Skip to content

Latest commit

 

History

History
153 lines (107 loc) · 6.52 KB

README.en.md

File metadata and controls

153 lines (107 loc) · 6.52 KB

Bonsai

A family wiki and photoalbum engine.

Features

  • Pages with Markdown text
  • Media files: photos, videos (PDF documents will be supported later)
  • Person tags on photos
  • Relations: validation, inferrence
  • Fact storage (birthday, gender, blood type, languages, hobbies, etc.)
  • Access control: editor, reader and guest roles
  • Changesets: browse changes to any page/media, see diffs, easily revert if necessary

Screenshots

Front-end:

Admin panel:

Installation via Docker

  1. Download the docker-compose.lite.yml.

  2. Set the locale to English:

    Modify docker-compose.lite.yml: Change Locale=ru-RU to Locale=en-US.

  3. Optional:

    Configure your Bonsai instance to use HTTPS for better security.

    You can use any vendor-specific options: e.g. Cloudflare Tunnel (free, fairly easy to configure, but requires a domain), Synology DDNS (free, very easy, requires a Synology NAS device), etc.

    This requires a bit of work, so if you just want to give Bonsai a quick spin - feel free to skip or postpone this one and the next.

  4. Optional:

    Create a Google Authorization app (or Yandex / VK.com).

    Modify docker-compose.lite.yml:

    • Save Google authorization credentials to Auth__Google__ClientId and Auth__Google__ClientSecret config properties
    • Set Auth__AllowPasswordAuth=false if you want to disable the less-secure password authorization
  5. Bring everything up using docker compose:

    docker-compose -f docker-compose.lite.yml up -d
    
  6. After everything is brought up Bonsai will listen on port 8080.

Development (on Windows)

For development, you will need the following:

  • .NET 9: the main runtime for Bonsai
  1. Install NodeJS 14

  2. Download ffmpeg shared binaries for your system and extract the archive's contents into External/ffmpeg folder in the solution root (must contain both ffmpeg and ffprobe executables).

  3. Create a file called appsettings.Development.json, add the connection string:

    {
      "ConnectionStrings": {
        "EmbeddedDatabase": "Data Source=App_Data/bonsai.db",
        "UseEmbeddedDatabase": true
      },
      "Auth": {
        "AllowPasswordAuth": true
      } 
    }
    
  4. Optional, but suggested:

    Create a Google Authorization App (or Yandex / VK.com).

    Add the retrieved authorization credentials to the appsettings.Development.json and set AllowPasswordAuth to false:

    {
        "Auth": {
            "AllowPasswordAuth": false,
            "Google": {
              "ClientId": "<...>",
              "ClientSecret": "<...>" 
            },
            "Yandex": {
              "ClientId": "<...>",
              "ClientSecret": "<...>" 
            },
            "Vkontakte": {
              "ClientId": "<...>",
              "ClientSecret": "<...>" 
            }
        }
    }
    
  5. Create the database:

    dotnet ef database update
    
  6. Build the styles and scripts:

    npm install
    npm run build
    
  7. Run the app (as Visual Studio project or using dotnet run).

Security considerations

Data backup

If you value the data that you store in Bonsai, make sure that you SET UP BACKUPS.

You will need to back up the following:

  • Database (approximately tens of megabytes)
  • Uploaded media in wwwroot/media (may contain gigabytes of data)

There are many options available, free and paid: uploading to a cloud storage, copying to external drives, etc. Please consider your usage/budget and select a combination that works best for you.

Authorization methods

Bonsai features two authorization methods: OAuth and password authorization.

OAuth is the preferred method: it's easier to use for end users, more secure and versatile. Please use the OAuth method if you can! For OAuth, you will need to create an authorization app on Google, Vkontakte, or Yandex as described in the installation steps. You can enable multiple authorization apps at the same time: users will pick the one they prefer.

As a fallback, you can also create an account with classic login/password authorization. It can be used for two purposes:

  • Playing around with Bonsai (easier to set up: no auth app and https configuration required)
  • Giving access to elder family members who don't have a social network account

Please keep the following facts in mind:

  • Any user account can only have one authorization method: password, or Facebook, or Google, etc.
  • It is not possible to change the authorization type for an account once it has been created.
  • Password-based accounts can be locked out if there are too many consecutive failed login attempts.
  • Account password can only be reset by an administrator manually. If you only have one admin account, it is password-based, and the password is lost - there's no way to regain access besides direct database manipulation!