9dc0586d67
✅ Implemented: - Password hashing with bcrypt (salt rounds = 10) - JWT token generation (access 15m, refresh 7d) - Updated login endpoint to return access + refresh tokens - Added refresh and logout endpoints - Updated seed script with hashed passwords - Added test users for all roles (OWNER, MANAGER, GROWER, STAFF) 📝 Files Added/Modified: - backend/src/utils/password.ts (NEW) - backend/src/utils/jwt.ts (NEW) - backend/src/controllers/auth.controller.ts (UPDATED) - backend/src/routes/auth.routes.ts (UPDATED) - backend/prisma/seed.js (UPDATED - now hashes passwords) - CREDENTIALS.md (UPDATED - all test users documented) 🔐 Test Users: - admin@runfoo.run (OWNER) - manager@runfoo.run (MANAGER) - grower@runfoo.run (GROWER) - staff@runfoo.run (STAFF) All passwords: password123 ⏭️ Next: Auth middleware + RBAC
179 lines
3.8 KiB
Markdown
179 lines
3.8 KiB
Markdown
# 🔐 CA Grow Ops Manager - Login Credentials
|
|
|
|
**Environment**: Production
|
|
**URL**: <https://777wolfpack.runfoo.run>
|
|
**Last Updated**: 2025-12-09
|
|
|
|
---
|
|
|
|
## Default User Accounts
|
|
|
|
### Owner Account
|
|
|
|
- **Email**: `admin@runfoo.run`
|
|
- **Password**: `password123`
|
|
- **Role**: OWNER
|
|
- **Permissions**: Full access to all features
|
|
- **Hourly Rate**: $50.00
|
|
|
|
### Manager Account
|
|
|
|
- **Email**: `manager@runfoo.run`
|
|
- **Password**: `password123`
|
|
- **Role**: MANAGER
|
|
- **Permissions**: Full access except user management
|
|
- **Hourly Rate**: $35.00
|
|
|
|
### Grower Account
|
|
|
|
- **Email**: `grower@runfoo.run`
|
|
- **Password**: `password123`
|
|
- **Role**: GROWER
|
|
- **Permissions**: Read/write batches, rooms, tasks
|
|
- **Hourly Rate**: $30.00
|
|
|
|
### Staff Account
|
|
|
|
- **Email**: `staff@runfoo.run`
|
|
- **Password**: `password123`
|
|
- **Role**: STAFF
|
|
- **Permissions**: Read-only + timeclock
|
|
- **Hourly Rate**: $20.00
|
|
|
|
---
|
|
|
|
## Seeded Data
|
|
|
|
### Rooms
|
|
|
|
The following rooms are pre-configured:
|
|
|
|
1. **Veg Room 1** - VEG type, 1200 sqft
|
|
2. **Flower Room A** - FLOWER type, 2500 sqft
|
|
3. **Flower Room B** - FLOWER type, 2500 sqft
|
|
4. **Dry Room** - DRY type, 800 sqft
|
|
|
|
---
|
|
|
|
## Testing the Application
|
|
|
|
### 1. Login
|
|
|
|
1. Navigate to <https://777wolfpack.runfoo.run>
|
|
2. Enter email: `admin@runfoo.run`
|
|
3. Enter password: `password123`
|
|
4. Click "Login"
|
|
|
|
### 2. Available Features (Currently Implemented)
|
|
|
|
- ✅ **Dashboard**: Overview of facility operations
|
|
- ✅ **Rooms**: View and manage grow rooms
|
|
- ✅ **Batches**: View and manage cultivation batches
|
|
- ✅ **Timeclock**: Clock in/out for labor tracking
|
|
|
|
### 3. Features In Development
|
|
|
|
- ⏳ **Tasks**: Task management and scheduling
|
|
- ⏳ **Compliance**: Document storage and audit packets
|
|
- ⏳ **Settings**: User preferences and management
|
|
- ⏳ **Reports**: Labor analytics and cost tracking
|
|
|
|
---
|
|
|
|
## API Access
|
|
|
|
### Base URL
|
|
|
|
```
|
|
https://777wolfpack.runfoo.run/api
|
|
```
|
|
|
|
### Authentication
|
|
|
|
```bash
|
|
# Login to get JWT token
|
|
curl -X POST https://777wolfpack.runfoo.run/api/auth/login \
|
|
-H "Content-Type: application/json" \
|
|
-d '{
|
|
"email": "admin@runfoo.run",
|
|
"password": "password123"
|
|
}'
|
|
|
|
# Response includes:
|
|
# - accessToken (use in Authorization header)
|
|
# - refreshToken (for token renewal)
|
|
```
|
|
|
|
### Example API Calls
|
|
|
|
```bash
|
|
# Get all rooms (requires auth token)
|
|
curl https://777wolfpack.runfoo.run/api/rooms \
|
|
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
|
|
|
|
# Get all batches
|
|
curl https://777wolfpack.runfoo.run/api/batches \
|
|
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
|
|
```
|
|
|
|
---
|
|
|
|
## Security Notes
|
|
|
|
⚠️ **IMPORTANT**: These are development/demo credentials.
|
|
|
|
**Before production use**:
|
|
|
|
1. Change all default passwords
|
|
2. Implement proper password hashing (currently using plaintext in seed)
|
|
3. Enable 2FA for owner accounts
|
|
4. Rotate JWT secrets
|
|
5. Implement password complexity requirements
|
|
|
|
---
|
|
|
|
## Troubleshooting
|
|
|
|
### "Invalid credentials" error
|
|
|
|
- Verify you're using the exact email: `admin@runfoo.run`
|
|
- Password is case-sensitive: `password123`
|
|
- Check if database has been seeded (see deployment logs)
|
|
|
|
### "Cannot connect to server"
|
|
|
|
- Verify backend is healthy: `docker compose ps`
|
|
- Check backend logs: `docker compose logs backend`
|
|
- Verify Traefik routing is working
|
|
|
|
### Need to re-seed database
|
|
|
|
```bash
|
|
ssh admin@nexus-vector
|
|
cd /srv/containers/ca-grow-ops-manager
|
|
docker compose exec backend npx prisma db seed
|
|
```
|
|
|
|
---
|
|
|
|
## Adding More Users
|
|
|
|
Currently, user registration is only available through the seed script or direct database access.
|
|
|
|
**Coming in Sprint 2**: Admin user management UI
|
|
|
|
**Temporary workaround** (SSH to nexus-vector):
|
|
|
|
```bash
|
|
docker compose exec backend npx prisma studio
|
|
# Opens Prisma Studio on localhost:5555
|
|
# Add users manually through the UI
|
|
```
|
|
|
|
---
|
|
|
|
**Need help?** Check the logs:
|
|
|
|
```bash
|
|
ssh admin@nexus-vector "cd /srv/containers/ca-grow-ops-manager && docker compose logs -f"
|
|
```
|