feat(security): harden for production deployment
- auth: first registered user becomes superadmin (active immediately) - entrypoint: no longer seeds demo data in prod (opt-in via RUN_SEED=1) - config: refuse to boot in prod with weak/placeholder SECRET_KEY (<32 chars) - main: restrict CORS to FRONTEND_URL only in prod (localhost dev-only) - seed_db: block prod seeding, read passwords from env, stop printing them - login: remove demo account credentials from UI Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -1,4 +1,7 @@
|
||||
"""Seed database with initial data for multi-property system."""
|
||||
import os
|
||||
|
||||
from app.core.config import settings
|
||||
from app.core.security import get_password_hash
|
||||
from app.db.session import Base, SessionLocal, engine
|
||||
from app.models.organization import Organization
|
||||
@@ -13,6 +16,20 @@ from app.models.user import User
|
||||
|
||||
def seed_database() -> None:
|
||||
"""Create initial data for testing multi-property system."""
|
||||
# Safety guard: refuse to plant demo accounts in production unless the
|
||||
# operator explicitly opts in AND supplies non-default passwords via env.
|
||||
if not settings.debug and os.getenv("ALLOW_PROD_SEED") != "1":
|
||||
raise SystemExit(
|
||||
"Refusing to seed in production (DEBUG=false). "
|
||||
"Demo accounts use weak, public passwords. "
|
||||
"Set ALLOW_PROD_SEED=1 and override ADMIN_PASSWORD/MANAGER_PASSWORD/USER_PASSWORD "
|
||||
"if you really mean to."
|
||||
)
|
||||
|
||||
admin_password = os.getenv("ADMIN_PASSWORD", "adminpassword")
|
||||
manager_password = os.getenv("MANAGER_PASSWORD", "managerpassword")
|
||||
user_password = os.getenv("USER_PASSWORD", "userpassword")
|
||||
|
||||
# Create tables
|
||||
Base.metadata.create_all(bind=engine)
|
||||
|
||||
@@ -28,7 +45,7 @@ def seed_database() -> None:
|
||||
superadmin = User(
|
||||
email="admin@example.com",
|
||||
full_name="Super Admin",
|
||||
hashed_password=get_password_hash("adminpassword"),
|
||||
hashed_password=get_password_hash(admin_password),
|
||||
role="superadmin",
|
||||
organization="Management",
|
||||
is_active=True,
|
||||
@@ -39,7 +56,7 @@ def seed_database() -> None:
|
||||
manager = User(
|
||||
email="manager@example.com",
|
||||
full_name="Property Manager",
|
||||
hashed_password=get_password_hash("managerpassword"),
|
||||
hashed_password=get_password_hash(manager_password),
|
||||
role="manager",
|
||||
organization="Management",
|
||||
is_active=True,
|
||||
@@ -50,7 +67,7 @@ def seed_database() -> None:
|
||||
user = User(
|
||||
email="user@example.com",
|
||||
full_name="Regular User",
|
||||
hashed_password=get_password_hash("userpassword"),
|
||||
hashed_password=get_password_hash(user_password),
|
||||
role="user",
|
||||
organization="Engineering",
|
||||
is_active=True,
|
||||
@@ -160,9 +177,9 @@ def seed_database() -> None:
|
||||
|
||||
db.commit()
|
||||
print("Database seeded successfully!")
|
||||
print("Superadmin: admin@example.com / adminpassword")
|
||||
print("Manager: manager@example.com / managerpassword")
|
||||
print("User: user@example.com / userpassword")
|
||||
print("Superadmin: admin@example.com (password from ADMIN_PASSWORD env)")
|
||||
print("Manager: manager@example.com (password from MANAGER_PASSWORD env)")
|
||||
print("User: user@example.com (password from USER_PASSWORD env)")
|
||||
print(f"Properties: '{prop1.name}' (public), '{prop2.name}' (private)")
|
||||
print(f"Organizations: '{org1.name}', '{org2.name}'")
|
||||
except Exception as e:
|
||||
|
||||
Reference in New Issue
Block a user