hazo_auth 4.2.0 → 4.3.0

package/dist/cli/init_users.js

@@ -0,0 +1,307 @@
+// file_description: CLI command to initialize users, roles, and permissions from configuration
+// section: imports
+import { get_hazo_connect_instance } from "../lib/hazo_connect_instance.server.js";
+import { createCrudService } from "hazo_connect/server";
+import { get_user_management_config } from "../lib/user_management_config.server.js";
+import { get_config_value } from "../lib/config/config_loader.server.js";
+import { create_app_logger } from "../lib/app_logger.js";
+// section: helpers
+/**
+ * Prints a summary of what was inserted vs what already existed
+ */
+function print_summary(summary) {
+    console.log("=".repeat(60));
+    console.log("INITIALIZATION SUMMARY");
+    console.log("=".repeat(60));
+    console.log();
+    // Permissions summary
+    console.log("Permissions:");
+    if (summary.permissions.inserted.length > 0) {
+        console.log(`  ✓ Inserted (${summary.permissions.inserted.length}):`);
+        summary.permissions.inserted.forEach((name) => console.log(`    - ${name}`));
+    }
+    if (summary.permissions.existing.length > 0) {
+        console.log(`  ⊙ Already existed (${summary.permissions.existing.length}):`);
+        summary.permissions.existing.forEach((name) => console.log(`    - ${name}`));
+    }
+    console.log();
+    // Role summary
+    console.log("Role:");
+    if (summary.role.inserted) {
+        console.log(`  ✓ Inserted: default_super_user_role (ID: ${summary.role.role_id})`);
+    }
+    if (summary.role.existing) {
+        console.log(`  ⊙ Already existed: default_super_user_role (ID: ${summary.role.role_id})`);
+    }
+    console.log();
+    // Role permissions summary
+    console.log("Role-Permission Assignments:");
+    if (summary.role_permissions.inserted > 0) {
+        console.log(`  ✓ Inserted: ${summary.role_permissions.inserted} assignment(s)`);
+    }
+    if (summary.role_permissions.existing > 0) {
+        console.log(`  ⊙ Already existed: ${summary.role_permissions.existing} assignment(s)`);
+    }
+    console.log();
+    // User role summary
+    console.log("User-Role Assignment:");
+    if (summary.user_role.inserted) {
+        console.log(`  ✓ Inserted: Super user role assigned to user`);
+    }
+    if (summary.user_role.existing) {
+        console.log(`  ⊙ Already existed: User already has super user role`);
+    }
+    console.log();
+    console.log("=".repeat(60));
+}
+// section: main_function
+/**
+ * Initializes users, roles, and permissions from configuration
+ * This function reads from hazo_auth_config.ini and sets up:
+ * 1. Permissions from [hazo_auth__user_management] application_permission_list_defaults
+ * 2. A default_super_user_role with all permissions
+ * 3. Assigns the role to user from --email parameter or [hazo_auth__initial_setup] default_super_user_email
+ */
+export async function handle_init_users(options = {}) {
+    var _a;
+    const logger = create_app_logger();
+    const summary = {
+        permissions: {
+            inserted: [],
+            existing: [],
+        },
+        role: {
+            inserted: false,
+            existing: false,
+            role_id: null,
+        },
+        role_permissions: {
+            inserted: 0,
+            existing: 0,
+        },
+        user_role: {
+            inserted: false,
+            existing: false,
+        },
+    };
+    try {
+        console.log("\n🐸 hazo_auth init-users\n");
+        console.log("Initializing users, roles, and permissions from configuration...\n");
+        // Get hazo_connect instance
+        const hazoConnect = get_hazo_connect_instance();
+        const permissions_service = createCrudService(hazoConnect, "hazo_permissions");
+        const roles_service = createCrudService(hazoConnect, "hazo_roles");
+        const role_permissions_service = createCrudService(hazoConnect, "hazo_role_permissions");
+        const users_service = createCrudService(hazoConnect, "hazo_users");
+        const user_roles_service = createCrudService(hazoConnect, "hazo_user_roles");
+        // 1. Get permissions from config
+        const config = get_user_management_config();
+        const permission_names = config.application_permission_list_defaults || [];
+        if (permission_names.length === 0) {
+            console.log("⚠ No permissions found in configuration.");
+            console.log("  Add permissions to [hazo_auth__user_management] application_permission_list_defaults\n");
+            return;
+        }
+        console.log(`Found ${permission_names.length} permission(s) in configuration:`);
+        permission_names.forEach((name) => console.log(`  - ${name}`));
+        console.log();
+        // 2. Add permissions to hazo_permissions table
+        const permission_id_map = {};
+        const now = new Date().toISOString();
+        for (const permission_name of permission_names) {
+            const trimmed_name = permission_name.trim();
+            if (!trimmed_name)
+                continue;
+            // Check if permission already exists
+            const existing_permissions = await permissions_service.findBy({
+                permission_name: trimmed_name,
+            });
+            if (Array.isArray(existing_permissions) && existing_permissions.length > 0) {
+                const existing_permission = existing_permissions[0];
+                const perm_id = existing_permission.id;
+                permission_id_map[trimmed_name] = perm_id;
+                summary.permissions.existing.push(trimmed_name);
+                console.log(`✓ Permission already exists: ${trimmed_name} (ID: ${perm_id})`);
+            }
+            else {
+                // Insert new permission
+                const new_permission = await permissions_service.insert({
+                    permission_name: trimmed_name,
+                    description: `Permission for ${trimmed_name}`,
+                    created_at: now,
+                    changed_at: now,
+                });
+                const perm_id = Array.isArray(new_permission)
+                    ? new_permission[0].id
+                    : new_permission.id;
+                permission_id_map[trimmed_name] = perm_id;
+                summary.permissions.inserted.push(trimmed_name);
+                console.log(`✓ Inserted permission: ${trimmed_name} (ID: ${perm_id})`);
+            }
+        }
+        console.log();
+        // 3. Create or get default_super_user_role
+        const role_name = "default_super_user_role";
+        const existing_roles = await roles_service.findBy({
+            role_name,
+        });
+        let role_id;
+        if (Array.isArray(existing_roles) && existing_roles.length > 0) {
+            role_id = existing_roles[0].id;
+            summary.role.existing = true;
+            summary.role.role_id = role_id;
+            console.log(`✓ Role already exists: ${role_name} (ID: ${role_id})`);
+        }
+        else {
+            const new_role = await roles_service.insert({
+                role_name,
+                created_at: now,
+                changed_at: now,
+            });
+            role_id = Array.isArray(new_role)
+                ? new_role[0].id
+                : new_role.id;
+            summary.role.inserted = true;
+            summary.role.role_id = role_id;
+            console.log(`✓ Created role: ${role_name} (ID: ${role_id})`);
+        }
+        console.log();
+        // 4. Assign all permissions to the role
+        const permission_ids = Object.values(permission_id_map);
+        for (const permission_id of permission_ids) {
+            // Check if role-permission assignment already exists
+            const existing_assignments = await role_permissions_service.findBy({
+                role_id,
+                permission_id,
+            });
+            if (Array.isArray(existing_assignments) && existing_assignments.length > 0) {
+                summary.role_permissions.existing++;
+                const perm_name = Object.keys(permission_id_map).find((key) => permission_id_map[key] === permission_id);
+                console.log(`✓ Role-permission already exists: ${role_name} -> ${perm_name}`);
+            }
+            else {
+                await role_permissions_service.insert({
+                    role_id,
+                    permission_id,
+                    created_at: now,
+                    changed_at: now,
+                });
+                summary.role_permissions.inserted++;
+                const perm_name = Object.keys(permission_id_map).find((key) => permission_id_map[key] === permission_id);
+                console.log(`✓ Assigned permission to role: ${role_name} -> ${perm_name}`);
+            }
+        }
+        console.log();
+        // 5. Get super user email from options or config
+        const super_user_email = ((_a = options.email) === null || _a === void 0 ? void 0 : _a.trim()) || get_config_value("hazo_auth__initial_setup", "default_super_user_email", "").trim();
+        if (!super_user_email) {
+            console.log("⚠ No super user email provided.");
+            console.log("  Either use --email=user@example.com parameter");
+            console.log("  Or add [hazo_auth__initial_setup] default_super_user_email to config\n");
+            print_summary(summary);
+            return;
+        }
+        if (options.email) {
+            console.log(`Using email from --email parameter: ${super_user_email}`);
+        }
+        else {
+            console.log(`Using email from config: ${super_user_email}`);
+        }
+        console.log(`Looking up user with email: ${super_user_email}`);
+        // 6. Find user by email
+        const users = await users_service.findBy({
+            email_address: super_user_email,
+        });
+        if (!Array.isArray(users) || users.length === 0) {
+            console.log(`✗ User not found with email: ${super_user_email}`);
+            console.log("  Please ensure the user exists in the database before running this script.\n");
+            print_summary(summary);
+            return;
+        }
+        const user = users[0];
+        const user_id = user.id;
+        console.log(`✓ Found user: ${super_user_email} (ID: ${user_id})`);
+        console.log();
+        // 7. Assign role to user
+        const existing_user_roles = await user_roles_service.findBy({
+            user_id,
+            role_id,
+        });
+        if (Array.isArray(existing_user_roles) && existing_user_roles.length > 0) {
+            summary.user_role.existing = true;
+            console.log(`✓ User already has role assigned: ${user_id} -> ${role_name}`);
+        }
+        else {
+            await user_roles_service.insert({
+                user_id,
+                role_id,
+                created_at: now,
+                changed_at: now,
+            });
+            summary.user_role.inserted = true;
+            console.log(`✓ Assigned role to user: ${user_id} -> ${role_name}`);
+        }
+        console.log();
+        // 8. Print summary
+        print_summary(summary);
+        logger.info("init_users_completed", {
+            filename: "init_users.ts",
+            line_number: 0,
+            summary,
+        });
+    }
+    catch (error) {
+        const error_message = error instanceof Error ? error.message : "Unknown error";
+        const error_stack = error instanceof Error ? error.stack : undefined;
+        console.error("\n✗ Error initializing users:");
+        console.error(`  ${error_message}`);
+        if (error_stack) {
+            console.error("\nStack trace:");
+            console.error(error_stack);
+        }
+        logger.error("init_users_failed", {
+            filename: "init_users.ts",
+            line_number: 0,
+            error_message,
+            error_stack,
+        });
+        process.exit(1);
+    }
+}
+// section: help
+/**
+ * Shows help for the init-users command
+ */
+export function show_init_users_help() {
+    console.log(`
+hazo_auth init-users
+
+Initialize users, roles, and permissions from configuration.
+
+This command reads from hazo_auth_config.ini and:
+  1. Creates permissions from [hazo_auth__user_management] application_permission_list_defaults
+  2. Creates a 'default_super_user_role' role
+  3. Assigns all permissions to the super user role
+  4. Finds user by email (from --email parameter or config)
+  5. Assigns the super user role to that user
+
+Options:
+  --email=<email>    Email address of the user to assign super user role
+                     (overrides [hazo_auth__initial_setup] default_super_user_email)
+  --help, -h         Show this help message
+
+Configuration required in hazo_auth_config.ini:
+
+  [hazo_auth__user_management]
+  application_permission_list_defaults = admin_user_management,admin_role_management,admin_permission_management
+
+  [hazo_auth__initial_setup]
+  default_super_user_email = admin@example.com   (optional if using --email)
+
+Note: The user must already exist in the database (registered) before running this command.
+
+Usage:
+  npx hazo_auth init-users
+  npx hazo_auth init-users --email=admin@example.com
+`);
+}

package/dist/components/layouts/shared/config/layout_customization.d.ts

@@ -1,3 +1,5 @@
+import type { PasswordRequirementOptions } from "../../../../lib/utils/password_validator";
+export type { PasswordRequirementOptions };
 export type LayoutFieldId = string;
 export type LayoutFieldDefinition = {
     id: LayoutFieldId;
@@ -23,13 +25,6 @@ export type ButtonPaletteDefaults = {
     cancelText: string;
 };
 export type ButtonPaletteOverrides = Partial<ButtonPaletteDefaults>;
-export type PasswordRequirementOptions = {
-    minimum_length: number;
-    require_uppercase: boolean;
-    require_lowercase: boolean;
-    require_number: boolean;
-    require_special: boolean;
-};
 export type PasswordRequirementOverrides = Partial<PasswordRequirementOptions>;
 export declare const resolveFieldDefinitions: (baseDefinitions: LayoutFieldMap, overrides?: LayoutFieldMapOverrides) => LayoutFieldMap;
 export declare const resolveLabels: (defaults: LayoutLabelDefaults, overrides?: LayoutLabelOverrides) => LayoutLabelDefaults;

package/dist/components/layouts/shared/config/layout_customization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"layout_customization.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/config/layout_customization.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC;AAEnC,MAAM,MAAM,qBAAqB,GAAG;IAClC,EAAE,EAAE,aAAa,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,UAAU,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;AAC1E,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;AAErG,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAEhE,MAAM,MAAM,qBAAqB,GAAG;IAClC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpE,MAAM,MAAM,0BAA0B,GAAG;IACvC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAG/E,eAAO,MAAM,uBAAuB,GAClC,iBAAiB,cAAc,EAC/B,YAAY,uBAAuB,KAClC,cAqBF,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,UAAU,mBAAmB,EAC7B,YAAY,oBAAoB,KAC/B,mBAGD,CAAC;AAEH,eAAO,MAAM,oBAAoB,GAC/B,UAAU,qBAAqB,EAC/B,YAAY,sBAAsB,KACjC,qBAGD,CAAC;AAEH,eAAO,MAAM,2BAA2B,GACtC,UAAU,0BAA0B,EACpC,YAAY,4BAA4B,KACvC,0BAGD,CAAC"}
+{"version":3,"file":"layout_customization.d.ts","sourceRoot":"","sources":["../../../../../src/components/layouts/shared/config/layout_customization.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAC3F,YAAY,EAAE,0BAA0B,EAAE,CAAC;AAG3C,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC;AAEnC,MAAM,MAAM,qBAAqB,GAAG;IAClC,EAAE,EAAE,aAAa,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,OAAO,GAAG,UAAU,CAAC;IACpC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC,aAAa,EAAE,qBAAqB,CAAC,CAAC;AAC1E,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,MAAM,CAAC,aAAa,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;AAErG,MAAM,MAAM,mBAAmB,GAAG;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAAC;AAEhE,MAAM,MAAM,qBAAqB,GAAG;IAClC,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,sBAAsB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;AAEpE,MAAM,MAAM,4BAA4B,GAAG,OAAO,CAAC,0BAA0B,CAAC,CAAC;AAG/E,eAAO,MAAM,uBAAuB,GAClC,iBAAiB,cAAc,EAC/B,YAAY,uBAAuB,KAClC,cAqBF,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,UAAU,mBAAmB,EAC7B,YAAY,oBAAoB,KAC/B,mBAGD,CAAC;AAEH,eAAO,MAAM,oBAAoB,GAC/B,UAAU,qBAAqB,EAC/B,YAAY,sBAAsB,KACjC,qBAGD,CAAC;AAEH,eAAO,MAAM,2BAA2B,GACtC,UAAU,0BAA0B,EACpC,YAAY,4BAA4B,KACvC,0BAGD,CAAC"}

package/dist/lib/utils/password_validator.d.ts

@@ -1,4 +1,10 @@
-import type { PasswordRequirementOptions } from "../../components/layouts/shared/config/layout_customization";
+export type PasswordRequirementOptions = {
+    minimum_length: number;
+    require_uppercase: boolean;
+    require_lowercase: boolean;
+    require_number: boolean;
+    require_special: boolean;
+};
 export type PasswordValidationResult = {
     valid: boolean;
     errors: string[];

package/dist/lib/utils/password_validator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password_validator.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/password_validator.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,6DAA6D,CAAC;AAG9G,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,0BAA0B,GACvC,wBAAwB,CAuC1B"}
+{"version":3,"file":"password_validator.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/password_validator.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,0BAA0B,GAAG;IACvC,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,cAAc,EAAE,OAAO,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAClB,CAAC;AAGF;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,0BAA0B,GACvC,wBAAwB,CAuC1B"}

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "hazo_auth",
-  "version": "4.2.0",
+  "version": "4.3.0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "type": "module",
   "bin": {
-    "hazo_auth": "./dist/cli/index.js"
+    "hazo_auth": "./bin/hazo_auth.mjs"
   },
   "exports": {
     ".": {
@@ -119,6 +119,8 @@
   },
   "files": [
     "dist/**/*",
+    "bin/**/*",
+    "cli-src/**/*",
     "public/profile_pictures/library/**/*",
     "hazo_auth_config.example.ini",
     "hazo_notify_config.example.ini",
@@ -190,6 +192,7 @@
     "sonner": "^2.0.7",
     "tailwind-merge": "^3.4.0",
     "tailwindcss-animate": "^1.0.7",
+    "tsx": "^4.20.6",
     "zod": "^4.1.12"
   },
   "devDependencies": {