Fix: Make INITIAL_ADMIN_USERNAME and INITIAL_ADMIN_PASSWORD required env vars with validation

2026-03-30 17:47:49 +00:00
parent 957f9bee2a
commit 2884ba2e55
3 changed files with 50 additions and 25 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -1,8 +1,11 @@
+import logging
 import os
 from pathlib import Path

 from pydantic_settings import BaseSettings, SettingsConfigDict

+logger = logging.getLogger(__name__)
+

 def _resolve_db_url(url: str) -> str:
    """Convert relative sqlite path to absolute path for Docker or local dev."""
@@ -28,8 +31,8 @@ class Settings(BaseSettings):
    HOST: str = "0.0.0.0"
    PORT: int = 8000
    LOG_LEVEL: str = "INFO"
-    INITIAL_ADMIN_USERNAME: str = "admin"  # Auto-created admin user
-    INITIAL_ADMIN_PASSWORD: str = "admin123"
+    INITIAL_ADMIN_USERNAME: str  # Required: admin user to auto-create
+    INITIAL_ADMIN_PASSWORD: str  # Required: password for auto-created admin

    @property
    def resolved_database_url(self) -> str:
@@ -43,5 +46,17 @@ class Settings(BaseSettings):
 settings = Settings()

 # Validate required secrets at startup
+_missing = []
 if not settings.JWT_SECRET_KEY or settings.JWT_SECRET_KEY == "change-me-super-secret-key-min32chars!!":
-    raise ValueError("JWT_SECRET_KEY must be set in environment variables")
+    _missing.append("JWT_SECRET_KEY")
+if not settings.INITIAL_ADMIN_USERNAME:
+    _missing.append("INITIAL_ADMIN_USERNAME")
+if not settings.INITIAL_ADMIN_PASSWORD:
+    _missing.append("INITIAL_ADMIN_PASSWORD")
+
+if _missing:
+    raise ValueError(f"Required environment variables not set: {', '.join(_missing)}")
+
+# Log initial admin credentials (password masked)
+logger.info(f"Initial admin username: {settings.INITIAL_ADMIN_USERNAME}")
+logger.info(f"Initial admin password: {'*' * len(settings.INITIAL_ADMIN_PASSWORD)}")