create-authhero 0.4.0 → 0.6.0

package/dist/cloudflare-simple/src/app.ts

@@ -0,0 +1,26 @@
+import { Context } from "hono";
+import { HTTPException } from "hono/http-exception";
+import { AuthHeroConfig, init } from "authhero";
+import { swaggerUI } from "@hono/swagger-ui";
+
+export default function createApp(config: AuthHeroConfig) {
+  const { app } = init(config);
+
+  app
+    .onError((err, ctx) => {
+      if (err instanceof HTTPException) {
+        return err.getResponse();
+      }
+      console.error(err);
+      return ctx.text(err.message, 500);
+    })
+    .get("/", async (ctx: Context) => {
+      return ctx.json({
+        name: "AuthHero Server",
+        status: "running",
+      });
+    })
+    .get("/docs", swaggerUI({ url: "/api/v2/spec" }));
+
+  return app;
+}

package/dist/cloudflare-simple/src/index.ts

@@ -0,0 +1,27 @@
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { D1Dialect } from "kysely-d1";
+import { Kysely } from "kysely";
+import createAdapters from "@authhero/kysely-adapter";
+import createApp from "./app";
+import { Env } from "./types";
+import { AuthHeroConfig, Bindings, Variables } from "authhero";
+
+let app: OpenAPIHono<{ Bindings: Bindings; Variables: Variables }> | undefined;
+
+export default {
+  async fetch(request: Request, env: Env): Promise<Response> {
+    if (!app) {
+      const dialect = new D1Dialect({ database: env.AUTH_DB });
+      const db = new Kysely<any>({ dialect });
+      const dataAdapter = createAdapters(db);
+
+      const config: AuthHeroConfig = {
+        dataAdapter,
+      };
+
+      app = createApp(config);
+    }
+
+    return app.fetch(request, env);
+  },
+};

package/dist/cloudflare-simple/src/types.ts

@@ -0,0 +1,5 @@
+/// <reference types="@cloudflare/workers-types" />
+
+export interface Env {
+  AUTH_DB: D1Database;
+}

package/dist/cloudflare-simple/tsconfig.json

@@ -0,0 +1,14 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "types": ["@cloudflare/workers-types"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules"]
+}

package/dist/cloudflare-simple/wrangler.toml

@@ -0,0 +1,21 @@
+name = "authhero-server"
+main = "src/index.ts"
+compatibility_date = "2024-11-20"
+
+# D1 Database binding
+# Run: wrangler d1 create authhero-db
+# Then uncomment and update the database_id below:
+# [[d1_databases]]
+# binding = "AUTH_DB"
+# database_name = "authhero-db"
+# database_id = "<YOUR_DATABASE_ID>"
+
+# For local development, you can use a local D1 database:
+[[d1_databases]]
+binding = "AUTH_DB"
+database_name = "authhero-db"
+database_id = "local"
+
+# Optional: Enable observability
+# [observability]
+# enabled = true

package/dist/create-authhero.js

@@ -0,0 +1,344 @@
+#!/usr/bin/env node
+import { Command as b } from "commander";
+import d from "inquirer";
+import l from "fs";
+import c from "path";
+import { spawn as f } from "child_process";
+const w = new b(), r = {
+  local: {
+    name: "Local (SQLite)",
+    description: "Local development setup with SQLite database - great for getting started",
+    templateDir: "local",
+    packageJson: (t) => ({
+      name: t,
+      version: "1.0.0",
+      type: "module",
+      scripts: {
+        dev: "npx tsx watch src/index.ts",
+        start: "npx tsx src/index.ts",
+        migrate: "npx tsx src/migrate.ts",
+        seed: "npx tsx src/seed.ts"
+      },
+      dependencies: {
+        "@authhero/kysely-adapter": "latest",
+        "@hono/swagger-ui": "^0.5.0",
+        "@hono/zod-openapi": "^0.19.0",
+        "@hono/node-server": "latest",
+        authhero: "latest",
+        "better-sqlite3": "latest",
+        hono: "^4.6.0",
+        kysely: "latest"
+      },
+      devDependencies: {
+        "@types/better-sqlite3": "^7.6.0",
+        "@types/node": "^20.0.0",
+        tsx: "^4.0.0",
+        typescript: "^5.5.0"
+      }
+    }),
+    seedFile: "seed.ts"
+  },
+  "cloudflare-simple": {
+    name: "Cloudflare Simple (Single Tenant)",
+    description: "Single-tenant Cloudflare Workers setup with D1 database",
+    templateDir: "cloudflare-simple",
+    packageJson: (t) => ({
+      name: t,
+      version: "1.0.0",
+      type: "module",
+      scripts: {
+        dev: "wrangler dev",
+        deploy: "wrangler deploy",
+        "db:migrate": "wrangler d1 migrations apply AUTH_DB --local",
+        "db:migrate:prod": "wrangler d1 migrations apply AUTH_DB --remote",
+        seed: "wrangler d1 execute AUTH_DB --local --file=seed.sql"
+      },
+      dependencies: {
+        "@authhero/kysely-adapter": "latest",
+        "@hono/swagger-ui": "^0.5.0",
+        "@hono/zod-openapi": "^0.19.0",
+        authhero: "latest",
+        hono: "^4.6.0",
+        kysely: "latest",
+        "kysely-d1": "latest"
+      },
+      devDependencies: {
+        "@cloudflare/workers-types": "^4.0.0",
+        typescript: "^5.5.0",
+        wrangler: "^3.0.0"
+      }
+    }),
+    seedFile: "seed.sql"
+  },
+  "cloudflare-multitenant": {
+    name: "Cloudflare Multi-Tenant (Production)",
+    description: "Production-grade multi-tenant setup with per-tenant D1 databases and Analytics Engine",
+    templateDir: "cloudflare-multitenant",
+    packageJson: (t) => ({
+      name: t,
+      version: "1.0.0",
+      type: "module",
+      scripts: {
+        dev: "wrangler dev",
+        deploy: "wrangler deploy",
+        "db:migrate": "wrangler d1 migrations apply MAIN_DB --local",
+        "db:migrate:prod": "wrangler d1 migrations apply MAIN_DB --remote",
+        seed: "wrangler d1 execute MAIN_DB --local --file=seed.sql"
+      },
+      dependencies: {
+        "@authhero/cloudflare-adapter": "latest",
+        "@authhero/kysely-adapter": "latest",
+        "@authhero/multi-tenancy": "latest",
+        "@hono/swagger-ui": "^0.5.0",
+        "@hono/zod-openapi": "^0.19.10",
+        authhero: "latest",
+        hono: "^4.6.0",
+        kysely: "latest",
+        "kysely-d1": "latest",
+        wretch: "^3.0.0"
+      },
+      devDependencies: {
+        "@cloudflare/workers-types": "^4.0.0",
+        typescript: "^5.5.0",
+        wrangler: "^3.0.0"
+      }
+    }),
+    seedFile: "seed.sql"
+  }
+};
+function v(t, e) {
+  l.readdirSync(t).forEach((s) => {
+    const n = c.join(t, s), o = c.join(e, s);
+    l.lstatSync(n).isDirectory() ? (l.mkdirSync(o, { recursive: !0 }), v(n, o)) : l.copyFileSync(n, o);
+  });
+}
+function D(t) {
+  if (t === "local")
+    return `import { SqliteDialect, Kysely } from "kysely";
+import Database from "better-sqlite3";
+import createAdapters from "@authhero/kysely-adapter";
+import { seed } from "authhero";
+
+async function main() {
+  const adminEmail = process.argv[2] || process.env.ADMIN_EMAIL;
+  const adminPassword = process.argv[3] || process.env.ADMIN_PASSWORD;
+
+  if (!adminEmail || !adminPassword) {
+    console.error("Usage: npm run seed <email> <password>");
+    console.error("   or: ADMIN_EMAIL=... ADMIN_PASSWORD=... npm run seed");
+    process.exit(1);
+  }
+
+  const dialect = new SqliteDialect({
+    database: new Database("db.sqlite"),
+  });
+
+  const db = new Kysely<any>({ dialect });
+  const adapters = createAdapters(db);
+
+  await seed(adapters, {
+    adminEmail,
+    adminPassword,
+  });
+
+  await db.destroy();
+}
+
+main().catch(console.error);
+`;
+  {
+    const e = (/* @__PURE__ */ new Date()).toISOString(), a = "default";
+    return `-- Seed file for AuthHero
+-- 
+-- IMPORTANT: This SQL file creates the basic structure but the password
+-- cannot be properly hashed in SQL. After running this seed, you should
+-- use the management API or run a script to set the admin password.
+
+-- Create default tenant
+INSERT OR IGNORE INTO tenants (id, friendly_name, audience, sender_email, sender_name, created_at, updated_at)
+VALUES ('${a}', 'Default Tenant', 'https://api.example.com', 'noreply@example.com', 'AuthHero', '${e}', '${e}');
+
+-- Create password connection
+INSERT OR IGNORE INTO connections (id, tenant_id, name, strategy, options, created_at, updated_at)
+VALUES ('conn_default', '${a}', 'Username-Password-Authentication', 'Username-Password-Authentication', '{}', '${e}', '${e}');
+
+-- Create default client
+INSERT OR IGNORE INTO clients (client_id, tenant_id, name, callbacks, allowed_origins, web_origins, connections, created_at, updated_at)
+VALUES ('default', '${a}', 'Default Application', '["https://manage.authhero.net/auth-callback","https://local.authhero.net/auth-callback"]', '[]', '[]', '["Username-Password-Authentication"]', '${e}', '${e}');
+
+-- Note: Admin user and password should be created via the management API
+-- or using a TypeScript seed script with proper bcrypt hashing.
+-- Example command: curl -X POST http://localhost:3000/api/v2/users ...
+`;
+  }
+}
+function u(t, e) {
+  return new Promise((a, s) => {
+    const n = f(t, [], {
+      cwd: e,
+      shell: !0,
+      stdio: "inherit"
+    });
+    n.on("close", (o) => {
+      o === 0 ? a() : s(new Error(`Command failed with exit code ${o}`));
+    }), n.on("error", s);
+  });
+}
+function k(t, e, a) {
+  return new Promise((s, n) => {
+    const o = f(t, [], {
+      cwd: e,
+      shell: !0,
+      stdio: "inherit",
+      env: { ...process.env, ...a }
+    });
+    o.on("close", (m) => {
+      m === 0 ? s() : n(new Error(`Command failed with exit code ${m}`));
+    }), o.on("error", n);
+  });
+}
+w.version("1.0.0").description("Create a new AuthHero project").argument("[project-name]", "name of the project").action(async (t) => {
+  console.log(`
+🔐 Welcome to AuthHero!
+`), t || (t = (await d.prompt([
+    {
+      type: "input",
+      name: "projectName",
+      message: "Project name:",
+      default: "auth-server",
+      validate: (p) => p !== "" || "Project name cannot be empty"
+    }
+  ])).projectName);
+  const e = c.join(process.cwd(), t);
+  l.existsSync(e) && (console.error(`❌ Project "${t}" already exists.`), process.exit(1));
+  const { setupType: a } = await d.prompt([
+    {
+      type: "list",
+      name: "setupType",
+      message: "Select your setup type:",
+      choices: [
+        {
+          name: `${r.local.name}
+     ${r.local.description}`,
+          value: "local",
+          short: r.local.name
+        },
+        {
+          name: `${r["cloudflare-simple"].name}
+     ${r["cloudflare-simple"].description}`,
+          value: "cloudflare-simple",
+          short: r["cloudflare-simple"].name
+        },
+        {
+          name: `${r["cloudflare-multitenant"].name}
+     ${r["cloudflare-multitenant"].description}`,
+          value: "cloudflare-multitenant",
+          short: r["cloudflare-multitenant"].name
+        }
+      ]
+    }
+  ]), s = r[a];
+  l.mkdirSync(e, { recursive: !0 }), l.writeFileSync(
+    c.join(e, "package.json"),
+    JSON.stringify(s.packageJson(t), null, 2)
+  );
+  const n = c.join(
+    import.meta.url.replace("file://", "").replace("/create-authhero.js", ""),
+    s.templateDir
+  );
+  l.existsSync(n) ? v(n, e) : (console.error(`❌ Template directory not found: ${n}`), process.exit(1));
+  const o = D(a), m = a === "local" ? "src/seed.ts" : "seed.sql";
+  l.writeFileSync(c.join(e, m), o), console.log(
+    `
+✅ Project "${t}" has been created with ${s.name} setup!
+`
+  );
+  const { shouldInstall: h } = await d.prompt([
+    {
+      type: "confirm",
+      name: "shouldInstall",
+      message: "Would you like to install dependencies now?",
+      default: !0
+    }
+  ]);
+  if (h) {
+    const { packageManager: i } = await d.prompt([
+      {
+        type: "list",
+        name: "packageManager",
+        message: "Which package manager would you like to use?",
+        choices: [
+          { name: "npm", value: "npm" },
+          { name: "yarn", value: "yarn" },
+          { name: "pnpm", value: "pnpm" },
+          { name: "bun", value: "bun" }
+        ],
+        default: "npm"
+      }
+    ]);
+    console.log(`
+📦 Installing dependencies with ${i}...
+`);
+    try {
+      const p = i === "pnpm" ? "pnpm install --ignore-workspace" : `${i} install`;
+      if (await u(p, e), a === "local" && (console.log(`
+🔧 Building native modules...
+`), await u("npm rebuild better-sqlite3", e)), console.log(`
+✅ Dependencies installed successfully!
+`), a === "local") {
+        const { shouldSetup: A } = await d.prompt([
+          {
+            type: "confirm",
+            name: "shouldSetup",
+            message: "Would you like to run migrations and seed the database?",
+            default: !0
+          }
+        ]);
+        if (A) {
+          const y = await d.prompt([
+            {
+              type: "input",
+              name: "username",
+              message: "Admin email:",
+              default: "admin@example.com",
+              validate: (g) => /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(g) || "Please enter a valid email address"
+            },
+            {
+              type: "password",
+              name: "password",
+              message: "Admin password:",
+              mask: "*",
+              validate: (g) => g.length < 8 ? "Password must be at least 8 characters" : !0
+            }
+          ]);
+          console.log(`
+🔄 Running migrations...
+`), await u(`${i} run migrate`, e), console.log(`
+🌱 Seeding database...
+`), await k(`${i} run seed`, e, {
+            ADMIN_EMAIL: y.username,
+            ADMIN_PASSWORD: y.password
+          });
+        }
+      }
+      const { shouldStart: S } = await d.prompt([
+        {
+          type: "confirm",
+          name: "shouldStart",
+          message: "Would you like to start the development server?",
+          default: !0
+        }
+      ]);
+      S && (console.log(`
+🚀 Starting development server...
+`), await u(`${i} run dev`, e));
+    } catch (p) {
+      console.error(`
+❌ An error occurred:`, p);
+    }
+  }
+  h || (console.log("Next steps:"), console.log(`  cd ${t}`), a === "local" ? (console.log("  npm install"), console.log("  npm run migrate"), console.log("  npm run seed -- <email> <password>"), console.log("  npm run dev")) : (console.log("  npm install"), console.log("  npm run db:migrate"), console.log("  npm run seed"), console.log("  npm run dev")), console.log(`
+For more information, visit: https://authhero.net/docs
+`));
+});
+w.parse(process.argv);

package/dist/local/README.md

@@ -0,0 +1,50 @@
+# AuthHero Local Server
+
+A local AuthHero authentication server using SQLite for development.
+
+## Getting Started
+
+1. Install dependencies:
+
+   ```bash
+   npm install
+   ```
+
+2. Run database migrations:
+
+   ```bash
+   npm run migrate
+   ```
+
+3. Start the development server:
+   ```bash
+   npm run dev
+   ```
+
+The server will be available at `http://localhost:3000`.
+
+## Project Structure
+
+```
+├── src/
+│   ├── index.ts    # Server entry point
+│   ├── app.ts      # AuthHero app configuration
+│   ├── migrate.ts  # Database migration script
+│   └── seed.ts     # Database seeding script
+├── db.sqlite       # SQLite database (created after first run)
+└── package.json
+```
+
+## API Documentation
+
+Visit `http://localhost:3000/docs` to see the Swagger UI documentation.
+
+## Configuration
+
+You can customize the AuthHero configuration in `src/app.ts`. Common options include:
+
+- Custom hooks for login/signup events
+- Custom email templates
+- Session configuration
+
+For more information, visit [https://authhero.net/docs](https://authhero.net/docs).

package/dist/local/src/app.ts

@@ -0,0 +1,26 @@
+import { Context } from "hono";
+import { HTTPException } from "hono/http-exception";
+import { AuthHeroConfig, init } from "authhero";
+import { swaggerUI } from "@hono/swagger-ui";
+
+export default function createApp(config: AuthHeroConfig) {
+  const { app } = init(config);
+
+  app
+    .onError((err, ctx) => {
+      if (err instanceof HTTPException) {
+        return err.getResponse();
+      }
+      console.error(err);
+      return ctx.text(err.message, 500);
+    })
+    .get("/", async (ctx: Context) => {
+      return ctx.json({
+        name: "AuthHero Server",
+        status: "running",
+      });
+    })
+    .get("/docs", swaggerUI({ url: "/api/v2/spec" }));
+
+  return app;
+}

package/dist/local/src/index.ts

@@ -0,0 +1,117 @@
+import { serve } from "@hono/node-server";
+import { SqliteDialect } from "kysely";
+import { Kysely } from "kysely";
+import Database from "better-sqlite3";
+import createAdapters from "@authhero/kysely-adapter";
+import createApp from "./app";
+import fs from "fs";
+import path from "path";
+import { execSync } from "child_process";
+import https from "https";
+
+// Generate self-signed certificates for local HTTPS if they don't exist
+const certDir = path.join(process.cwd(), ".certs");
+const keyPath = path.join(certDir, "localhost-key.pem");
+const certPath = path.join(certDir, "localhost.pem");
+
+function ensureCertificates() {
+  if (!fs.existsSync(certDir)) {
+    fs.mkdirSync(certDir, { recursive: true });
+  }
+
+  if (!fs.existsSync(keyPath) || !fs.existsSync(certPath)) {
+    console.log("🔑 Generating self-signed certificates for local HTTPS...");
+
+    // Try mkcert first (if installed), otherwise fall back to openssl
+    try {
+      execSync(`which mkcert`, { stdio: "ignore" });
+      execSync(
+        `mkcert -key-file ${keyPath} -cert-file ${certPath} localhost 127.0.0.1`,
+        {
+          stdio: "inherit",
+        },
+      );
+      console.log("✅ Certificates generated with mkcert");
+    } catch {
+      // Fall back to openssl
+      try {
+        execSync(
+          `openssl req -x509 -newkey rsa:2048 -keyout "${keyPath}" -out "${certPath}" -days 365 -nodes -subj "/CN=localhost"`,
+          { stdio: "inherit" },
+        );
+        console.log("✅ Self-signed certificates generated with openssl");
+        console.log(
+          "⚠️  You may need to trust the certificate in your browser",
+        );
+      } catch (err) {
+        console.error(
+          "❌ Failed to generate certificates. Please install mkcert or openssl",
+        );
+        console.error(
+          "   Install mkcert: brew install mkcert && mkcert -install",
+        );
+        process.exit(1);
+      }
+    }
+  }
+
+  return {
+    key: fs.readFileSync(keyPath),
+    cert: fs.readFileSync(certPath),
+  };
+}
+
+// Initialize SQLite database
+let db: Kysely<any>;
+try {
+  const dialect = new SqliteDialect({
+    database: new Database("db.sqlite"),
+  });
+  db = new Kysely<any>({ dialect });
+} catch (error) {
+  console.error("❌ Failed to initialize database:");
+  console.error(
+    error instanceof Error ? error.message : "Unknown error occurred",
+  );
+  console.error("\nPossible causes:");
+  console.error("  - File permissions issue");
+  console.error("  - Disk space is full");
+  console.error("  - Database file is corrupted");
+  console.error("\nTry running: npm run migrate");
+  process.exit(1);
+}
+
+const dataAdapter = createAdapters(db);
+
+// Create the AuthHero app
+const app = createApp({
+  dataAdapter,
+  allowedOrigins: [
+    "https://manage.authhero.net",
+    "https://local.authhero.net",
+    "http://localhost:5173",
+  ],
+});
+
+// Start the server
+const port = Number(process.env.PORT) || 3000;
+const issuer = process.env.ISSUER || `https://localhost:${port}/`;
+
+// Get or generate certificates
+const { key, cert } = ensureCertificates();
+
+console.log(`🔐 AuthHero server running at https://localhost:${port}`);
+console.log(`📚 API documentation available at https://localhost:${port}/docs`);
+console.log(`🌐 Portal available at https://local.authhero.net`);
+
+serve({
+  fetch: (request) => {
+    return app.fetch(request, {
+      ISSUER: issuer,
+      data: dataAdapter,
+    });
+  },
+  port,
+  createServer: https.createServer,
+  serverOptions: { key, cert },
+});

package/dist/local/src/migrate.ts

@@ -0,0 +1,25 @@
+import { SqliteDialect, Kysely } from "kysely";
+import Database from "better-sqlite3";
+import { migrateToLatest } from "@authhero/kysely-adapter";
+
+async function migrate() {
+  const dialect = new SqliteDialect({
+    database: new Database("db.sqlite"),
+  });
+
+  const db = new Kysely<any>({ dialect });
+
+  console.log("Running migrations...");
+
+  try {
+    await migrateToLatest(db, true);
+    console.log("✅ All migrations completed successfully");
+  } catch (error) {
+    console.error("Migration failed:", error);
+    process.exit(1);
+  } finally {
+    await db.destroy();
+  }
+}
+
+migrate();

package/dist/local/tsconfig.json

@@ -0,0 +1,16 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "types": ["node"]
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules"]
+}

package/package.json

@@ -5,7 +5,7 @@
     "type": "git",
     "url": "https://github.com/markusahlstrand/authhero"
   },
-  "version": "0.4.0",
+  "version": "0.6.0",
   "type": "module",
   "main": "dist/create-authhero.js",
   "bin": {