WangDL
5a7c21dd60
All checks were successful
Deploy API Server / build-and-deploy (push) Successful in 9s
- Add AdminRole enum (SUPER_ADMIN/ADMIN/OPERATIONS/DEVELOPER/READONLY) with hierarchy
- Add PasswordService (bcryptjs, 12 rounds), AdminTokenService (type=admin JWT)
- Add AdminAuthService: login/lockout/refresh/logout with audit logging
- Add AdminAuthController: /admin-api/auth/{login,refresh,logout,me}
- Add AdminAuthGuard: validates type=admin, user status, session, lockout
- Add AdminRolesGuard + @AdminRoles() decorator for RBAC
- Add AdminAuditService for audit log persistence
- Add AdminLoginRateLimit (10 req/15min per IP)
- Add prisma/seed.ts for SUPER_ADMIN initialization via env vars
- Update JwtAuthGuard to skip /admin-api/* and /internal/* paths
- Update main.ts to exclude admin-api/internal from global 'api' prefix
- Update jwt.config.ts with admin JWT secrets and expiry config
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
48 lines
1.1 KiB
TypeScript
48 lines
1.1 KiB
TypeScript
import { PrismaClient } from '@prisma/client';
|
|
import * as bcrypt from 'bcryptjs';
|
|
|
|
const prisma = new PrismaClient();
|
|
|
|
async function main() {
|
|
const email = process.env.SUPER_ADMIN_EMAIL;
|
|
const password = process.env.SUPER_ADMIN_PASSWORD;
|
|
|
|
if (!email || !password) {
|
|
console.error('❌ 请设置环境变量 SUPER_ADMIN_EMAIL 和 SUPER_ADMIN_PASSWORD');
|
|
process.exit(1);
|
|
}
|
|
|
|
if (password.length < 8) {
|
|
console.error('❌ SUPER_ADMIN_PASSWORD 长度不能少于 8 位');
|
|
process.exit(1);
|
|
}
|
|
|
|
const passwordHash = await bcrypt.hash(password, 12);
|
|
|
|
const adminUser = await prisma.adminUser.upsert({
|
|
where: { email },
|
|
update: {
|
|
passwordHash,
|
|
role: 'SUPER_ADMIN',
|
|
status: 'ACTIVE',
|
|
displayName: '超级管理员',
|
|
},
|
|
create: {
|
|
email,
|
|
passwordHash,
|
|
displayName: '超级管理员',
|
|
role: 'SUPER_ADMIN',
|
|
status: 'ACTIVE',
|
|
},
|
|
});
|
|
|
|
console.log(`✅ 超级管理员已创建/更新: ${adminUser.email} (id: ${adminUser.id})`);
|
|
}
|
|
|
|
main()
|
|
.catch((e) => {
|
|
console.error('❌ Seed 失败:', e);
|
|
process.exit(1);
|
|
})
|
|
.finally(() => prisma.$disconnect());
|