Tetardtek/originsdigital
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Tetardtek:0591cd45287fca89ab6c4f02f924252d20748af3
Branches Tags
Tetardtek:main
...
compare: Tetardtek:5d4bab7d99474345a33ff02484ac58b1004cc439
Branches Tags
Tetardtek:main

2 Commits
0591cd4528 ... 5d4bab7d99

Author SHA1 Message Date
Tetardtek
5d4bab7d99 chore: add assign-first-admin.sql — run once after first login
Some checks failed
CI/CD — Build & Deploy / Build (push) Failing after 39s
Details
CI/CD — Build & Deploy / Deploy to VPS (push) Has been skipped
Details
2026-03-14 08:10:16 +01:00
Tetardtek
253af8f402 fix(auth): upsert user in DB on session creation — first login creates user record 2026-03-14 08:07:42 +01:00
2 changed files with 44 additions and 1 deletions
Expand all files Collapse all files

25
backend/scripts/assign-first-admin.sql Normal file
View File

@@ -0,0 +1,25 @@
-- Script à lancer UNE SEULE FOIS après le premier login
-- Assigne le rôle super_admin au premier user en DB (toi)
--
-- Usage : depuis le VPS
-- docker exec mysql-prod mysql -u originsdigital -p'<password>' originsdigital < assign-first-admin.sql
INSERT INTO user_roles (userId, roleId)
SELECT
u.id,
r.id
FROM users u
CROSS JOIN roles r
WHERE r.slug = 'super_admin'
AND u.id = (SELECT id FROM users ORDER BY createdAt ASC LIMIT 1)
AND NOT EXISTS (
SELECT 1 FROM user_roles ur
WHERE ur.userId = u.id AND ur.roleId = r.id
);
-- Vérifie le résultat
SELECT u.nickname, u.email, r.slug as role
FROM users u
JOIN user_roles ur ON ur.userId = u.id
JOIN roles r ON r.id = ur.roleId
WHERE r.slug = 'super_admin';

20
backend/src/routes/auth.routes.ts
View File

@@ -1,4 +1,6 @@
import { Router, Request, Response } from "express"; import { Router, Request, Response } from "express";
import { AppDataSource } from "../config/data-source";
import { User } from "../entities/User";
import { requireAuth, AuthenticatedRequest } from "../middleware/auth.middleware"; import { requireAuth, AuthenticatedRequest } from "../middleware/auth.middleware";
const router = Router(); const router = Router();
@@ -43,11 +45,27 @@ router.post("/session", async (req: Request, res: Response): Promise<void> => {
error?: string; error?: string;
}; };
if (!response.ok || !data.data?.valid) { if (!response.ok || !data.data?.valid || !data.data.user) {
res.status(401).json({ success: false, error: "INVALID_TOKEN" }); res.status(401).json({ success: false, error: "INVALID_TOKEN" });
return; return;
} }
// Upsert user en DB — crée si premier login, met à jour email/nickname sinon
const oauthUser = data.data.user as { id: string; email: string | null; nickname: string };
const userRepo = AppDataSource.getRepository(User);
let dbUser = await userRepo.findOne({ where: { superOAuthId: oauthUser.id } });
if (!dbUser) {
dbUser = userRepo.create({
superOAuthId: oauthUser.id,
email: oauthUser.email,
nickname: oauthUser.nickname,
});
} else {
dbUser.email = oauthUser.email;
dbUser.nickname = oauthUser.nickname;
}
await userRepo.save(dbUser);
res.cookie(COOKIE_NAME, token, COOKIE_OPTIONS); res.cookie(COOKIE_NAME, token, COOKIE_OPTIONS);
res.json({ success: true, data: { user: data.data.user } }); res.json({ success: true, data: { user: data.data.user } });
} catch { } catch {