
Admin-Only Auth: A Sensible Default for Editorial Tools
Bloomineasy keeps editorial access private by default.
Bloomineasy starts with admin-provisioned email/password auth, making private editorial access the default rather than a public sign-up surface.
Bloomineasy keeps editorial access private by default.
Bloomineasy starts with admin-provisioned email/password auth, making private editorial access the default rather than a public sign-up surface.
A CMS admin area should not be public by default
Bloomineasy is built for editorial and administrative workflows, not for public account creation. That is why public sign-up is disabled and the first admin is created through a bootstrap script.
This is a sensible default. It keeps the publishing system focused on trusted users and avoids adding a public user surface before a project actually needs one.
Better Auth and Convex work together
Bloomineasy uses Better Auth with Convex so authentication and app-level user data can live close to the backend. Admin access is tied to role checks, and additional users are provisioned inside the admin area.
This choice fits the product: the CMS needs private editorial sessions, admin roles, password reset support, and a reliable relationship between auth users and app users.
The first admin path is explicit
Fresh installs create the first admin with `scripts/bootstrap-admin.mts`. The script returns a temporary password for sign-in, then additional admins can be managed from `/admin/users`.
That is clearer than leaving public registration open and hoping the correct person signs up first.
A secure default that still stays practical
Admin-only auth gives Bloomineasy a stronger editorial default without making the system difficult to use. Teams can bootstrap the first user, manage roles, and keep public visitors focused on reading content.
For a CMS starter, that balance is important: protect the admin workflow, keep setup understandable, and avoid unnecessary public surfaces.


