GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity
Files
f2f72fd3ef52813b85bcaae42ffbdf7fc91e4c34
gt-ai-os-community/scripts/postgresql/unified/01-create-admin-roles.sql
HackWeasel b9dfb86260 GT AI OS Community Edition v2.0.33 
Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-12 17:04:45 -05:00

34 lines
1.1 KiB
SQL
Raw Blame History

-- GT 2.0 Admin Cluster Role Creation Script
-- Creates PostgreSQL roles for admin/control panel cluster
-- Runs in admin postgres container only
-- Enable logging
\set ON_ERROR_STOP on
\set ECHO all
-- Create admin user for control panel database
DO $$
BEGIN
IF NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'gt2_admin') THEN
CREATE ROLE gt2_admin LOGIN PASSWORD 'dev_password_change_in_prod';
RAISE NOTICE 'Created gt2_admin role for control panel access';
ELSE
RAISE NOTICE 'gt2_admin role already exists';
END IF;
END $$;
-- Grant database connection permissions (only on databases that exist in admin container)
GRANT CONNECT ON DATABASE gt2_admin TO gt2_admin;
GRANT CONNECT ON DATABASE gt2_control_panel TO gt2_admin;
-- Log completion
DO $$
BEGIN
RAISE NOTICE '=== GT 2.0 ADMIN CLUSTER ROLE CREATION ===';
RAISE NOTICE 'Role created: gt2_admin';
RAISE NOTICE 'Permissions granted on:';
RAISE NOTICE ' - gt2_admin database';
RAISE NOTICE ' - gt2_control_panel database';
RAISE NOTICE '=========================================';
END $$;
View Git Blame Copy Permalink