github/deer-flow
1
0
Fork 0
mirror of https://github.com/bytedance/deer-flow.git synced 2026-04-25 11:18:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
deer-flow/backend/app/gateway/auth/reset_admin.py
greatmengqi 70323e052a refactor(config): migrate gateway routers and channels to Depends(get_config) 
Phase 2 Task P2-2 (Category G): replace AppConfig.current() with the
typed Depends(get_config) FastAPI dependency in every gateway router.

- routers/models.py: list_models / get_model take config via Depends
- routers/mcp.py: get_mcp_configuration / update_mcp_configuration via Depends;
  reload path now swaps app.state.config alongside AppConfig.init() so both
  the new primitive and legacy current() callers see the fresh config
- routers/memory.py: get_memory_config_endpoint / get_memory_status via Depends
- routers/skills.py: update_skill via Depends; reload swaps app.state.config
- deps.py: get_run_context and langgraph_runtime read from app.state.config
  instead of calling AppConfig.current()
- auth/reset_admin.py: CLI constructs AppConfig.from_file() explicitly at the
  top (it is a standalone entry point, not a request handler)
- channels/service.py: from_app_config accepts optional AppConfig parameter;
  legacy fallback to AppConfig.current() preserved until P2-10

Test fix: test_update_skill_refreshes_prompt_cache_before_return now sets
app.state.config on the test FastAPI instance so Depends(get_config) resolves.

All 2379+ tests pass (one pre-existing flaky test_client_e2e unrelated).
2026-04-16 22:34:27 +08:00

93 lines
2.9 KiB
Python
Raw Blame History

"""CLI tool to reset an admin password.
Usage:
python -m app.gateway.auth.reset_admin
python -m app.gateway.auth.reset_admin --email admin@example.com
Writes the new password to ``.deer-flow/admin_initial_credentials.txt``
(mode 0600) instead of printing it, so CI / log aggregators never see
the cleartext secret.
"""
from __future__ import annotations
import argparse
import asyncio
import secrets
import sys
from sqlalchemy import select
from app.gateway.auth.credential_file import write_initial_credentials
from app.gateway.auth.password import hash_password
from app.gateway.auth.repositories.sqlite import SQLiteUserRepository
from deerflow.persistence.user.model import UserRow
async def _run(email: str | None) -> int:
from deerflow.config import AppConfig
from deerflow.persistence.engine import (
close_engine,
get_session_factory,
init_engine_from_config,
)
# CLI entry: load config explicitly at the top, pass down through the closure.
config = AppConfig.from_file()
await init_engine_from_config(config.database)
try:
sf = get_session_factory()
if sf is None:
print("Error: persistence engine not available (check config.database).", file=sys.stderr)
return 1
repo = SQLiteUserRepository(sf)
if email:
user = await repo.get_user_by_email(email)
else:
# Find first admin via direct SELECT — repository does not
# expose a "first admin" helper and we do not want to add
# one just for this CLI.
async with sf() as session:
stmt = select(UserRow).where(UserRow.system_role == "admin").limit(1)
row = (await session.execute(stmt)).scalar_one_or_none()
if row is None:
user = None
else:
user = await repo.get_user_by_id(row.id)
if user is None:
if email:
print(f"Error: user '{email}' not found.", file=sys.stderr)
else:
print("Error: no admin user found.", file=sys.stderr)
return 1
new_password = secrets.token_urlsafe(16)
user.password_hash = hash_password(new_password)
user.token_version += 1
user.needs_setup = True
await repo.update_user(user)
cred_path = write_initial_credentials(user.email, new_password, label="reset")
print(f"Password reset for: {user.email}")
print(f"Credentials written to: {cred_path} (mode 0600)")
print("Next login will require setup (new email + password).")
return 0
finally:
await close_engine()
def main() -> None:
parser = argparse.ArgumentParser(description="Reset admin password")
parser.add_argument("--email", help="Admin email (default: first admin found)")
args = parser.parse_args()
exit_code = asyncio.run(_run(args.email))
sys.exit(exit_code)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink