busya
274510fc38
- Replaced @TIER: TRIVIAL with @COMPLEXITY: 1 - Replaced @TIER: STANDARD with @COMPLEXITY: 3 - Replaced @TIER: CRITICAL with @COMPLEXITY: 5 - Manually elevated specific critical/complex components to levels 2 and 4 - Ignored legacy, specs, and node_modules directories - Updated generated semantic map
94 lines
3.3 KiB
Python
94 lines
3.3 KiB
Python
# [DEF:backend.src.scripts.create_admin:Module]
|
|
#
|
|
# @COMPLEXITY: 3
|
|
# @SEMANTICS: admin, setup, user, auth, cli
|
|
# @PURPOSE: CLI tool for creating the initial admin user.
|
|
# @LAYER: Scripts
|
|
# @RELATION: USES -> backend.src.core.auth.security
|
|
# @RELATION: USES -> backend.src.core.database
|
|
# @RELATION: USES -> backend.src.models.auth
|
|
#
|
|
# @INVARIANT: Admin user must have the "Admin" role.
|
|
|
|
# [SECTION: IMPORTS]
|
|
import sys
|
|
import argparse
|
|
from pathlib import Path
|
|
|
|
# Add src to path
|
|
sys.path.append(str(Path(__file__).parent.parent.parent))
|
|
|
|
from src.core.database import AuthSessionLocal, init_db
|
|
from src.core.auth.security import get_password_hash
|
|
from src.models.auth import User, Role
|
|
from src.core.logger import logger, belief_scope
|
|
# [/SECTION]
|
|
|
|
# [DEF:create_admin:Function]
|
|
# @PURPOSE: Creates an admin user and necessary roles/permissions.
|
|
# @PRE: username and password provided via CLI.
|
|
# @POST: Admin user exists in auth.db.
|
|
#
|
|
# @PARAM: username (str) - Admin username.
|
|
# @PARAM: password (str) - Admin password.
|
|
# @PARAM: email (str | None) - Optional admin email.
|
|
def create_admin(username, password, email=None):
|
|
with belief_scope("create_admin"):
|
|
db = AuthSessionLocal()
|
|
try:
|
|
normalized_email = email.strip() if isinstance(email, str) and email.strip() else None
|
|
|
|
# 1. Ensure Admin role exists
|
|
admin_role = db.query(Role).filter(Role.name == "Admin").first()
|
|
if not admin_role:
|
|
logger.info("Creating Admin role...")
|
|
admin_role = Role(name="Admin", description="System Administrator")
|
|
db.add(admin_role)
|
|
db.commit()
|
|
db.refresh(admin_role)
|
|
|
|
# 2. Check if user already exists
|
|
existing_user = db.query(User).filter(User.username == username).first()
|
|
if existing_user:
|
|
logger.warning(f"User {username} already exists.")
|
|
return "exists"
|
|
|
|
# 3. Create Admin user
|
|
logger.info(f"Creating admin user: {username}")
|
|
new_user = User(
|
|
username=username,
|
|
email=normalized_email,
|
|
password_hash=get_password_hash(password),
|
|
auth_source="LOCAL",
|
|
is_active=True
|
|
)
|
|
new_user.roles.append(admin_role)
|
|
db.add(new_user)
|
|
db.commit()
|
|
logger.info(f"Admin user {username} created successfully.")
|
|
return "created"
|
|
|
|
except Exception as e:
|
|
logger.error(f"Failed to create admin user: {e}")
|
|
db.rollback()
|
|
raise
|
|
finally:
|
|
db.close()
|
|
# [/DEF:create_admin:Function]
|
|
|
|
if __name__ == "__main__":
|
|
parser = argparse.ArgumentParser(description="Create initial admin user")
|
|
parser.add_argument("--username", required=True, help="Admin username")
|
|
parser.add_argument("--password", required=True, help="Admin password")
|
|
parser.add_argument("--email", required=False, help="Admin email")
|
|
args = parser.parse_args()
|
|
|
|
try:
|
|
# Ensure DB is initialized before creating admin
|
|
init_db()
|
|
create_admin(args.username, args.password, args.email)
|
|
sys.exit(0)
|
|
except Exception:
|
|
sys.exit(1)
|
|
|
|
# [/DEF:backend.src.scripts.create_admin:Module] |