hiddifypanel 10.70.9__py3-none-any.whl → 10.80.0.dev1__py3-none-any.whl

hiddifypanel/VERSION

@@ -1 +1 @@
-10.70.9
+10.80.0.dev7

hiddifypanel/VERSION.py

@@ -1,3 +1,6 @@
-__version__='10.70.9'
+import importlib.metadata
 from datetime import datetime
-__release_date__= datetime.strptime('2024-11-18','%Y-%m-%d')
+
+__version__ = importlib.metadata.version(__package__ or __name__)
+__release_time__= datetime.strptime('2024-11-10T19:45:21','%Y-%m-%dT%H:%M:%S')
+is_released_version=True

hiddifypanel/__init__.py

@@ -1,4 +1,8 @@
-from .VERSION import __version__, __release_date__
+from .VERSION import __version__, __release_time__,is_released_version
+
+from dotenv import load_dotenv
+load_dotenv("/opt/hiddify-manager/hiddify-panel/app.cfg")
+
 # from . import cache
 from . import Events
 from .base import create_app, create_app_wsgi

hiddifypanel/auth.py

@@ -142,14 +142,19 @@ def get_account_by_uuid(uuid, is_admin):
     return AdminUser.by_uuid(f'{uuid}') if is_admin else User.by_uuid(f'{uuid}')
 
 
-def login_by_uuid(uuid, is_admin: bool):
+def login_by_uuid(uuid,password:str, is_admin: bool)->bool:
     account = get_account_by_uuid(uuid, is_admin)
     if not account:
         return False
+    if account.password!=password:
+        return False
     return login_user(account, force=True)
 
 
 def auth_before_request():
+    if ".webmanifest" in request.path:
+        return
+
     # print("before_request")
     account = None
 
@@ -160,7 +165,7 @@ def auth_before_request():
         # print("uuid", g.uuid, is_admin_path)
         account = get_account_by_uuid(g.uuid, is_admin_path)
         # print(account)
-        if not account:
+        if not account or account.password!="":
             return logout_redirect()
         if is_admin_path:
             next_url = request.url
@@ -230,7 +235,7 @@ def redirect_to_login():
         json_abort(403, 'Unathorized')
     # if g.user_agent['is_browser']:
     # return redirect(hurl_for('common_bp.LoginView:basic_0', force=1, next=request.path))
-    return redirect(hurl_for('common_bp.LoginView:index', force=1, next=request.path))
+    return redirect(hurl_for('common_bp.LoginView:index', force=1, next=request.path.replace(f'{g.uuid}/',''),user=g.uuid))
 
     # else:
     #     abort(401, "Unauthorized")

hiddifypanel/base.py

@@ -42,12 +42,13 @@ def create_app(*args, cli=False, **config):
     # app = Flask(__name__, static_url_path="/<proxy_path>/static/", instance_relative_config=True)
 
     if not cli:
-        from hiddifypanel.cache import redis_client
+        
         from hiddifypanel import auth
         app.config["PREFERRED_URL_SCHEME"] = "https"
         app.wsgi_app = ProxyFix(
             app.wsgi_app, x_for=1, x_proto=1, x_host=1, x_prefix=1,
         )
+        app.secret_key="asdsad"
         app.servers = {
             'name': 'current',
             'url': '',
@@ -68,18 +69,7 @@ def create_app(*args, cli=False, **config):
         # setup flask server-side session
         # app.config['APPLICATION_ROOT'] = './'
         # app.config['SESSION_COOKIE_DOMAIN'] = '/'
-        app.config['SESSION_TYPE'] = 'redis'
-        app.config['SESSION_REDIS'] = redis_client
-        app.config['SESSION_PERMANENT'] = True
-        app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(days=10)
-        app.security_schemes = {  # equals to use config SECURITY_SCHEMES
-            'Hiddify-API-Key': {
-                'type': 'apiKey',
-                'in': 'header',
-                'name': 'Hiddify-API-Key',
-            }
-        }
-        Session(app)
+        
 
         app.jinja_env.line_statement_prefix = '%'
         from hiddifypanel import hutils
@@ -112,6 +102,19 @@ def create_app(*args, cli=False, **config):
     app.jinja_env.globals['get_locale'] = get_locale
     babel = Babel(app, locale_selector=get_locale)
     if not cli:
+        app.config['SESSION_TYPE'] = 'redis'
+        from hiddifypanel.cache import redis_client
+        app.config['SESSION_REDIS'] = redis_client
+        app.config['SESSION_PERMANENT'] = True
+        app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(days=10)
+        app.security_schemes = {  # equals to use config SECURITY_SCHEMES
+            'Hiddify-API-Key': {
+                'type': 'apiKey',
+                'in': 'header',
+                'name': 'Hiddify-API-Key',
+            }
+        }
+        Session(app)
         hiddifypanel.panel.common.init_app(app)
         hiddifypanel.panel.common_bp.init_app(app)
 
@@ -122,7 +125,7 @@ def create_app(*args, cli=False, **config):
 
     app.config.update(config)  # Override with passed config
     # app.config['WTF_CSRF_CHECK_DEFAULT'] = False
-    app.config['WTF_CSRF_ENABLED'] = False
+    # app.config['WTF_CSRF_ENABLED'] = False
     # app.config['BABEL_TRANSLATION_DIRECTORIES'] = '/workspace/Hiddify-Server/hiddify-panel/src/translations.i18n'
 
     # from flask_wtf.csrf import CSRFProtect
@@ -131,15 +134,15 @@ def create_app(*args, cli=False, **config):
 
     # @app.before_request
     # def check_csrf():
-    # if "/admin/user/" in request.base_url:
-    #     return
-    # if "/admin/domain/" in request.base_url:
-    #     return
-    # if "/admin/actions/" in request.base_url:
-    #     return
-    # if "/api/" in request.base_url:
-    #     return
-    # csrf.protect()
+    # # if "/admin/user/" in request.base_url:
+    # #     return
+    # # if "/admin/domain/" in request.base_url:
+    # #     return
+    # # if "/admin/actions/" in request.base_url:
+    # #     return
+    # # if "/api/" in request.base_url:
+    # #     return
+    #     csrf.protect()
 
     hiddifypanel.panel.cli.init_app(app)
     return app

hiddifypanel/cache.py

@@ -1,9 +1,10 @@
+import os
 from redis_cache import RedisCache, chunks, compact_dump
 import redis
 from pickle import dumps, loads
 from loguru import logger
 
-redis_client = redis.from_url('unix:///opt/hiddify-manager/other/redis/run.sock?db=0')
+redis_client = redis.from_url(os.environ["REDIS_URI_MAIN"])
 
 
 class CustomRedisCache(RedisCache):

hiddifypanel/drivers/ssh_liberty_bridge_api.py

@@ -1,3 +1,4 @@
+import os
 from .abstract_driver import DriverABS
 from hiddifypanel.models import *
 import redis
@@ -13,7 +14,7 @@ class SSHLibertyBridgeApi(DriverABS):
 
     def get_ssh_redis_client(self):
         if not hasattr(self, 'redis_client'):
-            self.redis_client = redis.from_url('unix:///opt/hiddify-manager/other/redis/run.sock?db=1', decode_responses=True)
+            self.redis_client = redis.from_url(os.environ.get("REDIS_URI_SSH",""), decode_responses=True)
 
         return self.redis_client
 

hiddifypanel/drivers/wireguard_api.py

@@ -13,7 +13,7 @@ USERS_USAGE = "wg:users-usage"
 class WireguardApi(DriverABS):
     def get_redis_client(self):
         if not hasattr(self, 'redis_client'):
-            self.redis_client = redis.from_url('unix:///opt/hiddify-manager/other/redis/run.sock?db=1')
+            self.redis_client = redis.from_url(os.environ.get("REDIS_URI_SSH",""))
 
         return self.redis_client
 

hiddifypanel/hutils/crypto.py

@@ -1,3 +1,4 @@
+import os
 import subprocess
 from cryptography.hazmat.primitives import serialization
 from cryptography.hazmat.primitives.asymmetric import x25519, ed25519
@@ -46,3 +47,29 @@ def generate_x25519_keys():
     priv_str = base64.urlsafe_b64encode(priv_bytes).decode()[:-1]
 
     return {'private_key': priv_str, 'public_key': pub_str}
+
+
+
+def generate_ssh_host_keys():
+    key_types = ["dsa", "ecdsa", "ed25519", "rsa"]
+    keys_dict = {}
+
+    # Generate and read keys
+    for key_type in key_types:
+        key_file = f"ssh_host_{key_type}_key"
+
+        subprocess.run([
+            "ssh-keygen", "-t", key_type,
+            "-f", key_file,
+            "-N", "" 
+        ], check=True)
+
+        keys_dict[key_type]={}
+        with open(key_file, "r") as f:
+            keys_dict[key_type]['pk'] = f.read()
+        with open(f"{key_file}.pub", "r") as f:
+            keys_dict[key_type]['pub'] = f.read()
+
+        os.remove(key_file)
+        os.remove(f"{key_file}.pub")  # Remove the public key if not needed
+    return keys_dict

hiddifypanel/hutils/flask.py

@@ -51,7 +51,7 @@ def hurl_for(endpoint, **values):
 def get_user_agent() -> dict:
     ua = __parse_user_agent(request.user_agent.string)
 
-    if ua.get('v', 1) < 7:
+    if ua.get('v', 1) < 8:
         __parse_user_agent.invalidate_all()  # type:ignore
         ua = __parse_user_agent(request.user_agent.string)
     return ua
@@ -65,13 +65,14 @@ def __parse_user_agent(ua: str) -> dict:
     # Example: SFA/1.8.0 (239; sing-box 1.8.0)
     # Example: SFA/1.7.0 (239; sing-box 1.7.0)
     # Example: HiddifyNext/0.13.6 (android) like ClashMeta v2ray sing-box
-
+    if ua=="v2rayNG/1.8.23": #temporary fix for xray sub in hiddifynext
+        ua="HiddifyNextX/0.13.6 (android) like ClashMeta v2ray sing-box"
     uaa = user_agents.parse(ua)
 
     match = re.search(ua_version_pattern, ua)
     generic_version = list(map(int, match.group(1).split('.'))) if match else [0, 0, 0]
     res = {}
-    res['v'] = 7
+    res['v'] = 8
     res["is_bot"] = uaa.is_bot
     res["is_browser"] = re.match('^Mozilla', ua, re.IGNORECASE) and True
     res['os'] = uaa.os.family
@@ -80,6 +81,7 @@ def __parse_user_agent(ua: str) -> dict:
     res['is_clash_meta'] = re.match('^(Clash-verge|Clash-?Meta|Stash|NekoBox|NekoRay|Pharos|hiddify-desktop)', ua, re.IGNORECASE) and True
     res['is_singbox'] = re.match('^(HiddifyNext|Dart|SFI|SFA)', ua, re.IGNORECASE) and True
     res['is_hiddify'] = re.match('^(HiddifyNext)', ua, re.IGNORECASE) and True
+    res['is_hiddify_prefere_xray'] = re.match('^(HiddifyNextX)', ua, re.IGNORECASE) and True
     res['is_streisand'] = re.match('^(Streisand)', ua, re.IGNORECASE) and True
     res['is_shadowrocket'] = re.match('^(Shadowrocket)', ua, re.IGNORECASE) and True
     res['is_v2rayng'] = re.match('^(v2rayNG)', ua, re.IGNORECASE) and True

hiddifypanel/hutils/network/cf_api.py

@@ -1,18 +1,18 @@
-import CloudFlare
+import cloudflare
 from hiddifypanel.models import hconfig, ConfigEnum
 
-__cf: CloudFlare.CloudFlare = ''  # type: ignore
+__cf: cloudflare.Cloudflare   # type: ignore
 
 
 def __prepare_cf_api_client() -> bool:
     '''Prepares cloudflare client if it's not already'''
     global __cf
-    if __cf and isinstance(__cf, CloudFlare.CloudFlare):
+    if __cf and isinstance(__cf, cloudflare.Cloudflare):
         return True
 
     if hconfig(ConfigEnum.cloudflare):
-        __cf = CloudFlare.CloudFlare(token=hconfig(ConfigEnum.cloudflare))
-        if __cf and isinstance(__cf, CloudFlare.CloudFlare):
+        __cf = cloudflare.Cloudflare(token=hconfig(ConfigEnum.cloudflare))
+        if __cf and isinstance(__cf, cloudflare.Cloudflare):
             return True
     return False
 

hiddifypanel/hutils/proxy/clash.py

@@ -57,7 +57,7 @@ def to_clash(proxy, meta_or_normal):
     if proxy["proto"] == "ssh":
         base["username"] = proxy["uuid"]
         base["private-key"] = proxy['private_key']
-        base["host-key"] = proxy.get('host_key', [])
+        base["host-key"] = proxy.get('host_keys', [])
         return base
     base["udp"] = True
     if proxy["proto"] == ProxyProto.wireguard:

hiddifypanel/hutils/proxy/shared.py

@@ -11,17 +11,13 @@ from hiddifypanel.models import Proxy, ProxyProto, ProxyL3, ProxyTransport, Prox
 from hiddifypanel import hutils
 
 
-def get_ssh_hostkeys(dojson=False) -> list[str] | str:
-    key_files = glob.glob(current_app.config['HIDDIFY_CONFIG_PATH'] + "/other/ssh/host_key/*_key.pub")
-    host_keys = []
-    for file_name in key_files:
-        with open(file_name, "r") as f:
-            host_key = f.read().strip()
-            host_key = host_key.split()
-            if len(host_key) > 2:
-                host_key = host_key[:2]  # strip the hostname part
-            host_key = " ".join(host_key)
-            host_keys.append(host_key)
+def get_ssh_hostkeys(hconfigs,dojson=False) -> list[str] | str:
+    host_keys = [
+        # hconfigs[ConfigEnum.ssh_host_dsa_pub],
+        hconfigs[ConfigEnum.ssh_host_ed25519_pub],
+        hconfigs[ConfigEnum.ssh_host_ecdsa_pub], 
+        hconfigs[ConfigEnum.ssh_host_rsa_pub],
+    ]
     if dojson:
         return json.dumps(host_keys)
     return host_keys
@@ -441,7 +437,7 @@ def make_proxy(hconfigs: dict, proxy: Proxy, domain_db: Domain, phttp=80, ptls=4
         return base
     if ProxyProto.ssh == proxy.proto:
         base['private_key'] = g.account.ed25519_private_key
-        base['host_key'] = hutils.proxy.get_ssh_hostkeys(False)
+        base['host_keys'] = hutils.proxy.get_ssh_hostkeys(hconfigs,False)
         # base['ssh_port'] = hconfig(ConfigEnum.ssh_server_port)
         return base
     return {'name': name, 'msg': 'not valid', 'type': 'error', 'proto': proxy.proto}

hiddifypanel/hutils/proxy/singbox.py

@@ -45,6 +45,8 @@ def configs_as_json(domains: list[Domain], **kwargs) -> str:
 
 
 def is_xray_proxy(proxy: dict):
+    if g.user_agent.get('is_hiddify_prefere_xray'):
+        return True
     if proxy['transport'] == ProxyTransport.splithttp:
         return True
     return False
@@ -323,7 +325,7 @@ def add_ssh(all_base: list[dict], proxy: dict):
     base["user"] = proxy['uuid']
     base["private_key"] = proxy['private_key']  # .replace('\n', '\\n')
 
-    base["host_key"] = proxy.get('host_key', [])
+    base["host_key"] = proxy.get('host_keys', [])
 
     socks_front = {
         "type": "socks",

hiddifypanel/hutils/proxy/xray.py

@@ -63,7 +63,7 @@ def to_link(proxy: dict) -> str | dict:
             streisand_ssh = hutils.encode.do_base_64(f'{proxy["uuid"]}:0:{proxy["private_key"]}::@{proxy["server"]}:{proxy["port"]}')
             baseurl += f'{streisand_ssh}#{name_link}'
         else:
-            hk = ",".join(proxy["host_key"])
+            hk = ",".join(proxy["host_keys"])
             pk = proxy["private_key"].replace('\n', '')
             baseurl += f'{proxy["uuid"]}@{proxy["server"]}:{proxy["port"]}/?file=ssh&pk={pk}&hk={hk}#{name_link}'
 

hiddifypanel/models/admin.py

@@ -190,4 +190,4 @@ class AdminUser(BaseAccount, SerializerMixin):
 def before_insert(mapper, connection, target):
     from hiddifypanel import hutils
     hutils.model.gen_username(target)
-    hutils.model.gen_password(target)
+    # hutils.model.gen_password(target)

hiddifypanel/models/base_account.py

@@ -41,6 +41,9 @@ class BaseAccount(db.Model, SerializerMixin, FlaskLoginUserMixin):  # type: igno
             'telegram_id': self.telegram_id,
             'lang': self.lang
         }
+    def update_password(self,new_password):
+        self.password=new_password
+        db.session.commit()
 
     @classmethod
     def by_id(cls, id: int):

hiddifypanel/models/config.py

@@ -39,7 +39,7 @@ class StrConfig(db.Model, SerializerMixin):
     child_id = Column(Integer, ForeignKey('child.id'), primary_key=True, default=0)
     # category = db.Column(db.String(128), primary_key=True)
     key = Column(Enum(ConfigEnum), primary_key=True, default=ConfigEnum.admin_secret)
-    value = Column(String(2048))
+    value = Column(String(3072))
 
     def to_dict(self: "StrConfig"):
         return {

hiddifypanel/models/config_enum.py

@@ -277,6 +277,19 @@ class ConfigEnum(metaclass=FastEnum):
     sub_full_clash_enable = _BoolConfigDscr(ConfigCategory.hidden)
     sub_full_clash_meta_enable = _BoolConfigDscr(ConfigCategory.hidden)
 
+
+    #ssh host keys
+    ssh_host_rsa_pk = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_rsa_pub = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_ed25519_pk = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_ed25519_pub = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_ecdsa_pk = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_ecdsa_pub = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_dsa_pk = _StrConfigDscr(ConfigCategory.hidden)
+    ssh_host_dsa_pub = _StrConfigDscr(ConfigCategory.hidden)
+    
+    
+
     hiddifycli_enable = _BoolConfigDscr(ConfigCategory.hidden, ApplyMode.reinstall)
 
     @classmethod

hiddifypanel/models/user.py

@@ -76,7 +76,7 @@ class User(BaseAccount, SerializerMixin):
     current_usage = db.Column(db.BigInteger, default=0, nullable=False)
     last_reset_time = db.Column(db.Date, default=datetime.date.today())
     added_by = db.Column(db.Integer, db.ForeignKey('admin_user.id'), default=1)
-    max_ips = db.Column(db.Integer, default=1000, nullable=False)
+    max_ips = db.Column(db.Integer, default=100, nullable=False)
     details = db.relationship('UserDetail', cascade="all,delete", backref='user', lazy='dynamic',)
     enable = db.Column(db.Boolean, default=True, nullable=False)
     ed25519_private_key = db.Column(db.String(500), default="")
@@ -347,6 +347,6 @@ class User(BaseAccount, SerializerMixin):
 def on_user_insert(mapper, connection, target):
     from hiddifypanel import hutils
     hutils.model.gen_username(target)
-    hutils.model.gen_password(target)
+    # hutils.model.gen_password(target)
     hutils.model.gen_ed25519_keys(target)
     hutils.model.gen_wg_keys(target)

hiddifypanel/panel/admin/AdminstratorAdmin.py

@@ -40,7 +40,7 @@ class SubAdminsField(SelectField):
 class AdminstratorAdmin(AdminLTEModelView):
     column_hide_backrefs = False
     column_list = ["name", 'UserLinks', 'mode', 'can_add_admin', 'max_active_users', 'max_users', 'online_users', 'comment',]
-    form_columns = ["name", 'mode', 'can_add_admin', 'max_active_users', 'max_users', 'comment', "uuid"]
+    form_columns = ["name", 'mode', 'can_add_admin', 'max_active_users', 'max_users', 'comment', "uuid", "password"]
     list_template = 'model/admin_list.html'
     # column_editable_list = ['name']
     # edit_modal = True
@@ -59,6 +59,7 @@ class AdminstratorAdmin(AdminLTEModelView):
         "comment": _("Note"),
         'max_active_users': _("Max Active Users"),
         'max_users': _('Max Users'),
+        "password":_("user.password.title"),
         "online_users": _("Online Users"),
         'can_add_admin': _("Can add sub admin")
 
@@ -204,6 +205,7 @@ class AdminstratorAdmin(AdminLTEModelView):
         # else:
         #     model.parent_admin_id=1
         #     model.parent_admin=AdminUser.query.filter(AdminUser.id==1).first()
+        
         if model.id != 1 and model.parent_admin is None:
             model.parent_admin_id = g.account.id
             model.parent_admin = g.account
@@ -212,12 +214,17 @@ class AdminstratorAdmin(AdminLTEModelView):
             raise ValidationError("Sub-Admin can not have more power!!!!")
         if g.account.mode == AdminMode.agent and model.mode != AdminMode.agent:
             raise ValidationError("Sub-Admin can not have more power!!!!")
+        
+        if not model.password and not is_created:
+            model.password=AdminUser.by_id(model.id).password
+
 
     def on_model_delete(self, model):
         model.remove()
 
     def on_form_prefill(self, form, id=None):
-
+        
+        form.password.data=""
         if g.account.mode != AdminMode.super_admin:
             del form.mode
             del form.can_add_admin

hiddifypanel/panel/admin/ProxyAdmin.py

@@ -96,6 +96,8 @@ def get_all_proxy_form(empty=False):
 
     for cdn in categories1:
         class CDNForm(FlaskForm):
+            class Meta:
+                csrf = False
             pass
         cdn_proxies = [c for c in proxies if c.cdn == cdn]
         pgroup = {
@@ -107,6 +109,8 @@ def get_all_proxy_form(empty=False):
         protos = sorted([c for c in {pgroup.get(c.proto, c.proto): 1 for c in cdn_proxies}])
         for proto in protos:
             class ProtoForm(FlaskForm):
+                class Meta:
+                    csrf = False
                 pass
             proto_proxies = [c for c in cdn_proxies if pgroup.get(c.proto, c.proto) == proto]
             for proxy in proto_proxies:

hiddifypanel/panel/admin/QuickSetup.py

@@ -10,7 +10,7 @@ from flask_wtf import FlaskForm
 from flask_bootstrap import SwitchField
 from hiddifypanel.panel import hiddify
 from flask_classful import FlaskView
-from wtforms.validators import ValidationError
+from wtforms.validators import ValidationError, Length, InputRequired
 # from gettext import gettext as _
 
 from hiddifypanel.models import Domain, DomainType, StrConfig, ConfigEnum, get_hconfigs
@@ -28,12 +28,14 @@ class QuickSetup(FlaskView):
         if next:
             step = step + 1
         form = {1: get_lang_form,
-                2: get_quick_setup_form,
-                3: get_proxy_form}
+                2: get_password_form,
+                3: get_quick_setup_form,
+                4: get_proxy_form}
 
         return form[step](empty=empty or next)
 
     def index(self):
+
         return render_template(
             'quick_setup.html',
             form=self.current_form(),
@@ -45,11 +47,12 @@ class QuickSetup(FlaskView):
     def post(self):
         if request.args.get('changepw') == "true":
             AdminUser.current_admin_or_owner().uuid = str(uuid.uuid4())
+            # AdminUser.current_admin_or_owner().password = hutils.random.get_random_password()
             db.session.commit()
 
         set_hconfig(ConfigEnum.first_setup, False)
         form = self.current_form()
-        if not form.validate_on_submit() or form.step.data not in ["1", "2", "3"]:
+        if not form.validate_on_submit() or form.step.data not in ["1", "2", "3","4"]:
             hutils.flask.flash(_('config.validation-error'), 'danger')
             return render_template(
                 'quick_setup.html', form=form,
@@ -84,9 +87,9 @@ def get_lang_form(empty=False):
 
             return render_template(
                 'quick_setup.html', form=view.current_form(next=True),
-                admin_link=admin_link(),
-                ipv4=hutils.network.get_ip_str(4),
-                ipv6=hutils.network.get_ip_str(6),
+                # admin_link=admin_link(),
+                # ipv4=hutils.network.get_ip_str(4),
+                # ipv6=hutils.network.get_ip_str(6),
                 show_domain_info=False)
 
     form = LangForm(None)if empty else LangForm()
@@ -94,6 +97,34 @@ def get_lang_form(empty=False):
     return form
 
 
+def get_password_form(empty=False):
+    class PasswordForm(FlaskForm):
+        step = wtf.HiddenField(default="1")
+        admin_pass = wtf.PasswordField(
+            _("user.password.title"),
+            description=_("user.password.description"),
+            default="",validators=[
+                
+                InputRequired(message=_("user.password.validation-required")), 
+                Length(min=8, message=_("user.password.validation-lenght"))
+        
+            ])
+        password_submit = wtf.SubmitField(_('Submit'))
+
+        def post(self, view):
+            AdminUser.current_admin_or_owner().update_password(self.admin_pass.data)
+
+            return render_template(
+                'quick_setup.html', form=view.current_form(next=True),
+                admin_link=admin_link(),
+                ipv4=hutils.network.get_ip_str(4),
+                ipv6=hutils.network.get_ip_str(6),
+                show_domain_info=False)
+
+    form = PasswordForm(None)if empty else PasswordForm()
+    form.step.data = "2"
+    return form
+
 def get_proxy_form(empty=False):
     class ProxyForm(FlaskForm):
         step = wtf.HiddenField(default="3")
@@ -127,7 +158,7 @@ def get_proxy_form(empty=False):
         setattr(ProxyForm, f'{cf.key}', field)
     setattr(ProxyForm, "submit_global", wtf.fields.SubmitField(_('Submit')))
     form = ProxyForm(None) if empty else ProxyForm()
-    form.step.data = "3"
+    form.step.data = "4"
     return form
 
 
@@ -210,7 +241,7 @@ def get_quick_setup_form(empty=False):
                 show_domain_info=False)
 
     form = BasicConfigs(None) if empty else BasicConfigs()
-    form.step.data = "2"
+    form.step.data = "3"
     return form
 
 

hiddifypanel/panel/admin/SettingAdmin.py

@@ -137,6 +137,10 @@ class SettingAdmin(FlaskView):
                 form = get_config_form()
         else:
             hutils.flask.flash(_('config.validation-error'), 'danger')  # type: ignore
+            for field, errors in form.errors.items():
+                for error in errors:
+                    hutils.flask.flash(error, 'danger')  # type: ignore
+            
 
         return reset_action or render_template('config.html', form=form)
 
@@ -185,6 +189,8 @@ def get_config_form():
             continue
 
         class CategoryForm(FlaskForm):
+            class Meta:
+                csrf = False
             description_for_fieldset = wtf.TextAreaField("", description=_(f'config.{cat}.description'), render_kw={"class": "d-none"})
         for c2 in cat_configs:
             if not (c2 in configs_key):