sentri 1.0.3 → 1.0.5

package/templates/drizzle/adapter.ts

@@ -0,0 +1,160 @@
+// sentri — Drizzle adapter template
+// Generated by: npx sentri generate drizzle
+//
+// Adjust the import paths to match your project structure.
+// This template assumes tables: users, roles, userRoles, sessions.
+// Column names follow the sentri Drizzle schema convention.
+//
+// Replace NodePgDatabase with the type that matches your Drizzle driver:
+//   import { type NodePgDatabase } from 'drizzle-orm/node-postgres';  (default)
+//   import { type LibSQLDatabase }  from 'drizzle-orm/libsql';
+//   import { type MySql2Database }  from 'drizzle-orm/mysql2';
+
+import { eq } from 'drizzle-orm';
+import type { NodePgDatabase } from 'drizzle-orm/node-postgres';
+import type { AuthAdapter } from 'sentri';
+import { users, roles, userRoles, sessions } from './schema.js';
+
+class AdapterConfigError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'AdapterConfigError';
+  }
+}
+
+export function createAdapter(db: NodePgDatabase): AuthAdapter {
+  if (!db) {
+    throw new AdapterConfigError(
+      'createAdapter requires a Drizzle db instance. Did you forget to pass it?\n' +
+      'Example: createAdapter(db)',
+    );
+  }
+  return {
+    user: {
+      async findByIdentifier(identifier) {
+        const rows = await db
+          .select({
+            id: users.id,
+            identifier: users.identifier,
+            passwordHash: users.passwordHash,
+            roleName: roles.name,
+          })
+          .from(users)
+          .leftJoin(userRoles, eq(users.id, userRoles.userId))
+          .leftJoin(roles, eq(userRoles.roleId, roles.id))
+          .where(eq(users.identifier, identifier));
+
+        if (rows.length === 0) return null;
+        return {
+          id: rows[0]!.id,
+          identifier: rows[0]!.identifier,
+          passwordHash: rows[0]!.passwordHash,
+          roles: rows.flatMap((row) => (row.roleName ? [row.roleName] : [])),
+        };
+      },
+
+      async findById(id) {
+        const rows = await db
+          .select({
+            id: users.id,
+            identifier: users.identifier,
+            passwordHash: users.passwordHash,
+            roleName: roles.name,
+          })
+          .from(users)
+          .leftJoin(userRoles, eq(users.id, userRoles.userId))
+          .leftJoin(roles, eq(userRoles.roleId, roles.id))
+          .where(eq(users.id, id));
+
+        if (rows.length === 0) return null;
+        return {
+          id: rows[0]!.id,
+          identifier: rows[0]!.identifier,
+          passwordHash: rows[0]!.passwordHash,
+          roles: rows.flatMap((row) => (row.roleName ? [row.roleName] : [])),
+        };
+      },
+
+      async create({ identifier, passwordHash, roles: roleNames }) {
+        const [user] = await db
+          .insert(users)
+          .values({ identifier, passwordHash })
+          .returning({ id: users.id });
+
+        if (roleNames.length > 0) {
+          await Promise.all(
+            roleNames.map(async (name) => {
+              const existing = await db.select().from(roles).where(eq(roles.name, name));
+              const role = existing[0] ?? (await db.insert(roles).values({ name }).returning())[0];
+              await db.insert(userRoles).values({ userId: user!.id, roleId: role!.id });
+            }),
+          );
+        }
+        return { id: user!.id };
+      },
+
+      async updateRoles(userId, roleNames) {
+        await db.delete(userRoles).where(eq(userRoles.userId, userId));
+        await Promise.all(
+          roleNames.map(async (name) => {
+            const existing = await db.select().from(roles).where(eq(roles.name, name));
+            const role = existing[0] ?? (await db.insert(roles).values({ name }).returning())[0];
+            await db.insert(userRoles).values({ userId, roleId: role!.id });
+          }),
+        );
+      },
+    },
+
+    session: {
+      async create({ userId, expiresAt }) {
+        const [session] = await db
+          .insert(sessions)
+          .values({ userId, expiresAt })
+          .returning({ id: sessions.id });
+        return { id: session!.id };
+      },
+
+      async findById(sessionId) {
+        const rows = await db
+          .select({
+            sessionId: sessions.id,
+            sessionUserId: sessions.userId,
+            sessionExpiresAt: sessions.expiresAt,
+            sessionCreatedAt: sessions.createdAt,
+            userId: users.id,
+            identifier: users.identifier,
+            passwordHash: users.passwordHash,
+            roleName: roles.name,
+          })
+          .from(sessions)
+          .innerJoin(users, eq(sessions.userId, users.id))
+          .leftJoin(userRoles, eq(users.id, userRoles.userId))
+          .leftJoin(roles, eq(userRoles.roleId, roles.id))
+          .where(eq(sessions.id, sessionId));
+
+        if (rows.length === 0) return null;
+        const first = rows[0]!;
+        return {
+          id: first.sessionId,
+          userId: first.sessionUserId,
+          expiresAt: first.sessionExpiresAt,
+          createdAt: first.sessionCreatedAt,
+          user: {
+            id: first.userId,
+            identifier: first.identifier,
+            passwordHash: first.passwordHash,
+            roles: rows.flatMap((row) => (row.roleName ? [row.roleName] : [])),
+          },
+        };
+      },
+
+      async delete(sessionId) {
+        await db.delete(sessions).where(eq(sessions.id, sessionId));
+      },
+
+      async deleteAllForUser(userId) {
+        await db.delete(sessions).where(eq(sessions.userId, userId));
+      },
+    },
+  };
+}

package/templates/drizzle/auth.ts

@@ -0,0 +1,27 @@
+// sentri — auth config template (Drizzle)
+// Generated by: npx sentri generate drizzle
+//
+// Update validRoles to match the roles your application uses.
+// Add JWT_SECRET to your .env file.
+// If you already have a db instance defined elsewhere, import it instead.
+
+import { createAuth } from 'sentri';
+import { db } from '../db.js'; // adjust path to your db instance
+import { createAdapter } from './adapter.js';
+
+export const auth = createAuth({
+  secret: process.env.JWT_SECRET!,
+  validRoles: ['user', 'admin'] as const,
+  adapter: createAdapter(db),
+  // accessExpiresIn: '15m',
+  // refreshExpiresIn: '7d',
+  // algorithm: 'HS256',
+  // saltRounds: 12,
+  cookie: {
+    secure: process.env.NODE_ENV === 'production',
+    // name: 'refresh_token',
+    // httpOnly: true,
+    // sameSite: 'strict',
+    // path: '/',
+  },
+});

package/templates/drizzle/schema.ts

@@ -0,0 +1,47 @@
+// sentri — Drizzle schema template (PostgreSQL / node-postgres)
+// Generated by: npx sentri generate drizzle
+//
+// Field mapping: library uses `identifier` internally, but your DB column
+// can be named anything — adjust the first argument of text() on the
+// identifier column to match your existing schema, or leave it as-is.
+//
+//   text('email')    — login via email
+//   text('username') — login via username
+//   text('phone')    — login via phone number
+
+import { pgTable, primaryKey, text, timestamp } from 'drizzle-orm/pg-core';
+
+export const users = pgTable('users', {
+  id: text('id').primaryKey().$defaultFn(() => crypto.randomUUID()),
+  identifier: text('email').notNull().unique(),
+  passwordHash: text('password_hash').notNull(),
+  createdAt: timestamp('created_at').notNull().defaultNow(),
+  updatedAt: timestamp('updated_at').notNull().$onUpdateFn(() => new Date()),
+});
+
+export const roles = pgTable('roles', {
+  id: text('id').primaryKey().$defaultFn(() => crypto.randomUUID()),
+  name: text('name').notNull().unique(),
+});
+
+export const userRoles = pgTable(
+  'user_roles',
+  {
+    userId: text('user_id')
+      .notNull()
+      .references(() => users.id, { onDelete: 'cascade' }),
+    roleId: text('role_id')
+      .notNull()
+      .references(() => roles.id, { onDelete: 'cascade' }),
+  },
+  (table) => [primaryKey({ columns: [table.userId, table.roleId] })],
+);
+
+export const sessions = pgTable('sessions', {
+  id: text('id').primaryKey().$defaultFn(() => crypto.randomUUID()),
+  userId: text('user_id')
+    .notNull()
+    .references(() => users.id, { onDelete: 'cascade' }),
+  expiresAt: timestamp('expires_at').notNull(),
+  createdAt: timestamp('created_at').notNull().defaultNow(),
+});

package/templates/prisma/adapter.ts

@@ -0,0 +1,128 @@
+// sentri — Prisma adapter template
+// Generated by: npx sentri generate prisma
+//
+// Adjust the Prisma model/field names below if your schema differs from the
+// template produced by `npx sentri init`.
+
+import type { PrismaClient } from '@prisma/client';
+import type { AuthAdapter } from 'sentri';
+
+class AdapterConfigError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'AdapterConfigError';
+  }
+}
+
+export function createAdapter(prisma: PrismaClient): AuthAdapter {
+  if (!prisma) {
+    throw new AdapterConfigError(
+      'createAdapter requires a PrismaClient instance. Did you forget to pass it?\n' +
+      'Example: createAdapter(prisma)',
+    );
+  }
+  return {
+    user: {
+      async findByIdentifier(identifier) {
+        const user = await prisma.user.findUnique({
+          where: { identifier },
+          include: { userRoles: { include: { role: true } } },
+        });
+        if (!user) return null;
+        return {
+          id: user.id,
+          identifier: user.identifier,
+          passwordHash: user.passwordHash,
+          roles: user.userRoles.map((userRole) => userRole.role.name),
+        };
+      },
+
+      async findById(id) {
+        const user = await prisma.user.findUnique({
+          where: { id },
+          include: { userRoles: { include: { role: true } } },
+        });
+        if (!user) return null;
+        return {
+          id: user.id,
+          identifier: user.identifier,
+          passwordHash: user.passwordHash,
+          roles: user.userRoles.map((userRole) => userRole.role.name),
+        };
+      },
+
+      async create({ identifier, passwordHash, roles }) {
+        const user = await prisma.user.create({
+          data: {
+            identifier,
+            passwordHash,
+            userRoles: {
+              create: await Promise.all(
+                roles.map(async (name) => {
+                  const role = await prisma.role.upsert({
+                    where: { name },
+                    update: {},
+                    create: { name },
+                  });
+                  return { roleId: role.id };
+                }),
+              ),
+            },
+          },
+        });
+        return { id: user.id };
+      },
+
+      async updateRoles(userId, roles) {
+        await prisma.userRole.deleteMany({ where: { userId } });
+        await Promise.all(
+          roles.map(async (name) => {
+            const role = await prisma.role.upsert({
+              where: { name },
+              update: {},
+              create: { name },
+            });
+            await prisma.userRole.create({ data: { userId, roleId: role.id } });
+          }),
+        );
+      },
+    },
+
+    session: {
+      async create({ userId, expiresAt }) {
+        const session = await prisma.session.create({ data: { userId, expiresAt } });
+        return { id: session.id };
+      },
+
+      async findById(sessionId) {
+        const session = await prisma.session.findUnique({
+          where: { id: sessionId },
+          include: {
+            user: { include: { userRoles: { include: { role: true } } } },
+          },
+        });
+        if (!session) return null;
+        return {
+          id: session.id,
+          userId: session.userId,
+          expiresAt: session.expiresAt,
+          createdAt: session.createdAt,
+          user: {
+            id: session.user.id,
+            identifier: session.user.identifier,
+            passwordHash: session.user.passwordHash,
+            roles: session.user.userRoles.map((userRole) => userRole.role.name),
+          },
+        };
+      },
+
+      async delete(sessionId) {
+        await prisma.session.delete({ where: { id: sessionId } }).catch(() => {});
+      },
+
+      async deleteAllForUser(userId) {
+        await prisma.session.deleteMany({ where: { userId } });
+      },
+    },
+  };
+}

package/templates/prisma/auth.ts

@@ -0,0 +1,30 @@
+// sentri — auth config template (Prisma)
+// Generated by: npx sentri generate prisma
+//
+// Update validRoles to match the roles your application uses.
+// Add JWT_SECRET to your .env file.
+// If you already have a PrismaClient instance elsewhere, import it instead of
+// creating a new one here.
+
+import { PrismaClient } from '@prisma/client';
+import { createAuth } from 'sentri';
+import { createAdapter } from './adapter.js';
+
+const prisma = new PrismaClient();
+
+export const auth = createAuth({
+  secret: process.env.JWT_SECRET!,
+  validRoles: ['user', 'admin'] as const,
+  adapter: createAdapter(prisma),
+  // accessExpiresIn: '15m',
+  // refreshExpiresIn: '7d',
+  // algorithm: 'HS256',
+  // saltRounds: 12,
+  cookie: {
+    secure: process.env.NODE_ENV === 'production',
+    // name: 'refresh_token',
+    // httpOnly: true,
+    // sameSite: 'strict',
+    // path: '/',
+  },
+});