Merge 370652b911 into 3d6c5152fe

2025-01-31 18:34:07 +03:00 · 2025-01-31 18:34:07 +03:00 · 0b8b4b4f3d
parent 3d6c5152fe 370652b911
commit 0b8b4b4f3d
2 changed files with 25 additions and 1 deletions
--- a/cmd/root.go
+++ b/cmd/root.go
@ -378,7 +378,13 @@ func quickSetup(flags *pflag.FlagSet, d pythonData) {
 	password := getParam(flags, "password")

 	if password == "" {
-		password, err = users.HashPwd("admin")
+		var pwd string
+		pwd, err = users.RandomPwd()
+		checkErr(err)
+
+		log.Println("Generated random admin password for quick setup:", pwd)
+
+		password, err = users.HashPwd(pwd)
 		checkErr(err)
 	}

--- a/users/password.go
+++ b/users/password.go
@ -1,9 +1,15 @@
 package users

 import (
+	"crypto/rand"
+	"encoding/base64"
+
 	"golang.org/x/crypto/bcrypt"
 )

+// randomPasswordBytesCount is chosen to fit in a base64 string without padding
+const randomPasswordBytesCount = 9
+
 // HashPwd hashes a password.
 func HashPwd(password string) (string, error) {
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
@ -15,3 +21,15 @@ func CheckPwd(password, hash string) bool {
 	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
 	return err == nil
 }
+
+func RandomPwd() (string, error) {
+	randomPasswordBytes := make([]byte, randomPasswordBytesCount)
+	var _, err = rand.Read(randomPasswordBytes)
+	if err != nil {
+		return "", err
+	}
+
+	// This is done purely to make the password human-readable
+	var randomPasswordString = base64.URLEncoding.EncodeToString(randomPasswordBytes)
+	return randomPasswordString, nil
+}