@aooth/user 0.1.7 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/atscript-db.cjs +121 -23
- package/dist/atscript-db.d.cts +81 -12
- package/dist/atscript-db.d.mts +81 -12
- package/dist/atscript-db.mjs +116 -19
- package/dist/{user-store-BPZVAboN.cjs → federated-identity-store-BEEEcoaP.cjs} +52 -0
- package/dist/{user-store-BaBmH13V.mjs → federated-identity-store-CHW1xtMp.mjs} +41 -1
- package/dist/{user-store-62LCSa8q.d.mts → federated-identity-store-CI7Vgllp.d.cts} +143 -24
- package/dist/{user-store-BZsKtBHy.d.cts → federated-identity-store-CI7Vgllp.d.mts} +143 -24
- package/dist/index.cjs +321 -220
- package/dist/index.d.cts +123 -73
- package/dist/index.d.mts +123 -73
- package/dist/index.mjs +289 -190
- package/package.json +23 -9
- package/src/atscript-db/federated-identity.as +44 -0
- package/src/atscript-db/federated-identity.as.d.ts +62 -0
- package/src/atscript-db/user-credentials.as +4 -2
- package/src/atscript-db/user-credentials.as.d.ts +61 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aooth/user",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.9",
|
|
4
4
|
"description": "User credential primitives for aoothjs",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"aoothjs",
|
|
@@ -21,7 +21,10 @@
|
|
|
21
21
|
},
|
|
22
22
|
"files": [
|
|
23
23
|
"dist",
|
|
24
|
-
"src/atscript-db/user-credentials.as"
|
|
24
|
+
"src/atscript-db/user-credentials.as",
|
|
25
|
+
"src/atscript-db/user-credentials.as.d.ts",
|
|
26
|
+
"src/atscript-db/federated-identity.as",
|
|
27
|
+
"src/atscript-db/federated-identity.as.d.ts"
|
|
25
28
|
],
|
|
26
29
|
"type": "module",
|
|
27
30
|
"sideEffects": false,
|
|
@@ -39,21 +42,32 @@
|
|
|
39
42
|
"import": "./dist/atscript-db.mjs",
|
|
40
43
|
"require": "./dist/atscript-db.cjs"
|
|
41
44
|
},
|
|
42
|
-
"./atscript-db/model.as":
|
|
45
|
+
"./atscript-db/model.as": {
|
|
46
|
+
"types": "./src/atscript-db/user-credentials.as.d.ts",
|
|
47
|
+
"default": "./src/atscript-db/user-credentials.as"
|
|
48
|
+
},
|
|
49
|
+
"./atscript-db/federated-model": {
|
|
50
|
+
"types": "./src/atscript-db/federated-identity.as.d.ts",
|
|
51
|
+
"default": "./src/atscript-db/federated-identity.as"
|
|
52
|
+
},
|
|
53
|
+
"./atscript-db/federated-model.as": {
|
|
54
|
+
"types": "./src/atscript-db/federated-identity.as.d.ts",
|
|
55
|
+
"default": "./src/atscript-db/federated-identity.as"
|
|
56
|
+
},
|
|
43
57
|
"./package.json": "./package.json"
|
|
44
58
|
},
|
|
45
59
|
"publishConfig": {
|
|
46
60
|
"access": "public"
|
|
47
61
|
},
|
|
48
62
|
"devDependencies": {
|
|
49
|
-
"@atscript/core": "^0.1.
|
|
50
|
-
"@atscript/db": "^0.1.
|
|
51
|
-
"@atscript/db-sql-tools": "^0.1.
|
|
52
|
-
"@atscript/db-sqlite": "^0.1.
|
|
53
|
-
"@atscript/typescript": "^0.1.
|
|
63
|
+
"@atscript/core": "^0.1.70",
|
|
64
|
+
"@atscript/db": "^0.1.97",
|
|
65
|
+
"@atscript/db-sql-tools": "^0.1.97",
|
|
66
|
+
"@atscript/db-sqlite": "^0.1.97",
|
|
67
|
+
"@atscript/typescript": "^0.1.70",
|
|
54
68
|
"@types/better-sqlite3": "^7.6.13",
|
|
55
69
|
"better-sqlite3": "^12.6.2",
|
|
56
|
-
"unplugin-atscript": "^0.1.
|
|
70
|
+
"unplugin-atscript": "^0.1.70"
|
|
57
71
|
},
|
|
58
72
|
"peerDependencies": {
|
|
59
73
|
"@atscript/db": ">=0.1.79"
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
// Account-linking table: one external-provider account → exactly one aooth
|
|
2
|
+
// user. The genuinely new piece of persistent state for federated login —
|
|
3
|
+
// the `(provider, subject) → userId` map (RFC IDP.md §3.3). Shipped concrete
|
|
4
|
+
// (own `@db.table`), like `AoothAuthCredential`; consumers can extend it with
|
|
5
|
+
// `extends AoothFederatedIdentity {}` to re-own the table name, exactly as
|
|
6
|
+
// `DemoAuthCredential` does.
|
|
7
|
+
@db.table 'aooth_federated_identities'
|
|
8
|
+
@db.depth.limit 0
|
|
9
|
+
export interface AoothFederatedIdentity {
|
|
10
|
+
// Surrogate PK — lets a row be addressed (unlink-by-id) / extended.
|
|
11
|
+
@meta.id
|
|
12
|
+
@db.default.uuid
|
|
13
|
+
id: string
|
|
14
|
+
|
|
15
|
+
// Composite identity key. The SAME index name on both fields collapses
|
|
16
|
+
// into ONE compound UNIQUE index (atscript-db groups index fields by
|
|
17
|
+
// (type, name)) — so a provider account maps to at most one row, which is
|
|
18
|
+
// the anti-account-takeover guarantee (RFC §1 note #4, §4).
|
|
19
|
+
@db.index.unique 'provider_subject_idx'
|
|
20
|
+
provider: string // 'google' | 'github' | 'oidc:<issuer>' ...
|
|
21
|
+
@db.index.unique 'provider_subject_idx'
|
|
22
|
+
subject: string // the IdP's stable subject id (`sub`)
|
|
23
|
+
|
|
24
|
+
// Owner — the user's stable surrogate `id`. A PLAIN indexed string, NOT a
|
|
25
|
+
// `@db.rel.FK`: `@aooth/user` cannot know the consumer's concrete user
|
|
26
|
+
// table (`AoothUserCredentials` is an abstract, table-less base), so this
|
|
27
|
+
// mirrors `AoothAuthCredential.userId`. Cross-row cleanup is the explicit
|
|
28
|
+
// `FederatedIdentityStore.deleteAllForUser` (GDPR), not a DB cascade.
|
|
29
|
+
// Consumers wanting a hard FK + cascade re-declare it in their subclass.
|
|
30
|
+
@db.index.plain
|
|
31
|
+
userId: string
|
|
32
|
+
|
|
33
|
+
// Display snapshots — refreshed by `touchLogin` on each federated login;
|
|
34
|
+
// NOT join keys (the stable join is always `(provider, subject)`). A
|
|
35
|
+
// provider's snapshot email (e.g. Apple Private Relay) may differ from the
|
|
36
|
+
// user-row `email` handle, so these live here per-identity.
|
|
37
|
+
email?: string
|
|
38
|
+
emailVerified?: boolean
|
|
39
|
+
displayName?: string
|
|
40
|
+
avatarUrl?: string
|
|
41
|
+
|
|
42
|
+
linkedAt: number.timestamp
|
|
43
|
+
lastLoginAt?: number.timestamp
|
|
44
|
+
}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
// prettier-ignore-start
|
|
2
|
+
/* eslint-disable */
|
|
3
|
+
/* oxlint-disable */
|
|
4
|
+
/// <reference path="./federated-identity.as" />
|
|
5
|
+
/**
|
|
6
|
+
* 🪄 This file was generated by Atscript
|
|
7
|
+
* Do not edit this file!
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
import type { TAtscriptTypeObject, TAtscriptTypeComplex, TAtscriptTypeFinal, TAtscriptTypeArray, TAtscriptAnnotatedType, TMetadataMap, Validator, TValidatorOptions } from "@atscript/typescript/utils"
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Atscript interface **AoothFederatedIdentity**
|
|
14
|
+
* @see {@link ./federated-identity.as:9:18}
|
|
15
|
+
*/
|
|
16
|
+
export declare class AoothFederatedIdentity {
|
|
17
|
+
id: string
|
|
18
|
+
provider: string
|
|
19
|
+
subject: string
|
|
20
|
+
userId: string
|
|
21
|
+
email?: string
|
|
22
|
+
emailVerified?: boolean
|
|
23
|
+
displayName?: string
|
|
24
|
+
avatarUrl?: string
|
|
25
|
+
linkedAt: number /* timestamp */
|
|
26
|
+
lastLoginAt?: number /* timestamp */
|
|
27
|
+
static __is_atscript_annotated_type: true
|
|
28
|
+
static type: TAtscriptTypeObject<keyof AoothFederatedIdentity, AoothFederatedIdentity>
|
|
29
|
+
static metadata: TMetadataMap<AtscriptMetadata>
|
|
30
|
+
static validator: (opts?: Partial<TValidatorOptions>) => Validator<typeof AoothFederatedIdentity>
|
|
31
|
+
/** @deprecated JSON Schema support is disabled. Calling this method will throw a runtime error. To enable, set `jsonSchema: 'lazy'` or `jsonSchema: 'bundle'` in tsPlugin options, or add `@emit.jsonSchema` annotation to individual interfaces. */
|
|
32
|
+
static toJsonSchema: () => any
|
|
33
|
+
/** @deprecated Example Data support is disabled. To enable, set `exampleData: true` in tsPlugin options. */
|
|
34
|
+
static toExampleData?: () => any
|
|
35
|
+
static __flat: {
|
|
36
|
+
"id": string
|
|
37
|
+
"provider": string
|
|
38
|
+
"subject": string
|
|
39
|
+
"userId": string
|
|
40
|
+
"email"?: string
|
|
41
|
+
"emailVerified"?: boolean
|
|
42
|
+
"displayName"?: string
|
|
43
|
+
"avatarUrl"?: string
|
|
44
|
+
"linkedAt": number /* timestamp */
|
|
45
|
+
"lastLoginAt"?: number /* timestamp */
|
|
46
|
+
}
|
|
47
|
+
static __ownProps: {
|
|
48
|
+
"id": string
|
|
49
|
+
"provider": string
|
|
50
|
+
"subject": string
|
|
51
|
+
"userId": string
|
|
52
|
+
"email"?: string
|
|
53
|
+
"emailVerified"?: boolean
|
|
54
|
+
"displayName"?: string
|
|
55
|
+
"avatarUrl"?: string
|
|
56
|
+
"linkedAt": number /* timestamp */
|
|
57
|
+
"lastLoginAt"?: number /* timestamp */
|
|
58
|
+
}
|
|
59
|
+
|
|
60
|
+
static __pk: string
|
|
61
|
+
}
|
|
62
|
+
// prettier-ignore-end
|
|
@@ -1,4 +1,8 @@
|
|
|
1
1
|
export interface AoothUserCredentials {
|
|
2
|
+
@meta.id
|
|
3
|
+
@db.default.uuid
|
|
4
|
+
id: string
|
|
5
|
+
|
|
2
6
|
@db.index.unique 'username_idx'
|
|
3
7
|
username: string
|
|
4
8
|
|
|
@@ -42,6 +46,4 @@ export interface AoothUserCredentials {
|
|
|
42
46
|
expiresAt: number.timestamp
|
|
43
47
|
name?: string
|
|
44
48
|
}[]
|
|
45
|
-
|
|
46
|
-
backupCodes?: string[]
|
|
47
49
|
}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
// prettier-ignore-start
|
|
2
|
+
/* eslint-disable */
|
|
3
|
+
/* oxlint-disable */
|
|
4
|
+
/// <reference path="./user-credentials.as" />
|
|
5
|
+
/**
|
|
6
|
+
* 🪄 This file was generated by Atscript
|
|
7
|
+
* Do not edit this file!
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
import type { TAtscriptTypeObject, TAtscriptTypeComplex, TAtscriptTypeFinal, TAtscriptTypeArray, TAtscriptAnnotatedType, TMetadataMap, Validator, TValidatorOptions } from "@atscript/typescript/utils"
|
|
11
|
+
|
|
12
|
+
/**
|
|
13
|
+
* Atscript interface **AoothUserCredentials**
|
|
14
|
+
* @see {@link ./user-credentials.as:1:18}
|
|
15
|
+
*/
|
|
16
|
+
export declare class AoothUserCredentials {
|
|
17
|
+
id: string
|
|
18
|
+
username: string
|
|
19
|
+
version: number /* int */
|
|
20
|
+
password: {
|
|
21
|
+
hash: string
|
|
22
|
+
history: string[]
|
|
23
|
+
lastChanged: number /* timestamp */
|
|
24
|
+
isInitial: boolean
|
|
25
|
+
}
|
|
26
|
+
account: {
|
|
27
|
+
active: boolean
|
|
28
|
+
locked: boolean
|
|
29
|
+
lockReason: string
|
|
30
|
+
lockEnds: number /* timestamp */
|
|
31
|
+
failedLoginAttempts: number
|
|
32
|
+
lastLogin: number /* timestamp */
|
|
33
|
+
pendingInvitation?: boolean
|
|
34
|
+
}
|
|
35
|
+
mfa: {
|
|
36
|
+
methods: {
|
|
37
|
+
name: string
|
|
38
|
+
confirmed: boolean
|
|
39
|
+
value: string
|
|
40
|
+
lastUsedWindow?: number /* int */
|
|
41
|
+
}[]
|
|
42
|
+
defaultMethod: string
|
|
43
|
+
autoSend: boolean
|
|
44
|
+
}
|
|
45
|
+
trustedDevices?: {
|
|
46
|
+
token: string
|
|
47
|
+
ip?: string
|
|
48
|
+
issuedAt: number /* timestamp */
|
|
49
|
+
expiresAt: number /* timestamp */
|
|
50
|
+
name?: string
|
|
51
|
+
}[]
|
|
52
|
+
static __is_atscript_annotated_type: true
|
|
53
|
+
static type: TAtscriptTypeObject<keyof AoothUserCredentials, AoothUserCredentials>
|
|
54
|
+
static metadata: TMetadataMap<AtscriptMetadata>
|
|
55
|
+
static validator: (opts?: Partial<TValidatorOptions>) => Validator<typeof AoothUserCredentials>
|
|
56
|
+
/** @deprecated JSON Schema support is disabled. Calling this method will throw a runtime error. To enable, set `jsonSchema: 'lazy'` or `jsonSchema: 'bundle'` in tsPlugin options, or add `@emit.jsonSchema` annotation to individual interfaces. */
|
|
57
|
+
static toJsonSchema: () => any
|
|
58
|
+
/** @deprecated Example Data support is disabled. To enable, set `exampleData: true` in tsPlugin options. */
|
|
59
|
+
static toExampleData?: () => any
|
|
60
|
+
}
|
|
61
|
+
// prettier-ignore-end
|