diff --git a/.env.example b/.env.example index 416bbd7..64ee687 100644 --- a/.env.example +++ b/.env.example @@ -18,7 +18,7 @@ API_KEY= # Auth configuration (required in v4+) BASE_URL=http://localhost:3003 # Externally facing URL for this app (set to LAN IP for access from other devices on the network) -AUTH_SECRET=some_random_secret_key # Generate with `openssl rand -hex 32` +AUTH_SECRET=some_random_secret_key # Generate with `openssl rand -base64 32` AUTH_TRUSTED_ORIGINS=http://localhost:3003,http://127.0.0.1:3003 # Additional trusted origins (BASE_URL is always trusted) # (Optional) Allow anonymous auth sessions (default: `false`) # USE_ANONYMOUS_AUTH_SESSIONS=false diff --git a/docs-site/docs/deploy/local-development.md b/docs-site/docs/deploy/local-development.md index dd38dcd..b14a087 100644 --- a/docs-site/docs/deploy/local-development.md +++ b/docs-site/docs/deploy/local-development.md @@ -250,7 +250,7 @@ Use one of these `.env` mode templates: ```env API_BASE=http://host.docker.internal:8880/v1 BASE_URL=http://localhost:3003 -AUTH_SECRET= +AUTH_SECRET= # Optional when you need multiple local origins: # AUTH_TRUSTED_ORIGINS=http://localhost:3003,http://127.0.0.1:3003 ``` @@ -263,7 +263,7 @@ AUTH_SECRET= # on first boot, then no longer read. Manage them in Settings → Admin afterwards. API_BASE=http://host.docker.internal:8880/v1 BASE_URL=http://localhost:3003 -AUTH_SECRET= +AUTH_SECRET= # Comma-separated emails to auto-promote to admin on signin. ADMIN_EMAILS=you@example.com ``` @@ -275,7 +275,7 @@ ADMIN_EMAILS=you@example.com API_BASE=http://host.docker.internal:8880/v1 USE_EMBEDDED_WEED_MINI=false BASE_URL=http://localhost:3003 -AUTH_SECRET= +AUTH_SECRET= S3_BUCKET=your-bucket S3_REGION=us-east-1 S3_ACCESS_KEY_ID=your-access-key @@ -291,7 +291,7 @@ S3_SECRET_ACCESS_KEY=your-secret-key ```env API_BASE=http://host.docker.internal:8880/v1 BASE_URL=http://localhost:3003 -AUTH_SECRET= +AUTH_SECRET= COMPUTE_WORKER_URL=http://localhost:8081 COMPUTE_WORKER_TOKEN= USE_EMBEDDED_WEED_MINI=false diff --git a/docs-site/docs/deploy/vercel-deployment.md b/docs-site/docs/deploy/vercel-deployment.md index 8158c10..fc634c8 100644 --- a/docs-site/docs/deploy/vercel-deployment.md +++ b/docs-site/docs/deploy/vercel-deployment.md @@ -36,7 +36,7 @@ S3_PREFIX=openreader BASE_URL=https://your-app.vercel.app AUTH_SECRET=... ADMIN_EMAILS=you@example.com # comma-separated; admins manage TTS + features in-app -CRON_SECRET=... # generate with: openssl rand -hex 32 +CRON_SECRET=... # generate with: openssl rand -base64 32 # Heavy compute (required on Vercel in current releases) COMPUTE_WORKER_URL=https:// diff --git a/docs-site/docs/docker-quick-start.md b/docs-site/docs/docker-quick-start.md index 3495443..e8cfdcc 100644 --- a/docs-site/docs/docker-quick-start.md +++ b/docs-site/docs/docker-quick-start.md @@ -43,7 +43,7 @@ docker run --name openreader \ -v openreader_docstore:/app/docstore \ -e API_BASE=http://host.docker.internal:8880/v1 \ -e BASE_URL=http://localhost:3003 \ - -e AUTH_SECRET=$(openssl rand -hex 32) \ + -e AUTH_SECRET=$(openssl rand -base64 32) \ -e ADMIN_EMAILS=you@example.com \ ghcr.io/richardr1126/openreader:latest ``` @@ -70,7 +70,7 @@ docker run --name openreader \ -v openreader_docstore:/app/docstore \ -e API_BASE=http://host.docker.internal:8880/v1 \ -e BASE_URL=http://:3003 \ - -e AUTH_SECRET=$(openssl rand -hex 32) \ + -e AUTH_SECRET=$(openssl rand -base64 32) \ -e AUTH_TRUSTED_ORIGINS=http://localhost:3003,http://127.0.0.1:3003 \ -e USE_ANONYMOUS_AUTH_SESSIONS=true \ -e ADMIN_EMAILS=you@example.com \ @@ -101,7 +101,7 @@ docker run --name openreader \ -p 3003:3003 \ -p 8333:8333 \ -e BASE_URL=http://localhost:3003 \ - -e AUTH_SECRET=$(openssl rand -hex 32) \ + -e AUTH_SECRET=$(openssl rand -base64 32) \ ghcr.io/richardr1126/openreader:latest ``` diff --git a/docs-site/docs/reference/environment-variables.md b/docs-site/docs/reference/environment-variables.md index a280903..42d27d2 100644 --- a/docs-site/docs/reference/environment-variables.md +++ b/docs-site/docs/reference/environment-variables.md @@ -111,7 +111,7 @@ Required external base URL for this OpenReader instance. Required secret key used by auth/session handling. - Required at startup -- Generate with `openssl rand -hex 32` +- Generate with `openssl rand -base64 32` ### AUTH_TRUSTED_ORIGINS @@ -151,7 +151,7 @@ Bearer-token secret for `GET /api/admin/tasks/tick`. - Required on Vercel so scheduled maintenance tasks can run from the configured Vercel Cron. - Vercel automatically sends `Authorization: Bearer ` on cron invocations. -- Generate a strong random value, for example with `openssl rand -hex 32`. +- Generate a strong random value, for example with `openssl rand -base64 32`. - Self-hosted Node.js deployments run the scheduler in-process and do not require this variable. ## Database and Object Blob Storage diff --git a/src/app/(public)/page.tsx b/src/app/(public)/page.tsx index 89499fa..c03bc50 100644 --- a/src/app/(public)/page.tsx +++ b/src/app/(public)/page.tsx @@ -332,7 +332,7 @@ export default async function LandingPage() { {' '}-e BASE_URL= http://localhost:3003 \{'\n'} {' '}-e AUTH_SECRET= - $(openssl rand -hex 32) \{'\n'} + $(openssl rand -base64 32) \{'\n'} {' '}-e ADMIN_EMAILS= you@example.com \{'\n'} {' '}ghcr.io/richardr1126/openreader:latest{'\n'}