feat(admin): add super admin initialization endpoint
Add POST /api/v1/admin/setup-super-admin endpoint to initialize the first super admin. The endpoint can only be used once - after a super admin exists, subsequent requests are rejected. Requires valid setup_secret configured via APP_SETUP_SECRET environment variable or setup_secret in config file.
This commit is contained in:
@@ -33,6 +33,7 @@ type Config struct {
|
||||
WebRTC WebRTCConfig `mapstructure:"webrtc"`
|
||||
Report ReportConfig `mapstructure:"report"`
|
||||
Sensitive SensitiveConfig `mapstructure:"sensitive"`
|
||||
SetupSecret string `mapstructure:"setup_secret"`
|
||||
}
|
||||
|
||||
// Load 加载配置文件
|
||||
@@ -170,6 +171,7 @@ func Load(configPath string) (*Config, error) {
|
||||
})
|
||||
// Report 默认值
|
||||
viper.SetDefault("report.auto_hide_threshold", 3)
|
||||
viper.SetDefault("setup_secret", "")
|
||||
|
||||
if err := viper.ReadInConfig(); err != nil {
|
||||
return nil, fmt.Errorf("failed to read config: %w", err)
|
||||
@@ -269,6 +271,8 @@ func Load(configPath string) (*Config, error) {
|
||||
cfg.Sensitive.LoadFromRedis, _ = strconv.ParseBool(getEnvOrDefault("APP_SENSITIVE_LOAD_FROM_REDIS", fmt.Sprintf("%t", cfg.Sensitive.LoadFromRedis)))
|
||||
cfg.Sensitive.RedisKeyPrefix = getEnvOrDefault("APP_SENSITIVE_REDIS_KEY_PREFIX", cfg.Sensitive.RedisKeyPrefix)
|
||||
|
||||
cfg.SetupSecret = getEnvOrDefault("APP_SETUP_SECRET", cfg.SetupSecret)
|
||||
|
||||
// 安全检查:生产模式必须设置JWT密钥
|
||||
if cfg.Server.Mode != "debug" {
|
||||
if cfg.JWT.Secret == "" || cfg.JWT.Secret == "your-jwt-secret-key-change-in-production" {
|
||||
|
||||
Reference in New Issue
Block a user