authx-cli 0.1.2

authx command-line interface — serve, migrate, and manage users
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125

use anyhow::Result;
use clap::Args;

use authx_core::models::{CreateOidcClient, CreateOrg, CreateUser};
use authx_storage::ports::{OidcClientRepository, OrgRepository, UserRepository};
use authx_storage::{memory::MemoryStore, sqlx::PostgresStore};

#[derive(Args)]
pub struct SeedArgs {
    /// PostgreSQL connection URL. If omitted, seeds an in-memory store (for testing only).
    #[arg(long, env = "DATABASE_URL")]
    database_url: Option<String>,
}

pub async fn run(args: SeedArgs) -> Result<()> {
    if let Some(ref url) = args.database_url {
        tracing::info!("connecting to postgres at {url}");
        let store = PostgresStore::connect(url).await?;
        PostgresStore::migrate(&store.pool).await?;
        seed(&store).await
    } else {
        tracing::warn!("no DATABASE_URL — seeding in-memory store (data will not persist)");
        let store = MemoryStore::new();
        seed(&store).await
    }
}

async fn seed<S>(store: &S) -> Result<()>
where
    S: UserRepository + OrgRepository + OidcClientRepository,
{
    // ── Admin user ──────────────────────────────────────────────────────────
    let admin_email = "admin@example.com";
    let admin = match UserRepository::find_by_email(store, admin_email).await? {
        Some(u) => {
            tracing::info!("  admin user already exists: {}", u.id);
            u
        }
        None => {
            let u = UserRepository::create(
                store,
                CreateUser {
                    email: admin_email.to_string(),
                    username: Some("admin".into()),
                    metadata: None,
                },
            )
            .await?;
            tracing::info!("  created admin user: {} ({})", u.id, admin_email);
            u
        }
    };

    // ── Demo organization ───────────────────────────────────────────────────
    let org_slug = "demo";
    let org = match OrgRepository::find_by_slug(store, org_slug).await? {
        Some(o) => {
            tracing::info!("  org '{}' already exists: {}", org_slug, o.id);
            o
        }
        None => {
            let o = OrgRepository::create(
                store,
                CreateOrg {
                    name: "Demo Organization".into(),
                    slug: org_slug.into(),
                    metadata: None,
                },
            )
            .await?;
            tracing::info!("  created org '{}': {}", org_slug, o.id);
            o
        }
    };

    // Add admin as org member (with default role)
    let roles = OrgRepository::find_roles(store, org.id).await?;
    if let Some(role) = roles.first() {
        match OrgRepository::add_member(store, org.id, admin.id, role.id).await {
            Ok(m) => tracing::info!("  added admin to org '{}' as member: {}", org_slug, m.id),
            Err(_) => tracing::info!("  admin already a member of '{}'", org_slug),
        }
    }

    // ── Sample OIDC client ──────────────────────────────────────────────────
    let clients = OidcClientRepository::list(store, 0, 100).await?;
    let demo_client = clients.iter().find(|c| c.name == "demo-app");
    match demo_client {
        Some(c) => {
            tracing::info!("  OIDC client 'demo-app' already exists: {}", c.client_id);
        }
        None => {
            let secret = "demo-secret-change-me";
            let secret_hash = authx_core::crypto::sha256_hex(secret.as_bytes());
            let c = OidcClientRepository::create(
                store,
                CreateOidcClient {
                    name: "demo-app".into(),
                    redirect_uris: vec!["http://localhost:3000/callback".into()],
                    grant_types: vec![
                        "authorization_code".into(),
                        "refresh_token".into(),
                        "urn:ietf:params:oauth:grant-type:device_code".into(),
                    ],
                    response_types: vec!["code".into()],
                    allowed_scopes: "openid profile email".into(),
                    secret_hash,
                },
            )
            .await?;
            tracing::info!(
                "  created OIDC client 'demo-app': {} (secret: {})",
                c.client_id,
                secret
            );
        }
    }

    tracing::info!("Seed complete. Summary:");
    tracing::info!("  Admin:  {} ({})", admin.id, admin_email);
    tracing::info!("  Org:    {} ({})", org.id, org_slug);
    tracing::info!("  Client: demo-app (secret: demo-secret-change-me)");

    Ok(())
}