내정보 페이지 사용성개선, adminFront user 정보 연동.

2026-01-30 13:42:41 +09:00
parent 1cb5115f2a
commit 35552943d7
29 changed files with 1586 additions and 472 deletions
--- a/backend/internal/bootstrap/bootstrap.go
+++ b/backend/internal/bootstrap/bootstrap.go
@@ -2,12 +2,9 @@ package bootstrap

 import (
 	"baron-sso-backend/internal/domain"
-	"errors"
 	"fmt"
 	"log/slog"
-	"os"

-	"golang.org/x/crypto/bcrypt"
 	"gorm.io/gorm"
 )

@@ -20,11 +17,7 @@ func Run(db *gorm.DB) error {
 		return fmt.Errorf("migration failed: %w", err)
 	}

-	// 2. Seed Initial Admin User
-	if err := seedAdminUser(db); err != nil {
-		return fmt.Errorf("seeding admin failed: %w", err)
-	}
-
+	slog.Info("[Bootstrap] User seed skipped (Kratos is SoT)")
 	slog.Info("[Bootstrap] Bootstrap completed successfully.")
 	return nil
 }
@@ -33,7 +26,6 @@ func migrateSchemas(db *gorm.DB) error {
 	slog.Info("[Bootstrap] Migrating database schemas...")
 	// Add all domain models here
 	return db.AutoMigrate(
-		&domain.User{},
 		&domain.Tenant{},
 		&domain.ApiKey{},
 		&domain.IdentityProviderConfig{},
@@ -41,44 +33,3 @@ func migrateSchemas(db *gorm.DB) error {
 		// &domain.UserConsent{},  // TODO: Uncomment when model is ready
 	)
 }
-
-func seedAdminUser(db *gorm.DB) error {
-	adminEmail := os.Getenv("ADMIN_EMAIL")
-	adminPassword := os.Getenv("ADMIN_PASSWORD")
-
-	if adminEmail == "" || adminPassword == "" {
-		slog.Warn("[Bootstrap] ADMIN_EMAIL or ADMIN_PASSWORD not set. Skipping admin seeding.")
-		return nil
-	}
-
-	var user domain.User
-	if err := db.Unscoped().Where("email = ?", adminEmail).First(&user).Error; err != nil {
-		if errors.Is(err, gorm.ErrRecordNotFound) {
-			slog.Info("[Bootstrap] Creating initial admin user", "email", adminEmail)
-
-			hashedPassword, err := bcrypt.GenerateFromPassword([]byte(adminPassword), bcrypt.DefaultCost)
-			if err != nil {
-				return err
-			}
-
-			adminUser := domain.User{
-				Email:        adminEmail,
-				PasswordHash: string(hashedPassword),
-				Name:         "System Admin",
-				Role:         "admin", // Assuming 'role' field exists or handling via attributes
-				// Add other required fields
-			}
-
-			if err := db.Create(&adminUser).Error; err != nil {
-				return err
-			}
-			slog.Info("[Bootstrap] Admin user created successfully.")
-		} else {
-			return err
-		}
-	} else {
-		slog.Info("[Bootstrap] Admin user already exists.", "email", adminEmail)
-	}
-
-	return nil
-}
--- a/backend/internal/bootstrap/kratos_seed.go
+++ b/backend/internal/bootstrap/kratos_seed.go
@@ -0,0 +1,51 @@
+package bootstrap
+
+import (
+	"baron-sso-backend/internal/domain"
+	"log/slog"
+	"os"
+	"strings"
+)
+
+// SeedAdminIdentity creates the initial admin identity in the configured IDP.
+func SeedAdminIdentity(idp domain.IdentityProvider) error {
+	if idp == nil {
+		return nil
+	}
+
+	adminEmail := strings.TrimSpace(os.Getenv("ADMIN_EMAIL"))
+	adminPassword := os.Getenv("ADMIN_PASSWORD")
+	if adminEmail == "" || adminPassword == "" {
+		slog.Warn("[Bootstrap] ADMIN_EMAIL or ADMIN_PASSWORD not set. Skipping admin identity seed.")
+		return nil
+	}
+
+	adminName := strings.TrimSpace(os.Getenv("ADMIN_NAME"))
+	if adminName == "" {
+		adminName = "System Admin"
+	}
+
+	user := &domain.BrokerUser{
+		Email:       adminEmail,
+		Name:        adminName,
+		PhoneNumber: "",
+		Attributes: map[string]interface{}{
+			"department":      "Admin",
+			"affiliationType": "internal",
+			"companyCode":     "",
+			"grade":           "admin",
+		},
+	}
+
+	_, err := idp.CreateUser(user, adminPassword)
+	if err != nil {
+		if strings.Contains(err.Error(), "already exists") {
+			slog.Info("[Bootstrap] Admin identity already exists in IDP", "email", adminEmail)
+			return nil
+		}
+		return err
+	}
+
+	slog.Info("[Bootstrap] Admin identity created in IDP", "email", adminEmail, "idp", idp.Name())
+	return nil
+}