feat: implement auth system, passkeys, and user management

Add PostgreSQL and Redis integration for users and sessions Implement password and WebAuthn passkey login flows Add Docker stack, super-admin seeding, and protected routes
2026-04-12 20:16:43 +08:00
parent a649c509c2
commit 377a9617be
45 changed files with 3620 additions and 104 deletions
--- a/server/api/admin/users/[id]/reset-password.post.ts
+++ b/server/api/admin/users/[id]/reset-password.post.ts
@@ -0,0 +1,42 @@
+import { DEFAULT_USER_PASSWORD } from '~~/shared/auth'
+
+import { requireRole } from '../../../../utils/auth'
+import { hashPassword } from '../../../../utils/password'
+import { getUserById, updateUserPassword } from '../../../../utils/user-repository'
+
+export default defineEventHandler(async (event) => {
+  await requireRole(event, 'super_admin')
+
+  const userId = getRouterParam(event, 'id')
+
+  if (!userId) {
+    throw createError({
+      statusCode: 400,
+      statusMessage: 'User id is required'
+    })
+  }
+
+  const user = await getUserById(userId)
+
+  if (!user) {
+    throw createError({
+      statusCode: 404,
+      statusMessage: 'User not found'
+    })
+  }
+
+  const passwordHash = await hashPassword(DEFAULT_USER_PASSWORD)
+
+  await updateUserPassword({
+    userId,
+    passwordHash,
+    mustChangePassword: true
+  })
+
+  const updatedUser = await getUserById(userId)
+
+  return {
+    user: updatedUser,
+    defaultPassword: DEFAULT_USER_PASSWORD
+  }
+})