@kyro-cms/admin 0.1.6 → 0.1.8

package/src/lib/db/drizzle-postgres-adapter.ts

@@ -0,0 +1,202 @@
+import type { CollectionConfig } from "@kyro-cms/core";
+import type { DatabaseAdapter, DatabaseConfig } from "./adapter";
+import { Pool } from "pg";
+import { drizzle } from "drizzle-orm/postgres-js";
+import { eq, desc, sql, and } from "drizzle-orm";
+import { randomBytes } from "crypto";
+import * as contentSchema from "./schema/postgres-content";
+
+export class PostgresAdapter implements DatabaseAdapter {
+  private pool: Pool;
+  private db = drizzle(this.pool);
+  private initialized = false;
+
+  constructor(private config: DatabaseConfig) {
+    this.pool = new Pool({
+      connectionString: config.connectionString,
+      host: config.host,
+      port: config.port,
+      database: config.database,
+      user: config.username,
+      password: config.password,
+      min: config.poolMin || 5,
+      max: config.poolMax || 20,
+    });
+  }
+
+  initialize(collections: Record<string, CollectionConfig>) {
+    if (this.initialized) return;
+    this.initialized = true;
+  }
+
+  private getTimestamp(): string {
+    return new Date().toISOString();
+  }
+
+  private async generateId(slug: string): Promise<string> {
+    const result = await this.db
+      .select({ count: sql<number>`count(*)` })
+      .from(contentSchema.documents)
+      .where(eq(contentSchema.documents.collection, slug));
+    return `${slug}-${(result[0]?.count || 0) + 1}`;
+  }
+
+  async find<T = any>(
+    slug: string,
+    options: { page?: number; limit?: number } = {},
+  ): Promise<{
+    docs: T[];
+    totalDocs: number;
+    totalPages: number;
+    page: number;
+  }> {
+    const page = options.page || 1;
+    const limit = options.limit || 25;
+    const start = (page - 1) * limit;
+
+    const countResult = await this.db
+      .select({ count: sql<number>`count(*)` })
+      .from(contentSchema.documents)
+      .where(eq(contentSchema.documents.collection, slug));
+    const count = countResult[0]?.count || 0;
+
+    const docs = await this.db
+      .select({ data: contentSchema.documents.data })
+      .from(contentSchema.documents)
+      .where(eq(contentSchema.documents.collection, slug))
+      .orderBy(desc(contentSchema.documents.createdAt))
+      .limit(limit)
+      .offset(start);
+
+    return {
+      docs: docs.map((d) => d.data as T),
+      totalDocs: count,
+      totalPages: Math.ceil(count / limit),
+      page,
+    };
+  }
+
+  async findById<T = any>(slug: string, id: string): Promise<T | null> {
+    const doc = await this.db
+      .select({ data: contentSchema.documents.data })
+      .from(contentSchema.documents)
+      .where(
+        and(
+          eq(contentSchema.documents.collection, slug),
+          eq(contentSchema.documents.id, id),
+        ),
+      )
+      .get();
+    return (doc?.data as T) || null;
+  }
+
+  async create<T = any>(slug: string, data: Partial<T>): Promise<T> {
+    const now = this.getTimestamp();
+    const id = await this.generateId(slug);
+    const newDoc = {
+      id,
+      collection: slug,
+      data: { id, ...data, createdAt: now, updatedAt: now },
+      createdAt: new Date(now),
+      updatedAt: new Date(now),
+    };
+    await this.db.insert(contentSchema.documents).values(newDoc as any);
+    return newDoc.data as T;
+  }
+
+  async update<T = any>(
+    slug: string,
+    id: string,
+    data: Partial<T>,
+  ): Promise<T | null> {
+    const existing = await this.findById<T>(slug, id);
+    if (!existing) return null;
+    const now = this.getTimestamp();
+    const updated = { ...existing, ...data, id, updatedAt: now };
+    await this.db
+      .update(contentSchema.documents)
+      .set({ data: updated, updatedAt: new Date(now) })
+      .where(
+        and(
+          eq(contentSchema.documents.collection, slug),
+          eq(contentSchema.documents.id, id),
+        ),
+      );
+    return updated as T;
+  }
+
+  async delete(slug: string, id: string): Promise<boolean> {
+    await this.db
+      .delete(contentSchema.documents)
+      .where(
+        and(
+          eq(contentSchema.documents.collection, slug),
+          eq(contentSchema.documents.id, id),
+        ),
+      );
+    return true;
+  }
+
+  async findGlobal<T = any>(slug: string): Promise<T> {
+    const global = await this.db
+      .select({ data: contentSchema.globals.data })
+      .from(contentSchema.globals)
+      .where(eq(contentSchema.globals.slug, slug))
+      .get();
+    return (global?.data as T) || ({} as T);
+  }
+
+  async updateGlobal<T = any>(slug: string, data: Partial<T>): Promise<T> {
+    const now = this.getTimestamp();
+    const current = await this.findGlobal<T>(slug);
+    const updated = { ...current, ...data };
+    await this.db
+      .insert(contentSchema.globals)
+      .values({ slug, data: updated, updatedAt: new Date(now) })
+      .onConflictDoUpdate({
+        target: contentSchema.globals.slug,
+        set: { data: updated, updatedAt: new Date(now) },
+      });
+    return updated as T;
+  }
+
+  async seedGlobal(slug: string, data: any): Promise<void> {
+    const now = this.getTimestamp();
+    await this.db
+      .insert(contentSchema.globals)
+      .values({ slug, data, updatedAt: new Date(now) })
+      .onConflictDoNothing();
+  }
+
+  async count(slug: string): Promise<number> {
+    const result = await this.db
+      .select({ count: sql<number>`count(*)` })
+      .from(contentSchema.documents)
+      .where(eq(contentSchema.documents.collection, slug));
+    return result[0]?.count || 0;
+  }
+
+  async seed(slug: string, docs: any[]): Promise<void> {
+    const now = this.getTimestamp();
+    const values = docs.map((doc, i) => ({
+      id: doc.id || `${slug}-${i + 1}`,
+      collection: slug,
+      data: {
+        ...doc,
+        createdAt: doc.createdAt || now,
+        updatedAt: doc.updatedAt || now,
+      },
+      createdAt: new Date(now),
+      updatedAt: new Date(now),
+    }));
+    await this.db.insert(contentSchema.documents).values(values as any);
+  }
+
+  async isSeeded(slug: string): Promise<boolean> {
+    return (await this.count(slug)) > 0;
+  }
+
+  async close(): Promise<void> {
+    await this.pool.end();
+  }
+}

package/src/lib/db/drizzle-postgres-auth-adapter.ts

@@ -0,0 +1,304 @@
+import type { PostgresJsDatabase } from "drizzle-orm/postgres-js";
+import type { AuthAdapter, AuthUser, Session, UserRole } from "@kyro-cms/core";
+import { eq, and, gt, desc, sql } from "drizzle-orm";
+import bcrypt from "bcryptjs";
+import { randomBytes } from "crypto";
+import postgres from "postgres";
+import { drizzle } from "drizzle-orm/postgres-js";
+import {
+  users,
+  sessions,
+  roles,
+  auditLogs,
+  passwordHistory,
+  lockouts,
+} from "./schema/postgres-auth";
+import type { AuditLog, AuditLogFilter } from "@kyro-cms/core";
+
+export interface PostgresAuthAdapterOptions {
+  db?: PostgresJsDatabase;
+  connectionString?: string;
+  sessionTTL?: number;
+  refreshTokenTTL?: number;
+}
+
+const DEFAULT_SESSION_TTL = 86400;
+const DEFAULT_REFRESH_TTL = 604800;
+
+export class PostgresAuthAdapter implements AuthAdapter {
+  private db: PostgresJsDatabase;
+  private sessionTTL: number;
+  private refreshTTL: number;
+
+  constructor(private options: PostgresAuthAdapterOptions) {
+    if (options.db) {
+      this.db = options.db;
+    } else if (options.connectionString) {
+      const client = postgres(options.connectionString, { max: 10 });
+      this.db = drizzle(client);
+    } else {
+      throw new Error("Either db or connectionString must be provided");
+    }
+    this.sessionTTL = options.sessionTTL || DEFAULT_SESSION_TTL;
+    this.refreshTTL = options.refreshTokenTTL || DEFAULT_REFRESH_TTL;
+  }
+
+  private generateId(): string {
+    return crypto.randomUUID();
+  }
+
+  async createUser(data: {
+    email: string;
+    passwordHash: string;
+    role: UserRole;
+    tenantId?: string;
+  }): Promise<AuthUser> {
+    const now = new Date();
+    const [user] = await this.db
+      .insert(users)
+      .values({
+        email: data.email.toLowerCase(),
+        passwordHash: data.passwordHash,
+        role: data.role,
+        tenantId: data.tenantId,
+      })
+      .returning();
+    return {
+      id: user.id,
+      email: user.email,
+      role: user.role as UserRole,
+      tenantId: user.tenantId || undefined,
+      createdAt: user.createdAt.toISOString(),
+      updatedAt: user.updatedAt.toISOString(),
+    };
+  }
+
+  async findUserByEmail(email: string): Promise<AuthUser | null> {
+    const result = await this.db
+      .select()
+      .from(users)
+      .where(eq(users.email, email.toLowerCase()))
+      .limit(1);
+    const user = result[0];
+    if (!user) return null;
+    return {
+      id: user.id,
+      email: user.email,
+      role: user.role as UserRole,
+      tenantId: user.tenantId || undefined,
+      createdAt: user.createdAt.toISOString(),
+      updatedAt: user.updatedAt.toISOString(),
+    };
+  }
+
+  async findUserById(id: string): Promise<AuthUser | null> {
+    const result = await this.db
+      .select()
+      .from(users)
+      .where(eq(users.id, id))
+      .limit(1);
+    const user = result[0];
+    if (!user) return null;
+    return {
+      id: user.id,
+      email: user.email,
+      role: user.role as UserRole,
+      tenantId: user.tenantId || undefined,
+      createdAt: user.createdAt.toISOString(),
+      updatedAt: user.updatedAt.toISOString(),
+    };
+  }
+
+  async updateUser(
+    id: string,
+    data: Partial<AuthUser>,
+  ): Promise<AuthUser | null> {
+    const updates: Record<string, unknown> = { updatedAt: new Date() };
+    if (data.email) updates.email = data.email.toLowerCase();
+    if (data.role) updates.role = data.role;
+    if (data.passwordHash) updates.passwordHash = data.passwordHash;
+
+    const result = await this.db
+      .update(users)
+      .set(updates)
+      .where(eq(users.id, id))
+      .returning();
+    const user = result[0];
+    if (!user) return null;
+    return {
+      id: user.id,
+      email: user.email,
+      role: user.role as UserRole,
+      tenantId: user.tenantId || undefined,
+      createdAt: user.createdAt.toISOString(),
+      updatedAt: user.updatedAt.toISOString(),
+    };
+  }
+
+  async deleteUser(id: string): Promise<boolean> {
+    await this.db.delete(users).where(eq(users.id, id));
+    return true;
+  }
+
+  async verifyPassword(password: string, hash: string): Promise<boolean> {
+    return bcrypt.compare(password, hash);
+  }
+
+  async hashPassword(password: string): Promise<string> {
+    return bcrypt.hash(password, 10);
+  }
+
+  async createSession(
+    userId: string,
+    data?: { ipAddress?: string; userAgent?: string },
+  ): Promise<Session> {
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + this.sessionTTL * 1000);
+    const token = randomBytes(32).toString("hex");
+    const refreshToken = randomBytes(32).toString("hex");
+
+    const result = await this.db
+      .insert(sessions)
+      .values({
+        userId,
+        token,
+        refreshToken,
+        expiresAt,
+      })
+      .returning();
+
+    return {
+      id: result[0].id,
+      token: result[0].token,
+      refreshToken: result[0].refreshToken || undefined,
+      userId: result[0].userId,
+      expiresAt: result[0].expiresAt.toISOString(),
+      createdAt: now.toISOString(),
+      ipAddress: data?.ipAddress,
+      userAgent: data?.userAgent,
+    };
+  }
+
+  async findSessionByToken(token: string): Promise<Session | null> {
+    const now = new Date();
+    const result = await this.db
+      .select()
+      .from(sessions)
+      .where(and(eq(sessions.token, token), gt(sessions.expiresAt, now)))
+      .limit(1);
+    const session = result[0];
+    if (!session) return null;
+    return {
+      id: session.id,
+      token: session.token,
+      refreshToken: session.refreshToken || undefined,
+      userId: session.userId,
+      expiresAt: session.expiresAt.toISOString(),
+      createdAt: session.createdAt.toISOString(),
+    };
+  }
+
+  async deleteSession(sessionId: string): Promise<boolean> {
+    await this.db.delete(sessions).where(eq(sessions.token, sessionId));
+    return true;
+  }
+
+  async deleteUserSessions(userId: string): Promise<number> {
+    await this.db.delete(sessions).where(eq(sessions.userId, userId));
+    return 1;
+  }
+
+  async hasAnyUsers(): Promise<boolean> {
+    const result = await this.db
+      .select({ count: sql<number>`count(*)` })
+      .from(users);
+    return Number(result[0]?.count || 0) > 0;
+  }
+
+  async findAuditLogs(
+    filter: AuditLogFilter,
+  ): Promise<{ logs: AuditLog[]; total: number }> {
+    const {
+      limit = 50,
+      offset = 0,
+      userId,
+      action,
+      success,
+      startDate,
+      endDate,
+    } = filter;
+
+    const conditions = [];
+    if (userId) conditions.push(eq(auditLogs.userId, userId));
+    if (action) {
+      if (Array.isArray(action)) {
+        conditions.push(sql`${auditLogs.action} = ANY(${action})`);
+      } else {
+        conditions.push(eq(auditLogs.action, action));
+      }
+    }
+    if (success !== undefined) conditions.push(eq(auditLogs.success, success));
+    if (startDate) conditions.push(sql`${auditLogs.createdAt} >= ${startDate}`);
+    if (endDate) conditions.push(sql`${auditLogs.createdAt} <= ${endDate}`);
+
+    const whereClause = conditions.length > 0 ? and(...conditions) : undefined;
+
+    const countResult = await this.db
+      .select({ count: sql<number>`count(*)` })
+      .from(auditLogs)
+      .where(whereClause);
+
+    const logs = await this.db
+      .select()
+      .from(auditLogs)
+      .where(whereClause)
+      .orderBy(desc(auditLogs.createdAt))
+      .limit(limit)
+      .offset(offset);
+
+    return {
+      logs: logs.map((log) => ({
+        id: log.id,
+        timestamp: log.createdAt,
+        action: log.action as AuditLog["action"],
+        userId: log.userId || undefined,
+        userEmail: log.userEmail || undefined,
+        role: log.role || undefined,
+        resource: log.resource,
+        ipAddress: log.ipAddress || undefined,
+        userAgent: log.userAgent || undefined,
+        success: log.success,
+        error: log.error || undefined,
+        metadata: log.metadata || undefined,
+      })),
+      total: Number(countResult[0]?.count || 0),
+    };
+  }
+
+  async createAuditLog(
+    data: Omit<AuditLog, "id" | "timestamp">,
+  ): Promise<AuditLog> {
+    const id = this.generateId();
+    const timestamp = new Date();
+
+    await this.db.insert(auditLogs).values({
+      id,
+      action: data.action,
+      userId: data.userId,
+      userEmail: data.userEmail,
+      role: data.role,
+      resource: data.resource,
+      ipAddress: data.ipAddress,
+      userAgent: data.userAgent,
+      success: data.success,
+      error: data.error,
+      metadata: data.metadata,
+    });
+
+    return {
+      ...data,
+      id,
+      timestamp,
+    };
+  }
+}