Merge branch 'main' of https://github.com/fosrl/pangolin

2025-07-31 16:14:46 +02:00 · 2024-12-25 15:58:46 -05:00 · 2024-12-25 15:58:46 -05:00 · 907504eefb
commit 907504eefb
parent 25a724f453 4cdaa9b588
29 changed files with 411 additions and 254 deletions
--- a/server/setup/copyInConfig.ts
+++ b/server/setup/copyInConfig.ts
@ -7,9 +7,9 @@ import logger from "@server/logger";
 export async function copyInConfig() {
    // create a url from config.app.base_url and get the hostname
    const domain = new URL(config.app.base_url).hostname;
-    
+
    // update the domain on all of the orgs where the domain is not equal to the new domain
    // TODO: eventually each org could have a unique domain that we do not want to overwrite, so this will be unnecessary
    await db.update(orgs).set({ domain }).where(ne(orgs.domain, domain));
-    logger.debug("Updated orgs with new domain");
-}
+    logger.info(`Updated orgs with new domain (${domain})`);
+}
--- a/server/setup/ensureActions.ts
+++ b/server/setup/ensureActions.ts
@ -36,7 +36,7 @@ export async function ensureActions() {
                    defaultRoles.map((role) => ({
                        roleId: role.roleId!,
                        actionId,
-                        orgId: role.orgId!,
+                        orgId: role.orgId!
                    }))
                )
                .execute();
@ -68,7 +68,7 @@ export async function createAdminRole(orgId: string) {
            orgId,
            isAdmin: true,
            name: "Admin",
-            description: "Admin role with the most permissions",
+            description: "Admin role with the most permissions"
        })
        .returning({ roleId: roles.roleId })
        .execute();
@ -92,7 +92,7 @@ export async function createAdminRole(orgId: string) {
            actionIds.map((action) => ({
                roleId,
                actionId: action.actionId,
-                orgId,
+                orgId
            }))
        )
        .execute();
--- a/server/setup/index.ts
+++ b/server/setup/index.ts
@ -2,10 +2,17 @@ import { ensureActions } from "./ensureActions";
 import { copyInConfig } from "./copyInConfig";
 import logger from "@server/logger";
 import { runMigrations } from "./migrations";
+import { setupServerAdmin } from "./setupServerAdmin";

 export async function runSetupFunctions() {
-    logger.info(`Setup for version ${process.env.APP_VERSION}`);
-    await runMigrations(); // run the migrations       
-    await ensureActions(); // make sure all of the actions are in the db and the roles
-    await copyInConfig(); // copy in the config to the db as needed
-}
+    try {
+        logger.info(`Setup for version ${process.env.APP_VERSION}`);
+        await runMigrations(); // run the migrations
+        await copyInConfig(); // copy in the config to the db as needed
+        await setupServerAdmin();
+        await ensureActions(); // make sure all of the actions are in the db and the roles
+    } catch (error) {
+        logger.error("Error running setup functions", error);
+        process.exit(1);
+    }
+}
--- a/server/setup/setupServerAdmin.ts
+++ b/server/setup/setupServerAdmin.ts
@ -0,0 +1,86 @@
+import { generateId, invalidateAllSessions } from "@server/auth";
+import { hashPassword, verifyPassword } from "@server/auth/password";
+import { passwordSchema } from "@server/auth/passwordSchema";
+import config from "@server/config";
+import db from "@server/db";
+import { users } from "@server/db/schema";
+import logger from "@server/logger";
+import { eq } from "drizzle-orm";
+import moment from "moment";
+import { fromError } from "zod-validation-error";
+
+export async function setupServerAdmin() {
+    const {
+        server_admin: { email, password }
+    } = config.users;
+
+    const parsed = passwordSchema.safeParse(password);
+
+    if (!parsed.success) {
+        throw Error(
+            `Invalid server admin password: ${fromError(parsed.error).toString()}`
+        );
+    }
+
+    const passwordHash = await hashPassword(password);
+
+    await db.transaction(async (trx) => {
+        try {
+            const [existing] = await trx
+                .select()
+                .from(users)
+                .where(eq(users.email, email));
+
+            if (existing) {
+                const passwordChanged = !(await verifyPassword(
+                    password,
+                    existing.passwordHash
+                ));
+
+                if (passwordChanged) {
+                    await trx
+                        .update(users)
+                        .set({ passwordHash })
+                        .where(eq(users.email, email));
+
+                    // this isn't using the transaction, but it's probably fine
+                    await invalidateAllSessions(existing.userId);
+
+                    logger.info(`Server admin (${email}) password updated`);
+                }
+
+                if (existing.serverAdmin) {
+                    return;
+                }
+
+                await trx.update(users).set({ serverAdmin: false });
+
+                await trx
+                    .update(users)
+                    .set({
+                        serverAdmin: true
+                    })
+                    .where(eq(users.email, email));
+
+                logger.info(`Server admin (${email}) updated`);
+                return;
+            }
+
+            const userId = generateId(15);
+
+            await db.insert(users).values({
+                userId: userId,
+                email: email,
+                passwordHash,
+                dateCreated: moment().toISOString(),
+                serverAdmin: true,
+                emailVerified: true
+            });
+
+            logger.info(`Server admin (${email}) created`);
+        } catch (e) {
+            logger.error(e);
+            trx.rollback();
+        }
+    });
+}