Lexecon/setup_security.py at main · Lexicoding-systems/Lexecon · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/usr/bin/env python3
"""Setup script for Lexecon enterprise security features.

Creates:
- Authentication database with initial users
- Export audit logging database
- RSA key pair for digital signatures
"""

import os
import sys

# Add src to path
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "src"))

from lexecon.security.audit_service import AuditService
from lexecon.security.auth_service import AuthService, Role
from lexecon.security.signature_service import SignatureService


def main():
    print("=" * 70)
    print("LEXECON ENTERPRISE SECURITY SETUP")
    print("=" * 70)
    print()

    # Initialize services
    print("Initializing security services...")
    auth = AuthService("lexecon_auth.db")
    AuditService("lexecon_export_audit.db")
    signature = SignatureService("lexecon_keys")

    print("   [OK] Authentication service initialized")
    print("   [OK] Export audit logging initialized")
    print("   [OK] Digital signature service initialized")
    print(f"   [OK] RSA key pair generated (fingerprint: {signature.get_public_key_fingerprint()[:16]}...)")
    print()

    # Create admin user
    print("Creating initial users...")
    try:
        admin = auth.create_user(
            username="admin",
            email="admin@lexicodinglabs.com",
            password="ChangeMe123!",  # MUST CHANGE IN PRODUCTION
            role=Role.ADMIN,
            full_name="System Administrator",
        )
        print("   [OK] Admin user created")
        print(f"        Username: {admin.username}")
        print(f"        Email: {admin.email}")
        print(f"        Role: {admin.role.value}")
        print("        ℹ Password: ChangeMe123! (CHANGE IMMEDIATELY)")
    except ValueError as e:
        print(f"   [SKIP] Admin user already exists or error: {e}")

    print()

    # Create test auditor
    try:
        auditor = auth.create_user(
            username="auditor",
            email="auditor@lexicodinglabs.com",
            password="TestAuditor123!",
            role=Role.AUDITOR,
            full_name="Test Auditor",
        )
        print("   [OK] Auditor user created")
        print(f"        Username: {auditor.username}")
        print(f"        Email: {auditor.email}")
        print(f"        Role: {auditor.role.value}")
        print("        Password: TestAuditor123!")
    except ValueError as e:
        print(f"   [SKIP] Auditor user already exists or error: {e}")

    print()

    # Create test compliance officer
    try:
        officer = auth.create_user(
            username="compliance",
            email="compliance@lexicodinglabs.com",
            password="TestCompliance123!",
            role=Role.COMPLIANCE_OFFICER,
            full_name="Compliance Officer",
        )
        print("   [OK] Compliance Officer created")
        print(f"        Username: {officer.username}")
        print(f"        Email: {officer.email}")
        print(f"        Role: {officer.role.value}")
        print("        Password: TestCompliance123!")
    except ValueError as e:
        print(f"   [SKIP] Compliance Officer already exists or error: {e}")

    print()
    print("=" * 70)
    print("ENTERPRISE SECURITY SETUP COMPLETE")
    print("=" * 70)
    print()
    print("Files created:")
    print("   - lexecon_auth.db (user database)")
    print("   - lexecon_export_audit.db (export audit log)")
    print("   - lexecon_keys/private_key.pem (RSA private key)")
    print("   - lexecon_keys/public_key.pem (RSA public key)")
    print()
    print("Default Users:")
    print("   1. admin / ChangeMe123! (ADMIN)")
    print("   2. auditor / TestAuditor123! (AUDITOR)")
    print("   3. compliance / TestCompliance123! (COMPLIANCE_OFFICER)")
    print()
    print("ℹ SECURITY NOTICE:")
    print("   - Change the admin password immediately")
    print("   - These are TEST credentials for development only")
    print("   - In production, use strong passwords and enable MFA")
    print("   - Protect the private key file (lexecon_keys/private_key.pem)")
    print()
    print("Next steps:")
    print("   1. Start the server: cd src && python3 -m lexecon.api.server")
    print("   2. Login at: http://localhost:8000/login")
    print("   3. Access dashboard: http://localhost:8000/dashboard")
    print()


if __name__ == "__main__":
    main()