1edb57eda9
Backport #23194 ## TLDR * Fix the broken page / broken image problem when click "Install" * Fix the Password Hash Algorithm display problem for #22942 * Close #20089 * Close #23183 * Close #23184 ## Details ### The broken page / broken image problem when clicking on "Install" (Redirect failed after install - #23184) Before: when clicking on "install", all new requests will fail, because the server has been restarted. Users just see a broken page with broken images, sometimes the server is not ready but the user would have been redirect to "/user/login" page, then the users see a new broken page (connection refused or something wrong ...) After: only check InstallLock=true for necessary handlers, and sleep for a while before restarting the server, then the browser has enough time to load the "post-install" page. And there is a script to check whether "/user/login" is ready, the user will only be redirected to the login page when the server is ready. ### During new instance setup fill 'Gitea Base URL' with window.location.origin - #20089 If the "app_url" input contains `localhost` (the default value from config), use current window's location href as the `app_url` (aka ROOT_URL) ### Fix the Password Hash Algorithm display problem for "Provide the ability to set password hash algorithm parameters #22942" Before: the UI shows `pbkdf2$50000$50` <details> ![image](https://user-images.githubusercontent.com/2114189/221917143-e1e54798-1698-4fee-a18d-00c48081fc39.png) </details> After: the UI shows `pbkdf2` <details> ![image](https://user-images.githubusercontent.com/2114189/221916999-97a15be8-2ebb-4a01-bf93-dac18e354fcc.png) </details> ### GET data: net::ERR_INVALID_URL #23183 Cause by empty `data:` in `<link rel="manifest" href="data:{{.ManifestData}}">` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
76 lines
2.7 KiB
Go
76 lines
2.7 KiB
Go
// Copyright 2023 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package hash
|
|
|
|
// DefaultHashAlgorithmName represents the default value of PASSWORD_HASH_ALGO
|
|
// configured in app.ini.
|
|
//
|
|
// It is NOT the same and does NOT map to the defaultEmptyHashAlgorithmSpecification.
|
|
//
|
|
// It will be dealiased as per aliasAlgorithmNames whereas
|
|
// defaultEmptyHashAlgorithmSpecification does not undergo dealiasing.
|
|
const DefaultHashAlgorithmName = "pbkdf2"
|
|
|
|
var DefaultHashAlgorithm *PasswordHashAlgorithm
|
|
|
|
// aliasAlgorithNames provides a mapping between the value of PASSWORD_HASH_ALGO
|
|
// configured in the app.ini and the parameters used within the hashers internally.
|
|
//
|
|
// If it is necessary to change the default parameters for any hasher in future you
|
|
// should change these values and not those in argon2.go etc.
|
|
var aliasAlgorithmNames = map[string]string{
|
|
"argon2": "argon2$2$65536$8$50",
|
|
"bcrypt": "bcrypt$10",
|
|
"scrypt": "scrypt$65536$16$2$50",
|
|
"pbkdf2": "pbkdf2_v2", // pbkdf2 should default to pbkdf2_v2
|
|
"pbkdf2_v1": "pbkdf2$10000$50",
|
|
// The latest PBKDF2 password algorithm is used as the default since it doesn't
|
|
// use a lot of memory and is safer to use on less powerful devices.
|
|
"pbkdf2_v2": "pbkdf2$50000$50",
|
|
// The pbkdf2_hi password algorithm is offered as a stronger alternative to the
|
|
// slightly improved pbkdf2_v2 algorithm
|
|
"pbkdf2_hi": "pbkdf2$320000$50",
|
|
}
|
|
|
|
var RecommendedHashAlgorithms = []string{
|
|
"pbkdf2",
|
|
"argon2",
|
|
"bcrypt",
|
|
"scrypt",
|
|
"pbkdf2_hi",
|
|
}
|
|
|
|
// hashAlgorithmToSpec converts an algorithm name or a specification to a full algorithm specification
|
|
func hashAlgorithmToSpec(algorithmName string) string {
|
|
if algorithmName == "" {
|
|
algorithmName = DefaultHashAlgorithmName
|
|
}
|
|
alias, has := aliasAlgorithmNames[algorithmName]
|
|
for has {
|
|
algorithmName = alias
|
|
alias, has = aliasAlgorithmNames[algorithmName]
|
|
}
|
|
return algorithmName
|
|
}
|
|
|
|
// SetDefaultPasswordHashAlgorithm will take a provided algorithmName and de-alias it to
|
|
// a complete algorithm specification.
|
|
func SetDefaultPasswordHashAlgorithm(algorithmName string) (string, *PasswordHashAlgorithm) {
|
|
algoSpec := hashAlgorithmToSpec(algorithmName)
|
|
// now we get a full specification, e.g. pbkdf2$50000$50 rather than pbdkf2
|
|
DefaultHashAlgorithm = Parse(algoSpec)
|
|
return algoSpec, DefaultHashAlgorithm
|
|
}
|
|
|
|
// ConfigHashAlgorithm will try to find a "recommended algorithm name" defined by RecommendedHashAlgorithms for config
|
|
// This function is not fast and is only used for the installation page
|
|
func ConfigHashAlgorithm(algorithm string) string {
|
|
algorithm = hashAlgorithmToSpec(algorithm)
|
|
for _, recommAlgo := range RecommendedHashAlgorithms {
|
|
if algorithm == hashAlgorithmToSpec(recommAlgo) {
|
|
return recommAlgo
|
|
}
|
|
}
|
|
return algorithm
|
|
}
|