fix: static admin password

Author: FerTV

app/deployer.py

@@ -105,6 +105,7 @@ def check_all_credentials(self):
         self.check_credential("SECRET_KEY", is_password=False)
         self.check_credential("GF_SECURITY_ADMIN_PASSWORD")
         self.check_credential("POSTGRES_PASSWORD")
+        self.check_credential("NEBULA_ADMIN_PASSWORD")
 
 
 class NebulaEventHandler(PatternMatchingEventHandler):
@@ -1119,7 +1120,8 @@ def run_controller(self):
             "DB_HOST": self.get_container_name("nebula-database"),
             "DB_PORT": 5432,
             "DB_USER": "nebula",
-            "DB_PASSWORD": "nebula",
+            "DB_PASSWORD": os.environ.get("POSTGRES_PASSWORD"),
+            "NEBULA_ADMIN_PASSWORD": os.environ.get("NEBULA_ADMIN_PASSWORD")
         }
 
         volumes = ["/nebula", "/var/run/docker.sock"]

nebula/controller/controller.py

@@ -19,6 +19,7 @@
 from nebula.controller.database import (
     init_db_pool,
     close_db_pool,
+    insert_default_admin,
     scenario_set_all_status_to_finished,
     scenario_set_status_to_finished,
 )
@@ -120,6 +121,7 @@ async def lifespan(app: FastAPI):
 
     # Initialize the database connection pool
     await init_db_pool()
+    await insert_default_admin()
 
     yield
 

nebula/controller/database.py

@@ -53,6 +53,27 @@ async def close_db_pool():
 
 # --- User Management Functions ---
 
+async def insert_default_admin():
+    """
+    Inserts a default 'ADMIN' user into the database with a hashed password.
+    The password must be provided via the ADMIN_PASSWORD environment variable.
+    """
+    admin_password = os.environ.get("NEBULA_ADMIN_PASSWORD")
+
+    hashed_password = pwd_context.hash(admin_password)
+
+    query = """
+    INSERT INTO users ("user", password, role)
+    VALUES ($1, $2, $3)
+    ON CONFLICT ("user") DO NOTHING;
+    """
+    try:
+        async with POOL.acquire() as conn:
+            await conn.execute(query, "ADMIN", hashed_password, "admin")
+            logging.info("Default admin user inserted (or already exists).")
+    except Exception as e:
+        logging.error(f"Failed to insert default admin user: {e}", exc_info=True)
+
 async def list_users(all_info=False):
     """
     Retrieves a list of users from the users database.

nebula/database/init-configs.sql

@@ -61,9 +61,3 @@ CREATE TABLE IF NOT EXISTS notes (
     scenario TEXT PRIMARY KEY,
     scenario_notes TEXT
 );
-
--- 6) Insert the default 'admin' user with a hashed password
---    The hash must be generated by a Python script using passlib.
---    Replace the placeholder with your generated hash.
-INSERT INTO users ("user", password, role) VALUES ('ADMIN', '$argon2id$v=19$m=65536,t=3,p=4$OobPh8BkZeT6D5s+Rt11mQ$JjI2M3U5+4lupdr87/GrIn46ImzoQujNEyVd7IGYiXY', 'admin')
-ON CONFLICT ("user") DO NOTHING;