@naisys/erp 3.0.0-beta.36 → 3.0.0-beta.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/auth-middleware.js +1 -1
  2. package/dist/routes/auth.js +5 -17
  3. package/dist/userService.js +3 -3
  4. package/npm-shrinkwrap.json +28 -28
  5. package/package.json +6 -6
package/dist/auth-middleware.js CHANGED
@@ -83,7 +83,7 @@ export function registerAuthMiddleware(fastify) {
83
83
  data: {
84
84
  uuid: session.uuid,
85
85
  username: session.username,
86
- passwordHash: session.passwordHash,
86
+ passwordHash: "!sso-passkey-only",
87
87
  },
88
88
  });
89
89
  }
package/dist/routes/auth.js CHANGED
@@ -1,6 +1,6 @@
1
1
  import { hashToken, SESSION_COOKIE_NAME, sessionCookieOptions, } from "@naisys/common-node";
2
2
  import { AuthUserSchema, ErrorResponseSchema, LoginRequestSchema, LoginResponseSchema, } from "@naisys/erp-shared";
3
- import { authenticateAndCreateSession, deleteSession, } from "@naisys/supervisor-database";
3
+ import { deleteSession } from "@naisys/supervisor-database";
4
4
  import bcrypt from "bcryptjs";
5
5
  import { randomUUID } from "crypto";
6
6
  import { authCache } from "../auth-middleware.js";
@@ -30,23 +30,11 @@ export default function authRoutes(fastify) {
30
30
  },
31
31
  handler: async (request, reply) => {
32
32
  const { username, password } = request.body;
33
- // SSO mode: authenticate against supervisor DB
33
+ // SSO mode: supervisor handles login via passkey. ERP doesn't accept
34
+ // password credentials at all — clients should authenticate against
35
+ // /supervisor/login and reuse the resulting session cookie here.
34
36
  if (isSupervisorAuth()) {
35
- const authResult = await authenticateAndCreateSession(username, password);
36
- if (!authResult) {
37
- return unauthorized(reply, "Invalid username or password");
38
- }
39
- const ssoData = {
40
- username,
41
- passwordHash: authResult.user.passwordHash,
42
- };
43
- const user = await erpDb.user.upsert({
44
- where: { uuid: authResult.user.uuid },
45
- create: { uuid: authResult.user.uuid, ...ssoData },
46
- update: ssoData,
47
- });
48
- reply.setCookie(SESSION_COOKIE_NAME, authResult.token, sessionCookieOptions(authResult.expiresAt));
49
- return { user: { id: user.id, username: user.username } };
37
+ return unauthorized(reply, "Sign in via the supervisor login page (passkey required)");
50
38
  }
51
39
  // Standalone mode: authenticate against local DB
52
40
  const user = await erpDb.user.findUnique({ where: { username } });
package/dist/userService.js CHANGED
@@ -50,7 +50,8 @@ export async function ensureLocalSuperAdmin(password) {
50
50
  }
51
51
  /**
52
52
  * Sync superadmin from supervisor into ERP DB and ensure permissions.
53
- * For supervisor auth mode.
53
+ * For supervisor auth mode. The supervisor uses passkey-only auth, so the
54
+ * mirrored ERP row stores a sentinel passwordHash that can never match.
54
55
  */
55
56
  export async function ensureSupervisorSuperAdmin() {
56
57
  const result = await ensureSuperAdmin();
@@ -59,12 +60,11 @@ export async function ensureSupervisorSuperAdmin() {
59
60
  create: {
60
61
  uuid: result.user.uuid,
61
62
  username: result.user.username,
62
- passwordHash: result.user.passwordHash,
63
+ passwordHash: "!sso-passkey-only",
63
64
  apiKey: result.user.apiKey,
64
65
  },
65
66
  update: {
66
67
  username: result.user.username,
67
- passwordHash: result.user.passwordHash,
68
68
  apiKey: result.user.apiKey,
69
69
  },
70
70
  });
package/npm-shrinkwrap.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "@naisys/erp",
3
- "version": "3.0.0-beta.36",
3
+ "version": "3.0.0-beta.37",
4
4
  "lockfileVersion": 3,
5
5
  "requires": true,
6
6
  "packages": {
7
7
  "": {
8
8
  "name": "@naisys/erp",
9
- "version": "3.0.0-beta.36",
9
+ "version": "3.0.0-beta.37",
10
10
  "dependencies": {
11
11
  "@fastify/cookie": "^11.0.2",
12
12
  "@fastify/cors": "^11.2.0",
@@ -14,11 +14,11 @@
14
14
  "@fastify/rate-limit": "^10.3.0",
15
15
  "@fastify/static": "^9.0.0",
16
16
  "@fastify/swagger": "^9.7.0",
17
- "@naisys/common": "3.0.0-beta.36",
18
- "@naisys/common-node": "3.0.0-beta.36",
19
- "@naisys/erp-shared": "3.0.0-beta.36",
20
- "@naisys/hub-database": "3.0.0-beta.36",
21
- "@naisys/supervisor-database": "3.0.0-beta.36",
17
+ "@naisys/common": "3.0.0-beta.37",
18
+ "@naisys/common-node": "3.0.0-beta.37",
19
+ "@naisys/erp-shared": "3.0.0-beta.37",
20
+ "@naisys/hub-database": "3.0.0-beta.37",
21
+ "@naisys/supervisor-database": "3.0.0-beta.37",
22
22
  "@prisma/adapter-better-sqlite3": "^7.5.0",
23
23
  "@prisma/client": "^7.5.0",
24
24
  "@scalar/fastify-api-reference": "^1.48.7",
@@ -394,41 +394,41 @@
394
394
  }
395
395
  },
396
396
  "node_modules/@naisys/common": {
397
- "version": "3.0.0-beta.36",
398
- "resolved": "https://registry.npmjs.org/@naisys/common/-/common-3.0.0-beta.36.tgz",
399
- "integrity": "sha512-a5EYqKvnL1Uy1pdslLZVMQERbo3ZtnMvhKa5B4GQJ/ziwM5zgMfbUFUEDniJRnta4dtIU5GxgzxBxmin+gMbhw==",
397
+ "version": "3.0.0-beta.37",
398
+ "resolved": "https://registry.npmjs.org/@naisys/common/-/common-3.0.0-beta.37.tgz",
399
+ "integrity": "sha512-b0XfCadaPcfewmK9b649WD+ZGB86Uk9BjTrx/tLSgd5Nbx7L6NuzTqTnDFScdeCmtyPk4oUGAzATmXwKTM8bew==",
400
400
  "dependencies": {
401
401
  "semver": "^7.7.4",
402
402
  "zod": "^4.3.6"
403
403
  }
404
404
  },
405
405
  "node_modules/@naisys/common-node": {
406
- "version": "3.0.0-beta.36",
407
- "resolved": "https://registry.npmjs.org/@naisys/common-node/-/common-node-3.0.0-beta.36.tgz",
408
- "integrity": "sha512-pgzHJuh6OH6wiNU4PRV8sSNaBqWCYateD7+tWHnwvDwVOzwce8ttLNtsK+NQzwQqp+vjPAMpfJ9yMqoOttXgbA==",
406
+ "version": "3.0.0-beta.37",
407
+ "resolved": "https://registry.npmjs.org/@naisys/common-node/-/common-node-3.0.0-beta.37.tgz",
408
+ "integrity": "sha512-V4yyA79G93OSqZ+6l5FWoMqnATE2It78VkGyziNTqcrv2CIf8UDGbds7hHV+bp/0VplNe6BrZ4P7quYvgyCeeQ==",
409
409
  "dependencies": {
410
- "@naisys/common": "3.0.0-beta.36",
410
+ "@naisys/common": "3.0.0-beta.37",
411
411
  "better-sqlite3": "^12.6.2",
412
412
  "js-yaml": "^4.1.1",
413
413
  "pino": "^10.3.1"
414
414
  }
415
415
  },
416
416
  "node_modules/@naisys/erp-shared": {
417
- "version": "3.0.0-beta.36",
418
- "resolved": "https://registry.npmjs.org/@naisys/erp-shared/-/erp-shared-3.0.0-beta.36.tgz",
419
- "integrity": "sha512-DWi2dnH4+BNst5MwNvhH4WOn/aesko9huhxKrrVQh5B7el/n5NEEcErNfkqreffkXoDx/nmQY4qboWKLP7LVIw==",
417
+ "version": "3.0.0-beta.37",
418
+ "resolved": "https://registry.npmjs.org/@naisys/erp-shared/-/erp-shared-3.0.0-beta.37.tgz",
419
+ "integrity": "sha512-CjHqdXX/kmrEROLdqiLK6kTIauK2InTiXfOjyhtTQRVrB3TPmhsnH4qtnFGCDu2G00o2l+D30YUGyFt0ZrQyVw==",
420
420
  "dependencies": {
421
- "@naisys/common": "3.0.0-beta.36",
421
+ "@naisys/common": "3.0.0-beta.37",
422
422
  "zod": "^4.3.6"
423
423
  }
424
424
  },
425
425
  "node_modules/@naisys/hub-database": {
426
- "version": "3.0.0-beta.36",
427
- "resolved": "https://registry.npmjs.org/@naisys/hub-database/-/hub-database-3.0.0-beta.36.tgz",
428
- "integrity": "sha512-FiJJCaOARun5jbTwX2VwXgEy5xDqlMi7X1ZSpxSn0jMv3dzniupCYYAYyO4muwXdFLNO2vMnhUdmhK/m2k7ouw==",
426
+ "version": "3.0.0-beta.37",
427
+ "resolved": "https://registry.npmjs.org/@naisys/hub-database/-/hub-database-3.0.0-beta.37.tgz",
428
+ "integrity": "sha512-PI8Jj4niCc6agObLWpP+Am8nrNcwAAk77/OmZmUWq1ZiBW+m5C60PFdfBvzLEZX/6G/JOb0VvI9oLpzFD6VRKg==",
429
429
  "dependencies": {
430
- "@naisys/common": "3.0.0-beta.36",
431
- "@naisys/common-node": "3.0.0-beta.36",
430
+ "@naisys/common": "3.0.0-beta.37",
431
+ "@naisys/common-node": "3.0.0-beta.37",
432
432
  "@prisma/adapter-better-sqlite3": "^7.5.0",
433
433
  "@prisma/client": "^7.5.0",
434
434
  "better-sqlite3": "^12.6.2",
@@ -436,12 +436,12 @@
436
436
  }
437
437
  },
438
438
  "node_modules/@naisys/supervisor-database": {
439
- "version": "3.0.0-beta.36",
440
- "resolved": "https://registry.npmjs.org/@naisys/supervisor-database/-/supervisor-database-3.0.0-beta.36.tgz",
441
- "integrity": "sha512-VmMtvj9ady7AOP72q1f+HfloTKGSMMnseWm8Hy9xAXW0ZiNTVo7NqeN5RMDm0D/B1ePjvo0Rz8MVM2Xm7BLvmw==",
439
+ "version": "3.0.0-beta.37",
440
+ "resolved": "https://registry.npmjs.org/@naisys/supervisor-database/-/supervisor-database-3.0.0-beta.37.tgz",
441
+ "integrity": "sha512-NSbw5kbBYZIBB7aRkuhMfaARuU8P61RZK1ME1AlEL2UB0DMmXoys1MD49wC2hafP+/MV0B6miLAOIjfy7BAR1g==",
442
442
  "dependencies": {
443
- "@naisys/common": "3.0.0-beta.36",
444
- "@naisys/common-node": "3.0.0-beta.36",
443
+ "@naisys/common": "3.0.0-beta.37",
444
+ "@naisys/common-node": "3.0.0-beta.37",
445
445
  "@prisma/adapter-better-sqlite3": "^7.5.0",
446
446
  "@prisma/client": "^7.5.0",
447
447
  "bcryptjs": "^3.0.2",
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@naisys/erp",
3
- "version": "3.0.0-beta.36",
3
+ "version": "3.0.0-beta.37",
4
4
  "description": "NAISYS ERP - Web UI for AI-driven order and work management",
5
5
  "type": "module",
6
6
  "main": "dist/erpServer.js",
@@ -46,11 +46,11 @@
46
46
  "@fastify/rate-limit": "^10.3.0",
47
47
  "@fastify/static": "^9.0.0",
48
48
  "@fastify/swagger": "^9.7.0",
49
- "@naisys/common": "3.0.0-beta.36",
50
- "@naisys/common-node": "3.0.0-beta.36",
51
- "@naisys/erp-shared": "3.0.0-beta.36",
52
- "@naisys/hub-database": "3.0.0-beta.36",
53
- "@naisys/supervisor-database": "3.0.0-beta.36",
49
+ "@naisys/common": "3.0.0-beta.37",
50
+ "@naisys/common-node": "3.0.0-beta.37",
51
+ "@naisys/erp-shared": "3.0.0-beta.37",
52
+ "@naisys/hub-database": "3.0.0-beta.37",
53
+ "@naisys/supervisor-database": "3.0.0-beta.37",
54
54
  "@prisma/adapter-better-sqlite3": "^7.5.0",
55
55
  "@prisma/client": "^7.5.0",
56
56
  "@scalar/fastify-api-reference": "^1.48.7",