pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-02-13 00:16:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add setup token security for initial server setup

Browse Source 
- Add setupTokens database table with proper schema
- Implement setup token generation on first server startup
- Add token validation endpoint and modify admin creation
- Update initial setup page to require setup token
- Add migration scripts for both SQLite and PostgreSQL
- Add internationalization support for setup token fields
- Implement proper error handling and logging
- Add CLI command for resetting user security keys

This prevents unauthorized access during initial server setup by requiring
a token that is generated and displayed in the server console.
This commit is contained in:
Adrian Astles
2025-08-03 21:17:18 +08:00
parent 84268e484d
commit 69baa6785f
15 changed files with 322 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/setup/index.ts
View File

@@ -1,9 +1,11 @@
import { ensureActions } from "./ensureActions";
import { copyInConfig } from "./copyInConfig";
import { clearStaleData } from "./clearStaleData";
import { ensureSetupToken } from "./ensureSetupToken";
export async function runSetupFunctions() {
await copyInConfig(); // copy in the config to the db as needed
await ensureActions(); // make sure all of the actions are in the db and the roles
await clearStaleData();
await ensureSetupToken(); // ensure setup token exists for initial setup
}