From d100e268d9e219e79aedfc997b6fda12eb178c11 Mon Sep 17 00:00:00 2001
From: ChesnoTech <263363000+ChesnoTech@users.noreply.github.com>
Date: Fri, 27 Mar 2026 15:47:51 +0300
Subject: [PATCH] Fix deploy script + Docker healthcheck bugs found during
 testing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

deploy/install.sh:
- Fix: acl_roles column is role_name not role_key
- Fix: admin_users.email is required (NOT NULL)
- Fix: set must_change_password=0 for initial admin
- Use ON DUPLICATE KEY UPDATE for idempotent role creation

docker-compose.yml:
- Fix: healthcheck was hitting /activate/ (404) instead of
  /api/health.php — DocumentRoot IS /var/www/html/activate
  so the correct internal URL is /api/health.php
---
 deploy/install.sh  | 15 ++++-----------
 docker-compose.yml |  2 +-
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/deploy/install.sh b/deploy/install.sh
index 8336121..eaca034 100644
--- a/deploy/install.sh
+++ b/deploy/install.sh
@@ -189,18 +189,11 @@ if (\$stmt->fetch()) {
 \$hash = password_hash('Admin2024!', PASSWORD_BCRYPT, ['cost' => 10]);
 
 // Get or create super_admin role
-\$stmt = \$pdo->prepare('SELECT id FROM acl_roles WHERE role_key = ?');
-\$stmt->execute(['super_admin']);
-\$role = \$stmt->fetch();
-\$roleId = \$role ? \$role['id'] : null;
-
-if (!\$roleId) {
-    \$pdo->exec(\"INSERT INTO acl_roles (role_key, display_name, description) VALUES ('super_admin', 'Super Admin', 'Full system access')\");
-    \$roleId = \$pdo->lastInsertId();
-}
+\$pdo->exec(\"INSERT INTO acl_roles (role_name, display_name, description, role_type, is_system_role) VALUES ('super_admin', 'Super Admin', 'Full system access', 'admin', 1) ON DUPLICATE KEY UPDATE id=id\");
+\$roleId = \$pdo->query(\"SELECT id FROM acl_roles WHERE role_name = 'super_admin'\")->fetchColumn();
 
-\$stmt = \$pdo->prepare('INSERT INTO admin_users (username, password_hash, full_name, role, custom_role_id) VALUES (?, ?, ?, ?, ?)');
-\$stmt->execute(['admin', \$hash, 'System Administrator', 'super_admin', \$roleId]);
+\$stmt = \$pdo->prepare('INSERT INTO admin_users (username, password_hash, full_name, email, role, custom_role_id, must_change_password) VALUES (?, ?, ?, ?, ?, ?, 0)');
+\$stmt->execute(['admin', \$hash, 'System Administrator', 'admin@keygate.local', 'super_admin', \$roleId]);
 echo \"Admin user created: admin / Admin2024!\n\";
 echo \"CHANGE THIS PASSWORD IMMEDIATELY!\n\";
 " 2>/dev/null
diff --git a/docker-compose.yml b/docker-compose.yml
index 328a219..05b7563 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,7 +37,7 @@ services:
     networks:
       - oem-network
     healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost/activate/"]
+      test: ["CMD", "curl", "-f", "http://localhost/api/health.php"]
       interval: 30s
       timeout: 10s
       retries: 3