seed superuser on migrate

pkg/database/db.go

@@ -3,12 +3,14 @@ package database
 import (
 	"fmt"
 
+	"github.com/Henelik/cms/pkg/config"
+	"golang.org/x/crypto/bcrypt"
 	"gorm.io/driver/postgres"
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"
 )
 
-func Migrate(db *gorm.DB) error {
+func Migrate(db *gorm.DB, su config.User) error {
 	if err := db.AutoMigrate(&User{}, &Role{}); err != nil {
 		return fmt.Errorf("auto-migrate: %w", err)
 	}
@@ -27,6 +29,50 @@ func Migrate(db *gorm.DB) error {
 		}
 	}
 
+	if su.Name != "" && su.Email != "" && su.Password != "" {
+		if err := seedSuperUser(db, su); err != nil {
+			return fmt.Errorf("seed superuser: %w", err)
+		}
+	}
+
+	return nil
+}
+
+func seedSuperUser(db *gorm.DB, su config.User) error {
+	hash, err := bcrypt.GenerateFromPassword([]byte(su.Password), bcrypt.DefaultCost)
+	if err != nil {
+		return fmt.Errorf("hash password: %w", err)
+	}
+
+	user := User{
+		Name:         su.Name,
+		Email:        su.Email,
+		PasswordHash: string(hash),
+	}
+
+	if err := db.FirstOrCreate(&user, User{Email: su.Email}).Error; err != nil {
+		return fmt.Errorf("create user: %w", err)
+	}
+
+	var superadmin Role
+	if err := db.First(&superadmin, "name = ?", "superadmin").Error; err != nil {
+		return fmt.Errorf("find superadmin role: %w", err)
+	}
+
+	// Check if user already has the superadmin role
+	var count int64
+	if err := db.Table("user_roles").
+		Where("user_id = ? AND role_id = ?", user.ID, superadmin.ID).
+		Count(&count).Error; err != nil {
+		return fmt.Errorf("check role association: %w", err)
+	}
+
+	if count == 0 {
+		if err := db.Model(&user).Association("Roles").Append(&superadmin); err != nil {
+			return fmt.Errorf("assign superadmin role: %w", err)
+		}
+	}
+
 	return nil
 }