pki: first registered user gets admin rights

Auto-detect first certificate issuance and grant admin flag. Add is_admin column to issued_certificates table. Add is_admin_certificate() helper function. Include is_admin in /pki/issue response and X-Is-Admin header in registration.
2025-12-21 21:13:30 +01:00
parent 99e6a019f4
commit 2acf640d91
4 changed files with 61 additions and 2 deletions
--- a/app/database.py
+++ b/app/database.py
@@ -60,6 +60,7 @@ CREATE TABLE IF NOT EXISTS issued_certificates (
    issued_to TEXT,
    status TEXT NOT NULL DEFAULT 'valid',
    revoked_at INTEGER,
+    is_admin INTEGER NOT NULL DEFAULT 0,
    FOREIGN KEY(ca_id) REFERENCES certificate_authority(id) ON DELETE CASCADE
 );