Upload entrypoint.sh with huggingface_hub

entrypoint.sh

@@ -1331,96 +1331,50 @@ else
     echo "   ⚠️ Image Proxy 未就绪，Web UI 可能不可用"
 fi
 
-# ==================== 设置自定义用户凭据 ====================
-# 策略：通过 BFF API 修改凭据（先改密码，再改用户名）
-echo "🔐 配置用户凭据..."
+# ==================== 确保默认凭据可用 ====================
+# 使用 hermes-web-ui CLI 重置默认登录（admin/123456）
+# 登录后可在"设置 → 账户"中修改用户名和密码
+echo "🔐 确保默认凭据可用 (admin/123456)..."
 sleep 3
 
 # 等待 BFF 就绪
-echo "   🔗 等待 BFF 就绪..."
 for i in $(seq 1 15); do
     if curl -sf http://127.0.0.1:7861/health >/dev/null 2>&1; then
-        echo "   ✅ BFF 已就绪"
-        sleep 3
         break
     fi
     [ "$i" -lt 15 ] && sleep 2
 done
 
-# 确保 admin/123456 默认凭据存在
-echo "   🔄 重置默认凭据..."
-node -e "
-const{DatabaseSync}=require('node:sqlite');
-const{randomBytes,scryptSync}=require('node:crypto');
-const os=require('node:os'),p=require('node:path'),fs=require('node:fs');
-const h=process.env.HERMES_WEB_UI_HOME?.trim()||p.join(os.homedir(),'.hermes-web-ui');
-const f=p.join(h,'hermes-web-ui.db');
-if(!fs.existsSync(f)){process.exit(1)}
-const db=new DatabaseSync(f);
+# 使用 CLI 重置默认凭据（可靠，由 hermes-web-ui 自己管理）
+HERMES_CLI="/opt/hermes-web-ui/node_modules/.bin/hermes-web-ui"
+if [ -f "$HERMES_CLI" ]; then
+    node "$HERMES_CLI" reset-default-login 2>/dev/null && \
+        echo "   ✅ 默认凭据已就绪" || \
+        echo "   ⚠️ CLI 重置失败"
+else
+    echo "   ⚠️ CLI 未找到，使用内联脚本..."
+    node -e "
+const{DatabaseSync}=require('node:sqlite');const{randomBytes,scryptSync}=require('node:crypto');
+const o=require('node:os'),p=require('node:path'),fs=require('node:fs');
+const h=process.env.HERMES_WEB_UI_HOME?.trim()||p.join(o.homedir(),'.hermes-web-ui');
+const d=p.join(h,'hermes-web-ui.db');
+if(!fs.existsSync(d)){process.exit(1)}
+const db=new DatabaseSync(d);
 db.exec('CREATE TABLE IF NOT EXISTS users(id INTEGER PRIMARY KEY AUTOINCREMENT,username TEXT NOT NULL UNIQUE,password_hash TEXT NOT NULL,role TEXT NOT NULL DEFAULT \"admin\",status TEXT NOT NULL DEFAULT \"active\",created_at INTEGER NOT NULL,updated_at INTEGER NOT NULL,last_login_at INTEGER)');
 const s=randomBytes(16).toString('hex');
-const hash=scryptSync('123456',s,64).toString('hex');
-const ph='scrypt:'+s+':'+hash;
-const e=db.prepare('SELECT id FROM users WHERE username=?').get('admin');
+const h2=scryptSync('123456',s,64).toString('hex');
+const ph='scrypt:'+s+':'+h2;
 const n=Date.now();
-if(e?.id){db.prepare('UPDATE users SET password_hash=?,role=\"super_admin\",status=\"active\",updated_at=? WHERE id=?').run(ph,n,e.id)}
-else{db.prepare('INSERT INTO users(username,password_hash,role,status,created_at,updated_at) VALUES(?,?,\"super_admin\",\"active\",?,?)').run('admin',ph,n,n)}
+const e=db.prepare('SELECT id FROM users WHERE username=?').get('admin');
+if(e?.id){db.prepare('UPDATE users SET password_hash=?,role=\"super_admin\",updated_at=? WHERE id=?').run(ph,n,e.id)}
+else{db.prepare('INSERT INTO users(username,password_hash,role,status,created_at,updated_at) VALUES(\"admin\",?,\"super_admin\",\"active\",?,?)').run(ph,n,n)}
 db.close()
-" 2>/dev/null && echo "   ✅ 默认凭据已就绪" || echo "   ⚠️ 默认凭据设置可能失败"
-
-sleep 2
-
-# Step 1: 登录 admin/123456
-TOKEN=$(curl -sf -X POST http://127.0.0.1:7861/api/auth/login \
-    -H "Content-Type: application/json" \
-    -d '{"username":"admin","password":"123456"}' 2>/dev/null | \
-    node -e "let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>{try{console.log(JSON.parse(d).token)}catch(e){}})" 2>/dev/null)
-
-if [ -n "$TOKEN" ]; then
-    echo "   ✅ 管理令牌已获取"
-    
-    # Step 2: 先改密码
-    curl -sf -X POST http://127.0.0.1:7861/api/auth/change-password \
-        -H "Content-Type: application/json" \
-        -H "Authorization: Bearer $TOKEN" \
-        -d '{"currentPassword":"123456","newPassword":"hm951753"}' >/dev/null 2>&1
-    sleep 1
-    
-    # 重新登录验证密码
-    TOKEN2=$(curl -sf -X POST http://127.0.0.1:7861/api/auth/login \
-        -H "Content-Type: application/json" \
-        -d '{"username":"admin","password":"hm951753"}' 2>/dev/null | \
-        node -e "let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>{try{console.log(JSON.parse(d).token)}catch(e){}})" 2>/dev/null)
-    
-    if [ -n "$TOKEN2" ]; then
-        echo "   ✅ 密码已修改"
-        
-        # Step 3: 改用户名
-        curl -sf -X POST http://127.0.0.1:7861/api/auth/change-username \
-            -H "Content-Type: application/json" \
-            -H "Authorization: Bearer $TOKEN2" \
-            -d '{"currentPassword":"hm951753","newUsername":"Gendle"}' >/dev/null 2>&1
-        sleep 1
-        
-        # Step 4: 最终验证
-        TOKEN3=$(curl -sf -X POST http://127.0.0.1:7861/api/auth/login \
-            -H "Content-Type: application/json" \
-            -d '{"username":"Gendle","password":"hm951753"}' 2>/dev/null | \
-            node -e "let d='';process.stdin.on('data',c=>d+=c);process.stdin.on('end',()=>{try{console.log(JSON.parse(d).token)}catch(e){}})" 2>/dev/null)
-        
-        if [ -n "$TOKEN3" ]; then
-            echo "   ✅ 凭据配置完成: Gendle / hm951753"
-        else
-            echo "   ⚠️ 最终验证失败，请手动测试登录"
-        fi
-    else
-        echo "   ⚠️ 密码修改后无法重新登录"
-    fi
-else
-    echo "   ⚠️ admin 登录失败，凭据配置未完成"
-    echo "   💡 请使用默认凭据 admin/123456 登录后自行修改"
+" 2>/dev/null && echo "   ✅ 默认凭据已就绪" || echo "   ⚠️ 内联脚本失败"
 fi
 
+echo "   🔑 默认登录: admin / 123456"
+echo "   💡 登录后请在 "设置 → 账户" 中修改用户名和密码"
+
 # 再次验证模型配置（BFF 启动可能修改 config.yaml）
 if [ -f "$CONFIG_FILE" ]; then
     if command -v yq &>/dev/null; then