feat: add system user

This commit is contained in:
KernelDeimos 2024-07-19 15:19:04 -04:00 committed by Eric Dubé
parent 2cd68100d2
commit ab156297a7
2 changed files with 94 additions and 2 deletions

View File

@ -42,7 +42,7 @@ class SqliteDatabaseAccessService extends BaseDatabaseAccessService {
this.db = new Database(this.config.path); this.db = new Database(this.config.path);
// Database upgrade logic // Database upgrade logic
const TARGET_VERSION = 22; const TARGET_VERSION = 23;
if ( do_setup ) { if ( do_setup ) {
this.log.noticeme(`SETUP: creating database at ${this.config.path}`); this.log.noticeme(`SETUP: creating database at ${this.config.path}`);
@ -71,6 +71,7 @@ class SqliteDatabaseAccessService extends BaseDatabaseAccessService {
'0022_dev-center-max.sql', '0022_dev-center-max.sql',
'0023_fix-kv.sql', '0023_fix-kv.sql',
'0024_default-groups.sql', '0024_default-groups.sql',
'0025_system-user.dbmig.js'
].map(p => path_.join(__dirname, 'sqlite_setup', p)); ].map(p => path_.join(__dirname, 'sqlite_setup', p));
const fs = require('fs'); const fs = require('fs');
for ( const filename of sql_files ) { for ( const filename of sql_files ) {
@ -175,6 +176,10 @@ class SqliteDatabaseAccessService extends BaseDatabaseAccessService {
upgrade_files.push('0024_default-groups.sql'); upgrade_files.push('0024_default-groups.sql');
} }
if ( user_version <= 22 ) {
upgrade_files.push('0025_system-user.dbmig.js');
}
if ( upgrade_files.length > 0 ) { if ( upgrade_files.length > 0 ) {
this.log.noticeme(`Database out of date: ${this.config.path}`); this.log.noticeme(`Database out of date: ${this.config.path}`);
this.log.noticeme(`UPGRADING DATABASE: ${user_version} -> ${TARGET_VERSION}`); this.log.noticeme(`UPGRADING DATABASE: ${user_version} -> ${TARGET_VERSION}`);
@ -188,7 +193,20 @@ class SqliteDatabaseAccessService extends BaseDatabaseAccessService {
const basename = path_.basename(filename); const basename = path_.basename(filename);
this.log.noticeme(`applying ${basename}`); this.log.noticeme(`applying ${basename}`);
const contents = fs.readFileSync(filename, 'utf8'); const contents = fs.readFileSync(filename, 'utf8');
this.db.exec(contents); switch ( path_.extname(filename) ) {
case '.sql':
this.db.exec(contents);
break;
case '.js':
await this.run_js_migration_({
filename, contents,
});
break;
default:
throw new Error(
`unrecognized migration type: ${filename}`
);
}
} }
// Update version number // Update version number
@ -274,6 +292,17 @@ class SqliteDatabaseAccessService extends BaseDatabaseAccessService {
}); });
} }
async run_js_migration_ ({ filename, contents }) {
contents = `(async () => {${contents}})()`;
const vm = require('vm');
const context = vm.createContext({
read: this.read.bind(this),
write: this.write.bind(this),
log: this.log,
});
await vm.runInContext(contents, context);
}
_register_commands (commands) { _register_commands (commands) {
commands.registerCommands('sqlite', [ commands.registerCommands('sqlite', [
{ {

View File

@ -0,0 +1,63 @@
/*
Add a user called `system`.
If a user called `system` already exists, first rename the existing
user to the first username in this sequence:
system_, system_0, system_1, system_2, ...
*/
let existing_user;
;[existing_user] = await read(
"SELECT username FROM `user` WHERE username='system'",
);
if ( existing_user ) {
let replace_num = 0;
let replace_name = 'system_';
for (;;) {
;[existing_user] = await read(
'SELECT username FROM `user` WHERE username=?',
[replace_name]
);
if ( ! existing_user ) break;
replace_name = 'system_' + (replace_num++);
}
log.noticeme('updating existing user called system', {
replace_num,
replace_name,
});
await write(
`UPDATE \`user\` SET username=? WHERE username='system' LIMIT 1`,
[replace_name]
);
}
const { insertId: system_user_id } = await write(
'INSERT INTO `user` (`uuid`, `username`) VALUES (?, ?)',
[
'5d4adce0-a381-4982-9c02-6e2540026238',
'system',
]
);
const [{id: system_group_id}] = await read(
'SELECT id FROM `group` WHERE uid=?',
['26bfb1fb-421f-45bc-9aa4-d81ea569e7a5']
);
const [{id: admin_group_id}] = await read(
'SELECT id FROM `group` WHERE uid=?',
['ca342a5e-b13d-4dee-9048-58b11a57cc55']
);
// admin group has unlimited access to all drivers
await write(
'INSERT INTO `user_to_group_permissions` ' +
'(`user_id`, `group_id`, `permission`, `extra`) ' +
'VALUES (?, ?, ?, ?)',
[system_user_id, admin_group_id, 'driver', '{}']
);