add admin reset command

mms-gianni · mms-gianni · commit dd660fcbab95 · 2025-07-28T10:37:26.000+02:00
diff --git a/server/README.md b/server/README.md
@@ -21,6 +21,13 @@ $ yarn run start:dev
 $ yarn run start:prod
 ```
 
+## Administration Commands
+
+```bash
+# Reset admin account (creates or updates with new password)
+$ npm run cli:reset-admin
+```
+
 ## Run tests
 
 ```bash
diff --git a/server/package.json b/server/package.json
@@ -15,6 +15,8 @@
     "dev": "nest start --debug --watch",
     "start:prod": "node dist/main",
     "lint": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "cli": "ts-node -r tsconfig-paths/register src/cli.ts",
+    "cli:reset-admin": "npm run cli reset-admin",
     "test": "jest",
     "test:ci": "jest --ci --reporters=default --reporters=jest-junit",
     "test:watch": "jest --watch",
@@ -44,6 +46,7 @@
     "@nestjs/serve-static": "^5.0.1",
     "@nestjs/swagger": "^11.0.3",
     "@nestjs/websockets": "^11.0.7",
+    "nest-commander": "^3.13.0",
     "@octokit/core": "^6.1.3",
     "@prisma/client": "^6.9.0",
     "@types/bcrypt": "^5.0.2",
@@ -87,6 +90,7 @@
     "@types/passport-oauth2": "^1.4.17",
     "@types/sshpk": "^1.17.4",
     "@types/supertest": "^6.0.2",
+    "tsconfig-paths": "^4.2.0",
     "eslint": "^9.18.0",
     "eslint-config-prettier": "^10.0.1",
     "eslint-plugin-prettier": "^5.2.2",
diff --git a/server/src/app.module.ts b/server/src/app.module.ts
@@ -24,6 +24,7 @@ import { DatabaseModule } from './database/database.module';
 import { GroupModule } from './groups/groups.module';
 import { RolesModule } from './roles/roles.module';
 import { TokenModule } from './token/token.module';
+import { CliModule } from './cli/cli.module';
 
 @Module({
   imports: [
@@ -49,6 +50,7 @@ import { TokenModule } from './token/token.module';
     GroupModule,
     RolesModule,
     TokenModule,
+    CliModule,
   ],
   controllers: [AppController, TemplatesController],
   providers: [AppService, TemplatesService],
diff --git a/server/src/cli.ts b/server/src/cli.ts
@@ -0,0 +1,9 @@
+#!/usr/bin/env node
+import { CommandFactory } from 'nest-commander';
+import { CliModule } from './cli/cli.module';
+
+async function bootstrap() {
+  await CommandFactory.run(CliModule, ['warn', 'error', 'log']);
+}
+
+bootstrap();
diff --git a/server/src/cli/cli.module.ts b/server/src/cli/cli.module.ts
@@ -0,0 +1,11 @@
+import { Module } from '@nestjs/common';
+import { ResetAdminCommand } from './commands/reset-admin.command';
+import { DatabaseService } from '../database/database.service';
+
+@Module({
+  providers: [
+    ResetAdminCommand,
+    DatabaseService,
+  ],
+})
+export class CliModule {}
diff --git a/server/src/cli/commands/reset-admin.command.ts b/server/src/cli/commands/reset-admin.command.ts
@@ -0,0 +1,27 @@
+import { Command, CommandRunner } from 'nest-commander';
+import { Injectable, Logger } from '@nestjs/common';
+import { DatabaseService } from '../../database/database.service';
+
+@Command({ name: 'reset-admin', description: 'Reset the admin account with a new random password' })
+@Injectable()
+export class ResetAdminCommand extends CommandRunner {
+  private readonly logger = new Logger(ResetAdminCommand.name);
+
+  constructor(private readonly databaseService: DatabaseService) {
+    super();
+  }
+
+  async run(): Promise<void> {
+    this.logger.log('Resetting admin account...');
+    
+    try {
+      await this.databaseService.resetAdminUser();
+      this.logger.log('Admin account has been reset successfully');
+    } catch (error) {
+      this.logger.error('Failed to reset admin account', error);
+      process.exit(1);
+    }
+    
+    process.exit(0);
+  }
+}
diff --git a/server/src/database/database.service.ts b/server/src/database/database.service.ts
@@ -167,6 +167,78 @@ export class DatabaseService {
     }
   }
 
+  /**
+   * Resets the admin user account with a new random password.
+   * If the admin user doesn't exist, it creates one.
+   * Prints the new username and password to the console.
+   * @returns {Promise<void>}
+   */
+  async resetAdminUser(): Promise<void> {
+    const prisma = new PrismaClient();
+    const adminUser = process.env.KUBERO_ADMIN_USERNAME || 'admin';
+    const adminEmail = process.env.KUBERO_ADMIN_EMAIL || 'admin@kubero.dev';
+    const role = process.env.KUBERO_SYSTEM_USER_ROLE || 'admin';
+    const userGroups = ['everyone', 'admin'];
+
+    try {
+      // Generate a random password
+      const plainPassword = crypto
+        .randomBytes(25)
+        .toString('base64')
+        .slice(0, 19);
+      // Create bcrypt hash
+      const passwordHash = await bcrypt.hash(plainPassword, 10);
+      
+      // Check if admin user exists
+      const existingUser = await prisma.user.findUnique({
+        where: { id: '2' },
+      });
+      
+      if (existingUser) {
+        // Update existing admin user
+        await prisma.user.update({
+          where: { id: '2' },
+          data: {
+            password: passwordHash,
+            updatedAt: new Date(),
+          },
+        });
+        console.log('\n\n\n', 'Admin account has been reset');
+      } else {
+        // Create new admin user
+        await prisma.user.create({
+          data: {
+            id: '2',
+            username: adminUser,
+            email: adminEmail,
+            password: passwordHash,
+            isActive: true,
+            role: { connect: { name: role } },
+            userGroups:
+              userGroups && Array.isArray(userGroups)
+                ? {
+                    connect: userGroups.map((g: any) => ({ name: g })),
+                  }
+                : undefined,
+            createdAt: new Date(),
+            updatedAt: new Date(),
+          },
+        });
+        console.log('\n\n\n', 'New admin account created');
+      }
+      
+      console.log('  username: ', adminUser);
+      console.log('  password: ', plainPassword);
+      console.log('  email:    ', adminEmail, '\n\n\n');
+      
+      this.logger.log('Admin user reset successfully.');
+      return;
+    } catch (error) {
+      this.logger.error('Failed to reset admin user.', error);
+      throw error;
+    }
+  }
+
   private async migrateLegeacyUsers() {
     const prisma = new PrismaClient();
 
diff --git a/server/yarn.lock b/server/yarn.lock
