@authrim/setup 0.1.49 → 0.1.51

package/dist/cli/commands/init.js

@@ -719,8 +719,112 @@ async function runQuickSetup(options) {
             default: '',
         });
     }
+    // Database Configuration
+    console.log('');
+    console.log(chalk.blue('━━━ Database Configuration ━━━'));
+    console.log(chalk.yellow('⚠️  Database region cannot be changed after creation.'));
+    console.log('');
+    const locationChoices = [
+        { name: 'Automatic (nearest to you)', value: 'auto' },
+        { name: '── Location Hints ──', value: '__separator1__', disabled: true },
+        { name: 'North America (West)', value: 'wnam' },
+        { name: 'North America (East)', value: 'enam' },
+        { name: 'Europe (West)', value: 'weur' },
+        { name: 'Europe (East)', value: 'eeur' },
+        { name: 'Asia Pacific', value: 'apac' },
+        { name: 'Oceania', value: 'oc' },
+        { name: '── Jurisdiction (Compliance) ──', value: '__separator2__', disabled: true },
+        { name: 'EU Jurisdiction (GDPR compliance)', value: 'eu' },
+    ];
+    console.log(chalk.gray('  Core DB: Stores OAuth clients, tokens, sessions, audit logs'));
+    const coreDbLocation = await select({
+        message: 'Core Database region',
+        choices: locationChoices,
+        default: 'auto',
+    });
+    console.log('');
+    console.log(chalk.gray('  PII DB: Stores user profiles, credentials, personal data'));
+    const piiDbLocation = await select({
+        message: 'PII Database region',
+        choices: locationChoices,
+        default: 'auto',
+    });
+    // Parse location vs jurisdiction
+    function parseDbLocation(value) {
+        if (value === 'eu') {
+            return { location: 'auto', jurisdiction: 'eu' };
+        }
+        return {
+            location: value,
+            jurisdiction: 'none',
+        };
+    }
+    // Email Provider Configuration
+    console.log('');
+    console.log(chalk.blue('━━━ Email Provider ━━━'));
+    console.log(chalk.gray('Configure email sending for magic links and verification codes.'));
+    console.log('');
+    const configureEmail = await confirm({
+        message: 'Configure email provider now?',
+        default: false,
+    });
+    let emailConfig = { provider: 'none' };
+    if (configureEmail) {
+        console.log('');
+        console.log(chalk.gray('Resend is the supported email provider.'));
+        console.log(chalk.gray('Get your API key at: https://resend.com/api-keys'));
+        console.log(chalk.gray('Set up domain at: https://resend.com/domains'));
+        console.log('');
+        const resendApiKey = await password({
+            message: 'Resend API key',
+            mask: '*',
+            validate: (value) => {
+                if (!value.trim())
+                    return 'API key is required';
+                if (!value.startsWith('re_')) {
+                    return 'Warning: Resend API keys typically start with "re_"';
+                }
+                return true;
+            },
+        });
+        const fromAddress = await input({
+            message: 'From email address',
+            default: 'noreply@yourdomain.com',
+            validate: (value) => {
+                if (!value.includes('@'))
+                    return 'Please enter a valid email address';
+                return true;
+            },
+        });
+        const fromName = await input({
+            message: 'From display name (optional)',
+            default: 'Authrim',
+        });
+        emailConfig = {
+            provider: 'resend',
+            fromAddress,
+            fromName: fromName || undefined,
+            apiKey: resendApiKey,
+        };
+        console.log('');
+        console.log(chalk.yellow('⚠️  Domain verification required for sending from your own domain.'));
+        console.log(chalk.gray('   See: https://resend.com/docs/dashboard/domains/introduction'));
+    }
     // Create configuration
     const config = createDefaultConfig(envPrefix);
+    config.database = {
+        core: parseDbLocation(coreDbLocation),
+        pii: parseDbLocation(piiDbLocation),
+    };
+    config.features = {
+        ...config.features,
+        email: {
+            provider: emailConfig.provider,
+            fromAddress: emailConfig.fromAddress,
+            fromName: emailConfig.fromName,
+            configured: emailConfig.provider === 'resend',
+        },
+    };
     config.urls = {
         api: {
             custom: apiDomain || null,
@@ -750,6 +854,18 @@ async function runQuickSetup(options) {
     console.log(`  Login UI:      ${chalk.cyan(config.urls.loginUi.custom || config.urls.loginUi.auto)}`);
     console.log(`  Admin UI:      ${chalk.cyan(config.urls.adminUi.custom || config.urls.adminUi.auto)}`);
     console.log('');
+    console.log(chalk.bold('Email:'));
+    if (emailConfig.provider === 'resend') {
+        console.log(`  Provider:      ${chalk.cyan('Resend')}`);
+        console.log(`  From Address:  ${chalk.cyan(emailConfig.fromAddress)}`);
+        if (emailConfig.fromName) {
+            console.log(`  From Name:     ${chalk.cyan(emailConfig.fromName)}`);
+        }
+    }
+    else {
+        console.log(`  Provider:      ${chalk.gray('Not configured (configure later)')}`);
+    }
+    console.log('');
     const proceed = await confirm({
         message: 'Start setup with this configuration?',
         default: true,
@@ -758,6 +874,19 @@ async function runQuickSetup(options) {
         console.log(chalk.yellow('Setup cancelled.'));
         return;
     }
+    // Save email secrets if configured
+    if (emailConfig.provider === 'resend' && emailConfig.apiKey) {
+        const keysDir = `.keys/${envPrefix}`;
+        await import('node:fs/promises').then(async (fs) => {
+            await fs.mkdir(keysDir, { recursive: true });
+            await fs.writeFile(`${keysDir}/resend_api_key.txt`, emailConfig.apiKey.trim());
+            await fs.writeFile(`${keysDir}/email_from.txt`, emailConfig.fromAddress.trim());
+            if (emailConfig.fromName) {
+                await fs.writeFile(`${keysDir}/email_from_name.txt`, emailConfig.fromName.trim());
+            }
+        });
+        console.log(chalk.gray(`📧 Email secrets saved to ${keysDir}/`));
+    }
     // Run setup
     await executeSetup(config, cfApiToken, options.keep);
 }
@@ -1000,16 +1129,59 @@ async function runNormalSetup(options) {
         message: 'Enable Cloudflare R2? (for avatars)',
         default: false,
     });
-    const emailProvider = await select({
+    const emailProviderChoice = await select({
         message: 'Select email provider',
         choices: [
-            { value: 'none', name: 'None (email disabled)' },
+            { value: 'none', name: 'None (configure later)' },
             { value: 'resend', name: 'Resend' },
-            { value: 'sendgrid', name: 'SendGrid' },
-            { value: 'ses', name: 'AWS SES' },
+            { value: 'sendgrid', name: 'SendGrid (coming soon)', disabled: true },
+            { value: 'ses', name: 'AWS SES (coming soon)', disabled: true },
         ],
         default: 'none',
     });
+    // Email configuration details
+    let emailConfigNormal = { provider: 'none' };
+    if (emailProviderChoice === 'resend') {
+        console.log('');
+        console.log(chalk.blue('━━━ Resend Configuration ━━━'));
+        console.log(chalk.gray('Get your API key at: https://resend.com/api-keys'));
+        console.log(chalk.gray('Set up domain at: https://resend.com/domains'));
+        console.log('');
+        const resendApiKey = await password({
+            message: 'Resend API key',
+            mask: '*',
+            validate: (value) => {
+                if (!value.trim())
+                    return 'API key is required';
+                if (!value.startsWith('re_')) {
+                    return 'Warning: Resend API keys typically start with "re_"';
+                }
+                return true;
+            },
+        });
+        const fromAddress = await input({
+            message: 'From email address',
+            default: 'noreply@yourdomain.com',
+            validate: (value) => {
+                if (!value.includes('@'))
+                    return 'Please enter a valid email address';
+                return true;
+            },
+        });
+        const fromName = await input({
+            message: 'From display name (optional)',
+            default: 'Authrim',
+        });
+        emailConfigNormal = {
+            provider: 'resend',
+            fromAddress,
+            fromName: fromName || undefined,
+            apiKey: resendApiKey,
+        };
+        console.log('');
+        console.log(chalk.yellow('⚠️  Domain verification required for sending from your own domain.'));
+        console.log(chalk.gray('   See: https://resend.com/docs/dashboard/domains/introduction'));
+    }
     // Step 7: Advanced OIDC settings
     const configureOidc = await confirm({
         message: 'Configure OIDC settings? (token TTL, etc.)',
@@ -1096,9 +1268,54 @@ async function runNormalSetup(options) {
         });
         refreshTokenShards = parseInt(refreshTokenShardsStr, 10);
     }
+    // Step 9: Database Configuration
+    console.log('');
+    console.log(chalk.blue('━━━ Database Configuration ━━━'));
+    console.log(chalk.yellow('⚠️  Database region cannot be changed after creation.'));
+    console.log('');
+    const dbLocationChoices = [
+        { name: 'Automatic (nearest to you)', value: 'auto' },
+        { name: '── Location Hints ──', value: '__separator1__', disabled: true },
+        { name: 'North America (West)', value: 'wnam' },
+        { name: 'North America (East)', value: 'enam' },
+        { name: 'Europe (West)', value: 'weur' },
+        { name: 'Europe (East)', value: 'eeur' },
+        { name: 'Asia Pacific', value: 'apac' },
+        { name: 'Oceania', value: 'oc' },
+        { name: '── Jurisdiction (Compliance) ──', value: '__separator2__', disabled: true },
+        { name: 'EU Jurisdiction (GDPR compliance)', value: 'eu' },
+    ];
+    console.log(chalk.gray('  Core DB: Stores OAuth clients, tokens, sessions, audit logs'));
+    const coreDbLocation = await select({
+        message: 'Core Database region',
+        choices: dbLocationChoices,
+        default: 'auto',
+    });
+    console.log('');
+    console.log(chalk.gray('  PII DB: Stores user profiles, credentials, personal data'));
+    console.log(chalk.gray('  Consider your data protection requirements.'));
+    const piiDbLocation = await select({
+        message: 'PII Database region',
+        choices: dbLocationChoices,
+        default: 'auto',
+    });
+    // Parse location vs jurisdiction
+    function parseDbLocationNormal(value) {
+        if (value === 'eu') {
+            return { location: 'auto', jurisdiction: 'eu' };
+        }
+        return {
+            location: value,
+            jurisdiction: 'none',
+        };
+    }
     // Create configuration
     const config = createDefaultConfig(envPrefix);
     config.profile = profile;
+    config.database = {
+        core: parseDbLocationNormal(coreDbLocation),
+        pii: parseDbLocationNormal(piiDbLocation),
+    };
     config.tenant = {
         name: tenantName,
         displayName: tenantDisplayName,
@@ -1141,7 +1358,12 @@ async function runNormalSetup(options) {
     config.features = {
         queue: { enabled: enableQueue },
         r2: { enabled: enableR2 },
-        email: { provider: emailProvider },
+        email: {
+            provider: emailConfigNormal.provider,
+            fromAddress: emailConfigNormal.fromAddress,
+            fromName: emailConfigNormal.fromName,
+            configured: emailConfigNormal.provider === 'resend',
+        },
     };
     // Show summary
     console.log('');
@@ -1190,7 +1412,18 @@ async function runNormalSetup(options) {
     console.log(chalk.bold('Feature Flags:'));
     console.log(`  Queue:         ${enableQueue ? chalk.green('Enabled') : chalk.gray('Disabled')}`);
     console.log(`  R2:            ${enableR2 ? chalk.green('Enabled') : chalk.gray('Disabled')}`);
-    console.log(`  Email:         ${chalk.cyan(emailProvider)}`);
+    console.log('');
+    console.log(chalk.bold('Email:'));
+    if (emailConfigNormal.provider === 'resend') {
+        console.log(`  Provider:      ${chalk.cyan('Resend')}`);
+        console.log(`  From Address:  ${chalk.cyan(emailConfigNormal.fromAddress)}`);
+        if (emailConfigNormal.fromName) {
+            console.log(`  From Name:     ${chalk.cyan(emailConfigNormal.fromName)}`);
+        }
+    }
+    else {
+        console.log(`  Provider:      ${chalk.gray('Not configured (configure later)')}`);
+    }
     console.log('');
     console.log(chalk.bold('OIDC Settings:'));
     console.log(`  Access TTL:    ${chalk.cyan(accessTokenTtl + 'sec')}`);
@@ -1202,6 +1435,20 @@ async function runNormalSetup(options) {
     console.log(`  Auth Code:     ${chalk.cyan(authCodeShards)} shards`);
     console.log(`  Refresh Token: ${chalk.cyan(refreshTokenShards)} shards`);
     console.log('');
+    console.log(chalk.bold('Database:'));
+    const coreDbDisplay = coreDbLocation === 'eu'
+        ? 'EU Jurisdiction'
+        : coreDbLocation === 'auto'
+            ? 'Automatic'
+            : coreDbLocation.toUpperCase();
+    const piiDbDisplay = piiDbLocation === 'eu'
+        ? 'EU Jurisdiction'
+        : piiDbLocation === 'auto'
+            ? 'Automatic'
+            : piiDbLocation.toUpperCase();
+    console.log(`  Core DB:       ${chalk.cyan(coreDbDisplay)}`);
+    console.log(`  PII DB:        ${chalk.cyan(piiDbDisplay)}`);
+    console.log('');
     const proceed = await confirm({
         message: 'Start setup with this configuration?',
         default: true,
@@ -1210,6 +1457,19 @@ async function runNormalSetup(options) {
         console.log(chalk.yellow('Setup cancelled.'));
         return;
     }
+    // Save email secrets if configured
+    if (emailConfigNormal.provider === 'resend' && emailConfigNormal.apiKey) {
+        const keysDir = `.keys/${envPrefix}`;
+        await import('node:fs/promises').then(async (fs) => {
+            await fs.mkdir(keysDir, { recursive: true });
+            await fs.writeFile(`${keysDir}/resend_api_key.txt`, emailConfigNormal.apiKey.trim());
+            await fs.writeFile(`${keysDir}/email_from.txt`, emailConfigNormal.fromAddress.trim());
+            if (emailConfigNormal.fromName) {
+                await fs.writeFile(`${keysDir}/email_from_name.txt`, emailConfigNormal.fromName.trim());
+            }
+        });
+        console.log(chalk.gray(`📧 Email secrets saved to ${keysDir}/`));
+    }
     await executeSetup(config, cfApiToken, options.keep);
 }
 // =============================================================================
@@ -1300,6 +1560,7 @@ async function executeSetup(config, cfApiToken, keepPath) {
             createKV: true,
             createQueues: config.features.queue?.enabled,
             createR2: config.features.r2?.enabled,
+            databaseConfig: config.database,
             onProgress: (msg) => console.log(`  ${msg}`),
         });
     }
@@ -1531,6 +1792,7 @@ async function handleRedeploy(config, configPath) {
                 createKV: true,
                 createQueues: config.features.queue?.enabled,
                 createR2: config.features.r2?.enabled,
+                databaseConfig: config.database,
                 onProgress: (msg) => console.log(`  ${msg}`),
             });
             // Create and save lock file
@@ -1848,7 +2110,12 @@ async function editFeatures(config) {
     });
     config.features.queue = { enabled: queueEnabled };
     config.features.r2 = { enabled: r2Enabled };
-    config.features.email = { provider: emailProvider };
+    config.features.email = {
+        provider: emailProvider,
+        configured: config.features.email?.configured || false,
+        fromAddress: config.features.email?.fromAddress,
+        fromName: config.features.email?.fromName,
+    };
     return true;
 }
 // =============================================================================