flood
flood copied to clipboard
Flood-UI
Way to manage accounts from the console
First of all, I would like to thank you for the work you made which is just super helpful 💯
Secondly, I encounter a problem because I would like to be able to manage the accounts of the Flood interface directly via the BASH console.
Expected Behavior
Manage account with a simple command or with an API (so that it can be used with a lot of other languages and not only in the console).
Current Behavior
If we want to create an account / we have forgotten the password, it will be hard to recover it not to say impossible.
Possible Solution
Add an API (which can be used with cURL or something like this) OR add a Flood command which allows us to manage the accounts on the server.
- Create / Delete accounts
- Change the password
- (optional) Get stats (torrents downloaded...)
- (optional) Change the configuration of an account
Your Environment
- Operating System and version: Debian 8 / 9
In advance, thank you 🥇 Happy new year 2018 👍
If we want to create an account / we have forgotten the password, it will be hard to recover it not to say impossible.
Accounts are saved in the server/db/users.db database. A hash of the password is stored. So no if you forget the password you won't be able to login with this user anymore. Changing the password or creating a new account is possible if yo can manually edit this file, I agree that providing a correctly formatted new password hash is not convenient. If you have only one user and you delete the file (server/db/users.db), flood will prompt you to create a new one so you are not locked out of flood if you forget your password. See https://github.com/jfurrow/flood/issues/529
This kind of feature is far from being the priority of the project, sorry. But PR are always very welcome.
@noraj1337 Thanks for your answer. I imagine that's not your priority on the other hand soon I'll be working on an alternative to create account with cURL (why not to create a Flood command in the same time :) I saw you were using Argon2 to hash passwords, so my idea was to create a script which will generate a new hash and update the DB, should it work ?
@AaronActu Yeah I think it should work as long as you respect the format.
Ex: "password":"$argon2i$v=19$m=4096,t=3,p=1$xxxx"
You may use default or different timeCost, memoryCost and parallelism values, or even use argon2d or argon2id instead of argon2i but I didn't tested and I'm not an expert of argon2.
Hi, it's been a long @noraj
So I was trying to generate the password from the argon2-cli for Debian 9 and encountered a problem.
argon2-cli need a salt and don't know what salt to use. This is my command : echo -n "password" | argon2 somesalt -e.
Do you have any idea ?
@AaronActu The hash is created this way (without salt)
https://github.com/jfurrow/flood/blob/1493f8f9cbf6d6c94f1083a53aaba82d95d508af/server/models/Users.js#L48-L64
If you look at argon2-cli you can see some examples like $ echo -n "password" | argon2 where a salt is not needed.
An advice is also to prefer printf %s instead of echo -n because printf is posix, echo is not and its implementation vary among shells.
@noraj Yeah, it's what I've seen :)
However, when I tried to create the password without salt it did not work because the salt is an obligated paramater.
$ echo -n "password" | argon2
Usage: argon2 [-h] salt [-d] [-t iterations] [-m memory] [-p parallelism] [-l hash length] [-e|-r]
Password is read from stdin
Parameters:
salt The salt to use, at least 8 characters
-d Use Argon2d instead of Argon2i (which is the default)
-t N Sets the number of iterations to N (default = 3)
-m N Sets the memory usage of 2^N KiB (default 12)
-p N Sets parallelism to N threads (default 1)
-l N Sets hash output length to N bytes (default 32)
-e Output only encoded hash
-r Output only the raw bytes of the hash
-h Print argon2 usage
So we agree that there is no salt in the JS ?
Hello @noraj,
I've finally installed argon2-cli from the Debian repository (apt-get install argon2) because with npm, when I start argon2-cli I receive an error :
$ argon2-cli
/usr/local/lib/node_modules/argon2-cli/cli.js:17
const hash = async (password, options) => {
^
SyntaxError: Unexpected token (
at Object.exports.runInThisContext (vm.js:76:16)
at Module._compile (module.js:542:28)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
at Module.runMain (module.js:604:10)
at run (bootstrap_node.js:394:7)
at startup (bootstrap_node.js:149:9)
at bootstrap_node.js:509:3
Running node v6.9.5 and npm 3.10.10
Hi @AaronActu
- Use nvm instead of debian nodejs. Because node v6.9.5 is outdated, I'm running 10.9 right now.
- node-argon2-cli said this
Before installing
Check requirements for node-argon2 prior to installing this.
So if your read https://github.com/ranisalt/node-argon2#before-installing
It is saying
Before installing
You MUST have a node-gyp global install before proceeding with install, along with GCC >= 4.8 / Clang >= 3.3. On Windows, you must compile under Visual Studio 2015 or newer.
node-argon2 works only and is tested against Node >=4.0.0.
I'm pretty sure your have an error installing from npm because your didn't read this.
PS : never use debian packages they are always outdated, that the way debian works
Yep @noraj, I've already installed argon2, gcc (6.3.0) and clang (3.8.1-24) indeed if I had an outdated version of node it is to be sure that nedb-shell will work correctly. I'm running Debian Stretch.
Because in the https://github.com/marcusjwhelan/nedb-shell#pre-install-to-use
It says :
Install NodeJs ^6.9.x
So te be sure that it will works I manually installed node like this :
$ wget https://nodejs.org/dist/v6.9.5/node-v6.9.5-linux-x64.tar.gz
$ mkdir -p /opt/nodejs
$ tar -xvzf node-v6.9.5-linux-x64.tar.gz /opt/nodejs/6.9.5
$ rm node-v6.9.5-linux-x64.tar.gz
$ ln -s /opt/nodejs/6.9.5 /opt/nodejs/current
$ ln -s /opt/nodejs/current/bin/node /bin/node
A bit of log :
> npm uninstall -g argon2
- [email protected] node_modules/argon2/node_modules/safe-buffer
- @phc/[email protected] node_modules/argon2/node_modules/@phc/format
- [email protected] node_modules/argon2/node_modules/any-promise
- [email protected] node_modules/argon2/node_modules/bindings
- [email protected] node_modules/argon2/node_modules/nan
- [email protected] node_modules/argon2
> npm uninstall -g argon2-cli
- [email protected] node_modules/argon2-cli/node_modules/any-promise
- [email protected] node_modules/argon2-cli/node_modules/bindings
- [email protected] node_modules/argon2-cli/node_modules/nan
- [email protected] node_modules/argon2-cli/node_modules/safe-buffer
- @phc/[email protected] node_modules/argon2-cli/node_modules/@phc/format
- [email protected] node_modules/argon2-cli/node_modules/sprintf-js
- [email protected] node_modules/argon2-cli/node_modules/argon2
- [email protected] node_modules/argon2-cli/node_modules/argparse
- [email protected] node_modules/argon2-cli
> npm install -g argon2
> [email protected] install /usr/local/lib/node_modules/argon2
> node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.9.5"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/argon2/.node-gyp"
make : on entre dans le répertoire « /usr/local/lib/node_modules/argon2/build »
CC(target) Release/obj.target/libargon2/argon2/src/opt.o
CC(target) Release/obj.target/libargon2/argon2/src/argon2.o
CC(target) Release/obj.target/libargon2/argon2/src/core.o
CC(target) Release/obj.target/libargon2/argon2/src/blake2/blake2b.o
CC(target) Release/obj.target/libargon2/argon2/src/thread.o
CC(target) Release/obj.target/libargon2/argon2/src/encoding.o
AR(target) Release/obj.target/argon2.a
COPY Release/argon2.a
CXX(target) Release/obj.target/argon2/src/argon2_node.o
SOLINK_MODULE(target) Release/obj.target/argon2.node
COPY Release/argon2.node
make : on quitte le répertoire « /usr/local/lib/node_modules/argon2/build »
/usr/local/lib
└─┬ [email protected]
├─┬ @phc/[email protected]
│ └── [email protected]
├── [email protected]
├── [email protected]
└── [email protected]
> npm install -g argon2-cli
/usr/local/bin/argon2-cli -> /usr/local/lib/node_modules/argon2-cli/cli.js
> [email protected] install /usr/local/lib/node_modules/argon2-cli/node_modules/argon2
> node-gyp rebuild
gyp WARN EACCES user "root" does not have permission to access the dev dir "/root/.node-gyp/6.9.5"
gyp WARN EACCES attempting to reinstall using temporary dev dir "/usr/local/lib/node_modules/argon2-cli/node_modules/argon2/.node-gyp"
make : on entre dans le répertoire « /usr/local/lib/node_modules/argon2-cli/node_modules/argon2/build »
CC(target) Release/obj.target/libargon2/argon2/src/opt.o
CC(target) Release/obj.target/libargon2/argon2/src/argon2.o
CC(target) Release/obj.target/libargon2/argon2/src/core.o
CC(target) Release/obj.target/libargon2/argon2/src/blake2/blake2b.o
CC(target) Release/obj.target/libargon2/argon2/src/thread.o
CC(target) Release/obj.target/libargon2/argon2/src/encoding.o
AR(target) Release/obj.target/argon2.a
COPY Release/argon2.a
CXX(target) Release/obj.target/argon2/src/argon2_node.o
SOLINK_MODULE(target) Release/obj.target/argon2.node
COPY Release/argon2.node
make : on quitte le répertoire « /usr/local/lib/node_modules/argon2-cli/node_modules/argon2/build »
/usr/local/lib
└─┬ [email protected]
├─┬ [email protected]
│ ├─┬ @phc/[email protected]
│ │ └── [email protected]
│ ├── [email protected]
│ ├── [email protected]
│ └── [email protected]
└─┬ [email protected]
└── [email protected]
> echo -n "pass" | argon2-cli
/usr/local/lib/node_modules/argon2-cli/cli.js:17
const hash = async (password, options) => {
^
SyntaxError: Unexpected token (
at Object.exports.runInThisContext (vm.js:76:16)
at Module._compile (module.js:542:28)
at Object.Module._extensions..js (module.js:579:10)
at Module.load (module.js:487:32)
at tryModuleLoad (module.js:446:12)
at Function.Module._load (module.js:438:3)
at Module.runMain (module.js:604:10)
at run (bootstrap_node.js:394:7)
at startup (bootstrap_node.js:149:9)
at bootstrap_node.js:509:3
> echo -n "pass" | argon2
-bash: argon2 : command not found
EDIT 1: I've noticed that there is a note of the dev just under the line that is in error :
const hash = async (password, options) => {
// argparse sets an unset optional argument to null. WTF?
EDIT 2: It seems that async() is only available from Node 7.6 or higher > http://kangax.github.io/compat-table/esnext/
@AaronActu
- nedb-shell
- If you don't need nedb-shell uninstall it and install node 10.9 using nvm.
- If you need nedb-shell install node 6.9 with nvm and node 10.9 with nvm. nvm can manage multiple version of nodejs and you can easily switch from one to the other with
nvm use x.x.x.
- Independently from your previous choice you now have node 10.9.x thanks to nvm:
- install node-gyp, node-gyp is dependent of the node version. Previously you uninstalled and installed back argon2 and argon2-cli but not node-gyp.
- now install argon2 and argon2-cli
Thanks for your help @noraj
So I follow the steps above and clear all my installation. Now Running node v10.9.0 (npm v6.2.0) 👍
I've installed node-gyp like this npm install -g node-gyp but now, I get the following result :
$ node-gyp #To Test the installation
Usage: node-gyp <command> [options]
where <command> is one of:
- build - Invokes `make` and builds the module
- clean - Removes any generated build files and the "out" dir
- configure - Generates a Makefile for the current module
- rebuild - Runs "clean", "configure" and "build" all at once
- install - Install node development files for the specified node version.
- list - Prints a listing of the currently installed node development files
- remove - Removes the node development files for the specified version
[email protected] /root/.nvm/versions/node/v10.9.0/lib/node_modules/node-gyp
[email protected]
$ which node-gyp
/root/.nvm/versions/node/v10.9.0/bin/node-gyp
$ npm install -g argon2
> [email protected] install /root/.nvm/versions/node/v10.9.0/lib/node_modules/argon2
> node-gyp rebuild
sh: node-gyp : commande introuvable
npm ERR! file sh
npm ERR! code ELIFECYCLE
npm ERR! errno ENOENT
npm ERR! syscall spawn
npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! spawn ENOENT
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2018-09-02T19_13_38_287Z-debug.log
@AaronActu Did you do put v1.9 as your default npm or did you do npm use 10.9.0 before ?
Because if 10.9 is not your default, launching a new shell will get back to default (maybe system) node/npm.
@AaronActu Else have you look at some issues like https://github.com/nodejs/node-gyp/issues/1136 googling around ?