@kyro-cms/admin 0.1.6 → 0.1.7

package/src/lib/db/mongodb-auth-adapter.ts

@@ -0,0 +1,305 @@
+import type { AuthAdapter, AuthUser, Session, UserRole } from "@kyro-cms/core";
+import type { AuditLog, AuditLogFilter } from "@kyro-cms/core";
+import { MongoClient, Db, ObjectId } from "mongodb";
+import bcrypt from "bcryptjs";
+import { randomBytes } from "crypto";
+
+export interface MongoDBAuthAdapterOptions {
+  connectionString?: string;
+  host?: string;
+  port?: number;
+  username?: string;
+  password?: string;
+  database?: string;
+  sessionTTL?: number;
+  refreshTokenTTL?: number;
+}
+
+const DEFAULT_SESSION_TTL = 86400;
+const DEFAULT_REFRESH_TTL = 604800;
+
+export class MongoDBAuthAdapter implements AuthAdapter {
+  private client: MongoClient | null = null;
+  private db: Db | null = null;
+  private sessionTTL: number;
+  private refreshTTL: number;
+
+  constructor(private options: MongoDBAuthAdapterOptions) {
+    this.sessionTTL = options.sessionTTL || DEFAULT_SESSION_TTL;
+    this.refreshTTL = options.refreshTokenTTL || DEFAULT_REFRESH_TTL;
+  }
+
+  private async getDb(): Promise<Db> {
+    if (!this.client) {
+      const connectionString =
+        this.options.connectionString ||
+        `mongodb://${this.options.username}:${this.options.password}@${this.options.host}:${this.options.port}`;
+      this.client = new MongoClient(connectionString);
+      await this.client.connect();
+    }
+    if (!this.db) {
+      this.db = this.client!.db(this.options.database || "kyro");
+    }
+    return this.db;
+  }
+
+  private generateId(): string {
+    return new ObjectId().toHexString();
+  }
+
+  async createUser(data: {
+    email: string;
+    passwordHash: string;
+    role: UserRole;
+    tenantId?: string;
+  }): Promise<AuthUser> {
+    const db = await this.getDb();
+    const now = new Date();
+    const id = this.generateId();
+
+    await db.collection("users").insertOne({
+      _id: new ObjectId(id),
+      email: data.email.toLowerCase(),
+      passwordHash: data.passwordHash,
+      name: null,
+      role: data.role,
+      tenantId: data.tenantId || null,
+      emailVerified: false,
+      locked: false,
+      lastLogin: null,
+      failedLoginAttempts: 0,
+      lockedUntil: null,
+      createdAt: now,
+      updatedAt: now,
+    });
+
+    return {
+      id,
+      email: data.email,
+      role: data.role,
+      tenantId: data.tenantId,
+      createdAt: now.toISOString(),
+      updatedAt: now.toISOString(),
+    };
+  }
+
+  async findUserByEmail(email: string): Promise<AuthUser | null> {
+    const db = await this.getDb();
+    const user = await db
+      .collection("users")
+      .findOne({ email: email.toLowerCase() });
+    if (!user) return null;
+    return {
+      id: user._id.toString(),
+      email: user.email,
+      role: user.role as UserRole,
+      tenantId: user.tenantId || undefined,
+      createdAt: user.createdAt?.toISOString() || "",
+      updatedAt: user.updatedAt?.toISOString() || "",
+    };
+  }
+
+  async findUserById(id: string): Promise<AuthUser | null> {
+    const db = await this.getDb();
+    const user = await db
+      .collection("users")
+      .findOne({ _id: new ObjectId(id) });
+    if (!user) return null;
+    return {
+      id: user._id.toString(),
+      email: user.email,
+      role: user.role as UserRole,
+      tenantId: user.tenantId || undefined,
+      createdAt: user.createdAt?.toISOString() || "",
+      updatedAt: user.updatedAt?.toISOString() || "",
+    };
+  }
+
+  async updateUser(
+    id: string,
+    data: Partial<AuthUser>,
+  ): Promise<AuthUser | null> {
+    const db = await this.getDb();
+    const updates: Record<string, unknown> = { updatedAt: new Date() };
+    if (data.email) updates.email = data.email.toLowerCase();
+    if (data.role) updates.role = data.role;
+    if (data.passwordHash) updates.passwordHash = data.passwordHash;
+
+    await db
+      .collection("users")
+      .updateOne({ _id: new ObjectId(id) }, { $set: updates });
+
+    return this.findUserById(id);
+  }
+
+  async deleteUser(id: string): Promise<boolean> {
+    const db = await this.getDb();
+    await db.collection("users").deleteOne({ _id: new ObjectId(id) });
+    return true;
+  }
+
+  async verifyPassword(password: string, hash: string): Promise<boolean> {
+    return bcrypt.compare(password, hash);
+  }
+
+  async hashPassword(password: string): Promise<string> {
+    return bcrypt.hash(password, 10);
+  }
+
+  async createSession(
+    userId: string,
+    data?: { ipAddress?: string; userAgent?: string },
+  ): Promise<Session> {
+    const db = await this.getDb();
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + this.sessionTTL * 1000);
+    const token = randomBytes(32).toString("hex");
+    const refreshToken = randomBytes(32).toString("hex");
+    const id = this.generateId();
+
+    await db.collection("sessions").insertOne({
+      _id: new ObjectId(id),
+      token,
+      refreshToken,
+      userId,
+      expiresAt,
+      createdAt: now,
+      ipAddress: data?.ipAddress,
+      userAgent: data?.userAgent,
+    });
+
+    return {
+      id,
+      token,
+      refreshToken: refreshToken || undefined,
+      userId,
+      expiresAt: expiresAt.toISOString(),
+      createdAt: now.toISOString(),
+      ipAddress: data?.ipAddress,
+      userAgent: data?.userAgent,
+    };
+  }
+
+  async findSessionByToken(token: string): Promise<Session | null> {
+    const db = await this.getDb();
+    const session = await db
+      .collection("sessions")
+      .findOne({ token, expiresAt: { $gt: new Date() } });
+    if (!session) return null;
+
+    return {
+      id: session._id.toString(),
+      token: session.token,
+      refreshToken: session.refreshToken || undefined,
+      userId: session.userId,
+      expiresAt: session.expiresAt.toISOString(),
+      createdAt: session.createdAt.toISOString(),
+    };
+  }
+
+  async deleteSession(sessionId: string): Promise<boolean> {
+    const db = await this.getDb();
+    await db.collection("sessions").deleteOne({ _id: new ObjectId(sessionId) });
+    return true;
+  }
+
+  async deleteUserSessions(userId: string): Promise<number> {
+    const db = await this.getDb();
+    const result = await db.collection("sessions").deleteMany({ userId });
+    return result.deletedCount;
+  }
+
+  async hasAnyUsers(): Promise<boolean> {
+    const db = await this.getDb();
+    const count = await db.collection("users").countDocuments();
+    return count > 0;
+  }
+
+  async findAuditLogs(
+    filter: AuditLogFilter,
+  ): Promise<{ logs: AuditLog[]; total: number }> {
+    const {
+      limit = 50,
+      offset = 0,
+      userId,
+      action,
+      resource,
+      success,
+      startDate,
+      endDate,
+    } = filter;
+
+    const query: Record<string, unknown> = {};
+    if (userId) query.userId = userId;
+    if (action) {
+      if (Array.isArray(action)) query.action = { $in: action };
+      else query.action = action;
+    }
+    if (resource) query.resource = resource;
+    if (success !== undefined) query.success = success;
+    if (startDate || endDate) {
+      query.createdAt = {};
+      if (startDate) (query.createdAt as Record<string, Date>).$gte = startDate;
+      if (endDate) (query.createdAt as Record<string, Date>).$lte = endDate;
+    }
+
+    const db = await this.getDb();
+    const total = await db.collection("audit_logs").countDocuments(query);
+    const logs = await db
+      .collection("audit_logs")
+      .find(query)
+      .sort({ createdAt: -1 })
+      .skip(offset)
+      .limit(limit)
+      .toArray();
+
+    return {
+      logs: logs.map((log: any) => ({
+        id: log._id.toString(),
+        timestamp: log.createdAt,
+        action: log.action as AuditLog["action"],
+        userId: log.userId || undefined,
+        userEmail: log.userEmail || undefined,
+        role: log.role || undefined,
+        resource: log.resource,
+        resourceId: log.resourceId || undefined,
+        ipAddress: log.ipAddress || undefined,
+        userAgent: log.userAgent || undefined,
+        success: log.success,
+        error: log.error || undefined,
+        metadata: log.metadata || undefined,
+      })),
+      total,
+    };
+  }
+
+  async createAuditLog(
+    data: Omit<AuditLog, "id" | "timestamp">,
+  ): Promise<AuditLog> {
+    const db = await this.getDb();
+    const id = this.generateId();
+    const timestamp = new Date();
+
+    await db.collection("audit_logs").insertOne({
+      _id: new ObjectId(id),
+      action: data.action,
+      userId: data.userId,
+      userEmail: data.userEmail,
+      role: data.role,
+      resource: data.resource,
+      resourceId: data.resourceId,
+      ipAddress: data.ipAddress,
+      userAgent: data.userAgent,
+      success: data.success,
+      error: data.error,
+      metadata: data.metadata,
+      createdAt: timestamp,
+    });
+
+    return {
+      ...data,
+      id,
+      timestamp,
+    };
+  }
+}

package/src/lib/db/schema/mysql-auth.ts

@@ -0,0 +1,113 @@
+import {
+  mysqlTable,
+  varchar,
+  boolean,
+  timestamp,
+  text,
+  json,
+  index,
+  uniqueIndex,
+} from "drizzle-orm/mysql-core";
+
+export const users = mysqlTable(
+  "users",
+  {
+    id: varchar("id", { length: 36 }).primaryKey(),
+    email: varchar("email", { length: 255 }).notNull(),
+    passwordHash: varchar("password_hash", { length: 255 }),
+    name: varchar("name", { length: 255 }),
+    role: varchar("role", { length: 50 }).notNull().default("customer"),
+    tenantId: varchar("tenant_id", { length: 36 }),
+    emailVerified: boolean("email_verified").default(false),
+    locked: boolean("locked").default(false),
+    lastLogin: timestamp("last_login"),
+    failedLoginAttempts: varchar("failed_login_attempts", {
+      length: 10,
+    }).default("0"),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull(),
+  },
+  (table) => [
+    uniqueIndex("users_email_idx").on(table.email),
+    index("users_tenant_idx").on(table.tenantId),
+  ],
+);
+
+export const sessions = mysqlTable(
+  "sessions",
+  {
+    id: varchar("id", { length: 36 }).primaryKey(),
+    token: varchar("token", { length: 512 }).notNull().unique(),
+    refreshToken: varchar("refresh_token", { length: 512 }),
+    userId: varchar("user_id", { length: 36 }).notNull(),
+    expiresAt: timestamp("expires_at").notNull(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [
+    index("sessions_user_idx").on(table.userId),
+    index("sessions_token_idx").on(table.token),
+    index("sessions_expires_idx").on(table.expiresAt),
+  ],
+);
+
+export const roles = mysqlTable(
+  "roles",
+  {
+    id: varchar("id", { length: 36 }).primaryKey(),
+    name: varchar("name", { length: 100 }).notNull().unique(),
+    level: varchar("level", { length: 10 }).notNull().default("0"),
+    inherits: text("inherits"),
+    permissions: json("permissions").$type<string[]>(),
+    isSystem: boolean("is_system").default(false),
+    description: varchar("description", { length: 500 }),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [uniqueIndex("roles_name_idx").on(table.name)],
+);
+
+export const auditLogs = mysqlTable(
+  "audit_logs",
+  {
+    id: varchar("id", { length: 36 }).primaryKey(),
+    action: varchar("action", { length: 100 }).notNull(),
+    userId: varchar("user_id", { length: 36 }),
+    userEmail: varchar("user_email", { length: 255 }),
+    role: varchar("role", { length: 50 }),
+    resource: varchar("resource", { length: 255 }).notNull(),
+    ipAddress: varchar("ip_address", { length: 45 }),
+    userAgent: text("user_agent"),
+    success: boolean("success").notNull(),
+    error: text("error"),
+    metadata: json("metadata").$type<Record<string, unknown>>(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [
+    index("audit_user_idx").on(table.userId),
+    index("audit_action_idx").on(table.action),
+    index("audit_resource_idx").on(table.resource),
+    index("audit_created_idx").on(table.createdAt),
+  ],
+);
+
+export const passwordHistory = mysqlTable(
+  "password_history",
+  {
+    id: varchar("id", { length: 36 }).primaryKey(),
+    userId: varchar("user_id", { length: 36 }).notNull(),
+    passwordHash: varchar("password_hash", { length: 255 }).notNull(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [index("pwd_history_user_idx").on(table.userId)],
+);
+
+export const lockouts = mysqlTable(
+  "lockouts",
+  {
+    id: varchar("id", { length: 36 }).primaryKey(),
+    identifier: varchar("identifier", { length: 255 }).notNull(),
+    failedAttempts: varchar("failed_attempts", { length: 10 }).default("0"),
+    lockedUntil: timestamp("locked_until"),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [uniqueIndex("lockouts_identifier_idx").on(table.identifier)],
+);

package/src/lib/db/schema/mysql-content.ts

@@ -0,0 +1,20 @@
+import { mysqlTable, text, timestamp, json } from "drizzle-orm/mysql-core";
+
+export const documents = mysqlTable("documents", {
+  id: text("id").primaryKey(),
+  collection: text("collection").notNull(),
+  data: json("data").notNull().$type<Record<string, unknown>>(),
+  createdAt: timestamp("created_at").notNull(),
+  updatedAt: timestamp("updated_at").notNull(),
+});
+
+export const globals = mysqlTable("globals", {
+  slug: text("slug").primaryKey(),
+  data: json("data").notNull().$type<Record<string, unknown>>(),
+  updatedAt: timestamp("updated_at").notNull(),
+});
+
+export type Document = typeof documents.$inferSelect;
+export type NewDocument = typeof documents.$inferInsert;
+export type Global = typeof globals.$inferSelect;
+export type NewGlobal = typeof globals.$inferInsert;

package/src/lib/db/schema/postgres-auth.ts

@@ -0,0 +1,116 @@
+import {
+  pgTable,
+  uuid,
+  varchar,
+  boolean,
+  timestamp,
+  text,
+  jsonb,
+  index,
+  uniqueIndex,
+} from "drizzle-orm/pg-core";
+
+export const users = pgTable(
+  "users",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    email: varchar("email", { length: 255 }).notNull(),
+    passwordHash: varchar("password_hash", { length: 255 }),
+    name: varchar("name", { length: 255 }),
+    role: varchar("role", { length: 50 }).notNull().default("customer"),
+    tenantId: uuid("tenant_id"),
+    emailVerified: boolean("email_verified").default(false),
+    locked: boolean("locked").default(false),
+    lastLogin: timestamp("last_login"),
+    failedLoginAttempts: integer("failed_login_attempts").default(0),
+    metadata: jsonb("metadata").$type<Record<string, unknown>>(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull(),
+  },
+  (table) => [
+    uniqueIndex("users_email_idx").on(table.email),
+    index("users_tenant_idx").on(table.tenantId),
+  ],
+);
+
+export const sessions = pgTable(
+  "sessions",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    token: varchar("token", { length: 512 }).notNull().unique(),
+    refreshToken: varchar("refresh_token", { length: 512 }),
+    userId: uuid("user_id")
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    expiresAt: timestamp("expires_at").notNull(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [
+    index("sessions_user_idx").on(table.userId),
+    index("sessions_token_idx").on(table.token),
+    index("sessions_expires_idx").on(table.expiresAt),
+  ],
+);
+
+export const roles = pgTable(
+  "roles",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    name: varchar("name", { length: 100 }).notNull().unique(),
+    level: integer("level").notNull().default(0),
+    inherits: text("inherits").array(),
+    permissions: text("permissions").array(),
+    isSystem: boolean("is_system").default(false),
+    description: text("description"),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [index("roles_level_idx").on(table.level)],
+);
+
+export const auditLogs = pgTable(
+  "audit_logs",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    action: varchar("action", { length: 100 }).notNull(),
+    userId: uuid("user_id").references(() => users.id, {
+      onDelete: "set null",
+    }),
+    userEmail: varchar("user_email", { length: 255 }),
+    role: varchar("role", { length: 50 }),
+    resource: varchar("resource", { length: 100 }).notNull(),
+    ipAddress: varchar("ip_address", { length: 45 }),
+    userAgent: text("user_agent"),
+    success: boolean("success").notNull(),
+    error: text("error"),
+    metadata: jsonb("metadata").$type<Record<string, unknown>>(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [
+    index("audit_user_idx").on(table.userId),
+    index("audit_action_idx").on(table.action),
+    index("audit_created_idx").on(table.createdAt),
+  ],
+);
+
+export const passwordHistory = pgTable(
+  "password_history",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    userId: uuid("user_id")
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    passwordHash: varchar("password_hash", { length: 255 }).notNull(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [index("password_history_user_idx").on(table.userId)],
+);
+
+export const lockouts = pgTable("lockouts", {
+  id: uuid("id").primaryKey().defaultRandom(),
+  userId: uuid("user_id")
+    .notNull()
+    .references(() => users.id, { onDelete: "cascade" }),
+  ipAddress: varchar("ip_address", { length: 45 }),
+  lockedUntil: timestamp("locked_until").notNull(),
+  createdAt: timestamp("created_at").defaultNow().notNull(),
+});

package/src/lib/db/schema/postgres-content.ts

@@ -0,0 +1,35 @@
+import {
+  pgTable,
+  uuid,
+  text,
+  timestamp,
+  jsonb,
+  index,
+  uniqueIndex,
+} from "drizzle-orm/pg-core";
+
+export const documents = pgTable(
+  "documents",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    collection: text("collection").notNull(),
+    data: jsonb("data").notNull().$type<Record<string, unknown>>(),
+    createdAt: timestamp("created_at").notNull().defaultNow(),
+    updatedAt: timestamp("updated_at").notNull().defaultNow(),
+  },
+  (table) => [
+    index("idx_documents_collection").on(table.collection),
+    index("idx_documents_created_at").on(table.createdAt),
+  ],
+);
+
+export const globals = pgTable("globals", {
+  slug: text("slug").primaryKey(),
+  data: jsonb("data").notNull().$type<Record<string, unknown>>(),
+  updatedAt: timestamp("updated_at").notNull().defaultNow(),
+});
+
+export type Document = typeof documents.$inferSelect;
+export type NewDocument = typeof documents.$inferInsert;
+export type Global = typeof globals.$inferSelect;
+export type NewGlobal = typeof globals.$inferInsert;

package/src/lib/db/schema/postgres-media.ts

@@ -0,0 +1,52 @@
+import {
+  pgTable,
+  uuid,
+  varchar,
+  timestamp,
+  integer,
+  text,
+  jsonb,
+  index,
+} from "drizzle-orm/pg-core";
+
+export const media = pgTable(
+  "media",
+  {
+    id: uuid("id").primaryKey().defaultRandom(),
+    filename: varchar("filename", { length: 255 }).notNull().unique(),
+    title: varchar("title", { length: 255 }),
+    originalName: varchar("original_name", { length: 255 }).notNull(),
+    mimeType: varchar("mime_type", { length: 100 }).notNull(),
+    fileSize: integer("file_size").notNull(),
+    width: integer("width"),
+    height: integer("height"),
+    url: text("url").notNull().unique(),
+    thumbnailUrl: text("thumbnail_url"),
+    folder: varchar("folder", { length: 255 }),
+    provider: varchar("provider", { length: 50 }).notNull(),
+    alt: text("alt"),
+    caption: text("caption"),
+    metadata: jsonb("metadata").$type<Record<string, unknown>>(),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+    updatedAt: timestamp("updated_at").defaultNow().notNull(),
+  },
+  (table) => [
+    index("media_folder_idx").on(table.folder),
+    index("media_provider_idx").on(table.provider),
+    index("media_filename_idx").on(table.filename),
+  ],
+);
+
+export const mediaFolders = pgTable(
+  "media_folders",
+  {
+    path: varchar("path", { length: 500 }).primaryKey(),
+    name: varchar("name", { length: 255 }).notNull(),
+    parentPath: varchar("parent_path", { length: 500 }),
+    createdAt: timestamp("created_at").defaultNow().notNull(),
+  },
+  (table) => [index("media_folders_parent_idx").on(table.parentPath)],
+);
+
+export type Media = typeof media.$inferSelect;
+export type NewMedia = typeof media.$inferInsert;

package/src/lib/db/schema/postgres-settings.ts

@@ -0,0 +1,11 @@
+import { pgTable, varchar, text, timestamp } from "drizzle-orm/pg-core";
+
+export const settings = pgTable("settings", {
+  key: varchar("key", { length: 255 }).primaryKey(),
+  value: text("value").notNull(),
+  description: text("description"),
+  updatedAt: timestamp("updated_at").defaultNow(),
+});
+
+export type Setting = typeof settings.$inferSelect;
+export type NewSetting = typeof settings.$inferInsert;