From 3fbf75b1e152bf77a954345566adc1b16ce27c70 Mon Sep 17 00:00:00 2001
From: Hammer <hammer7839283@gmail.com>
Date: Wed, 28 Jan 2026 17:22:07 +0000
Subject: [PATCH] Add bootstrap-recreate endpoint for proper user creation

---
 apps/api/src/routes/hammer.ts | 46 ++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 20 deletions(-)

diff --git a/apps/api/src/routes/hammer.ts b/apps/api/src/routes/hammer.ts
index 55f36f9..50be023 100644
--- a/apps/api/src/routes/hammer.ts
+++ b/apps/api/src/routes/hammer.ts
@@ -416,30 +416,36 @@ export const hammerRoutes = new Elysia({ prefix: '/hammer' })
     }),
   })
 
-  // Bootstrap: reset user password (temporary setup helper - REMOVE after use)
-  .post('/bootstrap-reset', async ({ body, set }) => {
-    const user = await db.query.users.findFirst({
-      where: eq(users.email, body.email),
+  // Bootstrap: delete and recreate user with proper BetterAuth password (temporary - REMOVE after use)
+  .post('/bootstrap-recreate', async ({ body, set }) => {
+    const { email, password, name } = body;
+    const existing = await db.query.users.findFirst({
+      where: eq(users.email, email),
     });
-    if (!user) {
-      set.status = 404;
-      throw new Error('User not found');
+    if (existing) {
+      const { accounts, sessions } = await import('../db/schema');
+      await db.delete(accounts).where(eq(accounts.userId, existing.id));
+      await db.delete(sessions).where(eq(sessions.userId, existing.id));
+      await db.delete(users).where(eq(users.id, existing.id));
     }
-    // Use BetterAuth's internal API to set password
-    const ctx = await auth.api.signInEmail({
-      body: { email: body.email, password: body.newPassword },
-    }).catch(() => null);
-    // If sign-in fails, the password doesn't match. We need to update via the accounts table.
-    // Use Bun's password hash directly
-    const hash = await Bun.password.hash(body.newPassword, { algorithm: 'bcrypt' });
-    const { accounts } = await import('../db/schema');
-    await db.update(accounts).set({ password: hash }).where(eq(accounts.userId, user.id));
-    // Also set role to admin
-    await db.update(users).set({ role: 'admin' }).where(eq(users.id, user.id));
-    return { success: true, email: body.email, role: 'admin' };
+    const result = await auth.api.signUpEmail({
+      body: { email, password, name },
+    });
+    if (!result) {
+      set.status = 500;
+      throw new Error('Failed to create user');
+    }
+    const newUser = await db.query.users.findFirst({
+      where: eq(users.email, email),
+    });
+    if (newUser) {
+      await db.update(users).set({ role: 'admin' }).where(eq(users.id, newUser.id));
+    }
+    return { success: true, email, role: 'admin' };
   }, {
     body: t.Object({
       email: t.String({ format: 'email' }),
-      newPassword: t.String({ minLength: 8 }),
+      password: t.String({ minLength: 8 }),
+      name: t.String(),
     }),
   });