vestauth 0.18.0 → 0.18.2

package/CHANGELOG.md

@@ -2,7 +2,19 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
-[Unreleased](https://github.com/vestauth/vestauth/compare/v0.18.0...main)
+[Unreleased](https://github.com/vestauth/vestauth/compare/v0.18.2...main)
+
+## [0.18.2](https://github.com/vestauth/vestauth/compare/v0.18.1...v0.18.2) (2026-02-24)
+
+### Changed
+
+* Pass `--hostname` ([#35](https://github.com/vestauth/vestauth/pull/35))
+
+## [0.18.1](https://github.com/vestauth/vestauth/compare/v0.18.0...v0.18.1) (2026-02-24)
+
+### Changed
+
+* Move register logic to service ([#34](https://github.com/vestauth/vestauth/pull/34))
 
 ## [0.18.0](https://github.com/vestauth/vestauth/compare/v0.17.0...v0.18.0) (2026-02-24)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vestauth",
-  "version": "0.18.0",
+  "version": "0.18.2",
   "description": "auth for agents–from the creator of dotenvx",
   "keywords": [
     "vestauth",
@@ -52,10 +52,8 @@
     "express": "^4.21.2",
     "knex": "^3.1.0",
     "pg": "^8.18.0",
-    "sails-postgresql": "^5.0.1",
     "structured-headers": "^2.0.2",
-    "undici": "7.11.0",
-    "waterline": "^0.15.2"
+    "undici": "7.11.0"
   },
   "devDependencies": {
     "@yao-pkg/pkg": "^5.14.2",

package/src/cli/actions/server/start.js

@@ -10,6 +10,7 @@ async function start () {
 
     await server.start({
       port: options.port,
+      hostname: options.hostname,
       databaseUrl: options.databaseUrl
     })
   } catch (error) {

package/src/cli/commands/server.js

@@ -1,8 +1,6 @@
 const { Command } = require('commander')
 const env = require('./../../lib/helpers/env')
 const databaseUrl = require('./../../lib/helpers/databaseUrl')
-const protocol = require('./../../lib/helpers/protocol')
-const hostname = require('./../../lib/helpers/hostname')
 
 const server = new Command('server')
 
@@ -15,8 +13,7 @@ const startAction = require('./../actions/server/start')
 server.command('start')
   .description('start vestauth server')
   .option('--port <port>', 'port', env('PORT'))
-  .option('--protocol <protocol>', 'https or http', protocol())
-  .option('--hostname <hostname>', 'localhost:3000', hostname())
+  .option('--hostname <hostname>', 'HOSTNAME', env('HOSTNAME'))
   .option('--database-url <databaseUrl>', 'DATABASE_URL', databaseUrl())
   .action(startAction)
 

package/src/lib/helpers/dbMigrate.js

@@ -31,7 +31,7 @@ async function dbMigrate ({ databaseUrl } = {}) {
     connection,
     ssl: { rejectUnauthorized: false },
     migrations: {
-      directory: path.resolve(__dirname, '../../db/migrations')
+      directory: path.resolve(__dirname, '../../server/db/migration')
     }
   })
 

package/src/lib/helpers/resolvePortAndHostname.js

@@ -0,0 +1,34 @@
+function resolvePortAndHostname ({ port, hostname } = {}) {
+  const hasPort = port !== undefined && port !== null && String(port).trim() !== ''
+  const inputPort = hasPort ? String(port).trim() : null
+  const inputHostname = typeof hostname === 'string' ? hostname.trim() : ''
+
+  if (!inputHostname) {
+    const PORT = inputPort || '3000'
+    return {
+      PORT,
+      HOSTNAME: `http://localhost:${PORT}`
+    }
+  }
+
+  const hasScheme = /^https?:\/\//i.test(inputHostname)
+  const bareHostname = hasScheme ? new URL(inputHostname).host : inputHostname
+  const bareHostNoPort = bareHostname.split(':')[0].toLowerCase()
+  const localHostnames = new Set(['localhost', '127.0.0.1'])
+  const defaultScheme = localHostnames.has(bareHostNoPort) ? 'http' : 'https'
+
+  const url = new URL(hasScheme ? inputHostname : `${defaultScheme}://${inputHostname}`)
+
+  const PORT = inputPort || url.port || '3000'
+
+  if (!url.port && localHostnames.has(url.hostname.toLowerCase())) {
+    url.port = PORT
+  }
+
+  return {
+    PORT,
+    HOSTNAME: url.toString().replace(/\/$/, '')
+  }
+}
+
+module.exports = resolvePortAndHostname

package/src/lib/helpers/serverStart.js

@@ -1,7 +1,7 @@
 const serverIndex = require('./../../server/index')
 
-function serverStart ({ port, databaseUrl }) {
-  return serverIndex.start({ port, databaseUrl })
+function serverStart ({ port, hostname, databaseUrl }) {
+  return serverIndex.start({ port, hostname, databaseUrl })
 }
 
 module.exports = serverStart

package/src/lib/helpers/subdomainBaseHost.js

@@ -0,0 +1,18 @@
+function subdomainBaseHost (hostname) {
+  if (!hostname) return null
+
+  const value = String(hostname).trim().toLowerCase()
+  if (!value) return null
+
+  if (value.startsWith('http://') || value.startsWith('https://')) {
+    try {
+      return new URL(value).hostname.toLowerCase()
+    } catch {
+      return null
+    }
+  }
+
+  return value.split('/')[0].split(':')[0]
+}
+
+module.exports = subdomainBaseHost

package/src/server/index.js

@@ -1,24 +1,31 @@
 const { logger } = require('./../shared/logger')
 const tool = require('./../lib/tool')
-const primitives = require('./../lib/primitives')
+const resolvePortAndHostname = require('./../lib/helpers/resolvePortAndHostname')
+const subdomainBaseHost = require('./../lib/helpers/subdomainBaseHost')
 const { connectOrm } = require('./models/index')
+const RegisterService = require('./services/registerService')
+const RegisterSerializer = require('./serializers/registerSerializer')
 
 const express = require('express')
 
-const app = express()
-let ORM = null
+let DB = null
 let HTTP_SERVER = null
 let CLOSE_PROMISE = null
 let SIGNAL_HANDLERS_INSTALLED = false
 let SIGNAL_HANDLERS = null
+let PORT = null
+let HOSTNAME = null
+
+const app = express()
 app.use(express.json())
 
 app.use((req, res, next) => {
   const hostNoPort = (req.headers.host || '').split(':')[0].toLowerCase()
+  const baseHost = subdomainBaseHost(HOSTNAME)
 
-  // agent-c235... .localhost
-  if (hostNoPort.endsWith('.localhost')) {
-    let sub = hostNoPort.slice(0, -'.localhost'.length) // "agent-c235..."
+  // agent-c235... .localhost or agent-c235... .example.com
+  if (baseHost && hostNoPort.endsWith(`.${baseHost}`)) {
+    let sub = hostNoPort.slice(0, -`.${baseHost}`.length) // "agent-c235..."
 
     // remove "agent-" prefix if present
     if (sub.startsWith('agent-')) {
@@ -44,24 +51,21 @@ app.get('/', (req, res) => {
 app.post('/register', async (req, res) => {
   try {
     const url = `${req.protocol}://${req.get('host')}${req.originalUrl}`
-    const verified = await primitives.verify(req.method, url, req.headers, req.body.public_jwk)
-
-    const agent = await app.models.agent.create().fetch()
 
-    const attrs = {
-      agent: agent.id,
-      kid: verified.kid,
-      value: verified.public_jwk
-    }
-    const publicJwk = await app.models.public_jwk.create(attrs).fetch()
-    const agentFormatted = agent.toJSON()
-
-    res.json({
-      uid: agentFormatted.uidFormatted,
-      kid: publicJwk.kid,
-      public_jwk: verified.public_jwk,
-      is_new: true
-    })
+    const {
+      agent,
+      publicJwk,
+      isNew
+    } = await new RegisterService({
+      models: app.models,
+      httpMethod: req.method,
+      uri: url,
+      headers: req.headers,
+      publicJwk: req.body.public_jwk
+    }).run()
+
+    const json = new RegisterSerializer({ agent, publicJwk, isNew }).run()
+    res.json(json)
   } catch (err) {
     logger.error(err)
     res.status(401).json({ error: { status: 401, code: 401, message: err.message } })
@@ -92,28 +96,19 @@ app.get('/whoami', async (req, res) => {
   }
 })
 
-async function start ({ port, databaseUrl } = {}) {
-  const PORT = port || '3000'
+async function start ({ port, hostname, databaseUrl } = {}) {
+  ({ PORT, HOSTNAME } = resolvePortAndHostname({ port, hostname }))
 
   if (HTTP_SERVER) return HTTP_SERVER
 
   try {
-    const { orm, config } = connectOrm({ databaseUrl })
-
-    // promisify initialize
-    const db = await new Promise((resolve, reject) => {
-      orm.initialize(config, (err, ontology) => {
-        if (err) return reject(err)
-        resolve(ontology)
-      })
-    })
-
-    ORM = orm
-    app.models = db.collections
+    const { db, models } = connectOrm({ databaseUrl })
+    DB = db
+    app.models = models
 
     HTTP_SERVER = await new Promise((resolve, reject) => {
       const server = app.listen(PORT, () => {
-        logger.success(`vestauth server listening on http://localhost:${PORT}`)
+        logger.success(`vestauth server listening on ${HOSTNAME}`)
         resolve(server)
       })
 
@@ -145,14 +140,9 @@ async function close () {
       HTTP_SERVER = null
     }
 
-    if (ORM) {
-      await new Promise((resolve, reject) => {
-        ORM.teardown((err) => {
-          if (err) return reject(err)
-          resolve()
-        })
-      })
-      ORM = null
+    if (DB) {
+      await DB.destroy()
+      DB = null
     }
 
     delete app.models
@@ -199,5 +189,6 @@ function removeSignalHandlers () {
 module.exports = {
   app,
   start,
-  close
+  close,
+  resolvePortAndHostname
 }

package/src/server/models/agent.js

@@ -1,47 +1,72 @@
 const crypto = require('crypto')
-const Waterline = require('waterline')
 
 const protocol = require('./../../lib/helpers/protocol')
 const hostname = require('./../../lib/helpers/hostname')
 
-const Agent = Waterline.Collection.extend({
-  identity: 'agent',
-  tableName: 'agents',
-  datastore: 'default',
-  primaryKey: 'id',
-  schema: true,
-
-  attributes: {
-    id: { type: 'number', autoMigrations: { autoIncrement: true } },
-    uid: { type: 'string', required: false },
-    createdAt: { columnName: 'created_at', type: 'ref', autoCreatedAt: true },
-    updatedAt: { columnName: 'updated_at', type: 'ref', autoUpdatedAt: true },
-
-    // relationships
-    publicJwks: {
-      collection: 'public_jwk',
-      via: 'agent'
-    }
-  },
+class AgentRecord {
+  constructor (attrs = {}) {
+    this.id = attrs.id
+    this.uid = attrs.uid
+    this.createdAt = attrs.createdAt
+    this.updatedAt = attrs.updatedAt
+  }
 
-  beforeCreate (self, next) {
-    if (!self.uid) {
-      const uid = crypto.randomBytes(12).toString('hex')
-      self.uid = uid
+  toJSON () {
+    return {
+      id: this.id,
+      uid: this.uid,
+      createdAt: this.createdAt,
+      updatedAt: this.updatedAt,
+      uidFormatted: `agent-${this.uid}`,
+      wellKnownUrl: `${protocol()}://agent-${this.uid}.${hostname()}/.well-known/http-message-signatures-directory`
     }
-    next()
-  },
+  }
+}
+
+class Agent {
+  constructor ({ db }) {
+    this.db = db
+    this.tableName = 'agents'
+  }
+
+  async create (attrs = {}) {
+    const now = new Date()
+    const uid = attrs.uid || crypto.randomBytes(12).toString('hex')
+
+    const [row] = await this.db(this.tableName)
+      .insert({
+        uid,
+        created_at: now,
+        updated_at: now
+      })
+      .returning(['id', 'uid', 'created_at', 'updated_at'])
 
-  customToJSON () {
-    const self = this
+    return this._fromRow(row)
+  }
+
+  async findOne (criteria = {}) {
+    const query = this.db(this.tableName)
+
+    if (criteria.id !== undefined) query.where({ id: criteria.id })
+    if (criteria.uid !== undefined) query.where({ uid: criteria.uid })
+
+    const row = await query.select(['id', 'uid', 'created_at', 'updated_at']).first()
+
+    if (!row) return null
+
+    return this._fromRow(row)
+  }
 
-    self.uidFormatted = `agent-${self.uid}`
-    self.wellKnownUrl = `${protocol()}://${self.uidFormatted}.${hostname()}/.well-known/http-message-signatures-directory`
-    // remove fields if needed
-    // delete self.privateKey
+  _fromRow (row) {
+    if (!row) return null
 
-    return self
+    return new AgentRecord({
+      id: Number(row.id),
+      uid: row.uid,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at
+    })
   }
-})
+}
 
 module.exports = Agent

package/src/server/models/index.js

@@ -1,31 +1,21 @@
-const Waterline = require('waterline')
-const sailsPostgresAdapter = require('sails-postgresql')
+const knex = require('knex')
 
 const Agent = require('./agent')
 const PublicJwk = require('./publicJwk')
 
 function connectOrm ({ databaseUrl }) {
-  const orm = new Waterline()
+  const db = knex({
+    client: 'pg',
+    connection: databaseUrl
+  })
 
-  // register any models
-  orm.registerModel(Agent)
-  orm.registerModel(PublicJwk)
-
-  // setup config
-  const config = {
-    adapters: {
-      postgres: sailsPostgresAdapter
-    },
-    datastores: {
-      default: {
-        adapter: 'postgres',
-        url: databaseUrl,
-        migrate: 'safe' // IMPORTANT. instead managed by knex
-      }
+  return {
+    db,
+    models: {
+      agent: new Agent({ db }),
+      public_jwk: new PublicJwk({ db })
     }
   }
-
-  return { orm, config }
 }
 
 module.exports = { connectOrm }

package/src/server/models/publicJwk.js

@@ -1,39 +1,94 @@
-const Waterline = require('waterline')
-
-const PublicJwk = Waterline.Collection.extend({
-  identity: 'public_jwk',
-  tableName: 'public_jwks',
-  datastore: 'default',
-  primaryKey: 'id',
-  schema: true,
-
-  attributes: {
-    id: { type: 'number', autoMigrations: { autoIncrement: true } },
-    agent: { model: 'agent', columnName: 'agent_id', required: true },
-    kid: { type: 'string', required: true },
-    value: { type: 'json', required: true },
-    state: { type: 'string', required: false },
-    createdAt: { columnName: 'created_at', type: 'ref', autoCreatedAt: true },
-    updatedAt: { columnName: 'updated_at', type: 'ref', autoUpdatedAt: true }
-  },
-
-  beforeCreate (self, next) {
-    if (!self.state) {
-      self.state = 'active' // default state
+class PublicJwkRecord {
+  constructor (attrs = {}) {
+    this.id = attrs.id
+    this.agent = attrs.agent
+    this.kid = attrs.kid
+    this.value = attrs.value
+    this.state = attrs.state
+    this.createdAt = attrs.createdAt
+    this.updatedAt = attrs.updatedAt
+  }
+
+  toJSON () {
+    return {
+      id: this.id,
+      agent: this.agent,
+      kid: this.kid,
+      value: this.value,
+      state: this.state,
+      createdAt: this.createdAt,
+      updatedAt: this.updatedAt
+    }
+  }
+}
+
+class PublicJwk {
+  constructor ({ db }) {
+    this.db = db
+    this.tableName = 'public_jwks'
+  }
+
+  async create (attrs = {}) {
+    const now = new Date()
+    const rowToInsert = {
+      agent_id: attrs.agent,
+      kid: attrs.kid,
+      value: attrs.value,
+      state: attrs.state || 'active',
+      created_at: now,
+      updated_at: now
     }
-    next()
+
+    const [row] = await this.db(this.tableName)
+      .insert(rowToInsert)
+      .returning(['id', 'agent_id', 'kid', 'value', 'state', 'created_at', 'updated_at'])
+
+    return this._fromRow(row)
+  }
+
+  async find (criteria = {}) {
+    const query = this.db(this.tableName)
+
+    if (criteria.id !== undefined) query.where({ id: criteria.id })
+    if (criteria.agent !== undefined) query.where({ agent_id: criteria.agent })
+    if (criteria.kid !== undefined) query.where({ kid: criteria.kid })
+    if (criteria.state !== undefined) query.where({ state: criteria.state })
+
+    const rows = await query.select(['id', 'agent_id', 'kid', 'value', 'state', 'created_at', 'updated_at'])
+
+    return rows.map((row) => this._fromRow(row))
   }
 
-  // customToJSON () {
-  //   const self = this
+  async findOne (criteria = {}) {
+    const query = this.db(this.tableName)
+
+    if (criteria.id !== undefined) query.where({ id: criteria.id })
+    if (criteria.agent !== undefined) query.where({ agent_id: criteria.agent })
+    if (criteria.kid !== undefined) query.where({ kid: criteria.kid })
+    if (criteria.state !== undefined) query.where({ state: criteria.state })
 
-  //   self.uidFormatted = `agent-${self.uid}`
-  //   self.wellKnownUrl = `${protocol()}://${self.uidFormatted}.${hostname()}/.well-known/http-message-signatures-directory`
-  //   // remove fields if needed
-  //   // delete self.privateKey
+    const row = await query
+      .select(['id', 'agent_id', 'kid', 'value', 'state', 'created_at', 'updated_at'])
+      .first()
 
-  //   return self
-  // }
-})
+    if (!row) return null
+
+    return this._fromRow(row)
+  }
+
+  _fromRow (row) {
+    if (!row) return null
+
+    return new PublicJwkRecord({
+      id: Number(row.id),
+      agent: Number(row.agent_id),
+      kid: row.kid,
+      value: row.value,
+      state: row.state,
+      createdAt: row.created_at,
+      updatedAt: row.updated_at
+    })
+  }
+}
 
 module.exports = PublicJwk

package/src/server/serializers/registerSerializer.js

@@ -0,0 +1,20 @@
+class RegisterSerializer {
+  constructor ({ agent, publicJwk, isNew }) {
+    this.agent = agent
+    this.publicJwk = publicJwk
+    this.isNew = isNew
+  }
+
+  run () {
+    const agentFormatted = this.agent.toJSON()
+
+    return {
+      uid: agentFormatted.uidFormatted,
+      kid: this.publicJwk.kid,
+      public_jwk: this.publicJwk,
+      is_new: Boolean(this.isNew)
+    }
+  }
+}
+
+module.exports = RegisterSerializer

package/src/server/services/registerService.js

@@ -0,0 +1,49 @@
+const primitives = require('./../../lib/primitives')
+
+class RegisterService {
+  constructor ({ models, httpMethod, uri, headers, publicJwk }) {
+    this.models = models
+    this.httpMethod = httpMethod
+    this.uri = uri
+    this.headers = headers
+    this.publicJwk = publicJwk
+  }
+
+  async run () {
+    this.verified = await primitives.verify(
+      this.httpMethod,
+      this.uri,
+      this.headers,
+      this.publicJwk
+    )
+
+    const existingPublicJwk = await this.models.public_jwk.findOne({ kid: this.verified.kid })
+    if (existingPublicJwk) {
+      const agent = await this.models.agent.findOne({ id: existingPublicJwk.agent })
+      if (!agent) {
+        throw new Error('agent not found for public_jwk')
+      }
+
+      return {
+        agent,
+        publicJwk: existingPublicJwk.value,
+        isNew: false
+      }
+    }
+
+    const agent = await this.models.agent.create()
+    const createdPublicJwk = await this.models.public_jwk.create({
+      agent: agent.id,
+      kid: this.verified.kid,
+      value: this.verified.public_jwk
+    })
+
+    return {
+      agent,
+      publicJwk: createdPublicJwk.value,
+      isNew: true
+    }
+  }
+}
+
+module.exports = RegisterService

package/src/server/services/register.js

@@ -1,13 +0,0 @@
-class Register {
-  constructor ({ httpMethod, uri, headers, publicJwk }) {
-    this.httpMethod = httpMethod
-    this.uri = uri
-    this.headers = headers
-    this.publicJwk = publicJwk
-  }
-
-  async run () {
-  }
-}
-
-module.exports = Register