From 9687760c79c29f106a1f5e931298050bbb94ef4f Mon Sep 17 00:00:00 2001
From: Ethan-Zhang <ethanzhang55@outlook.com>
Date: Tue, 21 Oct 2025 18:52:29 +0800
Subject: [PATCH] =?UTF-8?q?Feat:=20=E6=96=B0=E5=A2=9E=E7=AE=A1=E7=90=86?=
 =?UTF-8?q?=E5=91=98=E8=AE=BE=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/main.py                                  | 43 +++++++++++++++++++
 apps/schemas/config.py                        |  8 ++++
 .../configs/framework/config.toml             |  7 ++-
 3 files changed, 57 insertions(+), 1 deletion(-)

diff --git a/apps/main.py b/apps/main.py
index 8ab89979e..3a9406512 100644
--- a/apps/main.py
+++ b/apps/main.py
@@ -179,6 +179,47 @@ async def add_no_auth_user() -> None:
     except Exception as e:
         logger.error(f"[add_no_auth_user] 添加默认用户失败: {e}")
 
+async def set_administrator() -> None:
+    """
+    设置管理员用户
+    当MongoDB User表不存在该用户时就新增，如果存在就修改该User的is_admin字段为true
+    """
+    from apps.common.mongo import MongoDB
+    from apps.schemas.collection import User
+    from apps.common.config import Config
+    
+    config = Config().get_config()
+    mongo = MongoDB()
+    user_collection = mongo.get_collection("user")
+    
+    # 获取管理员配置
+    admin_user_sub = config.admin.user_sub
+    admin_user_name = config.admin.user_name
+    
+    try:
+        # 检查用户是否已存在
+        existing_user = await user_collection.find_one({"_id": admin_user_sub})
+        
+        if existing_user:
+            # 用户存在，更新 is_admin 字段为 true
+            await user_collection.update_one(
+                {"_id": admin_user_sub},
+                {"$set": {"is_admin": True}}
+            )
+            logger.info(f"[set_administrator] 成功更新用户 {admin_user_sub} 的管理员权限")
+        else:
+            # 用户不存在，新增管理员用户
+            await user_collection.insert_one(User(
+                _id=admin_user_sub,
+                user_name=admin_user_name,
+                is_admin=True,
+                auto_execute=False
+            ).model_dump(by_alias=True))
+            logger.info(f"[set_administrator] 成功添加新管理员用户: {admin_user_sub}")
+            
+    except Exception as e:
+        logger.error(f"[set_administrator] 设置管理员用户失败: {e}")
+
 async def clear_user_activity() -> None:
     """清除所有用户的活跃状态"""
     from apps.services.activity import Activity
@@ -198,6 +239,8 @@ async def init_resources() -> None:
     
     if Config().get_config().no_auth.enable:
         await add_no_auth_user()
+    if Config().get_config().admin.enable:
+        await set_administrator()
     await clear_user_activity()
 
     # 初始化变量池管理器
diff --git a/apps/schemas/config.py b/apps/schemas/config.py
index 45a8813b4..4ca82b88f 100644
--- a/apps/schemas/config.py
+++ b/apps/schemas/config.py
@@ -14,6 +14,13 @@ class NoauthConfig(BaseModel):
     user_name: str = Field(description="无认证模式下的用户名", default="openEuler")
 
 
+class AdminConfig(BaseModel):
+    """管理员配置"""
+    enable: bool = Field(description="是否启用管理员", default=False)
+    user_sub: str = Field(description="管理员用户标识", default="openEuler")
+    user_name: str = Field(description="管理员用户名", default="openEuler")
+    
+
 class DeployConfig(BaseModel):
     """部署配置"""
 
@@ -171,6 +178,7 @@ class ExtraConfig(BaseModel):
 class ConfigModel(BaseModel):
     """配置文件的校验Class"""
     no_auth: NoauthConfig = Field(description="无认证配置", default=NoauthConfig())
+    admin: AdminConfig = Field(description="管理员配置", default=AdminConfig())
     deploy: DeployConfig
     login: LoginConfig
     embedding: EmbeddingConfig
diff --git a/deploy/chart/euler_copilot/configs/framework/config.toml b/deploy/chart/euler_copilot/configs/framework/config.toml
index d6b46d3d0..a7349518a 100644
--- a/deploy/chart/euler_copilot/configs/framework/config.toml
+++ b/deploy/chart/euler_copilot/configs/framework/config.toml
@@ -1,6 +1,11 @@
 [no_auth]
 enable = false
 
+[admin]
+enable = true
+user_sub = openEuler
+user_name = openEuler
+
 [deploy]
 mode = 'local'
 cookie = 'domain'
@@ -20,7 +25,7 @@ userinfo_endpoint = '{{ .Values.domain.authelia | default "http://127.0.0.1:3009
 scopes = 'openid profile email'
 {{- else }}
 [login.settings]
-host = '{{ .Values.domain.authhub | default (printf "%s:%d" (.Values.domain.euler_copilot | default "http://127.0.0.1") (.Values.ports.authhub | default 30081)) }}'
+host = '{{ if .Values.domain.authhub }}{{ .Values.domain.authhub }}{{ else }}http://{{ regexReplaceAll "^https?://|:[0-9]+$" (.Values.domain.euler_copilot | default "http://127.0.0.1") "" }}:{{ .Values.ports.authhub | default 30081 }}{{ end }}'
 host_inner = 'http://authhub-backend-service.{{ .Release.Namespace }}.svc.cluster.local:11120'
 login_api = '{{ .Values.domain.euler_copilot | default "http://127.0.0.1:30080" }}/api/auth/login'
 app_id = '${clientId}'
-- 
Gitee