npm - @arch-cadre/core - Versions diffs - 0.0.22 → 0.0.24 - Mend

@arch-cadre/core 0.0.22 → 0.0.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/dist/_virtual/_rolldown/runtime.cjs +1 -29
package/dist/_virtual/_rolldown/runtime.mjs +1 -18
package/dist/core/auth/augment.cjs +1 -71
package/dist/core/auth/augment.d.cts.map +1 -1
package/dist/core/auth/augment.d.mts.map +1 -1
package/dist/core/auth/augment.mjs +1 -65
package/dist/core/auth/augment.mjs.map +1 -1
package/dist/core/auth/email-verification.cjs +1 -99
package/dist/core/auth/email-verification.mjs +1 -91
package/dist/core/auth/email-verification.mjs.map +1 -1
package/dist/core/auth/logic.cjs +1 -224
package/dist/core/auth/logic.mjs +1 -212
package/dist/core/auth/logic.mjs.map +1 -1
package/dist/core/auth/password-reset.cjs +1 -118
package/dist/core/auth/password-reset.mjs +1 -110
package/dist/core/auth/password-reset.mjs.map +1 -1
package/dist/core/auth/rbac.cjs +1 -118
package/dist/core/auth/rbac.mjs +1 -103
package/dist/core/auth/rbac.mjs.map +1 -1
package/dist/core/auth/session.cjs +1 -154
package/dist/core/auth/session.mjs +1 -142
package/dist/core/auth/session.mjs.map +1 -1
package/dist/core/auth/types.d.cts.map +1 -1
package/dist/core/auth/types.d.mts.map +1 -1
package/dist/core/auth/utils/encode.cjs +1 -27
package/dist/core/auth/utils/encode.mjs +1 -25
package/dist/core/auth/utils/encode.mjs.map +1 -1
package/dist/core/auth/utils/encryption.cjs +1 -67
package/dist/core/auth/utils/encryption.mjs +1 -63
package/dist/core/auth/utils/encryption.mjs.map +1 -1
package/dist/core/auth/validation.cjs +1 -39
package/dist/core/auth/validation.mjs +1 -30
package/dist/core/auth/validation.mjs.map +1 -1
package/dist/core/bootstrap.cjs +1 -39
package/dist/core/bootstrap.mjs +1 -39
package/dist/core/bootstrap.mjs.map +1 -1
package/dist/core/config.cjs +1 -6
package/dist/core/config.mjs +1 -5
package/dist/core/config.mjs.map +1 -1
package/dist/core/config.server.cjs +1 -60
package/dist/core/config.server.mjs +1 -56
package/dist/core/config.server.mjs.map +1 -1
package/dist/core/event-bus.cjs +1 -48
package/dist/core/event-bus.d.cts.map +1 -1
package/dist/core/event-bus.d.mts.map +1 -1
package/dist/core/event-bus.mjs +1 -47
package/dist/core/event-bus.mjs.map +1 -1
package/dist/core/filesystem/index.cjs +1 -11
package/dist/core/filesystem/index.mjs +1 -12
package/dist/core/filesystem/index.mjs.map +1 -1
package/dist/core/filesystem/providers/local.cjs +1 -43
package/dist/core/filesystem/providers/local.mjs +1 -40
package/dist/core/filesystem/providers/local.mjs.map +1 -1
package/dist/core/filesystem/service.cjs +1 -43
package/dist/core/filesystem/service.mjs +1 -42
package/dist/core/filesystem/service.mjs.map +1 -1
package/dist/core/notifications/actions.cjs +1 -36
package/dist/core/notifications/actions.mjs +1 -32
package/dist/core/notifications/actions.mjs.map +1 -1
package/dist/core/notifications/index.cjs +1 -2
package/dist/core/notifications/index.mjs +1 -4
package/dist/core/notifications/service.cjs +1 -30
package/dist/core/notifications/service.mjs +1 -30
package/dist/core/notifications/service.mjs.map +1 -1
package/dist/core/setup.cjs +1 -25
package/dist/core/setup.mjs +1 -24
package/dist/core/setup.mjs.map +1 -1
package/dist/index.cjs +1 -30
package/dist/index.mjs +1 -6
package/dist/server/auth/email.cjs +1 -24
package/dist/server/auth/email.mjs +1 -22
package/dist/server/auth/email.mjs.map +1 -1
package/dist/server/auth/password.cjs +1 -37
package/dist/server/auth/password.mjs +1 -33
package/dist/server/auth/password.mjs.map +1 -1
package/dist/server/auth/user.cjs +1 -165
package/dist/server/auth/user.mjs +1 -152
package/dist/server/auth/user.mjs.map +1 -1
package/dist/server/database/inject.cjs +1 -24
package/dist/server/database/inject.mjs +1 -22
package/dist/server/database/inject.mjs.map +1 -1
package/dist/server/database/schema.cjs +1 -163
package/dist/server/database/schema.mjs +1 -150
package/dist/server/database/schema.mjs.map +1 -1
package/dist/server/emails/index.cjs +1 -32
package/dist/server/emails/index.mjs +1 -28
package/dist/server/emails/index.mjs.map +1 -1
package/dist/server.cjs +1 -145
package/dist/server.mjs +1 -23
package/package.json +1 -1

package/dist/core/auth/password-reset.mjs CHANGED Viewed

@@ -1,111 +1,2 @@
-"use server";
-import { db } from "../../server/database/inject.mjs";
-import { passwordResetSessionTable, userTable } from "../../server/database/schema.mjs";
-import { augmentPasswordResetSession } from "./augment.mjs";
-import { generateRandomOTP } from "./utils/encode.mjs";
-import { sendResetPassword } from "../../server/emails/index.mjs";
-import { performFullUserAugmentation } from "./logic.mjs";
-import { eq } from "drizzle-orm";
-import { sha256 } from "@oslojs/crypto/sha2";
-import { encodeHexLowerCase } from "@oslojs/encoding";
-import { addHours } from "date-fns";
-import { cookies } from "next/headers";
-//#region src/core/auth/password-reset.ts
-/**
-* Creates a new password reset session.
-*/
-async function createPasswordResetSession(token, userId, email) {
-	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const [session] = await db.insert(passwordResetSessionTable).values({
-		id: sessionId,
-		email,
-		code: generateRandomOTP(),
-		expiresAt: new Date(addHours(/* @__PURE__ */ new Date(), 1)),
-		userId
-	}).returning();
-	return session;
-}
-/**
-* Validates the password reset session token and retrieves user data.
-* The user data is augmented by registered modules (e.g. 2FA).
-*/
-async function validatePasswordResetSessionToken(token) {
-	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const [row] = await db.select({
-		session: passwordResetSessionTable,
-		user: userTable
-	}).from(passwordResetSessionTable).innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id)).where(eq(passwordResetSessionTable.id, sessionId));
-	if (!row || !row.user) return {
-		session: null,
-		user: null
-	};
-	const { session: baseSession, user: baseUser } = row;
-	if (/* @__PURE__ */ new Date() > baseSession.expiresAt) {
-		await db.delete(passwordResetSessionTable).where(eq(passwordResetSessionTable.id, baseSession.id));
-		return {
-			session: null,
-			user: null
-		};
-	}
-	const { password, recovery_code, ...safeUser } = baseUser;
-	const user = await performFullUserAugmentation(safeUser);
-	return {
-		session: await augmentPasswordResetSession(baseSession),
-		user
-	};
-}
-/**
-* Marks the password reset session as email verified.
-*/
-async function setPasswordResetSessionAsEmailVerified(sessionId) {
-	await db.update(passwordResetSessionTable).set({ emailVerified: true }).where(eq(passwordResetSessionTable.id, sessionId));
-}
-/**
-* Invalidates all password reset sessions for a user.
-*/
-async function invalidateUserPasswordResetSessions(userId) {
-	await db.delete(passwordResetSessionTable).where(eq(passwordResetSessionTable.userId, userId));
-}
-/**
-* Validates the current password reset session from cookies.
-*/
-async function getCurrentPasswordResetSession() {
-	const token = (await cookies()).get("password_reset_session")?.value ?? null;
-	if (token === null) return {
-		session: null,
-		user: null
-	};
-	const result = await validatePasswordResetSessionToken(token);
-	if (result.session === null) await deletePasswordResetSessionTokenCookie();
-	return result;
-}
-/**
-* Sets the password reset session token cookie.
-*/
-async function setPasswordResetSessionTokenCookie(token, expiresAt) {
-	(await cookies()).set("password_reset_session", token, {
-		expires: expiresAt,
-		sameSite: "lax",
-		httpOnly: true,
-		path: "/",
-		secure: process.env.NODE_ENV === "production"
-	});
-}
-/**
-* Deletes the password reset session token cookie.
-*/
-async function deletePasswordResetSessionTokenCookie() {
-	(await cookies()).delete("password_reset_session");
-}
-/**
-* Sends a password reset email with the OTP code.
-*/
-async function sendPasswordResetEmail(email, code) {
-	await /* @__PURE__ */ sendResetPassword(email, code);
-}
-//#endregion
-export { createPasswordResetSession, deletePasswordResetSessionTokenCookie, getCurrentPasswordResetSession, invalidateUserPasswordResetSessions, sendPasswordResetEmail, setPasswordResetSessionAsEmailVerified, setPasswordResetSessionTokenCookie, validatePasswordResetSessionToken };
+"use server";import{db as e}from"../../server/database/inject.mjs";import{passwordResetSessionTable as t,userTable as n}from"../../server/database/schema.mjs";import{augmentPasswordResetSession as r}from"./augment.mjs";import{generateRandomOTP as i}from"./utils/encode.mjs";import{sendResetPassword as a}from"../../server/emails/index.mjs";import{performFullUserAugmentation as o}from"./logic.mjs";import{eq as s}from"drizzle-orm";import{sha256 as c}from"@oslojs/crypto/sha2";import{encodeHexLowerCase as l}from"@oslojs/encoding";import{addHours as u}from"date-fns";import{cookies as d}from"next/headers";async function f(n,r,a){let o=l(c(new TextEncoder().encode(n))),[s]=await e.insert(t).values({id:o,email:a,code:i(),expiresAt:new Date(u(new Date,1)),userId:r}).returning();return s}async function p(i){let a=l(c(new TextEncoder().encode(i))),[u]=await e.select({session:t,user:n}).from(t).innerJoin(n,s(t.userId,n.id)).where(s(t.id,a));if(!u||!u.user)return{session:null,user:null};let{session:d,user:f}=u;if(new Date>d.expiresAt)return await e.delete(t).where(s(t.id,d.id)),{session:null,user:null};let{password:p,recovery_code:m,...h}=f,g=await o(h);return{session:await r(d),user:g}}async function m(n){await e.update(t).set({emailVerified:!0}).where(s(t.id,n))}async function h(n){await e.delete(t).where(s(t.userId,n))}async function g(){let e=(await d()).get(`password_reset_session`)?.value??null;if(e===null)return{session:null,user:null};let t=await p(e);return t.session===null&&await v(),t}async function _(e,t){(await d()).set(`password_reset_session`,e,{expires:t,sameSite:`lax`,httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`})}async function v(){(await d()).delete(`password_reset_session`)}async function y(e,t){await a(e,t)}export{f as createPasswordResetSession,v as deletePasswordResetSessionTokenCookie,g as getCurrentPasswordResetSession,h as invalidateUserPasswordResetSessions,y as sendPasswordResetEmail,m as setPasswordResetSessionAsEmailVerified,_ as setPasswordResetSessionTokenCookie,p as validatePasswordResetSessionToken};
 //# sourceMappingURL=password-reset.mjs.map

package/dist/core/auth/password-reset.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"password-reset.mjs","names":[],"sources":["../../../src/core/auth/password-reset.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport { encodeHexLowerCase } from \"@oslojs/encoding\";\nimport { addHours } from \"date-fns\";\nimport { eq } from \"drizzle-orm\";\nimport { cookies } from \"next/headers\";\nimport { db } from \"../../server/database/inject\";\nimport {\n passwordResetSessionTable,\n userTable,\n} from \"../../server/database/schema\";\nimport { sendResetPassword } from \"../../server/emails\";\nimport { augmentPasswordResetSession } from \"./augment\";\nimport { performFullUserAugmentation } from \"./logic\";\nimport type { PasswordResetAuthSession, PasswordResetSession } from \"./types\";\nimport { generateRandomOTP } from \"./utils/encode\";\n\n/*\n Creates a new password reset session.\n /\nexport async function createPasswordResetSession(\n token: string,\n userId: string,\n email: string,\n): Promise<PasswordResetSession> {\n const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n const [session] = await db\n .insert(passwordResetSessionTable)\n .values({\n id: sessionId,\n email: email,\n code: generateRandomOTP(),\n expiresAt: new Date(addHours(new Date(), 1)),\n userId: userId,\n })\n .returning();\n\n return session;\n}\n\n/\n Validates the password reset session token and retrieves user data.\n * The user data is augmented by registered modules (e.g. 2FA).\n /\nexport async function validatePasswordResetSessionToken(\n token: string,\n): Promise<PasswordResetAuthSession> {\n const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n const [row] = await db\n .select({\n session: passwordResetSessionTable,\n user: userTable,\n })\n .from(passwordResetSessionTable)\n .innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id))\n .where(eq(passwordResetSessionTable.id, sessionId));\n\n if (!row \|\| !row.user) {\n return { session: null, user: null };\n }\n\n const { session: baseSession, user: baseUser } = row;\n\n // Check for expiration\n if (new Date() > baseSession.expiresAt) {\n await db\n .delete(passwordResetSessionTable)\n .where(eq(passwordResetSessionTable.id, baseSession.id));\n return { session: null, user: null };\n }\n\n // STRICTLY remove non-serializable and sensitive fields\n const { password, recovery_code, ...safeUser } = baseUser;\n\n // AUGMENT (EXTENSIBILITY POINTS)\n const user = await performFullUserAugmentation(safeUser as any);\n const session = await augmentPasswordResetSession(\n baseSession as PasswordResetSession,\n );\n\n return { session, user };\n}\n\n/\n Marks the password reset session as email verified.\n /\nexport async function setPasswordResetSessionAsEmailVerified(\n sessionId: string,\n): Promise<void> {\n await db\n .update(passwordResetSessionTable)\n .set({\n emailVerified: true,\n })\n .where(eq(passwordResetSessionTable.id, sessionId));\n}\n\n/\n Invalidates all password reset sessions for a user.\n /\nexport async function invalidateUserPasswordResetSessions(\n userId: string,\n): Promise<void> {\n await db\n .delete(passwordResetSessionTable)\n .where(eq(passwordResetSessionTable.userId, userId));\n}\n\n/\n Validates the current password reset session from cookies.\n /\nexport async function getCurrentPasswordResetSession(): Promise<PasswordResetAuthSession> {\n const cookieStore = await cookies();\n const token = cookieStore.get(\"password_reset_session\")?.value ?? null;\n\n if (token === null) {\n return { session: null, user: null };\n }\n\n const result = await validatePasswordResetSessionToken(token);\n\n if (result.session === null) {\n await deletePasswordResetSessionTokenCookie();\n }\n\n return result;\n}\n\n/\n Sets the password reset session token cookie.\n /\nexport async function setPasswordResetSessionTokenCookie(\n token: string,\n expiresAt: Date,\n): Promise<void> {\n const cookieStore = await cookies();\n\n cookieStore.set(\"password_reset_session\", token, {\n expires: expiresAt,\n sameSite: \"lax\",\n httpOnly: true,\n path: \"/\",\n secure: process.env.NODE_ENV === \"production\",\n });\n}\n\n/\n Deletes the password reset session token cookie.\n /\nexport async function deletePasswordResetSessionTokenCookie(): Promise<void> {\n const cookieStore = await cookies();\n cookieStore.delete(\"password_reset_session\");\n}\n\n/\n Sends a password reset email with the OTP code.\n */\nexport async function sendPasswordResetEmail(\n email: string,\n code: string,\n): Promise<void> {\n await sendResetPassword(email, code);\n}\n"],"mappings":"~~;;;;;;;;;;;;;;;;;;AAqBA~~,eAAsB,~~2BACpB~~,~~OACA~~,~~QACA~~,~~OAC~~+B;CAC/B,~~MAAM~~,~~YAAY~~,~~mBAAmB~~,~~OAAO~~,IAAI,aAAa,CAAC,OAAO,~~MAAM~~,CAAC,CAAC~~;CAE7E~~,~~MAAM~~,CAAC,~~WAAW~~,MAAM,~~GACrB~~,OAAO,~~0BAA0B~~,CACjC,OAAO~~;EACN~~,~~IAAI;~~EACG~~;EACP~~,~~MAAM~~,~~mBAAmB;EACzB~~,~~WAAW~~,IAAI,KAAK,~~yBAAS~~,IAAI,~~MAAM~~,EAAE,~~EAAE,~~CAAC~~;EACpC;EACT~~,CAAC,CACD,WAAW~~;AAEd~~,~~QAAO;;;;;;AAOT~~,eAAsB,~~kCACpB~~,~~OACmC;~~CACnC,~~MAAM~~,~~YAAY~~,~~mBAAmB~~,~~OAAO~~,IAAI,aAAa,CAAC,OAAO,~~MAAM~~,CAAC,CAAC~~;CAE7E~~,~~MAAM~~,CAAC,~~OAAO~~,MAAM,~~GACjB~~,OAAO~~;EACN~~,~~SAAS;~~EACT,~~MAAM;~~EACP,CAAC,CACD,KAAK,~~0BAA0B~~,CAC/B,UAAU,~~WAAW~~,~~GAAG~~,~~0BAA0B~~,~~QAAQ~~,~~UAAU~~,GAAG,CAAC,CACxE,MAAM,~~GAAG~~,~~0BAA0B~~,~~IAAI~~,~~UAAU~~,CAAC~~;AAErD~~,~~KAAI~~,CAAC,~~OAAO~~,CAAC,~~IAAI~~,KACf,~~QAAO;EAAE~~,~~SAAS;EAAM~~,~~MAAM;EAAM;~~CAGtC,~~MAAM~~,~~EAAE~~,~~SAAS~~,~~aAAa~~,~~MAAM~~,~~aAAa;AAGjD~~,~~qBAAI~~,IAAI,~~MAAM~~,~~GAAG~~,~~YAAY~~,~~WAAW;AACtC~~,~~QAAM~~,~~GACH~~,OAAO,~~0BAA0B~~,CACjC,MAAM,~~GAAG~~,~~0BAA0B~~,~~IAAI~~,~~YAAY~~,GAAG,CAAC~~;AAC1D~~,~~SAAO;GAAE~~,~~SAAS;GAAM~~,~~MAAM;GAAM;;~~CAItC,~~MAAM~~,~~EAAE~~,~~UAAU~~,~~eAAe~~,GAAG,~~aAAa;CAGjD~~,~~MAAM~~,~~OAAO~~,MAAM,~~4BAA4B~~,~~SAAgB;AAK~~/D,~~QAAO;EAAE~~,~~SAJO~~,MAAM,~~4BACpB~~,~~YACD;EAEiB;EAAM;;;;;AAM1B~~,eAAsB,~~uCACpB~~,~~WACe;AACf~~,~~OAAM~~,~~GACH~~,OAAO,~~0BAA0B~~,CACjC,IAAI,~~EACH~~,~~eAAe~~,~~MAChB~~,CAAC,CACD,MAAM,~~GAAG~~,~~0BAA0B~~,~~IAAI~~,~~UAAU~~,CAAC~~;;;;;AAMvD~~,eAAsB,~~oCACpB~~,~~QACe;AACf~~,~~OAAM~~,~~GACH~~,OAAO,~~0BAA0B~~,CACjC,MAAM,~~GAAG~~,~~0BAA0B~~,~~QAAQ~~,~~OAAO~~,CAAC~~;;;;;AAMxD~~,eAAsB,~~iCAAoE;~~CAExF,~~MAAM~~,~~SADc~~,MAAM,~~SAAS~~,EACT,IAAI,yBAAyB,EAAE,~~SAAS;AAElE~~,~~KAAI~~,~~UAAU~~,KACZ,~~QAAO;EAAE~~,~~SAAS;EAAM~~,~~MAAM;EAAM;~~CAGtC,~~MAAM~~,~~SAAS~~,MAAM,~~kCAAkC~~,~~MAAM;AAE7D~~,~~KAAI~~,~~OAAO~~,~~YAAY~~,~~KACrB~~,~~OAAM~~,~~uCAAuC;AAG/C~~,~~QAAO;;;;;AAMT~~,eAAsB,~~mCACpB~~,~~OACA~~,~~WACe;AAGf~~,~~EAFoB~~,MAAM,~~SAAS~~,EAEvB,IAAI,~~0BAA0B~~,~~OAAO;EAC~~/C,~~SAAS;~~EACT,~~UAAU;EACV~~,~~UAAU;EACV~~,~~MAAM;EACN~~,~~QAAQ~~,QAAQ,IAAI,~~aAAa;EAClC~~,CAAC~~;;;;;AAMJ~~,eAAsB,~~wCAAuD;AAE3E~~,~~EADoB~~,MAAM,~~SAAS~~,EACvB,OAAO,yBAAyB~~;;;;;AAM9C~~,eAAsB,~~uBACpB~~,~~OACA~~,~~MACe;AACf~~,~~OAAM~~,~~kCAAkB~~,~~OAAO~~,~~KAAK~~"}
1	+ {"version":3,"file":"password-reset.mjs","names":[],"sources":["../../../src/core/auth/password-reset.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport { encodeHexLowerCase } from \"@oslojs/encoding\";\nimport { addHours } from \"date-fns\";\nimport { eq } from \"drizzle-orm\";\nimport { cookies } from \"next/headers\";\nimport { db } from \"../../server/database/inject.js\";\nimport {\n passwordResetSessionTable,\n userTable,\n} from \"../../server/database/schema.js\";\nimport { sendResetPassword } from \"../../server/emails/index.js\";\nimport { augmentPasswordResetSession } from \"./augment.js\";\nimport { performFullUserAugmentation } from \"./logic.js\";\nimport type { PasswordResetAuthSession, PasswordResetSession } from \"./types.js\";\nimport { generateRandomOTP } from \"./utils/encode.js\";\n\n/*\n Creates a new password reset session.\n /\nexport async function createPasswordResetSession(\n token: string,\n userId: string,\n email: string,\n): Promise<PasswordResetSession> {\n const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n const [session] = await db\n .insert(passwordResetSessionTable)\n .values({\n id: sessionId,\n email: email,\n code: generateRandomOTP(),\n expiresAt: new Date(addHours(new Date(), 1)),\n userId: userId,\n })\n .returning();\n\n return session;\n}\n\n/\n Validates the password reset session token and retrieves user data.\n * The user data is augmented by registered modules (e.g. 2FA).\n /\nexport async function validatePasswordResetSessionToken(\n token: string,\n): Promise<PasswordResetAuthSession> {\n const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n const [row] = await db\n .select({\n session: passwordResetSessionTable,\n user: userTable,\n })\n .from(passwordResetSessionTable)\n .innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id))\n .where(eq(passwordResetSessionTable.id, sessionId));\n\n if (!row \|\| !row.user) {\n return { session: null, user: null };\n }\n\n const { session: baseSession, user: baseUser } = row;\n\n // Check for expiration\n if (new Date() > baseSession.expiresAt) {\n await db\n .delete(passwordResetSessionTable)\n .where(eq(passwordResetSessionTable.id, baseSession.id));\n return { session: null, user: null };\n }\n\n // STRICTLY remove non-serializable and sensitive fields\n const { password, recovery_code, ...safeUser } = baseUser;\n\n // AUGMENT (EXTENSIBILITY POINTS)\n const user = await performFullUserAugmentation(safeUser as any);\n const session = await augmentPasswordResetSession(\n baseSession as PasswordResetSession,\n );\n\n return { session, user };\n}\n\n/\n Marks the password reset session as email verified.\n /\nexport async function setPasswordResetSessionAsEmailVerified(\n sessionId: string,\n): Promise<void> {\n await db\n .update(passwordResetSessionTable)\n .set({\n emailVerified: true,\n })\n .where(eq(passwordResetSessionTable.id, sessionId));\n}\n\n/\n Invalidates all password reset sessions for a user.\n /\nexport async function invalidateUserPasswordResetSessions(\n userId: string,\n): Promise<void> {\n await db\n .delete(passwordResetSessionTable)\n .where(eq(passwordResetSessionTable.userId, userId));\n}\n\n/\n Validates the current password reset session from cookies.\n /\nexport async function getCurrentPasswordResetSession(): Promise<PasswordResetAuthSession> {\n const cookieStore = await cookies();\n const token = cookieStore.get(\"password_reset_session\")?.value ?? null;\n\n if (token === null) {\n return { session: null, user: null };\n }\n\n const result = await validatePasswordResetSessionToken(token);\n\n if (result.session === null) {\n await deletePasswordResetSessionTokenCookie();\n }\n\n return result;\n}\n\n/\n Sets the password reset session token cookie.\n /\nexport async function setPasswordResetSessionTokenCookie(\n token: string,\n expiresAt: Date,\n): Promise<void> {\n const cookieStore = await cookies();\n\n cookieStore.set(\"password_reset_session\", token, {\n expires: expiresAt,\n sameSite: \"lax\",\n httpOnly: true,\n path: \"/\",\n secure: process.env.NODE_ENV === \"production\",\n });\n}\n\n/\n Deletes the password reset session token cookie.\n /\nexport async function deletePasswordResetSessionTokenCookie(): Promise<void> {\n const cookieStore = await cookies();\n cookieStore.delete(\"password_reset_session\");\n}\n\n/\n Sends a password reset email with the OTP code.\n */\nexport async function sendPasswordResetEmail(\n email: string,\n code: string,\n): Promise<void> {\n await sendResetPassword(email, code);\n}\n"],"mappings":"6lBAqBA,eAAsB,EACpB,EACA,EACA,EAC+B,CAC/B,IAAM,EAAY,EAAmB,EAAO,IAAI,aAAa,CAAC,OAAO,EAAM,CAAC,CAAC,CAEvE,CAAC,GAAW,MAAM,EACrB,OAAO,EAA0B,CACjC,OAAO,CACN,GAAI,EACG,QACP,KAAM,GAAmB,CACzB,UAAW,IAAI,KAAK,EAAS,IAAI,KAAQ,EAAE,CAAC,CACpC,SACT,CAAC,CACD,WAAW,CAEd,OAAO,EAOT,eAAsB,EACpB,EACmC,CACnC,IAAM,EAAY,EAAmB,EAAO,IAAI,aAAa,CAAC,OAAO,EAAM,CAAC,CAAC,CAEvE,CAAC,GAAO,MAAM,EACjB,OAAO,CACN,QAAS,EACT,KAAM,EACP,CAAC,CACD,KAAK,EAA0B,CAC/B,UAAU,EAAW,EAAG,EAA0B,OAAQ,EAAU,GAAG,CAAC,CACxE,MAAM,EAAG,EAA0B,GAAI,EAAU,CAAC,CAErD,GAAI,CAAC,GAAO,CAAC,EAAI,KACf,MAAO,CAAE,QAAS,KAAM,KAAM,KAAM,CAGtC,GAAM,CAAE,QAAS,EAAa,KAAM,GAAa,EAGjD,GAAI,IAAI,KAAS,EAAY,UAI3B,OAHA,MAAM,EACH,OAAO,EAA0B,CACjC,MAAM,EAAG,EAA0B,GAAI,EAAY,GAAG,CAAC,CACnD,CAAE,QAAS,KAAM,KAAM,KAAM,CAItC,GAAM,CAAE,WAAU,gBAAe,GAAG,GAAa,EAG3C,EAAO,MAAM,EAA4B,EAAgB,CAK/D,MAAO,CAAE,QAJO,MAAM,EACpB,EACD,CAEiB,OAAM,CAM1B,eAAsB,EACpB,EACe,CACf,MAAM,EACH,OAAO,EAA0B,CACjC,IAAI,CACH,cAAe,GAChB,CAAC,CACD,MAAM,EAAG,EAA0B,GAAI,EAAU,CAAC,CAMvD,eAAsB,EACpB,EACe,CACf,MAAM,EACH,OAAO,EAA0B,CACjC,MAAM,EAAG,EAA0B,OAAQ,EAAO,CAAC,CAMxD,eAAsB,GAAoE,CAExF,IAAM,GADc,MAAM,GAAS,EACT,IAAI,yBAAyB,EAAE,OAAS,KAElE,GAAI,IAAU,KACZ,MAAO,CAAE,QAAS,KAAM,KAAM,KAAM,CAGtC,IAAM,EAAS,MAAM,EAAkC,EAAM,CAM7D,OAJI,EAAO,UAAY,MACrB,MAAM,GAAuC,CAGxC,EAMT,eAAsB,EACpB,EACA,EACe,EACK,MAAM,GAAS,EAEvB,IAAI,yBAA0B,EAAO,CAC/C,QAAS,EACT,SAAU,MACV,SAAU,GACV,KAAM,IACN,OAAQ,QAAQ,IAAI,WAAa,aAClC,CAAC,CAMJ,eAAsB,GAAuD,EACvD,MAAM,GAAS,EACvB,OAAO,yBAAyB,CAM9C,eAAsB,EACpB,EACA,EACe,CACf,MAAM,EAAkB,EAAO,EAAK"}

package/dist/core/auth/rbac.cjs CHANGED Viewed

@@ -1,118 +1 @@
-"use server";
-const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
-const require_inject = require('../../server/database/inject.cjs');
-const require_schema = require('../../server/database/schema.cjs');
-const require_service = require('../notifications/service.cjs');
-require('../notifications/index.cjs');
-let drizzle_orm = require("drizzle-orm");
-//#region src/core/auth/rbac.ts
-if (typeof window === "undefined") require_service.notificationService.init();
-/**
-* CORE RBAC LOGIC
-* This file handles all database operations for Roles and Permissions.
-*/
-async function getRoles() {
-	return await require_inject.db.select().from(require_schema.rolesTable).orderBy(require_schema.rolesTable.name);
-}
-async function getRoleById(roleId) {
-	const [role] = await require_inject.db.select().from(require_schema.rolesTable).where((0, drizzle_orm.eq)(require_schema.rolesTable.id, roleId));
-	return role;
-}
-async function createRole(name, description) {
-	return await require_inject.db.insert(require_schema.rolesTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deleteRole(roleId) {
-	return await require_inject.db.delete(require_schema.rolesTable).where((0, drizzle_orm.eq)(require_schema.rolesTable.id, roleId));
-}
-async function getPermissions() {
-	return await require_inject.db.select().from(require_schema.permissionsTable).orderBy(require_schema.permissionsTable.name);
-}
-async function createPermission(name, description) {
-	return await require_inject.db.insert(require_schema.permissionsTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deletePermission(permissionId) {
-	return await require_inject.db.delete(require_schema.permissionsTable).where((0, drizzle_orm.eq)(require_schema.permissionsTable.id, permissionId));
-}
-async function getRolePermissions(roleId) {
-	return await require_inject.db.select({
-		id: require_schema.permissionsTable.id,
-		name: require_schema.permissionsTable.name
-	}).from(require_schema.rolesToPermissionsTable).innerJoin(require_schema.permissionsTable, (0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.permissionId, require_schema.permissionsTable.id)).where((0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.roleId, roleId));
-}
-async function assignPermissionToRole(roleId, permissionId) {
-	return await require_inject.db.insert(require_schema.rolesToPermissionsTable).values({
-		roleId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromRole(roleId, permissionId) {
-	return await require_inject.db.delete(require_schema.rolesToPermissionsTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.roleId, roleId), (0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.permissionId, permissionId)));
-}
-async function assignRoleToUser(userId, roleId) {
-	return await require_inject.db.insert(require_schema.usersToRolesTable).values({
-		userId,
-		roleId
-	}).onConflictDoNothing();
-}
-async function revokeRoleFromUser(userId, roleId) {
-	return await require_inject.db.delete(require_schema.usersToRolesTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.usersToRolesTable.userId, userId), (0, drizzle_orm.eq)(require_schema.usersToRolesTable.roleId, roleId)));
-}
-async function assignPermissionToUser(userId, permissionId) {
-	return await require_inject.db.insert(require_schema.usersToPermissionsTable).values({
-		userId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromUser(userId, permissionId) {
-	return await require_inject.db.delete(require_schema.usersToPermissionsTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.userId, userId), (0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.permissionId, permissionId)));
-}
-async function getUserRbacData(userId) {
-	const roles = await require_inject.db.select({
-		id: require_schema.rolesTable.id,
-		name: require_schema.rolesTable.name
-	}).from(require_schema.usersToRolesTable).innerJoin(require_schema.rolesTable, (0, drizzle_orm.eq)(require_schema.usersToRolesTable.roleId, require_schema.rolesTable.id)).where((0, drizzle_orm.eq)(require_schema.usersToRolesTable.userId, userId));
-	const directPermissions = await require_inject.db.select({
-		id: require_schema.permissionsTable.id,
-		name: require_schema.permissionsTable.name
-	}).from(require_schema.usersToPermissionsTable).innerJoin(require_schema.permissionsTable, (0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.permissionId, require_schema.permissionsTable.id)).where((0, drizzle_orm.eq)(require_schema.usersToPermissionsTable.userId, userId));
-	let rolePermissions = [];
-	if (roles.length > 0) {
-		const roleIds = roles.map((r) => r.id);
-		rolePermissions = await require_inject.db.select({
-			id: require_schema.permissionsTable.id,
-			name: require_schema.permissionsTable.name
-		}).from(require_schema.rolesToPermissionsTable).innerJoin(require_schema.permissionsTable, (0, drizzle_orm.eq)(require_schema.rolesToPermissionsTable.permissionId, require_schema.permissionsTable.id)).where((0, drizzle_orm.inArray)(require_schema.rolesToPermissionsTable.roleId, roleIds));
-	}
-	const effectiveMap = /* @__PURE__ */ new Map();
-	for (const p of [...directPermissions, ...rolePermissions]) effectiveMap.set(p.id, p);
-	return {
-		roles,
-		directPermissions,
-		effectivePermissions: Array.from(effectiveMap.values())
-	};
-}
-//#endregion
-exports.assignPermissionToRole = assignPermissionToRole;
-exports.assignPermissionToUser = assignPermissionToUser;
-exports.assignRoleToUser = assignRoleToUser;
-exports.createPermission = createPermission;
-exports.createRole = createRole;
-exports.deletePermission = deletePermission;
-exports.deleteRole = deleteRole;
-exports.getPermissions = getPermissions;
-exports.getRoleById = getRoleById;
-exports.getRolePermissions = getRolePermissions;
-exports.getRoles = getRoles;
-exports.getUserRbacData = getUserRbacData;
-exports.revokePermissionFromRole = revokePermissionFromRole;
-exports.revokePermissionFromUser = revokePermissionFromUser;
-exports.revokeRoleFromUser = revokeRoleFromUser;
+"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`../notifications/service.cjs`);require(`../notifications/index.cjs`);let r=require(`drizzle-orm`);typeof window>`u`&&n.notificationService.init();async function i(){return await e.db.select().from(t.rolesTable).orderBy(t.rolesTable.name)}async function a(n){let[i]=await e.db.select().from(t.rolesTable).where((0,r.eq)(t.rolesTable.id,n));return i}async function o(n,r){return await e.db.insert(t.rolesTable).values({name:n,description:r}).returning()}async function s(n){return await e.db.delete(t.rolesTable).where((0,r.eq)(t.rolesTable.id,n))}async function c(){return await e.db.select().from(t.permissionsTable).orderBy(t.permissionsTable.name)}async function l(n,r){return await e.db.insert(t.permissionsTable).values({name:n,description:r}).returning()}async function u(n){return await e.db.delete(t.permissionsTable).where((0,r.eq)(t.permissionsTable.id,n))}async function d(n){return await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.rolesToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.rolesToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.eq)(t.rolesToPermissionsTable.roleId,n))}async function f(n,r){return await e.db.insert(t.rolesToPermissionsTable).values({roleId:n,permissionId:r}).onConflictDoNothing()}async function p(n,i){return await e.db.delete(t.rolesToPermissionsTable).where((0,r.and)((0,r.eq)(t.rolesToPermissionsTable.roleId,n),(0,r.eq)(t.rolesToPermissionsTable.permissionId,i)))}async function m(n,r){return await e.db.insert(t.usersToRolesTable).values({userId:n,roleId:r}).onConflictDoNothing()}async function h(n,i){return await e.db.delete(t.usersToRolesTable).where((0,r.and)((0,r.eq)(t.usersToRolesTable.userId,n),(0,r.eq)(t.usersToRolesTable.roleId,i)))}async function g(n,r){return await e.db.insert(t.usersToPermissionsTable).values({userId:n,permissionId:r}).onConflictDoNothing()}async function _(n,i){return await e.db.delete(t.usersToPermissionsTable).where((0,r.and)((0,r.eq)(t.usersToPermissionsTable.userId,n),(0,r.eq)(t.usersToPermissionsTable.permissionId,i)))}async function v(n){let i=await e.db.select({id:t.rolesTable.id,name:t.rolesTable.name}).from(t.usersToRolesTable).innerJoin(t.rolesTable,(0,r.eq)(t.usersToRolesTable.roleId,t.rolesTable.id)).where((0,r.eq)(t.usersToRolesTable.userId,n)),a=await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.usersToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.usersToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.eq)(t.usersToPermissionsTable.userId,n)),o=[];if(i.length>0){let n=i.map(e=>e.id);o=await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.rolesToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.rolesToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.inArray)(t.rolesToPermissionsTable.roleId,n))}let s=new Map;for(let e of[...a,...o])s.set(e.id,e);return{roles:i,directPermissions:a,effectivePermissions:Array.from(s.values())}}exports.assignPermissionToRole=f,exports.assignPermissionToUser=g,exports.assignRoleToUser=m,exports.createPermission=l,exports.createRole=o,exports.deletePermission=u,exports.deleteRole=s,exports.getPermissions=c,exports.getRoleById=a,exports.getRolePermissions=d,exports.getRoles=i,exports.getUserRbacData=v,exports.revokePermissionFromRole=p,exports.revokePermissionFromUser=_,exports.revokeRoleFromUser=h;

package/dist/core/auth/rbac.mjs CHANGED Viewed

@@ -1,104 +1,2 @@
-"use server";
-import { db } from "../../server/database/inject.mjs";
-import { permissionsTable, rolesTable, rolesToPermissionsTable, usersToPermissionsTable, usersToRolesTable } from "../../server/database/schema.mjs";
-import { notificationService } from "../notifications/service.mjs";
-import "../notifications/index.mjs";
-import { and, eq, inArray } from "drizzle-orm";
-//#region src/core/auth/rbac.ts
-if (typeof window === "undefined") notificationService.init();
-/**
-* CORE RBAC LOGIC
-* This file handles all database operations for Roles and Permissions.
-*/
-async function getRoles() {
-	return await db.select().from(rolesTable).orderBy(rolesTable.name);
-}
-async function getRoleById(roleId) {
-	const [role] = await db.select().from(rolesTable).where(eq(rolesTable.id, roleId));
-	return role;
-}
-async function createRole(name, description) {
-	return await db.insert(rolesTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deleteRole(roleId) {
-	return await db.delete(rolesTable).where(eq(rolesTable.id, roleId));
-}
-async function getPermissions() {
-	return await db.select().from(permissionsTable).orderBy(permissionsTable.name);
-}
-async function createPermission(name, description) {
-	return await db.insert(permissionsTable).values({
-		name,
-		description
-	}).returning();
-}
-async function deletePermission(permissionId) {
-	return await db.delete(permissionsTable).where(eq(permissionsTable.id, permissionId));
-}
-async function getRolePermissions(roleId) {
-	return await db.select({
-		id: permissionsTable.id,
-		name: permissionsTable.name
-	}).from(rolesToPermissionsTable).innerJoin(permissionsTable, eq(rolesToPermissionsTable.permissionId, permissionsTable.id)).where(eq(rolesToPermissionsTable.roleId, roleId));
-}
-async function assignPermissionToRole(roleId, permissionId) {
-	return await db.insert(rolesToPermissionsTable).values({
-		roleId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromRole(roleId, permissionId) {
-	return await db.delete(rolesToPermissionsTable).where(and(eq(rolesToPermissionsTable.roleId, roleId), eq(rolesToPermissionsTable.permissionId, permissionId)));
-}
-async function assignRoleToUser(userId, roleId) {
-	return await db.insert(usersToRolesTable).values({
-		userId,
-		roleId
-	}).onConflictDoNothing();
-}
-async function revokeRoleFromUser(userId, roleId) {
-	return await db.delete(usersToRolesTable).where(and(eq(usersToRolesTable.userId, userId), eq(usersToRolesTable.roleId, roleId)));
-}
-async function assignPermissionToUser(userId, permissionId) {
-	return await db.insert(usersToPermissionsTable).values({
-		userId,
-		permissionId
-	}).onConflictDoNothing();
-}
-async function revokePermissionFromUser(userId, permissionId) {
-	return await db.delete(usersToPermissionsTable).where(and(eq(usersToPermissionsTable.userId, userId), eq(usersToPermissionsTable.permissionId, permissionId)));
-}
-async function getUserRbacData(userId) {
-	const roles = await db.select({
-		id: rolesTable.id,
-		name: rolesTable.name
-	}).from(usersToRolesTable).innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id)).where(eq(usersToRolesTable.userId, userId));
-	const directPermissions = await db.select({
-		id: permissionsTable.id,
-		name: permissionsTable.name
-	}).from(usersToPermissionsTable).innerJoin(permissionsTable, eq(usersToPermissionsTable.permissionId, permissionsTable.id)).where(eq(usersToPermissionsTable.userId, userId));
-	let rolePermissions = [];
-	if (roles.length > 0) {
-		const roleIds = roles.map((r) => r.id);
-		rolePermissions = await db.select({
-			id: permissionsTable.id,
-			name: permissionsTable.name
-		}).from(rolesToPermissionsTable).innerJoin(permissionsTable, eq(rolesToPermissionsTable.permissionId, permissionsTable.id)).where(inArray(rolesToPermissionsTable.roleId, roleIds));
-	}
-	const effectiveMap = /* @__PURE__ */ new Map();
-	for (const p of [...directPermissions, ...rolePermissions]) effectiveMap.set(p.id, p);
-	return {
-		roles,
-		directPermissions,
-		effectivePermissions: Array.from(effectiveMap.values())
-	};
-}
-//#endregion
-export { assignPermissionToRole, assignPermissionToUser, assignRoleToUser, createPermission, createRole, deletePermission, deleteRole, getPermissions, getRoleById, getRolePermissions, getRoles, getUserRbacData, revokePermissionFromRole, revokePermissionFromUser, revokeRoleFromUser };
+"use server";import{db as e}from"../../server/database/inject.mjs";import{permissionsTable as t,rolesTable as n,rolesToPermissionsTable as r,usersToPermissionsTable as i,usersToRolesTable as a}from"../../server/database/schema.mjs";import{notificationService as o}from"../notifications/service.mjs";import"../notifications/index.mjs";import{and as s,eq as c,inArray as l}from"drizzle-orm";typeof window>`u`&&o.init();async function u(){return await e.select().from(n).orderBy(n.name)}async function d(t){let[r]=await e.select().from(n).where(c(n.id,t));return r}async function f(t,r){return await e.insert(n).values({name:t,description:r}).returning()}async function p(t){return await e.delete(n).where(c(n.id,t))}async function m(){return await e.select().from(t).orderBy(t.name)}async function h(n,r){return await e.insert(t).values({name:n,description:r}).returning()}async function g(n){return await e.delete(t).where(c(t.id,n))}async function _(n){return await e.select({id:t.id,name:t.name}).from(r).innerJoin(t,c(r.permissionId,t.id)).where(c(r.roleId,n))}async function v(t,n){return await e.insert(r).values({roleId:t,permissionId:n}).onConflictDoNothing()}async function y(t,n){return await e.delete(r).where(s(c(r.roleId,t),c(r.permissionId,n)))}async function b(t,n){return await e.insert(a).values({userId:t,roleId:n}).onConflictDoNothing()}async function x(t,n){return await e.delete(a).where(s(c(a.userId,t),c(a.roleId,n)))}async function S(t,n){return await e.insert(i).values({userId:t,permissionId:n}).onConflictDoNothing()}async function C(t,n){return await e.delete(i).where(s(c(i.userId,t),c(i.permissionId,n)))}async function w(o){let s=await e.select({id:n.id,name:n.name}).from(a).innerJoin(n,c(a.roleId,n.id)).where(c(a.userId,o)),u=await e.select({id:t.id,name:t.name}).from(i).innerJoin(t,c(i.permissionId,t.id)).where(c(i.userId,o)),d=[];if(s.length>0){let n=s.map(e=>e.id);d=await e.select({id:t.id,name:t.name}).from(r).innerJoin(t,c(r.permissionId,t.id)).where(l(r.roleId,n))}let f=new Map;for(let e of[...u,...d])f.set(e.id,e);return{roles:s,directPermissions:u,effectivePermissions:Array.from(f.values())}}export{v as assignPermissionToRole,S as assignPermissionToUser,b as assignRoleToUser,h as createPermission,f as createRole,g as deletePermission,p as deleteRole,m as getPermissions,d as getRoleById,_ as getRolePermissions,u as getRoles,w as getUserRbacData,y as revokePermissionFromRole,C as revokePermissionFromUser,x as revokeRoleFromUser};
 //# sourceMappingURL=rbac.mjs.map

package/dist/core/auth/rbac.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"rbac.mjs","names":[],"sources":["../../../src/core/auth/rbac.ts"],"sourcesContent":["\"use server\";\n\nimport { and, eq, inArray } from \"drizzle-orm\";\nimport { db } from \"../../server/database/inject\";\nimport {\n permissionsTable,\n rolesTable,\n rolesToPermissionsTable,\n usersToPermissionsTable,\n usersToRolesTable,\n} from \"../../server/database/schema\";\nimport { notificationService } from \"../notifications\";\n\n// Ensure notification service is loaded\nif (typeof window === \"undefined\") {\n notificationService.init();\n}\n\n/*\n CORE RBAC LOGIC\n * This file handles all database operations for Roles and Permissions.\n */\n\n// --- Roles ---\n\nexport async function getRoles() {\n return await db.select().from(rolesTable).orderBy(rolesTable.name);\n}\n\nexport async function getRoleById(roleId: string) {\n const [role] = await db\n .select()\n .from(rolesTable)\n .where(eq(rolesTable.id, roleId));\n return role;\n}\n\nexport async function createRole(name: string, description?: string) {\n return await db.insert(rolesTable).values({ name, description }).returning();\n}\n\nexport async function deleteRole(roleId: string) {\n return await db.delete(rolesTable).where(eq(rolesTable.id, roleId));\n}\n\n// --- Permissions ---\n\nexport async function getPermissions() {\n return await db\n .select()\n .from(permissionsTable)\n .orderBy(permissionsTable.name);\n}\n\nexport async function createPermission(name: string, description?: string) {\n return await db\n .insert(permissionsTable)\n .values({ name, description })\n .returning();\n}\n\nexport async function deletePermission(permissionId: string) {\n return await db\n .delete(permissionsTable)\n .where(eq(permissionsTable.id, permissionId));\n}\n\n// --- Mappings ---\n\nexport async function getRolePermissions(roleId: string) {\n return await db\n .select({\n id: permissionsTable.id,\n name: permissionsTable.name,\n })\n .from(rolesToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(eq(rolesToPermissionsTable.roleId, roleId));\n}\n\nexport async function assignPermissionToRole(\n roleId: string,\n permissionId: string,\n) {\n return await db\n .insert(rolesToPermissionsTable)\n .values({ roleId, permissionId })\n .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromRole(\n roleId: string,\n permissionId: string,\n) {\n return await db\n .delete(rolesToPermissionsTable)\n .where(\n and(\n eq(rolesToPermissionsTable.roleId, roleId),\n eq(rolesToPermissionsTable.permissionId, permissionId),\n ),\n );\n}\n\n// --- User Assignment ---\n\nexport async function assignRoleToUser(userId: string, roleId: string) {\n return await db\n .insert(usersToRolesTable)\n .values({ userId, roleId })\n .onConflictDoNothing();\n}\n\nexport async function revokeRoleFromUser(userId: string, roleId: string) {\n return await db\n .delete(usersToRolesTable)\n .where(\n and(\n eq(usersToRolesTable.userId, userId),\n eq(usersToRolesTable.roleId, roleId),\n ),\n );\n}\n\nexport async function assignPermissionToUser(\n userId: string,\n permissionId: string,\n) {\n return await db\n .insert(usersToPermissionsTable)\n .values({ userId, permissionId })\n .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromUser(\n userId: string,\n permissionId: string,\n) {\n return await db\n .delete(usersToPermissionsTable)\n .where(\n and(\n eq(usersToPermissionsTable.userId, userId),\n eq(usersToPermissionsTable.permissionId, permissionId),\n ),\n );\n}\n\nexport async function getUserRbacData(userId: string) {\n const roles = await db\n .select({\n id: rolesTable.id,\n name: rolesTable.name,\n })\n .from(usersToRolesTable)\n .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))\n .where(eq(usersToRolesTable.userId, userId));\n\n const directPermissions = await db\n .select({\n id: permissionsTable.id,\n name: permissionsTable.name,\n })\n .from(usersToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(usersToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(eq(usersToPermissionsTable.userId, userId));\n\n // Fetch inherited permissions from roles\n let rolePermissions: { id: string; name: string }[] = [];\n if (roles.length > 0) {\n const roleIds = roles.map((r) => r.id);\n rolePermissions = await db\n .select({\n id: permissionsTable.id,\n name: permissionsTable.name,\n })\n .from(rolesToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(inArray(rolesToPermissionsTable.roleId, roleIds));\n }\n\n // Combine for effective permissions\n const effectiveMap = new Map<string, { id: string; name: string }>();\n for (const p of [...directPermissions, ...rolePermissions]) {\n effectiveMap.set(p.id, p);\n }\n\n return {\n roles,\n directPermissions,\n effectivePermissions: Array.from(effectiveMap.values()),\n };\n}\n"],"mappings":"~~;;;;;;;;;AAcA~~,~~IAAI,~~OAAO,~~WAAW~~,~~YACpB~~,~~qBAAoB~~,MAAM~~;;;;;AAU5B~~,eAAsB,~~WAAW;AAC~~/B,~~QAAO~~,MAAM,~~GAAG~~,QAAQ,CAAC,KAAK,~~WAAW~~,CAAC,QAAQ,~~WAAW~~,KAAK~~;;AAGpE~~,eAAsB,~~YAAY~~,~~QAAgB;~~CAChD,~~MAAM~~,CAAC,~~QAAQ~~,MAAM,~~GAClB~~,QAAQ,CACR,KAAK,~~WAAW~~,CAChB,MAAM,~~GAAG~~,~~WAAW~~,~~IAAI~~,~~OAAO~~,CAAC~~;AACnC~~,~~QAAO;;AAGT~~,eAAsB,~~WAAW~~,~~MAAc~~,~~aAAsB;AACnE~~,~~QAAO~~,MAAM,~~GAAG~~,OAAO,~~WAAW~~,CAAC,OAAO~~;EAAE;EAAM;EAAa~~,CAAC,CAAC,WAAW~~;;AAG9E~~,eAAsB,~~WAAW~~,~~QAAgB;AAC~~/C,~~QAAO~~,MAAM,~~GAAG~~,OAAO,~~WAAW~~,CAAC,MAAM,~~GAAG~~,~~WAAW~~,~~IAAI~~,~~OAAO~~,CAAC~~;;AAKrE~~,eAAsB,~~iBAAiB;AACrC~~,~~QAAO~~,MAAM,~~GACV~~,QAAQ,CACR,KAAK,~~iBAAiB~~,CACtB,QAAQ,~~iBAAiB~~,KAAK~~;;AAGnC~~,eAAsB,~~iBAAiB~~,~~MAAc~~,~~aAAsB;AACzE~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~iBAAiB~~,CACxB,OAAO~~;EAAE;EAAM;EAAa~~,CAAC,CAC7B,WAAW~~;;AAGhB~~,eAAsB,~~iBAAiB~~,~~cAAsB;AAC3D~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~iBAAiB~~,CACxB,MAAM,~~GAAG~~,~~iBAAiB~~,~~IAAI~~,~~aAAa~~,CAAC~~;;AAKjD~~,eAAsB,~~mBAAmB~~,~~QAAgB;AACvD~~,~~QAAO~~,MAAM,~~GACV~~,OAAO~~;EACN~~,~~IAAI~~,~~iBAAiB;EACrB~~,~~MAAM~~,~~iBAAiB;EACxB~~,CAAC,CACD,KAAK,~~wBAAwB~~,CAC7B,UACC,~~kBACA~~,~~GAAG~~,~~wBAAwB~~,~~cAAc~~,~~iBAAiB~~,GAAG,CAC9D,CACA,MAAM,~~GAAG~~,~~wBAAwB~~,~~QAAQ~~,~~OAAO~~,CAAC~~;;AAGtD~~,eAAsB,~~uBACpB~~,~~QACA~~,~~cACA;AACA~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~wBAAwB~~,CAC/B,OAAO~~;EAAE;EAAQ;EAAc~~,CAAC,CAChC,qBAAqB~~;;AAG1B~~,eAAsB,~~yBACpB~~,~~QACA~~,~~cACA;AACA~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~wBAAwB~~,CAC/B,MACC,~~IACE~~,~~GAAG~~,~~wBAAwB~~,~~QAAQ~~,~~OAAO~~,~~EAC1C~~,~~GAAG~~,~~wBAAwB~~,~~cAAc~~,~~aAAa~~,CACvD,CACF~~;;AAKL~~,eAAsB,~~iBAAiB~~,~~QAAgB~~,~~QAAgB;AACrE~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~kBAAkB~~,CACzB,OAAO~~;EAAE;EAAQ;EAAQ~~,CAAC,CAC1B,qBAAqB~~;;AAG1B~~,eAAsB,~~mBAAmB~~,~~QAAgB~~,~~QAAgB;AACvE~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~kBAAkB~~,CACzB,MACC,~~IACE~~,~~GAAG~~,~~kBAAkB~~,~~QAAQ~~,~~OAAO~~,~~EACpC~~,~~GAAG~~,~~kBAAkB~~,~~QAAQ~~,~~OAAO~~,CACrC,CACF~~;;AAGL~~,eAAsB,~~uBACpB~~,~~QACA~~,~~cACA;AACA~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~wBAAwB~~,CAC/B,OAAO~~;EAAE;EAAQ;EAAc~~,CAAC,CAChC,qBAAqB~~;;AAG1B~~,eAAsB,~~yBACpB~~,~~QACA~~,~~cACA;AACA~~,~~QAAO~~,MAAM,~~GACV~~,OAAO,~~wBAAwB~~,CAC/B,MACC,~~IACE~~,~~GAAG~~,~~wBAAwB~~,~~QAAQ~~,~~OAAO~~,~~EAC1C~~,~~GAAG~~,~~wBAAwB~~,~~cAAc~~,~~aAAa~~,CACvD,CACF~~;;AAGL~~,eAAsB,~~gBAAgB~~,~~QAAgB;~~CACpD,~~MAAM~~,~~QAAQ~~,MAAM,~~GACjB~~,OAAO~~;EACN~~,~~IAAI~~,~~WAAW;EACf~~,~~MAAM~~,~~WAAW;EAClB~~,CAAC,CACD,KAAK,~~kBAAkB~~,CACvB,UAAU,~~YAAY~~,~~GAAG~~,~~kBAAkB~~,~~QAAQ~~,~~WAAW~~,GAAG,CAAC,CAClE,MAAM,~~GAAG~~,~~kBAAkB~~,~~QAAQ~~,~~OAAO~~,CAAC~~;CAE9C~~,~~MAAM~~,~~oBAAoB~~,MAAM,~~GAC7B~~,OAAO~~;EACN~~,~~IAAI~~,~~iBAAiB;EACrB~~,~~MAAM~~,~~iBAAiB;EACxB~~,CAAC,CACD,KAAK,~~wBAAwB~~,CAC7B,UACC,~~kBACA~~,~~GAAG~~,~~wBAAwB~~,~~cAAc~~,~~iBAAiB~~,GAAG,CAC9D,CACA,MAAM,~~GAAG~~,~~wBAAwB~~,~~QAAQ~~,~~OAAO~~,CAAC~~;CAGpD~~,~~IAAI~~,~~kBAAkD~~,EAAE~~;AACxD~~,~~KAAI~~,~~MAAM~~,~~SAAS~~,~~GAAG;EACpB~~,~~MAAM~~,~~UAAU~~,~~MAAM~~,~~KAAK~~,~~MAAM~~,EAAE,GAAG~~;AACtC~~,~~oBAAkB~~,MAAM,~~GACrB~~,OAAO~~;GACN~~,~~IAAI~~,~~iBAAiB;~~GACrB,~~MAAM~~,~~iBAAiB;GACxB~~,CAAC,CACD,KAAK,~~wBAAwB~~,CAC7B,UACC,~~kBACA~~,~~GAAG~~,~~wBAAwB~~,~~cAAc~~,~~iBAAiB~~,GAAG,CAC9D,CACA,MAAM,~~QAAQ~~,~~wBAAwB~~,~~QAAQ~~,~~QAAQ~~,CAAC;;CAI5D,~~MAAM,+BAAe~~,IAAI,~~KAA2C;AACpE~~,~~MAAK~~,~~MAAM~~,~~KAAK~~,CAAC,GAAG,~~mBAAmB~~,GAAG,~~gBAAgB~~,CACxD,~~cAAa~~,IAAI,EAAE,~~IAAI~~,EAAE~~;AAG3B~~,~~QAAO;EACL;EACA;EACA~~,~~sBAAsB~~,MAAM,KAAK,~~aAAa~~,QAAQ,CAAC~~;EACxD~~"}
1	+ {"version":3,"file":"rbac.mjs","names":[],"sources":["../../../src/core/auth/rbac.ts"],"sourcesContent":["\"use server\";\n\nimport { and, eq, inArray } from \"drizzle-orm\";\nimport { db } from \"../../server/database/inject.js\";\nimport {\n permissionsTable,\n rolesTable,\n rolesToPermissionsTable,\n usersToPermissionsTable,\n usersToRolesTable,\n} from \"../../server/database/schema.js\";\nimport { notificationService } from \"../notifications/index.js\";\n\n// Ensure notification service is loaded\nif (typeof window === \"undefined\") {\n notificationService.init();\n}\n\n/*\n CORE RBAC LOGIC\n * This file handles all database operations for Roles and Permissions.\n */\n\n// --- Roles ---\n\nexport async function getRoles() {\n return await db.select().from(rolesTable).orderBy(rolesTable.name);\n}\n\nexport async function getRoleById(roleId: string) {\n const [role] = await db\n .select()\n .from(rolesTable)\n .where(eq(rolesTable.id, roleId));\n return role;\n}\n\nexport async function createRole(name: string, description?: string) {\n return await db.insert(rolesTable).values({ name, description }).returning();\n}\n\nexport async function deleteRole(roleId: string) {\n return await db.delete(rolesTable).where(eq(rolesTable.id, roleId));\n}\n\n// --- Permissions ---\n\nexport async function getPermissions() {\n return await db\n .select()\n .from(permissionsTable)\n .orderBy(permissionsTable.name);\n}\n\nexport async function createPermission(name: string, description?: string) {\n return await db\n .insert(permissionsTable)\n .values({ name, description })\n .returning();\n}\n\nexport async function deletePermission(permissionId: string) {\n return await db\n .delete(permissionsTable)\n .where(eq(permissionsTable.id, permissionId));\n}\n\n// --- Mappings ---\n\nexport async function getRolePermissions(roleId: string) {\n return await db\n .select({\n id: permissionsTable.id,\n name: permissionsTable.name,\n })\n .from(rolesToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(eq(rolesToPermissionsTable.roleId, roleId));\n}\n\nexport async function assignPermissionToRole(\n roleId: string,\n permissionId: string,\n) {\n return await db\n .insert(rolesToPermissionsTable)\n .values({ roleId, permissionId })\n .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromRole(\n roleId: string,\n permissionId: string,\n) {\n return await db\n .delete(rolesToPermissionsTable)\n .where(\n and(\n eq(rolesToPermissionsTable.roleId, roleId),\n eq(rolesToPermissionsTable.permissionId, permissionId),\n ),\n );\n}\n\n// --- User Assignment ---\n\nexport async function assignRoleToUser(userId: string, roleId: string) {\n return await db\n .insert(usersToRolesTable)\n .values({ userId, roleId })\n .onConflictDoNothing();\n}\n\nexport async function revokeRoleFromUser(userId: string, roleId: string) {\n return await db\n .delete(usersToRolesTable)\n .where(\n and(\n eq(usersToRolesTable.userId, userId),\n eq(usersToRolesTable.roleId, roleId),\n ),\n );\n}\n\nexport async function assignPermissionToUser(\n userId: string,\n permissionId: string,\n) {\n return await db\n .insert(usersToPermissionsTable)\n .values({ userId, permissionId })\n .onConflictDoNothing();\n}\n\nexport async function revokePermissionFromUser(\n userId: string,\n permissionId: string,\n) {\n return await db\n .delete(usersToPermissionsTable)\n .where(\n and(\n eq(usersToPermissionsTable.userId, userId),\n eq(usersToPermissionsTable.permissionId, permissionId),\n ),\n );\n}\n\nexport async function getUserRbacData(userId: string) {\n const roles = await db\n .select({\n id: rolesTable.id,\n name: rolesTable.name,\n })\n .from(usersToRolesTable)\n .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))\n .where(eq(usersToRolesTable.userId, userId));\n\n const directPermissions = await db\n .select({\n id: permissionsTable.id,\n name: permissionsTable.name,\n })\n .from(usersToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(usersToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(eq(usersToPermissionsTable.userId, userId));\n\n // Fetch inherited permissions from roles\n let rolePermissions: { id: string; name: string }[] = [];\n if (roles.length > 0) {\n const roleIds = roles.map((r) => r.id);\n rolePermissions = await db\n .select({\n id: permissionsTable.id,\n name: permissionsTable.name,\n })\n .from(rolesToPermissionsTable)\n .innerJoin(\n permissionsTable,\n eq(rolesToPermissionsTable.permissionId, permissionsTable.id),\n )\n .where(inArray(rolesToPermissionsTable.roleId, roleIds));\n }\n\n // Combine for effective permissions\n const effectiveMap = new Map<string, { id: string; name: string }>();\n for (const p of [...directPermissions, ...rolePermissions]) {\n effectiveMap.set(p.id, p);\n }\n\n return {\n roles,\n directPermissions,\n effectivePermissions: Array.from(effectiveMap.values()),\n };\n}\n"],"mappings":"qYAcI,OAAO,OAAW,KACpB,EAAoB,MAAM,CAU5B,eAAsB,GAAW,CAC/B,OAAO,MAAM,EAAG,QAAQ,CAAC,KAAK,EAAW,CAAC,QAAQ,EAAW,KAAK,CAGpE,eAAsB,EAAY,EAAgB,CAChD,GAAM,CAAC,GAAQ,MAAM,EAClB,QAAQ,CACR,KAAK,EAAW,CAChB,MAAM,EAAG,EAAW,GAAI,EAAO,CAAC,CACnC,OAAO,EAGT,eAAsB,EAAW,EAAc,EAAsB,CACnE,OAAO,MAAM,EAAG,OAAO,EAAW,CAAC,OAAO,CAAE,OAAM,cAAa,CAAC,CAAC,WAAW,CAG9E,eAAsB,EAAW,EAAgB,CAC/C,OAAO,MAAM,EAAG,OAAO,EAAW,CAAC,MAAM,EAAG,EAAW,GAAI,EAAO,CAAC,CAKrE,eAAsB,GAAiB,CACrC,OAAO,MAAM,EACV,QAAQ,CACR,KAAK,EAAiB,CACtB,QAAQ,EAAiB,KAAK,CAGnC,eAAsB,EAAiB,EAAc,EAAsB,CACzE,OAAO,MAAM,EACV,OAAO,EAAiB,CACxB,OAAO,CAAE,OAAM,cAAa,CAAC,CAC7B,WAAW,CAGhB,eAAsB,EAAiB,EAAsB,CAC3D,OAAO,MAAM,EACV,OAAO,EAAiB,CACxB,MAAM,EAAG,EAAiB,GAAI,EAAa,CAAC,CAKjD,eAAsB,EAAmB,EAAgB,CACvD,OAAO,MAAM,EACV,OAAO,CACN,GAAI,EAAiB,GACrB,KAAM,EAAiB,KACxB,CAAC,CACD,KAAK,EAAwB,CAC7B,UACC,EACA,EAAG,EAAwB,aAAc,EAAiB,GAAG,CAC9D,CACA,MAAM,EAAG,EAAwB,OAAQ,EAAO,CAAC,CAGtD,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,OAAO,CAAE,SAAQ,eAAc,CAAC,CAChC,qBAAqB,CAG1B,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,MACC,EACE,EAAG,EAAwB,OAAQ,EAAO,CAC1C,EAAG,EAAwB,aAAc,EAAa,CACvD,CACF,CAKL,eAAsB,EAAiB,EAAgB,EAAgB,CACrE,OAAO,MAAM,EACV,OAAO,EAAkB,CACzB,OAAO,CAAE,SAAQ,SAAQ,CAAC,CAC1B,qBAAqB,CAG1B,eAAsB,EAAmB,EAAgB,EAAgB,CACvE,OAAO,MAAM,EACV,OAAO,EAAkB,CACzB,MACC,EACE,EAAG,EAAkB,OAAQ,EAAO,CACpC,EAAG,EAAkB,OAAQ,EAAO,CACrC,CACF,CAGL,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,OAAO,CAAE,SAAQ,eAAc,CAAC,CAChC,qBAAqB,CAG1B,eAAsB,EACpB,EACA,EACA,CACA,OAAO,MAAM,EACV,OAAO,EAAwB,CAC/B,MACC,EACE,EAAG,EAAwB,OAAQ,EAAO,CAC1C,EAAG,EAAwB,aAAc,EAAa,CACvD,CACF,CAGL,eAAsB,EAAgB,EAAgB,CACpD,IAAM,EAAQ,MAAM,EACjB,OAAO,CACN,GAAI,EAAW,GACf,KAAM,EAAW,KAClB,CAAC,CACD,KAAK,EAAkB,CACvB,UAAU,EAAY,EAAG,EAAkB,OAAQ,EAAW,GAAG,CAAC,CAClE,MAAM,EAAG,EAAkB,OAAQ,EAAO,CAAC,CAExC,EAAoB,MAAM,EAC7B,OAAO,CACN,GAAI,EAAiB,GACrB,KAAM,EAAiB,KACxB,CAAC,CACD,KAAK,EAAwB,CAC7B,UACC,EACA,EAAG,EAAwB,aAAc,EAAiB,GAAG,CAC9D,CACA,MAAM,EAAG,EAAwB,OAAQ,EAAO,CAAC,CAGhD,EAAkD,EAAE,CACxD,GAAI,EAAM,OAAS,EAAG,CACpB,IAAM,EAAU,EAAM,IAAK,GAAM,EAAE,GAAG,CACtC,EAAkB,MAAM,EACrB,OAAO,CACN,GAAI,EAAiB,GACrB,KAAM,EAAiB,KACxB,CAAC,CACD,KAAK,EAAwB,CAC7B,UACC,EACA,EAAG,EAAwB,aAAc,EAAiB,GAAG,CAC9D,CACA,MAAM,EAAQ,EAAwB,OAAQ,EAAQ,CAAC,CAI5D,IAAM,EAAe,IAAI,IACzB,IAAK,IAAM,IAAK,CAAC,GAAG,EAAmB,GAAG,EAAgB,CACxD,EAAa,IAAI,EAAE,GAAI,EAAE,CAG3B,MAAO,CACL,QACA,oBACA,qBAAsB,MAAM,KAAK,EAAa,QAAQ,CAAC,CACxD"}

package/dist/core/auth/session.cjs CHANGED Viewed

@@ -1,154 +1 @@
-"use server";
-const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
-const require_inject = require('../../server/database/inject.cjs');
-const require_schema = require('../../server/database/schema.cjs');
-const require_augment = require('./augment.cjs');
-const require_logic = require('./logic.cjs');
-let drizzle_orm = require("drizzle-orm");
-let _oslojs_crypto_sha2 = require("@oslojs/crypto/sha2");
-let _oslojs_encoding = require("@oslojs/encoding");
-let date_fns = require("date-fns");
-let next_headers = require("next/headers");
-let next_navigation = require("next/navigation");
-//#region src/core/auth/session.ts
-/**
-* Returns the user's IP address.
-*/
-async function getIPAddress() {
-	return (await (0, next_headers.headers)()).get("x-forwarded-for");
-}
-/**
-* Validates the session token.
-*/
-async function validateSessionToken(token) {
-	const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
-	const [row] = await require_inject.db.select({
-		session: require_schema.sessionTable,
-		user: require_schema.userTable
-	}).from(require_schema.sessionTable).innerJoin(require_schema.userTable, (0, drizzle_orm.eq)(require_schema.sessionTable.userId, require_schema.userTable.id)).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, sessionId));
-	if (!row || !row.user) return {
-		session: null,
-		user: null
-	};
-	const { session: baseSession, user: baseUser } = row;
-	const { password, recovery_code, ...safeUser } = baseUser;
-	if (/* @__PURE__ */ new Date() > baseSession.expiresAt) {
-		await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, baseSession.id));
-		return {
-			session: null,
-			user: null
-		};
-	}
-	const augmentedUser = await require_logic.performFullUserAugmentation(safeUser);
-	const augmentedSession = await require_augment.augmentSession(baseSession);
-	return {
-		session: augmentedSession ? { ...augmentedSession } : null,
-		user: augmentedUser ? { ...augmentedUser } : null
-	};
-}
-/**
-* Returns the current user session from cookies.
-*/
-const getCurrentSession = async () => {
-	const token = (await (0, next_headers.cookies)()).get("session")?.value ?? null;
-	if (token === null) return {
-		session: null,
-		user: null
-	};
-	return await validateSessionToken(token);
-};
-/**
-* Invalidates a single session.
-*/
-async function invalidateSession(sessionId) {
-	await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, sessionId));
-}
-/**
-* Invalidates all user sessions.
-*/
-async function invalidateUserSessions(userId) {
-	await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId));
-}
-/**
-* Sets the session token in a cookie.
-*/
-async function setSessionTokenCookie(token, expiresAt) {
-	(await (0, next_headers.cookies)()).set("session", token, {
-		httpOnly: true,
-		path: "/",
-		secure: process.env.NODE_ENV === "production",
-		sameSite: "lax",
-		expires: expiresAt
-	});
-}
-/**
-* Removes the session token cookie.
-*/
-async function deleteSessionTokenCookie() {
-	(await (0, next_headers.cookies)()).delete("session");
-}
-/**
-* Generates a new random session token.
-*/
-async function generateSessionToken() {
-	const tokenBytes = new Uint8Array(20);
-	crypto.getRandomValues(tokenBytes);
-	return (0, _oslojs_encoding.encodeBase32LowerCaseNoPadding)(tokenBytes).toLowerCase();
-}
-/**
-* Creates a new session in the database.
-*/
-async function createSession(token, userId, flags) {
-	const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
-	const [session] = await require_inject.db.insert(require_schema.sessionTable).values({
-		id: sessionId,
-		expiresAt: new Date((0, date_fns.addDays)(/* @__PURE__ */ new Date(), 7)),
-		active_organization_id: flags.activeOrganizationId,
-		userId
-	}).returning();
-	return session;
-}
-/**
-* Signs the user out and redirects to the sign-in page.
-*/
-async function sessionSignOut() {
-	const { session } = await getCurrentSession();
-	if (session) {
-		await invalidateSession(session.id);
-		await deleteSessionTokenCookie();
-	}
-	(0, next_navigation.redirect)("/signin");
-}
-/**
-* Get all active sessions for a user.
-*/
-async function getUserSessions(userId, currentSessionId) {
-	return (await require_inject.db.select().from(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId))).map((session) => ({
-		id: session.id,
-		createdAt: session.createdAt,
-		expiresAt: session.expiresAt,
-		isCurrent: session.id === currentSessionId
-	}));
-}
-/**
-* Invalidate all sessions for a user except the specified current one.
-*/
-async function invalidateOtherSessions(userId, currentSessionId) {
-	await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId), (0, drizzle_orm.ne)(require_schema.sessionTable.id, currentSessionId)));
-}
-//#endregion
-exports.createSession = createSession;
-exports.deleteSessionTokenCookie = deleteSessionTokenCookie;
-exports.generateSessionToken = generateSessionToken;
-exports.getCurrentSession = getCurrentSession;
-exports.getIPAddress = getIPAddress;
-exports.getUserSessions = getUserSessions;
-exports.invalidateOtherSessions = invalidateOtherSessions;
-exports.invalidateSession = invalidateSession;
-exports.invalidateUserSessions = invalidateUserSessions;
-exports.sessionSignOut = sessionSignOut;
-exports.setSessionTokenCookie = setSessionTokenCookie;
-exports.validateSessionToken = validateSessionToken;
+"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`./augment.cjs`),r=require(`./logic.cjs`);let i=require(`drizzle-orm`),a=require(`@oslojs/crypto/sha2`),o=require(`@oslojs/encoding`),s=require(`date-fns`),c=require(`next/headers`),l=require(`next/navigation`);async function u(){return(await(0,c.headers)()).get(`x-forwarded-for`)}async function d(s){let c=(0,o.encodeHexLowerCase)((0,a.sha256)(new TextEncoder().encode(s))),[l]=await e.db.select({session:t.sessionTable,user:t.userTable}).from(t.sessionTable).innerJoin(t.userTable,(0,i.eq)(t.sessionTable.userId,t.userTable.id)).where((0,i.eq)(t.sessionTable.id,c));if(!l||!l.user)return{session:null,user:null};let{session:u,user:d}=l,{password:f,recovery_code:p,...m}=d;if(new Date>u.expiresAt)return await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.id,u.id)),{session:null,user:null};let h=await r.performFullUserAugmentation(m),g=await n.augmentSession(u);return{session:g?{...g}:null,user:h?{...h}:null}}const f=async()=>{let e=(await(0,c.cookies)()).get(`session`)?.value??null;return e===null?{session:null,user:null}:await d(e)};async function p(n){await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.id,n))}async function m(n){await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.userId,n))}async function h(e,t){(await(0,c.cookies)()).set(`session`,e,{httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`,sameSite:`lax`,expires:t})}async function g(){(await(0,c.cookies)()).delete(`session`)}async function _(){let e=new Uint8Array(20);return crypto.getRandomValues(e),(0,o.encodeBase32LowerCaseNoPadding)(e).toLowerCase()}async function v(n,r,i){let c=(0,o.encodeHexLowerCase)((0,a.sha256)(new TextEncoder().encode(n))),[l]=await e.db.insert(t.sessionTable).values({id:c,expiresAt:new Date((0,s.addDays)(new Date,7)),active_organization_id:i.activeOrganizationId,userId:r}).returning();return l}async function y(){let{session:e}=await f();e&&(await p(e.id),await g()),(0,l.redirect)(`/signin`)}async function b(n,r){return(await e.db.select().from(t.sessionTable).where((0,i.eq)(t.sessionTable.userId,n))).map(e=>({id:e.id,createdAt:e.createdAt,expiresAt:e.expiresAt,isCurrent:e.id===r}))}async function x(n,r){await e.db.delete(t.sessionTable).where((0,i.and)((0,i.eq)(t.sessionTable.userId,n),(0,i.ne)(t.sessionTable.id,r)))}exports.createSession=v,exports.deleteSessionTokenCookie=g,exports.generateSessionToken=_,exports.getCurrentSession=f,exports.getIPAddress=u,exports.getUserSessions=b,exports.invalidateOtherSessions=x,exports.invalidateSession=p,exports.invalidateUserSessions=m,exports.sessionSignOut=y,exports.setSessionTokenCookie=h,exports.validateSessionToken=d;