diff --git a/README.md b/README.md index 7804a52..38a3d72 100644 --- a/README.md +++ b/README.md @@ -48,11 +48,11 @@ NoteDiscovery is a **lightweight, self-hosted note-taking application** that put Use the pre-built image directly from GHCR - no building required! -> **💡 Tip**: Always use `ghcr.io/gamosoft/notediscovery:latest` to get the newest features and fixes. Images are automatically built when PRs are merged to main. +> **💡 Tip**: Always use `ghcr.io/gamosoft/notediscovery:latest` to get the newest features and fixes. > **📁 Important - Volume Mapping**: The container needs local folders/files to work: > - **Required**: `data` folder - **Your personal notes** will be stored here (create an empty folder) -> - **Required**: `themes` folder with theme `.css` files (at least light.css and dark.css) +> - **Required**: `themes` folder with theme `.css` files (at least a single theme must exist) > - **Required**: `plugins` folder (can be empty for basic functionality) > - **Required**: `config.yaml` file (needed for the app to run) > - **Optional**: `documentation` folder - If you cloned the repo, mount this to view app docs inside NoteDiscovery @@ -86,7 +86,7 @@ Use the pre-built image directly from GHCR - no building required! > # The documentation/ folder has app docs you can optionally mount > ``` -> **🔐 Security Note**: Authentication is **enabled by default** with password `admin`. For testing/local use, this is fine. If exposing to a network, **change the password immediately** - see [AUTHENTICATION.md](documentation/AUTHENTICATION.md) for instructions. +> **🔐 Security Note**: Authentication is **disabled by default** with password `admin`. For testing/local use, this is fine. If exposing to a network, **change the password immediately** - see [AUTHENTICATION.md](documentation/AUTHENTICATION.md) for instructions on how to enable it. **Option 1: Docker Compose (Recommended)** @@ -218,7 +218,7 @@ Once you've started NoteDiscovery, you'll find comprehensive guides on: # In your docker-compose.yml volumes: - ./data:/app/data # Your personal notes - - ./documentation:/app/docs:ro # Mount docs (read-only) + - ./documentation:/app/data/docs:ro # Mount docs subfolder inside the data folder (read-only) ``` Then access them at `http://localhost:8000` - the docs will appear as a `docs/` folder in the file browser! diff --git a/config.yaml b/config.yaml index dd44630..0b5c941 100644 --- a/config.yaml +++ b/config.yaml @@ -21,30 +21,13 @@ search: security: # Authentication settings # Set enabled to true to require login - enabled: true + enabled: false # Session secret key - CHANGE THIS TO A RANDOM STRING! # Generate with: python -c "import secrets; print(secrets.token_hex(32))" secret_key: "change_this_to_a_random_secret_key_in_production" # Password hash - Generate with: python generate_password.py - # ⚠️ WARNING: The default hash below corresponds to password "admin" - # ⚠️ CHANGE THIS IMMEDIATELY in production! - # - # INSTRUCTIONS (Local): - # 1. Run: pip install bcrypt - # 2. Run: python generate_password.py - # 3. Enter your desired password - # 4. Copy the generated hash below - # 5. ALSO change secret_key above - # 6. Restart the application - # - # INSTRUCTIONS (Docker): - # 1. Run: docker-compose exec notediscovery python generate_password.py - # 2. Enter your desired password - # 3. Copy the generated hash below - # 4. ALSO change secret_key above - # 5. Restart: docker-compose restart password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin" # Session expiry in seconds (default: 7 days) diff --git a/docs/screenshot.jpg b/docs/screenshot.jpg index e76de85..b327b5d 100644 Binary files a/docs/screenshot.jpg and b/docs/screenshot.jpg differ diff --git a/documentation/API.md b/documentation/API.md index 3ab34c8..08a0689 100644 --- a/documentation/API.md +++ b/documentation/API.md @@ -46,7 +46,7 @@ Content-Type: application/json } ``` -**Note:** When creating a new note, the `on_note_create` hook is triggered, allowing plugins (like Template Generator) to modify the initial content. The response includes the potentially modified content. +**Note:** When creating a new note, the `on_note_create` hook is triggered, allowing plugins to modify the initial content. The response includes the potentially modified content. **Linux/Mac:** ```bash @@ -241,11 +241,6 @@ All endpoints return JSON responses: "detail": "Error message" } ``` - -## 🔑 Authentication - -Currently, no authentication is required. Suitable for self-hosted local environments. - --- 💡 **Tip:** Use the `/api` endpoint to get a live, self-documented list of all available endpoints! diff --git a/documentation/AUTHENTICATION.md b/documentation/AUTHENTICATION.md index 98cfc36..fc3375a 100644 --- a/documentation/AUTHENTICATION.md +++ b/documentation/AUTHENTICATION.md @@ -2,9 +2,9 @@ ## ⚠️ **IMPORTANT: Default Password Warning** -> **The default `config.yaml` includes authentication enabled with password: `admin`** +> **The default `config.yaml` includes authentication disabled by default, with password: `admin`** > -> 🔴 **CHANGE THIS IMMEDIATELY if you're exposing NoteDiscovery to a network!** +> 🔴 **CHANGE THIS if you're exposing NoteDiscovery to a network!** > > The default configuration is provided for **quick testing only**. Follow the setup guide below to set your own secure password and secret key. @@ -19,8 +19,6 @@ NoteDiscovery includes a simple, secure authentication system for single-user de - ✅ **Single User** - Perfect for personal/self-hosted use - ✅ **Secure** - Passwords hashed with bcrypt - ✅ **Session-based** - Stay logged in for 7 days (configurable) -- ✅ **Theme-aware** - Login page matches your selected theme -- ✅ **Simple Setup** - Just 3 steps to enable --- @@ -31,7 +29,7 @@ NoteDiscovery includes a simple, secure authentication system for single-user de - Default password is `admin` - Default secret key is insecure -**⚠️ IMPORTANT:** For production or network-exposed deployments, **change both the password and secret key immediately**. Follow these steps: +**⚠️ IMPORTANT:** For production or network-exposed deployments, **change both the password and secret key immediately**. --- @@ -142,56 +140,6 @@ Enter the password you chose in Step 2. --- -## 🔐 Usage - -### Logging In - -1. Navigate to `http://localhost:8000` -2. You'll be **automatically redirected** to the login page if not authenticated -3. Enter your password (the one you generated in setup) -4. Click "🔓 Unlock" -5. You'll be redirected back to the main app - -**Note:** The login page **automatically inherits the theme** you selected in the main app. It uses the same theme loading system as the main app (fetches CSS from `/api/themes` and stores preference in localStorage as `noteDiscoveryTheme`). - -**What happens if I'm not logged in?** -- 🌐 **Page requests** (like `/`, `/MATHJAX`, etc.) → **Automatically redirected to login page** -- 🔌 **API requests** (like `/api/notes`) → **Return JSON error** `{"detail": "Not authenticated"}` - -This smart routing ensures: -- ✅ Users always see the login page (never a JSON error) -- ✅ API calls get proper JSON errors (for programmatic access) -- ✅ No broken page loads or error messages - -### Logging Out - -**Option 1: Use the built-in logout button** - -A logout button (🔒 Logout) automatically appears in the sidebar header when authentication is enabled. Simply click it to log out. - -**Option 2: Navigate directly** - -Visit `http://localhost:8000/logout` in your browser. - -### Changing Password - -1. Generate a new password hash: - - **Docker**: `docker-compose exec notediscovery python generate_password.py` - - **Local**: `python generate_password.py` -2. Update `password_hash` in `config.yaml` with the new hash -3. Restart the application: - - **Docker**: `docker-compose restart` - - **Local**: Restart uvicorn -4. All existing sessions will remain valid until they expire - -### Session Expiry - -- **Default**: 7 days (604800 seconds) -- **Custom**: Change `session_max_age` in `config.yaml` -- Sessions are cleared when you log out - ---- - ## 🔒 Security Considerations ### ✅ What This Protects @@ -211,7 +159,7 @@ This is a **simple authentication system** designed for **self-hosted, single-us ### 🛡️ Best Practices -1. **Use HTTPS** - Always run behind a reverse proxy (nginx, Caddy) with SSL/TLS +1. **Use HTTPS** - Always run behind a reverse proxy (Traefik, nginx, Caddy) with SSL/TLS 2. **Strong Password** - Use at least 12 characters with mixed case, numbers, and symbols 3. **Unique Secret Key** - Never reuse secret keys across applications 4. **Keep Config Secure** - Don't commit `config.yaml` with real credentials to version control @@ -228,115 +176,4 @@ security: enabled: false ``` -Restart the application, and authentication will be bypassed. - ---- - -## 🐛 Troubleshooting - -### "Invalid Password" Error - -- **Check password hash**: Ensure the hash in `config.yaml` matches your password -- **Regenerate hash**: Run `python generate_password.py` again -- **Check encoding**: Password must be UTF-8 encoded - -### "Not authenticated" Error - -- **Check session**: Your session may have expired (default: 7 days) -- **Clear cookies**: Clear your browser cookies and log in again -- **Check config**: Ensure `enabled: true` in `config.yaml` - -### Login Page Not Showing - -- **Check config**: Verify `enabled: true` in `config.yaml` -- **Check routes**: Visit `/login` directly -- **Check logs**: Look for errors in the console - -### Can't Access `/logout` - -- You must be logged in to access `/logout` -- Clear your browser cookies manually if needed - ---- - -## 🎨 Customizing Login Page - -The login page (`frontend/login.html`) can be customized: - -- **Theme**: Automatically inherits the theme you selected in the main app (from localStorage) -- **Logo**: Uses `/static/logo.svg` -- **Styling**: Edit the CSS in the `