Add secure generation and display of initial user credentials
Add logic to `start.sh` to generate and display initial admin and user passwords, and update `docker-compose.yml` to use these generated passwords.
This commit is contained in:
@@ -29,16 +29,31 @@ if [ ! -f .env ]; then
|
||||
if command -v openssl >/dev/null 2>&1; then
|
||||
SECRET="$(openssl rand -hex 32)"
|
||||
PG_PW="$(openssl rand -hex 16)"
|
||||
ADMIN_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)"
|
||||
USER_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)"
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
sed -i '' "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env
|
||||
sed -i '' "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env
|
||||
SED_I=(sed -i '')
|
||||
else
|
||||
sed -i "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env
|
||||
sed -i "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env
|
||||
SED_I=(sed -i)
|
||||
fi
|
||||
echo "Generated random SESSION_SECRET and POSTGRES_PASSWORD in .env."
|
||||
"${SED_I[@]}" "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env
|
||||
"${SED_I[@]}" "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env
|
||||
"${SED_I[@]}" "s|^SEED_ADMIN_PASSWORD=.*|SEED_ADMIN_PASSWORD=${ADMIN_PW}|" .env
|
||||
"${SED_I[@]}" "s|^SEED_USER_PASSWORD=.*|SEED_USER_PASSWORD=${USER_PW}|" .env
|
||||
echo
|
||||
echo "================================================================"
|
||||
echo " Generated initial credentials (also saved in .env)"
|
||||
echo "----------------------------------------------------------------"
|
||||
echo " Admin login: admin / ${ADMIN_PW}"
|
||||
echo " User login: ahmed / ${USER_PW}"
|
||||
echo "================================================================"
|
||||
echo " IMPORTANT: write these down NOW — you can change them later"
|
||||
echo " from the admin panel, but recovery from a lost admin password"
|
||||
echo " requires direct database access."
|
||||
echo "================================================================"
|
||||
echo
|
||||
else
|
||||
echo "openssl not available — please open .env and set SESSION_SECRET + POSTGRES_PASSWORD before running again."
|
||||
echo "openssl not available — please open .env and set SESSION_SECRET, POSTGRES_PASSWORD, SEED_ADMIN_PASSWORD and SEED_USER_PASSWORD before running again."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user