# Setup Instructions for Authentication Follow these steps to set up authentication and create the admin user. ## Step 1: Create Database Tables Run the SQL script as a PostgreSQL superuser: ```bash psql -U postgres -d punimtag -f setup-auth-complete.sql ``` Or connect to your database and run the SQL manually: ```sql -- Connect to database \c punimtag -- Then run the contents of setup-auth-complete.sql ``` ## Step 2: Create Admin User After the tables are created, run the Node.js script to create the admin user: ```bash npx tsx scripts/create-admin-user.ts ``` This will create an admin user with: - **Email:** admin@admin.com - **Password:** admin - **Role:** Admin (can approve identifications) ## Step 3: Regenerate Prisma Client ```bash npx prisma generate ``` ## Step 4: Verify Setup 1. **Check tables exist:** ```sql \dt users \dt pending_identifications ``` 2. **Check admin user:** ```sql SELECT email, name, is_admin FROM users WHERE email = 'admin@admin.com'; ``` 3. **Test registration:** - Go to http://localhost:3001/register - Create a new user account - Verify it appears in the database 4. **Test admin login:** - Go to http://localhost:3001/login - Login with admin@admin.com / admin ## Permission Model - **Regular Users:** Can INSERT into `pending_identifications` (identify faces) - **Admin Users:** Can UPDATE `pending_identifications` (approve/reject identifications) - **Application Level:** The `isAdmin` field in the User model controls who can approve ## Troubleshooting ### "permission denied for table users" Make sure you've granted permissions: ```sql GRANT SELECT, INSERT, UPDATE ON TABLE users TO viewer_write; GRANT SELECT, INSERT, UPDATE ON TABLE pending_identifications TO viewer_write; GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO viewer_write; GRANT USAGE, SELECT ON SEQUENCE pending_identifications_id_seq TO viewer_write; ``` ### "relation 'users' does not exist" Run `setup-auth-complete.sql` first to create the tables. ### "Authentication failed" Check your `.env` file has correct `DATABASE_URL_WRITE` credentials.