tycrek / ass

The simple self-hosted ShareX server
ISC License
655 stars 53 forks source link

Better authentication #177

Closed tycrek closed 1 year ago

tycrek commented 1 year ago

⚠️ Stop! Breaking changes ahead ⚠️

This PR introduces potentially breaking changes. It is still very early in development and should only be used experimentally at this time. If you do want to give it a shot, do it in dev. If you do it in prod, backup your auth.json and data.json before switching over.

Checklist

Enviroment

Description

This PR will hopefully tackle a couple issues. Whatever I get around to dealing with I'll detail below.

Better authentication

First on the list of things I need to overhaul: better auth. The current system is pretty simple and hard to build on. The new system will use modern functions and allow better integration with CLI tools, a future API, and frontends (via aforementioned API).

Completed task: format migration

There is still a lot of work to be done, but the main thing I wanted to get out of the way is complete! Upon startup, ass will automatically migrate the auth file format. It will generate a unique ID using Nano ID. Currently, it only generates a password hash for the admin user.

Admin user??

The admin user is set by default during auth migration. It is simply user 0, aka the first one generated when you originally installed ass. Frontends will be able to use the admin user for management without needing to configure their own user system.

Passwords?!

ass now supports password hashing with bcrypt. As mentioned above, the admin password will be randomly generated, so you'll have to set it on the command line with npm run cli-setpassword ass <password here> (replace ass if you changed the default username).

Eventually there will be a proper API for frontends to easily let their users set passwords.

Supporting Issues

Merging this PR will close #133.