Enhance bcrypt doc: rename, add one-liner, usage info, and assert

- Rename the file to a more readable name - Add one-liner command for quick execution - Include dedicated paragraph on using the output - Implement assert to prevent bcrypt limitation issues - Comment the python script - Improves clarity and usability of bcrypt documentation - Mention documentation file in docker-compose.yml and README.me file
2024-06-27 21:00:11 +02:00 · 2024-06-27 21:00:11 +02:00 · 4d849fc508
parent 436ccac824
commit 4d849fc508
3 changed files with 59 additions and 28 deletions
--- a/How_to_generate_an_bcrypt_hash.md
+++ b/How_to_generate_an_bcrypt_hash.md
@ -1,5 +1,5 @@
 <!-- created by Mathys Lopinto (@mathys-lopinto) -->
-# How to generate bcrypt
+# How to generate bcrypt hash

 ## Prerequisites
 - Python 3
@ -51,20 +51,51 @@ pip3 install bcrypt
 pip3 install bcrypt --break-system-packages
 ```

-## Generating bcrypt
+## Generating bcrypt hash from the command line
+You can use the following one-liner command to generate a bcrypt hash directly in the cmd/ terminal: 
+```bash
+python3 -c "import bcrypt; password = b'your_password_here'; assert len(password) < 72, 'Password must be less than 72 bytes due to bcrypt limitation'; hashed = bcrypt.hashpw(password, bcrypt.gensalt()); print(f'The hashed password is: {hashed.decode()}'); docker_interpolation = hashed.decode().replace('$', '$$'); print(f'The hashed password for a Docker env is: {docker_interpolation}')" # or python if you run this on Windows. CHANGE your_password_here BY YOUR PASSWORD
+```
+Please change ``your_password_here`` in the line by your own password.
+
+## Generating bcrypt hash from an script file
 ### Do not name the file `bcrypt.py` as it will cause an error.
 Create a python file with the following content:
 ```python
 import bcrypt
+
+# Initial password
 password = b"your_password_here"  # DO NOT REMOVE THE b
+
+# Assert that the password is under 72 bytes
+assert len(password) < 72, "Password must be less than 72 bytes due to bcrypt limitation"
+
+# Generate a salt and hash the password
 hashed = bcrypt.hashpw(password, bcrypt.gensalt())
+
+# Print the hashed password
 print(f'The hashed password is: {hashed.decode()}')

+# Prepare the hashed password for Docker environment variables
 docker_interpolation = hashed.decode().replace("$", "$$")
-print(f'The hashed password for an docker env is: {docker_interpolation}')
+print(f'The hashed password for a Docker env is: {docker_interpolation}')
 ```

 Replace `your_password_here` with the password you want to hash.

 Run the python file and you will get the hashed password.
+
+## Get the right hash
 Copy the 2nd line of the output (after the : ) and use it as your hashed password.
+
+__Exemple__
+If the output is:
+```txt
+The hashed password is: $2b$12$NRiL4Kw4dKid.ix2WvZltOmaQBZjoX30shjHJXRVdEGshAxYWXXMe
+The hashed password for an docker env is: $$2b$$12$$NRiL4Kw4dKid.ix2WvZltOmaQBZjoX30shjHJXRVdEGshAxYWXXMe
+``` 
+
+The docker line ``PASSWORD_HASH`` will be:
+```txt
+PASSWORD_HASH=$$2b$$12$$NRiL4Kw4dKid.ix2WvZltOmaQBZjoX30shjHJXRVdEGshAxYWXXMe
+```
--- a/README.md
+++ b/README.md
@ -99,10 +99,10 @@ Are you enjoying this project? [Buy Emile a beer!](https://github.com/sponsors/W
 These options can be configured by setting environment variables using `-e KEY="VALUE"` in the `docker run` command.

 | Env | Default | Example | Description                                                                                                                                          |
-| - | - | - | - |
+| - | - | - |------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `PORT` | `51821` | `6789` | TCP port for Web UI.                                                                                                                                 |
 | `WEBUI_HOST` | `0.0.0.0` | `localhost` | IP address web UI binds to.                                                                                                                          |
-| `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. |
+| `PASSWORD_HASH` | - | `$2y$05$Ci...` | When set, requires a password when logging in to the Web UI. See [How to generate an bcrypt hash.md]("How_to_generate_an_bcrypt_hash.md") for know how to generate the hash. |
 | `PASSWORD` (deprecated) | - | `foobar123` | When set, requires a password when logging in to the Web UI. *(Not used if `PASSWORD_HASH` is set)*                                                  |
 | `WG_HOST` | - | `vpn.myserver.com` | The public hostname of your VPN server.                                                                                                              |
 | `WG_DEVICE` | `eth0` | `ens6f0` | Ethernet device the wireguard traffic should be forwarded through.                                                                                   |
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -13,7 +13,7 @@ services:

      # Optional:
      # - PASSWORD=foobar123 (deprecated, see readme)
-      # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG (needs double $$, hash of 'foobar123')
+      # - PASSWORD_HASH=$$2y$$10$$hBCoykrB95WSzuV4fafBzOHWKu9sbyVa34GJr8VV5R/pIelfEMYyG (needs double $$, hash of 'foobar123'; see "How_to_generate_an_bcrypt_hash.md" for generate the hash)
      # - PORT=51821
      # - WG_PORT=51820
      # - WG_CONFIG_PORT=92820