update

server/.env.example

@@ -6,6 +6,8 @@ JWT_ACCESS_SECRET=change_this_access_secret
 JWT_REFRESH_SECRET=change_this_refresh_secret
 JWT_ACCESS_EXPIRES_IN=2h
 JWT_REFRESH_EXPIRES_IN=7d
+DEFAULT_ADMIN_USERNAME=admin
+DEFAULT_ADMIN_PASSWORD=admin123456
 
 GITLAB_BASE_URL=
 GITLAB_API_BASE=

server/src/prisma/prisma.service.ts

@@ -1,11 +1,16 @@
-import { INestApplication, Injectable, OnModuleInit } from '@nestjs/common';
-import { PrismaClient } from '@prisma/client';
+import { INestApplication, Injectable, Logger, OnModuleInit } from '@nestjs/common';
+import { AdminUserStatus, PrismaClient } from '@prisma/client';
+import argon2 from 'argon2';
+import { randomUUID } from 'crypto';
 
 @Injectable()
 export class PrismaService extends PrismaClient implements OnModuleInit {
+  private readonly logger = new Logger(PrismaService.name);
+
   async onModuleInit(): Promise<void> {
     await this.$connect();
     await this.$queryRawUnsafe('PRAGMA journal_mode = WAL;');
+    await this.ensureDefaultAdminUser();
   }
 
   async enableShutdownHooks(app: INestApplication): Promise<void> {
@@ -13,4 +18,31 @@ export class PrismaService extends PrismaClient implements OnModuleInit {
       await app.close();
     });
   }
+
+  private async ensureDefaultAdminUser(): Promise<void> {
+    const username = process.env.DEFAULT_ADMIN_USERNAME?.trim() || 'admin';
+    const password = process.env.DEFAULT_ADMIN_PASSWORD || 'admin123456';
+
+    const existingAdmin = await this.adminUser.findUnique({
+      where: { username },
+      select: { id: true },
+    });
+
+    if (existingAdmin) {
+      return;
+    }
+
+    const passwordHash = await argon2.hash(password, { type: argon2.argon2id });
+    await this.adminUser.create({
+      data: {
+        id: `u_admin_${randomUUID().replace(/-/g, '')}`,
+        username,
+        passwordHash,
+        displayName: 'System Admin',
+        status: AdminUserStatus.active,
+      },
+    });
+
+    this.logger.log(`Default admin user initialized: ${username}`);
+  }
 }