feat(security): harden for production deployment
- auth: first registered user becomes superadmin (active immediately) - entrypoint: no longer seeds demo data in prod (opt-in via RUN_SEED=1) - config: refuse to boot in prod with weak/placeholder SECRET_KEY (<32 chars) - main: restrict CORS to FRONTEND_URL only in prod (localhost dev-only) - seed_db: block prod seeding, read passwords from env, stop printing them - login: remove demo account credentials from UI Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -63,20 +63,31 @@ async def register(
|
||||
if existing:
|
||||
raise HTTPException(status_code=400, detail="Email already registered")
|
||||
|
||||
# Create user (inactive until verified)
|
||||
# The very first user to register becomes the superadmin (the instance
|
||||
# owner) and is activated immediately, so the platform can be bootstrapped
|
||||
# without depending on email/SMTP delivery.
|
||||
is_first_user = db.query(User).count() == 0
|
||||
|
||||
user = User(
|
||||
email=data.email,
|
||||
hashed_password=get_password_hash(data.password),
|
||||
full_name=data.full_name,
|
||||
organization=data.organization,
|
||||
role="user", # Default role
|
||||
is_active=False, # Inactive until email verified
|
||||
role="superadmin" if is_first_user else "user",
|
||||
is_active=is_first_user, # First user active immediately; others verify email
|
||||
)
|
||||
|
||||
db.add(user)
|
||||
db.commit()
|
||||
db.refresh(user)
|
||||
|
||||
# First user is already active — no verification email needed.
|
||||
if is_first_user:
|
||||
return {
|
||||
"message": "Admin account created. You can log in now.",
|
||||
"email": user.email,
|
||||
}
|
||||
|
||||
# Generate verification token (JWT, expires in 24h)
|
||||
verification_token = jwt.encode(
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user