dow-prod-tracker/scripts/create-admin.ts

// One-shot: wipe all users except the admin, then upsert a single admin
// user with the given email + password. Run inside the app container:
//   docker compose -p loreal-prod-tracker exec app \
//     npx tsx scripts/create-admin.ts admin@loreal.com 'YourPasswordHere'

import { PrismaClient } from "@/generated/prisma/client";
import bcrypt from "bcryptjs";

async function main() {
  const [, , emailArg, passwordArg] = process.argv;
  const email = emailArg ?? "admin@loreal.com";
  const password = passwordArg ?? "ChangeMe123!";

  if (!email.includes("@")) {
    console.error("Usage: tsx scripts/create-admin.ts <email> <password>");
    process.exit(1);
  }

  const prisma = new PrismaClient();

  let org = await prisma.organization.findFirst({ select: { id: true } });
  if (!org) {
    org = await prisma.organization.create({
      data: { name: "L'Oreal", domain: "loreal.com" },
      select: { id: true },
    });
    console.log("Created organization:", org.id);
  }

  // Wipe everyone else first so the new admin is the only user.
  const removed = await prisma.user.deleteMany({
    where: { email: { not: email } },
  });
  if (removed.count > 0) {
    console.log(`Removed ${removed.count} existing user(s).`);
  }

  const hash = await bcrypt.hash(password, 12);
  const u = await prisma.user.upsert({
    where: { email },
    create: {
      email,
      name: "Admin",
      role: "ADMIN",
      organizationId: org.id,
      passwordHash: hash,
      mustChangePassword: false,
      isExternal: false,
    },
    update: {
      passwordHash: hash,
      role: "ADMIN",
      mustChangePassword: false,
      organizationId: org.id,
    },
  });

  console.log("✓ Admin ready");
  console.log("  email:   ", u.email);
  console.log("  password:", password);
  console.log("  login at /loreal-prod-tracker/login");

  await prisma.$disconnect();
}

main().catch((e) => {
  console.error(e);
  process.exit(1);
});