Fix FIRST_USER_CLAIMS

.env.example

@@ -97,6 +97,6 @@ RABBITMQ_DEFAULT_PASS=aohohunuhouhuhhoahothonseuhaoensuthoaentsuhha
 
 # v5 stuff, does absolutely nothing on master (aka: you can delete this)
 EXTRA_CLAIMS='{"permissions": ["core.read"], "verified": false}'
-FIRST_USER_CLAIMS='{"permissions": ["user.read", "users.write", "users.delete", "core.read"], "verified": true}'
+FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "users.delete", "core.read"], "verified": true}'
 GUEST_CLAIMS='{"permissions": ["core.read"]}'
 PROTECTED_CLAIMS="permissions,verified"

auth/.env.example

@@ -11,7 +11,7 @@ RSA_PRIVATE_KEY_PATH=""
 EXTRA_CLAIMS='{}'
 # json object with the claims to add to every jwt of the FIRST user (this can be used to mark the first user as admin).
 # Those claims are merged with the `EXTRA_CLAIMS`.
-FIRST_USER_CLAIMS='{}'
+FIRST_USER_CLAIMS='{"permissions": ["users.read", "users.write", "users.delete"]}'
 # If this is not empty, calls to `/jwt` without an `Authorization` header will still create a jwt (with `null` in `sub`)
 GUEST_CLAIMS=""
 # Comma separated list of claims that users without the `user.write` permissions should NOT be able to edit

auth/config.go

@@ -47,14 +47,13 @@ func LoadConfiguration(db *dbc.Queries) (*Configuration, error) {
 			return nil, err
 		}
 	}
+	maps.Insert(ret.FirstUserClaims, maps.All(ret.DefaultClaims))
 	claims = os.Getenv("FIRST_USER_CLAIMS")
 	if claims != "" {
 		err := json.Unmarshal([]byte(claims), &ret.FirstUserClaims)
 		if err != nil {
 			return nil, err
 		}
-
-		maps.Insert(ret.FirstUserClaims, maps.All(ret.DefaultClaims))
 	} else {
 		ret.FirstUserClaims = ret.DefaultClaims
 	}