create-tigra 2.8.0 → 3.0.2

package/template/server/package.json

@@ -1,75 +1,76 @@
-{
-  "name": "{{PROJECT_NAME}}-server",
-  "version": "1.0.0",
-  "type": "module",
-  "description": "",
-  "main": "dist/server.js",
-  "scripts": {
-    "dev": "tsx watch src/server.ts",
-    "build": "tsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json",
-    "start": "node dist/server.js",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:ui": "vitest --ui",
-    "test:coverage": "vitest run --coverage",
-    "prisma:generate": "prisma generate",
-    "prisma:migrate:dev": "prisma migrate dev",
-    "prisma:migrate:deploy": "prisma migrate deploy",
-    "prisma:reset": "prisma migrate reset",
-    "prisma:seed": "prisma db seed",
-    "prisma:studio": "prisma studio",
-    "lint": "eslint src/",
-    "typecheck": "tsc --noEmit",
-    "redis:flush": "tsx scripts/flush-redis.ts",
-    "docker:up": "docker compose up -d",
-    "docker:down": "docker compose down",
-    "docker:logs": "docker compose logs -f",
-    "generate:env": "node -e \"import('fs').then(f=>{if(f.existsSync('.env'))console.log('.env already exists, skipping');else{f.copyFileSync('.env.example','.env');console.log('.env created from .env.example')}})\""
-  },
-  "prisma": {
-    "seed": "tsx prisma/seed.ts"
-  },
-  "dependencies": {
-    "@fastify/cookie": "^11.0.2",
-    "@fastify/cors": "^11.2.0",
-    "@fastify/helmet": "^13.0.2",
-    "@fastify/jwt": "^10.0.0",
-    "@fastify/multipart": "^9.0.2",
-    "@fastify/rate-limit": "^10.3.0",
-    "@fastify/static": "^9.0.0",
-    "@prisma/client": "^6.19.2",
-    "argon2": "^0.44.0",
-    "axios": "^1.7.9",
-    "dotenv": "^16.4.7",
-    "fastify": "^5.7.4",
-    "fastify-type-provider-zod": "^6.1.0",
-    "ioredis": "^5.9.2",
-    "pino": "^10.3.1",
-    "pino-pretty": "^13.1.3",
-    "resend": "^6.9.4",
-    "sharp": "^0.33.5",
-    "uuid": "^10.0.0",
-    "zod": "^4.3.6"
-  },
-  "overrides": {
-    "bn.js": ">=5.2.3",
-    "flatted": ">=3.4.2",
-    "@typescript-eslint/typescript-estree": {
-      "minimatch": ">=10.2.1"
-    }
-  },
-  "devDependencies": {
-    "@eslint/js": "^10.0.1",
-    "@types/node": "^20.17.10",
-    "@types/uuid": "^10.0.0",
-    "@vitest/coverage-v8": "^4.0.18",
-    "@vitest/ui": "^4.0.18",
-    "eslint": "^10.0.1",
-    "prisma": "^6.19.2",
-    "tsc-alias": "^1.8.16",
-    "tsx": "^4.21.0",
-    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.55.0",
-    "vitest": "^4.0.18"
-  }
-}
+{
+  "name": "{{PROJECT_NAME}}-server",
+  "version": "1.0.0",
+  "type": "module",
+  "description": "",
+  "main": "dist/server.js",
+  "scripts": {
+    "dev": "tsx watch src/server.ts",
+    "build": "tsc -p tsconfig.build.json && tsc-alias -p tsconfig.build.json",
+    "start": "node dist/server.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest run --coverage",
+    "prisma:generate": "prisma generate",
+    "prisma:migrate:dev": "prisma migrate dev",
+    "prisma:migrate:deploy": "prisma migrate deploy",
+    "prisma:reset": "prisma migrate reset",
+    "prisma:seed": "prisma db seed",
+    "prisma:studio": "prisma studio",
+    "lint": "eslint src/",
+    "typecheck": "tsc --noEmit",
+    "redis:flush": "tsx scripts/flush-redis.ts",
+    "docker:up": "docker compose up -d",
+    "docker:tools": "docker compose --profile tools up -d",
+    "docker:down": "docker compose --profile tools down",
+    "docker:logs": "docker compose logs -f",
+    "generate:env": "node -e \"import('fs').then(f=>{if(f.existsSync('.env'))console.log('.env already exists, skipping');else{f.copyFileSync('.env.example','.env');console.log('.env created from .env.example')}})\""
+  },
+  "prisma": {
+    "seed": "tsx prisma/seed.ts"
+  },
+  "dependencies": {
+    "@fastify/cookie": "^11.0.2",
+    "@fastify/cors": "^11.2.0",
+    "@fastify/helmet": "^13.0.2",
+    "@fastify/jwt": "^10.1.0",
+    "@fastify/multipart": "^9.0.2",
+    "@fastify/rate-limit": "^10.3.0",
+    "@fastify/static": "^9.1.3",
+    "@prisma/client": "^6.19.3",
+    "argon2": "^0.44.0",
+    "axios": "^1.17.0",
+    "dotenv": "^16.4.7",
+    "fastify": "^5.8.5",
+    "fastify-type-provider-zod": "^6.1.0",
+    "ioredis": "^5.9.2",
+    "pino": "^10.3.1",
+    "pino-pretty": "^13.1.3",
+    "resend": "^6.9.4",
+    "sharp": "^0.33.5",
+    "uuid": "^10.0.0",
+    "zod": "^4.3.6"
+  },
+  "overrides": {
+    "bn.js": ">=5.2.3",
+    "flatted": ">=3.4.2",
+    "@typescript-eslint/typescript-estree": {
+      "minimatch": ">=10.2.1"
+    }
+  },
+  "devDependencies": {
+    "@eslint/js": "^10.0.1",
+    "@types/node": "^20.17.10",
+    "@types/uuid": "^10.0.0",
+    "@vitest/coverage-v8": "^4.0.18",
+    "@vitest/ui": "^4.0.18",
+    "eslint": "^10.0.1",
+    "prisma": "^6.19.3",
+    "tsc-alias": "^1.8.16",
+    "tsx": "^4.21.0",
+    "typescript": "^5.9.3",
+    "typescript-eslint": "^8.55.0",
+    "vitest": "^4.0.18"
+  }
+}

package/template/server/prisma/seed.ts

@@ -3,9 +3,27 @@ import argon2 from 'argon2';
 
 const prisma = new PrismaClient();
 
+// Well-known dev-only fallbacks. NEVER used in production — the guard in
+// main() refuses to seed when NODE_ENV=production, and even outside production
+// you can override via SEED_ADMIN_PASSWORD / SEED_USER_PASSWORD.
+const DEV_ADMIN_PASSWORD = 'Admin123!';
+const DEV_USER_PASSWORD = 'User123!';
+
 async function main(): Promise<void> {
-  const adminPassword = await argon2.hash('Admin123!');
-  const userPassword = await argon2.hash('User123!');
+  // Refuse to seed production: this script creates a well-known admin account
+  // (admin@example.com). On a production database that is a backdoor, not a
+  // convenience. Seed data belongs to dev/test environments only.
+  if (process.env.NODE_ENV === 'production') {
+    console.error(
+      'Refusing to seed: NODE_ENV is "production".\n' +
+      'The seed script creates well-known demo accounts (admin@example.com) and must never run against a production database.\n' +
+      'If you really need initial data in production, create it manually or write a dedicated, audited provisioning script.',
+    );
+    process.exit(1);
+  }
+
+  const adminPassword = await argon2.hash(process.env.SEED_ADMIN_PASSWORD || DEV_ADMIN_PASSWORD);
+  const userPassword = await argon2.hash(process.env.SEED_USER_PASSWORD || DEV_USER_PASSWORD);
 
   const admin = await prisma.user.upsert({
     where: { email: 'admin@example.com' },
@@ -31,13 +49,11 @@ async function main(): Promise<void> {
     },
   });
 
-  // eslint-disable-next-line no-console
   console.log('Seeded users:', { admin: admin.email, user: user.email });
 }
 
 main()
   .catch((error) => {
-    // eslint-disable-next-line no-console
     console.error('Seed failed:', error);
     process.exit(1);
   })