@rblez/authly 0.1.0

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@rblez/authly",
+  "version": "0.1.0",
+  "description": "Local auth dashboard for Next.js + Supabase",
+  "type": "module",
+  "bin": {
+    "authly": "./bin/authly.js"
+  },
+  "scripts": {
+    "dev": "node bin/authly.js serve",
+    "lint": "prettier --check src/",
+    "format": "prettier --write src/"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "bin/",
+    "src/",
+    "dist/"
+  ],
+  "dependencies": {
+    "@hono/node-server": "^1.19.12",
+    "@modelcontextprotocol/sdk": "^1.29.0",
+    "@supabase/supabase-js": "^2.101.1",
+    "bcryptjs": "^2.4.3",
+    "chalk": "^5.6.2",
+    "hono": "^4.12.10",
+    "jose": "^6.2.2",
+    "ora": "^9.3.0",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "prettier": "^3.8.1"
+  },
+  "keywords": [
+    "auth",
+    "supabase",
+    "nextjs",
+    "dashboard"
+  ],
+  "license": "MIT",
+  "author": "rblez <rblez@proton.me>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/rblez/authly.git"
+  }
+}

package/src/auth/index.js

@@ -0,0 +1,134 @@
+/**
+ * Authly SDK — unified auth interface.
+ *
+ * signIn / signUp / signOut / getProviders / getDashboardConfig
+ */
+
+import bcrypt from "bcryptjs";
+import { getSupabaseClient } from "../lib/supabase.js";
+import { createSessionToken, verifySessionToken } from "../lib/jwt.js";
+import { buildAuthorizeUrl, exchangeTokens, upsertUser, authWithProvider, listProviderStatus } from "../lib/oauth.js";
+
+// ── Password auth ────────────────────────────────────
+
+/**
+ * Register a new user with email + password.
+ * Creates user in authly_users, hashes password with bcrypt.
+ */
+export async function signUp({ email, password, name = "" }) {
+  const { client, errors } = getSupabaseClient();
+  if (!client) return { user: null, error: errors.join(", ") };
+
+  if (!email || !password || password.length < 8) {
+    return { user: null, error: "Email and password (min 8 chars) are required" };
+  }
+
+  // Check if user exists
+  const { data: existing } = await client
+    .from("authly_users")
+    .select("id")
+    .eq("email", email.toLowerCase())
+    .single();
+
+  if (existing) {
+    return { user: null, error: "An account with this email already exists" };
+  }
+
+  const passwordHash = await bcrypt.hash(password, 12);
+
+  const { data, error } = await client
+    .from("authly_users")
+    .insert({ email: email.toLowerCase(), password_hash: passwordHash, name })
+    .select("id, email, name, created_at")
+    .single();
+
+  if (error) return { user: null, error: error.message };
+
+  const token = await createSessionToken({ sub: data.id, role: "user" });
+  return { user: data, token, error: null };
+}
+
+/**
+ * Sign in with email + password.
+ */
+export async function signIn({ email, password }) {
+  const { client, errors } = getSupabaseClient();
+  if (!client) return { user: null, error: errors.join(", ") };
+
+  const { data, error } = await client
+    .from("authly_users")
+    .select("id, email, name, password_hash, email_verified")
+    .eq("email", email.toLowerCase())
+    .single();
+
+  if (error || !data) {
+    return { user: null, error: "Invalid email or password" };
+  }
+
+  if (!data.password_hash) {
+    return { user: null, error: "This account uses OAuth login. Sign in with your provider." };
+  }
+
+  const valid = await bcrypt.compare(password, data.password_hash);
+  if (!valid) {
+    return { user: null, error: "Invalid email or password" };
+  }
+
+  const token = await createSessionToken({ sub: data.id, role: "user" });
+  const { id, email: userEmail, name, email_verified: emailVerified } = data;
+  return {
+    user: { id, email: userEmail, name, emailVerified },
+    token,
+    error: null,
+  };
+}
+
+/**
+ * Sign out (invalidate session — token-based so no-op server-side).
+ */
+export function signOut() {
+  return { success: true };
+}
+
+/**
+ * Verify an existing session token.
+ */
+export async function getSession(token) {
+  if (!token) return { session: null, error: "No token provided" };
+  const session = await verifySessionToken(token);
+  if (!session) return { session: null, error: "Invalid or expired token" };
+  return { session, error: null };
+}
+
+// ── Provider management ──────────────────────────────
+
+/**
+ * Get list of all available auth providers and their enabled status.
+ */
+export function getProviders() {
+  return listProviderStatus();
+}
+
+/**
+ * Build authorization URL for a provider.
+ */
+export function getProviderUrl({ provider, redirectUri, state, scope }) {
+  try {
+    return buildAuthorizeUrl({ provider, redirectUri, state, scope });
+  } catch (e) {
+    return { error: e.message };
+  }
+}
+
+/**
+ * Handle OAuth callback — exchange code, upsert user, create session.
+ */
+export async function handleOAuthCallback({ provider, code, redirectUri }) {
+  try {
+    const user = await authWithProvider({ provider, code, redirectUri });
+    const token = await createSessionToken({ sub: user.userId, role: "user" });
+    return { user, token, error: null };
+  } catch (e) {
+    return { user: null, token: null, error: e.message };
+  }
+}

package/src/commands/audit.js

@@ -0,0 +1,82 @@
+import fs from "node:fs";
+import chalk from "chalk";
+import ora from "ora";
+import { detectFramework } from "../lib/framework.js";
+
+export async function cmdAudit() {
+  console.log(chalk.bold("\n  Authly Audit\n"));
+
+  let issues = [];
+
+  // Check 1: Project detection
+  const fw = detectFramework();
+  if (fw) {
+    console.log(`${chalk.green("✔")} Project detected: ${chalk.cyan(fw.name)}`);
+  } else {
+    issues.push("No recognizable project framework found");
+    console.log(`${chalk.red("✘")} No project framework detected`);
+  }
+
+  // Check 2: .env.local
+  if (fs.existsSync(".env.local")) {
+    console.log(`${chalk.green("✔")} .env.local exists`);
+    const envContent = fs.readFileSync(".env.local", "utf-8");
+    const vars = [
+      "SUPABASE_URL",
+      "SUPABASE_ANON_KEY",
+      "SUPABASE_SERVICE_ROLE_KEY",
+      "AUTHLY_SECRET",
+    ];
+    for (const v of vars) {
+      if (envContent.includes(v)) {
+        const val = envContent.split(v)[1]?.split("=")[1]?.trim();
+        if (val && val !== '""' && val !== "''") {
+          console.log(`  ${chalk.green("✔")} ${v} is set`);
+        } else {
+          issues.push(`${v} is empty`);
+          console.log(`  ${chalk.red("✘")} ${v} is empty`);
+        }
+      }
+    }
+  } else {
+    issues.push(".env.local not found — run `npx @rblez/authly init`");
+    console.log(`${chalk.red("✘")} .env.local not found`);
+  }
+
+  // Check 3: authly.config.json
+  if (fs.existsSync("authly.config.json")) {
+    console.log(`${chalk.green("✔")} authly.config.json exists`);
+    try {
+      JSON.parse(fs.readFileSync("authly.config.json", "utf-8"));
+      console.log(`${chalk.green("✔")} authly.config.json is valid JSON`);
+    } catch {
+      issues.push("authly.config.json contains invalid JSON");
+      console.log(`${chalk.red("✘")} authly.config.json is invalid JSON`);
+    }
+  } else {
+    issues.push("authly.config.json not found");
+    console.log(`${chalk.red("✘")} authly.config.json not found`);
+  }
+
+  // Check 4: Middleware
+  const middlewarePath = "middleware.ts";
+  const middlewarePath2 = "middleware.tsx";
+  if (fs.existsSync(middlewarePath) || fs.existsSync(middlewarePath2)) {
+    console.log(`${chalk.green("✔")} Next.js middleware exists`);
+  } else {
+    issues.push("Next.js middleware not found");
+    console.log(`${chalk.yellow("•")} Next.js middleware not found (optional)`);
+  }
+
+  // Summary
+  console.log();
+  if (issues.length === 0) {
+    console.log(chalk.green.bold("  All checks passed — your auth configuration looks good\n"));
+  } else {
+    console.log(chalk.red.bold(`  ${issues.length} issue(s) found:\n`));
+    for (const issue of issues) {
+      console.log(`  ${chalk.red("•")} ${issue}`);
+    }
+    console.log();
+  }
+}

package/src/commands/init.js

@@ -0,0 +1,67 @@
+import fs from "node:fs";
+import path from "node:path";
+import chalk from "chalk";
+import ora from "ora";
+import { detectFramework } from "../lib/framework.js";
+import { generateEnv } from "../generators/env.js";
+
+export async function cmdInit() {
+  console.log(chalk.bold("\n  Authly Init\n"));
+
+  // Detect framework
+  const framework = detectFramework();
+  if (!framework) {
+    console.log(chalk.yellow("  No Next.js project detected. Run authly init from your Next.js project root.\n"));
+    process.exit(1);
+  }
+  console.log(`${chalk.green("✔")} Detected framework: ${chalk.cyan(framework.name)}`);
+
+  // Check for existing config
+  const hasEnv = fs.existsSync(".env.local");
+  const hasAuthlyConfig = fs.existsSync("authly.config.json");
+
+  if (hasEnv) {
+    console.log(`${chalk.yellow("•")} .env.local already exists`);
+  }
+  if (hasAuthlyConfig) {
+    console.log(`${chalk.yellow("•")} authly.config.json already exists`);
+  }
+
+  // Generate .env.local template
+  const spinner = ora("Generating .env.local").start();
+  const envPath = path.join(process.cwd(), ".env.local");
+
+  if (!hasEnv) {
+    await generateEnv(envPath);
+    spinner.succeed("Generated .env.local with authly variables");
+  } else {
+    spinner.info(".env.local already exists, skipping");
+  }
+
+  // Generate authly config
+  const configSpinner = ora("Creating authly.config.json").start();
+  if (!hasAuthlyConfig) {
+    const config = {
+      $schema: "https://raw.githubusercontent.com/rblez/authly/main/schema/config.json",
+      framework,
+      port: 1284,
+      supabase: {
+        url: "",
+        anonKey: "",
+        serviceRoleKey: "",
+      },
+      providers: {},
+      roles: ["admin", "user", "guest"],
+    };
+    fs.writeFileSync(envPath ? ".env.local" : ".env.local", "", { flag: "a" });
+    fs.writeFileSync(
+      "authly.config.json",
+      JSON.stringify(config, null, 2) + "\n",
+    );
+    configSpinner.succeed("Created authly.config.json");
+  } else {
+    configSpinner.info("authly.config.json already exists");
+  }
+
+  console.log(chalk.dim("\n  Next: run `npx @rblez/authly serve` to start the dashboard\n"));
+}