From e22823cbbd06fe67d3ec1760d7f327cb5d6ee1e7 Mon Sep 17 00:00:00 2001
From: RGalyaviev <ruslan@ipcom.su>
Date: Thu, 4 Sep 2025 11:54:50 +0300
Subject: [PATCH] feat(auth): seed/update default admin (ruslan/1234) on
 startup

---
 main.py | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/main.py b/main.py
index f6c52df..d9e40bb 100644
--- a/main.py
+++ b/main.py
@@ -16,6 +16,44 @@ app.secret_key = 'sk_f098a9f7206d40f89bc2a0dd1d2d9182'  # нужен для се
 app.jinja_env.filters['from_json'] = json.loads
 initialize_db()
 
+# Ensure default admin exists (for dev/tests). Controlled via env, with defaults.
+import os
+
+def ensure_default_admin():
+    username = os.environ.get('ADMIN_USERNAME', 'ruslan')
+    password = os.environ.get('ADMIN_PASSWORD', '1234')
+    email = os.environ.get('ADMIN_EMAIL', 'ruslan@example.com')
+
+    user = User.get_or_none(User.username == username)
+    if user:
+        changed = False
+        if not user.is_admin:
+            user.is_admin = True
+            changed = True
+        # If password differs, reset to provided one
+        try:
+            # check_password_hash is available from werkzeug
+            if not check_password_hash(user.password_hash, password):
+                user.password_hash = generate_password_hash(password)
+                changed = True
+        except Exception:
+            user.password_hash = generate_password_hash(password)
+            changed = True
+        if changed:
+            user.save()
+    else:
+        User.create(
+            username=username,
+            email=email,
+            full_name='Администратор',
+            password_hash=generate_password_hash(password),
+            is_admin=True
+        )
+
+# Seed admin on startup unless explicitly disabled
+if os.environ.get('SEED_ADMIN_DISABLED') != '1':
+    ensure_default_admin()
+
 login_manager = LoginManager()
 login_manager.init_app(app)
 login_manager.login_view = 'login'