From 82d5fc1812008bc7383aeb244794606f78174946 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Mar 2026 19:15:27 +0000 Subject: [PATCH 1/2] Initial plan From 0c0c9c7f23ef4bb08fbe6057d64a7a8fe81a75ef Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 4 Mar 2026 19:21:25 +0000 Subject: [PATCH 2/2] Fix first user not getting ADMIN role when signing up via OAuth The createUser event in auth.ts now promotes the first user to ADMIN if no admin exists yet. The JWT callback also fetches the role from the database on sign-in to pick up the freshly assigned ADMIN role. Co-authored-by: xCyanGrizzly <53275238+xCyanGrizzly@users.noreply.github.com> --- src/lib/auth.ts | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/lib/auth.ts b/src/lib/auth.ts index f2daffd..ee26737 100644 --- a/src/lib/auth.ts +++ b/src/lib/auth.ts @@ -18,7 +18,12 @@ export const { auth, handlers, signIn, signOut } = NextAuth({ async jwt({ token, user }) { if (user) { token.id = user.id!; - token.role = user.role ?? "USER"; + // Fetch the role from the database to pick up first-user ADMIN promotion + const dbUser = await prisma.user.findUnique({ + where: { id: user.id! }, + select: { role: true }, + }); + token.role = dbUser?.role ?? user.role ?? "USER"; } return token; }, @@ -33,6 +38,18 @@ export const { auth, handlers, signIn, signOut } = NextAuth({ events: { async createUser({ user }) { if (user.id) { + // First user to register becomes ADMIN (self-hosted owner) + const adminExists = await prisma.user.findFirst({ + where: { role: "ADMIN" }, + select: { id: true }, + }); + if (!adminExists) { + await prisma.user.update({ + where: { id: user.id }, + data: { role: "ADMIN" }, + }); + } + await prisma.userSettings.upsert({ where: { userId: user.id }, update: {},