#!/bin/sh # VidReview Init Script # - FRESH: runs DB migrations, creates admin + locks registration + saves credentials # - UPDATE: skips, leaves DB and data intact DB_HOST="${DB_HOST:-vidreview-db}" DB_NAME="${DB_NAME:-vidreview}" DB_USER="${DB_USER:-vidreview}" OUTPUT_DIR="${OUTPUT_DIR:-/seed-output}" ADMIN_EMAIL="${ADMIN_EMAIL:-admin@vidreview.local}" ADMIN_NAME="${ADMIN_NAME:-Admin}" API_CONTAINER="${API_CONTAINER:-vidreview-api}" run_psql() { docker exec "$DB_HOST" psql -U "$DB_USER" -d "$DB_NAME" "$@" 2>&1 } run_node() { docker exec "$API_CONTAINER" node "$@" 2>&1 } run_api() { docker exec "$API_CONTAINER" "$@" 2>&1 } mkdir -p "$OUTPUT_DIR" echo "============================================================" echo " VidReview Init Script" echo "============================================================" echo "" echo " Checking database state..." # Run Prisma migrations first (creates tables on fresh DB) echo " Running DB migrations..." # db push creates/updates tables without needing a migrations directory run_api npx prisma db push --accept-data-loss MIGRATE_EXIT=$? if [ "$MIGRATE_EXIT" -ne 0 ]; then echo " ERROR: db push failed (exit $MIGRATE_EXIT). Output above." exit 1 fi echo " DB schema synced." # Check if admin already exists ADMIN_COUNT_RAW=$(run_psql -t -c "SELECT COUNT(*) FROM \"User\" WHERE \"globalRole\"='ADMIN';" 2>&1) ADMIN_COUNT=$(echo "$ADMIN_COUNT_RAW" | tr -d '[:space:]' | grep -E '^[0-9]+$' || echo "") if [ -z "$ADMIN_COUNT" ]; then echo " ERROR: Could not read DB count." echo " Output was: $ADMIN_COUNT_RAW" exit 1 fi echo " Admin users in DB: $ADMIN_COUNT" if [ "$ADMIN_COUNT" -gt 0 ]; then echo "" echo " UPDATE DEPLOY: skipping admin creation." echo " DB already has an admin account." echo "" exit 0 fi # FRESH DEPLOY echo "" echo " FRESH DEPLOY: setting up initial account" RANDOM_PASS="vid-$(date +%s)-$(head -c 10 /dev/urandom | tr -dc 'a-z0-9')" echo " Password generated." PASS_HASH=$(run_node -e "require('bcryptjs').hash('$RANDOM_PASS',10).then(h=>process.stdout.write(h)).catch(e=>{console.error(e);process.exit(1)})") if [ -z "$PASS_HASH" ]; then echo " ERROR: Could not generate bcrypt hash." exit 1 fi echo " Hash generated." echo " Locking user registration..." run_psql -c "INSERT INTO \"SiteSetting\" (id,name,value) VALUES (gen_random_uuid()::text, E'registration_enabled', E'false') ON CONFLICT (name) DO UPDATE SET value=E'false';" echo " Creating admin account..." run_psql -c "INSERT INTO \"User\" (id,email,name,password,\"globalRole\",active,\"storageQuota\",\"storageUsed\",\"createdAt\",\"updatedAt\") VALUES (gen_random_uuid()::text, E'$ADMIN_EMAIL', E'$ADMIN_NAME', E'$PASS_HASH', E'ADMIN', true, 524288000, 0, NOW(), NOW());" CREDENTIALS_FILE="$OUTPUT_DIR/admin-credentials.txt" TIMESTAMP=$(date -u '+%Y-%m-%d %H:%M:%S UTC') cat > "$CREDENTIALS_FILE" << 'HEREDOC' VidReview Admin Account - FRESH DEPLOY Generated: TIMESTAMP_PLACEHOLDER ======================================================== Email: EMAIL_PLACEHOLDER Password: PASS_PLACEHOLDER Role: ADMIN (full system access) Save this file securely. This is the only time the password is shown. ======================================================== HEREDOC sed -i "s/TIMESTAMP_PLACEHOLDER/$TIMESTAMP/" "$CREDENTIALS_FILE" sed -i "s/EMAIL_PLACEHOLDER/$ADMIN_EMAIL/" "$CREDENTIALS_FILE" sed -i "s/PASS_PLACEHOLDER/$RANDOM_PASS/" "$CREDENTIALS_FILE" echo "" echo "============================================================" echo " Admin account created" echo "============================================================" echo "" echo " Email: $ADMIN_EMAIL" echo " Password: $RANDOM_PASS" echo "" echo " Credentials saved to: $CREDENTIALS_FILE" echo ""