Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b38acaf

Browse files
harsh-pandheharsh-pandhe
committed
security: remove seed-admin script and update package.json; add rotate-accounts script for secure credential rotation
1 parent 752a5ef commit b38acaf

10 files changed

Lines changed: 120 additions & 454 deletions

File tree

β€Ž.gitignoreβ€Ž

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,3 +75,7 @@ secrets.json
7575
*.sql
7676
*.sqlite
7777
*.db
78+
79+
# Password change logs (never commit!)
80+
password-change-log.txt
81+
new-credentials.txt

β€ŽCONTRIBUTING.mdβ€Ž

Lines changed: 0 additions & 189 deletions
This file was deleted.

β€ŽLICENSEβ€Ž

Lines changed: 0 additions & 21 deletions
This file was deleted.

β€ŽREADME.mdβ€Ž

-34.3 KB
Binary file not shown.

β€Žiic-bot-backend/package-lock.jsonβ€Ž

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

β€Žiic-bot-backend/package.jsonβ€Ž

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
"start": "node server.js",
88
"dev": "nodemon server.js",
99
"ingest": "node ingest.js",
10-
"seed": "node scripts/seed-admin.js",
10+
"rotate-accounts": "node scripts/rotate-accounts.js",
1111
"test": "echo \"No tests specified\" && exit 0"
1212
},
1313
"keywords": [

β€Žiic-bot-backend/scripts/rotate-accounts.jsβ€Ž

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,113 @@
1+
require('dotenv').config();
2+
const mongoose = require('mongoose');
3+
const bcrypt = require('bcryptjs');
4+
const crypto = require('crypto');
5+
6+
// Connect to MongoDB
7+
mongoose.connect(process.env.MONGODB_URI, {
8+
useNewUrlParser: true,
9+
useUnifiedTopology: true
10+
});
11+
12+
const userSchema = new mongoose.Schema({
13+
username: { type: String, required: true, unique: true },
14+
password: { type: String, required: true },
15+
email: { type: String, required: true },
16+
role: { type: String, enum: ['user', 'admin'], default: 'user' },
17+
permissions: {
18+
canChat: { type: Boolean, default: true },
19+
canViewAnalytics: { type: Boolean, default: false },
20+
canAccessLearnedDocs: { type: Boolean, default: false }
21+
},
22+
createdAt: { type: Date, default: Date.now }
23+
});
24+
25+
const User = mongoose.model('User', userSchema);
26+
27+
// Generate secure random password
28+
function generateSecurePassword(length = 24) {
29+
const charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*';
30+
const password = crypto.randomBytes(length)
31+
.toString('base64')
32+
.slice(0, length)
33+
.split('')
34+
.map((char, i) => charset[crypto.randomBytes(1)[0] % charset.length])
35+
.join('');
36+
return password;
37+
}
38+
39+
async function rotateAccounts() {
40+
try {
41+
console.log('πŸ”„ Starting account rotation...\n');
42+
43+
// Delete all existing users
44+
const deleteResult = await User.deleteMany({});
45+
console.log(`βœ… Deleted ${deleteResult.deletedCount} existing accounts\n`);
46+
47+
// Generate new secure passwords
48+
const adminPassword = generateSecurePassword(24);
49+
const userPassword = generateSecurePassword(24);
50+
51+
// Hash passwords
52+
const adminHashedPassword = await bcrypt.hash(adminPassword, 10);
53+
const userHashedPassword = await bcrypt.hash(userPassword, 10);
54+
55+
// Create new admin account
56+
const newAdmin = await User.create({
57+
username: 'admin',
58+
password: adminHashedPassword,
59+
email: '[email protected]',
60+
role: 'admin',
61+
permissions: {
62+
canChat: true,
63+
canViewAnalytics: true,
64+
canAccessLearnedDocs: true
65+
}
66+
});
67+
68+
// Create new demo user account
69+
const newUser = await User.create({
70+
username: 'user',
71+
password: userHashedPassword,
72+
email: '[email protected]',
73+
role: 'user',
74+
permissions: {
75+
canChat: true,
76+
canViewAnalytics: false,
77+
canAccessLearnedDocs: false
78+
}
79+
});
80+
81+
console.log('βœ… New accounts created successfully!\n');
82+
console.log('═══════════════════════════════════════════════════════');
83+
console.log('πŸ” NEW CREDENTIALS - SAVE THESE SECURELY!');
84+
console.log('═══════════════════════════════════════════════════════\n');
85+
console.log('ADMIN ACCOUNT:');
86+
console.log(` Username: admin`);
87+
console.log(` Password: ${adminPassword}`);
88+
console.log(` Email: [email protected]`);
89+
console.log(` Role: admin\n`);
90+
console.log('USER ACCOUNT:');
91+
console.log(` Username: user`);
92+
console.log(` Password: ${userPassword}`);
93+
console.log(` Email: [email protected]`);
94+
console.log(` Role: user\n`);
95+
console.log('═══════════════════════════════════════════════════════');
96+
console.log('⚠️ IMPORTANT: Save these credentials immediately!');
97+
console.log('⚠️ They will not be displayed again.');
98+
console.log('═══════════════════════════════════════════════════════\n');
99+
100+
// Close connection
101+
await mongoose.connection.close();
102+
console.log('βœ… Database connection closed');
103+
process.exit(0);
104+
105+
} catch (error) {
106+
console.error('❌ Error rotating accounts:', error);
107+
await mongoose.connection.close();
108+
process.exit(1);
109+
}
110+
}
111+
112+
// Run the rotation
113+
rotateAccounts();

0 commit comments

Comments
Β (0)