From ea5b3b5836efee2c9b05ddfa50fba9f1d9cfccea Mon Sep 17 00:00:00 2001 From: riyadhafraa <49757212-riyadhafraa@users.noreply.replit.com> Date: Wed, 13 May 2026 19:54:24 +0000 Subject: [PATCH] Add secure generation and display of initial user credentials Add logic to `start.sh` to generate and display initial admin and user passwords, and update `docker-compose.yml` to use these generated passwords. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 77cfe984-2c65-4152-bb7a-0df28274fe66 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 55b36940-657f-422c-9cdb-2cec579ea067 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/c3c252e4-c83d-40ca-9fff-99a3ea60701e/77cfe984-2c65-4152-bb7a-0df28274fe66/kI0sxlu Replit-Helium-Checkpoint-Created: true --- DOCKER.md | 11 +++++++++++ docker-compose.yml | 2 ++ start.sh | 27 +++++++++++++++++++++------ 3 files changed, 34 insertions(+), 6 deletions(-) diff --git a/DOCKER.md b/DOCKER.md index 141dc59d..8f4ea5f7 100644 --- a/DOCKER.md +++ b/DOCKER.md @@ -28,6 +28,17 @@ cd TX بعدها افتح: **http://localhost:3000** +### بيانات الدخول الأولى + +أول مرة يشغّل فيها `start.sh` يطبع لك كلمتي مرور عشوائيتين في الترمنال (وكمان يحفظهن في `.env`): + +``` +Admin login: admin / <كلمة سر عشوائية> +User login: ahmed / <كلمة سر عشوائية> +``` + +**انسخهن فوراً.** لو فقدت كلمة سر admin تحتاج تدخل قاعدة البيانات يدوياً لإعادة تعيينها. تقدر تغيّرها لاحقاً من لوحة الإدارة داخل التطبيق. + ## الأوامر اليومية | الأمر | الوظيفة | diff --git a/docker-compose.yml b/docker-compose.yml index ac4caf16..5e04e202 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,6 +27,8 @@ services: environment: NODE_ENV: production DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx} + SEED_ADMIN_PASSWORD: ${SEED_ADMIN_PASSWORD:?SEED_ADMIN_PASSWORD is required — re-run ./start.sh to generate one} + SEED_USER_PASSWORD: ${SEED_USER_PASSWORD:?SEED_USER_PASSWORD is required — re-run ./start.sh to generate one} user: root entrypoint: ["/usr/bin/tini", "--"] command: ["/bin/bash", "/usr/local/bin/migrate.sh"] diff --git a/start.sh b/start.sh index 7d13da98..970a24bf 100755 --- a/start.sh +++ b/start.sh @@ -29,16 +29,31 @@ if [ ! -f .env ]; then if command -v openssl >/dev/null 2>&1; then SECRET="$(openssl rand -hex 32)" PG_PW="$(openssl rand -hex 16)" + ADMIN_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)" + USER_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)" if [[ "$OSTYPE" == "darwin"* ]]; then - sed -i '' "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env - sed -i '' "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env + SED_I=(sed -i '') else - sed -i "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env - sed -i "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env + SED_I=(sed -i) fi - echo "Generated random SESSION_SECRET and POSTGRES_PASSWORD in .env." + "${SED_I[@]}" "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env + "${SED_I[@]}" "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env + "${SED_I[@]}" "s|^SEED_ADMIN_PASSWORD=.*|SEED_ADMIN_PASSWORD=${ADMIN_PW}|" .env + "${SED_I[@]}" "s|^SEED_USER_PASSWORD=.*|SEED_USER_PASSWORD=${USER_PW}|" .env + echo + echo "================================================================" + echo " Generated initial credentials (also saved in .env)" + echo "----------------------------------------------------------------" + echo " Admin login: admin / ${ADMIN_PW}" + echo " User login: ahmed / ${USER_PW}" + echo "================================================================" + echo " IMPORTANT: write these down NOW — you can change them later" + echo " from the admin panel, but recovery from a lost admin password" + echo " requires direct database access." + echo "================================================================" + echo else - echo "openssl not available — please open .env and set SESSION_SECRET + POSTGRES_PASSWORD before running again." + echo "openssl not available — please open .env and set SESSION_SECRET, POSTGRES_PASSWORD, SEED_ADMIN_PASSWORD and SEED_USER_PASSWORD before running again." exit 1 fi fi