[pocketbase#31] replaced the initial admin create interactive cli wit…

…h Installer web page

apis/admin.go

@@ -24,7 +24,7 @@ func BindAdminApi(app core.App, rg *echo.Group) {
 	subGroup.POST("/confirm-password-reset", api.confirmPasswordReset)
 	subGroup.POST("/refresh", api.refresh, RequireAdminAuth())
 	subGroup.GET("", api.list, RequireAdminAuth())
-	subGroup.POST("", api.create, RequireAdminAuth())
+	subGroup.POST("", api.create, RequireAdminAuthOnlyIfAny(app))
 	subGroup.GET("/:id", api.view, RequireAdminAuth())
 	subGroup.PATCH("/:id", api.update, RequireAdminAuth())
 	subGroup.DELETE("/:id", api.delete, RequireAdminAuth())

apis/admin_test.go

@@ -456,12 +456,37 @@ func TestAdminDelete(t *testing.T) {
 func TestAdminCreate(t *testing.T) {
 	scenarios := []tests.ApiScenario{
 		{
-			Name:            "unauthorized",
+			Name:            "unauthorized (while having at least 1 existing admin)",
 			Method:          http.MethodPost,
 			Url:             "/api/admins",
 			ExpectedStatus:  401,
 			ExpectedContent: []string{`"data":{}`},
 		},
+		{
+			Name:   "unauthorized (while having 0 existing admins)",
+			Method: http.MethodPost,
+			Url:    "/api/admins",
+			Body:   strings.NewReader(`{"email":"[email protected]","password":"1234567890","passwordConfirm":"1234567890","avatar":3}`),
+			BeforeFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				// delete all admins
+				_, err := app.Dao().DB().NewQuery("DELETE FROM {{_admins}}").Execute()
+				if err != nil {
+					t.Fatal(err)
+				}
+			},
+			ExpectedStatus: 200,
+			ExpectedContent: []string{
+				`"id":`,
+				`"email":"[email protected]"`,
+				`"avatar":3`,
+			},
+			ExpectedEvents: map[string]int{
+				"OnModelBeforeCreate":        1,
+				"OnModelAfterCreate":         1,
+				"OnAdminBeforeCreateRequest": 1,
+				"OnAdminAfterCreateRequest":  1,
+			},
+		},
 		{
 			Name:   "authorized as user",
 			Method: http.MethodPost,

apis/base.go

@@ -15,6 +15,7 @@ import (
 	"github.com/pocketbase/pocketbase/core"
 	"github.com/pocketbase/pocketbase/tools/rest"
 	"github.com/pocketbase/pocketbase/ui"
+	"github.com/spf13/cast"
 )
 
 // InitApi creates a configured echo instance with registered
@@ -71,13 +72,8 @@ func InitApi(app core.App) (*echo.Echo, error) {
 		}
 	}
 
-	// serves /ui/dist/index.html file
-	// (explicit route is used to avoid conflicts with `RemoveTrailingSlash` middleware)
-	e.FileFS("/_", "index.html", ui.DistIndexHTML, middleware.Gzip())
-
-	// serves static files from the /ui/dist directory
-	// (similar to echo.StaticFS but with gzip middleware enabled)
-	e.GET("/_/*", StaticDirectoryHandler(ui.DistDirFS, false), middleware.Gzip())
+	// admin ui routes
+	bindStaticAdminUI(app, e)
 
 	// default routes
 	api := e.Group("/api")
@@ -129,3 +125,78 @@ func StaticDirectoryHandler(fileSystem fs.FS, disablePathUnescaping bool) echo.H
 		return c.FileFS(name, fileSystem)
 	}
 }
+
+// bindStaticAdminUI registers the endpoints that serves the static admin UI.
+func bindStaticAdminUI(app core.App, e *echo.Echo) error {
+	// serves /ui/dist/index.html file
+	// (explicit route is used to avoid conflicts with `RemoveTrailingSlash` middleware)
+	e.FileFS(
+		"/_",
+		"index.html",
+		ui.DistIndexHTML,
+		middleware.Gzip(),
+		installerRedirect(app),
+	)
+
+	// serves static files from the /ui/dist directory
+	// (similar to echo.StaticFS but with gzip middleware enabled)
+	e.GET(
+		"/_/*",
+		StaticDirectoryHandler(ui.DistDirFS, false),
+		middleware.Gzip(),
+	)
+
+	return nil
+}
+
+const totalAdminsCacheKey = "totalAdmins"
+
+func updateTotalAdminsCache(app core.App) error {
+	total, err := app.Dao().TotalAdmins()
+	if err != nil {
+		return err
+	}
+
+	app.Cache().Set(totalAdminsCacheKey, total)
+
+	return nil
+}
+
+// installerRedirect redirects the user to the installer admin UI page
+// when the application needs some preliminary configurations to be done.
+func installerRedirect(app core.App) echo.MiddlewareFunc {
+	// keep totalAdminsCacheKey value up-to-date
+	app.OnAdminAfterCreateRequest().Add(func(data *core.AdminCreateEvent) error {
+		return updateTotalAdminsCache(app)
+	})
+	app.OnAdminAfterDeleteRequest().Add(func(data *core.AdminDeleteEvent) error {
+		return updateTotalAdminsCache(app)
+	})
+
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			// load into cache (if not already)
+			if !app.Cache().Has(totalAdminsCacheKey) {
+				if err := updateTotalAdminsCache(app); err != nil {
+					return err
+				}
+			}
+
+			totalAdmins := cast.ToInt(app.Cache().Get(totalAdminsCacheKey))
+
+			_, hasInstallerParam := c.Request().URL.Query()["installer"]
+
+			if totalAdmins == 0 && !hasInstallerParam {
+				// redirect to the installer page
+				return c.Redirect(http.StatusTemporaryRedirect, "/_/?installer#")
+			}
+
+			if totalAdmins != 0 && hasInstallerParam {
+				// redirect to the home page
+				return c.Redirect(http.StatusTemporaryRedirect, "/_/#/")
+			}
+
+			return next(c)
+		}
+	}
+}

apis/middlewares.go

@@ -77,6 +77,28 @@ func RequireAdminAuth() echo.MiddlewareFunc {
 	}
 }
 
+// RequireAdminAuthIfAny middleware requires a request to have
+// a valid admin Authorization header set (aka. `Authorization: Admin ...`)
+// ONLY if the application has at least 1 existing Admin model.
+func RequireAdminAuthOnlyIfAny(app core.App) echo.MiddlewareFunc {
+	return func(next echo.HandlerFunc) echo.HandlerFunc {
+		return func(c echo.Context) error {
+			totalAdmins, err := app.Dao().TotalAdmins()
+			if err != nil {
+				return rest.NewBadRequestError("Failed to fetch admins info.", err)
+			}
+
+			admin, _ := c.Get(ContextAdminKey).(*models.Admin)
+
+			if admin != nil || totalAdmins == 0 {
+				return next(c)
+			}
+
+			return rest.NewUnauthorizedError("The request requires admin authorization token to be set.", nil)
+		}
+	}
+}
+
 // RequireAdminOrUserAuth middleware requires a request to have
 // a valid admin or user Authorization header set
 // (aka. `Authorization: Admin ...` or `Authorization: User ...`).

apis/middlewares_test.go

@@ -291,6 +291,125 @@ func TestRequireAdminAuth(t *testing.T) {
 	}
 }
 
+func TestRequireAdminAuthOnlyIfAny(t *testing.T) {
+	scenarios := []tests.ApiScenario{
+		{
+			Name:   "guest (while having at least 1 existing admin)",
+			Method: http.MethodGet,
+			Url:    "/my/test",
+			BeforeFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				e.AddRoute(echo.Route{
+					Method: http.MethodGet,
+					Path:   "/my/test",
+					Handler: func(c echo.Context) error {
+						return c.String(200, "test123")
+					},
+					Middlewares: []echo.MiddlewareFunc{
+						apis.RequireAdminAuthOnlyIfAny(app),
+					},
+				})
+			},
+			ExpectedStatus:  401,
+			ExpectedContent: []string{`"data":{}`},
+		},
+		{
+			Name:   "guest (while having 0 existing admins)",
+			Method: http.MethodGet,
+			Url:    "/my/test",
+			BeforeFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				// delete all admins
+				_, err := app.Dao().DB().NewQuery("DELETE FROM {{_admins}}").Execute()
+				if err != nil {
+					t.Fatal(err)
+				}
+
+				e.AddRoute(echo.Route{
+					Method: http.MethodGet,
+					Path:   "/my/test",
+					Handler: func(c echo.Context) error {
+						return c.String(200, "test123")
+					},
+					Middlewares: []echo.MiddlewareFunc{
+						apis.RequireAdminAuthOnlyIfAny(app),
+					},
+				})
+			},
+			ExpectedStatus:  200,
+			ExpectedContent: []string{"test123"},
+		},
+		{
+			Name:   "expired/invalid token",
+			Method: http.MethodGet,
+			Url:    "/my/test",
+			RequestHeaders: map[string]string{
+				"Authorization": "Admin eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjJiNGE5N2NjLTNmODMtNGQwMS1hMjZiLTNkNzdiYzg0MmQzYyIsInR5cGUiOiJhZG1pbiIsImV4cCI6MTY0MTAxMzIwMH0.Gp_1b5WVhqjj2o3nJhNUlJmpdiwFLXN72LbMP-26gjA",
+			},
+			BeforeFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				e.AddRoute(echo.Route{
+					Method: http.MethodGet,
+					Path:   "/my/test",
+					Handler: func(c echo.Context) error {
+						return c.String(200, "test123")
+					},
+					Middlewares: []echo.MiddlewareFunc{
+						apis.RequireAdminAuthOnlyIfAny(app),
+					},
+				})
+			},
+			ExpectedStatus:  401,
+			ExpectedContent: []string{`"data":{}`},
+		},
+		{
+			Name:   "valid user token",
+			Method: http.MethodGet,
+			Url:    "/my/test",
+			RequestHeaders: map[string]string{
+				"Authorization": "User eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjRkMDE5N2NjLTJiNGEtM2Y4My1hMjZiLWQ3N2JjODQyM2QzYyIsInR5cGUiOiJ1c2VyIiwiZXhwIjoxODkzNDc0MDAwfQ.Wq5ac1q1f5WntIzEngXk22ydMj-eFgvfSRg7dhmPKic",
+			},
+			BeforeFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				e.AddRoute(echo.Route{
+					Method: http.MethodGet,
+					Path:   "/my/test",
+					Handler: func(c echo.Context) error {
+						return c.String(200, "test123")
+					},
+					Middlewares: []echo.MiddlewareFunc{
+						apis.RequireAdminAuthOnlyIfAny(app),
+					},
+				})
+			},
+			ExpectedStatus:  401,
+			ExpectedContent: []string{`"data":{}`},
+		},
+		{
+			Name:   "valid admin token",
+			Method: http.MethodGet,
+			Url:    "/my/test",
+			RequestHeaders: map[string]string{
+				"Authorization": "Admin eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjJiNGE5N2NjLTNmODMtNGQwMS1hMjZiLTNkNzdiYzg0MmQzYyIsInR5cGUiOiJhZG1pbiIsImV4cCI6MTg3MzQ2Mjc5Mn0.AtRtXR6FHBrCUGkj5OffhmxLbSZaQ4L_Qgw4gfoHyfo",
+			},
+			BeforeFunc: func(t *testing.T, app *tests.TestApp, e *echo.Echo) {
+				e.AddRoute(echo.Route{
+					Method: http.MethodGet,
+					Path:   "/my/test",
+					Handler: func(c echo.Context) error {
+						return c.String(200, "test123")
+					},
+					Middlewares: []echo.MiddlewareFunc{
+						apis.RequireAdminAuthOnlyIfAny(app),
+					},
+				})
+			},
+			ExpectedStatus:  200,
+			ExpectedContent: []string{"test123"},
+		},
+	}
+
+	for _, scenario := range scenarios {
+		scenario.Test(t)
+	}
+}
+
 func TestRequireAdminOrUserAuth(t *testing.T) {
 	scenarios := []tests.ApiScenario{
 		{