GO-2025-3834: 1Panel agent certificate verification bypass leading to arbitrary command execution in github.com/1Panel-dev/1Panel/core

auth

package

v0.0.0-...-5591fe5 Latest Latest Go to latest Published: Jun 17, 2026 License: GPL-3.0 Imports: 28 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/1Panel-dev/1Panel

Links

Open Source Insights

Documentation ¶

Index ¶

func APIAuthMiddleware(loadConfig APIAuthConfigLoader, onSuccess APIAuthSuccessHandler) gin.HandlerFunc
func BeginMFALogin(c *gin.Context, name, entrance, mfaStatus string) *dto.UserLoginInfo
func CheckEntrance(entrance string) error
func CheckPassword(priKey, password, passwordFromDB string) error
func ClearPasskeys() error
func CredentialFlagsValue(flags webauthn.CredentialFlags) uint8
func EvaluatePasskeyStatus(c *gin.Context, configured func() (bool, error)) bool
func GenerateApiKey() (string, error)
func GenerateMD5(param string) string
func GeneratePasskeyUserID(encoded string, allowCreate bool) ([]byte, string, error)
func GenerateSession(c *gin.Context, sessionUser psession.SessionUser) (*dto.UserLoginInfo, error)
func GetCurrentUserInfo() (*dto.CurrentUserInfo, error)
func HandlePasswordExpired(c *gin.Context, old, new string) error
func LoadMFA(req dto.MfaRequest) (mfa.Otp, error)
func LoadPasskeyCredentialRecords(encryptedValue string) ([]passkey.PasskeyCredentialRecord, error)
func LoadPasswordExpirationTime(_ *gin.Context) (string, error)
func Login(c *gin.Context, info dto.Login, entrance string) (*dto.UserLoginInfo, string, error)
func MFABind(req dto.MfaCredential) error
func MFAClose() error
func MFALogin(c *gin.Context, info dto.MFALogin, entrance string) (*dto.UserLoginInfo, string, error)
func NewPasskeyUser(userID []byte, name string, records []passkey.PasskeyCredentialRecord) *passkey.PasskeyUser
func PasskeyBeginLogin(c *gin.Context, entrance string) (*dto.PasskeyBeginResponse, string, error)
func PasskeyBeginRegister(c *gin.Context, name string) (*dto.PasskeyBeginResponse, string, error)
func PasskeyConfig(c *gin.Context) (*webauthn.Config, string, error)
func PasskeyCredentialExists(records []passkey.PasskeyCredentialRecord, credentialID []byte) bool
func PasskeyDelete(id string) error
func PasskeyEnabled(c *gin.Context) (bool, error)
func PasskeyFinishLogin(c *gin.Context, sessionID, entrance string) (*dto.UserLoginInfo, string, error)
func PasskeyFinishRegister(c *gin.Context, sessionID string) (string, error)
func PasskeyList() ([]dto.PasskeyInfo, error)
func PasskeyOriginAndRPID(c *gin.Context) (string, string, error)
func PasskeyRequestScheme(c *gin.Context) string
func PasskeyStatus(c *gin.Context) bool
func SavePasskeyCredentialRecords(records []passkey.PasskeyCredentialRecord) (string, error)
func SetSecurityEntranceCookie(c *gin.Context, entrance string)
func SyncPasswordExpirationTime(expirationDays string) error
func UpdateApiConfig(req dto.ApiInterfaceConfig) error
func UpdateCurrentUserInfo(c *gin.Context, req dto.CurrentUserUpdate) error
func UpdatePasskeyCredentialRecord(records []passkey.PasskeyCredentialRecord, credential *webauthn.Credential) error
func VerifyMFALogin(c *gin.Context, sessionID, code, entrance string) (string, string, error)
type APIAuthConfig
- func LoadAPIAuthConfig(_ *gin.Context) (APIAuthConfig, error)
type APIAuthConfigLoader
type APIAuthSuccessHandler

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func APIAuthMiddleware ¶

func APIAuthMiddleware(loadConfig APIAuthConfigLoader, onSuccess APIAuthSuccessHandler) gin.HandlerFunc

func BeginMFALogin ¶

func BeginMFALogin(c *gin.Context, name, entrance, mfaStatus string) *dto.UserLoginInfo

func CheckEntrance ¶

func CheckEntrance(entrance string) error

func CheckPassword ¶

func CheckPassword(priKey, password, passwordFromDB string) error

func ClearPasskeys ¶

func ClearPasskeys() error

func CredentialFlagsValue ¶

func CredentialFlagsValue(flags webauthn.CredentialFlags) uint8

func EvaluatePasskeyStatus ¶

func EvaluatePasskeyStatus(c *gin.Context, configured func() (bool, error)) bool

func GenerateApiKey ¶

func GenerateApiKey() (string, error)

func GenerateMD5 ¶

func GenerateMD5(param string) string

func GeneratePasskeyUserID ¶

func GeneratePasskeyUserID(encoded string, allowCreate bool) ([]byte, string, error)

func GenerateSession ¶

func GenerateSession(c *gin.Context, sessionUser psession.SessionUser) (*dto.UserLoginInfo, error)

func GetCurrentUserInfo ¶

func GetCurrentUserInfo() (*dto.CurrentUserInfo, error)

func HandlePasswordExpired ¶

func HandlePasswordExpired(c *gin.Context, old, new string) error

func LoadMFA ¶

func LoadMFA(req dto.MfaRequest) (mfa.Otp, error)

func LoadPasskeyCredentialRecords ¶

func LoadPasskeyCredentialRecords(encryptedValue string) ([]passkey.PasskeyCredentialRecord, error)

func LoadPasswordExpirationTime ¶

func LoadPasswordExpirationTime(_ *gin.Context) (string, error)

func Login(c *gin.Context, info dto.Login, entrance string) (*dto.UserLoginInfo, string, error)

func MFABind ¶

func MFABind(req dto.MfaCredential) error

func MFAClose ¶

func MFAClose() error

func MFALogin ¶

func MFALogin(c *gin.Context, info dto.MFALogin, entrance string) (*dto.UserLoginInfo, string, error)

func NewPasskeyUser ¶

func NewPasskeyUser(userID []byte, name string, records []passkey.PasskeyCredentialRecord) *passkey.PasskeyUser

func PasskeyBeginLogin ¶

func PasskeyBeginLogin(c *gin.Context, entrance string) (*dto.PasskeyBeginResponse, string, error)

func PasskeyBeginRegister ¶

func PasskeyBeginRegister(c *gin.Context, name string) (*dto.PasskeyBeginResponse, string, error)

func PasskeyConfig ¶

func PasskeyConfig(c *gin.Context) (*webauthn.Config, string, error)

func PasskeyCredentialExists ¶

func PasskeyCredentialExists(records []passkey.PasskeyCredentialRecord, credentialID []byte) bool

func PasskeyDelete ¶

func PasskeyDelete(id string) error

func PasskeyEnabled ¶

func PasskeyEnabled(c *gin.Context) (bool, error)

func PasskeyFinishLogin ¶

func PasskeyFinishLogin(c *gin.Context, sessionID, entrance string) (*dto.UserLoginInfo, string, error)

func PasskeyFinishRegister ¶

func PasskeyFinishRegister(c *gin.Context, sessionID string) (string, error)

func PasskeyList ¶

func PasskeyList() ([]dto.PasskeyInfo, error)

func PasskeyOriginAndRPID ¶

func PasskeyOriginAndRPID(c *gin.Context) (string, string, error)

func PasskeyRequestScheme ¶

func PasskeyRequestScheme(c *gin.Context) string

func PasskeyStatus ¶

func PasskeyStatus(c *gin.Context) bool

func SavePasskeyCredentialRecords ¶

func SavePasskeyCredentialRecords(records []passkey.PasskeyCredentialRecord) (string, error)

func SetSecurityEntranceCookie ¶

func SetSecurityEntranceCookie(c *gin.Context, entrance string)

func SyncPasswordExpirationTime ¶

func SyncPasswordExpirationTime(expirationDays string) error

func UpdateApiConfig ¶

func UpdateApiConfig(req dto.ApiInterfaceConfig) error

func UpdateCurrentUserInfo ¶

func UpdateCurrentUserInfo(c *gin.Context, req dto.CurrentUserUpdate) error

func UpdatePasskeyCredentialRecord ¶

func UpdatePasskeyCredentialRecord(records []passkey.PasskeyCredentialRecord, credential *webauthn.Credential) error

func VerifyMFALogin ¶

func VerifyMFALogin(c *gin.Context, sessionID, code, entrance string) (string, string, error)

Types ¶

type APIAuthConfig ¶

type APIAuthConfig struct {
	ApiInterfaceStatus string
	ApiKey             string
	IpWhiteList        string
	ApiKeyValidityTime int
}

func LoadAPIAuthConfig ¶

func LoadAPIAuthConfig(_ *gin.Context) (APIAuthConfig, error)

type APIAuthConfigLoader ¶

type APIAuthConfigLoader func(c *gin.Context) (APIAuthConfig, error)

type APIAuthSuccessHandler ¶

type APIAuthSuccessHandler func(c *gin.Context, config APIAuthConfig)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL