npm - freeschema - Versions diffs - 1.0.8 → 1.0.10 - Mend

freeschema 1.0.8 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/freeschema.js +132 -95
package/package.json +1 -1
package/templates/.env.example +5 -0
package/templates/docker-compose.yml +32 -7

package/bin/freeschema.js CHANGED Viewed

@@ -122,6 +122,47 @@ function generateMosquittoPassword(username, password) {
   return `${username}:$7$${iterations}$${salt.toString('base64')}$${hash.toString('base64')}\n`;
 }
+function waitForAccessControl(container) {
+  process.stdout.write('  Waiting for access-control-server');
+  for (let i = 0; i < 30; i++) {
+    const r = spawnSync('docker', [
+      'exec', container, 'curl', '-sf', 'http://localhost:7000/health'
+    ], { stdio: 'pipe' });
+    if (r.status === 0) { process.stdout.write(' ready\n'); return true; }
+    process.stdout.write('.');
+    sleep(2000);
+  }
+  process.stdout.write(' timed out\n');
+  return false;
+}
+function setupSuperAdmin() {
+  const env        = readEnv();
+  const adminId    = parseInt(env.SUPER_ADMIN_ID || '100000016', 10);
+  const out        = runComposeOutput(['ps', '--format', 'json']);
+  const containers = out.split('\n')
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+  const ac = containers.find(c => c.Service === 'access-control-server');
+  if (!ac) return;
+  const container = ac.Name || ac.ID;
+  if (!waitForAccessControl(container)) return;
+  const result = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/access/super-admin/concept',
+    '-H', 'Content-Type: application/json',
+    '-d', JSON.stringify({ ConceptId: adminId })
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
+  if (result.status === 0) {
+    console.log(`  Super admin    concept ${adminId} ✓`);
+  } else {
+    console.log(`  Super admin    already set or skipped`);
+  }
+}
 function ensureMosquittoConfig(cwd) {
   const dir = (sub) => path.join(cwd, 'mosquitto', sub);
   ['config', 'data', 'log'].forEach(d => {
@@ -556,6 +597,9 @@ async function cmdStart() {
     console.log('  Seed applied ✓');
   }
+  console.log('\nFinalizing setup…');
+  setupSuperAdmin();
   console.log('\nFreeSchema is running.');
   console.log('  Status: freeschema status');
   console.log('  Logs:   freeschema logs');
@@ -570,19 +614,6 @@ async function cmdStart() {
     console.log('  CLIENT_SECRET is not configured.');
     console.log('  Setting up admin credentials…');
     console.log('─────────────────────────────────────────');
-    // Wait for MySQL to be ready before inserting credentials
-    try {
-      const container = getMysqlContainer();
-      const env       = readEnv();
-      const dbUser    = env.DB_USER || env.MYSQL_USER || 'freeschema';
-      const dbPass    = env.DB_PASSWORD || env.MYSQL_PASSWORD || 'Freeschema@123';
-      waitForMySQL(container, dbUser, dbPass);
-    } catch (e) {
-      console.log('  (skipping credentials setup — MySQL not running)');
-      return;
-    }
     await cmdSetupCredentials();
   }
 }
@@ -728,116 +759,122 @@ function cmdDbRestore() {
 // ── setup-credentials ─────────────────────────────────────────────────────────
-function hashClientSecret(plainSecret) {
-  // Matches C# ClientSecretHasher: PBKDF2-HMAC-SHA256, 100000 iterations, 16-byte salt, 32-byte output
-  // Stored format: "{iterations}.{base64_salt}.{base64_hash}"
-  const iterations = 100_000;
-  const salt       = crypto.randomBytes(16);
-  const hash       = crypto.pbkdf2Sync(plainSecret, salt, iterations, 32, 'sha256');
-  return `${iterations}.${salt.toString('base64')}.${hash.toString('base64')}`;
+function getWicoContainer() {
+  const out = runComposeOutput(['ps', '--format', 'json']);
+  if (!out) return null;
+  const containers = out.split('\n')
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+  const wico = containers.find(c => c.Service === 'wico-server' || (c.Name || '').includes('wico-server'));
+  return wico ? (wico.Name || wico.ID) : null;
 }
-function runSql(container, dbName, sql) {
-  const env    = readEnv();
-  const dbPass = env.MYSQL_ROOT_PASSWORD || ('Admin@' + (env.MYSQL_PASSWORD || 'Freeschema@123'));
-  const result = spawnSync(
-    'docker',
-    ['exec', '-i', container, 'mysql', '-uroot', `-p${dbPass}`, dbName],
-    { input: sql, stdio: ['pipe', 'pipe', 'pipe'] }
-  );
-  if (result.error) throw new Error(`docker exec failed: ${result.error.message}`);
-  if (result.status !== 0) throw new Error((result.stderr || '').toString().trim());
-  return (result.stdout || '').toString().trim();
+function waitForWicoServer(container, maxAttempts = 60) {
+  process.stdout.write('  Waiting for wico-server');
+  for (let i = 0; i < maxAttempts; i++) {
+    const r = spawnSync('docker', [
+      'exec', container, 'curl', '-sf', 'http://localhost:7000/health'
+    ], { stdio: 'pipe' });
+    if (r.status === 0) { process.stdout.write(' ready\n'); return true; }
+    process.stdout.write('.');
+    sleep(3000);
+  }
+  process.stdout.write(' timed out\n');
+  return false;
 }
 async function cmdSetupCredentials() {
   const envPath = path.join(process.cwd(), '.env');
   if (!fs.existsSync(envPath)) die('.env not found. Run `freeschema init` first.');
-  const env    = readEnv();
-  const dbName = env.DB_DATABASE || env.MYSQL_DATABASE || 'freeschema_db';
+  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET via API\n');
-  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET');
+  // Find wico-server container
+  const container = getWicoContainer();
+  if (!container) die('wico-server is not running.\nStart with `freeschema start`.');
-  // Prompt for entity concept ID
-  const entityId = await prompt('Admin entity concept ID', env.CLIENT_ID || '100000016');
-  if (!entityId) die('Entity ID is required.');
+  // Wait for wico-server to be healthy
+  if (!waitForWicoServer(container)) {
+    die('wico-server did not become ready.\nCheck logs: freeschema logs wico-server');
+  }
-  // Step 1: generate secret + hash it locally — no API call needed
-  process.stdout.write('[1/3] Generating secret… ');
-  const plainSecret = crypto.randomBytes(32).toString('hex'); // 64-char hex
-  const hashedSecret = hashClientSecret(plainSecret);
-  console.log('done');
+  // Prompt for admin credentials
+  const email    = await prompt('Admin email');
+  const password = await promptSecret('Admin password');
+  if (!email || !password) die('Email and password are required.');
+  // Step 1: Login
+  process.stdout.write('\n[1/3] Logging in… ');
+  const loginBody = JSON.stringify({ email, password, application: 'boomconsole' });
+  const loginResult = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/auth/login',
+    '-H', 'Content-Type: application/json',
+    '-d', loginBody
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
+  if (loginResult.status !== 0) {
+    const errText = (loginResult.stderr || '').toString().trim() || 'curl returned non-zero';
+    die(`Login request failed: ${errText}`);
+  }
-  // Step 2: insert hash directly into the database
-  process.stdout.write('[2/3] Writing to database… ');
-  const container = getMysqlContainer();
+  let loginRes;
+  try {
+    loginRes = JSON.parse((loginResult.stdout || '').toString().trim());
+  } catch {
+    die('Invalid JSON in login response — is wico-server healthy?');
+  }
-  const sql = `
-SET @entity_id = ${parseInt(entityId, 10)};
--- Look up the type concept for 'the_client_secret'
-SET @type_id = (
-  SELECT id FROM the_concepts
-  WHERE character_value = 'the_client_secret'
-  ORDER BY id ASC LIMIT 1
-);
--- Insert the secret hash as a new concept
-INSERT INTO the_concepts (
-  user_id, category_id, category_user_id, type_id, type_user_id,
-  character_value, security_id, security_user_id, access_id, access_user_id,
-  session_information_id, session_information_user_id
-) VALUES (
-  999, @type_id, 999, @type_id, 999,
-  '${hashedSecret}', 4, 999, 4, 999, 999, 999
-);
-SET @secret_concept_id = LAST_INSERT_ID();
--- Look up the connection type for 'the_entity_s_client_secret'
-SET @conn_type_id = (
-  SELECT id FROM the_concepts
-  WHERE character_value = 'the_entity_s_client_secret'
-  ORDER BY id ASC LIMIT 1
-);
--- Link entity → secret concept
-INSERT INTO the_connections (
-  user_id, of_the_concepts_id, of_the_concepts_user_id,
-  type_id, type_user_id, order_id, order_user_id,
-  to_the_concepts_id, to_the_concepts_user_id,
-  security_id, security_user_id, access_id, access_user_id,
-  session_information_id, session_information_user_id
-) VALUES (
-  999, @entity_id, 999,
-  @conn_type_id, 999, 999, 999,
-  @secret_concept_id, 999,
-  4, 999, 4, 999, 999, 999
-);
-`;
+  // Response shape: { status: 200, data: { token, userConcept, ... } }
+  const token    = loginRes?.data?.token;
+  const entityId = loginRes?.data?.userConcept;
+  if (!token) {
+    die(`Login failed: ${JSON.stringify(loginRes)}`);
+  }
+  console.log(`done  (entity ${entityId})`);
+  // Step 2: Generate client-secret
+  process.stdout.write('[2/3] Generating client-secret… ');
+  const secretResult = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/client-secret',
+    '-H', `Authorization: Bearer ${token}`,
+    '-H', 'Content-Type: application/json'
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
+  if (secretResult.status !== 0) {
+    const errText = (secretResult.stderr || '').toString().trim() || 'curl returned non-zero';
+    die(`/api/client-secret request failed: ${errText}`);
+  }
+  let secretRes;
   try {
-    runSql(container, dbName, sql);
-  } catch (e) {
-    die(`Database insert failed: ${e.message}`);
+    secretRes = JSON.parse((secretResult.stdout || '').toString().trim());
+  } catch {
+    die('Invalid JSON in client-secret response');
+  }
+  // Response shape: { success: true, message: "<plainSecretString>" }
+  const secret = secretRes?.message;
+  if (!secret || typeof secret !== 'string' || !secretRes?.success) {
+    die(`Unexpected client-secret response: ${JSON.stringify(secretRes)}`);
   }
   console.log('done');
-  // Step 3: update .env
+  // Step 3: Update .env
   process.stdout.write('[3/3] Updating .env… ');
   setEnvVar(envPath, 'CLIENT_ID',     String(entityId));
-  setEnvVar(envPath, 'CLIENT_SECRET', plainSecret);
+  setEnvVar(envPath, 'CLIENT_SECRET', secret);
   console.log('done');
   console.log(`
 ─────────────────────────────────────────
   Credentials saved to .env:
     CLIENT_ID     = ${entityId}
-    CLIENT_SECRET = ${plainSecret}
+    CLIENT_SECRET = (saved — restart to apply)
 ─────────────────────────────────────────
-  Restart the node-server to apply:
+  Restart node-server and node-cache-server to pick up the new secret:
   freeschema restart node-server
 `);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "freeschema",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "FreeSchema — self-hosted deployment CLI",
   "keywords": [
     "freeschema",

package/templates/.env.example CHANGED Viewed

@@ -121,3 +121,8 @@ DISABLE_SWAGGER=true
 # ====================================
 CLIENT_ID=
 CLIENT_SECRET=
+# ====================================
+# SUPER ADMIN SETUP
+# ====================================
+SUPER_ADMIN_ID=100000016

package/templates/docker-compose.yml CHANGED Viewed

@@ -188,6 +188,12 @@ services:
         condition: service_started
     networks:
       - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "curl -sI http://localhost:5000/health || exit 1"]
+      interval: 1m30s
+      timeout: 30s
+      retries: 5
+      start_period: 30s
   log-server:
     image: mentorayush/log-server:latest
@@ -229,6 +235,12 @@ services:
       - node-server
     networks:
       - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
   wico-app:
     image: mentorayush/wico-app:latest
@@ -243,6 +255,12 @@ services:
       - node-server
     networks:
       - freeschema-network
+    healthcheck:
+      test: ["CMD-SHELL", "wget -q --spider http://localhost/ || exit 1"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 30s
   nginx-server:
     image: nginx:alpine
@@ -255,13 +273,20 @@ services:
     volumes:
       - ./nginx/nginx.conf.template:/etc/nginx/templates/default.conf.template:ro
     depends_on:
-      - wico-app
-      - vccs-app
-      - node-server
-      - node-cache-server
-      - log-server
-      - wico-server
-      - access-control-server
+      access-control-server:
+        condition: service_healthy
+      wico-server:
+        condition: service_healthy
+      node-server:
+        condition: service_healthy
+      node-cache-server:
+        condition: service_healthy
+      log-server:
+        condition: service_healthy
+      vccs-app:
+        condition: service_healthy
+      wico-app:
+        condition: service_healthy
     networks:
       - freeschema-network