@rebasepro/server-core 0.0.1-canary.f81da60 → 0.1.2

package/src/auth/index.ts

@@ -9,6 +9,7 @@ export type { PasswordValidationResult } from "./password";
 
 // OAuth Providers
 export { createGoogleProvider } from "./google-oauth";
+export type { GoogleProviderConfig } from "./google-oauth";
 export { createLinkedinProvider } from "./linkedin-oauth";
 export { createGitHubProvider } from "./github-oauth";
 export { createMicrosoftProvider } from "./microsoft-oauth";

package/src/auth/routes.ts

@@ -233,8 +233,16 @@ export function createAuthRoutes(config: AuthModuleConfig): Hono<HonoEnv> {
             displayName: displayName || undefined
         });
 
-        // Assign configured default role (never auto-assign admin via registration)
-        if (config.defaultRole) {
+        // Auto-bootstrap: if this is the very first user in the system, promote to admin.
+        // This avoids the chicken-and-egg problem where the first user has no permissions
+        // and no way to access the bootstrap endpoint from the UI.
+        const existingUsers = await authRepo.listUsers();
+        const isFirstUser = existingUsers.length === 1 && existingUsers[0].id === user.id;
+
+        if (isFirstUser) {
+            await authRepo.setUserRoles(user.id, ["admin"]);
+        } else if (config.defaultRole) {
+            // Assign configured default role (never auto-assign admin via registration)
             await authRepo.assignDefaultRole(user.id, config.defaultRole);
         }
 
@@ -289,7 +297,13 @@ displayName: user.displayName });
             router.post(`/${provider.id}`, defaultAuthLimiter, async (c) => {
                 const payload = parseBody(provider.schema, await c.req.json());
 
-                const externalUser = await provider.verify(payload);
+                let externalUser;
+                try {
+                    externalUser = await provider.verify(payload);
+                } catch (err: unknown) {
+                    const msg = err instanceof Error ? err.message : String(err);
+                    throw ApiError.unauthorized(`${provider.id} login failed: ${msg}`, "OAUTH_ERROR");
+                }
                 if (!externalUser) {
                     throw ApiError.unauthorized(`Invalid ${provider.id} credentials`, "INVALID_TOKEN");
                 }
@@ -320,8 +334,14 @@ displayName: user.displayName });
 
                         await authRepo.linkUserIdentity(user.id, provider.id, externalUser.providerId, { email: externalUser.email });
 
-                        // Assign configured default role (never auto-assign admin via registration)
-                        if (config.defaultRole) {
+                        // Auto-bootstrap: first user in the system gets admin
+                        const allUsers = await authRepo.listUsers();
+                        const isFirstUser = allUsers.length === 1 && allUsers[0].id === user.id;
+
+                        if (isFirstUser) {
+                            await authRepo.setUserRoles(user.id, ["admin"]);
+                        } else if (config.defaultRole) {
+                            // Assign configured default role (never auto-assign admin via registration)
                             await authRepo.assignDefaultRole(user.id, config.defaultRole);
                         }
 

package/src/collections/loader.ts

@@ -26,9 +26,9 @@ export async function loadCollectionsFromDirectory(directory: string): Promise<E
                 try {
                     const fileUrl = pathToFileURL(filePath).href;
 
-                    // Use new Function to compile dynamic import natively and bypass tsc converting import() to require()
-                    const dynamicImport = new Function("url", "return import(url)");
-                    const module = await dynamicImport(fileUrl);
+                    // Use standard import() so that tsx/loader hooks can
+                    // resolve .ts files and workspace bare-specifiers.
+                    const module = await import(fileUrl);
 
                     // Expect the collection to be the default export
                     if (module && module.default) {

package/src/init.ts

@@ -43,7 +43,7 @@ export interface RebaseAuthConfig {
      */
     serviceKey?: string;
     email?: EmailConfig;
-    google?: { clientId: string };
+    google?: { clientId: string; clientSecret?: string };
     linkedin?: { clientId: string; clientSecret: string };
     github?: { clientId: string; clientSecret: string };
     microsoft?: { clientId: string; clientSecret: string; tenantId?: string };
@@ -355,7 +355,7 @@ collectionRegistry });
 
         if (config.auth.google?.clientId) {
             const { createGoogleProvider } = await import("./auth");
-            oauthProviders.push(createGoogleProvider(config.auth.google.clientId));
+            oauthProviders.push(createGoogleProvider(config.auth.google));
         }
 
         if (config.auth.linkedin?.clientId && config.auth.linkedin?.clientSecret) {
@@ -582,6 +582,18 @@ collectionRegistry });
     _initRebase(serverClient);
     logger.info("Rebase singleton initialized");
 
+    // Retroactively inject the server client into the driver so that
+    // entity callbacks receive `context.client` at runtime.
+    // The driver is created before the client (which depends on the mounted
+    // Hono app), so we set it here, mirroring the historyService injection above.
+    if (defaultDriverResult.internals) {
+        const internals = defaultDriverResult.internals as Record<string, unknown>;
+        const driver = internals.driver as Record<string, unknown> | undefined;
+        if (driver && "client" in driver) {
+            driver.client = serverClient;
+        }
+    }
+
     // 5. Mount Custom Functions
     if (config.functionsDir) {
         const { loadFunctionsFromDirectory } = await import("./functions/function-loader");

package/history_diff.log

@@ -1,385 +0,0 @@
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: null
-PREVIOUS: {
-  "title": "same"
-}
-NEW:      {
-  "title": "same"
-}
-
-[recordHistory: posts/1 - update]
-CHANGED FIELDS: ["title","tags"]
-PREVIOUS: {
-  "title": "old",
-  "tags": [
-    {
-      "id": 1
-    }
-  ]
-}
-NEW:      {
-  "title": "new",
-  "tags": [
-    {
-      "id": 2
-    }
-  ]
-}
-
-[recordHistory: posts/1 - create]
-CHANGED FIELDS: null
-PREVIOUS: undefined
-NEW:      {
-  "title": "new"
-}
-

package/scratch.ts

@@ -1,9 +0,0 @@
-import { Hono } from "hono";
-const app = new Hono();
-const child = new Hono();
-child.get("/*", (c) => {
-  return c.json({ star: c.req.param("*"),
-path: c.req.path });
-})
-app.route("/api", child);
-app.request(new Request("http://localhost/api/users/1/posts")).then(r => r.json()).then(console.log);

package/test-ast.ts

@@ -1,28 +0,0 @@
-import { AstSchemaEditor } from "./src/api/ast-schema-editor";
-import * as fs from "fs";
-
-const collectionsDir = __dirname + "/collections-test";
-fs.mkdirSync(collectionsDir, { recursive: true });
-fs.writeFileSync(collectionsDir + "/users.ts", `
-export default {
-    name: "Users",
-    slug: "users",
-    properties: {},
-    securityRules: [
-        { name: "test", operation: "read", mode: "permissive", roles: ["public"] }
-    ]
-};
-`);
-
-async function main() {
-  const editor = new AstSchemaEditor(collectionsDir);
-  await editor.saveCollection("users", {
-    name: "Users",
-    slug: "users",
-    properties: {},
-    securityRules: []
-  });
-  console.log("AFTER SAVE:", fs.readFileSync(collectionsDir + "/users.ts", "utf8"));
-}
-
-main().catch(console.error);