Postgres

innungsapp/packages/shared/prisma/seed-superadmin.js

@@ -16,32 +16,53 @@ async function hashPassword(password) {
   return `${salt}:${key.toString('hex')}`
 }
 
-async function main() {
-  const email = 'superadmin@innungsapp.de'
-  const password = 'demo1234'
-  const userId = 'superadmin-user-id'
-  const accountId = 'superadmin-account-id'
+function getEnv(name) {
+  return (process.env[name] || '').trim()
+}
 
-  console.log('Seeding superadmin...')
+async function main() {
+  const email = (getEnv('SUPERADMIN_EMAIL') || 'superadmin@innungsapp.de').toLowerCase()
+  const name = getEnv('SUPERADMIN_NAME') || 'Super Admin'
+  const userId = getEnv('SUPERADMIN_USER_ID') || 'superadmin-user-id'
+  const accountId = getEnv('SUPERADMIN_ACCOUNT_ID') || 'superadmin-account-id'
+
+  let password = getEnv('SUPERADMIN_PASSWORD')
+  if (!password) {
+    if (process.env.NODE_ENV === 'production') {
+      throw new Error('SUPERADMIN_PASSWORD must be set in production.')
+    }
+
+    password = 'demo1234'
+    console.warn('SUPERADMIN_PASSWORD not set. Using development fallback password.')
+  }
+
+  console.log(`Seeding superadmin user for ${email}...`)
   const hash = await hashPassword(password)
 
   const user = await prisma.user.upsert({
     where: { email },
     update: {
-      name: 'Super Admin',
+      name,
       emailVerified: true,
+      role: 'admin',
     },
     create: {
       id: userId,
-      name: 'Super Admin',
+      name,
       email,
       emailVerified: true,
+      role: 'admin',
     },
   })
 
   await prisma.account.upsert({
     where: { id: accountId },
-    update: { password: hash },
+    update: {
+      accountId: user.id,
+      providerId: 'credential',
+      userId: user.id,
+      password: hash,
+    },
     create: {
       id: accountId,
       accountId: user.id,