chore: generate default admin credentials on install
This commit is contained in:
+9
-5
@@ -9,17 +9,21 @@ const db = require('./db');
|
||||
|
||||
const app = express();
|
||||
const PORT = process.env.PORT || 8180;
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'super_secret_corporate_token_key_123!';
|
||||
|
||||
// Setup default admin credentials
|
||||
const JWT_SECRET = process.env.JWT_SECRET;
|
||||
const ADMIN_USER = process.env.ADMIN_USERNAME || 'admin';
|
||||
let ADMIN_PASS = process.env.ADMIN_PASSWORD || 'adminpass';
|
||||
const ADMIN_PASS = process.env.ADMIN_PASSWORD;
|
||||
|
||||
if (!JWT_SECRET || !ADMIN_PASS) {
|
||||
console.error('Missing required ADMIN_PASSWORD or JWT_SECRET environment variable.');
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
const ADMIN_PASS_HASH = bcrypt.hashSync(ADMIN_PASS, 10);
|
||||
|
||||
console.log(`=========================================`);
|
||||
console.log(`Intranet Address Book Server starting...`);
|
||||
console.log(`Admin Username: ${ADMIN_USER}`);
|
||||
console.log(`Admin Password: ${process.env.ADMIN_PASSWORD ? '****** (From Env)' : 'adminpass (Default)'}`);
|
||||
console.log(`Admin Password: ****** (From Env)`);
|
||||
console.log(`Default Port: ${PORT}`);
|
||||
console.log(`=========================================`);
|
||||
|
||||
|
||||
+2
-2
@@ -14,7 +14,7 @@ services:
|
||||
- NODE_ENV=production
|
||||
- DATABASE_PATH=/app/data/database.db
|
||||
- ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
|
||||
- ADMIN_PASSWORD=${ADMIN_PASSWORD:-adminpass}
|
||||
- JWT_SECRET=${JWT_SECRET:-corporate-address-book-secret-key-987654321!}
|
||||
- ADMIN_PASSWORD=${ADMIN_PASSWORD:?ADMIN_PASSWORD is required. Create .env or run install.sh}
|
||||
- JWT_SECRET=${JWT_SECRET:?JWT_SECRET is required. Create .env or run install.sh}
|
||||
volumes:
|
||||
- ./data:/app/data
|
||||
|
||||
+14
-2
@@ -8,6 +8,8 @@ REPO_URL="https://git.h0melab.ru/fabritsky/corp-address-book.git"
|
||||
HOST_PORT="8180"
|
||||
CONTAINER_PORT="3000"
|
||||
IMAGE_NAME="corp-address-book:latest"
|
||||
ENV_CREATED="false"
|
||||
GENERATED_ADMIN_PASSWORD=""
|
||||
|
||||
log() {
|
||||
printf '\n[%s] %s\n' "$(date +'%H:%M:%S')" "$*"
|
||||
@@ -39,7 +41,8 @@ install_base_packages() {
|
||||
ca-certificates \
|
||||
curl \
|
||||
git \
|
||||
gnupg
|
||||
gnupg \
|
||||
openssl
|
||||
}
|
||||
|
||||
install_docker_if_needed() {
|
||||
@@ -96,6 +99,8 @@ prepare_env_and_data() {
|
||||
if [ ! -f "${INSTALL_DIR}/.env" ]; then
|
||||
jwt_secret="$(openssl rand -hex 32 2>/dev/null || date +%s%N)"
|
||||
admin_password="$(openssl rand -base64 24 2>/dev/null | tr -d '\n' || date +%s%N)"
|
||||
GENERATED_ADMIN_PASSWORD="$admin_password"
|
||||
ENV_CREATED="true"
|
||||
as_root tee "${INSTALL_DIR}/.env" >/dev/null <<EOF_ENV
|
||||
# Created by install.sh. Keep this file private and do not commit it.
|
||||
# Change ADMIN_PASSWORD after first login.
|
||||
@@ -174,8 +179,15 @@ print_result() {
|
||||
fi
|
||||
|
||||
log "Installation completed"
|
||||
printf 'URL: http://%s:%s/\n' "$server_ip" "$HOST_PORT"
|
||||
printf 'Local check: http://127.0.0.1:%s/\n' "$HOST_PORT"
|
||||
printf 'Open: http://%s:%s/\n' "$server_ip" "$HOST_PORT"
|
||||
printf 'Admin login: admin\n'
|
||||
if [ "$ENV_CREATED" = "true" ]; then
|
||||
printf 'Admin password: %s\n' "$GENERATED_ADMIN_PASSWORD"
|
||||
printf 'The password was saved in %s/.env. JWT_SECRET was not printed.\n' "$INSTALL_DIR"
|
||||
else
|
||||
printf 'Admin password: unchanged; read it from %s/.env on the server.\n' "$INSTALL_DIR"
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
|
||||
Reference in New Issue
Block a user