Add default admin user and admin-only user creation

Features added: - Automatic creation of default admin user on first startup (login: admin, password: admin) - Admin-only endpoint POST /api/admin/users for creating new users - Admin users can set is_admin flag when creating users - Non-admin users are blocked from accessing admin endpoints Implementation: - Added CreateDefaultAdmin() function in internal/database/database.go - Checks if any users exist, creates admin only if database is empty - Admin user: login "admin", password "admin", is_admin true - Added CreateUser() method to auth service for admin user creation - Added CreateUser() handler to auth handler - Added /api/admin/users endpoint with AuthMiddleware + AdminMiddleware - Updated README_GOLANG.md with: - Default admin credentials - Instructions for creating additional users - Admin API documentation Security: - Default admin password should be changed after first login - AdminMiddleware ensures only users with is_admin=true can access admin routes - Non-admin users receive 403 Forbidden when accessing admin endpoints Tested: - Default admin creation on startup ✓ - Admin login with default credentials ✓ - Admin can create new users ✓ - New users can login ✓ - Non-admin users blocked from admin endpoints ✓
2026-03-14 08:26:16 +01:00 · 2025-11-05 11:35:36 +00:00 · 2025-11-05 11:35:36 +00:00 · 4e9e0b4efa
commit 4e9e0b4efa
parent 65f1265555
5 changed files with 196 additions and 0 deletions
--- a/internal/services/auth_service.go
+++ b/internal/services/auth_service.go
@ -37,6 +37,15 @@ type RegisterRequest struct {
 	LastName  string `json:"last_name"`
 }

+// CreateUserRequest represents an admin user creation request
+type CreateUserRequest struct {
+	Login     string `json:"login" binding:"required"`
+	Password  string `json:"password" binding:"required"`
+	FirstName string `json:"first_name"`
+	LastName  string `json:"last_name"`
+	IsAdmin   bool   `json:"is_admin"`
+}
+
 // AuthResponse represents an authentication response
 type AuthResponse struct {
 	Token string       `json:"token"`
@ -146,3 +155,42 @@ func (s *AuthService) RefreshToken(userID uint) (string, error) {

 	return user.Token, nil
 }
+
+// CreateUser creates a new user (admin only)
+func (s *AuthService) CreateUser(req CreateUserRequest) (*models.User, error) {
+	// Check if user already exists
+	var existingUser models.User
+	if err := database.DB.Where("login = ?", req.Login).First(&existingUser).Error; err == nil {
+		return nil, errors.New("user already exists")
+	}
+
+	// Create new user
+	user := models.User{
+		Login:     req.Login,
+		FirstName: req.FirstName,
+		LastName:  req.LastName,
+		IsAdmin:   req.IsAdmin,
+		AuthType:  models.AuthTypeDatabase,
+		Token:     uuid.New().String(),
+	}
+
+	// Set password
+	if err := user.SetPassword(req.Password); err != nil {
+		return nil, err
+	}
+
+	// Save user
+	if err := database.DB.Create(&user).Error; err != nil {
+		return nil, err
+	}
+
+	// Create default preference
+	preference := models.Preference{
+		UserID: user.ID,
+	}
+	if err := database.DB.Create(&preference).Error; err != nil {
+		return nil, err
+	}
+
+	return &user, nil
+}