Check account protection status on startup

2024-04-12 22:04:20 +03:00 · 2024-04-12 22:04:20 +03:00 · 7183416d1f
parent 0662b5b4ae
commit 7183416d1f
2 changed files with 26 additions and 0 deletions
--- a/server.js
+++ b/server.js
@ -532,6 +532,11 @@ const setupTasks = async function () {
    // TODO: do endpoint init functions depend on certain directories existing or not existing? They should be callable
    // in any order for encapsulation reasons, but right now it's unknown if that would break anything.
    await userModule.initUserStorage(dataRoot);
+
+    if (listen && !basicAuthMode && enableAccounts) {
+        await userModule.checkAccountsProtection();
+    }
+
    await settingsEndpoint.init();
    const directories = await userModule.ensurePublicDirectoriesExist();
    await userModule.migrateUserData();
--- a/src/users.js
+++ b/src/users.js
@ -630,6 +630,26 @@ async function createBackupArchive(handle, response) {
    archive.finalize();
 }

+async function checkAccountsProtection() {
+    if (!ENABLE_ACCOUNTS) {
+        return;
+    }
+
+    /**
+     * @type {User[]}
+     */
+    const users = await storage.values();
+    const unprotectedUsers = users.filter(x => x.enabled && x.admin && !x.password);
+    if (unprotectedUsers.length > 0) {
+        console.warn(color.red('The following admin users are not password protected:'));
+        unprotectedUsers.forEach(x => console.warn(color.yellow(x.handle)));
+        console.log();
+        console.warn('Please disable them or set a password in the admin panel.');
+        console.log();
+        await delay(3000);
+    }
+}
+
 /**
 * Express router for serving files from the user's directories.
 */
@ -662,5 +682,6 @@ module.exports = {
    shouldRedirectToLogin,
    createBackupArchive,
    tryAutoLogin,
+    checkAccountsProtection,
    router,
 };