ante-erp-cli 1.11.42 → 1.11.44

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ante-erp-cli",
-  "version": "1.11.42",
+  "version": "1.11.44",
   "description": "Comprehensive CLI tool for managing ANTE ERP self-hosted installations",
   "type": "module",
   "bin": {

package/src/commands/update.js

@@ -8,6 +8,7 @@ import { pullImagesSilent, stopServicesSilent, startServicesSilent, waitForServi
 import { backup } from './backup.js';
 import { getCurrentVersion, getLatestVersion } from './update-cli.js';
 import { generateDockerCompose } from '../templates/docker-compose.yml.js';
+import { generateSecurePassword } from '../utils/password.js';
 
 /**
  * Check if gate-app, guardian-app, facial-web, or pos-app is installed by checking docker-compose.yml
@@ -236,6 +237,121 @@ COMPANY_ID=1
   writeFileSync(envFile, envContent);
 }
 
+/**
+ * Ensure customer app JWT configuration exists in .env file
+ * @param {string} envFile - Path to .env file
+ * @returns {boolean} True if any modifications were made
+ */
+function ensureCustomerAppJwtConfig(envFile) {
+  let envContent = readFileSync(envFile, 'utf8');
+  let modified = false;
+
+  // Check if CUSTOMER_APP_JWT_SECRET exists
+  if (!envContent.includes('CUSTOMER_APP_JWT_SECRET=')) {
+    console.log('⚙️  Adding missing CUSTOMER_APP_JWT_SECRET...');
+
+    // Generate new secret
+    const customerAppJwtSecret = generateSecurePassword(64);
+
+    // Find the ENCRYPTION_KEY line and add after it
+    if (envContent.includes('ENCRYPTION_KEY=')) {
+      envContent = envContent.replace(
+        /(ENCRYPTION_KEY=.*\n)/,
+        `$1\n# Customer App JWT Configuration\nCUSTOMER_APP_JWT_SECRET=${customerAppJwtSecret}\n`
+      );
+    } else {
+      // Fallback: add to security keys section or end of file
+      envContent += `\n# Customer App JWT Configuration\nCUSTOMER_APP_JWT_SECRET=${customerAppJwtSecret}\n`;
+    }
+    modified = true;
+  }
+
+  // Check if CUSTOMER_APP_JWT_EXPIRY exists
+  if (!envContent.includes('CUSTOMER_APP_JWT_EXPIRY=')) {
+    console.log('⚙️  Adding CUSTOMER_APP_JWT_EXPIRY...');
+    envContent = envContent.replace(
+      /(CUSTOMER_APP_JWT_SECRET=.*\n)/,
+      `$1CUSTOMER_APP_JWT_EXPIRY=1y\n`
+    );
+    modified = true;
+  } else {
+    // Update old expiry value (15m -> 1y)
+    if (envContent.includes('CUSTOMER_APP_JWT_EXPIRY=15m')) {
+      console.log('⚙️  Updating CUSTOMER_APP_JWT_EXPIRY from 15m to 1y...');
+      envContent = envContent.replace(
+        /CUSTOMER_APP_JWT_EXPIRY=15m/,
+        'CUSTOMER_APP_JWT_EXPIRY=1y'
+      );
+      modified = true;
+    }
+  }
+
+  // Check if CUSTOMER_APP_REFRESH_TOKEN_EXPIRY exists
+  if (!envContent.includes('CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=')) {
+    console.log('⚙️  Adding CUSTOMER_APP_REFRESH_TOKEN_EXPIRY...');
+    envContent = envContent.replace(
+      /(CUSTOMER_APP_JWT_EXPIRY=.*\n)/,
+      `$1CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=1y\n`
+    );
+    modified = true;
+  } else {
+    // Update old expiry value (30d -> 1y)
+    if (envContent.includes('CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=30d')) {
+      console.log('⚙️  Updating CUSTOMER_APP_REFRESH_TOKEN_EXPIRY from 30d to 1y...');
+      envContent = envContent.replace(
+        /CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=30d/,
+        'CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=1y'
+      );
+      modified = true;
+    }
+  }
+
+  // Write back if modified
+  if (modified) {
+    writeFileSync(envFile, envContent);
+    console.log('✅ Customer app JWT configuration updated');
+  }
+
+  return modified;
+}
+
+/**
+ * Refresh docker-compose.yml to ensure it has latest environment variable mappings
+ * This regenerates the docker-compose.yml without adding new services
+ * @param {string} composeFile - Path to docker-compose.yml
+ * @param {string} envFile - Path to .env file
+ */
+function refreshDockerCompose(composeFile, envFile) {
+  const envConfig = parseEnvFile(envFile);
+  const currentInstalled = detectInstalledApps(composeFile);
+
+  // Generate new docker-compose.yml with existing services only
+  const newCompose = generateDockerCompose({
+    frontendPort: parseInt(envConfig.FRONTEND_PORT) || 8080,
+    backendPort: parseInt(envConfig.BACKEND_PORT) || 3001,
+    gateAppPort: parseInt(envConfig.GATE_APP_PORT) || 8081,
+    guardianAppPort: parseInt(envConfig.GUARDIAN_APP_PORT) || 8082,
+    facialWebPort: parseInt(envConfig.FACIAL_WEB_PORT) || 8083,
+    posAppPort: parseInt(envConfig.POS_APP_PORT) || 8084,
+    clientAppPort: parseInt(envConfig.CLIENT_APP_PORT) || 9005,
+    installMain: true,
+    installGate: currentInstalled.hasGateApp,
+    installGuardian: currentInstalled.hasGuardianApp,
+    installFacial: currentInstalled.hasFacialWeb,
+    installPos: currentInstalled.hasPosApp,
+    installClient: currentInstalled.hasClientApp,
+    companyId: parseInt(envConfig.COMPANY_ID) || 1
+  });
+
+  // Backup existing docker-compose.yml
+  const timestamp = new Date().toISOString().split('.')[0].replace(/:/g, '-').replace('T', '_');
+  renameSync(composeFile, `${composeFile}.${timestamp}.bak`);
+
+  // Write new docker-compose.yml
+  writeFileSync(composeFile, newCompose);
+  console.log('✅ Docker Compose configuration refreshed');
+}
+
 /**
  * Format step title with numbering
  * @param {number} step - Current step number
@@ -298,6 +414,16 @@ export async function update(options) {
     // POS App health check removed - not required
     if (!options.skipCleanup) totalSteps++; // Cleanup step
 
+    // Ensure customer app JWT configuration exists (run before tasks)
+    console.log(chalk.gray('Checking customer app JWT configuration...'));
+    const envModified = ensureCustomerAppJwtConfig(envFile);
+
+    // Refresh docker-compose.yml if .env was modified to ensure containers get new variables
+    if (envModified) {
+      console.log(chalk.gray('Refreshing Docker Compose configuration...'));
+      refreshDockerCompose(composeFile, envFile);
+    }
+
     // Pre-calculate step numbers for each task (fixes step numbering bug)
     let currentStep = 0;
     const stepPreStart = !options.skipBackup ? ++currentStep : null;

package/src/templates/docker-compose.yml.js

@@ -134,6 +134,9 @@ services:
       JWT_EXPIRATION: \${JWT_EXPIRATION:-24h}
       DEVELOPER_KEY: \${DEVELOPER_KEY}
       ENCRYPTION_KEY: \${ENCRYPTION_KEY}
+      CUSTOMER_APP_JWT_SECRET: \${CUSTOMER_APP_JWT_SECRET}
+      CUSTOMER_APP_JWT_EXPIRY: \${CUSTOMER_APP_JWT_EXPIRY:-1y}
+      CUSTOMER_APP_REFRESH_TOKEN_EXPIRY: \${CUSTOMER_APP_REFRESH_TOKEN_EXPIRY:-1y}
       FRONTEND_URL: \${FRONTEND_URL:-http://localhost:${frontendPort}}
       API_URL: \${API_URL:-http://localhost:${backendPort}}
       SOCKET_URL: \${SOCKET_URL:-http://localhost:${backendPort}}

package/src/templates/env.js

@@ -55,6 +55,11 @@ JWT_EXPIRATION=24h
 DEVELOPER_KEY=${credentials.developerKey}
 ENCRYPTION_KEY=${credentials.encryptionKey}
 
+# Customer App JWT Configuration
+CUSTOMER_APP_JWT_SECRET=${credentials.customerAppJwtSecret}
+CUSTOMER_APP_JWT_EXPIRY=1y
+CUSTOMER_APP_REFRESH_TOKEN_EXPIRY=1y
+
 # ------------------------------------------------------------------------------
 # APPLICATION URLs
 # ------------------------------------------------------------------------------

package/src/utils/password.js

@@ -36,6 +36,7 @@ export function generateCredentials() {
     jwtSecret: generateSecurePassword(64),
     developerKey: generateRandomHex(16),
     encryptionKey: generateRandomHex(16),
+    customerAppJwtSecret: generateSecurePassword(64),
   };
 }