BugFixes galore

lib/auth/index.ts

@@ -2,6 +2,7 @@ import { betterAuth } from "better-auth";
 import { drizzleAdapter } from "better-auth/adapters/drizzle";
 import { organization } from "better-auth/plugins";
 import { magicLink } from "better-auth/plugins/magic-link";
+import { count, eq } from "drizzle-orm";
 import { db } from "@/lib/db";
 import * as schema from "@/lib/db/schema";
 
@@ -19,13 +20,14 @@ export const auth = betterAuth({
   // -------------------------------------------------------------------------
   database: drizzleAdapter(db, {
     provider: "sqlite",
+    // Keys must match Better Auth's internal model names (singular).
+    // usePlural: false (default) → "user", "session", "account", "verification"
     schema: {
-      users: schema.users,
-      sessions: schema.sessions,
-      accounts: schema.accounts,
-      verifications: schema.verifications,
+      user: schema.users,
+      session: schema.sessions,
+      account: schema.accounts,
+      verification: schema.verifications,
     },
-    usePlural: false,
   }),
 
   // -------------------------------------------------------------------------
@@ -52,6 +54,30 @@ export const auth = betterAuth({
     maxPasswordLength: 128,
   },
 
+  // -------------------------------------------------------------------------
+  // Database hooks — first registered user becomes admin automatically
+  // -------------------------------------------------------------------------
+  databaseHooks: {
+    user: {
+      create: {
+        after: async (user) => {
+          // Count all users; if this is the very first, promote to admin
+          const [{ total }] = await db
+            .select({ total: count() })
+            .from(schema.users);
+
+          if (total === 1) {
+            await db
+              .update(schema.users)
+              .set({ role: "admin" } as Record<string, unknown>)
+              .where(eq(schema.users.id, user.id));
+            console.log(`[Auth] First user ${user.id} (${user.email}) promoted to admin`);
+          }
+        },
+      },
+    },
+  },
+
   // -------------------------------------------------------------------------
   // Plugins
   // -------------------------------------------------------------------------
@@ -104,5 +130,18 @@ export type Auth = typeof auth;
 /** The server-side session type returned by auth.api.getSession */
 export type Session = typeof auth.$Infer.Session.session;
 
-/** The user type embedded in every session */
-export type User = typeof auth.$Infer.Session.user;
+/** The user type embedded in every session, with custom additionalFields */
+export type User = typeof auth.$Infer.Session.user & {
+  role?: "superadmin" | "admin" | "moderator" | null;
+};
+
+type RawSession = NonNullable<Awaited<ReturnType<typeof auth.api.getSession>>>;
+
+/** Typed wrapper around auth.api.getSession that includes the role field */
+export async function getAuthSession(
+  headers: Headers,
+): Promise<(Omit<RawSession, "user"> & { user: User }) | null> {
+  return auth.api.getSession({ headers }) as Promise<
+    (Omit<RawSession, "user"> & { user: User }) | null
+  >;
+}