From 9735df0436d5ea71fc5874b4d28bc373f1e91100 Mon Sep 17 00:00:00 2001
From: Leendert de Borst <ldeborst@xivisoft.com>
Date: Mon, 23 Dec 2024 13:57:01 +0100
Subject: [PATCH] Update install.sh to generate postgresql credentials (#190)

---
 .gitignore                                    |  4 ++
 README.md                                     |  2 +-
 docker-compose.build.yml                      |  6 ---
 docker-compose.yml                            |  6 +--
 docs/installation/install.md                  |  2 +-
 docs/misc/dev/postgresql-commands.md          | 51 +++++++++++++++++++
 install.sh                                    | 13 +++++
 .../Configuration/DatabaseConfiguration.cs    | 25 +++++++--
 8 files changed, 94 insertions(+), 15 deletions(-)
 create mode 100644 docs/misc/dev/postgresql-commands.md

diff --git a/.gitignore b/.gitignore
index 06a5bfb4e..994133dab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -272,6 +272,10 @@ ServiceFabricBackup/
 *.sqlite-shm
 *.sqlite-wal
 
+# SQL files
+*.sql
+*.sql.gz
+
 # Business Intelligence projects
 *.rdl.data
 *.bim.layout
diff --git a/README.md b/README.md
index 2cab01fbd..6da5cf306 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ This method uses pre-built Docker images and works on minimal hardware specifica
 
 - Linux VM with root access (Ubuntu or RHEL based distros recommended)
 - 1 vCPU
-- 512MB RAM
+- 1GB RAM
 - 16GB disk space
 - Docker installed
 
diff --git a/docker-compose.build.yml b/docker-compose.build.yml
index dc6447a1c..6478998c3 100644
--- a/docker-compose.build.yml
+++ b/docker-compose.build.yml
@@ -42,9 +42,3 @@ services:
             dockerfile: Dockerfile.postgres
         ports:
             - "5432:5432"
-        volumes:
-            - ./database/postgres:/var/lib/postgresql/data:rw
-        environment:
-            POSTGRES_DB: aliasvault
-            POSTGRES_USER: aliasvault
-            POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
diff --git a/docker-compose.yml b/docker-compose.yml
index 7947271ba..012ba0838 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -92,8 +92,6 @@ services:
         image: ghcr.io/lanedirt/aliasvault-postgres:latest
         volumes:
             - ./database/postgres:/var/lib/postgresql/data:rw
-        environment:
-            POSTGRES_DB: aliasvault
-            POSTGRES_USER: aliasvault
-            POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
+        env_file:
+            - .env
         restart: always
diff --git a/docs/installation/install.md b/docs/installation/install.md
index 5a8746388..e1857b465 100644
--- a/docs/installation/install.md
+++ b/docs/installation/install.md
@@ -20,7 +20,7 @@ To get AliasVault up and running quickly, run the install script to pull pre-bui
 ### Hardware requirements
 - Linux VM with root access (Ubuntu or RHEL based distros recommended)
 - 1 vCPU
-- 512MB RAM
+- 1GB RAM
 - 16GB disk space
 - Docker installed
 
diff --git a/docs/misc/dev/postgresql-commands.md b/docs/misc/dev/postgresql-commands.md
new file mode 100644
index 000000000..375948f83
--- /dev/null
+++ b/docs/misc/dev/postgresql-commands.md
@@ -0,0 +1,51 @@
+---
+layout: default
+title: PostgreSQL Commands
+parent: Development
+grand_parent: Miscellaneous
+nav_order: 1
+---
+
+# PostgreSQL Commands
+
+## Backup database to file
+To backup the database to a file, you can use the following command:
+
+```bash
+docker compose exec postgres pg_dump -U aliasvault aliasvault | gzip > aliasvault.sql.gz
+```
+
+## Import database from file
+To drop the existing database and restore the database from a file, you can use the following command:
+
+{: .warning }
+Executing this command will drop the existing database and restore the database from the file. Make sure to have a backup of the existing database before running this command.
+
+```bash
+docker compose exec postgres psql -U aliasvault postgres -c "DROP DATABASE aliasvault;" && \
+docker compose exec postgres psql -U aliasvault postgres -c "CREATE DATABASE aliasvault;" && \
+gunzip < aliasvault.sql.gz | docker compose exec -iT postgres psql -U aliasvault aliasvault
+```
+
+## Change master password
+By default during initial installation the PostgreSQL master password is set to a random string that is
+stored in the `.env` file with the `POSTGRES_PASSWORD` variable.
+
+If you wish to change the master password, you can do so by running the following command:
+
+1. Open a terminal and navigate to the root of the AliasVault repository.
+2. Run the following command to connect to the PostgreSQL container:
+    ```bash
+    docker compose exec -it postgres psql -U aliasvault -d aliasvault
+    ```
+3. Once connected to the database, you can change the master password by running the following command:
+    ```sql
+    ALTER USER aliasvault WITH PASSWORD 'new_password';
+    ```
+4. Press Enter to confirm the changes.
+5. Exit the PostgreSQL shell by running `\q`.
+6. Manually update the `.env` file variable `POSTGRES_PASSWORD` with the new password.
+7. Restart the AliasVault containers by running the following command:
+    ```bash
+    docker compose restart
+    ```
diff --git a/install.sh b/install.sh
index f46f50b05..6a02b5284 100755
--- a/install.sh
+++ b/install.sh
@@ -338,6 +338,17 @@ populate_data_protection_cert_pass() {
     fi
 }
 
+populate_postgres_password() {
+    printf "${CYAN}> Checking POSTGRES_PASSWORD...${NC}\n"
+    if ! grep -q "^POSTGRES_PASSWORD=" "$ENV_FILE" || [ -z "$(grep "^POSTGRES_PASSWORD=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
+        # Generate a strong random password with 32 characters
+        POSTGRES_PASS=$(openssl rand -base64 32)
+        update_env_var "POSTGRES_PASSWORD" "$POSTGRES_PASS"
+    else
+        printf "  ${GREEN}> POSTGRES_PASSWORD already exists.${NC}\n"
+    fi
+}
+
 set_private_email_domains() {
     printf "${CYAN}> Checking PRIVATE_EMAIL_DOMAINS...${NC}\n"
     if ! grep -q "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" || [ -z "$(grep "^PRIVATE_EMAIL_DOMAINS=" "$ENV_FILE" | cut -d '=' -f2)" ]; then
@@ -683,6 +694,7 @@ handle_build() {
     populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
     populate_jwt_key || { printf "${RED}> Failed to set JWT key${NC}\n"; exit 1; }
     populate_data_protection_cert_pass || { printf "${RED}> Failed to set certificate password${NC}\n"; exit 1; }
+    populate_postgres_password || { printf "${RED}> Failed to set PostgreSQL password${NC}\n"; exit 1; }
     set_private_email_domains || { printf "${RED}> Failed to set email domains${NC}\n"; exit 1; }
     set_smtp_tls_enabled || { printf "${RED}> Failed to set SMTP TLS${NC}\n"; exit 1; }
     set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
@@ -1365,6 +1377,7 @@ handle_install_version() {
     populate_hostname || { printf "${RED}> Failed to set hostname${NC}\n"; exit 1; }
     populate_jwt_key || { printf "${RED}> Failed to set JWT key${NC}\n"; exit 1; }
     populate_data_protection_cert_pass || { printf "${RED}> Failed to set certificate password${NC}\n"; exit 1; }
+    populate_postgres_password || { printf "${RED}> Failed to set PostgreSQL password${NC}\n"; exit 1; }
     set_private_email_domains || { printf "${RED}> Failed to set email domains${NC}\n"; exit 1; }
     set_smtp_tls_enabled || { printf "${RED}> Failed to set SMTP TLS${NC}\n"; exit 1; }
     set_support_email || { printf "${RED}> Failed to set support email${NC}\n"; exit 1; }
diff --git a/src/Databases/AliasServerDb/Configuration/DatabaseConfiguration.cs b/src/Databases/AliasServerDb/Configuration/DatabaseConfiguration.cs
index e68b75a96..841cf2543 100644
--- a/src/Databases/AliasServerDb/Configuration/DatabaseConfiguration.cs
+++ b/src/Databases/AliasServerDb/Configuration/DatabaseConfiguration.cs
@@ -23,9 +23,28 @@ public static class DatabaseConfiguration
     /// <returns>The IServiceCollection for method chaining.</returns>
     public static IServiceCollection AddAliasVaultDatabaseConfiguration(this IServiceCollection services, IConfiguration configuration)
     {
-        var dbProvider = configuration.GetValue<string>("DatabaseProvider")?.ToLower() ?? "sqlite";
+        // Check for environment variable first, then fall back to configuration
+        var connectionString = Environment.GetEnvironmentVariable("ConnectionStrings__AliasServerDbContext");
+        var dbProvider = Environment.GetEnvironmentVariable("DatabaseProvider")?.ToLower()
+            ?? configuration.GetValue<string>("DatabaseProvider")?.ToLower()
+            ?? "postgresql";
 
-        // Add custom DbContextFactory registration which supports multiple database providers.
+        // Create a new configuration if we have an environment-provided connection string
+        if (!string.IsNullOrEmpty(connectionString))
+        {
+            var configDictionary = new Dictionary<string, string?>
+            {
+                ["ConnectionStrings:AliasServerDbContext"] = connectionString,
+            };
+
+            var configurationBuilder = new ConfigurationBuilder()
+                .AddConfiguration(configuration)
+                .AddInMemoryCollection(configDictionary);
+
+            configuration = configurationBuilder.Build();
+        }
+
+        // Add custom DbContextFactory registration which supports multiple database providers
         switch (dbProvider)
         {
             case "postgresql":
@@ -41,7 +60,7 @@ public static class DatabaseConfiguration
         services.AddDbContextFactory<AliasServerDbContext>((sp, options) =>
         {
             var factory = sp.GetRequiredService<IAliasServerDbContextFactory>();
-            factory.ConfigureDbContextOptions(options);  // Let the factory configure the options directly
+            factory.ConfigureDbContextOptions(options);
         });
 
         // Add scoped DbContext registration based on the factory