-
Notifications
You must be signed in to change notification settings - Fork 246
Project Update
It has been some time since the last release of Hashtopolis, this was the version 0.12.0 release on February 18th 2020. Since then, a lot has happened, major contributions were made through all kinds of pull requests. No new release was created, but this is about to change and there is more to come.
In the upcoming weeks we are expecting to release a new version, version 0.13.0, which will contain some new features and bug fixes.
Originally, Hashtopolis was designed and created for small groups of password crackers, competing in competitions. Those are still part of the user group as for today, but more and more corporate users are using Hashtopolis; for example, pen-testing companies to assess the quality of passwords for their clients. This results in requests to mature the project.
With a small group we have been working on this, future proofing Hashtopolis. Currently, the code is a bit messy. The major change that has been on our to-do-list forever is the separation of the frontend and the backend. Inside the PHP code there is no real clear separation between these two parts. Some functionality is implemented both in the frontend and in the user-API or even worse; implemented at both places but slightly different.
Our idea is to completely remove the frontend code from the PHP core. We decided to implement a new frontend in Angular. This frontend code will be placed in a separate repository (link).
To support the new frontend, the backend will be accessible through a new version of the user-API. The functionality will be similar to the original API, but some features are missing in the old one which have to be added for the new frontend. The new version will be placed at a different endpoint and is not backwards compatible. Instead of implementing all API handling ourselves, we are also planning to use the Slim Framework for this.
With this new API a completely new authentication mechanism will also be used, relying on OAuth2. This will allow easier coupling with existing authentication providers instead of always using Hashtopolis users with password.
We already started to work on a PoC for the separation, which can be seen in Pull Request #832. We hope to have a real working version in Q1 next year, but all depends on the availability of the developers.
The next step after the separation is done, is to start working on rewriting the backend in Python. With Python we are planning to create a service-based backend instead of a call-based backend. This allows to cache some lookups to improve performance, calculate values and have a queue based task distribution system.
To summarize, what you can expect and when:
- a new release within the upcoming weeks
- a first workable PoC showcasing a new GUI and a new API together with a new authentication system, in Q1 2023.
With this post we hopefully give some insights into the future of Hashtopolis, but we are also hoping to get some feedback on the plans. Either in Pull Request #845 or on Discord.