fix: User Management (#1394)

* Fix a few major issues with users * Fix issue where production won't load chats * Change to scrypt * production works now * Move debug opts into dev * code review suggestions
serge-chat · Aug 3, 2024 · b94dd89 · b94dd89
1 parent 887d533
commit b94dd89
Show file tree

Hide file tree

Showing 12 changed files with 90 additions and 143 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -19,7 +19,7 @@ RUN npm run build
 FROM python:3.11-slim-bookworm as release
 
 # Set ENV
-ENV NODE_ENV='development'
+ENV NODE_ENV='production'
 ENV TZ=Etc/UTC
 WORKDIR /usr/src/app
 

diff --git a/README.md b/README.md
@@ -130,3 +130,29 @@ git clone https://github.com/serge-chat/serge.git
 cd serge/
 docker compose -f docker-compose.dev.yml up --build
 ```
+
+The solution will accept a python debugger session on port 5678. Example launch.json for VSCode:
+
+```json
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Remote Debug",
+            "type": "python",
+            "request": "attach",
+            "connect": {
+                "host": "localhost",
+                "port": 5678
+            },
+            "pathMappings": [
+                {
+                    "localRoot": "${workspaceFolder}/api",
+                    "remoteRoot": "/usr/src/app/api/"
+                }
+            ],
+            "justMyCode": false
+        }
+    ]
+}
+```
diff --git a/api/poetry.lock b/api/poetry.lock
diff --git a/api/pyproject.toml b/api/pyproject.toml
@@ -39,7 +39,6 @@ pytest = "^8.3.2"
 hypercorn = {extras = ["trio"], version = "^0.17.3"}
 
 pyjwt = "^2.8.0"
-passlib = {extras = ["bcrypt"], version = "^1.7.4"}
 python-jose = {extras = ["cryptography"], version = "^3.3.0"}
 aiofiles = "^23.2.1"
 python-multipart = "^0.0.9"

diff --git a/api/src/serge/utils/security.py b/api/src/serge/utils/security.py
@@ -1,9 +1,12 @@
+import base64
+import hashlib
+import os
+
 from datetime import datetime, timedelta
 from typing import Optional
 
 from fastapi import HTTPException, status
 from jose import JWTError, jwt
-from passlib.context import CryptContext
 from serge.models.settings import Settings
 
 ALGORITHM = "HS256"
@@ -15,15 +18,20 @@
     headers={"WWW-Authenticate": "Bearer"},
 )
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
 
-def verify_password(plain_password, hashed_password):
-    return pwd_context.verify(plain_password, hashed_password)
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    salt_and_hash = base64.b64decode(hashed_password.encode("utf-8"))
+    salt = salt_and_hash[:16]
+    stored_password = salt_and_hash[16:]
+    new_hashed_password = hashlib.scrypt(plain_password.encode("utf-8"), salt=salt, n=8192, r=8, p=1, dklen=64)
+    return new_hashed_password == stored_password
 
 
-def get_password_hash(password):
-    return pwd_context.hash(password)
+def get_password_hash(password: str) -> str:
+    salt = os.urandom(16)
+    hashed_password = hashlib.scrypt(password.encode("utf-8"), salt=salt, n=8192, r=8, p=1, dklen=64)
+    salt_and_hash = salt + hashed_password
+    return base64.b64encode(salt_and_hash).decode("utf-8")
 
 
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):

diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
@@ -13,7 +13,7 @@ services:
     ports:
       - 8008:8008
       - 9124:9124
-
+      - 5678:5678
 volumes:
   datadb:
   weights:
diff --git a/scripts/dev.sh b/scripts/dev.sh
@@ -57,13 +57,15 @@ redis-server /etc/redis/redis.conf &
 cd /usr/src/app/web || exit 1
 npm run dev -- --host 0.0.0.0 --port 8008 &
 
+python -m pip install debugpy -t /tmp
+
 # Start the API
 cd /usr/src/app/api || exit 1
-hypercorn_cmd="hypercorn src.serge.main:api_app --reload --bind 0.0.0.0:9124"
+hypercorn_cmd="python /tmp/debugpy --listen 0.0.0.0:5678 -m hypercorn src.serge.main:api_app --reload --bind 0.0.0.0:9124"
 if [ "$SERGE_ENABLE_IPV6" = true ] && [ "$SERGE_ENABLE_IPV4" != true ]; then
-	hypercorn_cmd="hypercorn src.serge.main:api_app --reload --bind [::]:9124"
+	hypercorn_cmd="python /tmp/debugpy --listen 0.0.0.0:5678 -m hypercorn src.serge.main:api_app --reload --bind [::]:9124"
 elif [ "$SERGE_ENABLE_IPV4" = true ] && [ "$SERGE_ENABLE_IPV6" = true ]; then
-	hypercorn_cmd="hypercorn src.serge.main:api_app --reload --bind 0.0.0.0:9124 --bind [::]:9124"
+	hypercorn_cmd="python /tmp/debugpy --listen 0.0.0.0:5678 -m hypercorn src.serge.main:api_app --reload --bind 0.0.0.0:9124 --bind [::]:9124"
 fi
 
 $hypercorn_cmd || {

diff --git a/web/src/routes/+layout.svelte b/web/src/routes/+layout.svelte
@@ -351,7 +351,7 @@
               method: "POST",
             });
             data.userData = null;
-            window.location.reload();
+            window.location.href = "/";
           }}
         >
           <svg

diff --git a/web/src/routes/account/+page.ts b/web/src/routes/account/+page.ts
@@ -10,13 +10,18 @@ interface User {
 }
 
 export const load: Load = async () => {
-  try {
-    const user = await fetch("/api/user/", {
-      method: "GET",
-    }).then((response) => response.json());
-    return { user };
-  } catch (error) {
-    console.error(error);
-    return { user: null };
-  }
+  const user = await fetch("/api/user/", {
+    method: "GET",
+  })
+    .then((response) => {
+      if (response.status == 401) {
+        window.location.href = "/";
+      }
+      return response.json();
+    })
+    .catch((error) => {
+      console.log(error);
+      window.location.href = "/";
+    });
+  return { user };
 };
diff --git a/web/src/routes/chat/[id]/+page.server.ts b/web/src/routes/chat/[id]/+page.server.ts
diff --git a/web/src/routes/chat/[id]/+page.svelte b/web/src/routes/chat/[id]/+page.svelte
@@ -127,7 +127,19 @@
           accept: "application/json",
         },
       },
-    ).then((response) => response.json());
+    )
+      .then((response) => {
+        if (response.status == 401) {
+          console.log("Not authorized");
+          window.location.href = "/";
+        } else {
+          return response.json();
+        }
+      })
+      .catch((error) => {
+        console.log(error);
+        window.location.href = "/";
+      });
     await invalidate("/api/chat/");
     await goto("/chat/" + newData);
   }
@@ -142,6 +154,8 @@
       await invalidate("/api/chat/" + $page.params.id);
     } else if (response.status === 202) {
       showToast("Chat in progress!");
+    } else if (response.status === 401) {
+      window.location.href = "/";
     } else {
       showToast("An error occurred: " + response.statusText);
     }

diff --git a/web/src/routes/chat/[id]/+page.ts b/web/src/routes/chat/[id]/+page.ts
@@ -33,8 +33,17 @@ interface Response {
 }
 
 export const load: PageLoad = async ({ fetch, params }) => {
-  const r = await fetch("/api/chat/" + params.id);
-  const data = (await r.json()) as Response;
+  const data = await fetch("/api/chat/" + params.id)
+    .then((response) => {
+      if (response.status == 401) {
+        window.location.href = "/";
+      }
+      return response.json();
+    })
+    .catch((error) => {
+      console.log(error);
+      window.location.href = "/";
+    });
 
   return {
     chat: data,