chore: disable API and Dashboard by default

Author: mirkobrombin

README.md

@@ -23,6 +23,37 @@ GoUP! is a minimal, tweakable web server written in Go. You can use it to serve
 - API for dynamic configuration changes
 - Docker/Podman support for easy deployment
 
+
+## API & Dashboard
+
+GoUp includes a built-in REST API and a Web Dashboard for management.
+**By default, these are disabled for security reasons.**
+
+To enable them, edit your global configuration file (`~/.config/goup/conf.global.json`) and configure the `account` section to secure them.
+
+### Authentication
+
+Security is mandatory when enabling the API/Dashboard. GoUp uses:
+- **Basic Auth** for the Dashboard.
+- **Token Auth** for the API.
+
+Configuration example:
+
+```json
+{
+  "account": {
+    "username": "admin",
+    "password_hash": "$2a$12$R9h/cIPz0gi.URNNXMnmueKz3hJ...", // BCrypt hash
+    "api_token": "your-secret-token-here"
+  },
+  "enable_api": true,
+  "api_port": 6007,
+  "dashboard_port": 6008
+}
+```
+
+> **Note:** You can generate a BCrypt hash using online tools or `htpasswd -Bnm user password`.
+
 ## Compression
 
 GoUp handles compression automatically with a dual-layer strategy:
@@ -142,6 +173,14 @@ goup start --tui
   goup restart // Not implemented yet, use <Ctrl+C> to stop the server and start it again
   ```
 
+- **Generate Password Hash:**
+
+  ```bash
+  goup gen-pass
+  # Or providing the password as argument
+  goup gen-pass mysecretpassword
+  ```
+
 ## Configuration
 
 ### Site Configuration Structure

internal/cli/cli.go

@@ -10,6 +10,8 @@ import (
 	"github.com/mirkobrombin/goup/internal/plugin"
 	"github.com/mirkobrombin/goup/internal/server"
 	"github.com/spf13/cobra"
+	"golang.org/x/crypto/bcrypt"
+	"golang.org/x/term"
 )
 
 var tuiMode bool
@@ -33,14 +35,17 @@ func Execute() {
 
 func init() {
 	rootCmd.AddCommand(generateCmd)
+	rootCmd.AddCommand(genPassCmd)
 	rootCmd.AddCommand(startCmd)
 	rootCmd.AddCommand(validateCmd)
 	rootCmd.AddCommand(listCmd)
 	rootCmd.AddCommand(pluginsCmd)
 
 	startCmd.Flags().BoolVarP(&tuiMode, "tui", "t", false, "Enable TUI mode")
 	startCmd.Flags().BoolVarP(&benchMode, "bench", "b", false, "Enable benchmark mode")
-	startCmd.Flags().StringVarP(&configPath, "config", "c", "", "Path to specific configuration file")
+
+	// Global flags
+	rootCmd.PersistentFlags().StringVarP(&configPath, "config", "c", "", "Path to specific configuration file")
 }
 
 var generateCmd = &cobra.Command{
@@ -242,3 +247,37 @@ var pluginsCmd = &cobra.Command{
 		}
 	},
 }
+
+// genPassCmd generates a Bcrypt password hash.
+var genPassCmd = &cobra.Command{
+	Use:   "gen-pass [password]",
+	Short: "Generate a Bcrypt hash for a password",
+	Long:  `Generate a Bcrypt hash for a password. If no password is provided as an argument, you will be prompted to enter one securely.`,
+	Args:  cobra.MaximumNArgs(1),
+	Run:   genPass,
+}
+
+func genPass(cmd *cobra.Command, args []string) {
+	var password []byte
+	var err error
+
+	if len(args) > 0 {
+		password = []byte(args[0])
+	} else {
+		fmt.Print("Enter Password: ")
+		password, err = term.ReadPassword(int(os.Stdin.Fd()))
+		fmt.Println() // Add newline after silent input
+		if err != nil {
+			fmt.Printf("Error reading password: %v\n", err)
+			os.Exit(1)
+		}
+	}
+
+	hash, err := bcrypt.GenerateFromPassword(password, bcrypt.DefaultCost)
+	if err != nil {
+		fmt.Printf("Error generating hash: %v\n", err)
+		os.Exit(1)
+	}
+
+	fmt.Println(string(hash))
+}

internal/config/global_config.go

@@ -40,9 +40,9 @@ func LoadGlobalConfig() error {
 	configFile := filepath.Join(configDir, globalConfName)
 	if _, err := os.Stat(configFile); os.IsNotExist(err) {
 		GlobalConf = &GlobalConfig{
-			EnableAPI:      true,
+			EnableAPI:      false,
 			APIPort:        6007,
-			DashboardPort:  6008,
+			DashboardPort:  0, // Disabled by default
 			EnabledPlugins: []string{},
 		}
 		return nil