obswiki/README.md

# ObsWiki

A secure, Obsidian-style markdown wiki server built with Rust. Features authentication, role-based access control, and Obsidian-compatible markdown rendering.

## Features

- **Obsidian-style markdown rendering** with wiki links (`[[Page Name]]`) and tags (`#tag`)
- **Multi-provider authentication**:
  - Local username/password
  - GitHub OAuth
  - Google OAuth (configurable)
  - LDAP (configurable)
- **Role-based access control** with path-specific permissions
- **Real-time search** with live search results
- **Responsive design** with dark/light mode support
- **SQLite database** for user management and access rules

## Quick Start

1. **Build the project**:
   ```bash
   cargo build --release
   ```

2. **Create configuration**:
   ```bash
   cp config.toml.example config.toml
   # Edit config.toml with your settings
   ```

3. **Create wiki directory**:
   ```bash
   mkdir wiki
   echo "# Welcome to ObsWiki\n\nThis is your home page!" > wiki/index.md
   ```

4. **Run the server**:
   ```bash
   ./target/release/obswiki
   # Or with custom settings:
   ./target/release/obswiki --port 8080 --wiki-path my-wiki
   ```

5. **Access your wiki**:
   - Open http://localhost:3000
   - Default admin login: `admin` / `admin123`

## Configuration

### Basic Configuration

Edit `config.toml`:

```toml
[server]
host = "127.0.0.1"
port = 3000
static_dir = "static"

[auth]
jwt_secret = "your-secure-secret-key"
session_timeout = 86400  # 24 hours

[auth.providers]
local = true  # Enable username/password auth
```

### OAuth Configuration

#### GitHub OAuth

1. Create a GitHub OAuth App:
   - Go to GitHub Settings > Developer settings > OAuth Apps
   - New OAuth App with callback URL: `http://localhost:3000/auth/github/callback`

2. Add to config.toml:
   ```toml
   [auth.providers.oauth.github]
   client_id = "your_github_client_id"
   client_secret = "your_github_client_secret"
   ```

#### Google OAuth

1. Create Google OAuth credentials in Google Cloud Console
2. Add to config.toml:
   ```toml
   [auth.providers.oauth.google]
   client_id = "your_google_client_id"
   client_secret = "your_google_client_secret"
   ```

### LDAP Configuration

```toml
[auth.providers.ldap]
server = "ldap://your-ldap-server:389"
bind_dn = "cn=admin,dc=example,dc=com"
bind_password = "admin_password"
user_base = "ou=users,dc=example,dc=com"
user_filter = "(uid={})"
```

## User Management

### User Roles

- **Admin**: Full access, can manage users and access rules
- **Editor**: Can edit and create pages (subject to access rules)
- **Viewer**: Read-only access (subject to access rules)

### Access Rules

Access rules control which users can access specific paths:

- **Path patterns**:
  - `*` - matches everything (default rule)
  - `admin/*` - matches all pages under admin/
  - `private/secrets` - matches exact path

- **Rule priority**: More specific patterns take precedence

Example access rules (automatically created):
- `admin/*` requires admin role
- `private/*` requires editor role
- `*` allows viewer role (public access)

### Default Users

The system creates a default admin user:
- Username: `admin`
- Password: `admin123`
- **⚠️ Change this password immediately in production!**

## Wiki Features

### Obsidian-Style Markdown

- **Wiki links**: `[[Page Name]]` creates links to other pages
- **Tags**: `#programming #rust` creates clickable tags
- **Frontmatter**: YAML metadata support
  ```markdown
  ---
  title: "My Page"
  author: "John Doe"
  tags: "example, test"
  ---
  
  # Page Content
  ```

### File Organization

```
wiki/
├── index.md              # Home page
├── projects/
│   ├── project1.md
│   └── project2.md
└── private/
    └── secrets.md         # Restricted by access rules
```

### Search

- **Live search**: Search as you type
- **Title and content search**: Finds matches in both
- **Tag search**: Use `#tagname` to search by tags

## API Endpoints

### Authentication

- `POST /auth/login` - Local login
- `POST /auth/register` - Register new user
- `GET /auth/github` - GitHub OAuth
- `GET /auth/github/callback` - GitHub OAuth callback

### Wiki

- `GET /wiki/:path` - View page
- `GET /api/wiki/:path` - Get page JSON
- `GET /api/search?q=query` - Search pages

## Development

### Project Structure

```
src/
├── main.rs           # Entry point
├── auth/             # Authentication & authorization
├── config/           # Configuration management
├── markdown/         # Markdown parsing & rendering
├── models/           # Data models
├── server/           # Web server & routes
└── wiki/             # Wiki service & file management
```

### Running Tests

```bash
cargo test
```

### Database Migrations

Migrations run automatically on startup. Database schema:

- `users` - User accounts and profiles
- `sessions` - Session management
- `access_rules` - Path-based access control

## Security Features

- **JWT-based authentication** with configurable expiration
- **bcrypt password hashing** for local accounts
- **HTTPS ready** (configure reverse proxy)
- **Role-based access control** with path-specific rules
- **Session management** with automatic expiration
- **CSRF protection** (built into authentication flow)

## Production Deployment

### Using a Reverse Proxy

Example Nginx configuration:

```nginx
server {
    listen 80;
    server_name wiki.example.com;
    
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

### Security Checklist

- [ ] Change default admin password
- [ ] Set secure JWT secret key
- [ ] Use HTTPS in production
- [ ] Configure proper OAuth callback URLs
- [ ] Set appropriate file permissions on wiki directory
- [ ] Regular database backups
- [ ] Monitor access logs

## Troubleshooting

### Common Issues

1. **"Permission denied" errors**:
   - Check user roles and access rules
   - Verify file system permissions

2. **OAuth not working**:
   - Verify callback URLs match OAuth app configuration
   - Check client ID and secret

3. **Pages not loading**:
   - Ensure wiki directory exists and is readable
   - Check file extensions (.md required)

### Logs

Enable debug logging:
```bash
RUST_LOG=debug ./obswiki
```

## Contributing

1. Fork the repository
2. Create a feature branch
3. Make changes with tests
4. Submit a pull request

## License

MIT License - see LICENSE file for details.