rede5/gohorsejobs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
gohorsejobs/backend/migrations/010_seed_super_admin.sql
Tiago Yamamoto fcf960381c fix(auth): corrige hash seed e documenta alinhamento do PASSWORD_PEPPER 
- Atualiza hash hardcoded em 010_seed_super_admin.sql para hash válido
  gerado com pepper=gohorse-pepper (o antigo hash estava inválido e causava
  AUTH_INVALID_CREDENTIALS em qualquer reset do banco)
- Corrige valor de PASSWORD_PEPPER e CORS_ORIGINS no DEVOPS.md para
  refletir os valores reais do Coolify DEV
- Adiciona seção de troubleshooting no DEVOPS.md com diagnóstico e fix
  passo-a-passo para mismatch de pepper
- Adiciona seção "Known Gotchas" no AGENTS.md documentando:
  * Regra do PASSWORD_PEPPER (deve ser gohorse-pepper em todos ambientes)
  * Campo de login é email no DTO, não identifier
  * Hashes bcrypt em SQL devem usar arquivo -f, nunca -c ($ é expandido)
  * Credenciais de teste do ambiente DEV

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 11:43:35 -06:00

49 lines
1.7 KiB
SQL
Raw Blame History

-- Migration: Create Super Admin and System Company
-- Description: Inserts the default System Company and Super Admin user.
-- Uses unified tables (companies, users, user_roles)
--
-- ⚠️ PEPPER CRITICAL: This hash was generated with PASSWORD_PEPPER=gohorse-pepper
-- The backend (Coolify env var PASSWORD_PEPPER) MUST be set to: gohorse-pepper
-- If the pepper does not match, ALL logins will fail with "invalid credentials".
--
-- Credentials: identifier=superadmin / password=Admin@2025!
-- Hash: bcrypt("Admin@2025!" + "gohorse-pepper", cost=10)
-- Generated with bcryptjs 2.4.x / golang.org/x/crypto/bcrypt — both compatible.
-- 1. Insert System Company (for SuperAdmin context)
INSERT INTO companies (name, slug, type, document, email, description, verified, active)
VALUES (
'GoHorse System',
'gohorse-system',
'system',
'00.000.000/0001-91',
'admin@gohorsejobs.com',
'{"tagline": "System Administration Tenant"}',
true,
true
) ON CONFLICT (slug) DO NOTHING;
-- 2. Insert Super Admin User
INSERT INTO users (identifier, password_hash, role, full_name, email, status, active)
VALUES (
'superadmin',
'$2b$10$4759wJhnXnBpcwSnVZm9Eu.wTqGYVCHkxAU5a2NxhsFHU42nV3tzW',
'superadmin',
'Super Administrator',
'admin@gohorsejobs.com',
'ACTIVE',
true
) ON CONFLICT (identifier) DO UPDATE SET
password_hash = EXCLUDED.password_hash,
status = 'ACTIVE';
-- 3. Assign superadmin role (if user_roles table exists)
DO $$
BEGIN
IF EXISTS (SELECT FROM pg_tables WHERE tablename = 'user_roles') THEN
INSERT INTO user_roles (user_id, role)
SELECT id, 'superadmin' FROM users WHERE identifier = 'superadmin'
ON CONFLICT (user_id, role) DO NOTHING;
END IF;
END $$;
Reference in a new issue View git blame Copy permalink