From 3fff8632fb794b4a0c66b4aafe527e59c5eac4d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B5=AA=E5=AD=90?= Date: Thu, 14 May 2026 22:57:25 +0800 Subject: [PATCH] =?UTF-8?q?=E9=81=BF=E5=85=8D=E9=83=A8=E7=BD=B2=E8=B4=A6?= =?UTF-8?q?=E5=8F=B7=E5=BC=82=E5=B8=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/db.ts | 4 +++- wrangler.jsonc | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/db.ts b/src/db.ts index a099f03..92fd9bc 100644 --- a/src/db.ts +++ b/src/db.ts @@ -21,6 +21,8 @@ import { id } from "./util"; export async function ensureAdminUser(env: Env): Promise { const existing = await env.DB.prepare("SELECT id FROM users WHERE username = ?").bind(env.ADMIN_USERNAME).first<{ id: string }>(); if (existing) return; + const adminPassword = env.ADMIN_PASSWORD; + if (!adminPassword?.trim()) throw new Error("ADMIN_PASSWORD secret is required before creating the admin user"); const keyPair = await crypto.subtle.generateKey( { name: "RSASSA-PKCS1-v1_5", modulusLength: 2048, publicExponent: new Uint8Array([1, 0, 1]), hash: "SHA-256" }, @@ -34,7 +36,7 @@ export async function ensureAdminUser(env: Env): Promise { await env.DB.prepare( "INSERT OR IGNORE INTO users (id, username, display_name, note, password_hash, private_key_jwk, public_key_jwk, created_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)" ) - .bind(id(), env.ADMIN_USERNAME, env.ADMIN_USERNAME, "", await hashPassword(env.ADMIN_PASSWORD), JSON.stringify(privateKey), JSON.stringify(publicKey), now) + .bind(id(), env.ADMIN_USERNAME, env.ADMIN_USERNAME, "", await hashPassword(adminPassword), JSON.stringify(privateKey), JSON.stringify(publicKey), now) .run(); } diff --git a/wrangler.jsonc b/wrangler.jsonc index b4ab932..dbe7428 100644 --- a/wrangler.jsonc +++ b/wrangler.jsonc @@ -9,6 +9,9 @@ "ADMIN_USERNAME": "sun" //"ADMIN_PASSWORD": "change-me-before-deploy" }, + "secrets": { + "required": ["ADMIN_PASSWORD"] + }, "d1_databases": [ { "binding": "DB",