add new "insert test mode" site setting

- it makes it so ANY account that gets created is an admin
- soon it will add some UI element to emphasize the lack of security

Author: williamstein

src/packages/database/settings/server-settings.ts

@@ -90,6 +90,7 @@ export async function load_server_settings_from_env(
   db: PostgreSQL,
 ): Promise<void> {
   const PREFIX = SERVER_SETTINGS_ENV_PREFIX;
+  L.debug("load_server_settings_from_env variables prefixed by ", PREFIX);
   // reset all readonly values
   await db.async_query({
     query: "UPDATE server_settings",

src/packages/hub/hub.ts

@@ -12,7 +12,6 @@ import { callback } from "awaiting";
 import blocked from "blocked";
 import { spawn } from "child_process";
 import { program as commander, Option } from "commander";
-
 import basePath from "@cocalc/backend/base-path";
 import {
   pghost as DEFAULT_DB_HOST,
@@ -149,13 +148,14 @@ async function startServer(): Promise<void> {
     // in those cases where we initialize the database upon startup
     // (essentially only relevant for kucalc's hub-websocket)
     if (program.mode === "kucalc") {
-      // set server settings based on environment variables
-      await load_server_settings_from_env(database);
       // and for on-prem setups, also initialize the admin account, set a registration token, etc.
       await initialOnPremSetup(database);
     }
   }
 
+  // set server settings based on environment variables
+  await load_server_settings_from_env(database);
+
   if (program.agentPort) {
     winston.info("Configure agent port");
     set_agent_endpoint(program.agentPort, program.hostname);

src/packages/server/accounts/create-account.ts

@@ -10,6 +10,7 @@ import accountCreationActions, {
   creationActionsDone,
 } from "./account-creation-actions";
 import { getLogger } from "@cocalc/backend/logger";
+import { getServerSettings } from "@cocalc/database/settings/server-settings";
 const log = getLogger("server:accounts:create");
 
 interface Params {
@@ -54,6 +55,15 @@ export default async function createAccount({
         signupReason,
       ],
     );
+    const { insecure_test_mode } = await getServerSettings();
+    if (insecure_test_mode) {
+      log.debug("Creating account in insecure_test_mode!");
+      await pool.query("UPDATE accounts SET groups=$1 WHERE account_id=$2", [
+        ["admin"],
+        account_id,
+      ]);
+    }
+
     if (email) {
       await accountCreationActions({ email_address: email, account_id, tags });
     }

src/packages/util/db-schema/site-defaults.ts

@@ -7,7 +7,6 @@
 
 import jsonic from "jsonic";
 import { isEqual } from "lodash";
-
 import { LOCALE } from "@cocalc/util/consts/locale";
 import { is_valid_email_address } from "@cocalc/util/misc";
 import {
@@ -42,6 +41,7 @@ export const TAGS = [
   "Theme",
   "On-Prem",
   "I18N",
+  "Security",
 ] as const;
 
 export type Tag = (typeof TAGS)[number];
@@ -116,7 +116,8 @@ export type SiteSettingsKeys =
   | "compute_servers_dns_enabled"
   | "compute_servers_dns"
   | "compute_servers_hyperstack_enabled"
-  | "cloud_filesystems_enabled";
+  | "cloud_filesystems_enabled"
+  | "insecure_test_mode";
 
 //| "compute_servers_lambda-cloud_enabled"
 
@@ -953,4 +954,12 @@ export const site_settings_conf: SiteSettings = {
       to_bool(conf.compute_servers_dns_enabled),
     tags: ["Compute Servers"],
   },
+  insecure_test_mode: {
+    name: "Insecure Test Mode",
+    desc: "Put this server in a highly insecure test mode that is suitable for evaluating CoCalc, but **CANNOT BE USED IN PRODUCTION**.",
+    default: "no",
+    valid: only_booleans,
+    to_val: to_bool,
+    tags: ["Security"],
+  },
 } as const;