Nye-TeeOff/backend/create_admin.py

"""
TEE OFF ADMIN GENERATOR
---------------------------------------------------------------------------
FUNKSJON: Oppretter eller erstatter administrator direkte i databasen uten
          å skrive ut SQL, passordhash eller andre hemmeligheter.
STATUS: Nullstiller admins-tabellen og lager en ny 2FA-hemmelighet.
---------------------------------------------------------------------------
"""
import asyncio
import getpass
import sys

import asyncpg
import pyotp
from passlib.hash import pbkdf2_sha256

from env_config import get_database_url

DB_URL = get_database_url()


async def generate_admin() -> None:
    print("\n" + "=" * 50)
    print("   TEE OFF ADMIN GENERATOR")
    print("=" * 50)

    username = input("Brukernavn (f.eks Brukeren Leif): ").strip()
    email = input("E-post: ").strip()

    while True:
        password = getpass.getpass("Skriv inn passord: ")
        password_confirm = getpass.getpass("Gjenta passord: ")

        if password != password_confirm:
            print("❌ Passordene er ikke like. Prøv igjen.\n")
            continue

        if len(password) < 8:
            print("⚠️ Advarsel: Passordet bør være minst 8 tegn.")
        break

    password_hash = pbkdf2_sha256.hash(password)
    otp_secret = pyotp.random_base32()

    conn = None
    try:
        conn = await asyncpg.connect(DB_URL)
        async with conn.transaction():
            await conn.execute("TRUNCATE admins")
            await conn.execute(
                """
                INSERT INTO admins (username, email, password_hash, otp_secret)
                VALUES ($1, $2, $3, $4)
                """,
                username,
                email,
                password_hash,
                otp_secret,
            )
    except Exception as exc:
        print(f"❌ Kunne ikke opprette admin-brukeren: {type(exc).__name__}")
        sys.exit(1)
    finally:
        if conn is not None:
            await conn.close()

    print("\n✅ ADMIN BRUKER OPPRETTET")
    print("-" * 50)
    print("Brukeren er lagret direkte i databasen.")
    print("2FA-hemmeligheten vises nedenfor kun denne ene gangen.")
    print("Lagre den i authenticator-appen din før du lukker terminalen.")
    print("-" * 50)
    print(f"2FA-nøkkel: {otp_secret}")
    print("-" * 50 + "\n")


if __name__ == "__main__":
    try:
        asyncio.run(generate_admin())
    except KeyboardInterrupt:
        print("\nAvbrutt.")
        sys.exit(0)