We need a setup script to create the first Super Admin in the system.
👉 This is required because:
- System starts empty
- No admin exists initially
- We need a secure way to bootstrap admin access
🎯 Goals
Build a script that is:
- Secure (no unauthorized access)
- Idempotent (runs safely multiple times)
- Environment-aware (dev vs prod safe)
- Easy to use (CLI or script)
- Production-ready
🧱 Features to Build
1. Super Admin Creation Script
Command
npm run create:superadmin
OR
node scripts/createSuperAdmin.js
2. Required Inputs
Script should accept:
Input Methods
Support:
- CLI prompt (preferred)
- Environment variables (for automation)
Example:
SUPERADMIN_EMAIL=admin@commdesk.com npm run create:superadmin
3. What Script Should Do
Step-by-Step Flow
Start script
→ Validate inputs
→ Check if admin already exists
→ If exists → stop (no duplicate)
→ Hash password
→ Create user with role = SuperAdmin
→ Mark emailVerified = true
→ Save audit log
→ Show success message
4. Role Definition
Add new role:
Permissions
SuperAdmin can:
- approve/reject communities
- suspend communities
- view all data
- manage users
🔐 Security Requirements
1. Password Security
- Use bcrypt
- Minimum 10 salt rounds
2. Script Protection (IMPORTANT)
Prevent misuse:
In Production:
-
Allow script ONLY if:
ALLOW_ADMIN_BOOTSTRAP=true
After first admin:
- Disable script automatically OR
- Prevent creating second super admin
3. Idempotency
If script runs again:
If admin exists → exit safely
4. Input Validation
Validate:
- email format
- strong password
- required fields
🧾 Database Changes
User Schema Update
Add:
🧾 Audit Logs
Log action:
⚙️ Implementation Details
File Location
scripts/createSuperAdmin.js
Structure
connect DB
→ read input
→ validate
→ check existing admin
→ create admin
→ log
→ exit
🧪 Testing
Manual Testing
- run script locally
- run script twice (should not duplicate)
Edge Cases
- missing input
- weak password
- DB connection failure
🌍 Environment Handling
DEV
PRODUCTION
- require env flag
- log action
- restrict multiple runs
⚠️ Error Handling
Return clear errors:
"Super admin already exists"
"Invalid email format"
"Password too weak"
🧠 Optional Enhancements (Recommended)
1. Interactive CLI
Use:
2. Mask Password Input
- hide password in terminal
3. Confirmation Step
"Are you sure you want to create super admin?"
4. Seeder Support
Allow script to run in:
📊 Observability
Log:
- script run
- success/failure
- timestamp
🔐 Advanced Security (Optional but Strong)
1. One-Time Token
Require:
2. IP Restriction
Allow only trusted IPs (optional)
✅ Acceptance Criteria
✔ Script creates super admin
✔ Password securely hashed
✔ No duplicate admin created
✔ Works in dev & prod
✔ Protected by env flag
✔ Logs action
✔ Handles errors properly
✔ Easy to run
We need a setup script to create the first Super Admin in the system.
👉 This is required because:
🎯 Goals
Build a script that is:
🧱 Features to Build
1. Super Admin Creation Script
Command
OR
2. Required Inputs
Script should accept:
Input Methods
Support:
Example:
3. What Script Should Do
Step-by-Step Flow
4. Role Definition
Add new role:
Permissions
SuperAdmin can:
🔐 Security Requirements
1. Password Security
2. Script Protection (IMPORTANT)
Prevent misuse:
In Production:
Allow script ONLY if:
After first admin:
3. Idempotency
If script runs again:
4. Input Validation
Validate:
🧾 Database Changes
User Schema Update
Add:
🧾 Audit Logs
Log action:
⚙️ Implementation Details
File Location
Structure
🧪 Testing
Manual Testing
Edge Cases
🌍 Environment Handling
DEV
PRODUCTION
Return clear errors:
🧠 Optional Enhancements (Recommended)
1. Interactive CLI
Use:
2. Mask Password Input
3. Confirmation Step
4. Seeder Support
Allow script to run in:
📊 Observability
Log:
🔐 Advanced Security (Optional but Strong)
1. One-Time Token
Require:
2. IP Restriction
Allow only trusted IPs (optional)
✅ Acceptance Criteria
✔ Script creates super admin
✔ Password securely hashed
✔ No duplicate admin created
✔ Works in dev & prod
✔ Protected by env flag
✔ Logs action
✔ Handles errors properly
✔ Easy to run