""" TEE OFF ADMIN GENERATOR --------------------------------------------------------------------------- FUNKSJON: Oppretter eller erstatter administrator direkte i databasen uten å skrive ut SQL, passordhash eller andre hemmeligheter. STATUS: Nullstiller admins-tabellen og lager en ny 2FA-hemmelighet. --------------------------------------------------------------------------- """ import asyncio import getpass import sys import asyncpg import pyotp from passlib.hash import pbkdf2_sha256 from env_config import get_database_url DB_URL = get_database_url() async def generate_admin() -> None: print("\n" + "=" * 50) print(" TEE OFF ADMIN GENERATOR") print("=" * 50) username = input("Brukernavn (f.eks Brukeren Leif): ").strip() email = input("E-post: ").strip() while True: password = getpass.getpass("Skriv inn passord: ") password_confirm = getpass.getpass("Gjenta passord: ") if password != password_confirm: print("❌ Passordene er ikke like. Prøv igjen.\n") continue if len(password) < 8: print("⚠️ Advarsel: Passordet bør være minst 8 tegn.") break password_hash = pbkdf2_sha256.hash(password) otp_secret = pyotp.random_base32() conn = None try: conn = await asyncpg.connect(DB_URL) async with conn.transaction(): await conn.execute("TRUNCATE admins") await conn.execute( """ INSERT INTO admins (username, email, password_hash, otp_secret) VALUES ($1, $2, $3, $4) """, username, email, password_hash, otp_secret, ) except Exception as exc: print(f"❌ Kunne ikke opprette admin-brukeren: {type(exc).__name__}") sys.exit(1) finally: if conn is not None: await conn.close() print("\n✅ ADMIN BRUKER OPPRETTET") print("-" * 50) print("Brukeren er lagret direkte i databasen.") print("2FA-hemmeligheten vises nedenfor kun denne ene gangen.") print("Lagre den i authenticator-appen din før du lukker terminalen.") print("-" * 50) print(f"2FA-nøkkel: {otp_secret}") print("-" * 50 + "\n") if __name__ == "__main__": try: asyncio.run(generate_admin()) except KeyboardInterrupt: print("\nAvbrutt.") sys.exit(0)