kevin/baron-sso
1
0
Fork 0
forked from baron/baron-sso
Code Pull Requests Activity
Files
4696d7ce8228ebf46600a2c3bae27c3a8de01dda
baron-sso/backend/internal/bootstrap/sync_admin.go

78 lines
2.2 KiB
Go
Raw Blame History

package bootstrap
import (
"baron-sso-backend/internal/domain"
"log/slog"
"os"
"strings"
"time"
"gorm.io/gorm"
)
// SyncAdminRole updates the role of the admin user in the local DB.
// It ensures the admin user exists in the local DB with the correct Kratos ID.
func SyncAdminRole(db *gorm.DB, kratosID string) error {
adminEmail := strings.TrimSpace(os.Getenv("ADMIN_EMAIL"))
if adminEmail == "" {
slog.Warn("[Bootstrap] ADMIN_EMAIL not set. Skipping admin role sync.")
return nil
}
adminName := strings.TrimSpace(os.Getenv("ADMIN_NAME"))
if adminName == "" {
adminName = "System Admin"
}
// Find user by email
var user domain.User
if err := db.Where("email = ?", adminEmail).First(&user).Error; err != nil {
if err == gorm.ErrRecordNotFound {
if kratosID == "" {
slog.Warn("[Bootstrap] Admin user not found in local DB and Kratos ID is missing. Cannot create local user.", "email", adminEmail)
return nil
}
// Create new admin user in local DB
newUser := domain.User{
ID: kratosID,
Email: adminEmail,
Name: adminName,
Role: domain.RoleSuperAdmin,
Status: "active",
CreatedAt: time.Now(),
UpdatedAt: time.Now(),
Metadata: domain.JSONMap{"source": "bootstrap_seed"},
}
if err := db.Create(&newUser).Error; err != nil {
return err
}
slog.Info("[Bootstrap] Created admin user in local DB", "email", adminEmail, "id", kratosID)
return nil
}
return err
}
// Update role if needed
updates := map[string]interface{}{}
if user.Role != domain.RoleSuperAdmin {
updates["role"] = domain.RoleSuperAdmin
}
// Also ensure ID matches if it was somehow different (though changing PK is hard, at least log it)
if kratosID != "" && user.ID != kratosID {
slog.Warn("[Bootstrap] Admin user exists but ID mismatch with Kratos", "local_id", user.ID, "kratos_id", kratosID)
// We generally don't change UUID PKs, just warn.
}
if len(updates) > 0 {
if err := db.Model(&user).Updates(updates).Error; err != nil {
return err
}
slog.Info("[Bootstrap] Updated admin user role to super_admin", "email", adminEmail)
} else {
slog.Info("[Bootstrap] Admin user already has super_admin role", "email", adminEmail)
}
return nil
}
View Git Blame Copy Permalink