no, I meant when it comes to security.. stck code..

are we using resen
2025-12-26 02:22:08 +00:00
parent a36df80cd4
commit dd3cb8ffcf
5 changed files with 964 additions and 5064 deletions
@@ -1,9 +1,10 @@

 import Database from 'better-sqlite3';
+import bcrypt from 'bcrypt';

 const db = new Database('local.db');

-function seed() {
+async function seed() {
  console.log('Seeding database with settings and email templates...');

  // Create settings table if it doesn't exist
@@ -98,15 +99,32 @@ function seed() {
    console.log('Default email template updated.');
  }

+  // Hash password for default user
+  const userStmt = db.prepare('SELECT id, password FROM users WHERE email = ?');
+  const defaultUser = userStmt.get('admin@example.com') as { id: string, password?: string };
+
+  if (defaultUser && (!defaultUser.password || !defaultUser.password.startsWith('$2b$'))) {
+    console.log('Default user has plain text password. Hashing now...');
+    const hashedPassword = await bcrypt.hash('password', 10);
+    const updateUser = db.prepare('UPDATE users SET password = ? WHERE id = ?');
+    updateUser.run(hashedPassword, defaultUser.id);
+    console.log('Default user password has been hashed.');
+  }
+
+
  console.log('Seeding complete.');
 }

-try {
-  seed();
-} catch (e) {
-  console.error('Seeding failed:');
-  console.error(e);
-  process.exit(1);
-} finally {
-  db.close();
+async function runSeed() {
+  try {
+    await seed();
+  } catch (e) {
+    console.error('Seeding failed:');
+    console.error(e);
+    process.exit(1);
+  } finally {
+    db.close();
+  }
 }
+
+runSeed();