From 356aed033888c0a61e2f5db66ef62d8581474d58 Mon Sep 17 00:00:00 2001
From: ChrisChrome <chris@chrischro.me>
Date: Sun, 31 Aug 2025 11:05:16 -0600
Subject: [PATCH] Add users table and create default admin

---
 index.js            | 19 ++++++++++++++++++-
 routes/dashboard.js |  2 +-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index bc132a8..efb5a96 100644
--- a/index.js
+++ b/index.js
@@ -77,9 +77,26 @@ app.listen(port, (err) => {
 	global.log.info(`Listening on port :${port}`);
 	global.log.debug(`DSN: ${DSN}`);
 	db.query("SELECT * FROM ACL LIMIT 1;")
-		.then(() => {
+		.then(async () => {
 			dbReady = true;
 			global.log.info("Database connection established");
+
+			// Do init stuff
+			await db.query("CREATE TABLE IF NOT EXISTS users ( id INT PRIMARY KEY AUTO_INCREMENT, username VARCHAR(255) UNIQUE, passwordHash VARCHAR(), perms TEXT, createdAt TIMESTAMP DEFAULT CURRENT_TIMESTAMP );");
+			db.query("SELECT COUNT(*) AS count FROM users;").then(async (res) => {
+				if (res[0].count === 0) {
+					const defaultUser = process.env.DEFAULT_USER || "admin";
+					const defaultPassword = process.env.DEFAULT_PASSWORD || [...Array(32)].map(() => (Math.random().toString(36)+Math.random().toString(32)).charAt(2)).join('');
+					const passwordHash = await global.hashPassword(defaultPassword);
+					db.query("INSERT INTO users (username, passwordHash, perms) VALUES (?, ?, ?);", [defaultUser, passwordHash, JSON.stringify(["*", "login", "acl", "liveMonitor", "eventLog", "auditLog", "manageUsers"])])
+						.then(() => {
+							global.log.info(`Created default admin user '${defaultUser}' with password '${defaultPassword}'`);
+						})
+						.catch(err => {
+							global.log.error(`Cannot create default user: ${err}`);
+						});
+					}
+			})
 		})
 		.catch(err => {
 			global.log.error(`Database connection failed: ${err}`);
diff --git a/routes/dashboard.js b/routes/dashboard.js
index 932a0fa..2bc8d6f 100644
--- a/routes/dashboard.js
+++ b/routes/dashboard.js
@@ -4,7 +4,7 @@ const router = express.Router();
 
 // GET /login
 router.get('/', (req, res) => {
-	if (!req.session.user) return res.redirect('/login');
+	if (!req.session.user) return res.redirect('/login?err=4');
 	return res.render("dashboard", { sessionData: req.session });
 });