auto-create admin role on startup, use API_BASE_URL for auth redirects

src/index.ts

@@ -1,15 +1,49 @@
 import { refresh } from "./api/auth";
 import app from "./api/server";
-import { engine, PORT, unifi, unifiPassword, unifiUsername } from "./constants";
+import {
+  engine,
+  PORT,
+  prisma,
+  unifi,
+  unifiPassword,
+  unifiUsername,
+} from "./constants";
 import { unifiSites } from "./managers/unifiSites";
 import { refreshCompanies } from "./modules/cw-utils/refreshCompanies";
 import { refreshCatalog } from "./modules/cw-utils/procurement/refreshCatalog";
 import { refreshInventory } from "./modules/cw-utils/procurement/refreshInventory";
 import { events, setupEventDebugger } from "./modules/globalEvents";
+import { signPermissions } from "./modules/permission-utils/signPermissions";
+import { RoleController } from "./controllers/RoleController";
+import cuid from "cuid";
 
 // Setup global event debugger in non-production environments
 if (Bun.env.NODE_ENV == "development") setupEventDebugger();
 
+// Ensure administrator role exists
+const existingAdmin = await prisma.role.findFirst({
+  where: { moniker: "administrator" },
+  include: { users: { include: { roles: true } } },
+});
+
+if (!existingAdmin) {
+  const id = cuid();
+  const created = await prisma.role.create({
+    data: {
+      id,
+      moniker: "administrator",
+      title: "Admin",
+      permissions: signPermissions({
+        issuer: "roles",
+        subject: id,
+        permissions: ["*"],
+      }),
+    },
+    include: { users: { include: { roles: true } } },
+  });
+  events.emit("role:created", new RoleController(created));
+}
+
 // Refresh the internal list of companies every minute
 await refreshCompanies();
 setInterval(() => {