forked from baron/baron-sso
52 lines
1.2 KiB
Go
52 lines
1.2 KiB
Go
package bootstrap
|
|
|
|
import (
|
|
"baron-sso-backend/internal/domain"
|
|
"log/slog"
|
|
"os"
|
|
"strings"
|
|
)
|
|
|
|
// SeedAdminIdentity creates the initial admin identity in the configured IDP.
|
|
func SeedAdminIdentity(idp domain.IdentityProvider) error {
|
|
if idp == nil {
|
|
return nil
|
|
}
|
|
|
|
adminEmail := strings.TrimSpace(os.Getenv("ADMIN_EMAIL"))
|
|
adminPassword := os.Getenv("ADMIN_PASSWORD")
|
|
if adminEmail == "" || adminPassword == "" {
|
|
slog.Warn("[Bootstrap] ADMIN_EMAIL or ADMIN_PASSWORD not set. Skipping admin identity seed.")
|
|
return nil
|
|
}
|
|
|
|
adminName := strings.TrimSpace(os.Getenv("ADMIN_NAME"))
|
|
if adminName == "" {
|
|
adminName = "System Admin"
|
|
}
|
|
|
|
user := &domain.BrokerUser{
|
|
Email: adminEmail,
|
|
Name: adminName,
|
|
PhoneNumber: "",
|
|
Attributes: map[string]interface{}{
|
|
"department": "Admin",
|
|
"affiliationType": "internal",
|
|
"companyCode": "",
|
|
"grade": "admin",
|
|
},
|
|
}
|
|
|
|
_, err := idp.CreateUser(user, adminPassword)
|
|
if err != nil {
|
|
if strings.Contains(err.Error(), "already exists") {
|
|
slog.Info("[Bootstrap] Admin identity already exists in IDP", "email", adminEmail)
|
|
return nil
|
|
}
|
|
return err
|
|
}
|
|
|
|
slog.Info("[Bootstrap] Admin identity created in IDP", "email", adminEmail, "idp", idp.Name())
|
|
return nil
|
|
}
|