chore: assign four super-admin emails to portal operators
Some checks failed
CI/CD Pipeline / Solidity Contracts (push) Failing after 1m16s
CI/CD Pipeline / Security Scanning (push) Successful in 2m23s
CI/CD Pipeline / Lint and Format (push) Failing after 48s
CI/CD Pipeline / Terraform Validation (push) Failing after 26s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 26s
Deploy ChainID 138 / Deploy ChainID 138 (push) Failing after 38s
HYBX OMNL TypeScript & anchor / token-aggregation build + reconcile artifact (push) Failing after 29s
Validation / validate-genesis (push) Successful in 30s
Validation / validate-terraform (push) Failing after 28s
Validation / validate-kubernetes (push) Failing after 11s
Validation / validate-smart-contracts (push) Failing after 11s
Validation / validate-security (push) Failing after 1m21s
Validation / validate-documentation (push) Failing after 19s
Verify Deployment / Verify Deployment (push) Failing after 56s
Some checks failed
CI/CD Pipeline / Solidity Contracts (push) Failing after 1m16s
CI/CD Pipeline / Security Scanning (push) Successful in 2m23s
CI/CD Pipeline / Lint and Format (push) Failing after 48s
CI/CD Pipeline / Terraform Validation (push) Failing after 26s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 26s
Deploy ChainID 138 / Deploy ChainID 138 (push) Failing after 38s
HYBX OMNL TypeScript & anchor / token-aggregation build + reconcile artifact (push) Failing after 29s
Validation / validate-genesis (push) Successful in 30s
Validation / validate-terraform (push) Failing after 28s
Validation / validate-kubernetes (push) Failing after 11s
Validation / validate-smart-contracts (push) Failing after 11s
Validation / validate-security (push) Failing after 1m21s
Validation / validate-documentation (push) Failing after 19s
Verify Deployment / Verify Deployment (push) Failing after 56s
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
91
scripts/deployment/seed-omnl-super-admin-users.mjs
Normal file
91
scripts/deployment/seed-omnl-super-admin-users.mjs
Normal file
@@ -0,0 +1,91 @@
|
||||
#!/usr/bin/env node
|
||||
/**
|
||||
* Seed four super_admin control-panel users from config/omnl-super-admins.v1.json.
|
||||
* Requires DATABASE_URL and bcrypt (token-aggregation service deps).
|
||||
*
|
||||
* Usage:
|
||||
* node scripts/deployment/seed-omnl-super-admin-users.mjs
|
||||
* node scripts/deployment/seed-omnl-super-admin-users.mjs --dry-run
|
||||
*
|
||||
* Passwords: generated per user unless OMNL_SUPER_ADMIN_<ID>_PASSWORD env is set.
|
||||
* Output: one-time credentials printed to stdout (never logged to git).
|
||||
*/
|
||||
import fs from 'fs';
|
||||
import path from 'path';
|
||||
import { fileURLToPath } from 'url';
|
||||
import crypto from 'crypto';
|
||||
import { createRequire } from 'module';
|
||||
|
||||
const __dirname = path.dirname(fileURLToPath(import.meta.url));
|
||||
const repoRoot = path.resolve(__dirname, '../..');
|
||||
const taDir = path.join(repoRoot, 'services/token-aggregation');
|
||||
const require = createRequire(path.join(taDir, 'package.json'));
|
||||
const bcrypt = require('bcrypt');
|
||||
const pg = require('pg');
|
||||
const configPath = path.join(repoRoot, 'config/omnl-super-admins.v1.json');
|
||||
const dryRun = process.argv.includes('--dry-run');
|
||||
|
||||
const cfg = JSON.parse(fs.readFileSync(configPath, 'utf8'));
|
||||
const databaseUrl = process.env.DATABASE_URL;
|
||||
|
||||
function passwordFor(admin) {
|
||||
const envKey = `OMNL_SUPER_ADMIN_${admin.id.replace(/-/g, '_').toUpperCase()}_PASSWORD`;
|
||||
const fromEnv = process.env[envKey]?.trim();
|
||||
if (fromEnv) return fromEnv;
|
||||
return crypto.randomBytes(18).toString('base64url');
|
||||
}
|
||||
|
||||
async function hashPassword(plain) {
|
||||
return bcrypt.hash(plain, 12);
|
||||
}
|
||||
|
||||
const rows = [];
|
||||
for (const admin of cfg.superAdmins) {
|
||||
const password = passwordFor(admin);
|
||||
rows.push({ admin, password, hash: dryRun ? '(dry-run)' : await hashPassword(password) });
|
||||
}
|
||||
|
||||
if (dryRun) {
|
||||
console.log(JSON.stringify(rows.map(({ admin, password }) => ({
|
||||
id: admin.id,
|
||||
username: admin.username,
|
||||
email: admin.email,
|
||||
portalCtid: admin.portalCtid,
|
||||
passwordWouldGenerate: !process.env[`OMNL_SUPER_ADMIN_${admin.id.replace(/-/g, '_').toUpperCase()}_PASSWORD`],
|
||||
})), null, 2));
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
if (!databaseUrl) {
|
||||
console.error('Set DATABASE_URL (PostgreSQL) to seed control-panel super_admin users.');
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
const client = new pg.Client({ connectionString: databaseUrl });
|
||||
await client.connect();
|
||||
|
||||
for (const { admin, password, hash } of rows) {
|
||||
await client.query(
|
||||
`INSERT INTO admin_users (username, email, password_hash, role, is_active)
|
||||
VALUES ($1, $2, $3, 'super_admin', true)
|
||||
ON CONFLICT (username) DO UPDATE SET
|
||||
email = EXCLUDED.email,
|
||||
password_hash = EXCLUDED.password_hash,
|
||||
role = 'super_admin',
|
||||
is_active = true,
|
||||
updated_at = NOW()`,
|
||||
[admin.username, admin.email, hash],
|
||||
);
|
||||
}
|
||||
|
||||
await client.end();
|
||||
|
||||
console.log('=== OMNL super_admin accounts (one-time — distribute securely) ===');
|
||||
for (const { admin, password } of rows) {
|
||||
console.log(`${admin.displayName}`);
|
||||
console.log(` Portal CT ${admin.portalCtid} · ${admin.products.join(', ')}`);
|
||||
console.log(` Username: ${admin.username}`);
|
||||
console.log(` Email: ${admin.email}`);
|
||||
console.log(` Password: ${password}`);
|
||||
console.log('');
|
||||
}
|
||||
Reference in New Issue
Block a user