From 4c474eeb238fd812d5398a0a9ecaba2f2c053907 Mon Sep 17 00:00:00 2001
From: root <root@takoyaki.takoyaki.cool>
Date: Sat, 5 Jul 2025 16:17:49 -0700
Subject: [PATCH] Fix admin authentication to use environment variables

- Update AuthService to read ADMIN_USERNAME and ADMIN_PASSWORD from environment
- Remove hardcoded admin123 password and use install.py credentials
- Add auto-redirect from root URL to admin interface
- Authentication now properly respects .env.docker configuration
---
 src/admin/app.py  |  3 ++-
 src/admin/auth.py | 11 ++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/admin/app.py b/src/admin/app.py
index 861a489..321caa1 100644
--- a/src/admin/app.py
+++ b/src/admin/app.py
@@ -351,7 +351,8 @@ app.mount("/admin", StaticFiles(directory="admin-frontend/build", html=True), na
 @app.get("/")
 async def root():
     """Root endpoint redirects to admin interface"""
-    return {"message": "Discord Fishbowl Admin Interface", "admin_url": "/admin", "socket_url": "/socket.io"}
+    from fastapi.responses import RedirectResponse
+    return RedirectResponse(url="/admin/", status_code=302)
 
 if __name__ == "__main__":
     import os
diff --git a/src/admin/auth.py b/src/admin/auth.py
index 5c21fd0..01a0038 100644
--- a/src/admin/auth.py
+++ b/src/admin/auth.py
@@ -19,16 +19,21 @@ class AuthService:
     """Authentication service for admin users"""
     
     def __init__(self):
+        import os
         self.settings = get_settings()
         self.secret_key = self.settings.admin.secret_key if hasattr(self.settings, 'admin') else "fallback-secret-key"
         self.algorithm = "HS256"
         self.access_token_expire_minutes = 480  # 8 hours
         
+        # Get admin credentials from environment
+        admin_username = os.getenv("ADMIN_USERNAME", "admin")
+        admin_password = os.getenv("ADMIN_PASSWORD", "admin123")
+        
         # Simple in-memory user storage (replace with database in production)
         self.users = {
-            "admin": {
-                "username": "admin",
-                "password_hash": self._hash_password("admin123"),  # Default password
+            admin_username: {
+                "username": admin_username,
+                "password_hash": self._hash_password(admin_password),
                 "permissions": ["read", "write", "admin"],
                 "active": True
             }