From 8f278e6a133f202bcdf2354cd27ec36c65c6866a Mon Sep 17 00:00:00 2001
From: duthink <duthinkcom@gmail.com>
Date: Sat, 18 Oct 2025 14:24:56 +0530
Subject: [PATCH] fix: enhance validation for HASHED_PASSWORD in production
 environment script add: production/production.yaml to gitignore

---
 .gitignore                         | 1 +
 production/scripts/validate-env.sh | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/.gitignore b/.gitignore
index 9384fe9c..a8bf41df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,4 @@ production/*.env
 production/generated-compose.yaml
 production/logs/
 production/backups/
+production/production.yaml
diff --git a/production/scripts/validate-env.sh b/production/scripts/validate-env.sh
index 8d220805..b17da02d 100755
--- a/production/scripts/validate-env.sh
+++ b/production/scripts/validate-env.sh
@@ -176,6 +176,13 @@ EOF
             echo "  Generate with: openssl passwd -apr1 yourpassword"
         fi
         
+        # Check if HASHED_PASSWORD has username prefix (it shouldn't)
+        if [[ -n "$hashed_password" ]] && echo "$hashed_password" | grep -q "^admin:"; then
+            echo_error "HASHED_PASSWORD should NOT include 'admin:' prefix"
+            echo_warn "Remove 'admin:' from the hash in traefik.env"
+            echo_warn "The compose file adds it automatically"
+        fi
+        
         # Check domain format
         local traefik_domain
         traefik_domain=$(get_env_value "traefik.env" "TRAEFIK_DOMAIN")