ante-erp-cli 1.11.41 → 1.11.43

package/bin/ante-cli.js

@@ -245,9 +245,9 @@ dbCmd
   .option('--redis', 'Expose only Redis')
   .option('--mongodb', 'Expose only MongoDB')
   .option('--all', 'Expose all databases (default)', true)
-  .option('--postgres-port <port>', 'Custom host port for PostgreSQL (default: random)')
-  .option('--redis-port <port>', 'Custom host port for Redis (default: random)')
-  .option('--mongodb-port <port>', 'Custom host port for MongoDB (default: random)')
+  .option('--postgres-port <port>', 'Custom host port for PostgreSQL (default: 64541)')
+  .option('--redis-port <port>', 'Custom host port for Redis (default: 61066)')
+  .option('--mongodb-port <port>', 'Custom host port for MongoDB (default: 50167)')
   .option('--force', 'Skip confirmation prompts')
   .option('--no-restart', 'Don\'t restart services automatically')
   .action(exposeDbPorts);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ante-erp-cli",
-  "version": "1.11.41",
+  "version": "1.11.43",
   "description": "Comprehensive CLI tool for managing ANTE ERP self-hosted installations",
   "type": "module",
   "bin": {

package/src/commands/database-ports.js

@@ -80,15 +80,15 @@ function displaySecurityWarning() {
  * Display database exposure information
  */
 function displayExposureInfo(databases) {
-  console.log(chalk.cyan('This will expose the following ports:'));
+  console.log(chalk.cyan('This will expose the following databases with default ports:'));
   databases.forEach((db) => {
     const dbInfo = {
-      postgres: { name: 'PostgreSQL', port: 5432 },
-      redis: { name: 'Redis', port: 6379 },
-      mongodb: { name: 'MongoDB', port: 27017 },
+      postgres: { name: 'PostgreSQL', port: 64541 },
+      redis: { name: 'Redis', port: 61066 },
+      mongodb: { name: 'MongoDB', port: 50167 },
     };
     if (dbInfo[db]) {
-      console.log(chalk.cyan(`  • ${dbInfo[db].name}: ${dbInfo[db].port}`));
+      console.log(chalk.cyan(`  • ${dbInfo[db].name}: Host Port ${dbInfo[db].port}`));
     }
   });
   console.log();

package/src/commands/update.js

@@ -8,6 +8,7 @@ import { pullImagesSilent, stopServicesSilent, startServicesSilent, waitForServi
 import { backup } from './backup.js';
 import { getCurrentVersion, getLatestVersion } from './update-cli.js';
 import { generateDockerCompose } from '../templates/docker-compose.yml.js';
+import { generateSecurePassword } from '../utils/password.js';
 
 /**
  * Check if gate-app, guardian-app, facial-web, or pos-app is installed by checking docker-compose.yml
@@ -236,6 +237,83 @@ COMPANY_ID=1
   writeFileSync(envFile, envContent);
 }
 
+/**
+ * Ensure customer app JWT configuration exists in .env file
+ * @param {string} envFile - Path to .env file
+ */
+function ensureCustomerAppJwtConfig(envFile) {
+  let envContent = readFileSync(envFile, 'utf8');
+  let modified = false;
+
+  // Check if CUSTOMER_APP_JWT_SECRET exists
+  if (!envContent.includes('CUSTOMER_APP_JWT_SECRET=')) {
+    console.log('⚙️  Adding missing CUSTOMER_APP_JWT_SECRET...');
+
+    // Generate new secret
+    const customerAppJwtSecret = generateSecurePassword(64);
+
+    // Find the ENCRYPTION_KEY line and add after it
+    if (envContent.includes('ENCRYPTION_KEY=')) {
+      envContent = envContent.replace(
+        /(ENCRYPTION_KEY=.*\n)/,
+        `$1\n# Customer App JWT Configuration\nCUSTOMER_APP_JWT_SECRET=${customerAppJwtSecret}\n`
+      );
+    } else {
+      // Fallback: add to security keys section or end of file
+      envContent += `\n# Customer App JWT Configuration\nCUSTOMER_APP_JWT_SECRET=${customerAppJwtSecret}\n`;
+    }
+    modified = true;
+  }
+
+  // Check if CUSTOMER_APP_JWT_EXPIRY exists
+  if (!envContent.includes('CUSTOMER_APP_JWT_EXPIRY=')) {
+    console.log('⚙️  Adding CUSTOMER_APP_JWT_EXPIRY...');
+    envContent = envContent.replace(
+      /(CUSTOMER_APP_JWT_SECRET=.*\n)/,
+      `$1CUSTOMER_APP_JWT_EXPIRY=1y\n`
+    );
+    modified = true;
+  } else {
+    // Update old expiry value (15m -> 1y)
+    if (envContent.includes('CUSTOMER_APP_JWT_EXPIRY=15m')) {
+      console.log('⚙️  Updating CUSTOMER_APP_JWT_EXPIRY from 15m to 1y...');
+      envContent = envContent.replace(
+        /CUSTOMER_APP_JWT_EXPIRY=15m/,
+        'CUSTOMER_APP_JWT_EXPIRY=1y'
+      );
+      modified = true;
+    }
+  }
+
+  // Check if CUSTOMER_APP_REFRESH_TOKEN_EXPIRY exists
+  if (!envContent.includes('CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=')) {
+    console.log('⚙️  Adding CUSTOMER_APP_REFRESH_TOKEN_EXPIRY...');
+    envContent = envContent.replace(
+      /(CUSTOMER_APP_JWT_EXPIRY=.*\n)/,
+      `$1CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=1y\n`
+    );
+    modified = true;
+  } else {
+    // Update old expiry value (30d -> 1y)
+    if (envContent.includes('CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=30d')) {
+      console.log('⚙️  Updating CUSTOMER_APP_REFRESH_TOKEN_EXPIRY from 30d to 1y...');
+      envContent = envContent.replace(
+        /CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=30d/,
+        'CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=1y'
+      );
+      modified = true;
+    }
+  }
+
+  // Write back if modified
+  if (modified) {
+    writeFileSync(envFile, envContent);
+    console.log('✅ Customer app JWT configuration updated');
+  }
+
+  return modified;
+}
+
 /**
  * Format step title with numbering
  * @param {number} step - Current step number
@@ -298,6 +376,10 @@ export async function update(options) {
     // POS App health check removed - not required
     if (!options.skipCleanup) totalSteps++; // Cleanup step
 
+    // Ensure customer app JWT configuration exists (run before tasks)
+    console.log(chalk.gray('Checking customer app JWT configuration...'));
+    ensureCustomerAppJwtConfig(envFile);
+
     // Pre-calculate step numbers for each task (fixes step numbering bug)
     let currentStep = 0;
     const stepPreStart = !options.skipBackup ? ++currentStep : null;

package/src/templates/docker-compose.yml.js

@@ -134,6 +134,9 @@ services:
       JWT_EXPIRATION: \${JWT_EXPIRATION:-24h}
       DEVELOPER_KEY: \${DEVELOPER_KEY}
       ENCRYPTION_KEY: \${ENCRYPTION_KEY}
+      CUSTOMER_APP_JWT_SECRET: \${CUSTOMER_APP_JWT_SECRET}
+      CUSTOMER_APP_JWT_EXPIRY: \${CUSTOMER_APP_JWT_EXPIRY:-1y}
+      CUSTOMER_APP_REFRESH_TOKEN_EXPIRY: \${CUSTOMER_APP_REFRESH_TOKEN_EXPIRY:-1y}
       FRONTEND_URL: \${FRONTEND_URL:-http://localhost:${frontendPort}}
       API_URL: \${API_URL:-http://localhost:${backendPort}}
       SOCKET_URL: \${SOCKET_URL:-http://localhost:${backendPort}}

package/src/templates/env.js

@@ -55,6 +55,11 @@ JWT_EXPIRATION=24h
 DEVELOPER_KEY=${credentials.developerKey}
 ENCRYPTION_KEY=${credentials.encryptionKey}
 
+# Customer App JWT Configuration
+CUSTOMER_APP_JWT_SECRET=${credentials.customerAppJwtSecret}
+CUSTOMER_APP_JWT_EXPIRY=1y
+CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=1y
+
 # ------------------------------------------------------------------------------
 # APPLICATION URLs
 # ------------------------------------------------------------------------------

package/src/utils/database-ports.js

@@ -61,21 +61,21 @@ const DATABASE_PORTS = {
     name: 'PostgreSQL',
     service: 'postgres',
     containerPort: 5432,
-    defaultHostPort: 5432,
+    defaultHostPort: 64541,
     connectionExample: (host, hostPort, password) => `postgresql://ante:${password}@${host}:${hostPort}/ante_db`,
   },
   redis: {
     name: 'Redis',
     service: 'redis',
     containerPort: 6379,
-    defaultHostPort: 6379,
+    defaultHostPort: 61066,
     connectionExample: (host, hostPort, password) => `redis://${host}:${hostPort} (password: ${password})`,
   },
   mongodb: {
     name: 'MongoDB',
     service: 'mongodb',
     containerPort: 27017,
-    defaultHostPort: 27017,
+    defaultHostPort: 50167,
     connectionExample: (host, hostPort, password) => `mongodb://ante:${password}@${host}:${hostPort}/ante`,
   },
 };
@@ -153,8 +153,8 @@ export async function exposeDatabasePorts(composeFile, options = {}) {
       (p) => !p.toString().includes(DATABASE_PORTS.postgres.containerPort.toString())
     );
 
-    // Find available port
-    const hostPort = await findAvailablePort(postgresPort);
+    // Find available port (use fixed default if no custom port specified)
+    const hostPort = await findAvailablePort(postgresPort || DATABASE_PORTS.postgres.defaultHostPort);
     const portMapping = `${hostPort}:${DATABASE_PORTS.postgres.containerPort}`;
 
     doc.services.postgres.ports.push(portMapping);
@@ -172,8 +172,8 @@ export async function exposeDatabasePorts(composeFile, options = {}) {
       (p) => !p.toString().includes(DATABASE_PORTS.redis.containerPort.toString())
     );
 
-    // Find available port
-    const hostPort = await findAvailablePort(redisPort);
+    // Find available port (use fixed default if no custom port specified)
+    const hostPort = await findAvailablePort(redisPort || DATABASE_PORTS.redis.defaultHostPort);
     const portMapping = `${hostPort}:${DATABASE_PORTS.redis.containerPort}`;
 
     doc.services.redis.ports.push(portMapping);
@@ -191,8 +191,8 @@ export async function exposeDatabasePorts(composeFile, options = {}) {
       (p) => !p.toString().includes(DATABASE_PORTS.mongodb.containerPort.toString())
     );
 
-    // Find available port
-    const hostPort = await findAvailablePort(mongodbPort);
+    // Find available port (use fixed default if no custom port specified)
+    const hostPort = await findAvailablePort(mongodbPort || DATABASE_PORTS.mongodb.defaultHostPort);
     const portMapping = `${hostPort}:${DATABASE_PORTS.mongodb.containerPort}`;
 
     doc.services.mongodb.ports.push(portMapping);

package/src/utils/password.js

@@ -36,6 +36,7 @@ export function generateCredentials() {
     jwtSecret: generateSecurePassword(64),
     developerKey: generateRandomHex(16),
     encryptionKey: generateRandomHex(16),
+    customerAppJwtSecret: generateSecurePassword(64),
   };
 }