refactor(server): remove bootstrap admin path
The bootstrap-admin-from-env-vars flow was a holdover from before self-registration could create the first admin. Now that handleRegister + CreateUserFirstAdminRace promotes the first user to register on an empty users table (verified shipped in v2026.05.08.2 / #376), the bootstrap path is just a second source of truth that confuses operators (and leaves an "admin" account in the DB that nobody asked for). Removes: - internal/auth/bootstrap.go + its test - The auth.Bootstrap call from cmd/minstrel/main.go - AuthConfig + AdminBootstrapConfig structs from config - MINSTREL_AUTH_ADMIN_USERNAME / _PASSWORD env reads + their test - The auth: block from config.example.yaml - Bootstrap-related comments in docker-compose.yml + README.md The README quickstart now points operators at /register on first start instead of "watch the logs for a one-time password." Existing instances keep their bootstrap-admin row in the DB; operators who want it gone can register a new admin via /register, promote them in /admin/users, then delete the old bootstrap user (last-admin guard will require the new admin to be promoted first). No migration needed. Recovery story for forgotten admin passwords now hinges on Fable #321 (admin password reset CLI) — currently the only path back in if no other admin exists. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -48,7 +48,7 @@ volumes:
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
Watch `docker compose logs minstrel` on first start — a one-time admin password is printed to stderr. Sign in at `http://localhost:4533` with username `admin` and that password, then change it under Settings.
|
||||
After the stack is up, visit `http://localhost:4533/register` and create your admin account. The first user to register on a fresh instance is automatically marked as the administrator; subsequent users can register through the same form (or via invite tokens generated from the admin Users panel, depending on how you configure registration).
|
||||
|
||||
For the full configuration surface, see [`config.example.yaml`](./config.example.yaml).
|
||||
|
||||
@@ -59,7 +59,6 @@ Most operators only need the env vars in the quickstart above. A few extras wort
|
||||
- `MINSTREL_BRANDING_APP_NAME` — rename the instance ("Family Jukebox", "Office Music"). Surfaces in the header, browser tab, and OG share previews.
|
||||
- `MINSTREL_STORAGE_DATA_DIR` — defaults to `./data`. Holds playlist cover collages and other generated artefacts.
|
||||
- `MINSTREL_LIBRARY_SCAN_PATHS` — colon-separated list of music library roots to scan. Supports multiple roots (`/music:/podcasts`).
|
||||
- `MINSTREL_AUTH_ADMIN_USERNAME` / `MINSTREL_AUTH_ADMIN_PASSWORD` — bootstrap admin credentials. Username defaults to `admin`; leave the password unset to have the server generate one and print it to stderr on first start.
|
||||
|
||||
ListenBrainz integration (per-user scrobble + similarity tokens) and Lidarr integration (URL + API key) are configured through the admin Settings UI rather than env vars or yaml — per Minstrel's "config in UI" rule, integration settings live where operators can edit them without restarting.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user