qms/scripts/create-admin.js

// Creates the first admin from ADMIN_EMAIL / ADMIN_PASSWORD / ADMIN_NAME.
// Idempotent: does nothing if any ADMIN user already exists, so container
// restarts never reset the password. Run via `npm run create-admin`.
const { PrismaClient } = require('@prisma/client')
const bcrypt = require('bcryptjs')

const prisma = new PrismaClient()

async function main() {
  const email = (process.env.ADMIN_EMAIL || 'admin@local').trim().toLowerCase()
  const password = process.env.ADMIN_PASSWORD || 'changeme'
  const name = process.env.ADMIN_NAME || 'Administrator'

  const existing = await prisma.user.findFirst({ where: { role: 'ADMIN' } })
  if (existing) {
    console.log('[create-admin] An admin user already exists — skipping.')
    return
  }

  const password_hash = await bcrypt.hash(password, 12)
  await prisma.user.create({
    data: { email, name, password: password_hash, role: 'ADMIN', active: true },
  })
  console.log(`[create-admin] Created admin: ${email}`)
}

main()
  .catch(e => {
    console.error('[create-admin] failed:', e)
    process.exit(1)
  })
  .finally(() => prisma.$disconnect())