Merge remote-tracking branch 'origin/main' into yu/feat/admin-plugin

saenyakorn · saenyakorn · commit 25b6c5e21351 · 2025-05-28T12:30:20.000+07:00
diff --git a/.changeset/shy-rice-grow.md b/.changeset/shy-rice-grow.md
@@ -0,0 +1,8 @@
+---
+"@example/erp": patch
+"@kivotos/core": minor
+"@kivotos/next": minor
+---
+
+[[DRIZZ-31] Register Page](https://app.plane.so/softnetics/browse/DRIZZ-31/)
+[[DRIZZ-32] Login page](https://app.plane.so/softnetics/browse/DRIZZ-32/)
diff --git a/packages/core/src/auth/handlers/index.ts b/packages/core/src/auth/handlers/index.ts
@@ -10,8 +10,8 @@ import type { AuthConfig } from '..'
 export function createAuthHandlers<TAuthConfig extends AuthConfig>(config: TAuthConfig) {
   const handlers = {
     //  No authentication required
-    signUp: signUp({}),
-    loginEmail: loginEmail({}),
+    signUp: signUp(config),
+    loginEmail: loginEmail(config),
     signOut: signOut({}),
     resetPasswordEmail: resetPasswordEmail({}),
     forgotPasswordEmail: forgotPasswordEmail({}),
diff --git a/packages/core/src/auth/handlers/login-email.ts b/packages/core/src/auth/handlers/login-email.ts
@@ -1,15 +1,12 @@
 import z from 'zod'
 
 import { type ApiRouteHandler, type ApiRouteSchema, createEndpoint } from '../../endpoint'
+import type { AuthConfig } from '..'
 import { AccountProvider } from '../constant'
 import { type AuthContext } from '../context'
-import { setSessionCookie } from '../utils'
+import { setSessionCookie, verifyPassword } from '../utils'
 
-interface InternalRouteOptions {
-  prefix?: string
-}
-
-export function loginEmail<const TOptions extends InternalRouteOptions>(options: TOptions) {
+export function loginEmail<const TOptions extends AuthConfig>(options: TOptions) {
   const schema = {
     method: 'POST',
     path: '/api/auth/login-email',
@@ -36,9 +33,8 @@ export function loginEmail<const TOptions extends InternalRouteOptions>(options:
       AccountProvider.CREDENTIAL
     )
 
-    // TODO: Hash password and compare
-    const hashPassword = account.password
-    if (account.password !== hashPassword) {
+    const verifyStatus = await verifyPassword(args.body.password, account.password as string)
+    if (!verifyStatus) {
       throw new Error('Invalid password')
     }
 
diff --git a/packages/core/src/auth/handlers/sign-up.ts b/packages/core/src/auth/handlers/sign-up.ts
@@ -1,12 +1,12 @@
 import z from 'zod'
 
 import { type ApiRouteHandler, type ApiRouteSchema, createEndpoint } from '../../endpoint'
+import type { AuthConfig } from '..'
 import { AccountProvider } from '../constant'
 import { type AuthContext } from '../context'
+import { hashPassword, setSessionCookie } from '../utils'
 
-interface InternalRouteOptions {}
-
-export function signUp<const TOptions extends InternalRouteOptions>(options: TOptions) {
+export function signUp<const TOptions extends AuthConfig>(options: TOptions) {
   const schema = {
     method: 'POST',
     path: '/api/auth/sign-up',
@@ -31,7 +31,9 @@ export function signUp<const TOptions extends InternalRouteOptions>(options: TOp
   } as const satisfies ApiRouteSchema
 
   const handler: ApiRouteHandler<AuthContext, typeof schema> = async (args) => {
-    const hasedPassword = args.body.password // TODO: hash password
+    const hashedPassword =
+      (await options.emailAndPassword?.passwordHasher?.(args.body.password)) ??
+      (await hashPassword(args.body.password))
 
     const user = await args.context.internalHandlers.user.create({
       name: args.body.name,
@@ -43,7 +45,7 @@ export function signUp<const TOptions extends InternalRouteOptions>(options: TOp
       userId: user.id,
       providerId: AccountProvider.CREDENTIAL,
       accountId: user.id,
-      password: hasedPassword,
+      password: hashedPassword,
     })
 
     // TODO: Check if sending email verification is enabled
@@ -56,15 +58,19 @@ export function signUp<const TOptions extends InternalRouteOptions>(options: TOp
       expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24),
     })
 
+    const responseHeaders = {}
+    if (options.emailAndPassword?.signUp?.autoLogin !== false) {
+      // Set session cookie if auto login is enabled
+      setSessionCookie(responseHeaders, session.token)
+    }
+
     return {
       status: 200,
       body: {
         token: session.token,
         user: user,
       },
-      headers: {
-        'Set-Cookie': `kivotosSession=${session.token}; Path=/; HttpOnly; Secure; SameSite=Strict`,
-      },
+      headers: responseHeaders,
     }
   }
 
diff --git a/packages/core/src/auth/index.ts b/packages/core/src/auth/index.ts
@@ -76,6 +76,7 @@ export interface AuthConfig {
   }
   emailAndPassword?: {
     enabled: boolean
+    passwordHasher?: (password: string) => Promise<string> // default: scrypt
     signUp?: {
       autoLogin?: boolean // default: true
       additionalFields?: Fields<any>
diff --git a/packages/core/src/auth/utils.ts b/packages/core/src/auth/utils.ts
@@ -1,11 +1,21 @@
-import { parse as parseCookies } from 'cookie-es'
+import { parse as parseCookies, serialize } from 'cookie-es'
+import crypto, { randomBytes } from 'crypto'
+import { promisify } from 'util'
 
-function setCookie(headers: Record<string, string> | undefined, name: string, value: string) {
+const scrypt = promisify(crypto.scrypt)
+
+function setCookie(
+  headers: Record<string, string> | undefined,
+  name: string,
+  value: string,
+  options: { expires?: Date } = { expires: new Date(Date.now() + 1000 * 60 * 60 * 24) } // Default to 1 day expiration
+) {
+  serialize
   if (!headers) return
-  headers['Set-Cookie'] = `${name}=${value}; Path=/; HttpOnly; SameSite=Strict`
+  headers['Set-Cookie'] = serialize(name, value, options)
 }
 
-function deleteCookie(headers: Record<string, string> | undefined, name: string) {
+function deleteCookie(headers: Record<string, string> | undefined, name: string, expiresAt?: Date) {
   if (!headers) return
   headers['Set-Cookie'] = `${name}=; Path=/; HttpOnly; SameSite=Strict; Max-Age=0`
 }
@@ -24,3 +34,16 @@ export function setSessionCookie(headers: Record<string, string> | undefined, va
 export function deleteSessionCookie(headers?: Record<string, string>) {
   deleteCookie(headers, SESSION_COOKIE_NAME)
 }
+
+export async function hashPassword(password: string): Promise<string> {
+  const salt = randomBytes(8).toString('hex')
+  const derivedKey = await scrypt(password, salt, 64)
+  return salt + ':' + (derivedKey as Buffer).toString('hex')
+}
+
+export async function verifyPassword(password: string, hashedPassword: string): Promise<boolean> {
+  const [salt, key] = hashedPassword.split(':')
+  const keyBuffer = Buffer.from(key, 'hex')
+  const derivedKey = await scrypt(password, salt, 64)
+  return crypto.timingSafeEqual(keyBuffer, derivedKey as any)
+}
diff --git a/packages/next/src/components/collection-sidebar/index.tsx b/packages/next/src/components/collection-sidebar/index.tsx
@@ -25,7 +25,8 @@ export async function AppSidebar({ collections }: { collections: Record<string,
       intent="inset"
       className="flex gap-y-12 p-0 py-6 group-[:not([data-sidebar-state=collapsed])]/sidebar-container:p-6"
     >
-      <SidebarHeader className="border-border m-0 size-auto border-b pl-6">
+      {/* TODO: Make sidebar variations, so we won't need an important css flag */}
+      <SidebarHeader className="border-border m-0 size-auto! border-b pl-6 h-auto! w-full!">
         <div className="flex h-[68px] items-center gap-x-4">
           <div className="bg-primary/15 dark:bg-primary/20 border-primary dark:border-primary/40 relative flex overflow-clip rounded-md border p-4">
             <div className="bg-primary/20 absolute -inset-x-[25%] inset-y-0 m-auto h-2 -translate-x-4 -translate-y-4 -rotate-45 blur-[3px]" />
diff --git a/packages/next/src/config.tsx b/packages/next/src/config.tsx
@@ -16,6 +16,7 @@ import { AuthLayout } from './views/auth/layout'
 import { LoginView } from './views/auth/login'
 import { SignUpView } from './views/auth/sign-up'
 import { CreateView } from './views/collections/create'
+import { HomeView } from './views/collections/home'
 import { CollectionLayout } from './views/collections/layout'
 import { ListView } from './views/collections/list'
 import { OneView } from './views/collections/one'
@@ -68,6 +69,17 @@ export function defineNextJsServerConfig<
 ): NextJsServerConfig<TFullSchema, TContext, TCollections, TApiRouter> {
   const radixRouter = createRouter<RouterData>()
 
+  radixRouter.insert('/collections', {
+    requiredAuthentication: true,
+    view(args: { serverConfig: ServerConfig }) {
+      return (
+        <CollectionLayout serverConfig={args.serverConfig}>
+          <HomeView serverConfig={args.serverConfig} />
+        </CollectionLayout>
+      )
+    },
+  })
+
   // Collection
   radixRouter.insert(`/collections/:slug`, {
     requiredAuthentication: true,
diff --git a/packages/next/src/pages/root.tsx b/packages/next/src/pages/root.tsx
@@ -27,7 +27,7 @@ export async function RootPage(props: RootProps) {
   if (result.requiredAuthentication) {
     user = await getUser(props.serverFunction)
     if (!user) {
-      return <NotAuthorizedPage redirectURL="/admin/login" />
+      return <NotAuthorizedPage redirectURL="/admin/auth/login" />
     }
   }
 
diff --git a/packages/next/src/views/auth/login.client.tsx b/packages/next/src/views/auth/login.client.tsx
@@ -31,7 +31,7 @@ export function LoginClientForm() {
       return
     }
 
-    redirect('../collections/posts')
+    redirect('../collections')
   }
 
   return (
diff --git a/packages/next/src/views/collections/home.tsx b/packages/next/src/views/collections/home.tsx
@@ -5,8 +5,8 @@ import 'server-only'
  */
 import type { ServerConfig } from '@kivotos/core'
 
-import { CollectionCard } from '../components/collection-card'
-import { Typography } from '../components/primitives/typography'
+import { CollectionCard } from '../../components/collection-card'
+import { Typography } from '../../components/primitives/typography'
 
 const greeting = () => {
   const time = new Date().getHours()
@@ -26,7 +26,7 @@ type HomepageProps = {
   serverConfig: ServerConfig
 }
 
-export const HomePage = ({ serverConfig }: HomepageProps) => {
+export const HomeView = ({ serverConfig }: HomepageProps) => {
   const collections = Object.values(serverConfig.collections).map((col) => col.slug)
 
   return (
diff --git a/turbo.json b/turbo.json
@@ -1,6 +1,10 @@
 {
   "$schema": "https://turbo.build/schema.json",
   "ui": "tui",
+  "remoteCache": {
+    "timeout": 300,
+    "uploadTimeout": 300
+  },
   "tasks": {
     "build": {
       "dependsOn": ["^build"],

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,7 @@ export interface AuthConfig {`
`76`	`76`	`}`
`77`	`77`	`emailAndPassword?: {`
`78`	`78`	`enabled: boolean`
	`79`	`+ passwordHasher?: (password: string) => Promise<string> // default: scrypt`
`79`	`80`	`signUp?: {`
`80`	`81`	`autoLogin?: boolean // default: true`
`81`	`82`	`additionalFields?: Fields<any>`
Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ export async function RootPage(props: RootProps) {`
`27`	`27`	`if (result.requiredAuthentication) {`
`28`	`28`	`user = await getUser(props.serverFunction)`
`29`	`29`	`if (!user) {`
`30`		`- return <NotAuthorizedPage redirectURL="/admin/login" />`
	`30`	`+ return <NotAuthorizedPage redirectURL="/admin/auth/login" />`
`31`	`31`	`}`
`32`	`32`	`}`
`33`	`33`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ export function LoginClientForm() {`
`31`	`31`	`return`
`32`	`32`	`}`
`33`	`33`
`34`		`- redirect('../collections/posts')`
	`34`	`+ redirect('../collections')`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`return (`