From d2708cdd9bd680346d43cc5e8468d6d7393996fb Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sat, 25 May 2019 23:10:48 +0300
Subject: [PATCH 1/7] fix typo in readme

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index da4e9f7..6f82b98 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ YES, indeed it is powered by `Node.js v6` on `Raspberry PI 3`.
 
 
 
-## 2. Reuqirements
+## 2. Requirements
 ### 2.1 Equipment
 * [**Raspberry PI 3 Model B**](https://www.raspberrypi.org/products/raspberry-pi-3-model-b/) with the latest **Raspbian OS** installed
 * **Node.js v6.0**

From 01fa7bdbe2ab703f9d1cd71eb26203c726e8247a Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sun, 26 May 2019 00:05:22 +0300
Subject: [PATCH 2/7] use value from .env for session secret

---
 .gitignore | 3 +++
 lib/app.js | 7 +++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 316c8dc..f6f8dde 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,6 @@ jspm_packages
 
 # Optional REPL history
 .node_repl_history
+
+# Environment files
+.env
\ No newline at end of file
diff --git a/lib/app.js b/lib/app.js
index 696d52e..02900fd 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -4,13 +4,15 @@ const express = require("express");
 const path = require("path");
 const session = require("express-session");
 const FileStore = require('session-file-store')(session);
-
+const dotenv = require('dotenv');
+var crypto = require("crypto");
 
 /**
  * Setup express app
  */
 const app = express();
 const passport = require("./passport");
+dotenv.config();
 
 /**
  * Parsers
@@ -19,7 +21,8 @@ app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(cookieParser());
 app.use(session({
-    secret: "aedf1829f7",
+    secret: (process.env.COOKIE_SECRET && process.env.COOKIE_SECRET !== '') ?
+        process.env.COOKIE_SECRET : crypto.randomBytes(40).toString('hex'),
     resave: false,
     saveUninitialized: true,
     cookie: { secure: false, maxAge: 1000 * 60 * 60 * 24 * 100 },

From d818e1b116f4bd36d889542a9024f08ec3644b42 Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sun, 26 May 2019 19:01:38 +0300
Subject: [PATCH 3/7] add session secret generation on install

---
 create_env.js | 7 +++++++
 rpi-man-get   | 2 ++
 2 files changed, 9 insertions(+)
 create mode 100644 create_env.js

diff --git a/create_env.js b/create_env.js
new file mode 100644
index 0000000..bc07dd9
--- /dev/null
+++ b/create_env.js
@@ -0,0 +1,7 @@
+const fs = require('fs');
+const crypto = require('crypto');
+ 
+fs.writeFile(
+    '.env',
+    'COOKIE_SECRET=' + crypto.randomBytes(40).toString('hex') + '\n'
+);
diff --git a/rpi-man-get b/rpi-man-get
index 6df683a..8d819fd 100755
--- a/rpi-man-get
+++ b/rpi-man-get
@@ -9,6 +9,8 @@ install()
 {
     echo "Installing rpi-man..."
     install_dependencies
+    echo "Generating .env file"
+    node create_env.js
     echo "Make rpi-man-server as global command..."
     ln -s $path/bin/rpi-man-server $bin_path
     echo "Make rpi-man-server run at startup..."

From d58776f05ba2d315e4cb4ab6d031cecd39e78a7d Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sun, 26 May 2019 19:11:01 +0300
Subject: [PATCH 4/7] add dotenv dependency

---
 package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package.json b/package.json
index 44e46db..f829dc2 100644
--- a/package.json
+++ b/package.json
@@ -19,6 +19,7 @@
   "dependencies": {
     "body-parser": "^1.15.2",
     "cookie-parser": "^1.4.3",
+    "dotenv": "8.0.0",
     "express": "^4.14.0",
     "express-session": "^1.14.0",
     "md5": "^2.1.0",

From 672140490fb8f68c3eed45ccfa0dd587e7748cb7 Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sun, 26 May 2019 20:12:40 +0300
Subject: [PATCH 5/7] add bcrypt and prompt dependencies

---
 package.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/package.json b/package.json
index f829dc2..b4e7a95 100644
--- a/package.json
+++ b/package.json
@@ -17,6 +17,7 @@
   },
   "homepage": "https://github.com/MagicCube/rpi-man#readme",
   "dependencies": {
+    "bcrypt": "3.0.6",
     "body-parser": "^1.15.2",
     "cookie-parser": "^1.4.3",
     "dotenv": "8.0.0",
@@ -27,6 +28,7 @@
     "passport": "^0.3.2",
     "passport-local": "^1.0.0",
     "pty.js": "^0.3.1",
+    "prompt": "1.0.0",
     "session-file-store": "^0.2.0",
     "socket.io": "^1.4.8"
   },

From 795a109df1590751cba1252d997be8165428ab7e Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sun, 26 May 2019 20:16:26 +0300
Subject: [PATCH 6/7] add password and username creation

---
 create_env.js | 34 +++++++++++++++++++++++++++++-----
 1 file changed, 29 insertions(+), 5 deletions(-)

diff --git a/create_env.js b/create_env.js
index bc07dd9..734d7fa 100644
--- a/create_env.js
+++ b/create_env.js
@@ -1,7 +1,31 @@
 const fs = require('fs');
 const crypto = require('crypto');
- 
-fs.writeFile(
-    '.env',
-    'COOKIE_SECRET=' + crypto.randomBytes(40).toString('hex') + '\n'
-);
+const bcrypt = require('bcrypt');
+const prompt = require('prompt');
+
+prompt.start();
+
+
+prompt.get({
+    properties: {
+      username: {
+        pattern: /^[a-zA-Z\s\-]+$/,
+        message: 'Username must be only letters, spaces, or dashes',
+        required: true
+      },
+      password: {
+        hidden: true
+      }
+    }
+  }, function (err, result) {
+    if (err) console.error('Failed to create a .env file');
+
+    const password = bcrypt.hashSync(result.password, 10)
+    
+    fs.writeFile(
+        '.env',
+        'COOKIE_SECRET=' + crypto.randomBytes(40).toString('hex') + '\n' +
+        'USERNAME=' + result.username + '\n' +
+        'PASSWORD=' + password + '\n'
+    );
+});
\ No newline at end of file

From 2ebe22cbef12b14f0f63927c6335c02afb48bee9 Mon Sep 17 00:00:00 2001
From: Ebakoba <kaarelallemann@gmail.com>
Date: Sun, 26 May 2019 20:19:39 +0300
Subject: [PATCH 7/7] use username and password defined in .env file

---
 lib/passport.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/passport.js b/lib/passport.js
index b8805bb..6986ec2 100644
--- a/lib/passport.js
+++ b/lib/passport.js
@@ -1,13 +1,22 @@
 const LocalStrategy = require("passport-local").Strategy;
 const md5 = require("md5");
+const bcrypt = require('bcrypt');
 const passport = require("passport");
+const dotenv = require('dotenv');
+dotenv.config();
 
 passport.use("local", new LocalStrategy({
         usernameField: 'username',
         passwordField: 'password'
     },
     (username, password, done) => {
-        if (username === "admin" && md5(password) === "a99e2bc0efaa6c17888f2946aedc6be8")
+        const serverUsername = (process.env.USERNAME && process.env.USERNAME !== '') ?
+            process.env.USERNAME : 'admin';
+        const serverPassword = (process.env.PASSWORD && process.env.PASSWORD !== '') ?
+            process.env.PASSWORD : '$2y$10$BiQ8hbUWvjnu4Yi59i4e/u0LKMcoOzAn/5oeZjh5JrzekAeVn4oX.';
+        
+        if (!process.env.PASSWORD) password = md5(password)
+        if (username === serverUsername && bcrypt.compareSync(password, serverPassword))
         {
             return done(null, {
                 id: "admin"