linux_patch_manager

git-echo/linux_patch_manager

Private

Public Access

Fork 0

Commit Graph

Author	SHA1	Message	Date
Draco-Lunaris-Echo	80ffb6b62f	feat(security): replace hardcoded admin password with in-app bootstrap (#25 ) All checks were successful CI Pipeline / Rust Format Check (push) Successful in 5s CI Pipeline / Clippy Lints (push) Successful in 50s CI Pipeline / Rust Unit Tests (push) Successful in 1m8s CI Pipeline / Security Audit (push) Successful in 4s CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s CI Pipeline / Build .deb & Release (push) Has been skipped * feat(security): replace hardcoded admin password with in-app bootstrap (issue #8) Replace the publicly-known Argon2id hash in 002_seed_admin.sql with a clearly-invalid placeholder that cannot validate any password (fail-closed). On first startup, pm-web detects the placeholder and generates a random 24-character alphanumeric password, hashes it with Argon2id, and UPDATEs the admin row. The plaintext password is printed once to stderr (visible in systemd journal). This eliminates the need for a separate hash_password binary, shell script SQL injection risk, and password leakage in shell variables. Closes #8 * fix(security): rustfmt compliance for bootstrap function * fix(security): add trailing commas to match arms per rustfmt	2026-06-04 13:28:44 -05:00
Echo	83c97aa2b1	fix: resolve all startup bugs (BUG-6 through BUG-9) Some checks failed CI Pipeline / Rust Format Check (push) Failing after 36s Details CI Pipeline / Clippy Lints (push) Successful in 45s Details CI Pipeline / Rust Unit Tests (push) Successful in 1m1s Details CI Pipeline / Security Audit (push) Successful in 4s Details CI Pipeline / Frontend Lint & Type Check (push) Successful in 11s Details CI Pipeline / Build .deb & Release (push) Has been skipped Details BUG-6: Add TLS support via axum-server + rustls - Added axum-server with tls-rustls feature to workspace and pm-web - pm-web now serves HTTPS when TLS certs exist, falls back to HTTP with warning - setup.sh generates self-signed ECDSA P-256 TLS cert with SANs - Config already had web_tls_cert_path/web_tls_key_path fields BUG-7: Fix audit chain integrity errors - Migration 005 now TRUNCATEs audit_log after adding prev_hash column - Existing rows had broken hash chains (inserted before prev_hash existed) BUG-8: Disable WatchdogSec in patch-manager-web.service - pm-web does not implement sd_notify, causing systemd to kill the service BUG-9: Disable WatchdogSec in patch-manager-worker.service - Same issue as BUG-8, worker does not implement sd_notify Previous fixes (BUG-1 through BUG-5) also included: - setup.sh: PostgreSQL 15+ schema GRANTs - Axum route syntax :param → {param} (19 routes) - DbUser struct role: String → UserRole enum mapping - UserRole/AuthProvider Display trait implementations - Seed admin password hash (Argon2id)	2026-04-28 23:01:03 +00:00
Echo	6811f84a7c	feat(M2): Authentication, Authorization & Frontend Shell - pm-auth::password: Argon2id (m=65536,t=3,p=1) hashing + verification - pm-auth::jwt: EdDSA/Ed25519 JWT issuance + validation (15-min TTL) - pm-auth::refresh: Opaque 256-bit refresh tokens, SHA-256 hashed, 1-hour sliding inactivity timeout, rotation on use, revocable - pm-auth::mfa_totp: TOTP setup/verify (HMAC-SHA1, 6-digit, 30s) with otpauth:// URI generation (Google Authenticator compatible) - pm-auth::mfa_webauthn: Stub (full implementation deferred) - pm-auth::rbac: Axum middleware for JWT auth + IP whitelist + admin/operator role enforcement + FromRequestParts extractor - pm-auth::session: Full login flow (password → MFA → tokens), token refresh, logout, force-logout - pm-web auth routes: POST /api/v1/auth/login\|refresh\|logout, GET /api/v1/auth/mfa/setup, POST /api/v1/auth/mfa/verify - IP whitelist middleware on all protected connection points - migrations/002_seed_admin.sql: Default admin account seed - Frontend: Auth store (Zustand with persistence), login page with MFA prompt, MFA setup page (stepper), JWT auto-refresh interceptor, route guards (RequireAuth), updated App.tsx routing - cargo check --workspace: zero errors, 1 minor warning Closes M2.	2026-04-23 16:10:08 +00:00

Author

SHA1

Message

Date

Draco-Lunaris-Echo

80ffb6b62f

feat(security): replace hardcoded admin password with in-app bootstrap (#25 )

CI Pipeline / Rust Format Check (push) Successful in 5s

CI Pipeline / Clippy Lints (push) Successful in 50s

CI Pipeline / Rust Unit Tests (push) Successful in 1m8s

CI Pipeline / Security Audit (push) Successful in 4s

CI Pipeline / Frontend Lint & Type Check (push) Successful in 14s

CI Pipeline / Build .deb & Release (push) Has been skipped

* feat(security): replace hardcoded admin password with in-app bootstrap (issue #8)

Replace the publicly-known Argon2id hash in 002_seed_admin.sql with a
clearly-invalid placeholder that cannot validate any password (fail-closed).

On first startup, pm-web detects the placeholder and generates a random
24-character alphanumeric password, hashes it with Argon2id, and UPDATEs
the admin row. The plaintext password is printed once to stderr (visible
in systemd journal).

This eliminates the need for a separate hash_password binary, shell
script SQL injection risk, and password leakage in shell variables.

Closes #8

* fix(security): rustfmt compliance for bootstrap function

* fix(security): add trailing commas to match arms per rustfmt

2026-06-04 13:28:44 -05:00

Echo

83c97aa2b1

fix: resolve all startup bugs (BUG-6 through BUG-9)

CI Pipeline / Rust Format Check (push) Failing after 36s

Details

CI Pipeline / Clippy Lints (push) Successful in 45s

Details

CI Pipeline / Rust Unit Tests (push) Successful in 1m1s

Details

CI Pipeline / Security Audit (push) Successful in 4s

Details

CI Pipeline / Frontend Lint & Type Check (push) Successful in 11s

Details

CI Pipeline / Build .deb & Release (push) Has been skipped

Details

BUG-6: Add TLS support via axum-server + rustls
  - Added axum-server with tls-rustls feature to workspace and pm-web
  - pm-web now serves HTTPS when TLS certs exist, falls back to HTTP with warning
  - setup.sh generates self-signed ECDSA P-256 TLS cert with SANs
  - Config already had web_tls_cert_path/web_tls_key_path fields

BUG-7: Fix audit chain integrity errors
  - Migration 005 now TRUNCATEs audit_log after adding prev_hash column
  - Existing rows had broken hash chains (inserted before prev_hash existed)

BUG-8: Disable WatchdogSec in patch-manager-web.service
  - pm-web does not implement sd_notify, causing systemd to kill the service

BUG-9: Disable WatchdogSec in patch-manager-worker.service
  - Same issue as BUG-8, worker does not implement sd_notify

Previous fixes (BUG-1 through BUG-5) also included:
  - setup.sh: PostgreSQL 15+ schema GRANTs
  - Axum route syntax :param → {param} (19 routes)
  - DbUser struct role: String → UserRole enum mapping
  - UserRole/AuthProvider Display trait implementations
  - Seed admin password hash (Argon2id)

2026-04-28 23:01:03 +00:00

Echo

6811f84a7c

feat(M2): Authentication, Authorization & Frontend Shell

- pm-auth::password: Argon2id (m=65536,t=3,p=1) hashing + verification
- pm-auth::jwt: EdDSA/Ed25519 JWT issuance + validation (15-min TTL)
- pm-auth::refresh: Opaque 256-bit refresh tokens, SHA-256 hashed,
  1-hour sliding inactivity timeout, rotation on use, revocable
- pm-auth::mfa_totp: TOTP setup/verify (HMAC-SHA1, 6-digit, 30s)
  with otpauth:// URI generation (Google Authenticator compatible)
- pm-auth::mfa_webauthn: Stub (full implementation deferred)
- pm-auth::rbac: Axum middleware for JWT auth + IP whitelist +
  admin/operator role enforcement + FromRequestParts extractor
- pm-auth::session: Full login flow (password → MFA → tokens),
  token refresh, logout, force-logout
- pm-web auth routes: POST /api/v1/auth/login|refresh|logout,
  GET /api/v1/auth/mfa/setup, POST /api/v1/auth/mfa/verify
- IP whitelist middleware on all protected connection points
- migrations/002_seed_admin.sql: Default admin account seed
- Frontend: Auth store (Zustand with persistence), login page with
  MFA prompt, MFA setup page (stepper), JWT auto-refresh interceptor,
  route guards (RequireAuth), updated App.tsx routing
- cargo check --workspace: zero errors, 1 minor warning

Closes M2.

2026-04-23 16:10:08 +00:00

3 Commits