@kyro-cms/core 0.3.2 → 0.3.4

package/dist/chunk-BQ2T4WRS.js

@@ -0,0 +1,140 @@
+import { SQLiteAuthAdapter, PasswordPolicy, EmailTransport } from './chunk-RYDGMBIG.js';
+
+// src/auth/bootstrap.ts
+async function bootstrapAdmin(config) {
+  const {
+    adminEmail,
+    adminPassword,
+    adminRole = "super_admin",
+    tenantId,
+    emailConfig,
+    sendWelcomeEmail = false
+  } = config;
+  const authAdapter = config.authAdapter || new SQLiteAuthAdapter({
+    path: config.authDbPath || "./data/auth.db"
+  });
+  try {
+    await authAdapter.connect?.();
+  } catch (error) {
+    return {
+      success: false,
+      error: "Failed to connect to auth storage"
+    };
+  }
+  const passwordPolicy = new PasswordPolicy();
+  const passwordValidation = passwordPolicy.validate(adminPassword);
+  if (!passwordValidation.valid) {
+    await authAdapter.disconnect?.();
+    return {
+      success: false,
+      error: `Invalid password: ${passwordValidation.errors.join(", ")}`
+    };
+  }
+  const existingUser = await authAdapter.findUserByEmail(adminEmail);
+  if (existingUser) {
+    await authAdapter.disconnect?.();
+    return {
+      success: false,
+      error: "Admin user already exists"
+    };
+  }
+  try {
+    const user = await authAdapter.createUser({
+      email: adminEmail,
+      password: adminPassword,
+      role: adminRole || "admin",
+      tenantId
+    });
+    if (sendWelcomeEmail && emailConfig) {
+      const emailTransport = new EmailTransport(emailConfig);
+      const templates = emailTransport.getTemplates();
+      const welcomeTemplate = templates.welcome(adminEmail.split("@")[0]);
+      await emailTransport.send({
+        to: adminEmail,
+        ...welcomeTemplate
+      });
+    }
+    await authAdapter.disconnect?.();
+    return {
+      success: true,
+      user
+    };
+  } catch (error) {
+    await authAdapter.disconnect?.();
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : "Failed to create admin user"
+    };
+  }
+}
+async function checkBootstrapRequired(authAdapter, adminEmail) {
+  const existingUser = await authAdapter.findUserByEmail(adminEmail);
+  return !existingUser;
+}
+function getBootstrapFromEnv() {
+  const email = process.env.KYRO_ADMIN_EMAIL;
+  const password = process.env.KYRO_ADMIN_PASSWORD;
+  if (!email || !password) {
+    return null;
+  }
+  return {
+    authDbPath: process.env.KYRO_AUTH_DB_PATH || "./data/auth.db",
+    adminEmail: email,
+    adminPassword: password,
+    adminRole: process.env.KYRO_ADMIN_ROLE || "super_admin",
+    tenantId: process.env.KYRO_ADMIN_TENANT_ID,
+    emailConfig: process.env.SMTP_HOST ? {
+      provider: "smtp",
+      smtp: {
+        host: process.env.SMTP_HOST,
+        port: parseInt(process.env.SMTP_PORT || "587", 10),
+        secure: process.env.SMTP_SECURE === "true",
+        auth: {
+          user: process.env.SMTP_USER || "",
+          pass: process.env.SMTP_PASS || ""
+        }
+      },
+      from: process.env.SMTP_FROM || "noreply@example.com",
+      fromName: process.env.SMTP_FROM_NAME
+    } : void 0,
+    sendWelcomeEmail: process.env.KYRO_ADMIN_SEND_WELCOME === "true"
+  };
+}
+async function autoBootstrap() {
+  const config = getBootstrapFromEnv();
+  if (!config) {
+    return null;
+  }
+  console.log("Auto-bootstrapping admin user...");
+  const result = await bootstrapAdmin(config);
+  if (result.success) {
+    console.log(`Admin user created: ${config.adminEmail}`);
+  } else {
+    console.error(`Bootstrap failed: ${result.error}`);
+  }
+  return result;
+}
+async function bootstrapWithRetry(config, maxRetries = 3, retryDelayMs = 2e3) {
+  let lastError = "";
+  for (let i = 0; i < maxRetries; i++) {
+    const result = await bootstrapAdmin(config);
+    if (result.success) {
+      return result;
+    }
+    lastError = result.error || "Unknown error";
+    if (lastError.includes("already exists")) {
+      return result;
+    }
+    if (i < maxRetries - 1) {
+      await new Promise((resolve) => setTimeout(resolve, retryDelayMs));
+    }
+  }
+  return {
+    success: false,
+    error: `Failed after ${maxRetries} retries: ${lastError}`
+  };
+}
+
+export { autoBootstrap, bootstrapAdmin, bootstrapWithRetry, checkBootstrapRequired, getBootstrapFromEnv };
+//# sourceMappingURL=chunk-BQ2T4WRS.js.map
+//# sourceMappingURL=chunk-BQ2T4WRS.js.map

package/dist/chunk-BQ2T4WRS.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/bootstrap.ts"],"names":[],"mappings":";;;AAsBA,eAAsB,eACpB,MAAA,EAC0B;AAC1B,EAAA,MAAM;AAAA,IACJ,UAAA;AAAA,IACA,aAAA;AAAA,IACA,SAAA,GAAY,aAAA;AAAA,IACZ,QAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA,GAAmB;AAAA,GACrB,GAAI,MAAA;AAEJ,EAAA,MAAM,WAAA,GACJ,MAAA,CAAO,WAAA,IACP,IAAI,iBAAA,CAAkB;AAAA,IACpB,IAAA,EAAM,OAAO,UAAA,IAAc;AAAA,GAC5B,CAAA;AAEH,EAAA,IAAI;AACF,IAAA,MAAM,YAAY,OAAA,IAAU;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,EAAe;AAC1C,EAAA,MAAM,kBAAA,GAAqB,cAAA,CAAe,QAAA,CAAS,aAAa,CAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,KAAA,EAAO;AAC7B,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,OAAO,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KAClE;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,MAAM,WAAA,CAAY,UAAA,CAAW;AAAA,MACxC,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,aAAA;AAAA,MACV,MAAO,SAAA,IAA0B,OAAA;AAAA,MACjC;AAAA,KACD,CAAA;AAED,IAAA,IAAI,oBAAoB,WAAA,EAAa;AACnC,MAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,CAAe,WAAW,CAAA;AACrD,MAAA,MAAM,SAAA,GAAY,eAAe,YAAA,EAAa;AAC9C,MAAA,MAAM,eAAA,GAAkB,UAAU,OAAA,CAAQ,UAAA,CAAW,MAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA;AAClE,MAAA,MAAM,eAAe,IAAA,CAAK;AAAA,QACxB,EAAA,EAAI,UAAA;AAAA,QACJ,GAAG;AAAA,OACJ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EACE,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAC7C;AAAA,EACF;AACF;AAEA,eAAsB,sBAAA,CACpB,aACA,UAAA,EACkB;AAClB,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,OAAO,CAAC,YAAA;AACV;AAEO,SAAS,mBAAA,GAA8C;AAC5D,EAAA,MAAM,KAAA,GAAQ,QAAQ,GAAA,CAAI,gBAAA;AAC1B,EAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,mBAAA;AAE7B,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,QAAA,EAAU;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,OAAA,CAAQ,GAAA,CAAI,iBAAA,IAAqB,gBAAA;AAAA,IAC7C,UAAA,EAAY,KAAA;AAAA,IACZ,aAAA,EAAe,QAAA;AAAA,IACf,SAAA,EAAW,OAAA,CAAQ,GAAA,CAAI,eAAA,IAAmB,aAAA;AAAA,IAC1C,QAAA,EAAU,QAAQ,GAAA,CAAI,oBAAA;AAAA,IACtB,WAAA,EAAa,OAAA,CAAQ,GAAA,CAAI,SAAA,GACrB;AAAA,MACE,QAAA,EAAU,MAAA;AAAA,MACV,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM,QAAQ,GAAA,CAAI,SAAA;AAAA,QAClB,MAAM,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,OAAO,EAAE,CAAA;AAAA,QACjD,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,WAAA,KAAgB,MAAA;AAAA,QACpC,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,EAAA;AAAA,UAC/B,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa;AAAA;AACjC,OACF;AAAA,MACA,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,qBAAA;AAAA,MAC/B,QAAA,EAAU,QAAQ,GAAA,CAAI;AAAA,KACxB,GACA,MAAA;AAAA,IACJ,gBAAA,EAAkB,OAAA,CAAQ,GAAA,CAAI,uBAAA,KAA4B;AAAA,GAC5D;AACF;AAEA,eAAsB,aAAA,GAAiD;AACrE,EAAA,MAAM,SAAS,mBAAA,EAAoB;AACnC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,oBAAA,EAAuB,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EACxD,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,kBAAA,EAAqB,MAAA,CAAO,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,eAAsB,kBAAA,CACpB,MAAA,EACA,UAAA,GAAqB,CAAA,EACrB,eAAuB,GAAA,EACG;AAC1B,EAAA,IAAI,SAAA,GAAoB,EAAA;AAExB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,EAAY,CAAA,EAAA,EAAK;AACnC,IAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,SAAA,GAAY,OAAO,KAAA,IAAS,eAAA;AAE5B,IAAA,IAAI,SAAA,CAAU,QAAA,CAAS,gBAAgB,CAAA,EAAG;AACxC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAA,GAAI,aAAa,CAAA,EAAG;AACtB,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,KAAA;AAAA,IACT,KAAA,EAAO,CAAA,aAAA,EAAgB,UAAU,CAAA,UAAA,EAAa,SAAS,CAAA;AAAA,GACzD;AACF","file":"chunk-BQ2T4WRS.js","sourcesContent":["import { SQLiteAuthAdapter } from \"./sqlite-adapter.js\";\nimport { EmailTransport, type EmailConfig } from \"./nodemailer-transport.js\";\nimport { PasswordPolicy } from \"./security/password-policy.js\";\nimport type { AuthUser, UserRole, AuthAdapter } from \"./types.js\";\n\nexport interface BootstrapConfig {\n  authAdapter?: AuthAdapter;\n  authDbPath?: string;\n  adminEmail: string;\n  adminPassword: string;\n  adminRole?: string;\n  tenantId?: string;\n  emailConfig?: EmailConfig;\n  sendWelcomeEmail?: boolean;\n}\n\nexport interface BootstrapResult {\n  success: boolean;\n  user?: AuthUser;\n  error?: string;\n}\n\nexport async function bootstrapAdmin(\n  config: BootstrapConfig,\n): Promise<BootstrapResult> {\n  const {\n    adminEmail,\n    adminPassword,\n    adminRole = \"super_admin\",\n    tenantId,\n    emailConfig,\n    sendWelcomeEmail = false,\n  } = config;\n\n  const authAdapter =\n    config.authAdapter ||\n    new SQLiteAuthAdapter({\n      path: config.authDbPath || \"./data/auth.db\",\n    });\n\n  try {\n    await authAdapter.connect?.();\n  } catch (error) {\n    return {\n      success: false,\n      error: \"Failed to connect to auth storage\",\n    };\n  }\n\n  const passwordPolicy = new PasswordPolicy();\n  const passwordValidation = passwordPolicy.validate(adminPassword);\n  if (!passwordValidation.valid) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: `Invalid password: ${passwordValidation.errors.join(\", \")}`,\n    };\n  }\n\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  if (existingUser) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: \"Admin user already exists\",\n    };\n  }\n\n  try {\n    const user = await authAdapter.createUser({\n      email: adminEmail,\n      password: adminPassword,\n      role: (adminRole as UserRole) || \"admin\",\n      tenantId,\n    });\n\n    if (sendWelcomeEmail && emailConfig) {\n      const emailTransport = new EmailTransport(emailConfig);\n      const templates = emailTransport.getTemplates();\n      const welcomeTemplate = templates.welcome(adminEmail.split(\"@\")[0]);\n      await emailTransport.send({\n        to: adminEmail,\n        ...welcomeTemplate,\n      });\n    }\n\n    await authAdapter.disconnect?.();\n    return {\n      success: true,\n      user,\n    };\n  } catch (error) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error:\n        error instanceof Error ? error.message : \"Failed to create admin user\",\n    };\n  }\n}\n\nexport async function checkBootstrapRequired(\n  authAdapter: AuthAdapter,\n  adminEmail: string,\n): Promise<boolean> {\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  return !existingUser;\n}\n\nexport function getBootstrapFromEnv(): BootstrapConfig | null {\n  const email = process.env.KYRO_ADMIN_EMAIL;\n  const password = process.env.KYRO_ADMIN_PASSWORD;\n\n  if (!email || !password) {\n    return null;\n  }\n\n  return {\n    authDbPath: process.env.KYRO_AUTH_DB_PATH || \"./data/auth.db\",\n    adminEmail: email,\n    adminPassword: password,\n    adminRole: process.env.KYRO_ADMIN_ROLE || \"super_admin\",\n    tenantId: process.env.KYRO_ADMIN_TENANT_ID,\n    emailConfig: process.env.SMTP_HOST\n      ? {\n          provider: \"smtp\",\n          smtp: {\n            host: process.env.SMTP_HOST,\n            port: parseInt(process.env.SMTP_PORT || \"587\", 10),\n            secure: process.env.SMTP_SECURE === \"true\",\n            auth: {\n              user: process.env.SMTP_USER || \"\",\n              pass: process.env.SMTP_PASS || \"\",\n            },\n          },\n          from: process.env.SMTP_FROM || \"noreply@example.com\",\n          fromName: process.env.SMTP_FROM_NAME,\n        }\n      : undefined,\n    sendWelcomeEmail: process.env.KYRO_ADMIN_SEND_WELCOME === \"true\",\n  };\n}\n\nexport async function autoBootstrap(): Promise<BootstrapResult | null> {\n  const config = getBootstrapFromEnv();\n  if (!config) {\n    return null;\n  }\n\n  console.log(\"Auto-bootstrapping admin user...\");\n  const result = await bootstrapAdmin(config);\n\n  if (result.success) {\n    console.log(`Admin user created: ${config.adminEmail}`);\n  } else {\n    console.error(`Bootstrap failed: ${result.error}`);\n  }\n\n  return result;\n}\n\nexport async function bootstrapWithRetry(\n  config: BootstrapConfig,\n  maxRetries: number = 3,\n  retryDelayMs: number = 2000,\n): Promise<BootstrapResult> {\n  let lastError: string = \"\";\n\n  for (let i = 0; i < maxRetries; i++) {\n    const result = await bootstrapAdmin(config);\n\n    if (result.success) {\n      return result;\n    }\n\n    lastError = result.error || \"Unknown error\";\n\n    if (lastError.includes(\"already exists\")) {\n      return result;\n    }\n\n    if (i < maxRetries - 1) {\n      await new Promise((resolve) => setTimeout(resolve, retryDelayMs));\n    }\n  }\n\n  return {\n    success: false,\n    error: `Failed after ${maxRetries} retries: ${lastError}`,\n  };\n}\n"]}