2026-05-14 03:37:19 +02:00
|
|
|
'use client';
|
|
|
|
|
|
|
|
|
|
import { useEffect, useState } from 'react';
|
|
|
|
|
import { useRouter } from 'next/navigation';
|
|
|
|
|
import { useForm } from 'react-hook-form';
|
|
|
|
|
import { zodResolver } from '@hookform/resolvers/zod';
|
|
|
|
|
import { z } from 'zod';
|
|
|
|
|
import { toast } from 'sonner';
|
|
|
|
|
|
|
|
|
|
import { Button } from '@/components/ui/button';
|
|
|
|
|
import { Input } from '@/components/ui/input';
|
|
|
|
|
import { Label } from '@/components/ui/label';
|
|
|
|
|
import { BrandedAuthShell } from '@/components/shared/branded-auth-shell';
|
2026-05-20 15:54:10 +02:00
|
|
|
import { useAuthBranding } from '@/components/shared/auth-branding-provider';
|
2026-05-25 13:26:04 +02:00
|
|
|
import { FormErrorSummary } from '@/components/forms/form-error-summary';
|
|
|
|
|
import { useFormScrollToError } from '@/hooks/use-form-scroll-to-error';
|
2026-05-14 03:37:19 +02:00
|
|
|
import { apiFetch } from '@/lib/api/client';
|
|
|
|
|
import { cn } from '@/lib/utils';
|
|
|
|
|
|
|
|
|
|
const setupSchema = z.object({
|
|
|
|
|
name: z.string().min(1, 'Name is required').max(120),
|
|
|
|
|
email: z.string().email('Valid email is required').max(254),
|
|
|
|
|
password: z.string().min(9, 'Password must be at least 9 characters').max(200),
|
|
|
|
|
confirmPassword: z.string(),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
type SetupFormData = z.infer<typeof setupSchema>;
|
|
|
|
|
|
|
|
|
|
interface StatusResp {
|
|
|
|
|
data: { needsBootstrap: boolean };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* First-run setup. On a fresh DB the very first visitor can claim the
|
|
|
|
|
* super-admin account here. Once anyone claims it, future visits to
|
chore(autonomous-session): consolidate uncommitted work from prior session
Bundles the prior autonomous-session output that was sitting unstaged:
- Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances)
- country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that
never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk
after the per-subpath dynamic-import approach silently failed in webpack)
- Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index,
redirects (ocr to ai, reports to dashboard, invitations to users),
docs/admin-ia-proposal.md
- Per-template email tester (registry + endpoint + UI on Email admin page)
- Cancel-document mode picker (delete-from-Documenso vs keep-for-audit)
- Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers
- Customize-widgets per-region sortables at xl+ (charts/rails/feed); single
flat sortable below xl when the layout stacks; per-viewport saved orders
- Audit doc updates capturing each shipped item
- Lint fixes: react-compiler immutability in DonutChart (reduce instead of
let-reassign), set-state-in-effect disables in CountryFlag and
UploadForSigning preview-bytes effect, unused 'confirm' destructures in
interest contract + reservation tabs, unescaped apostrophe in test-template
card copy
2026-05-23 00:52:59 +02:00
|
|
|
* /setup redirect back to /login - the precondition is verified both
|
2026-05-14 03:37:19 +02:00
|
|
|
* server-side (`/api/v1/bootstrap/status` + `/api/v1/bootstrap/super-admin`'s
|
|
|
|
|
* internal recheck) and client-side here.
|
|
|
|
|
*/
|
|
|
|
|
export default function SetupPage() {
|
|
|
|
|
const router = useRouter();
|
2026-05-20 15:54:10 +02:00
|
|
|
const branding = useAuthBranding();
|
|
|
|
|
const appName = branding?.appName?.trim() || 'this CRM';
|
2026-05-14 03:37:19 +02:00
|
|
|
const [checking, setChecking] = useState(true);
|
|
|
|
|
const [submitting, setSubmitting] = useState(false);
|
|
|
|
|
|
|
|
|
|
const {
|
|
|
|
|
register,
|
|
|
|
|
handleSubmit,
|
|
|
|
|
watch,
|
|
|
|
|
formState: { errors },
|
|
|
|
|
} = useForm<SetupFormData>({
|
|
|
|
|
resolver: zodResolver(setupSchema),
|
|
|
|
|
});
|
2026-05-25 13:26:04 +02:00
|
|
|
const submitWithScroll = useFormScrollToError(handleSubmit, errors);
|
2026-05-14 03:37:19 +02:00
|
|
|
|
|
|
|
|
useEffect(() => {
|
|
|
|
|
let cancelled = false;
|
|
|
|
|
async function check() {
|
|
|
|
|
try {
|
|
|
|
|
const res = await apiFetch<StatusResp>('/api/v1/bootstrap/status');
|
|
|
|
|
if (cancelled) return;
|
|
|
|
|
if (!res.data.needsBootstrap) {
|
chore(autonomous-session): consolidate uncommitted work from prior session
Bundles the prior autonomous-session output that was sitting unstaged:
- Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances)
- country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that
never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk
after the per-subpath dynamic-import approach silently failed in webpack)
- Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index,
redirects (ocr to ai, reports to dashboard, invitations to users),
docs/admin-ia-proposal.md
- Per-template email tester (registry + endpoint + UI on Email admin page)
- Cancel-document mode picker (delete-from-Documenso vs keep-for-audit)
- Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers
- Customize-widgets per-region sortables at xl+ (charts/rails/feed); single
flat sortable below xl when the layout stacks; per-viewport saved orders
- Audit doc updates capturing each shipped item
- Lint fixes: react-compiler immutability in DonutChart (reduce instead of
let-reassign), set-state-in-effect disables in CountryFlag and
UploadForSigning preview-bytes effect, unused 'confirm' destructures in
interest contract + reservation tabs, unescaped apostrophe in test-template
card copy
2026-05-23 00:52:59 +02:00
|
|
|
// Already initialized - bounce to login. Replace, not push,
|
2026-05-14 03:37:19 +02:00
|
|
|
// so back-button doesn't trap the user here.
|
|
|
|
|
router.replace('/login');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} catch {
|
chore(autonomous-session): consolidate uncommitted work from prior session
Bundles the prior autonomous-session output that was sitting unstaged:
- Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances)
- country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that
never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk
after the per-subpath dynamic-import approach silently failed in webpack)
- Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index,
redirects (ocr to ai, reports to dashboard, invitations to users),
docs/admin-ia-proposal.md
- Per-template email tester (registry + endpoint + UI on Email admin page)
- Cancel-document mode picker (delete-from-Documenso vs keep-for-audit)
- Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers
- Customize-widgets per-region sortables at xl+ (charts/rails/feed); single
flat sortable below xl when the layout stacks; per-viewport saved orders
- Audit doc updates capturing each shipped item
- Lint fixes: react-compiler immutability in DonutChart (reduce instead of
let-reassign), set-state-in-effect disables in CountryFlag and
UploadForSigning preview-bytes effect, unused 'confirm' destructures in
interest contract + reservation tabs, unescaped apostrophe in test-template
card copy
2026-05-23 00:52:59 +02:00
|
|
|
// Status endpoint failed - let the user try anyway; the POST
|
2026-05-14 03:37:19 +02:00
|
|
|
// does its own check and will surface a 409 if the window closed.
|
|
|
|
|
} finally {
|
|
|
|
|
if (!cancelled) setChecking(false);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
void check();
|
|
|
|
|
return () => {
|
|
|
|
|
cancelled = true;
|
|
|
|
|
};
|
|
|
|
|
}, [router]);
|
|
|
|
|
|
|
|
|
|
async function onSubmit(data: SetupFormData) {
|
|
|
|
|
if (data.password !== data.confirmPassword) {
|
|
|
|
|
toast.error('Passwords do not match');
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
setSubmitting(true);
|
|
|
|
|
try {
|
|
|
|
|
await apiFetch('/api/v1/bootstrap/super-admin', {
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body: {
|
|
|
|
|
name: data.name,
|
|
|
|
|
email: data.email,
|
|
|
|
|
password: data.password,
|
|
|
|
|
},
|
|
|
|
|
});
|
2026-05-21 20:02:58 +02:00
|
|
|
toast.success('Administrator account created - sign in to continue.');
|
2026-05-14 03:37:19 +02:00
|
|
|
router.replace('/login');
|
|
|
|
|
} catch (err) {
|
|
|
|
|
toast.error(err instanceof Error ? err.message : 'Failed to create administrator account');
|
|
|
|
|
} finally {
|
|
|
|
|
setSubmitting(false);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (checking) {
|
|
|
|
|
return (
|
|
|
|
|
<BrandedAuthShell>
|
|
|
|
|
<div className="text-center text-sm text-muted-foreground">Checking setup state…</div>
|
|
|
|
|
</BrandedAuthShell>
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (
|
|
|
|
|
<BrandedAuthShell>
|
|
|
|
|
<div className="space-y-6">
|
|
|
|
|
<div className="text-center space-y-1">
|
2026-05-20 15:54:10 +02:00
|
|
|
<h1 className="text-xl font-semibold">Welcome to {appName}</h1>
|
2026-05-14 03:37:19 +02:00
|
|
|
<p className="text-sm text-muted-foreground">
|
2026-05-21 20:02:58 +02:00
|
|
|
No administrator account exists yet. Create one to get started - you’ll be the
|
2026-05-14 03:37:19 +02:00
|
|
|
super-administrator for this installation.
|
|
|
|
|
</p>
|
|
|
|
|
</div>
|
|
|
|
|
|
2026-05-25 13:26:04 +02:00
|
|
|
<form onSubmit={submitWithScroll(onSubmit)} className="space-y-4">
|
|
|
|
|
<FormErrorSummary
|
|
|
|
|
errors={errors}
|
|
|
|
|
labels={{
|
|
|
|
|
name: 'Name',
|
|
|
|
|
email: 'Email',
|
|
|
|
|
password: 'Password',
|
|
|
|
|
confirmPassword: 'Confirm password',
|
|
|
|
|
}}
|
|
|
|
|
/>
|
2026-05-14 03:37:19 +02:00
|
|
|
<div className="space-y-1.5">
|
|
|
|
|
<Label htmlFor="setup-name">Your name</Label>
|
|
|
|
|
<Input
|
|
|
|
|
id="setup-name"
|
|
|
|
|
placeholder="Jane Operator"
|
|
|
|
|
autoComplete="name"
|
|
|
|
|
{...register('name')}
|
|
|
|
|
className={cn(errors.name && 'border-destructive')}
|
|
|
|
|
/>
|
|
|
|
|
{errors.name && <p className="text-xs text-destructive">{errors.name.message}</p>}
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<div className="space-y-1.5">
|
|
|
|
|
<Label htmlFor="setup-email">Email</Label>
|
|
|
|
|
<Input
|
|
|
|
|
id="setup-email"
|
|
|
|
|
type="email"
|
|
|
|
|
placeholder="you@example.com"
|
|
|
|
|
autoComplete="email"
|
|
|
|
|
{...register('email')}
|
|
|
|
|
className={cn(errors.email && 'border-destructive')}
|
|
|
|
|
/>
|
|
|
|
|
{errors.email && <p className="text-xs text-destructive">{errors.email.message}</p>}
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<div className="space-y-1.5">
|
|
|
|
|
<Label htmlFor="setup-password">Password</Label>
|
|
|
|
|
<Input
|
|
|
|
|
id="setup-password"
|
|
|
|
|
type="password"
|
|
|
|
|
placeholder="At least 9 characters"
|
|
|
|
|
autoComplete="new-password"
|
|
|
|
|
{...register('password')}
|
|
|
|
|
className={cn(errors.password && 'border-destructive')}
|
|
|
|
|
/>
|
|
|
|
|
{errors.password && (
|
|
|
|
|
<p className="text-xs text-destructive">{errors.password.message}</p>
|
|
|
|
|
)}
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<div className="space-y-1.5">
|
|
|
|
|
<Label htmlFor="setup-confirm">Confirm password</Label>
|
|
|
|
|
<Input
|
|
|
|
|
id="setup-confirm"
|
|
|
|
|
type="password"
|
|
|
|
|
autoComplete="new-password"
|
|
|
|
|
{...register('confirmPassword')}
|
|
|
|
|
className={cn(
|
|
|
|
|
watch('password') !== watch('confirmPassword') &&
|
|
|
|
|
watch('confirmPassword')?.length > 0 &&
|
|
|
|
|
'border-destructive',
|
|
|
|
|
)}
|
|
|
|
|
/>
|
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<Button type="submit" className="w-full" disabled={submitting}>
|
|
|
|
|
{submitting ? 'Creating account…' : 'Create administrator account'}
|
|
|
|
|
</Button>
|
|
|
|
|
</form>
|
|
|
|
|
|
chore(audit-drain): rip out next-intl, RTL lint, sweeps, polish
Drain the long-tail audit queue captured in alpha-uat-master.md.
- next-intl ripped out (zero useTranslations callers ever existed):
package.json, next.config.ts plugin wrap, src/i18n/, messages/, and
the layout NextIntlClientProvider all gone; <html lang="en"> hardcoded.
- RTL lint nudge added: warn-only no-restricted-syntax on physical
Tailwind utilities (ml-/mr-/pl-/pr-/text-left/text-right/border-l/
border-r/rounded-l-/rounded-r-) inside JSX className literals.
Existing ~1,000 sites grandfathered; new code trends toward logical.
- Icon-only button accessibility lint: jsx-a11y/control-has-associated-
label enabled at warn; 4 empty <th>/<td> action placeholders gain
sr-only labels.
- Currency: SUPPORTED_CURRENCIES drops the hardcoded English labels;
new currencyLabel(code, locale?) helper resolves via Intl.DisplayNames.
CurrencySelect + settings-manager migrated.
- Date locale sweep: 7 surfaces flip from toLocaleString('en-GB'|'en-US')
to toLocaleString(undefined, ...) so dates honour runtime locale.
- Dialog/Sheet width: 10 document/EOI/entity-form dialogs gain a
lg:max-w-4xl or lg:max-w-5xl step so wide desktops get breathing room.
- PaymentsSection collapsed-bar: slim one-line bar showing
"Payments - Not received yet" or "Payments - \$X received - N payments
- Expand"; per-interest collapse state persists in localStorage; the
RecordPayment flow auto-expands.
- muted-foreground opacity sweep: 10 text-bearing
text-muted-foreground/{60,70,80} hits dropped to plain
text-muted-foreground for AA contrast on muted bg. Icon-only
(aria-hidden) opacity hits left as-is.
- Micro-type bump: text-[10px] and text-[11px] -> text-xs (12px)
across 87 files in src/components + src/app. Pure mechanical sweep.
- Audit-doc cleanup: alpha-uat-master.md stale 2026-05-25 summary
rewritten with cumulative state through today. Items genuinely still
open are now a short long-tail list.
- New docs/marketing-site-followups.md: Umami Phase 4a/3/5, email
pixel E2E verification, and website-cutover work parked here so
they don't get lost in the CRM audit doc.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 18:48:46 +02:00
|
|
|
<p className="text-center text-xs text-muted-foreground">
|
2026-05-14 03:37:19 +02:00
|
|
|
This screen is only available until the first administrator is created. After that,
|
|
|
|
|
subsequent users are added through Admin → Users.
|
|
|
|
|
</p>
|
|
|
|
|
</div>
|
|
|
|
|
</BrandedAuthShell>
|
|
|
|
|
);
|
|
|
|
|
}
|