npm - @objectstack/plugin-auth - Versions diffs - 7.5.0 → 7.6.0 - Mend

@objectstack/plugin-auth 7.5.0 → 7.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -89,6 +89,34 @@ declare class AuthPlugin implements Plugin {
     init(ctx: PluginContext): Promise<void>;
     start(ctx: PluginContext): Promise<void>;
     destroy(): Promise<void>;
+    /**
+     * Dev-only admin bootstrap.
+     *
+     * On an EMPTY database (zero users), provision a well-known, loginable
+     * admin (admin@objectos.ai / admin123 by default) so backend debugging
+     * never blocks on a first-run sign-up wizard. The account is created
+     * through better-auth's real server-side `signUpEmail` pipeline (hashed
+     * credential + the same hooks the HTTP endpoint runs), so it is fully
+     * loginable; plugin-security's first-user middleware then promotes it to
+     * platform admin automatically.
+     *
+     * This replaces two earlier, divergent seeds:
+     *   • the CLI-side HTTP seed (`os dev`), which POSTed the public sign-up
+     *     endpoint from the parent process — racing server readiness and
+     *     targeting a hard-coded port that broke under dev port auto-shift; and
+     *   • plugin-dev's raw `sys_user` insert, which produced a credential-less,
+     *     un-loginable row.
+     * Running it in-process needs no port and no readiness polling.
+     *
+     * Idempotent and non-destructive: it only ever acts on a zero-user DB and
+     * never touches an existing account, so a custom password is never
+     * overwritten.
+     *
+     * HARD-GATED to development (NODE_ENV==='development'): a known-credential
+     * admin can never be provisioned in production. Opt out within dev via
+     * OS_SEED_ADMIN=0 (or false/off/no).
+     */
+    private maybeSeedDevAdmin;
     /**
      * Register authentication routes with HTTP server
      *
@@ -203,6 +231,17 @@ interface AuthManagerOptions extends Partial<AuthConfig> {
 declare class AuthManager {
     private auth;
     private config;
+    /**
+     * Result of the dev-only admin seed (set by `AuthPlugin.maybeSeedDevAdmin`
+     * when it provisions the well-known admin on an empty DB). The `serve`
+     * command reads this after boot to surface the credentials in the startup
+     * banner. Undefined when no seed ran (production, opt-out, or a DB that
+     * already had a user).
+     */
+    devSeedResult?: {
+        email: string;
+        password: string;
+    };
     constructor(config: AuthManagerOptions);
     /**
      * Get or create the better-auth instance (lazy initialization)

package/dist/index.d.ts CHANGED Viewed

@@ -89,6 +89,34 @@ declare class AuthPlugin implements Plugin {
     init(ctx: PluginContext): Promise<void>;
     start(ctx: PluginContext): Promise<void>;
     destroy(): Promise<void>;
+    /**
+     * Dev-only admin bootstrap.
+     *
+     * On an EMPTY database (zero users), provision a well-known, loginable
+     * admin (admin@objectos.ai / admin123 by default) so backend debugging
+     * never blocks on a first-run sign-up wizard. The account is created
+     * through better-auth's real server-side `signUpEmail` pipeline (hashed
+     * credential + the same hooks the HTTP endpoint runs), so it is fully
+     * loginable; plugin-security's first-user middleware then promotes it to
+     * platform admin automatically.
+     *
+     * This replaces two earlier, divergent seeds:
+     *   • the CLI-side HTTP seed (`os dev`), which POSTed the public sign-up
+     *     endpoint from the parent process — racing server readiness and
+     *     targeting a hard-coded port that broke under dev port auto-shift; and
+     *   • plugin-dev's raw `sys_user` insert, which produced a credential-less,
+     *     un-loginable row.
+     * Running it in-process needs no port and no readiness polling.
+     *
+     * Idempotent and non-destructive: it only ever acts on a zero-user DB and
+     * never touches an existing account, so a custom password is never
+     * overwritten.
+     *
+     * HARD-GATED to development (NODE_ENV==='development'): a known-credential
+     * admin can never be provisioned in production. Opt out within dev via
+     * OS_SEED_ADMIN=0 (or false/off/no).
+     */
+    private maybeSeedDevAdmin;
     /**
      * Register authentication routes with HTTP server
      *
@@ -203,6 +231,17 @@ interface AuthManagerOptions extends Partial<AuthConfig> {
 declare class AuthManager {
     private auth;
     private config;
+    /**
+     * Result of the dev-only admin seed (set by `AuthPlugin.maybeSeedDevAdmin`
+     * when it provisions the well-known admin on an empty DB). The `serve`
+     * command reads this after boot to surface the credentials in the startup
+     * banner. Undefined when no seed ran (production, opt-out, or a DB that
+     * already had a user).
+     */
+    devSeedResult?: {
+        email: string;
+        password: string;
+    };
     constructor(config: AuthManagerOptions);
     /**
      * Get or create the better-auth instance (lazy initialization)

package/dist/index.js CHANGED Viewed

@@ -68,6 +68,7 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 // src/auth-plugin.ts
+var import_system3 = require("@objectstack/spec/system");
 var import_apps = require("@objectstack/platform-objects/apps");
 var import_pages = require("@objectstack/platform-objects/pages");
@@ -1572,6 +1573,9 @@ var AuthPlugin = class {
         }
       });
     }
+    ctx.hook("kernel:ready", async () => {
+      await this.maybeSeedDevAdmin(ctx);
+    });
     try {
       const ql = ctx.getService("objectql");
       if (ql && typeof ql.registerMiddleware === "function") {
@@ -1591,6 +1595,66 @@ var AuthPlugin = class {
   async destroy() {
     this.authManager = null;
   }
+  /**
+   * Dev-only admin bootstrap.
+   *
+   * On an EMPTY database (zero users), provision a well-known, loginable
+   * admin (admin@objectos.ai / admin123 by default) so backend debugging
+   * never blocks on a first-run sign-up wizard. The account is created
+   * through better-auth's real server-side `signUpEmail` pipeline (hashed
+   * credential + the same hooks the HTTP endpoint runs), so it is fully
+   * loginable; plugin-security's first-user middleware then promotes it to
+   * platform admin automatically.
+   *
+   * This replaces two earlier, divergent seeds:
+   *   • the CLI-side HTTP seed (`os dev`), which POSTed the public sign-up
+   *     endpoint from the parent process — racing server readiness and
+   *     targeting a hard-coded port that broke under dev port auto-shift; and
+   *   • plugin-dev's raw `sys_user` insert, which produced a credential-less,
+   *     un-loginable row.
+   * Running it in-process needs no port and no readiness polling.
+   *
+   * Idempotent and non-destructive: it only ever acts on a zero-user DB and
+   * never touches an existing account, so a custom password is never
+   * overwritten.
+   *
+   * HARD-GATED to development (NODE_ENV==='development'): a known-credential
+   * admin can never be provisioned in production. Opt out within dev via
+   * OS_SEED_ADMIN=0 (or false/off/no).
+   */
+  async maybeSeedDevAdmin(ctx) {
+    if (process.env.NODE_ENV !== "development") return;
+    const flag = String(process.env.OS_SEED_ADMIN ?? "").trim().toLowerCase();
+    if (["0", "false", "off", "no"].includes(flag)) return;
+    const email = process.env.OS_SEED_ADMIN_EMAIL?.trim() || "admin@objectos.ai";
+    const password = process.env.OS_SEED_ADMIN_PASSWORD?.trim() || "admin123";
+    const name = process.env.OS_SEED_ADMIN_NAME?.trim() || "Dev Admin";
+    let ql;
+    try {
+      ql = ctx.getService("objectql");
+    } catch {
+    }
+    if (!ql || typeof ql.find !== "function") return;
+    try {
+      const rows = await ql.find(import_system3.SystemObjectName.USER, { where: {}, limit: 50 }, { context: { isSystem: true } }).catch(() => []);
+      const humans = (Array.isArray(rows) ? rows : []).filter((u) => u && u.id !== import_system3.SystemUserId.SYSTEM && u.role !== "system");
+      if (humans.length > 0) {
+        ctx.logger.debug("[auth] dev admin seed skipped \u2014 a user already exists");
+        return;
+      }
+      if (!this.authManager) return;
+      const api = await this.authManager.getApi();
+      if (typeof api?.signUpEmail !== "function") {
+        ctx.logger.warn("[auth] dev admin seed skipped \u2014 signUpEmail unavailable");
+        return;
+      }
+      await api.signUpEmail({ body: { email, password, name } });
+      ctx.logger.info(`\u{1F511} Dev admin seeded: ${email} / ${password}`);
+      this.authManager.devSeedResult = { email, password };
+    } catch (err) {
+      ctx.logger.warn(`[auth] dev admin seed skipped: ${err?.message ?? err}`);
+    }
+  }
   /**
    * Register authentication routes with HTTP server
    *