changed script

This commit is contained in:
Gamosoft 2025-11-14 20:33:36 +01:00
parent b5acfd67ce
commit 67fc313673
5 changed files with 28 additions and 86 deletions

View File

@ -27,11 +27,10 @@ COPY frontend ./frontend
COPY config.yaml . COPY config.yaml .
COPY plugins ./plugins COPY plugins ./plugins
COPY themes ./themes COPY themes ./themes
COPY generate_password_hash.sh . COPY generate_password.py .
# Create data directories and make password script executable # Create data directories
RUN mkdir -p data/notes data/search_index && \ RUN mkdir -p data/notes data/search_index
chmod +x generate_password_hash.sh
# Expose port # Expose port
EXPOSE 8000 EXPOSE 8000

View File

@ -230,7 +230,7 @@ NoteDiscovery is designed for **self-hosted, private use**. Please keep these se
- ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network! - ⚠️ **CHANGE THE DEFAULT PASSWORD IMMEDIATELY** if exposing to a network!
- See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions - See **[AUTHENTICATION.md](data/notes/AUTHENTICATION.md)** for complete setup instructions
- To disable auth, set `security.enabled: false` in `config.yaml` - To disable auth, set `security.enabled: false` in `config.yaml`
- Change password with Docker: `docker-compose exec notediscovery /app/generate_password_hash.sh` - Change password with Docker: `docker-compose exec notediscovery python generate_password.py`
- Perfect for single-user or small team deployments - Perfect for single-user or small team deployments
- For multi-user setups, consider a reverse proxy with OAuth/SSO - For multi-user setups, consider a reverse proxy with OAuth/SSO

View File

@ -32,7 +32,7 @@ security:
# ⚠️ WARNING: The default hash below corresponds to password "admin" # ⚠️ WARNING: The default hash below corresponds to password "admin"
# ⚠️ CHANGE THIS IMMEDIATELY in production! # ⚠️ CHANGE THIS IMMEDIATELY in production!
# #
# INSTRUCTIONS: # INSTRUCTIONS (Local):
# 1. Run: pip install bcrypt # 1. Run: pip install bcrypt
# 2. Run: python generate_password.py # 2. Run: python generate_password.py
# 3. Enter your desired password # 3. Enter your desired password
@ -40,8 +40,12 @@ security:
# 5. ALSO change secret_key above # 5. ALSO change secret_key above
# 6. Restart the application # 6. Restart the application
# #
# Docker users can generate a hash with: # INSTRUCTIONS (Docker):
# docker-compose exec notediscovery /app/generate_password_hash.sh # 1. Run: docker-compose exec notediscovery python generate_password.py
# 2. Enter your desired password
# 3. Copy the generated hash below
# 4. ALSO change secret_key above
# 5. Restart: docker-compose restart
password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin" password_hash: "$2b$12$t/6PGExFzdpU2PUta0iVY.eDQwvu63kH.c/d4bEnnHaQ5CspH1yrG" # Default: "admin"
# Session expiry in seconds (default: 7 days) # Session expiry in seconds (default: 7 days)

View File

@ -53,25 +53,19 @@ For any deployment exposed to a network, follow these steps:
### Step 1: Generate a Password Hash ### Step 1: Generate a Password Hash
Choose one of these methods: Choose your environment:
**Option A: Using Docker (Recommended - No local Python needed)** **Docker Users:**
If you're running NoteDiscovery in Docker:
```bash ```bash
# Docker Compose # Docker Compose
docker-compose exec notediscovery /app/generate_password_hash.sh docker-compose exec notediscovery python generate_password.py
# Or with docker run # Or with docker run
docker exec -it notediscovery /app/generate_password_hash.sh docker exec -it notediscovery python generate_password.py
``` ```
The script will prompt you for your password and output the hash. **Local Users:**
**Option B: Using Local Python**
If you're running NoteDiscovery locally:
```bash ```bash
# Install bcrypt if not already installed # Install bcrypt if not already installed
@ -81,15 +75,19 @@ pip install bcrypt
python generate_password.py python generate_password.py
``` ```
Enter your desired password when prompted. The script will output a bcrypt hash. The script will:
1. Prompt you for your password (input is hidden)
2. Ask you to confirm it
3. Generate a bcrypt hash
4. Display the hash with instructions
**Copy the hash** - you'll need it for the next step. **Copy the hash** - you'll need it for Step 3.
### Step 2: Generate a Secret Key ### Step 2: Generate a Secret Key
Generate a random secret key for session encryption: Generate a random secret key for session encryption:
**Using Docker:** **Docker Users:**
```bash ```bash
docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))" docker-compose exec notediscovery python -c "import secrets; print(secrets.token_hex(32))"
@ -97,12 +95,12 @@ docker-compose exec notediscovery python -c "import secrets; print(secrets.token
docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))" docker exec -it notediscovery python -c "import secrets; print(secrets.token_hex(32))"
``` ```
**Using Local Python:** **Local Users:**
```bash ```bash
python -c "import secrets; print(secrets.token_hex(32))" python -c "import secrets; print(secrets.token_hex(32))"
``` ```
**Copy the key** - you'll need it for the next step. **Copy the key** - you'll need it for Step 3.
### Step 3: Update `config.yaml` ### Step 3: Update `config.yaml`
@ -113,10 +111,10 @@ security:
# Enable authentication # Enable authentication
enabled: true enabled: true
# Session secret key (paste the output from Step 3) # Session secret key (paste the output from Step 2)
secret_key: "your_generated_secret_key_here" secret_key: "your_generated_secret_key_here"
# Password hash (paste the output from Step 2) # Password hash (paste the output from Step 1)
password_hash: "$2b$12$..." password_hash: "$2b$12$..."
# Session expiry in seconds (7 days by default) # Session expiry in seconds (7 days by default)
@ -178,7 +176,7 @@ Visit `http://localhost:8000/logout` in your browser.
### Changing Password ### Changing Password
1. Generate a new password hash: 1. Generate a new password hash:
- **Docker**: `docker-compose exec notediscovery /app/generate_password_hash.sh` - **Docker**: `docker-compose exec notediscovery python generate_password.py`
- **Local**: `python generate_password.py` - **Local**: `python generate_password.py`
2. Update `password_hash` in `config.yaml` with the new hash 2. Update `password_hash` in `config.yaml` with the new hash
3. Restart the application: 3. Restart the application:

View File

@ -1,59 +0,0 @@
#!/bin/bash
# Generate password hash inside Docker container
# Usage: docker exec -it notediscovery /app/generate_password_hash.sh
echo "=========================================="
echo " NoteDiscovery Password Hash Generator"
echo "=========================================="
echo ""
echo "This will generate a bcrypt hash for your password."
echo ""
# Prompt for password
read -s -p "Enter your password: " PASSWORD
echo ""
read -s -p "Confirm password: " PASSWORD2
echo ""
# Check if passwords match
if [ "$PASSWORD" != "$PASSWORD2" ]; then
echo ""
echo "❌ Passwords do not match!"
exit 1
fi
# Check if password is empty
if [ -z "$PASSWORD" ]; then
echo ""
echo "❌ Password cannot be empty!"
exit 1
fi
echo ""
echo "Generating hash..."
echo ""
# Generate hash using Python
HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'$PASSWORD', bcrypt.gensalt()).decode())")
if [ $? -eq 0 ]; then
echo "=========================================="
echo " ✅ Password hash generated!"
echo "=========================================="
echo ""
echo "Copy this hash to your config.yaml:"
echo ""
echo "password_hash: \"$HASH\""
echo ""
echo "=========================================="
echo ""
echo "Next steps:"
echo "1. Update config.yaml with the hash above"
echo "2. Set enabled: true in the security section"
echo "3. Restart the container: docker-compose restart"
echo "=========================================="
else
echo "❌ Failed to generate hash"
exit 1
fi