First admin bootstrap
After installation, the database has no users. Create the first admin via the CLI shipped with the backend.
Docker
Section titled “Docker”docker compose exec backend /app/commentary-admin-create \ --password-stdin# (paste password, press Ctrl-D)The CLI:
- Hashes the password with argon2id (parameters: memory 64MB, iterations 3, parallelism 4).
- Inserts a row in
userswithrole = 'admin'andemail_verified = true. - Does not auto-enroll 2FA — you do that from the studio post-login.
Native dev
Section titled “Native dev”cd apps/serverLogin + 2FA
Section titled “Login + 2FA”-
Browse to
https://<your-domain>/(orhttp://localhost:3030/in dev). -
Log in with the credentials you just created.
-
For v1.0, the studio Settings page does not yet expose the 2FA enrollment wizard (planned for v1.1). To enable TOTP today, call the API directly with your access token:
Terminal window # Get the access token from your browser DevTools (Application → Cookies → access_token)curl -X POST https://<your-domain>/api/auth/2fa/setup \-H "Cookie: access_token=$TOKEN" \-H "Content-Type: application/json"# Returns { "secret": "...", "qr": "data:image/png;base64,..." }Scan the QR with your authenticator app, then confirm with the 6-digit code:
Terminal window curl -X POST https://<your-domain>/api/auth/2fa/verify \-H "Cookie: access_token=$TOKEN" \-H "Content-Type: application/json" \-d '{"code":"123456"}'# Returns { "recovery_codes": ["...", "..."] } — save these
Next time you log in, you’ll be prompted for the TOTP code after password.
Add more team members (Users page)
Section titled “Add more team members (Users page)”Once the first admin can log in, additional admins and operators can be created via the studio UI (no more CLI needed) :
- Navigate to
/users(visible only to admins) - Click “Ajouter”
- Fill email + password (≥12 chars) + role + locale
- Save
The new user can log in immediately. They can set up 2FA from Settings → Sécurité.
→ usage.md — operator workflow (create event, invite commentator, go live).