@arch-cadre/core 0.0.23 → 0.0.26

package/dist/core/auth/session.cjs

@@ -1,154 +1 @@
-"use server";
-
-const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
-const require_inject = require('../../server/database/inject.cjs');
-const require_schema = require('../../server/database/schema.cjs');
-const require_augment = require('./augment.cjs');
-const require_logic = require('./logic.cjs');
-let drizzle_orm = require("drizzle-orm");
-let _oslojs_crypto_sha2 = require("@oslojs/crypto/sha2");
-let _oslojs_encoding = require("@oslojs/encoding");
-let date_fns = require("date-fns");
-let next_headers = require("next/headers");
-let next_navigation = require("next/navigation");
-
-//#region src/core/auth/session.ts
-/**
-* Returns the user's IP address.
-*/
-async function getIPAddress() {
-	return (await (0, next_headers.headers)()).get("x-forwarded-for");
-}
-/**
-* Validates the session token.
-*/
-async function validateSessionToken(token) {
-	const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
-	const [row] = await require_inject.db.select({
-		session: require_schema.sessionTable,
-		user: require_schema.userTable
-	}).from(require_schema.sessionTable).innerJoin(require_schema.userTable, (0, drizzle_orm.eq)(require_schema.sessionTable.userId, require_schema.userTable.id)).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, sessionId));
-	if (!row || !row.user) return {
-		session: null,
-		user: null
-	};
-	const { session: baseSession, user: baseUser } = row;
-	const { password, recovery_code, ...safeUser } = baseUser;
-	if (/* @__PURE__ */ new Date() > baseSession.expiresAt) {
-		await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, baseSession.id));
-		return {
-			session: null,
-			user: null
-		};
-	}
-	const augmentedUser = await require_logic.performFullUserAugmentation(safeUser);
-	const augmentedSession = await require_augment.augmentSession(baseSession);
-	return {
-		session: augmentedSession ? { ...augmentedSession } : null,
-		user: augmentedUser ? { ...augmentedUser } : null
-	};
-}
-/**
-* Returns the current user session from cookies.
-*/
-const getCurrentSession = async () => {
-	const token = (await (0, next_headers.cookies)()).get("session")?.value ?? null;
-	if (token === null) return {
-		session: null,
-		user: null
-	};
-	return await validateSessionToken(token);
-};
-/**
-* Invalidates a single session.
-*/
-async function invalidateSession(sessionId) {
-	await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.id, sessionId));
-}
-/**
-* Invalidates all user sessions.
-*/
-async function invalidateUserSessions(userId) {
-	await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId));
-}
-/**
-* Sets the session token in a cookie.
-*/
-async function setSessionTokenCookie(token, expiresAt) {
-	(await (0, next_headers.cookies)()).set("session", token, {
-		httpOnly: true,
-		path: "/",
-		secure: process.env.NODE_ENV === "production",
-		sameSite: "lax",
-		expires: expiresAt
-	});
-}
-/**
-* Removes the session token cookie.
-*/
-async function deleteSessionTokenCookie() {
-	(await (0, next_headers.cookies)()).delete("session");
-}
-/**
-* Generates a new random session token.
-*/
-async function generateSessionToken() {
-	const tokenBytes = new Uint8Array(20);
-	crypto.getRandomValues(tokenBytes);
-	return (0, _oslojs_encoding.encodeBase32LowerCaseNoPadding)(tokenBytes).toLowerCase();
-}
-/**
-* Creates a new session in the database.
-*/
-async function createSession(token, userId, flags) {
-	const sessionId = (0, _oslojs_encoding.encodeHexLowerCase)((0, _oslojs_crypto_sha2.sha256)(new TextEncoder().encode(token)));
-	const [session] = await require_inject.db.insert(require_schema.sessionTable).values({
-		id: sessionId,
-		expiresAt: new Date((0, date_fns.addDays)(/* @__PURE__ */ new Date(), 7)),
-		active_organization_id: flags.activeOrganizationId,
-		userId
-	}).returning();
-	return session;
-}
-/**
-* Signs the user out and redirects to the sign-in page.
-*/
-async function sessionSignOut() {
-	const { session } = await getCurrentSession();
-	if (session) {
-		await invalidateSession(session.id);
-		await deleteSessionTokenCookie();
-	}
-	(0, next_navigation.redirect)("/signin");
-}
-/**
-* Get all active sessions for a user.
-*/
-async function getUserSessions(userId, currentSessionId) {
-	return (await require_inject.db.select().from(require_schema.sessionTable).where((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId))).map((session) => ({
-		id: session.id,
-		createdAt: session.createdAt,
-		expiresAt: session.expiresAt,
-		isCurrent: session.id === currentSessionId
-	}));
-}
-/**
-* Invalidate all sessions for a user except the specified current one.
-*/
-async function invalidateOtherSessions(userId, currentSessionId) {
-	await require_inject.db.delete(require_schema.sessionTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.sessionTable.userId, userId), (0, drizzle_orm.ne)(require_schema.sessionTable.id, currentSessionId)));
-}
-
-//#endregion
-exports.createSession = createSession;
-exports.deleteSessionTokenCookie = deleteSessionTokenCookie;
-exports.generateSessionToken = generateSessionToken;
-exports.getCurrentSession = getCurrentSession;
-exports.getIPAddress = getIPAddress;
-exports.getUserSessions = getUserSessions;
-exports.invalidateOtherSessions = invalidateOtherSessions;
-exports.invalidateSession = invalidateSession;
-exports.invalidateUserSessions = invalidateUserSessions;
-exports.sessionSignOut = sessionSignOut;
-exports.setSessionTokenCookie = setSessionTokenCookie;
-exports.validateSessionToken = validateSessionToken;
+"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`./augment.cjs`),r=require(`./logic.cjs`);let i=require(`drizzle-orm`),a=require(`@oslojs/crypto/sha2`),o=require(`@oslojs/encoding`),s=require(`date-fns`),c=require(`next/headers`),l=require(`next/navigation`);async function u(){return(await(0,c.headers)()).get(`x-forwarded-for`)}async function d(s){let c=(0,o.encodeHexLowerCase)((0,a.sha256)(new TextEncoder().encode(s))),[l]=await e.db.select({session:t.sessionTable,user:t.userTable}).from(t.sessionTable).innerJoin(t.userTable,(0,i.eq)(t.sessionTable.userId,t.userTable.id)).where((0,i.eq)(t.sessionTable.id,c));if(!l||!l.user)return{session:null,user:null};let{session:u,user:d}=l,{password:f,recovery_code:p,...m}=d;if(new Date>u.expiresAt)return await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.id,u.id)),{session:null,user:null};let h=await r.performFullUserAugmentation(m),g=await n.augmentSession(u);return{session:g?{...g}:null,user:h?{...h}:null}}const f=async()=>{let e=(await(0,c.cookies)()).get(`session`)?.value??null;return e===null?{session:null,user:null}:await d(e)};async function p(n){await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.id,n))}async function m(n){await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.userId,n))}async function h(e,t){(await(0,c.cookies)()).set(`session`,e,{httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`,sameSite:`lax`,expires:t})}async function g(){(await(0,c.cookies)()).delete(`session`)}async function _(){let e=new Uint8Array(20);return crypto.getRandomValues(e),(0,o.encodeBase32LowerCaseNoPadding)(e).toLowerCase()}async function v(n,r,i){let c=(0,o.encodeHexLowerCase)((0,a.sha256)(new TextEncoder().encode(n))),[l]=await e.db.insert(t.sessionTable).values({id:c,expiresAt:new Date((0,s.addDays)(new Date,7)),active_organization_id:i.activeOrganizationId,userId:r}).returning();return l}async function y(){let{session:e}=await f();e&&(await p(e.id),await g()),(0,l.redirect)(`/signin`)}async function b(n,r){return(await e.db.select().from(t.sessionTable).where((0,i.eq)(t.sessionTable.userId,n))).map(e=>({id:e.id,createdAt:e.createdAt,expiresAt:e.expiresAt,isCurrent:e.id===r}))}async function x(n,r){await e.db.delete(t.sessionTable).where((0,i.and)((0,i.eq)(t.sessionTable.userId,n),(0,i.ne)(t.sessionTable.id,r)))}exports.createSession=v,exports.deleteSessionTokenCookie=g,exports.generateSessionToken=_,exports.getCurrentSession=f,exports.getIPAddress=u,exports.getUserSessions=b,exports.invalidateOtherSessions=x,exports.invalidateSession=p,exports.invalidateUserSessions=m,exports.sessionSignOut=y,exports.setSessionTokenCookie=h,exports.validateSessionToken=d;

package/dist/core/auth/session.mjs

@@ -1,143 +1,2 @@
-"use server";
-
-import { db } from "../../server/database/inject.mjs";
-import { sessionTable, userTable } from "../../server/database/schema.mjs";
-import { augmentSession } from "./augment.mjs";
-import { performFullUserAugmentation } from "./logic.mjs";
-import { and, eq, ne } from "drizzle-orm";
-import { sha256 } from "@oslojs/crypto/sha2";
-import { encodeBase32LowerCaseNoPadding, encodeHexLowerCase } from "@oslojs/encoding";
-import { addDays } from "date-fns";
-import { cookies, headers } from "next/headers";
-import { redirect } from "next/navigation";
-
-//#region src/core/auth/session.ts
-/**
-* Returns the user's IP address.
-*/
-async function getIPAddress() {
-	return (await headers()).get("x-forwarded-for");
-}
-/**
-* Validates the session token.
-*/
-async function validateSessionToken(token) {
-	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const [row] = await db.select({
-		session: sessionTable,
-		user: userTable
-	}).from(sessionTable).innerJoin(userTable, eq(sessionTable.userId, userTable.id)).where(eq(sessionTable.id, sessionId));
-	if (!row || !row.user) return {
-		session: null,
-		user: null
-	};
-	const { session: baseSession, user: baseUser } = row;
-	const { password, recovery_code, ...safeUser } = baseUser;
-	if (/* @__PURE__ */ new Date() > baseSession.expiresAt) {
-		await db.delete(sessionTable).where(eq(sessionTable.id, baseSession.id));
-		return {
-			session: null,
-			user: null
-		};
-	}
-	const augmentedUser = await performFullUserAugmentation(safeUser);
-	const augmentedSession = await augmentSession(baseSession);
-	return {
-		session: augmentedSession ? { ...augmentedSession } : null,
-		user: augmentedUser ? { ...augmentedUser } : null
-	};
-}
-/**
-* Returns the current user session from cookies.
-*/
-const getCurrentSession = async () => {
-	const token = (await cookies()).get("session")?.value ?? null;
-	if (token === null) return {
-		session: null,
-		user: null
-	};
-	return await validateSessionToken(token);
-};
-/**
-* Invalidates a single session.
-*/
-async function invalidateSession(sessionId) {
-	await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));
-}
-/**
-* Invalidates all user sessions.
-*/
-async function invalidateUserSessions(userId) {
-	await db.delete(sessionTable).where(eq(sessionTable.userId, userId));
-}
-/**
-* Sets the session token in a cookie.
-*/
-async function setSessionTokenCookie(token, expiresAt) {
-	(await cookies()).set("session", token, {
-		httpOnly: true,
-		path: "/",
-		secure: process.env.NODE_ENV === "production",
-		sameSite: "lax",
-		expires: expiresAt
-	});
-}
-/**
-* Removes the session token cookie.
-*/
-async function deleteSessionTokenCookie() {
-	(await cookies()).delete("session");
-}
-/**
-* Generates a new random session token.
-*/
-async function generateSessionToken() {
-	const tokenBytes = new Uint8Array(20);
-	crypto.getRandomValues(tokenBytes);
-	return encodeBase32LowerCaseNoPadding(tokenBytes).toLowerCase();
-}
-/**
-* Creates a new session in the database.
-*/
-async function createSession(token, userId, flags) {
-	const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-	const [session] = await db.insert(sessionTable).values({
-		id: sessionId,
-		expiresAt: new Date(addDays(/* @__PURE__ */ new Date(), 7)),
-		active_organization_id: flags.activeOrganizationId,
-		userId
-	}).returning();
-	return session;
-}
-/**
-* Signs the user out and redirects to the sign-in page.
-*/
-async function sessionSignOut() {
-	const { session } = await getCurrentSession();
-	if (session) {
-		await invalidateSession(session.id);
-		await deleteSessionTokenCookie();
-	}
-	redirect("/signin");
-}
-/**
-* Get all active sessions for a user.
-*/
-async function getUserSessions(userId, currentSessionId) {
-	return (await db.select().from(sessionTable).where(eq(sessionTable.userId, userId))).map((session) => ({
-		id: session.id,
-		createdAt: session.createdAt,
-		expiresAt: session.expiresAt,
-		isCurrent: session.id === currentSessionId
-	}));
-}
-/**
-* Invalidate all sessions for a user except the specified current one.
-*/
-async function invalidateOtherSessions(userId, currentSessionId) {
-	await db.delete(sessionTable).where(and(eq(sessionTable.userId, userId), ne(sessionTable.id, currentSessionId)));
-}
-
-//#endregion
-export { createSession, deleteSessionTokenCookie, generateSessionToken, getCurrentSession, getIPAddress, getUserSessions, invalidateOtherSessions, invalidateSession, invalidateUserSessions, sessionSignOut, setSessionTokenCookie, validateSessionToken };
+"use server";import{db as e}from"../../server/database/inject.mjs";import{sessionTable as t,userTable as n}from"../../server/database/schema.mjs";import{augmentSession as r}from"./augment.mjs";import{performFullUserAugmentation as i}from"./logic.mjs";import{and as a,eq as o,ne as s}from"drizzle-orm";import{sha256 as c}from"@oslojs/crypto/sha2";import{encodeBase32LowerCaseNoPadding as l,encodeHexLowerCase as u}from"@oslojs/encoding";import{addDays as d}from"date-fns";import{cookies as f,headers as p}from"next/headers";import{redirect as m}from"next/navigation";async function h(){return(await p()).get(`x-forwarded-for`)}async function g(a){let s=u(c(new TextEncoder().encode(a))),[l]=await e.select({session:t,user:n}).from(t).innerJoin(n,o(t.userId,n.id)).where(o(t.id,s));if(!l||!l.user)return{session:null,user:null};let{session:d,user:f}=l,{password:p,recovery_code:m,...h}=f;if(new Date>d.expiresAt)return await e.delete(t).where(o(t.id,d.id)),{session:null,user:null};let g=await i(h),_=await r(d);return{session:_?{..._}:null,user:g?{...g}:null}}const _=async()=>{let e=(await f()).get(`session`)?.value??null;return e===null?{session:null,user:null}:await g(e)};async function v(n){await e.delete(t).where(o(t.id,n))}async function y(n){await e.delete(t).where(o(t.userId,n))}async function b(e,t){(await f()).set(`session`,e,{httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`,sameSite:`lax`,expires:t})}async function x(){(await f()).delete(`session`)}async function S(){let e=new Uint8Array(20);return crypto.getRandomValues(e),l(e).toLowerCase()}async function C(n,r,i){let a=u(c(new TextEncoder().encode(n))),[o]=await e.insert(t).values({id:a,expiresAt:new Date(d(new Date,7)),active_organization_id:i.activeOrganizationId,userId:r}).returning();return o}async function w(){let{session:e}=await _();e&&(await v(e.id),await x()),m(`/signin`)}async function T(n,r){return(await e.select().from(t).where(o(t.userId,n))).map(e=>({id:e.id,createdAt:e.createdAt,expiresAt:e.expiresAt,isCurrent:e.id===r}))}async function E(n,r){await e.delete(t).where(a(o(t.userId,n),s(t.id,r)))}export{C as createSession,x as deleteSessionTokenCookie,S as generateSessionToken,_ as getCurrentSession,h as getIPAddress,T as getUserSessions,E as invalidateOtherSessions,v as invalidateSession,y as invalidateUserSessions,w as sessionSignOut,b as setSessionTokenCookie,g as validateSessionToken};
 //# sourceMappingURL=session.mjs.map

package/dist/core/auth/session.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"session.mjs","names":[],"sources":["../../../src/core/auth/session.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport {\n  encodeBase32LowerCaseNoPadding,\n  encodeHexLowerCase,\n} from \"@oslojs/encoding\";\nimport { addDays } from \"date-fns\";\nimport { and, eq, ne } from \"drizzle-orm\";\nimport { cookies, headers } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport { db } from \"../../server/database/inject\";\nimport { sessionTable, userTable } from \"../../server/database/schema\";\nimport { augmentSession } from \"./augment\";\nimport { performFullUserAugmentation } from \"./logic\";\n\nimport type {\n  AuthSession,\n  Session,\n  SessionFlags,\n  User,\n  UserSession,\n} from \"./types\";\n\n/**\n * Returns the user's IP address.\n */\nexport async function getIPAddress(): Promise<string | null> {\n  return (await headers()).get(\"x-forwarded-for\");\n}\n\n/**\n * Validates the session token.\n */\nexport async function validateSessionToken(\n  token: string,\n): Promise<AuthSession> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [row] = await db\n    .select({\n      session: sessionTable,\n      user: userTable,\n    })\n    .from(sessionTable)\n    .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n    .where(eq(sessionTable.id, sessionId));\n\n  if (!row || !row.user) {\n    return { session: null, user: null };\n  }\n\n  const { session: baseSession, user: baseUser } = row;\n\n  // STRICTLY remove non-serializable and sensitive fields\n  const { password, recovery_code, ...safeUser } = baseUser;\n\n  // Check if session is expired\n  if (new Date() > baseSession.expiresAt) {\n    await db.delete(sessionTable).where(eq(sessionTable.id, baseSession.id));\n    return { session: null, user: null };\n  }\n\n  // AUGMENT (EXTENSIBILITY POINTS)\n  const augmentedUser = await performFullUserAugmentation(safeUser as User);\n  const augmentedSession = await augmentSession(baseSession as Session);\n\n  // ENSURE PLAIN OBJECTS for Client Components\n  return {\n    session: augmentedSession ? { ...augmentedSession } : null,\n    user: augmentedUser ? { ...augmentedUser } : null,\n  };\n}\n\n/**\n * Returns the current user session from cookies.\n */\nexport const getCurrentSession = async (): Promise<AuthSession> => {\n  const cookieStore = await cookies();\n  const token = cookieStore.get(\"session\")?.value ?? null;\n\n  if (token === null) {\n    return { session: null, user: null };\n  }\n\n  return await validateSessionToken(token);\n};\n\n/**\n * Invalidates a single session.\n */\nexport async function invalidateSession(sessionId: string): Promise<void> {\n  await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));\n}\n\n/**\n * Invalidates all user sessions.\n */\nexport async function invalidateUserSessions(userId: string): Promise<void> {\n  await db.delete(sessionTable).where(eq(sessionTable.userId, userId));\n}\n\n/**\n * Sets the session token in a cookie.\n */\nexport async function setSessionTokenCookie(\n  token: string,\n  expiresAt: Date,\n): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.set(\"session\", token, {\n    httpOnly: true,\n    path: \"/\",\n    secure: process.env.NODE_ENV === \"production\",\n    sameSite: \"lax\",\n    expires: expiresAt,\n  });\n}\n\n/**\n * Removes the session token cookie.\n */\nexport async function deleteSessionTokenCookie(): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.delete(\"session\");\n}\n\n/**\n * Generates a new random session token.\n */\nexport async function generateSessionToken(): Promise<string> {\n  const tokenBytes = new Uint8Array(20);\n  crypto.getRandomValues(tokenBytes);\n  return encodeBase32LowerCaseNoPadding(tokenBytes).toLowerCase();\n}\n\n/**\n * Creates a new session in the database.\n */\nexport async function createSession(\n  token: string,\n  userId: string,\n  flags: SessionFlags,\n): Promise<Session> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [session] = await db\n    .insert(sessionTable)\n    .values({\n      id: sessionId,\n      expiresAt: new Date(addDays(new Date(), 7)),\n      active_organization_id: flags.activeOrganizationId,\n      userId: userId,\n    })\n    .returning();\n\n  return session;\n}\n\n/**\n * Signs the user out and redirects to the sign-in page.\n */\nexport async function sessionSignOut() {\n  const { session } = await getCurrentSession();\n\n  if (session) {\n    await invalidateSession(session.id);\n    await deleteSessionTokenCookie();\n  }\n\n  redirect(\"/signin\");\n}\n\n/**\n * Get all active sessions for a user.\n */\nexport async function getUserSessions(\n  userId: string,\n  currentSessionId: string,\n): Promise<UserSession[]> {\n  const sessions = await db\n    .select()\n    .from(sessionTable)\n    .where(eq(sessionTable.userId, userId));\n\n  return sessions.map((session) => ({\n    id: session.id,\n    createdAt: session.createdAt,\n    expiresAt: session.expiresAt,\n    isCurrent: session.id === currentSessionId,\n  }));\n}\n\n/**\n * Invalidate all sessions for a user except the specified current one.\n */\nexport async function invalidateOtherSessions(\n  userId: string,\n  currentSessionId: string,\n): Promise<void> {\n  await db\n    .delete(sessionTable)\n    .where(\n      and(\n        eq(sessionTable.userId, userId),\n        ne(sessionTable.id, currentSessionId),\n      ),\n    );\n}\n"],"mappings":";;;;;;;;;;;;;;;;;AA2BA,eAAsB,eAAuC;AAC3D,SAAQ,MAAM,SAAS,EAAE,IAAI,kBAAkB;;;;;AAMjD,eAAsB,qBACpB,OACsB;CACtB,MAAM,YAAY,mBAAmB,OAAO,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;CAE7E,MAAM,CAAC,OAAO,MAAM,GACjB,OAAO;EACN,SAAS;EACT,MAAM;EACP,CAAC,CACD,KAAK,aAAa,CAClB,UAAU,WAAW,GAAG,aAAa,QAAQ,UAAU,GAAG,CAAC,CAC3D,MAAM,GAAG,aAAa,IAAI,UAAU,CAAC;AAExC,KAAI,CAAC,OAAO,CAAC,IAAI,KACf,QAAO;EAAE,SAAS;EAAM,MAAM;EAAM;CAGtC,MAAM,EAAE,SAAS,aAAa,MAAM,aAAa;CAGjD,MAAM,EAAE,UAAU,eAAe,GAAG,aAAa;AAGjD,qBAAI,IAAI,MAAM,GAAG,YAAY,WAAW;AACtC,QAAM,GAAG,OAAO,aAAa,CAAC,MAAM,GAAG,aAAa,IAAI,YAAY,GAAG,CAAC;AACxE,SAAO;GAAE,SAAS;GAAM,MAAM;GAAM;;CAItC,MAAM,gBAAgB,MAAM,4BAA4B,SAAiB;CACzE,MAAM,mBAAmB,MAAM,eAAe,YAAuB;AAGrE,QAAO;EACL,SAAS,mBAAmB,EAAE,GAAG,kBAAkB,GAAG;EACtD,MAAM,gBAAgB,EAAE,GAAG,eAAe,GAAG;EAC9C;;;;;AAMH,MAAa,oBAAoB,YAAkC;CAEjE,MAAM,SADc,MAAM,SAAS,EACT,IAAI,UAAU,EAAE,SAAS;AAEnD,KAAI,UAAU,KACZ,QAAO;EAAE,SAAS;EAAM,MAAM;EAAM;AAGtC,QAAO,MAAM,qBAAqB,MAAM;;;;;AAM1C,eAAsB,kBAAkB,WAAkC;AACxE,OAAM,GAAG,OAAO,aAAa,CAAC,MAAM,GAAG,aAAa,IAAI,UAAU,CAAC;;;;;AAMrE,eAAsB,uBAAuB,QAA+B;AAC1E,OAAM,GAAG,OAAO,aAAa,CAAC,MAAM,GAAG,aAAa,QAAQ,OAAO,CAAC;;;;;AAMtE,eAAsB,sBACpB,OACA,WACe;AAEf,EADoB,MAAM,SAAS,EACvB,IAAI,WAAW,OAAO;EAChC,UAAU;EACV,MAAM;EACN,QAAQ,QAAQ,IAAI,aAAa;EACjC,UAAU;EACV,SAAS;EACV,CAAC;;;;;AAMJ,eAAsB,2BAA0C;AAE9D,EADoB,MAAM,SAAS,EACvB,OAAO,UAAU;;;;;AAM/B,eAAsB,uBAAwC;CAC5D,MAAM,aAAa,IAAI,WAAW,GAAG;AACrC,QAAO,gBAAgB,WAAW;AAClC,QAAO,+BAA+B,WAAW,CAAC,aAAa;;;;;AAMjE,eAAsB,cACpB,OACA,QACA,OACkB;CAClB,MAAM,YAAY,mBAAmB,OAAO,IAAI,aAAa,CAAC,OAAO,MAAM,CAAC,CAAC;CAE7E,MAAM,CAAC,WAAW,MAAM,GACrB,OAAO,aAAa,CACpB,OAAO;EACN,IAAI;EACJ,WAAW,IAAI,KAAK,wBAAQ,IAAI,MAAM,EAAE,EAAE,CAAC;EAC3C,wBAAwB,MAAM;EACtB;EACT,CAAC,CACD,WAAW;AAEd,QAAO;;;;;AAMT,eAAsB,iBAAiB;CACrC,MAAM,EAAE,YAAY,MAAM,mBAAmB;AAE7C,KAAI,SAAS;AACX,QAAM,kBAAkB,QAAQ,GAAG;AACnC,QAAM,0BAA0B;;AAGlC,UAAS,UAAU;;;;;AAMrB,eAAsB,gBACpB,QACA,kBACwB;AAMxB,SALiB,MAAM,GACpB,QAAQ,CACR,KAAK,aAAa,CAClB,MAAM,GAAG,aAAa,QAAQ,OAAO,CAAC,EAEzB,KAAK,aAAa;EAChC,IAAI,QAAQ;EACZ,WAAW,QAAQ;EACnB,WAAW,QAAQ;EACnB,WAAW,QAAQ,OAAO;EAC3B,EAAE;;;;;AAML,eAAsB,wBACpB,QACA,kBACe;AACf,OAAM,GACH,OAAO,aAAa,CACpB,MACC,IACE,GAAG,aAAa,QAAQ,OAAO,EAC/B,GAAG,aAAa,IAAI,iBAAiB,CACtC,CACF"}
+{"version":3,"file":"session.mjs","names":[],"sources":["../../../src/core/auth/session.ts"],"sourcesContent":["\"use server\";\n\nimport { sha256 } from \"@oslojs/crypto/sha2\";\nimport {\n  encodeBase32LowerCaseNoPadding,\n  encodeHexLowerCase,\n} from \"@oslojs/encoding\";\nimport { addDays } from \"date-fns\";\nimport { and, eq, ne } from \"drizzle-orm\";\nimport { cookies, headers } from \"next/headers\";\nimport { redirect } from \"next/navigation\";\nimport { db } from \"../../server/database/inject.js\";\nimport { sessionTable, userTable } from \"../../server/database/schema.js\";\nimport { augmentSession } from \"./augment.js\";\nimport { performFullUserAugmentation } from \"./logic.js\";\n\nimport type {\n  AuthSession,\n  Session,\n  SessionFlags,\n  User,\n  UserSession,\n} from \"./types.js\";\n\n/**\n * Returns the user's IP address.\n */\nexport async function getIPAddress(): Promise<string | null> {\n  return (await headers()).get(\"x-forwarded-for\");\n}\n\n/**\n * Validates the session token.\n */\nexport async function validateSessionToken(\n  token: string,\n): Promise<AuthSession> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [row] = await db\n    .select({\n      session: sessionTable,\n      user: userTable,\n    })\n    .from(sessionTable)\n    .innerJoin(userTable, eq(sessionTable.userId, userTable.id))\n    .where(eq(sessionTable.id, sessionId));\n\n  if (!row || !row.user) {\n    return { session: null, user: null };\n  }\n\n  const { session: baseSession, user: baseUser } = row;\n\n  // STRICTLY remove non-serializable and sensitive fields\n  const { password, recovery_code, ...safeUser } = baseUser;\n\n  // Check if session is expired\n  if (new Date() > baseSession.expiresAt) {\n    await db.delete(sessionTable).where(eq(sessionTable.id, baseSession.id));\n    return { session: null, user: null };\n  }\n\n  // AUGMENT (EXTENSIBILITY POINTS)\n  const augmentedUser = await performFullUserAugmentation(safeUser as User);\n  const augmentedSession = await augmentSession(baseSession as Session);\n\n  // ENSURE PLAIN OBJECTS for Client Components\n  return {\n    session: augmentedSession ? { ...augmentedSession } : null,\n    user: augmentedUser ? { ...augmentedUser } : null,\n  };\n}\n\n/**\n * Returns the current user session from cookies.\n */\nexport const getCurrentSession = async (): Promise<AuthSession> => {\n  const cookieStore = await cookies();\n  const token = cookieStore.get(\"session\")?.value ?? null;\n\n  if (token === null) {\n    return { session: null, user: null };\n  }\n\n  return await validateSessionToken(token);\n};\n\n/**\n * Invalidates a single session.\n */\nexport async function invalidateSession(sessionId: string): Promise<void> {\n  await db.delete(sessionTable).where(eq(sessionTable.id, sessionId));\n}\n\n/**\n * Invalidates all user sessions.\n */\nexport async function invalidateUserSessions(userId: string): Promise<void> {\n  await db.delete(sessionTable).where(eq(sessionTable.userId, userId));\n}\n\n/**\n * Sets the session token in a cookie.\n */\nexport async function setSessionTokenCookie(\n  token: string,\n  expiresAt: Date,\n): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.set(\"session\", token, {\n    httpOnly: true,\n    path: \"/\",\n    secure: process.env.NODE_ENV === \"production\",\n    sameSite: \"lax\",\n    expires: expiresAt,\n  });\n}\n\n/**\n * Removes the session token cookie.\n */\nexport async function deleteSessionTokenCookie(): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.delete(\"session\");\n}\n\n/**\n * Generates a new random session token.\n */\nexport async function generateSessionToken(): Promise<string> {\n  const tokenBytes = new Uint8Array(20);\n  crypto.getRandomValues(tokenBytes);\n  return encodeBase32LowerCaseNoPadding(tokenBytes).toLowerCase();\n}\n\n/**\n * Creates a new session in the database.\n */\nexport async function createSession(\n  token: string,\n  userId: string,\n  flags: SessionFlags,\n): Promise<Session> {\n  const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));\n\n  const [session] = await db\n    .insert(sessionTable)\n    .values({\n      id: sessionId,\n      expiresAt: new Date(addDays(new Date(), 7)),\n      active_organization_id: flags.activeOrganizationId,\n      userId: userId,\n    })\n    .returning();\n\n  return session;\n}\n\n/**\n * Signs the user out and redirects to the sign-in page.\n */\nexport async function sessionSignOut() {\n  const { session } = await getCurrentSession();\n\n  if (session) {\n    await invalidateSession(session.id);\n    await deleteSessionTokenCookie();\n  }\n\n  redirect(\"/signin\");\n}\n\n/**\n * Get all active sessions for a user.\n */\nexport async function getUserSessions(\n  userId: string,\n  currentSessionId: string,\n): Promise<UserSession[]> {\n  const sessions = await db\n    .select()\n    .from(sessionTable)\n    .where(eq(sessionTable.userId, userId));\n\n  return sessions.map((session) => ({\n    id: session.id,\n    createdAt: session.createdAt,\n    expiresAt: session.expiresAt,\n    isCurrent: session.id === currentSessionId,\n  }));\n}\n\n/**\n * Invalidate all sessions for a user except the specified current one.\n */\nexport async function invalidateOtherSessions(\n  userId: string,\n  currentSessionId: string,\n): Promise<void> {\n  await db\n    .delete(sessionTable)\n    .where(\n      and(\n        eq(sessionTable.userId, userId),\n        ne(sessionTable.id, currentSessionId),\n      ),\n    );\n}\n"],"mappings":"sjBA2BA,eAAsB,GAAuC,CAC3D,OAAQ,MAAM,GAAS,EAAE,IAAI,kBAAkB,CAMjD,eAAsB,EACpB,EACsB,CACtB,IAAM,EAAY,EAAmB,EAAO,IAAI,aAAa,CAAC,OAAO,EAAM,CAAC,CAAC,CAEvE,CAAC,GAAO,MAAM,EACjB,OAAO,CACN,QAAS,EACT,KAAM,EACP,CAAC,CACD,KAAK,EAAa,CAClB,UAAU,EAAW,EAAG,EAAa,OAAQ,EAAU,GAAG,CAAC,CAC3D,MAAM,EAAG,EAAa,GAAI,EAAU,CAAC,CAExC,GAAI,CAAC,GAAO,CAAC,EAAI,KACf,MAAO,CAAE,QAAS,KAAM,KAAM,KAAM,CAGtC,GAAM,CAAE,QAAS,EAAa,KAAM,GAAa,EAG3C,CAAE,WAAU,gBAAe,GAAG,GAAa,EAGjD,GAAI,IAAI,KAAS,EAAY,UAE3B,OADA,MAAM,EAAG,OAAO,EAAa,CAAC,MAAM,EAAG,EAAa,GAAI,EAAY,GAAG,CAAC,CACjE,CAAE,QAAS,KAAM,KAAM,KAAM,CAItC,IAAM,EAAgB,MAAM,EAA4B,EAAiB,CACnE,EAAmB,MAAM,EAAe,EAAuB,CAGrE,MAAO,CACL,QAAS,EAAmB,CAAE,GAAG,EAAkB,CAAG,KACtD,KAAM,EAAgB,CAAE,GAAG,EAAe,CAAG,KAC9C,CAMH,MAAa,EAAoB,SAAkC,CAEjE,IAAM,GADc,MAAM,GAAS,EACT,IAAI,UAAU,EAAE,OAAS,KAMnD,OAJI,IAAU,KACL,CAAE,QAAS,KAAM,KAAM,KAAM,CAG/B,MAAM,EAAqB,EAAM,EAM1C,eAAsB,EAAkB,EAAkC,CACxE,MAAM,EAAG,OAAO,EAAa,CAAC,MAAM,EAAG,EAAa,GAAI,EAAU,CAAC,CAMrE,eAAsB,EAAuB,EAA+B,CAC1E,MAAM,EAAG,OAAO,EAAa,CAAC,MAAM,EAAG,EAAa,OAAQ,EAAO,CAAC,CAMtE,eAAsB,EACpB,EACA,EACe,EACK,MAAM,GAAS,EACvB,IAAI,UAAW,EAAO,CAChC,SAAU,GACV,KAAM,IACN,OAAQ,QAAQ,IAAI,WAAa,aACjC,SAAU,MACV,QAAS,EACV,CAAC,CAMJ,eAAsB,GAA0C,EAC1C,MAAM,GAAS,EACvB,OAAO,UAAU,CAM/B,eAAsB,GAAwC,CAC5D,IAAM,EAAa,IAAI,WAAW,GAAG,CAErC,OADA,OAAO,gBAAgB,EAAW,CAC3B,EAA+B,EAAW,CAAC,aAAa,CAMjE,eAAsB,EACpB,EACA,EACA,EACkB,CAClB,IAAM,EAAY,EAAmB,EAAO,IAAI,aAAa,CAAC,OAAO,EAAM,CAAC,CAAC,CAEvE,CAAC,GAAW,MAAM,EACrB,OAAO,EAAa,CACpB,OAAO,CACN,GAAI,EACJ,UAAW,IAAI,KAAK,EAAQ,IAAI,KAAQ,EAAE,CAAC,CAC3C,uBAAwB,EAAM,qBACtB,SACT,CAAC,CACD,WAAW,CAEd,OAAO,EAMT,eAAsB,GAAiB,CACrC,GAAM,CAAE,WAAY,MAAM,GAAmB,CAEzC,IACF,MAAM,EAAkB,EAAQ,GAAG,CACnC,MAAM,GAA0B,EAGlC,EAAS,UAAU,CAMrB,eAAsB,EACpB,EACA,EACwB,CAMxB,OALiB,MAAM,EACpB,QAAQ,CACR,KAAK,EAAa,CAClB,MAAM,EAAG,EAAa,OAAQ,EAAO,CAAC,EAEzB,IAAK,IAAa,CAChC,GAAI,EAAQ,GACZ,UAAW,EAAQ,UACnB,UAAW,EAAQ,UACnB,UAAW,EAAQ,KAAO,EAC3B,EAAE,CAML,eAAsB,EACpB,EACA,EACe,CACf,MAAM,EACH,OAAO,EAAa,CACpB,MACC,EACE,EAAG,EAAa,OAAQ,EAAO,CAC/B,EAAG,EAAa,GAAI,EAAiB,CACtC,CACF"}

package/dist/core/auth/types.d.cts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.cts","names":[],"sources":["../../../src/core/auth/types.ts"],"mappings":";;;;KASY,IAAA,UAAc,SAAA,CAAU,YAAA;AAAA,KACxB,OAAA,UAAiB,YAAA,CAAa,YAAA,GAAe,MAAA;AAAA,KAC7C,oBAAA,UACH,yBAAA,CAA0B,YAAA,GAAe,MAAA;;;;AAFlD;KAQY,QAAA,GAAW,IAAA,GACrB,MAAA;EACE,KAAA,EAAO,QAAA;EACP,WAAA,EAAa,cAAA;AAAA;;;;UAMA,WAAA;EACf,OAAA,EAAS,OAAA;EACT,IAAA,EAAM,QAAA;AAAA;AAAA,UAGS,YAAA;EAAA,CACd,GAAA;AAAA;AAAA,KAGS,WAAA;EACV,EAAA;EACA,SAAA,EAAW,IAAA;EACX,SAAA,EAAW,IAAA;EACX,SAAA;EAAA,CACC,GAAA;AAAA;AAAA,KAGS,YAAA;EACN,MAAA;EAAmB,OAAA,EAAS,OAAA;EAAS,IAAA,EAAM,QAAA;EAAU,QAAA;AAAA;EAErD,MAAA;EACA,IAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEA,MAAA;EAAiB,OAAA;EAAiB,QAAA;AAAA;AAAA,UAEvB,wBAAA;EACf,OAAA,EAAS,oBAAA;EACT,IAAA,EAAM,QAAA;AAAA"}
+{"version":3,"file":"types.d.cts","names":[],"sources":["../../../src/core/auth/types.ts"],"mappings":";;;;KASY,IAAA,UAAc,SAAA,CAAU,YAAA;AAAA,KACxB,OAAA,UAAiB,YAAA,CAAa,YAAA,GAAe,MAAA;AAAA,KAC7C,oBAAA,UACH,yBAAA,CAA0B,YAAA,GAAe,MAAA;;;;AAFlD;KAQY,QAAA,GAAW,IAAA,GACrB,MAAA;EACE,KAAA,EAAO,QAAA;EACP,WAAA,EAAa,cAAA;AAAA;;;;UAMA,WAAA;EACf,OAAA,EAAS,OAAA;EACT,IAAA,EAAM,QAAA;AAAA;AAAA,UAGS,YAAA;EAAA,CACd,GAAA;AAAA;AAAA,KAGS,WAAA;EACV,EAAA;EACA,SAAA,EAAW,IAAA;EACX,SAAA,EAAW,IAAA;EACX,SAAA;EAAA,CACC,GAAA;AAAA;AAAA,KAGS,YAAA;EACN,MAAA;EAAmB,OAAA,EAAS,OAAA;EAAS,IAAA,EAAM,QAAA;EAAU,QAAA;AAAA;EAEvD,MAAA;EACA,IAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEE,MAAA;EAAiB,OAAA;EAAiB,QAAA;AAAA;AAAA,UAEvB,wBAAA;EACf,OAAA,EAAS,oBAAA;EACT,IAAA,EAAM,QAAA;AAAA"}

package/dist/core/auth/types.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.mts","names":[],"sources":["../../../src/core/auth/types.ts"],"mappings":";;;;KASY,IAAA,UAAc,SAAA,CAAU,YAAA;AAAA,KACxB,OAAA,UAAiB,YAAA,CAAa,YAAA,GAAe,MAAA;AAAA,KAC7C,oBAAA,UACH,yBAAA,CAA0B,YAAA,GAAe,MAAA;;;;AAFlD;KAQY,QAAA,GAAW,IAAA,GACrB,MAAA;EACE,KAAA,EAAO,QAAA;EACP,WAAA,EAAa,cAAA;AAAA;;;;UAMA,WAAA;EACf,OAAA,EAAS,OAAA;EACT,IAAA,EAAM,QAAA;AAAA;AAAA,UAGS,YAAA;EAAA,CACd,GAAA;AAAA;AAAA,KAGS,WAAA;EACV,EAAA;EACA,SAAA,EAAW,IAAA;EACX,SAAA,EAAW,IAAA;EACX,SAAA;EAAA,CACC,GAAA;AAAA;AAAA,KAGS,YAAA;EACN,MAAA;EAAmB,OAAA,EAAS,OAAA;EAAS,IAAA,EAAM,QAAA;EAAU,QAAA;AAAA;EAErD,MAAA;EACA,IAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEA,MAAA;EAAiB,OAAA;EAAiB,QAAA;AAAA;AAAA,UAEvB,wBAAA;EACf,OAAA,EAAS,oBAAA;EACT,IAAA,EAAM,QAAA;AAAA"}
+{"version":3,"file":"types.d.mts","names":[],"sources":["../../../src/core/auth/types.ts"],"mappings":";;;;KASY,IAAA,UAAc,SAAA,CAAU,YAAA;AAAA,KACxB,OAAA,UAAiB,YAAA,CAAa,YAAA,GAAe,MAAA;AAAA,KAC7C,oBAAA,UACH,yBAAA,CAA0B,YAAA,GAAe,MAAA;;;;AAFlD;KAQY,QAAA,GAAW,IAAA,GACrB,MAAA;EACE,KAAA,EAAO,QAAA;EACP,WAAA,EAAa,cAAA;AAAA;;;;UAMA,WAAA;EACf,OAAA,EAAS,OAAA;EACT,IAAA,EAAM,QAAA;AAAA;AAAA,UAGS,YAAA;EAAA,CACd,GAAA;AAAA;AAAA,KAGS,WAAA;EACV,EAAA;EACA,SAAA,EAAW,IAAA;EACX,SAAA,EAAW,IAAA;EACX,SAAA;EAAA,CACC,GAAA;AAAA;AAAA,KAGS,YAAA;EACN,MAAA;EAAmB,OAAA,EAAS,OAAA;EAAS,IAAA,EAAM,QAAA;EAAU,QAAA;AAAA;EAEvD,MAAA;EACA,IAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEE,MAAA;EAAiB,OAAA;EAAiB,QAAA;AAAA;AAAA,UAEvB,wBAAA;EACf,OAAA,EAAS,oBAAA;EACT,IAAA,EAAM,QAAA;AAAA"}

package/dist/core/auth/utils/encode.cjs

@@ -1,27 +1 @@
-const require_runtime = require('../../../_virtual/_rolldown/runtime.cjs');
-let _oslojs_encoding = require("@oslojs/encoding");
-
-//#region src/core/auth/utils/encode.ts
-/**
-* Generates a random one-time code (OTP).
-* @param length Length of the generated code (default 6).
-* @returns A random uppercase base32 string.
-*/
-function generateRandomOTP(length = 6) {
-	const bytes = new Uint8Array(5);
-	crypto.getRandomValues(bytes);
-	return (0, _oslojs_encoding.encodeBase32UpperCaseNoPadding)(bytes).substring(0, length);
-}
-/**
-* Generates a random recovery code.
-* @returns A random uppercase base32 string.
-*/
-function generateRandomRecoveryCode() {
-	const recoveryCodeBytes = new Uint8Array(10);
-	crypto.getRandomValues(recoveryCodeBytes);
-	return (0, _oslojs_encoding.encodeBase32UpperCaseNoPadding)(recoveryCodeBytes);
-}
-
-//#endregion
-exports.generateRandomOTP = generateRandomOTP;
-exports.generateRandomRecoveryCode = generateRandomRecoveryCode;
+require(`../../../_virtual/_rolldown/runtime.cjs`);let e=require(`@oslojs/encoding`);function t(t=6){let n=new Uint8Array(5);return crypto.getRandomValues(n),(0,e.encodeBase32UpperCaseNoPadding)(n).substring(0,t)}function n(){let t=new Uint8Array(10);return crypto.getRandomValues(t),(0,e.encodeBase32UpperCaseNoPadding)(t)}exports.generateRandomOTP=t,exports.generateRandomRecoveryCode=n;

package/dist/core/auth/utils/encode.mjs

@@ -1,26 +1,2 @@
-import { encodeBase32UpperCaseNoPadding } from "@oslojs/encoding";
-
-//#region src/core/auth/utils/encode.ts
-/**
-* Generates a random one-time code (OTP).
-* @param length Length of the generated code (default 6).
-* @returns A random uppercase base32 string.
-*/
-function generateRandomOTP(length = 6) {
-	const bytes = new Uint8Array(5);
-	crypto.getRandomValues(bytes);
-	return encodeBase32UpperCaseNoPadding(bytes).substring(0, length);
-}
-/**
-* Generates a random recovery code.
-* @returns A random uppercase base32 string.
-*/
-function generateRandomRecoveryCode() {
-	const recoveryCodeBytes = new Uint8Array(10);
-	crypto.getRandomValues(recoveryCodeBytes);
-	return encodeBase32UpperCaseNoPadding(recoveryCodeBytes);
-}
-
-//#endregion
-export { generateRandomOTP, generateRandomRecoveryCode };
+import{encodeBase32UpperCaseNoPadding as e}from"@oslojs/encoding";function t(t=6){let n=new Uint8Array(5);return crypto.getRandomValues(n),e(n).substring(0,t)}function n(){let t=new Uint8Array(10);return crypto.getRandomValues(t),e(t)}export{t as generateRandomOTP,n as generateRandomRecoveryCode};
 //# sourceMappingURL=encode.mjs.map

package/dist/core/auth/utils/encode.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"encode.mjs","names":[],"sources":["../../../../src/core/auth/utils/encode.ts"],"sourcesContent":["import { encodeBase32UpperCaseNoPadding } from \"@oslojs/encoding\";\n\n/**\n * Generates a random one-time code (OTP).\n * @param length Length of the generated code (default 6).\n * @returns A random uppercase base32 string.\n */\nexport function generateRandomOTP(length = 6): string {\n  const bytes = new Uint8Array(5);\n  crypto.getRandomValues(bytes);\n  return encodeBase32UpperCaseNoPadding(bytes).substring(0, length);\n}\n\n/**\n * Generates a random recovery code.\n * @returns A random uppercase base32 string.\n */\nexport function generateRandomRecoveryCode(): string {\n  const recoveryCodeBytes = new Uint8Array(10);\n  crypto.getRandomValues(recoveryCodeBytes);\n  return encodeBase32UpperCaseNoPadding(recoveryCodeBytes);\n}\n"],"mappings":";;;;;;;;AAOA,SAAgB,kBAAkB,SAAS,GAAW;CACpD,MAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,QAAO,gBAAgB,MAAM;AAC7B,QAAO,+BAA+B,MAAM,CAAC,UAAU,GAAG,OAAO;;;;;;AAOnE,SAAgB,6BAAqC;CACnD,MAAM,oBAAoB,IAAI,WAAW,GAAG;AAC5C,QAAO,gBAAgB,kBAAkB;AACzC,QAAO,+BAA+B,kBAAkB"}
+{"version":3,"file":"encode.mjs","names":[],"sources":["../../../../src/core/auth/utils/encode.ts"],"sourcesContent":["import { encodeBase32UpperCaseNoPadding } from \"@oslojs/encoding\";\n\n/**\n * Generates a random one-time code (OTP).\n * @param length Length of the generated code (default 6).\n * @returns A random uppercase base32 string.\n */\nexport function generateRandomOTP(length = 6): string {\n  const bytes = new Uint8Array(5);\n  crypto.getRandomValues(bytes);\n  return encodeBase32UpperCaseNoPadding(bytes).substring(0, length);\n}\n\n/**\n * Generates a random recovery code.\n * @returns A random uppercase base32 string.\n */\nexport function generateRandomRecoveryCode(): string {\n  const recoveryCodeBytes = new Uint8Array(10);\n  crypto.getRandomValues(recoveryCodeBytes);\n  return encodeBase32UpperCaseNoPadding(recoveryCodeBytes);\n}\n"],"mappings":"kEAOA,SAAgB,EAAkB,EAAS,EAAW,CACpD,IAAM,EAAQ,IAAI,WAAW,EAAE,CAE/B,OADA,OAAO,gBAAgB,EAAM,CACtB,EAA+B,EAAM,CAAC,UAAU,EAAG,EAAO,CAOnE,SAAgB,GAAqC,CACnD,IAAM,EAAoB,IAAI,WAAW,GAAG,CAE5C,OADA,OAAO,gBAAgB,EAAkB,CAClC,EAA+B,EAAkB"}

package/dist/core/auth/utils/encryption.cjs

@@ -1,67 +1 @@
-const require_runtime = require('../../../_virtual/_rolldown/runtime.cjs');
-let _oslojs_encoding = require("@oslojs/encoding");
-let node_crypto = require("node:crypto");
-let _oslojs_binary = require("@oslojs/binary");
-
-//#region src/core/auth/utils/encryption.ts
-const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
-if (!ENCRYPTION_KEY) throw new Error("ENCRYPTION_KEY environment variable is not set");
-/**
-* The encryption key decoded from base64.
-*/
-const key = (0, _oslojs_encoding.decodeBase64)(ENCRYPTION_KEY);
-/**
-* Encrypts data using AES-128-GCM.
-* @param data Data to be encrypted.
-* @returns Encrypted data including IV and auth tag.
-*/
-function encrypt(data) {
-	const iv = new Uint8Array(16);
-	crypto.getRandomValues(iv);
-	const cipher = (0, node_crypto.createCipheriv)("aes-128-gcm", key, iv);
-	const encrypted = new _oslojs_binary.DynamicBuffer(0);
-	encrypted.write(iv);
-	encrypted.write(cipher.update(data));
-	encrypted.write(cipher.final());
-	encrypted.write(cipher.getAuthTag());
-	return encrypted.bytes();
-}
-/**
-* Encrypts a string.
-* @param data String to be encrypted.
-* @returns Encrypted data as Uint8Array.
-*/
-function encryptString(data) {
-	return encrypt(new TextEncoder().encode(data));
-}
-/**
-* Decrypts data using AES-128-GCM.
-* @param encrypted Encrypted data (IV + content + auth tag).
-* @returns Decrypted data.
-*/
-function decrypt(encrypted) {
-	if (encrypted.byteLength < 33) throw new Error("Invalid encrypted data length");
-	const iv = encrypted.slice(0, 16);
-	const authTag = encrypted.slice(encrypted.byteLength - 16);
-	const content = encrypted.slice(16, encrypted.byteLength - 16);
-	const decipher = (0, node_crypto.createDecipheriv)("aes-128-gcm", key, iv);
-	decipher.setAuthTag(authTag);
-	const decrypted = new _oslojs_binary.DynamicBuffer(0);
-	decrypted.write(decipher.update(content));
-	decrypted.write(decipher.final());
-	return decrypted.bytes();
-}
-/**
-* Decrypts data to a string.
-* @param data Encrypted data.
-* @returns Odszyfrowany ciąg znaków.
-*/
-function decryptToString(data) {
-	return new TextDecoder().decode(decrypt(data));
-}
-
-//#endregion
-exports.decrypt = decrypt;
-exports.decryptToString = decryptToString;
-exports.encrypt = encrypt;
-exports.encryptString = encryptString;
+require(`../../../_virtual/_rolldown/runtime.cjs`);let e=require(`@oslojs/encoding`),t=require(`node:crypto`),n=require(`@oslojs/binary`);const r=process.env.ENCRYPTION_KEY;if(!r)throw Error(`ENCRYPTION_KEY environment variable is not set`);const i=(0,e.decodeBase64)(r);function a(e){let r=new Uint8Array(16);crypto.getRandomValues(r);let a=(0,t.createCipheriv)(`aes-128-gcm`,i,r),o=new n.DynamicBuffer(0);return o.write(r),o.write(a.update(e)),o.write(a.final()),o.write(a.getAuthTag()),o.bytes()}function o(e){return a(new TextEncoder().encode(e))}function s(e){if(e.byteLength<33)throw Error(`Invalid encrypted data length`);let r=e.slice(0,16),a=e.slice(e.byteLength-16),o=e.slice(16,e.byteLength-16),s=(0,t.createDecipheriv)(`aes-128-gcm`,i,r);s.setAuthTag(a);let c=new n.DynamicBuffer(0);return c.write(s.update(o)),c.write(s.final()),c.bytes()}function c(e){return new TextDecoder().decode(s(e))}exports.decrypt=s,exports.decryptToString=c,exports.encrypt=a,exports.encryptString=o;

package/dist/core/auth/utils/encryption.mjs

@@ -1,64 +1,2 @@
-import { decodeBase64 } from "@oslojs/encoding";
-import { createCipheriv, createDecipheriv } from "node:crypto";
-import { DynamicBuffer } from "@oslojs/binary";
-
-//#region src/core/auth/utils/encryption.ts
-const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
-if (!ENCRYPTION_KEY) throw new Error("ENCRYPTION_KEY environment variable is not set");
-/**
-* The encryption key decoded from base64.
-*/
-const key = decodeBase64(ENCRYPTION_KEY);
-/**
-* Encrypts data using AES-128-GCM.
-* @param data Data to be encrypted.
-* @returns Encrypted data including IV and auth tag.
-*/
-function encrypt(data) {
-	const iv = new Uint8Array(16);
-	crypto.getRandomValues(iv);
-	const cipher = createCipheriv("aes-128-gcm", key, iv);
-	const encrypted = new DynamicBuffer(0);
-	encrypted.write(iv);
-	encrypted.write(cipher.update(data));
-	encrypted.write(cipher.final());
-	encrypted.write(cipher.getAuthTag());
-	return encrypted.bytes();
-}
-/**
-* Encrypts a string.
-* @param data String to be encrypted.
-* @returns Encrypted data as Uint8Array.
-*/
-function encryptString(data) {
-	return encrypt(new TextEncoder().encode(data));
-}
-/**
-* Decrypts data using AES-128-GCM.
-* @param encrypted Encrypted data (IV + content + auth tag).
-* @returns Decrypted data.
-*/
-function decrypt(encrypted) {
-	if (encrypted.byteLength < 33) throw new Error("Invalid encrypted data length");
-	const iv = encrypted.slice(0, 16);
-	const authTag = encrypted.slice(encrypted.byteLength - 16);
-	const content = encrypted.slice(16, encrypted.byteLength - 16);
-	const decipher = createDecipheriv("aes-128-gcm", key, iv);
-	decipher.setAuthTag(authTag);
-	const decrypted = new DynamicBuffer(0);
-	decrypted.write(decipher.update(content));
-	decrypted.write(decipher.final());
-	return decrypted.bytes();
-}
-/**
-* Decrypts data to a string.
-* @param data Encrypted data.
-* @returns Odszyfrowany ciąg znaków.
-*/
-function decryptToString(data) {
-	return new TextDecoder().decode(decrypt(data));
-}
-
-//#endregion
-export { decrypt, decryptToString, encrypt, encryptString };
+import{decodeBase64 as e}from"@oslojs/encoding";import{createCipheriv as t,createDecipheriv as n}from"node:crypto";import{DynamicBuffer as r}from"@oslojs/binary";const i=process.env.ENCRYPTION_KEY;if(!i)throw Error(`ENCRYPTION_KEY environment variable is not set`);const a=e(i);function o(e){let n=new Uint8Array(16);crypto.getRandomValues(n);let i=t(`aes-128-gcm`,a,n),o=new r(0);return o.write(n),o.write(i.update(e)),o.write(i.final()),o.write(i.getAuthTag()),o.bytes()}function s(e){return o(new TextEncoder().encode(e))}function c(e){if(e.byteLength<33)throw Error(`Invalid encrypted data length`);let t=e.slice(0,16),i=e.slice(e.byteLength-16),o=e.slice(16,e.byteLength-16),s=n(`aes-128-gcm`,a,t);s.setAuthTag(i);let c=new r(0);return c.write(s.update(o)),c.write(s.final()),c.bytes()}function l(e){return new TextDecoder().decode(c(e))}export{c as decrypt,l as decryptToString,o as encrypt,s as encryptString};
 //# sourceMappingURL=encryption.mjs.map

package/dist/core/auth/utils/encryption.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"encryption.mjs","names":[],"sources":["../../../../src/core/auth/utils/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv } from \"node:crypto\";\nimport { DynamicBuffer } from \"@oslojs/binary\";\nimport { decodeBase64 } from \"@oslojs/encoding\";\n\nconst ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;\n\nif (!ENCRYPTION_KEY) {\n  throw new Error(\"ENCRYPTION_KEY environment variable is not set\");\n}\n\n/**\n * The encryption key decoded from base64.\n */\nconst key = decodeBase64(ENCRYPTION_KEY);\n\n/**\n * Encrypts data using AES-128-GCM.\n * @param data Data to be encrypted.\n * @returns Encrypted data including IV and auth tag.\n */\nexport function encrypt(data: Uint8Array): Uint8Array {\n  const iv = new Uint8Array(16);\n  crypto.getRandomValues(iv);\n  const cipher = createCipheriv(\"aes-128-gcm\", key, iv);\n  const encrypted = new DynamicBuffer(0);\n  encrypted.write(iv);\n  encrypted.write(cipher.update(data));\n  encrypted.write(cipher.final());\n  encrypted.write(cipher.getAuthTag());\n  return encrypted.bytes();\n}\n\n/**\n * Encrypts a string.\n * @param data String to be encrypted.\n * @returns Encrypted data as Uint8Array.\n */\nexport function encryptString(data: string): Uint8Array {\n  return encrypt(new TextEncoder().encode(data));\n}\n\n/**\n * Decrypts data using AES-128-GCM.\n * @param encrypted Encrypted data (IV + content + auth tag).\n * @returns Decrypted data.\n */\nexport function decrypt(encrypted: Uint8Array): Uint8Array {\n  if (encrypted.byteLength < 33) {\n    throw new Error(\"Invalid encrypted data length\");\n  }\n  const iv = encrypted.slice(0, 16);\n  const authTag = encrypted.slice(encrypted.byteLength - 16);\n  const content = encrypted.slice(16, encrypted.byteLength - 16);\n\n  const decipher = createDecipheriv(\"aes-128-gcm\", key, iv);\n  decipher.setAuthTag(authTag);\n\n  const decrypted = new DynamicBuffer(0);\n  decrypted.write(decipher.update(content));\n  decrypted.write(decipher.final());\n  return decrypted.bytes();\n}\n\n/**\n * Decrypts data to a string.\n * @param data Encrypted data.\n * @returns Odszyfrowany ciąg znaków.\n */\nexport function decryptToString(data: Uint8Array): string {\n  return new TextDecoder().decode(decrypt(data));\n}\n"],"mappings":";;;;;AAIA,MAAM,iBAAiB,QAAQ,IAAI;AAEnC,IAAI,CAAC,eACH,OAAM,IAAI,MAAM,iDAAiD;;;;AAMnE,MAAM,MAAM,aAAa,eAAe;;;;;;AAOxC,SAAgB,QAAQ,MAA8B;CACpD,MAAM,KAAK,IAAI,WAAW,GAAG;AAC7B,QAAO,gBAAgB,GAAG;CAC1B,MAAM,SAAS,eAAe,eAAe,KAAK,GAAG;CACrD,MAAM,YAAY,IAAI,cAAc,EAAE;AACtC,WAAU,MAAM,GAAG;AACnB,WAAU,MAAM,OAAO,OAAO,KAAK,CAAC;AACpC,WAAU,MAAM,OAAO,OAAO,CAAC;AAC/B,WAAU,MAAM,OAAO,YAAY,CAAC;AACpC,QAAO,UAAU,OAAO;;;;;;;AAQ1B,SAAgB,cAAc,MAA0B;AACtD,QAAO,QAAQ,IAAI,aAAa,CAAC,OAAO,KAAK,CAAC;;;;;;;AAQhD,SAAgB,QAAQ,WAAmC;AACzD,KAAI,UAAU,aAAa,GACzB,OAAM,IAAI,MAAM,gCAAgC;CAElD,MAAM,KAAK,UAAU,MAAM,GAAG,GAAG;CACjC,MAAM,UAAU,UAAU,MAAM,UAAU,aAAa,GAAG;CAC1D,MAAM,UAAU,UAAU,MAAM,IAAI,UAAU,aAAa,GAAG;CAE9D,MAAM,WAAW,iBAAiB,eAAe,KAAK,GAAG;AACzD,UAAS,WAAW,QAAQ;CAE5B,MAAM,YAAY,IAAI,cAAc,EAAE;AACtC,WAAU,MAAM,SAAS,OAAO,QAAQ,CAAC;AACzC,WAAU,MAAM,SAAS,OAAO,CAAC;AACjC,QAAO,UAAU,OAAO;;;;;;;AAQ1B,SAAgB,gBAAgB,MAA0B;AACxD,QAAO,IAAI,aAAa,CAAC,OAAO,QAAQ,KAAK,CAAC"}
+{"version":3,"file":"encryption.mjs","names":[],"sources":["../../../../src/core/auth/utils/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv } from \"node:crypto\";\nimport { DynamicBuffer } from \"@oslojs/binary\";\nimport { decodeBase64 } from \"@oslojs/encoding\";\n\nconst ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;\n\nif (!ENCRYPTION_KEY) {\n  throw new Error(\"ENCRYPTION_KEY environment variable is not set\");\n}\n\n/**\n * The encryption key decoded from base64.\n */\nconst key = decodeBase64(ENCRYPTION_KEY);\n\n/**\n * Encrypts data using AES-128-GCM.\n * @param data Data to be encrypted.\n * @returns Encrypted data including IV and auth tag.\n */\nexport function encrypt(data: Uint8Array): Uint8Array {\n  const iv = new Uint8Array(16);\n  crypto.getRandomValues(iv);\n  const cipher = createCipheriv(\"aes-128-gcm\", key, iv);\n  const encrypted = new DynamicBuffer(0);\n  encrypted.write(iv);\n  encrypted.write(cipher.update(data));\n  encrypted.write(cipher.final());\n  encrypted.write(cipher.getAuthTag());\n  return encrypted.bytes();\n}\n\n/**\n * Encrypts a string.\n * @param data String to be encrypted.\n * @returns Encrypted data as Uint8Array.\n */\nexport function encryptString(data: string): Uint8Array {\n  return encrypt(new TextEncoder().encode(data));\n}\n\n/**\n * Decrypts data using AES-128-GCM.\n * @param encrypted Encrypted data (IV + content + auth tag).\n * @returns Decrypted data.\n */\nexport function decrypt(encrypted: Uint8Array): Uint8Array {\n  if (encrypted.byteLength < 33) {\n    throw new Error(\"Invalid encrypted data length\");\n  }\n  const iv = encrypted.slice(0, 16);\n  const authTag = encrypted.slice(encrypted.byteLength - 16);\n  const content = encrypted.slice(16, encrypted.byteLength - 16);\n\n  const decipher = createDecipheriv(\"aes-128-gcm\", key, iv);\n  decipher.setAuthTag(authTag);\n\n  const decrypted = new DynamicBuffer(0);\n  decrypted.write(decipher.update(content));\n  decrypted.write(decipher.final());\n  return decrypted.bytes();\n}\n\n/**\n * Decrypts data to a string.\n * @param data Encrypted data.\n * @returns Odszyfrowany ciąg znaków.\n */\nexport function decryptToString(data: Uint8Array): string {\n  return new TextDecoder().decode(decrypt(data));\n}\n"],"mappings":"kKAIA,MAAM,EAAiB,QAAQ,IAAI,eAEnC,GAAI,CAAC,EACH,MAAU,MAAM,iDAAiD,CAMnE,MAAM,EAAM,EAAa,EAAe,CAOxC,SAAgB,EAAQ,EAA8B,CACpD,IAAM,EAAK,IAAI,WAAW,GAAG,CAC7B,OAAO,gBAAgB,EAAG,CAC1B,IAAM,EAAS,EAAe,cAAe,EAAK,EAAG,CAC/C,EAAY,IAAI,EAAc,EAAE,CAKtC,OAJA,EAAU,MAAM,EAAG,CACnB,EAAU,MAAM,EAAO,OAAO,EAAK,CAAC,CACpC,EAAU,MAAM,EAAO,OAAO,CAAC,CAC/B,EAAU,MAAM,EAAO,YAAY,CAAC,CAC7B,EAAU,OAAO,CAQ1B,SAAgB,EAAc,EAA0B,CACtD,OAAO,EAAQ,IAAI,aAAa,CAAC,OAAO,EAAK,CAAC,CAQhD,SAAgB,EAAQ,EAAmC,CACzD,GAAI,EAAU,WAAa,GACzB,MAAU,MAAM,gCAAgC,CAElD,IAAM,EAAK,EAAU,MAAM,EAAG,GAAG,CAC3B,EAAU,EAAU,MAAM,EAAU,WAAa,GAAG,CACpD,EAAU,EAAU,MAAM,GAAI,EAAU,WAAa,GAAG,CAExD,EAAW,EAAiB,cAAe,EAAK,EAAG,CACzD,EAAS,WAAW,EAAQ,CAE5B,IAAM,EAAY,IAAI,EAAc,EAAE,CAGtC,OAFA,EAAU,MAAM,EAAS,OAAO,EAAQ,CAAC,CACzC,EAAU,MAAM,EAAS,OAAO,CAAC,CAC1B,EAAU,OAAO,CAQ1B,SAAgB,EAAgB,EAA0B,CACxD,OAAO,IAAI,aAAa,CAAC,OAAO,EAAQ,EAAK,CAAC"}

package/dist/core/auth/validation.cjs

@@ -1,39 +1 @@
-const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
-let zod = require("zod");
-
-//#region src/core/auth/validation.ts
-const loginSchema = zod.z.object({
-	email: zod.z.string().email("Invalid email address"),
-	password: zod.z.string().min(8),
-	remember: zod.z.boolean().optional()
-});
-const registerSchema = zod.z.object({
-	username: zod.z.string().min(2, "Name must be at least 2 characters"),
-	email: zod.z.string().email("Invalid email address"),
-	password: zod.z.string().min(8, "Password must be at least 8 characters"),
-	terms: zod.z.boolean().refine((val) => val === true, "You must accept the terms")
-});
-const forgotPasswordSchema = zod.z.object({ email: zod.z.string().email("Invalid email address") });
-const resetPasswordSchema = zod.z.object({
-	password: zod.z.string().min(8, "Password must be at least 8 characters"),
-	confirm: zod.z.string()
-}).refine((data) => data.password === data.confirm, {
-	message: "Passwords do not match",
-	path: ["confirm"]
-});
-const verifyEmailSchema = zod.z.object({ code: zod.z.string().min(6).max(6) });
-const totpSetupSchema = zod.z.object({ code: zod.z.string().regex(/^\d{6}$/, "Code must be 6 digits") });
-const totpVerifySchema = zod.z.object({ code: zod.z.string().regex(/^\d{6}$/, "Code must be 6 digits") });
-const passkeysSetupSchema = zod.z.object({ name: zod.z.string().min(1, "Passkey name is required") });
-const recoveryCodeVerifySchema = zod.z.object({ code: zod.z.string().min(16, "Recovery code is required").max(16) });
-
-//#endregion
-exports.forgotPasswordSchema = forgotPasswordSchema;
-exports.loginSchema = loginSchema;
-exports.passkeysSetupSchema = passkeysSetupSchema;
-exports.recoveryCodeVerifySchema = recoveryCodeVerifySchema;
-exports.registerSchema = registerSchema;
-exports.resetPasswordSchema = resetPasswordSchema;
-exports.totpSetupSchema = totpSetupSchema;
-exports.totpVerifySchema = totpVerifySchema;
-exports.verifyEmailSchema = verifyEmailSchema;
+require(`../../_virtual/_rolldown/runtime.cjs`);let e=require(`zod`);const t=e.z.object({email:e.z.string().email(`Invalid email address`),password:e.z.string().min(8),remember:e.z.boolean().optional()}),n=e.z.object({username:e.z.string().min(2,`Name must be at least 2 characters`),email:e.z.string().email(`Invalid email address`),password:e.z.string().min(8,`Password must be at least 8 characters`),terms:e.z.boolean().refine(e=>e===!0,`You must accept the terms`)}),r=e.z.object({email:e.z.string().email(`Invalid email address`)}),i=e.z.object({password:e.z.string().min(8,`Password must be at least 8 characters`),confirm:e.z.string()}).refine(e=>e.password===e.confirm,{message:`Passwords do not match`,path:[`confirm`]}),a=e.z.object({code:e.z.string().min(6).max(6)}),o=e.z.object({code:e.z.string().regex(/^\d{6}$/,`Code must be 6 digits`)}),s=e.z.object({code:e.z.string().regex(/^\d{6}$/,`Code must be 6 digits`)}),c=e.z.object({name:e.z.string().min(1,`Passkey name is required`)}),l=e.z.object({code:e.z.string().min(16,`Recovery code is required`).max(16)});exports.forgotPasswordSchema=r,exports.loginSchema=t,exports.passkeysSetupSchema=c,exports.recoveryCodeVerifySchema=l,exports.registerSchema=n,exports.resetPasswordSchema=i,exports.totpSetupSchema=o,exports.totpVerifySchema=s,exports.verifyEmailSchema=a;