Files
backend/internal/service/setup_service.go
lafay 813e54e5b2
All checks were successful
Build Backend / build (push) Successful in 2m42s
Build Backend / build-docker (push) Successful in 2m52s
feat(admin): add super admin initialization endpoint
Add POST /api/v1/admin/setup-super-admin endpoint to initialize the first super admin.
The endpoint can only be used once - after a super admin exists, subsequent requests
are rejected. Requires valid setup_secret configured via APP_SETUP_SECRET environment
variable or setup_secret in config file.
2026-04-24 15:14:44 +08:00

64 lines
1.4 KiB
Go

package service
import (
"context"
apperrors "with_you/internal/errors"
"with_you/internal/model"
"with_you/internal/repository"
)
type SetupService interface {
SetupSuperAdmin(ctx context.Context, userID, setupSecret string) error
}
type setupService struct {
userRepo repository.UserRepository
roleRepo repository.RoleRepository
casbinSvc CasbinService
setupSecret string
}
func NewSetupService(
userRepo repository.UserRepository,
roleRepo repository.RoleRepository,
casbinSvc CasbinService,
setupSecret string,
) SetupService {
return &setupService{
userRepo: userRepo,
roleRepo: roleRepo,
casbinSvc: casbinSvc,
setupSecret: setupSecret,
}
}
func (s *setupService) SetupSuperAdmin(ctx context.Context, userID, setupSecret string) error {
if s.setupSecret == "" {
return apperrors.ErrSetupSecretNotConfigured
}
if setupSecret != s.setupSecret {
return apperrors.ErrInvalidSetupSecret
}
count, err := s.roleRepo.GetRoleUserCount(ctx, model.RoleSuperAdmin)
if err != nil {
return apperrors.ErrInternal
}
if count > 0 {
return apperrors.ErrSetupAlreadyCompleted
}
user, err := s.userRepo.GetByID(userID)
if err != nil {
return apperrors.ErrUserNotFound
}
if user.Status == model.UserStatusBanned {
return apperrors.ErrUserBanned
}
return s.casbinSvc.AddRoleForUser(ctx, user.ID, model.RoleSuperAdmin)
}