npm - @naisys/erp - Versions diffs - 3.0.0-beta.22 → 3.0.0-beta.23 - Mend

@naisys/erp 3.0.0-beta.22 → 3.0.0-beta.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/client-dist/assets/{index-BJzK1WXg.js → index-DycEn-R_.js} +53 -25
package/client-dist/assets/{vendor-DlmcA82d.js → vendor-MNFI7PUp.js} +1339 -1
package/client-dist/index.html +2 -2
package/dist/erpServer.js +21 -45
package/dist/userService.js +15 -42
package/npm-shrinkwrap.json +4537 -0
package/package.json +7 -7

package/client-dist/index.html CHANGED Viewed

@@ -33,9 +33,9 @@
     <meta name="format-detection" content="telephone=no" />
     <title>NAISYS ERP</title>
-    <script type="module" crossorigin src="/erp/assets/index-BJzK1WXg.js"></script>
+    <script type="module" crossorigin src="/erp/assets/index-DycEn-R_.js"></script>
     <link rel="modulepreload" crossorigin href="/erp/assets/rolldown-runtime-CvHMtSRF.js">
-    <link rel="modulepreload" crossorigin href="/erp/assets/vendor-DlmcA82d.js">
+    <link rel="modulepreload" crossorigin href="/erp/assets/vendor-MNFI7PUp.js">
     <link rel="stylesheet" crossorigin href="/erp/assets/vendor-CLUPjUnv.css">
     <link rel="stylesheet" crossorigin href="/erp/assets/index-CSiMTJfw.css">
   </head>

package/dist/erpServer.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import "dotenv/config";
 import "./schema-registry.js";
-import { cwdWithTilde, ensureDotEnv, expandNaisysFolder, runSetupWizard, } from "@naisys/common-node";
+import { cwdWithTilde, ensureDotEnv, expandNaisysFolder, promptSuperAdminPassword, runSetupWizard, } from "@naisys/common-node";
 expandNaisysFolder();
 // Important to load dotenv before any other imports, to ensure environment variables are available
 import cookie from "@fastify/cookie";
@@ -9,10 +9,10 @@ import multipart from "@fastify/multipart";
 import { fastifyRateLimit as rateLimit } from "@fastify/rate-limit";
 import staticFiles from "@fastify/static";
 import swagger from "@fastify/swagger";
-import { commonErrorHandler, registerLenientJsonParser, registerSecurityHeaders, } from "@naisys/common";
+import { commonErrorHandler, registerLenientJsonParser, registerSecurityHeaders, SUPER_ADMIN_USERNAME, } from "@naisys/common";
 import { createFileLogger } from "@naisys/common-node";
 import { createHubDatabaseClient, deployPrismaMigrations, } from "@naisys/hub-database";
-import { createSupervisorDatabaseClient, handleResetPassword, } from "@naisys/supervisor-database";
+import { createSupervisorDatabaseClient } from "@naisys/supervisor-database";
 import Fastify from "fastify";
 import { jsonSchemaTransform, jsonSchemaTransformObject, serializerCompiler, validatorCompiler, } from "fastify-type-provider-zod";
 import path from "path";
@@ -23,7 +23,7 @@ import { ERP_DB_VERSION, erpDbPath } from "./dbConfig.js";
 import { initErpDb } from "./erpDb.js";
 import { erpRoutes } from "./erpRoutes.js";
 import { isSupervisorAuth } from "./supervisorAuth.js";
-import { ensureLocalSuperAdmin, ensureSupervisorSuperAdmin, resetLocalPassword, } from "./userService.js";
+import { ensureLocalSuperAdmin, ensureSupervisorSuperAdmin, } from "./userService.js";
 export { enableSupervisorAuth } from "./supervisorAuth.js";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
@@ -31,7 +31,7 @@ const __dirname = path.dirname(__filename);
  * Fastify plugin that registers ERP routes and static files.
  * Can be used standalone or registered inside another Fastify app (e.g. supervisor).
  */
-export const erpPlugin = async (fastify) => {
+export const erpPlugin = async (fastify, opts) => {
     const isProd = process.env.NODE_ENV === "production";
     // Cookie plugin (guard for supervisor embedding)
     if (!fastify.hasDecorator("parseCookie")) {
@@ -66,7 +66,7 @@ export const erpPlugin = async (fastify) => {
         await ensureSupervisorSuperAdmin();
     }
     else {
-        await ensureLocalSuperAdmin();
+        await ensureLocalSuperAdmin(opts.superAdminPassword);
     }
     fastify.setErrorHandler(commonErrorHandler);
     registerAuthMiddleware(fastify);
@@ -125,7 +125,7 @@ export const erpPlugin = async (fastify) => {
         });
     }
 };
-async function startServer() {
+async function startServer(wizardRan) {
     const isProd = process.env.NODE_ENV === "production";
     const fastify = Fastify({
         pluginTimeout: 60_000,
@@ -159,7 +159,10 @@ async function startServer() {
     fastify.get("/", { schema: { hide: true } }, async (_request, reply) => {
         return reply.redirect("/erp/");
     });
-    await fastify.register(erpPlugin);
+    const superAdminPassword = wizardRan && !isSupervisorAuth()
+        ? await promptSuperAdminPassword("ERP Setup")
+        : undefined;
+    await fastify.register(erpPlugin, { superAdminPassword });
     const port = Number(process.env.SERVER_PORT) || 3302;
     const host = isProd ? "0.0.0.0" : "localhost";
     try {
@@ -167,6 +170,9 @@ async function startServer() {
         console.log(`[ERP] Running on http://${host}:${port}/erp`);
         console.log(`[ERP] API Reference: http://${host}:${port}/erp/api-reference`);
         console.log(`[ERP] Auth mode: ${isSupervisorAuth() ? "supervisor" : "standalone"}`);
+        if (!isSupervisorAuth()) {
+            console.log(`[ERP] Sign in as '${SUPER_ADMIN_USERNAME}' with the password set during setup. Use --setup to change it.`);
+        }
     }
     catch (err) {
         console.error("[ERP] Failed to start:", err);
@@ -191,43 +197,13 @@ if (process.argv[1] === fileURLToPath(import.meta.url)) {
         ],
     };
     const erpExampleUrl = new URL("../.env.example", import.meta.url);
-    if (process.argv.includes("--reset-password")) {
-        const usernameIdx = process.argv.indexOf("--username");
-        const passwordIdx = process.argv.indexOf("--password");
-        const username = usernameIdx !== -1 ? process.argv[usernameIdx + 1] : undefined;
-        const password = passwordIdx !== -1 ? process.argv[passwordIdx + 1] : undefined;
-        await initErpDb();
-        if (isSupervisorAuth()) {
-            void handleResetPassword({
-                findLocalUser: async (username) => {
-                    const prisma = (await import("./erpDb.js")).default;
-                    const user = await prisma.user.findUnique({ where: { username } });
-                    return user
-                        ? { id: user.id, username: user.username, uuid: user.uuid }
-                        : null;
-                },
-                updateLocalPassword: async (userId, passwordHash) => {
-                    const prisma = (await import("./erpDb.js")).default;
-                    await prisma.user.update({
-                        where: { id: userId },
-                        data: { passwordHash },
-                    });
-                },
-                username,
-                password,
-            });
-        }
-        else {
-            void resetLocalPassword();
-        }
-    }
-    else {
-        if (process.argv.includes("--setup")) {
-            await runSetupWizard(path.resolve(".env"), erpExampleUrl, erpWizardConfig);
-            expandNaisysFolder();
-        }
-        await ensureDotEnv(erpExampleUrl, erpWizardConfig);
-        void startServer();
+    let wizardRan = false;
+    if (process.argv.includes("--setup")) {
+        wizardRan = await runSetupWizard(path.resolve(".env"), erpExampleUrl, erpWizardConfig);
+        expandNaisysFolder();
     }
+    wizardRan =
+        (await ensureDotEnv(erpExampleUrl, erpWizardConfig)) || wizardRan;
+    void startServer(wizardRan);
 }
 //# sourceMappingURL=erpServer.js.map

package/dist/userService.js CHANGED Viewed

@@ -2,24 +2,30 @@ import { SUPER_ADMIN_USERNAME } from "@naisys/common";
 import { ensureSuperAdmin } from "@naisys/supervisor-database";
 import bcrypt from "bcryptjs";
 import { randomBytes, randomUUID } from "crypto";
-import readline from "readline/promises";
 import erpDb from "./erpDb.js";
 const SALT_ROUNDS = 10;
 /**
  * Ensure a superadmin user exists in the local ERP database.
+ * If a password is supplied, it is used on create and updates the existing one if present.
  * For standalone mode (no supervisor auth).
  */
-export async function ensureLocalSuperAdmin() {
+export async function ensureLocalSuperAdmin(password) {
     const existing = await erpDb.user.findUnique({
         where: { username: SUPER_ADMIN_USERNAME },
     });
     if (existing) {
-        // Ensure superadmin has erp_admin permission
         await ensureErpAdminPermission(existing.id);
+        if (password) {
+            const hash = await bcrypt.hash(password, SALT_ROUNDS);
+            await erpDb.user.update({
+                where: { id: existing.id },
+                data: { passwordHash: hash },
+            });
+        }
     }
     else {
-        const password = randomUUID().slice(0, 8);
-        const hash = await bcrypt.hash(password, SALT_ROUNDS);
+        const finalPassword = password || randomUUID().slice(0, 8);
+        const hash = await bcrypt.hash(finalPassword, SALT_ROUNDS);
         const user = await erpDb.user.create({
             data: {
                 uuid: randomUUID(),
@@ -29,8 +35,10 @@ export async function ensureLocalSuperAdmin() {
             },
         });
         await ensureErpAdminPermission(user.id);
-        console.log(`\n  ${SUPER_ADMIN_USERNAME} user created. Password: ${password}`);
-        console.log(`  Change it via --reset-password\n`);
+        if (!password) {
+            console.log(`\n  ${SUPER_ADMIN_USERNAME} user created. Password: ${finalPassword}`);
+            console.log(`  Change it via the admin UI or with --setup\n`);
+        }
     }
     // Warn if agent users exist without supervisor auth
     const agentCount = await erpDb.user.count({ where: { isAgent: true } });
@@ -66,9 +74,6 @@ export async function ensureSupervisorSuperAdmin() {
     if (localSuperAdmin) {
         await ensureErpAdminPermission(localSuperAdmin.id);
     }
-    if (result.created) {
-        console.log(`[ERP] ${SUPER_ADMIN_USERNAME} user created. Password: ${result.generatedPassword}`);
-    }
 }
 /**
  * Ensure a user has the erp_admin permission.
@@ -83,36 +88,4 @@ export async function ensureErpAdminPermission(userId) {
         });
     }
 }
-/**
- * Interactive CLI to reset a local user's password.
- * For standalone mode (no supervisor auth).
- */
-export async function resetLocalPassword() {
-    const rl = readline.createInterface({
-        input: process.stdin,
-        output: process.stdout,
-    });
-    try {
-        const username = await rl.question("Username: ");
-        const user = await erpDb.user.findUnique({ where: { username } });
-        if (!user) {
-            console.error(`User '${username}' not found.`);
-            process.exit(1);
-        }
-        const password = await rl.question("New password: ");
-        if (password.length < 6) {
-            console.error("Password must be at least 6 characters.");
-            process.exit(1);
-        }
-        const hash = await bcrypt.hash(password, SALT_ROUNDS);
-        await erpDb.user.update({
-            where: { id: user.id },
-            data: { passwordHash: hash },
-        });
-        console.log(`Password reset for '${username}'.`);
-    }
-    finally {
-        rl.close();
-    }
-}
 //# sourceMappingURL=userService.js.map