-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
// SPDX-FileCopyrightText: 2025 Shota FUJI <pockawoooh@gmail.com>
// SPDX-License-Identifier: AGPL-3.0-only
package core
import (
"crypto/rand"
"database/sql"
"log/slog"
"pocka.jp/x/yamori/backend/core/event"
"pocka.jp/x/yamori/backend/core/projection"
workspaceEvent "pocka.jp/x/yamori/backend/events/workspace"
"pocka.jp/x/yamori/backend/migrations"
eventsV1 "pocka.jp/x/yamori/proto/go/backend/events/v1"
)
type Core struct {
DB *sql.DB
Logger *slog.Logger
}
func New(db *sql.DB, logger *slog.Logger) (*Core, error) {
err := migrations.Run(db, logger, []migrations.Migration{
migrations.Migration001{},
})
if err != nil {
return nil, err
}
return &Core{
DB: db,
Logger: logger,
}, nil
}
func (core *Core) Init(adminCreationPassword string, overwriteJwtSecret bool) error {
if err := core.generateAdminCreationPassword(adminCreationPassword); err != nil {
return err
}
if err := core.setupLoginJwtSecret(overwriteJwtSecret); err != nil {
return err
}
return nil
}
func (core *Core) generateAdminCreationPassword(givenPassword string) error {
tx, err := core.DB.Begin()
if err != nil {
return err
}
defer tx.Rollback()
pw, err := projection.GetAdminCreationPassword(tx)
if err != nil {
return err
}
workspace, err := projection.GetWorkspace(tx)
if err != nil {
return err
}
if err := event.UpdateProjections(tx, pw, workspace); err != nil {
return err
}
if pw.Projection.Password != nil {
return nil
}
if workspace.Projection.NumberOfAdmins != nil && *workspace.Projection.NumberOfAdmins > 0 {
return nil
}
core.Logger.Debug("Configuring admin creation password...")
password := givenPassword
isPasswordAutogenerated := false
if password == "" {
password = rand.Text()
isPasswordAutogenerated = true
}
err = event.AppendEvents(tx, []*eventsV1.Event{
workspaceEvent.GenerateAdminCreationPassword(password),
})
if err != nil {
return err
}
if err := tx.Commit(); err != nil {
return err
}
if isPasswordAutogenerated {
core.Logger.Info(
"Generated admin creation password. Use this for initial admin user creation.",
"admin_creation_password",
password,
)
} else {
core.Logger.Info("Configured admin creation password. Use that for initial admin user creation.")
}
return nil
}
func (core *Core) setupLoginJwtSecret(overwrite bool) error {
tx, err := core.DB.Begin()
if err != nil {
return err
}
defer tx.Rollback()
p, err := projection.GetLoginJwtSecret(tx)
if err != nil {
return err
}
if p.HasSnapshot() {
if overwrite {
core.Logger.Warn(
"Overwriting existing JWT secret. Tokens generated before won't be available anymore.",
)
} else {
core.Logger.Debug("Found JWT secret, skipping newly generating.")
return nil
}
}
err = event.AppendEvents(tx, []*eventsV1.Event{
workspaceEvent.ConfigureRandomLoginJwtSecret(),
})
if err != nil {
return err
}
if err := tx.Commit(); err != nil {
return err
}
core.Logger.Info(
"Generated a new secret for signing JWT.",
)
return nil
}