photoprism/internal/entity/auth_user_default.go

package entity

import (
	"github.com/photoprism/photoprism/internal/acl"
	"github.com/photoprism/photoprism/internal/event"
	"github.com/photoprism/photoprism/pkg/authn"
)

// Role defaults.
const (
	AdminUserName      = "admin"
	AdminDisplayName   = "Admin"
	VisitorDisplayName = "Visitor"
	UnknownDisplayName = "Unknown"
)

// Admin is the default admin user.
var Admin = User{
	ID:            1,
	UserName:      AdminUserName,
	AuthProvider:  authn.ProviderLocal.String(),
	UserRole:      acl.RoleAdmin.String(),
	DisplayName:   AdminDisplayName,
	SuperAdmin:    true,
	CanLogin:      true,
	WebDAV:        true,
	CanInvite:     true,
	InviteToken:   GenerateToken(),
	PreviewToken:  GenerateToken(),
	DownloadToken: GenerateToken(),
}

// UnknownUser is an anonymous, public user without own account.
var UnknownUser = User{
	ID:            -1,
	UserUID:       "u000000000000001",
	UserName:      "",
	AuthProvider:  authn.ProviderNone.String(),
	UserRole:      acl.RoleUnknown.String(),
	CanLogin:      false,
	WebDAV:        false,
	CanInvite:     false,
	DisplayName:   UnknownDisplayName,
	InviteToken:   "",
	PreviewToken:  "",
	DownloadToken: "",
}

// Visitor is a user without own account e.g. for link sharing.
var Visitor = User{
	ID:            -2,
	UserUID:       "u000000000000002",
	UserName:      "",
	AuthProvider:  authn.ProviderToken.String(),
	UserRole:      acl.RoleVisitor.String(),
	DisplayName:   VisitorDisplayName,
	CanLogin:      false,
	WebDAV:        false,
	CanInvite:     false,
	InviteToken:   "",
	PreviewToken:  "",
	DownloadToken: "",
}

// CreateDefaultUsers initializes the database with default user accounts.
func CreateDefaultUsers() {
	if admin := FindUser(Admin); admin != nil {
		Admin = *admin
	} else {
		// Set legacy values.
		if leg := FindLegacyUser(Admin); leg != nil {
			Admin.UserUID = leg.UserUID
			if leg.UserName != "" {
				Admin.UserName = leg.UserName
			}
			if leg.PrimaryEmail != "" {
				Admin.UserEmail = leg.PrimaryEmail
			}
			if leg.FullName != "" {
				Admin.DisplayName = leg.FullName
			}
			if leg.LoginAt != nil {
				Admin.LoginAt = leg.LoginAt
			}
			log.Infof("users: migrating %s account", Admin.UserName)
		}

		// Set default values.
		Admin.SuperAdmin = true
		Admin.CanLogin = true
		Admin.WebDAV = true

		// Username is required.
		if Admin.UserName == "" {
			Admin.UserName = "admin"
		}

		// Add initial admin account.
		if err := Admin.Create(); err != nil {
			event.AuditErr([]string{"user", "failed to create", "%s"}, err)
		}
	}

	if user := FirstOrCreateUser(&UnknownUser); user != nil {
		UnknownUser = *user
	}

	if user := FirstOrCreateUser(&Visitor); user != nil {
		Visitor = *user
	}
}
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`package entity`

			`import (`
			`"github.com/photoprism/photoprism/internal/acl"`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`"github.com/photoprism/photoprism/internal/event"`
Auth: Refactor user management API and CLI commands #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2023-03-08 23:30:39 +01:00			`"github.com/photoprism/photoprism/pkg/authn"`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`)`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// Role defaults.`
			`const (`
Auth: Open album share links in the regular user interface #98 #782 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-02 11:38:30 +02:00			`AdminUserName = "admin"`
			`AdminDisplayName = "Admin"`
			`VisitorDisplayName = "Visitor"`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`UnknownDisplayName = "Unknown"`
Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`)`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00
			`// Admin is the default admin user.`
			`var Admin = User{`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`ID: 1,`
			`UserName: AdminUserName,`
Auth: Refactor user management API and CLI commands #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2023-03-09 15:12:10 +01:00			`AuthProvider: authn.ProviderLocal.String(),`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`UserRole: acl.RoleAdmin.String(),`
			`DisplayName: AdminDisplayName,`
			`SuperAdmin: true,`
			`CanLogin: true,`
			`WebDAV: true,`
			`CanInvite: true,`
			`InviteToken: GenerateToken(),`
			`PreviewToken: GenerateToken(),`
			`DownloadToken: GenerateToken(),`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`}`

			`// UnknownUser is an anonymous, public user without own account.`
			`var UnknownUser = User{`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`ID: -1,`
			`UserUID: "u000000000000001",`
			`UserName: "",`
Auth: Refactor user management API and CLI commands #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2023-03-09 15:12:10 +01:00			`AuthProvider: authn.ProviderNone.String(),`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`UserRole: acl.RoleUnknown.String(),`
			`CanLogin: false,`
			`WebDAV: false,`
			`CanInvite: false,`
			`DisplayName: UnknownDisplayName,`
			`InviteToken: "",`
			`PreviewToken: "",`
			`DownloadToken: "",`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`}`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`// Visitor is a user without own account e.g. for link sharing.`
			`var Visitor = User{`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`ID: -2,`
			`UserUID: "u000000000000002",`
			`UserName: "",`
Auth: Refactor user management API and CLI commands #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2023-03-09 15:12:10 +01:00			`AuthProvider: authn.ProviderToken.String(),`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`UserRole: acl.RoleVisitor.String(),`
			`DisplayName: VisitorDisplayName,`
			`CanLogin: false,`
			`WebDAV: false,`
			`CanInvite: false,`
			`InviteToken: "",`
			`PreviewToken: "",`
			`DownloadToken: "",`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`}`

			`// CreateDefaultUsers initializes the database with default user accounts.`
			`func CreateDefaultUsers() {`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`if admin := FindUser(Admin); admin != nil {`
			`Admin = *admin`
			`} else {`
			`// Set legacy values.`
			`if leg := FindLegacyUser(Admin); leg != nil {`
			`Admin.UserUID = leg.UserUID`
Auth: Only migrate non-empty legacy user fields #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-11-03 11:02:36 +01:00			`if leg.UserName != "" {`
			`Admin.UserName = leg.UserName`
			`}`
			`if leg.PrimaryEmail != "" {`
			`Admin.UserEmail = leg.PrimaryEmail`
			`}`
			`if leg.FullName != "" {`
			`Admin.DisplayName = leg.FullName`
			`}`
			`if leg.LoginAt != nil {`
			`Admin.LoginAt = leg.LoginAt`
			`}`
Security: Use individual preview tokens for each user account #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-10-13 22:11:02 +02:00			`log.Infof("users: migrating %s account", Admin.UserName)`
			`}`

			`// Set default values.`
			`Admin.SuperAdmin = true`
			`Admin.CanLogin = true`
			`Admin.WebDAV = true`

			`// Username is required.`
			`if Admin.UserName == "" {`
			`Admin.UserName = "admin"`
			`}`

			`// Add initial admin account.`
			`if err := Admin.Create(); err != nil {`
			`event.AuditErr([]string{"user", "failed to create", "%s"}, err)`
			`}`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`}`

			`if user := FirstOrCreateUser(&UnknownUser); user != nil {`
			`UnknownUser = *user`
			`}`

Auth: Session and ACL enhancements #98 #1746 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-28 09:01:17 +02:00			`if user := FirstOrCreateUser(&Visitor); user != nil {`
			`Visitor = *user`
Auth: Add "PHOTOPRISM_ADMIN_USER" option and refactor user table #98 Signed-off-by: Michael Mayer <michael@photoprism.app> 2022-09-02 21:30:50 +02:00			`}`
			`}`