@arch-cadre/core 0.0.11 → 0.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/auth/augment.cjs +6 -6
- package/dist/core/auth/augment.d.cts.map +1 -1
- package/dist/core/auth/augment.d.mts.map +1 -1
- package/dist/core/auth/augment.mjs +6 -6
- package/dist/core/auth/augment.mjs.map +1 -1
- package/dist/core/auth/email-verification.cjs +1 -1
- package/dist/core/auth/email-verification.d.cts +1 -1
- package/dist/core/auth/email-verification.d.mts +1 -1
- package/dist/core/auth/email-verification.mjs +1 -1
- package/dist/core/auth/logic.cjs +9 -9
- package/dist/core/auth/logic.d.cts +2 -2
- package/dist/core/auth/logic.d.mts +2 -2
- package/dist/core/auth/logic.mjs +9 -9
- package/dist/core/auth/logic.mjs.map +1 -1
- package/dist/core/auth/password-reset.cjs +2 -2
- package/dist/core/auth/password-reset.mjs +2 -2
- package/dist/core/auth/session.cjs +0 -7
- package/dist/core/auth/session.d.cts.map +1 -1
- package/dist/core/auth/session.d.mts.map +1 -1
- package/dist/core/auth/session.mjs +0 -7
- package/dist/core/auth/session.mjs.map +1 -1
- package/dist/core/bootstrap.cjs +11 -4
- package/dist/core/bootstrap.d.cts.map +1 -1
- package/dist/core/bootstrap.d.mts.map +1 -1
- package/dist/core/bootstrap.mjs +11 -4
- package/dist/core/bootstrap.mjs.map +1 -1
- package/dist/core/config.server.mjs.map +1 -1
- package/dist/core/event-bus.cjs +2 -2
- package/dist/core/event-bus.mjs +2 -2
- package/dist/core/event-bus.mjs.map +1 -1
- package/dist/core/filesystem/index.cjs +11 -0
- package/dist/core/filesystem/index.mjs +13 -0
- package/dist/core/filesystem/index.mjs.map +1 -0
- package/dist/core/filesystem/providers/local.cjs +43 -0
- package/dist/core/filesystem/providers/local.mjs +41 -0
- package/dist/core/filesystem/providers/local.mjs.map +1 -0
- package/dist/core/filesystem/service.cjs +2 -2
- package/dist/core/filesystem/service.d.cts.map +1 -1
- package/dist/core/filesystem/service.d.mts.map +1 -1
- package/dist/core/filesystem/service.mjs +2 -2
- package/dist/core/filesystem/service.mjs.map +1 -1
- package/dist/core/notifications/actions.mjs.map +1 -1
- package/dist/core/notifications/service.cjs +2 -2
- package/dist/core/notifications/service.mjs +2 -2
- package/dist/core/notifications/service.mjs.map +1 -1
- package/dist/server/auth/email.cjs +1 -1
- package/dist/server/auth/email.mjs +1 -1
- package/dist/server/auth/email.mjs.map +1 -1
- package/dist/server/auth/user.cjs +1 -1
- package/dist/server/auth/user.mjs +1 -1
- package/dist/server/database/schema.d.cts +490 -661
- package/dist/server/database/schema.d.cts.map +1 -1
- package/dist/server/database/schema.d.mts +490 -661
- package/dist/server/database/schema.d.mts.map +1 -1
- package/dist/server.cjs +6 -6
- package/dist/server.mjs +6 -6
- package/package.json +6 -3
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
|
|
2
2
|
//#region src/core/auth/augment.ts
|
|
3
3
|
const globalForAugment = globalThis;
|
|
4
|
-
const identityAugmenters = globalForAugment.
|
|
5
|
-
const sessionAugmenters = globalForAugment.
|
|
6
|
-
const passwordResetSessionAugmenters = globalForAugment.
|
|
7
|
-
globalForAugment.
|
|
8
|
-
globalForAugment.
|
|
9
|
-
globalForAugment.
|
|
4
|
+
const identityAugmenters = globalForAugment.__KRYO_IDENTITY_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
|
|
5
|
+
const sessionAugmenters = globalForAugment.__KRYO_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
|
|
6
|
+
const passwordResetSessionAugmenters = globalForAugment.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
|
|
7
|
+
globalForAugment.__KRYO_IDENTITY_AUGMENTERS__ = identityAugmenters;
|
|
8
|
+
globalForAugment.__KRYO_SESSION_AUGMENTERS__ = sessionAugmenters;
|
|
9
|
+
globalForAugment.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__ = passwordResetSessionAugmenters;
|
|
10
10
|
function registerIdentityAugmenter(augmenter) {
|
|
11
11
|
identityAugmenters.add(augmenter);
|
|
12
12
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"augment.d.cts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,
|
|
1
|
+
{"version":3,"file":"augment.d.cts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,iBAuBL,yBAAA,CAA0B,SAAA,EAAW,iBAAA;AAAA,iBAIrC,wBAAA,CAAyB,SAAA,EAAW,gBAAA;AAAA,iBAIpC,qCAAA,CACd,SAAA,EAAW,6BAAA;;;;iBAQS,WAAA,CACpB,IAAA,EAAM,IAAA,EACN,YAAA,GAAe,MAAA,gBACd,OAAA,CAAQ,QAAA;AAAA,iBASW,cAAA,CAAe,OAAA,EAAS,OAAA,GAAU,OAAA,CAAQ,OAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"augment.d.mts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,
|
|
1
|
+
{"version":3,"file":"augment.d.mts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,iBAuBL,yBAAA,CAA0B,SAAA,EAAW,iBAAA;AAAA,iBAIrC,wBAAA,CAAyB,SAAA,EAAW,gBAAA;AAAA,iBAIpC,qCAAA,CACd,SAAA,EAAW,6BAAA;;;;iBAQS,WAAA,CACpB,IAAA,EAAM,IAAA,EACN,YAAA,GAAe,MAAA,gBACd,OAAA,CAAQ,QAAA;AAAA,iBASW,cAAA,CAAe,OAAA,EAAS,OAAA,GAAU,OAAA,CAAQ,OAAA"}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
//#region src/core/auth/augment.ts
|
|
2
2
|
const globalForAugment = globalThis;
|
|
3
|
-
const identityAugmenters = globalForAugment.
|
|
4
|
-
const sessionAugmenters = globalForAugment.
|
|
5
|
-
const passwordResetSessionAugmenters = globalForAugment.
|
|
6
|
-
globalForAugment.
|
|
7
|
-
globalForAugment.
|
|
8
|
-
globalForAugment.
|
|
3
|
+
const identityAugmenters = globalForAugment.__KRYO_IDENTITY_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
|
|
4
|
+
const sessionAugmenters = globalForAugment.__KRYO_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
|
|
5
|
+
const passwordResetSessionAugmenters = globalForAugment.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
|
|
6
|
+
globalForAugment.__KRYO_IDENTITY_AUGMENTERS__ = identityAugmenters;
|
|
7
|
+
globalForAugment.__KRYO_SESSION_AUGMENTERS__ = sessionAugmenters;
|
|
8
|
+
globalForAugment.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__ = passwordResetSessionAugmenters;
|
|
9
9
|
function registerIdentityAugmenter(augmenter) {
|
|
10
10
|
identityAugmenters.add(augmenter);
|
|
11
11
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"augment.mjs","names":[],"sources":["../../../src/core/auth/augment.ts"],"sourcesContent":["import type { FullUser, PasswordResetSession, Session, User } from \"./types\";\n\n/**\n * REGISTRIES FOR MODULAR EXTENSIONS\n */\n\ntype IdentityAugmenter = (user: User) => Promise<Partial<FullUser>>;\ntype SessionAugmenter = (session: Session) => Promise<Partial<Session>>;\ntype PasswordResetSessionAugmenter = (\n session: PasswordResetSession,\n) => Promise<Partial<PasswordResetSession>>;\n\nconst globalForAugment = globalThis as unknown as {\n
|
|
1
|
+
{"version":3,"file":"augment.mjs","names":[],"sources":["../../../src/core/auth/augment.ts"],"sourcesContent":["import type { FullUser, PasswordResetSession, Session, User } from \"./types\";\n\n/**\n * REGISTRIES FOR MODULAR EXTENSIONS\n */\n\ntype IdentityAugmenter = (user: User) => Promise<Partial<FullUser>>;\ntype SessionAugmenter = (session: Session) => Promise<Partial<Session>>;\ntype PasswordResetSessionAugmenter = (\n session: PasswordResetSession,\n) => Promise<Partial<PasswordResetSession>>;\n\nconst globalForAugment = globalThis as unknown as {\n __KRYO_IDENTITY_AUGMENTERS__: Set<IdentityAugmenter> | undefined;\n __KRYO_SESSION_AUGMENTERS__: Set<SessionAugmenter> | undefined;\n __KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__:\n | Set<PasswordResetSessionAugmenter>\n | undefined;\n};\n\nconst identityAugmenters =\n globalForAugment.__KRYO_IDENTITY_AUGMENTERS__ ?? new Set<IdentityAugmenter>();\nconst sessionAugmenters =\n globalForAugment.__KRYO_SESSION_AUGMENTERS__ ?? new Set<SessionAugmenter>();\nconst passwordResetSessionAugmenters =\n globalForAugment.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__ ??\n new Set<PasswordResetSessionAugmenter>();\n\nglobalForAugment.__KRYO_IDENTITY_AUGMENTERS__ = identityAugmenters;\nglobalForAugment.__KRYO_SESSION_AUGMENTERS__ = sessionAugmenters;\nglobalForAugment.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__ =\n passwordResetSessionAugmenters;\n\nexport function registerIdentityAugmenter(augmenter: IdentityAugmenter) {\n identityAugmenters.add(augmenter);\n}\n\nexport function registerSessionAugmenter(augmenter: SessionAugmenter) {\n sessionAugmenters.add(augmenter);\n}\n\nexport function registerPasswordResetSessionAugmenter(\n augmenter: PasswordResetSessionAugmenter,\n) {\n passwordResetSessionAugmenters.add(augmenter);\n}\n\n/**\n * EXECUTION FUNCTIONS\n */\nexport async function augmentUser(\n user: User,\n coreRbacData?: Record<string, any>,\n): Promise<FullUser> {\n let augmentedData = coreRbacData || {};\n for (const augmenter of identityAugmenters) {\n const data = await augmenter(user);\n augmentedData = { ...augmentedData, ...data };\n }\n return { ...user, ...augmentedData } as FullUser;\n}\n\nexport async function augmentSession(session: Session): Promise<Session> {\n let augmentedData = {};\n for (const augmenter of sessionAugmenters) {\n const data = await augmenter(session);\n augmentedData = { ...augmentedData, ...data };\n }\n return { ...session, ...augmentedData } as Session;\n}\n\nexport async function augmentPasswordResetSession(\n session: PasswordResetSession,\n): Promise<PasswordResetSession> {\n let augmentedData = {};\n for (const augmenter of passwordResetSessionAugmenters) {\n const data = await augmenter(session);\n augmentedData = { ...augmentedData, ...data };\n }\n return { ...session, ...augmentedData } as PasswordResetSession;\n}\n"],"mappings":";AAYA,MAAM,mBAAmB;AAQzB,MAAM,qBACJ,iBAAiB,gDAAgC,IAAI,KAAwB;AAC/E,MAAM,oBACJ,iBAAiB,+CAA+B,IAAI,KAAuB;AAC7E,MAAM,iCACJ,iBAAiB,8DACjB,IAAI,KAAoC;AAE1C,iBAAiB,+BAA+B;AAChD,iBAAiB,8BAA8B;AAC/C,iBAAiB,6CACf;AAEF,SAAgB,0BAA0B,WAA8B;AACtE,oBAAmB,IAAI,UAAU;;AAGnC,SAAgB,yBAAyB,WAA6B;AACpE,mBAAkB,IAAI,UAAU;;AAGlC,SAAgB,sCACd,WACA;AACA,gCAA+B,IAAI,UAAU;;;;;AAM/C,eAAsB,YACpB,MACA,cACmB;CACnB,IAAI,gBAAgB,gBAAgB,EAAE;AACtC,MAAK,MAAM,aAAa,oBAAoB;EAC1C,MAAM,OAAO,MAAM,UAAU,KAAK;AAClC,kBAAgB;GAAE,GAAG;GAAe,GAAG;GAAM;;AAE/C,QAAO;EAAE,GAAG;EAAM,GAAG;EAAe;;AAGtC,eAAsB,eAAe,SAAoC;CACvE,IAAI,gBAAgB,EAAE;AACtB,MAAK,MAAM,aAAa,mBAAmB;EACzC,MAAM,OAAO,MAAM,UAAU,QAAQ;AACrC,kBAAgB;GAAE,GAAG;GAAe,GAAG;GAAM;;AAE/C,QAAO;EAAE,GAAG;EAAS,GAAG;EAAe;;AAGzC,eAAsB,4BACpB,SAC+B;CAC/B,IAAI,gBAAgB,EAAE;AACtB,MAAK,MAAM,aAAa,gCAAgC;EACtD,MAAM,OAAO,MAAM,UAAU,QAAQ;AACrC,kBAAgB;GAAE,GAAG;GAAe,GAAG;GAAM;;AAE/C,QAAO;EAAE,GAAG;EAAS,GAAG;EAAe"}
|
|
@@ -3,8 +3,8 @@
|
|
|
3
3
|
const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
|
|
4
4
|
const require_inject = require('../../server/database/inject.cjs');
|
|
5
5
|
const require_schema = require('../../server/database/schema.cjs');
|
|
6
|
-
const require_index = require('../../server/emails/index.cjs');
|
|
7
6
|
const require_encode = require('./utils/encode.cjs');
|
|
7
|
+
const require_index = require('../../server/emails/index.cjs');
|
|
8
8
|
const require_logic = require('./logic.cjs');
|
|
9
9
|
const require_session = require('./session.cjs');
|
|
10
10
|
let drizzle_orm = require("drizzle-orm");
|
|
@@ -23,11 +23,11 @@ declare function getUserEmailVerificationRequest(userId: string, id: string): Pr
|
|
|
23
23
|
declare function createEmailVerificationRequest(userId: string, email: string): Promise<{
|
|
24
24
|
id: string;
|
|
25
25
|
email: string;
|
|
26
|
-
code: string;
|
|
27
26
|
createdAt: Date;
|
|
28
27
|
updatedAt: Date | null;
|
|
29
28
|
userId: string;
|
|
30
29
|
expiresAt: Date;
|
|
30
|
+
code: string;
|
|
31
31
|
}>;
|
|
32
32
|
/**
|
|
33
33
|
* Deletes all email verification requests for a user.
|
|
@@ -23,11 +23,11 @@ declare function getUserEmailVerificationRequest(userId: string, id: string): Pr
|
|
|
23
23
|
declare function createEmailVerificationRequest(userId: string, email: string): Promise<{
|
|
24
24
|
id: string;
|
|
25
25
|
email: string;
|
|
26
|
-
code: string;
|
|
27
26
|
createdAt: Date;
|
|
28
27
|
updatedAt: Date | null;
|
|
29
28
|
userId: string;
|
|
30
29
|
expiresAt: Date;
|
|
30
|
+
code: string;
|
|
31
31
|
}>;
|
|
32
32
|
/**
|
|
33
33
|
* Deletes all email verification requests for a user.
|
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
import { db } from "../../server/database/inject.mjs";
|
|
4
4
|
import { emailVerificationTable } from "../../server/database/schema.mjs";
|
|
5
|
-
import { sendVerifyEmail } from "../../server/emails/index.mjs";
|
|
6
5
|
import { generateRandomOTP } from "./utils/encode.mjs";
|
|
6
|
+
import { sendVerifyEmail } from "../../server/emails/index.mjs";
|
|
7
7
|
import { registerSecurityRequirement } from "./logic.mjs";
|
|
8
8
|
import { getCurrentSession } from "./session.mjs";
|
|
9
9
|
import { and, eq } from "drizzle-orm";
|
package/dist/core/auth/logic.cjs
CHANGED
|
@@ -5,9 +5,9 @@ const require_validation = require('./validation.cjs');
|
|
|
5
5
|
const require_event_bus = require('../event-bus.cjs');
|
|
6
6
|
const require_inject = require('../../server/database/inject.cjs');
|
|
7
7
|
const require_schema = require('../../server/database/schema.cjs');
|
|
8
|
+
const require_augment = require('./augment.cjs');
|
|
8
9
|
const require_password = require('../../server/auth/password.cjs');
|
|
9
10
|
const require_user = require('../../server/auth/user.cjs');
|
|
10
|
-
const require_augment = require('./augment.cjs');
|
|
11
11
|
const require_email_verification = require('./email-verification.cjs');
|
|
12
12
|
const require_session = require('./session.cjs');
|
|
13
13
|
let drizzle_orm = require("drizzle-orm");
|
|
@@ -38,14 +38,14 @@ async function coreRbacAugmenter(user) {
|
|
|
38
38
|
}
|
|
39
39
|
}
|
|
40
40
|
const globalForAuth = globalThis;
|
|
41
|
-
const authValidators = globalForAuth.
|
|
42
|
-
const securityRequirements = globalForAuth.
|
|
43
|
-
const passwordResetValidators = globalForAuth.
|
|
44
|
-
const emailVerificationValidators = globalForAuth.
|
|
45
|
-
globalForAuth.
|
|
46
|
-
globalForAuth.
|
|
47
|
-
globalForAuth.
|
|
48
|
-
globalForAuth.
|
|
41
|
+
const authValidators = globalForAuth.__KRYO_AUTH_VALIDATORS__ ?? /* @__PURE__ */ new Set();
|
|
42
|
+
const securityRequirements = globalForAuth.__KRYO_SECURITY_REQUIREMENTS__ ?? /* @__PURE__ */ new Set();
|
|
43
|
+
const passwordResetValidators = globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ ?? /* @__PURE__ */ new Set();
|
|
44
|
+
const emailVerificationValidators = globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ ?? /* @__PURE__ */ new Set();
|
|
45
|
+
globalForAuth.__KRYO_AUTH_VALIDATORS__ = authValidators;
|
|
46
|
+
globalForAuth.__KRYO_SECURITY_REQUIREMENTS__ = securityRequirements;
|
|
47
|
+
globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ = passwordResetValidators;
|
|
48
|
+
globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ = emailVerificationValidators;
|
|
49
49
|
async function registerAuthValidator(validator) {
|
|
50
50
|
authValidators.add(validator);
|
|
51
51
|
}
|
|
@@ -55,11 +55,11 @@ declare function signUp(data: RegisterInput): Promise<{
|
|
|
55
55
|
session: {
|
|
56
56
|
[x: string]: any;
|
|
57
57
|
id: string;
|
|
58
|
+
active_organization_id: string | null;
|
|
58
59
|
createdAt: Date;
|
|
59
60
|
updatedAt: Date | null;
|
|
60
61
|
userId: string;
|
|
61
62
|
expiresAt: Date;
|
|
62
|
-
active_organization_id: string | null;
|
|
63
63
|
};
|
|
64
64
|
user: {
|
|
65
65
|
[x: string]: any;
|
|
@@ -83,11 +83,11 @@ declare function finalizeLogin(userId: string, flags: SessionFlags): Promise<{
|
|
|
83
83
|
session: {
|
|
84
84
|
[x: string]: any;
|
|
85
85
|
id: string;
|
|
86
|
+
active_organization_id: string | null;
|
|
86
87
|
createdAt: Date;
|
|
87
88
|
updatedAt: Date | null;
|
|
88
89
|
userId: string;
|
|
89
90
|
expiresAt: Date;
|
|
90
|
-
active_organization_id: string | null;
|
|
91
91
|
} | null;
|
|
92
92
|
user: {
|
|
93
93
|
id: string;
|
|
@@ -55,11 +55,11 @@ declare function signUp(data: RegisterInput): Promise<{
|
|
|
55
55
|
session: {
|
|
56
56
|
[x: string]: any;
|
|
57
57
|
id: string;
|
|
58
|
+
active_organization_id: string | null;
|
|
58
59
|
createdAt: Date;
|
|
59
60
|
updatedAt: Date | null;
|
|
60
61
|
userId: string;
|
|
61
62
|
expiresAt: Date;
|
|
62
|
-
active_organization_id: string | null;
|
|
63
63
|
};
|
|
64
64
|
user: {
|
|
65
65
|
[x: string]: any;
|
|
@@ -83,11 +83,11 @@ declare function finalizeLogin(userId: string, flags: SessionFlags): Promise<{
|
|
|
83
83
|
session: {
|
|
84
84
|
[x: string]: any;
|
|
85
85
|
id: string;
|
|
86
|
+
active_organization_id: string | null;
|
|
86
87
|
createdAt: Date;
|
|
87
88
|
updatedAt: Date | null;
|
|
88
89
|
userId: string;
|
|
89
90
|
expiresAt: Date;
|
|
90
|
-
active_organization_id: string | null;
|
|
91
91
|
} | null;
|
|
92
92
|
user: {
|
|
93
93
|
id: string;
|
package/dist/core/auth/logic.mjs
CHANGED
|
@@ -4,9 +4,9 @@ import { loginSchema, registerSchema } from "./validation.mjs";
|
|
|
4
4
|
import { eventBus } from "../event-bus.mjs";
|
|
5
5
|
import { db } from "../../server/database/inject.mjs";
|
|
6
6
|
import { permissionsTable, rolesTable, rolesToPermissionsTable, usersToPermissionsTable, usersToRolesTable } from "../../server/database/schema.mjs";
|
|
7
|
+
import { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter } from "./augment.mjs";
|
|
7
8
|
import { verifyPasswordHash, verifyPasswordStrength } from "../../server/auth/password.mjs";
|
|
8
9
|
import { createUser, getUserById, getUserFromEmail, getUserPasswordHash, verifyUsernameInput } from "../../server/auth/user.mjs";
|
|
9
|
-
import { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter } from "./augment.mjs";
|
|
10
10
|
import { createEmailVerificationRequest, sendVerificationEmail, setEmailVerificationRequestCookie } from "./email-verification.mjs";
|
|
11
11
|
import { createSession, deleteSessionTokenCookie, generateSessionToken, getCurrentSession, invalidateSession, setSessionTokenCookie } from "./session.mjs";
|
|
12
12
|
import { eq, inArray } from "drizzle-orm";
|
|
@@ -37,14 +37,14 @@ async function coreRbacAugmenter(user) {
|
|
|
37
37
|
}
|
|
38
38
|
}
|
|
39
39
|
const globalForAuth = globalThis;
|
|
40
|
-
const authValidators = globalForAuth.
|
|
41
|
-
const securityRequirements = globalForAuth.
|
|
42
|
-
const passwordResetValidators = globalForAuth.
|
|
43
|
-
const emailVerificationValidators = globalForAuth.
|
|
44
|
-
globalForAuth.
|
|
45
|
-
globalForAuth.
|
|
46
|
-
globalForAuth.
|
|
47
|
-
globalForAuth.
|
|
40
|
+
const authValidators = globalForAuth.__KRYO_AUTH_VALIDATORS__ ?? /* @__PURE__ */ new Set();
|
|
41
|
+
const securityRequirements = globalForAuth.__KRYO_SECURITY_REQUIREMENTS__ ?? /* @__PURE__ */ new Set();
|
|
42
|
+
const passwordResetValidators = globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ ?? /* @__PURE__ */ new Set();
|
|
43
|
+
const emailVerificationValidators = globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ ?? /* @__PURE__ */ new Set();
|
|
44
|
+
globalForAuth.__KRYO_AUTH_VALIDATORS__ = authValidators;
|
|
45
|
+
globalForAuth.__KRYO_SECURITY_REQUIREMENTS__ = securityRequirements;
|
|
46
|
+
globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ = passwordResetValidators;
|
|
47
|
+
globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ = emailVerificationValidators;
|
|
48
48
|
async function registerAuthValidator(validator) {
|
|
49
49
|
authValidators.add(validator);
|
|
50
50
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logic.mjs","names":[],"sources":["../../../src/core/auth/logic.ts"],"sourcesContent":["\"use server\";\n\nimport { eq, inArray } from \"drizzle-orm\";\nimport {\n verifyPasswordHash,\n verifyPasswordStrength,\n} from \"../../server/auth/password\";\nimport {\n createUser,\n getUserById,\n getUserFromEmail,\n getUserPasswordHash,\n verifyUsernameInput,\n} from \"../../server/auth/user\";\nimport { db } from \"../../server/database/inject\";\nimport {\n permissionsTable,\n rolesTable,\n rolesToPermissionsTable,\n usersToPermissionsTable,\n usersToRolesTable,\n} from \"../../server/database/schema\";\nimport { eventBus } from \"../event-bus\";\nimport {\n augmentSession,\n augmentUser,\n registerIdentityAugmenter,\n registerPasswordResetSessionAugmenter,\n registerSessionAugmenter,\n} from \"./augment\";\nimport {\n createEmailVerificationRequest,\n sendVerificationEmail,\n setEmailVerificationRequestCookie,\n} from \"./email-verification\";\nimport {\n createSession,\n deleteSessionTokenCookie,\n generateSessionToken,\n getCurrentSession,\n invalidateSession,\n setSessionTokenCookie,\n} from \"./session\";\nimport type {\n AuthResponse,\n FullUser,\n Session,\n SessionFlags,\n User,\n UserPermission,\n UserRole,\n} from \"./types\";\nimport {\n type LoginInput,\n loginSchema,\n type RegisterInput,\n registerSchema,\n} from \"./validation\";\n\n/**\n * Podstawowy moduł rozszerzający tożsamość dla ról i uprawnień\n */\nasync function coreRbacAugmenter(user: User): Promise<Record<string, any>> {\n try {\n // 1. Fetch direct roles\n const userRoles = await db\n .select({ name: rolesTable.name })\n .from(usersToRolesTable)\n .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))\n .where(eq(usersToRolesTable.userId, user.id));\n\n const roles = userRoles.map((r) => r.name);\n\n // 2. Fetch direct permissions\n const userDirectPerms = await db\n .select({ name: permissionsTable.name })\n .from(usersToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(usersToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(eq(usersToPermissionsTable.userId, user.id));\n\n const directPerms = userDirectPerms.map((p) => p.name);\n\n // 3. Fetch permissions from roles\n let rolePerms: string[] = [];\n if (roles.length > 0) {\n const roleIdsResult = await db\n .select({ id: rolesTable.id })\n .from(rolesTable)\n .where(inArray(rolesTable.name, roles));\n\n const roleIds = roleIdsResult.map((r) => r.id);\n\n if (roleIds.length > 0) {\n const rolePermsData = await db\n .select({ name: permissionsTable.name })\n .from(rolesToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(inArray(rolesToPermissionsTable.roleId, roleIds));\n rolePerms = rolePermsData.map((p) => p.name);\n }\n }\n\n return {\n roles,\n permissions: Array.from(new Set([...directPerms, ...rolePerms])),\n };\n } catch (error) {\n console.error(\"[Auth:RBAC] Failed to augment user:\", error);\n return { roles: [], permissions: [] };\n }\n}\n\n/**\n * Registry for login validators (e.g. 2FA module)\n */\ntype AuthValidator = (userId: string) => Promise<AuthResponse | null>;\n\n/**\n * Registry for Security Requirements (e.g. checking if 2FA is needed for a session)\n */\ntype SecurityRequirement = (\n session: Session,\n user: FullUser,\n) => Promise<{ satisfied: boolean; redirect?: string } | null>;\n\n/**\n * Registry for password reset validators (e.g. 2FA module requiring check during reset)\n */\ntype PasswordResetValidator = (userId: string) => Promise<AuthResponse | null>;\n\n/**\n * Registry for email verification validators\n */\ntype EmailVerificationValidator = (\n userId: string,\n) => Promise<AuthResponse | null>;\n\nconst globalForAuth = globalThis as unknown as {\n __WINKLY_AUTH_VALIDATORS__: Set<AuthValidator> | undefined;\n __WINKLY_SECURITY_REQUIREMENTS__: Set<SecurityRequirement> | undefined;\n __WINKLY_PASSWORD_RESET_VALIDATORS__: Set<PasswordResetValidator> | undefined;\n __WINKLY_EMAIL_VERIFICATION_VALIDATORS__:\n | Set<EmailVerificationValidator>\n | undefined;\n};\n\nconst authValidators =\n globalForAuth.__WINKLY_AUTH_VALIDATORS__ ?? new Set<AuthValidator>();\nconst securityRequirements =\n globalForAuth.__WINKLY_SECURITY_REQUIREMENTS__ ??\n new Set<SecurityRequirement>();\nconst passwordResetValidators =\n globalForAuth.__WINKLY_PASSWORD_RESET_VALIDATORS__ ??\n new Set<PasswordResetValidator>();\nconst emailVerificationValidators =\n globalForAuth.__WINKLY_EMAIL_VERIFICATION_VALIDATORS__ ??\n new Set<EmailVerificationValidator>();\n\nglobalForAuth.__WINKLY_AUTH_VALIDATORS__ = authValidators;\nglobalForAuth.__WINKLY_SECURITY_REQUIREMENTS__ = securityRequirements;\nglobalForAuth.__WINKLY_PASSWORD_RESET_VALIDATORS__ = passwordResetValidators;\nglobalForAuth.__WINKLY_EMAIL_VERIFICATION_VALIDATORS__ =\n emailVerificationValidators;\n\nexport async function registerAuthValidator(validator: AuthValidator) {\n authValidators.add(validator);\n}\n\nexport async function registerPasswordResetValidator(\n validator: PasswordResetValidator,\n) {\n passwordResetValidators.add(validator);\n}\n\nexport async function registerEmailVerificationValidator(\n validator: EmailVerificationValidator,\n) {\n emailVerificationValidators.add(validator);\n}\n\nexport {\n registerIdentityAugmenter,\n registerSessionAugmenter,\n registerPasswordResetSessionAugmenter,\n augmentUser,\n augmentSession,\n};\n\nexport async function registerSecurityRequirement(\n requirement: SecurityRequirement,\n) {\n securityRequirements.add(requirement);\n}\n\nexport async function runPasswordResetValidators(\n userId: string,\n): Promise<AuthResponse | null> {\n for (const validator of passwordResetValidators) {\n const interception = await validator(userId);\n if (interception) return interception;\n }\n return null;\n}\n\nexport async function runEmailVerificationValidators(\n userId: string,\n): Promise<AuthResponse | null> {\n for (const validator of emailVerificationValidators) {\n const interception = await validator(userId);\n if (interception) return interception;\n }\n return null;\n}\n\n/**\n * Augments a base user with data from all registered modules.\n * This is now just a wrapper that includes core RBAC data.\n */\nexport async function performFullUserAugmentation(\n user: User,\n): Promise<FullUser> {\n const coreRbacData = await coreRbacAugmenter(user);\n return await augmentUser(user, coreRbacData);\n}\n\n/**\n * Checks if the current session satisfies all registered security requirements.\n */\nexport async function checkSecurity(\n session: Session,\n user: FullUser,\n requiredRoles?: UserRole[],\n requiredPermissions?: UserPermission[],\n fallbackRedirect?: string,\n) {\n if (!user) {\n console.warn(\"User is required for security check\");\n return { satisfied: false, redirect: fallbackRedirect ?? \"/signin\" };\n }\n\n const userRoles = Array.isArray(user.roles) ? user.roles : [];\n const userPermissions = Array.isArray(user.permissions)\n ? user.permissions\n : [];\n\n // 1. Core Role Check (At least one role must match)\n if (requiredRoles && requiredRoles.length > 0) {\n const hasRole = requiredRoles.some((role) => userRoles.includes(role));\n if (!hasRole) {\n console.warn(`User lacks required roles: ${requiredRoles.join(\", \")}`);\n return {\n satisfied: false,\n redirect: fallbackRedirect,\n };\n }\n }\n\n // 2. Core Permission Check (ALL permissions must match)\n if (requiredPermissions && requiredPermissions.length > 0) {\n const hasAllPermissions = requiredPermissions.every((perm) =>\n userPermissions.includes(perm),\n );\n if (!hasAllPermissions) {\n console.warn(\n `User lacks required permissions: ${requiredPermissions.join(\", \")}`,\n );\n\n return {\n satisfied: false,\n redirect: fallbackRedirect,\n };\n }\n }\n\n // 3. Modular Requirements Check\n if (securityRequirements) {\n for (const requirement of securityRequirements) {\n try {\n const result = await requirement(session, user);\n if (result && !result.satisfied) {\n return {\n ...result,\n redirect: result.redirect ?? fallbackRedirect,\n };\n }\n } catch (error) {\n console.error(\"[Auth:Security] Requirement failed:\", error);\n }\n }\n }\n return { satisfied: true };\n}\n\n/**\n * Sign In Logic\n */\nexport async function signIn(data: LoginInput): Promise<AuthResponse> {\n const { email, password } = await loginSchema.parseAsync(data);\n\n const user = await getUserFromEmail(email);\n if (!user) {\n return { status: \"ERROR\", message: \"Invalid email or password\" };\n }\n\n const passwordHash = await getUserPasswordHash(user.id);\n if (!passwordHash || !(await verifyPasswordHash(passwordHash, password))) {\n return { status: \"ERROR\", message: \"Invalid email or password\" };\n }\n\n // Interception Layer\n for (const validator of authValidators) {\n const interception = await validator(user.id);\n if (interception) return interception;\n }\n\n const sessionFlags: SessionFlags = {};\n const sessionToken = await generateSessionToken();\n const session = await createSession(sessionToken, user.id, sessionFlags);\n await setSessionTokenCookie(sessionToken, session.expiresAt);\n\n const fullUser = await performFullUserAugmentation(user);\n await eventBus.publish(\"auth:session-created\", { session, user: fullUser });\n\n return {\n status: \"SUCCESS\",\n session: { ...session },\n user: { ...fullUser },\n };\n}\n\n/**\n * Sign Up Logic\n */\nexport async function signUp(data: RegisterInput) {\n const { email, username, password } = registerSchema.parse(data);\n\n if (!(await verifyUsernameInput(username))) {\n throw new Error(\"Invalid username\");\n }\n\n if (!(await verifyPasswordStrength(password))) {\n throw new Error(\"Weak password\");\n }\n\n const user = await createUser(email, username, password);\n const verificationRequest = await createEmailVerificationRequest(\n user.id,\n user.email,\n );\n\n await sendVerificationEmail(\n verificationRequest.email,\n verificationRequest.code,\n );\n await setEmailVerificationRequestCookie(verificationRequest);\n\n const sessionFlags: SessionFlags = {};\n const sessionToken = await generateSessionToken();\n const session = await createSession(sessionToken, user.id, sessionFlags);\n await setSessionTokenCookie(sessionToken, session.expiresAt);\n\n const fullUser = await performFullUserAugmentation(user);\n await eventBus.publish(\"auth:session-created\", { session, user: fullUser });\n\n return {\n session: { ...session },\n user: { ...fullUser },\n };\n}\n\n/**\n * Finalizes login after a challenge\n */\nexport async function finalizeLogin(userId: string, flags: SessionFlags) {\n const sessionToken = await generateSessionToken();\n const session = await createSession(sessionToken, userId, flags);\n await setSessionTokenCookie(sessionToken, session.expiresAt);\n\n const user = await getUserById(userId);\n\n if (user) {\n await eventBus.publish(\"auth:session-created\", { session, user });\n }\n\n return {\n session: session ? { ...session } : null,\n user: user ? { ...user } : null,\n };\n}\n\n/**\n * Sign Out\n */\nexport async function signOut() {\n const { session, user } = await getCurrentSession();\n if (session) {\n if (user) {\n await eventBus.publish(\"auth:signed-out\", { userId: user.id });\n }\n await invalidateSession(session.id);\n await deleteSessionTokenCookie();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AA8DA,eAAe,kBAAkB,MAA0C;AACzE,KAAI;EAQF,MAAM,SANY,MAAM,GACrB,OAAO,EAAE,MAAM,WAAW,MAAM,CAAC,CACjC,KAAK,kBAAkB,CACvB,UAAU,YAAY,GAAG,kBAAkB,QAAQ,WAAW,GAAG,CAAC,CAClE,MAAM,GAAG,kBAAkB,QAAQ,KAAK,GAAG,CAAC,EAEvB,KAAK,MAAM,EAAE,KAAK;EAY1C,MAAM,eATkB,MAAM,GAC3B,OAAO,EAAE,MAAM,iBAAiB,MAAM,CAAC,CACvC,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,GAAG,wBAAwB,QAAQ,KAAK,GAAG,CAAC,EAEjB,KAAK,MAAM,EAAE,KAAK;EAGtD,IAAI,YAAsB,EAAE;AAC5B,MAAI,MAAM,SAAS,GAAG;GAMpB,MAAM,WALgB,MAAM,GACzB,OAAO,EAAE,IAAI,WAAW,IAAI,CAAC,CAC7B,KAAK,WAAW,CAChB,MAAM,QAAQ,WAAW,MAAM,MAAM,CAAC,EAEX,KAAK,MAAM,EAAE,GAAG;AAE9C,OAAI,QAAQ,SAAS,EASnB,cARsB,MAAM,GACzB,OAAO,EAAE,MAAM,iBAAiB,MAAM,CAAC,CACvC,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,QAAQ,wBAAwB,QAAQ,QAAQ,CAAC,EAChC,KAAK,MAAM,EAAE,KAAK;;AAIhD,SAAO;GACL;GACA,aAAa,MAAM,KAAK,IAAI,IAAI,CAAC,GAAG,aAAa,GAAG,UAAU,CAAC,CAAC;GACjE;UACM,OAAO;AACd,UAAQ,MAAM,uCAAuC,MAAM;AAC3D,SAAO;GAAE,OAAO,EAAE;GAAE,aAAa,EAAE;GAAE;;;AA6BzC,MAAM,gBAAgB;AAStB,MAAM,iBACJ,cAAc,8CAA8B,IAAI,KAAoB;AACtE,MAAM,uBACJ,cAAc,oDACd,IAAI,KAA0B;AAChC,MAAM,0BACJ,cAAc,wDACd,IAAI,KAA6B;AACnC,MAAM,8BACJ,cAAc,4DACd,IAAI,KAAiC;AAEvC,cAAc,6BAA6B;AAC3C,cAAc,mCAAmC;AACjD,cAAc,uCAAuC;AACrD,cAAc,2CACZ;AAEF,eAAsB,sBAAsB,WAA0B;AACpE,gBAAe,IAAI,UAAU;;AAG/B,eAAsB,+BACpB,WACA;AACA,yBAAwB,IAAI,UAAU;;AAGxC,eAAsB,mCACpB,WACA;AACA,6BAA4B,IAAI,UAAU;;AAW5C,eAAsB,4BACpB,aACA;AACA,sBAAqB,IAAI,YAAY;;AAGvC,eAAsB,2BACpB,QAC8B;AAC9B,MAAK,MAAM,aAAa,yBAAyB;EAC/C,MAAM,eAAe,MAAM,UAAU,OAAO;AAC5C,MAAI,aAAc,QAAO;;AAE3B,QAAO;;AAGT,eAAsB,+BACpB,QAC8B;AAC9B,MAAK,MAAM,aAAa,6BAA6B;EACnD,MAAM,eAAe,MAAM,UAAU,OAAO;AAC5C,MAAI,aAAc,QAAO;;AAE3B,QAAO;;;;;;AAOT,eAAsB,4BACpB,MACmB;AAEnB,QAAO,MAAM,YAAY,MADJ,MAAM,kBAAkB,KAAK,CACN;;;;;AAM9C,eAAsB,cACpB,SACA,MACA,eACA,qBACA,kBACA;AACA,KAAI,CAAC,MAAM;AACT,UAAQ,KAAK,sCAAsC;AACnD,SAAO;GAAE,WAAW;GAAO,UAAU,oBAAoB;GAAW;;CAGtE,MAAM,YAAY,MAAM,QAAQ,KAAK,MAAM,GAAG,KAAK,QAAQ,EAAE;CAC7D,MAAM,kBAAkB,MAAM,QAAQ,KAAK,YAAY,GACnD,KAAK,cACL,EAAE;AAGN,KAAI,iBAAiB,cAAc,SAAS,GAE1C;MAAI,CADY,cAAc,MAAM,SAAS,UAAU,SAAS,KAAK,CAAC,EACxD;AACZ,WAAQ,KAAK,8BAA8B,cAAc,KAAK,KAAK,GAAG;AACtE,UAAO;IACL,WAAW;IACX,UAAU;IACX;;;AAKL,KAAI,uBAAuB,oBAAoB,SAAS,GAItD;MAAI,CAHsB,oBAAoB,OAAO,SACnD,gBAAgB,SAAS,KAAK,CAC/B,EACuB;AACtB,WAAQ,KACN,oCAAoC,oBAAoB,KAAK,KAAK,GACnE;AAED,UAAO;IACL,WAAW;IACX,UAAU;IACX;;;AAKL,KAAI,qBACF,MAAK,MAAM,eAAe,qBACxB,KAAI;EACF,MAAM,SAAS,MAAM,YAAY,SAAS,KAAK;AAC/C,MAAI,UAAU,CAAC,OAAO,UACpB,QAAO;GACL,GAAG;GACH,UAAU,OAAO,YAAY;GAC9B;UAEI,OAAO;AACd,UAAQ,MAAM,uCAAuC,MAAM;;AAIjE,QAAO,EAAE,WAAW,MAAM;;;;;AAM5B,eAAsB,OAAO,MAAyC;CACpE,MAAM,EAAE,OAAO,aAAa,MAAM,YAAY,WAAW,KAAK;CAE9D,MAAM,OAAO,MAAM,iBAAiB,MAAM;AAC1C,KAAI,CAAC,KACH,QAAO;EAAE,QAAQ;EAAS,SAAS;EAA6B;CAGlE,MAAM,eAAe,MAAM,oBAAoB,KAAK,GAAG;AACvD,KAAI,CAAC,gBAAgB,CAAE,MAAM,mBAAmB,cAAc,SAAS,CACrE,QAAO;EAAE,QAAQ;EAAS,SAAS;EAA6B;AAIlE,MAAK,MAAM,aAAa,gBAAgB;EACtC,MAAM,eAAe,MAAM,UAAU,KAAK,GAAG;AAC7C,MAAI,aAAc,QAAO;;CAG3B,MAAM,eAA6B,EAAE;CACrC,MAAM,eAAe,MAAM,sBAAsB;CACjD,MAAM,UAAU,MAAM,cAAc,cAAc,KAAK,IAAI,aAAa;AACxE,OAAM,sBAAsB,cAAc,QAAQ,UAAU;CAE5D,MAAM,WAAW,MAAM,4BAA4B,KAAK;AACxD,OAAM,SAAS,QAAQ,wBAAwB;EAAE;EAAS,MAAM;EAAU,CAAC;AAE3E,QAAO;EACL,QAAQ;EACR,SAAS,EAAE,GAAG,SAAS;EACvB,MAAM,EAAE,GAAG,UAAU;EACtB;;;;;AAMH,eAAsB,OAAO,MAAqB;CAChD,MAAM,EAAE,OAAO,UAAU,aAAa,eAAe,MAAM,KAAK;AAEhE,KAAI,CAAE,MAAM,oBAAoB,SAAS,CACvC,OAAM,IAAI,MAAM,mBAAmB;AAGrC,KAAI,CAAE,MAAM,uBAAuB,SAAS,CAC1C,OAAM,IAAI,MAAM,gBAAgB;CAGlC,MAAM,OAAO,MAAM,WAAW,OAAO,UAAU,SAAS;CACxD,MAAM,sBAAsB,MAAM,+BAChC,KAAK,IACL,KAAK,MACN;AAED,OAAM,sBACJ,oBAAoB,OACpB,oBAAoB,KACrB;AACD,OAAM,kCAAkC,oBAAoB;CAE5D,MAAM,eAA6B,EAAE;CACrC,MAAM,eAAe,MAAM,sBAAsB;CACjD,MAAM,UAAU,MAAM,cAAc,cAAc,KAAK,IAAI,aAAa;AACxE,OAAM,sBAAsB,cAAc,QAAQ,UAAU;CAE5D,MAAM,WAAW,MAAM,4BAA4B,KAAK;AACxD,OAAM,SAAS,QAAQ,wBAAwB;EAAE;EAAS,MAAM;EAAU,CAAC;AAE3E,QAAO;EACL,SAAS,EAAE,GAAG,SAAS;EACvB,MAAM,EAAE,GAAG,UAAU;EACtB;;;;;AAMH,eAAsB,cAAc,QAAgB,OAAqB;CACvE,MAAM,eAAe,MAAM,sBAAsB;CACjD,MAAM,UAAU,MAAM,cAAc,cAAc,QAAQ,MAAM;AAChE,OAAM,sBAAsB,cAAc,QAAQ,UAAU;CAE5D,MAAM,OAAO,MAAM,YAAY,OAAO;AAEtC,KAAI,KACF,OAAM,SAAS,QAAQ,wBAAwB;EAAE;EAAS;EAAM,CAAC;AAGnE,QAAO;EACL,SAAS,UAAU,EAAE,GAAG,SAAS,GAAG;EACpC,MAAM,OAAO,EAAE,GAAG,MAAM,GAAG;EAC5B;;;;;AAMH,eAAsB,UAAU;CAC9B,MAAM,EAAE,SAAS,SAAS,MAAM,mBAAmB;AACnD,KAAI,SAAS;AACX,MAAI,KACF,OAAM,SAAS,QAAQ,mBAAmB,EAAE,QAAQ,KAAK,IAAI,CAAC;AAEhE,QAAM,kBAAkB,QAAQ,GAAG;AACnC,QAAM,0BAA0B"}
|
|
1
|
+
{"version":3,"file":"logic.mjs","names":[],"sources":["../../../src/core/auth/logic.ts"],"sourcesContent":["\"use server\";\n\nimport { eq, inArray } from \"drizzle-orm\";\nimport {\n verifyPasswordHash,\n verifyPasswordStrength,\n} from \"../../server/auth/password\";\nimport {\n createUser,\n getUserById,\n getUserFromEmail,\n getUserPasswordHash,\n verifyUsernameInput,\n} from \"../../server/auth/user\";\nimport { db } from \"../../server/database/inject\";\nimport {\n permissionsTable,\n rolesTable,\n rolesToPermissionsTable,\n usersToPermissionsTable,\n usersToRolesTable,\n} from \"../../server/database/schema\";\nimport { eventBus } from \"../event-bus\";\nimport {\n augmentSession,\n augmentUser,\n registerIdentityAugmenter,\n registerPasswordResetSessionAugmenter,\n registerSessionAugmenter,\n} from \"./augment\";\nimport {\n createEmailVerificationRequest,\n sendVerificationEmail,\n setEmailVerificationRequestCookie,\n} from \"./email-verification\";\nimport {\n createSession,\n deleteSessionTokenCookie,\n generateSessionToken,\n getCurrentSession,\n invalidateSession,\n setSessionTokenCookie,\n} from \"./session\";\nimport type {\n AuthResponse,\n FullUser,\n Session,\n SessionFlags,\n User,\n UserPermission,\n UserRole,\n} from \"./types\";\nimport {\n type LoginInput,\n loginSchema,\n type RegisterInput,\n registerSchema,\n} from \"./validation\";\n\n/**\n * Podstawowy moduł rozszerzający tożsamość dla ról i uprawnień\n */\nasync function coreRbacAugmenter(user: User): Promise<Record<string, any>> {\n try {\n // 1. Fetch direct roles\n const userRoles = await db\n .select({ name: rolesTable.name })\n .from(usersToRolesTable)\n .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))\n .where(eq(usersToRolesTable.userId, user.id));\n\n const roles = userRoles.map((r) => r.name);\n\n // 2. Fetch direct permissions\n const userDirectPerms = await db\n .select({ name: permissionsTable.name })\n .from(usersToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(usersToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(eq(usersToPermissionsTable.userId, user.id));\n\n const directPerms = userDirectPerms.map((p) => p.name);\n\n // 3. Fetch permissions from roles\n let rolePerms: string[] = [];\n if (roles.length > 0) {\n const roleIdsResult = await db\n .select({ id: rolesTable.id })\n .from(rolesTable)\n .where(inArray(rolesTable.name, roles));\n\n const roleIds = roleIdsResult.map((r) => r.id);\n\n if (roleIds.length > 0) {\n const rolePermsData = await db\n .select({ name: permissionsTable.name })\n .from(rolesToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(inArray(rolesToPermissionsTable.roleId, roleIds));\n rolePerms = rolePermsData.map((p) => p.name);\n }\n }\n\n return {\n roles,\n permissions: Array.from(new Set([...directPerms, ...rolePerms])),\n };\n } catch (error) {\n console.error(\"[Auth:RBAC] Failed to augment user:\", error);\n return { roles: [], permissions: [] };\n }\n}\n\n/**\n * Registry for login validators (e.g. 2FA module)\n */\ntype AuthValidator = (userId: string) => Promise<AuthResponse | null>;\n\n/**\n * Registry for Security Requirements (e.g. checking if 2FA is needed for a session)\n */\ntype SecurityRequirement = (\n session: Session,\n user: FullUser,\n) => Promise<{ satisfied: boolean; redirect?: string } | null>;\n\n/**\n * Registry for password reset validators (e.g. 2FA module requiring check during reset)\n */\ntype PasswordResetValidator = (userId: string) => Promise<AuthResponse | null>;\n\n/**\n * Registry for email verification validators\n */\ntype EmailVerificationValidator = (\n userId: string,\n) => Promise<AuthResponse | null>;\n\nconst globalForAuth = globalThis as unknown as {\n __KRYO_AUTH_VALIDATORS__: Set<AuthValidator> | undefined;\n __KRYO_SECURITY_REQUIREMENTS__: Set<SecurityRequirement> | undefined;\n __KRYO_PASSWORD_RESET_VALIDATORS__: Set<PasswordResetValidator> | undefined;\n __KRYO_EMAIL_VERIFICATION_VALIDATORS__:\n | Set<EmailVerificationValidator>\n | undefined;\n};\n\nconst authValidators =\n globalForAuth.__KRYO_AUTH_VALIDATORS__ ?? new Set<AuthValidator>();\nconst securityRequirements =\n globalForAuth.__KRYO_SECURITY_REQUIREMENTS__ ??\n new Set<SecurityRequirement>();\nconst passwordResetValidators =\n globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ ??\n new Set<PasswordResetValidator>();\nconst emailVerificationValidators =\n globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ ??\n new Set<EmailVerificationValidator>();\n\nglobalForAuth.__KRYO_AUTH_VALIDATORS__ = authValidators;\nglobalForAuth.__KRYO_SECURITY_REQUIREMENTS__ = securityRequirements;\nglobalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ = passwordResetValidators;\nglobalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ =\n emailVerificationValidators;\n\nexport async function registerAuthValidator(validator: AuthValidator) {\n authValidators.add(validator);\n}\n\nexport async function registerPasswordResetValidator(\n validator: PasswordResetValidator,\n) {\n passwordResetValidators.add(validator);\n}\n\nexport async function registerEmailVerificationValidator(\n validator: EmailVerificationValidator,\n) {\n emailVerificationValidators.add(validator);\n}\n\nexport {\n registerIdentityAugmenter,\n registerSessionAugmenter,\n registerPasswordResetSessionAugmenter,\n augmentUser,\n augmentSession,\n};\n\nexport async function registerSecurityRequirement(\n requirement: SecurityRequirement,\n) {\n securityRequirements.add(requirement);\n}\n\nexport async function runPasswordResetValidators(\n userId: string,\n): Promise<AuthResponse | null> {\n for (const validator of passwordResetValidators) {\n const interception = await validator(userId);\n if (interception) return interception;\n }\n return null;\n}\n\nexport async function runEmailVerificationValidators(\n userId: string,\n): Promise<AuthResponse | null> {\n for (const validator of emailVerificationValidators) {\n const interception = await validator(userId);\n if (interception) return interception;\n }\n return null;\n}\n\n/**\n * Augments a base user with data from all registered modules.\n * This is now just a wrapper that includes core RBAC data.\n */\nexport async function performFullUserAugmentation(\n user: User,\n): Promise<FullUser> {\n const coreRbacData = await coreRbacAugmenter(user);\n return await augmentUser(user, coreRbacData);\n}\n\n/**\n * Checks if the current session satisfies all registered security requirements.\n */\nexport async function checkSecurity(\n session: Session,\n user: FullUser,\n requiredRoles?: UserRole[],\n requiredPermissions?: UserPermission[],\n fallbackRedirect?: string,\n) {\n if (!user) {\n console.warn(\"User is required for security check\");\n return { satisfied: false, redirect: fallbackRedirect ?? \"/signin\" };\n }\n\n const userRoles = Array.isArray(user.roles) ? user.roles : [];\n const userPermissions = Array.isArray(user.permissions)\n ? user.permissions\n : [];\n\n // 1. Core Role Check (At least one role must match)\n if (requiredRoles && requiredRoles.length > 0) {\n const hasRole = requiredRoles.some((role) => userRoles.includes(role));\n if (!hasRole) {\n console.warn(`User lacks required roles: ${requiredRoles.join(\", \")}`);\n return {\n satisfied: false,\n redirect: fallbackRedirect,\n };\n }\n }\n\n // 2. Core Permission Check (ALL permissions must match)\n if (requiredPermissions && requiredPermissions.length > 0) {\n const hasAllPermissions = requiredPermissions.every((perm) =>\n userPermissions.includes(perm),\n );\n if (!hasAllPermissions) {\n console.warn(\n `User lacks required permissions: ${requiredPermissions.join(\", \")}`,\n );\n\n return {\n satisfied: false,\n redirect: fallbackRedirect,\n };\n }\n }\n\n // 3. Modular Requirements Check\n if (securityRequirements) {\n for (const requirement of securityRequirements) {\n try {\n const result = await requirement(session, user);\n if (result && !result.satisfied) {\n return {\n ...result,\n redirect: result.redirect ?? fallbackRedirect,\n };\n }\n } catch (error) {\n console.error(\"[Auth:Security] Requirement failed:\", error);\n }\n }\n }\n return { satisfied: true };\n}\n\n/**\n * Sign In Logic\n */\nexport async function signIn(data: LoginInput): Promise<AuthResponse> {\n const { email, password } = await loginSchema.parseAsync(data);\n\n const user = await getUserFromEmail(email);\n if (!user) {\n return { status: \"ERROR\", message: \"Invalid email or password\" };\n }\n\n const passwordHash = await getUserPasswordHash(user.id);\n if (!passwordHash || !(await verifyPasswordHash(passwordHash, password))) {\n return { status: \"ERROR\", message: \"Invalid email or password\" };\n }\n\n // Interception Layer\n for (const validator of authValidators) {\n const interception = await validator(user.id);\n if (interception) return interception;\n }\n\n const sessionFlags: SessionFlags = {};\n const sessionToken = await generateSessionToken();\n const session = await createSession(sessionToken, user.id, sessionFlags);\n await setSessionTokenCookie(sessionToken, session.expiresAt);\n\n const fullUser = await performFullUserAugmentation(user);\n await eventBus.publish(\"auth:session-created\", { session, user: fullUser });\n\n return {\n status: \"SUCCESS\",\n session: { ...session },\n user: { ...fullUser },\n };\n}\n\n/**\n * Sign Up Logic\n */\nexport async function signUp(data: RegisterInput) {\n const { email, username, password } = registerSchema.parse(data);\n\n if (!(await verifyUsernameInput(username))) {\n throw new Error(\"Invalid username\");\n }\n\n if (!(await verifyPasswordStrength(password))) {\n throw new Error(\"Weak password\");\n }\n\n const user = await createUser(email, username, password);\n const verificationRequest = await createEmailVerificationRequest(\n user.id,\n user.email,\n );\n\n await sendVerificationEmail(\n verificationRequest.email,\n verificationRequest.code,\n );\n await setEmailVerificationRequestCookie(verificationRequest);\n\n const sessionFlags: SessionFlags = {};\n const sessionToken = await generateSessionToken();\n const session = await createSession(sessionToken, user.id, sessionFlags);\n await setSessionTokenCookie(sessionToken, session.expiresAt);\n\n const fullUser = await performFullUserAugmentation(user);\n await eventBus.publish(\"auth:session-created\", { session, user: fullUser });\n\n return {\n session: { ...session },\n user: { ...fullUser },\n };\n}\n\n/**\n * Finalizes login after a challenge\n */\nexport async function finalizeLogin(userId: string, flags: SessionFlags) {\n const sessionToken = await generateSessionToken();\n const session = await createSession(sessionToken, userId, flags);\n await setSessionTokenCookie(sessionToken, session.expiresAt);\n\n const user = await getUserById(userId);\n\n if (user) {\n await eventBus.publish(\"auth:session-created\", { session, user });\n }\n\n return {\n session: session ? { ...session } : null,\n user: user ? { ...user } : null,\n };\n}\n\n/**\n * Sign Out\n */\nexport async function signOut() {\n const { session, user } = await getCurrentSession();\n if (session) {\n if (user) {\n await eventBus.publish(\"auth:signed-out\", { userId: user.id });\n }\n await invalidateSession(session.id);\n await deleteSessionTokenCookie();\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AA8DA,eAAe,kBAAkB,MAA0C;AACzE,KAAI;EAQF,MAAM,SANY,MAAM,GACrB,OAAO,EAAE,MAAM,WAAW,MAAM,CAAC,CACjC,KAAK,kBAAkB,CACvB,UAAU,YAAY,GAAG,kBAAkB,QAAQ,WAAW,GAAG,CAAC,CAClE,MAAM,GAAG,kBAAkB,QAAQ,KAAK,GAAG,CAAC,EAEvB,KAAK,MAAM,EAAE,KAAK;EAY1C,MAAM,eATkB,MAAM,GAC3B,OAAO,EAAE,MAAM,iBAAiB,MAAM,CAAC,CACvC,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,GAAG,wBAAwB,QAAQ,KAAK,GAAG,CAAC,EAEjB,KAAK,MAAM,EAAE,KAAK;EAGtD,IAAI,YAAsB,EAAE;AAC5B,MAAI,MAAM,SAAS,GAAG;GAMpB,MAAM,WALgB,MAAM,GACzB,OAAO,EAAE,IAAI,WAAW,IAAI,CAAC,CAC7B,KAAK,WAAW,CAChB,MAAM,QAAQ,WAAW,MAAM,MAAM,CAAC,EAEX,KAAK,MAAM,EAAE,GAAG;AAE9C,OAAI,QAAQ,SAAS,EASnB,cARsB,MAAM,GACzB,OAAO,EAAE,MAAM,iBAAiB,MAAM,CAAC,CACvC,KAAK,wBAAwB,CAC7B,UACC,kBACA,GAAG,wBAAwB,cAAc,iBAAiB,GAAG,CAC9D,CACA,MAAM,QAAQ,wBAAwB,QAAQ,QAAQ,CAAC,EAChC,KAAK,MAAM,EAAE,KAAK;;AAIhD,SAAO;GACL;GACA,aAAa,MAAM,KAAK,IAAI,IAAI,CAAC,GAAG,aAAa,GAAG,UAAU,CAAC,CAAC;GACjE;UACM,OAAO;AACd,UAAQ,MAAM,uCAAuC,MAAM;AAC3D,SAAO;GAAE,OAAO,EAAE;GAAE,aAAa,EAAE;GAAE;;;AA6BzC,MAAM,gBAAgB;AAStB,MAAM,iBACJ,cAAc,4CAA4B,IAAI,KAAoB;AACpE,MAAM,uBACJ,cAAc,kDACd,IAAI,KAA0B;AAChC,MAAM,0BACJ,cAAc,sDACd,IAAI,KAA6B;AACnC,MAAM,8BACJ,cAAc,0DACd,IAAI,KAAiC;AAEvC,cAAc,2BAA2B;AACzC,cAAc,iCAAiC;AAC/C,cAAc,qCAAqC;AACnD,cAAc,yCACZ;AAEF,eAAsB,sBAAsB,WAA0B;AACpE,gBAAe,IAAI,UAAU;;AAG/B,eAAsB,+BACpB,WACA;AACA,yBAAwB,IAAI,UAAU;;AAGxC,eAAsB,mCACpB,WACA;AACA,6BAA4B,IAAI,UAAU;;AAW5C,eAAsB,4BACpB,aACA;AACA,sBAAqB,IAAI,YAAY;;AAGvC,eAAsB,2BACpB,QAC8B;AAC9B,MAAK,MAAM,aAAa,yBAAyB;EAC/C,MAAM,eAAe,MAAM,UAAU,OAAO;AAC5C,MAAI,aAAc,QAAO;;AAE3B,QAAO;;AAGT,eAAsB,+BACpB,QAC8B;AAC9B,MAAK,MAAM,aAAa,6BAA6B;EACnD,MAAM,eAAe,MAAM,UAAU,OAAO;AAC5C,MAAI,aAAc,QAAO;;AAE3B,QAAO;;;;;;AAOT,eAAsB,4BACpB,MACmB;AAEnB,QAAO,MAAM,YAAY,MADJ,MAAM,kBAAkB,KAAK,CACN;;;;;AAM9C,eAAsB,cACpB,SACA,MACA,eACA,qBACA,kBACA;AACA,KAAI,CAAC,MAAM;AACT,UAAQ,KAAK,sCAAsC;AACnD,SAAO;GAAE,WAAW;GAAO,UAAU,oBAAoB;GAAW;;CAGtE,MAAM,YAAY,MAAM,QAAQ,KAAK,MAAM,GAAG,KAAK,QAAQ,EAAE;CAC7D,MAAM,kBAAkB,MAAM,QAAQ,KAAK,YAAY,GACnD,KAAK,cACL,EAAE;AAGN,KAAI,iBAAiB,cAAc,SAAS,GAE1C;MAAI,CADY,cAAc,MAAM,SAAS,UAAU,SAAS,KAAK,CAAC,EACxD;AACZ,WAAQ,KAAK,8BAA8B,cAAc,KAAK,KAAK,GAAG;AACtE,UAAO;IACL,WAAW;IACX,UAAU;IACX;;;AAKL,KAAI,uBAAuB,oBAAoB,SAAS,GAItD;MAAI,CAHsB,oBAAoB,OAAO,SACnD,gBAAgB,SAAS,KAAK,CAC/B,EACuB;AACtB,WAAQ,KACN,oCAAoC,oBAAoB,KAAK,KAAK,GACnE;AAED,UAAO;IACL,WAAW;IACX,UAAU;IACX;;;AAKL,KAAI,qBACF,MAAK,MAAM,eAAe,qBACxB,KAAI;EACF,MAAM,SAAS,MAAM,YAAY,SAAS,KAAK;AAC/C,MAAI,UAAU,CAAC,OAAO,UACpB,QAAO;GACL,GAAG;GACH,UAAU,OAAO,YAAY;GAC9B;UAEI,OAAO;AACd,UAAQ,MAAM,uCAAuC,MAAM;;AAIjE,QAAO,EAAE,WAAW,MAAM;;;;;AAM5B,eAAsB,OAAO,MAAyC;CACpE,MAAM,EAAE,OAAO,aAAa,MAAM,YAAY,WAAW,KAAK;CAE9D,MAAM,OAAO,MAAM,iBAAiB,MAAM;AAC1C,KAAI,CAAC,KACH,QAAO;EAAE,QAAQ;EAAS,SAAS;EAA6B;CAGlE,MAAM,eAAe,MAAM,oBAAoB,KAAK,GAAG;AACvD,KAAI,CAAC,gBAAgB,CAAE,MAAM,mBAAmB,cAAc,SAAS,CACrE,QAAO;EAAE,QAAQ;EAAS,SAAS;EAA6B;AAIlE,MAAK,MAAM,aAAa,gBAAgB;EACtC,MAAM,eAAe,MAAM,UAAU,KAAK,GAAG;AAC7C,MAAI,aAAc,QAAO;;CAG3B,MAAM,eAA6B,EAAE;CACrC,MAAM,eAAe,MAAM,sBAAsB;CACjD,MAAM,UAAU,MAAM,cAAc,cAAc,KAAK,IAAI,aAAa;AACxE,OAAM,sBAAsB,cAAc,QAAQ,UAAU;CAE5D,MAAM,WAAW,MAAM,4BAA4B,KAAK;AACxD,OAAM,SAAS,QAAQ,wBAAwB;EAAE;EAAS,MAAM;EAAU,CAAC;AAE3E,QAAO;EACL,QAAQ;EACR,SAAS,EAAE,GAAG,SAAS;EACvB,MAAM,EAAE,GAAG,UAAU;EACtB;;;;;AAMH,eAAsB,OAAO,MAAqB;CAChD,MAAM,EAAE,OAAO,UAAU,aAAa,eAAe,MAAM,KAAK;AAEhE,KAAI,CAAE,MAAM,oBAAoB,SAAS,CACvC,OAAM,IAAI,MAAM,mBAAmB;AAGrC,KAAI,CAAE,MAAM,uBAAuB,SAAS,CAC1C,OAAM,IAAI,MAAM,gBAAgB;CAGlC,MAAM,OAAO,MAAM,WAAW,OAAO,UAAU,SAAS;CACxD,MAAM,sBAAsB,MAAM,+BAChC,KAAK,IACL,KAAK,MACN;AAED,OAAM,sBACJ,oBAAoB,OACpB,oBAAoB,KACrB;AACD,OAAM,kCAAkC,oBAAoB;CAE5D,MAAM,eAA6B,EAAE;CACrC,MAAM,eAAe,MAAM,sBAAsB;CACjD,MAAM,UAAU,MAAM,cAAc,cAAc,KAAK,IAAI,aAAa;AACxE,OAAM,sBAAsB,cAAc,QAAQ,UAAU;CAE5D,MAAM,WAAW,MAAM,4BAA4B,KAAK;AACxD,OAAM,SAAS,QAAQ,wBAAwB;EAAE;EAAS,MAAM;EAAU,CAAC;AAE3E,QAAO;EACL,SAAS,EAAE,GAAG,SAAS;EACvB,MAAM,EAAE,GAAG,UAAU;EACtB;;;;;AAMH,eAAsB,cAAc,QAAgB,OAAqB;CACvE,MAAM,eAAe,MAAM,sBAAsB;CACjD,MAAM,UAAU,MAAM,cAAc,cAAc,QAAQ,MAAM;AAChE,OAAM,sBAAsB,cAAc,QAAQ,UAAU;CAE5D,MAAM,OAAO,MAAM,YAAY,OAAO;AAEtC,KAAI,KACF,OAAM,SAAS,QAAQ,wBAAwB;EAAE;EAAS;EAAM,CAAC;AAGnE,QAAO;EACL,SAAS,UAAU,EAAE,GAAG,SAAS,GAAG;EACpC,MAAM,OAAO,EAAE,GAAG,MAAM,GAAG;EAC5B;;;;;AAMH,eAAsB,UAAU;CAC9B,MAAM,EAAE,SAAS,SAAS,MAAM,mBAAmB;AACnD,KAAI,SAAS;AACX,MAAI,KACF,OAAM,SAAS,QAAQ,mBAAmB,EAAE,QAAQ,KAAK,IAAI,CAAC;AAEhE,QAAM,kBAAkB,QAAQ,GAAG;AACnC,QAAM,0BAA0B"}
|
|
@@ -3,9 +3,9 @@
|
|
|
3
3
|
const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
|
|
4
4
|
const require_inject = require('../../server/database/inject.cjs');
|
|
5
5
|
const require_schema = require('../../server/database/schema.cjs');
|
|
6
|
-
const require_index = require('../../server/emails/index.cjs');
|
|
7
|
-
const require_encode = require('./utils/encode.cjs');
|
|
8
6
|
const require_augment = require('./augment.cjs');
|
|
7
|
+
const require_encode = require('./utils/encode.cjs');
|
|
8
|
+
const require_index = require('../../server/emails/index.cjs');
|
|
9
9
|
const require_logic = require('./logic.cjs');
|
|
10
10
|
let drizzle_orm = require("drizzle-orm");
|
|
11
11
|
let _oslojs_crypto_sha2 = require("@oslojs/crypto/sha2");
|
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
import { db } from "../../server/database/inject.mjs";
|
|
4
4
|
import { passwordResetSessionTable, userTable } from "../../server/database/schema.mjs";
|
|
5
|
-
import { sendResetPassword } from "../../server/emails/index.mjs";
|
|
6
|
-
import { generateRandomOTP } from "./utils/encode.mjs";
|
|
7
5
|
import { augmentPasswordResetSession } from "./augment.mjs";
|
|
6
|
+
import { generateRandomOTP } from "./utils/encode.mjs";
|
|
7
|
+
import { sendResetPassword } from "../../server/emails/index.mjs";
|
|
8
8
|
import { performFullUserAugmentation } from "./logic.mjs";
|
|
9
9
|
import { eq } from "drizzle-orm";
|
|
10
10
|
import { sha256 } from "@oslojs/crypto/sha2";
|
|
@@ -5,7 +5,6 @@ const require_inject = require('../../server/database/inject.cjs');
|
|
|
5
5
|
const require_schema = require('../../server/database/schema.cjs');
|
|
6
6
|
const require_augment = require('./augment.cjs');
|
|
7
7
|
const require_logic = require('./logic.cjs');
|
|
8
|
-
const require_bootstrap = require('../bootstrap.cjs');
|
|
9
8
|
let drizzle_orm = require("drizzle-orm");
|
|
10
9
|
let _oslojs_crypto_sha2 = require("@oslojs/crypto/sha2");
|
|
11
10
|
let _oslojs_encoding = require("@oslojs/encoding");
|
|
@@ -24,7 +23,6 @@ async function getIPAddress() {
|
|
|
24
23
|
* Validates the session token.
|
|
25
24
|
*/
|
|
26
25
|
async function validateSessionToken(token) {
|
|
27
|
-
await require_bootstrap.ensureSystemInitialized();
|
|
28
26
|
const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
|
|
29
27
|
const [row] = await require_inject.db.select({
|
|
30
28
|
session: require_schema.sessionTable,
|
|
@@ -65,14 +63,12 @@ const getCurrentSession = async () => {
|
|
|
65
63
|
* Invalidates a single session.
|
|
66
64
|
*/
|
|
67
65
|
async function invalidateSession(sessionId) {
|
|
68
|
-
await require_bootstrap.ensureSystemInitialized();
|
|
69
66
|
await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, sessionId));
|
|
70
67
|
}
|
|
71
68
|
/**
|
|
72
69
|
* Invalidates all user sessions.
|
|
73
70
|
*/
|
|
74
71
|
async function invalidateUserSessions(userId) {
|
|
75
|
-
await require_bootstrap.ensureSystemInitialized();
|
|
76
72
|
await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId));
|
|
77
73
|
}
|
|
78
74
|
/**
|
|
@@ -105,7 +101,6 @@ async function generateSessionToken() {
|
|
|
105
101
|
* Creates a new session in the database.
|
|
106
102
|
*/
|
|
107
103
|
async function createSession(token, userId, flags) {
|
|
108
|
-
await require_bootstrap.ensureSystemInitialized();
|
|
109
104
|
const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
|
|
110
105
|
const [session] = await require_inject.db.insert(require_schema.sessionTable).values({
|
|
111
106
|
id: sessionId,
|
|
@@ -130,7 +125,6 @@ async function sessionSignOut() {
|
|
|
130
125
|
* Get all active sessions for a user.
|
|
131
126
|
*/
|
|
132
127
|
async function getUserSessions(userId, currentSessionId) {
|
|
133
|
-
await require_bootstrap.ensureSystemInitialized();
|
|
134
128
|
return (await require_inject.db.select().from(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId))).map((session) => ({
|
|
135
129
|
id: session.id,
|
|
136
130
|
createdAt: session.createdAt,
|
|
@@ -142,7 +136,6 @@ async function getUserSessions(userId, currentSessionId) {
|
|
|
142
136
|
* Invalidate all sessions for a user except the specified current one.
|
|
143
137
|
*/
|
|
144
138
|
async function invalidateOtherSessions(userId, currentSessionId) {
|
|
145
|
-
await require_bootstrap.ensureSystemInitialized();
|
|
146
139
|
await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId), (0, drizzle_orm.ne)(require_schema.sessionTable.id, currentSessionId)));
|
|
147
140
|
}
|
|
148
141
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.cts","names":[],"sources":["../../../src/core/auth/session.ts"],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"session.d.cts","names":[],"sources":["../../../src/core/auth/session.ts"],"mappings":";;;;;AA2BA;iBAAsB,YAAA,CAAA,GAAgB,OAAA;;;;iBAOhB,oBAAA,CACpB,KAAA,WACC,OAAA,CAAQ,WAAA;;;;cAyCE,iBAAA,QAA8B,OAAA,CAAQ,WAAA;;;;iBAc7B,iBAAA,CAAkB,SAAA,WAAoB,OAAA;AAd5D;;;AAAA,iBAqBsB,sBAAA,CAAuB,MAAA,WAAiB,OAAA;;AAP9D;;iBAcsB,qBAAA,CACpB,KAAA,UACA,SAAA,EAAW,IAAA,GACV,OAAA;;;AAVH;iBAwBsB,wBAAA,CAAA,GAA4B,OAAA;;;;iBAQ5B,oBAAA,CAAA,GAAwB,OAAA;;;;iBASxB,aAAA,CACpB,KAAA,UACA,MAAA,UACA,KAAA,EAAO,YAAA,GACN,OAAA,CAAQ,OAAA;;;;iBAmBW,cAAA,CAAA,GAAc,OAAA;;AAxCpC;;iBAsDsB,eAAA,CACpB,MAAA,UACA,gBAAA,WACC,OAAA,CAAQ,WAAA;;;AAjDX;iBAkEsB,uBAAA,CACpB,MAAA,UACA,gBAAA,WACC,OAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.mts","names":[],"sources":["../../../src/core/auth/session.ts"],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"session.d.mts","names":[],"sources":["../../../src/core/auth/session.ts"],"mappings":";;;;;AA2BA;iBAAsB,YAAA,CAAA,GAAgB,OAAA;;;;iBAOhB,oBAAA,CACpB,KAAA,WACC,OAAA,CAAQ,WAAA;;;;cAyCE,iBAAA,QAA8B,OAAA,CAAQ,WAAA;;;;iBAc7B,iBAAA,CAAkB,SAAA,WAAoB,OAAA;AAd5D;;;AAAA,iBAqBsB,sBAAA,CAAuB,MAAA,WAAiB,OAAA;;AAP9D;;iBAcsB,qBAAA,CACpB,KAAA,UACA,SAAA,EAAW,IAAA,GACV,OAAA;;;AAVH;iBAwBsB,wBAAA,CAAA,GAA4B,OAAA;;;;iBAQ5B,oBAAA,CAAA,GAAwB,OAAA;;;;iBASxB,aAAA,CACpB,KAAA,UACA,MAAA,UACA,KAAA,EAAO,YAAA,GACN,OAAA,CAAQ,OAAA;;;;iBAmBW,cAAA,CAAA,GAAc,OAAA;;AAxCpC;;iBAsDsB,eAAA,CACpB,MAAA,UACA,gBAAA,WACC,OAAA,CAAQ,WAAA;;;AAjDX;iBAkEsB,uBAAA,CACpB,MAAA,UACA,gBAAA,WACC,OAAA"}
|
|
@@ -4,7 +4,6 @@ import { db } from "../../server/database/inject.mjs";
|
|
|
4
4
|
import { sessionTable, userTable } from "../../server/database/schema.mjs";
|
|
5
5
|
import { augmentSession } from "./augment.mjs";
|
|
6
6
|
import { performFullUserAugmentation } from "./logic.mjs";
|
|
7
|
-
import { ensureSystemInitialized } from "../bootstrap.mjs";
|
|
8
7
|
import { and, eq, ne } from "drizzle-orm";
|
|
9
8
|
import { sha256 } from "@oslojs/crypto/sha2";
|
|
10
9
|
import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
|
|
@@ -23,7 +22,6 @@ async function getIPAddress() {
|
|
|
23
22
|
* Validates the session token.
|
|
24
23
|
*/
|
|
25
24
|
async function validateSessionToken(token) {
|
|
26
|
-
await ensureSystemInitialized();
|
|
27
25
|
const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
|
|
28
26
|
const [row] = await db.select({
|
|
29
27
|
session: sessionTable,
|
|
@@ -64,14 +62,12 @@ const getCurrentSession = async () => {
|
|
|
64
62
|
* Invalidates a single session.
|
|
65
63
|
*/
|
|
66
64
|
async function invalidateSession(sessionId) {
|
|
67
|
-
await ensureSystemInitialized();
|
|
68
65
|
await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));
|
|
69
66
|
}
|
|
70
67
|
/**
|
|
71
68
|
* Invalidates all user sessions.
|
|
72
69
|
*/
|
|
73
70
|
async function invalidateUserSessions(userId) {
|
|
74
|
-
await ensureSystemInitialized();
|
|
75
71
|
await db.delete(sessionTable).where(eq(sessionTable.userId, userId));
|
|
76
72
|
}
|
|
77
73
|
/**
|
|
@@ -104,7 +100,6 @@ async function generateSessionToken() {
|
|
|
104
100
|
* Creates a new session in the database.
|
|
105
101
|
*/
|
|
106
102
|
async function createSession(token, userId, flags) {
|
|
107
|
-
await ensureSystemInitialized();
|
|
108
103
|
const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
|
|
109
104
|
const [session] = await db.insert(sessionTable).values({
|
|
110
105
|
id: sessionId,
|
|
@@ -129,7 +124,6 @@ async function sessionSignOut() {
|
|
|
129
124
|
* Get all active sessions for a user.
|
|
130
125
|
*/
|
|
131
126
|
async function getUserSessions(userId, currentSessionId) {
|
|
132
|
-
await ensureSystemInitialized();
|
|
133
127
|
return (await db.select().from(sessionTable).where(eq(sessionTable.userId, userId))).map((session) => ({
|
|
134
128
|
id: session.id,
|
|
135
129
|
createdAt: session.createdAt,
|
|
@@ -141,7 +135,6 @@ async function getUserSessions(userId, currentSessionId) {
|
|
|
141
135
|
* Invalidate all sessions for a user except the specified current one.
|
|
142
136
|
*/
|
|
143
137
|
async function invalidateOtherSessions(userId, currentSessionId) {
|
|
144
|
-
await ensureSystemInitialized();
|
|
145
138
|
await db.delete(sessionTable).where(and(eq(sessionTable.userId, userId), ne(sessionTable.id, currentSessionId)));
|
|
146
139
|
}
|
|
147
140
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.mjs","names":[],"sources":["../../../src/core/auth/session.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport {\n encodeBase32LowerCaseNoPadding,\n encodeHexLowerCase,\n} from \"@oslojs/encoding\";\nimport { addDays } from \"date-fns\";\nimport { and, eq, ne } from \"drizzle-orm\";\nimport { cookies, headers } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport { db } from \"../../server/database/inject\";\nimport { sessionTable, userTable } from \"../../server/database/schema\";\nimport {
|
|
1
|
+
{"version":3,"file":"session.mjs","names":[],"sources":["../../../src/core/auth/session.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport {\n encodeBase32LowerCaseNoPadding,\n encodeHexLowerCase,\n} from \"@oslojs/encoding\";\nimport { addDays } from \"date-fns\";\nimport { and, eq, ne } from \"drizzle-orm\";\nimport { cookies, headers } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport { db } from \"../../server/database/inject\";\nimport { sessionTable, userTable } from \"../../server/database/schema\";\nimport { augmentSession } from \"./augment\";\nimport { performFullUserAugmentation } from \"./logic\";\n\nimport type {\n AuthSession,\n Session,\n SessionFlags,\n User,\n UserSession,\n} from \"./types\";\n\n/**\n * Returns the user's IP address.\n */\nexport async function getIPAddress(): Promise<string | null> {\n return (await headers()).get(\"x-forwarded-for\");\n}\n\n/**\n * Validates the session token.\n */\nexport async function validateSessionToken(\n token: string,\n): Promise<AuthSession> {\n const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n const [row] = await db\n .select({\n session: sessionTable,\n user: userTable,\n })\n .from(sessionTable)\n .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n .where(eq(sessionTable.id, sessionId));\n\n if (!row || !row.user) {\n return { session: null, user: null };\n }\n\n const { session: baseSession, user: baseUser } = row;\n\n // STRICTLY remove non-serializable and sensitive fields\n const { password, recovery_code, ...safeUser } = baseUser;\n\n // Check if session is expired\n if (new Date() > baseSession.expiresAt) {\n await db.delete(sessionTable).where(eq(sessionTable.id, baseSession.id));\n return { session: null, user: null };\n }\n\n // AUGMENT (EXTENSIBILITY POINTS)\n const augmentedUser = await performFullUserAugmentation(safeUser as User);\n const augmentedSession = await augmentSession(baseSession as Session);\n\n // ENSURE PLAIN OBJECTS for Client Components\n return {\n session: augmentedSession ? { ...augmentedSession } : null,\n user: augmentedUser ? { ...augmentedUser } : null,\n };\n}\n\n/**\n * Returns the current user session from cookies.\n */\nexport const getCurrentSession = async (): Promise<AuthSession> => {\n const cookieStore = await cookies();\n const token = cookieStore.get(\"session\")?.value ?? null;\n\n if (token === null) {\n return { session: null, user: null };\n }\n\n return await validateSessionToken(token);\n};\n\n/**\n * Invalidates a single session.\n */\nexport async function invalidateSession(sessionId: string): Promise<void> {\n await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));\n}\n\n/**\n * Invalidates all user sessions.\n */\nexport async function invalidateUserSessions(userId: string): Promise<void> {\n await db.delete(sessionTable).where(eq(sessionTable.userId, userId));\n}\n\n/**\n * Sets the session token in a cookie.\n */\nexport async function setSessionTokenCookie(\n token: string,\n expiresAt: Date,\n): Promise<void> {\n const cookieStore = await cookies();\n cookieStore.set(\"session\", token, {\n httpOnly: true,\n path: \"/\",\n secure: process.env.NODE_ENV === \"production\",\n sameSite: \"lax\",\n expires: expiresAt,\n });\n}\n\n/**\n * Removes the session token cookie.\n */\nexport async function deleteSessionTokenCookie(): Promise<void> {\n const cookieStore = await cookies();\n cookieStore.delete(\"session\");\n}\n\n/**\n * Generates a new random session token.\n */\nexport async function generateSessionToken(): Promise<string> {\n const tokenBytes = new Uint8Array(20);\n crypto.getRandomValues(tokenBytes);\n return encodeBase32LowerCaseNoPadding(tokenBytes).toLowerCase();\n}\n\n/**\n * Creates a new session in the database.\n */\nexport async function createSession(\n token: string,\n userId: string,\n flags: SessionFlags,\n): Promise<Session> {\n const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n const [session] = await db\n .insert(sessionTable)\n .values({\n id: sessionId,\n expiresAt: new Date(addDays(new Date(), 7)),\n active_organization_id: flags.activeOrganizationId,\n userId: userId,\n })\n .returning();\n\n return session;\n}\n\n/**\n * Signs the user out and redirects to the sign-in page.\n */\nexport async function sessionSignOut() {\n const { session } = await getCurrentSession();\n\n if (session) {\n await invalidateSession(session.id);\n await deleteSessionTokenCookie();\n }\n\n redirect(\"/signin\");\n}\n\n/**\n * Get all active sessions for a user.\n */\nexport async function getUserSessions(\n userId: string,\n currentSessionId: string,\n): Promise<UserSession[]> {\n const sessions = await db\n .select()\n .from(sessionTable)\n .where(eq(sessionTable.userId, userId));\n\n return sessions.map((session) => ({\n id: session.id,\n createdAt: session.createdAt,\n expiresAt: session.expiresAt,\n isCurrent: session.id === currentSessionId,\n }));\n}\n\n/**\n * Invalidate all sessions for a user except the specified current one.\n */\nexport async function invalidateOtherSessions(\n userId: string,\n currentSessionId: string,\n): Promise<void> {\n await db\n .delete(sessionTable)\n .where(\n and(\n eq(sessionTable.userId, userId),\n ne(sessionTable.id, currentSessionId),\n ),\n );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AA2BA,eAAsB,eAAuC;AAC3D,SAAQ,MAAM,SAAS,EAAE,IAAI,kBAAkB;;;;;AAMjD,eAAsB,qBACpB,OACsB;CACtB,MAAM,YAAY,mBAAmB,OAAO,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;CAE7E,MAAM,CAAC,OAAO,MAAM,GACjB,OAAO;EACN,SAAS;EACT,MAAM;EACP,CAAC,CACD,KAAK,aAAa,CAClB,UAAU,WAAW,GAAG,aAAa,QAAQ,UAAU,GAAG,CAAC,CAC3D,MAAM,GAAG,aAAa,IAAI,UAAU,CAAC;AAExC,KAAI,CAAC,OAAO,CAAC,IAAI,KACf,QAAO;EAAE,SAAS;EAAM,MAAM;EAAM;CAGtC,MAAM,EAAE,SAAS,aAAa,MAAM,aAAa;CAGjD,MAAM,EAAE,UAAU,eAAe,GAAG,aAAa;AAGjD,qBAAI,IAAI,MAAM,GAAG,YAAY,WAAW;AACtC,QAAM,GAAG,OAAO,aAAa,CAAC,MAAM,GAAG,aAAa,IAAI,YAAY,GAAG,CAAC;AACxE,SAAO;GAAE,SAAS;GAAM,MAAM;GAAM;;CAItC,MAAM,gBAAgB,MAAM,4BAA4B,SAAiB;CACzE,MAAM,mBAAmB,MAAM,eAAe,YAAuB;AAGrE,QAAO;EACL,SAAS,mBAAmB,EAAE,GAAG,kBAAkB,GAAG;EACtD,MAAM,gBAAgB,EAAE,GAAG,eAAe,GAAG;EAC9C;;;;;AAMH,MAAa,oBAAoB,YAAkC;CAEjE,MAAM,SADc,MAAM,SAAS,EACT,IAAI,UAAU,EAAE,SAAS;AAEnD,KAAI,UAAU,KACZ,QAAO;EAAE,SAAS;EAAM,MAAM;EAAM;AAGtC,QAAO,MAAM,qBAAqB,MAAM;;;;;AAM1C,eAAsB,kBAAkB,WAAkC;AACxE,OAAM,GAAG,OAAO,aAAa,CAAC,MAAM,GAAG,aAAa,IAAI,UAAU,CAAC;;;;;AAMrE,eAAsB,uBAAuB,QAA+B;AAC1E,OAAM,GAAG,OAAO,aAAa,CAAC,MAAM,GAAG,aAAa,QAAQ,OAAO,CAAC;;;;;AAMtE,eAAsB,sBACpB,OACA,WACe;AAEf,EADoB,MAAM,SAAS,EACvB,IAAI,WAAW,OAAO;EAChC,UAAU;EACV,MAAM;EACN,QAAQ,QAAQ,IAAI,aAAa;EACjC,UAAU;EACV,SAAS;EACV,CAAC;;;;;AAMJ,eAAsB,2BAA0C;AAE9D,EADoB,MAAM,SAAS,EACvB,OAAO,UAAU;;;;;AAM/B,eAAsB,uBAAwC;CAC5D,MAAM,aAAa,IAAI,WAAW,GAAG;AACrC,QAAO,gBAAgB,WAAW;AAClC,QAAO,+BAA+B,WAAW,CAAC,aAAa;;;;;AAMjE,eAAsB,cACpB,OACA,QACA,OACkB;CAClB,MAAM,YAAY,mBAAmB,OAAO,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;CAE7E,MAAM,CAAC,WAAW,MAAM,GACrB,OAAO,aAAa,CACpB,OAAO;EACN,IAAI;EACJ,WAAW,IAAI,KAAK,wBAAQ,IAAI,MAAM,EAAE,EAAE,CAAC;EAC3C,wBAAwB,MAAM;EACtB;EACT,CAAC,CACD,WAAW;AAEd,QAAO;;;;;AAMT,eAAsB,iBAAiB;CACrC,MAAM,EAAE,YAAY,MAAM,mBAAmB;AAE7C,KAAI,SAAS;AACX,QAAM,kBAAkB,QAAQ,GAAG;AACnC,QAAM,0BAA0B;;AAGlC,UAAS,UAAU;;;;;AAMrB,eAAsB,gBACpB,QACA,kBACwB;AAMxB,SALiB,MAAM,GACpB,QAAQ,CACR,KAAK,aAAa,CAClB,MAAM,GAAG,aAAa,QAAQ,OAAO,CAAC,EAEzB,KAAK,aAAa;EAChC,IAAI,QAAQ;EACZ,WAAW,QAAQ;EACnB,WAAW,QAAQ;EACnB,WAAW,QAAQ,OAAO;EAC3B,EAAE;;;;;AAML,eAAsB,wBACpB,QACA,kBACe;AACf,OAAM,GACH,OAAO,aAAa,CACpB,MACC,IACE,GAAG,aAAa,QAAQ,OAAO,EAC/B,GAAG,aAAa,IAAI,iBAAiB,CACtC,CACF"}
|
package/dist/core/bootstrap.cjs
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
const require_event_bus = require('./event-bus.cjs');
|
|
2
2
|
const require_inject = require('../server/database/inject.cjs');
|
|
3
3
|
const require_email_verification = require('./auth/email-verification.cjs');
|
|
4
|
-
const require_setup = require('./setup.cjs');
|
|
5
4
|
const require_service = require('./notifications/service.cjs');
|
|
5
|
+
const require_local = require('./filesystem/providers/local.cjs');
|
|
6
|
+
const require_service$1 = require('./filesystem/service.cjs');
|
|
7
|
+
require('./filesystem/index.cjs');
|
|
8
|
+
const require_setup = require('./setup.cjs');
|
|
6
9
|
|
|
7
10
|
//#region src/core/bootstrap.ts
|
|
8
11
|
async function ensureSystemInitialized(providedDb) {
|
|
@@ -15,9 +18,13 @@ async function ensureSystemInitialized(providedDb) {
|
|
|
15
18
|
try {
|
|
16
19
|
console.log("[Kryo:Bootstrap] Starting system initialization...");
|
|
17
20
|
if (!g.__KRYO_DB__) console.warn("[Kryo:Bootstrap] DB not detected during bootstrap start. Trying to continue...");
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
+
if (await require_setup.isSystemInstalled()) {
|
|
22
|
+
require_service.notificationService.init();
|
|
23
|
+
await require_email_verification.initEmailVerification();
|
|
24
|
+
const local = new require_local.LocalFileProvider();
|
|
25
|
+
require_service$1.filesystemService.registerProvider(local);
|
|
26
|
+
require_service$1.filesystemService.setDefaultProvider(local.id);
|
|
27
|
+
} else console.log("[Kryo:Bootstrap] System not installed. Skipping module initialization.");
|
|
21
28
|
await require_event_bus.eventBus.publish("system:start", { runtime: "nodejs" });
|
|
22
29
|
console.log("[Kryo:Bootstrap] System initialized successfully.");
|
|
23
30
|
g.__KRYO_INITIALIZED__ = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.d.cts","names":[],"sources":["../../src/core/bootstrap.ts"],"mappings":";
|
|
1
|
+
{"version":3,"file":"bootstrap.d.cts","names":[],"sources":["../../src/core/bootstrap.ts"],"mappings":";iBAQsB,uBAAA,CAAwB,UAAA,SAAgB,OAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.d.mts","names":[],"sources":["../../src/core/bootstrap.ts"],"mappings":";
|
|
1
|
+
{"version":3,"file":"bootstrap.d.mts","names":[],"sources":["../../src/core/bootstrap.ts"],"mappings":";iBAQsB,uBAAA,CAAwB,UAAA,SAAgB,OAAA"}
|
package/dist/core/bootstrap.mjs
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
import { eventBus } from "./event-bus.mjs";
|
|
2
2
|
import { injectDb } from "../server/database/inject.mjs";
|
|
3
3
|
import { initEmailVerification } from "./auth/email-verification.mjs";
|
|
4
|
-
import { isSystemInstalled } from "./setup.mjs";
|
|
5
4
|
import { notificationService } from "./notifications/service.mjs";
|
|
5
|
+
import { LocalFileProvider } from "./filesystem/providers/local.mjs";
|
|
6
|
+
import { filesystemService } from "./filesystem/service.mjs";
|
|
7
|
+
import "./filesystem/index.mjs";
|
|
8
|
+
import { isSystemInstalled } from "./setup.mjs";
|
|
6
9
|
|
|
7
10
|
//#region src/core/bootstrap.ts
|
|
8
11
|
async function ensureSystemInitialized(providedDb) {
|
|
@@ -15,9 +18,13 @@ async function ensureSystemInitialized(providedDb) {
|
|
|
15
18
|
try {
|
|
16
19
|
console.log("[Kryo:Bootstrap] Starting system initialization...");
|
|
17
20
|
if (!g.__KRYO_DB__) console.warn("[Kryo:Bootstrap] DB not detected during bootstrap start. Trying to continue...");
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
+
if (await isSystemInstalled()) {
|
|
22
|
+
notificationService.init();
|
|
23
|
+
await initEmailVerification();
|
|
24
|
+
const local = new LocalFileProvider();
|
|
25
|
+
filesystemService.registerProvider(local);
|
|
26
|
+
filesystemService.setDefaultProvider(local.id);
|
|
27
|
+
} else console.log("[Kryo:Bootstrap] System not installed. Skipping module initialization.");
|
|
21
28
|
await eventBus.publish("system:start", { runtime: "nodejs" });
|
|
22
29
|
console.log("[Kryo:Bootstrap] System initialized successfully.");
|
|
23
30
|
g.__KRYO_INITIALIZED__ = true;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bootstrap.mjs","names":[],"sources":["../../src/core/bootstrap.ts"],"sourcesContent":["import { injectDb } from \"../server/database/inject\";\nimport { initEmailVerification } from \"./auth/email-verification\";\nimport { eventBus } from \"./event-bus\";\nimport { notificationService } from \"./notifications/service\";\nimport { isSystemInstalled } from \"./setup\";\n\nexport async function ensureSystemInitialized(providedDb?: any) {\n if (typeof window !== \"undefined\") return;\n\n const g = globalThis as any;\n\n // 1. Immediate injection if provided\n if (providedDb) {\n
|
|
1
|
+
{"version":3,"file":"bootstrap.mjs","names":[],"sources":["../../src/core/bootstrap.ts"],"sourcesContent":["import { injectDb } from \"../server/database/inject\";\nimport { initEmailVerification } from \"./auth/email-verification\";\nimport { eventBus } from \"./event-bus\";\nimport { filesystemService } from \"./filesystem\";\nimport { LocalFileProvider } from \"./filesystem/providers/local\";\nimport { notificationService } from \"./notifications/service\";\nimport { isSystemInstalled } from \"./setup\";\n\nexport async function ensureSystemInitialized(providedDb?: any) {\n if (typeof window !== \"undefined\") return;\n\n const g = globalThis as any;\n\n // 1. Immediate injection if provided\n if (providedDb) {\n injectDb(providedDb);\n }\n\n // 2. Prevent infinite recursion and double initialization\n if (g.__KRYO_INITIALIZED__) return;\n if (g.__KRYO_INITIALIZING__) return; // Already in progress, don't block/deadlock\n\n g.__KRYO_INITIALIZING__ = true;\n\n try {\n console.log(\"[Kryo:Bootstrap] Starting system initialization...\");\n\n // Check if we have DB after any possible injection\n if (!g.__KRYO_DB__) {\n console.warn(\n \"[Kryo:Bootstrap] DB not detected during bootstrap start. Trying to continue...\",\n );\n }\n\n // Check if system is installed before initializing modules\n if (await isSystemInstalled()) {\n // Order matters: services first, then modules (which use services)\n notificationService.init();\n await initEmailVerification();\n\n // Auto-register local filesystem provider as a fallback\n const local = new LocalFileProvider();\n\n filesystemService.registerProvider(local);\n filesystemService.setDefaultProvider(local.id);\n } else {\n console.log(\n \"[Kryo:Bootstrap] System not installed. Skipping module initialization.\",\n );\n }\n\n await eventBus.publish(\"system:start\", { runtime: \"nodejs\" });\n\n console.log(\"[Kryo:Bootstrap] System initialized successfully.\");\n g.__KRYO_INITIALIZED__ = true;\n } catch (error) {\n console.error(\"[Kryo:Bootstrap] Initialization failed:\", error);\n } finally {\n g.__KRYO_INITIALIZING__ = false;\n }\n}\n"],"mappings":";;;;;;;;;;AAQA,eAAsB,wBAAwB,YAAkB;AAC9D,KAAI,OAAO,WAAW,YAAa;CAEnC,MAAM,IAAI;AAGV,KAAI,WACF,UAAS,WAAW;AAItB,KAAI,EAAE,qBAAsB;AAC5B,KAAI,EAAE,sBAAuB;AAE7B,GAAE,wBAAwB;AAE1B,KAAI;AACF,UAAQ,IAAI,qDAAqD;AAGjE,MAAI,CAAC,EAAE,YACL,SAAQ,KACN,iFACD;AAIH,MAAI,MAAM,mBAAmB,EAAE;AAE7B,uBAAoB,MAAM;AAC1B,SAAM,uBAAuB;GAG7B,MAAM,QAAQ,IAAI,mBAAmB;AAErC,qBAAkB,iBAAiB,MAAM;AACzC,qBAAkB,mBAAmB,MAAM,GAAG;QAE9C,SAAQ,IACN,yEACD;AAGH,QAAM,SAAS,QAAQ,gBAAgB,EAAE,SAAS,UAAU,CAAC;AAE7D,UAAQ,IAAI,oDAAoD;AAChE,IAAE,uBAAuB;UAClB,OAAO;AACd,UAAQ,MAAM,2CAA2C,MAAM;WACvD;AACR,IAAE,wBAAwB"}
|