Merge pull request #467 from devforth/feature/AdminForth/1193/i-think-we-had-some-feature-wh

SerVitasik · web-flow · commit 01091796e92a · 2026-02-05T14:38:54.000+02:00
feat: add default user detection and private IP check to AdminForthRe…
diff --git a/adminforth/modules/restApi.ts b/adminforth/modules/restApi.ts
@@ -376,6 +376,13 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
           }
         }
 
+      let defaultUserExists = false;
+        if (username === 'adminforth') {
+          defaultUserExists = true;
+        }
+      const clientIp = this.adminforth.auth.getClientIp(response.getHeaders?.() || {});
+      const isPrivateIP = clientIp === null ? true : false;
+
         const publicPart = {
           brandName: this.adminforth.config.customization.brandName,
           usernameFieldName: usernameColumn.label,
@@ -404,6 +411,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
           globalInjections: this.adminforth.config.customization.globalInjections,
           userFullnameField: this.adminforth.config.auth.userFullNameField,
           settingPages: settingPages,
+          hasDefaultUserOnPublicNetwork: defaultUserExists && !isPrivateIP
         }
 
         // translate menu labels
diff --git a/adminforth/spa/src/components/Sidebar.vue b/adminforth/spa/src/components/Sidebar.vue
@@ -51,6 +51,11 @@
         </div>
       </div>
 
+     <div v-if="coreStore.config.hasDefaultUserOnPublicNetwork" class="p-4 mb-4 text-white rounded-lg bg-red-700/80 fill-white text-sm"> 
+      <IconExclamationCircleOutline class="inline-block align-text-bottom mr-0,5 w-5 h-5" />
+      Default user <strong>"adminforth"</strong> detected. Delete it and create your own account.
+    </div>
+
       <ul class="af-sidebar-container space-y-2 font-medium" >
       <template v-if="!iconOnlySidebarEnabled || !isSidebarIconOnly" v-for="(item, i) in coreStore.menu" :key="`menu-${i}`">
           <div v-if="item.type === 'divider'" class="border-t border-lightSidebarDevider dark:border-darkSidebarDevider"></div>
@@ -300,6 +305,7 @@ import { getIcon, verySimpleHash, loadFile, getCustomComponent } from '@/utils';
 import { Tooltip } from '@/afcl';
 import type { AnnouncementBadgeResponse } from '@/types/Common';
 import { useAdminforth } from '@/adminforth';
+import { IconExclamationCircleOutline} from '@iconify-prerendered/vue-flowbite';
 
 const { menu } = useAdminforth();
 
diff --git a/adminforth/types/Common.ts b/adminforth/types/Common.ts
@@ -1117,6 +1117,7 @@ export interface AdminForthConfigForFrontend {
   loginBackgroundImage: string,
   loginBackgroundPosition: string,
   removeBackgroundBlendMode: boolean,
+  defaultUserExists?: boolean;
   title?: string,
   demoCredentials?: string,
   loginPromptHTML?: string | (() => string | Promise<string> | void | Promise<void> | Promise<undefined>) | undefined 

Original file line number	Diff line number	Diff line change
`@@ -376,6 +376,13 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {`
`376`	`376`	`}`
`377`	`377`	`}`
`378`	`378`
	`379`	`+ let defaultUserExists = false;`
	`380`	`+ if (username === 'adminforth') {`
	`381`	`+ defaultUserExists = true;`
	`382`	`+ }`
	`383`	`+ const clientIp = this.adminforth.auth.getClientIp(response.getHeaders?.() \|\| {});`
	`384`	`+ const isPrivateIP = clientIp === null ? true : false;`
	`385`	`+`
`379`	`386`	`const publicPart = {`
`380`	`387`	`brandName: this.adminforth.config.customization.brandName,`
`381`	`388`	`usernameFieldName: usernameColumn.label,`
`@@ -404,6 +411,7 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {`
`404`	`411`	`globalInjections: this.adminforth.config.customization.globalInjections,`
`405`	`412`	`userFullnameField: this.adminforth.config.auth.userFullNameField,`
`406`	`413`	`settingPages: settingPages,`
	`414`	`+ hasDefaultUserOnPublicNetwork: defaultUserExists && !isPrivateIP`
`407`	`415`	`}`
`408`	`416`
`409`	`417`	`// translate menu labels`