NodeAuth Wiki

English

简体中文

English

简体中文

Appearance

Automatic Cloud Backup

Off-site redundant backup is the last line of defense against extreme risks. NodeAuth supports multi-channel automatic synchronization, ensuring your 2FA assets can be recovered with one click in any situation.

📧 Configure SMTP Email (Most Universal)

This is the most common off-site backup method. You can automatically send encrypted backup packages to your work or private email.

  1. SMTP Server: e.g., smtp.gmail.com or smtp.qq.com.
  2. Port: Usually 465 (SSL) or 587 (TLS).
  3. Account & App Password: Enter your email address and third-party app authorization code (note: this is not your login password).
  4. Recipient: It is recommended to set this to your most commonly used backup email.

🤖 Configure Telegram Backup (Most Convenient)

The Telegram Bot-based backup method is both real-time and visually intuitive:

  1. Contact @BotFather to create a bot and get a Bot Token.
  2. Send a message to your new bot from the Telegram account you want to receive backups on (Important).
  3. Get your personal Chat ID via @userinfobot.
  4. Enter these two items in the NodeAuth settings.
  5. Advantages: You can send encrypted backup packages to Telegram at any time via the bot, essentially having a private off-site backup library at your fingertips.

🪣 Configure S3 / R2 Cloud Storage (Geek's Choice)

  1. Endpoint: Your S3 endpoint (e.g., https://xxx.r2.cloudflarestorage.com).
  2. Bucket: Storage bucket name.
  3. Access Key / Secret Key: API access credentials.
  4. Region: Enter the corresponding region (e.g., auto).

🐙 Configure GitHub (Version Control Aficionados)

Utilize a private GitHub repository to save encrypted backup data, supporting full version control history (Git-based).

  1. Create a Private Repository to store backups on GitHub (e.g., nodeauth-backup).
  2. Go to Settings -> Developer settings -> Personal access tokens -> Tokens (classic).
  3. Click "Generate new token (classic)", set an appropriate expiration, and strictly check the repo scope (gives full control of private repositories).
  4. Save and copy the generated Personal Access Token.
Click to view: Steps to get Personal Access Token

  1. In NodeAuth, fill in respectively:
    • Personal Access Token (the key you just copied)
    • Repository Owner (your GitHub username)
    • Repository Name (the newly created private repo name)
    • Branch Name (e.g., main or master)
    • Save Directory (the path to store in the cloud, e.g., /)

☁️ Configure WebDAV (Private Cloud Users)

Suitable for Synology, QNAP, Nutstore, or Alist users:

  1. URL: Your WebDAV mount point address.
  2. Directory: Specify the storage folder (e.g., /backup/nodeauth/).
  3. Authentication: Enter your WebDAV account and password.

🔼 Configure Google Drive

  • Private Storage: Uses appDataFolder isolation by default.

  • Low Latency: Synchronizes extremely fast thanks to Cloudflare's global backbone network.

  • 🛠️ Configuration Guide:

    1. Visit Google Cloud Console to create a project and enable the Google Drive API.
    2. Create "OAuth consent screen" (Brand information) and enter information as required.
    3. Create "OAuth 2.0 Client ID" (Web application) and set the redirect URI: https://your-domain.com/api/backups/oauth/google/callback.
    4. Get your Client ID and Client Secret.
    5. In "OAuth consent screen" -> "Publish App".
    6. Configure Environment Variables: Fill them into your deployment platform's "Environment Variables" or "Secrets" (refer to the Env Guide for details):
      • OAUTH_GOOGLE_CLIENT_ID
      • OAUTH_GOOGLE_CLIENT_SECRET
      • OAUTH_GOOGLE_BACKUP_REDIRECT_URI : https://your-domain.com/api/backups/oauth/google/callback
    Click to view: Detailed configuration steps with screenshots













🔼 Configure Microsoft OneDrive

  • High Stability: Uses Microsoft Graph API chunked uploading, supporting large capacity backups.

  • 🛠️ Configuration Guide:

    1. Visit Azure App Registration to register an app (Note: Personal accounts are not supported; requires M365 Developer Program or Azure).
    2. Select Web for "Redirect URI" and enter: https://your-domain.com/api/backups/oauth/microsoft/callback.
    3. Get your Client Secret.
    4. Add "API Permissions" Files.ReadWrite.AppFolder and offline_access and grant consent.
    5. Configure Environment Variables: Fill them into your deployment platform's "Environment Variables" or "Secrets" (refer to the Env Guide for details):
      • OAUTH_MICROSOFT_CLIENT_ID
      • OAUTH_MICROSOFT_CLIENT_SECRET
      • OAUTH_MICROSOFT_BACKUP_REDIRECT_URI : https://your-domain.com/api/backups/oauth/microsoft/callback
    Click to view: Detailed configuration steps with screenshots






🔼 Configure Dropbox

  • Minimalist Experience: Fast API response, suitable for users seeking maximum speed.

  • 🛠️ Configuration Guide:

    1. Visit Dropbox App Console and select Scoped access -> App folder.
    2. Enter in Redirect URIs: https://your-domain.com/api/backups/oauth/dropbox/callback.
    3. Permissions 勾选 files.content.write, files.content.read, files.metadata.read
    4. Configure Environment Variables: Fill them into your deployment platform's "Environment Variables" or "Secrets" (refer to the Env Guide for details):
      • OAUTH_DROPBOX_CLIENT_ID
      • OAUTH_DROPBOX_CLIENT_SECRET
      • OAUTH_DROPBOX_BACKUP_REDIRECT_URI : https://your-domain.com/api/backups/oauth/dropbox/callback
    Click to view: Detailed configuration steps with screenshots


🔼 Configure Baidu Netdisk

  • Domestic Friendly: Specially adapted for users in mainland China, guaranteed by official certification.
  • 🛠️ Configuration Guide:
    1. Visit Baidu Open Platform Console and create a "Hardware/Software Integrated" application.
    2. Enter the callback address in "Security Settings": https://your-domain.com/api/backups/oauth/baidu/callback.
    3. Enable "Netdisk Basic Service" permissions.
    4. Configure Environment Variables: Fill them into your deployment platform's "Environment Variables" or "Secrets" (refer to the Env Guide for details):
      • OAUTH_BAIDU_CLIENT_ID
      • OAUTH_BAIDU_CLIENT_SECRET
      • OAUTH_BAIDU_BACKUP_REDIRECT_URI : https://your-domain.com/api/backups/oauth/baidu/callback

🔑 Secure OAuth Authorization Flow

  1. Go to "Data Management" -> "Cloud Backup Settings".
  2. Select your cloud drive icon and click "Connect XX to Authorize".
  3. In the official authorization page that pops up, complete the authorization process.
  4. Token Auto-refresh: As long as the permission is not revoked, the system will automatically sync via the Refresh Token without repeating authorization.

🛡️ Backup Strategy & Security Check

  • Double Encryption: All backup packages are secondary-encrypted with a "backup decryption password". Even if the cloud drive is compromised, the data remains unreadable.
  • Redundancy & Conflict Resolution: Uses version_timestamp logic to ensure data is not overwritten when multiple devices are writing.
  • Retention Control: Set the number of recent backups to keep (N); the system will automatically clean up expired copies.

TIP

Off-site Disaster Retrieval: If you download an encrypted backup file from the cloud (like Telegram or S3) but cannot access your NodeAuth instance, refer to the Offline Decryption Guide for instructions on using scripts for offline data extraction.

Open sourced under GNU AGPL v3 License

Copyright © 2026 NodeAuth