mirror of
https://github.com/sismics/docs.git
synced 2024-12-22 11:23:48 +01:00
Upgrade bcrypt library + explain env variables
This commit is contained in:
parent
36e5a9747b
commit
af15116bf9
133
README.md
133
README.md
@ -19,6 +19,7 @@ Demo
|
||||
----
|
||||
|
||||
A demo is available at [demo.teedy.io](https://demo.teedy.io)
|
||||
|
||||
- Guest login is enabled with read access on all documents
|
||||
- "admin" login with "admin" password
|
||||
- "demo" login with "password" password
|
||||
@ -60,6 +61,7 @@ Install with Docker
|
||||
A preconfigured Docker image is available, including OCR and media conversion tools, listening on port 8080. The database is an embedded H2 database but PostgreSQL is also supported for more performance.
|
||||
|
||||
**The default admin password is "admin". Don't forget to change it before going to production.**
|
||||
|
||||
- Master branch, can be unstable. Not recommended for production use: `sismics/docs:latest`
|
||||
- Latest stable version: `sismics/docs:v1.8`
|
||||
|
||||
@ -67,10 +69,134 @@ The data directory is `/data`. Don't forget to mount a volume on it.
|
||||
|
||||
To build external URL, the server is expecting a `DOCS_BASE_URL` environment variable (for example https://teedy.mycompany.com)
|
||||
|
||||
### Available environment variables
|
||||
|
||||
- General
|
||||
|
||||
- `DOCS_BASE_URL` -> The base url used by the application. Generated url's will be using this as base.
|
||||
|
||||
- `DOCS_GLOBAL_QUOTA` -> Defines the default quota applying to all users.
|
||||
|
||||
- Admin
|
||||
|
||||
- `DOCS_ADMIN_EMAIL_INIT` -> Defines the e-mail-address the admin user should have upon initialization.
|
||||
|
||||
- `DOCS_ADMIN_PASSWORD_INIT` -> Defines the password the admin user should have upon initialization. Needs to be a bcrypt hash. **Be aware that `$` within the hash have to be escaped with a second `$`.**
|
||||
|
||||
- Database
|
||||
|
||||
- `DATABASE_URL` -> The jdbc connection string to be used by `hibernate`.
|
||||
|
||||
- `DATABASE_USER` -> The user which should be used for the database connection.
|
||||
|
||||
- `DATABASE_PASSWORD` -> The password to be used for the database connection.
|
||||
|
||||
- Language
|
||||
|
||||
- `DOCS_DEFAULT_LANGUAGE` -> The language which will be used as default. Currently supported values are:
|
||||
|
||||
- `eng`, `fra`, `ita`, `deu`, `spa`, `por`, `pol`, `rus`, `ukr`, `ara`, `hin`, `chi_sim`, `chi_tra`, `jpn`, `tha`, `kor`, `nld`, `tur`, `heb`, `hun`, `fin`, `swe`, `lav`, `dan`
|
||||
|
||||
- E-Mail
|
||||
|
||||
- `DOCS_SMTP_HOSTNAME` -> Hostname of the SMTP-Server to be used by Teedy.
|
||||
|
||||
- `DOCS_SMTP_PORT` -> The port which should be used.
|
||||
|
||||
- `DOCS_SMTP_USERNAME` -> The username to be used.
|
||||
|
||||
- `DOCS_SMTP_PASSWORD` -> The password to be used.
|
||||
|
||||
### Examples
|
||||
|
||||
In the following examples some passwords are exposed in cleartext. This was done in order to keep the examples simple. We strongly encourage you to use variables with an `.env` file or other means to securely store your passwords.
|
||||
|
||||
#### Using the internal db
|
||||
|
||||
```yaml
|
||||
version: '3'
|
||||
services:
|
||||
# Teedy Application
|
||||
teedy-server:
|
||||
image: sismics/docs:v1.8
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
# Map internal port to host
|
||||
- 8080:8080
|
||||
environment:
|
||||
# Base url to be used
|
||||
DOCS_BASE_URL: "https://docs.example.com"
|
||||
# Set the admin email
|
||||
DOCS_ADMIN_EMAIL_INIT: "admin@example.com"
|
||||
# Set the admin password (in this example: "superSecure")
|
||||
DOCS_ADMIN_PASSWORD_INIT: "$$2a$$05$$PcMNUbJvsk7QHFSfEIDaIOjk1VI9/E7IPjTKx.jkjPxkx2EOKSoPS"
|
||||
volumes:
|
||||
- ./docs/data:/data
|
||||
```
|
||||
|
||||
#### Using postgres
|
||||
|
||||
```yaml
|
||||
version: '3'
|
||||
services:
|
||||
# Teedy Application
|
||||
teedy-server:
|
||||
image: sismics/docs:v1.8
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
# Map internal port to host
|
||||
- 8080:8080
|
||||
environment:
|
||||
# Base url to be used
|
||||
DOCS_BASE_URL: "https://docs.example.com"
|
||||
# Set the admin email
|
||||
DOCS_ADMIN_EMAIL_INIT: "admin@example.com"
|
||||
# Set the admin password (in this example: "superSecure")
|
||||
DOCS_ADMIN_PASSWORD_INIT: "$$2a$$05$$PcMNUbJvsk7QHFSfEIDaIOjk1VI9/E7IPjTKx.jkjPxkx2EOKSoPS"
|
||||
# Setup the database connection. "teedy-db" is the hostname
|
||||
# and "teedy" is the name of the database the application
|
||||
# will connect to.
|
||||
DATABASE_URL: "jdbc:postgresql://teedy-db:5432/teedy"
|
||||
DATABASE_USER: "teedy_db_user"
|
||||
DATABASE_PASSWORD: "teedy_db_password"
|
||||
volumes:
|
||||
- ./docs/data:/data
|
||||
networks:
|
||||
- docker-internal
|
||||
- internet
|
||||
depends_on:
|
||||
- teedy-db
|
||||
|
||||
# DB for Teedy
|
||||
teedy-db:
|
||||
image: postgres:13.1-alpine
|
||||
restart: unless-stopped
|
||||
expose:
|
||||
- 5432
|
||||
environment:
|
||||
POSTGRES_USER: "teedy_db_user"
|
||||
POSTGRES_PASSWORD: "teedy_db_password"
|
||||
POSTGRES_DB: "teedy"
|
||||
volumes:
|
||||
- ./docs/db:/var/lib/postgresql/data
|
||||
networks:
|
||||
- docker-internal
|
||||
|
||||
networks:
|
||||
# Network without internet access. The db does not need
|
||||
# access to the host network.
|
||||
docker-internal:
|
||||
driver: bridge
|
||||
internal: true
|
||||
internet:
|
||||
driver: bridge
|
||||
```
|
||||
|
||||
Manual installation
|
||||
-------------------
|
||||
|
||||
#### Requirements
|
||||
|
||||
- Java 8 with the [Java Cryptography Extension](http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html)
|
||||
- Tesseract 3 or 4 for OCR
|
||||
- ffmpeg for video thumbnails
|
||||
@ -78,6 +204,7 @@ Manual installation
|
||||
- A webapp server like [Jetty](http://eclipse.org/jetty/) or [Tomcat](http://tomcat.apache.org/)
|
||||
|
||||
#### Download
|
||||
|
||||
The latest release is downloadable here: <https://github.com/sismics/docs/releases> in WAR format.
|
||||
**The default admin password is "admin". Don't forget to change it before going to production.**
|
||||
|
||||
@ -88,9 +215,9 @@ Prerequisites: JDK 8 with JCE, Maven 3, NPM, Grunt, Tesseract 3 or 4
|
||||
|
||||
Teedy is organized in several Maven modules:
|
||||
|
||||
- docs-core
|
||||
- docs-web
|
||||
- docs-web-common
|
||||
- docs-core
|
||||
- docs-web
|
||||
- docs-web-common
|
||||
|
||||
First off, clone the repository: `git clone git://github.com/sismics/docs.git`
|
||||
or download the sources from GitHub.
|
||||
|
@ -91,10 +91,11 @@
|
||||
<groupId>org.slf4j</groupId>
|
||||
<artifactId>jcl-over-slf4j</artifactId>
|
||||
</dependency>
|
||||
|
||||
|
||||
<dependency>
|
||||
<groupId>org.mindrot</groupId>
|
||||
<artifactId>jbcrypt</artifactId>
|
||||
<groupId>at.favre.lib</groupId>
|
||||
<artifactId>bcrypt</artifactId>
|
||||
<version>0.9.0</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
|
@ -18,7 +18,7 @@ public class Constants {
|
||||
/**
|
||||
* Administrator's default password ("admin").
|
||||
*/
|
||||
public static final String DEFAULT_ADMIN_PASSWORD = "$2a$05$6Ny3TjrW3aVAL1or2SlcR.fhuDgPKp5jp.P9fBXwVNePgeLqb4i3C";
|
||||
public static final String DEFAULT_ADMIN_PASSWORD = "$2y$10$xg0EEKVUehutDI1m6qQhVeFz7SMQMl1jQzjf2KkVsR2c7aV2vyyjK";
|
||||
|
||||
/**
|
||||
* Administrator's default email.
|
||||
|
@ -1,5 +1,6 @@
|
||||
package com.sismics.docs.core.dao;
|
||||
|
||||
import at.favre.lib.crypto.bcrypt.BCrypt;
|
||||
import com.google.common.base.Joiner;
|
||||
import com.sismics.docs.core.constant.AuditLogType;
|
||||
import com.sismics.docs.core.dao.criteria.UserCriteria;
|
||||
@ -12,7 +13,6 @@ import com.sismics.docs.core.util.jpa.QueryUtil;
|
||||
import com.sismics.docs.core.util.jpa.SortCriteria;
|
||||
import com.sismics.util.context.ThreadLocalContext;
|
||||
import org.joda.time.DateTime;
|
||||
import org.mindrot.jbcrypt.BCrypt;
|
||||
|
||||
import javax.persistence.EntityManager;
|
||||
import javax.persistence.NoResultException;
|
||||
@ -39,7 +39,8 @@ public class UserDao {
|
||||
q.setParameter("username", username);
|
||||
try {
|
||||
User user = (User) q.getSingleResult();
|
||||
if (!BCrypt.checkpw(password, user.getPassword()) || user.getDisableDate() != null) {
|
||||
BCrypt.Result result = BCrypt.verifyer().verify(password.toCharArray(), user.getPassword());
|
||||
if (!result.verified || user.getDisableDate() != null) {
|
||||
return null;
|
||||
}
|
||||
return user;
|
||||
@ -277,7 +278,7 @@ public class UserDao {
|
||||
* @return Hashed password
|
||||
*/
|
||||
private String hashPassword(String password) {
|
||||
return BCrypt.hashpw(password, BCrypt.gensalt());
|
||||
return BCrypt.withDefaults().hashToString(10, password.toCharArray());
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -41,4 +41,4 @@ insert into T_LOCALE(LOC_ID_C) values('fr');
|
||||
insert into T_ROLE(ROL_ID_C, ROL_NAME_C, ROL_CREATEDATE_D) values('admin', 'Admin', NOW());
|
||||
insert into T_ROLE(ROL_ID_C, ROL_NAME_C, ROL_CREATEDATE_D) values('user', 'User', NOW());
|
||||
insert into T_ROLE_BASE_FUNCTION(RBF_ID_C, RBF_IDROLE_C, RBF_IDBASEFUNCTION_C, RBF_CREATEDATE_D) values('admin_ADMIN', 'admin', 'ADMIN', NOW());
|
||||
insert into T_USER(USE_ID_C, USE_IDLOCALE_C, USE_IDROLE_C, USE_USERNAME_C, USE_PASSWORD_C, USE_EMAIL_C, USE_THEME_C, USE_FIRSTCONNECTION_B, USE_CREATEDATE_D, USE_PRIVATEKEY_C) values('admin', 'en', 'admin', 'admin', '$2a$05$6Ny3TjrW3aVAL1or2SlcR.fhuDgPKp5jp.P9fBXwVNePgeLqb4i3C', 'admin@localhost', 'default.less', true, NOW(), 'AdminPk');
|
||||
insert into T_USER(USE_ID_C, USE_IDLOCALE_C, USE_IDROLE_C, USE_USERNAME_C, USE_PASSWORD_C, USE_EMAIL_C, USE_THEME_C, USE_FIRSTCONNECTION_B, USE_CREATEDATE_D, USE_PRIVATEKEY_C) values('admin', 'en', 'admin', 'admin', '$2y$10$xg0EEKVUehutDI1m6qQhVeFz7SMQMl1jQzjf2KkVsR2c7aV2vyyjK', 'admin@localhost', 'default.less', true, NOW(), 'AdminPk');
|
||||
|
Loading…
Reference in New Issue
Block a user