From b61d84ec4f30ac33513b2cf3f1db45b2a34b7621 Mon Sep 17 00:00:00 2001 From: Victor LEFEBVRE Date: Mon, 8 Sep 2025 10:39:10 +0200 Subject: [PATCH] allow disabling local admin user (#515) --- internal/app/app.go | 8 ++++++-- internal/config/config.go | 8 +++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/internal/app/app.go b/internal/app/app.go index e33cfc0..eda1b54 100644 --- a/internal/app/app.go +++ b/internal/app/app.go @@ -52,8 +52,12 @@ func Initialize( // Switch to admin user context startupContext = domain.SetUserInfo(startupContext, domain.SystemAdminContextUserInfo()) - if err := a.createDefaultUser(startupContext); err != nil { - return fmt.Errorf("failed to create default user: %w", err) + if !cfg.Core.AdminUserDisabled { + if err := a.createDefaultUser(startupContext); err != nil { + return fmt.Errorf("failed to create default user: %w", err) + } + } else { + slog.Info("Local Admin user disabled!") } if err := a.importNewInterfaces(startupContext); err != nil { diff --git a/internal/config/config.go b/internal/config/config.go index 0574133..4203099 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -14,9 +14,10 @@ import ( type Config struct { Core struct { // AdminUser defines the default administrator account that will be created - AdminUser string `yaml:"admin_user"` - AdminPassword string `yaml:"admin_password"` - AdminApiToken string `yaml:"admin_api_token"` // if set, the API access is enabled automatically + AdminUserDisabled bool `yaml:"disable_admin_user"` + AdminUser string `yaml:"admin_user"` + AdminPassword string `yaml:"admin_password"` + AdminApiToken string `yaml:"admin_api_token"` // if set, the API access is enabled automatically EditableKeys bool `yaml:"editable_keys"` CreateDefaultPeer bool `yaml:"create_default_peer"` @@ -113,6 +114,7 @@ func (c *Config) LogStartupValues() { func defaultConfig() *Config { cfg := &Config{} + cfg.Core.AdminUserDisabled = false cfg.Core.AdminUser = "admin@wgportal.local" cfg.Core.AdminPassword = "wgportal-default" cfg.Core.AdminApiToken = "" // by default, the API access is disabled