lytx 0.3.6 → 0.3.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +35 -1
- package/lib/auth.ts +14 -8
- package/package.json +1 -1
- package/src/app/components/NewSiteSetup.tsx +1 -1
package/README.md
CHANGED
|
@@ -72,7 +72,7 @@ export default app satisfies ExportedHandler<Env>;
|
|
|
72
72
|
- `trackingRoutePrefix` (prefix all tracking routes, e.g. `/collect`)
|
|
73
73
|
- `tagRoutes.scriptPath` + `tagRoutes.eventPath` (custom v2 route paths)
|
|
74
74
|
- `auth.emailPasswordEnabled`, `auth.requireEmailVerification`, `auth.socialProviders.google`, `auth.socialProviders.github`
|
|
75
|
-
- `auth.signupMode` (`"open" | "bootstrap_then_invite" | "invite_only"`)
|
|
75
|
+
- `auth.signupMode` (`"open" | "bootstrap_then_invite" | "invite_only"`; default is `"bootstrap_then_invite"`)
|
|
76
76
|
- `ai.provider`, `ai.model`, `ai.baseURL`, `ai.apiKey`, `ai.accountId` (runtime AI vendor/model overrides; blank values are ignored; provider/model include preset autocomplete values)
|
|
77
77
|
- `features.reportBuilderEnabled` + `features.askAiEnabled`
|
|
78
78
|
- `names.*` (typed resource binding names for D1/KV/Queue/DO)
|
|
@@ -348,6 +348,40 @@ LYTX_TRACKING_DOMAIN=collect.example.com
|
|
|
348
348
|
|
|
349
349
|
Use `createLytxApp({ tagRoutes: { pathPrefix: "/collect" } })` to prefix tracking script and ingestion endpoints.
|
|
350
350
|
|
|
351
|
+
### Auth setup (important)
|
|
352
|
+
|
|
353
|
+
`createLytxApp` defaults to bootstrap-safe auth behavior:
|
|
354
|
+
|
|
355
|
+
- `auth.signupMode` defaults to `"bootstrap_then_invite"`.
|
|
356
|
+
- First account signup is allowed and becomes the initial admin.
|
|
357
|
+
- After the first account exists, public signup is automatically closed.
|
|
358
|
+
- New users can then register only through team invites.
|
|
359
|
+
|
|
360
|
+
This default applies when:
|
|
361
|
+
|
|
362
|
+
- `auth` is omitted entirely, or
|
|
363
|
+
- `auth: {}` is passed.
|
|
364
|
+
|
|
365
|
+
Use these explicit modes when you need different behavior:
|
|
366
|
+
|
|
367
|
+
```tsx
|
|
368
|
+
createLytxApp({
|
|
369
|
+
auth: {
|
|
370
|
+
// "bootstrap_then_invite" is the default
|
|
371
|
+
signupMode: "bootstrap_then_invite",
|
|
372
|
+
// signupMode: "invite_only", // never allow public signup
|
|
373
|
+
// signupMode: "open", // always allow public signup
|
|
374
|
+
},
|
|
375
|
+
});
|
|
376
|
+
```
|
|
377
|
+
|
|
378
|
+
If you need to bootstrap an admin user without public signup, use the CLI:
|
|
379
|
+
|
|
380
|
+
```bash
|
|
381
|
+
cd core
|
|
382
|
+
bun run cli/bootstrap-admin.ts --email admin@example.com --password "StrongPassword123"
|
|
383
|
+
```
|
|
384
|
+
|
|
351
385
|
### Environment variables
|
|
352
386
|
|
|
353
387
|
Add these to your `.env` (local) or worker secrets (production):
|
package/lib/auth.ts
CHANGED
|
@@ -81,26 +81,32 @@ export type AuthProviderAvailability = {
|
|
|
81
81
|
github: boolean;
|
|
82
82
|
};
|
|
83
83
|
|
|
84
|
-
|
|
84
|
+
const DEFAULT_AUTH_RUNTIME_CONFIG: AuthRuntimeConfig = {
|
|
85
85
|
emailPasswordEnabled: true,
|
|
86
86
|
requireEmailVerification: true,
|
|
87
|
-
signupMode: "
|
|
87
|
+
signupMode: "bootstrap_then_invite",
|
|
88
88
|
socialProviders: {},
|
|
89
89
|
};
|
|
90
90
|
|
|
91
|
+
let auth_runtime_config: AuthRuntimeConfig = {
|
|
92
|
+
...DEFAULT_AUTH_RUNTIME_CONFIG,
|
|
93
|
+
};
|
|
94
|
+
|
|
91
95
|
let auth_instance: ReturnType<typeof betterAuth> | null = null;
|
|
92
96
|
|
|
93
97
|
const hasGoogleCredentials = () => Boolean(env.GOOGLE_CLIENT_ID?.trim() && env.GOOGLE_CLIENT_SECRET?.trim());
|
|
94
98
|
const hasGithubCredentials = () => Boolean(env.GITHUB_CLIENT_ID?.trim() && env.GITHUB_CLIENT_SECRET?.trim());
|
|
95
99
|
|
|
96
100
|
export function setAuthRuntimeConfig(config: AuthRuntimeConfig = {}) {
|
|
101
|
+
const socialProviders = {
|
|
102
|
+
...DEFAULT_AUTH_RUNTIME_CONFIG.socialProviders,
|
|
103
|
+
...config.socialProviders,
|
|
104
|
+
};
|
|
105
|
+
|
|
97
106
|
auth_runtime_config = {
|
|
98
|
-
...
|
|
107
|
+
...DEFAULT_AUTH_RUNTIME_CONFIG,
|
|
99
108
|
...config,
|
|
100
|
-
socialProviders
|
|
101
|
-
...auth_runtime_config.socialProviders,
|
|
102
|
-
...config.socialProviders,
|
|
103
|
-
},
|
|
109
|
+
socialProviders,
|
|
104
110
|
};
|
|
105
111
|
|
|
106
112
|
auth_instance = null;
|
|
@@ -117,7 +123,7 @@ export function getAuthProviderAvailability(): AuthProviderAvailability {
|
|
|
117
123
|
}
|
|
118
124
|
|
|
119
125
|
function getSignupMode(): SignupMode {
|
|
120
|
-
return auth_runtime_config.signupMode ?? "
|
|
126
|
+
return auth_runtime_config.signupMode ?? "bootstrap_then_invite";
|
|
121
127
|
}
|
|
122
128
|
|
|
123
129
|
function isMissingTableError(error: unknown): boolean {
|
package/package.json
CHANGED
|
@@ -49,7 +49,7 @@ export const NewSiteSetup: React.FC<NewSiteSetupProps> = ({
|
|
|
49
49
|
|
|
50
50
|
const siteData = await response.json();
|
|
51
51
|
onSiteCreated?.(siteData);
|
|
52
|
-
window.location.href = "/dashboard
|
|
52
|
+
window.location.href = "/dashboard";
|
|
53
53
|
} catch (err) {
|
|
54
54
|
setError(err instanceof Error ? err.message : "An error occurred");
|
|
55
55
|
} finally {
|