igm/publisher-dashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c1afc390622dab0b7ff26a34592a9f29103a3a72
publisher-dashboard/apps/cli/src/routes/bootstrap.ts
RevIQ c1afc39062 Add utils package with Web Crypto password hashing 
- Create @reviq/utils package with PBKDF2-SHA256 password hashing
  compatible with Cloudflare Workers (uses crypto.subtle)
- Update api-server and CLI to use new utils package for consistent
  password hashing format across the codebase
- Add pino logging to api-server for better request debugging
- Make login request tokens cryptographically secure base58 strings
  instead of database IDs
- Add migration to make login_requests.token non-nullable with unique
  constraint
- Fix RPCLink URL construction for client-side API calls
- Add db:codegen script to root package.json

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-09 18:12:33 +08:00

151 lines
3.6 KiB
TypeScript
Raw Blame History

import type { LocalContext } from "../context.js";
import { createDb } from "@reviq/db";
import { hashPassword } from "@reviq/utils";
import { buildCommand } from "@stricli/core";
import { writeConfig } from "../utils/config.js";
import { generateToken, hashToken } from "../utils/token.js";
interface BootstrapFlags {
email: string;
password: string;
}
async function bootstrap(
this: LocalContext,
flags: BootstrapFlags,
): Promise<void> {
console.log("RevIQ Bootstrap - Create Superuser");
console.log("===================================\n");
// Validate password length
if (flags.password.length < 8) {
console.error("Error: Password must be at least 8 characters");
this.process.exit(1);
}
const db = createDb();
try {
// Check if user already exists
const existing = await db
.selectFrom("users")
.where("email", "=", flags.email.toLowerCase())
.select("id")
.executeTakeFirst();
if (existing) {
console.error(`Error: User with email ${flags.email} already exists`);
await db.destroy();
this.process.exit(1);
}
// Hash the password
const passwordHash = await hashPassword(flags.password);
// Create superuser
const [user] = await db
.insertInto("users")
.values({
email: flags.email.toLowerCase(),
password_hash: passwordHash,
is_superuser: true,
email_verified_at: new Date(),
})
.returning(["id", "email"])
.execute();
if (!user) {
console.error("Error: Failed to create user");
await db.destroy();
this.process.exit(1);
}
console.log(`Created superuser: ${user.email}`);
// Create "reviq" org
const [org] = await db
.insertInto("orgs")
.values({
slug: "reviq",
display_name: "RevIQ",
})
.returning(["id", "slug"])
.execute();
if (!org) {
console.error("Error: Failed to create org");
await db.destroy();
this.process.exit(1);
}
// Add user as owner of the org
await db
.insertInto("org_members")
.values({
org_id: org.id,
user_id: user.id,
role: "owner",
})
.execute();
console.log(`Created org: ${org.slug}`);
// Generate API token
const token = generateToken();
const tokenHashValue = hashToken(token);
await db
.insertInto("api_tokens")
.values({
user_id: user.id,
token_hash: tokenHashValue,
name: "CLI bootstrap token",
expires_at: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
})
.execute();
// Save to config
await writeConfig({
apiUrl: Bun.env.API_URL ?? "http://localhost:9861",
token,
email: user.email,
});
console.log("Saved credentials to ~/.config/reviq/credentials.json");
console.log("\nBootstrap complete! You can now use the CLI.");
await db.destroy();
} catch (error) {
console.error(
"Error:",
error instanceof Error ? error.message : String(error),
);
await db.destroy();
this.process.exit(1);
}
}
export const bootstrapCommand = buildCommand({
func: bootstrap,
parameters: {
flags: {
email: {
kind: "parsed",
parse: String,
brief: "Email address for the superuser",
},
password: {
kind: "parsed",
parse: String,
brief: "Password for the superuser",
},
},
},
docs: {
brief: "Create a superuser account and initial organization",
fullDescription:
"Creates a superuser with the 'reviq' organization. " +
"Requires DATABASE_URL environment variable to be set.",
},
});
Reference in New Issue View Git Blame Copy Permalink