fix: Update login page to verify password instead of opening as readonly

README.md

@@ -1,6 +1,4 @@
 # FireWalletBrowser
-
-
 ## Installation
 
 ```bash
@@ -113,3 +111,21 @@ DNS Editor page
 
 Auction page
 ![Auction page](assets/auction.png)
+
+## Environment variables
+
+```yaml
+hsd_api: HSD API key
+hsd_ip: HSD IP address
+theme: Theme to use (dark-purple, black)
+show_expired: Show expired domains (true/false)
+exclude: Comma separated list of wallets to exclude from the wallet list
+```
+
+
+## Warnings
+
+- This is a work in progress and is not guaranteed to work
+- This is not a wallet by itself but rather a frontend for HSD
+- I am not responsible for any loss of funds from using this wallet (including loss of funds from auctions)
+- I am not responsible if you expose this frontend to the internet (please don't do this unless you know what you are doing)

account.py

@@ -26,7 +26,9 @@ hsw = api.hsw(APIKEY,ip)
 # Verify the connection
 response = hsd.getInfo()
 
-
+exclude = ["primary"]
+if os.getenv("exclude") is not None:
+    exclude = os.getenv("exclude").split(",")
 
 def check_account(cookie: str):
     if cookie is None:
@@ -52,8 +54,9 @@ def check_password(cookie: str, password: str):
     info = hsw.rpc_selectWallet(account)
     if info['error'] is not None:
         return False
-    info = hsw.rpc_walletPassphrase(password,10)
+    info = hsw.rpc_walletPassphrase(password,1)
     if info['error'] is not None:
+        if info['error']['message'] != "Wallet is not encrypted.":
             return False
     return True
 
@@ -118,6 +121,9 @@ def listWallets():
 
     # Check if response is json or an array
     if isinstance(response, list):
+        # Remove excluded wallets
+        response = [wallet for wallet in response if wallet not in exclude]
+
         return response
     return ['Wallet not connected']
 

main.py

@@ -1154,16 +1154,20 @@ def login_post():
 
     # Check if the account is valid
     if account.count(":") > 0:
+        wallets = account_module.listWallets()
+        wallets = render.wallets(wallets)
         return render_template("login.html", sync=account_module.getNodeSync(),
                                wallet_status=account_module.getWalletStatus(),
-                               error="Invalid account")
+                               error="Invalid account",wallets=wallets)
 
     account = account + ":" + password
 
     # Check if the account is valid
-    if not account_module.check_account(account):
+    if not account_module.check_password(account,password):
+        wallets = account_module.listWallets()
+        wallets = render.wallets(wallets)
         return render_template("login.html", sync=account_module.getNodeSync(),
-                               error="Invalid account")
+                               error="Invalid account or password",wallets=wallets)
 
 
     # Set the cookie

plugin.py

@@ -126,7 +126,6 @@ def getPluginData(pluginStr: str):
     # Check if the plugin is in customPlugins
     if pluginStr.startswith("customPlugins"):
         # Get git url for dir
-        print(f"cd customPlugins/{pluginStr.split('/')[-2]} && git remote get-url origin")
         url = subprocess.check_output(f"cd customPlugins/{pluginStr.split('/')[-2]} && git remote get-url origin", shell=True).decode("utf-8").strip()
         info["source"] = url
         

templates/login.html

@@ -19,6 +19,7 @@
     <div class="container">
         <div class="row justify-content-center">
             <div class="col-md-9 col-lg-12 col-xl-10">
+                <h1 class="text-center" style="color: var(--bs-danger);background: var(--bs-primary);">{{error}}</h1>
                 <div class="card shadow-lg o-hidden border-0 my-5">
                     <div class="card-body p-0">
                         <div class="row">