6d76558bc3
Full per-user data isolation across all tables: - Migration adds userId FK to hosts, host_groups, credentials, ssh_keys, connection_logs. Backfills existing data to admin@wraith.local. - All services scope queries by userId from JWT (req.user.sub). Users can only see/modify their own data. Cross-user access returns 403. - Two roles: admin (full access + user management) and user (own data only). - Admin endpoints: list/create/edit/delete users, reset password, reset TOTP. Protected by AdminGuard. Admins cannot delete themselves or remove own role. - JWT payload now includes role. Frontend auth store exposes isAdmin getter. - Seed script fixed: checks for admin@wraith.local specifically (not any user). Uses upsert, seeds with role=admin. Migration cleans up duplicate users. - Connection logs now attributed to the connecting user via WS auth. - Deleting a user CASCADEs to all their hosts, credentials, keys, and logs. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
24 lines
565 B
TypeScript
24 lines
565 B
TypeScript
import { PrismaClient } from '@prisma/client';
|
|
import * as bcrypt from 'bcrypt';
|
|
|
|
const prisma = new PrismaClient();
|
|
|
|
async function main() {
|
|
const hash = await bcrypt.hash('wraith', 10);
|
|
await prisma.user.upsert({
|
|
where: { email: 'admin@wraith.local' },
|
|
update: {},
|
|
create: {
|
|
email: 'admin@wraith.local',
|
|
passwordHash: hash,
|
|
displayName: 'Admin',
|
|
role: 'admin',
|
|
},
|
|
});
|
|
console.log('Seed complete: admin@wraith.local / wraith (role: admin)');
|
|
}
|
|
|
|
main()
|
|
.catch(console.error)
|
|
.finally(() => prisma.$disconnect());
|