server error' }); res.status(500).json({ error: 'Server error' });
} }
}); });
@ -193,7 +179,7 @@ export function handleAutoLogin(req, res) {
if (!linkData || linkData.expiresAt < Date.now()) { if (!linkData || linkData.expiresAt < Date.now()) {
temporaryLinks.delete(sanitizedLinkId); temporaryLinks.delete(sanitizedLinkId);
logger.warn(`Expired or invalid login attempt for link: ${sanitizedLinkId} from IP: ${req.ip}`); console.log(`Expired or invalid login attempt for link: ${sanitizedLinkId} from IP: ${req.ip}`);
return res.send(` return res.send(`
<html> <html>
@ -227,7 +213,7 @@ export function handleAutoLogin(req, res) {
if (strictUserAgentCheck && !isUserAgentMatch && !isLocal) { if (strictUserAgentCheck && !isUserAgentMatch && !isLocal) {
temporaryLinks.delete(sanitizedLinkId); temporaryLinks.delete(sanitizedLinkId);
logger.warn( console.log(
`Suspicious login attempt for link: ${sanitizedLinkId} from IP: ${req.ip}, ` + `Suspicious login attempt for link: ${sanitizedLinkId} from IP: ${req.ip}, ` +
`expected IP: ${linkData.ip}, isLocal: ${isLocal}, ` + `expected IP: ${linkData.ip}, isLocal: ${isLocal}, ` +
`userAgentMatch: ${isUserAgentMatch}, ` + `userAgentMatch: ${isUserAgentMatch}, ` +
@ -238,7 +224,7 @@ export function handleAutoLogin(req, res) {
} }
if (!isUserAgentMatch) { if (!isUserAgentMatch) {
logger.info( console.log(
`Non-critical user-agent mismatch for link: ${sanitizedLinkId} from IP: ${req.ip}, ` + `Non-critical user-agent mismatch for link: ${sanitizedLinkId} from IP: ${req.ip}, ` +
`expectedUserAgent: ${linkData.userAgent}, ` + `expectedUserAgent: ${linkData.userAgent}, ` +
`actualUserAgent: ${req.get('User-Agent') || 'Unknown'}` `actualUserAgent: ${req.get('User-Agent') || 'Unknown'}`
@ -246,7 +232,7 @@ export function handleAutoLogin(req, res) {
} }
temporaryLinks.delete(sanitizedLinkId); temporaryLinks.delete(sanitizedLinkId);
logger.info(`Successful auto-login for username: ${linkData.username} from IP: ${req.ip}, userAgent: ${req.get('User-Agent') || 'Unknown'}`); console.log(`Successful auto-login for username: ${linkData.username} from IP: ${req.ip}, userAgent: ${req.get('User-Agent') || 'Unknown'}`);
// Secure API key storage with additional client-side security and debugging // Secure API key storage with additional client-side security and debugging
res.send(` res.send(`