npm - freeschema - Versions diffs - 1.0.7 → 1.0.8 - Mend

freeschema 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/freeschema.js +93 -94
package/package.json +1 -1

package/bin/freeschema.js CHANGED Viewed

@@ -6,7 +6,6 @@ const { spawnSync }    = require('child_process');
 const fs               = require('fs');
 const path             = require('path');
 const https            = require('https');
-const http             = require('http');
 const crypto           = require('crypto');
 const readline         = require('readline');
@@ -569,8 +568,21 @@ async function cmdStart() {
   if (isPlaceholder) {
     console.log('\n─────────────────────────────────────────');
     console.log('  CLIENT_SECRET is not configured.');
-    console.log('  Setting up admin credentials now…');
+    console.log('  Setting up admin credentials…');
     console.log('─────────────────────────────────────────');
+    // Wait for MySQL to be ready before inserting credentials
+    try {
+      const container = getMysqlContainer();
+      const env       = readEnv();
+      const dbUser    = env.DB_USER || env.MYSQL_USER || 'freeschema';
+      const dbPass    = env.DB_PASSWORD || env.MYSQL_PASSWORD || 'Freeschema@123';
+      waitForMySQL(container, dbUser, dbPass);
+    } catch (e) {
+      console.log('  (skipping credentials setup — MySQL not running)');
+      return;
+    }
     await cmdSetupCredentials();
   }
 }
@@ -716,126 +728,113 @@ function cmdDbRestore() {
 // ── setup-credentials ─────────────────────────────────────────────────────────
-function httpPost(url, body) {
-  return new Promise((resolve, reject) => {
-    const parsed  = new URL(url);
-    const payload = JSON.stringify(body);
-    const opts = {
-      hostname: parsed.hostname,
-      port:     parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
-      path:     parsed.pathname,
-      method:   'POST',
-      headers:  { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) },
-    };
-    const lib = parsed.protocol === 'https:' ? https : http;
-    const req = lib.request(opts, res => {
-      let data = '';
-      res.on('data', chunk => { data += chunk; });
-      res.on('end', () => {
-        try { resolve({ status: res.statusCode, body: JSON.parse(data) }); }
-        catch { resolve({ status: res.statusCode, body: data }); }
-      });
-    });
-    req.on('error', reject);
-    req.write(payload);
-    req.end();
-  });
+function hashClientSecret(plainSecret) {
+  // Matches C# ClientSecretHasher: PBKDF2-HMAC-SHA256, 100000 iterations, 16-byte salt, 32-byte output
+  // Stored format: "{iterations}.{base64_salt}.{base64_hash}"
+  const iterations = 100_000;
+  const salt       = crypto.randomBytes(16);
+  const hash       = crypto.pbkdf2Sync(plainSecret, salt, iterations, 32, 'sha256');
+  return `${iterations}.${salt.toString('base64')}.${hash.toString('base64')}`;
 }
-function httpPostWithToken(url, token) {
-  return new Promise((resolve, reject) => {
-    const parsed = new URL(url);
-    const opts = {
-      hostname: parsed.hostname,
-      port:     parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
-      path:     parsed.pathname,
-      method:   'POST',
-      headers:  { 'Authorization': `Bearer ${token}`, 'Content-Length': 0 },
-    };
-    const lib = parsed.protocol === 'https:' ? https : http;
-    const req = lib.request(opts, res => {
-      let data = '';
-      res.on('data', chunk => { data += chunk; });
-      res.on('end', () => {
-        try { resolve({ status: res.statusCode, body: JSON.parse(data) }); }
-        catch { resolve({ status: res.statusCode, body: data }); }
-      });
-    });
-    req.on('error', reject);
-    req.end();
-  });
+function runSql(container, dbName, sql) {
+  const env    = readEnv();
+  const dbPass = env.MYSQL_ROOT_PASSWORD || ('Admin@' + (env.MYSQL_PASSWORD || 'Freeschema@123'));
+  const result = spawnSync(
+    'docker',
+    ['exec', '-i', container, 'mysql', '-uroot', `-p${dbPass}`, dbName],
+    { input: sql, stdio: ['pipe', 'pipe', 'pipe'] }
+  );
+  if (result.error) throw new Error(`docker exec failed: ${result.error.message}`);
+  if (result.status !== 0) throw new Error((result.stderr || '').toString().trim());
+  return (result.stdout || '').toString().trim();
 }
 async function cmdSetupCredentials() {
   const envPath = path.join(process.cwd(), '.env');
   if (!fs.existsSync(envPath)) die('.env not found. Run `freeschema init` first.');
-  const env      = readEnv();
-  const wicoPort = env.WICO_PORT   || '7071';
-  const baseUrl  = `http://localhost:${wicoPort}/api`;
+  const env    = readEnv();
+  const dbName = env.DB_DATABASE || env.MYSQL_DATABASE || 'freeschema_db';
-  console.log(`\nSetting up CLIENT_ID and CLIENT_SECRET`);
-  console.log(`Using WICO server at ${baseUrl}\n`);
+  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET');
-  // Step 1: login
-  const email    = await prompt('Admin email');
-  const password = await promptSecret('Admin password');
-  if (!email || !password) die('Email and password are required.');
+  // Prompt for entity concept ID
+  const entityId = await prompt('Admin entity concept ID', env.CLIENT_ID || '100000016');
+  if (!entityId) die('Entity ID is required.');
-  process.stdout.write('\n[1/3] Logging in… ');
-  let loginRes;
-  try {
-    loginRes = await httpPost(`${baseUrl}/auth/login`, { email, password, application: 'boomconsole' });
-  } catch (e) {
-    die(`Could not reach WICO server at ${baseUrl}/auth/login\nIs FreeSchema running? Try: freeschema start`);
-  }
-  if (loginRes.status !== 200 || !loginRes.body) {
-    die(`Login failed (HTTP ${loginRes.status}): ${JSON.stringify(loginRes.body)}`);
-  }
+  // Step 1: generate secret + hash it locally — no API call needed
+  process.stdout.write('[1/3] Generating secret… ');
+  const plainSecret = crypto.randomBytes(32).toString('hex'); // 64-char hex
+  const hashedSecret = hashClientSecret(plainSecret);
+  console.log('done');
-  const token = loginRes.body.token || loginRes.body.access_token || (loginRes.body.data && loginRes.body.data.token);
-  if (!token) die(`No token in login response: ${JSON.stringify(loginRes.body)}`);
+  // Step 2: insert hash directly into the database
+  process.stdout.write('[2/3] Writing to database… ');
+  const container = getMysqlContainer();
-  // Decode entity concept ID from JWT upn claim
-  let entityId;
-  try {
-    const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64url').toString());
-    entityId = payload.upn || payload.sub;
-  } catch {
-    die('Could not decode JWT token.');
-  }
-  if (!entityId) die('Could not determine entity ID from JWT.');
-  console.log(`done (entity ${entityId})`);
+  const sql = `
+SET @entity_id = ${parseInt(entityId, 10)};
+-- Look up the type concept for 'the_client_secret'
+SET @type_id = (
+  SELECT id FROM the_concepts
+  WHERE character_value = 'the_client_secret'
+  ORDER BY id ASC LIMIT 1
+);
+-- Insert the secret hash as a new concept
+INSERT INTO the_concepts (
+  user_id, category_id, category_user_id, type_id, type_user_id,
+  character_value, security_id, security_user_id, access_id, access_user_id,
+  session_information_id, session_information_user_id
+) VALUES (
+  999, @type_id, 999, @type_id, 999,
+  '${hashedSecret}', 4, 999, 4, 999, 999, 999
+);
+SET @secret_concept_id = LAST_INSERT_ID();
+-- Look up the connection type for 'the_entity_s_client_secret'
+SET @conn_type_id = (
+  SELECT id FROM the_concepts
+  WHERE character_value = 'the_entity_s_client_secret'
+  ORDER BY id ASC LIMIT 1
+);
+-- Link entity → secret concept
+INSERT INTO the_connections (
+  user_id, of_the_concepts_id, of_the_concepts_user_id,
+  type_id, type_user_id, order_id, order_user_id,
+  to_the_concepts_id, to_the_concepts_user_id,
+  security_id, security_user_id, access_id, access_user_id,
+  session_information_id, session_information_user_id
+) VALUES (
+  999, @entity_id, 999,
+  @conn_type_id, 999, 999, 999,
+  @secret_concept_id, 999,
+  4, 999, 4, 999, 999, 999
+);
+`;
-  // Step 2: generate client-secret
-  process.stdout.write('[2/3] Generating client-secret… ');
-  let secretRes;
   try {
-    secretRes = await httpPostWithToken(`${baseUrl}/client-secret`, token);
+    runSql(container, dbName, sql);
   } catch (e) {
-    die(`Request to /api/client-secret failed: ${e.message}`);
+    die(`Database insert failed: ${e.message}`);
   }
-  if (secretRes.status !== 200 || !secretRes.body) {
-    die(`client-secret failed (HTTP ${secretRes.status}): ${JSON.stringify(secretRes.body)}`);
-  }
-  const secret = secretRes.body.message || secretRes.body.data || secretRes.body;
-  if (!secret || typeof secret !== 'string') die(`Empty secret in response: ${JSON.stringify(secretRes.body)}`);
   console.log('done');
   // Step 3: update .env
   process.stdout.write('[3/3] Updating .env… ');
   setEnvVar(envPath, 'CLIENT_ID',     String(entityId));
-  setEnvVar(envPath, 'CLIENT_SECRET', secret);
+  setEnvVar(envPath, 'CLIENT_SECRET', plainSecret);
   console.log('done');
   console.log(`
 ─────────────────────────────────────────
   Credentials saved to .env:
     CLIENT_ID     = ${entityId}
-    CLIENT_SECRET = ${secret}
+    CLIENT_SECRET = ${plainSecret}
 ─────────────────────────────────────────
   Restart the node-server to apply:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "freeschema",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "description": "FreeSchema — self-hosted deployment CLI",
   "keywords": [
     "freeschema",