admin/dragonsstash
1
0
Fork 0
mirror of https://github.com/xCyanGrizzly/DragonsStash.git synced 2026-05-11 06:11:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Wrap first-user admin check in transaction to prevent race condition

Browse Source 
Co-authored-by: xCyanGrizzly <53275238+xCyanGrizzly@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-03-04 18:55:41 +00:00
parent 3704708970
commit 5d88f9beb3
1 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/app/(auth)/register/actions.ts
View File

@@ -22,24 +22,26 @@ export async function registerUser(input: unknown): Promise<ActionResult<{ id: s
const hashedPassword = await bcrypt.hash(parsed.data.password, 10); const hashedPassword = await bcrypt.hash(parsed.data.password, 10);
// First user to register becomes ADMIN (self-hosted owner) // First user to register becomes ADMIN (self-hosted owner)
const userCount = await prisma.user.count(); const user = await prisma.$transaction(async (tx) => {
const role = userCount === 0 ? "ADMIN" : "USER"; const userCount = await tx.user.count();
const role = userCount === 0 ? "ADMIN" : "USER";
const user = await prisma.user.create({ return tx.user.create({
data: { data: {
name: parsed.data.name, name: parsed.data.name,
email: parsed.data.email, email: parsed.data.email,
hashedPassword, hashedPassword,
role, role,
settings: { settings: {
create: { create: {
lowStockThreshold: 10, lowStockThreshold: 10,
currency: "USD", currency: "USD",
theme: "dark", theme: "dark",
units: "metric", units: "metric",
},
}, },
}, },
}, });
}); });
return { success: true, data: { id: user.id } }; return { success: true, data: { id: user.id } };