2025-01-01 21:41:31 -05:00
|
|
|
import { generateId, invalidateAllSessions } from "@server/auth/sessions/app";
|
2024-12-25 15:54:32 -05:00
|
|
|
import { hashPassword, verifyPassword } from "@server/auth/password";
|
2025-01-01 21:41:31 -05:00
|
|
|
import config from "@server/lib/config";
|
2025-06-04 12:02:07 -04:00
|
|
|
import { db } from "@server/db";
|
|
|
|
|
import { users } from "@server/db";
|
2024-12-25 15:54:32 -05:00
|
|
|
import logger from "@server/logger";
|
|
|
|
|
import { eq } from "drizzle-orm";
|
|
|
|
|
import moment from "moment";
|
|
|
|
|
import { fromError } from "zod-validation-error";
|
2025-01-01 21:41:31 -05:00
|
|
|
import { passwordSchema } from "@server/auth/passwordSchema";
|
2025-04-13 17:57:27 -04:00
|
|
|
import { UserType } from "@server/types/UserTypes";
|
2024-12-25 15:54:32 -05:00
|
|
|
|
|
|
|
|
export async function setupServerAdmin() {
|
|
|
|
|
const {
|
|
|
|
|
server_admin: { email, password }
|
2025-01-01 17:50:12 -05:00
|
|
|
} = config.getRawConfig().users;
|
2024-12-25 15:54:32 -05:00
|
|
|
|
|
|
|
|
const parsed = passwordSchema.safeParse(password);
|
|
|
|
|
|
|
|
|
|
if (!parsed.success) {
|
|
|
|
|
throw Error(
|
|
|
|
|
`Invalid server admin password: ${fromError(parsed.error).toString()}`
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const passwordHash = await hashPassword(password);
|
|
|
|
|
|
|
|
|
|
await db.transaction(async (trx) => {
|
|
|
|
|
try {
|
|
|
|
|
const [existing] = await trx
|
|
|
|
|
.select()
|
|
|
|
|
.from(users)
|
2025-03-31 15:02:26 -04:00
|
|
|
.where(eq(users.serverAdmin, true));
|
2024-12-25 15:54:32 -05:00
|
|
|
|
|
|
|
|
if (existing) {
|
|
|
|
|
const passwordChanged = !(await verifyPassword(
|
|
|
|
|
password,
|
2025-04-13 17:57:27 -04:00
|
|
|
existing.passwordHash!
|
2024-12-25 15:54:32 -05:00
|
|
|
));
|
|
|
|
|
|
|
|
|
|
if (passwordChanged) {
|
|
|
|
|
await trx
|
|
|
|
|
.update(users)
|
|
|
|
|
.set({ passwordHash })
|
2024-12-26 11:43:02 -05:00
|
|
|
.where(eq(users.userId, existing.userId));
|
2024-12-25 15:54:32 -05:00
|
|
|
|
|
|
|
|
// this isn't using the transaction, but it's probably fine
|
|
|
|
|
await invalidateAllSessions(existing.userId);
|
|
|
|
|
|
2025-03-31 15:02:26 -04:00
|
|
|
logger.info(`Server admin password updated`);
|
2024-12-25 15:54:32 -05:00
|
|
|
}
|
|
|
|
|
|
2025-03-31 15:02:26 -04:00
|
|
|
if (existing.email !== email) {
|
|
|
|
|
await trx
|
|
|
|
|
.update(users)
|
|
|
|
|
.set({ email })
|
|
|
|
|
.where(eq(users.userId, existing.userId));
|
|
|
|
|
|
|
|
|
|
logger.info(`Server admin email updated`);
|
2024-12-25 15:54:32 -05:00
|
|
|
}
|
2025-03-31 15:02:26 -04:00
|
|
|
} else {
|
|
|
|
|
const userId = generateId(15);
|
2024-12-25 15:54:32 -05:00
|
|
|
|
|
|
|
|
await trx.update(users).set({ serverAdmin: false });
|
|
|
|
|
|
2025-03-31 15:02:26 -04:00
|
|
|
await db.insert(users).values({
|
|
|
|
|
userId: userId,
|
|
|
|
|
email: email,
|
2025-04-13 17:57:27 -04:00
|
|
|
type: UserType.Internal,
|
|
|
|
|
username: email,
|
2025-03-31 15:02:26 -04:00
|
|
|
passwordHash,
|
|
|
|
|
dateCreated: moment().toISOString(),
|
|
|
|
|
serverAdmin: true,
|
|
|
|
|
emailVerified: true
|
|
|
|
|
});
|
2024-12-25 15:54:32 -05:00
|
|
|
|
2025-03-31 15:02:26 -04:00
|
|
|
logger.info(`Server admin created`);
|
2024-12-25 15:54:32 -05:00
|
|
|
}
|
|
|
|
|
} catch (e) {
|
|
|
|
|
logger.error(e);
|
|
|
|
|
trx.rollback();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
}
|
