npm - @kyro-cms/core - Versions diffs - 0.1.2 → 0.1.3 - Mend

@kyro-cms/core 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -18,8 +18,8 @@ Kyro is built for **Astro** from the ground up. Unlike other CMS solutions that
 ### Key Features
-- **Local-First** - SQLite for zero-config development, no external database needed
-- **Multi-Database** - SQLite, PostgreSQL, MySQL, MongoDB via unified adapter interface
+- **Zero-Config Development** - SQLite by default for instant setup, no external dependencies
+- **Multi-Database** - SQLite (dev), PostgreSQL, MySQL, MongoDB via unified adapter interface
 - **Multi-Protocol API** - REST, GraphQL, tRPC, and WebSocket from a single config
 - **Multi-Vendor** - Built-in tenant scoping and row-level access control
 - **E-Commerce Ready** - Products, orders, customers, inventory, coupons out of the box
@@ -83,7 +83,7 @@ export default defineConfig({
 ## Database Adapters
-### SQLite (Local-First)
+### SQLite (Default for Development)
 ```typescript
 import { localAdapter } from "@kyro-cms/core";
@@ -93,7 +93,7 @@ const adapter = localAdapter({
 });
 ```
-Perfect for development and small projects. Zero configuration required.
+Perfect for development and small projects. Zero configuration required - no external services needed.
 ### PostgreSQL/MySQL (Production)
@@ -292,14 +292,17 @@ const kyro = createKyro({
 ## Authentication
-Built-in JWT authentication with Redis sessions and PostgreSQL support:
+Built-in JWT authentication with multiple storage options:
 ```typescript
-import { RedisAuthAdapter } from "@kyro-cms/core";
+import { RedisAuthAdapter, SQLiteAuthAdapter } from "@kyro-cms/core";
 import { createAuthConfig } from "@kyro-cms/core";
-// Use Redis for sessions (recommended)
-const adapter = new RedisAuthAdapter({
+// Use SQLite for development (zero-config, default)
+const adapter = new SQLiteAuthAdapter({ path: "./data.db" });
+// Use Redis for sessions (recommended for production)
+const redisAdapter = new RedisAuthAdapter({
   url: process.env.REDIS_URL,
   tls: process.env.REDIS_TLS === "true",
 });
@@ -318,8 +321,7 @@ const { redis, routes, passwordPolicy, lockout } = authConfig;
 ### Authentication Features
 - **JWT Tokens** - 24h expiry with refresh token support
-- **Redis Sessions** - Fast session storage with Redis Cloud support
-- **PostgreSQL Storage** - Production-ready with Drizzle ORM
+- **Multiple Storage Options** - SQLite (dev), Redis, PostgreSQL via unified adapter interface
 - **Password Policy** - 12+ chars, complexity requirements, history check
 - **Account Lockout** - 5 failed attempts → 15 minute lockout
 - **Rate Limiting** - Per-IP and per-user limits

package/dist/index.cjs CHANGED Viewed

@@ -15,14 +15,16 @@ var chunkHT6VE4NW_cjs = require('./chunk-HT6VE4NW.cjs');
 var chunkRLTG4YZM_cjs = require('./chunk-RLTG4YZM.cjs');
 require('./chunk-Q7SFCCGT.cjs');
 var zod = require('zod');
-var bcrypt = require('bcrypt');
+var bcrypt2 = require('bcrypt');
 var jwt2 = require('jsonwebtoken');
+var bcrypt = require('bcryptjs');
 var crypto = require('crypto');
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
-var bcrypt__default = /*#__PURE__*/_interopDefault(bcrypt);
+var bcrypt2__default = /*#__PURE__*/_interopDefault(bcrypt2);
 var jwt2__default = /*#__PURE__*/_interopDefault(jwt2);
+var bcrypt__default = /*#__PURE__*/_interopDefault(bcrypt);
 // src/registry/validator.ts
 var ConfigValidationError = class extends Error {
@@ -1999,6 +2001,277 @@ var defaultFieldStyling = {
     }
   }
 };
+var SQLiteAuthAdapter = class {
+  db = null;
+  path;
+  saltRounds;
+  externalDb;
+  constructor(options = {}) {
+    this.path = options.path || "./data.db";
+    this.saltRounds = options.saltRounds || 12;
+    this.externalDb = !!options.db;
+    if (options.db) {
+      this.db = options.db;
+    }
+  }
+  async connect() {
+    if (this.db) return;
+    const Database = (await import('better-sqlite3')).default;
+    this.db = new Database(this.path);
+    this.db.pragma("journal_mode = WAL");
+    this.db.pragma("foreign_keys = ON");
+    this.ensureTables();
+  }
+  async disconnect() {
+    if (this.db && !this.externalDb) {
+      this.db.close();
+      this.db = null;
+    }
+  }
+  ensureTables() {
+    if (!this.db) return;
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS kyro_users (
+        id TEXT PRIMARY KEY,
+        email TEXT UNIQUE NOT NULL,
+        password_hash TEXT NOT NULL,
+        role TEXT NOT NULL DEFAULT 'customer',
+        tenant_id TEXT,
+        email_verified INTEGER DEFAULT 0,
+        locked INTEGER DEFAULT 0,
+        last_login TEXT,
+        failed_login_attempts INTEGER DEFAULT 0,
+        locked_until TEXT,
+        created_at TEXT NOT NULL,
+        updated_at TEXT NOT NULL
+      );
+      CREATE TABLE IF NOT EXISTS kyro_sessions (
+        id TEXT PRIMARY KEY,
+        user_id TEXT NOT NULL,
+        token TEXT NOT NULL,
+        refresh_token TEXT,
+        expires_at TEXT NOT NULL,
+        created_at TEXT NOT NULL,
+        ip_address TEXT,
+        user_agent TEXT,
+        FOREIGN KEY (user_id) REFERENCES kyro_users(id) ON DELETE CASCADE
+      );
+      CREATE TABLE IF NOT EXISTS kyro_password_history (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        user_id TEXT NOT NULL,
+        password_hash TEXT NOT NULL,
+        created_at TEXT NOT NULL,
+        FOREIGN KEY (user_id) REFERENCES kyro_users(id) ON DELETE CASCADE
+      );
+      CREATE INDEX IF NOT EXISTS idx_kyro_users_email ON kyro_users(email);
+      CREATE INDEX IF NOT EXISTS idx_kyro_sessions_user_id ON kyro_sessions(user_id);
+      CREATE INDEX IF NOT EXISTS idx_kyro_sessions_token ON kyro_sessions(token);
+      CREATE INDEX IF NOT EXISTS idx_kyro_sessions_refresh_token ON kyro_sessions(refresh_token);
+      CREATE INDEX IF NOT EXISTS idx_kyro_password_history_user_id ON kyro_password_history(user_id);
+    `);
+  }
+  async createUser(data) {
+    if (!this.db) throw new Error("Not connected");
+    const id = crypto.randomBytes(16).toString("hex");
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const user = {
+      id,
+      email: data.email.toLowerCase(),
+      passwordHash: data.passwordHash,
+      role: data.role || "customer",
+      tenantId: data.tenantId,
+      createdAt: now,
+      updatedAt: now
+    };
+    this.db.prepare(
+      `INSERT INTO kyro_users (id, email, password_hash, role, tenant_id, created_at, updated_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?)`
+    ).run(
+      id,
+      user.email,
+      user.passwordHash,
+      user.role,
+      user.tenantId,
+      now,
+      now
+    );
+    return user;
+  }
+  async findUserByEmail(email) {
+    if (!this.db) throw new Error("Not connected");
+    const row = this.db.prepare("SELECT * FROM kyro_users WHERE email = ?").get(email.toLowerCase());
+    if (!row) return null;
+    return this.rowToUser(row);
+  }
+  async findUserById(userId) {
+    if (!this.db) throw new Error("Not connected");
+    const row = this.db.prepare("SELECT * FROM kyro_users WHERE id = ?").get(userId);
+    if (!row) return null;
+    return this.rowToUser(row);
+  }
+  async updateUser(userId, data) {
+    if (!this.db) throw new Error("Not connected");
+    const existing = await this.findUserById(userId);
+    if (!existing) return null;
+    const updates = [];
+    const values = [];
+    if (data.email !== void 0) {
+      updates.push("email = ?");
+      values.push(data.email.toLowerCase());
+    }
+    if (data.passwordHash !== void 0) {
+      updates.push("password_hash = ?");
+      values.push(data.passwordHash);
+    }
+    if (data.role !== void 0) {
+      updates.push("role = ?");
+      values.push(data.role);
+    }
+    if (data.tenantId !== void 0) {
+      updates.push("tenant_id = ?");
+      values.push(data.tenantId);
+    }
+    if (data.emailVerified !== void 0) {
+      updates.push("email_verified = ?");
+      values.push(data.emailVerified ? 1 : 0);
+    }
+    if (data.locked !== void 0) {
+      updates.push("locked = ?");
+      values.push(data.locked ? 1 : 0);
+    }
+    if (data.lastLogin !== void 0) {
+      updates.push("last_login = ?");
+      values.push(data.lastLogin);
+    }
+    if (data.failedLoginAttempts !== void 0) {
+      updates.push("failed_login_attempts = ?");
+      values.push(data.failedLoginAttempts);
+    }
+    updates.push("updated_at = ?");
+    values.push((/* @__PURE__ */ new Date()).toISOString());
+    values.push(userId);
+    this.db.prepare(`UPDATE kyro_users SET ${updates.join(", ")} WHERE id = ?`).run(...values);
+    return this.findUserById(userId);
+  }
+  async deleteUser(userId) {
+    if (!this.db) throw new Error("Not connected");
+    const result = this.db.prepare("DELETE FROM kyro_users WHERE id = ?").run(userId);
+    return result.changes > 0;
+  }
+  async hashPassword(password) {
+    return bcrypt__default.default.hash(password, this.saltRounds);
+  }
+  async verifyPassword(password, hash) {
+    return bcrypt__default.default.compare(password, hash);
+  }
+  async createSession(userId, data = {}) {
+    if (!this.db) throw new Error("Not connected");
+    const id = crypto.randomBytes(32).toString("hex");
+    const token = crypto.randomBytes(32).toString("base64url");
+    const refreshToken = crypto.randomBytes(32).toString("base64url");
+    const now = /* @__PURE__ */ new Date();
+    const expiresAt = new Date(now.getTime() + 864e5).toISOString();
+    const session = {
+      id,
+      userId,
+      token,
+      refreshToken,
+      expiresAt,
+      createdAt: now.toISOString(),
+      ipAddress: data.ipAddress,
+      userAgent: data.userAgent
+    };
+    this.db.prepare(
+      `INSERT INTO kyro_sessions (id, user_id, token, refresh_token, expires_at, created_at, ip_address, user_agent)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?)`
+    ).run(
+      session.id,
+      session.userId,
+      session.token,
+      session.refreshToken,
+      session.expiresAt,
+      session.createdAt,
+      session.ipAddress,
+      session.userAgent
+    );
+    return session;
+  }
+  async findSessionByToken(token) {
+    if (!this.db) throw new Error("Not connected");
+    const row = this.db.prepare("SELECT * FROM kyro_sessions WHERE token = ?").get(token);
+    if (!row) return null;
+    return this.rowToSession(row);
+  }
+  async findSessionByRefreshToken(refreshToken) {
+    if (!this.db) throw new Error("Not connected");
+    const row = this.db.prepare("SELECT * FROM kyro_sessions WHERE refresh_token = ?").get(refreshToken);
+    if (!row) return null;
+    return this.rowToSession(row);
+  }
+  async deleteSession(sessionId) {
+    if (!this.db) throw new Error("Not connected");
+    const result = this.db.prepare("DELETE FROM kyro_sessions WHERE id = ? OR token = ?").run(sessionId, sessionId);
+    return result.changes > 0;
+  }
+  async deleteUserSessions(userId) {
+    if (!this.db) throw new Error("Not connected");
+    const result = this.db.prepare("DELETE FROM kyro_sessions WHERE user_id = ?").run(userId);
+    return result.changes;
+  }
+  async hasAnyUsers() {
+    if (!this.db) throw new Error("Not connected");
+    const row = this.db.prepare("SELECT COUNT(*) as count FROM kyro_users").get();
+    return row.count > 0;
+  }
+  async addPasswordToHistory(userId, passwordHash) {
+    if (!this.db) throw new Error("Not connected");
+    this.db.prepare(
+      "INSERT INTO kyro_password_history (user_id, password_hash, created_at) VALUES (?, ?, ?)"
+    ).run(userId, passwordHash, (/* @__PURE__ */ new Date()).toISOString());
+    this.db.prepare(
+      `DELETE FROM kyro_password_history WHERE id IN (
+          SELECT id FROM kyro_password_history WHERE user_id = ? ORDER BY created_at DESC LIMIT -1 OFFSET 5
+        )`
+    ).run(userId);
+  }
+  async getPasswordHistory(userId, count = 5) {
+    if (!this.db) throw new Error("Not connected");
+    const rows = this.db.prepare(
+      "SELECT password_hash FROM kyro_password_history WHERE user_id = ? ORDER BY created_at DESC LIMIT ?"
+    ).all(userId, count);
+    return rows.map((r) => r.password_hash);
+  }
+  rowToUser(row) {
+    return {
+      id: row.id,
+      email: row.email,
+      passwordHash: row.password_hash,
+      role: row.role,
+      tenantId: row.tenant_id,
+      emailVerified: row.email_verified === 1,
+      locked: row.locked === 1,
+      lastLogin: row.last_login,
+      failedLoginAttempts: row.failed_login_attempts || 0,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at
+    };
+  }
+  rowToSession(row) {
+    return {
+      id: row.id,
+      userId: row.user_id,
+      token: row.token,
+      refreshToken: row.refresh_token,
+      expiresAt: row.expires_at,
+      createdAt: row.created_at,
+      ipAddress: row.ip_address,
+      userAgent: row.user_agent
+    };
+  }
+};
 // src/auth/security/lockout.ts
 var DEFAULT_LOCKOUT_CONFIG = {
@@ -3218,7 +3491,7 @@ var Auth = class {
     return jwt2__default.default.sign(payload, this.config.secret, signOptions);
   }
   async hashPassword(password) {
-    return bcrypt__default.default.hash(password, this.config.saltRounds);
+    return bcrypt2__default.default.hash(password, this.config.saltRounds);
   }
   parseExpiresIn(value) {
     if (typeof value === "number") return value;
@@ -3635,6 +3908,7 @@ exports.RateLimiter = RateLimiter;
 exports.Registry = Registry;
 exports.ReviewsPlugin = ReviewsPlugin;
 exports.SEOPLugin = SEOPLugin;
+exports.SQLiteAuthAdapter = SQLiteAuthAdapter;
 exports.VersionManager = VersionManager;
 exports.WishlistPlugin = WishlistPlugin;
 exports.authConfig = authConfig;