github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: support ADMIN_EMAIL and ADMIN_PASSWORD env vars for initial admin setup

Browse Source 
Allow the first-boot admin account to be configured via ADMIN_EMAIL and
ADMIN_PASSWORD environment variables. If both are set the account is created
with those credentials; otherwise the existing random-password fallback is
used. Documented across .env.example, docker-compose.yml, Helm chart
(values.yaml, secret.yaml, deployment.yaml), and CLAUDE.md.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
jubnl
2026-04-01 23:09:57 +02:00
parent d73a5e223c
commit 50424fc574
6 changed files with 51 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/.env.example
View File

@@ -26,3 +26,9 @@ OIDC_ADMIN_VALUE=app-trek-admins # Value of the OIDC claim that grants admin rol
OIDC_DISCOVERY_URL= # Override the auto-constructed OIDC discovery endpoint. Useful for providers (e.g. Authentik) that expose it at a non-standard path. Example: https://auth.example.com/application/o/trek/.well-known/openid-configuration
DEMO_MODE=false # Demo mode - resets data hourly
# Initial admin account — only used on first boot when no users exist yet.
# If both are set the admin account is created with these credentials.
# If either is omitted a random password is generated and printed to the server log.
# ADMIN_EMAIL=admin@trek.local
# ADMIN_PASSWORD=changeme

16
server/src/db/seeds.ts
View File

@@ -22,9 +22,21 @@ function seedAdminAccount(db: Database.Database): void {
}
const bcrypt = require('bcryptjs');
const password = crypto.randomBytes(12).toString('base64url');
const env_admin_email = process.env.ADMIN_EMAIL;
const env_admin_pw = process.env.ADMIN_PASSWORD;
let password;
let email;
if (env_admin_email && env_admin_pw) {
password = env_admin_pw;
email = env_admin_email;
} else {
password = crypto.randomBytes(12).toString('base64url');
email = 'admin@trek.local';
}
const hash = bcrypt.hashSync(password, 12);
const email = 'admin@trek.local';
const username = 'admin';
db.prepare('INSERT INTO users (username, email, password_hash, role, must_change_password) VALUES (?, ?, ?, ?, 1)').run(username, email, hash, 'admin');