feat: implement admin bootstrap settings and ensure default roles and admin account

2025-11-09 23:43:13 +01:00
parent 118657491c
commit 24cb3c2f57
5 changed files with 326 additions and 0 deletions
--- a/main.py
+++ b/main.py
@@ -1,9 +1,11 @@
+import logging
 from typing import Awaitable, Callable

 from fastapi import FastAPI, Request, Response
 from fastapi.staticfiles import StaticFiles

 from config.database import Base, engine
+from config.settings import get_settings
 from middleware.auth_session import AuthSessionMiddleware
 from middleware.validation import validate_json
 from models import (
@@ -16,6 +18,7 @@ from routes.auth import router as auth_router
 from routes.dashboard import router as dashboard_router
 from routes.projects import router as projects_router
 from routes.scenarios import router as scenarios_router
+from services.bootstrap import bootstrap_admin

 # Initialize database schema (imports above ensure models are registered)
 Base.metadata.create_all(bind=engine)
@@ -24,6 +27,8 @@ app = FastAPI()

 app.add_middleware(AuthSessionMiddleware)

+logger = logging.getLogger(__name__)
+

@app.middleware("http")
 async def json_validation(
@@ -37,6 +42,23 @@ async def health() -> dict[str, str]:
    return {"status": "ok"}


+@app.on_event("startup")
+async def ensure_admin_bootstrap() -> None:
+    settings = get_settings().admin_bootstrap_settings()
+    try:
+        role_result, admin_result = bootstrap_admin(settings=settings)
+        logger.info(
+            "Admin bootstrap completed: roles=%s created=%s updated=%s rotated=%s assigned=%s",
+            role_result.ensured,
+            admin_result.created_user,
+            admin_result.updated_user,
+            admin_result.password_rotated,
+            admin_result.roles_granted,
+        )
+    except Exception:  # pragma: no cover - defensive logging
+        logger.exception("Failed to bootstrap administrator account")
+
+
 app.include_router(dashboard_router)
 app.include_router(auth_router)
 app.include_router(projects_router)