npm - @donkeylabs/cli - Versions diffs - 1.1.15 → 1.1.17 - Mend

@donkeylabs/cli 1.1.15 → 1.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@donkeylabs/cli",
-  "version": "1.1.15",
+  "version": "1.1.17",
   "type": "module",
   "description": "CLI for @donkeylabs/server - project scaffolding and code generation",
   "main": "./src/index.ts",

package/templates/sveltekit-app/.env.example CHANGED Viewed

@@ -33,8 +33,10 @@ NODE_ENV=development
 # EXTERNAL SERVICES (examples)
 # =============================================================================
-# Email service (e.g., Resend, SendGrid)
+# Email service (Resend)
 # RESEND_API_KEY=re_xxxxxxxxxxxx
+# EMAIL_FROM=noreply@yourdomain.com
+# PUBLIC_BASE_URL=https://yourdomain.com
 # Payment processing (e.g., Stripe)
 # STRIPE_SECRET_KEY=sk_test_xxxxxxxxxxxx

package/templates/sveltekit-app/src/lib/permissions.ts ADDED Viewed

@@ -0,0 +1,203 @@
+/**
+ * Permissions Helper for Svelte UI
+ *
+ * Provides reactive permission checking for UI locking.
+ *
+ * Usage in +page.server.ts:
+ * ```ts
+ * export const load = async ({ locals }) => {
+ *   const api = createApi({ locals });
+ *   const permissions = await api.permissions.context({ tenantId });
+ *   return { permissions };
+ * };
+ * ```
+ *
+ * Usage in +page.svelte:
+ * ```svelte
+ * <script>
+ *   import { createPermissions } from "$lib/permissions";
+ *   let { data } = $props();
+ *   const can = createPermissions(data.permissions);
+ * </script>
+ *
+ * {#if can.has("documents.create")}
+ *   <Button>Create Document</Button>
+ * {/if}
+ * ```
+ */
+import { createApi } from "./api";
+export interface PermissionContext {
+  tenantId: string;
+  roles: Array<{ id: string; name: string }>;
+  permissions: string[];
+}
+export interface PermissionsHelper {
+  /** Check if user has a static permission */
+  has: (permission: string) => boolean;
+  /** Check if user has all of the specified permissions */
+  hasAll: (...permissions: string[]) => boolean;
+  /** Check if user has any of the specified permissions */
+  hasAny: (...permissions: string[]) => boolean;
+  /** Check if user has a specific role */
+  hasRole: (roleName: string) => boolean;
+  /** Get all permissions */
+  all: () => string[];
+  /** Get all roles */
+  roles: () => Array<{ id: string; name: string }>;
+  /** Get tenant ID */
+  tenantId: () => string;
+  /** Check resource access (async - makes API call) */
+  canAccess: (
+    resourceType: string,
+    resourceId: string,
+    action: "create" | "read" | "write" | "delete" | "admin",
+    ownerId?: string
+  ) => Promise<boolean>;
+  /** Batch check resource access (async - makes single API call) */
+  canAccessMany: (
+    checks: Array<{
+      resourceType: string;
+      resourceId: string;
+      action: "create" | "read" | "write" | "delete" | "admin";
+      ownerId?: string;
+    }>
+  ) => Promise<Record<string, boolean>>;
+}
+/**
+ * Create a permissions helper from context
+ */
+export function createPermissions(context: PermissionContext): PermissionsHelper {
+  const permissionSet = new Set(context.permissions);
+  const api = createApi();
+  return {
+    has(permission: string): boolean {
+      // Exact match
+      if (permissionSet.has(permission)) return true;
+      // Wildcard match
+      if (permissionSet.has("*")) return true;
+      // Resource wildcard (e.g., "documents.*")
+      const [resource] = permission.split(".");
+      if (permissionSet.has(`${resource}.*`)) return true;
+      return false;
+    },
+    hasAll(...permissions: string[]): boolean {
+      return permissions.every((p) => this.has(p));
+    },
+    hasAny(...permissions: string[]): boolean {
+      return permissions.some((p) => this.has(p));
+    },
+    hasRole(roleName: string): boolean {
+      return context.roles.some(
+        (r) => r.name.toLowerCase() === roleName.toLowerCase()
+      );
+    },
+    all(): string[] {
+      return context.permissions;
+    },
+    roles(): Array<{ id: string; name: string }> {
+      return context.roles;
+    },
+    tenantId(): string {
+      return context.tenantId;
+    },
+    async canAccess(
+      resourceType: string,
+      resourceId: string,
+      action: "create" | "read" | "write" | "delete" | "admin",
+      ownerId?: string
+    ): Promise<boolean> {
+      const result = await api.permissions.canAccess({
+        tenantId: context.tenantId,
+        checks: [{ resourceType, resourceId, action, ownerId }],
+      });
+      return result[`${resourceType}:${resourceId}:${action}`] ?? false;
+    },
+    async canAccessMany(
+      checks: Array<{
+        resourceType: string;
+        resourceId: string;
+        action: "create" | "read" | "write" | "delete" | "admin";
+        ownerId?: string;
+      }>
+    ): Promise<Record<string, boolean>> {
+      return api.permissions.canAccess({
+        tenantId: context.tenantId,
+        checks,
+      });
+    },
+  };
+}
+/**
+ * Svelte component helper - use in templates
+ *
+ * Usage:
+ * ```svelte
+ * <script>
+ *   import { Can } from "$lib/permissions";
+ *   let { data } = $props();
+ * </script>
+ *
+ * <Can permission="documents.create" context={data.permissions}>
+ *   <Button>Create</Button>
+ * </Can>
+ * ```
+ */
+export function canCheck(
+  context: PermissionContext,
+  permission: string
+): boolean {
+  const helper = createPermissions(context);
+  return helper.has(permission);
+}
+/**
+ * Type helper for defining permissions in your app
+ *
+ * Usage:
+ * ```ts
+ * const PERMISSIONS = definePermissions({
+ *   documents: ["create", "read", "write", "delete", "admin"],
+ *   users: ["invite", "remove", "manage"],
+ *   billing: ["view", "manage"],
+ * } as const);
+ *
+ * // Type: "documents.create" | "documents.read" | ...
+ * type Permission = typeof PERMISSIONS[number];
+ * ```
+ */
+export function definePermissions<
+  T extends Record<string, readonly string[]>
+>(permissions: T): Array<`${Extract<keyof T, string>}.${T[keyof T][number]}`> {
+  const result: string[] = [];
+  for (const [resource, actions] of Object.entries(permissions)) {
+    for (const action of actions) {
+      result.push(`${resource}.${action}`);
+    }
+  }
+  return result as any;
+}

package/templates/sveltekit-app/src/server/index.ts CHANGED Viewed

@@ -6,9 +6,13 @@ import { Database } from "bun:sqlite";
 import { demoPlugin } from "./plugins/demo";
 import { workflowDemoPlugin } from "./plugins/workflow-demo";
 import { authPlugin } from "./plugins/auth";
+import { emailPlugin } from "./plugins/email";
+import { permissionsPlugin } from "./plugins/permissions";
 import demoRoutes from "./routes/demo";
 import { exampleRouter } from "./routes/example";
 import { authRouter } from "./routes/auth";
+import { permissionsRouter } from "./routes/permissions";
+import { tenantsRouter } from "./routes/tenants";
 // Simple in-memory database
 const db = new Kysely<{}>({
@@ -56,11 +60,63 @@ export const server = new AppServer({
 // Using default session strategy for this template
 server.registerPlugin(authPlugin());
+// Email plugin - supports Resend or console (for development)
+// Configure with process.env.RESEND_API_KEY for production
+server.registerPlugin(emailPlugin({
+  provider: process.env.RESEND_API_KEY ? "resend" : "console",
+  resend: process.env.RESEND_API_KEY ? { apiKey: process.env.RESEND_API_KEY } : undefined,
+  from: process.env.EMAIL_FROM || "noreply@example.com",
+  baseUrl: process.env.PUBLIC_BASE_URL || "http://localhost:5173",
+}));
+// =============================================================================
+// PERMISSIONS PLUGIN - Multi-tenant RBAC
+// =============================================================================
+// Define your app's permissions here for type-safe checking.
+// Client can use: api.permissions.check({ permissions: ["documents.create"] })
+//
+server.registerPlugin(permissionsPlugin({
+  permissions: {
+    // Documents
+    documents: ["create", "read", "write", "delete", "admin"],
+    // Members & Roles
+    members: ["invite", "remove", "list"],
+    roles: ["create", "assign", "manage"],
+    // Billing (example)
+    billing: ["view", "manage"],
+  } as const,
+  defaultRoles: [
+    {
+      name: "Admin",
+      permissions: ["*"], // Full access
+      isDefault: false,
+    },
+    {
+      name: "Member",
+      permissions: [
+        "documents.create",
+        "documents.read",
+        "documents.write",
+        "members.list",
+      ],
+      isDefault: true, // Auto-assigned to new members
+    },
+    {
+      name: "Viewer",
+      permissions: ["documents.read", "members.list"],
+      isDefault: false,
+    },
+  ],
+}));
 server.registerPlugin(demoPlugin);
 server.registerPlugin(workflowDemoPlugin);
 // Register routes
 server.use(authRouter);
+server.use(permissionsRouter);
+server.use(tenantsRouter);
 server.use(demoRoutes);
 server.use(exampleRouter);

package/templates/sveltekit-app/src/server/plugins/auth/migrations/004_create_passkeys.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import type { Kysely } from "kysely";
+export async function up(db: Kysely<any>): Promise<void> {
+  // Passkey credentials (WebAuthn)
+  await db.schema
+    .createTable("passkeys")
+    .ifNotExists()
+    .addColumn("id", "text", (col) => col.primaryKey())
+    .addColumn("user_id", "text", (col) =>
+      col.notNull().references("users.id").onDelete("cascade")
+    )
+    .addColumn("credential_id", "text", (col) => col.notNull().unique())
+    .addColumn("public_key", "text", (col) => col.notNull()) // Base64 encoded
+    .addColumn("counter", "integer", (col) => col.notNull().defaultTo(0))
+    .addColumn("device_type", "text") // platform, cross-platform
+    .addColumn("backed_up", "integer", (col) => col.notNull().defaultTo(0))
+    .addColumn("transports", "text") // JSON array
+    .addColumn("name", "text") // User-friendly name
+    .addColumn("created_at", "text", (col) => col.notNull().defaultTo("CURRENT_TIMESTAMP"))
+    .addColumn("last_used_at", "text")
+    .execute();
+  await db.schema
+    .createIndex("idx_passkeys_user_id")
+    .ifNotExists()
+    .on("passkeys")
+    .column("user_id")
+    .execute();
+  await db.schema
+    .createIndex("idx_passkeys_credential_id")
+    .ifNotExists()
+    .on("passkeys")
+    .column("credential_id")
+    .execute();
+  // Passkey challenges (temporary storage)
+  await db.schema
+    .createTable("passkey_challenges")
+    .ifNotExists()
+    .addColumn("id", "text", (col) => col.primaryKey())
+    .addColumn("challenge", "text", (col) => col.notNull())
+    .addColumn("user_id", "text") // Null for registration
+    .addColumn("type", "text", (col) => col.notNull()) // registration, authentication
+    .addColumn("expires_at", "text", (col) => col.notNull())
+    .addColumn("created_at", "text", (col) => col.notNull().defaultTo("CURRENT_TIMESTAMP"))
+    .execute();
+  await db.schema
+    .createIndex("idx_passkey_challenges_expires_at")
+    .ifNotExists()
+    .on("passkey_challenges")
+    .column("expires_at")
+    .execute();
+}
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema.dropTable("passkey_challenges").ifExists().execute();
+  await db.schema.dropTable("passkeys").ifExists().execute();
+}