From df4b49ad5b125623cb840c3648632f0079af4bf6 Mon Sep 17 00:00:00 2001
From: wellenvogel <andreas@wellenvogel.de>
Date: Mon, 13 Dec 2021 16:44:02 +0100
Subject: [PATCH] intermediate: hide passwords in config, admin password

---
 extra_script.py           |  7 +++++--
 lib/config/GWConfig.cpp   | 24 ++++++++++++++----------
 lib/config/GWConfig.h     |  1 -
 lib/config/GwConfigItem.h |  8 +++++++-
 web/index.js              |  7 +++++++
 5 files changed, 33 insertions(+), 14 deletions(-)

diff --git a/extra_script.py b/extra_script.py
index 4372b1e..7947b0f 100644
--- a/extra_script.py
+++ b/extra_script.py
@@ -137,8 +137,11 @@ def generateCfg(inFile,outFile,addDirs=[]):
         for item in config:
             if not first:
                 data+=',\n'
-            first=False    
-            data+="    new GwConfigItem(%s,\"%s\")"%(item.get('name'),item.get('default'))
+            first=False 
+            secret="false";
+            if item.get('type') == 'password':
+                secret="true"   
+            data+="    new GwConfigItem(%s,\"%s\",%s)"%(item.get('name'),item.get('default'),secret)
         data+='};\n'  
         data+='};\n'
     writeFileIfChanged(outFile,data)    
diff --git a/lib/config/GWConfig.cpp b/lib/config/GWConfig.cpp
index 85ca067..7fe451e 100644
--- a/lib/config/GWConfig.cpp
+++ b/lib/config/GWConfig.cpp
@@ -35,7 +35,12 @@ String GwConfigHandler::toJson() const{
     int num=getNumConfig();
     DynamicJsonDocument jdoc(JSON_OBJECT_SIZE(num*2));
     for (int i=0;i<num;i++){
-        jdoc[configs[i]->getName()]=configs[i]->asCString();
+        if (configs[i]->isSecret()){
+            jdoc[configs[i]->getName()]="";    
+        }
+        else{
+            jdoc[configs[i]->getName()]=configs[i]->asCString();
+        }
     }
     serializeJson(jdoc,rt);
     logger->logString("configJson: %s",rt.c_str());
@@ -78,18 +83,17 @@ bool GwConfigHandler::saveConfig(){
     logger->logString("saved config");
     return true;
 }
-bool GwConfigHandler::updateValue(const char *name, const char * value){
-    GwConfigItem *i=findConfig(name);
-    if (i == NULL) return false;
-    logger->logString("update config %s=>%s",name,value);
-    i->fromString(value);
-    return true;
-}
+
 bool GwConfigHandler::updateValue(String name, String value){
     GwConfigItem *i=findConfig(name);
     if (i == NULL) return false;
-    logger->logString("update config %s=>%s",name.c_str(),value.c_str());
-    i->fromString(value);
+    if (i->isSecret() && value.isEmpty()){
+        LOG_DEBUG(GwLog::LOG,"skip empty password %s",name.c_str());
+    }
+    else{
+        LOG_DEBUG(GwLog::LOG,"update config %s=>%s",name.c_str(),i->isSecret()?"***":value.c_str());
+        i->fromString(value);
+    }
     return true;
 }
 bool GwConfigHandler::reset(bool save){
diff --git a/lib/config/GWConfig.h b/lib/config/GWConfig.h
index 2f10d49..bf91963 100644
--- a/lib/config/GWConfig.h
+++ b/lib/config/GWConfig.h
@@ -16,7 +16,6 @@ class GwConfigHandler: public GwConfigDefinitions{
         GwConfigHandler(GwLog *logger);
         bool loadConfig();
         bool saveConfig();
-        bool updateValue(const char *name, const char * value);
         bool updateValue(String name, String value);
         bool reset(bool save);
         String toString() const;
diff --git a/lib/config/GwConfigItem.h b/lib/config/GwConfigItem.h
index babb54e..a9e24cf 100644
--- a/lib/config/GwConfigItem.h
+++ b/lib/config/GwConfigItem.h
@@ -8,17 +8,20 @@ class GwConfigInterface{
     virtual const char * asCString() const =0;
     virtual bool asBoolean() const = 0;
     virtual int asInt() const = 0;
+    virtual bool isSecret() const =0;
 };
 class GwConfigItem: public GwConfigInterface{
     private:
         String name;
         String initialValue;
         String value;
+        bool secret=false;
     public:
-        GwConfigItem(const String &name, const String initialValue){
+        GwConfigItem(const String &name, const String initialValue, bool secret=false){
             this->name=name;
             this->initialValue=initialValue;
             this->value=initialValue;
+            this->secret=secret;
         }
         virtual String asString() const{
             return value;
@@ -41,6 +44,9 @@ class GwConfigItem: public GwConfigInterface{
         virtual void reset(){
             value=initialValue;
         }
+        virtual bool isSecret() const{
+            return secret;
+        }
         bool changed() const{
             return value != initialValue;
         }
diff --git a/web/index.js b/web/index.js
index 0a36bf2..90df08d 100644
--- a/web/index.js
+++ b/web/index.js
@@ -148,6 +148,9 @@ function checkApPass(v) {
         return "password must be at least 8 characters";
     }
 }
+function checkAdminPass(v){
+    return checkApPass(v);
+}
 
 function checkXDR(v,allValues){
     if (! v) return;
@@ -187,6 +190,10 @@ function changeConfig() {
         let name = v.getAttribute('name');
         if (!name) continue;
         if (name.indexOf("_") >= 0) continue;
+        let def=getConfigDefition(name);
+        if (def.type === 'password' && v.value == '') {
+            continue;
+        }
         let check = v.getAttribute('data-check');
         if (check) {
             if (typeof (self[check]) === 'function') {