From ac980426a5ff549df392c24d3ff43dff289affd8 Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Sun, 7 Mar 2021 06:59:58 +1100
Subject: [PATCH] Added optional default admin account

---
 .envdev                         |  3 +++
 server/admin/default-account.js | 37 +++++++++++++++++++++++++++++++++
 server/admin/index.js           |  3 +++
 server/auth/login.js            |  3 +--
 server/auth/signup.js           |  5 +++++
 server/database/models/index.js |  2 +-
 server/server.js                |  5 ++++-
 7 files changed, 54 insertions(+), 4 deletions(-)
 create mode 100644 server/admin/default-account.js
 create mode 100644 server/admin/index.js

diff --git a/.envdev b/.envdev
index 47b9b1f..35bfe83 100644
--- a/.envdev
+++ b/.envdev
@@ -13,5 +13,8 @@ MAIL_USERNAME=foobar@example.com
 MAIL_PASSWORD=examplepassword
 MAIL_PHYSICAL=42 Placeholder Ave, Placeholder, 0000, USA
 
+ADMIN_DEFAULT_USERNAME=admin
+ADMIN_DEFAULT_PASSWORD=password
+
 SECRET_ACCESS=access
 SECRET_REFRESH=refresh
diff --git a/server/admin/default-account.js b/server/admin/default-account.js
new file mode 100644
index 0000000..ffef6d4
--- /dev/null
+++ b/server/admin/default-account.js
@@ -0,0 +1,37 @@
+//DOCS: ensure that there is at least one administration account
+const bcrypt = require('bcryptjs');
+const sequelize = require('../database');
+const { accounts } = require('../database/models');
+
+module.exports = async () => {
+	await sequelize.sync(); //this whole file is just one big BUGFIX
+
+	//validate env variables
+	if (!process.env.ADMIN_DEFAULT_USERNAME || !process.env.ADMIN_DEFAULT_PASSWORD) {
+		//skip this if arguments are missing
+		return;
+	}
+
+	if (process.env.ADMIN_DEFAULT_PASSWORD && process.env.ADMIN_DEFAULT_PASSWORD.length < 8) {
+		console.warn('ADMIN_DEFAULT_PASSWORD is too short - skipping default account creation');
+		return;
+	}
+
+	//check for an existing admin account
+	const adminRecord = await accounts.findOne({
+		where: {
+			privilege: 'administrator'
+		}
+	});
+
+	if (adminRecord == null) {
+		await accounts.create({
+			privilege: 'administrator',
+			email: `${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}`,
+			username: `${process.env.ADMIN_DEFAULT_USERNAME}`,
+			hash: await bcrypt.hash(`${process.env.ADMIN_DEFAULT_PASSWORD}`, await bcrypt.genSalt(11))
+		});
+
+		console.warn(`Created default admin account (email: ${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}; password: ${process.env.ADMIN_DEFAULT_PASSWORD})`);
+	}
+};
diff --git a/server/admin/index.js b/server/admin/index.js
new file mode 100644
index 0000000..6e6b3aa
--- /dev/null
+++ b/server/admin/index.js
@@ -0,0 +1,3 @@
+module.exports = {
+	defaultAccount: require('./default-account')
+};
\ No newline at end of file
diff --git a/server/auth/login.js b/server/auth/login.js
index f116ad1..46f7b8f 100644
--- a/server/auth/login.js
+++ b/server/auth/login.js
@@ -51,10 +51,9 @@ const route = async (req, res) => {
 
 const validateDetails = async (body) => {
 	//basic formatting (with an exception for the default admin account)
-	if (!validateEmail(body.email) && body.email != `admin@${process.env.WEB_ADDRESS}`) {
+	if (!validateEmail(body.email) && body.email != `${process.env.ADMIN_DEFAULT_USERNAME}@${process.env.WEB_ADDRESS}`) {
 		return 'invalid email';
 	}
-	//TODO: restore default admin account
 
 	//check for existing (banned)
 	//TODO: restore banning
diff --git a/server/auth/signup.js b/server/auth/signup.js
index 11e2cf5..82bfe31 100644
--- a/server/auth/signup.js
+++ b/server/auth/signup.js
@@ -78,6 +78,11 @@ const validateDetails = async (body) => {
 		return 'username already exists';
 	}
 
+	//validate password
+	if (body.password.length < 8) {
+		return 'password too short';
+	}
+
 	return null;
 };
 
diff --git a/server/database/models/index.js b/server/database/models/index.js
index 0e80f26..eadaaea 100644
--- a/server/database/models/index.js
+++ b/server/database/models/index.js
@@ -2,4 +2,4 @@ module.exports = {
 	tokens: require('./tokens'),
 	accounts: require('./accounts'),
 	pendingSignups: require('./pending-signups')
-}
\ No newline at end of file
+};
\ No newline at end of file
diff --git a/server/server.js b/server/server.js
index 2bed307..7721490 100644
--- a/server/server.js
+++ b/server/server.js
@@ -15,7 +15,10 @@ app.use(cors());
 //database connection
 const database = require('./database');
 
-//access the news
+const admin = require('./admin');
+admin.defaultAccount();
+
+//access the auth
 app.use('/auth', require('./auth'));
 
 //error on access