feat: implement admin authentication and registration system

- Added new Admin model in Prisma schema
- Introduced admin registration, login, and status endpoints
- Implemented secure password hashing and verification
- Added new error codes for admin-related operations
- Updated auth routes and contract library
- Removed hardcoded superadmin credentials from environment configuration

Author: kastov

.env.sample

@@ -41,12 +41,6 @@ LIMITED_USER_REMARKS=["🔴 Subscription limited","Contact support"]
 ### RAW DOMAIN, WITHOUT HTTP/HTTPS, DO NOT PLACE / to end of domain ###
 SUB_PUBLIC_DOMAIN=example.com
 
-
-### SUPERADMIN ###
-### CHANGE DEFAULT VALUES ###
-SUPERADMIN_USERNAME=change_me
-SUPERADMIN_PASSWORD=change_me
-
 ### SWAGGER ###
 SWAGGER_PATH=/docs
 SCALAR_PATH=/scalar

libs/contract/api/controllers/auth.ts

@@ -2,4 +2,6 @@ export const AUTH_CONTROLLER = 'auth' as const;
 
 export const AUTH_ROUTES = {
     LOGIN: 'login',
+    REGISTER: 'register',
+    GET_STATUS: 'status',
 } as const;

libs/contract/api/routes.ts

@@ -6,6 +6,8 @@ export const METRICS_ROOT = '/metrics' as const;
 export const REST_API = {
     AUTH: {
         LOGIN: `${ROOT}/${CONTROLLERS.AUTH_CONTROLLER}/${CONTROLLERS.AUTH_ROUTES.LOGIN}`,
+        REGISTER: `${ROOT}/${CONTROLLERS.AUTH_CONTROLLER}/${CONTROLLERS.AUTH_ROUTES.REGISTER}`,
+        GET_STATUS: `${ROOT}/${CONTROLLERS.AUTH_CONTROLLER}/${CONTROLLERS.AUTH_ROUTES.GET_STATUS}`,
     },
     API_TOKENS: {
         CREATE: `${ROOT}/${CONTROLLERS.API_TOKENS_CONTROLLER}/${CONTROLLERS.API_TOKENS_ROUTES.CREATE}`,

libs/contract/commands/auth/get-status.command.ts

@@ -0,0 +1,16 @@
+import { z } from 'zod';
+
+import { REST_API } from '../../api';
+export namespace GetStatusCommand {
+    export const url = REST_API.AUTH.GET_STATUS;
+    export const TSQ_url = url;
+
+    export const ResponseSchema = z.object({
+        response: z.object({
+            isLoginAllowed: z.boolean(),
+            isRegisterAllowed: z.boolean(),
+        }),
+    });
+
+    export type Response = z.infer<typeof ResponseSchema>;
+}

libs/contract/commands/auth/index.ts

@@ -1 +1,3 @@
 export * from './login.command';
+export * from './register.command';
+export * from './get-status.command';

libs/contract/commands/auth/register.command.ts

@@ -0,0 +1,28 @@
+import { z } from 'zod';
+
+import { REST_API } from '../../api';
+export namespace RegisterCommand {
+    export const url = REST_API.AUTH.REGISTER;
+    export const TSQ_url = url;
+
+    export const RequestSchema = z.object({
+        username: z.string(),
+        password: z
+            .string()
+            .min(24, 'Password must contain at least 24 characters')
+            .regex(
+                /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[A-Za-z\d]/,
+                'Password must contain uppercase and lowercase letters and numbers',
+            ),
+    });
+
+    export type Request = z.infer<typeof RequestSchema>;
+
+    export const ResponseSchema = z.object({
+        response: z.object({
+            accessToken: z.string(),
+        }),
+    });
+
+    export type Response = z.infer<typeof ResponseSchema>;
+}

libs/contract/constants/errors/errors.ts

@@ -321,4 +321,16 @@ export const ERRORS = {
         message: 'Update exceeded traffic users error',
         httpCode: 500,
     },
+    ADMIN_NOT_FOUND: {
+        code: 'A065',
+        message: 'Admin not found',
+        httpCode: 404,
+    },
+    CREATE_ADMIN_ERROR: {
+        code: 'A066',
+        message: 'Create admin error',
+        httpCode: 500,
+    },
+    GET_AUTH_STATUS_ERROR: { code: 'A067', message: 'Get auth status error', httpCode: 500 },
+    FORBIDDEN: { code: 'A068', message: 'Forbidden', httpCode: 403 },
 } as const;

libs/contract/constants/roles/role.ts

@@ -5,3 +5,4 @@ export const ROLE = {
 
 export type TRole = typeof ROLE;
 export type TRolesKeys = (typeof ROLE)[keyof typeof ROLE];
+export type TRoleTypes = [keyof typeof ROLE][number];

libs/contract/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@remnawave/backend-contract",
-  "version": "0.2.0",
+  "version": "0.2.3",
   "public": true,
   "license": "AGPL-3.0-only",
   "description": "A contract library for Remnawave Backend. It can be used in backend and frontend.",

package.json

@@ -98,7 +98,7 @@
   },
   "devDependencies": {
     "@compodoc/compodoc": "^1.1.26",
-    "@nestjs/cli": "11.0.4",
+    "@nestjs/cli": "11.0.5",
     "@nestjs/schematics": "11.0.1",
     "@types/bcrypt": "^5.0.2",
     "@types/compression": "^1.7.5",