npm - freeschema - Versions diffs - 1.0.7 → 1.0.9 - Mend

freeschema 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/freeschema.js +137 -94
package/package.json +1 -1
package/templates/.env.example +5 -0
package/templates/docker-compose.yml +32 -7

package/bin/freeschema.js CHANGED Viewed

@@ -6,7 +6,6 @@ const { spawnSync }    = require('child_process');
 const fs               = require('fs');
 const path             = require('path');
 const https            = require('https');
-const http             = require('http');
 const crypto           = require('crypto');
 const readline         = require('readline');
@@ -123,6 +122,47 @@ function generateMosquittoPassword(username, password) {
   return `${username}:$7$${iterations}$${salt.toString('base64')}$${hash.toString('base64')}\n`;
 }
+function waitForAccessControl(container) {
+  process.stdout.write('  Waiting for access-control-server');
+  for (let i = 0; i < 30; i++) {
+    const r = spawnSync('docker', [
+      'exec', container, 'curl', '-sf', 'http://localhost:7000/health'
+    ], { stdio: 'pipe' });
+    if (r.status === 0) { process.stdout.write(' ready\n'); return true; }
+    process.stdout.write('.');
+    sleep(2000);
+  }
+  process.stdout.write(' timed out\n');
+  return false;
+}
+function setupSuperAdmin() {
+  const env        = readEnv();
+  const adminId    = parseInt(env.SUPER_ADMIN_ID || '100000016', 10);
+  const out        = runComposeOutput(['ps', '--format', 'json']);
+  const containers = out.split('\n')
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+  const ac = containers.find(c => c.Service === 'access-control-server');
+  if (!ac) return;
+  const container = ac.Name || ac.ID;
+  if (!waitForAccessControl(container)) return;
+  const result = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/access/super-admin/concept',
+    '-H', 'Content-Type: application/json',
+    '-d', JSON.stringify({ ConceptId: adminId })
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
+  if (result.status === 0) {
+    console.log(`  Super admin    concept ${adminId} ✓`);
+  } else {
+    console.log(`  Super admin    already set or skipped`);
+  }
+}
 function ensureMosquittoConfig(cwd) {
   const dir = (sub) => path.join(cwd, 'mosquitto', sub);
   ['config', 'data', 'log'].forEach(d => {
@@ -557,6 +597,9 @@ async function cmdStart() {
     console.log('  Seed applied ✓');
   }
+  console.log('\nFinalizing setup…');
+  setupSuperAdmin();
   console.log('\nFreeSchema is running.');
   console.log('  Status: freeschema status');
   console.log('  Logs:   freeschema logs');
@@ -569,8 +612,21 @@ async function cmdStart() {
   if (isPlaceholder) {
     console.log('\n─────────────────────────────────────────');
     console.log('  CLIENT_SECRET is not configured.');
-    console.log('  Setting up admin credentials now…');
+    console.log('  Setting up admin credentials…');
     console.log('─────────────────────────────────────────');
+    // Wait for MySQL to be ready before inserting credentials
+    try {
+      const container = getMysqlContainer();
+      const env       = readEnv();
+      const dbUser    = env.DB_USER || env.MYSQL_USER || 'freeschema';
+      const dbPass    = env.DB_PASSWORD || env.MYSQL_PASSWORD || 'Freeschema@123';
+      waitForMySQL(container, dbUser, dbPass);
+    } catch (e) {
+      console.log('  (skipping credentials setup — MySQL not running)');
+      return;
+    }
     await cmdSetupCredentials();
   }
 }
@@ -716,126 +772,113 @@ function cmdDbRestore() {
 // ── setup-credentials ─────────────────────────────────────────────────────────
-function httpPost(url, body) {
-  return new Promise((resolve, reject) => {
-    const parsed  = new URL(url);
-    const payload = JSON.stringify(body);
-    const opts = {
-      hostname: parsed.hostname,
-      port:     parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
-      path:     parsed.pathname,
-      method:   'POST',
-      headers:  { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) },
-    };
-    const lib = parsed.protocol === 'https:' ? https : http;
-    const req = lib.request(opts, res => {
-      let data = '';
-      res.on('data', chunk => { data += chunk; });
-      res.on('end', () => {
-        try { resolve({ status: res.statusCode, body: JSON.parse(data) }); }
-        catch { resolve({ status: res.statusCode, body: data }); }
-      });
-    });
-    req.on('error', reject);
-    req.write(payload);
-    req.end();
-  });
+function hashClientSecret(plainSecret) {
+  // Matches C# ClientSecretHasher: PBKDF2-HMAC-SHA256, 100000 iterations, 16-byte salt, 32-byte output
+  // Stored format: "{iterations}.{base64_salt}.{base64_hash}"
+  const iterations = 100_000;
+  const salt       = crypto.randomBytes(16);
+  const hash       = crypto.pbkdf2Sync(plainSecret, salt, iterations, 32, 'sha256');
+  return `${iterations}.${salt.toString('base64')}.${hash.toString('base64')}`;
 }
-function httpPostWithToken(url, token) {
-  return new Promise((resolve, reject) => {
-    const parsed = new URL(url);
-    const opts = {
-      hostname: parsed.hostname,
-      port:     parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
-      path:     parsed.pathname,
-      method:   'POST',
-      headers:  { 'Authorization': `Bearer ${token}`, 'Content-Length': 0 },
-    };
-    const lib = parsed.protocol === 'https:' ? https : http;
-    const req = lib.request(opts, res => {
-      let data = '';
-      res.on('data', chunk => { data += chunk; });
-      res.on('end', () => {
-        try { resolve({ status: res.statusCode, body: JSON.parse(data) }); }
-        catch { resolve({ status: res.statusCode, body: data }); }
-      });
-    });
-    req.on('error', reject);
-    req.end();
-  });
+function runSql(container, dbName, sql) {
+  const env    = readEnv();
+  const dbPass = env.MYSQL_ROOT_PASSWORD || ('Admin@' + (env.MYSQL_PASSWORD || 'Freeschema@123'));
+  const result = spawnSync(
+    'docker',
+    ['exec', '-i', container, 'mysql', '-uroot', `-p${dbPass}`, dbName],
+    { input: sql, stdio: ['pipe', 'pipe', 'pipe'] }
+  );
+  if (result.error) throw new Error(`docker exec failed: ${result.error.message}`);
+  if (result.status !== 0) throw new Error((result.stderr || '').toString().trim());
+  return (result.stdout || '').toString().trim();
 }
 async function cmdSetupCredentials() {
   const envPath = path.join(process.cwd(), '.env');
   if (!fs.existsSync(envPath)) die('.env not found. Run `freeschema init` first.');
-  const env      = readEnv();
-  const wicoPort = env.WICO_PORT   || '7071';
-  const baseUrl  = `http://localhost:${wicoPort}/api`;
-  console.log(`\nSetting up CLIENT_ID and CLIENT_SECRET`);
-  console.log(`Using WICO server at ${baseUrl}\n`);
+  const env    = readEnv();
+  const dbName = env.DB_DATABASE || env.MYSQL_DATABASE || 'freeschema_db';
-  // Step 1: login
-  const email    = await prompt('Admin email');
-  const password = await promptSecret('Admin password');
-  if (!email || !password) die('Email and password are required.');
+  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET');
-  process.stdout.write('\n[1/3] Logging in… ');
-  let loginRes;
-  try {
-    loginRes = await httpPost(`${baseUrl}/auth/login`, { email, password, application: 'boomconsole' });
-  } catch (e) {
-    die(`Could not reach WICO server at ${baseUrl}/auth/login\nIs FreeSchema running? Try: freeschema start`);
-  }
+  // Prompt for entity concept ID
+  const entityId = await prompt('Admin entity concept ID', env.CLIENT_ID || '100000016');
+  if (!entityId) die('Entity ID is required.');
-  if (loginRes.status !== 200 || !loginRes.body) {
-    die(`Login failed (HTTP ${loginRes.status}): ${JSON.stringify(loginRes.body)}`);
-  }
+  // Step 1: generate secret + hash it locally — no API call needed
+  process.stdout.write('[1/3] Generating secret… ');
+  const plainSecret = crypto.randomBytes(32).toString('hex'); // 64-char hex
+  const hashedSecret = hashClientSecret(plainSecret);
+  console.log('done');
-  const token = loginRes.body.token || loginRes.body.access_token || (loginRes.body.data && loginRes.body.data.token);
-  if (!token) die(`No token in login response: ${JSON.stringify(loginRes.body)}`);
+  // Step 2: insert hash directly into the database
+  process.stdout.write('[2/3] Writing to database… ');
+  const container = getMysqlContainer();
-  // Decode entity concept ID from JWT upn claim
-  let entityId;
-  try {
-    const payload = JSON.parse(Buffer.from(token.split('.')[1], 'base64url').toString());
-    entityId = payload.upn || payload.sub;
-  } catch {
-    die('Could not decode JWT token.');
-  }
-  if (!entityId) die('Could not determine entity ID from JWT.');
-  console.log(`done (entity ${entityId})`);
+  const sql = `
+SET @entity_id = ${parseInt(entityId, 10)};
+-- Look up the type concept for 'the_client_secret'
+SET @type_id = (
+  SELECT id FROM the_concepts
+  WHERE character_value = 'the_client_secret'
+  ORDER BY id ASC LIMIT 1
+);
+-- Insert the secret hash as a new concept
+INSERT INTO the_concepts (
+  user_id, category_id, category_user_id, type_id, type_user_id,
+  character_value, security_id, security_user_id, access_id, access_user_id,
+  session_information_id, session_information_user_id
+) VALUES (
+  999, @type_id, 999, @type_id, 999,
+  '${hashedSecret}', 4, 999, 4, 999, 999, 999
+);
+SET @secret_concept_id = LAST_INSERT_ID();
+-- Look up the connection type for 'the_entity_s_client_secret'
+SET @conn_type_id = (
+  SELECT id FROM the_concepts
+  WHERE character_value = 'the_entity_s_client_secret'
+  ORDER BY id ASC LIMIT 1
+);
+-- Link entity → secret concept
+INSERT INTO the_connections (
+  user_id, of_the_concepts_id, of_the_concepts_user_id,
+  type_id, type_user_id, order_id, order_user_id,
+  to_the_concepts_id, to_the_concepts_user_id,
+  security_id, security_user_id, access_id, access_user_id,
+  session_information_id, session_information_user_id
+) VALUES (
+  999, @entity_id, 999,
+  @conn_type_id, 999, 999, 999,
+  @secret_concept_id, 999,
+  4, 999, 4, 999, 999, 999
+);
+`;
-  // Step 2: generate client-secret
-  process.stdout.write('[2/3] Generating client-secret… ');
-  let secretRes;
   try {
-    secretRes = await httpPostWithToken(`${baseUrl}/client-secret`, token);
+    runSql(container, dbName, sql);
   } catch (e) {
-    die(`Request to /api/client-secret failed: ${e.message}`);
+    die(`Database insert failed: ${e.message}`);
   }
-  if (secretRes.status !== 200 || !secretRes.body) {
-    die(`client-secret failed (HTTP ${secretRes.status}): ${JSON.stringify(secretRes.body)}`);
-  }
-  const secret = secretRes.body.message || secretRes.body.data || secretRes.body;
-  if (!secret || typeof secret !== 'string') die(`Empty secret in response: ${JSON.stringify(secretRes.body)}`);
   console.log('done');
   // Step 3: update .env
   process.stdout.write('[3/3] Updating .env… ');
   setEnvVar(envPath, 'CLIENT_ID',     String(entityId));
-  setEnvVar(envPath, 'CLIENT_SECRET', secret);
+  setEnvVar(envPath, 'CLIENT_SECRET', plainSecret);
   console.log('done');
   console.log(`
 ─────────────────────────────────────────
   Credentials saved to .env:
     CLIENT_ID     = ${entityId}
-    CLIENT_SECRET = ${secret}
+    CLIENT_SECRET = ${plainSecret}
 ─────────────────────────────────────────
   Restart the node-server to apply:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "freeschema",
-  "version": "1.0.7",
+  "version": "1.0.9",
   "description": "FreeSchema — self-hosted deployment CLI",
   "keywords": [
     "freeschema",

package/templates/.env.example CHANGED Viewed

@@ -121,3 +121,8 @@ DISABLE_SWAGGER=true
 # ====================================
 CLIENT_ID=
 CLIENT_SECRET=
+# ====================================
+# SUPER ADMIN SETUP
+# ====================================
+SUPER_ADMIN_ID=100000016

package/templates/docker-compose.yml CHANGED Viewed

@@ -188,6 +188,12 @@ services:
         condition: service_started
     networks:
       - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sI http://localhost:5000/health || exit 1"]
+      interval: 1m30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
   log-server:
     image: mentorayush/log-server:latest
@@ -229,6 +235,12 @@ services:
       - node-server
     networks:
       - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
   wico-app:
     image: mentorayush/wico-app:latest
@@ -243,6 +255,12 @@ services:
       - node-server
     networks:
       - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
   nginx-server:
     image: nginx:alpine
@@ -255,13 +273,20 @@ services:
     volumes:
       - ./nginx/nginx.conf.template:/etc/nginx/templates/default.conf.template:ro
     depends_on:
-      - wico-app
-      - vccs-app
-      - node-server
-      - node-cache-server
-      - log-server
-      - wico-server
-      - access-control-server
+      access-control-server:
+        condition: service_healthy
+      wico-server:
+        condition: service_healthy
+      node-server:
+        condition: service_healthy
+      node-cache-server:
+        condition: service_healthy
+      log-server:
+        condition: service_healthy
+      vccs-app:
+        condition: service_healthy
+      wico-app:
+        condition: service_healthy
     networks:
       - freeschema-network