create-authhero 0.18.0 → 0.19.0

package/dist/cloudflare-multitenant/src/app.ts

@@ -1,29 +1,65 @@
 import { Context } from "hono";
 import { HTTPException } from "hono/http-exception";
 import { swaggerUI } from "@hono/swagger-ui";
+import { init, AuthHeroConfig, fetchAll } from "authhero";
 import {
-  init,
-  MultiTenantAuthHeroConfig,
-  DataAdapters,
+  createSyncHooks,
+  createTenantsOpenAPIRouter,
+  createProtectSyncedMiddleware,
 } from "@authhero/multi-tenancy";
+import { DataAdapters } from "@authhero/adapter-interfaces";
 
 // Control plane tenant ID - the tenant that manages all other tenants
 const CONTROL_PLANE_TENANT_ID = "control_plane";
 
-export default function createApp(
-  config: Omit<MultiTenantAuthHeroConfig, "controlPlaneTenantId"> & {
-    dataAdapter: DataAdapters;
-  },
-) {
+export default function createApp(config: AuthHeroConfig & { dataAdapter: DataAdapters }) {
+  // Create sync hooks for syncing entities from control plane to child tenants
+  const { entityHooks, tenantHooks } = createSyncHooks({
+    controlPlaneTenantId: CONTROL_PLANE_TENANT_ID,
+    getChildTenantIds: async () => {
+      const allTenants = await fetchAll<{ id: string }>(
+        (params) => config.dataAdapter.tenants.list(params),
+        "tenants",
+        { cursorField: "id", pageSize: 100 },
+      );
+      return allTenants
+        .filter((t) => t.id !== CONTROL_PLANE_TENANT_ID)
+        .map((t) => t.id);
+    },
+    getAdapters: async () => config.dataAdapter,
+    getControlPlaneAdapters: async () => config.dataAdapter,
+    sync: {
+      resourceServers: true,
+      roles: true,
+      connections: true,
+    },
+  });
+
+  // Create tenants router
+  const tenantsRouter = createTenantsOpenAPIRouter(
+    {
+      accessControl: {
+        controlPlaneTenantId: CONTROL_PLANE_TENANT_ID,
+        requireOrganizationMatch: false,
+        defaultPermissions: ["tenant:admin"],
+      },
+    },
+    { tenants: tenantHooks },
+  );
+
+  // Initialize AuthHero with sync hooks and tenant routes
   const { app } = init({
     ...config,
-    controlPlaneTenantId: CONTROL_PLANE_TENANT_ID,
-    // Sync resource servers from control plane tenant to all child tenants
-    syncResourceServers: true,
-    // Sync roles from control plane tenant to all child tenants
-    syncRoles: true,
+    entityHooks,
+    managementApiExtensions: [
+      ...(config.managementApiExtensions || []),
+      { path: "/tenants", router: tenantsRouter },
+    ],
   });
 
+  // Add middleware to protect synced entities from modification on child tenants
+  app.use("/api/v2/*", createProtectSyncedMiddleware());
+
   app
     .onError((err, ctx) => {
       if (err instanceof HTTPException) {

package/dist/cloudflare-multitenant/src/index.ts

@@ -3,7 +3,7 @@ import { Kysely } from "kysely";
 import createAdapters from "@authhero/kysely-adapter";
 import createApp from "./app";
 import { Env } from "./types";
-import { AuthHeroConfig } from "@authhero/multi-tenancy";
+import { AuthHeroConfig } from "authhero";
 
 // ──────────────────────────────────────────────────────────────────────────────
 // OPTIONAL: Uncomment to enable Cloudflare adapters (Analytics Engine, etc.)

package/dist/create-authhero.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { Command as A } from "commander";
 import m from "inquirer";
-import s from "fs";
+import n from "fs";
 import i from "path";
 import { spawn as b } from "child_process";
 const D = new A(), c = {
@@ -106,6 +106,7 @@ const D = new A(), c = {
         "@authhero/multi-tenancy": "latest",
         "@hono/swagger-ui": "^0.5.0",
         "@hono/zod-openapi": "^0.19.0",
+        authhero: "latest",
         hono: "^4.6.0",
         kysely: "latest",
         "kysely-d1": "latest"
@@ -122,9 +123,9 @@ const D = new A(), c = {
   }
 };
 function j(o, e) {
-  s.readdirSync(o).forEach((n) => {
-    const a = i.join(o, n), t = i.join(e, n);
-    s.lstatSync(a).isDirectory() ? (s.mkdirSync(t, { recursive: !0 }), j(a, t)) : s.copyFileSync(a, t);
+  n.readdirSync(o).forEach((s) => {
+    const a = i.join(o, s), t = i.join(e, s);
+    n.lstatSync(a).isDirectory() ? (n.mkdirSync(t, { recursive: !0 }), j(a, t)) : n.copyFileSync(a, t);
   });
 }
 function I() {
@@ -163,7 +164,7 @@ main().catch(console.error);
 }
 function x(o) {
   const e = i.join(o, ".github", "workflows");
-  s.mkdirSync(e, { recursive: !0 });
+  n.mkdirSync(e, { recursive: !0 });
   const r = `name: Unit tests
 
 on: push
@@ -185,7 +186,7 @@ jobs:
 
       - run: npm run type-check
       - run: npm test
-`, n = `name: Deploy to Dev
+`, s = `name: Deploy to Dev
 
 on:
   push:
@@ -250,7 +251,7 @@ jobs:
           apiToken: \${{ secrets.PROD_CLOUDFLARE_API_TOKEN }}
           command: deploy --env production
 `;
-  s.writeFileSync(i.join(e, "unit-tests.yml"), r), s.writeFileSync(i.join(e, "deploy-dev.yml"), n), s.writeFileSync(i.join(e, "release.yml"), a), console.log("\\n📦 GitHub CI workflows created!");
+  n.writeFileSync(i.join(e, "unit-tests.yml"), r), n.writeFileSync(i.join(e, "deploy-dev.yml"), s), n.writeFileSync(i.join(e, "release.yml"), a), console.log("\\n📦 GitHub CI workflows created!");
 }
 function C(o) {
   const e = {
@@ -261,34 +262,34 @@ function C(o) {
       "@semantic-release/github"
     ]
   };
-  s.writeFileSync(
+  n.writeFileSync(
     i.join(o, ".releaserc.json"),
     JSON.stringify(e, null, 2)
   );
-  const r = i.join(o, "package.json"), n = JSON.parse(s.readFileSync(r, "utf-8"));
-  n.devDependencies = {
-    ...n.devDependencies,
+  const r = i.join(o, "package.json"), s = JSON.parse(n.readFileSync(r, "utf-8"));
+  s.devDependencies = {
+    ...s.devDependencies,
     "semantic-release": "^24.0.0"
-  }, n.scripts = {
-    ...n.scripts,
+  }, s.scripts = {
+    ...s.scripts,
     test: 'echo "No tests yet"',
     "type-check": "tsc --noEmit"
-  }, s.writeFileSync(r, JSON.stringify(n, null, 2));
+  }, n.writeFileSync(r, JSON.stringify(s, null, 2));
 }
 function v(o, e) {
-  return new Promise((r, n) => {
+  return new Promise((r, s) => {
     const a = b(o, [], {
       cwd: e,
       shell: !0,
       stdio: "inherit"
     });
     a.on("close", (t) => {
-      t === 0 ? r() : n(new Error(`Command failed with exit code ${t}`));
-    }), a.on("error", n);
+      t === 0 ? r() : s(new Error(`Command failed with exit code ${t}`));
+    }), a.on("error", s);
   });
 }
 function S(o, e, r) {
-  return new Promise((n, a) => {
+  return new Promise((s, a) => {
     const t = b(o, [], {
       cwd: e,
       shell: !0,
@@ -296,7 +297,7 @@ function S(o, e, r) {
       env: { ...process.env, ...r }
     });
     t.on("close", (f) => {
-      f === 0 ? n() : a(new Error(`Command failed with exit code ${f}`));
+      f === 0 ? s() : a(new Error(`Command failed with exit code ${f}`));
     }), t.on("error", a);
   });
 }
@@ -311,8 +312,8 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
   console.log(`
 🔐 Welcome to AuthHero!
 `);
-  let n = o;
-  n || (r ? (n = "auth-server", console.log(`Using default project name: ${n}`)) : n = (await m.prompt([
+  let s = o;
+  s || (r ? (s = "auth-server", console.log(`Using default project name: ${s}`)) : s = (await m.prompt([
     {
       type: "input",
       name: "projectName",
@@ -321,8 +322,8 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
       validate: (p) => p !== "" || "Project name cannot be empty"
     }
   ])).projectName);
-  const a = i.join(process.cwd(), n);
-  s.existsSync(a) && (console.error(`❌ Project "${n}" already exists.`), process.exit(1));
+  const a = i.join(process.cwd(), s);
+  n.existsSync(a) && (console.error(`❌ Project "${s}" already exists.`), process.exit(1));
   let t;
   e.template ? (["local", "cloudflare-simple", "cloudflare-multitenant"].includes(
     e.template
@@ -356,19 +357,19 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
     }
   ])).setupType;
   const f = c[t];
-  s.mkdirSync(a, { recursive: !0 }), s.writeFileSync(
+  n.mkdirSync(a, { recursive: !0 }), n.writeFileSync(
     i.join(a, "package.json"),
-    JSON.stringify(f.packageJson(n), null, 2)
+    JSON.stringify(f.packageJson(s), null, 2)
   );
   const k = i.join(
     import.meta.url.replace("file://", "").replace("/create-authhero.js", ""),
     f.templateDir
   );
-  if (s.existsSync(k) ? j(k, a) : (console.error(`❌ Template directory not found: ${k}`), process.exit(1)), t === "cloudflare-simple" || t === "cloudflare-multitenant") {
+  if (n.existsSync(k) ? j(k, a) : (console.error(`❌ Template directory not found: ${k}`), process.exit(1)), t === "cloudflare-simple" || t === "cloudflare-multitenant") {
     const l = i.join(a, "wrangler.toml"), p = i.join(a, "wrangler.local.toml");
-    s.existsSync(l) && s.copyFileSync(l, p);
+    n.existsSync(l) && n.copyFileSync(l, p);
     const d = i.join(a, ".dev.vars.example"), u = i.join(a, ".dev.vars");
-    s.existsSync(d) && s.copyFileSync(d, u), console.log(
+    n.existsSync(d) && n.copyFileSync(d, u), console.log(
       "📁 Created wrangler.local.toml and .dev.vars for local development"
     );
   }
@@ -382,11 +383,11 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
     }
   ])).includeGithubCi), y && (x(a), C(a))), t === "local") {
     const l = I();
-    s.writeFileSync(i.join(a, "src/seed.ts"), l);
+    n.writeFileSync(i.join(a, "src/seed.ts"), l);
   }
   console.log(
     `
-✅ Project "${n}" has been created with ${f.name} setup!
+✅ Project "${s}" has been created with ${f.name} setup!
 `
   );
   let h;
@@ -487,7 +488,7 @@ D.version("1.0.0").description("Create a new AuthHero project").argument("[proje
 `
       ), await v(`${l} run dev`, a)), r && !d && (console.log(`
 ✅ Setup complete!`), console.log(`
-To start the development server:`), console.log(`  cd ${n}`), console.log("  npm run dev"), (t === "cloudflare-simple" || t === "cloudflare-multitenant") && console.log(
+To start the development server:`), console.log(`  cd ${s}`), console.log("  npm run dev"), (t === "cloudflare-simple" || t === "cloudflare-multitenant") && console.log(
         `
 Server will be available at: https://localhost:3000`
       ));
@@ -496,7 +497,7 @@ Server will be available at: https://localhost:3000`
 ❌ An error occurred:`, p), process.exit(1);
     }
   }
-  h || (console.log("Next steps:"), console.log(`  cd ${n}`), t === "local" ? (console.log("  npm install"), console.log("  npm run migrate"), console.log(
+  h || (console.log("Next steps:"), console.log(`  cd ${s}`), t === "local" ? (console.log("  npm install"), console.log("  npm run migrate"), console.log(
     "  ADMIN_EMAIL=admin@example.com ADMIN_PASSWORD=yourpassword npm run seed"
   ), console.log("  npm run dev")) : (t === "cloudflare-simple" || t === "cloudflare-multitenant") && (console.log("  npm install"), console.log(
     "  npm run migrate  # or npm run db:migrate:remote for production"

package/package.json

@@ -5,7 +5,7 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "0.18.0",
+  "version": "0.19.0",
   "type": "module",
   "main": "dist/create-authhero.js",
   "bin": {