fix(seed): inline scrypt hash so seed.ts runs outside Next.js server context
Deploy to route.crispygoat.com / deploy (push) Has been cancelled

The seed script previously imported hashPassword from src/lib/passwords.ts,
which has 'import "server-only"' at the top. That guard throws when the
file is loaded outside a Next.js server runtime (which is what 'tsx db/seed.ts'
is — plain Node). Inline the same scrypt format (matches verifyPassword)
so the seed runs from a CLI.
This commit is contained in:
2026-06-07 07:16:30 +00:00
parent 856b5caa40
commit a8a3f5d2e3
+15 -1
View File
@@ -16,7 +16,21 @@
*/
import "dotenv/config";
import { Pool } from "pg";
import { hashPassword } from "../src/lib/passwords";
import { randomBytes, scryptSync } from "node:crypto";
// `src/lib/passwords.ts` has `import "server-only"` which throws when this
// script runs outside a Next.js server context. Inline the same scrypt
// format here (must match `verifyPassword` in passwords.ts) so the seed
// can run from a plain Node process.
const SALT_LEN = 16;
const KEY_LEN = 64;
const DEFAULT_N = 16384;
const ALGO = "scrypt";
function hashPassword(plain: string): string {
const salt = randomBytes(SALT_LEN).toString("hex");
const hash = scryptSync(plain, salt, KEY_LEN, { N: DEFAULT_N }).toString("hex");
return `${ALGO}$${DEFAULT_N}$${salt}$${hash}`;
}
// Seed needs elevated privileges (inserts into plans, add_ons, tenants —
// tables that are intentionally not RLS-scoped but the runtime app user