Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2026-03-17 22:36:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

enhance security by adding cache control headers, validating password length, and rejecting encoded slashes in path processing

Browse Source
This commit is contained in:
Eduardo Silva
2026-03-16 20:36:49 -03:00
parent ca63b87123
commit fb17394099
4 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
containers/auth-gateway/auth_gateway/services/password_service.py
View File

@@ -7,7 +7,12 @@ from auth_gateway.models.auth import UserModel
password_hasher = PasswordHasher()
MAX_PASSWORD_LENGTH = 1024
def verify_user_password(username: str, password: str, users: dict[str, UserModel]) -> UserModel | None:
if not password or len(password) > MAX_PASSWORD_LENGTH:
return None
user = users.get(username)
if not user or not user.password_hash:
return None