ObsWiki

A secure, Obsidian-style markdown wiki server built with Rust. Features authentication, role-based access control, and Obsidian-compatible markdown rendering.

Features

• Obsidian-style markdown rendering with wiki links ([[Page Name]]) and tags (#tag)
• Multi-provider authentication:
  • Local username/password
  • GitHub OAuth
  • Google OAuth (configurable)
  • LDAP (configurable)
• Role-based access control with path-specific permissions
• Real-time search with live search results
• Responsive design with dark/light mode support
• SQLite database for user management and access rules

Quick Start

1. Build the project:

   cargo build --release
   

2. Create configuration:

   cp config.toml.example config.toml
   # Edit config.toml with your settings
   

3. Create wiki directory:

   mkdir wiki
   echo "# Welcome to ObsWiki\n\nThis is your home page!" > wiki/index.md
   

4. Run the server:

   ./target/release/obswiki
   # Or with custom settings:
   ./target/release/obswiki --port 8080 --wiki-path my-wiki
   

5. Access your wiki:

   • Open http://localhost:3000
   • Default admin login: admin / admin123

Configuration

Basic Configuration

Edit config.toml:

[server]
host = "127.0.0.1"
port = 3000
static_dir = "static"

[auth]
jwt_secret = "your-secure-secret-key"
session_timeout = 86400  # 24 hours

[auth.providers]
local = true  # Enable username/password auth

OAuth Configuration

GitHub OAuth

1. Create a GitHub OAuth App:

   • Go to GitHub Settings > Developer settings > OAuth Apps
   • New OAuth App with callback URL: http://localhost:3000/auth/github/callback

2. Add to config.toml:

   [auth.providers.oauth.github]
   client_id = "your_github_client_id"
   client_secret = "your_github_client_secret"
   

Google OAuth

1. Create Google OAuth credentials in Google Cloud Console
2. Add to config.toml:

   [auth.providers.oauth.google]
   client_id = "your_google_client_id"
   client_secret = "your_google_client_secret"
   

LDAP Configuration

[auth.providers.ldap]
server = "ldap://your-ldap-server:389"
bind_dn = "cn=admin,dc=example,dc=com"
bind_password = "admin_password"
user_base = "ou=users,dc=example,dc=com"
user_filter = "(uid={})"

User Management

User Roles

• Admin: Full access, can manage users and access rules
• Editor: Can edit and create pages (subject to access rules)
• Viewer: Read-only access (subject to access rules)

Access Rules

Access rules control which users can access specific paths:

• Path patterns:

  • * - matches everything (default rule)
  • admin/* - matches all pages under admin/
  • private/secrets - matches exact path

• Rule priority: More specific patterns take precedence

Example access rules (automatically created):

• admin/* requires admin role
• private/* requires editor role
• * allows viewer role (public access)

Default Users

The system creates a default admin user:

• Username: admin
• Password: admin123
• ⚠️ Change this password immediately in production!

Wiki Features

Obsidian-Style Markdown

• Wiki links: [[Page Name]] creates links to other pages
• Tags: #programming #rust creates clickable tags
• Frontmatter: YAML metadata support

  ---
  title: "My Page"
  author: "John Doe"
  tags: "example, test"
  ---
  
  # Page Content
  

File Organization

wiki/
├── index.md              # Home page
├── projects/
│   ├── project1.md
│   └── project2.md
└── private/
    └── secrets.md         # Restricted by access rules

Search

• Live search: Search as you type
• Title and content search: Finds matches in both
• Tag search: Use #tagname to search by tags

API Endpoints

Authentication

• POST /auth/login - Local login
• POST /auth/register - Register new user
• GET /auth/github - GitHub OAuth
• GET /auth/github/callback - GitHub OAuth callback

Wiki

• GET /wiki/:path - View page
• GET /api/wiki/:path - Get page JSON
• GET /api/search?q=query - Search pages

Development

Project Structure

src/
├── main.rs           # Entry point
├── auth/             # Authentication & authorization
├── config/           # Configuration management
├── markdown/         # Markdown parsing & rendering
├── models/           # Data models
├── server/           # Web server & routes
└── wiki/             # Wiki service & file management

Running Tests

cargo test

Database Migrations

Migrations run automatically on startup. Database schema:

• users - User accounts and profiles
• sessions - Session management
• access_rules - Path-based access control

Security Features

• JWT-based authentication with configurable expiration
• bcrypt password hashing for local accounts
• HTTPS ready (configure reverse proxy)
• Role-based access control with path-specific rules
• Session management with automatic expiration
• CSRF protection (built into authentication flow)

Production Deployment

Using a Reverse Proxy

Example Nginx configuration:

server {
    listen 80;
    server_name wiki.example.com;
    
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Security Checklist

• Change default admin password
• Set secure JWT secret key
• Use HTTPS in production
• Configure proper OAuth callback URLs
• Set appropriate file permissions on wiki directory
• Regular database backups
• Monitor access logs

Troubleshooting

Common Issues

1. "Permission denied" errors:

   • Check user roles and access rules
   • Verify file system permissions

2. OAuth not working:

   • Verify callback URLs match OAuth app configuration
   • Check client ID and secret

3. Pages not loading:

   • Ensure wiki directory exists and is readable
   • Check file extensions (.md required)

Logs

Enable debug logging:

RUST_LOG=debug ./obswiki

Contributing

1. Fork the repository
2. Create a feature branch
3. Make changes with tests
4. Submit a pull request

License

MIT License - see LICENSE file for details.