diff --git a/Dockerfile b/Dockerfile index 930f92e..b34da84 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,11 +27,10 @@ COPY frontend ./frontend COPY config.yaml . COPY plugins ./plugins COPY themes ./themes -COPY generate_password_hash.sh . +COPY generate_password.py . -# Create data directories and make password script executable -RUN mkdir -p data/notes data/search_index && \ - chmod +x generate_password_hash.sh +# Create data directories +RUN mkdir -p data/notes data/search_index # Expose port EXPOSE 8000 diff --git a/README.md b/README.md index df2dfd8..0773789 100644 --- a/README.md +++ b/README.md @@ -230,7 +230,7 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se - ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network! - See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions - To disable auth, set `security.enabled: false` in `config.yaml` -- Change password with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh` +- Change password with Docker: `docker-compose exec notediscovery python generate_password.py` - Perfect for single-user or small team deployments - For multi-user setups, consider a reverse proxy with OAuth/SSO diff --git a/config.yaml b/config.yaml index 20ab0b1..993218b 100644 --- a/config.yaml +++ b/config.yaml @@ -32,7 +32,7 @@ security: # ⚠️ WARNING: The default hash below corresponds to password "admin" # ⚠️ CHANGE THIS IMMEDIATELY in production! # - # INSTRUCTIONS: + # INSTRUCTIONS (Local): # 1. Run: pip install bcrypt # 2. Run: python generate_password.py # 3. Enter your desired password @@ -40,8 +40,12 @@ security: # 5. ALSO change secret_key above # 6. Restart the application # - # Docker users can generate a hash with: - # docker-compose exec notediscovery /app/generate_password_hash.sh + # INSTRUCTIONS (Docker): + # 1. Run: docker-compose exec notediscovery python generate_password.py + # 2. Enter your desired password + # 3. Copy the generated hash below + # 4. ALSO change secret_key above + # 5. Restart: docker-compose restart password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin" # Session expiry in seconds (default: 7 days) diff --git a/data/notes/AUTHENTICATION.md b/data/notes/AUTHENTICATION.md index 5043108..98cfc36 100644 --- a/data/notes/AUTHENTICATION.md +++ b/data/notes/AUTHENTICATION.md @@ -53,25 +53,19 @@ For any deployment exposed to a network, follow these steps: ### Step 1: Generate a Password Hash -Choose one of these methods: +Choose your environment: -**Option A: Using Docker (Recommended - No local Python needed)** - -If you're running NoteDiscovery in Docker: +**Docker Users:** ```bash # Docker Compose -docker-compose exec notediscovery /app/generate_password_hash.sh +docker-compose exec notediscovery python generate_password.py # Or with docker run -docker exec -it notediscovery /app/generate_password_hash.sh +docker exec -it notediscovery python generate_password.py ``` -The script will prompt you for your password and output the hash. - -**Option B: Using Local Python** - -If you're running NoteDiscovery locally: +**Local Users:** ```bash # Install bcrypt if not already installed @@ -81,15 +75,19 @@ pip install bcrypt python generate_password.py ``` -Enter your desired password when prompted. The script will output a bcrypt hash. +The script will: +1. Prompt you for your password (input is hidden) +2. Ask you to confirm it +3. Generate a bcrypt hash +4. Display the hash with instructions -**Copy the hash** - you'll need it for the next step. +**Copy the hash** - you'll need it for Step 3. ### Step 2: Generate a Secret Key Generate a random secret key for session encryption: -**Using Docker:** +**Docker Users:** ```bash docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))" @@ -97,12 +95,12 @@ docker-compose exec notediscovery python -c "import secrets; print(secrets.token docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))" ``` -**Using Local Python:** +**Local Users:** ```bash python -c "import secrets; print(secrets.token_hex(32))" ``` -**Copy the key** - you'll need it for the next step. +**Copy the key** - you'll need it for Step 3. ### Step 3: Update `config.yaml` @@ -113,10 +111,10 @@ security: # Enable authentication enabled: true - # Session secret key (paste the output from Step 3) + # Session secret key (paste the output from Step 2) secret_key: "your_generated_secret_key_here" - # Password hash (paste the output from Step 2) + # Password hash (paste the output from Step 1) password_hash: "$2b$12$..." # Session expiry in seconds (7 days by default) @@ -178,7 +176,7 @@ Visit `http://localhost:8000/logout` in your browser. ### Changing Password 1. Generate a new password hash: - - **Docker**: `docker-compose exec notediscovery /app/generate_password_hash.sh` + - **Docker**: `docker-compose exec notediscovery python generate_password.py` - **Local**: `python generate_password.py` 2. Update `password_hash` in `config.yaml` with the new hash 3. Restart the application: diff --git a/generate_password_hash.sh b/generate_password_hash.sh deleted file mode 100644 index c5399a5..0000000 --- a/generate_password_hash.sh +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -# Generate password hash inside Docker container -# Usage: docker exec -it notediscovery /app/generate_password_hash.sh - -echo "==========================================" -echo " NoteDiscovery Password Hash Generator" -echo "==========================================" -echo "" -echo "This will generate a bcrypt hash for your password." -echo "" - -# Prompt for password -read -s -p "Enter your password: " PASSWORD -echo "" -read -s -p "Confirm password: " PASSWORD2 -echo "" - -# Check if passwords match -if [ "$PASSWORD" != "$PASSWORD2" ]; then - echo "" - echo "❌ Passwords do not match!" - exit 1 -fi - -# Check if password is empty -if [ -z "$PASSWORD" ]; then - echo "" - echo "❌ Password cannot be empty!" - exit 1 -fi - -echo "" -echo "Generating hash..." -echo "" - -# Generate hash using Python -HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'$PASSWORD', bcrypt.gensalt()).decode())") - -if [ $? -eq 0 ]; then - echo "==========================================" - echo " ✅ Password hash generated!" - echo "==========================================" - echo "" - echo "Copy this hash to your config.yaml:" - echo "" - echo "password_hash: \"$HASH\"" - echo "" - echo "==========================================" - echo "" - echo "Next steps:" - echo "1. Update config.yaml with the hash above" - echo "2. Set enabled: true in the security section" - echo "3. Restart the container: docker-compose restart" - echo "==========================================" -else - echo "❌ Failed to generate hash" - exit 1 -fi -