feat(admin-auth): add first-start onboarding flow and dev db reset command
This commit is contained in:
@@ -8,9 +8,10 @@ Implemented in MVP0:
|
||||
|
||||
- Admin-local auth config: `apps/admin/src/lib/auth/server.ts`
|
||||
- Admin auth API routes: `apps/admin/src/app/api/auth/[...all]/route.ts`
|
||||
- Admin login page: `/login`
|
||||
- Admin auth pages: `/welcome`, `/login`, `/register`
|
||||
- Support fallback sign-in page: `/support/<CMS_SUPPORT_LOGIN_KEY>`
|
||||
- Prisma auth models (`user`, `session`, `account`, `verification`)
|
||||
- Registration toggle via `CMS_ADMIN_REGISTRATION_ENABLED`
|
||||
- First registration creates owner; subsequent registrations are disabled
|
||||
|
||||
## Environment
|
||||
|
||||
@@ -24,10 +25,18 @@ Required variables:
|
||||
|
||||
Optional:
|
||||
|
||||
- `CMS_ADMIN_REGISTRATION_ENABLED`
|
||||
- `CMS_ADMIN_SELF_REGISTRATION_ENABLED`
|
||||
- `CMS_SUPPORT_USERNAME`
|
||||
- `CMS_SUPPORT_EMAIL`
|
||||
- `CMS_SUPPORT_PASSWORD`
|
||||
- `CMS_SUPPORT_NAME`
|
||||
- `CMS_SUPPORT_LOGIN_KEY`
|
||||
- `CMS_DEV_ROLE` (development-only middleware bypass)
|
||||
|
||||
## Notes
|
||||
|
||||
- Owner bootstrap, hidden support user, and owner invariant are tracked as upcoming MVP0 tasks in `TODO.md`.
|
||||
- Support user bootstrap is available via `bun run auth:seed:support`.
|
||||
- Root `bun run db:seed` runs DB seed and support-user seed.
|
||||
- `CMS_ADMIN_SELF_REGISTRATION_ENABLED` is temporary until admin settings UI manages this policy.
|
||||
- Owner invariant hardening for all future user-management mutations remains tracked in `TODO.md`.
|
||||
- Email verification and forgot/reset password pipelines are tracked for MVP2.
|
||||
|
||||
Reference in New Issue
Block a user