apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-04-25 04:16:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(auth): remove hardcoded admin password and use env var / random generation fallback

Browse source
This commit is contained in:
DmitrL-dev 2026-03-30 20:34:24 +10:00
parent 05ee9859bf
commit f833602145
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
internal/infrastructure/auth/users.go
View file

@ -8,6 +8,7 @@ import (
"errors"
"fmt"
"log/slog"
"os"
"sync"
"time"
@ -65,7 +66,14 @@ func NewUserStore(db ...*sql.DB) *UserStore {
// Ensure default admin exists
if _, err := s.GetByEmail("admin@syntrex.pro"); err != nil {
hash, _ := bcrypt.GenerateFromPassword([]byte("syntrex-admin-2026"), bcrypt.DefaultCost)
adminPass := os.Getenv("SYNTREX_ADMIN_PASSWORD")
if adminPass == "" {
b := make([]byte, 16)
rand.Read(b)
adminPass = hex.EncodeToString(b)
slog.Warn("SYNTREX_ADMIN_PASSWORD not set. Generated random admin password", "password", adminPass)
}
hash, _ := bcrypt.GenerateFromPassword([]byte(adminPass), bcrypt.DefaultCost)
admin := &User{
ID: generateID("usr"),
Email: "admin@syntrex.pro",