# v0.1.2 Login + Users Setup

This version removes the dashboard API-key login and replaces it with real email/password login.

## What changed

- The dashboard no longer asks for `ADMIN_API_KEY`.
- `ADMIN_API_KEY` still exists, but it is now only for Telnyx AI Assistant webhook tools using the `x-tool-secret` header.
- A super admin is seeded from `.env`.
- Super admins/admins can add and manage users from `/users.html`.
- Browser push subscriptions are tied to logged-in users.

## Required `.env` additions

Add these to your `.env`:

```env
SUPER_ADMIN_EMAIL=your-email@example.com
SUPER_ADMIN_PASSWORD=use-a-strong-password-here
SUPER_ADMIN_NAME=Super Admin
AUTH_SESSION_SECRET=make-this-long-random-and-private
SYNC_SUPER_ADMIN_PASSWORD=false
```

Keep your existing Telnyx tool secret:

```env
ADMIN_API_KEY=your-long-random-tool-secret
```

## Important

`ADMIN_API_KEY` is no longer your dashboard login password.

Use:

```text
https://pestdemo.recovermissedcall.com/login.html
```

Login with:

```text
SUPER_ADMIN_EMAIL
SUPER_ADMIN_PASSWORD
```

## Users section

After logging in as super admin, open:

```text
https://pestdemo.recovermissedcall.com/users.html
```

Available roles:

- Super Admin: full control. Should usually only be the owner.
- Admin: customer-level user management and lead control.
- Dispatcher: can manage leads and demo leads.
- Technician: can view and update leads.
- Viewer: read-only lead access.

## If you change the .env super admin password later

By default, the app creates the super admin once and does not overwrite the password on every restart. This prevents accidental lockouts.

To force the `.env` password to overwrite the existing super admin password, temporarily set:

```env
SYNC_SUPER_ADMIN_PASSWORD=true
```

Restart the app once, then set it back to:

```env
SYNC_SUPER_ADMIN_PASSWORD=false
```
