will/adopt-a-street
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1c26ed67235b7106e7b94f661314b157338286ef
adopt-a-street/deploy/k8s/secrets.yaml.example
William Valentin fc23f4d098 feat: add admin user system with role-based access control 
Implement comprehensive admin user system for Kubernetes deployment:

Backend:
- Add isAdmin field to User model for role-based permissions
- Create adminAuth middleware to protect admin-only routes
- Protect 11 routes across rewards, cache, streets, and analytics endpoints
- Update setup-couchdb.js to seed default admin user at deployment

Kubernetes:
- Add ADMIN_EMAIL and ADMIN_PASSWORD to secrets.yaml
- Add ADMIN_EMAIL to configmap.yaml for non-sensitive config
- Create couchdb-init-job.yaml for automated database initialization
- Update secrets.yaml.example with admin user documentation

Frontend:
- Create AdminRoute component for admin-only page protection
- Create comprehensive AdminDashboard with 5 tabs:
  * Overview: Platform statistics and quick actions
  * Users: List, search, manage admin status, delete users
  * Streets: Create, edit, delete streets
  * Rewards: Create, edit, toggle, delete rewards
  * Content: Moderate posts and events
- Add Admin navigation link in Navbar (visible only to admins)
- Integrate admin routes in App.js

Default admin user:
- Email: will@wills-portal.com
- Created automatically by K8s init job at deployment

Routes protected:
- POST/PUT/DELETE /api/rewards (catalog management)
- POST /api/streets (street creation)
- DELETE /api/cache (cache operations)
- GET /api/analytics/* (platform statistics)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-06 13:36:15 -08:00

39 lines
1.4 KiB
Plaintext
Raw Blame History

apiVersion: v1
kind: Secret
metadata:
name: adopt-a-street-secrets
type: Opaque
stringData:
# JWT Secret - CHANGE THIS IN PRODUCTION!
JWT_SECRET: "your-super-secret-jwt-key-change-in-production"
# CouchDB Configuration
COUCHDB_USER: "admin" # Change this in production
COUCHDB_PASSWORD: "admin" # Change this in production
COUCHDB_SECRET: "some-random-secret-string" # Change this in production
# Cloudinary Configuration (secrets only - non-sensitive values in configmap.yaml)
CLOUDINARY_API_KEY: "your-cloudinary-api-key"
CLOUDINARY_API_SECRET: "your-cloudinary-api-secret"
# Stripe Configuration (optional - currently mocked)
STRIPE_SECRET_KEY: "your-stripe-secret-key"
# OpenAI Configuration (optional - for AI features)
OPENAI_API_KEY: "your-openai-api-key"
# Admin User Configuration - CHANGE THESE IN PRODUCTION!
ADMIN_EMAIL: "admin@example.com" # Default admin user email
ADMIN_PASSWORD: "change-this-password" # Default admin user password
---
# IMPORTANT:
# 1. Copy this file to secrets.yaml
# 2. Replace all placeholder values with real secrets
# 3. DO NOT commit secrets.yaml to version control
# 4. Add secrets.yaml to .gitignore
# 5. Generate strong passwords for CouchDB using: openssl rand -base64 32
# 6. Non-sensitive config values (CLOUDINARY_CLOUD_NAME, STRIPE_PUBLISHABLE_KEY, OPENAI_MODEL)
# are in configmap.yaml
# 7. Set ADMIN_EMAIL and ADMIN_PASSWORD to create the default admin user at deployment
Reference in New Issue View Git Blame Copy Permalink