create-authhero 0.7.0 → 0.9.0

package/dist/cloudflare-simple/src/index.ts

@@ -1,27 +1,78 @@
-import { OpenAPIHono } from "@hono/zod-openapi";
 import { D1Dialect } from "kysely-d1";
 import { Kysely } from "kysely";
 import createAdapters from "@authhero/kysely-adapter";
 import createApp from "./app";
 import { Env } from "./types";
-import { AuthHeroConfig, Bindings, Variables } from "authhero";
+import { AuthHeroConfig } from "authhero";
 
-let app: OpenAPIHono<{ Bindings: Bindings; Variables: Variables }> | undefined;
+// ──────────────────────────────────────────────────────────────────────────────
+// OPTIONAL: Uncomment to enable Cloudflare adapters (Analytics Engine, etc.)
+// ──────────────────────────────────────────────────────────────────────────────
+// import createCloudflareAdapters from "@authhero/cloudflare-adapter";
 
 export default {
   async fetch(request: Request, env: Env): Promise<Response> {
-    if (!app) {
-      const dialect = new D1Dialect({ database: env.AUTH_DB });
-      const db = new Kysely<any>({ dialect });
-      const dataAdapter = createAdapters(db);
+    const url = new URL(request.url);
+    const issuer = `${url.protocol}//${url.host}/`;
 
-      const config: AuthHeroConfig = {
-        dataAdapter,
-      };
+    // Get the origin from the request for dynamic CORS
+    const origin = request.headers.get("Origin") || "";
 
-      app = createApp(config);
-    }
+    const dialect = new D1Dialect({ database: env.AUTH_DB });
+    const db = new Kysely<any>({ dialect });
+    const dataAdapter = createAdapters(db);
 
-    return app.fetch(request, env);
+    // ────────────────────────────────────────────────────────────────────────
+    // OPTIONAL: Cloudflare Analytics Engine for centralized logging
+    // Uncomment to enable:
+    // ────────────────────────────────────────────────────────────────────────
+    // const cloudflareAdapters = createCloudflareAdapters({
+    //   accountId: env.CLOUDFLARE_ACCOUNT_ID,
+    //   apiToken: env.CLOUDFLARE_API_TOKEN,
+    //   analyticsEngineLogs: {
+    //     analyticsEngineBinding: env.AUTH_LOGS,
+    //     accountId: env.CLOUDFLARE_ACCOUNT_ID,
+    //     apiToken: env.ANALYTICS_ENGINE_API_TOKEN || env.CLOUDFLARE_API_TOKEN,
+    //     dataset: "authhero_logs",
+    //   },
+    // });
+
+    // ────────────────────────────────────────────────────────────────────────
+    // OPTIONAL: Rate Limiting
+    // Uncomment to enable rate limiting on authentication endpoints:
+    // ────────────────────────────────────────────────────────────────────────
+    // const clientIp = request.headers.get("CF-Connecting-IP") || "unknown";
+    // const { success } = await env.RATE_LIMITER.limit({ key: clientIp });
+    // if (!success) {
+    //   return new Response("Rate limit exceeded", { status: 429 });
+    // }
+
+    const config: AuthHeroConfig = {
+      dataAdapter,
+      // ──────────────────────────────────────────────────────────────────────
+      // OPTIONAL: Spread Cloudflare adapters to enable Analytics Engine logging
+      // Uncomment when using createCloudflareAdapters above:
+      // ──────────────────────────────────────────────────────────────────────
+      // ...cloudflareAdapters,
+
+      // Allow CORS for the Management API from admin UIs
+      allowedOrigins: [
+        "http://localhost:5173",
+        "https://localhost:3000",
+        "https://manage.authhero.net",
+        "https://local.authhero.net",
+        origin,
+      ].filter(Boolean),
+    };
+
+    const app = createApp(config);
+
+    // Pass the issuer via env bindings
+    const envWithIssuer = {
+      ...env,
+      ISSUER: issuer,
+    };
+
+    return app.fetch(request, envWithIssuer);
   },
 };

package/dist/cloudflare-simple/src/seed.ts

@@ -0,0 +1,64 @@
+import { D1Dialect } from "kysely-d1";
+import { Kysely } from "kysely";
+import createAdapters from "@authhero/kysely-adapter";
+import { seed } from "authhero";
+
+interface Env {
+  AUTH_DB: D1Database;
+}
+
+export default {
+  async fetch(request: Request, env: Env): Promise<Response> {
+    const url = new URL(request.url);
+    const adminEmail = url.searchParams.get("email");
+    const adminPassword = url.searchParams.get("password");
+
+    if (!adminEmail || !adminPassword) {
+      return new Response(
+        JSON.stringify({
+          error: "Missing email or password query parameters",
+          usage: "/?email=admin@example.com&password=yourpassword",
+        }),
+        {
+          status: 400,
+          headers: { "Content-Type": "application/json" },
+        },
+      );
+    }
+
+    try {
+      const dialect = new D1Dialect({ database: env.AUTH_DB });
+      const db = new Kysely<any>({ dialect });
+      const adapters = createAdapters(db);
+
+      const result = await seed(adapters, {
+        adminEmail,
+        adminPassword,
+      });
+
+      return new Response(
+        JSON.stringify({
+          success: true,
+          message: "Database seeded successfully",
+          result,
+        }),
+        {
+          status: 200,
+          headers: { "Content-Type": "application/json" },
+        },
+      );
+    } catch (error) {
+      console.error("Seed error:", error);
+      return new Response(
+        JSON.stringify({
+          error: "Failed to seed database",
+          message: error instanceof Error ? error.message : String(error),
+        }),
+        {
+          status: 500,
+          headers: { "Content-Type": "application/json" },
+        },
+      );
+    }
+  },
+};

package/dist/cloudflare-simple/src/types.ts

@@ -1,5 +1,23 @@
 /// <reference types="@cloudflare/workers-types" />
 
+// Uncomment to enable Analytics Engine logging:
+// import { AnalyticsEngineDataset } from "@authhero/cloudflare-adapter";
+
 export interface Env {
   AUTH_DB: D1Database;
+
+  // ──────────────────────────────────────────────────────────────────────────
+  // OPTIONAL: Analytics Engine for centralized logging
+  // Uncomment to enable:
+  // ──────────────────────────────────────────────────────────────────────────
+  // AUTH_LOGS: AnalyticsEngineDataset;
+  // CLOUDFLARE_ACCOUNT_ID: string;
+  // CLOUDFLARE_API_TOKEN: string;
+  // ANALYTICS_ENGINE_API_TOKEN?: string; // Optional: separate token for Analytics Engine
+
+  // ──────────────────────────────────────────────────────────────────────────
+  // OPTIONAL: Rate Limiting
+  // Uncomment to enable:
+  // ──────────────────────────────────────────────────────────────────────────
+  // RATE_LIMITER: RateLimiter;
 }

package/dist/cloudflare-simple/wrangler.toml

@@ -9,12 +9,41 @@ compatibility_date = "2024-11-20"
 # binding = "AUTH_DB"
 # database_name = "authhero-db"
 # database_id = "<YOUR_DATABASE_ID>"
+# migrations_dir = "migrations"
 
 # For local development, you can use a local D1 database:
 [[d1_databases]]
 binding = "AUTH_DB"
 database_name = "authhero-db"
 database_id = "local"
+migrations_dir = "migrations"
+
+# ════════════════════════════════════════════════════════════════════════════
+# OPTIONAL: Analytics Engine for centralized logging
+# ════════════════════════════════════════════════════════════════════════════
+# To enable Analytics Engine:
+# 1. Create dataset in Cloudflare Dashboard: Workers & Pages > Analytics Engine
+# 2. Uncomment the binding below
+# 3. Add CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_API_TOKEN to .dev.vars
+# 4. Uncomment the Analytics Engine code in src/index.ts
+#
+# [[analytics_engine_datasets]]
+# binding = "AUTH_LOGS"
+# dataset = "authhero_logs"
+
+# ════════════════════════════════════════════════════════════════════════════
+# OPTIONAL: Rate Limiting
+# ════════════════════════════════════════════════════════════════════════════
+# To enable Rate Limiting:
+# 1. Rate limiting is available on Workers Paid plan ($5/month)
+# 2. Uncomment the binding below
+# 3. Implement rate limiting logic in src/index.ts
+#
+# [[unsafe.bindings]]
+# name = "RATE_LIMITER"
+# type = "ratelimit"
+# namespace_id = "1001"  # Unique namespace ID for this limiter
+# simple = { limit = 100, period = 60 }  # 100 requests per 60 seconds
 
 # Optional: Enable observability
 # [observability]