thatguygriff/walkies
1
0
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6427595c624b93e89fe840096fc3bdc108ab1e88
walkies/internal/setup/handler.go
James Griffin 3900dff5a1 Implement Issue #11: Initial admin account setup on first deploy 
When the database has no users, the UI redirects to /setup and prompts
for creation of the first admin account. The setup endpoints are
self-disabling — once any user exists, POST /setup/admin returns 403
and the frontend redirects /setup back to /login. The backend uses an
atomic transaction to prevent race conditions on concurrent requests.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 19:02:16 -03:00

85 lines
2.4 KiB
Go
Raw Blame History

package setup
import (
"encoding/json"
"errors"
"net/http"
"git.unsupervised.ca/walkies/internal/auth"
"git.unsupervised.ca/walkies/internal/respond"
)
// TokenIssuer is the subset of auth.Service the setup handler needs.
type TokenIssuer interface {
IssueToken(volunteerID int64, role string) (string, error)
}
type Handler struct {
store Storer
authSvc TokenIssuer
}
func NewHandler(store *Store, authSvc *auth.Service) *Handler {
return &Handler{store: store, authSvc: authSvc}
}
// NewHandlerFromInterfaces constructs a Handler from interface values, intended for testing.
func NewHandlerFromInterfaces(store Storer, authSvc TokenIssuer) *Handler {
return &Handler{store: store, authSvc: authSvc}
}
// Status handles GET /api/v1/setup/status.
func (h *Handler) Status(w http.ResponseWriter, r *http.Request) {
needs, err := h.store.NeedsSetup(r.Context())
if err != nil {
respond.Error(w, http.StatusInternalServerError, "could not check setup status")
return
}
respond.JSON(w, http.StatusOK, map[string]bool{"needs_setup": needs})
}
// CreateAdmin handles POST /api/v1/setup/admin.
func (h *Handler) CreateAdmin(w http.ResponseWriter, r *http.Request) {
var body struct {
Name string `json:"name"`
Email string `json:"email"`
Password string `json:"password"`
}
if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
respond.Error(w, http.StatusBadRequest, "invalid request body")
return
}
if body.Name == "" || body.Email == "" || body.Password == "" {
respond.Error(w, http.StatusBadRequest, "name, email, and password are required")
return
}
if len(body.Password) < 8 {
respond.Error(w, http.StatusBadRequest, "password must be at least 8 characters")
return
}
hashed, err := auth.HashPassword(body.Password)
if err != nil {
respond.Error(w, http.StatusInternalServerError, "could not hash password")
return
}
id, err := h.store.CreateAdmin(r.Context(), body.Name, body.Email, hashed)
if errors.Is(err, ErrSetupAlreadyDone) {
respond.Error(w, http.StatusForbidden, "setup already completed")
return
}
if err != nil {
respond.Error(w, http.StatusInternalServerError, "could not create admin account")
return
}
token, err := h.authSvc.IssueToken(id, "admin")
if err != nil {
respond.Error(w, http.StatusInternalServerError, "could not issue token")
return
}
respond.JSON(w, http.StatusCreated, map[string]string{"token": token})
}
Reference in New Issue View Git Blame Copy Permalink