create-authhero 0.47.3 → 0.48.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/create-authhero.js +15 -13
- package/dist/local/src/index.ts +5 -8
- package/dist/local/src/migrate.ts +11 -10
- package/dist/proxy/README.md +34 -20
- package/package.json +1 -1
package/dist/create-authhero.js
CHANGED
|
@@ -30,7 +30,7 @@ var c = new e(), l = {
|
|
|
30
30
|
decrypt: "node --env-file=.env scripts/decrypt-field.mjs"
|
|
31
31
|
},
|
|
32
32
|
dependencies: {
|
|
33
|
-
"@authhero/
|
|
33
|
+
"@authhero/drizzle": a,
|
|
34
34
|
...i && { "@authhero/admin": a },
|
|
35
35
|
"@authhero/widget": a,
|
|
36
36
|
"@hono/swagger-ui": "^0.6.0",
|
|
@@ -38,8 +38,8 @@ var c = new e(), l = {
|
|
|
38
38
|
"@hono/node-server": "latest",
|
|
39
39
|
authhero: a,
|
|
40
40
|
"better-sqlite3": "latest",
|
|
41
|
+
"drizzle-orm": "^0.44.0",
|
|
41
42
|
hono: "^4.12.0",
|
|
42
|
-
kysely: "latest",
|
|
43
43
|
...t && { "@authhero/multi-tenancy": a },
|
|
44
44
|
...n && { bcryptjs: "latest" }
|
|
45
45
|
},
|
|
@@ -441,9 +441,10 @@ function d(e, t = !1, n = "authhero-local", r) {
|
|
|
441
441
|
}
|
|
442
442
|
}
|
|
443
443
|
` : "";
|
|
444
|
-
return `import
|
|
445
|
-
import
|
|
446
|
-
import createAdapters from "@authhero/
|
|
444
|
+
return `import Database from "better-sqlite3";
|
|
445
|
+
import { drizzle } from "drizzle-orm/better-sqlite3";
|
|
446
|
+
import createAdapters from "@authhero/drizzle";
|
|
447
|
+
import * as schema from "@authhero/drizzle/schema/sqlite";
|
|
447
448
|
import { seed, createEncryptedDataAdapter, loadEncryptionKey${t ? ", USERNAME_PASSWORD_PROVIDER" : ""} } from "authhero";
|
|
448
449
|
|
|
449
450
|
interface ExtraClient {
|
|
@@ -454,6 +455,9 @@ interface ExtraClient {
|
|
|
454
455
|
allowed_logout_urls?: string[];
|
|
455
456
|
web_origins?: string[];
|
|
456
457
|
auth0_conformant?: boolean;
|
|
458
|
+
oidc_logout?: {
|
|
459
|
+
backchannel_logout_urls?: string[];
|
|
460
|
+
};
|
|
457
461
|
}
|
|
458
462
|
|
|
459
463
|
function parseFlag(name: string): string | undefined {
|
|
@@ -493,11 +497,8 @@ async function main() {
|
|
|
493
497
|
? JSON.parse(userProfileJson)
|
|
494
498
|
: {};
|
|
495
499
|
|
|
496
|
-
const
|
|
497
|
-
|
|
498
|
-
});
|
|
499
|
-
|
|
500
|
-
const db = new Kysely<any>({ dialect });
|
|
500
|
+
const sqlite = new Database("db.sqlite");
|
|
501
|
+
const db = drizzle(sqlite, { schema });
|
|
501
502
|
let adapters = createAdapters(db);
|
|
502
503
|
|
|
503
504
|
// Match the server: encrypt seeded secrets at rest when a key is configured.
|
|
@@ -535,6 +536,7 @@ async function main() {
|
|
|
535
536
|
...(c.auth0_conformant !== undefined && {
|
|
536
537
|
auth0_conformant: c.auth0_conformant,
|
|
537
538
|
}),
|
|
539
|
+
...(c.oidc_logout !== undefined && { oidc_logout: c.oidc_logout }),
|
|
538
540
|
});
|
|
539
541
|
console.log(\`✅ Created client "\${c.client_id}"\`);
|
|
540
542
|
}
|
|
@@ -544,7 +546,7 @@ async function main() {
|
|
|
544
546
|
console.log(\`✅ Updated profile of user "\${seedResult.username}"\`);
|
|
545
547
|
}
|
|
546
548
|
${f}
|
|
547
|
-
|
|
549
|
+
sqlite.close();
|
|
548
550
|
}
|
|
549
551
|
|
|
550
552
|
main().catch((err) => {
|
|
@@ -1011,7 +1013,7 @@ c.version("1.0.0").description("Create a new AuthHero project").argument("[proje
|
|
|
1011
1013
|
]
|
|
1012
1014
|
}])).setupType;
|
|
1013
1015
|
let h;
|
|
1014
|
-
h = m === "cloudflare-control-plane" ? !0 : m === "proxy" || m === "cloudflare-wfp-dispatcher" || m === "cloudflare-wfp-tenant" ? !1 : i.multiTenant === void 0 ? o
|
|
1016
|
+
h = m === "cloudflare-control-plane" ? !0 : m === "proxy" || m === "cloudflare-wfp-dispatcher" || m === "cloudflare-wfp-tenant" ? !1 : i.multiTenant === void 0 ? !o && (await t.prompt([{
|
|
1015
1017
|
type: "confirm",
|
|
1016
1018
|
name: "multiTenant",
|
|
1017
1019
|
message: "Would you like to enable multi-tenant mode?",
|
|
@@ -1125,7 +1127,7 @@ ENCRYPTION_KEY=${s()}
|
|
|
1125
1127
|
}])).shouldMigrate, n && (console.log("\n🔄 Running migrations...\n"), await x(`${e} run migrate`, p));
|
|
1126
1128
|
}
|
|
1127
1129
|
let n;
|
|
1128
|
-
n = i.skipStart
|
|
1130
|
+
n = !i.skipStart && !o && (await t.prompt([{
|
|
1129
1131
|
type: "confirm",
|
|
1130
1132
|
name: "shouldStart",
|
|
1131
1133
|
message: "Would you like to start the development server?",
|
package/dist/local/src/index.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
import { serve } from "@hono/node-server";
|
|
2
|
-
import { SqliteDialect } from "kysely";
|
|
3
|
-
import { Kysely } from "kysely";
|
|
4
2
|
import Database from "better-sqlite3";
|
|
5
|
-
import
|
|
3
|
+
import { drizzle, BetterSQLite3Database } from "drizzle-orm/better-sqlite3";
|
|
4
|
+
import createAdapters from "@authhero/drizzle";
|
|
5
|
+
import * as schema from "@authhero/drizzle/schema/sqlite";
|
|
6
6
|
import { createEncryptedDataAdapter, loadEncryptionKey } from "authhero";
|
|
7
7
|
import createApp from "./app";
|
|
8
8
|
import fs from "fs";
|
|
@@ -85,12 +85,9 @@ function ensureCertificates() {
|
|
|
85
85
|
}
|
|
86
86
|
|
|
87
87
|
// Initialize SQLite database
|
|
88
|
-
let db:
|
|
88
|
+
let db: BetterSQLite3Database<typeof schema>;
|
|
89
89
|
try {
|
|
90
|
-
|
|
91
|
-
database: new Database("db.sqlite"),
|
|
92
|
-
});
|
|
93
|
-
db = new Kysely<any>({ dialect });
|
|
90
|
+
db = drizzle(new Database("db.sqlite"), { schema });
|
|
94
91
|
} catch (error) {
|
|
95
92
|
console.error("❌ Failed to initialize database:");
|
|
96
93
|
console.error(
|
|
@@ -1,25 +1,26 @@
|
|
|
1
|
-
import { SqliteDialect, Kysely } from "kysely";
|
|
2
1
|
import Database from "better-sqlite3";
|
|
3
|
-
import {
|
|
2
|
+
import { drizzle } from "drizzle-orm/better-sqlite3";
|
|
3
|
+
import { migrate } from "drizzle-orm/better-sqlite3/migrator";
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
});
|
|
5
|
+
// Migrations are pre-generated and shipped with the @authhero/drizzle package.
|
|
6
|
+
// The schema is managed by AuthHero — do not generate your own migrations.
|
|
7
|
+
const migrationsFolder = "node_modules/@authhero/drizzle/drizzle";
|
|
9
8
|
|
|
10
|
-
|
|
9
|
+
function migrateDb() {
|
|
10
|
+
const sqlite = new Database("db.sqlite");
|
|
11
|
+
const db = drizzle(sqlite);
|
|
11
12
|
|
|
12
13
|
console.log("Running migrations...");
|
|
13
14
|
|
|
14
15
|
try {
|
|
15
|
-
|
|
16
|
+
migrate(db, { migrationsFolder });
|
|
16
17
|
console.log("✅ All migrations completed successfully");
|
|
17
18
|
} catch (error) {
|
|
18
19
|
console.error("Migration failed:", error);
|
|
19
20
|
process.exit(1);
|
|
20
21
|
} finally {
|
|
21
|
-
|
|
22
|
+
sqlite.close();
|
|
22
23
|
}
|
|
23
24
|
}
|
|
24
25
|
|
|
25
|
-
|
|
26
|
+
migrateDb();
|
package/dist/proxy/README.md
CHANGED
|
@@ -29,34 +29,35 @@ export const proxyConfig: StaticProxyAdapterOptions = {
|
|
|
29
29
|
|
|
30
30
|
The proxy reads its routes through a `ProxyDataAdapter`. Three implementations are common:
|
|
31
31
|
|
|
32
|
-
| Adapter
|
|
33
|
-
|
|
|
34
|
-
| **Static** (default)
|
|
35
|
-
| **Database**
|
|
32
|
+
| Adapter | Best for | Notes |
|
|
33
|
+
| ------------------------- | -------------------------------------------------- | -------------------------------------------------------------------------- |
|
|
34
|
+
| **Static** (default) | Local dev, small fixed deployments | Routes baked into the worker bundle; re-deploy to change them. |
|
|
35
|
+
| **Database** | Same-process or co-located deployments | Reads directly from the proxy_routes table that authhero writes to. |
|
|
36
36
|
| **HTTP / management API** | Geographically distributed proxies, hosted Workers | Calls `/api/v2/proxy-routes` on your authhero server with a service token. |
|
|
37
37
|
|
|
38
38
|
The authhero server exposes the management API (`/api/v2/proxy-routes`) and creates the underlying table automatically once the standard adapter migrations have run — see the `local` template's [src/index.ts](../local/src/index.ts).
|
|
39
39
|
|
|
40
|
-
### Database-backed (
|
|
40
|
+
### Database-backed (Drizzle)
|
|
41
41
|
|
|
42
|
-
Add the adapter and
|
|
42
|
+
Add the adapter and drizzle-orm, then swap the data line:
|
|
43
43
|
|
|
44
44
|
```bash
|
|
45
|
-
npm install @authhero/
|
|
45
|
+
npm install @authhero/drizzle drizzle-orm
|
|
46
46
|
```
|
|
47
47
|
|
|
48
48
|
```ts
|
|
49
|
-
import {
|
|
49
|
+
import { drizzle } from "drizzle-orm/d1";
|
|
50
50
|
import { createProxyApp } from "@authhero/proxy";
|
|
51
|
-
import { createProxyDataAdapter } from "@authhero/
|
|
51
|
+
import { createProxyDataAdapter } from "@authhero/drizzle";
|
|
52
|
+
import * as schema from "@authhero/drizzle/schema/sqlite";
|
|
52
53
|
|
|
53
|
-
const db =
|
|
54
|
+
const db = drizzle(env.AUTH_DB, { schema });
|
|
54
55
|
const app = createProxyApp({
|
|
55
56
|
data: createProxyDataAdapter(db),
|
|
56
57
|
});
|
|
57
58
|
```
|
|
58
59
|
|
|
59
|
-
Cloudflare Workers
|
|
60
|
+
On Cloudflare Workers this reads from the same D1 database your authhero worker uses. For a local Node process, use `drizzle-orm/better-sqlite3` pointing at the same `db.sqlite` your authhero server uses. (If your routes live in MySQL/Postgres, `@authhero/kysely-adapter` exposes the same `createProxyDataAdapter` for Kysely dialects.)
|
|
60
61
|
|
|
61
62
|
### HTTP-backed (management API)
|
|
62
63
|
|
|
@@ -87,7 +88,7 @@ interface Env {
|
|
|
87
88
|
|
|
88
89
|
function createHttpProxyAdapter(env: Env): ProxyDataAdapter {
|
|
89
90
|
const headers = {
|
|
90
|
-
|
|
91
|
+
authorization: `Bearer ${env.AUTHHERO_SERVICE_TOKEN}`,
|
|
91
92
|
"tenant-id": env.AUTHHERO_TENANT_ID,
|
|
92
93
|
};
|
|
93
94
|
|
|
@@ -101,16 +102,29 @@ function createHttpProxyAdapter(env: Env): ProxyDataAdapter {
|
|
|
101
102
|
// The proxy data plane only needs resolveHost; the CRUD methods on
|
|
102
103
|
// proxyRoutes stay unused (writes always go through authhero directly).
|
|
103
104
|
proxyRoutes: {
|
|
104
|
-
list: () => {
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
105
|
+
list: () => {
|
|
106
|
+
throw new Error("read-only proxy adapter");
|
|
107
|
+
},
|
|
108
|
+
get: () => {
|
|
109
|
+
throw new Error("read-only proxy adapter");
|
|
110
|
+
},
|
|
111
|
+
create: () => {
|
|
112
|
+
throw new Error("read-only proxy adapter");
|
|
113
|
+
},
|
|
114
|
+
update: () => {
|
|
115
|
+
throw new Error("read-only proxy adapter");
|
|
116
|
+
},
|
|
117
|
+
remove: () => {
|
|
118
|
+
throw new Error("read-only proxy adapter");
|
|
119
|
+
},
|
|
109
120
|
},
|
|
110
121
|
async resolveHost(host): Promise<ResolvedHost | null> {
|
|
111
|
-
const domains = await api<{
|
|
112
|
-
|
|
113
|
-
|
|
122
|
+
const domains = await api<{
|
|
123
|
+
custom_domains: Array<{
|
|
124
|
+
custom_domain_id: string;
|
|
125
|
+
domain: string;
|
|
126
|
+
}>;
|
|
127
|
+
}>("/api/v2/custom-domains");
|
|
114
128
|
const match = domains.custom_domains.find((d) => d.domain === host);
|
|
115
129
|
if (!match) return null;
|
|
116
130
|
|