@qwickapps/server 1.8.2 → 1.9.0

package/dist-ui/index.html

@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Control Panel</title>
-    <script type="module" crossorigin src="/assets/index-Cez_jyhl.js"></script>
+    <script type="module" crossorigin src="/assets/index-DnEQCOGR.js"></script>
     <link rel="stylesheet" crossorigin href="/assets/index-De-dCl_t.css">
   </head>
   <body>

package/package.json

@@ -1,7 +1,8 @@
 {
   "name": "@qwickapps/server",
-  "version": "1.8.2",
+  "version": "1.9.0",
   "description": "Plugin-based application server framework for building websites, APIs, admin dashboards, and full-stack products",
+  "type": "module",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
   "exports": {
@@ -29,6 +30,29 @@
     "ui",
     "CHANGELOG.md"
   ],
+  "scripts": {
+    "build": "npm run build:ui-lib && npm run build:server && npm run build:ui",
+    "build:server": "tsc",
+    "build:ui": "cd ui && vite build",
+    "build:ui-lib": "cd ui && vite build --config vite.lib.config.ts && tsc -p tsconfig.lib.json",
+    "build:clean": "rm -rf dist dist-ui dist-ui-lib && npm run build",
+    "dev": "tsc --watch",
+    "dev:ui": "cd ui && vite",
+    "clean": "rm -rf dist dist-ui dist-ui-lib node_modules",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:e2e": "playwright test",
+    "test:e2e:ui": "playwright test --ui",
+    "test:e2e:headed": "playwright test --headed",
+    "demo": "npm run build:server && pnpm tsx examples/demo-server.ts",
+    "demo:gateway": "npm run build:server && pnpm tsx examples/demo-gateway.ts",
+    "demo:all": "npm run build:server && pnpm tsx examples/demo-all.ts",
+    "type-check": "tsc --noEmit",
+    "type-check:ui": "cd ui && tsc --noEmit",
+    "validate:clean-install": "./qa/clean-install/validate.sh",
+    "prepublishOnly": "npm run test && npm run build && npm run validate:clean-install"
+  },
   "dependencies": {
     "@qwickapps/logging": "^1.0.2",
     "compression": "^1.7.4",
@@ -120,27 +144,5 @@
   "homepage": "https://github.com/qwickapps/server#readme",
   "publishConfig": {
     "access": "public"
-  },
-  "scripts": {
-    "build": "npm run build:ui-lib && npm run build:server && npm run build:ui",
-    "build:server": "tsc",
-    "build:ui": "cd ui && vite build",
-    "build:ui-lib": "cd ui && vite build --config vite.lib.config.ts && tsc -p tsconfig.lib.json",
-    "build:clean": "rm -rf dist dist-ui dist-ui-lib && npm run build",
-    "dev": "tsc --watch",
-    "dev:ui": "cd ui && vite",
-    "clean": "rm -rf dist dist-ui dist-ui-lib node_modules",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "test:e2e": "playwright test",
-    "test:e2e:ui": "playwright test --ui",
-    "test:e2e:headed": "playwright test --headed",
-    "demo": "npm run build:server && pnpm tsx examples/demo-server.ts",
-    "demo:gateway": "npm run build:server && pnpm tsx examples/demo-gateway.ts",
-    "demo:all": "npm run build:server && pnpm tsx examples/demo-all.ts",
-    "type-check": "tsc --noEmit",
-    "type-check:ui": "cd ui && tsc --noEmit",
-    "validate:clean-install": "./qa/clean-install/validate.sh"
   }
-}
+}

package/src/plugins/auth/adapters/supertokens-adapter.ts

@@ -47,14 +47,12 @@ export function supertokensAdapter(config: SupertokensAdapterConfig): AuthAdapte
         // Store response on request for later use in getUser()
         (req as SupertokensExtendedRequest)[REQUEST_RES_KEY] = res;
 
-        // Skip if already initialized with error
+        // Skip if already initialized with error — let auth-checking middleware
+        // decide whether to block the request based on authRequired config.
+        // Returning 500 here blocks ALL routes (including /auth/config/status)
+        // even when authRequired is false.
         if (initializationError) {
-          return res.status(500).json({
-            error: 'Auth Configuration Error',
-            message:
-              'Supertokens is not properly configured. Install supertokens-node package: npm install supertokens-node',
-            details: initializationError.message,
-          });
+          return next();
         }
 
         // Lazy initialize Supertokens
@@ -163,12 +161,10 @@ export function supertokensAdapter(config: SupertokensAdapterConfig): AuthAdapte
             initializationError =
               error instanceof Error ? error : new Error('Failed to initialize Supertokens');
             console.error('[SupertokensAdapter] Initialization error:', error);
-            return res.status(500).json({
-              error: 'Auth Configuration Error',
-              message:
-                'Supertokens is not properly configured. Install supertokens-node package: npm install supertokens-node',
-              details: initializationError.message,
-            });
+            // Let the auth-checking middleware decide whether to block this request.
+            // Non-auth routes (e.g. /auth/config/status) must remain accessible
+            // so the UI can display the configuration error state.
+            return next();
           }
         }
 

package/src/plugins/auth/auth-plugin.ts

@@ -73,13 +73,14 @@ export function createAuthPlugin(config: AuthPluginConfig): Plugin {
         }
       }
 
-      // Register SuperTokens middleware on router for /auth/* paths
-      // This ensures Gateway forwards ALL /api/auth/* requests to control panel
-      // where SuperTokens can handle them dynamically
+      // Register SuperTokens middleware on router for auth paths
+      // Uses config.apiBasePath so Gateway forwards requests to the correct path
+      // e.g. SUPERTOKENS_API_BASE_PATH=/qapi/auth → router.use('/qapi/auth', ...)
+      const authBasePath = config.apiBasePath ?? '/auth';
       if (Array.isArray(primaryMiddleware)) {
-        router.use('/auth', ...primaryMiddleware);
+        router.use(authBasePath, ...primaryMiddleware);
       } else {
-        router.use('/auth', primaryMiddleware);
+        router.use(authBasePath, primaryMiddleware);
       }
 
       // Add the auth checking middleware to router (not app)

package/src/plugins/auth/env-config.ts

@@ -402,6 +402,7 @@ export function createAuthPluginFromEnv(options?: AuthEnvPluginOptions): Plugin
     excludePaths,
     authRequired,
     debug,
+    apiBasePath: getEnv('SUPERTOKENS_API_BASE_PATH') ?? getEnv('AUTH_API_BASE_PATH'),
     onUnauthorized: options?.onUnauthorized,
     onAuthenticated: options?.onAuthenticated,
   };

package/src/plugins/auth/types.ts

@@ -180,6 +180,8 @@ export interface AuthPluginConfig {
   excludePaths?: string[];
   /** Whether auth is required for all routes (default: true) */
   authRequired?: boolean;
+  /** API base path for auth routes registered on the Express router (default: '/auth') */
+  apiBasePath?: string;
   /** Custom unauthorized handler */
   onUnauthorized?: (req: Request, res: Response) => void;
   /**

package/src/plugins/maintenance/seed-executor.ts

@@ -106,11 +106,12 @@ export class SeedExecutor {
     this.outputSize = 0;
 
     return new Promise((resolvePromise, rejectPromise) => {
-      // Determine if we need tsx (for .ts/.mts files that import TS modules)
-      // Use tsx for .mjs files too since they might import from TS source
-      const needsTsx = scriptPath.match(/\.(mjs|ts|mts)$/);
+      // .ts/.mts files require tsx for TypeScript compilation.
+      // .mjs files are native ESM and run directly with node — tsx is not
+      // available in the system PATH in Docker production builds.
+      const needsTsx = scriptPath.match(/\.(ts|mts)$/);
       const execCommand = needsTsx ? 'tsx' : process.execPath;
-      const execArgs = needsTsx ? [scriptPath] : [scriptPath];
+      const execArgs = [scriptPath];
 
       // Spawn process with TypeScript support if needed
       this.child = spawn(execCommand, execArgs, {

package/src/plugins/maintenance-plugin.ts

@@ -416,6 +416,8 @@ export function createMaintenancePlugin(config: MaintenancePluginConfig = {}): P
               } catch (error) {
                 logger.error('Seed execution failed', { name, error });
 
+                const duration = Date.now() - startTime;
+
                 // Send error event via SSE to notify client
                 res.write(`data: ${JSON.stringify({
                   type: 'error',
@@ -423,6 +425,13 @@ export function createMaintenancePlugin(config: MaintenancePluginConfig = {}): P
                   timestamp: new Date().toISOString()
                 })}\n\n`);
 
+                // Send exit event so the UI can transition out of the "Running..." state
+                res.write(`data: ${JSON.stringify({
+                  type: 'exit',
+                  data: JSON.stringify({ exitCode: 1, duration }),
+                  timestamp: new Date().toISOString()
+                })}\n\n`);
+
                 // Update execution record as failed
                 if (hasPostgres() && executionId) {
                   const db = getPostgres();
@@ -476,16 +485,31 @@ export function createMaintenancePlugin(config: MaintenancePluginConfig = {}): P
 
               const db = getPostgres();
 
+              // Derive the DB role from the connection URL so GRANT statements
+              // work regardless of which user owns the schema.
+              let dbRole = 'qwickapps';
+              if (config.databaseUrl) {
+                try {
+                  const parsedUrl = new URL(config.databaseUrl);
+                  const urlUser = parsedUrl.username;
+                  if (urlUser && /^[a-zA-Z_][a-zA-Z0-9_]*$/.test(urlUser)) {
+                    dbRole = urlUser;
+                  }
+                } catch {
+                  // Keep default if URL is unparseable
+                }
+              }
+
               // Drop and recreate public schema (removes all tables, data, etc.)
               await db.queryRaw('DROP SCHEMA IF EXISTS public CASCADE');
               await db.queryRaw('CREATE SCHEMA public');
               await db.queryRaw('GRANT ALL ON SCHEMA public TO public');
               await db.queryRaw('GRANT ALL ON SCHEMA public TO postgres');
-              await db.queryRaw('GRANT ALL ON SCHEMA public TO qwickapps');
+              await db.queryRaw(`GRANT ALL ON SCHEMA public TO ${dbRole}`);
 
               // Grant default privileges for future tables and sequences
-              await db.queryRaw('ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO qwickapps');
-              await db.queryRaw('ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO qwickapps');
+              await db.queryRaw(`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO ${dbRole}`);
+              await db.queryRaw(`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO ${dbRole}`);
 
               res.json({
                 success: true,

package/ui/src/dashboard/widgets/AuthStatusWidget.tsx

@@ -12,14 +12,9 @@ import { Box, Typography, Chip, CircularProgress, Alert } from '@mui/material';
 import CheckCircleIcon from '@mui/icons-material/CheckCircle';
 import ErrorIcon from '@mui/icons-material/Error';
 import BlockIcon from '@mui/icons-material/Block';
-import { api } from '../../api/controlPanelApi';
+import { api, type AuthConfigStatus } from '../../api/controlPanelApi';
 
-interface AuthStatus {
-  state: 'enabled' | 'disabled' | 'error';
-  adapter: string | null;
-  error?: string;
-  missingVars?: string[];
-}
+type AuthStatus = AuthConfigStatus;
 
 const adapterLabels: Record<string, string> = {
   supertokens: 'SuperTokens',
@@ -36,7 +31,7 @@ export function AuthStatusWidget() {
   useEffect(() => {
     const fetchStatus = async () => {
       try {
-        const data = await api.fetch<AuthStatus>('/auth/config/status');
+        const data = await api.getAuthConfigStatus();
         setStatus(data);
       } catch (err) {
         setError(err instanceof Error ? err.message : 'Failed to fetch auth status');