From 2ed4fdb369bf2d2402a11408c0eb86530833bdc2 Mon Sep 17 00:00:00 2001
From: Izhikov Matvey <matvej113@yandex.ru>
Date: Mon, 6 Jan 2025 16:24:43 +0400
Subject: [PATCH] Added a new parameter authDataBaseInit for initializing the
 openvpn user database, added the DB initialization function and its call when
 initializing the ovpn-admin server if the auth.db-init flag is true

---
 main.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/main.go b/main.go
index 1a8e538..fd08df4 100644
--- a/main.go
+++ b/main.go
@@ -72,6 +72,7 @@ var (
 	ccdTemplatePath          = kingpin.Flag("templates.ccd-path", "path to custom ccd.tpl").Default("").Envar("OVPN_TEMPLATES_CCD_PATH").String()
 	authByPassword           = kingpin.Flag("auth.password", "enable additional password authentication").Default("false").Envar("OVPN_AUTH").Bool()
 	authDatabase             = kingpin.Flag("auth.db", "database path for password authentication").Default("./easyrsa/pki/users.db").Envar("OVPN_AUTH_DB_PATH").String()
+	authDataBaseInit         = kingpin.Flag("auth.db-init", "enable database initialization if db user not exists or size is 0").Default("false").Envar("OVPN_AUTH_DB_INIT").Bool()
 	logLevel                 = kingpin.Flag("log.level", "set log level: trace, debug, info, warn, error (default info)").Default("info").Envar("LOG_LEVEL").String()
 	logFormat                = kingpin.Flag("log.format", "set log format: text, json (default text)").Default("text").Envar("LOG_FORMAT").String()
 	storageBackend           = kingpin.Flag("storage.backend", "storage backend: filesystem, kubernetes.secrets (default filesystem)").Default("filesystem").Envar("STORAGE_BACKEND").String()
@@ -505,6 +506,10 @@ func main() {
 		*indexTxtPath = *easyrsaDirPath + "/pki/index.txt"
 	}
 
+	if *authDataBaseInit {
+		ovpnUserInitDb()
+	}
+
 	ovpnAdmin := new(OvpnAdmin)
 
 	ovpnAdmin.lastSyncTime = "unknown"
@@ -1502,6 +1507,13 @@ func unArchiveCcd() {
 	}
 }
 
+func ovpnUserInitDb() {
+	if fi, err := os.Stat(*authDatabase); errors.Is(err, os.ErrNotExist) || fi.Size() == 0 {
+		i := runBash(fmt.Sprintf("openvpn-user --db.path %[1]s db-init && openvpn-user --db.path %[1]s db-migrate", *authDatabase))
+		log.Debug(i)
+	}
+}
+
 func (oAdmin *OvpnAdmin) syncDataFromMaster() {
 	retryCountMax := 3
 	certsDownloadFailed := true