josh/AIHostingTycoon
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add auth system with invite-only registration and admin roles

Browse Source 
JWT-based auth (hono/jwt + bcrypt), anonymous-first flow preserved.
Registration requires invite code when REQUIRE_INVITE=true. Admin
user seeded on startup (admin/admin, forced password reset). Login
accepts email or username. Admin invitations management page in
sidebar. Regular users get invite-a-friend button when USER_INVITATIONS > 0.
Frontend gate screen blocks game access for unregistered users with
invite code entry, registration, login, and password reset flows.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Josh Wright
2026-04-27 19:25:16 -04:00
parent df01ac8e35
commit 4881907c28
20 changed files with 1161 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/server/src/db/schema.ts
+12
View File
@@ -3,8 +3,11 @@ import { pgTable, uuid, text, timestamp, jsonb, integer, boolean, index } from '
export const users = pgTable('users', {
id: uuid('id').defaultRandom().primaryKey(),
anonToken: uuid('anon_token').defaultRandom().notNull().unique(),
username: text('username').unique(),
email: text('email').unique(),
passwordHash: text('password_hash'),
role: text('role').notNull().default('user'),
mustResetPassword: boolean('must_reset_password').notNull().default(false),
createdAt: timestamp('created_at').defaultNow().notNull(),
lastSeenAt: timestamp('last_seen_at').defaultNow().notNull(),
});
@@ -44,3 +47,12 @@ export const achievements = pgTable('achievements', {
}, (table) => [
index('achievements_user_id_idx').on(table.userId),
]);
export const invitations = pgTable('invitations', {
id: uuid('id').defaultRandom().primaryKey(),
code: text('code').notNull().unique(),
createdBy: uuid('created_by').notNull().references(() => users.id),
usedBy: uuid('used_by').references(() => users.id),
createdAt: timestamp('created_at').defaultNow().notNull(),
expiresAt: timestamp('expires_at'),
});
apps/server/src/db/seed.ts
+27
View File
@@ -0,0 +1,27 @@
import { eq } from 'drizzle-orm';
import bcrypt from 'bcryptjs';
import { db } from './index';
import { users } from './schema';
export async function seedAdmin() {
const [existing] = await db
.select()
.from(users)
.where(eq(users.username, 'admin'))
.limit(1);
if (existing) {
console.log('Admin user already exists');
return;
}
const passwordHash = await bcrypt.hash('admin', 10);
await db.insert(users).values({
username: 'admin',
passwordHash,
role: 'admin',
mustResetPassword: true,
});
console.log('Admin user seeded (admin/admin — password reset required)');
}