Hydro
Hydro copied to clipboard
hydro-dev
[Bug] `hydrooj` cli user creation may fail for certain password
Hi developers and maintainers, I have encountered some weird thing when creating user with the hydrooj cli.
This command always fail.
hydrooj cli user create [email protected] test '~"M+y`X3hm*TzH_"' 9
Setting an already existing user's password to this string also failed.
here is the error message I get when running the command.
Process 2935340 running as master
Using mongodb external event bus
[I] settings Successfully loaded config
[I] common Lib init: /usr/local/share/.config/yarn/global/node_modules/@hydrooj/ui-default
[I] common Service init: /usr/local/share/.config/yarn/global/node_modules/@hydrooj/hydrojudge
TypeError: Cannot read properties of undefined (reading 'toString')
at Function.create (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/model/user.ts:293:39)
at cli (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/entry/cli.ts:82:48)
at Object.load (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/entry/cli.ts:108:11)
at loadCli (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/loader.ts:76:5)
Stack trace of setPassword:
Process 2935382 running as master
Using mongodb external event bus
[I] settings Successfully loaded config
[I] common Lib init: /usr/local/share/.config/yarn/global/node_modules/@hydrooj/ui-default
[I] common Service init: /usr/local/share/.config/yarn/global/node_modules/@hydrooj/hydrojudge
TypeError: The "password" argument must be of type string or an instance of ArrayBuffer, Buffer, TypedArray, or DataView. Received undefined
at check (node:internal/crypto/pbkdf2:92:14)
at Object.pbkdf2Sync (node:internal/crypto/pbkdf2:70:5)
at pwhash (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/lib/hash.hydro.ts:4:19)
at Function.setPassword (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/model/user.ts:258:35)
at cli (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/entry/cli.ts:82:48)
at Object.load (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/entry/cli.ts:108:11)
at loadCli (/usr/local/share/.config/yarn/global/node_modules/hydrooj/src/loader.ts:76:5) {
code: 'ERR_INVALID_ARG_TYPE'
}
I am on a machine with
- distro: Ubuntu 20.04
- hydro OJ setup method: the official script setup.sh
Can yout try reproduce it and resolve it?
BTW, hydro OJ is awesome. This is what a modern online judge system should be like. I do appreciate all the work you have doen.
Note that ~"M+y`X3hm*TzH_" is a valid password.
It can be used in registration and passphrase reset totally fine.
Currently we are using a very simple command parser so special chars might not being processed correctly.
We strongly recommend only use [a-zA-Z0-9-_]+ in cli (only for rescue proposes) and head to web panel for a password reset.
The related code is here: https://github.com/hydro-dev/Hydro/blob/master/packages/hydrooj/src/entry/cli.ts#L71-L81 If you are willing to fix this, PRs are always welcome.
Okay, I will try to enhance the CLI argument parser. ~~When I have some spare time~~
After typescript was compiled to javascript at runtime, it is nearly impossible to determine whether a param should be string or number or whatever type, so the only way is to guess the type from the input. And string prefixed with "~" was designed for passing objects into argument (using ~objectName as a placeholder and use --foo=bar as named arguments)