test: Add 8 and update 14 files

README.md

@@ -19,6 +19,21 @@ A simple object storage system that stores files with metadata and provides a RE
 - Rate limiting for security
 
 
+## Installation
+
+### Quick Install (Pre-built Binaries)
+
+Download and install both the server and hash utility:
+```bash
+wget -q https://getbin.xyz/simple-object-server-install:latest -O- | bash
+```
+
+This installs:
+- `simple-object-server` - The main server binary
+- `sos-hash` - Utility for generating bcrypt hashes for authentication tokens
+
+The binaries are installed to `~/.local/bin` (or `/usr/local/bin` if run as root).
+
 ### Running with Docker
 
 ```bash
@@ -70,12 +85,47 @@ curl https://getbin.xyz/simple-object-server-install | bash
 
 The server can be configured by creating a JSON configuration file at `~/.config/simple-object-server/sos_config.json`. Default values are shown below (everything but write tokens), suitable for running in Docker.
 
+### Secure Token Configuration
+
+**IMPORTANT**: The server configuration must contain bcrypt hashes, NOT plaintext tokens. Clients send plaintext tokens, server stores hashes.
+
+#### Step-by-Step Token Setup
+
+1. **Generate a secure random token** (keep this secret - this is what clients will use):
+   ```bash
+   # Generate a strong random token
+   TOKEN=$(openssl rand -base64 32)
+   echo "Save this token for client use: $TOKEN"
+   ```
+
+2. **Hash the token for server configuration** using the `sos-hash` utility:
+   ```bash
+   # If you installed via the quick install method, use:
+   sos-hash
+   Enter token to hash: [paste your token here]
+   
+   # Or pipe it directly
+   echo "$TOKEN" | sos-hash -q
+   
+   # Or generate both token and hash at once
+   sos-hash --generate
+   # This outputs both the plaintext token (for clients) and hash (for config)
+   
+   # If building from source, use:
+   ./output/hash_token
+   ```
+
+3. **Put the HASH (not the token) in your server configuration**:
+
 ```json
 {
     "host": "0.0.0.0",
     "port": 80,
     "storage_path": "/data/storage",
-    "write_tokens": ["your-secret-token"],
+    "write_tokens": [
+        "$2b$12$7d5c2e5f4a3b1e9f8c7b6a5d4e3f2a1b9c8d7e6f5a4b3c2d1e9f8a7b6c5d4e3f"
+        // This is the HASH, not the plaintext token!
+    ],
     "cors": {
         "allowed_origins": ["*"],
         "allowed_methods": ["GET", "PUT", "POST", "DELETE", "OPTIONS"],
@@ -89,6 +139,33 @@ The server can be configured by creating a JSON configuration file at `~/.config
 }
 ```
 
+#### Complete Example
+
+```bash
+# 1. Generate a secure token
+TOKEN=$(openssl rand -base64 32)
+echo "Client token: $TOKEN"
+# Output: Client token: 3ezzqHF9UNcIokHK5AAC1098eaTLLcd5hW2FbOAHP4Q=
+
+# 2. Hash it for the server config (using installed sos-hash)
+HASH=$(echo "$TOKEN" | sos-hash -q)
+echo "Server hash: $HASH"
+# Output: Server hash: $2b$12$...long hash string...
+
+# 3. Put the HASH in sos_config.json (NOT the token!)
+# 4. Clients use the TOKEN (NOT the hash!) in API calls:
+curl -H "Authorization: Bearer $TOKEN" ...
+```
+
+#### Security Notes
+
+- **Never store plaintext tokens** in configuration files
+- **Server config gets the hash**: The bcrypt hash goes in `sos_config.json`
+- **Clients use the plaintext token**: API calls use `Bearer <plaintext-token>`
+- **Use strong tokens**: At least 32 characters of random data
+- **Rotate tokens regularly**: Generate new tokens periodically
+- **Cost factor**: Default is 12, increase for higher security (each increment doubles the computation time)
+
 ## Building
 
 To build output/simple-object-server for the current architecture run: