Implement Issue #11: Initial admin account setup on first deploy

When the database has no users, the UI redirects to /setup and prompts for creation of the first admin account. The setup endpoints are self-disabling — once any user exists, POST /setup/admin returns 403 and the frontend redirects /setup back to /login. The backend uses an atomic transaction to prevent race conditions on concurrent requests. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-08 19:02:16 -03:00
parent f29d9669f8
commit 3900dff5a1
9 changed files with 585 additions and 12 deletions
--- a/web/src/api.ts
+++ b/web/src/api.ts
@@ -22,6 +22,12 @@ async function request<T>(method: string, path: string, body?: unknown): Promise
 }

 export const api = {
+  // Setup
+  getSetupStatus: () =>
+    request<{ needs_setup: boolean }>('GET', '/setup/status'),
+  createSetupAdmin: (data: { name: string; email: string; password: string }) =>
+    request<{ token: string }>('POST', '/setup/admin', data),
+
  // Auth
  login: (email: string, password: string) =>
    request<{ token: string }>('POST', '/auth/login', { email, password }),