From 7759a1cd4029a2ea0e1403d32fa768f9416e510f Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Thu, 11 Feb 2021 13:18:18 +1100
Subject: [PATCH] Implemented default admin account

---
 README.md                         |  8 +++++++-
 client/components/pages/login.jsx | 20 +-------------------
 configure-script.js               |  2 --
 server/accounts/login.js          |  4 ++--
 server/admin/index.js             | 23 +++++++++++++++++++++++
 sql/create_database.sql           | 10 ----------
 sql/update_database.sql.old       |  3 +++
 7 files changed, 36 insertions(+), 34 deletions(-)
 delete mode 100644 sql/create_database.sql

diff --git a/README.md b/README.md
index a497711..c509c11 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,7 @@ There are external components to this template referred to as "microservices". T
 	- ~~logout (with cookies)~~
 	- ~~account deletion~~
 - Administration Panel
+	- ~~Default admin account~~
 	- ~~Exclusive to admin accounts~~
 	- inspect aggregate user data
 - ~~News blog system (microservice)~~
@@ -72,7 +73,12 @@ There are external components to this template referred to as "microservices". T
 - Configuraton Script:
 	- Default UUID keys
 	- ~~Docker, docker, docker.~~
-- Start here page
+- Better compression for client files
+- Full tutorial for setting up and using the site
+	- Start here page
+	- Security holes
+		- HTTPS
+		- Default admin account
 
 # Email settings
 
diff --git a/client/components/pages/login.jsx b/client/components/pages/login.jsx
index a90420f..6613d22 100644
--- a/client/components/pages/login.jsx
+++ b/client/components/pages/login.jsx
@@ -49,15 +49,10 @@ const LogIn = props => {
 	);
 };
 
+//DOCS: returns two values: response and OK
 const handleSubmit = async (email, password) => {
 	email = email.trim();
 
-	const err = handleValidation(email, password);
-
-	if (err) {
-		return err;
-	}
-
 	//generate a new formdata payload
 	let formData = new FormData();
 
@@ -73,17 +68,4 @@ const handleSubmit = async (email, password) => {
 	}
 };
 
-//returns an error message, or null on success
-const handleValidation = (email, password) => {
-	if (!validateEmail(email)) {
-		return 'invalid email';
-	}
-
-	if (password.length < 8) {
-		return 'invalid password (Must be at least 8 characters long)';
-	}
-
-	return null;
-};
-
 export default LogIn;
diff --git a/configure-script.js b/configure-script.js
index 850f8b0..3aa9a32 100644
--- a/configure-script.js
+++ b/configure-script.js
@@ -151,7 +151,6 @@ networks:
 	const dockerfile = `
 FROM node:15
 WORKDIR "/app"
-WORKDIR "/app"
 COPY package*.json ./
 RUN npm install
 RUN apt-get update
@@ -159,7 +158,6 @@ RUN apt-get install -y mariadb-client
 COPY . /app
 EXPOSE 3000
 
-
 ENTRYPOINT ["bash", "-c"]
 CMD ["mysql --host=database --user=root --password=${databaseRootPassword} < ./startup.sql && npm start"]
 `;
diff --git a/server/accounts/login.js b/server/accounts/login.js
index 8320a67..6928fb1 100644
--- a/server/accounts/login.js
+++ b/server/accounts/login.js
@@ -56,8 +56,8 @@ const route = async (req, res) => {
 };
 
 const validateDetails = async (fields) => {
-	//basic formatting
-	if (!validateEmail(fields.email)) {
+	//basic formatting (with an exception for the default admin account)
+	if (!validateEmail(fields.email) && fields.email != `admin@${process.env.WEB_ADDRESS}`) {
 		return 'invalid email';
 	}
 
diff --git a/server/admin/index.js b/server/admin/index.js
index f10eb9b..a2389d9 100644
--- a/server/admin/index.js
+++ b/server/admin/index.js
@@ -16,4 +16,27 @@ router.get('/banned', require('./banned'));
 router.post('/ban', require('./ban'));
 router.post('/unban', require('./unban'));
 
+//DOCS: ensure that there is at least one administration account
+const bcrypt = require('bcryptjs');
+const { accounts } = require('../database/models');
+
+(async () => {
+	const admin = await accounts.findOne({
+		where: {
+			privilege: 'administrator'
+		}
+	});
+
+	if (admin == null) {
+		await accounts.create({
+			privilege: 'administrator',
+			email: `admin@${process.env.WEB_ADDRESS}`,
+			username: `admin`,
+			hash: await bcrypt.hash('password', await bcrypt.genSalt(11))
+		});
+
+		console.log(`Created default admin account (email: admin@${process.env.WEB_ADDRESS}; password: password)`);
+	}
+})();
+
 module.exports = router;
\ No newline at end of file
diff --git a/sql/create_database.sql b/sql/create_database.sql
deleted file mode 100644
index c851223..0000000
--- a/sql/create_database.sql
+++ /dev/null
@@ -1,10 +0,0 @@
-#This file only needs to be run once, during initial setup
-#After this script, next run 'update_database.sql'
-
-#Create the actual database
-CREATE DATABASE IF NOT EXISTS template;
-USE template;
-
-#Create the database user
-CREATE USER IF NOT EXISTS 'template'@'%' IDENTIFIED BY 'pikachu';
-GRANT ALL PRIVILEGES ON template.* TO 'template'@'%';
\ No newline at end of file
diff --git a/sql/update_database.sql.old b/sql/update_database.sql.old
index 6b249d7..e197d09 100644
--- a/sql/update_database.sql.old
+++ b/sql/update_database.sql.old
@@ -1,3 +1,6 @@
+# Do not use this file - this is just a guide for my own use
+
+
 # account system
 CREATE TABLE IF NOT EXISTS pendingSignups (
 	email VARCHAR(320) UNIQUE,