Merge remote-tracking branch 'origin/main' into yu/breaking/collection

Author: saenyakorn

.changeset/shy-rice-grow.md

@@ -0,0 +1,8 @@
+---
+"@example/erp": patch
+"@kivotos/core": minor
+"@kivotos/next": minor
+---
+
+[[DRIZZ-31] Register Page](https://app.plane.so/softnetics/browse/DRIZZ-31/)
+[[DRIZZ-32] Login page](https://app.plane.so/softnetics/browse/DRIZZ-32/)

packages/core/src/auth/handlers/index.ts

@@ -10,8 +10,8 @@ import type { AuthConfig } from '..'
 export function createAuthHandlers<TAuthConfig extends AuthConfig>(config: TAuthConfig) {
   const handlers = {
     //  No authentication required
-    signUp: signUp({}),
-    loginEmail: loginEmail({}),
+    signUp: signUp(config),
+    loginEmail: loginEmail(config),
     signOut: signOut({}),
     resetPasswordEmail: resetPasswordEmail({}),
     forgotPasswordEmail: forgotPasswordEmail({}),

packages/core/src/auth/handlers/login-email.ts

@@ -1,15 +1,12 @@
 import z from 'zod'
 
 import { type ApiRouteHandler, type ApiRouteSchema, createEndpoint } from '../../endpoint'
+import type { AuthConfig } from '..'
 import { AccountProvider } from '../constant'
 import { type AuthContext } from '../context'
-import { setSessionCookie } from '../utils'
+import { setSessionCookie, verifyPassword } from '../utils'
 
-interface InternalRouteOptions {
-  prefix?: string
-}
-
-export function loginEmail<const TOptions extends InternalRouteOptions>(options: TOptions) {
+export function loginEmail<const TOptions extends AuthConfig>(options: TOptions) {
   const schema = {
     method: 'POST',
     path: '/api/auth/login-email',
@@ -36,9 +33,8 @@ export function loginEmail<const TOptions extends InternalRouteOptions>(options:
       AccountProvider.CREDENTIAL
     )
 
-    // TODO: Hash password and compare
-    const hashPassword = account.password
-    if (account.password !== hashPassword) {
+    const verifyStatus = await verifyPassword(args.body.password, account.password as string)
+    if (!verifyStatus) {
       throw new Error('Invalid password')
     }
 

packages/core/src/auth/handlers/sign-up.ts

@@ -1,12 +1,12 @@
 import z from 'zod'
 
 import { type ApiRouteHandler, type ApiRouteSchema, createEndpoint } from '../../endpoint'
+import type { AuthConfig } from '..'
 import { AccountProvider } from '../constant'
 import { type AuthContext } from '../context'
+import { hashPassword, setSessionCookie } from '../utils'
 
-interface InternalRouteOptions {}
-
-export function signUp<const TOptions extends InternalRouteOptions>(options: TOptions) {
+export function signUp<const TOptions extends AuthConfig>(options: TOptions) {
   const schema = {
     method: 'POST',
     path: '/api/auth/sign-up',
@@ -31,7 +31,9 @@ export function signUp<const TOptions extends InternalRouteOptions>(options: TOp
   } as const satisfies ApiRouteSchema
 
   const handler: ApiRouteHandler<AuthContext, typeof schema> = async (args) => {
-    const hasedPassword = args.body.password // TODO: hash password
+    const hashedPassword =
+      (await options.emailAndPassword?.passwordHasher?.(args.body.password)) ??
+      (await hashPassword(args.body.password))
 
     const user = await args.context.internalHandlers.user.create({
       name: args.body.name,
@@ -43,7 +45,7 @@ export function signUp<const TOptions extends InternalRouteOptions>(options: TOp
       userId: user.id,
       providerId: AccountProvider.CREDENTIAL,
       accountId: user.id,
-      password: hasedPassword,
+      password: hashedPassword,
     })
 
     // TODO: Check if sending email verification is enabled
@@ -56,15 +58,19 @@ export function signUp<const TOptions extends InternalRouteOptions>(options: TOp
       expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24),
     })
 
+    const responseHeaders = {}
+    if (options.emailAndPassword?.signUp?.autoLogin !== false) {
+      // Set session cookie if auto login is enabled
+      setSessionCookie(responseHeaders, session.token)
+    }
+
     return {
       status: 200,
       body: {
         token: session.token,
         user: user,
       },
-      headers: {
-        'Set-Cookie': `kivotosSession=${session.token}; Path=/; HttpOnly; Secure; SameSite=Strict`,
-      },
+      headers: responseHeaders,
     }
   }
 

packages/core/src/auth/index.ts

@@ -64,6 +64,7 @@ export interface AuthConfig {
   }
   emailAndPassword?: {
     enabled: boolean
+    passwordHasher?: (password: string) => Promise<string> // default: scrypt
     signUp?: {
       autoLogin?: boolean // default: true
       additionalFields?: Fields<any>

packages/core/src/auth/utils.ts

@@ -1,11 +1,21 @@
-import { parse as parseCookies } from 'cookie-es'
+import { parse as parseCookies, serialize } from 'cookie-es'
+import crypto, { randomBytes } from 'crypto'
+import { promisify } from 'util'
 
-function setCookie(headers: Record<string, string> | undefined, name: string, value: string) {
+const scrypt = promisify(crypto.scrypt)
+
+function setCookie(
+  headers: Record<string, string> | undefined,
+  name: string,
+  value: string,
+  options: { expires?: Date } = { expires: new Date(Date.now() + 1000 * 60 * 60 * 24) } // Default to 1 day expiration
+) {
+  serialize
   if (!headers) return
-  headers['Set-Cookie'] = `${name}=${value}; Path=/; HttpOnly; SameSite=Strict`
+  headers['Set-Cookie'] = serialize(name, value, options)
 }
 
-function deleteCookie(headers: Record<string, string> | undefined, name: string) {
+function deleteCookie(headers: Record<string, string> | undefined, name: string, expiresAt?: Date) {
   if (!headers) return
   headers['Set-Cookie'] = `${name}=; Path=/; HttpOnly; SameSite=Strict; Max-Age=0`
 }
@@ -24,3 +34,16 @@ export function setSessionCookie(headers: Record<string, string> | undefined, va
 export function deleteSessionCookie(headers?: Record<string, string>) {
   deleteCookie(headers, SESSION_COOKIE_NAME)
 }
+
+export async function hashPassword(password: string): Promise<string> {
+  const salt = randomBytes(8).toString('hex')
+  const derivedKey = await scrypt(password, salt, 64)
+  return salt + ':' + (derivedKey as Buffer).toString('hex')
+}
+
+export async function verifyPassword(password: string, hashedPassword: string): Promise<boolean> {
+  const [salt, key] = hashedPassword.split(':')
+  const keyBuffer = Buffer.from(key, 'hex')
+  const derivedKey = await scrypt(password, salt, 64)
+  return crypto.timingSafeEqual(keyBuffer, derivedKey as any)
+}

packages/next/src/components/collection-sidebar/index.tsx

@@ -25,7 +25,8 @@ export async function AppSidebar({ collections }: { collections: Record<string,
       intent="inset"
       className="flex gap-y-12 p-0 py-6 group-[:not([data-sidebar-state=collapsed])]/sidebar-container:p-6"
     >
-      <SidebarHeader className="border-border m-0 size-auto border-b pl-6">
+      {/* TODO: Make sidebar variations, so we won't need an important css flag */}
+      <SidebarHeader className="border-border m-0 size-auto! border-b pl-6 h-auto! w-full!">
         <div className="flex h-[68px] items-center gap-x-4">
           <div className="bg-primary/15 dark:bg-primary/20 border-primary dark:border-primary/40 relative flex overflow-clip rounded-md border p-4">
             <div className="bg-primary/20 absolute -inset-x-[25%] inset-y-0 m-auto h-2 -translate-x-4 -translate-y-4 -rotate-45 blur-[3px]" />

packages/next/src/config.tsx

@@ -16,6 +16,7 @@ import { AuthLayout } from './views/auth/layout'
 import { LoginView } from './views/auth/login'
 import { SignUpView } from './views/auth/sign-up'
 import { CreateView } from './views/collections/create'
+import { HomeView } from './views/collections/home'
 import { CollectionLayout } from './views/collections/layout'
 import { ListView } from './views/collections/list'
 import { OneView } from './views/collections/one'
@@ -68,6 +69,17 @@ export function defineNextJsServerConfig<
 ): NextJsServerConfig<TFullSchema, TContext, TCollections, TApiRouter> {
   const radixRouter = createRouter<RouterData>()
 
+  radixRouter.insert('/collections', {
+    requiredAuthentication: true,
+    view(args: { serverConfig: ServerConfig }) {
+      return (
+        <CollectionLayout serverConfig={args.serverConfig}>
+          <HomeView serverConfig={args.serverConfig} />
+        </CollectionLayout>
+      )
+    },
+  })
+
   // Collection
   radixRouter.insert(`/collections/:slug`, {
     requiredAuthentication: true,

packages/next/src/pages/root.tsx

@@ -27,7 +27,7 @@ export async function RootPage(props: RootProps) {
   if (result.requiredAuthentication) {
     user = await getUser(props.serverFunction)
     if (!user) {
-      return <NotAuthorizedPage redirectURL="/admin/login" />
+      return <NotAuthorizedPage redirectURL="/admin/auth/login" />
     }
   }
 

packages/next/src/views/auth/login.client.tsx

@@ -31,7 +31,7 @@ export function LoginClientForm() {
       return
     }
 
-    redirect('../collections/posts')
+    redirect('../collections')
   }
 
   return (