From de09e51b115d9429304837c2e0a3c4bfc6826155 Mon Sep 17 00:00:00 2001 From: xpltd Date: Sat, 21 Mar 2026 22:42:05 -0500 Subject: [PATCH] =?UTF-8?q?Remove=20PASSWORD=5FHASH=20from=20user-facing?= =?UTF-8?q?=20config=20=E2=80=94=20plaintext=20PASSWORD=20only?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit password_hash remains as an internal field (used by auth system and DB), but is no longer documented or advertised as a config option. --- README.md | 5 ++--- backend/app/core/config.py | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3cd640e..7c75ee9 100644 --- a/README.md +++ b/README.md @@ -76,8 +76,7 @@ These are the knobs most operators actually touch — all shown commented out in |----------|---------|-------------| | `MEDIARIP__ADMIN__ENABLED` | `true` | Enable admin panel | | `MEDIARIP__ADMIN__USERNAME` | `admin` | Admin username | -| `MEDIARIP__ADMIN__PASSWORD` | _(empty)_ | Admin password (plaintext — hashed on startup, never stored) | -| `MEDIARIP__ADMIN__PASSWORD_HASH` | _(empty)_ | Bcrypt hash (alternative to plaintext — for advanced users) | +| `MEDIARIP__ADMIN__PASSWORD` | _(empty)_ | Admin password (hashed on startup, never stored as plaintext) | #### Purge @@ -169,7 +168,7 @@ For production with TLS, use the included Caddy reverse proxy: ```bash cp docker-compose.example.yml docker-compose.yml cp .env.example .env -# Edit .env with your domain and admin password hash +# Edit .env with your domain and admin password docker compose up -d ``` diff --git a/backend/app/core/config.py b/backend/app/core/config.py index b88edea..f158016 100644 --- a/backend/app/core/config.py +++ b/backend/app/core/config.py @@ -98,7 +98,7 @@ class AdminConfig(BaseModel): enabled: bool = True username: str = "admin" password: str = "" # Plaintext — hashed on startup, never stored - password_hash: str = "" # Bcrypt hash — set directly or derived from password + password_hash: str = "" # Internal — set by app on startup or first-run wizard # ---------------------------------------------------------------------------