避免部署账号异常

src/db.ts

@@ -21,6 +21,8 @@ import { id } from "./util";
 export async function ensureAdminUser(env: Env): Promise<void> {
   const existing = await env.DB.prepare("SELECT id FROM users WHERE username = ?").bind(env.ADMIN_USERNAME).first<{ id: string }>();
   if (existing) return;
+  const adminPassword = env.ADMIN_PASSWORD;
+  if (!adminPassword?.trim()) throw new Error("ADMIN_PASSWORD secret is required before creating the admin user");
 
   const keyPair = await crypto.subtle.generateKey(
     { name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" },
@@ -34,7 +36,7 @@ export async function ensureAdminUser(env: Env): Promise<void> {
   await env.DB.prepare(
     "INSERT OR IGNORE INTO users (id, username, display_name, note, password_hash, private_key_jwk, public_key_jwk, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"
   )
-    .bind(id(), env.ADMIN_USERNAME, env.ADMIN_USERNAME, "", await hashPassword(env.ADMIN_PASSWORD), JSON.stringify(privateKey), JSON.stringify(publicKey), now)
+    .bind(id(), env.ADMIN_USERNAME, env.ADMIN_USERNAME, "", await hashPassword(adminPassword), JSON.stringify(privateKey), JSON.stringify(publicKey), now)
     .run();
 }
 

wrangler.jsonc

@@ -9,6 +9,9 @@
     "ADMIN_USERNAME": "sun"
     //"ADMIN_PASSWORD": "change-me-before-deploy"
   },
+  "secrets": {
+    "required": ["ADMIN_PASSWORD"]
+  },
   "d1_databases": [
     {
       "binding": "DB",