automatic API access for default admin (#357)

internal/app/app.go

@@ -127,7 +127,7 @@ func (a *App) createDefaultUser(ctx context.Context) error {
 	}
 
 	now := time.Now()
-	admin, err := a.CreateUser(ctx, &domain.User{
+	defaultAdmin := &domain.User{
 		BaseModel: domain.BaseModel{
 			CreatedBy: domain.CtxSystemAdminId,
 			UpdatedBy: domain.CtxSystemAdminId,
@@ -150,7 +150,16 @@ func (a *App) createDefaultUser(ctx context.Context) error {
 		Locked:          nil,
 		LockedReason:    "",
 		LinkedPeerCount: 0,
-	})
+	}
+	if a.Config.Core.AdminApiToken != "" {
+		if len(a.Config.Core.AdminApiToken) < 18 {
+			logrus.Warnf("[SECURITY WARNING] admin API token is too short, should be at least 18 characters long")
+		}
+		defaultAdmin.ApiToken = a.Config.Core.AdminApiToken
+		defaultAdmin.ApiTokenCreated = &now
+	}
+
+	admin, err := a.CreateUser(ctx, defaultAdmin)
 	if err != nil {
 		return err
 	}

internal/config/config.go

@@ -16,6 +16,7 @@ type Config struct {
 		// AdminUser defines the default administrator account that will be created
 		AdminUser     string `yaml:"admin_user"`
 		AdminPassword string `yaml:"admin_password"`
+		AdminApiToken string `yaml:"admin_api_token"` // if set, the API access is enabled automatically
 
 		EditableKeys                bool `yaml:"editable_keys"`
 		CreateDefaultPeer           bool `yaml:"create_default_peer"`
@@ -94,6 +95,7 @@ func defaultConfig() *Config {
 
 	cfg.Core.AdminUser = "admin@wgportal.local"
 	cfg.Core.AdminPassword = "wgportal"
+	cfg.Core.AdminApiToken = "" // by default, the API access is disabled
 	cfg.Core.ImportExisting = true
 	cfg.Core.RestoreState = true
 	cfg.Core.CreateDefaultPeer = false