freeschema 1.0.6 → 1.0.8

package/bin/freeschema.js

@@ -510,7 +510,7 @@ function waitForMySQL(container, user, pass, maxAttempts = 30) {
   return false;
 }
 
-function cmdStart() {
+async function cmdStart() {
   patchComposeFile();
   const cwd     = process.cwd();
   const missing = ['.env', '.env.frontend'].filter(f => !fs.existsSync(path.join(cwd, f)));
@@ -560,6 +560,31 @@ function cmdStart() {
   console.log('  Status: freeschema status');
   console.log('  Logs:   freeschema logs');
   console.log('  Stop:   freeschema stop');
+
+  // Auto-setup credentials if CLIENT_SECRET is missing or placeholder
+  const envAfterStart = readEnv();
+  const clientSecret  = envAfterStart.CLIENT_SECRET || '';
+  const isPlaceholder = clientSecret === '' || clientSecret === 'sk_test_placeholder';
+  if (isPlaceholder) {
+    console.log('\n─────────────────────────────────────────');
+    console.log('  CLIENT_SECRET is not configured.');
+    console.log('  Setting up admin credentials…');
+    console.log('─────────────────────────────────────────');
+
+    // Wait for MySQL to be ready before inserting credentials
+    try {
+      const container = getMysqlContainer();
+      const env       = readEnv();
+      const dbUser    = env.DB_USER || env.MYSQL_USER || 'freeschema';
+      const dbPass    = env.DB_PASSWORD || env.MYSQL_PASSWORD || 'Freeschema@123';
+      waitForMySQL(container, dbUser, dbPass);
+    } catch (e) {
+      console.log('  (skipping credentials setup — MySQL not running)');
+      return;
+    }
+
+    await cmdSetupCredentials();
+  }
 }
 
 // ── other commands ────────────────────────────────────────────────────────────
@@ -701,6 +726,122 @@ function cmdDbRestore() {
   console.log('Restore complete.');
 }
 
+// ── setup-credentials ─────────────────────────────────────────────────────────
+
+function hashClientSecret(plainSecret) {
+  // Matches C# ClientSecretHasher: PBKDF2-HMAC-SHA256, 100000 iterations, 16-byte salt, 32-byte output
+  // Stored format: "{iterations}.{base64_salt}.{base64_hash}"
+  const iterations = 100_000;
+  const salt       = crypto.randomBytes(16);
+  const hash       = crypto.pbkdf2Sync(plainSecret, salt, iterations, 32, 'sha256');
+  return `${iterations}.${salt.toString('base64')}.${hash.toString('base64')}`;
+}
+
+function runSql(container, dbName, sql) {
+  const env    = readEnv();
+  const dbPass = env.MYSQL_ROOT_PASSWORD || ('Admin@' + (env.MYSQL_PASSWORD || 'Freeschema@123'));
+  const result = spawnSync(
+    'docker',
+    ['exec', '-i', container, 'mysql', '-uroot', `-p${dbPass}`, dbName],
+    { input: sql, stdio: ['pipe', 'pipe', 'pipe'] }
+  );
+  if (result.error) throw new Error(`docker exec failed: ${result.error.message}`);
+  if (result.status !== 0) throw new Error((result.stderr || '').toString().trim());
+  return (result.stdout || '').toString().trim();
+}
+
+async function cmdSetupCredentials() {
+  const envPath = path.join(process.cwd(), '.env');
+  if (!fs.existsSync(envPath)) die('.env not found. Run `freeschema init` first.');
+
+  const env    = readEnv();
+  const dbName = env.DB_DATABASE || env.MYSQL_DATABASE || 'freeschema_db';
+
+  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET');
+
+  // Prompt for entity concept ID
+  const entityId = await prompt('Admin entity concept ID', env.CLIENT_ID || '100000016');
+  if (!entityId) die('Entity ID is required.');
+
+  // Step 1: generate secret + hash it locally — no API call needed
+  process.stdout.write('[1/3] Generating secret… ');
+  const plainSecret = crypto.randomBytes(32).toString('hex'); // 64-char hex
+  const hashedSecret = hashClientSecret(plainSecret);
+  console.log('done');
+
+  // Step 2: insert hash directly into the database
+  process.stdout.write('[2/3] Writing to database… ');
+  const container = getMysqlContainer();
+
+  const sql = `
+SET @entity_id = ${parseInt(entityId, 10)};
+
+-- Look up the type concept for 'the_client_secret'
+SET @type_id = (
+  SELECT id FROM the_concepts
+  WHERE character_value = 'the_client_secret'
+  ORDER BY id ASC LIMIT 1
+);
+
+-- Insert the secret hash as a new concept
+INSERT INTO the_concepts (
+  user_id, category_id, category_user_id, type_id, type_user_id,
+  character_value, security_id, security_user_id, access_id, access_user_id,
+  session_information_id, session_information_user_id
+) VALUES (
+  999, @type_id, 999, @type_id, 999,
+  '${hashedSecret}', 4, 999, 4, 999, 999, 999
+);
+
+SET @secret_concept_id = LAST_INSERT_ID();
+
+-- Look up the connection type for 'the_entity_s_client_secret'
+SET @conn_type_id = (
+  SELECT id FROM the_concepts
+  WHERE character_value = 'the_entity_s_client_secret'
+  ORDER BY id ASC LIMIT 1
+);
+
+-- Link entity → secret concept
+INSERT INTO the_connections (
+  user_id, of_the_concepts_id, of_the_concepts_user_id,
+  type_id, type_user_id, order_id, order_user_id,
+  to_the_concepts_id, to_the_concepts_user_id,
+  security_id, security_user_id, access_id, access_user_id,
+  session_information_id, session_information_user_id
+) VALUES (
+  999, @entity_id, 999,
+  @conn_type_id, 999, 999, 999,
+  @secret_concept_id, 999,
+  4, 999, 4, 999, 999, 999
+);
+`;
+
+  try {
+    runSql(container, dbName, sql);
+  } catch (e) {
+    die(`Database insert failed: ${e.message}`);
+  }
+  console.log('done');
+
+  // Step 3: update .env
+  process.stdout.write('[3/3] Updating .env… ');
+  setEnvVar(envPath, 'CLIENT_ID',     String(entityId));
+  setEnvVar(envPath, 'CLIENT_SECRET', plainSecret);
+  console.log('done');
+
+  console.log(`
+─────────────────────────────────────────
+  Credentials saved to .env:
+    CLIENT_ID     = ${entityId}
+    CLIENT_SECRET = ${plainSecret}
+─────────────────────────────────────────
+
+  Restart the node-server to apply:
+  freeschema restart node-server
+`);
+}
+
 // ── help ──────────────────────────────────────────────────────────────────────
 
 function cmdHelp() {
@@ -725,6 +866,8 @@ Commands:
   update                      Update CLI + pull latest images and restart
   down [-v]                   Remove containers (-v also removes data volumes)
 
+  setup-credentials           Login as admin, generate CLIENT_SECRET, save to .env
+
   db seed --url <url>         Download SQL seed file into seed-db/
   db seed --file <path>       Copy local SQL file into seed-db/
   db backup [file]            Dump database to a .sql file
@@ -746,7 +889,7 @@ Examples:
 
 switch (command) {
   case 'init':    cmdInit().catch(e => { console.error(e); process.exit(1); }); break;
-  case 'start':   cmdStart();   break;
+  case 'start':   cmdStart().catch(e => { console.error(e); process.exit(1); }); break;
   case 'stop':    cmdStop();    break;
   case 'restart': cmdRestart(); break;
   case 'status':  cmdStatus();  break;
@@ -754,7 +897,8 @@ switch (command) {
   case 'pull':    cmdPull();    break;
   case 'update':  cmdUpdate();  break;
   case 'down':    cmdDown();    break;
-  case 'db':      cmdDb();      break;
+  case 'db':                cmdDb();      break;
+  case 'setup-credentials': cmdSetupCredentials().catch(e => { console.error(e); process.exit(1); }); break;
   case '--version': case '-v': console.log(VERSION); break;
   case '--help': case '-h': case undefined: cmdHelp(); break;
   default:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "freeschema",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "description": "FreeSchema — self-hosted deployment CLI",
   "keywords": [
     "freeschema",

package/templates/.env.example

@@ -99,9 +99,9 @@ LINKEDIN_SECRET=""
 # ====================================
 # PAYMENT GATEWAY (STRIPE)
 # ====================================
-STRIPE_SECRET=""
+STRIPE_SECRET="sk_test_placeholder"
 WEBHOOK_KEY=""
-STRIPE_TEST_SECRET=""
+STRIPE_TEST_SECRET="sk_test_placeholder"
 WEBHOOK_TEST_KEY=""
 
 # ====================================