tabshift/soul-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify superuser related fields to initial user

Browse Source
This commit is contained in:
AbegaM
2024-02-28 18:27:57 +03:00
parent 23e6230fe8
commit f4c90f5a2a
6 changed files with 33 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.env.sample
View File

@@ -12,8 +12,8 @@ RATE_LIMIT_MAX_REQUESTS=10
JWT_SECRET=ABCD23DCAA
JWT_EXPIRATION_TIME=10H
INITIAL_SUPERUSER_USERNAME=superuser
INITIAL_SUPERUSER_PASSWORD=hevM@3245CD$
INITIAL_USER_USERNAME=<your_username>
INITIAL_USER_PASSWORD=<your_password>
DB=foobar.db

10
README.md
View File

@@ -35,8 +35,8 @@ Options:
-a, --auth Enable authentication and authorization [boolean]
-js, --jwtsecret JWT Secret [string]
-jet, --jwtexpirationtime JWT Expiration Time [string]
-suu, --superuserusername Initial superuser username [string]
-sup, --superuserpassword Initial superuser password [string]
-suu, --superuserusername Initial user username [string]
-sup, --superuserpassword Initial user password [string]
-S, --studio Start Soul Studio in parallel
--help Show help
@@ -63,7 +63,7 @@ To run Soul in auth mode, allowing login and signup features with authorization
Run the Soul command with the necessary parameters:
```
soul --d foobar.db -a -js=<your_jwt_secret_value> -jet=3D -suu=john -sup=<your_password>
soul --d foobar.db -a -js=<your_jwt_secret_value> -jet=3D -iuu=john -iup=<your_password>
```
In this example:
@@ -71,8 +71,8 @@ In this example:
The `-a` flag enables Soul to run in auth mode.
The `-js` flag allows you to pass a JWT secret value for token generation and verification. Replace <your_jwt_secret_value> with your desired secret value.
The `-jet` flag sets the JWT expiration time. In this case, it is set to one day (3D), meaning the tokens will expire after 72 hours. (`jet` is used for the JWT Refresh Token)
The `-suu` flag is used to pass a username for the first superuser
The `--sup` flag is used to pass a password for the first superuser
The `-iuu` flag is used to pass a username for the initial user
The `--iup` flag is used to pass a password for the initial user
**NOTE: It is crucial to securely store a copy of the JWT secret value used in Soul. Once you pass this value, make sure to keep a backup because you will need it every time you restart Soul. Losing this secret value can result in a situation where all of your users are blocked from accessing Soul.**

8
src/cli.js
View File

@@ -67,14 +67,14 @@ if (process.env.NO_CLI !== 'true') {
default: '3D',
demandOption: false,
})
.options('suu', {
alias: 'initialsuperuserusername',
.options('iuu', {
alias: 'initialuserusername',
describe: 'Initial superuser username',
type: 'string',
demandOption: false,
})
.options('sup', {
alias: 'initialsuperuserpassword',
.options('iup', {
alias: 'initialuserpassword',
describe: 'Initial superuser password',
type: 'string',
demandOption: false,

20
src/config/index.js
View File

@@ -33,8 +33,8 @@ const envVarsSchema = Joi.object()
JWT_SECRET: Joi.string().default(null),
JWT_EXPIRATION_TIME: Joi.string().default('1D'),
INITIAL_SUPERUSER_USERNAME: Joi.string(),
INITIAL_SUPERUSER_PASSWORD: Joi.string(),
INITIAL_USER_USERNAME: Joi.string(),
INITIAL_USER_PASSWORD: Joi.string(),
})
.unknown();
@@ -74,12 +74,12 @@ if (argv.jwtexpirationtime) {
env.JWT_EXPIRATION_TIME = argv.jwtexpirationtime;
}
if (argv.initialSuperuserUsername) {
env.INITIAL_SUPERUSER_USERNAME = argv.initialsuperuserssername;
if (argv.initialuserusername) {
env.INITIAL_USER_USERNAME = argv.initialuserusername;
}
if (argv.initialSuperuserPassword) {
env.INITIAL_SUPERUSER_PASSWORD = argv.initialsuperuserpassword;
if (argv.initialuserpassword) {
env.INITIAL_USER_PASSWORD = argv.initialuserpassword;
}
const { value: envVars, error } = envVarsSchema
@@ -112,10 +112,10 @@ module.exports = {
jwtSecret: argv.jwtsecret || envVars.JWT_SECRET,
jwtExpirationTime: argv.jwtexpirationtime || envVars.JWT_EXPIRATION_TIME,
initialSuperuserUsername:
argv.initialsuperuserusername || envVars.INITIAL_SUPERUSER_USERNAME,
initialSuperuserPassword:
argv.initialsuperuserpassword || envVars.INITIAL_SUPERUSER_PASSWORD,
initialUserUsername:
argv.initialuserusername || envVars.INITIAL_USER_USERNAME,
initialUserPassword:
argv.initialuserpassword || envVars.INITIAL_USER_PASSWORD,
rateLimit: {
enabled: argv['rate-limit-enabled'] || envVars.RATE_LIMIT_ENABLED,

22
src/controllers/auth.js
View File

@@ -403,12 +403,10 @@ const changePassword = async (req, res) => {
}
};
const createSuperuser = async () => {
const createInitialUser = async () => {
// extract some fields from the environment variables or from the CLI
const {
initialSuperuserUsername: username,
initialSuperuserPassword: password,
} = config;
const { initialUserUsername: username, initialUserPassword: password } =
config;
try {
// check if there is a superuser in the DB
@@ -422,7 +420,7 @@ const createSuperuser = async () => {
// check if initial superuser username is passed from the env or CLI
if (!username) {
console.error(
'Error: You should pass the superusers username either from the CLI with the --suu or from the environment variable using the INITIAL_SUPERUSER_USERNAME flag',
'Error: You should pass the initial users username either from the CLI with the --iuu or from the environment variable using the INITIAL_USER_USERNAME flag',
);
process.exit(1);
}
@@ -430,7 +428,7 @@ const createSuperuser = async () => {
// check if initial superuser password is passed from the env or CLI
if (!password) {
console.error(
'Error: You should pass the superusers password either from the CLI with the --sup or from the environment variable using the INITIAL_SUPERUSER_PASSWORD flag',
'Error: You should pass the initial users password either from the CLI with the --iup or from the environment variable using the INITIAL_USER_PASSWORD flag',
);
process.exit(1);
}
@@ -444,7 +442,7 @@ const createSuperuser = async () => {
if (users.length > 0) {
console.error(
'Error: The username you passed for the superuser is already taken, please use another username',
'Error: The username you passed for the initial user is already taken, please use another username',
);
process.exit(1);
}
@@ -452,7 +450,7 @@ const createSuperuser = async () => {
// check if the password is strong
if (['Too weak', 'Weak'].includes(checkPasswordStrength(password))) {
console.error(
'Error: The password you passed for the superuser is weak, please use another password',
'Error: The password you passed for the initial user is weak, please use another password',
);
process.exit(1);
}
@@ -471,9 +469,9 @@ const createSuperuser = async () => {
},
});
console.log('Initial superuser created');
console.log('Initial user created');
} else {
console.log('Initial superuser is already created');
console.log('Initial user is already created');
}
} catch (error) {
console.log(error);
@@ -488,5 +486,5 @@ module.exports = {
obtainAccessToken,
refreshAccessToken,
changePassword,
createSuperuser,
createInitialUser,
};

4
src/index.js
View File

@@ -22,7 +22,7 @@ const { setupExtensions } = require('./extensions');
const {
createDefaultTables,
updateUser,
createSuperuser,
createInitialUser,
} = require('./controllers/auth');
const { yargs } = require('./cli');
@@ -84,7 +84,7 @@ if (config.rateLimit.enabled) {
//If Auth mode is activated then create auth tables in the DB & create a super user if there are no users in the DB
if (config.auth) {
createDefaultTables();
createSuperuser();
createInitialUser();
} else {
console.warn(
'Warning: Soul is running in open mode without authentication or authorization for API endpoints. Please be aware that your API endpoints will not be secure.',