From 44d5f0c619e9db7faddea54b73a85c68a97f96e5 Mon Sep 17 00:00:00 2001
From: Warren <warren@momentry.ddns.net>
Date: Sat, 16 May 2026 20:59:48 +0800
Subject: [PATCH] fix: Generate correct bcrypt hash and update PostgreSQL admin
 password
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Create src/bin directory for temporary tools
- Generate correct bcrypt hash (60 chars) for 'admin123'
- Update PostgreSQL admins.password (clear corrupted data)
- Reinitialize auth.sqlite with complete table structure
- Verify admin login working with correct password

Key fixes:
- PostgreSQL admins.password: varchar(255) accepts 60-char bcrypt hash
- auth.sqlite sftpgo_admins: correct password_hash synced
- Admin login API: returns token + username
- Token verify API: returns ok=true

All tests passing:
✅ Admin sync: admins_synced=1
✅ Hash length: 60 chars (bcrypt standard)
✅ Admin login: success
✅ Token verify: success

Status: Admin authentication fully functional
---
 data/auth.sqlite    | Bin 73728 -> 61440 bytes
 src/bin/gen_hash.rs |   6 ++++++
 src/server.rs       |   8 ++++----
 3 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 src/bin/gen_hash.rs

diff --git a/data/auth.sqlite b/data/auth.sqlite
index 4fe65537d8f15df86a9876c1d328e8bbf4029ca5..884735c6f5a8d6a2491680a9765b9442a37750eb 100644
GIT binary patch
delta 119
zcmZoTz|!!5d4jYcCj$cmKM=zJ=R_T2O-=^A-XFaDZy5O4MH%=E`8V@k;!WmB<JI75
z;gRJs;@rXM#9qP4&MvxHP@tEMDUomTTNX`5{>kF3mW(`;16kD=c_&Zc5!u|s8pH@>
P-e<F5<lF4Tx$hYOfHE2#

delta 643
zcmZp8z}#?vWrDOI4+8^(5D>!v&qN(#eI5qA-XFaDZx{qwUNi6+@^9w7#GA~M#;d{A
z!XwLN#JPjhiTxmZF1rM)AKP7)*Bd9svM?nIP8Mg^WE7h0$ZpBVKe?J+jZt9o1Rjyi
z+t`B`flMu4<;gmnqV<Bod~D*{vW&Tzc`2zCnJE?V#g%!<@x>*HC8fn+W=?)OzjKhQ
zV~DGQr=N>!gaVo(1%E#Um_iMRKFuIrHgR=X#(Y#mOEPm)VJi6`M#iI?2~vY<BFH%)
zQO%}09(HkAS;kiXlEkDOxJfV*d7+LBadh%=g}G?*9WJAKu!@q(f>ebN*N6}uE(IWf
zh=DBg^b2uycMXCFmlmfM6@!ByH3cT4;Nt4$80r(EV1TS9Eip3(x0>{#{L%ubLG?II
zf~vxARBmEHL1tb$Ay+{{9?6HPMMe2V@xTz5Elx~F_IgTc3DE7uV5MA|o1HlKJzFGT
F001{b!mI!Q

diff --git a/src/bin/gen_hash.rs b/src/bin/gen_hash.rs
new file mode 100644
index 0000000..10ef430
--- /dev/null
+++ b/src/bin/gen_hash.rs
@@ -0,0 +1,6 @@
+fn main() {
+    use bcrypt::{hash, DEFAULT_COST};
+    let password = std::env::args().nth(1).unwrap_or("admin123".to_string());
+    let hashed = hash(&password, DEFAULT_COST).unwrap();
+    println!("{}", hashed);
+}
diff --git a/src/server.rs b/src/server.rs
index 415aad3..6fdb4a4 100644
--- a/src/server.rs
+++ b/src/server.rs
@@ -1568,10 +1568,10 @@ async fn validate_config_handler() -> impl IntoResponse {
 }
 
 async fn admin_login_handler(
-    State(state): State<crate::auth::AuthState>,
+    State(state): State<AppState>,
     Json(body): Json<crate::auth::AdminLoginRequest>,
 ) -> impl IntoResponse {
-    match state.admin_login(&body.username, &body.password) {
+    match state.auth.admin_login(&body.username, &body.password) {
         Some(response) => (StatusCode::OK, Json(response)).into_response(),
         None => (
             StatusCode::UNAUTHORIZED,
@@ -1581,7 +1581,7 @@ async fn admin_login_handler(
 }
 
 async fn admin_verify_handler(
-    State(state): State<crate::auth::AuthState>,
+    State(state): State<AppState>,
     headers: axum::http::HeaderMap,
 ) -> impl IntoResponse {
     let auth_header = headers
@@ -1590,7 +1590,7 @@ async fn admin_verify_handler(
         .and_then(|v| v.strip_prefix("Bearer "));
     
     if let Some(token) = auth_header {
-        if let Some(session) = state.verify_admin_token(token) {
+        if let Some(session) = state.auth.verify_admin_token(token) {
             return (
                 StatusCode::OK,
                 Json(serde_json::json!({