npm - freeschema - Versions diffs - 1.0.9 → 1.0.10 - Mend

freeschema 1.0.9 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/bin/freeschema.js +88 -95
package/package.json +1 -1

package/bin/freeschema.js CHANGED Viewed

@@ -614,19 +614,6 @@ async function cmdStart() {
     console.log('  CLIENT_SECRET is not configured.');
     console.log('  Setting up admin credentials…');
     console.log('─────────────────────────────────────────');
-    // Wait for MySQL to be ready before inserting credentials
-    try {
-      const container = getMysqlContainer();
-      const env       = readEnv();
-      const dbUser    = env.DB_USER || env.MYSQL_USER || 'freeschema';
-      const dbPass    = env.DB_PASSWORD || env.MYSQL_PASSWORD || 'Freeschema@123';
-      waitForMySQL(container, dbUser, dbPass);
-    } catch (e) {
-      console.log('  (skipping credentials setup — MySQL not running)');
-      return;
-    }
     await cmdSetupCredentials();
   }
 }
@@ -772,116 +759,122 @@ function cmdDbRestore() {
 // ── setup-credentials ─────────────────────────────────────────────────────────
-function hashClientSecret(plainSecret) {
-  // Matches C# ClientSecretHasher: PBKDF2-HMAC-SHA256, 100000 iterations, 16-byte salt, 32-byte output
-  // Stored format: "{iterations}.{base64_salt}.{base64_hash}"
-  const iterations = 100_000;
-  const salt       = crypto.randomBytes(16);
-  const hash       = crypto.pbkdf2Sync(plainSecret, salt, iterations, 32, 'sha256');
-  return `${iterations}.${salt.toString('base64')}.${hash.toString('base64')}`;
+function getWicoContainer() {
+  const out = runComposeOutput(['ps', '--format', 'json']);
+  if (!out) return null;
+  const containers = out.split('\n')
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+  const wico = containers.find(c => c.Service === 'wico-server' || (c.Name || '').includes('wico-server'));
+  return wico ? (wico.Name || wico.ID) : null;
 }
-function runSql(container, dbName, sql) {
-  const env    = readEnv();
-  const dbPass = env.MYSQL_ROOT_PASSWORD || ('Admin@' + (env.MYSQL_PASSWORD || 'Freeschema@123'));
-  const result = spawnSync(
-    'docker',
-    ['exec', '-i', container, 'mysql', '-uroot', `-p${dbPass}`, dbName],
-    { input: sql, stdio: ['pipe', 'pipe', 'pipe'] }
-  );
-  if (result.error) throw new Error(`docker exec failed: ${result.error.message}`);
-  if (result.status !== 0) throw new Error((result.stderr || '').toString().trim());
-  return (result.stdout || '').toString().trim();
+function waitForWicoServer(container, maxAttempts = 60) {
+  process.stdout.write('  Waiting for wico-server');
+  for (let i = 0; i < maxAttempts; i++) {
+    const r = spawnSync('docker', [
+      'exec', container, 'curl', '-sf', 'http://localhost:7000/health'
+    ], { stdio: 'pipe' });
+    if (r.status === 0) { process.stdout.write(' ready\n'); return true; }
+    process.stdout.write('.');
+    sleep(3000);
+  }
+  process.stdout.write(' timed out\n');
+  return false;
 }
 async function cmdSetupCredentials() {
   const envPath = path.join(process.cwd(), '.env');
   if (!fs.existsSync(envPath)) die('.env not found. Run `freeschema init` first.');
-  const env    = readEnv();
-  const dbName = env.DB_DATABASE || env.MYSQL_DATABASE || 'freeschema_db';
+  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET via API\n');
-  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET');
+  // Find wico-server container
+  const container = getWicoContainer();
+  if (!container) die('wico-server is not running.\nStart with `freeschema start`.');
-  // Prompt for entity concept ID
-  const entityId = await prompt('Admin entity concept ID', env.CLIENT_ID || '100000016');
-  if (!entityId) die('Entity ID is required.');
+  // Wait for wico-server to be healthy
+  if (!waitForWicoServer(container)) {
+    die('wico-server did not become ready.\nCheck logs: freeschema logs wico-server');
+  }
-  // Step 1: generate secret + hash it locally — no API call needed
-  process.stdout.write('[1/3] Generating secret… ');
-  const plainSecret = crypto.randomBytes(32).toString('hex'); // 64-char hex
-  const hashedSecret = hashClientSecret(plainSecret);
-  console.log('done');
+  // Prompt for admin credentials
+  const email    = await prompt('Admin email');
+  const password = await promptSecret('Admin password');
+  if (!email || !password) die('Email and password are required.');
-  // Step 2: insert hash directly into the database
-  process.stdout.write('[2/3] Writing to database… ');
-  const container = getMysqlContainer();
+  // Step 1: Login
+  process.stdout.write('\n[1/3] Logging in… ');
+  const loginBody = JSON.stringify({ email, password, application: 'boomconsole' });
+  const loginResult = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/auth/login',
+    '-H', 'Content-Type: application/json',
+    '-d', loginBody
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
-  const sql = `
-SET @entity_id = ${parseInt(entityId, 10)};
--- Look up the type concept for 'the_client_secret'
-SET @type_id = (
-  SELECT id FROM the_concepts
-  WHERE character_value = 'the_client_secret'
-  ORDER BY id ASC LIMIT 1
-);
--- Insert the secret hash as a new concept
-INSERT INTO the_concepts (
-  user_id, category_id, category_user_id, type_id, type_user_id,
-  character_value, security_id, security_user_id, access_id, access_user_id,
-  session_information_id, session_information_user_id
-) VALUES (
-  999, @type_id, 999, @type_id, 999,
-  '${hashedSecret}', 4, 999, 4, 999, 999, 999
-);
-SET @secret_concept_id = LAST_INSERT_ID();
--- Look up the connection type for 'the_entity_s_client_secret'
-SET @conn_type_id = (
-  SELECT id FROM the_concepts
-  WHERE character_value = 'the_entity_s_client_secret'
-  ORDER BY id ASC LIMIT 1
-);
--- Link entity → secret concept
-INSERT INTO the_connections (
-  user_id, of_the_concepts_id, of_the_concepts_user_id,
-  type_id, type_user_id, order_id, order_user_id,
-  to_the_concepts_id, to_the_concepts_user_id,
-  security_id, security_user_id, access_id, access_user_id,
-  session_information_id, session_information_user_id
-) VALUES (
-  999, @entity_id, 999,
-  @conn_type_id, 999, 999, 999,
-  @secret_concept_id, 999,
-  4, 999, 4, 999, 999, 999
-);
-`;
+  if (loginResult.status !== 0) {
+    const errText = (loginResult.stderr || '').toString().trim() || 'curl returned non-zero';
+    die(`Login request failed: ${errText}`);
+  }
+  let loginRes;
   try {
-    runSql(container, dbName, sql);
-  } catch (e) {
-    die(`Database insert failed: ${e.message}`);
+    loginRes = JSON.parse((loginResult.stdout || '').toString().trim());
+  } catch {
+    die('Invalid JSON in login response — is wico-server healthy?');
+  }
+  // Response shape: { status: 200, data: { token, userConcept, ... } }
+  const token    = loginRes?.data?.token;
+  const entityId = loginRes?.data?.userConcept;
+  if (!token) {
+    die(`Login failed: ${JSON.stringify(loginRes)}`);
+  }
+  console.log(`done  (entity ${entityId})`);
+  // Step 2: Generate client-secret
+  process.stdout.write('[2/3] Generating client-secret… ');
+  const secretResult = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/client-secret',
+    '-H', `Authorization: Bearer ${token}`,
+    '-H', 'Content-Type: application/json'
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
+  if (secretResult.status !== 0) {
+    const errText = (secretResult.stderr || '').toString().trim() || 'curl returned non-zero';
+    die(`/api/client-secret request failed: ${errText}`);
+  }
+  let secretRes;
+  try {
+    secretRes = JSON.parse((secretResult.stdout || '').toString().trim());
+  } catch {
+    die('Invalid JSON in client-secret response');
+  }
+  // Response shape: { success: true, message: "<plainSecretString>" }
+  const secret = secretRes?.message;
+  if (!secret || typeof secret !== 'string' || !secretRes?.success) {
+    die(`Unexpected client-secret response: ${JSON.stringify(secretRes)}`);
   }
   console.log('done');
-  // Step 3: update .env
+  // Step 3: Update .env
   process.stdout.write('[3/3] Updating .env… ');
   setEnvVar(envPath, 'CLIENT_ID',     String(entityId));
-  setEnvVar(envPath, 'CLIENT_SECRET', plainSecret);
+  setEnvVar(envPath, 'CLIENT_SECRET', secret);
   console.log('done');
   console.log(`
 ─────────────────────────────────────────
   Credentials saved to .env:
     CLIENT_ID     = ${entityId}
-    CLIENT_SECRET = ${plainSecret}
+    CLIENT_SECRET = (saved — restart to apply)
 ─────────────────────────────────────────
-  Restart the node-server to apply:
+  Restart node-server and node-cache-server to pick up the new secret:
   freeschema restart node-server
 `);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "freeschema",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "FreeSchema — self-hosted deployment CLI",
   "keywords": [
     "freeschema",