@aeriajs/builtins 0.0.218 → 0.0.220

package/dist/collections/user/activate.d.ts

@@ -5,21 +5,14 @@ import { Result, ACError, HTTPStatus } from '@aeriajs/types';
 export declare enum ActivationError {
     UserNotFound = "USER_NOT_FOUND",
     AlreadyActiveUser = "ALREADY_ACTIVE_USER",
-    InvalidLink = "INVALID_LINK"
+    InvalidLink = "INVALID_LINK",
+    InvalidToken = "INVALID_TOKEN"
 }
 export declare const activate: (payload: {
-    password: string;
-}, context: Context<typeof description> & {
-    request: {
-        query: {
-            u?: string;
-            t?: string;
-        };
-        payload: {
-            password?: string;
-        };
-    };
-}) => Promise<import("@aeriajs/types").GenericResponse | Result.Error<{
+    password?: string;
+    userId?: string;
+    token?: string;
+}, context: Context<typeof description>) => Promise<import("@aeriajs/types").GenericResponse | Result.Error<{
     readonly code: ActivationError.InvalidLink;
 } & {
     httpStatus: HTTPStatus.NotFound;
@@ -31,6 +24,10 @@ export declare const activate: (payload: {
     readonly code: ActivationError.AlreadyActiveUser;
 } & {
     httpStatus: HTTPStatus.Forbidden;
+}> | Result.Error<{
+    readonly code: ActivationError.InvalidToken;
+} & {
+    httpStatus: HTTPStatus.Unauthorized;
 }> | Result.Error<{
     readonly code: ACError.MalformedInput;
 } & {

package/dist/collections/user/activate.js

@@ -4,15 +4,18 @@ exports.activate = exports.ActivationError = void 0;
 const core_1 = require("@aeriajs/core");
 const types_1 = require("@aeriajs/types");
 const bcrypt = require("bcrypt");
-const getActivationLink_js_1 = require("./getActivationLink.js");
 var ActivationError;
 (function (ActivationError) {
     ActivationError["UserNotFound"] = "USER_NOT_FOUND";
     ActivationError["AlreadyActiveUser"] = "ALREADY_ACTIVE_USER";
     ActivationError["InvalidLink"] = "INVALID_LINK";
+    ActivationError["InvalidToken"] = "INVALID_TOKEN";
 })(ActivationError || (exports.ActivationError = ActivationError = {}));
 const activate = async (payload, context) => {
-    const { u: userId, t: token, } = context.request.query;
+    const { userId, token, password, } = payload;
+    if (!context.config.secret) {
+        throw new Error('config.secret is not set');
+    }
     if (!userId || !token) {
         return context.error(types_1.HTTPStatus.NotFound, {
             code: ActivationError.InvalidLink,
@@ -23,6 +26,7 @@ const activate = async (payload, context) => {
     }, {
         projection: {
             password: 1,
+            active: 1,
         },
     });
     if (!user) {
@@ -35,15 +39,14 @@ const activate = async (payload, context) => {
             code: ActivationError.AlreadyActiveUser,
         });
     }
-    const activationToken = await (0, getActivationLink_js_1.getActivationToken)(userId.toString(), context);
-    const equal = await bcrypt.compare(activationToken, token);
-    if (!equal) {
-        return context.error(types_1.HTTPStatus.NotFound, {
-            code: ActivationError.InvalidLink,
+    const decoded = await (0, core_1.decodeToken)(token, context.config.secret);
+    if (!decoded) {
+        return context.error(types_1.HTTPStatus.Unauthorized, {
+            code: ActivationError.InvalidToken,
         });
     }
     if (!user.password) {
-        if (!payload.password) {
+        if (!password) {
             if (context.request.method === 'GET') {
                 return context.response.writeHead(302, {
                     location: `/user/activation?step=password&u=${userId}&t=${token}`,
@@ -58,7 +61,7 @@ const activate = async (payload, context) => {
         }, {
             $set: {
                 active: true,
-                password: await bcrypt.hash(payload.password, 10),
+                password: await bcrypt.hash(password, 10),
             },
         });
         return;

package/dist/collections/user/activate.mjs

@@ -1,19 +1,23 @@
 "use strict";
-import { ObjectId } from "@aeriajs/core";
+import { decodeToken, ObjectId } from "@aeriajs/core";
 import { Result, ACError, HTTPStatus } from "@aeriajs/types";
 import * as bcrypt from "bcrypt";
-import { getActivationToken } from "./getActivationLink.mjs";
 export var ActivationError = /* @__PURE__ */ ((ActivationError2) => {
   ActivationError2["UserNotFound"] = "USER_NOT_FOUND";
   ActivationError2["AlreadyActiveUser"] = "ALREADY_ACTIVE_USER";
   ActivationError2["InvalidLink"] = "INVALID_LINK";
+  ActivationError2["InvalidToken"] = "INVALID_TOKEN";
   return ActivationError2;
 })(ActivationError || {});
 export const activate = async (payload, context) => {
   const {
-    u: userId,
-    t: token
-  } = context.request.query;
+    userId,
+    token,
+    password
+  } = payload;
+  if (!context.config.secret) {
+    throw new Error("config.secret is not set");
+  }
   if (!userId || !token) {
     return context.error(HTTPStatus.NotFound, {
       code: "INVALID_LINK" /* InvalidLink */
@@ -23,7 +27,8 @@ export const activate = async (payload, context) => {
     _id: new ObjectId(userId)
   }, {
     projection: {
-      password: 1
+      password: 1,
+      active: 1
     }
   });
   if (!user) {
@@ -36,15 +41,14 @@ export const activate = async (payload, context) => {
       code: "ALREADY_ACTIVE_USER" /* AlreadyActiveUser */
     });
   }
-  const activationToken = await getActivationToken(userId.toString(), context);
-  const equal = await bcrypt.compare(activationToken, token);
-  if (!equal) {
-    return context.error(HTTPStatus.NotFound, {
-      code: "INVALID_LINK" /* InvalidLink */
+  const decoded = await decodeToken(token, context.config.secret);
+  if (!decoded) {
+    return context.error(HTTPStatus.Unauthorized, {
+      code: "INVALID_TOKEN" /* InvalidToken */
     });
   }
   if (!user.password) {
-    if (!payload.password) {
+    if (!password) {
       if (context.request.method === "GET") {
         return context.response.writeHead(302, {
           location: `/user/activation?step=password&u=${userId}&t=${token}`
@@ -61,7 +65,7 @@ export const activate = async (payload, context) => {
       {
         $set: {
           active: true,
-          password: await bcrypt.hash(payload.password, 10)
+          password: await bcrypt.hash(password, 10)
         }
       }
     );

package/dist/collections/user/createAccount.d.ts

@@ -94,6 +94,11 @@ export declare const createAccount: (payload: Partial<PackReferences<SchemaWithI
                 readonly fetchItem: true;
             };
         };
+        readonly copyRedefinePasswordLink: {
+            readonly label: "copy_redefine_password_link";
+            readonly icon: "link";
+            readonly translate: true;
+        };
         readonly copyActivationLink: {
             readonly label: "copy_activation_link";
             readonly icon: "link";

package/dist/collections/user/description.d.ts

@@ -83,6 +83,11 @@ export declare const description: {
                 readonly fetchItem: true;
             };
         };
+        readonly copyRedefinePasswordLink: {
+            readonly label: "copy_redefine_password_link";
+            readonly icon: "link";
+            readonly translate: true;
+        };
         readonly copyActivationLink: {
             readonly label: "copy_activation_link";
             readonly icon: "link";

package/dist/collections/user/description.js

@@ -114,6 +114,11 @@ exports.description = (0, core_1.defineDescription)({
                 fetchItem: true,
             },
         },
+        'copyRedefinePasswordLink': {
+            label: 'copy_redefine_password_link',
+            icon: 'link',
+            translate: true,
+        },
         'copyActivationLink': {
             label: 'copy_activation_link',
             icon: 'link',

package/dist/collections/user/description.mjs

@@ -108,6 +108,11 @@ export const description = defineDescription({
         fetchItem: true
       }
     },
+    "copyRedefinePasswordLink": {
+      label: "copy_redefine_password_link",
+      icon: "link",
+      translate: true
+    },
     "copyActivationLink": {
       label: "copy_activation_link",
       icon: "link",

package/dist/collections/user/getActivationLink.d.ts

@@ -1,10 +1,11 @@
 import type { Context } from '@aeriajs/types';
-import type { ObjectId } from '@aeriajs/core';
+import { type ObjectId } from '@aeriajs/core';
 import { Result, HTTPStatus } from '@aeriajs/types';
 import { ActivationError } from './activate.js';
 export declare const getActivationToken: (strId: string, context: Context) => Promise<string>;
 export declare const getActivationLink: (payload: {
     userId: ObjectId | string;
+    redirect?: string;
 }, context: Context) => Promise<{
     readonly _tag: "Error";
     readonly error: Pick<{} & Omit<Readonly<import("@aeriajs/types").FilterReadonlyProperties<{
@@ -48,6 +49,10 @@ export declare const getActivationLink: (payload: {
     }, never>>;
     readonly result: undefined;
 } | Result.Error<{
+    readonly code: ActivationError.InvalidLink;
+} & {
+    httpStatus: HTTPStatus.BadRequest;
+}> | Result.Error<{
     readonly code: ActivationError.AlreadyActiveUser;
 } & {
     httpStatus: HTTPStatus.Forbidden;
@@ -55,6 +60,6 @@ export declare const getActivationLink: (payload: {
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: {
-        readonly url: string;
+        readonly url: URL;
     };
 }>;

package/dist/collections/user/getActivationLink.js

@@ -1,8 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getActivationLink = exports.getActivationToken = void 0;
+const core_1 = require("@aeriajs/core");
 const types_1 = require("@aeriajs/types");
-const bcrypt = require("bcrypt");
 const activate_js_1 = require("./activate.js");
 const getActivationToken = async (strId, context) => {
     if (context.calledFunction === 'getActivationToken') {
@@ -11,10 +11,20 @@ const getActivationToken = async (strId, context) => {
     if (!context.config.secret) {
         throw new Error('config.secret is not set');
     }
-    return `${context.config.secret}:${strId}`;
+    const token = await (0, core_1.signToken)({
+        data: strId,
+    }, context.config.secret, {
+        expiresIn: context.config.security.linkTokenExpiration,
+    });
+    return token;
 };
 exports.getActivationToken = getActivationToken;
 const getActivationLink = async (payload, context) => {
+    if (!context.config.webPublicUrl) {
+        return context.error(types_1.HTTPStatus.BadRequest, {
+            code: activate_js_1.ActivationError.InvalidLink,
+        });
+    }
     const { error, result: user } = await context.collections.user.functions.get({
         filters: {
             _id: payload.userId,
@@ -30,8 +40,14 @@ const getActivationLink = async (payload, context) => {
         });
     }
     const activationToken = await (0, exports.getActivationToken)(payload.userId.toString(), context);
-    const encryptedActivationToken = await bcrypt.hash(activationToken, 10);
-    const url = `${context.config.publicUrl}/user/activate?u=${payload.userId.toString()}&t=${encryptedActivationToken}`;
+    //const url = `${context.config.webPublicUrl}/user/activation?step=password&u=${payload.userId.toString()}&t=${activationToken}`
+    const url = new URL(`${context.config.webPublicUrl}/user/activation`);
+    url.searchParams.set("step", "password"),
+        url.searchParams.set("u", payload.userId.toString());
+    url.searchParams.set("t", activationToken);
+    if (payload.redirect) {
+        url.searchParams.set('next', payload.redirect);
+    }
     return types_1.Result.result({
         url,
     });

package/dist/collections/user/getActivationLink.mjs

@@ -1,6 +1,6 @@
 "use strict";
+import { signToken } from "@aeriajs/core";
 import { Result, HTTPStatus } from "@aeriajs/types";
-import * as bcrypt from "bcrypt";
 import { ActivationError } from "./activate.mjs";
 export const getActivationToken = async (strId, context) => {
   if (context.calledFunction === "getActivationToken") {
@@ -9,9 +9,19 @@ export const getActivationToken = async (strId, context) => {
   if (!context.config.secret) {
     throw new Error("config.secret is not set");
   }
-  return `${context.config.secret}:${strId}`;
+  const token = await signToken({
+    data: strId
+  }, context.config.secret, {
+    expiresIn: context.config.security.linkTokenExpiration
+  });
+  return token;
 };
 export const getActivationLink = async (payload, context) => {
+  if (!context.config.webPublicUrl) {
+    return context.error(HTTPStatus.BadRequest, {
+      code: ActivationError.InvalidLink
+    });
+  }
   const { error, result: user } = await context.collections.user.functions.get({
     filters: {
       _id: payload.userId
@@ -27,8 +37,12 @@ export const getActivationLink = async (payload, context) => {
     });
   }
   const activationToken = await getActivationToken(payload.userId.toString(), context);
-  const encryptedActivationToken = await bcrypt.hash(activationToken, 10);
-  const url = `${context.config.publicUrl}/user/activate?u=${payload.userId.toString()}&t=${encryptedActivationToken}`;
+  const url = new URL(`${context.config.webPublicUrl}/user/activation`);
+  url.searchParams.set("step", "password"), url.searchParams.set("u", payload.userId.toString());
+  url.searchParams.set("t", activationToken);
+  if (payload.redirect) {
+    url.searchParams.set("next", payload.redirect);
+  }
   return Result.result({
     url
   });

package/dist/collections/user/getCurrentUser.d.ts

@@ -99,6 +99,11 @@ export declare const getCurrentUser: (_payload: undefined, context: Context<type
                     readonly fetchItem: true;
                 };
             };
+            readonly copyRedefinePasswordLink: {
+                readonly label: "copy_redefine_password_link";
+                readonly icon: "link";
+                readonly translate: true;
+            };
             readonly copyActivationLink: {
                 readonly label: "copy_activation_link";
                 readonly icon: "link";

package/dist/collections/user/getInfo.d.ts

@@ -4,7 +4,8 @@ import { Result, HTTPStatus } from '@aeriajs/types';
 export declare enum ActivationError {
     UserNotFound = "USER_NOT_FOUND",
     AlreadyActiveUser = "ALREADY_ACTIVE_USER",
-    InvalidLink = "INVALID_LINK"
+    InvalidLink = "INVALID_LINK",
+    InvalidToken = "INVALID_TOKEN"
 }
 export declare const getInfo: (payload: {
     userId: string;
@@ -18,14 +19,15 @@ export declare const getInfo: (payload: {
 } & {
     httpStatus: HTTPStatus.NotFound;
 }> | Result.Error<{
-    readonly code: ActivationError.AlreadyActiveUser;
+    readonly code: ActivationError.InvalidToken;
 } & {
-    httpStatus: HTTPStatus.Forbidden;
+    httpStatus: HTTPStatus.Unauthorized;
 }> | {
     readonly _tag: "Result";
     readonly error: undefined;
     readonly result: {
         readonly name: string;
         readonly email: string;
+        readonly active: boolean | undefined;
     };
 }>;

package/dist/collections/user/getInfo.js

@@ -1,15 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getInfo = exports.ActivationError = void 0;
-const bcrypt = require("bcrypt");
 const types_1 = require("@aeriajs/types");
 const core_1 = require("@aeriajs/core");
-const getActivationLink_js_1 = require("./getActivationLink.js");
 var ActivationError;
 (function (ActivationError) {
     ActivationError["UserNotFound"] = "USER_NOT_FOUND";
     ActivationError["AlreadyActiveUser"] = "ALREADY_ACTIVE_USER";
     ActivationError["InvalidLink"] = "INVALID_LINK";
+    ActivationError["InvalidToken"] = "INVALID_TOKEN";
 })(ActivationError || (exports.ActivationError = ActivationError = {}));
 const getInfo = async (payload, context) => {
     const { userId, token, } = payload;
@@ -26,21 +25,16 @@ const getInfo = async (payload, context) => {
             code: ActivationError.UserNotFound,
         });
     }
-    if (user.active) {
-        return context.error(types_1.HTTPStatus.Forbidden, {
-            code: ActivationError.AlreadyActiveUser,
-        });
-    }
-    const activationToken = await (0, getActivationLink_js_1.getActivationToken)(user._id.toString(), context);
-    const equal = await bcrypt.compare(activationToken, token);
-    if (!equal) {
-        return context.error(types_1.HTTPStatus.NotFound, {
-            code: ActivationError.InvalidLink,
+    const decoded = await (0, core_1.decodeToken)(token, context.config.secret).catch(console.trace);
+    if (!decoded) {
+        return context.error(types_1.HTTPStatus.Unauthorized, {
+            code: ActivationError.InvalidToken,
         });
     }
     return types_1.Result.result({
         name: user.name,
         email: user.email,
+        active: user.active,
     });
 };
 exports.getInfo = getInfo;

package/dist/collections/user/getInfo.mjs

@@ -1,12 +1,11 @@
 "use strict";
-import * as bcrypt from "bcrypt";
 import { Result, HTTPStatus } from "@aeriajs/types";
-import { ObjectId } from "@aeriajs/core";
-import { getActivationToken } from "./getActivationLink.mjs";
+import { decodeToken, ObjectId } from "@aeriajs/core";
 export var ActivationError = /* @__PURE__ */ ((ActivationError2) => {
   ActivationError2["UserNotFound"] = "USER_NOT_FOUND";
   ActivationError2["AlreadyActiveUser"] = "ALREADY_ACTIVE_USER";
   ActivationError2["InvalidLink"] = "INVALID_LINK";
+  ActivationError2["InvalidToken"] = "INVALID_TOKEN";
   return ActivationError2;
 })(ActivationError || {});
 export const getInfo = async (payload, context) => {
@@ -27,20 +26,15 @@ export const getInfo = async (payload, context) => {
       code: "USER_NOT_FOUND" /* UserNotFound */
     });
   }
-  if (user.active) {
-    return context.error(HTTPStatus.Forbidden, {
-      code: "ALREADY_ACTIVE_USER" /* AlreadyActiveUser */
-    });
-  }
-  const activationToken = await getActivationToken(user._id.toString(), context);
-  const equal = await bcrypt.compare(activationToken, token);
-  if (!equal) {
-    return context.error(HTTPStatus.NotFound, {
-      code: "INVALID_LINK" /* InvalidLink */
+  const decoded = await decodeToken(token, context.config.secret).catch(console.trace);
+  if (!decoded) {
+    return context.error(HTTPStatus.Unauthorized, {
+      code: "INVALID_TOKEN" /* InvalidToken */
     });
   }
   return Result.result({
     name: user.name,
-    email: user.email
+    email: user.email,
+    active: user.active
   });
 };

package/dist/collections/user/getRedefinePasswordLink.d.ts

@@ -0,0 +1,60 @@
+import type { Context } from '@aeriajs/types';
+import { type ObjectId } from '@aeriajs/core';
+import { Result, HTTPStatus } from '@aeriajs/types';
+import { ActivationError } from './redefinePassword.js';
+export declare const getRedefinePasswordLink: (payload: {
+    userId: ObjectId | string;
+    redirect?: string;
+}, context: Context) => Promise<{
+    readonly _tag: "Error";
+    readonly error: Pick<{} & Omit<Readonly<import("@aeriajs/types").FilterReadonlyProperties<{
+        readonly httpStatus: {
+            readonly enum: [HTTPStatus.Forbidden, HTTPStatus.NotFound, HTTPStatus.BadRequest];
+        };
+        readonly code: {
+            readonly enum: [import("@aeriajs/types").ACError.ResourceNotFound, import("@aeriajs/types").ACError.OwnershipError, import("@aeriajs/types").ACError.InsecureOperator, import("@aeriajs/types").ACError.MalformedInput];
+        };
+        readonly message: {
+            readonly type: "string";
+        };
+        readonly details: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
+    }>> & {
+        code: import("@aeriajs/types").ACError.OwnershipError | import("@aeriajs/types").ACError.ResourceNotFound | import("@aeriajs/types").ACError.InsecureOperator | import("@aeriajs/types").ACError.MalformedInput;
+        httpStatus: HTTPStatus.BadRequest | HTTPStatus.Forbidden | HTTPStatus.NotFound;
+        message: string;
+        details: any;
+    }, never>, "code" | "httpStatus"> & Partial<{} & Omit<Readonly<import("@aeriajs/types").FilterReadonlyProperties<{
+        readonly httpStatus: {
+            readonly enum: [HTTPStatus.Forbidden, HTTPStatus.NotFound, HTTPStatus.BadRequest];
+        };
+        readonly code: {
+            readonly enum: [import("@aeriajs/types").ACError.ResourceNotFound, import("@aeriajs/types").ACError.OwnershipError, import("@aeriajs/types").ACError.InsecureOperator, import("@aeriajs/types").ACError.MalformedInput];
+        };
+        readonly message: {
+            readonly type: "string";
+        };
+        readonly details: {
+            readonly type: "object";
+            readonly additionalProperties: true;
+        };
+    }>> & {
+        code: import("@aeriajs/types").ACError.OwnershipError | import("@aeriajs/types").ACError.ResourceNotFound | import("@aeriajs/types").ACError.InsecureOperator | import("@aeriajs/types").ACError.MalformedInput;
+        httpStatus: HTTPStatus.BadRequest | HTTPStatus.Forbidden | HTTPStatus.NotFound;
+        message: string;
+        details: any;
+    }, never>>;
+    readonly result: undefined;
+} | Result.Error<{
+    readonly code: ActivationError.UserNotActive;
+} & {
+    httpStatus: HTTPStatus.Forbidden;
+}> | {
+    readonly _tag: "Result";
+    readonly error: undefined;
+    readonly result: {
+        readonly url: URL;
+    };
+}>;

package/dist/collections/user/getRedefinePasswordLink.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRedefinePasswordLink = void 0;
+const types_1 = require("@aeriajs/types");
+const redefinePassword_js_1 = require("./redefinePassword.js");
+const getActivationLink_js_1 = require("./getActivationLink.js");
+const getRedefinePasswordLink = async (payload, context) => {
+    if (!context.config.webPublicUrl) {
+        throw new Error('config.webPublicUrl is not set');
+    }
+    const { error, result: user } = await context.collections.user.functions.get({
+        filters: {
+            _id: payload.userId,
+        },
+        project: ['active'],
+    });
+    if (error) {
+        return types_1.Result.error(error);
+    }
+    if (!user.active) {
+        return context.error(types_1.HTTPStatus.Forbidden, {
+            code: redefinePassword_js_1.ActivationError.UserNotActive,
+        });
+    }
+    const redefineToken = await (0, getActivationLink_js_1.getActivationToken)(payload.userId.toString(), context);
+    const url = new URL(`${context.config.webPublicUrl}/user/redefine-password`);
+    url.searchParams.set("step", "password"),
+        url.searchParams.set("u", payload.userId.toString());
+    url.searchParams.set("t", redefineToken);
+    if (payload.redirect) {
+        url.searchParams.set('next', payload.redirect);
+    }
+    return types_1.Result.result({
+        url,
+    });
+};
+exports.getRedefinePasswordLink = getRedefinePasswordLink;

package/dist/collections/user/getRedefinePasswordLink.mjs

@@ -0,0 +1,33 @@
+"use strict";
+import { Result, HTTPStatus } from "@aeriajs/types";
+import { ActivationError } from "./redefinePassword.mjs";
+import { getActivationToken } from "./getActivationLink.mjs";
+export const getRedefinePasswordLink = async (payload, context) => {
+  if (!context.config.webPublicUrl) {
+    throw new Error("config.webPublicUrl is not set");
+  }
+  const { error, result: user } = await context.collections.user.functions.get({
+    filters: {
+      _id: payload.userId
+    },
+    project: ["active"]
+  });
+  if (error) {
+    return Result.error(error);
+  }
+  if (!user.active) {
+    return context.error(HTTPStatus.Forbidden, {
+      code: ActivationError.UserNotActive
+    });
+  }
+  const redefineToken = await getActivationToken(payload.userId.toString(), context);
+  const url = new URL(`${context.config.webPublicUrl}/user/redefine-password`);
+  url.searchParams.set("step", "password"), url.searchParams.set("u", payload.userId.toString());
+  url.searchParams.set("t", redefineToken);
+  if (payload.redirect) {
+    url.searchParams.set("next", payload.redirect);
+  }
+  return Result.result({
+    url
+  });
+};