Audit changes

hub/handlers.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"log"
 	"math/rand/v2"
+	"net"
 	"net/http"
 	"time"
 	"vppn/hub/api"
@@ -28,11 +29,12 @@ func (a *App) _signin(s *api.Session, w http.ResponseWriter, r *http.Request) er
 }
 
 func (a *App) _signinSubmit(s *api.Session, w http.ResponseWriter, r *http.Request) error {
-	if !a.signInLock.TryLock(r.RemoteAddr) {
+	host, _, _ := net.SplitHostPort(r.RemoteAddr)
+	if !a.signInLock.TryLock(host) {
 		time.Sleep(time.Duration(rand.Int64N(int64(4 * time.Second))))
 		return errs.ErrNotAuthorized
 	}
-	defer a.signInLock.Unlock(r.RemoteAddr)
+	defer a.signInLock.Unlock(host)
 
 	var pwd string
 	err := webutil.NewFormScanner(r.Form).
@@ -244,7 +246,7 @@ func (a *App) _adminPasswordSubmit(s *api.Session, w http.ResponseWriter, r *htt
 		return err
 	}
 
-	if len(newPwd) < 8 {
+	if len(newPwd) < 8 || len(newPwd) > 72 {
 		return errs.ErrInvalidPassword
 	}
 
@@ -342,9 +344,10 @@ func (a *App) peersList(networkID int64) (peers []m.Peer, err error) {
 		}
 		wgKey, err := wgtypes.NewKey(p.WGPubKey)
 		if err != nil {
-			log.Printf("Bad WG key in DB for peer %v", p)
+			log.Printf("Bad WG key in DB for peer %d/%d", p.NetworkID, p.PeerIP)
 			continue // malformed key; skip rather than serve garbage
 		}
+
 		var signKey [32]byte
 		copy(signKey[:], p.SignPubKey)
 		peers = append(peers, m.Peer{