create-kyro 0.1.2 → 0.1.3

package/dist/index.js

@@ -127,6 +127,7 @@ async function promptUser() {
         type: "toggle",
         name: "auth",
         message: "Add authentication (JWT)?",
+        initial: true,
         active: "Yes",
         inactive: "No"
       },
@@ -134,6 +135,7 @@ async function promptUser() {
         type: "toggle",
         name: "versioning",
         message: "Add versioning/drafts?",
+        initial: true,
         active: "Yes",
         inactive: "No"
       },
@@ -150,6 +152,7 @@ async function promptUser() {
         name: "template",
         message: "Starting template:",
         hint: " ",
+        initial: 1,
         choices: [
           {
             title: "Minimal",
@@ -236,10 +239,10 @@ ${cyan("?")} ${bold(msg)}`);
 function generatePackageJson(answers, projectDir) {
   const deps = {
     "@kyro-cms/core": "latest",
-    "astro": "^5.4.0"
+    astro: "^5.4.0"
   };
   const devDeps = {
-    "typescript": "^5.7.3"
+    typescript: "^5.7.3"
   };
   if (answers.styling === "tailwind") {
     deps["@astrojs/react"] = "^4.2.0";
@@ -260,13 +263,17 @@ function generatePackageJson(answers, projectDir) {
   }
   if (answers.admin) {
     deps["@kyro-cms/admin"] = "latest";
+    deps["@astrojs/node"] = "^9.5.5";
     deps["lucide-react"] = "^0.475.0";
   }
   const scripts = {
-    "dev": "astro dev",
-    "build": "astro build",
-    "preview": "astro preview"
+    dev: "astro dev",
+    build: "astro build",
+    preview: "astro preview"
   };
+  if (answers.auth) {
+    scripts["db:bootstrap"] = "kyro auth bootstrap";
+  }
   if (answers.database === "sqlite") {
     scripts["db:generate"] = "kyro generate";
     scripts["db:push"] = "kyro push";
@@ -288,26 +295,24 @@ function formatPackageJson(pkg) {
 
 // src/generators/config.ts
 function generateKyroConfig(answers) {
-  const imports = [
-    "import { defineConfig, createTemplateConfig } from '@kyro-cms/core';"
-  ];
+  const imports = ["import { defineConfig } from '@kyro-cms/core';"];
   const adapterLines = [];
   if (answers.database === "sqlite") {
-    imports.push("import { localAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: localAdapter({ path: './data.db' }),`);
+    imports.push("import { createLocalAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createLocalAdapter({ path: './data.db' }),`);
   } else if (answers.database === "postgres") {
-    imports.push("import { drizzleAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: drizzleAdapter({`);
+    imports.push("import { createDrizzleAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createDrizzleAdapter({`);
     adapterLines.push(`    connectionString: process.env.DATABASE_URL,`);
     adapterLines.push(`  }),`);
   } else if (answers.database === "mysql") {
-    imports.push("import { drizzleAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: drizzleAdapter({`);
+    imports.push("import { createDrizzleAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createDrizzleAdapter({`);
     adapterLines.push(`    connectionString: process.env.DATABASE_URL,`);
     adapterLines.push(`  }),`);
   } else if (answers.database === "mongodb") {
-    imports.push("import { mongoAdapter } from '@kyro-cms/core';");
-    adapterLines.push(`  adapter: mongoAdapter({`);
+    imports.push("import { createMongoDBAdapter } from '@kyro-cms/core';");
+    adapterLines.push(`  adapter: createMongoDBAdapter({`);
     adapterLines.push(`    connectionString: process.env.MONGODB_URI,`);
     adapterLines.push(`  }),`);
   }
@@ -331,39 +336,46 @@ function generateKyroConfig(answers) {
   if (answers.versioning) {
     features.push("  versioning: true,");
   }
-  let templateCollections = [];
-  let templateGlobals = [];
+  let templateCollections = "";
+  let templateGlobals = "";
   switch (answers.template) {
     case "minimal":
-      templateCollections.push("...minimalCollections,");
+      templateCollections = "import { minimalCollections } from '@kyro-cms/core';";
       break;
     case "blog":
-      templateCollections.push("...blogCollections,");
+      templateCollections = "import { blogCollections } from '@kyro-cms/core';";
       break;
     case "ecommerce":
-      templateCollections.push("...ecommerceCollections,");
+      templateCollections = "import { ecommerceCollections } from '@kyro-cms/core';";
       break;
     case "kitchen-sink":
-      templateCollections.push(
-        "...minimalCollections,",
-        "...blogCollections,",
-        "...ecommerceCollections,",
-        "...kitchenSinkCollections,"
-      );
+      templateCollections = `import { minimalCollections, blogCollections, ecommerceCollections, kitchenSinkCollections } from '@kyro-cms/core';`;
       break;
   }
-  const collectionsBlock = templateCollections.length > 0 ? `  collections: [
-    ${templateCollections.join("\n    ")}
-  ],` : "";
-  const globalsBlock = templateGlobals.length > 0 ? `  globals: [
-    ${templateGlobals.join("\n    ")}
-  ],` : "";
+  if (templateCollections) {
+    imports.push(templateCollections);
+  }
+  let collectionsConfig = "";
+  if (answers.template === "minimal") {
+    collectionsConfig = `  collections: Object.values(minimalCollections),`;
+  } else if (answers.template === "blog") {
+    collectionsConfig = `  collections: Object.values(blogCollections),`;
+  } else if (answers.template === "ecommerce") {
+    collectionsConfig = `  collections: Object.values(ecommerceCollections),`;
+  } else if (answers.template === "kitchen-sink") {
+    collectionsConfig = `  collections: [
+    ...Object.values(minimalCollections),
+    ...Object.values(blogCollections),
+    ...Object.values(ecommerceCollections),
+    ...Object.values(kitchenSinkCollections),
+  ],`;
+  }
   const config = `${imports.join("\n")}
 
 export default defineConfig({
   name: '${answers.projectName}',
   prefix: '/api',${adapterLines.length > 0 ? "\n" + adapterLines.join("\n") : ""}
-${collectionsBlock ? "\n" + collectionsBlock : ""}${globalsBlock ? "\n" + globalsBlock : ""}${features.length > 0 ? "\n" + features.join("\n") : ""}
+${collectionsConfig ? collectionsConfig : ""}${features.length > 0 ? "\n" + features.join("\n") : ""}
 
   api: {
 ${apiConfig.join("\n")}
@@ -385,6 +397,7 @@ function generateAstroConfig(answers) {
     mode: 'standalone'
   }),` : "";
   const config = `import { defineConfig } from 'astro/config';
+import node from '@astrojs/node';
 ${answers.styling === "tailwind" ? "import react from '@astrojs/react';\nimport tailwindcss from '@tailwindcss/vite';" : ""}
 
 export default defineConfig({
@@ -442,18 +455,67 @@ data/
 
 A Kyro CMS project.
 
-## Getting Started
+## Quick Start
 
 \`\`\`bash
 npm install
 npm run dev
 \`\`\`
 
+## Admin Dashboard
+
+Visit [http://localhost:4321/admin](http://localhost:4321/admin) to access the admin.
+
+${answers.auth ? `## Creating Your Admin User
+
+Before logging into the admin, you need to create an admin user. Run:
+
+\`\`\`bash
+npm run db:bootstrap
+\`\`\`
+
+Or set environment variables to auto-bootstrap on startup:
+
+\`\`\`bash
+# .env
+KYRO_ADMIN_EMAIL=admin@example.com
+KYRO_ADMIN_PASSWORD=SecurePass123!
+\`\`\`
+
+Then restart the dev server.
+` : ""}
+
 ## Documentation
 
 Visit [https://kyro.cms](https://kyro.cms) for full documentation.
 `;
   writeFileSync(join(projectDir, "README.md"), readme);
+  const envExample = `# Kyro CMS Configuration
+
+${answers.database === "sqlite" ? "# SQLite (local) - no additional config needed" : answers.database === "postgres" || answers.database === "mysql" ? "# Database connection (PostgreSQL/MySQL)\nDATABASE_URL=postgresql://user:password@localhost:5432/kyro_cms\nDATABASE_SSL=false" : "# MongoDB connection\nMONGODB_URI=mongodb://localhost:27017/kyro_cms"}
+
+${answers.auth ? `# Authentication (required for auth)
+JWT_SECRET=change-this-to-a-random-32-character-string
+JWT_EXPIRES_IN=24h
+
+# Bootstrap admin user (creates on first run)
+KYRO_ADMIN_EMAIL=admin@example.com
+KYRO_ADMIN_PASSWORD=SecurePass123!
+KYRO_ADMIN_ROLE=super_admin
+
+# Optional: Redis for sessions (recommended for production)
+# REDIS_URL=redis://localhost:6379
+# REDIS_TLS=false
+
+# Optional: SMTP for emails
+# SMTP_HOST=smtp.example.com
+# SMTP_PORT=587
+# SMTP_SECURE=false
+# SMTP_USER=your-email@example.com
+# SMTP_PASS=your-password
+# SMTP_FROM=noreply@example.com` : ""}
+`;
+  writeFileSync(join(projectDir, ".env.example"), envExample);
   const spec = `# ${answers.projectName}
 
 ## Overview
@@ -520,11 +582,11 @@ const title = "${answers.projectName}";
 `;
   writeFileSync(join(pagesDir, "index.astro"), indexPage);
   if (answers.admin) {
-    const adminDir = join(srcDir, "admin");
+    const adminDir = join(pagesDir, "admin");
     mkdirSync(adminDir, { recursive: true });
     const adminIndex = `---
 import { Admin } from '@kyro-cms/admin';
-import config from '../kyro.config';
+import config from '../../../kyro.config';
 ---
 <!DOCTYPE html>
 <html lang="en">
@@ -540,6 +602,448 @@ import config from '../kyro.config';
 `;
     writeFileSync(join(adminDir, "index.astro"), adminIndex);
   }
+  if (answers.auth) {
+    const authApiDir = join(pagesDir, "api", "auth");
+    mkdirSync(authApiDir, { recursive: true });
+    writeFileSync(
+      join(authApiDir, "login.ts"),
+      generateLoginEndpoint(answers.database)
+    );
+    writeFileSync(
+      join(authApiDir, "register.ts"),
+      generateRegisterEndpoint(answers.database)
+    );
+    writeFileSync(
+      join(authApiDir, "logout.ts"),
+      generateLogoutEndpoint(answers.database)
+    );
+    writeFileSync(join(authApiDir, "me.ts"), generateMeEndpoint());
+    writeFileSync(
+      join(authApiDir, "users.ts"),
+      generateUsersEndpoint(answers.database)
+    );
+    writeFileSync(join(srcDir, "middleware.ts"), generateMiddleware());
+  }
+}
+function generateLoginEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "24h";
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const body = (await request.json()) as {
+      email?: string;
+      password?: string;
+    };
+    const { email, password } = body;
+
+    if (!email || !password) {
+      return new Response(
+        JSON.stringify({ error: "Email and password required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const adapter = await getAuthApi();
+    await adapter.connect();
+
+    const user = await adapter.findUserByEmail(email);
+    if (!user || !user.passwordHash) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ error: "Invalid credentials" }), {
+        status: 401,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const valid = await adapter.verifyPassword(password, user.passwordHash);
+    if (!valid) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ error: "Invalid credentials" }), {
+        status: 401,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const session = await adapter.createSession(user.id, {
+      ipAddress: request.headers.get("x-forwarded-for") || "unknown",
+      userAgent: request.headers.get("user-agent") || "",
+    });
+
+    const token = jwt.sign(
+      {
+        sub: user.id,
+        email: user.email,
+        role: user.role,
+        tenantId: user.tenantId,
+      },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions["expiresIn"] },
+    );
+
+    await adapter.disconnect();
+
+    const { passwordHash, ...safeUser } = user;
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        user: safeUser,
+        token,
+        refreshToken: session.refreshToken,
+      }),
+      {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      },
+    );
+  } catch (error) {
+    console.error("Login error:", error);
+    return new Response(JSON.stringify({ error: "Login failed" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+function generateRegisterEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  const isFirstUserCheck = database === "sqlite" ? `    const isFirstUser = !(await adapter.hasAnyUsers());` : `    const isFirstUser = await checkIsFirstUser(adapter);`;
+  const isFirstUserFn = database === "sqlite" ? "" : `
+
+async function checkIsFirstUser(adapter: RedisAuthAdapter): Promise<boolean> {
+  try {
+    const redis = (adapter as any).redis;
+    if (!redis) return true;
+    const pattern = "kyro:auth:users:email:*";
+    const result = await redis.scan("0", "MATCH", pattern, "COUNT", "1");
+    const keys = result[1];
+    return keys.length === 0;
+  } catch {
+    return true;
+  }
+}`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+const JWT_EXPIRES_IN = process.env.JWT_EXPIRES_IN || "24h";
+const ALLOW_REGISTRATION = process.env.KYRO_ALLOW_REGISTRATION !== "false";
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const body = (await request.json()) as {
+      email?: string;
+      password?: string;
+      confirmPassword?: string;
+    };
+    const { email, password, confirmPassword } = body;
+
+    if (!email || !password) {
+      return new Response(
+        JSON.stringify({ error: "Email and password required" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    if (password !== confirmPassword) {
+      return new Response(
+        JSON.stringify({ error: "Passwords do not match" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    if (password.length < 8) {
+      return new Response(
+        JSON.stringify({ error: "Password must be at least 8 characters" }),
+        { status: 400, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const adapter = await getAuthApi();
+    try {
+      await adapter.connect();
+    } catch {
+      return new Response(
+        JSON.stringify({ error: "Unable to connect to auth storage." }),
+        { status: 500, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const existingUser = await adapter.findUserByEmail(email);
+    if (existingUser) {
+      await adapter.disconnect();
+      return new Response(
+        JSON.stringify({ error: "Email already registered" }),
+        { status: 409, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+${isFirstUserCheck}
+
+    if (!isFirstUser && !ALLOW_REGISTRATION) {
+      await adapter.disconnect();
+      return new Response(
+        JSON.stringify({ error: "Registration is disabled" }),
+        { status: 403, headers: { "Content-Type": "application/json" } },
+      );
+    }
+
+    const passwordHash = await adapter.hashPassword(password);
+    const user = await adapter.createUser({
+      email,
+      passwordHash,
+      role: isFirstUser ? "super_admin" : "editor",
+    });
+
+    if (isFirstUser) {
+      await adapter.updateUser(user.id, { emailVerified: true });
+    }
+
+    const session = await adapter.createSession(user.id, {
+      ipAddress: request.headers.get("x-forwarded-for") || "unknown",
+      userAgent: request.headers.get("user-agent") || "",
+    });
+
+    const token = jwt.sign(
+      {
+        sub: user.id,
+        email: user.email,
+        role: user.role,
+        tenantId: user.tenantId,
+      },
+      JWT_SECRET,
+      { expiresIn: JWT_EXPIRES_IN as jwt.SignOptions["expiresIn"] },
+    );
+
+    await adapter.disconnect();
+
+    const { passwordHash: _, ...safeUser } = user;
+
+    return new Response(
+      JSON.stringify({
+        success: true,
+        isFirstUser,
+        user: safeUser,
+        token,
+        refreshToken: session.refreshToken,
+      }),
+      {
+        status: 201,
+        headers: { "Content-Type": "application/json" },
+      },
+    );
+  } catch (error) {
+    console.error("Registration error:", error);
+    return new Response(JSON.stringify({ error: "Registration failed" }), {
+      status: 500,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};${isFirstUserFn}
+`;
+}
+function generateLogoutEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const authHeader = request.headers.get("authorization");
+    const token = authHeader?.startsWith("Bearer ")
+      ? authHeader.slice(7)
+      : null;
+
+    if (token) {
+      const adapter = await getAuthApi();
+      await adapter.connect();
+      await adapter.deleteSession(token);
+      await adapter.disconnect();
+    }
+
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  } catch {
+    return new Response(
+      JSON.stringify({ success: true }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}
+function generateMeEndpoint() {
+  return `import type { APIRoute } from "astro";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+export const GET: APIRoute = async ({ request }) => {
+  const authHeader = request.headers.get("authorization");
+  const token = authHeader?.startsWith("Bearer ")
+    ? authHeader.slice(7)
+    : null;
+
+  if (!token) {
+    return new Response(
+      JSON.stringify({ error: "Not authenticated" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+
+  try {
+    const payload = jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
+    return new Response(
+      JSON.stringify({
+        id: payload.sub,
+        email: payload.email,
+        role: payload.role,
+      }),
+      { status: 200, headers: { "Content-Type": "application/json" } },
+    );
+  } catch {
+    return new Response(
+      JSON.stringify({ error: "Invalid token" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
+}
+function generateUsersEndpoint(database) {
+  const adapterImport = database === "sqlite" ? `import { SQLiteAuthAdapter } from "@kyro-cms/core";` : `import { RedisAuthAdapter } from "@kyro-cms/core";`;
+  const adapterInit = database === "sqlite" ? `  return new SQLiteAuthAdapter({ path: "./data.db" });` : `  return new RedisAuthAdapter({
+    url: process.env.REDIS_URL || "redis://localhost:6379",
+    tls: process.env.REDIS_TLS === "true",
+  });`;
+  const hasUsersCheck = database === "sqlite" ? `    const hasUsers = await adapter.hasAnyUsers();` : `    const redis = (adapter as any).redis;
+    if (!redis) {
+      await adapter.disconnect();
+      return new Response(JSON.stringify({ hasUsers: false }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" },
+      });
+    }
+
+    const pattern = "kyro:auth:users:email:*";
+    const result = await redis.scan("0", "MATCH", pattern, "COUNT", "1");
+    const keys = result[1];
+    const hasUsers = keys.length > 0;`;
+  return `import type { APIRoute } from "astro";
+${adapterImport}
+
+async function getAuthApi() {
+${adapterInit}
+}
+
+export const GET: APIRoute = async () => {
+  try {
+    const adapter = await getAuthApi();
+    await adapter.connect();
+
+${hasUsersCheck}
+
+    await adapter.disconnect();
+
+    return new Response(JSON.stringify({ hasUsers }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  } catch {
+    return new Response(JSON.stringify({ hasUsers: false }), {
+      status: 200,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+};
+`;
+}
+function generateMiddleware() {
+  return `import type { MiddlewareHandler } from "astro";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+const PUBLIC_PATHS = [
+  "/api/auth/login",
+  "/api/auth/logout",
+  "/api/auth/register",
+  "/api/auth/me",
+  "/api/auth/users",
+  "/api/health",
+  "/favicon.svg",
+];
+
+const PUBLIC_PREFIXES = ["/api/auth/", "/admin"];
+
+export const onRequest: MiddlewareHandler = async ({ request, url }, next) => {
+  const pathname = new URL(url).pathname;
+
+  if (PUBLIC_PATHS.includes(pathname) || PUBLIC_PATHS.includes(pathname.replace(/\\/$/, ""))) {
+    return next();
+  }
+
+  for (const prefix of PUBLIC_PREFIXES) {
+    if (pathname.startsWith(prefix)) {
+      return next();
+    }
+  }
+
+  const authHeader = request.headers.get("authorization");
+  const token = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
+
+  if (!token) {
+    return new Response(
+      JSON.stringify({ error: "Authentication required" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+
+  try {
+    jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
+    return next();
+  } catch {
+    return new Response(
+      JSON.stringify({ error: "Invalid or expired token" }),
+      { status: 401, headers: { "Content-Type": "application/json" } },
+    );
+  }
+};
+`;
 }
 
 // src/index.ts