forked from baron/baron-sso
Kratos 관리자 계정의 로컬 DB 자동 생성 및 동기화 로직 추가
This commit is contained in:
77
backend/internal/bootstrap/sync_admin.go
Normal file
77
backend/internal/bootstrap/sync_admin.go
Normal file
@@ -0,0 +1,77 @@
|
||||
package bootstrap
|
||||
|
||||
import (
|
||||
"baron-sso-backend/internal/domain"
|
||||
"log/slog"
|
||||
"os"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
// SyncAdminRole updates the role of the admin user in the local DB.
|
||||
// It ensures the admin user exists in the local DB with the correct Kratos ID.
|
||||
func SyncAdminRole(db *gorm.DB, kratosID string) error {
|
||||
adminEmail := strings.TrimSpace(os.Getenv("ADMIN_EMAIL"))
|
||||
if adminEmail == "" {
|
||||
slog.Warn("[Bootstrap] ADMIN_EMAIL not set. Skipping admin role sync.")
|
||||
return nil
|
||||
}
|
||||
|
||||
adminName := strings.TrimSpace(os.Getenv("ADMIN_NAME"))
|
||||
if adminName == "" {
|
||||
adminName = "System Admin"
|
||||
}
|
||||
|
||||
// Find user by email
|
||||
var user domain.User
|
||||
if err := db.Where("email = ?", adminEmail).First(&user).Error; err != nil {
|
||||
if err == gorm.ErrRecordNotFound {
|
||||
if kratosID == "" {
|
||||
slog.Warn("[Bootstrap] Admin user not found in local DB and Kratos ID is missing. Cannot create local user.", "email", adminEmail)
|
||||
return nil
|
||||
}
|
||||
|
||||
// Create new admin user in local DB
|
||||
newUser := domain.User{
|
||||
ID: kratosID,
|
||||
Email: adminEmail,
|
||||
Name: adminName,
|
||||
Role: domain.RoleSuperAdmin,
|
||||
Status: "active",
|
||||
CreatedAt: time.Now(),
|
||||
UpdatedAt: time.Now(),
|
||||
Metadata: domain.JSONMap{"source": "bootstrap_seed"},
|
||||
}
|
||||
if err := db.Create(&newUser).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
slog.Info("[Bootstrap] Created admin user in local DB", "email", adminEmail, "id", kratosID)
|
||||
return nil
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// Update role if needed
|
||||
updates := map[string]interface{}{}
|
||||
if user.Role != domain.RoleSuperAdmin {
|
||||
updates["role"] = domain.RoleSuperAdmin
|
||||
}
|
||||
// Also ensure ID matches if it was somehow different (though changing PK is hard, at least log it)
|
||||
if kratosID != "" && user.ID != kratosID {
|
||||
slog.Warn("[Bootstrap] Admin user exists but ID mismatch with Kratos", "local_id", user.ID, "kratos_id", kratosID)
|
||||
// We generally don't change UUID PKs, just warn.
|
||||
}
|
||||
|
||||
if len(updates) > 0 {
|
||||
if err := db.Model(&user).Updates(updates).Error; err != nil {
|
||||
return err
|
||||
}
|
||||
slog.Info("[Bootstrap] Updated admin user role to super_admin", "email", adminEmail)
|
||||
} else {
|
||||
slog.Info("[Bootstrap] Admin user already has super_admin role", "email", adminEmail)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user