feat(auth): pnpm admin:grant <email> CLI to flip user role to admin

Tiny tsx script that flips user.role to "admin" via BetterAuth's admin plugin convention (role column on the existing user table, not a custom isAdmin boolean). Wired through packages/auth → root package.json with the same env-sourcing pattern as auth:seed. Usage: pnpm admin:grant me@example.com
2026-04-04 22:47:34 +01:00
parent 30928cd71d
commit 76c32b2345
3 changed files with 46 additions and 0 deletions
--- a/package.json
+++ b/package.json
@@ -13,6 +13,7 @@
    "lint:ws": "pnpm dlx sherif@latest -r packages-without-package-json",
    "prepare": "husky",
    "auth:seed": "set -a && source apps/web/.env.local && set +a && pnpm --filter @turbostarter/auth db:seed",
+    "admin:grant": "set -a && source apps/web/.env.local && set +a && pnpm --filter @turbostarter/auth admin:grant",
    "services:logs": "docker compose logs -f",
    "services:setup": "pnpm services:start && pnpm with-env turbo setup",
    "services:start": "docker compose up -d --wait",
--- a/packages/auth/package.json
+++ b/packages/auth/package.json
@@ -13,6 +13,7 @@
    "clean": "git clean -xdf .cache .turbo dist node_modules",
    "db:generate": "cross-env SKIP_ENV_VALIDATION=1 pnpm dlx @better-auth/cli@1.4.3 generate --config src/server.ts --output ../db/src/schema/auth.ts --y",
    "db:seed": "cross-env SKIP_ENV_VALIDATION=1 pnpm dlx tsx ./src/scripts/seed.ts",
+    "admin:grant": "cross-env SKIP_ENV_VALIDATION=1 pnpm dlx tsx ./src/scripts/grant-admin.ts",
    "format": "prettier --check . --ignore-path ../../.gitignore",
    "lint": "eslint",
    "test": "vitest run",
--- a/packages/auth/src/scripts/grant-admin.ts
+++ b/packages/auth/src/scripts/grant-admin.ts
@@ -0,0 +1,44 @@
+/**
+ * Grants admin privileges to a user by email.
+ *
+ * Usage:
+ *   pnpm admin:grant <email>
+ *
+ * Resolved via packages/auth/package.json → root package.json alias.
+ * Flips user.role to "admin" via BetterAuth's admin plugin convention
+ * (role column, not a custom isAdmin boolean).
+ */
+import { eq } from "@turbostarter/db";
+import * as schema from "@turbostarter/db/schema";
+import { db } from "@turbostarter/db/server";
+import { logger } from "@turbostarter/shared/logger";
+
+import { UserRole } from "../types";
+
+const email = process.argv[2];
+
+if (!email) {
+  logger.error("Usage: pnpm admin:grant <email>");
+  process.exit(1);
+}
+
+const rows = await db
+  .update(schema.user)
+  .set({ role: UserRole.ADMIN })
+  .where(eq(schema.user.email, email))
+  .returning({
+    id: schema.user.id,
+    email: schema.user.email,
+    role: schema.user.role,
+  });
+
+if (rows.length === 0) {
+  logger.error(`No user found with email: ${email}`);
+  process.exit(1);
+}
+
+const updated = rows[0]!;
+logger.info(
+  `✓ Granted admin to ${updated.email} (id: ${updated.id}, role: ${updated.role})`,
+);
+process.exit(0);