From f72ea26a55f32562edd7aad69c2c641cb519779a Mon Sep 17 00:00:00 2001 From: sk1982 Date: Sun, 7 Apr 2024 06:17:12 -0400 Subject: [PATCH] add grant owner permissions on startup --- README.md | 8 ++++++-- src/instrumentation.ts | 15 +++++++++++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4bbcdcb..d5d6073 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,10 @@ Make sure you have [created tables](#creating-database-tables) and ran [database 1. Run `npm run start` ## Initial Promotion to Owner -In order to access all features of Actaeon, you need to have owner permissions. This can be done by setting the `permissions` column of your user inside the `aime_user` table to `255`. Once one user is owner, they can promote other users to owner through the Actaeon web interface. +In order to access all features of Actaeon, you need to have owner permissions. This can be done by setting the `permissions` column of your user inside the `aime_user` table to `255`, or by running the server with [`ACTAEON_OWNER_ID`](#runtime-variables) set to your user id. Once one user is owner, they can promote other users to owner through the Actaeon web interface. You can find out your user id by inspecting your ARTEMiS logs: +``` +Aimedb | INFO | access_code ******************** -> user_id 10000 +``` # Configuration @@ -54,8 +57,9 @@ These variables can be set at runtime through the environment or through the `.e | Variable | Description | Examples | Required | |------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|----------| | `DATABASE_URL` | URL to your artemis database, in the format `mysql://user:pass@host:port/db_name` | `mysql://aime:aime@127.0.0.1:3306/aime` | Yes | -| `NEXTAUTH_SECRET` or `AUTH_SECRET` | Set this to a long random string (you can generate this by running `openssl rand -base64 32` or `npx auth secret` on the command line) | | Yes | +| `NEXTAUTH_SECRET` or `AUTH_SECRET` | Set this to a long random string (you can generate this by running `openssl rand -base64 32` or `npx auth secret` on the command line) | | Yes | | `AUTOMIGRATE` | Automatically run new migrations on server startup | `true`, `false` | No | +| `ACTAEON_OWNER_ID` | Set this to a user id to automatically grant this user owner permissions. | `10000` | No | | `COOKIE_SECURE` | Override the secure flag on authentication cookies (by default, the host protocol or the `x-forwarded-proto` header is used to determine this) | `true`, `false` | No | | `BCRYPT_ROUNDS` | The number of bcrypt rounds to hash passwords with (default: 12) | `12`, `14` | No | diff --git a/src/instrumentation.ts b/src/instrumentation.ts index 8d1a499..f225950 100644 --- a/src/instrumentation.ts +++ b/src/instrumentation.ts @@ -1,3 +1,5 @@ +import { USER_PERMISSION_MASK } from './types/permissions'; + export async function register() { if (process.env.NEXT_RUNTIME === 'nodejs') { console.log(`\x1b[38;2;115;0;172m▄\x1b[38;2;120;0;174m▀\x1b[38;2;125;0;176m█\x1b[38;2;131;0;178m \x1b[38;2;136;0;180m█\x1b[38;2;141;0;182m▀\x1b[38;2;146;0;184m▀\x1b[38;2;151;0;187m \x1b[38;2;156;0;189m▀\x1b[38;2;162;0;191m█\x1b[38;2;167;0;193m▀\x1b[38;2;172;0;195m \x1b[38;2;177;0;197m▄\x1b[38;2;182;0;199m▀\x1b[38;2;188;0;201m█\x1b[38;2;193;0;203m \x1b[38;2;198;0;205m█\x1b[38;2;203;0;207m▀\x1b[38;2;208;0;209m▀\x1b[38;2;214;0;211m \x1b[38;2;219;0;213m█\x1b[38;2;224;0;216m▀\x1b[38;2;229;0;218m█\x1b[38;2;234;0;220m \x1b[38;2;239;0;222m█\x1b[38;2;245;0;224m▄\x1b[38;2;250;0;226m░\x1b[38;2;255;0;228m█\x1b[m`); @@ -38,6 +40,19 @@ export async function register() { console.error(e); process.exit(1); } + + if (process.env.ACTAEON_OWNER_ID) { + const owner = +process.env.ACTAEON_OWNER_ID; + if (!Number.isInteger(owner)) { + console.warn(`[WARN] ACTAEON_OWNER_ID set to ${process.env.ACTAEON_OWNER_ID}, expected integer`); + } else { + const { db } = await import('@/db'); + await db.updateTable('aime_user') + .where('id', '=', owner) + .set(eb => ({ permissions: eb('permissions', '|', USER_PERMISSION_MASK) })) + .executeTakeFirst(); + } + } if (['true', 'yes', '1'].includes(process.env.AUTOMIGRATE?.toLowerCase()!)) { process.env.DATABASE_URL = url.toString();