kennethnym/aris
1
0
Fork 0
mirror of https://github.com/kennethnym/aris.git synced 2026-03-20 17:11:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(backend): add admin plugin and create-admin script

Browse Source 
Add Better Auth admin plugin for role-based user management.
Includes a CLI script to create admin accounts.

Co-authored-by: Ona <no-reply@ona.com>
This commit is contained in:
Kenneth
2026-03-16 02:00:53 +00:00
parent 61c1ade631
commit 36bdf7e1bb
6 changed files with 158 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/aelis-backend/auth.ts
View File

@@ -2,6 +2,7 @@
// Run: bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts // Run: bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts
import { betterAuth } from "better-auth" import { betterAuth } from "better-auth"
import { drizzleAdapter } from "better-auth/adapters/drizzle" import { drizzleAdapter } from "better-auth/adapters/drizzle"
import { admin } from "better-auth/plugins"
import { SQL } from "bun" import { SQL } from "bun"
import { drizzle } from "drizzle-orm/bun-sql" import { drizzle } from "drizzle-orm/bun-sql"
@@ -13,6 +14,7 @@ export const auth = betterAuth({
emailAndPassword: { emailAndPassword: {
enabled: true, enabled: true,
}, },
plugins: [admin()],
}) })
export default auth export default auth

4
apps/aelis-backend/package.json
View File

@@ -9,8 +9,10 @@
"test": "bun test src/", "test": "bun test src/",
"db:generate": "bunx drizzle-kit generate", "db:generate": "bunx drizzle-kit generate",
"db:generate-auth": "bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts -y", "db:generate-auth": "bunx --bun auth@latest generate --config auth.ts --output src/db/auth-schema.ts -y",
"db:push": "bunx drizzle-kit push",
"db:migrate": "bunx drizzle-kit migrate", "db:migrate": "bunx drizzle-kit migrate",
"db:studio": "bunx drizzle-kit studio" "db:studio": "bunx drizzle-kit studio",
"create-admin": "bun run src/scripts/create-admin.ts"
}, },
"dependencies": { "dependencies": {
"@aelis/core": "workspace:*", "@aelis/core": "workspace:*",

3
apps/aelis-backend/src/auth/index.ts
View File

@@ -1,7 +1,9 @@
import { betterAuth } from "better-auth" import { betterAuth } from "better-auth"
import { drizzleAdapter } from "better-auth/adapters/drizzle" import { drizzleAdapter } from "better-auth/adapters/drizzle"
import { admin } from "better-auth/plugins"
import type { Database } from "../db/index.ts" import type { Database } from "../db/index.ts"
import * as schema from "../db/schema.ts" import * as schema from "../db/schema.ts"
export function createAuth(db: Database) { export function createAuth(db: Database) {
@@ -13,6 +15,7 @@ export function createAuth(db: Database) {
emailAndPassword: { emailAndPassword: {
enabled: true, enabled: true,
}, },
plugins: [admin()],
}) })
} }

8
apps/aelis-backend/src/auth/session-middleware.ts
View File

@@ -57,9 +57,7 @@ export function createRequireSession(auth: Auth): AuthSessionMiddleware {
* Creates a function to get session from headers. Useful for WebSocket upgrade validation. * Creates a function to get session from headers. Useful for WebSocket upgrade validation.
*/ */
export function createGetSessionFromHeaders(auth: Auth) { export function createGetSessionFromHeaders(auth: Auth) {
return async ( return async (headers: Headers): Promise<{ user: AuthUser; session: AuthSession } | null> => {
headers: Headers,
): Promise<{ user: AuthUser; session: AuthSession } | null> => {
const session = await auth.api.getSession({ headers }) const session = await auth.api.getSession({ headers })
return session return session
} }
@@ -86,6 +84,10 @@ export function mockAuthSessionMiddleware(userId?: string): AuthSessionMiddlewar
image: null, image: null,
createdAt: now, createdAt: now,
updatedAt: now, updatedAt: now,
role: "admin",
banned: false,
banReason: null,
banExpires: null,
} }
const session: AuthSession = { const session: AuthSession = {

23
apps/aelis-backend/src/db/auth-schema.ts
View File

@@ -1,5 +1,5 @@
import { relations } from "drizzle-orm"; import { relations } from "drizzle-orm"
import { pgTable, text, timestamp, boolean, index } from "drizzle-orm/pg-core"; import { pgTable, text, timestamp, boolean, index } from "drizzle-orm/pg-core"
export const user = pgTable("user", { export const user = pgTable("user", {
id: text("id").primaryKey(), id: text("id").primaryKey(),
@@ -11,7 +11,11 @@ export const user = pgTable("user", {
updatedAt: timestamp("updated_at") updatedAt: timestamp("updated_at")
.$onUpdate(() => new Date()) .$onUpdate(() => new Date())
.notNull(), .notNull(),
}); role: text("role"),
banned: boolean("banned").default(false),
banReason: text("ban_reason"),
banExpires: timestamp("ban_expires"),
})
export const session = pgTable( export const session = pgTable(
"session", "session",
@@ -28,9 +32,10 @@ export const session = pgTable(
userId: text("user_id") userId: text("user_id")
.notNull() .notNull()
.references(() => user.id, { onDelete: "cascade" }), .references(() => user.id, { onDelete: "cascade" }),
impersonatedBy: text("impersonated_by"),
}, },
(table) => [index("session_userId_idx").on(table.userId)], (table) => [index("session_userId_idx").on(table.userId)],
); )
export const account = pgTable( export const account = pgTable(
"account", "account",
@@ -54,7 +59,7 @@ export const account = pgTable(
.notNull(), .notNull(),
}, },
(table) => [index("account_userId_idx").on(table.userId)], (table) => [index("account_userId_idx").on(table.userId)],
); )
export const verification = pgTable( export const verification = pgTable(
"verification", "verification",
@@ -69,23 +74,23 @@ export const verification = pgTable(
.notNull(), .notNull(),
}, },
(table) => [index("verification_identifier_idx").on(table.identifier)], (table) => [index("verification_identifier_idx").on(table.identifier)],
); )
export const userRelations = relations(user, ({ many }) => ({ export const userRelations = relations(user, ({ many }) => ({
sessions: many(session), sessions: many(session),
accounts: many(account), accounts: many(account),
})); }))
export const sessionRelations = relations(session, ({ one }) => ({ export const sessionRelations = relations(session, ({ one }) => ({
user: one(user, { user: one(user, {
fields: [session.userId], fields: [session.userId],
references: [user.id], references: [user.id],
}), }),
})); }))
export const accountRelations = relations(account, ({ one }) => ({ export const accountRelations = relations(account, ({ one }) => ({
user: one(user, { user: one(user, {
fields: [account.userId], fields: [account.userId],
references: [user.id], references: [user.id],
}), }),
})); }))

63
apps/aelis-backend/src/scripts/create-admin.ts Normal file
View File

@@ -0,0 +1,63 @@
/**
* Creates an admin user account via Better Auth's server-side API.
*
* Usage:
* bun run src/scripts/create-admin.ts --name "Admin" --email admin@example.com --password secret123
*
* Requires DATABASE_URL and BETTER_AUTH_SECRET to be set (reads .env automatically).
*/
import { parseArgs } from "util"
import { createAuth } from "../auth/index.ts"
import { createDatabase } from "../db/index.ts"
function parseCliArgs(): { name: string; email: string; password: string } {
const { values } = parseArgs({
args: Bun.argv.slice(2),
options: {
name: { type: "string" },
email: { type: "string" },
password: { type: "string" },
},
strict: true,
})
if (!values.name || !values.email || !values.password) {
console.error(
"Usage: bun run src/scripts/create-admin.ts --name <name> --email <email> --password <password>",
)
process.exit(1)
}
return { name: values.name, email: values.email, password: values.password }
}
async function main() {
const { name, email, password } = parseCliArgs()
const databaseUrl = process.env.DATABASE_URL
if (!databaseUrl) {
console.error("DATABASE_URL is not set")
process.exit(1)
}
const { db, close } = createDatabase(databaseUrl)
try {
const auth = createAuth(db)
const result = await auth.api.createUser({
body: { name, email, password, role: "admin" },
})
console.log(`Admin account created: ${result.user.id} (${result.user.email})`)
} finally {
await close()
}
}
main().catch((err) => {
console.error("Failed to create admin account:", err)
process.exit(1)
})