freeschema 1.0.9 → 1.0.11

package/bin/freeschema.js

@@ -122,9 +122,18 @@ function generateMosquittoPassword(username, password) {
   return `${username}:$7$${iterations}$${salt.toString('base64')}$${hash.toString('base64')}\n`;
 }
 
+function isContainerHealthy(containerName) {
+  const r = spawnSync('docker', [
+    'inspect', '--format', '{{.State.Health.Status}}', containerName
+  ], { stdio: 'pipe' });
+  return (r.stdout || '').toString().trim() === 'healthy';
+}
+
 function waitForAccessControl(container) {
+  if (isContainerHealthy(container)) return true;  // already healthy — no wait needed
   process.stdout.write('  Waiting for access-control-server');
-  for (let i = 0; i < 30; i++) {
+  for (let i = 0; i < 60; i++) {  // 60 × 2s = 120s
+    if (isContainerHealthy(container)) { process.stdout.write(' ready\n'); return true; }
     const r = spawnSync('docker', [
       'exec', container, 'curl', '-sf', 'http://localhost:7000/health'
     ], { stdio: 'pipe' });
@@ -614,19 +623,6 @@ async function cmdStart() {
     console.log('  CLIENT_SECRET is not configured.');
     console.log('  Setting up admin credentials…');
     console.log('─────────────────────────────────────────');
-
-    // Wait for MySQL to be ready before inserting credentials
-    try {
-      const container = getMysqlContainer();
-      const env       = readEnv();
-      const dbUser    = env.DB_USER || env.MYSQL_USER || 'freeschema';
-      const dbPass    = env.DB_PASSWORD || env.MYSQL_PASSWORD || 'Freeschema@123';
-      waitForMySQL(container, dbUser, dbPass);
-    } catch (e) {
-      console.log('  (skipping credentials setup — MySQL not running)');
-      return;
-    }
-
     await cmdSetupCredentials();
   }
 }
@@ -772,116 +768,124 @@ function cmdDbRestore() {
 
 // ── setup-credentials ─────────────────────────────────────────────────────────
 
-function hashClientSecret(plainSecret) {
-  // Matches C# ClientSecretHasher: PBKDF2-HMAC-SHA256, 100000 iterations, 16-byte salt, 32-byte output
-  // Stored format: "{iterations}.{base64_salt}.{base64_hash}"
-  const iterations = 100_000;
-  const salt       = crypto.randomBytes(16);
-  const hash       = crypto.pbkdf2Sync(plainSecret, salt, iterations, 32, 'sha256');
-  return `${iterations}.${salt.toString('base64')}.${hash.toString('base64')}`;
+function getWicoContainer() {
+  const out = runComposeOutput(['ps', '--format', 'json']);
+  if (!out) return null;
+  const containers = out.split('\n')
+    .map(l => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+  const wico = containers.find(c => c.Service === 'wico-server' || (c.Name || '').includes('wico-server'));
+  return wico ? (wico.Name || wico.ID) : null;
 }
 
-function runSql(container, dbName, sql) {
-  const env    = readEnv();
-  const dbPass = env.MYSQL_ROOT_PASSWORD || ('Admin@' + (env.MYSQL_PASSWORD || 'Freeschema@123'));
-  const result = spawnSync(
-    'docker',
-    ['exec', '-i', container, 'mysql', '-uroot', `-p${dbPass}`, dbName],
-    { input: sql, stdio: ['pipe', 'pipe', 'pipe'] }
-  );
-  if (result.error) throw new Error(`docker exec failed: ${result.error.message}`);
-  if (result.status !== 0) throw new Error((result.stderr || '').toString().trim());
-  return (result.stdout || '').toString().trim();
+function waitForWicoServer(container, maxAttempts = 60) {
+  if (isContainerHealthy(container)) return true;  // already healthy — no wait needed
+  process.stdout.write('  Waiting for wico-server');
+  for (let i = 0; i < maxAttempts; i++) {
+    if (isContainerHealthy(container)) { process.stdout.write(' ready\n'); return true; }
+    const r = spawnSync('docker', [
+      'exec', container, 'curl', '-sf', 'http://localhost:7000/health'
+    ], { stdio: 'pipe' });
+    if (r.status === 0) { process.stdout.write(' ready\n'); return true; }
+    process.stdout.write('.');
+    sleep(3000);
+  }
+  process.stdout.write(' timed out\n');
+  return false;
 }
 
 async function cmdSetupCredentials() {
   const envPath = path.join(process.cwd(), '.env');
   if (!fs.existsSync(envPath)) die('.env not found. Run `freeschema init` first.');
 
-  const env    = readEnv();
-  const dbName = env.DB_DATABASE || env.MYSQL_DATABASE || 'freeschema_db';
+  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET via API\n');
 
-  console.log('\nSetting up CLIENT_ID and CLIENT_SECRET');
+  // Find wico-server container
+  const container = getWicoContainer();
+  if (!container) die('wico-server is not running.\nStart with `freeschema start`.');
 
-  // Prompt for entity concept ID
-  const entityId = await prompt('Admin entity concept ID', env.CLIENT_ID || '100000016');
-  if (!entityId) die('Entity ID is required.');
+  // Wait for wico-server to be healthy
+  if (!waitForWicoServer(container)) {
+    die('wico-server did not become ready.\nCheck logs: freeschema logs wico-server');
+  }
 
-  // Step 1: generate secret + hash it locally — no API call needed
-  process.stdout.write('[1/3] Generating secret… ');
-  const plainSecret = crypto.randomBytes(32).toString('hex'); // 64-char hex
-  const hashedSecret = hashClientSecret(plainSecret);
-  console.log('done');
+  // Prompt for admin credentials
+  const email    = await prompt('Admin email');
+  const password = await promptSecret('Admin password');
+  if (!email || !password) die('Email and password are required.');
 
-  // Step 2: insert hash directly into the database
-  process.stdout.write('[2/3] Writing to database… ');
-  const container = getMysqlContainer();
+  // Step 1: Login
+  process.stdout.write('\n[1/3] Logging in… ');
+  const loginBody = JSON.stringify({ email, password, application: 'boomconsole' });
+  const loginResult = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/auth/login',
+    '-H', 'Content-Type: application/json',
+    '-d', loginBody
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
+
+  if (loginResult.status !== 0) {
+    const errText = (loginResult.stderr || '').toString().trim() || 'curl returned non-zero';
+    die(`Login request failed: ${errText}`);
+  }
+
+  let loginRes;
+  try {
+    loginRes = JSON.parse((loginResult.stdout || '').toString().trim());
+  } catch {
+    die('Invalid JSON in login response — is wico-server healthy?');
+  }
+
+  // Response shape: { status: 200, data: { token, userConcept, ... } }
+  const token    = loginRes?.data?.token;
+  const entityId = loginRes?.data?.userConcept;
+  if (!token) {
+    die(`Login failed: ${JSON.stringify(loginRes)}`);
+  }
+  console.log(`done  (entity ${entityId})`);
+
+  // Step 2: Generate client-secret
+  process.stdout.write('[2/3] Generating client-secret… ');
+  const secretResult = spawnSync('docker', [
+    'exec', container, 'curl', '-sf',
+    '-X', 'POST', 'http://localhost:7000/api/client-secret',
+    '-H', `Authorization: Bearer ${token}`,
+    '-H', 'Content-Type: application/json'
+  ], { stdio: ['inherit', 'pipe', 'pipe'] });
 
-  const sql = `
-SET @entity_id = ${parseInt(entityId, 10)};
-
--- Look up the type concept for 'the_client_secret'
-SET @type_id = (
-  SELECT id FROM the_concepts
-  WHERE character_value = 'the_client_secret'
-  ORDER BY id ASC LIMIT 1
-);
-
--- Insert the secret hash as a new concept
-INSERT INTO the_concepts (
-  user_id, category_id, category_user_id, type_id, type_user_id,
-  character_value, security_id, security_user_id, access_id, access_user_id,
-  session_information_id, session_information_user_id
-) VALUES (
-  999, @type_id, 999, @type_id, 999,
-  '${hashedSecret}', 4, 999, 4, 999, 999, 999
-);
-
-SET @secret_concept_id = LAST_INSERT_ID();
-
--- Look up the connection type for 'the_entity_s_client_secret'
-SET @conn_type_id = (
-  SELECT id FROM the_concepts
-  WHERE character_value = 'the_entity_s_client_secret'
-  ORDER BY id ASC LIMIT 1
-);
-
--- Link entity → secret concept
-INSERT INTO the_connections (
-  user_id, of_the_concepts_id, of_the_concepts_user_id,
-  type_id, type_user_id, order_id, order_user_id,
-  to_the_concepts_id, to_the_concepts_user_id,
-  security_id, security_user_id, access_id, access_user_id,
-  session_information_id, session_information_user_id
-) VALUES (
-  999, @entity_id, 999,
-  @conn_type_id, 999, 999, 999,
-  @secret_concept_id, 999,
-  4, 999, 4, 999, 999, 999
-);
-`;
+  if (secretResult.status !== 0) {
+    const errText = (secretResult.stderr || '').toString().trim() || 'curl returned non-zero';
+    die(`/api/client-secret request failed: ${errText}`);
+  }
 
+  let secretRes;
   try {
-    runSql(container, dbName, sql);
-  } catch (e) {
-    die(`Database insert failed: ${e.message}`);
+    secretRes = JSON.parse((secretResult.stdout || '').toString().trim());
+  } catch {
+    die('Invalid JSON in client-secret response');
+  }
+
+  // Response shape: { success: true, message: "<plainSecretString>" }
+  const secret = secretRes?.message;
+  if (!secret || typeof secret !== 'string' || !secretRes?.success) {
+    die(`Unexpected client-secret response: ${JSON.stringify(secretRes)}`);
   }
   console.log('done');
 
-  // Step 3: update .env
+  // Step 3: Update .env
   process.stdout.write('[3/3] Updating .env… ');
   setEnvVar(envPath, 'CLIENT_ID',     String(entityId));
-  setEnvVar(envPath, 'CLIENT_SECRET', plainSecret);
+  setEnvVar(envPath, 'CLIENT_SECRET', secret);
   console.log('done');
 
   console.log(`
 ─────────────────────────────────────────
   Credentials saved to .env:
     CLIENT_ID     = ${entityId}
-    CLIENT_SECRET = ${plainSecret}
+    CLIENT_SECRET = (saved — restart to apply)
 ─────────────────────────────────────────
 
-  Restart the node-server to apply:
+  Restart node-server and node-cache-server to pick up the new secret:
   freeschema restart node-server
 `);
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "freeschema",
-  "version": "1.0.9",
+  "version": "1.0.11",
   "description": "FreeSchema — self-hosted deployment CLI",
   "keywords": [
     "freeschema",