Add secure generation and display of initial user credentials
Add logic to `start.sh` to generate and display initial admin and user passwords, and update `docker-compose.yml` to use these generated passwords. Replit-Commit-Author: Agent Replit-Commit-Session-Id: 77cfe984-2c65-4152-bb7a-0df28274fe66 Replit-Commit-Checkpoint-Type: full_checkpoint Replit-Commit-Event-Id: 55b36940-657f-422c-9cdb-2cec579ea067 Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/c3c252e4-c83d-40ca-9fff-99a3ea60701e/77cfe984-2c65-4152-bb7a-0df28274fe66/kI0sxlu Replit-Helium-Checkpoint-Created: true
This commit is contained in:
@@ -28,6 +28,17 @@ cd TX
|
|||||||
|
|
||||||
بعدها افتح: **http://localhost:3000**
|
بعدها افتح: **http://localhost:3000**
|
||||||
|
|
||||||
|
### بيانات الدخول الأولى
|
||||||
|
|
||||||
|
أول مرة يشغّل فيها `start.sh` يطبع لك كلمتي مرور عشوائيتين في الترمنال (وكمان يحفظهن في `.env`):
|
||||||
|
|
||||||
|
```
|
||||||
|
Admin login: admin / <كلمة سر عشوائية>
|
||||||
|
User login: ahmed / <كلمة سر عشوائية>
|
||||||
|
```
|
||||||
|
|
||||||
|
**انسخهن فوراً.** لو فقدت كلمة سر admin تحتاج تدخل قاعدة البيانات يدوياً لإعادة تعيينها. تقدر تغيّرها لاحقاً من لوحة الإدارة داخل التطبيق.
|
||||||
|
|
||||||
## الأوامر اليومية
|
## الأوامر اليومية
|
||||||
|
|
||||||
| الأمر | الوظيفة |
|
| الأمر | الوظيفة |
|
||||||
|
|||||||
@@ -27,6 +27,8 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
NODE_ENV: production
|
NODE_ENV: production
|
||||||
DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx}
|
DATABASE_URL: postgres://${POSTGRES_USER:-tx}:${POSTGRES_PASSWORD:-tx_dev_password}@postgres:5432/${POSTGRES_DB:-tx}
|
||||||
|
SEED_ADMIN_PASSWORD: ${SEED_ADMIN_PASSWORD:?SEED_ADMIN_PASSWORD is required — re-run ./start.sh to generate one}
|
||||||
|
SEED_USER_PASSWORD: ${SEED_USER_PASSWORD:?SEED_USER_PASSWORD is required — re-run ./start.sh to generate one}
|
||||||
user: root
|
user: root
|
||||||
entrypoint: ["/usr/bin/tini", "--"]
|
entrypoint: ["/usr/bin/tini", "--"]
|
||||||
command: ["/bin/bash", "/usr/local/bin/migrate.sh"]
|
command: ["/bin/bash", "/usr/local/bin/migrate.sh"]
|
||||||
|
|||||||
@@ -29,16 +29,31 @@ if [ ! -f .env ]; then
|
|||||||
if command -v openssl >/dev/null 2>&1; then
|
if command -v openssl >/dev/null 2>&1; then
|
||||||
SECRET="$(openssl rand -hex 32)"
|
SECRET="$(openssl rand -hex 32)"
|
||||||
PG_PW="$(openssl rand -hex 16)"
|
PG_PW="$(openssl rand -hex 16)"
|
||||||
|
ADMIN_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)"
|
||||||
|
USER_PW="$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-20)"
|
||||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||||
sed -i '' "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env
|
SED_I=(sed -i '')
|
||||||
sed -i '' "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env
|
|
||||||
else
|
else
|
||||||
sed -i "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env
|
SED_I=(sed -i)
|
||||||
sed -i "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env
|
|
||||||
fi
|
fi
|
||||||
echo "Generated random SESSION_SECRET and POSTGRES_PASSWORD in .env."
|
"${SED_I[@]}" "s|^SESSION_SECRET=.*|SESSION_SECRET=${SECRET}|" .env
|
||||||
|
"${SED_I[@]}" "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${PG_PW}|" .env
|
||||||
|
"${SED_I[@]}" "s|^SEED_ADMIN_PASSWORD=.*|SEED_ADMIN_PASSWORD=${ADMIN_PW}|" .env
|
||||||
|
"${SED_I[@]}" "s|^SEED_USER_PASSWORD=.*|SEED_USER_PASSWORD=${USER_PW}|" .env
|
||||||
|
echo
|
||||||
|
echo "================================================================"
|
||||||
|
echo " Generated initial credentials (also saved in .env)"
|
||||||
|
echo "----------------------------------------------------------------"
|
||||||
|
echo " Admin login: admin / ${ADMIN_PW}"
|
||||||
|
echo " User login: ahmed / ${USER_PW}"
|
||||||
|
echo "================================================================"
|
||||||
|
echo " IMPORTANT: write these down NOW — you can change them later"
|
||||||
|
echo " from the admin panel, but recovery from a lost admin password"
|
||||||
|
echo " requires direct database access."
|
||||||
|
echo "================================================================"
|
||||||
|
echo
|
||||||
else
|
else
|
||||||
echo "openssl not available — please open .env and set SESSION_SECRET + POSTGRES_PASSWORD before running again."
|
echo "openssl not available — please open .env and set SESSION_SECRET, POSTGRES_PASSWORD, SEED_ADMIN_PASSWORD and SEED_USER_PASSWORD before running again."
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
Reference in New Issue
Block a user