feat(bootstrap): first-run super-admin setup flow

Fresh-DB detection on the login screen — if no super-admin row exists, /api/v1/bootstrap/status reports needsBootstrap and login redirects to /setup, which mints the first super-admin via /api/v1/bootstrap/super-admin. Endpoint refuses once any user already exists. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-14 03:37:19 +02:00
parent 0fe3e984d1
commit 1a65e02885
4 changed files with 265 additions and 1 deletions
--- a/src/app/(auth)/login/page.tsx
+++ b/src/app/(auth)/login/page.tsx
@@ -1,6 +1,6 @@
 'use client';

-import { useState } from 'react';
+import { useEffect, useState } from 'react';
 import { useRouter } from 'next/navigation';
 import Link from 'next/link';
 import { useForm } from 'react-hook-form';
@@ -29,6 +29,25 @@ export default function LoginPage() {
  const router = useRouter();
  const [isLoading, setIsLoading] = useState(false);

+  // Fresh-DB bootstrap detection: if no super-admin exists yet, /setup
+  // owns the first-run flow. Failure of the status endpoint is silent
+  // (login still works for everyone else).
+  useEffect(() => {
+    let cancelled = false;
+    fetch('/api/v1/bootstrap/status')
+      .then((r) => (r.ok ? (r.json() as Promise<{ data?: { needsBootstrap?: boolean } }>) : null))
+      .then((payload) => {
+        if (cancelled || !payload) return;
+        if (payload.data?.needsBootstrap) router.replace('/setup');
+      })
+      .catch(() => {
+        /* silent — login UX must still work even if status check fails */
+      });
+    return () => {
+      cancelled = true;
+    };
+  }, [router]);
+
  const {
    register,
    handleSubmit,