feat: first client onboarding — fix env, add loyalty admin, dev infra-check

- Fix .env: wizamart→orion/wizard.lu, Redis port→6380 - Fix .env.example: orion.lu→wizard.lu domain references - Add create_loyalty_admin() to init_production.py (platform-scoped admin for rewardflow.lu) - Add `make infra-check` target running verify-server.sh - Split verify-server.sh into dev/prod modes (auto-detected from DEBUG flag) - Dev checks: .env config, PostgreSQL, Redis, health endpoint, migrations - Remove stale init.sql volume mount from docker-compose.yml Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-17 15:40:07 +01:00
parent 67260e9322
commit 64082ca877
5 changed files with 429 additions and 207 deletions
--- a/scripts/seed/init_production.py
+++ b/scripts/seed/init_production.py
@@ -132,6 +132,44 @@ def create_admin_user(db: Session, auth_manager: AuthManager) -> User:
    return admin


+def create_loyalty_admin(db: Session, auth_manager: AuthManager, loyalty_platform: Platform) -> User | None:
+    """Create a platform admin for the Loyalty+ platform."""
+    from app.modules.tenancy.models.admin_platform import AdminPlatform
+
+    email = "admin@rewardflow.lu"
+    existing = db.execute(select(User).where(User.email == email)).scalar_one_or_none()
+    if existing:
+        print_warning(f"Loyalty admin already exists: {email}")
+        return existing
+
+    password = "admin123"  # Dev default, change in production
+    admin = User(
+        username="loyalty_admin",
+        email=email,
+        hashed_password=auth_manager.hash_password(password),
+        role="admin",
+        is_super_admin=False,
+        first_name="Loyalty",
+        last_name="Administrator",
+        is_active=True,
+        is_email_verified=True,
+    )
+    db.add(admin)
+    db.flush()
+
+    # Assign to loyalty platform
+    assignment = AdminPlatform(
+        user_id=admin.id,
+        platform_id=loyalty_platform.id,
+        is_active=True,
+    )
+    db.add(assignment)
+    db.flush()
+
+    print_success(f"Created loyalty admin: {email} (password: {password})")
+    return admin
+
+
 def create_default_platforms(db: Session) -> list[Platform]:
    """Create all default platforms (OMS, Main, Loyalty+)."""

@@ -559,6 +597,14 @@ def initialize_production(db: Session, auth_manager: AuthManager):
    print_step(3, "Creating default platforms...")
    platforms = create_default_platforms(db)

+    # Step 3b: Create loyalty platform admin
+    print_step("3b", "Creating loyalty platform admin...")
+    loyalty_platform = next((p for p in platforms if p.code == "loyalty"), None)
+    if loyalty_platform:
+        create_loyalty_admin(db, auth_manager, loyalty_platform)
+    else:
+        print_warning("Loyalty platform not found, skipping loyalty admin creation")
+
    # Step 4: Set up default role templates
    print_step(4, "Setting up role templates...")
    create_default_role_templates(db)
@@ -606,9 +652,15 @@ def print_summary(db: Session):
    print("\n" + "─" * 70)
    print("🔐 ADMIN CREDENTIALS")
    print("─" * 70)
-    print("  URL:      /admin/login")
-    print(f"  Username: {settings.admin_username}")
-    print(f"  Password: {settings.admin_password}")  # noqa: SEC021
+    print("  Super Admin (all platforms):")
+    print("    URL:      /admin/login")
+    print(f"    Username: {settings.admin_username}")
+    print(f"    Password: {settings.admin_password}")  # noqa: SEC021
+    print()
+    print("  Loyalty Platform Admin (loyalty only):")
+    print("    URL:      /admin/login")
+    print("    Username: loyalty_admin")
+    print("    Password: admin123")
    print("─" * 70)

    # Show security warnings if in production