Fix first user not getting ADMIN role when signing up via OAuth

The createUser event in auth.ts now promotes the first user to ADMIN if no admin exists yet. The JWT callback also fetches the role from the database on sign-in to pick up the freshly assigned ADMIN role. Co-authored-by: xCyanGrizzly <53275238+xCyanGrizzly@users.noreply.github.com>
Initial plan
2026-05-10 22:01:16 +00:00 · 2026-03-04 19:21:25 +00:00 · 2026-03-04 19:15:27 +00:00 · 2026-03-04 20:06:12 +01:00
1 changed files with 18 additions and 1 deletions
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -18,7 +18,12 @@ export const { auth, handlers, signIn, signOut } = NextAuth({
    async jwt({ token, user }) {
      if (user) {
        token.id = user.id!;
-        token.role = user.role ?? "USER";
+        // Fetch the role from the database to pick up first-user ADMIN promotion
+        const dbUser = await prisma.user.findUnique({
+          where: { id: user.id! },
+          select: { role: true },
+        });
+        token.role = dbUser?.role ?? user.role ?? "USER";
      }
      return token;
    },
@@ -33,6 +38,18 @@ export const { auth, handlers, signIn, signOut } = NextAuth({
  events: {
    async createUser({ user }) {
      if (user.id) {
+        // First user to register becomes ADMIN (self-hosted owner)
+        const adminExists = await prisma.user.findFirst({
+          where: { role: "ADMIN" },
+          select: { id: true },
+        });
+        if (!adminExists) {
+          await prisma.user.update({
+            where: { id: user.id },
+            data: { role: "ADMIN" },
+          });
+        }
+
        await prisma.userSettings.upsert({
          where: { userId: user.id },
          update: {},