@axium/server 0.0.1 → 0.0.3

package/README.md

@@ -0,0 +1 @@
+# Axium Server

package/dist/auth.d.ts

@@ -0,0 +1,28 @@
+import type { Adapter } from '@auth/core/adapters';
+import type { Provider } from '@auth/core/providers';
+import type { AuthConfig } from '@auth/core/types';
+import { Registration } from '@axium/core/schemas';
+declare module '@auth/core/adapters' {
+    interface AdapterUser {
+        password: string | null;
+        salt: string | null;
+    }
+}
+export declare let adapter: Adapter;
+export declare function createAdapter(): void;
+/**
+ * Login using credentials
+ */
+export declare function register(credentials: Registration): Promise<{
+    user: import("@auth/core/adapters").AdapterUser;
+    session: import("@auth/core/adapters").AdapterSession;
+}>;
+/**
+ * Authorize using credentials
+ */
+export declare function authorize(credentials: Partial<Record<string, unknown>>): Promise<Omit<import("@auth/core/adapters").AdapterUser, "password" | "salt"> | null>;
+type Providers = Exclude<Provider, (...args: any[]) => any>[];
+export declare function getConfig(): AuthConfig & {
+    providers: Providers;
+};
+export {};

package/dist/auth.js

@@ -0,0 +1,136 @@
+import { CredentialsSignin } from '@auth/core/errors';
+import Credentials from '@auth/core/providers/credentials';
+import Passkey from '@auth/core/providers/passkey';
+import { KyselyAdapter } from '@auth/kysely-adapter';
+import { Login, Registration } from '@axium/core/schemas';
+import { genSaltSync, hashSync } from 'bcryptjs';
+import { randomBytes } from 'node:crypto';
+import { omit } from 'utilium';
+import * as config from './config.js';
+import * as db from './database.js';
+import { logger } from './io.js';
+export let adapter;
+export function createAdapter() {
+    if (adapter)
+        return;
+    const conn = db.connect();
+    adapter = Object.assign(KyselyAdapter(conn), {
+        async getAccount(providerAccountId, provider) {
+            const result = await conn.selectFrom('Account').selectAll().where('providerAccountId', '=', providerAccountId).where('provider', '=', provider).executeTakeFirst();
+            return result ?? null;
+        },
+        async getAuthenticator(credentialID) {
+            const result = await conn.selectFrom('Authenticator').selectAll().where('credentialID', '=', credentialID).executeTakeFirst();
+            return result ?? null;
+        },
+        async createAuthenticator(authenticator) {
+            await conn.insertInto('Authenticator').values(authenticator).executeTakeFirstOrThrow();
+            return authenticator;
+        },
+        async listAuthenticatorsByUserId(userId) {
+            const result = await conn.selectFrom('Authenticator').selectAll().where('userId', '=', userId).execute();
+            return result;
+        },
+        async updateAuthenticatorCounter(credentialID, newCounter) {
+            await conn.updateTable('Authenticator').set({ counter: newCounter }).where('credentialID', '=', credentialID).executeTakeFirstOrThrow();
+            const authenticator = await adapter.getAuthenticator?.(credentialID);
+            if (!authenticator)
+                throw new Error('Authenticator not found');
+            return authenticator;
+        },
+    });
+}
+/**
+ * Login using credentials
+ */
+export async function register(credentials) {
+    const { email, password, name } = Registration.parse(credentials);
+    const existing = await adapter.getUserByEmail?.(email);
+    if (existing)
+        throw 'User already exists';
+    let id = crypto.randomUUID();
+    while (await adapter.getUser?.(id))
+        id = crypto.randomUUID();
+    const salt = genSaltSync(10);
+    const user = await adapter.createUser({
+        id,
+        name,
+        email,
+        emailVerified: null,
+        salt: password ? salt : null,
+        password: password ? hashSync(password, salt) : null,
+    });
+    const expires = new Date();
+    expires.setMonth(expires.getMonth() + 1);
+    const session = await adapter.createSession({
+        sessionToken: randomBytes(64).toString('base64'),
+        userId: id,
+        expires,
+    });
+    return { user, session };
+}
+/**
+ * Authorize using credentials
+ */
+export async function authorize(credentials) {
+    const { success, error, data } = Login.safeParse(credentials);
+    if (!success)
+        throw new CredentialsSignin(error);
+    const user = await adapter.getUserByEmail?.(data.email);
+    if (!user || !data.password || !user.salt)
+        return null;
+    if (user.password !== hashSync(data.password, user.salt))
+        return null;
+    return omit(user, 'password', 'salt');
+}
+export function getConfig() {
+    createAdapter();
+    const providers = [Passkey({})];
+    if (config.auth.credentials) {
+        providers.push(Credentials({
+            credentials: {
+                email: { label: 'Email', type: 'email' },
+                password: { label: 'Password', type: 'password' },
+            },
+            authorize,
+        }));
+    }
+    const debug = config.auth.debug ?? config.debug;
+    return {
+        adapter,
+        providers,
+        debug,
+        experimental: { enableWebAuthn: true },
+        secret: config.auth.secret,
+        useSecureCookies: config.auth.secure_cookies,
+        session: { strategy: 'database' },
+        logger: {
+            error(error) {
+                logger.error('[auth] ' + error.message);
+            },
+            warn(code) {
+                switch (code) {
+                    case 'experimental-webauthn':
+                    case 'debug-enabled':
+                        return;
+                    case 'csrf-disabled':
+                        logger.warn('CSRF protection is disabled.');
+                        break;
+                    case 'env-url-basepath-redundant':
+                    case 'env-url-basepath-mismatch':
+                    default:
+                        logger.warn('[auth] ' + code);
+                }
+            },
+            debug(message, metadata) {
+                debug && logger.debug('[auth]', message, metadata ? JSON.stringify(metadata, (k, v) => (k && JSON.stringify(v).length > 100 ? '...' : v)) : '');
+            },
+        },
+        callbacks: {
+            signIn({ user }) {
+                logger.info('[auth] signin', user.id ?? '', user.email ? `(${user.email})` : '');
+                return true;
+            },
+        },
+    };
+}

package/dist/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/cli.js

@@ -1,273 +1,192 @@
 #!/usr/bin/env node
-var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
-    if (value !== null && value !== void 0) {
-        if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
-        var dispose, inner;
-        if (async) {
-            if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
-            dispose = value[Symbol.asyncDispose];
-        }
-        if (dispose === void 0) {
-            if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
-            dispose = value[Symbol.dispose];
-            if (async) inner = dispose;
-        }
-        if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
-        if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
-        env.stack.push({ value: value, dispose: dispose, async: async });
-    }
-    else if (async) {
-        env.stack.push({ async: true });
-    }
-    return value;
-};
-var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
-    return function (env) {
-        function fail(e) {
-            env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
-            env.hasError = true;
-        }
-        var r, s = 0;
-        function next() {
-            while (r = env.stack.pop()) {
-                try {
-                    if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
-                    if (r.dispose) {
-                        var result = r.dispose.call(r.value);
-                        if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
-                    }
-                    else s |= 1;
-                }
-                catch (e) {
-                    fail(e);
-                }
-            }
-            if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
-            if (env.hasError) throw env.error;
-        }
-        return next();
-    };
-})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
-    var e = new Error(message);
-    return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
-});
-import chalk from 'chalk';
 import { Option, program } from 'commander';
-import { sql } from 'kysely';
-import { exec } from 'node:child_process';
-import { randomBytes } from 'node:crypto';
-import * as _db from './database.js';
-program.version('0.0.0').name('axium').description('Axium server CLI');
-// Options shared by multiple commands
+import { styleText } from 'node:util';
+import { getByString, isJSON, pick, setByString } from 'utilium';
+import $pkg from '../package.json' with { type: 'json' };
+import * as config from './config.js';
+import * as db from './database.js';
+import { exit, output } from './io.js';
+program
+    .version($pkg.version)
+    .name('axium')
+    .description('Axium server CLI')
+    .configureHelp({ showGlobalOptions: true })
+    .option('-D, --debug', 'override debug mode', false)
+    .option('-c, --config <path>', 'path to the config file');
+program.on('option:debug', () => config.set(pick(program.opts(), 'debug')));
+program.on('option:config', () => config.load(program.opts().config));
+program.hook('preAction', function (_, action) {
+    config.loadDefaults();
+    const opt = action.optsWithGlobals();
+    opt.force && output.warn('--force: Protections disabled.');
+});
+// Options shared by multiple (sub)commands
 const opts = {
-    host: new Option('-H, --host <host>', 'the host of the database.').default('localhost:5432'),
-    timeout: new Option('-t, --timeout <ms>', 'how long to wait for commands to complete.').default(1000),
+    // database specific
+    host: new Option('-H, --host <host>', 'the host of the database.').argParser(value => {
+        const [hostname, port] = value?.split(':') ?? [];
+        config.db.host = hostname || config.db.host;
+        config.db.port = port && Number.isSafeInteger(parseInt(port)) ? parseInt(port) : config.db.port;
+    }),
     force: new Option('-f, --force', 'force the operation').default(false),
-    verbose: new Option('-v, --verbose', 'verbose output').default(false),
 };
-const axiumDB = program.command('db').alias('database').description('manage the database');
-/** Convenience function for `example... [Done. / error]` */
-async function report(promise, message, success = 'done.') {
-    process.stdout.write(message + '... ');
-    try {
-        const result = await promise;
-        console.log(success);
-        return result;
-    }
-    catch (error) {
-        throw typeof error == 'object' && 'message' in error ? error.message : error;
+const axiumDB = program
+    .command('db')
+    .alias('database')
+    .description('manage the database')
+    .option('-t, --timeout <ms>', 'how long to wait for commands to complete.', '1000')
+    .addOption(opts.host);
+function db_output(state, message = '') {
+    switch (state) {
+        case 'start':
+            process.stdout.write(message + '... ');
+            break;
+        case 'log':
+        case 'warn':
+            process.stdout.write(styleText('yellow', message));
+            break;
+        case 'error':
+            process.stdout.write(styleText('red', message));
+            break;
+        case 'done':
+            console.log('done.');
+            break;
     }
 }
-/** Convenience function for `sudo -u postgres psql -c "${command}"`, plus `report` coolness */
-async function runSQL(opts, command, message) {
-    let stderr;
-    try {
-        process.stdout.write(message + '... ');
-        const { promise, resolve, reject } = Promise.withResolvers();
-        exec(`sudo -u postgres psql -c "${command}"`, { timeout: 1000, ...opts }, (err, _, _stderr) => {
-            stderr = _stderr.startsWith('ERROR:') ? _stderr.slice(6).trim() : _stderr;
-            if (err)
-                reject('[command]');
-            else
-                resolve();
-        });
-        await promise;
-        console.log('done.');
-    }
-    catch (error) {
-        throw error == '[command]' ? stderr?.slice(0, 100) || 'failed.' : typeof error == 'object' && 'message' in error ? error.message : error;
-    }
-}
-function err(message) {
-    if (message instanceof Error)
-        message = message.message;
-    console.error(message.startsWith('\x1b') ? message : chalk.red(message));
-}
-/** Yet another convenience function */
-function exit(message, code = 1) {
-    err(message);
-    process.exit(code);
-}
-function shouldRecreate(opt) {
-    if (opt.skip) {
-        console.warn(chalk.yellow('already exists. (skipped)'));
-        return true;
-    }
-    if (opt.force) {
-        console.warn(chalk.yellow('already exists. (re-creating)'));
-        return false;
-    }
-    console.warn(chalk.yellow('already exists. Use --skip to skip or --force to re-create.'));
-    process.exit(2);
-}
 axiumDB
     .command('init')
     .description('initialize the database')
-    .addOption(opts.host)
-    .addOption(opts.timeout)
     .addOption(opts.force)
-    .addOption(opts.verbose)
     .option('-s, --skip', 'Skip existing database and/or user')
     .action(async (opt) => {
-    const env_1 = { stack: [], error: void 0, hasError: false };
+    await db.init({ ...opt, output: db_output }).catch((e) => {
+        if (typeof e == 'number')
+            process.exit(e);
+        else
+            exit(e);
+    });
+});
+axiumDB
+    .command('status')
+    .alias('stats')
+    .description('check the status of the database')
+    .action(async () => {
     try {
-        opt.verbose && opt.force && console.log(chalk.yellow('--force: Protections disabled.'));
-        const config = _db.normalizeConfig(opt);
-        config.password ??= process.env.PGPASSWORD || randomBytes(32).toString('base64').replaceAll('=', '').replaceAll('/', '_').replaceAll('+', '-');
-        await runSQL(opt, 'CREATE DATABASE axium', 'Creating database')
-            .catch(async (error) => {
-            if (error != 'database "axium" already exists')
-                exit(error);
-            if (shouldRecreate(opt))
-                return;
-            await runSQL(opt, 'DROP DATABASE axium', 'Dropping database');
-            await runSQL(opt, 'CREATE DATABASE axium', 'Re-creating database');
-        })
-            .catch(exit);
-        const createQuery = `CREATE USER axium WITH ENCRYPTED PASSWORD '${config.password}' LOGIN`;
-        await runSQL(opt, createQuery, 'Creating user')
-            .catch(async (error) => {
-            if (error != 'role "axium" already exists')
-                exit(error);
-            if (shouldRecreate(opt))
-                return;
-            await runSQL(opt, 'REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
-            await runSQL(opt, 'DROP USER axium', 'Dropping user');
-            await runSQL(opt, createQuery, 'Re-creating user');
-        })
-            .catch(exit);
-        await runSQL(opt, 'GRANT ALL PRIVILEGES ON DATABASE axium TO axium', 'Granting database privileges').catch(exit);
-        await runSQL(opt, 'GRANT ALL PRIVILEGES ON SCHEMA public TO axium', 'Granting schema privileges').catch(exit);
-        await runSQL(opt, 'ALTER DATABASE axium OWNER TO axium', 'Setting database owner').catch(exit);
-        await runSQL(opt, 'SELECT pg_reload_conf()', 'Reloading configuration').catch(exit);
-        const db = __addDisposableResource(env_1, _db.connect(config), true);
-        const relationExists = (table) => (error) => (error == `relation "${table}" already exists` ? console.warn(chalk.yellow('already exists.')) : exit(error));
-        const created = chalk.green('created.');
-        await report(db.schema
-            .createTable('User')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('name', 'text')
-            .addColumn('email', 'text', col => col.unique().notNull())
-            .addColumn('emailVerified', 'timestamptz')
-            .addColumn('image', 'text')
-            .execute(), 'Creating table User', created).catch(relationExists('User'));
-        await report(db.schema
-            .createTable('Account')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('userId', 'uuid', col => col.references('User.id').onDelete('cascade').notNull())
-            .addColumn('type', 'text', col => col.notNull())
-            .addColumn('provider', 'text', col => col.notNull())
-            .addColumn('providerAccountId', 'text', col => col.notNull())
-            .addColumn('refresh_token', 'text')
-            .addColumn('access_token', 'text')
-            .addColumn('expires_at', 'bigint')
-            .addColumn('token_type', 'text')
-            .addColumn('scope', 'text')
-            .addColumn('id_token', 'text')
-            .addColumn('session_state', 'text')
-            .execute(), 'Creating table Account', created).catch(relationExists('Account'));
-        await report(db.schema.createIndex('Account_userId_index').on('Account').column('userId').execute(), 'Creating index for Account.userId', created).catch(relationExists('Account_userId_index'));
-        await report(db.schema
-            .createTable('Session')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('userId', 'uuid', col => col.references('User.id').onDelete('cascade').notNull())
-            .addColumn('sessionToken', 'text', col => col.notNull().unique())
-            .addColumn('expires', 'timestamptz', col => col.notNull())
-            .execute(), 'Creating table Session', created).catch(relationExists('Session'));
-        await report(db.schema.createIndex('Session_userId_index').on('Session').column('userId').execute(), 'Creating index for Session.userId', created).catch(relationExists('Session_userId_index'));
-        await report(db.schema
-            .createTable('VerificationToken')
-            .addColumn('identifier', 'text', col => col.notNull())
-            .addColumn('token', 'text', col => col.notNull().unique())
-            .addColumn('expires', 'timestamptz', col => col.notNull())
-            .execute(), 'Creating table VerificationToken', created).catch(relationExists('VerificationToken'));
-        await report(db.schema
-            .createTable('Authenticator')
-            .addColumn('credentialID', 'text', col => col.primaryKey().notNull())
-            .addColumn('userId', 'uuid', col => col.notNull().references('User.id').onDelete('cascade').onUpdate('cascade'))
-            .addColumn('providerAccountId', 'text', col => col.notNull())
-            .addColumn('credentialPublicKey', 'text', col => col.notNull())
-            .addColumn('counter', 'integer', col => col.notNull())
-            .addColumn('credentialDeviceType', 'text', col => col.notNull())
-            .addColumn('credentialBackedUp', 'boolean', col => col.notNull())
-            .addColumn('transports', 'text')
-            .execute(), 'Creating table Authenticator', created).catch(relationExists('Authenticator'));
-        await report(db.schema.createIndex('Authenticator_credentialID_key').on('Authenticator').column('credentialID').execute(), 'Creating index for Authenticator.credentialID', created).catch(relationExists('Authenticator_credentialID_key'));
-        console.log('Done!\nPassword: ' + config.password);
+        console.log(await db.statusText());
     }
-    catch (e_1) {
-        env_1.error = e_1;
-        env_1.hasError = true;
+    catch {
+        output.error('Unavailable');
+        process.exitCode = 1;
     }
     finally {
-        const result_1 = __disposeResources(env_1);
-        if (result_1)
-            await result_1;
+        await db.database.destroy();
     }
 });
-axiumDB
-    .command('status')
-    .alias('stats')
-    .description('check the status of the database')
-    .addOption(opts.host)
-    .addOption(opts.verbose)
-    .action(async (opt) => _db
-    .statusText(opt)
-    .then(console.log)
-    .catch(() => exit('Unavailable')));
 axiumDB
     .command('drop')
     .description('drop the database')
-    .addOption(opts.host)
-    .addOption(opts.verbose)
     .addOption(opts.force)
-    .addOption(opts.timeout)
     .action(async (opt) => {
-    opt.verbose && opt.force && console.log(chalk.yellow('--force: Protections disabled.'));
-    _db.normalizeConfig(opt);
-    const stats = await _db.status(opt).catch(exit);
+    const stats = await db.status().catch(exit);
     if (!opt.force)
         for (const key of ['users', 'accounts', 'sessions']) {
             if (stats[key] == 0)
                 continue;
-            console.warn(chalk.yellow(`Database has existing ${key}. Use --force if you really want to drop the database.`));
+            output.warn(`Database has existing ${key}. Use --force if you really want to drop the database.`);
             process.exit(2);
         }
-    await runSQL(opt, 'DROP DATABASE axium', 'Dropping database').catch(exit);
-    await runSQL(opt, 'REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges').catch(exit);
-    await runSQL(opt, 'DROP USER axium', 'Dropping user').catch(exit);
+    await db.uninstall({ ...opt, output: db_output }).catch(exit);
+    await db.database.destroy();
+});
+axiumDB
+    .command('wipe')
+    .description('wipe the database')
+    .addOption(opts.force)
+    .action(async (opt) => {
+    const stats = await db.status().catch(exit);
+    if (!opt.force)
+        for (const key of ['users', 'accounts', 'sessions']) {
+            if (stats[key] == 0)
+                continue;
+            output.warn(`Database has existing ${key}. Use --force if you really want to wipe the database.`);
+            process.exit(2);
+        }
+    await db.wipe({ ...opt, output: db_output }).catch(exit);
+    await db.database.destroy();
+});
+const axiumConfig = program
+    .command('config')
+    .alias('conf')
+    .description('manage the configuration')
+    .option('-j, --json', 'values are JSON encoded')
+    .option('-g, --global', 'apply to the global config');
+axiumConfig
+    .command('dump')
+    .description('Output the entire current configuration')
+    .action(() => {
+    const value = config.get();
+    console.log(axiumConfig.optsWithGlobals().json ? JSON.stringify(value) : value);
+});
+axiumConfig
+    .command('get')
+    .description('get a config value')
+    .argument('<key>', 'the key to get')
+    .action((key) => {
+    const value = getByString(config, key);
+    console.log(axiumConfig.optsWithGlobals().json ? JSON.stringify(value) : value);
+});
+axiumConfig
+    .command('set')
+    .description('Set a config value. Note setting objects is not supported.')
+    .argument('<key>', 'the key to set')
+    .argument('<value>', 'the value')
+    .action((key, value, opt) => {
+    const useJSON = axiumConfig.optsWithGlobals().json;
+    if (useJSON && !isJSON(value))
+        exit('Invalid JSON');
+    const obj = {};
+    setByString(obj, key, useJSON ? JSON.parse(value) : value);
+    config.save(obj, opt.global);
+});
+axiumConfig
+    .command('list')
+    .alias('ls')
+    .alias('files')
+    .description('List loaded config files')
+    .action(() => {
+    for (const path of config.files.keys())
+        console.log(path);
 });
 program
     .command('status')
     .alias('stats')
     .description('get information about the server')
-    .option('-D --db-host <host>', 'the host of the database.', 'localhost:5432')
-    .action(async (opt) => {
+    .addOption(opts.host)
+    .action(async () => {
     console.log('Axium Server v' + program.version());
+    console.log('Debug mode:', config.debug ? styleText('yellow', 'enabled') : 'disabled');
+    console.log('Loaded config files:', config.files.keys().toArray().join(', '));
     process.stdout.write('Database: ');
-    await _db
-        .statusText({ host: opt.dbHost })
-        .then(console.log)
-        .catch(() => err('Unavailable'));
+    try {
+        console.log(await db.statusText());
+    }
+    catch {
+        output.error('Unavailable');
+    }
+    await db.database.destroy();
+    console.log('Credentials authentication:', config.auth.credentials ? styleText('yellow', 'enabled') : 'disabled');
+});
+program
+    .command('init')
+    .description('Install Axium server')
+    .addOption(opts.force)
+    .addOption(opts.host)
+    .action(async (opt) => {
+    await db.init({ ...opt, skip: opt.dbSkip, output: db_output }).catch((e) => {
+        if (typeof e == 'number')
+            process.exit(e);
+        else
+            exit(e);
+    });
 });
 program.parse();