From 2990ae618c359bebc16796b82bce23567deb7861 Mon Sep 17 00:00:00 2001
From: Priyanka Punukollu <priyankapunukollu@Priyankas-MacBook-Pro.local>
Date: Sun, 1 Mar 2026 12:35:48 -0600
Subject: [PATCH] Add set-access-token script

Made-with: Cursor
---
 scripts/set-access-token.js | 51 +++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 scripts/set-access-token.js

diff --git a/scripts/set-access-token.js b/scripts/set-access-token.js
new file mode 100644
index 000000000..9c59edf51
--- /dev/null
+++ b/scripts/set-access-token.js
@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+/**
+ * Set a known access token for the first admin user so we can get a bearer token.
+ * Uses the same HMAC-SHA512 hashing as Ghostfolio.
+ *
+ * Usage: node scripts/set-access-token.js [plain_token]
+ * Default token: openfinance
+ */
+
+const crypto = require('crypto');
+const { Client } = require('pg');
+
+const ACCESS_TOKEN_SALT = process.env.ACCESS_TOKEN_SALT || 'e54b56e57e2a69ec3eb94281479de1692235a37dfa06c818b50fde8a8c9a10f3';
+const DATABASE_URL = process.env.DATABASE_URL || 'postgresql://ghostfolio:password123@localhost:5432/ghostfolio?sslmode=prefer';
+const plainToken = process.argv[2] || 'openfinance';
+
+function createAccessToken(password, salt) {
+  const hash = crypto.createHmac('sha512', salt);
+  hash.update(password);
+  return hash.digest('hex');
+}
+
+async function main() {
+  const hashedAccessToken = createAccessToken(plainToken, ACCESS_TOKEN_SALT);
+  const client = new Client({ connectionString: DATABASE_URL });
+  await client.connect();
+
+  const res = await client.query(
+    'UPDATE "User" SET "accessToken" = $1 WHERE id = (SELECT id FROM "User" LIMIT 1) RETURNING id, role',
+    [hashedAccessToken]
+  );
+
+  if (res.rowCount === 0) {
+    console.error('No user found in database');
+    process.exit(1);
+  }
+
+  console.log(`Updated user ${res.rows[0].id} (${res.rows[0].role}) with access token.`);
+  console.log(`\nUse this token to authenticate:`);
+  console.log(`  Plain access token: ${plainToken}`);
+  console.log(`\nGet bearer token with:`);
+  console.log(`  curl -s -X POST http://localhost:3333/api/v1/auth/anonymous \\`);
+  console.log(`    -H "Content-Type: application/json" \\`);
+  console.log(`    -d '{"accessToken":"${plainToken}"}'`);
+  await client.end();
+}
+
+main().catch((e) => {
+  console.error(e);
+  process.exit(1);
+});