{"version":3,"file":"infra.mjs","names":[],"sources":["../../src/cli/infra.ts"],"sourcesContent":["import { randomBytes } from \"node:crypto\";\nimport { existsSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\nimport * as p from \"@clack/prompts\";\nimport { config as loadDotenv } from \"dotenv\";\nimport type { RuntimeConfig } from \"../types\";\n\nconst POSTGRES_USER = \"everythingdev\";\nconst POSTGRES_PASSWORD = \"everythingdev\";\nconst API_DATABASE_SECRET = \"API_DATABASE_URL\";\nconst AUTH_DATABASE_SECRET = \"AUTH_DATABASE_URL\";\nconst HOST_SECRET = \"CORS_ORIGIN\";\nconst BASE_DATABASE_PORT = 5434;\n\ninterface DatabaseSecretConfig {\n  secret: string;\n  slug: string;\n  port: number;\n  serviceName: string;\n  databaseName: string;\n  volumeName: string;\n  url: string;\n}\n\ninterface SecretGroup {\n  section: string;\n  secrets: string[];\n}\n\ninterface GeneratedInfraSpec {\n  groups: SecretGroup[];\n  databases: DatabaseSecretConfig[];\n}\n\ninterface SyncGeneratedInfraResult {\n  secrets: string[];\n  envExampleChanged: boolean;\n  dockerComposeChanged: boolean;\n}\n\nfunction uniqueSecrets(values: Array<string | undefined>): string[] {\n  const secrets: string[] = [];\n  const seen = new Set<string>();\n\n  for (const value of values) {\n    if (!value || seen.has(value)) continue;\n    seen.add(value);\n    secrets.push(value);\n  }\n\n  return secrets;\n}\n\nfunction getSecretGroups(runtimeConfig: RuntimeConfig): SecretGroup[] {\n  const groups: SecretGroup[] = [];\n  const seen = new Set<string>();\n\n  const addGroup = (section: string, secrets: string[]) => {\n    const filtered = secrets.filter((s) => {\n      if (seen.has(s)) return false;\n      seen.add(s);\n      return true;\n    });\n    if (filtered.length > 0) {\n      groups.push({ section, secrets: filtered });\n    }\n  };\n\n  addGroup(\"app.host\", uniqueSecrets([...(runtimeConfig.host.secrets ?? []), HOST_SECRET]));\n\n  addGroup(\"app.api\", uniqueSecrets(runtimeConfig.api.secrets ?? []));\n\n  if (runtimeConfig.auth) {\n    addGroup(\"app.auth\", uniqueSecrets(runtimeConfig.auth.secrets ?? []));\n  }\n\n  if (runtimeConfig.plugins) {\n    for (const [pluginKey, plugin] of Object.entries(runtimeConfig.plugins)) {\n      if (plugin.secrets && plugin.secrets.length > 0) {\n        addGroup(`plugins.${pluginKey}`, plugin.secrets);\n      }\n    }\n  }\n\n  return groups;\n}\n\nfunction buildGeneratedInfraSpec(runtimeConfig: RuntimeConfig): GeneratedInfraSpec {\n  const groups = getSecretGroups(runtimeConfig);\n  const databases = buildDatabaseConfigs(groups.flatMap((group) => group.secrets));\n  return { groups, databases };\n}\n\nfunction normalizeDatabaseSlug(secret: string): string {\n  return secret.replace(/_DATABASE_URL$/, \"\").toLowerCase();\n}\n\nfunction buildDatabaseConfigs(secrets: string[]): DatabaseSecretConfig[] {\n  const databaseSecrets = uniqueSecrets(\n    secrets.filter((secret) => secret.endsWith(\"_DATABASE_URL\")),\n  );\n\n  const additionalSecrets = databaseSecrets\n    .filter((secret) => secret !== API_DATABASE_SECRET && secret !== AUTH_DATABASE_SECRET)\n    .sort((a, b) => a.localeCompare(b));\n\n  const orderedSecrets = [API_DATABASE_SECRET, AUTH_DATABASE_SECRET, ...additionalSecrets];\n\n  return orderedSecrets.map((secret, index) => {\n    const slug = normalizeDatabaseSlug(secret);\n    const port =\n      secret === API_DATABASE_SECRET\n        ? 5432\n        : secret === AUTH_DATABASE_SECRET\n          ? 5433\n          : BASE_DATABASE_PORT + index - 2;\n\n    return {\n      secret,\n      slug,\n      port,\n      serviceName: `postgres-${slug.replace(/_/g, \"-\")}`,\n      databaseName: `${slug}_db`,\n      volumeName: `postgres_${slug}_data`,\n      url: `postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:${port}/${slug}_db`,\n    };\n  });\n}\n\nfunction defaultSecretValue(\n  secret: string,\n  databases: Map<string, DatabaseSecretConfig>,\n  options: { forExample: boolean },\n): string {\n  if (secret === \"BETTER_AUTH_SECRET\") {\n    return options.forExample ? \"\" : randomBytes(32).toString(\"base64url\");\n  }\n\n  if (secret === \"CORS_ORIGIN\") {\n    return \"http://localhost:3000\";\n  }\n\n  return databases.get(secret)?.url ?? \"\";\n}\n\nfunction renderEnvFile(\n  groups: SecretGroup[],\n  databases: DatabaseSecretConfig[],\n  options: { forExample: boolean },\n): string {\n  const databaseMap = new Map(databases.map((entry) => [entry.secret, entry]));\n  const lines: string[] = [\n    \"# Generated from configured bos secrets\",\n    \"# Update values as needed for your local environment\",\n    \"\",\n  ];\n\n  for (const group of groups) {\n    lines.push(`# ${group.section}`);\n    for (const secret of group.secrets) {\n      lines.push(`${secret}=${defaultSecretValue(secret, databaseMap, options)}`);\n    }\n    lines.push(\"\");\n  }\n\n  return `${lines.join(\"\\n\")}\\n`;\n}\n\nfunction renderDockerCompose(databases: DatabaseSecretConfig[]): string {\n  const lines = [\n    \"x-pg-common: &pg-common\",\n    \"  image: postgres:17-alpine\",\n    \"  environment: &pg-env\",\n    `    POSTGRES_USER: ${POSTGRES_USER}`,\n    `    POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}`,\n    \"  healthcheck:\",\n    '    test: [\"CMD-SHELL\", \"pg_isready -U everythingdev\"]',\n    \"    interval: 3s\",\n    \"    timeout: 3s\",\n    \"    retries: 5\",\n    \"\",\n    \"services:\",\n  ];\n\n  for (const database of databases) {\n    lines.push(`  ${database.serviceName}:`);\n    lines.push(\"    <<: *pg-common\");\n    lines.push(\"    environment:\");\n    lines.push(\"      <<: *pg-env\");\n    lines.push(`      POSTGRES_DB: ${database.databaseName}`);\n    lines.push(\"    ports:\");\n    lines.push(`      - \"${database.port}:5432\"`);\n    lines.push(\"    volumes:\");\n    lines.push(`      - ${database.volumeName}:/var/lib/postgresql/data`);\n    lines.push(\"\");\n  }\n\n  lines.push(\"volumes:\");\n  for (const database of databases) {\n    lines.push(`  ${database.volumeName}:`);\n  }\n\n  return `${lines.join(\"\\n\")}\\n`;\n}\n\nfunction syncTextFile(filePath: string, nextContent: string): boolean {\n  if (existsSync(filePath) && readFileSync(filePath, \"utf-8\") === nextContent) {\n    return false;\n  }\n\n  writeFileSync(filePath, nextContent);\n  return true;\n}\n\nexport function writeGeneratedInfra(configDir: string, runtimeConfig: RuntimeConfig): string[] {\n  return syncGeneratedInfra(configDir, runtimeConfig).secrets;\n}\n\nexport function syncGeneratedInfra(\n  configDir: string,\n  runtimeConfig: RuntimeConfig,\n): SyncGeneratedInfraResult {\n  const spec = buildGeneratedInfraSpec(runtimeConfig);\n  const secrets = spec.groups.flatMap((group) => group.secrets);\n  const newEnvContent = renderEnvFile(spec.groups, spec.databases, { forExample: true });\n  const newDockerContent = renderDockerCompose(spec.databases);\n\n  const envExamplePath = join(configDir, \".env.example\");\n  const dockerComposePath = join(configDir, \"docker-compose.yml\");\n\n  return {\n    secrets,\n    envExampleChanged: syncTextFile(envExamplePath, newEnvContent),\n    dockerComposeChanged: syncTextFile(dockerComposePath, newDockerContent),\n  };\n}\n\nexport function ensureEnvFile(configDir: string): void {\n  const envPath = join(configDir, \".env\");\n  const examplePath = join(configDir, \".env.example\");\n\n  if (existsSync(envPath) || !existsSync(examplePath)) return;\n\n  const content = readFileSync(examplePath, \"utf-8\");\n  const lines = content.split(\"\\n\");\n  const secret = randomBytes(32).toString(\"base64url\");\n  const updated = lines\n    .map((line) => {\n      if (/^BETTER_AUTH_SECRET=/.test(line)) {\n        return `BETTER_AUTH_SECRET=${secret}`;\n      }\n      return line;\n    })\n    .join(\"\\n\");\n\n  writeFileSync(envPath, updated);\n  p.log.info(\"Created .env from generated .env.example with generated BETTER_AUTH_SECRET\");\n}\n\nexport function loadProjectEnv(configDir: string): void {\n  const envPath = join(configDir, \".env\");\n  if (!existsSync(envPath)) return;\n\n  loadDotenv({ path: envPath, processEnv: process.env, quiet: true });\n}\n"],"mappings":";;;;;;;AAOA,MAAM,gBAAgB;AACtB,MAAM,oBAAoB;AAC1B,MAAM,sBAAsB;AAC5B,MAAM,uBAAuB;AAC7B,MAAM,cAAc;AACpB,MAAM,qBAAqB;AA4B3B,SAAS,cAAc,QAA6C;CAClE,MAAM,UAAoB,EAAE;CAC5B,MAAM,uBAAO,IAAI,KAAa;AAE9B,MAAK,MAAM,SAAS,QAAQ;AAC1B,MAAI,CAAC,SAAS,KAAK,IAAI,MAAM,CAAE;AAC/B,OAAK,IAAI,MAAM;AACf,UAAQ,KAAK,MAAM;;AAGrB,QAAO;;AAGT,SAAS,gBAAgB,eAA6C;CACpE,MAAM,SAAwB,EAAE;CAChC,MAAM,uBAAO,IAAI,KAAa;CAE9B,MAAM,YAAY,SAAiB,YAAsB;EACvD,MAAM,WAAW,QAAQ,QAAQ,MAAM;AACrC,OAAI,KAAK,IAAI,EAAE,CAAE,QAAO;AACxB,QAAK,IAAI,EAAE;AACX,UAAO;IACP;AACF,MAAI,SAAS,SAAS,EACpB,QAAO,KAAK;GAAE;GAAS,SAAS;GAAU,CAAC;;AAI/C,UAAS,YAAY,cAAc,CAAC,GAAI,cAAc,KAAK,WAAW,EAAE,EAAG,YAAY,CAAC,CAAC;AAEzF,UAAS,WAAW,cAAc,cAAc,IAAI,WAAW,EAAE,CAAC,CAAC;AAEnE,KAAI,cAAc,KAChB,UAAS,YAAY,cAAc,cAAc,KAAK,WAAW,EAAE,CAAC,CAAC;AAGvE,KAAI,cAAc,SAChB;OAAK,MAAM,CAAC,WAAW,WAAW,OAAO,QAAQ,cAAc,QAAQ,CACrE,KAAI,OAAO,WAAW,OAAO,QAAQ,SAAS,EAC5C,UAAS,WAAW,aAAa,OAAO,QAAQ;;AAKtD,QAAO;;AAGT,SAAS,wBAAwB,eAAkD;CACjF,MAAM,SAAS,gBAAgB,cAAc;AAE7C,QAAO;EAAE;EAAQ,WADC,qBAAqB,OAAO,SAAS,UAAU,MAAM,QAAQ,CACrD;EAAE;;AAG9B,SAAS,sBAAsB,QAAwB;AACrD,QAAO,OAAO,QAAQ,kBAAkB,GAAG,CAAC,aAAa;;AAG3D,SAAS,qBAAqB,SAA2C;AAWvE,QAAO;EAFiB;EAAqB;EAAsB,GAR3C,cACtB,QAAQ,QAAQ,WAAW,OAAO,SAAS,gBAAgB,CAAC,CAGrB,CACtC,QAAQ,WAAW,WAAW,uBAAuB,WAAW,qBAAqB,CACrF,MAAM,GAAG,MAAM,EAAE,cAAc,EAAE,CAEmD;EAElE,CAAC,KAAK,QAAQ,UAAU;EAC3C,MAAM,OAAO,sBAAsB,OAAO;EAC1C,MAAM,OACJ,WAAW,sBACP,OACA,WAAW,uBACT,OACA,qBAAqB,QAAQ;AAErC,SAAO;GACL;GACA;GACA;GACA,aAAa,YAAY,KAAK,QAAQ,MAAM,IAAI;GAChD,cAAc,GAAG,KAAK;GACtB,YAAY,YAAY,KAAK;GAC7B,KAAK,cAAc,cAAc,GAAG,kBAAkB,aAAa,KAAK,GAAG,KAAK;GACjF;GACD;;AAGJ,SAAS,mBACP,QACA,WACA,SACQ;AACR,KAAI,WAAW,qBACb,QAAO,QAAQ,aAAa,KAAK,YAAY,GAAG,CAAC,SAAS,YAAY;AAGxE,KAAI,WAAW,cACb,QAAO;AAGT,QAAO,UAAU,IAAI,OAAO,EAAE,OAAO;;AAGvC,SAAS,cACP,QACA,WACA,SACQ;CACR,MAAM,cAAc,IAAI,IAAI,UAAU,KAAK,UAAU,CAAC,MAAM,QAAQ,MAAM,CAAC,CAAC;CAC5E,MAAM,QAAkB;EACtB;EACA;EACA;EACD;AAED,MAAK,MAAM,SAAS,QAAQ;AAC1B,QAAM,KAAK,KAAK,MAAM,UAAU;AAChC,OAAK,MAAM,UAAU,MAAM,QACzB,OAAM,KAAK,GAAG,OAAO,GAAG,mBAAmB,QAAQ,aAAa,QAAQ,GAAG;AAE7E,QAAM,KAAK,GAAG;;AAGhB,QAAO,GAAG,MAAM,KAAK,KAAK,CAAC;;AAG7B,SAAS,oBAAoB,WAA2C;CACtE,MAAM,QAAQ;EACZ;EACA;EACA;EACA,sBAAsB;EACtB,0BAA0B;EAC1B;EACA;EACA;EACA;EACA;EACA;EACA;EACD;AAED,MAAK,MAAM,YAAY,WAAW;AAChC,QAAM,KAAK,KAAK,SAAS,YAAY,GAAG;AACxC,QAAM,KAAK,qBAAqB;AAChC,QAAM,KAAK,mBAAmB;AAC9B,QAAM,KAAK,oBAAoB;AAC/B,QAAM,KAAK,sBAAsB,SAAS,eAAe;AACzD,QAAM,KAAK,aAAa;AACxB,QAAM,KAAK,YAAY,SAAS,KAAK,QAAQ;AAC7C,QAAM,KAAK,eAAe;AAC1B,QAAM,KAAK,WAAW,SAAS,WAAW,2BAA2B;AACrE,QAAM,KAAK,GAAG;;AAGhB,OAAM,KAAK,WAAW;AACtB,MAAK,MAAM,YAAY,UACrB,OAAM,KAAK,KAAK,SAAS,WAAW,GAAG;AAGzC,QAAO,GAAG,MAAM,KAAK,KAAK,CAAC;;AAG7B,SAAS,aAAa,UAAkB,aAA8B;AACpE,KAAI,WAAW,SAAS,IAAI,aAAa,UAAU,QAAQ,KAAK,YAC9D,QAAO;AAGT,eAAc,UAAU,YAAY;AACpC,QAAO;;AAGT,SAAgB,oBAAoB,WAAmB,eAAwC;AAC7F,QAAO,mBAAmB,WAAW,cAAc,CAAC;;AAGtD,SAAgB,mBACd,WACA,eAC0B;CAC1B,MAAM,OAAO,wBAAwB,cAAc;CACnD,MAAM,UAAU,KAAK,OAAO,SAAS,UAAU,MAAM,QAAQ;CAC7D,MAAM,gBAAgB,cAAc,KAAK,QAAQ,KAAK,WAAW,EAAE,YAAY,MAAM,CAAC;CACtF,MAAM,mBAAmB,oBAAoB,KAAK,UAAU;CAE5D,MAAM,iBAAiB,KAAK,WAAW,eAAe;CACtD,MAAM,oBAAoB,KAAK,WAAW,qBAAqB;AAE/D,QAAO;EACL;EACA,mBAAmB,aAAa,gBAAgB,cAAc;EAC9D,sBAAsB,aAAa,mBAAmB,iBAAiB;EACxE;;AAGH,SAAgB,cAAc,WAAyB;CACrD,MAAM,UAAU,KAAK,WAAW,OAAO;CACvC,MAAM,cAAc,KAAK,WAAW,eAAe;AAEnD,KAAI,WAAW,QAAQ,IAAI,CAAC,WAAW,YAAY,CAAE;CAGrD,MAAM,QADU,aAAa,aAAa,QACrB,CAAC,MAAM,KAAK;CACjC,MAAM,SAAS,YAAY,GAAG,CAAC,SAAS,YAAY;AAUpD,eAAc,SATE,MACb,KAAK,SAAS;AACb,MAAI,uBAAuB,KAAK,KAAK,CACnC,QAAO,sBAAsB;AAE/B,SAAO;GACP,CACD,KAAK,KAEsB,CAAC;AAC/B,GAAE,IAAI,KAAK,6EAA6E;;AAG1F,SAAgB,eAAe,WAAyB;CACtD,MAAM,UAAU,KAAK,WAAW,OAAO;AACvC,KAAI,CAAC,WAAW,QAAQ,CAAE;AAE1B,QAAW;EAAE,MAAM;EAAS,YAAY,QAAQ;EAAK,OAAO;EAAM,CAAC"}