add grant owner permissions on startup

2024-04-07 06:17:12 -04:00 · 2024-04-07 06:17:12 -04:00 · f72ea26a55
commit f72ea26a55
parent a7b8cbb4cd
2 changed files with 21 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -30,7 +30,10 @@ Make sure you have [created tables](#creating-database-tables) and ran [database
 1. Run `npm run start`

 ## Initial Promotion to Owner
-In order to access all features of Actaeon, you need to have owner permissions. This can be done by setting the `permissions` column of your user inside the `aime_user` table to `255`. Once one user is owner, they can promote other users to owner through the Actaeon web interface.
+In order to access all features of Actaeon, you need to have owner permissions. This can be done by setting the `permissions` column of your user inside the `aime_user` table to `255`, or by running the server with [`ACTAEON_OWNER_ID`](#runtime-variables) set to your user id. Once one user is owner, they can promote other users to owner through the Actaeon web interface. You can find out your user id by inspecting your ARTEMiS logs:
+```
+Aimedb | INFO | access_code ******************** -> user_id 10000
+```

 # Configuration

@ -54,8 +57,9 @@ These variables can be set at runtime through the environment or through the `.e
 | Variable                           | Description                                                                                                                                     | Examples                                | Required |
 |------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|----------|
 | `DATABASE_URL`                     | URL to your artemis database, in the format `mysql://user:pass@host:port/db_name`                                                               | `mysql://aime:aime@127.0.0.1:3306/aime` | Yes      |
-| `NEXTAUTH_SECRET` or `AUTH_SECRET` | Set this to a long random string (you can generate this by running `openssl rand -base64 32` or `npx auth secret` on the command line)               |                                         | Yes      |
+| `NEXTAUTH_SECRET` or `AUTH_SECRET` | Set this to a long random string (you can generate this by running `openssl rand -base64 32` or `npx auth secret` on the command line)          |                                         | Yes      |
 | `AUTOMIGRATE`                      | Automatically run new migrations on server startup                                                                                              | `true`, `false`                         | No       |
+| `ACTAEON_OWNER_ID`                 | Set this to a user id to automatically grant this user owner permissions.                                                                       | `10000`                                 | No       |
 | `COOKIE_SECURE`                    | Override the secure flag on authentication cookies  (by default, the host protocol or the `x-forwarded-proto` header is used to determine this) | `true`, `false`                         | No       |
 | `BCRYPT_ROUNDS`                    | The number of bcrypt rounds to hash passwords with (default: 12)                                                                                | `12`, `14`                              | No       |

--- a/src/instrumentation.ts
+++ b/src/instrumentation.ts
@ -1,3 +1,5 @@
+import { USER_PERMISSION_MASK } from './types/permissions';
+
 export async function register() {
 	if (process.env.NEXT_RUNTIME === 'nodejs') {
 		console.log(`\x1b[38;2;115;0;172m▄\x1b[38;2;120;0;174m▀\x1b[38;2;125;0;176m█\x1b[38;2;131;0;178m \x1b[38;2;136;0;180m█\x1b[38;2;141;0;182m▀\x1b[38;2;146;0;184m▀\x1b[38;2;151;0;187m \x1b[38;2;156;0;189m▀\x1b[38;2;162;0;191m█\x1b[38;2;167;0;193m▀\x1b[38;2;172;0;195m \x1b[38;2;177;0;197m▄\x1b[38;2;182;0;199m▀\x1b[38;2;188;0;201m█\x1b[38;2;193;0;203m \x1b[38;2;198;0;205m█\x1b[38;2;203;0;207m▀\x1b[38;2;208;0;209m▀\x1b[38;2;214;0;211m \x1b[38;2;219;0;213m█\x1b[38;2;224;0;216m▀\x1b[38;2;229;0;218m█\x1b[38;2;234;0;220m \x1b[38;2;239;0;222m█\x1b[38;2;245;0;224m▄\x1b[38;2;250;0;226m░\x1b[38;2;255;0;228m█\x1b[m`);
@ -38,6 +40,19 @@ export async function register() {
 			console.error(e);
 			process.exit(1);
 		}
+		
+		if (process.env.ACTAEON_OWNER_ID) {
+			const owner = +process.env.ACTAEON_OWNER_ID;
+			if (!Number.isInteger(owner)) {
+				console.warn(`[WARN] ACTAEON_OWNER_ID set to ${process.env.ACTAEON_OWNER_ID}, expected integer`);
+			} else {
+				const { db } = await import('@/db');
+				await db.updateTable('aime_user')
+					.where('id', '=', owner)
+					.set(eb => ({ permissions: eb('permissions', '|', USER_PERMISSION_MASK) }))
+					.executeTakeFirst();
+			}
+		}

 		if (['true', 'yes', '1'].includes(process.env.AUTOMIGRATE?.toLowerCase()!)) {
 			process.env.DATABASE_URL = url.toString();