feat: reset password cli (#903)

* feat: add password reset cli

* feat: add homarr cli to docker image

packages/cli/src/commands/reset-password.ts

@@ -0,0 +1,46 @@
+import { command, string } from "@drizzle-team/brocli";
+
+import { hashPasswordAsync } from "@homarr/auth";
+import { generateSecureRandomToken } from "@homarr/common/server";
+import { and, db, eq } from "@homarr/db";
+import { sessions, users } from "@homarr/db/schema/sqlite";
+
+export const resetPassword = command({
+  name: "reset-password",
+  desc: "Reset password for a user",
+  options: {
+    username: string("username").required().alias("u").desc("Name of the user"),
+  },
+  // eslint-disable-next-line no-restricted-syntax
+  handler: async (options) => {
+    if (!process.env.AUTH_PROVIDERS?.toLowerCase().includes("credentials")) {
+      console.error("Credentials provider is not enabled");
+      return;
+    }
+
+    const user = await db.query.users.findFirst({
+      where: and(eq(users.name, options.username), eq(users.provider, "credentials")),
+    });
+
+    if (!user?.salt) {
+      console.error(`User ${options.username} not found`);
+      return;
+    }
+
+    // Generates a new password with 48 characters
+    const newPassword = generateSecureRandomToken(24);
+
+    await db
+      .update(users)
+      .set({
+        password: await hashPasswordAsync(newPassword, user.salt),
+      })
+      .where(eq(users.id, user.id));
+
+    await db.delete(sessions).where(eq(sessions.userId, user.id));
+    console.log(`All sessions for user ${options.username} have been deleted`);
+
+    console.log("You can now login with the new password");
+    console.log(`New password for user ${options.username}: ${newPassword}`);
+  },
+});

packages/cli/src/index.ts

@@ -0,0 +1,10 @@
+import { run } from "@drizzle-team/brocli";
+
+import { resetPassword } from "./commands/reset-password";
+
+const commands = [resetPassword];
+
+void run(commands, {
+  cliName: "homarr-cli",
+  version: "1.0.0",
+});