initial commit
This commit is contained in:
Madison Grubb
155
server/utils/db.js
Normal file
155
server/utils/db.js
Normal file
@@ -0,0 +1,155 @@
|
||||
import { join } from 'node:path'
|
||||
import { mkdirSync, existsSync } from 'node:fs'
|
||||
import { createRequire } from 'node:module'
|
||||
import { promisify } from 'node:util'
|
||||
import { randomBytes } from 'node:crypto'
|
||||
import { hashPassword } from './password.js'
|
||||
|
||||
const DEFAULT_ADMIN_IDENTIFIER = 'admin'
|
||||
const DEFAULT_PASSWORD_LENGTH = 14
|
||||
const PASSWORD_CHARS = 'abcdefghjkmnopqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789'
|
||||
|
||||
function generateRandomPassword() {
|
||||
const bytes = randomBytes(DEFAULT_PASSWORD_LENGTH)
|
||||
let s = ''
|
||||
for (let i = 0; i < DEFAULT_PASSWORD_LENGTH; i++) {
|
||||
s += PASSWORD_CHARS[bytes[i] % PASSWORD_CHARS.length]
|
||||
}
|
||||
return s
|
||||
}
|
||||
|
||||
const require = createRequire(import.meta.url)
|
||||
const sqlite3 = require('sqlite3')
|
||||
|
||||
let dbInstance = null
|
||||
/** Set by tests to use :memory: or a temp path */
|
||||
let testPath = null
|
||||
|
||||
const USERS_SQL = `CREATE TABLE IF NOT EXISTS users (
|
||||
id TEXT PRIMARY KEY,
|
||||
identifier TEXT UNIQUE NOT NULL,
|
||||
password_hash TEXT NOT NULL,
|
||||
role TEXT NOT NULL DEFAULT 'member',
|
||||
created_at TEXT NOT NULL
|
||||
)`
|
||||
|
||||
const USERS_V2_SQL = `CREATE TABLE users_new (
|
||||
id TEXT PRIMARY KEY,
|
||||
identifier TEXT UNIQUE NOT NULL,
|
||||
password_hash TEXT,
|
||||
role TEXT NOT NULL DEFAULT 'member',
|
||||
created_at TEXT NOT NULL,
|
||||
auth_provider TEXT NOT NULL DEFAULT 'local',
|
||||
oidc_issuer TEXT,
|
||||
oidc_sub TEXT
|
||||
)`
|
||||
const USERS_OIDC_UNIQUE = `CREATE UNIQUE INDEX IF NOT EXISTS users_oidc_unique ON users(oidc_issuer, oidc_sub) WHERE oidc_issuer IS NOT NULL AND oidc_sub IS NOT NULL`
|
||||
const SESSIONS_SQL = `CREATE TABLE IF NOT EXISTS sessions (
|
||||
id TEXT PRIMARY KEY,
|
||||
user_id TEXT NOT NULL,
|
||||
created_at TEXT NOT NULL,
|
||||
expires_at TEXT NOT NULL,
|
||||
FOREIGN KEY(user_id) REFERENCES users(id)
|
||||
)`
|
||||
const POIS_SQL = `CREATE TABLE IF NOT EXISTS pois (
|
||||
id TEXT PRIMARY KEY,
|
||||
lat REAL NOT NULL,
|
||||
lng REAL NOT NULL,
|
||||
label TEXT NOT NULL DEFAULT '',
|
||||
icon_type TEXT NOT NULL DEFAULT 'pin'
|
||||
)`
|
||||
const DEVICES_SQL = `CREATE TABLE IF NOT EXISTS devices (
|
||||
id TEXT PRIMARY KEY,
|
||||
name TEXT NOT NULL DEFAULT '',
|
||||
device_type TEXT NOT NULL,
|
||||
vendor TEXT,
|
||||
lat REAL NOT NULL,
|
||||
lng REAL NOT NULL,
|
||||
stream_url TEXT NOT NULL DEFAULT '',
|
||||
source_type TEXT NOT NULL DEFAULT 'mjpeg',
|
||||
config TEXT
|
||||
)`
|
||||
|
||||
function getDbPath() {
|
||||
if (testPath) return testPath
|
||||
const dir = join(process.cwd(), 'data')
|
||||
if (!existsSync(dir)) mkdirSync(dir, { recursive: true })
|
||||
return join(dir, 'kestrelos.db')
|
||||
}
|
||||
|
||||
async function bootstrap(db) {
|
||||
if (testPath) return
|
||||
const row = await db.get('SELECT COUNT(*) as n FROM users')
|
||||
if (row?.n !== 0) return
|
||||
const email = process.env.BOOTSTRAP_EMAIL?.trim()
|
||||
const password = process.env.BOOTSTRAP_PASSWORD
|
||||
const identifier = (email && password) ? email : DEFAULT_ADMIN_IDENTIFIER
|
||||
const plainPassword = (email && password) ? password : generateRandomPassword()
|
||||
const id = crypto.randomUUID()
|
||||
const now = new Date().toISOString()
|
||||
await db.run(
|
||||
'INSERT INTO users (id, identifier, password_hash, role, created_at, auth_provider, oidc_issuer, oidc_sub) VALUES (?, ?, ?, ?, ?, ?, ?, ?)',
|
||||
[id, identifier, hashPassword(plainPassword), 'admin', now, 'local', null, null],
|
||||
)
|
||||
if (!email || !password) {
|
||||
console.log('\n[KestrelOS] No bootstrap admin configured. Default admin created. Sign in at /login with:\n')
|
||||
|
||||
console.log(` Identifier: ${identifier}\n Password: ${plainPassword}\n`)
|
||||
|
||||
console.log(' Set BOOTSTRAP_EMAIL and BOOTSTRAP_PASSWORD to use your own credentials on first run.\n')
|
||||
}
|
||||
}
|
||||
|
||||
async function migrateUsersIfNeeded(run, all) {
|
||||
const info = await all('PRAGMA table_info(users)')
|
||||
if (info.some(c => c.name === 'auth_provider')) return
|
||||
await run(USERS_V2_SQL)
|
||||
await run(
|
||||
`INSERT INTO users_new (id, identifier, password_hash, role, created_at, auth_provider, oidc_issuer, oidc_sub)
|
||||
SELECT id, identifier, password_hash, role, created_at, 'local', NULL, NULL FROM users`,
|
||||
)
|
||||
await run('DROP TABLE users')
|
||||
await run('ALTER TABLE users_new RENAME TO users')
|
||||
await run(USERS_OIDC_UNIQUE)
|
||||
}
|
||||
|
||||
export async function getDb() {
|
||||
if (dbInstance) return dbInstance
|
||||
const path = getDbPath()
|
||||
const db = new sqlite3.Database(path)
|
||||
const run = promisify(db.run.bind(db))
|
||||
const all = promisify(db.all.bind(db))
|
||||
const get = promisify(db.get.bind(db))
|
||||
await run(USERS_SQL)
|
||||
await migrateUsersIfNeeded(run, all)
|
||||
await run(SESSIONS_SQL)
|
||||
await run(POIS_SQL)
|
||||
await run(DEVICES_SQL)
|
||||
await bootstrap({ run, get })
|
||||
dbInstance = { db, run, all, get }
|
||||
return dbInstance
|
||||
}
|
||||
|
||||
/**
|
||||
* Close the DB connection. Call on server shutdown to avoid native sqlite3 crashes in worker teardown.
|
||||
*/
|
||||
export function closeDb() {
|
||||
if (dbInstance) {
|
||||
try {
|
||||
dbInstance.db.close()
|
||||
}
|
||||
catch {
|
||||
// ignore if already closed
|
||||
}
|
||||
dbInstance = null
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* For tests: use in-memory DB and reset singleton.
|
||||
* @param {string} path - e.g. ':memory:'
|
||||
*/
|
||||
export function setDbPathForTest(path) {
|
||||
testPath = path
|
||||
closeDb()
|
||||
}
|
||||
Reference in New Issue
Block a user