From 47f93a9eb79de35f0158b7afcb081ae5115fd38a Mon Sep 17 00:00:00 2001 From: Pew-X Date: Mon, 21 Apr 2025 00:02:22 +0530 Subject: [PATCH] Improve default user creation logic at startup --- server/main.go | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/server/main.go b/server/main.go index 34bfc72be..8f6316a30 100644 --- a/server/main.go +++ b/server/main.go @@ -66,12 +66,36 @@ func Start() { printBanner() printConfiguration() - // TODO: Handle the addition of the default user - // and new users in a much better way. Doing this using - // and empty password check is not a good solution. - if config.Config.Password != "" { - user, _ := auth.UserStore.Add(config.Config.Username) - _ = user.SetPassword(config.Config.Password) + user, err := auth.UserStore.Add(config.Config.Username) + if err != nil { + + //log errors like for example : if modified to prevent duplicates later + + slog.Error("Failed to add default user to user store", + slog.String("username", config.Config.Username), + slog.Any("error", err)) + + // Consider exiting if the default user cannot be created: + // os.Exit(1) + } else { + // set the password only if one is provided. + if config.Config.Password != "" { + if err := user.SetPassword(config.Config.Password); err != nil { + // Log an error if password hashing/setting fails. + slog.Error("Failed to set password for default user", + slog.String("username", config.Config.Username), + slog.Any("error", err)) + // Consider exiting if password setting is critical and fails: + // os.Exit(1) + } + } else { + // log a warning if starting without a password for the default user. + // clear security implication clear. + slog.Warn("Starting server without a password configured for the default user.", + slog.String("username", config.Config.Username), + slog.String("security_implication", "Authentication may not be required for this user."), + slog.String("recommendation", "Consider setting a password using the --password flag or config file.")) + } } ctx, cancel := context.WithCancel(context.Background())