Remove misc files, add root permission, and update env template

2020-07-07 19:30:48 -05:00 · 2020-07-07 19:30:48 -05:00 · 60533848a1
commit 60533848a1
parent 6bd1ddc064
5 changed files with 37 additions and 11 deletions
--- a/TODO.text
+++ b/TODO.text
@ -1,2 +1,4 @@
 - OAuth2 -> support refresh tokens
 - Localize all the things
+- Setup wizard
+- Logins as jobs
--- a/a.out
+++ b/a.out
--- a/app/controllers/api/v1/Auth.controller.js
+++ b/app/controllers/api/v1/Auth.controller.js
@ -76,7 +76,20 @@ class AuthController extends Controller {
            trap: 'password_reset', // Force user to reset password
        })

-        user.promote('base_user')
+        const Setting = this.models.get('Setting')
+        try {
+            const default_roles = await Setting.get('auth.default_roles')
+            if ( Array.isArray(default_roles) ) {
+                for ( const role of default_roles ) user.promote(role)
+            }
+        } catch (e) {
+            this.output.error('Unable to read default roles to promote registered user: ')
+            this.output.error(e)
+        }
+
+        // If this is the first user, make them root
+        if ( !(await User.findOne()) ) user.promote('root')
+
        await user.save()

        // Log in the user automatically
--- a/config/auth.config.js
+++ b/config/auth.config.js
@ -192,6 +192,8 @@ const auth_config = {
            'v1:password',
        ],

+        root: ['v1', 'ldap', 'saml', 'profile', 'oauth', 'app', 'auth', 'iam'],
+
    },

 }
--- a/example.env
+++ b/example.env
@ -1,26 +1,35 @@
-APP_NAME=Flitter
+APP_NAME="Starship CoreID"
 APP_URL=http://localhost:8000/

 SERVER_PORT=8000
-LOGGING_LEVEL=1
+LOGGING_LEVEL=2
+LOGGING_TIMESTAMP=false

 DATABASE_HOST=127.0.0.1
 DATABASE_PORT=27017
-DATABASE_NAME=flitter
+DATABASE_NAME=starship_coreid
 DATABASE_AUTH=false

-SECRET=changeme
+SECRET="Replace this with something randomly generated!"
 ENVIRONMENT=production

 SSL_ENABLE=false
-SSL_CERT_FILE=cert.pem
-SSL_CERT_KEY=cert.key
+SSL_CERT_FILE=cert.crt
+SSL_KEY_FILE=cert.key
+
+LDAP_SERVER_PORT=389
+
+# Every LDAP DN is suffixed with this automatically
+LDAP_BASE_DC="dc=coreid,dc=local"
+
+SAML_CERT_FILE="/path/to/x509/public.pem"
+SAML_KEY_FILE="/path/to/x509/private.pem"

 REDIS_HOST=localhost
 REDIS_PORT=6379

-SMTP_HOST="mail.mydomain.com"
+SMTP_HOST="localhost"
 SMTP_PORT="587"
-SMTP_USER="coreid@mydomain.com"
-SMTP_DEFAULT_SENDER="coreid@mydomain.com"
-SMTP_PASS="supersecretpassword"
+SMTP_USER="coreid@localhost.localdomain"
+SMTP_DEFAULT_SENDER="coreid@localhost.localdomain"
+SMTP_PASS="something super secure"