Skip to content

Latest commit

 

History

History
151 lines (110 loc) · 6.7 KB

README.en.md

File metadata and controls

151 lines (110 loc) · 6.7 KB

Bonsai

A family wiki and photoalbum engine (in Russian).

Features

  • Pages with Markdown text
  • Media files: photos, videos (PDF documents will be supported later)
  • Person tags on photos
  • Relations: validation, inferrence
  • Fact storage (birthday, gender, blood type, languages, hobbies, etc.)
  • Access control: editor, reader and guest roles
  • Changesets: browse changes to any page/media, see diffs, easily revert if necessary

Screenshots

Front-end:

Admin panel:

Installation via Docker

  1. Download the docker-compose.

  2. Optional:

    Configure your Bonsai instance to use HTTPS and external auth for better security. This requires a bit of work, so if you are just playing around you can skip this step.

    Create a Facebook Authorization App (or Google, Yandex or Vkontakte).

    Modify docker-compose.yml:

    • Save Facebook authorization credentials to Auth__Facebook__AppId and Auth__Facebook__AppSecret config properties
    • Set Auth__AllowPasswordAuth=false if you want to disable the less-secure password authorization
    • Replace @@YOUR_EMAIL@@ with your email address (for LetsEncrypt auto-SSL)
    • Replace @@DOMAIN@@ with the domain name to use (or you can use your IP with xip.io, like 192.168.1.1.xip.io)
    • Uncomment two lines with Host(`@@DOMAIN@@`)
    • Comment two lines with PathPrefix(`/`)
  3. Bring everything up using docker compose:

    docker-compose up -d
    
  4. After everything is brought up Bonsai will listen on ports 80 and 443.

Development (on Windows)

For development, you will need the following:

  1. Install NodeJS (10+)

  2. Install PostgreSQL server (9.6+)

  3. Download ffmpeg shared binaries for your system and extract the archive's contents into External/ffmpeg folder in the solution root (must contain both ffmpeg and ffprobe executables).

  4. Create a file called appsettings.Development.json, add the connection string:

    {
      "ConnectionStrings": {
        "Database": "Server=127.0.0.1;Port=5432;Database=bonsai;User Id=<login>;Password=<password>;Persist Security Info=true"
      },
      "Auth": {
        "AllowPasswordAuth": true
      } 
    }
    
  5. Optional, but suggested:

    Create a Facebook Authorization App (or Google, Yandex or Vkontakte).

    Add the retrieved authorization credentials to the appsettings.Development.json and set AllowPasswordAuth to false:

    {
        "Auth": {
    	    "AllowPasswordAuth": false,
    	    "Facebook": {
    		  "AppId": "<...>",
    		  "AppSecret": "<...>" 
    		},
    		"Google": {
    		  "ClientId": "<...>",
    		  "ClientSecret": "<...>" 
    		},
    		"Yandex": {
    		  "ClientId": "<...>",
    		  "ClientSecret": "<...>" 
    		},
    		"Vkontakte": {
    		  "ClientId": "<...>",
    		  "ClientSecret": "<...>" 
    		}
    	}
    }
    
  6. Create the database:

    dotnet ef database update
    
  7. Build the styles and scripts:

    npm install
    npm run build
    
  8. Run the app (as Visual Studio project or using dotnet run).

Security considerations

Data backup

If you value the data that you store in Bonsai, make sure that you SET UP BACKUPS.

You will need to back up the following:

  • Database (approximately tens of megabytes)
  • Uploaded media in wwwroot/media (may contain gigabytes of data)

There are many options available, free and paid: uploading to a cloud storage, copying to external drives, etc. Please consider your usage/budget and select a combination that works best for you.

Authorization methods

Bonsai features two authorization methods: OAuth and password authorization.

OAuth is the preferred method: it's easier to use for end users, more secure and versatile. Please use the OAuth method if you can! For OAuth, you will need to create an authorization app on Facebook, Google, Vkontakte or Yandex as described in the installation steps. You can enable multiple authorization apps at the same time: users will pick the one they prefer.

As a fallback, you can also create an account with classic login/password authorization. It can be used for two purposes:

  • Playing around with Bonsai (easier to set up: no auth app and https configuration required)
  • Giving access to elder family members who don't have a social network account

Please keep the following facts in mind:

  • Any user account can only have one authorization method: password, or Facebook, or Google, etc.
  • It is not possible to change the authorization type for an account once it has been created.
  • Password-based accounts can be locked out if there are too many consecutive failed login attempts.
  • Account password can only be reset by an administrator manually. If you only have one admin account, it is password-based, and the password is lost - there's no way to regain access besides direct database manipulation!