npm - @actual-app/sync-server - Versions diffs - 25.4.0-alpha.0 - Mend

@actual-app/sync-server 25.4.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (137) hide show

package/.dockerignore +12 -0
package/README.md +19 -0
package/app.js +11 -0
package/babel.config.json +3 -0
package/bin/@actual-app/sync-server +55 -0
package/docker/alpine.Dockerfile +62 -0
package/docker/ubuntu.Dockerfile +63 -0
package/docker-compose.yml +29 -0
package/jest.config.json +19 -0
package/jest.global-setup.js +101 -0
package/jest.global-teardown.js +6 -0
package/migrations/1694360000000-create-folders.js +25 -0
package/migrations/1694360479680-create-account-db.js +30 -0
package/migrations/1694362247011-create-secret-table.js +16 -0
package/migrations/1702667624000-rename-nordigen-secrets.js +19 -0
package/migrations/1718889148000-openid.js +41 -0
package/migrations/1719409568000-multiuser.js +116 -0
package/package.json +64 -0
package/src/account-db.js +239 -0
package/src/accounts/openid.js +361 -0
package/src/accounts/password.js +149 -0
package/src/app-account.js +155 -0
package/src/app-admin.js +410 -0
package/src/app-admin.test.js +381 -0
package/src/app-gocardless/README.md +198 -0
package/src/app-gocardless/app-gocardless.js +274 -0
package/src/app-gocardless/bank-factory.js +91 -0
package/src/app-gocardless/banks/abanca_caglesmm.js +22 -0
package/src/app-gocardless/banks/abnamro_abnanl2a.js +57 -0
package/src/app-gocardless/banks/american_express_aesudef1.js +40 -0
package/src/app-gocardless/banks/bancsabadell_bsabesbbb.js +31 -0
package/src/app-gocardless/banks/bank.interface.ts +51 -0
package/src/app-gocardless/banks/bank_of_ireland_b365_bofiie2d.js +39 -0
package/src/app-gocardless/banks/bankinter_bkbkesmm.js +24 -0
package/src/app-gocardless/banks/belfius_gkccbebb.js +17 -0
package/src/app-gocardless/banks/berliner_sparkasse_beladebexxx.js +61 -0
package/src/app-gocardless/banks/bnp_be_gebabebb.js +73 -0
package/src/app-gocardless/banks/cbc_cregbebb.js +34 -0
package/src/app-gocardless/banks/commerzbank_cobadeff.js +51 -0
package/src/app-gocardless/banks/danskebank_dabno22.js +39 -0
package/src/app-gocardless/banks/direkt_heladef1822.js +18 -0
package/src/app-gocardless/banks/easybank_bawaatww.js +50 -0
package/src/app-gocardless/banks/entercard_swednokk.js +40 -0
package/src/app-gocardless/banks/fortuneo_ftnofrp1xxx.js +46 -0
package/src/app-gocardless/banks/hype_hyeeit22.js +74 -0
package/src/app-gocardless/banks/ing_ingbrobu.js +70 -0
package/src/app-gocardless/banks/ing_ingddeff.js +47 -0
package/src/app-gocardless/banks/ing_pl_ingbplpw.js +46 -0
package/src/app-gocardless/banks/integration-bank.js +115 -0
package/src/app-gocardless/banks/isybank_itbbitmm.js +18 -0
package/src/app-gocardless/banks/kbc_kredbebb.js +33 -0
package/src/app-gocardless/banks/lhv-lhvbee22.js +36 -0
package/src/app-gocardless/banks/mbank_retail_brexplpw.js +56 -0
package/src/app-gocardless/banks/nationwide_naiagb21.js +46 -0
package/src/app-gocardless/banks/nbg_ethngraaxxx.js +51 -0
package/src/app-gocardless/banks/norwegian_xx_norwnok1.js +74 -0
package/src/app-gocardless/banks/revolut_revolt21.js +37 -0
package/src/app-gocardless/banks/sandboxfinance_sfin0000.js +28 -0
package/src/app-gocardless/banks/seb_kort_bank_ab.js +58 -0
package/src/app-gocardless/banks/seb_privat.js +29 -0
package/src/app-gocardless/banks/sparnord_spnodk22.js +24 -0
package/src/app-gocardless/banks/spk_karlsruhe_karsde66.js +61 -0
package/src/app-gocardless/banks/spk_marburg_biedenkopf_heladef1mar.js +30 -0
package/src/app-gocardless/banks/spk_worms_alzey_ried_malade51wor.js +19 -0
package/src/app-gocardless/banks/ssk_dusseldorf_dussdeddxxx.js +50 -0
package/src/app-gocardless/banks/swedbank_habalv22.js +47 -0
package/src/app-gocardless/banks/tests/abanca_caglesmm.spec.js +21 -0
package/src/app-gocardless/banks/tests/abnamro_abnanl2a.spec.js +61 -0
package/src/app-gocardless/banks/tests/bancsabadell_bsabesbbb.spec.js +53 -0
package/src/app-gocardless/banks/tests/belfius_gkccbebb.spec.js +22 -0
package/src/app-gocardless/banks/tests/cbc_cregbebb.spec.js +34 -0
package/src/app-gocardless/banks/tests/commerzbank_cobadeff.spec.js +110 -0
package/src/app-gocardless/banks/tests/easybank_bawaatww.spec.js +54 -0
package/src/app-gocardless/banks/tests/fortuneo_ftnofrp1xxx.spec.js +206 -0
package/src/app-gocardless/banks/tests/ing_ingddeff.spec.js +302 -0
package/src/app-gocardless/banks/tests/ing_pl_ingbplpw.spec.js +202 -0
package/src/app-gocardless/banks/tests/integration_bank.spec.js +158 -0
package/src/app-gocardless/banks/tests/kbc_kredbebb.spec.js +38 -0
package/src/app-gocardless/banks/tests/lhv-lhvbee22.spec.js +68 -0
package/src/app-gocardless/banks/tests/mbank_retail_brexplpw.spec.js +171 -0
package/src/app-gocardless/banks/tests/nationwide_naiagb21.spec.js +105 -0
package/src/app-gocardless/banks/tests/nbg_ethngraaxxx.spec.js +48 -0
package/src/app-gocardless/banks/tests/revolut_revolt21.spec.js +42 -0
package/src/app-gocardless/banks/tests/sandboxfinance_sfin0000.spec.js +133 -0
package/src/app-gocardless/banks/tests/spk_marburg_biedenkopf_heladef1mar.spec.js +256 -0
package/src/app-gocardless/banks/tests/ssk_dusseldorf_dussdeddxxx.spec.js +102 -0
package/src/app-gocardless/banks/tests/swedbank_habalv22.spec.js +57 -0
package/src/app-gocardless/banks/tests/virgin_nrnbgb22.spec.js +54 -0
package/src/app-gocardless/banks/util/extract-payeeName-from-remittanceInfo.js +36 -0
package/src/app-gocardless/banks/virgin_nrnbgb22.js +39 -0
package/src/app-gocardless/errors.js +84 -0
package/src/app-gocardless/gocardless-node.types.ts +497 -0
package/src/app-gocardless/gocardless.types.ts +93 -0
package/src/app-gocardless/link.html +18 -0
package/src/app-gocardless/services/gocardless-service.js +620 -0
package/src/app-gocardless/services/tests/fixtures.js +181 -0
package/src/app-gocardless/services/tests/gocardless-service.spec.js +537 -0
package/src/app-gocardless/tests/bank-factory.spec.js +20 -0
package/src/app-gocardless/tests/utils.spec.js +162 -0
package/src/app-gocardless/util/handle-error.js +16 -0
package/src/app-gocardless/utils.js +45 -0
package/src/app-openid.js +108 -0
package/src/app-pluggyai/app-pluggyai.js +215 -0
package/src/app-pluggyai/pluggyai-service.js +120 -0
package/src/app-secrets.js +61 -0
package/src/app-simplefin/app-simplefin.js +418 -0
package/src/app-sync/errors.js +13 -0
package/src/app-sync/services/files-service.js +243 -0
package/src/app-sync/tests/services/files-service.test.js +250 -0
package/src/app-sync/validation.js +77 -0
package/src/app-sync.js +391 -0
package/src/app-sync.test.js +877 -0
package/src/app.js +145 -0
package/src/config-types.ts +44 -0
package/src/db.js +58 -0
package/src/load-config.js +307 -0
package/src/migrations.js +36 -0
package/src/run-migrations.js +8 -0
package/src/scripts/disable-openid.js +44 -0
package/src/scripts/enable-openid.js +53 -0
package/src/scripts/health-check.js +23 -0
package/src/scripts/reset-password.js +51 -0
package/src/secrets.test.js +83 -0
package/src/services/secrets-service.js +94 -0
package/src/services/user-service.js +272 -0
package/src/sql/messages.sql +9 -0
package/src/sync-simple.js +95 -0
package/src/util/hash.js +5 -0
package/src/util/middlewares.js +62 -0
package/src/util/paths.js +13 -0
package/src/util/payee-name.js +45 -0
package/src/util/prompt.js +88 -0
package/src/util/title/index.js +59 -0
package/src/util/title/lower-case.js +93 -0
package/src/util/title/specials.js +21 -0
package/src/util/validate-user.js +68 -0
package/tsconfig.json +21 -0

package/src/app.js ADDED Viewed

@@ -0,0 +1,145 @@
+import fs from 'node:fs';
+import bodyParser from 'body-parser';
+import cors from 'cors';
+import express from 'express';
+import actuator from 'express-actuator';
+import rateLimit from 'express-rate-limit';
+import { bootstrap } from './account-db.js';
+import * as accountApp from './app-account.js';
+import * as adminApp from './app-admin.js';
+import * as goCardlessApp from './app-gocardless/app-gocardless.js';
+import * as openidApp from './app-openid.js';
+import * as pluggai from './app-pluggyai/app-pluggyai.js';
+import * as secretApp from './app-secrets.js';
+import * as simpleFinApp from './app-simplefin/app-simplefin.js';
+import * as syncApp from './app-sync.js';
+import { config } from './load-config.js';
+const app = express();
+process.on('unhandledRejection', reason => {
+  console.log('Rejection:', reason);
+});
+app.disable('x-powered-by');
+app.use(cors());
+app.set('trust proxy', config.get('trustedProxies'));
+if (process.env.NODE_ENV !== 'development') {
+  app.use(
+    rateLimit({
+      windowMs: 60 * 1000,
+      max: 500,
+      legacyHeaders: false,
+      standardHeaders: true,
+    }),
+  );
+}
+app.use(
+  bodyParser.json({ limit: `${config.get('upload.fileSizeLimitMB')}mb` }),
+);
+app.use(
+  bodyParser.raw({
+    type: 'application/actual-sync',
+    limit: `${config.get('upload.fileSizeSyncLimitMB')}mb`,
+  }),
+);
+app.use(
+  bodyParser.raw({
+    type: 'application/encrypted-file',
+    limit: `${config.get('upload.syncEncryptedFileSizeLimitMB')}mb`,
+  }),
+);
+app.use('/sync', syncApp.handlers);
+app.use('/account', accountApp.handlers);
+app.use('/gocardless', goCardlessApp.handlers);
+app.use('/simplefin', simpleFinApp.handlers);
+app.use('/pluggyai', pluggai.handlers);
+app.use('/secret', secretApp.handlers);
+app.use('/admin', adminApp.handlers);
+app.use('/openid', openidApp.handlers);
+app.get('/mode', (req, res) => {
+  res.send(config.get('mode'));
+});
+app.use(actuator()); // Provides /health, /metrics, /info
+// The web frontend
+app.use((req, res, next) => {
+  res.set('Cross-Origin-Opener-Policy', 'same-origin');
+  res.set('Cross-Origin-Embedder-Policy', 'require-corp');
+  next();
+});
+if (process.env.NODE_ENV === 'development') {
+  console.log(
+    'Running in development mode - Proxying frontend routes to React Dev Server',
+  );
+  // Imported within Dev block to allow dev dependency in package.json (reduces package size in production)
+  const httpProxyMiddleware = await import('http-proxy-middleware');
+  app.use(
+    httpProxyMiddleware.createProxyMiddleware({
+      target: 'http://localhost:3001',
+      changeOrigin: true,
+      ws: true,
+      logLevel: 'debug',
+    }),
+  );
+} else {
+  console.log('Running in production mode - Serving static React app');
+  app.use(express.static(config.get('webRoot'), { index: false }));
+  app.get('/*', (req, res) =>
+    res.sendFile(config.get('webRoot') + '/index.html'),
+  );
+}
+function parseHTTPSConfig(value) {
+  if (value.startsWith('-----BEGIN')) {
+    return value;
+  }
+  return fs.readFileSync(value);
+}
+export async function run() {
+  if (config.openId) {
+    console.log('OpenID configuration found. Preparing server to use it');
+    try {
+      const { error } = await bootstrap({ openId: config.openId }, true);
+      if (error) {
+        console.log(error);
+      } else {
+        console.log('OpenID configured!');
+      }
+    } catch (err) {
+      console.error(err);
+    }
+  }
+  if (config.get('https.key') && config.get('https.cert')) {
+    const https = await import('node:https');
+    const httpsOptions = {
+      ...config.https,
+      key: parseHTTPSConfig(config.get('https.key')),
+      cert: parseHTTPSConfig(config.get('https.cert')),
+    };
+    https
+      .createServer(httpsOptions, app)
+      .listen(config.get('port'), config.get('hostname'));
+  } else {
+    app.listen(config.get('port'), config.get('hostname'));
+  }
+  // Signify to any parent process that the server has started. Used in electron desktop app
+  process.parentPort?.postMessage({ type: 'server-started' });
+  console.log(
+    'Listening on ' + config.get('hostname') + ':' + config.get('port') + '...',
+  );
+}

package/src/config-types.ts ADDED Viewed

@@ -0,0 +1,44 @@
+import { ServerOptions } from 'https';
+type LoginMethod = 'password' | 'header' | 'openid';
+export interface Config {
+  mode: 'test' | 'development';
+  loginMethod?: LoginMethod;
+  allowedLoginMethods: LoginMethod[];
+  trustedProxies: string[];
+  trustedAuthProxies?: string[];
+  dataDir: string;
+  projectRoot: string;
+  port: number;
+  hostname: string;
+  serverFiles: string;
+  userFiles: string;
+  webRoot: string;
+  https?: {
+    key: string;
+    cert: string;
+  } & ServerOptions;
+  upload?: {
+    fileSizeSyncLimitMB: number;
+    syncEncryptedFileSizeLimitMB: number;
+    fileSizeLimitMB: number;
+  };
+  openId?: {
+    issuer:
+      | string
+      | {
+          name: string;
+          authorization_endpoint: string;
+          token_endpoint: string;
+          userinfo_endpoint: string;
+        };
+    client_id: string;
+    client_secret: string;
+    server_hostname: string;
+    authMethod?: 'openid' | 'oauth2';
+  };
+  token_expiration?: 'never' | 'openid-provider' | number;
+  enforceOpenId: boolean;
+  userCreationMode?: 'manual' | 'login';
+}

package/src/db.js ADDED Viewed

@@ -0,0 +1,58 @@
+import Database from 'better-sqlite3';
+class WrappedDatabase {
+  constructor(db) {
+    this.db = db;
+  }
+  /**
+   * @param {string} sql
+   * @param {string[]} params
+   */
+  all(sql, params = []) {
+    const stmt = this.db.prepare(sql);
+    return stmt.all(...params);
+  }
+  /**
+   * @param {string} sql
+   * @param {string[]} params
+   */
+  first(sql, params = []) {
+    const rows = this.all(sql, params);
+    return rows.length === 0 ? null : rows[0];
+  }
+  /**
+   * @param {string} sql
+   */
+  exec(sql) {
+    return this.db.exec(sql);
+  }
+  /**
+   * @param {string} sql
+   * @param {string[]} params
+   */
+  mutate(sql, params = []) {
+    const stmt = this.db.prepare(sql);
+    const info = stmt.run(...params);
+    return { changes: info.changes, insertId: info.lastInsertRowid };
+  }
+  /**
+   * @param {() => void} fn
+   */
+  transaction(fn) {
+    return this.db.transaction(fn)();
+  }
+  close() {
+    this.db.close();
+  }
+}
+/** @param {string} filename */
+export function openDatabase(filename) {
+  return new WrappedDatabase(new Database(filename));
+}

package/src/load-config.js ADDED Viewed

@@ -0,0 +1,307 @@
+import { createRequire } from 'module';
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import convict from 'convict';
+import createDebug from 'debug';
+const require = createRequire(import.meta.url);
+const debug = createDebug('actual:config');
+const debugSensitive = createDebug('actual-sensitive:config');
+const projectRoot = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
+const defaultDataDir = process.env.ACTUAL_DATA_DIR
+  ? process.env.ACTUAL_DATA_DIR
+  : fs.existsSync('/data')
+    ? '/data'
+    : projectRoot;
+debug(`Project root: '${projectRoot}'`);
+export const sqlDir = path.join(projectRoot, 'src', 'sql');
+const actualAppWebBuildPath = path.join(
+  path.dirname(require.resolve('@actual-app/web/package.json')),
+  'build',
+);
+debug(`Actual web build path: '${actualAppWebBuildPath}'`);
+// Custom formats
+convict.addFormat({
+  name: 'tokenExpiration',
+  validate(val) {
+    if (val === 'never' || val === 'openid-provider') return;
+    if (typeof val === 'number' && Number.isFinite(val) && val >= 0) return;
+    throw new Error(`Invalid token_expiration value: ${val}`);
+  },
+});
+// Main config schema
+const configSchema = convict({
+  env: {
+    doc: 'The application environment.',
+    format: ['production', 'development', 'test'],
+    default: 'development',
+    env: 'NODE_ENV',
+  },
+  mode: {
+    doc: 'Application mode.',
+    format: ['test', 'development'],
+    default: process.env.NODE_ENV === 'test' ? 'test' : 'development',
+  },
+  projectRoot: {
+    doc: 'Project root directory.',
+    format: String,
+    default: projectRoot,
+  },
+  dataDir: {
+    doc: 'Default data directory.',
+    format: String,
+    default: process.env.NODE_ENV === 'test' ? projectRoot : defaultDataDir,
+    env: 'ACTUAL_DATA_DIR',
+  },
+  port: {
+    doc: 'Port to run the server on.',
+    format: 'port',
+    default: process.env.PORT ? process.env.PORT : 5006,
+    env: 'ACTUAL_PORT',
+  },
+  hostname: {
+    doc: 'Server hostname.',
+    format: String,
+    default: '::',
+    env: 'ACTUAL_HOSTNAME',
+  },
+  serverFiles: {
+    doc: 'Path to server files.',
+    format: String,
+    default:
+      process.env.NODE_ENV === 'test'
+        ? path.join(projectRoot, 'test-server-files')
+        : path.join(defaultDataDir, 'server-files'),
+    env: 'ACTUAL_SERVER_FILES',
+  },
+  userFiles: {
+    doc: 'Path to user files.',
+    format: String,
+    default:
+      process.env.NODE_ENV === 'test'
+        ? path.join(projectRoot, 'test-user-files')
+        : path.join(defaultDataDir, 'user-files'),
+    env: 'ACTUAL_USER_FILES',
+  },
+  webRoot: {
+    doc: 'Web root directory.',
+    format: String,
+    default: actualAppWebBuildPath,
+    env: 'ACTUAL_WEB_ROOT',
+  },
+  loginMethod: {
+    doc: 'Authentication method.',
+    format: ['password', 'header', 'openid'],
+    default: 'password',
+    env: 'ACTUAL_LOGIN_METHOD',
+  },
+  allowedLoginMethods: {
+    doc: 'Allowed authentication methods.',
+    format: Array,
+    default: ['password', 'header', 'openid'],
+    env: 'ACTUAL_ALLOWED_LOGIN_METHODS',
+  },
+  trustedProxies: {
+    doc: 'List of trusted proxies.',
+    format: Array,
+    default: [
+      '10.0.0.0/8',
+      '172.16.0.0/12',
+      '192.168.0.0/16',
+      'fc00::/7',
+      '::1/128',
+    ],
+    env: 'ACTUAL_TRUSTED_PROXIES',
+  },
+  trustedAuthProxies: {
+    doc: 'List of trusted auth proxies.',
+    format: Array,
+    default: [],
+    env: 'ACTUAL_TRUSTED_AUTH_PROXIES',
+  },
+  https: {
+    doc: 'HTTPS configuration.',
+    key: {
+      doc: 'HTTPS Certificate key',
+      format: String,
+      default: '',
+      env: 'ACTUAL_HTTPS_KEY',
+    },
+    cert: {
+      doc: 'HTTPS Certificate',
+      format: String,
+      default: '',
+      env: 'ACTUAL_HTTPS_CERT',
+    },
+  },
+  upload: {
+    doc: 'Upload configuration.',
+    fileSizeSyncLimitMB: {
+      doc: 'Sync file size limit (in MB)',
+      format: 'nat',
+      default: 20,
+      env: 'ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB',
+    },
+    syncEncryptedFileSizeLimitMB: {
+      doc: 'Encrypted Sync file size limit (in MB)',
+      format: 'nat',
+      default: 50,
+      env: 'ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB',
+    },
+    fileSizeLimitMB: {
+      doc: 'General file size limit (in MB)',
+      format: 'nat',
+      default: 20,
+      env: 'ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB',
+    },
+  },
+  openId: {
+    doc: 'OpenID authentication settings.',
+    discoveryURL: {
+      doc: 'OpenID Provider discovery URL.',
+      format: String,
+      default: '',
+      env: 'ACTUAL_OPENID_DISCOVERY_URL',
+    },
+    issuer: {
+      doc: 'OpenID issuer',
+      format: Object,
+      default: {},
+      name: {
+        doc: 'Name of the provider',
+        default: '',
+        format: String,
+        env: 'ACTUAL_OPENID_PROVIDER_NAME',
+      },
+      authorization_endpoint: {
+        doc: 'Authorization endpoint',
+        default: '',
+        format: String,
+        env: 'ACTUAL_OPENID_AUTHORIZATION_ENDPOINT',
+      },
+      token_endpoint: {
+        doc: 'Token endpoint',
+        default: '',
+        format: String,
+        env: 'ACTUAL_OPENID_TOKEN_ENDPOINT',
+      },
+      userinfo_endpoint: {
+        doc: 'Userinfo endpoint',
+        default: '',
+        format: String,
+        env: 'ACTUAL_OPENID_USERINFO_ENDPOINT',
+      },
+    },
+    client_id: {
+      doc: 'OpenID client ID.',
+      format: String,
+      default: '',
+      env: 'ACTUAL_OPENID_CLIENT_ID',
+    },
+    client_secret: {
+      doc: 'OpenID client secret.',
+      format: String,
+      default: '',
+      env: 'ACTUAL_OPENID_CLIENT_SECRET',
+    },
+    server_hostname: {
+      doc: 'OpenID server hostname.',
+      format: String,
+      default: '',
+      env: 'ACTUAL_OPENID_SERVER_HOSTNAME',
+    },
+    authMethod: {
+      doc: 'OpenID authentication method.',
+      format: ['openid', 'oauth2'],
+      default: 'openid',
+      env: 'ACTUAL_OPENID_AUTH_METHOD',
+    },
+  },
+  token_expiration: {
+    doc: 'Token expiration time.',
+    format: 'tokenExpiration',
+    default: 'never',
+    env: 'ACTUAL_TOKEN_EXPIRATION',
+  },
+  enforceOpenId: {
+    doc: 'Enforce OpenID authentication.',
+    format: Boolean,
+    default: false,
+    env: 'ACTUAL_OPENID_ENFORCE',
+  },
+  userCreationMode: {
+    doc: 'Determines how users can be created.',
+    format: ['manual', 'login'],
+    default: 'manual',
+    env: 'ACTUAL_USER_CREATION_MODE',
+  },
+});
+let configPath = null;
+if (process.env.ACTUAL_CONFIG_PATH) {
+  debug(
+    `loading config from ACTUAL_CONFIG_PATH: '${process.env.ACTUAL_CONFIG_PATH}'`,
+  );
+  configPath = process.env.ACTUAL_CONFIG_PATH;
+} else {
+  configPath = path.join(projectRoot, 'config.json');
+  if (!fs.existsSync(configPath)) {
+    configPath = path.join(defaultDataDir, 'config.json');
+  }
+  debug(`loading config from default path: '${configPath}'`);
+}
+if (fs.existsSync(configPath)) {
+  configSchema.loadFile(configPath);
+  debug(`Config loaded`);
+}
+debug(`Validating config`);
+configSchema.validate({ allowed: 'strict' });
+debug(`Project root: ${configSchema.get('projectRoot')}`);
+debug(`Port: ${configSchema.get('port')}`);
+debug(`Hostname: ${configSchema.get('hostname')}`);
+debug(`Data directory: ${configSchema.get('dataDir')}`);
+debug(`Server files: ${configSchema.get('serverFiles')}`);
+debug(`User files: ${configSchema.get('userFiles')}`);
+debug(`Web root: ${configSchema.get('webRoot')}`);
+debug(`Login method: ${configSchema.get('loginMethod')}`);
+debug(`Allowed methods: ${configSchema.get('allowedLoginMethods').join(', ')}`);
+const httpsKey = configSchema.get('https.key');
+if (httpsKey) {
+  debug(`HTTPS Key: ${'*'.repeat(httpsKey.length)}`);
+  debugSensitive(`HTTPS Key: ${httpsKey}`);
+}
+const httpsCert = configSchema.get('https.cert');
+if (httpsCert) {
+  debug(`HTTPS Cert: ${'*'.repeat(httpsCert.length)}`);
+  debugSensitive(`HTTPS Cert: ${httpsCert}`);
+}
+export { configSchema as config };

package/src/migrations.js ADDED Viewed

@@ -0,0 +1,36 @@
+import path from 'node:path';
+import migrate from 'migrate';
+import { config } from './load-config.js';
+export function run(direction = 'up') {
+  console.log(
+    `Checking if there are any migrations to run for direction "${direction}"...`,
+  );
+  return new Promise(resolve =>
+    migrate.load(
+      {
+        stateStore: `${path.join(config.get('dataDir'), '.migrate')}${
+          config.get('mode') === 'test' ? '-test' : ''
+        }`,
+        migrationsDirectory: `${path.join(config.get('projectRoot'), 'migrations')}`,
+      },
+      (err, set) => {
+        if (err) {
+          throw err;
+        }
+        set[direction](err => {
+          if (err) {
+            throw err;
+          }
+          console.log('Migrations: DONE');
+          resolve();
+        });
+      },
+    ),
+  );
+}

package/src/run-migrations.js ADDED Viewed

@@ -0,0 +1,8 @@
+import { run } from './migrations.js';
+const direction = process.argv[2] || 'up';
+run(direction).catch(err => {
+  console.error('Migration failed:', err);
+  process.exit(1);
+});

package/src/scripts/disable-openid.js ADDED Viewed

@@ -0,0 +1,44 @@
+import {
+  disableOpenID,
+  getActiveLoginMethod,
+  needsBootstrap,
+} from '../account-db.js';
+import { promptPassword } from '../util/prompt.js';
+if (needsBootstrap()) {
+  console.log('System needs to be bootstrapped first. OpenID is not enabled.');
+  process.exit(1);
+} else {
+  console.log('To disable OpenID, you have to enter your server password:');
+  try {
+    const loginMethod = getActiveLoginMethod();
+    console.log(`Current login method: ${loginMethod}`);
+    if (loginMethod === 'password') {
+      console.log('OpenID already disabled.');
+      process.exit(0);
+    }
+    const password = await promptPassword();
+    const { error } = (await disableOpenID({ password })) || {};
+    if (error) {
+      console.log('Error disabling OpenID:', error);
+      console.log(
+        'Please report this as an issue: https://github.com/actualbudget/actual-server/issues',
+      );
+      process.exit(2);
+    }
+    console.log('OpenID disabled!');
+    console.log(
+      'Note: you will need to log in with the password on any browsers or devices that are currently logged in.',
+    );
+  } catch (err) {
+    console.log('Unexpected error:', err);
+    console.log(
+      'Please report this as an issue: https://github.com/actualbudget/actual-server/issues',
+    );
+    process.exit(2);
+  }
+}

package/src/scripts/enable-openid.js ADDED Viewed

@@ -0,0 +1,53 @@
+import {
+  enableOpenID,
+  getActiveLoginMethod,
+  needsBootstrap,
+} from '../account-db.js';
+import { config } from '../load-config.js';
+if (needsBootstrap()) {
+  console.log(
+    'It looks like you don’t have a password set yet. Password is the fallback authentication method when using OpenID. Execute the command reset-password before using this command!',
+  );
+  process.exit(1);
+} else {
+  console.log('Enabling openid based on Environment variables or config.json');
+  try {
+    const loginMethod = getActiveLoginMethod();
+    console.log(`Current login method: ${loginMethod}`);
+    if (loginMethod === 'openid') {
+      console.log('OpenID already enabled.');
+      process.exit(0);
+    }
+    const { error } = (await enableOpenID(config.getProperties())) || {};
+    if (error) {
+      console.log('Error enabling openid:', error);
+      if (error === 'invalid-login-settings') {
+        console.log(
+          'Error configuring OpenID. Please verify that the configuration file or environment variables are correct.',
+        );
+        process.exit(1);
+      } else {
+        console.log(
+          'Please report this as an issue: https://github.com/actualbudget/actual-server/issues',
+        );
+        process.exit(2);
+      }
+    }
+    console.log('OpenID enabled!');
+    console.log(
+      'Note: The first user to login with OpenID will be the owner of the server.',
+    );
+  } catch (err) {
+    console.log('Unexpected error:', err);
+    console.log(
+      'Please report this as an issue: https://github.com/actualbudget/actual-server/issues',
+    );
+    process.exit(2);
+  }
+}