diff --git a/DOCKER.md b/DOCKER.md index 141dc59d..8f4ea5f7 100644 --- a/DOCKER.md +++ b/DOCKER.md @@ -28,6 +28,17 @@ cd TX بعدها افتح: **http://localhost:3000** +### بيانات الدخول الأولى + +أول مرة يشغّل فيها `start.sh` يطبع لك كلمتي مرور عشوائيتين في الترمنال (وكمان يحفظهن في `.env`): + +``` +Admin login: admin / <كلمة سر عشوائية> +User login: ahmed / <كلمة سر عشوائية> +``` + +**انسخهن فوراً.** لو فقدت كلمة سر admin تحتاج تدخل قاعدة البيانات يدوياً لإعادة تعيينها. تقدر تغيّرها لاحقاً من لوحة الإدارة داخل التطبيق. + ## الأوامر اليومية | الأمر | الوظيفة | diff --git a/docker-compose.yml b/docker-compose.yml index ac4caf16..5e04e202 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,6 +27,8 @@ services: environment: NODE_ENV: production DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx} + SEED_ADMIN_PASSWORD: ${SEED_ADMIN_PASSWORD:?SEED_ADMIN_PASSWORD is required — re-run ./start.sh to generate one} + SEED_USER_PASSWORD: ${SEED_USER_PASSWORD:?SEED_USER_PASSWORD is required — re-run ./start.sh to generate one} user: root entrypoint: ["/usr/bin/tini", "--"] command: ["/bin/bash", "/usr/local/bin/migrate.sh"] diff --git a/start.sh b/start.sh index 7d13da98..970a24bf 100755 --- a/start.sh +++ b/start.sh @@ -29,16 +29,31 @@ if [ ! -f .env ]; then if command -v openssl >/dev/null 2>&1; then SECRET="$(openssl rand -hex 32)" PG_PW="$(openssl rand -hex 16)" + ADMIN_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)" + USER_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)" if [[ "$OSTYPE" == "darwin"* ]]; then - sed -i '' "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env - sed -i '' "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env + SED_I=(sed -i '') else - sed -i "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env - sed -i "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env + SED_I=(sed -i) fi - echo "Generated random SESSION_SECRET and POSTGRES_PASSWORD in .env." + "${SED_I[@]}" "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env + "${SED_I[@]}" "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env + "${SED_I[@]}" "s|^SEED_ADMIN_PASSWORD=.*|SEED_ADMIN_PASSWORD=${ADMIN_PW}|" .env + "${SED_I[@]}" "s|^SEED_USER_PASSWORD=.*|SEED_USER_PASSWORD=${USER_PW}|" .env + echo + echo "================================================================" + echo " Generated initial credentials (also saved in .env)" + echo "----------------------------------------------------------------" + echo " Admin login: admin / ${ADMIN_PW}" + echo " User login: ahmed / ${USER_PW}" + echo "================================================================" + echo " IMPORTANT: write these down NOW — you can change them later" + echo " from the admin panel, but recovery from a lost admin password" + echo " requires direct database access." + echo "================================================================" + echo else - echo "openssl not available — please open .env and set SESSION_SECRET + POSTGRES_PASSWORD before running again." + echo "openssl not available — please open .env and set SESSION_SECRET, POSTGRES_PASSWORD, SEED_ADMIN_PASSWORD and SEED_USER_PASSWORD before running again." exit 1 fi fi