mirror of
https://github.com/NoFxAiOS/nofx.git
synced 2026-07-15 00:36:56 +08:00
Feat: Enable admin password in admin mode (#540)
* WIP: save local changes before merging * Enable admin password in admin mode #374
This commit is contained in:
44
README.md
44
README.md
@@ -29,6 +29,7 @@
|
||||
- [🧠 AI Self-Learning](#-ai-self-learning-example)
|
||||
- [📊 Web Interface Features](#-web-interface-features)
|
||||
- [🎛️ API Endpoints](#️-api-endpoints)
|
||||
- [🔐 Admin Mode (Single-User)](#-admin-mode-single-user)
|
||||
- [⚠️ Important Risk Warnings](#️-important-risk-warnings)
|
||||
- [🛠️ Common Issues](#️-common-issues)
|
||||
- [📈 Performance Tips](#-performance-optimization-tips)
|
||||
@@ -242,6 +243,49 @@ NOFX is built with a modern, modular architecture:
|
||||
|
||||
---
|
||||
|
||||
## 🔐 Admin Mode (Single-User)
|
||||
|
||||
For self-hosted or single-tenant setups, NOFX supports a strict admin-only mode that disables public features and requires an admin password for all access.
|
||||
|
||||
### How it works
|
||||
- All API endpoints require a valid JWT when `admin_mode=true`, except:
|
||||
- `GET /api/health`
|
||||
- `GET /api/config`
|
||||
- `POST /api/admin-login`
|
||||
- Registration is gated by `allow_registration` in `config.json` (default: `true`). When `admin_mode=true`, registration is blocked regardless of this flag.
|
||||
- Logout invalidates the current token via an in-memory blacklist (sufficient for single instance; use Redis for multi-instance – see Notes).
|
||||
|
||||
### Quick setup
|
||||
1) Set flags in `config.json`:
|
||||
```jsonc
|
||||
{
|
||||
// ... other config
|
||||
"admin_mode": true,
|
||||
"jwt_secret": "YOUR_JWT_SCR"
|
||||
}
|
||||
```
|
||||
|
||||
2) Provide required environment variables:
|
||||
- `NOFX_ADMIN_PASSWORD` — plaintext admin password (only used at startup to derive a bcrypt hash)
|
||||
|
||||
Docker Compose example (already wired):
|
||||
```yaml
|
||||
services:
|
||||
nofx:
|
||||
environment:
|
||||
- NOFX_ADMIN_PASSWORD=${NOFX_ADMIN_PASSWORD}
|
||||
```
|
||||
|
||||
1) Login flow (admin mode):
|
||||
- Open the web UI → you’ll be redirected to the login page
|
||||
- Enter admin password → the server returns a JWT
|
||||
- The UI stores the token and authenticates subsequent API calls
|
||||
|
||||
### Notes
|
||||
- Token lifetime: 24h. On logout, tokens are blacklisted in-memory until expiry. For multi-instance deployments, use a shared store (e.g., Redis) to sync the blacklist.
|
||||
|
||||
---
|
||||
|
||||
## 💰 Register Binance Account (Save on Fees!)
|
||||
|
||||
Before using this system, you need a Binance Futures account. **Use our referral link to save on trading fees:**
|
||||
|
||||
Reference in New Issue
Block a user