BetterFrame/server/src/plugins/service-admin-http/routes-setup.ts

/**
 * First-run setup routes.
 */
import { type H3, readBody } from "h3";
import { htmlPage } from "./html-response.js";
import type { AdminDeps } from "./index.js";
import { SetupPage } from "../../web-templates/auth-pages.js";

export function registerSetupRoutes(app: H3, deps: AdminDeps): void {
  app.get("/setup", async () => {
    if (await deps.repo.isSetupComplete()) {
      return new Response(null, { status: 302, headers: { location: "/admin/" } });
    }
    return htmlPage(SetupPage({}));
  });

  app.post("/setup", async (event) => {
    if (await deps.repo.isSetupComplete()) {
      return new Response(null, { status: 302, headers: { location: "/admin/" } });
    }

    const body = await readBody<{ username?: string; password?: string }>(event);
    const username = (body?.username ?? "").trim();
    const password = body?.password ?? "";
    const errors: string[] = [];

    if (!username || username.length < 3 || username.length > 64) {
      errors.push("Username must be 3–64 characters.");
    } else if (!/^[a-zA-Z0-9_-]+$/.test(username)) {
      errors.push("Username may only contain letters, digits, underscore, or hyphen.");
    }
    if (password.length < 12) {
      errors.push("Password must be at least 12 characters.");
    }

    if (errors.length > 0) {
      return htmlPage(SetupPage({ error: errors.join(" "), username }));
    }

    const hash = await deps.auth.hashPassword(password);
    await deps.repo.createUser({ username, password_hash: hash, role: "admin" });

    const clusterKey = deps.secrets.generateClusterKey();
    const encryptedCluster = deps.secrets.encryptString(clusterKey, "cluster");
    await deps.repo.setSetupExtra("cluster_key_encrypted", encryptedCluster);
    await deps.repo.markClusterKeyProvisioned();

    // Setup only creates admin user + cluster key.
    // Displays are created when kiosks are paired (kiosk reports HDMI ports).
    // Layouts are created by admin after pairing.
    await deps.repo.markSetupComplete();

    return new Response(null, {
      status: 302,
      headers: { location: "/auth/login?welcome=1" },
    });
  });
}
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
+								/**
 								 * First-run setup routes.
 								 */
-												fix: use Response wrapper instead of h3 tagged template html()

h3 v2's html() is a tagged template literal, not a function that
accepts a string. JSX-rendered markup passed directly causes
"first.reduce is not a function". Created htmlPage() helper that
wraps markup in a proper Response with text/html content type.

											
										
										
											2026-05-10 00:50:16 +00:00
+								import { type H3, readBody } from "h3";
 								import { htmlPage } from "./html-response.js";
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
+								import type { AdminDeps } from "./index.js";
 								import { SetupPage } from "../../web-templates/auth-pages.js";
 								export function registerSetupRoutes(app: H3, deps: AdminDeps): void {
-												feat(db): full async Repository conversion for PostgreSQL support

Mechanical conversion of the entire data access layer from synchronous
node:sqlite API to async DbAdapter interface. Enables PostgreSQL
(PgAdapter) as a drop-in backend alongside SQLite (SqliteAdapter).

Repository (2208 lines):
  - Constructor accepts DbAdapter instead of DatabaseSync
  - Internal _run/_get/_all/_exec helpers wrap adapter calls
  - All 155 methods converted to async, return Promise<T>
  - transact() uses adapter.transaction() (supports PG savepoints)

14 caller files updated (327 call sites):
  - routes-admin.ts: 202 repo calls + 6 async helper functions
  - service-api-http: 40 repo calls + async getClusterKey
  - routes-firmware.ts, routes-os-updates.ts, routes-auth.ts,
    routes-setup.ts, middleware.ts: all handlers made async
  - shared/auth.ts: resolveSession + revokeSession now async
  - shared/bundle.ts: generateBundle now async, .map→for..of loops
  - shared/pairing.ts: all 3 functions async
  - shared/audit.ts: audit() now async
  - shared/camera-health.ts: checkAll repo calls awaited
  - service-coordinator-ws: session + kiosk lookups awaited
  - service-store/index.ts: creates SqliteAdapter.fromExisting()

SqliteAdapter gains static fromExisting(db) factory for wrapping an
already-opened DatabaseSync (migrations run on raw db, then adapter
wraps for Repository queries).

tsc --noEmit: zero errors.

											
										
										
											2026-05-23 00:07:44 +00:00
+								  app.get("/setup", async () => {
 								    if (await deps.repo.isSetupComplete()) {
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
+								      return new Response(null, { status: 302, headers: { location: "/admin/" } });
 								    }
-												fix: use Response wrapper instead of h3 tagged template html()

h3 v2's html() is a tagged template literal, not a function that
accepts a string. JSX-rendered markup passed directly causes
"first.reduce is not a function". Created htmlPage() helper that
wraps markup in a proper Response with text/html content type.

											
										
										
											2026-05-10 00:50:16 +00:00
+								    return htmlPage(SetupPage({}));
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
+								  });
 								  app.post("/setup", async (event) => {
-												feat(db): full async Repository conversion for PostgreSQL support

Mechanical conversion of the entire data access layer from synchronous
node:sqlite API to async DbAdapter interface. Enables PostgreSQL
(PgAdapter) as a drop-in backend alongside SQLite (SqliteAdapter).

Repository (2208 lines):
  - Constructor accepts DbAdapter instead of DatabaseSync
  - Internal _run/_get/_all/_exec helpers wrap adapter calls
  - All 155 methods converted to async, return Promise<T>
  - transact() uses adapter.transaction() (supports PG savepoints)

14 caller files updated (327 call sites):
  - routes-admin.ts: 202 repo calls + 6 async helper functions
  - service-api-http: 40 repo calls + async getClusterKey
  - routes-firmware.ts, routes-os-updates.ts, routes-auth.ts,
    routes-setup.ts, middleware.ts: all handlers made async
  - shared/auth.ts: resolveSession + revokeSession now async
  - shared/bundle.ts: generateBundle now async, .map→for..of loops
  - shared/pairing.ts: all 3 functions async
  - shared/audit.ts: audit() now async
  - shared/camera-health.ts: checkAll repo calls awaited
  - service-coordinator-ws: session + kiosk lookups awaited
  - service-store/index.ts: creates SqliteAdapter.fromExisting()

SqliteAdapter gains static fromExisting(db) factory for wrapping an
already-opened DatabaseSync (migrations run on raw db, then adapter
wraps for Repository queries).

tsc --noEmit: zero errors.

											
										
										
											2026-05-23 00:07:44 +00:00
+								    if (await deps.repo.isSetupComplete()) {
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
+								      return new Response(null, { status: 302, headers: { location: "/admin/" } });
 								    }
 								    const body = await readBody<{ username?: string; password?: string }>(event);
 								    const username = (body?.username ?? "").trim();
 								    const password = body?.password ?? "";
 								    const errors: string[] = [];
 								    if (!username || username.length < 3 || username.length > 64) {
 								      errors.push("Username must be 3–64 characters.");
 								    } else if (!/^[a-zA-Z0-9_-]+$/.test(username)) {
 								      errors.push("Username may only contain letters, digits, underscore, or hyphen.");
 								    }
 								    if (password.length < 12) {
 								      errors.push("Password must be at least 12 characters.");
 								    }
 								    if (errors.length > 0) {
-												fix: use Response wrapper instead of h3 tagged template html()

h3 v2's html() is a tagged template literal, not a function that
accepts a string. JSX-rendered markup passed directly causes
"first.reduce is not a function". Created htmlPage() helper that
wraps markup in a proper Response with text/html content type.

											
										
										
											2026-05-10 00:50:16 +00:00
+								      return htmlPage(SetupPage({ error: errors.join(" "), username }));
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
+								    }
 								    const hash = await deps.auth.hashPassword(password);
-												feat(db): full async Repository conversion for PostgreSQL support

Mechanical conversion of the entire data access layer from synchronous
node:sqlite API to async DbAdapter interface. Enables PostgreSQL
(PgAdapter) as a drop-in backend alongside SQLite (SqliteAdapter).

Repository (2208 lines):
  - Constructor accepts DbAdapter instead of DatabaseSync
  - Internal _run/_get/_all/_exec helpers wrap adapter calls
  - All 155 methods converted to async, return Promise<T>
  - transact() uses adapter.transaction() (supports PG savepoints)

14 caller files updated (327 call sites):
  - routes-admin.ts: 202 repo calls + 6 async helper functions
  - service-api-http: 40 repo calls + async getClusterKey
  - routes-firmware.ts, routes-os-updates.ts, routes-auth.ts,
    routes-setup.ts, middleware.ts: all handlers made async
  - shared/auth.ts: resolveSession + revokeSession now async
  - shared/bundle.ts: generateBundle now async, .map→for..of loops
  - shared/pairing.ts: all 3 functions async
  - shared/audit.ts: audit() now async
  - shared/camera-health.ts: checkAll repo calls awaited
  - service-coordinator-ws: session + kiosk lookups awaited
  - service-store/index.ts: creates SqliteAdapter.fromExisting()

SqliteAdapter gains static fromExisting(db) factory for wrapping an
already-opened DatabaseSync (migrations run on raw db, then adapter
wraps for Repository queries).

tsc --noEmit: zero errors.

											
										
										
											2026-05-23 00:07:44 +00:00
+								    await deps.repo.createUser({ username, password_hash: hash, role: "admin" });
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
 								    const clusterKey = deps.secrets.generateClusterKey();
 								    const encryptedCluster = deps.secrets.encryptString(clusterKey, "cluster");
-												feat(db): full async Repository conversion for PostgreSQL support

Mechanical conversion of the entire data access layer from synchronous
node:sqlite API to async DbAdapter interface. Enables PostgreSQL
(PgAdapter) as a drop-in backend alongside SQLite (SqliteAdapter).

Repository (2208 lines):
  - Constructor accepts DbAdapter instead of DatabaseSync
  - Internal _run/_get/_all/_exec helpers wrap adapter calls
  - All 155 methods converted to async, return Promise<T>
  - transact() uses adapter.transaction() (supports PG savepoints)

14 caller files updated (327 call sites):
  - routes-admin.ts: 202 repo calls + 6 async helper functions
  - service-api-http: 40 repo calls + async getClusterKey
  - routes-firmware.ts, routes-os-updates.ts, routes-auth.ts,
    routes-setup.ts, middleware.ts: all handlers made async
  - shared/auth.ts: resolveSession + revokeSession now async
  - shared/bundle.ts: generateBundle now async, .map→for..of loops
  - shared/pairing.ts: all 3 functions async
  - shared/audit.ts: audit() now async
  - shared/camera-health.ts: checkAll repo calls awaited
  - service-coordinator-ws: session + kiosk lookups awaited
  - service-store/index.ts: creates SqliteAdapter.fromExisting()

SqliteAdapter gains static fromExisting(db) factory for wrapping an
already-opened DatabaseSync (migrations run on raw db, then adapter
wraps for Repository queries).

tsc --noEmit: zero errors.

											
										
										
											2026-05-23 00:07:44 +00:00
+								    await deps.repo.setSetupExtra("cluster_key_encrypted", encryptedCluster);
 								    await deps.repo.markClusterKeyProvisioned();
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
-												refactor: merge templates into layouts, displays from kiosks

- Eliminated layout_templates as separate entity — regions/grid now
  live directly on layouts
- Displays created from kiosk pairing (not standalone), each display
  has kiosk_id FK
- Removed Templates from sidebar nav and all template routes/pages
- Layout creation uses preset buttons (fullscreen, 2x2, 1+3, 3x3)
  that set regions directly on the layout
- Setup no longer creates default display/layout (deferred to pairing)
- Pairing creates HDMI-0 display for new kiosk
- Bundle reads regions from layout directly, no template lookup
- Rust kiosk updated to match new bundle format
- DB migration adds regions/grid_cols/grid_rows to layouts, kiosk_id
  to displays, copies existing template data

											
										
										
											2026-05-10 19:39:09 +00:00
+								    // Setup only creates admin user + cluster key.
 								    // Displays are created when kiosks are paired (kiosk reports HDMI ports).
 								    // Layouts are created by admin after pairing.
-												feat(db): full async Repository conversion for PostgreSQL support

Mechanical conversion of the entire data access layer from synchronous
node:sqlite API to async DbAdapter interface. Enables PostgreSQL
(PgAdapter) as a drop-in backend alongside SQLite (SqliteAdapter).

Repository (2208 lines):
  - Constructor accepts DbAdapter instead of DatabaseSync
  - Internal _run/_get/_all/_exec helpers wrap adapter calls
  - All 155 methods converted to async, return Promise<T>
  - transact() uses adapter.transaction() (supports PG savepoints)

14 caller files updated (327 call sites):
  - routes-admin.ts: 202 repo calls + 6 async helper functions
  - service-api-http: 40 repo calls + async getClusterKey
  - routes-firmware.ts, routes-os-updates.ts, routes-auth.ts,
    routes-setup.ts, middleware.ts: all handlers made async
  - shared/auth.ts: resolveSession + revokeSession now async
  - shared/bundle.ts: generateBundle now async, .map→for..of loops
  - shared/pairing.ts: all 3 functions async
  - shared/audit.ts: audit() now async
  - shared/camera-health.ts: checkAll repo calls awaited
  - service-coordinator-ws: session + kiosk lookups awaited
  - service-store/index.ts: creates SqliteAdapter.fromExisting()

SqliteAdapter gains static fromExisting(db) factory for wrapping an
already-opened DatabaseSync (migrations run on raw db, then adapter
wraps for Repository queries).

tsc --noEmit: zero errors.

											
										
										
											2026-05-23 00:07:44 +00:00
+								    await deps.repo.markSetupComplete();
-												adding initial project

											
										
										
											2026-05-09 23:09:13 +00:00
 								    return new Response(null, {
 								      status: 302,
 								      headers: { location: "/auth/login?welcome=1" },
 								    });
 								  });
 								}