add shares av system

2026-01-04 14:11:38 +07:00
parent 70d25e13b8
commit 0c8a9efecc
49 changed files with 405 additions and 1 deletions
--- a/docs/on-progress/ADMIN-CREDENTIALS.md
+++ b/docs/on-progress/ADMIN-CREDENTIALS.md
@@ -0,0 +1,118 @@
+# Default Admin Credentials
+
+## 🔐 Default Admin User
+
+**Username**: `admin`  
+**Password**: `admin123`  
+**Email**: `admin@calypso.local`
+
+---
+
+## ⚠️ Important Notes
+
+### Password Hashing
+
+After implementing security hardening (Phase D), the backend now uses **Argon2id** password hashing. This means:
+
+1. **If the admin user was created BEFORE security hardening**:
+   - The password in the database might still be plaintext
+   - You need to update it with an Argon2id hash
+   - Use: `./scripts/update-admin-password.sh`
+
+2. **If the admin user was created AFTER security hardening**:
+   - The password should already be hashed
+   - Login should work with `admin123`
+
+### Check Password Status
+
+To check if the password is properly hashed:
+
+```bash
+sudo -u postgres psql calypso -c "SELECT username, CASE WHEN password_hash LIKE '\$argon2id%' THEN 'Argon2id (secure)' ELSE 'Plaintext (needs update)' END as password_type FROM users WHERE username = 'admin';"
+```
+
+If it shows "Plaintext (needs update)", run:
+
+```bash
+./scripts/update-admin-password.sh
+```
+
+---
+
+## 🚀 Quick Setup
+
+### Create Admin User (if not exists)
+
+```bash
+./scripts/setup-test-user.sh
+```
+
+This script will:
+- Create the admin user with username: `admin`
+- Set password to: `admin123`
+- Assign admin role
+- **Note**: If created before security hardening, password will be plaintext
+
+### Update Password to Argon2id (if needed)
+
+If the password is still plaintext, update it:
+
+```bash
+./scripts/update-admin-password.sh
+```
+
+This will:
+- Generate an Argon2id hash for `admin123`
+- Update the database
+- Allow login with the new secure hash
+
+---
+
+## 🧪 Testing Login
+
+### Via Frontend
+
+1. Open `http://localhost:3000`
+2. Enter credentials:
+   - Username: `admin`
+   - Password: `admin123`
+3. Click "Sign in"
+
+### Via API
+
+```bash
+curl -X POST http://localhost:8080/api/v1/auth/login \
+  -H "Content-Type: application/json" \
+  -d '{"username":"admin","password":"admin123"}'
+```
+
+---
+
+## 🔒 Security Note
+
+**For Production**:
+- Change the default password immediately
+- Use a strong password
+- Consider implementing password policies
+- Enable additional security features
+
+**For Testing/Development**:
+- The default `admin123` password is acceptable
+- Ensure it's properly hashed with Argon2id
+
+---
+
+## 📝 Summary
+
+**Default Credentials**:
+- Username: `admin`
+- Password: `admin123`
+- **Status**: ✅ Password is now properly hashed with Argon2id
+
+**To Use**:
+1. Ensure admin user exists: `./scripts/setup-test-user.sh`
+2. If password is plaintext, update it: `go run ./backend/cmd/hash-password/main.go "admin123"` then update database
+3. Login with the credentials above
+
+**Current Status**: ✅ Admin user exists and password is securely hashed
+