worksmobile 연동 & ory stack 26.2.0으로 업그레이드

2026-05-06 09:30:00 +09:00
parent 3dcdd97882
commit 2495fcb13d
74 changed files with 8698 additions and 212 deletions
--- a/backend/cmd/adminctl/main.go
+++ b/backend/cmd/adminctl/main.go
@@ -0,0 +1,176 @@
+package main
+
+import (
+	"baron-sso-backend/internal/bootstrap"
+	"baron-sso-backend/internal/idp"
+	"baron-sso-backend/internal/logger"
+	"baron-sso-backend/internal/repository"
+	"baron-sso-backend/internal/service"
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"log/slog"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/joho/godotenv"
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm"
+	gormLogger "gorm.io/gorm/logger"
+)
+
+type createSuperAdminConfig struct {
+	Email          string
+	Password       string
+	Name           string
+	UpdatePassword bool
+}
+
+func main() {
+	loadEnv()
+	logger.Init(logger.Config{
+		ServiceName:   "baron-sso-adminctl",
+		Environment:   getenv("APP_ENV", getenv("GO_ENV", "dev")),
+		LevelOverride: getenv("BACKEND_LOG_LEVEL", ""),
+	})
+
+	if len(os.Args) < 2 {
+		printUsage()
+		os.Exit(2)
+	}
+
+	switch os.Args[1] {
+	case "create-super-admin":
+		if err := runCreateSuperAdmin(os.Args[2:]); err != nil {
+			slog.Error("create-super-admin failed", "error", err)
+			os.Exit(1)
+		}
+	default:
+		printUsage()
+		os.Exit(2)
+	}
+}
+
+func runCreateSuperAdmin(args []string) error {
+	config, err := resolveCreateSuperAdminConfig(args)
+	if err != nil {
+		return err
+	}
+
+	db, err := openDB()
+	if err != nil {
+		return err
+	}
+	if err := bootstrap.Run(db); err != nil {
+		return err
+	}
+
+	provider, err := idp.InitializeProvider()
+	if err != nil {
+		return err
+	}
+	if provider == nil {
+		return fmt.Errorf("idp provider is required")
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+
+	result, err := bootstrap.EnsureSuperAdmin(
+		ctx,
+		service.NewKratosAdminService(),
+		bootstrap.NewGormSuperAdminStore(db, repository.NewKetoOutboxRepository(db)),
+		bootstrap.EnsureSuperAdminOptions{
+			Email:          config.Email,
+			Password:       config.Password,
+			Name:           config.Name,
+			Source:         "adminctl",
+			UpdatePassword: config.UpdatePassword,
+		},
+	)
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("super admin ensured: email=%s identity_id=%s user_id=%s identity_created=%t local_created=%t local_updated=%t password_updated=%t keto_relation_queued=%t\n",
+		result.Email,
+		result.IdentityID,
+		result.LocalUserID,
+		result.IdentityCreated,
+		result.LocalUserCreated,
+		result.LocalUserUpdated,
+		result.PasswordUpdated,
+		result.KetoRelationQueued,
+	)
+	return nil
+}
+
+func resolveCreateSuperAdminConfig(args []string) (createSuperAdminConfig, error) {
+	fs := flag.NewFlagSet("create-super-admin", flag.ContinueOnError)
+	fs.SetOutput(os.Stderr)
+
+	config := createSuperAdminConfig{}
+	fs.StringVar(&config.Email, "email", getenv("ADMIN_EMAIL", ""), "admin email")
+	fs.StringVar(&config.Password, "password", getenv("ADMIN_PASSWORD", ""), "admin password")
+	fs.StringVar(&config.Name, "name", getenv("ADMIN_NAME", "System Admin"), "admin display name")
+	fs.BoolVar(&config.UpdatePassword, "update-password", false, "update password when identity already exists")
+
+	if err := fs.Parse(args); err != nil {
+		return config, err
+	}
+
+	config.Email = strings.TrimSpace(config.Email)
+	config.Name = strings.TrimSpace(config.Name)
+	if config.Email == "" {
+		return config, fmt.Errorf("admin email is required; pass --email or set ADMIN_EMAIL")
+	}
+	if strings.TrimSpace(config.Password) == "" {
+		return config, fmt.Errorf("admin password is required; pass --password or set ADMIN_PASSWORD")
+	}
+	if config.Name == "" {
+		config.Name = "System Admin"
+	}
+	return config, nil
+}
+
+func openDB() (*gorm.DB, error) {
+	dsn := fmt.Sprintf(
+		"host=%s user=%s password=%s dbname=%s port=%s sslmode=disable TimeZone=Asia/Seoul",
+		getenv("DB_HOST", "localhost"),
+		getenv("DB_USER", "baron"),
+		getenv("DB_PASSWORD", "password"),
+		getenv("DB_NAME", "baron_sso"),
+		getenv("DB_PORT", "5432"),
+	)
+	return gorm.Open(postgres.Open(dsn), &gorm.Config{
+		Logger: gormLogger.New(
+			log.New(os.Stdout, "\r\n", log.LstdFlags),
+			gormLogger.Config{
+				SlowThreshold:             time.Second,
+				LogLevel:                  gormLogger.Warn,
+				IgnoreRecordNotFoundError: true,
+				Colorful:                  true,
+			},
+		),
+	})
+}
+
+func loadEnv() {
+	_ = godotenv.Load(".env")
+	_ = godotenv.Load("../.env")
+	_ = godotenv.Load("../../.env")
+}
+
+func getenv(key string, fallback string) string {
+	if value, ok := os.LookupEnv(key); ok {
+		return value
+	}
+	return fallback
+}
+
+func printUsage() {
+	fmt.Fprintln(os.Stderr, "usage:")
+	fmt.Fprintln(os.Stderr, "  adminctl create-super-admin [--email EMAIL] [--password PASSWORD] [--name NAME] [--update-password]")
+}
--- a/backend/cmd/adminctl/main_test.go
+++ b/backend/cmd/adminctl/main_test.go
@@ -0,0 +1,62 @@
+package main
+
+import "testing"
+
+func TestResolveCreateSuperAdminConfigUsesEnvDefaults(t *testing.T) {
+	t.Setenv("ADMIN_EMAIL", "admin@example.com")
+	t.Setenv("ADMIN_PASSWORD", "Password!123")
+	t.Setenv("ADMIN_NAME", "Env Admin")
+
+	config, err := resolveCreateSuperAdminConfig([]string{})
+	if err != nil {
+		t.Fatalf("resolveCreateSuperAdminConfig returned error: %v", err)
+	}
+
+	if config.Email != "admin@example.com" {
+		t.Fatalf("email = %q", config.Email)
+	}
+	if config.Password != "Password!123" {
+		t.Fatal("password was not read from ADMIN_PASSWORD")
+	}
+	if config.Name != "Env Admin" {
+		t.Fatalf("name = %q", config.Name)
+	}
+}
+
+func TestResolveCreateSuperAdminConfigAllowsFlagOverrides(t *testing.T) {
+	t.Setenv("ADMIN_EMAIL", "admin@example.com")
+	t.Setenv("ADMIN_PASSWORD", "Password!123")
+	t.Setenv("ADMIN_NAME", "Env Admin")
+
+	config, err := resolveCreateSuperAdminConfig([]string{
+		"--email", "flag@example.com",
+		"--password", "FlagPassword!123",
+		"--name", "Flag Admin",
+		"--update-password",
+	})
+	if err != nil {
+		t.Fatalf("resolveCreateSuperAdminConfig returned error: %v", err)
+	}
+
+	if config.Email != "flag@example.com" {
+		t.Fatalf("email = %q", config.Email)
+	}
+	if config.Password != "FlagPassword!123" {
+		t.Fatal("password flag was not used")
+	}
+	if config.Name != "Flag Admin" {
+		t.Fatalf("name = %q", config.Name)
+	}
+	if !config.UpdatePassword {
+		t.Fatal("update password flag was not set")
+	}
+}
+
+func TestResolveCreateSuperAdminConfigRequiresEmailAndPassword(t *testing.T) {
+	t.Setenv("ADMIN_EMAIL", "")
+	t.Setenv("ADMIN_PASSWORD", "")
+
+	if _, err := resolveCreateSuperAdminConfig([]string{}); err == nil {
+		t.Fatal("expected error")
+	}
+}