igm/publisher-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve API token format and enhance auth status command

Browse Source 
- Change token format to reviq_<base58> prefix instead of raw hex
- Add me.authStatus API endpoint for detailed auth information
- Enhance CLI `reviq auth status` to show token details from API
- Add comprehensive tests for token generation (18 tests)
- Extract bootstrap logic to @reviq/db for reusability and testing
- Remove default db export; callers must use createDb() directly

Token changes:
- New format: reviq_<base58-encoded-32-bytes>
- Added parseToken() for validation
- Added isValidTokenFormat() helper

Auth status endpoint returns:
- User profile information
- Auth method (api_token or session)
- Token/session details (name, expiration, last used)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
RevIQ
2026-01-09 17:59:02 +08:00
parent df9b8808d0
commit 6b9b04d1d0
20 changed files with 764 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
apps/cli/src/routes/bootstrap.ts
View File

@@ -1,9 +1,7 @@
import type { LocalContext } from "../context.js";
import { createDb } from "@reviq/db";
import { createDb, executeBootstrap } from "@reviq/db";
import { buildCommand } from "@stricli/core";
import { writeConfig } from "../utils/config.js";
import { hashPassword } from "../utils/password.js";
import { generateToken, hashToken } from "../utils/token.js";
interface BootstrapFlags {
email: string;
@@ -17,98 +15,23 @@ async function bootstrap(
console.log("RevIQ Bootstrap - Create Superuser");
console.log("===================================\n");
// Validate password length
if (flags.password.length < 8) {
console.error("Error: Password must be at least 8 characters");
this.process.exit(1);
}
const db = createDb();
try {
// Check if user already exists
const existing = await db
.selectFrom("users")
.where("email", "=", flags.email.toLowerCase())
.select("id")
.executeTakeFirst();
// Execute the bootstrap operation
const result = await executeBootstrap(db, {
email: flags.email,
password: flags.password,
});
if (existing) {
console.error(`Error: User with email ${flags.email} already exists`);
await db.destroy();
this.process.exit(1);
}
// Hash the password
const passwordHash = hashPassword(flags.password);
// Create superuser
const [user] = await db
.insertInto("users")
.values({
email: flags.email.toLowerCase(),
password_hash: passwordHash,
is_superuser: true,
email_verified_at: new Date(),
})
.returning(["id", "email"])
.execute();
if (!user) {
console.error("Error: Failed to create user");
await db.destroy();
this.process.exit(1);
}
console.log(`Created superuser: ${user.email}`);
// Create "reviq" org
const [org] = await db
.insertInto("orgs")
.values({
slug: "reviq",
display_name: "RevIQ",
})
.returning(["id", "slug"])
.execute();
if (!org) {
console.error("Error: Failed to create org");
await db.destroy();
this.process.exit(1);
}
// Add user as owner of the org
await db
.insertInto("org_members")
.values({
org_id: org.id,
user_id: user.id,
role: "owner",
})
.execute();
console.log(`Created org: ${org.slug}`);
// Generate API token
const token = generateToken();
const tokenHashValue = hashToken(token);
await db
.insertInto("api_tokens")
.values({
user_id: user.id,
token_hash: tokenHashValue,
name: "CLI bootstrap token",
expires_at: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
})
.execute();
console.log(`Created superuser: ${result.user.email}`);
console.log(`Created org: ${result.org.slug}`);
// Save to config
await writeConfig({
apiUrl: Bun.env.API_URL ?? "http://localhost:9861",
token,
email: user.email,
token: result.token,
email: result.user.email,
});
console.log("Saved credentials to ~/.config/reviq/credentials.json");