ApiManagementConsoleV2.Accounts (api_management_console v0.1.2)

Copy Markdown View Source

User account management with role-based access control.

Accounts are stored in CubDB alongside policies and audit logs. Passwords are hashed with bcrypt_elixir.

Roles

:admin — full access: toggle, hide, reset, manage accounts • :viewer — read-only: view routes and audit log, no mutations

Default account

On first use, if no accounts exist, a default admin is auto-created: username "admin", password "admin123". Override via env vars: API_CONSOLE_ADMIN_USERNAME / API_CONSOLE_ADMIN_PASSWORD.

Session

After login, the username and role are stored in Plug session: :api_console_user%{username: "john", role: :admin}

Summary

Functions

Authenticate a user. Returns {:ok, role} or {:error, reason}.

Returns true if a new account can be created (within tier limit).

Change a user's password.

Count admin accounts.

Create a new account. Returns :ok or {:error, reason}.

Delete an account. Cannot delete the last admin.

Ensure at least one admin exists. Creates default if none.

List all accounts.

Parses a role string into an atom. Returns :viewer for unknown values.

Change a user's role.

Returns the list of valid roles.

Functions

authenticate(username, password)

Authenticate a user. Returns {:ok, role} or {:error, reason}.

can_create?()

Returns true if a new account can be created (within tier limit).

change_password(username, new_password)

Change a user's password.

count_admins()

Count admin accounts.

create(username, password, role \\ :viewer)

Create a new account. Returns :ok or {:error, reason}.

delete(username)

Delete an account. Cannot delete the last admin.

ensure_admin_exists()

Ensure at least one admin exists. Creates default if none.

list()

List all accounts.

parse_role(role)

Parses a role string into an atom. Returns :viewer for unknown values.

set_role(username, role)

Change a user's role.

valid_roles()

Returns the list of valid roles.