feat: support seeding default superuser via application.properties (#565)

* feat: support default superuser

* seed only necessary props
add enable flag

* remove obsolete pulsar-manager.account

* import

* fix build - imports

* disable superuser seed flag by default

* queue pr checks

* adjust check

Author: maranmaran

src/README.md

@@ -8,15 +8,13 @@ Pulsar manager backend is a supplement and improvement to Pulsar broker.
 
 ### Supported configurations of backend
 
-| Name | Default |Description
-| ------- | ------- | ------- |
-| `server.port` | 7750 | Port of backend service |
-| `pulsar-manager.account` | pulsar | Login account |
-| `pulsar-manager.password` | pulsar | Login password |
-| `redirect.host` | localhost | IP address of front-end service |
-| `redirect.port` | 9527 | Port of front-end service |
-| `insert.stats.interval` | 30000ms | Time interval for collecting statistical information |
-| `clear.stats.interval` | 300000ms | Time interval for cleaning statistics |
+| Name                    | Default   | Description                                          |
+| ----------------------- | --------- | ---------------------------------------------------- |
+| `server.port`           | 7750      | Port of backend service                              |
+| `redirect.host`         | localhost | IP address of front-end service                      |
+| `redirect.port`         | 9527      | Port of front-end service                            |
+| `insert.stats.interval` | 30000ms   | Time interval for collecting statistical information |
+| `clear.stats.interval`  | 300000ms  | Time interval for cleaning statistics                |
 
 ### How to set parameters when starting back-end services
 

src/main/java/org/apache/pulsar/manager/PulsarApplicationListener.java

@@ -13,19 +13,28 @@
  */
 package org.apache.pulsar.manager;
 
-import com.github.pagehelper.Page;
-import lombok.extern.slf4j.Slf4j;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang.StringUtils;
 import org.apache.pulsar.client.admin.PulsarAdminException;
 import org.apache.pulsar.manager.entity.EnvironmentEntity;
 import org.apache.pulsar.manager.entity.EnvironmentsRepository;
+import org.apache.pulsar.manager.entity.UserInfoEntity;
+import org.apache.pulsar.manager.entity.UsersRepository;
 import org.apache.pulsar.manager.service.PulsarAdminService;
+import org.apache.pulsar.manager.service.UsersService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.ApplicationListener;
 import org.springframework.context.event.ContextRefreshedEvent;
 import org.springframework.stereotype.Component;
 
-import java.util.Optional;
+import com.github.pagehelper.Page;
+
+import lombok.extern.slf4j.Slf4j;
+
 
 /**
  * PulsarApplicationListener do something after the spring framework initialization is complete.
@@ -38,6 +47,10 @@ public class PulsarApplicationListener implements ApplicationListener<ContextRef
 
     private final PulsarAdminService pulsarAdminService;
 
+    private final UsersRepository usersRepository;
+
+    private final UsersService usersService;
+
     @Value("${default.environment.name}")
     private String defaultEnvironmentName;
 
@@ -47,20 +60,79 @@ public class PulsarApplicationListener implements ApplicationListener<ContextRef
     @Value("${default.environment.bookie_url}")
     private String defaultEnvironmentBookieUrl;
 
+    @Value("${default.superuser.enable}")
+    private Boolean defaultSuperuserEnable = false;
+
+    @Value("${default.superuser.name}")
+    private String defaultSuperuserName;
+
+    @Value("${default.superuser.email}")
+    private String defaultSuperuserEmail;
+
+    @Value("${default.superuser.password}")
+    private String defaultSuperuserPassword;
+
     @Autowired
-    public PulsarApplicationListener(EnvironmentsRepository environmentsRepository, PulsarAdminService pulsarAdminService) {
+    public PulsarApplicationListener(
+        EnvironmentsRepository environmentsRepository, 
+        PulsarAdminService pulsarAdminService,
+        UsersRepository usersRepository,
+        UsersService usersService
+    ) {
         this.environmentsRepository = environmentsRepository;
         this.pulsarAdminService = pulsarAdminService;
+        this.usersRepository = usersRepository;
+        this.usersService = usersService;
     }
 
     @Override
     public void onApplicationEvent(ContextRefreshedEvent event) {
         log.info("Start onApplicationEvent");
-        Page<EnvironmentEntity> environmentEntities = environmentsRepository
-                .getEnvironmentsList(1, 1);
+        
+        seedDefaultSuperuser();
+        seedDefaultEnvironment();
+    }
+
+    private void seedDefaultSuperuser() {
+        if(defaultSuperuserEnable == false) {
+            log.debug("Superuser seed disabled");
+            return;
+        }
+        
+        UserInfoEntity userInfoEntity = new UserInfoEntity();
+        userInfoEntity.setName(defaultSuperuserName);
+        userInfoEntity.setEmail(defaultSuperuserEmail);
+        userInfoEntity.setPassword(defaultSuperuserPassword);
+
+        Map<String, String> userValidateResult = usersService.validateUserInfo(userInfoEntity);
+        if (userValidateResult.get("error") != null) {
+            log.error("Superuser seed failed.", userValidateResult.get("error"));
+            System.exit(-1);
+        }
+        if (StringUtils.isBlank(userInfoEntity.getPassword())) {
+            log.error("Superuser seed failed. Password is required.");
+            System.exit(-1);
+        }
+        
+        Optional<UserInfoEntity> optionalUserEntity =  usersRepository.findByUserName(userInfoEntity.getName());
+        if (optionalUserEntity.isPresent()) {
+            log.warn("Superuser already exists.");
+            return;
+        }
+
+        userInfoEntity.setPassword(DigestUtils.sha256Hex(userInfoEntity.getPassword()));
+        usersRepository.save(userInfoEntity);
+
+         log.info("Successfully added a default superuser: name = {}, email = {}, password = {}.",
+                        defaultSuperuserName, defaultSuperuserEmail, defaultSuperuserPassword);
+    }
+
+    private void seedDefaultEnvironment() {
+        Page<EnvironmentEntity> environmentEntities = environmentsRepository.getEnvironmentsList(1, 1);
+        
         if (environmentEntities.getResult().size() <= 0) {
-            Optional<EnvironmentEntity> environmentEntityOptional = environmentsRepository
-                    .findByName(defaultEnvironmentName);
+            Optional<EnvironmentEntity> environmentEntityOptional = environmentsRepository.findByName(defaultEnvironmentName);
+            
             if (defaultEnvironmentName != null
                     && defaultEnvironmentServiceUrl != null
                     && defaultEnvironmentName.length() > 0
@@ -89,6 +161,7 @@ public void onApplicationEvent(ContextRefreshedEvent event) {
                 log.warn("The default environment already exists.");
             }
         }
+
         log.debug("Environments already exist.");
     }
 }

src/main/java/org/apache/pulsar/manager/controller/LoginController.java

@@ -65,12 +65,6 @@ public LoginController(JwtService jwtService) {
     @Autowired
     private CasdoorAuthService casdoorAuthService;
 
-    @Value("${pulsar-manager.account}")
-    private String account;
-
-    @Value("${pulsar-manager.password}")
-    private String password;
-
     @ApiOperation(value = "Login pulsar manager")
     @ApiResponses({@ApiResponse(code = 200, message = "ok"), @ApiResponse(code = 500, message = "Internal server error")})
     @RequestMapping(value = "/login", method = RequestMethod.POST)

src/main/java/org/apache/pulsar/manager/controller/UsersController.java

@@ -54,12 +54,6 @@
 @Api(description = "Functions under this class are available to super user.")
 public class UsersController {
 
-    @Value("${user.management.enable}")
-    private boolean userManagementEnable;
-
-    @Value("${pulsar-manager.account}")
-    private String account;
-
     private final UsersRepository usersRepository;
 
     private final UsersService usersService;

src/main/resources/application.properties

@@ -84,11 +84,6 @@ backend.broker.pulsarAdmin.tlsEnableHostnameVerification=false
 
 jwt.secret=dab1c8ba-b01b-11e9-b384-186590e06885
 jwt.sessionTime=2592000
-# If user.management.enable is true, the following account and password will no longer be valid.
-pulsar-manager.account=pulsar
-pulsar-manager.password=pulsar
-# If true, the database is used for user management
-user.management.enable=true
 
 # Optional -> SECRET, PRIVATE, default -> PRIVATE, empty -> disable auth
 # SECRET mode -> bin/pulsar tokens create --secret-key file:///path/to/my-secret.key --subject test-user
@@ -132,6 +127,13 @@ spring.thymeleaf.mode=HTML5
 default.environment.name=
 default.environment.service_url=
 default.environment.bookie_url=
+
+# default superuser configuration
+default.superuser.enable=
+default.superuser.name=
+default.superuser.password=
+default.superuser.email=
+
 # enable tls encryption
 # keytool -import -alias test-keystore -keystore ca-certs -file certs/ca.cert.pem
 tls.enabled=false