Skip to content

Allow to create default user with env variables#4085

Open
lvde0 wants to merge 2 commits intoumami-software:masterfrom
lvde0:default-user-env
Open

Allow to create default user with env variables#4085
lvde0 wants to merge 2 commits intoumami-software:masterfrom
lvde0:default-user-env

Conversation

@lvde0
Copy link
Copy Markdown

@lvde0 lvde0 commented Mar 12, 2026

Fixes #4083

@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 12, 2026

@lvde0 is attempting to deploy a commit to the Umami Software Team on Vercel.

A member of the Team first needs to authorize it.

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Mar 12, 2026

Greptile Summary

This PR replaces the hardcoded admin user seed (previously embedded directly in the initial Prisma migration SQL) with a dynamic approach: a new createDefaultUser() function in scripts/check-db.js that reads DEFAULT_ADMIN_USERNAME and DEFAULT_ADMIN_PASSWORD environment variables at container startup, creating an admin user only when none exists. The Dockerfile is updated to install bcryptjs and uuid as runtime script dependencies.

Key changes and concerns:

  • Breaking change for existing deployments (prisma/migrations/01_init/migration.sql): Removing the INSERT statement from an already-applied migration will cause prisma migrate deploy to fail with a checksum mismatch error on all deployments that have already run 01_init. The migration file should be left untouched; the old hardcoded row is harmless because createDefaultUser() already checks for an existing admin before inserting.
  • Race condition in createDefaultUser(): The findFirstcreate pattern is not atomic. Concurrent container startups can both observe no admin, both attempt to insert the same username, and the second will crash with a Prisma unique-constraint error (P2002) that propagates to process.exit(1).
  • No warning for default credentials: When DEFAULT_ADMIN_PASSWORD is unset the well-known default is used silently; a visible log warning would help operators avoid leaving default credentials in production.

Confidence Score: 2/5

  • Not safe to merge — modifying the applied initial migration will break prisma migrate deploy on all existing deployments.
  • The script-side logic in check-db.js is a sound approach to the feature, but the modification to prisma/migrations/01_init/migration.sql is a hard-breaking change: Prisma records migration checksums and will refuse to deploy if a previously-applied migration has been altered. This single change blocks every operator upgrading from an older version. The race condition in createDefaultUser() adds additional risk in multi-replica deployments.
  • prisma/migrations/01_init/migration.sql requires the most attention — the migration should not be modified; the INSERT removal must be handled via a new migration or omitted entirely.

Important Files Changed

Filename Overview
prisma/migrations/01_init/migration.sql Removes the hardcoded admin INSERT from the initial migration — this modifies an already-applied Prisma migration and will cause a checksum mismatch error on prisma migrate deploy for all existing deployments.
scripts/check-db.js Adds createDefaultUser() which reads DEFAULT_ADMIN_USERNAME/DEFAULT_ADMIN_PASSWORD env vars and seeds an admin if none exists; has a TOCTOU race condition in multi-instance deployments and no warning for default credentials.
Dockerfile Adds bcryptjs and uuid to the script-layer dependencies — correct and minimal change to support the new createDefaultUser logic.

Sequence Diagram

sequenceDiagram
    participant Docker as Docker Container
    participant Script as check-db.js
    participant DB as PostgreSQL

    Docker->>Script: pnpm start-docker
    Script->>Script: checkEnv()
    Script->>DB: checkConnection()
    DB-->>Script: Connected
    Script->>DB: checkDatabaseVersion()
    DB-->>Script: Version OK
    Script->>DB: applyMigration() — prisma migrate deploy
    DB-->>Script: Migrations applied
    Script->>DB: createDefaultUser() — findFirst({ role: 'admin' })
    DB-->>Script: null (no admin found)
    Script->>Script: Read DEFAULT_ADMIN_USERNAME / DEFAULT_ADMIN_PASSWORD env vars
    Script->>Script: bcrypt.hashSync(password, 10)
    Script->>DB: prisma.user.create({ id, username, password, role:'admin' })
    DB-->>Script: User created
    Script-->>Docker: ✓ Admin user created
Loading

Last reviewed commit: 1cf30ac

greptile-apps[bot]
greptile-apps Bot reviewed Mar 12, 2026
View reviewed changes
Comment thread prisma/migrations/01_init/migration.sql
Comment thread scripts/check-db.js Outdated
Comment thread scripts/check-db.js Outdated
@lvde0 lvde0 force-pushed the default-user-env branch from 1bd151a to d29e131 Compare March 12, 2026 10:26
@lvde0 lvde0 force-pushed the default-user-env branch from d29e131 to f8a7f36 Compare March 12, 2026 10:30
@aaron3238
Copy link
Copy Markdown

aaron3238 commented Apr 8, 2026

Any updates on this?

@lvde0
Copy link
Copy Markdown
Author

lvde0 commented Apr 9, 2026

@aaron3238 I don't know what the PR workflow is. Probably one of the maintainers has to look at the code as well. @mikecao

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow customizing default username/password (Docker)

2 participants

@lvde0 @aaron3238