720872a391
The admin seeding function previously fell back to password 'admin' when AUTH_PASS was unset, and accepted any value from .env.example including the documented default 'change-me-on-first-login'. This meant a user who copied .env.example without changing the password (or forgot to set AUTH_PASS entirely) would have an instance running with publicly known credentials. The seeding function now: - Skips seeding entirely if AUTH_PASS is not set (instead of defaulting to 'admin') - Checks AUTH_PASS against a blocklist of known insecure values (admin, password, change-me-on-first-login, changeme, testpass123) - Logs a clear warning explaining what to do in both cases Existing instances that already have users in the database are not affected — the seeding function only runs when the users table is empty. Signed-off-by: Mark Liu <mark@prove.com.au> |
||
|---|---|---|
| .. | ||
| app | ||
| components | ||
| lib | ||
| store | ||
| test | ||
| types | ||
| index.ts | ||
| live-feed.tsx | ||
| nav-rail.tsx | ||
| page.tsx | ||
| proxy.ts | ||