npm - @justin0713/opspilot - Versions diffs - 1.0.4 → 1.0.6 - Mend

@justin0713/opspilot 1.0.4 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/opspilot.js +87 -20
package/package.json +1 -1

package/bin/opspilot.js CHANGED Viewed

@@ -16,6 +16,7 @@
  */
 const { execSync, spawnSync } = require('child_process');
+const crypto = require('crypto');
 const fs   = require('fs');
 const path = require('path');
 const os   = require('os');
@@ -27,7 +28,9 @@ const PKG_VERSION = require('../package.json').version;
 const IMAGE      = 'opspilot/local:latest';
 const CONTAINER  = 'opspilot';
 const CONFIG_DIR  = path.join(os.homedir(), '.opspilot');
-const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const CONFIG_FILE      = path.join(CONFIG_DIR, 'config.json');
+const CREDENTIALS_FILE = path.join(CONFIG_DIR, '.credentials');  // chmod 600
+const SETUP_TOKEN_FILE = path.join(CONFIG_DIR, '.setup_token');  // temp, deleted after start
 const CYAN   = '\x1b[36m';
 const GREEN  = '\x1b[32m';
@@ -98,6 +101,17 @@ function parseArgs(argv) {
 // ── Commands ─────────────────────────────────────────────────────────────────
+function generatePassword() {
+  // 18 random bytes → 24-char base64url (no shell-special chars)
+  return crypto.randomBytes(18).toString('base64url');
+}
+function writeCredentials(password) {
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  fs.writeFileSync(CREDENTIALS_FILE, `username: admin\npassword: ${password}\n`);
+  try { fs.chmodSync(CREDENTIALS_FILE, 0o600); } catch (_) {}  // best-effort on Windows
+}
 function cmdStart(flags) {
   checkDocker();
@@ -115,7 +129,7 @@ function cmdStart(flags) {
     );
   }
-  // Persist for next run
+  // Persist token for next run (never persists password)
   saveConfig({ token, cloudUrl: url || 'https://teams.codetop.net', port, dataDir: data });
   // Stop existing container if running
@@ -132,8 +146,27 @@ function cmdStart(flags) {
   log(`Pulling ${IMAGE} ...`);
   run(`docker pull ${IMAGE}`);
+  // ── Secure first-run password delivery ────────────────────────────────────
+  // Detect first run: credentials file doesn't exist yet
+  const isFirstRun = !fs.existsSync(CREDENTIALS_FILE);
+  let setupMount = '';
+  if (isFirstRun) {
+    const password = generatePassword();
+    // 1. Write to host temp file (chmod 600) — never passed as CLI arg or env var
+    fs.mkdirSync(CONFIG_DIR, { recursive: true });
+    fs.writeFileSync(SETUP_TOKEN_FILE, password);
+    try { fs.chmodSync(SETUP_TOKEN_FILE, 0o600); } catch (_) {}
+    // 2. Save to credentials file (chmod 600) for `opspilot password` command
+    writeCredentials(password);
+    // 3. Mount into container read-only — entrypoint reads & deletes it
+    setupMount = `-v "${SETUP_TOKEN_FILE}:/app/.setup_token:ro" `;
+  }
   // Volume arg: named volume or host path
-  const isAbsolute = path.isAbsolute(data);
   const volArg = `${data}:/app/data`;
   log(`Starting OpsPilot Local on port ${port} ...`);
@@ -144,19 +177,44 @@ function cmdStart(flags) {
     `-e OPSPILOT_CLOUD_URL=${url || 'https://teams.codetop.net'} ` +
     `-e OPSPILOT_CLOUD_TOKEN=${token} ` +
     `-e OPSPILOT_PORT=5000 ` +
+    setupMount +
     `-v ${volArg} ` +
     `--restart unless-stopped ` +
     `${IMAGE}`
   );
+  // 4. Delete the temp setup token from host immediately after container starts
+  try { fs.unlinkSync(SETUP_TOKEN_FILE); } catch (_) {}
   console.log('');
   ok(`OpsPilot Local is running!`);
-  console.log(`${BOLD}  URL :${RESET} http://localhost:${port}`);
-  console.log(`${BOLD}  Data:${RESET} ${isAbsolute ? data : `docker volume '${data}'`}`);
+  console.log(`${BOLD}  URL      :${RESET} http://localhost:${port}`);
+  console.log(`${BOLD}  Username :${RESET} admin`);
+  if (isFirstRun) {
+    console.log(`${BOLD}  Password :${RESET} run ${CYAN}opspilot password${RESET} to reveal`);
+  }
+  console.log(`${BOLD}  Data     :${RESET} ${path.isAbsolute(data) ? data : `docker volume '${data}'`}`);
   console.log('');
-  console.log(`  ${CYAN}opspilot logs -f${RESET}   — tail live logs`);
-  console.log(`  ${CYAN}opspilot stop${RESET}       — stop the server`);
-  console.log(`  ${CYAN}opspilot update${RESET}     — upgrade to latest`);
+  console.log(`  ${CYAN}opspilot password${RESET}   — show first-run admin password`);
+  console.log(`  ${CYAN}opspilot logs -f${RESET}    — tail live logs`);
+  console.log(`  ${CYAN}opspilot stop${RESET}        — stop the server`);
+  console.log(`  ${CYAN}opspilot update${RESET}      — upgrade to latest`);
+}
+function cmdPassword() {
+  if (!fs.existsSync(CREDENTIALS_FILE)) {
+    warn('No credentials file found. Already cleared, or this is not a first-run install.');
+    warn(`File would be at: ${CREDENTIALS_FILE}`);
+    return;
+  }
+  const content = fs.readFileSync(CREDENTIALS_FILE, 'utf8').trim();
+  console.log('');
+  console.log(`${BOLD}First-run admin credentials${RESET} (${CREDENTIALS_FILE}):`);
+  console.log('');
+  content.split('\n').forEach(line => console.log(`  ${line}`));
+  console.log('');
+  console.log(`${YELLOW}Change your password after first login, then run:${RESET}`);
+  console.log(`  ${CYAN}opspilot password --clear${RESET}`);
 }
 function cmdStop() {
@@ -226,18 +284,19 @@ ${BOLD}Usage:${RESET}
   opspilot <command> [options]
 ${BOLD}Commands:${RESET}
-  ${CYAN}start${RESET}   Pull image and start the container
-  ${CYAN}stop${RESET}    Stop and remove the container
-  ${CYAN}logs${RESET}    Show container logs  (-f to follow)
-  ${CYAN}update${RESET}  Pull latest image and restart
-  ${CYAN}status${RESET}  Show container status
-  ${CYAN}config${RESET}  Show saved local config
+  ${CYAN}start${RESET}     Pull image and start the container
+  ${CYAN}stop${RESET}      Stop and remove the container
+  ${CYAN}logs${RESET}      Show container logs  (-f to follow)
+  ${CYAN}update${RESET}    Pull latest image and restart
+  ${CYAN}status${RESET}    Show container status
+  ${CYAN}config${RESET}    Show saved local config
+  ${CYAN}password${RESET}  Show first-run admin password  (--clear to delete after reading)
 ${BOLD}Start options:${RESET}
-  --token     <token>   License token from OpsPilot Cloud  ${YELLOW}(required)${RESET}
-  --cloud-url <url>     Cloud server URL  [default: https://teams.codetop.net]
-  --port      <port>    Local port        [default: 5000]
-  --data-dir  <path>    Host data path or Docker volume name  [default: opspilot-data]
+  --token      <token>  License token from OpsPilot Cloud  ${YELLOW}(required)${RESET}
+  --cloud-url  <url>    Cloud server URL  [default: https://teams.codetop.net]
+  --port       <port>   Local port        [default: 5000]
+  --data-dir   <path>   Host data path or Docker volume name  [default: opspilot-data]
 ${BOLD}Examples:${RESET}
   npx @justin0713/opspilot start --token eyJ...
@@ -270,8 +329,16 @@ switch (cmd) {
       cmdStart(Object.assign({}, cfg, parsed.flags));
     })();
     break;
-  case 'status': cmdStatus();             break;
-  case 'config': cmdConfig();             break;
+  case 'status':   cmdStatus();           break;
+  case 'config':   cmdConfig();           break;
+  case 'password':
+    if (parsed.flags.clear) {
+      try { fs.unlinkSync(CREDENTIALS_FILE); ok('Credentials file cleared.'); }
+      catch (_) { warn('No credentials file to clear.'); }
+    } else {
+      cmdPassword();
+    }
+    break;
   case undefined:
   case 'help':
   case '--help':

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@justin0713/opspilot",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "CLI installer for OpsPilot Local — self-hosted SSH operations platform",
   "license": "MIT",
   "homepage": "https://github.com/Albert0977/ShellShare#readme",