Improve documentation on password hash (#1901)

* Improve documentation on password hash

* Change branch name

* Add single quote docker run info

* Tag versions, docker run version

* separate docker run and compose

---------

Co-authored-by: Bernd Storath <32197462+kaaax0815@users.noreply.github.com>

How_to_generate_an_bcrypt_hash.md

@@ -1,28 +1,45 @@
-# wg-password
+# Generating bcrypt-hashed password
 
-`wg-password` (wgpw) is a script that generates bcrypt password hashes for use with `wg-easy`, enhancing security by requiring passwords.
+With version 14 of wg-easy, a password hashed with bcrypt is needed instead of the plain-text password string. This doc explains how to generate the hash based on a plain-text password.
 
-## Features
+## Using Docker + node
 
-- Generate bcrypt password hashes.
+- You are using docker compose
-- Easily integrate with `wg-easy` to enforce password requirements.
 
-## Usage with Docker
+    The easiest way to generate a bcrypt password hash with wgpw is using docker and node:
 
-To generate a bcrypt password hash using docker, run the following command :
+    ```sh
+    docker run ghcr.io/wg-easy/wg-easy:14 node -e 'const bcrypt = require("bcryptjs"); const hash = bcrypt.hashSync("YOUR_PASSWORD", 10); console.log(hash.replace(/\$/g, "$$$$"));'
+    ```
+
+    The hashed password will get printed on your terminal. Copy it and use on the `PASSWORD_HASH` environment variable in your docker compose.
+
+- You are using `docker run`
+
+    If you are using `docker run` for running wg-easy, you must enclose the hash string in single quotes (`'...'`). You can use this command:
+
+    ```sh
+    docker run --rm ghcr.io/wg-easy/wg-easy:14 node -e "const bcrypt = require('bcryptjs'); const hash = bcrypt.hashSync('YOUR_PASSWORD', 10); console.log('\'' + hash + '\'');"
+    ```
+
+    The hashed password will get printed on your terminal. Copy it and use on the `PASSWORD_HASH` environment variable in your docker run command.
+
+## Using Docker + wgpw
+
+`wg-password` (wgpw) is a script that generates bcrypt password hashes. You can use it with docker:
+
+```sh
+docker run ghcr.io/wg-easy/wg-easy:14 wgpw YOUR_PASSWORD
+```
+
+You will see an output similar to this:
 
 ```sh
-docker run ghcr.io/wg-easy/wg-easy wgpw YOUR_PASSWORD
+PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW'
-PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW' // literally YOUR_PASSWORD
 ```
 
-*Important* : make sure to enclose your password in single quotes when you run `docker run` command :
+In this example, the `$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW` string is your hashed password. For using it with docker-compose, you need to escape each `$` characters by adding another `$` before them, or they will get interpreted as variables. The final password you can use in docker-compose will look like this:
 
-```bash
+```sh
-$ echo $2b$12$coPqCsPtcF
+$$2b$$12$$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW
-b2
-$ echo "$2b$12$coPqCsPtcF"
-b2
-$ echo '$2b$12$coPqCsPtcF'
-$2b$12$coPqCsPtcF
 ```

src/lib/Server.js

@@ -308,7 +308,7 @@ module.exports = class Server {
     );
 
     if (PASSWORD) {
-      throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/master/How_to_generate_an_bcrypt_hash.md');
+      throw new Error('DO NOT USE PASSWORD ENVIRONMENT VARIABLE. USE PASSWORD_HASH INSTEAD.\nSee https://github.com/wg-easy/wg-easy/blob/v14/How_to_generate_an_bcrypt_hash.md');
     }
 
     createServer(toNodeListener(app)).listen(PORT, WEBUI_HOST);