LeoVasanko/passkey-auth
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Bootstrap code cleanup.

Browse Source
This commit is contained in:
Leo Vasanko 2025-08-06 14:39:44 -06:00
parent dcca3e3fbd
commit f050dfb3f2
4 changed files with 161 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

254
passkey/bootstrap.py
View File

@ -6,143 +6,138 @@ including creating default admin user, organization, permissions, and
generating a reset link for initial admin setup. generating a reset link for initial admin setup.
""" """
import logging
from datetime import datetime from datetime import datetime
import uuid7 import uuid7
from .authsession import expires from . import authsession, globals
from .db import Org, Permission, User from .db import Org, Permission, User
from .globals import db
from .util import passphrase, tokens from .util import passphrase, tokens
logger = logging.getLogger(__name__)
class BootstrapManager: # Shared log message template for admin reset links
"""Manages system bootstrapping operations.""" ADMIN_RESET_MESSAGE = """%s
def __init__(self): 👤 Admin %s
self.admin_uuid = uuid7.create() - Use this link to register a Passkey for the admin user!
self.org_uuid = uuid7.create() """
async def create_default_organization(self) -> Org:
"""Create the default organization."""
org = Org(
id=str(self.org_uuid), # Use UUID string as required by database
options={
"display_name": "Organization",
"description": "Default organization for passkey authentication system",
"created_at": datetime.now().isoformat(),
},
)
await db.instance.create_organization(org)
return org
async def create_admin_permission(self) -> Permission: async def _create_and_log_admin_reset_link(user_uuid, message, session_type) -> str:
"""Create the admin permission.""" """Create an admin reset link and log it with the provided message."""
permission = Permission( token = passphrase.generate()
id="auth/admin", display_name="Authentication Administration" await globals.db.instance.create_session(
) user_uuid=user_uuid,
await db.instance.create_permission(permission) key=tokens.reset_key(token),
return permission expires=authsession.expires(),
info={"type": session_type},
)
reset_link = f"{globals.passkey.instance.origin}/auth/{token}"
logger.info(ADMIN_RESET_MESSAGE, message, reset_link)
return reset_link
async def create_default_admin_user(self) -> User:
"""Create the default admin user."""
user = User(
uuid=self.admin_uuid,
display_name="Admin",
org_uuid=self.org_uuid,
role="Admin",
created_at=datetime.now(),
visits=0,
)
await db.instance.create_user(user)
return user
async def assign_permissions_to_organization( async def bootstrap_system() -> dict:
self, org_id: str, permission_id: str """
) -> None: Bootstrap the entire system with default data.
"""Assign permission to organization."""
await db.instance.add_permission_to_organization(org_id, permission_id)
async def generate_admin_reset_link(self) -> str: Returns:
"""Generate a reset link for the admin user to register their first passkey.""" dict: Contains information about created entities and reset link
# Generate a human-readable passphrase token """
token = passphrase.generate() # e.g., "cross.rotate.yin.note.evoke" admin_uuid = uuid7.create()
org_uuid = uuid7.create()
# Create a reset session for the admin user # Create organization
await db.instance.create_session( org = Org(
user_uuid=self.admin_uuid, id=str(org_uuid),
key=tokens.reset_key(token), options={
expires=expires(), "display_name": "Organization",
info={ "created_at": datetime.now().isoformat(),
"type": "bootstrap_reset", },
"description": "Initial admin setup", )
"created_at": datetime.now().isoformat(), await globals.db.instance.create_organization(org)
},
# Create permission
permission = Permission(id="auth/admin", display_name="Admin")
await globals.db.instance.create_permission(permission)
# Create admin user
user = User(
uuid=admin_uuid,
display_name="Admin",
org_uuid=org_uuid,
role="Admin",
created_at=datetime.now(),
visits=0,
)
await globals.db.instance.create_user(user)
# Link user to organization and assign permissions
await globals.db.instance.add_user_to_organization(
user_uuid=admin_uuid, org_id=org.id, role="Admin"
)
await globals.db.instance.add_permission_to_organization(org.id, permission.id)
# Generate reset link and log it
reset_link = await _create_and_log_admin_reset_link(
admin_uuid, "✅ Bootstrap completed!", "admin bootstrap"
)
result = {
"admin_user": {
"uuid": str(user.uuid),
"display_name": user.display_name,
"role": user.role,
},
"organization": {
"id": org.id,
"display_name": org.options.get("display_name"),
},
"permission": {
"id": permission.id,
"display_name": permission.display_name,
},
"reset_link": reset_link,
}
return result
async def check_admin_credentials() -> bool:
"""
Check if the admin user needs credentials and create a reset link if needed.
Returns:
bool: True if a reset link was created, False if admin already has credentials
"""
try:
# Find admin users
admin_users = await globals.db.instance.find_users_by_role("Admin")
if not admin_users:
return False
# Check first admin user for credentials
admin_user = admin_users[0]
credentials = await globals.db.instance.get_credentials_by_user_uuid(
admin_user.uuid
) )
return token if not credentials:
# Admin exists but has no credentials, create reset link
await _create_and_log_admin_reset_link(
admin_user.uuid,
"⚠️ Admin user has no credentials!",
"admin registration",
)
return True
async def bootstrap_system(self) -> dict: return False
"""
Bootstrap the entire system with default data.
Returns: except Exception:
dict: Contains information about created entities and reset link return False
"""
print("🚀 Bootstrapping passkey authentication system...")
# Create default organization
print("📂 Creating default organization...")
org = await self.create_default_organization()
# Create admin permission
print("🔐 Creating admin permission...")
permission = await self.create_admin_permission()
# Create admin user
print("👤 Creating admin user...")
user = await self.create_default_admin_user()
# Assign admin to organization
print("🏢 Assigning admin to organization...")
await db.instance.add_user_to_organization(
user_uuid=self.admin_uuid, org_id=org.id, role="Admin"
)
# Assign permission to organization
print("⚡ Assigning permissions to organization...")
await self.assign_permissions_to_organization(org.id, permission.id)
# Generate reset link for admin
print("🔗 Generating admin setup link...")
reset_token = await self.generate_admin_reset_link()
result = {
"admin_user": {
"uuid": str(user.uuid),
"display_name": user.display_name,
"role": user.role,
},
"organization": {
"id": org.id,
"display_name": org.options.get("display_name"),
},
"permission": {
"id": permission.id,
"display_name": permission.display_name,
},
"reset_token": reset_token,
}
print("\n✅ Bootstrap completed successfully!")
print(f"\n🔑 Admin Reset Token: {reset_token}")
print("\n📋 Use this token to set up the admin user's first passkey.")
print(" The token will be valid for 24 hours.")
print(f"\n👤 Admin User UUID: {user.uuid}")
print(f"🏢 Organization: {org.options.get('display_name')} (ID: {org.id})")
print(f"🔐 Permission: {permission.display_name} (ID: {permission.id})")
return result
async def bootstrap_if_needed() -> bool: async def bootstrap_if_needed() -> bool:
@ -153,25 +148,15 @@ async def bootstrap_if_needed() -> bool:
bool: True if bootstrapping was performed, False if system was already set up bool: True if bootstrapping was performed, False if system was already set up
""" """
try: try:
# Try to get any organization to see if system is already bootstrapped # Check if any users exist
# We'll use a more robust check by looking for existing users if await globals.db.instance.has_any_users():
from sqlalchemy import select await check_admin_credentials()
return False
from .db.sql import DB, UserModel
async with DB().session() as session:
stmt = select(UserModel).limit(1)
result = await session.execute(stmt)
user = result.scalar_one_or_none()
if user:
print(" System already bootstrapped (found existing users).")
return False
except Exception: except Exception:
pass pass
# No users found, need to bootstrap # No users found, need to bootstrap
manager = BootstrapManager() await bootstrap_system()
await manager.bootstrap_system()
return True return True
@ -182,8 +167,7 @@ async def force_bootstrap() -> dict:
Returns: Returns:
dict: Bootstrap result information dict: Bootstrap result information
""" """
manager = BootstrapManager() return await bootstrap_system()
return await manager.bootstrap_system()
# CLI interface # CLI interface

9
passkey/db/__init__.py
View File

@ -231,6 +231,15 @@ class DatabaseInterface(ABC):
) -> None: ) -> None:
"""Create a new user and their first credential in a transaction.""" """Create a new user and their first credential in a transaction."""
# Bootstrap helpers
@abstractmethod
async def has_any_users(self) -> bool:
"""Check if any users exist in the system."""
@abstractmethod
async def find_users_by_role(self, role: str) -> list[User]:
"""Find all users with a specific role."""
__all__ = [ __all__ = [
"User", "User",

33
passkey/db/sql.py
View File

@ -643,3 +643,36 @@ class DB(DatabaseInterface):
current_time = datetime.now() current_time = datetime.now()
stmt = delete(SessionModel).where(SessionModel.expires < current_time) stmt = delete(SessionModel).where(SessionModel.expires < current_time)
await session.execute(stmt) await session.execute(stmt)
# Bootstrap helpers
async def has_any_users(self) -> bool:
"""Check if any users exist in the system."""
async with self.session() as session:
stmt = select(UserModel).limit(1)
result = await session.execute(stmt)
user = result.scalar_one_or_none()
return user is not None
async def find_users_by_role(self, role: str) -> list[User]:
"""Find all users with a specific role."""
async with self.session() as session:
stmt = select(UserModel).where(UserModel.role == role)
result = await session.execute(stmt)
user_models = result.scalars().all()
users = []
for user_model in user_models:
user = User(
uuid=UUID(bytes=user_model.uuid),
display_name=user_model.display_name,
org_uuid=UUID(bytes=user_model.org_uuid)
if user_model.org_uuid
else None,
role=user_model.role,
created_at=user_model.created_at,
last_seen=user_model.last_seen,
visits=user_model.visits,
)
users.append(user)
return users

36
scripts/bootstrap.py
View File

@ -1,36 +0,0 @@
#!/usr/bin/env python3
"""
Bootstrap CLI script for passkey authentication system.
This script initializes a new passkey authentication system with:
- Default admin user
- Default organization
- Admin permissions
- Reset token for initial setup
"""
import asyncio
import sys
async def main():
"""Main CLI entry point."""
from passkey.bootstrap import main as bootstrap_main
from passkey.db.sql import init
print("Initializing passkey authentication database...")
await init()
print("\nRunning bootstrap process...")
await bootstrap_main()
if __name__ == "__main__":
try:
asyncio.run(main())
except KeyboardInterrupt:
print("\n❌ Bootstrap interrupted by user")
sys.exit(1)
except Exception as e:
print(f"\n❌ Bootstrap failed: {e}")
sys.exit(1)