photoprism/internal/entity/auth_user_default.go
Michael Mayer 7e7ba69982 Auth: Add client_uid and client_name to auth_sessions table #808 #3943
This also adds the ability to change the client role if needed and
improves the usage information and output of the CLI commands.

Signed-off-by: Michael Mayer <michael@photoprism.app>
2024-01-18 16:53:05 +01:00

111 lines
2.6 KiB
Go

package entity
import (
"github.com/photoprism/photoprism/internal/acl"
"github.com/photoprism/photoprism/internal/event"
"github.com/photoprism/photoprism/pkg/authn"
)
// Role defaults.
const (
AdminUserName = "admin"
AdminDisplayName = "Admin"
VisitorDisplayName = "Visitor"
UnknownDisplayName = "Unknown"
)
// Admin is the default admin user.
var Admin = User{
ID: 1,
UserName: AdminUserName,
AuthProvider: authn.ProviderLocal.String(),
UserRole: acl.RoleAdmin.String(),
DisplayName: AdminDisplayName,
SuperAdmin: true,
CanLogin: true,
WebDAV: true,
CanInvite: true,
InviteToken: GenerateToken(),
PreviewToken: GenerateToken(),
DownloadToken: GenerateToken(),
}
// UnknownUser is an anonymous, public user without own account.
var UnknownUser = User{
ID: -1,
UserUID: "u000000000000001",
UserName: "",
AuthProvider: authn.ProviderNone.String(),
UserRole: acl.RoleNone.String(),
CanLogin: false,
WebDAV: false,
CanInvite: false,
DisplayName: UnknownDisplayName,
InviteToken: "",
PreviewToken: "",
DownloadToken: "",
}
// Visitor is a user without own account e.g. for link sharing.
var Visitor = User{
ID: -2,
UserUID: "u000000000000002",
UserName: "",
AuthProvider: authn.ProviderLink.String(),
UserRole: acl.RoleVisitor.String(),
DisplayName: VisitorDisplayName,
CanLogin: false,
WebDAV: false,
CanInvite: false,
InviteToken: "",
PreviewToken: "",
DownloadToken: "",
}
// CreateDefaultUsers initializes the database with default user accounts.
func CreateDefaultUsers() {
if admin := FindUser(Admin); admin != nil {
Admin = *admin
} else {
// Set legacy values.
if leg := FindLegacyUser(Admin); leg != nil {
Admin.UserUID = leg.UserUID
if leg.UserName != "" {
Admin.UserName = leg.UserName
}
if leg.PrimaryEmail != "" {
Admin.UserEmail = leg.PrimaryEmail
}
if leg.FullName != "" {
Admin.DisplayName = leg.FullName
}
if leg.LoginAt != nil {
Admin.LoginAt = leg.LoginAt
}
log.Infof("users: migrating %s account", Admin.UserName)
}
// Set default values.
Admin.SuperAdmin = true
Admin.CanLogin = true
Admin.WebDAV = true
// Username is required.
if Admin.UserName == "" {
Admin.UserName = "admin"
}
// Add initial admin account.
if err := Admin.Create(); err != nil {
event.AuditErr([]string{"user", "failed to create", "%s"}, err)
}
}
if user := FirstOrCreateUser(&UnknownUser); user != nil {
UnknownUser = *user
}
if user := FirstOrCreateUser(&Visitor); user != nil {
Visitor = *user
}
}