From 42c3c0d89a715886ca581b7996f18b210729962f Mon Sep 17 00:00:00 2001 From: Minecon724 Date: Thu, 3 Apr 2025 09:18:44 +0200 Subject: [PATCH] Update other things --- README.md | 27 +-------------------------- docker-compose.yml | 2 -- 2 files changed, 1 insertion(+), 28 deletions(-) diff --git a/README.md b/README.md index 881f35c..a416a0d 100644 --- a/README.md +++ b/README.md @@ -26,9 +26,6 @@ AnonChat can be configured using environment variables: - `SECRET_KEY`: Secret key for session management - `DATABASE_URL`: Database connection string (defaults to SQLite) -- `ADMIN_USERNAME`: Admin username for admin dashboard -- `ADMIN_PASSWORD`: Admin password for admin dashboard -- `ADMIN_FORCE_RESET`: When set to "true", forces a reset of the admin password to the value in ADMIN_PASSWORD (defaults to "false") - `SITE_TITLE`: Customizable site title (defaults to "AnonChat") - `BEHIND_PROXY`: Set to "true" when running behind a reverse proxy to properly handle client IP addresses (defaults to "false") - `RATELIMIT_STORAGE_URL`: Storage backend for rate limiting (defaults to memory storage) @@ -144,28 +141,6 @@ AnonChat includes a secure admin authentication system that protects administrat - **Password Management**: Admins can change their password through the Admin Settings page - **Logout Functionality**: Secure logout to clear session data -### Setting Admin Credentials - -Admin credentials are set using environment variables: - -``` -ADMIN_USERNAME=admin -ADMIN_PASSWORD=your-secure-password -ADMIN_FORCE_RESET=false -``` - -These values should be set in your `.env` file or server environment. The default admin user is created automatically when the application first runs. - -#### Password Reset - -You can force a reset of the admin password by setting `ADMIN_FORCE_RESET=true` in your environment variables. This is useful when: - -- You need to recover from a forgotten admin password -- You're deploying to a new environment and want to ensure the admin credentials are set correctly -- You want to update the admin password during deployment without accessing the admin interface - -When enabled, the application will update the admin user's password to match the value in `ADMIN_PASSWORD` during initialization or when running the `init-db` command. - ### Admin Functions - View and respond to user inquiries @@ -178,7 +153,7 @@ When enabled, the application will update the admin user's password to match the - Always use a strong, unique password for the admin account - Keep your SECRET_KEY secure and unique for each deployment - In production, ensure you're using HTTPS to protect admin credentials during transmission -- Change the default admin password immediately after deployment +- Disable registrations in your oauth ## TODO: Security Improvements diff --git a/docker-compose.yml b/docker-compose.yml index 8b4ba61..730a2c4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,8 +13,6 @@ services: - DATABASE_URL=postgresql://anonchat:anonchat@db:5432/anonchat - REDIS_URL=redis://redis:6379/0 - SECRET_KEY=change-this-secret-key-in-production - - ADMIN_USERNAME=admin - - ADMIN_PASSWORD=change-this-password-in-production - BEHIND_PROXY=false # Set to true if you're running behind a reverse proxy db: