feat(auth): seed default admin user on database init

Generate a random 16-character password and create an admin user (admin@sparc.local) during first database initialization. Credentials are printed to stdout so they can be captured from container logs. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-03-14 13:49:44 -04:00
parent fc99173028
commit 258b349e98
1 changed files with 33 additions and 0 deletions
@@ -8,6 +8,8 @@ Usage:
    python scripts/init_database.py
 """

+import secrets
+import string
 import sys
 import os

@@ -17,6 +19,14 @@ sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
 from SPARC import config
 from SPARC.database import DatabaseClient

+DEFAULT_ADMIN_EMAIL = "admin@sparc.local"
+
+
+def generate_password(length: int = 16) -> str:
+    """Generate a secure random password."""
+    alphabet = string.ascii_letters + string.digits
+    return "".join(secrets.choice(alphabet) for _ in range(length))
+

 def main():
    """Initialize the database schema."""
@@ -29,9 +39,32 @@ def main():
        print("Database schema initialized successfully!")
        print("\nTables created:")
        print("  - llm_messages: Stores all LLM prompts and responses")
+        print("  - users: Stores user accounts")
        print("\nIndexes created:")
        print("  - idx_messages_timestamp: For time-based queries")
        print("  - idx_messages_company: For company-specific queries")
+        print("  - idx_users_email: For user lookups")
+
+        # Create default admin user if not exists
+        existing_admin = db_client.get_user_by_email(DEFAULT_ADMIN_EMAIL)
+        if existing_admin:
+            print(f"\nDefault admin user already exists: {DEFAULT_ADMIN_EMAIL}")
+        else:
+            password = generate_password()
+            admin_user = db_client.create_user(
+                email=DEFAULT_ADMIN_EMAIL,
+                password=password,
+                role="admin",
+            )
+            if admin_user:
+                print("\n" + "=" * 50)
+                print("DEFAULT ADMIN CREDENTIALS")
+                print("=" * 50)
+                print(f"Email:    {DEFAULT_ADMIN_EMAIL}")
+                print(f"Password: {password}")
+                print("=" * 50)
+                print("Please save these credentials securely!")
+                print("=" * 50)

    except Exception as e:
        print(f"Error initializing database: {e}")