feat: Add setup token security for initial server setup

- Add setupTokens database table with proper schema - Implement setup token generation on first server startup - Add token validation endpoint and modify admin creation - Update initial setup page to require setup token - Add migration scripts for both SQLite and PostgreSQL - Add internationalization support for setup token fields - Implement proper error handling and logging - Add CLI command for resetting user security keys This prevents unauthorized access during initial server setup by requiring a token that is generated and displayed in the server console.
2025-08-29 06:08:15 +02:00 · 2025-08-03 21:17:18 +08:00 · 2025-08-03 21:17:18 +08:00 · 69baa6785f
commit 69baa6785f
parent 84268e484d
15 changed files with 322 additions and 115 deletions
--- a/server/setup/scriptsSqlite/1.9.0.ts
+++ b/server/setup/scriptsSqlite/1.9.0.ts
@ -0,0 +1,35 @@
+import { APP_PATH } from "@server/lib/consts";
+import Database from "better-sqlite3";
+import path from "path";
+
+const version = "1.9.0";
+
+export default async function migration() {
+    console.log(`Running setup script ${version}...`);
+
+    const location = path.join(APP_PATH, "db", "db.sqlite");
+    const db = new Database(location);
+
+    try {
+        db.pragma("foreign_keys = OFF");
+
+        db.transaction(() => {
+            db.exec(`
+                CREATE TABLE 'setupTokens' (
+                    'tokenId' text PRIMARY KEY NOT NULL,
+                    'token' text NOT NULL,
+                    'used' integer DEFAULT 0 NOT NULL,
+                    'dateCreated' text NOT NULL,
+                    'dateUsed' text
+                );
+            `);
+        })();
+
+        db.pragma("foreign_keys = ON");
+
+        console.log(`Added setupTokens table`);
+    } catch (e) {
+        console.log("Unable to add setupTokens table:", e);
+        throw e;
+    }
+}