changed script

This commit is contained in:
Gamosoft 2025-11-14 20:33:36 +01:00
parent b5acfd67ce
commit 67fc313673
5 changed files with 28 additions and 86 deletions

View File

@ -27,11 +27,10 @@ COPY frontend ./frontend
COPY config.yaml .
COPY plugins ./plugins
COPY themes ./themes
COPY generate_password_hash.sh .
COPY generate_password.py .
# Create data directories and make password script executable
RUN mkdir -p data/notes data/search_index && \
chmod +x generate_password_hash.sh
# Create data directories
RUN mkdir -p data/notes data/search_index
# Expose port
EXPOSE 8000

View File

@ -230,7 +230,7 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
- See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions
- To disable auth, set `security.enabled: false` in `config.yaml`
- Change password with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh`
- Change password with Docker: `docker-compose exec notediscovery python generate_password.py`
- Perfect for single-user or small team deployments
- For multi-user setups, consider a reverse proxy with OAuth/SSO

View File

@ -32,7 +32,7 @@ security:
# ⚠️ WARNING: The default hash below corresponds to password "admin"
# ⚠️ CHANGE THIS IMMEDIATELY in production!
#
# INSTRUCTIONS:
# INSTRUCTIONS (Local):
# 1. Run: pip install bcrypt
# 2. Run: python generate_password.py
# 3. Enter your desired password
@ -40,8 +40,12 @@ security:
# 5. ALSO change secret_key above
# 6. Restart the application
#
# Docker users can generate a hash with:
# docker-compose exec notediscovery /app/generate_password_hash.sh
# INSTRUCTIONS (Docker):
# 1. Run: docker-compose exec notediscovery python generate_password.py
# 2. Enter your desired password
# 3. Copy the generated hash below
# 4. ALSO change secret_key above
# 5. Restart: docker-compose restart
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin"
# Session expiry in seconds (default: 7 days)

View File

@ -53,25 +53,19 @@ For any deployment exposed to a network, follow these steps:
### Step 1: Generate a Password Hash
Choose one of these methods:
Choose your environment:
**Option A: Using Docker (Recommended - No local Python needed)**
If you're running NoteDiscovery in Docker:
**Docker Users:**
```bash
# Docker Compose
docker-compose exec notediscovery /app/generate_password_hash.sh
docker-compose exec notediscovery python generate_password.py
# Or with docker run
docker exec -it notediscovery /app/generate_password_hash.sh
docker exec -it notediscovery python generate_password.py
```
The script will prompt you for your password and output the hash.
**Option B: Using Local Python**
If you're running NoteDiscovery locally:
**Local Users:**
```bash
# Install bcrypt if not already installed
@ -81,15 +75,19 @@ pip install bcrypt
python generate_password.py
```
Enter your desired password when prompted. The script will output a bcrypt hash.
The script will:
1. Prompt you for your password (input is hidden)
2. Ask you to confirm it
3. Generate a bcrypt hash
4. Display the hash with instructions
**Copy the hash** - you'll need it for the next step.
**Copy the hash** - you'll need it for Step 3.
### Step 2: Generate a Secret Key
Generate a random secret key for session encryption:
**Using Docker:**
**Docker Users:**
```bash
docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))"
@ -97,12 +95,12 @@ docker-compose exec notediscovery python -c "import secrets; print(secrets.token
docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))"
```
**Using Local Python:**
**Local Users:**
```bash
python -c "import secrets; print(secrets.token_hex(32))"
```
**Copy the key** - you'll need it for the next step.
**Copy the key** - you'll need it for Step 3.
### Step 3: Update `config.yaml`
@ -113,10 +111,10 @@ security:
# Enable authentication
enabled: true
# Session secret key (paste the output from Step 3)
# Session secret key (paste the output from Step 2)
secret_key: "your_generated_secret_key_here"
# Password hash (paste the output from Step 2)
# Password hash (paste the output from Step 1)
password_hash: "$2b$12$..."
# Session expiry in seconds (7 days by default)
@ -178,7 +176,7 @@ Visit `http://localhost:8000/logout` in your browser.
### Changing Password
1. Generate a new password hash:
- **Docker**: `docker-compose exec notediscovery /app/generate_password_hash.sh`
- **Docker**: `docker-compose exec notediscovery python generate_password.py`
- **Local**: `python generate_password.py`
2. Update `password_hash` in `config.yaml` with the new hash
3. Restart the application:

View File

@ -1,59 +0,0 @@
#!/bin/bash
# Generate password hash inside Docker container
# Usage: docker exec -it notediscovery /app/generate_password_hash.sh
echo "=========================================="
echo " NoteDiscovery Password Hash Generator"
echo "=========================================="
echo ""
echo "This will generate a bcrypt hash for your password."
echo ""
# Prompt for password
read -s -p "Enter your password: " PASSWORD
echo ""
read -s -p "Confirm password: " PASSWORD2
echo ""
# Check if passwords match
if [ "$PASSWORD" != "$PASSWORD2" ]; then
echo ""
echo "❌ Passwords do not match!"
exit 1
fi
# Check if password is empty
if [ -z "$PASSWORD" ]; then
echo ""
echo "❌ Password cannot be empty!"
exit 1
fi
echo ""
echo "Generating hash..."
echo ""
# Generate hash using Python
HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'$PASSWORD', bcrypt.gensalt()).decode())")
if [ $? -eq 0 ]; then
echo "=========================================="
echo " ✅ Password hash generated!"
echo "=========================================="
echo ""
echo "Copy this hash to your config.yaml:"
echo ""
echo "password_hash: \"$HASH\""
echo ""
echo "=========================================="
echo ""
echo "Next steps:"
echo "1. Update config.yaml with the hash above"
echo "2. Set enabled: true in the security section"
echo "3. Restart the container: docker-compose restart"
echo "=========================================="
else
echo "❌ Failed to generate hash"
exit 1
fi