Upload entrypoint.sh with huggingface_hub

entrypoint.sh

@@ -1331,66 +1331,90 @@ else
     echo "   ⚠️ Image Proxy 未就绪，Web UI 可能不可用"
 fi
 
-# ==================== 设置默认用户凭据 ====================
-echo "🔐 配置默认用户凭据 (Gendle/hm951753)..."
-
-# 等待 BFF 初始化完成并创建数据库
-sleep 5
-
-SETUP_CREDENTIALS=$(cat <<'CREDSCRIPT'
-const { DatabaseSync } = require("node:sqlite");
-const { randomBytes, scryptSync } = require("node:crypto");
-const os = require("node:os");
-const path = require("node:path");
-const fs = require("node:fs");
-
-// Match hermes-web-ui CLI: DB at $HERMES_WEB_UI_HOME or $HOME/.hermes-web-ui/hermes-web-ui.db
-const WEB_UI_HOME = process.env.HERMES_WEB_UI_HOME?.trim()
-    || path.join(os.homedir(), ".hermes-web-ui");
-const DB_FILE = path.join(WEB_UI_HOME, "hermes-web-ui.db");
-
-function hashPassword(password) {
-    const salt = randomBytes(16).toString("hex");
-    const hash = scryptSync(password, salt, 64).toString("hex");
-    return "scrypt:" + salt + ":" + hash;
-}
-
-if (!fs.existsSync(DB_FILE)) {
-    console.error("DB not found: " + DB_FILE);
-    process.exit(1);
-}
-
-const db = new DatabaseSync(DB_FILE);
-
-// Force recreate users table to fix any schema corruption
-db.exec("DROP TABLE IF EXISTS users");
-db.exec("CREATE TABLE users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT NOT NULL UNIQUE, password_hash TEXT NOT NULL, role TEXT NOT NULL DEFAULT 'admin', status TEXT NOT NULL DEFAULT 'active', created_at INTEGER NOT NULL, updated_at INTEGER NOT NULL, last_login_at INTEGER)");
-
-const now = Date.now();
-db.prepare("INSERT INTO users (username, password_hash, role, status, created_at, updated_at) VALUES (?, ?, 'super_admin', 'active', ?, ?)")
-    .run("Gendle", hashPassword("hm951753"), now, now);
+# ==================== 设置自定义用户凭据 ====================
+# 策略：通过 BFF API 修改凭据（不使用直接 SQLite 操作，避免 BFF 进程内缓存不一致）
+echo "🔐 配置用户凭据..."
+sleep 3
+
+# Step 1: 先确保默认凭据存在（BFF 可能还没创建）
+# 使用 hermes-web-ui CLI 重置默认登录（确保 admin/123456 存在）
+if [ -f "/opt/hermes-web-ui/node_modules/.bin/hermes-web-ui" ]; then
+    echo "   🔄 确保默认凭据就绪..."
+    node /opt/hermes-web-ui/node_modules/.bin/hermes-web-ui reset-default-login 2>/dev/null || true
+fi
 
-var users = db.prepare("SELECT username, role FROM users").all();
-console.log("Users: " + JSON.stringify(users));
-db.close();
-CREDSCRIPT
+# Step 2: 使用 AUTH_TOKEN 修改用户名和密码
+# 先登录获取 token，然后通过 API 修改
+CRED_CURL=$(cat <<'CURLSCRIPT'
+#!/bin/bash
+# 登录获取 token
+LOGIN_RESP=$(curl -sf -X POST http://127.0.0.1:7861/api/auth/login \
+    -H "Content-Type: application/json" \
+    -d '{"username":"admin","password":"123456"}' 2>/dev/null)
+LOGIN_TOKEN=$(echo "$LOGIN_RESP" | node -e "process.stdin.on('data',d=>{try{console.log(JSON.parse(d).token)}catch(e){console.log('')}})")
+
+if [ -n "$LOGIN_TOKEN" ]; then
+    echo "   ✅ 已登录 (admin)，正在修改凭据..."
+    
+    # 修改用户名
+    curl -sf -X POST http://127.0.0.1:7861/api/auth/change-username \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer $LOGIN_TOKEN" \
+        -d '{"currentPassword":"123456","newUsername":"Gendle"}' >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        echo "   ✅ 用户名已改为 Gendle"
+    fi
+    
+    # 修改密码
+    curl -sf -X POST http://127.0.0.1:7861/api/auth/change-password \
+        -H "Content-Type: application/json" \
+        -H "Authorization: Bearer $LOGIN_TOKEN" \
+        -d '{"currentPassword":"123456","newPassword":"hm951753"}' >/dev/null 2>&1
+    if [ $? -eq 0 ]; then
+        echo "   ✅ 密码已改为 hm951753"
+    fi
+    
+    echo "   ✅ 凭据配置完成: Gendle / hm951753"
+else
+    echo "   ⚠️ 默认 admin 登录失败，尝试通过 AUTH_TOKEN 设置..."
+    # Fallback: 重置默认登录后尝试
+    sleep 2
+    LOGIN_RESP2=$(curl -sf -X POST http://127.0.0.1:7861/api/auth/login \
+        -H "Content-Type: application/json" \
+        -d '{"username":"admin","password":"123456"}' 2>/dev/null)
+    LOGIN_TOKEN2=$(echo "$LOGIN_RESP2" | node -e "process.stdin.on('data',d=>{try{console.log(JSON.parse(d).token)}catch(e){console.log('')}})")
+    if [ -n "$LOGIN_TOKEN2" ]; then
+        curl -sf -X POST http://127.0.0.1:7861/api/auth/change-username \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer $LOGIN_TOKEN2" \
+            -d '{"currentPassword":"123456","newUsername":"Gendle"}' >/dev/null 2>&1
+        curl -sf -X POST http://127.0.0.1:7861/api/auth/change-password \
+            -H "Content-Type: application/json" \
+            -H "Authorization: Bearer $LOGIN_TOKEN2" \
+            -d '{"currentPassword":"123456","newPassword":"hm951753"}' >/dev/null 2>&1
+        echo "   ✅ 凭据配置完成: Gendle / hm951753"
+    else
+        echo "   ⚠️ 无法修改凭据，请稍后在 Web 设置中手动修改"
+    fi
+fi
+CURLSCRIPT
 )
 
-# Wait for BFF to fully initialize (DB might not exist immediately)
-for i in $(seq 1 6); do
-    if echo "$SETUP_CREDENTIALS" | node - 2>/dev/null; then
+# 等待 BFF 就绪后执行
+for i in $(seq 1 10); do
+    if curl -sf http://127.0.0.1:7861/health >/dev/null 2>&1; then
+        echo "   🔗 BFF 已就绪，开始配置凭据..."
+        sleep 3  # 给 BFF 一些时间完成初始化
+        bash -c "$CRED_CURL"
         break
     fi
-    if [ "$i" -lt 6 ]; then
-        echo "   ⏳ 等待 BFF 初始化... ($i/6)"
-        sleep 5
+    if [ "$i" -lt 10 ]; then
+        sleep 3
     else
-        echo "   ⚠️ 凭据配置失败，请手动在设置中修改"
+        echo "   ⚠️ BFF 未在 30 秒内就绪"
     fi
 done
 
-echo "   🔑 登录凭据: Gendle / hm951753"
-
 # 再次验证模型配置（BFF 启动可能修改 config.yaml）
 if [ -f "$CONFIG_FILE" ]; then
     if command -v yq &>/dev/null; then