a719e528ed
- Add Gen button to admin panel that generates 13-char alphanumeric passwords for Nextcloud credentials (Add Site form and Edit modal) - Reject duplicate AP numbers within the same site (409 response) - Fix newline injection vulnerability in admin API that allowed creating backdoor site entries via sites.conf corruption - Fix colon-in-PIN bug by rejecting colons in PIN and NC User fields - Use maxsplit=3 in sites.conf parser so NC Pass can contain colons - Add nc_change_password() to sync password edits to Nextcloud - Clean up corrupted sites.conf entries from prior injection Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
27 lines
1.0 KiB
Plaintext
27 lines
1.0 KiB
Plaintext
# APtool Site Configuration
|
|
#
|
|
# Each line defines a site that technicians can log into.
|
|
# Format: site_number:pin[:nc_user:nc_pass]
|
|
#
|
|
# - site_number must be exactly 4 digits
|
|
# - pin can be any string (digits recommended for mobile entry)
|
|
# - nc_user and nc_pass are optional Nextcloud credentials for this site
|
|
# If omitted, the global NC_USER / NC_PASS defaults are used.
|
|
# - blank lines and lines starting with # are ignored
|
|
#
|
|
# Examples:
|
|
# 5001:1234 (uses global Nextcloud credentials)
|
|
# 5002:5678:alice:AppPass-12345 (uses per-site Nextcloud user "alice")
|
|
# 9999:0000:bob:AppPass-67890 (uses per-site Nextcloud user "bob")
|
|
#
|
|
# To add a site: add a new line with site_number:pin[:nc_user:nc_pass]
|
|
# To remove a site: delete or comment out the line
|
|
# To change a PIN: edit the pin after the colon
|
|
#
|
|
# The app reloads this file on every login attempt, so changes
|
|
# take effect immediately — no restart needed.
|
|
|
|
1102:1102:1102:FocusWrite2000!
|
|
1234:1234:1234:railFocus11
|
|
2725:2725:2725:makeBiscuits112
|