create-nextblock 0.8.11 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,227 @@
1
+ #!/usr/bin/env node
2
+ // Zero-dependency Docker setup for a standalone NextBlock project. Runs via `npm run docker:setup`
3
+ // (and is invoked automatically when you pick Docker mode in `npm create nextblock`). Uses only
4
+ // Node built-ins so it works before any host `npm install`.
5
+ //
6
+ // Self-hosted Supabase (GoTrue + PostgREST) validates REAL HS256 JWTs, so we generate a JWT
7
+ // secret and derive properly-signed anon/service_role keys from it — a random string is not a
8
+ // usable key. Then it writes .env and boots the stack via docker compose.
9
+
10
+ import { randomBytes, createHmac } from 'node:crypto';
11
+ import { readFile, writeFile, access } from 'node:fs/promises';
12
+ import { resolve, dirname } from 'node:path';
13
+ import { fileURLToPath } from 'node:url';
14
+ import { spawn, spawnSync } from 'node:child_process';
15
+ import { createInterface } from 'node:readline/promises';
16
+ import { stdin as input, stdout as output } from 'node:process';
17
+
18
+ const __dirname = dirname(fileURLToPath(import.meta.url));
19
+ const PROJECT_ROOT = resolve(__dirname, '..');
20
+ const ENV_PATH = resolve(PROJECT_ROOT, '.env');
21
+
22
+ const TURNSTILE_TEST_SITE_KEY = '1x00000000000000000000AA';
23
+ const TURNSTILE_TEST_SECRET_KEY = '1x0000000000000000000000000000000AA';
24
+
25
+ const generateSecret = () => randomBytes(32).toString('hex');
26
+ const base64url = (value) =>
27
+ Buffer.from(value).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
28
+
29
+ function signJwtHS256(payload, secret) {
30
+ const header = base64url(JSON.stringify({ alg: 'HS256', typ: 'JWT' }));
31
+ const body = base64url(JSON.stringify(payload));
32
+ const data = `${header}.${body}`;
33
+ return `${data}.${base64url(createHmac('sha256', secret).update(data).digest())}`;
34
+ }
35
+
36
+ function generateSupabaseKeys() {
37
+ const jwtSecret = generateSecret();
38
+ const iat = Math.floor(Date.now() / 1000);
39
+ const exp = iat + 60 * 60 * 24 * 365 * 10;
40
+ return {
41
+ jwtSecret,
42
+ anonKey: signJwtHS256({ role: 'anon', iss: 'supabase', iat, exp }, jwtSecret),
43
+ serviceRoleKey: signJwtHS256({ role: 'service_role', iss: 'supabase', iat, exp }, jwtSecret),
44
+ };
45
+ }
46
+
47
+ function readEnvValue(content, key) {
48
+ for (const line of content.split(/\r?\n/)) {
49
+ if (line.startsWith(`${key}=`)) {
50
+ return line.slice(key.length + 1).trim().replace(/^"(.*)"$/, '$1');
51
+ }
52
+ }
53
+ return '';
54
+ }
55
+
56
+ function upsertEnv(content, replacements) {
57
+ const applied = new Set();
58
+ const lines = content.split(/\r?\n/).map((line) => {
59
+ for (const [key, value] of Object.entries(replacements)) {
60
+ if (line.startsWith(`${key}=`)) {
61
+ applied.add(key);
62
+ return value;
63
+ }
64
+ }
65
+ return line;
66
+ });
67
+ for (const [key, value] of Object.entries(replacements)) {
68
+ if (!applied.has(key)) lines.push(value);
69
+ }
70
+ return lines.join('\n');
71
+ }
72
+
73
+ const pathExists = async (p) => {
74
+ try {
75
+ await access(p);
76
+ return true;
77
+ } catch {
78
+ return false;
79
+ }
80
+ };
81
+
82
+ const commandWorks = (cmd, args) => spawnSync(cmd, args, { stdio: 'ignore' }).status === 0;
83
+
84
+ function detectCompose() {
85
+ if (commandWorks('docker', ['compose', 'version'])) return { cmd: 'docker', args: ['compose'] };
86
+ if (commandWorks('docker-compose', ['version'])) return { cmd: 'docker-compose', args: [] };
87
+ return null;
88
+ }
89
+
90
+ const run = (cmd, args, opts = {}) =>
91
+ new Promise((res, rej) => {
92
+ const child = spawn(cmd, args, {
93
+ stdio: 'inherit',
94
+ shell: process.platform === 'win32',
95
+ ...opts,
96
+ });
97
+ child.on('error', rej);
98
+ child.on('close', (code) => (code === 0 ? res() : rej(new Error(`${cmd} exited with ${code}`))));
99
+ });
100
+
101
+ async function main() {
102
+ console.log('🐳 NextBlock — Local Self-Hosted Docker Setup\n');
103
+
104
+ if (!commandWorks('docker', ['info'])) {
105
+ console.error('āœ— Docker is not installed or not running. Start Docker Desktop, then re-run `npm run docker:setup`.');
106
+ process.exit(1);
107
+ }
108
+ const compose = detectCompose();
109
+ if (!compose) {
110
+ console.error('āœ— Docker Compose not found. Update Docker Desktop or install the Compose plugin.');
111
+ process.exit(1);
112
+ }
113
+
114
+ const rl = createInterface({ input, output });
115
+ const ask = async (q, def = '') => (await rl.question(q)).trim() || def;
116
+
117
+ console.log('Optional integrations (press Enter to skip):');
118
+ let turnstileSiteKey = await ask(' Cloudflare Turnstile Site Key (Enter = sandbox test keys): ');
119
+ let turnstileSecretKey = '';
120
+ if (turnstileSiteKey) {
121
+ turnstileSecretKey = await ask(' Cloudflare Turnstile Secret Key: ');
122
+ } else {
123
+ turnstileSiteKey = TURNSTILE_TEST_SITE_KEY;
124
+ turnstileSecretKey = TURNSTILE_TEST_SECRET_KEY;
125
+ console.log(' → Using Cloudflare Turnstile test keys (always pass).');
126
+ }
127
+
128
+ const smtp = { host: await ask(' SMTP Host (Enter = no email, auto-confirm sign-ups): '), port: '', user: '', pass: '', fromEmail: '', fromName: '' };
129
+ let mailerAutoconfirm = 'true';
130
+ if (smtp.host) {
131
+ smtp.port = await ask(' SMTP Port (465 = SSL, 587 = STARTTLS): ', '587');
132
+ smtp.user = await ask(' SMTP User: ');
133
+ smtp.pass = await ask(' SMTP Password: ');
134
+ smtp.fromEmail = await ask(' From Email: ');
135
+ smtp.fromName = await ask(' From Name: ', 'NextBlock');
136
+ mailerAutoconfirm = 'false';
137
+ } else {
138
+ console.log(' → No SMTP: new accounts auto-confirm so your first admin can sign in immediately.');
139
+ }
140
+ rl.close();
141
+
142
+ let existing = '';
143
+ if (await pathExists(ENV_PATH)) {
144
+ existing = await readFile(ENV_PATH, 'utf8');
145
+ console.log('\nāœ“ Found existing .env — reusing previously generated secrets where present.');
146
+ }
147
+ const reuse = (key, gen) => readEnvValue(existing, key) || gen();
148
+
149
+ const postgresPassword = reuse('POSTGRES_PASSWORD', generateSecret);
150
+ let jwtSecret = readEnvValue(existing, 'JWT_SECRET');
151
+ let anonKey = readEnvValue(existing, 'ANON_KEY');
152
+ let serviceRoleKey = readEnvValue(existing, 'SERVICE_ROLE_KEY');
153
+ if (!jwtSecret || !anonKey || !serviceRoleKey) {
154
+ ({ jwtSecret, anonKey, serviceRoleKey } = generateSupabaseKeys());
155
+ }
156
+ const cronSecret = reuse('CRON_SECRET', generateSecret);
157
+ const draftSecret = reuse('DRAFT_MODE_SECRET', generateSecret);
158
+ const revalidateSecret = reuse('REVALIDATE_SECRET_TOKEN', generateSecret);
159
+ const minioUser = readEnvValue(existing, 'MINIO_ROOT_USER') || 'nextblock';
160
+ const minioPassword = reuse('MINIO_ROOT_PASSWORD', generateSecret);
161
+ const bucket = readEnvValue(existing, 'STORAGE_BUCKET') || 'nextblock';
162
+
163
+ const replacements = {
164
+ POSTGRES_PASSWORD: `POSTGRES_PASSWORD=${postgresPassword}`,
165
+ POSTGRES_DB: 'POSTGRES_DB=postgres',
166
+ JWT_SECRET: `JWT_SECRET=${jwtSecret}`,
167
+ JWT_EXP: 'JWT_EXP=3600',
168
+ ANON_KEY: `ANON_KEY=${anonKey}`,
169
+ SERVICE_ROLE_KEY: `SERVICE_ROLE_KEY=${serviceRoleKey}`,
170
+ NEXT_PUBLIC_SUPABASE_URL: 'NEXT_PUBLIC_SUPABASE_URL=http://localhost:8000',
171
+ SUPABASE_INTERNAL_URL: 'SUPABASE_INTERNAL_URL=http://kong:8000',
172
+ NEXT_PUBLIC_SUPABASE_ANON_KEY: `NEXT_PUBLIC_SUPABASE_ANON_KEY=${anonKey}`,
173
+ SUPABASE_SERVICE_ROLE_KEY: `SUPABASE_SERVICE_ROLE_KEY=${serviceRoleKey}`,
174
+ API_EXTERNAL_URL: 'API_EXTERNAL_URL=http://localhost:8000',
175
+ SITE_URL: 'SITE_URL=http://localhost:3000',
176
+ NEXT_PUBLIC_URL: 'NEXT_PUBLIC_URL=http://localhost:3000',
177
+ NEXT_PUBLIC_IS_SANDBOX: 'NEXT_PUBLIC_IS_SANDBOX=true',
178
+ CRON_SECRET: `CRON_SECRET=${cronSecret}`,
179
+ DRAFT_MODE_SECRET: `DRAFT_MODE_SECRET=${draftSecret}`,
180
+ REVALIDATE_SECRET_TOKEN: `REVALIDATE_SECRET_TOKEN=${revalidateSecret}`,
181
+ MINIO_ROOT_USER: `MINIO_ROOT_USER=${minioUser}`,
182
+ MINIO_ROOT_PASSWORD: `MINIO_ROOT_PASSWORD=${minioPassword}`,
183
+ STORAGE_BUCKET: `STORAGE_BUCKET=${bucket}`,
184
+ R2_ACCOUNT_ID: 'R2_ACCOUNT_ID=minio',
185
+ R2_REGION: 'R2_REGION=us-east-1',
186
+ R2_S3_ENDPOINT: 'R2_S3_ENDPOINT=http://minio:9000',
187
+ R2_S3_PUBLIC_ENDPOINT: 'R2_S3_PUBLIC_ENDPOINT=http://localhost:9000',
188
+ R2_FORCE_PATH_STYLE: 'R2_FORCE_PATH_STYLE=true',
189
+ NEXT_PUBLIC_R2_BASE_URL: `NEXT_PUBLIC_R2_BASE_URL=http://localhost:9000/${bucket}`,
190
+ NEXT_PUBLIC_R2_PUBLIC_URL: `NEXT_PUBLIC_R2_PUBLIC_URL=http://localhost:9000/${bucket}`,
191
+ NEXT_PUBLIC_TURNSTILE_SITE_KEY: `NEXT_PUBLIC_TURNSTILE_SITE_KEY=${turnstileSiteKey}`,
192
+ TURNSTILE_SECRET_KEY: `TURNSTILE_SECRET_KEY=${turnstileSecretKey}`,
193
+ GOTRUE_MAILER_AUTOCONFIRM: `GOTRUE_MAILER_AUTOCONFIRM=${mailerAutoconfirm}`,
194
+ SMTP_HOST: `SMTP_HOST=${smtp.host}`,
195
+ SMTP_PORT: `SMTP_PORT=${smtp.port}`,
196
+ SMTP_USER: `SMTP_USER=${smtp.user}`,
197
+ SMTP_PASS: `SMTP_PASS=${smtp.pass}`,
198
+ SMTP_FROM_EMAIL: `SMTP_FROM_EMAIL=${smtp.fromEmail}`,
199
+ SMTP_FROM_NAME: `SMTP_FROM_NAME=${smtp.fromName}`,
200
+ };
201
+
202
+ const seed = existing || '# Generated by `npm run docker:setup` — local self-hosted secrets. Do not commit.\n';
203
+ let nextEnv = upsertEnv(seed, replacements);
204
+ if (!nextEnv.endsWith('\n')) nextEnv += '\n';
205
+ await writeFile(ENV_PATH, nextEnv, 'utf8');
206
+ console.log('āœ“ Wrote .env (Postgres, JWT secret + signed anon/service keys, MinIO, app secrets).\n');
207
+
208
+ console.log('Building and starting the stack (first run pulls images + builds the app — a few minutes)...');
209
+ await run(compose.cmd, [...compose.args, 'up', '-d', '--build'], { cwd: PROJECT_ROOT });
210
+
211
+ console.log('\nšŸŽ‰ Stack is up!');
212
+ console.log(' 1. Open the app: http://localhost:3000');
213
+ console.log(' 2. Create account: http://localhost:3000/sign-up (first sign-up becomes ADMIN)');
214
+ console.log(
215
+ mailerAutoconfirm === 'true'
216
+ ? ' No SMTP → your account is auto-confirmed; just sign in.'
217
+ : ' Click the confirmation link emailed by your SMTP provider.',
218
+ );
219
+ console.log(' 3. Supabase API: http://localhost:8000 MinIO console: http://localhost:9001');
220
+ const composeStr = `${compose.cmd} ${compose.args.join(' ')}`.trim();
221
+ console.log(`\n Logs: ${composeStr} logs -f nextblock-cms | Stop: ${composeStr} down (add -v to wipe data)`);
222
+ }
223
+
224
+ main().catch((err) => {
225
+ console.error(err);
226
+ process.exit(1);
227
+ });