Summary
Admin users are currently rewritten to the literal user ID admin during sign-in and JWT creation. That collapses all configured admins into one logical account.
Why this matters
- Multiple admins would share the same profile row and uploaded-photo ownership
- Auditability is lost because actions can no longer be tied to the real provider account
- Any future per-admin preferences or profile edits will overwrite each other
Evidence
app/auth.ts:34-37
app/auth.ts:98-103
Suggested fix
Keep each user's canonical provider-based ID, then store admin status as authorization only. For example, preserve github-123 as the user ID and compute isAdmin separately in session or server-side authorization checks.
Acceptance criteria
- Admin users keep unique user IDs
- Admin privileges still work for delete and moderation paths
- Existing profile and photo ownership logic continues to work per user
- Add regression coverage for at least two admin accounts
Summary
Admin users are currently rewritten to the literal user ID
adminduring sign-in and JWT creation. That collapses all configured admins into one logical account.Why this matters
Evidence
app/auth.ts:34-37app/auth.ts:98-103Suggested fix
Keep each user's canonical provider-based ID, then store admin status as authorization only. For example, preserve
github-123as the user ID and computeisAdminseparately in session or server-side authorization checks.Acceptance criteria