@arch-cadre/core 0.0.33 → 0.0.35

package/dist/core/auth/email-verification.d.mts

@@ -21,9 +21,9 @@ declare function getUserEmailVerificationRequest(userId: string, id: string): Pr
  * Creates a new email verification request, deleting any existing one for the user.
  */
 declare function createEmailVerificationRequest(userId: string, email: string): Promise<{
-  id: string;
   email: string;
   code: string;
+  id: string;
   createdAt: Date;
   updatedAt: Date | null;
   userId: string;

package/dist/core/auth/logic.d.mts

@@ -58,15 +58,15 @@ declare function signUp(data: RegisterInput): Promise<{
     createdAt: Date;
     updatedAt: Date | null;
     userId: string;
-    expiresAt: Date;
     active_organization_id: string | null;
+    expiresAt: Date;
   };
   user: {
     [x: string]: any;
-    id: string;
     email: string;
-    name: string;
     password: string | null;
+    name: string;
+    id: string;
     image: string | null;
     recovery_code: Buffer<ArrayBufferLike>;
     emailVerifiedAt: Date | null;
@@ -86,14 +86,14 @@ declare function finalizeLogin(userId: string, flags: SessionFlags): Promise<{
     createdAt: Date;
     updatedAt: Date | null;
     userId: string;
-    expiresAt: Date;
     active_organization_id: string | null;
+    expiresAt: Date;
   } | null;
   user: {
-    id: string;
     email: string;
-    name: string;
     password: string | null;
+    name: string;
+    id: string;
     image: string | null;
     recovery_code: Buffer<ArrayBufferLike>;
     emailVerifiedAt: Date | null;

package/dist/core/auth/rbac.d.mts

@@ -16,8 +16,8 @@ declare function getRoleById(roleId: string): Promise<{
   description: string | null;
 }>;
 declare function createRole(name: string, description?: string): Promise<{
-  id: string;
   name: string;
+  id: string;
   description: string | null;
 }[]>;
 declare function deleteRole(roleId: string): Promise<pg.QueryResult<never>>;
@@ -27,8 +27,8 @@ declare function getPermissions(): Promise<{
   description: string | null;
 }[]>;
 declare function createPermission(name: string, description?: string): Promise<{
-  id: string;
   name: string;
+  id: string;
   description: string | null;
 }[]>;
 declare function deletePermission(permissionId: string): Promise<pg.QueryResult<never>>;

package/dist/core/notifications/actions.d.mts

@@ -15,11 +15,11 @@ declare function getUserNotifications(): Promise<{
   updatedAt: Date | null;
 }[] | null>;
 declare function createNotification(data: CreateNotificationPayload): Promise<{
+  type: string | null;
   id: string;
   createdAt: Date;
   updatedAt: Date | null;
   userId: string;
-  type: string | null;
   title: string;
   content: string | null;
   target: string | null;

package/package.json

@@ -1,17 +1,11 @@
 {
   "name": "@arch-cadre/core",
-  "version": "0.0.33",
+  "version": "0.0.35",
   "type": "module",
   "description": "Core logic for Kryo framework",
   "exports": {
-    ".": {
-      "import": "./dist/index.mjs",
-      "require": "./dist/index.cjs"
-    },
-    "./server": {
-      "import": "./dist/server.mjs",
-      "require": "./dist/server.cjs"
-    },
+    ".": "./dist/index.mjs",
+    "./server": "./dist/server.mjs",
     "./package.json": "./package.json"
   },
   "files": [
@@ -53,11 +47,7 @@
     "@types/react-dom": "^19",
     "swr": "^2.3.8",
     "tsdown": "^0.20.3",
-    "tsup": "^8.5.1",
-    "typescript": "^5",
-    "unbuild": "^3.6.1"
+    "typescript": "^5"
   },
-  "types": "./dist/index.d.cts",
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.mjs"
+  "types": "./dist/index.d.cts"
 }

package/dist/_virtual/_rolldown/runtime.cjs

@@ -1 +0,0 @@
-var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{if(i&&typeof i==`object`||typeof i==`function`)for(var c=r(i),l=0,u=c.length,d;l<u;l++)d=c[l],!a.call(e,d)&&d!==o&&t(e,d,{get:(e=>i[e]).bind(null,d),enumerable:!(s=n(i,d))||s.enumerable});return e},s=(n,r,a)=>(a=n==null?{}:e(i(n)),o(r||!n||!n.__esModule?t(a,`default`,{value:n,enumerable:!0}):a,n));exports.__toESM=s;

package/dist/core/auth/augment.cjs

@@ -1 +0,0 @@
-const e=globalThis,t=e.__KRYO_IDENTITY_AUGMENTERS__??new Set,n=e.__KRYO_SESSION_AUGMENTERS__??new Set,r=e.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__??new Set;e.__KRYO_IDENTITY_AUGMENTERS__=t,e.__KRYO_SESSION_AUGMENTERS__=n,e.__KRYO_PASSWORD_RESET_SESSION_AUGMENTERS__=r;function i(e){t.add(e)}function a(e){n.add(e)}function o(e){r.add(e)}async function s(e,n){let r=n||{};for(let n of t){let t=await n(e);r={...r,...t}}return{...e,...r}}async function c(e){let t={};for(let r of n){let n=await r(e);t={...t,...n}}return{...e,...t}}async function l(e){let t={};for(let n of r){let r=await n(e);t={...t,...r}}return{...e,...t}}exports.augmentPasswordResetSession=l,exports.augmentSession=c,exports.augmentUser=s,exports.registerIdentityAugmenter=i,exports.registerPasswordResetSessionAugmenter=o,exports.registerSessionAugmenter=a;

package/dist/core/auth/augment.d.cts

@@ -1,20 +0,0 @@
-import { FullUser, PasswordResetSession, Session, User } from "./types.cjs";
-
-//#region src/core/auth/augment.d.ts
-/**
- * REGISTRIES FOR MODULAR EXTENSIONS
- */
-type IdentityAugmenter = (user: User) => Promise<Partial<FullUser>>;
-type SessionAugmenter = (session: Session) => Promise<Partial<Session>>;
-type PasswordResetSessionAugmenter = (session: PasswordResetSession) => Promise<Partial<PasswordResetSession>>;
-declare function registerIdentityAugmenter(augmenter: IdentityAugmenter): void;
-declare function registerSessionAugmenter(augmenter: SessionAugmenter): void;
-declare function registerPasswordResetSessionAugmenter(augmenter: PasswordResetSessionAugmenter): void;
-/**
- * EXECUTION FUNCTIONS
- */
-declare function augmentUser(user: User, coreRbacData?: Record<string, any>): Promise<FullUser>;
-declare function augmentSession(session: Session): Promise<Session>;
-//#endregion
-export { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter };
-//# sourceMappingURL=augment.d.cts.map

package/dist/core/auth/augment.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"augment.d.cts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,iBAuBL,yBAAA,CAA0B,SAAA,EAAW,iBAAA;AAAA,iBAIrC,wBAAA,CAAyB,SAAA,EAAW,gBAAA;AAAA,iBAIpC,qCAAA,CACd,SAAA,EAAW,6BAAA;;;;iBAQS,WAAA,CACpB,IAAA,EAAM,IAAA,EACN,YAAA,GAAe,MAAA,gBACd,OAAA,CAAQ,QAAA;AAAA,iBASW,cAAA,CAAe,OAAA,EAAS,OAAA,GAAU,OAAA,CAAQ,OAAA"}

package/dist/core/auth/email-verification.cjs

@@ -1 +0,0 @@
-"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`./utils/encode.cjs`),r=require(`../../server/emails/index.cjs`),i=require(`./logic.cjs`),a=require(`./session.cjs`);let o=require(`drizzle-orm`),s=require(`date-fns`),c=require(`next/headers`);async function l(){i.registerSecurityRequirement(async(e,t)=>t.emailVerifiedAt?{satisfied:!0}:{satisfied:!1,redirect:`/verify-email?unverified`})}async function u(n,r){let[i]=await e.db.select().from(t.emailVerificationTable).where((0,o.and)((0,o.eq)(t.emailVerificationTable.id,r),(0,o.eq)(t.emailVerificationTable.userId,n)));return i}async function d(r,i){await f(r);let a=n.generateRandomOTP(),[o]=await e.db.insert(t.emailVerificationTable).values({userId:r,code:a,email:i,expiresAt:new Date((0,s.addHours)(new Date,1))}).returning();return o}async function f(n){await e.db.delete(t.emailVerificationTable).where((0,o.eq)(t.emailVerificationTable.userId,n))}async function p(e,t){await r.sendVerifyEmail(e,t)}async function m(e){(await(0,c.cookies)()).set(`email_verification`,e.id,{httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`,sameSite:`lax`,expires:e.expiresAt})}async function h(){(await(0,c.cookies)()).delete(`email_verification`)}async function g(){let{user:e}=await a.getCurrentSession();if(!e)return null;let t=(await(0,c.cookies)()).get(`email_verification`)?.value??null;if(!t)return null;let n=await u(e.id,t);return n||await h(),n}exports.createEmailVerificationRequest=d,exports.deleteEmailVerificationRequestCookie=h,exports.deleteUserEmailVerificationRequest=f,exports.getUserEmailVerificationRequest=u,exports.getUserEmailVerificationRequestFromRequest=g,exports.initEmailVerification=l,exports.sendVerificationEmail=p,exports.setEmailVerificationRequestCookie=m;

package/dist/core/auth/email-verification.d.cts

@@ -1,62 +0,0 @@
-import { emailVerificationTable } from "../../server/database/schema.cjs";
-
-//#region src/core/auth/email-verification.d.ts
-/**
- * Register Email Verification as a Core Security Requirement.
- */
-declare function initEmailVerification(): Promise<void>;
-/**
- * Retrieves a specific email verification request for a user.
- */
-declare function getUserEmailVerificationRequest(userId: string, id: string): Promise<{
-  id: string;
-  email: string;
-  code: string;
-  userId: string;
-  expiresAt: Date;
-  createdAt: Date;
-  updatedAt: Date | null;
-}>;
-/**
- * Creates a new email verification request, deleting any existing one for the user.
- */
-declare function createEmailVerificationRequest(userId: string, email: string): Promise<{
-  id: string;
-  email: string;
-  code: string;
-  createdAt: Date;
-  updatedAt: Date | null;
-  userId: string;
-  expiresAt: Date;
-}>;
-/**
- * Deletes all email verification requests for a user.
- */
-declare function deleteUserEmailVerificationRequest(userId: string): Promise<void>;
-/**
- * Sends a verification email with the OTP code.
- */
-declare function sendVerificationEmail(email: string, code: string): Promise<void>;
-/**
- * Sets the email verification request ID in a cookie.
- */
-declare function setEmailVerificationRequestCookie(request: typeof emailVerificationTable.$inferSelect): Promise<void>;
-/**
- * Removes the email verification request cookie.
- */
-declare function deleteEmailVerificationRequestCookie(): Promise<void>;
-/**
- * Retrieves the current email verification request based on session and cookie.
- */
-declare function getUserEmailVerificationRequestFromRequest(): Promise<{
-  id: string;
-  email: string;
-  code: string;
-  userId: string;
-  expiresAt: Date;
-  createdAt: Date;
-  updatedAt: Date | null;
-} | null>;
-//#endregion
-export { createEmailVerificationRequest, deleteEmailVerificationRequestCookie, deleteUserEmailVerificationRequest, getUserEmailVerificationRequest, getUserEmailVerificationRequestFromRequest, initEmailVerification, sendVerificationEmail, setEmailVerificationRequestCookie };
-//# sourceMappingURL=email-verification.d.cts.map

package/dist/core/auth/email-verification.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"email-verification.d.cts","names":[],"sources":["../../../src/core/auth/email-verification.ts"],"mappings":";;;;;AAeA;iBAAsB,qBAAA,CAAA,GAAqB,OAAA;;;;iBAerB,+BAAA,CACpB,MAAA,UACA,EAAA,WAAU,OAAA;;;;;;;;;;;;iBAkBU,8BAAA,CACpB,MAAA,UACA,KAAA,WAAa,OAAA;;;;;;;;;;;;iBAsBO,kCAAA,CACpB,MAAA,WACC,OAAA;;;;iBASmB,qBAAA,CACpB,KAAA,UACA,IAAA,WACC,OAAA;;;;iBAOmB,iCAAA,CACpB,OAAA,SAAgB,sBAAA,CAAuB,YAAA,GACtC,OAAA;;;;iBAemB,oCAAA,CAAA,GAAwC,OAAA;;;;iBAQxC,0CAAA,CAAA,GAA0C,OAAA"}

package/dist/core/auth/logic.cjs

@@ -1 +0,0 @@
-"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`./validation.cjs`),t=require(`../event-bus.cjs`),n=require(`../../server/database/inject.cjs`),r=require(`../../server/database/schema.cjs`),i=require(`./augment.cjs`),a=require(`../../server/auth/password.cjs`),o=require(`../../server/auth/user.cjs`),s=require(`./email-verification.cjs`),c=require(`./session.cjs`);let l=require(`drizzle-orm`);async function u(e){try{let t=(await n.db.select({name:r.rolesTable.name}).from(r.usersToRolesTable).innerJoin(r.rolesTable,(0,l.eq)(r.usersToRolesTable.roleId,r.rolesTable.id)).where((0,l.eq)(r.usersToRolesTable.userId,e.id))).map(e=>e.name),i=(await n.db.select({name:r.permissionsTable.name}).from(r.usersToPermissionsTable).innerJoin(r.permissionsTable,(0,l.eq)(r.usersToPermissionsTable.permissionId,r.permissionsTable.id)).where((0,l.eq)(r.usersToPermissionsTable.userId,e.id))).map(e=>e.name),a=[];if(t.length>0){let e=(await n.db.select({id:r.rolesTable.id}).from(r.rolesTable).where((0,l.inArray)(r.rolesTable.name,t))).map(e=>e.id);e.length>0&&(a=(await n.db.select({name:r.permissionsTable.name}).from(r.rolesToPermissionsTable).innerJoin(r.permissionsTable,(0,l.eq)(r.rolesToPermissionsTable.permissionId,r.permissionsTable.id)).where((0,l.inArray)(r.rolesToPermissionsTable.roleId,e))).map(e=>e.name))}return{roles:t,permissions:Array.from(new Set([...i,...a]))}}catch(e){return console.error(`[Auth:RBAC] Failed to augment user:`,e),{roles:[],permissions:[]}}}const d=globalThis,f=d.__KRYO_AUTH_VALIDATORS__??new Set,p=d.__KRYO_SECURITY_REQUIREMENTS__??new Set,m=d.__KRYO_PASSWORD_RESET_VALIDATORS__??new Set,h=d.__KRYO_EMAIL_VERIFICATION_VALIDATORS__??new Set;d.__KRYO_AUTH_VALIDATORS__=f,d.__KRYO_SECURITY_REQUIREMENTS__=p,d.__KRYO_PASSWORD_RESET_VALIDATORS__=m,d.__KRYO_EMAIL_VERIFICATION_VALIDATORS__=h;async function g(e){f.add(e)}async function _(e){m.add(e)}async function v(e){h.add(e)}async function y(e){p.add(e)}async function b(e){for(let t of m){let n=await t(e);if(n)return n}return null}async function x(e){for(let t of h){let n=await t(e);if(n)return n}return null}async function S(e){return await i.augmentUser(e,await u(e))}async function C(e,t,n,r,i){if(!t)return console.warn(`User is required for security check`),{satisfied:!1,redirect:i??`/signin`};let a=Array.isArray(t.roles)?t.roles:[],o=Array.isArray(t.permissions)?t.permissions:[];if(n&&n.length>0&&!n.some(e=>a.includes(e)))return console.warn(`User lacks required roles: ${n.join(`, `)}`),{satisfied:!1,redirect:i};if(r&&r.length>0&&!r.every(e=>o.includes(e)))return console.warn(`User lacks required permissions: ${r.join(`, `)}`),{satisfied:!1,redirect:i};if(p)for(let n of p)try{let r=await n(e,t);if(r&&!r.satisfied)return{...r,redirect:r.redirect??i}}catch(e){console.error(`[Auth:Security] Requirement failed:`,e)}return{satisfied:!0}}async function w(n){let{email:r,password:i}=await e.loginSchema.parseAsync(n),s=await o.getUserFromEmail(r);if(!s)return{status:`ERROR`,message:`Invalid email or password`};let l=await o.getUserPasswordHash(s.id);if(!l||!await a.verifyPasswordHash(l,i))return{status:`ERROR`,message:`Invalid email or password`};for(let e of f){let t=await e(s.id);if(t)return t}let u={},d=await c.generateSessionToken(),p=await c.createSession(d,s.id,u);await c.setSessionTokenCookie(d,p.expiresAt);let m=await S(s);return await t.eventBus.publish(`auth:session-created`,{session:p,user:m}),{status:`SUCCESS`,session:{...p},user:{...m}}}async function T(n){let{email:r,username:i,password:l}=e.registerSchema.parse(n);if(!await o.verifyUsernameInput(i))throw Error(`Invalid username`);if(!await a.verifyPasswordStrength(l))throw Error(`Weak password`);let u=await o.createUser(r,i,l),d=await s.createEmailVerificationRequest(u.id,u.email);await s.sendVerificationEmail(d.email,d.code),await s.setEmailVerificationRequestCookie(d);let f={},p=await c.generateSessionToken(),m=await c.createSession(p,u.id,f);await c.setSessionTokenCookie(p,m.expiresAt);let h=await S(u);return await t.eventBus.publish(`auth:session-created`,{session:m,user:h}),{session:{...m},user:{...h}}}async function E(e,n){let r=await c.generateSessionToken(),i=await c.createSession(r,e,n);await c.setSessionTokenCookie(r,i.expiresAt);let a=await o.getUserById(e);return a&&await t.eventBus.publish(`auth:session-created`,{session:i,user:a}),{session:i?{...i}:null,user:a?{...a}:null}}async function D(){let{session:e,user:n}=await c.getCurrentSession();e&&(n&&await t.eventBus.publish(`auth:signed-out`,{userId:n.id}),await c.invalidateSession(e.id),await c.deleteSessionTokenCookie())}exports.checkSecurity=C,exports.finalizeLogin=E,exports.performFullUserAugmentation=S,exports.registerAuthValidator=g,exports.registerEmailVerificationValidator=v,exports.registerPasswordResetValidator=_,exports.registerSecurityRequirement=y,exports.runEmailVerificationValidators=x,exports.runPasswordResetValidators=b,exports.signIn=w,exports.signOut=D,exports.signUp=T;

package/dist/core/auth/logic.d.cts

@@ -1,110 +0,0 @@
-import { UserPermission, UserRole } from "../types.cjs";
-import { AuthResponse, FullUser, Session, SessionFlags, User } from "./types.cjs";
-import { LoginInput, RegisterInput } from "./validation.cjs";
-import { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter } from "./augment.cjs";
-
-//#region src/core/auth/logic.d.ts
-/**
- * Registry for login validators (e.g. 2FA module)
- */
-type AuthValidator = (userId: string) => Promise<AuthResponse | null>;
-/**
- * Registry for Security Requirements (e.g. checking if 2FA is needed for a session)
- */
-type SecurityRequirement = (session: Session, user: FullUser) => Promise<{
-  satisfied: boolean;
-  redirect?: string;
-} | null>;
-/**
- * Registry for password reset validators (e.g. 2FA module requiring check during reset)
- */
-type PasswordResetValidator = (userId: string) => Promise<AuthResponse | null>;
-/**
- * Registry for email verification validators
- */
-type EmailVerificationValidator = (userId: string) => Promise<AuthResponse | null>;
-declare function registerAuthValidator(validator: AuthValidator): Promise<void>;
-declare function registerPasswordResetValidator(validator: PasswordResetValidator): Promise<void>;
-declare function registerEmailVerificationValidator(validator: EmailVerificationValidator): Promise<void>;
-declare function registerSecurityRequirement(requirement: SecurityRequirement): Promise<void>;
-declare function runPasswordResetValidators(userId: string): Promise<AuthResponse | null>;
-declare function runEmailVerificationValidators(userId: string): Promise<AuthResponse | null>;
-/**
- * Augments a base user with data from all registered modules.
- * This is now just a wrapper that includes core RBAC data.
- */
-declare function performFullUserAugmentation(user: User): Promise<FullUser>;
-/**
- * Checks if the current session satisfies all registered security requirements.
- */
-declare function checkSecurity(session: Session, user: FullUser, requiredRoles?: UserRole[], requiredPermissions?: UserPermission[], fallbackRedirect?: string): Promise<{
-  satisfied: boolean;
-  redirect: string | undefined;
-} | {
-  satisfied: boolean;
-  redirect?: undefined;
-}>;
-/**
- * Sign In Logic
- */
-declare function signIn(data: LoginInput): Promise<AuthResponse>;
-/**
- * Sign Up Logic
- */
-declare function signUp(data: RegisterInput): Promise<{
-  session: {
-    [x: string]: any;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date | null;
-    userId: string;
-    expiresAt: Date;
-    active_organization_id: string | null;
-  };
-  user: {
-    [x: string]: any;
-    id: string;
-    email: string;
-    name: string;
-    password: string | null;
-    image: string | null;
-    recovery_code: Buffer<ArrayBufferLike>;
-    emailVerifiedAt: Date | null;
-    createdAt: Date;
-    updatedAt: Date | null;
-    roles: UserRole[];
-    permissions: UserPermission[];
-  };
-}>;
-/**
- * Finalizes login after a challenge
- */
-declare function finalizeLogin(userId: string, flags: SessionFlags): Promise<{
-  session: {
-    [x: string]: any;
-    id: string;
-    createdAt: Date;
-    updatedAt: Date | null;
-    userId: string;
-    expiresAt: Date;
-    active_organization_id: string | null;
-  } | null;
-  user: {
-    id: string;
-    email: string;
-    name: string;
-    password: string | null;
-    image: string | null;
-    recovery_code: Buffer<ArrayBufferLike>;
-    emailVerifiedAt: Date | null;
-    createdAt: Date;
-    updatedAt: Date | null;
-  } | null;
-}>;
-/**
- * Sign Out
- */
-declare function signOut(): Promise<void>;
-//#endregion
-export { checkSecurity, finalizeLogin, performFullUserAugmentation, registerAuthValidator, registerEmailVerificationValidator, registerPasswordResetValidator, registerSecurityRequirement, runEmailVerificationValidators, runPasswordResetValidators, signIn, signOut, signUp };
-//# sourceMappingURL=logic.d.cts.map

package/dist/core/auth/logic.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"logic.d.cts","names":[],"sources":["../../../src/core/auth/logic.ts"],"mappings":";;;;;;;;;KAyHK,aAAA,IAAiB,MAAA,aAAmB,OAAA,CAAQ,YAAA;;;;KAK5C,mBAAA,IACH,OAAA,EAAS,OAAA,EACT,IAAA,EAAM,QAAA,KACH,OAAA;EAAU,SAAA;EAAoB,QAAA;AAAA;;AAR0B;;KAaxD,sBAAA,IAA0B,MAAA,aAAmB,OAAA,CAAQ,YAAA;;;;KAKrD,0BAAA,IACH,MAAA,aACG,OAAA,CAAQ,YAAA;AAAA,iBA6BS,qBAAA,CAAsB,SAAA,EAAW,aAAA,GAAa,OAAA;AAAA,iBAI9C,8BAAA,CACpB,SAAA,EAAW,sBAAA,GAAsB,OAAA;AAAA,iBAKb,kCAAA,CACpB,SAAA,EAAW,0BAAA,GAA0B,OAAA;AAAA,iBAajB,2BAAA,CACpB,WAAA,EAAa,mBAAA,GAAmB,OAAA;AAAA,iBAKZ,0BAAA,CACpB,MAAA,WACC,OAAA,CAAQ,YAAA;AAAA,iBAQW,8BAAA,CACpB,MAAA,WACC,OAAA,CAAQ,YAAA;;;;AAnFgC;iBA+FrB,2BAAA,CACpB,IAAA,EAAM,IAAA,GACL,OAAA,CAAQ,QAAA;;;;iBAQW,aAAA,CACpB,OAAA,EAAS,OAAA,EACT,IAAA,EAAM,QAAA,EACN,aAAA,GAAgB,QAAA,IAChB,mBAAA,GAAsB,cAAA,IACtB,gBAAA,YAAyB,OAAA;;;;;;;;;;iBA+DL,MAAA,CAAO,IAAA,EAAM,UAAA,GAAa,OAAA,CAAQ,YAAA;;;AApIxD;iBAyKsB,MAAA,CAAO,IAAA,EAAM,aAAA,GAAa,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;;AAjJhD;;iBAyLsB,aAAA,CAAc,MAAA,UAAgB,KAAA,EAAO,YAAA,GAAY,OAAA;;;;;;;;;;;;;;;;;;;;;;;;;iBAoBjD,OAAA,CAAA,GAAO,OAAA"}

package/dist/core/auth/password-reset.cjs

@@ -1 +0,0 @@
-"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`./augment.cjs`),r=require(`./utils/encode.cjs`),i=require(`../../server/emails/index.cjs`),a=require(`./logic.cjs`);let o=require(`drizzle-orm`),s=require(`@oslojs/crypto/sha2`),c=require(`@oslojs/encoding`),l=require(`date-fns`),u=require(`next/headers`);async function d(n,i,a){let o=(0,c.encodeHexLowerCase)((0,s.sha256)(new TextEncoder().encode(n))),[u]=await e.db.insert(t.passwordResetSessionTable).values({id:o,email:a,code:r.generateRandomOTP(),expiresAt:new Date((0,l.addHours)(new Date,1)),userId:i}).returning();return u}async function f(r){let i=(0,c.encodeHexLowerCase)((0,s.sha256)(new TextEncoder().encode(r))),[l]=await e.db.select({session:t.passwordResetSessionTable,user:t.userTable}).from(t.passwordResetSessionTable).innerJoin(t.userTable,(0,o.eq)(t.passwordResetSessionTable.userId,t.userTable.id)).where((0,o.eq)(t.passwordResetSessionTable.id,i));if(!l||!l.user)return{session:null,user:null};let{session:u,user:d}=l;if(new Date>u.expiresAt)return await e.db.delete(t.passwordResetSessionTable).where((0,o.eq)(t.passwordResetSessionTable.id,u.id)),{session:null,user:null};let{password:f,recovery_code:p,...m}=d,h=await a.performFullUserAugmentation(m);return{session:await n.augmentPasswordResetSession(u),user:h}}async function p(n){await e.db.update(t.passwordResetSessionTable).set({emailVerified:!0}).where((0,o.eq)(t.passwordResetSessionTable.id,n))}async function m(n){await e.db.delete(t.passwordResetSessionTable).where((0,o.eq)(t.passwordResetSessionTable.userId,n))}async function h(){let e=(await(0,u.cookies)()).get(`password_reset_session`)?.value??null;if(e===null)return{session:null,user:null};let t=await f(e);return t.session===null&&await _(),t}async function g(e,t){(await(0,u.cookies)()).set(`password_reset_session`,e,{expires:t,sameSite:`lax`,httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`})}async function _(){(await(0,u.cookies)()).delete(`password_reset_session`)}async function v(e,t){await i.sendResetPassword(e,t)}exports.createPasswordResetSession=d,exports.deletePasswordResetSessionTokenCookie=_,exports.getCurrentPasswordResetSession=h,exports.invalidateUserPasswordResetSessions=m,exports.sendPasswordResetEmail=v,exports.setPasswordResetSessionAsEmailVerified=p,exports.setPasswordResetSessionTokenCookie=g,exports.validatePasswordResetSessionToken=f;

package/dist/core/auth/password-reset.d.cts

@@ -1,39 +0,0 @@
-import { PasswordResetAuthSession, PasswordResetSession } from "./types.cjs";
-
-//#region src/core/auth/password-reset.d.ts
-/**
- * Creates a new password reset session.
- */
-declare function createPasswordResetSession(token: string, userId: string, email: string): Promise<PasswordResetSession>;
-/**
- * Validates the password reset session token and retrieves user data.
- * The user data is augmented by registered modules (e.g. 2FA).
- */
-declare function validatePasswordResetSessionToken(token: string): Promise<PasswordResetAuthSession>;
-/**
- * Marks the password reset session as email verified.
- */
-declare function setPasswordResetSessionAsEmailVerified(sessionId: string): Promise<void>;
-/**
- * Invalidates all password reset sessions for a user.
- */
-declare function invalidateUserPasswordResetSessions(userId: string): Promise<void>;
-/**
- * Validates the current password reset session from cookies.
- */
-declare function getCurrentPasswordResetSession(): Promise<PasswordResetAuthSession>;
-/**
- * Sets the password reset session token cookie.
- */
-declare function setPasswordResetSessionTokenCookie(token: string, expiresAt: Date): Promise<void>;
-/**
- * Deletes the password reset session token cookie.
- */
-declare function deletePasswordResetSessionTokenCookie(): Promise<void>;
-/**
- * Sends a password reset email with the OTP code.
- */
-declare function sendPasswordResetEmail(email: string, code: string): Promise<void>;
-//#endregion
-export { createPasswordResetSession, deletePasswordResetSessionTokenCookie, getCurrentPasswordResetSession, invalidateUserPasswordResetSessions, sendPasswordResetEmail, setPasswordResetSessionAsEmailVerified, setPasswordResetSessionTokenCookie, validatePasswordResetSessionToken };
-//# sourceMappingURL=password-reset.d.cts.map

package/dist/core/auth/password-reset.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"password-reset.d.cts","names":[],"sources":["../../../src/core/auth/password-reset.ts"],"mappings":";;;;;AAqBA;iBAAsB,0BAAA,CACpB,KAAA,UACA,MAAA,UACA,KAAA,WACC,OAAA,CAAQ,oBAAA;;;;;iBAqBW,iCAAA,CACpB,KAAA,WACC,OAAA,CAAQ,wBAAA;;;;iBAyCW,sCAAA,CACpB,SAAA,WACC,OAAA;AA7CH;;;AAAA,iBAyDsB,mCAAA,CACpB,MAAA,WACC,OAAA;;;;iBASmB,8BAAA,CAAA,GAAkC,OAAA,CAAQ,wBAAA;;AAzBhE;;iBA6CsB,kCAAA,CACpB,KAAA,UACA,SAAA,EAAW,IAAA,GACV,OAAA;;;AAlCH;iBAiDsB,qCAAA,CAAA,GAAyC,OAAA;;;;iBAQzC,sBAAA,CACpB,KAAA,UACA,IAAA,WACC,OAAA"}

package/dist/core/auth/rbac.cjs

@@ -1 +0,0 @@
-"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`../notifications/service.cjs`);require(`../notifications/index.cjs`);let r=require(`drizzle-orm`);typeof window>`u`&&n.notificationService.init();async function i(){return await e.db.select().from(t.rolesTable).orderBy(t.rolesTable.name)}async function a(n){let[i]=await e.db.select().from(t.rolesTable).where((0,r.eq)(t.rolesTable.id,n));return i}async function o(n,r){return await e.db.insert(t.rolesTable).values({name:n,description:r}).returning()}async function s(n){return await e.db.delete(t.rolesTable).where((0,r.eq)(t.rolesTable.id,n))}async function c(){return await e.db.select().from(t.permissionsTable).orderBy(t.permissionsTable.name)}async function l(n,r){return await e.db.insert(t.permissionsTable).values({name:n,description:r}).returning()}async function u(n){return await e.db.delete(t.permissionsTable).where((0,r.eq)(t.permissionsTable.id,n))}async function d(n){return await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.rolesToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.rolesToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.eq)(t.rolesToPermissionsTable.roleId,n))}async function f(n,r){return await e.db.insert(t.rolesToPermissionsTable).values({roleId:n,permissionId:r}).onConflictDoNothing()}async function p(n,i){return await e.db.delete(t.rolesToPermissionsTable).where((0,r.and)((0,r.eq)(t.rolesToPermissionsTable.roleId,n),(0,r.eq)(t.rolesToPermissionsTable.permissionId,i)))}async function m(n,r){return await e.db.insert(t.usersToRolesTable).values({userId:n,roleId:r}).onConflictDoNothing()}async function h(n,i){return await e.db.delete(t.usersToRolesTable).where((0,r.and)((0,r.eq)(t.usersToRolesTable.userId,n),(0,r.eq)(t.usersToRolesTable.roleId,i)))}async function g(n,r){return await e.db.insert(t.usersToPermissionsTable).values({userId:n,permissionId:r}).onConflictDoNothing()}async function _(n,i){return await e.db.delete(t.usersToPermissionsTable).where((0,r.and)((0,r.eq)(t.usersToPermissionsTable.userId,n),(0,r.eq)(t.usersToPermissionsTable.permissionId,i)))}async function v(n){let i=await e.db.select({id:t.rolesTable.id,name:t.rolesTable.name}).from(t.usersToRolesTable).innerJoin(t.rolesTable,(0,r.eq)(t.usersToRolesTable.roleId,t.rolesTable.id)).where((0,r.eq)(t.usersToRolesTable.userId,n)),a=await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.usersToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.usersToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.eq)(t.usersToPermissionsTable.userId,n)),o=[];if(i.length>0){let n=i.map(e=>e.id);o=await e.db.select({id:t.permissionsTable.id,name:t.permissionsTable.name}).from(t.rolesToPermissionsTable).innerJoin(t.permissionsTable,(0,r.eq)(t.rolesToPermissionsTable.permissionId,t.permissionsTable.id)).where((0,r.inArray)(t.rolesToPermissionsTable.roleId,n))}let s=new Map;for(let e of[...a,...o])s.set(e.id,e);return{roles:i,directPermissions:a,effectivePermissions:Array.from(s.values())}}exports.assignPermissionToRole=f,exports.assignPermissionToUser=g,exports.assignRoleToUser=m,exports.createPermission=l,exports.createRole=o,exports.deletePermission=u,exports.deleteRole=s,exports.getPermissions=c,exports.getRoleById=a,exports.getRolePermissions=d,exports.getRoles=i,exports.getUserRbacData=v,exports.revokePermissionFromRole=p,exports.revokePermissionFromUser=_,exports.revokeRoleFromUser=h;

package/dist/core/auth/rbac.d.cts

@@ -1,61 +0,0 @@
-import * as pg from "pg";
-
-//#region src/core/auth/rbac.d.ts
-/**
- * CORE RBAC LOGIC
- * This file handles all database operations for Roles and Permissions.
- */
-declare function getRoles(): Promise<{
-  id: string;
-  name: string;
-  description: string | null;
-}[]>;
-declare function getRoleById(roleId: string): Promise<{
-  id: string;
-  name: string;
-  description: string | null;
-}>;
-declare function createRole(name: string, description?: string): Promise<{
-  id: string;
-  name: string;
-  description: string | null;
-}[]>;
-declare function deleteRole(roleId: string): Promise<pg.QueryResult<never>>;
-declare function getPermissions(): Promise<{
-  id: string;
-  name: string;
-  description: string | null;
-}[]>;
-declare function createPermission(name: string, description?: string): Promise<{
-  id: string;
-  name: string;
-  description: string | null;
-}[]>;
-declare function deletePermission(permissionId: string): Promise<pg.QueryResult<never>>;
-declare function getRolePermissions(roleId: string): Promise<{
-  id: string;
-  name: string;
-}[]>;
-declare function assignPermissionToRole(roleId: string, permissionId: string): Promise<pg.QueryResult<never>>;
-declare function revokePermissionFromRole(roleId: string, permissionId: string): Promise<pg.QueryResult<never>>;
-declare function assignRoleToUser(userId: string, roleId: string): Promise<pg.QueryResult<never>>;
-declare function revokeRoleFromUser(userId: string, roleId: string): Promise<pg.QueryResult<never>>;
-declare function assignPermissionToUser(userId: string, permissionId: string): Promise<pg.QueryResult<never>>;
-declare function revokePermissionFromUser(userId: string, permissionId: string): Promise<pg.QueryResult<never>>;
-declare function getUserRbacData(userId: string): Promise<{
-  roles: {
-    id: string;
-    name: string;
-  }[];
-  directPermissions: {
-    id: string;
-    name: string;
-  }[];
-  effectivePermissions: {
-    id: string;
-    name: string;
-  }[];
-}>;
-//#endregion
-export { assignPermissionToRole, assignPermissionToUser, assignRoleToUser, createPermission, createRole, deletePermission, deleteRole, getPermissions, getRoleById, getRolePermissions, getRoles, getUserRbacData, revokePermissionFromRole, revokePermissionFromUser, revokeRoleFromUser };
-//# sourceMappingURL=rbac.d.cts.map

package/dist/core/auth/rbac.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rbac.d.cts","names":[],"sources":["../../../src/core/auth/rbac.ts"],"mappings":";;;;;;AAyBA;iBAAsB,QAAA,CAAA,GAAQ,OAAA;;;;;iBAIR,WAAA,CAAY,MAAA,WAAc,OAAA;;;;;iBAQ1B,UAAA,CAAW,IAAA,UAAc,WAAA,YAAoB,OAAA;;;;;iBAI7C,UAAA,CAAW,MAAA,WAAc,OAAA,CAAf,EAAA,CAAe,WAAA;AAAA,iBAMzB,cAAA,CAAA,GAAc,OAAA;;;;;iBAOd,gBAAA,CAAiB,IAAA,UAAc,WAAA,YAAoB,OAAA;;;;;iBAOnD,gBAAA,CAAiB,YAAA,WAAoB,OAAA,CAArB,EAAA,CAAqB,WAAA;AAAA,iBAQrC,kBAAA,CAAmB,MAAA,WAAc,OAAA;;;;iBAcjC,sBAAA,CACpB,MAAA,UACA,YAAA,WAAoB,OAAA,CAFsB,EAAA,CAEtB,WAAA;AAAA,iBAQA,wBAAA,CACpB,MAAA,UACA,YAAA,WAAoB,OAAA,CAFwB,EAAA,CAExB,WAAA;AAAA,iBAcA,gBAAA,CAAiB,MAAA,UAAgB,MAAA,WAAc,OAAA,CAA/B,EAAA,CAA+B,WAAA;AAAA,iBAO/C,kBAAA,CAAmB,MAAA,UAAgB,MAAA,WAAc,OAAA,CAA/B,EAAA,CAA+B,WAAA;AAAA,iBAWjD,sBAAA,CACpB,MAAA,UACA,YAAA,WAAoB,OAAA,CAFsB,EAAA,CAEtB,WAAA;AAAA,iBAQA,wBAAA,CACpB,MAAA,UACA,YAAA,WAAoB,OAAA,CAFwB,EAAA,CAExB,WAAA;AAAA,iBAYA,eAAA,CAAgB,MAAA,WAAc,OAAA"}

package/dist/core/auth/session.cjs

@@ -1 +0,0 @@
-"use server";require(`../../_virtual/_rolldown/runtime.cjs`);const e=require(`../../server/database/inject.cjs`),t=require(`../../server/database/schema.cjs`),n=require(`./augment.cjs`),r=require(`./logic.cjs`);let i=require(`drizzle-orm`),a=require(`@oslojs/crypto/sha2`),o=require(`@oslojs/encoding`),s=require(`date-fns`),c=require(`next/headers`),l=require(`next/navigation`);async function u(){return(await(0,c.headers)()).get(`x-forwarded-for`)}async function d(s){let c=(0,o.encodeHexLowerCase)((0,a.sha256)(new TextEncoder().encode(s))),[l]=await e.db.select({session:t.sessionTable,user:t.userTable}).from(t.sessionTable).innerJoin(t.userTable,(0,i.eq)(t.sessionTable.userId,t.userTable.id)).where((0,i.eq)(t.sessionTable.id,c));if(!l||!l.user)return{session:null,user:null};let{session:u,user:d}=l,{password:f,recovery_code:p,...m}=d;if(new Date>u.expiresAt)return await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.id,u.id)),{session:null,user:null};let h=await r.performFullUserAugmentation(m),g=await n.augmentSession(u);return{session:g?{...g}:null,user:h?{...h}:null}}const f=async()=>{let e=(await(0,c.cookies)()).get(`session`)?.value??null;return e===null?{session:null,user:null}:await d(e)};async function p(n){await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.id,n))}async function m(n){await e.db.delete(t.sessionTable).where((0,i.eq)(t.sessionTable.userId,n))}async function h(e,t){(await(0,c.cookies)()).set(`session`,e,{httpOnly:!0,path:`/`,secure:process.env.NODE_ENV===`production`,sameSite:`lax`,expires:t})}async function g(){(await(0,c.cookies)()).delete(`session`)}async function _(){let e=new Uint8Array(20);return crypto.getRandomValues(e),(0,o.encodeBase32LowerCaseNoPadding)(e).toLowerCase()}async function v(n,r,i){let c=(0,o.encodeHexLowerCase)((0,a.sha256)(new TextEncoder().encode(n))),[l]=await e.db.insert(t.sessionTable).values({id:c,expiresAt:new Date((0,s.addDays)(new Date,7)),active_organization_id:i.activeOrganizationId,userId:r}).returning();return l}async function y(){let{session:e}=await f();e&&(await p(e.id),await g()),(0,l.redirect)(`/signin`)}async function b(n,r){return(await e.db.select().from(t.sessionTable).where((0,i.eq)(t.sessionTable.userId,n))).map(e=>({id:e.id,createdAt:e.createdAt,expiresAt:e.expiresAt,isCurrent:e.id===r}))}async function x(n,r){await e.db.delete(t.sessionTable).where((0,i.and)((0,i.eq)(t.sessionTable.userId,n),(0,i.ne)(t.sessionTable.id,r)))}exports.createSession=v,exports.deleteSessionTokenCookie=g,exports.generateSessionToken=_,exports.getCurrentSession=f,exports.getIPAddress=u,exports.getUserSessions=b,exports.invalidateOtherSessions=x,exports.invalidateSession=p,exports.invalidateUserSessions=m,exports.sessionSignOut=y,exports.setSessionTokenCookie=h,exports.validateSessionToken=d;

package/dist/core/auth/session.d.cts

@@ -1,54 +0,0 @@
-import { AuthSession, Session, SessionFlags, UserSession } from "./types.cjs";
-
-//#region src/core/auth/session.d.ts
-/**
- * Returns the user's IP address.
- */
-declare function getIPAddress(): Promise<string | null>;
-/**
- * Validates the session token.
- */
-declare function validateSessionToken(token: string): Promise<AuthSession>;
-/**
- * Returns the current user session from cookies.
- */
-declare const getCurrentSession: () => Promise<AuthSession>;
-/**
- * Invalidates a single session.
- */
-declare function invalidateSession(sessionId: string): Promise<void>;
-/**
- * Invalidates all user sessions.
- */
-declare function invalidateUserSessions(userId: string): Promise<void>;
-/**
- * Sets the session token in a cookie.
- */
-declare function setSessionTokenCookie(token: string, expiresAt: Date): Promise<void>;
-/**
- * Removes the session token cookie.
- */
-declare function deleteSessionTokenCookie(): Promise<void>;
-/**
- * Generates a new random session token.
- */
-declare function generateSessionToken(): Promise<string>;
-/**
- * Creates a new session in the database.
- */
-declare function createSession(token: string, userId: string, flags: SessionFlags): Promise<Session>;
-/**
- * Signs the user out and redirects to the sign-in page.
- */
-declare function sessionSignOut(): Promise<void>;
-/**
- * Get all active sessions for a user.
- */
-declare function getUserSessions(userId: string, currentSessionId: string): Promise<UserSession[]>;
-/**
- * Invalidate all sessions for a user except the specified current one.
- */
-declare function invalidateOtherSessions(userId: string, currentSessionId: string): Promise<void>;
-//#endregion
-export { createSession, deleteSessionTokenCookie, generateSessionToken, getCurrentSession, getIPAddress, getUserSessions, invalidateOtherSessions, invalidateSession, invalidateUserSessions, sessionSignOut, setSessionTokenCookie, validateSessionToken };
-//# sourceMappingURL=session.d.cts.map

package/dist/core/auth/session.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"session.d.cts","names":[],"sources":["../../../src/core/auth/session.ts"],"mappings":";;;;;AA2BA;iBAAsB,YAAA,CAAA,GAAgB,OAAA;;;;iBAOhB,oBAAA,CACpB,KAAA,WACC,OAAA,CAAQ,WAAA;;;;cAyCE,iBAAA,QAA8B,OAAA,CAAQ,WAAA;;;;iBAc7B,iBAAA,CAAkB,SAAA,WAAoB,OAAA;AAd5D;;;AAAA,iBAqBsB,sBAAA,CAAuB,MAAA,WAAiB,OAAA;;AAP9D;;iBAcsB,qBAAA,CACpB,KAAA,UACA,SAAA,EAAW,IAAA,GACV,OAAA;;;AAVH;iBAwBsB,wBAAA,CAAA,GAA4B,OAAA;;;;iBAQ5B,oBAAA,CAAA,GAAwB,OAAA;;;;iBASxB,aAAA,CACpB,KAAA,UACA,MAAA,UACA,KAAA,EAAO,YAAA,GACN,OAAA,CAAQ,OAAA;;;;iBAmBW,cAAA,CAAA,GAAc,OAAA;;AAxCpC;;iBAsDsB,eAAA,CACpB,MAAA,UACA,gBAAA,WACC,OAAA,CAAQ,WAAA;;;AAjDX;iBAkEsB,uBAAA,CACpB,MAAA,UACA,gBAAA,WACC,OAAA"}

package/dist/core/auth/types.d.cts

@@ -1,55 +0,0 @@
-import { passwordResetSessionTable, sessionTable, userTable } from "../../server/database/schema.cjs";
-import { UserPermission, UserRole } from "../types.cjs";
-
-//#region src/core/auth/types.d.ts
-type User = typeof userTable.$inferSelect;
-type Session = typeof sessionTable.$inferSelect & Record<string, any>;
-type PasswordResetSession = typeof passwordResetSessionTable.$inferSelect & Record<string, any>;
-/**
- * Represents a user with all potential extensions.
- * Use this type in UI components that require data added by modules.
- */
-type FullUser = User & Record<string, any> & {
-  roles: UserRole[];
-  permissions: UserPermission[];
-};
-/**
- * Basic session context.
- */
-interface AuthSession {
-  session: Session | null;
-  user: FullUser | null;
-}
-interface SessionFlags {
-  [key: string]: any;
-}
-type UserSession = {
-  id: string;
-  createdAt: Date;
-  expiresAt: Date;
-  isCurrent: boolean;
-  [key: string]: any;
-};
-type AuthResponse = {
-  status: "SUCCESS";
-  session: Session;
-  user: FullUser;
-  redirect?: string;
-} | {
-  status: "CHALLENGE_REQUIRED";
-  type: string;
-  userId: string;
-  tempToken?: string;
-  redirect?: string;
-} | {
-  status: "ERROR";
-  message: string;
-  redirect?: string;
-};
-interface PasswordResetAuthSession {
-  session: PasswordResetSession | null;
-  user: FullUser | null;
-}
-//#endregion
-export { AuthResponse, AuthSession, FullUser, PasswordResetAuthSession, PasswordResetSession, Session, SessionFlags, User, UserSession };
-//# sourceMappingURL=types.d.cts.map

package/dist/core/auth/types.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.cts","names":[],"sources":["../../../src/core/auth/types.ts"],"mappings":";;;;KASY,IAAA,UAAc,SAAA,CAAU,YAAA;AAAA,KACxB,OAAA,UAAiB,YAAA,CAAa,YAAA,GAAe,MAAA;AAAA,KAC7C,oBAAA,UACH,yBAAA,CAA0B,YAAA,GAAe,MAAA;;;;AAFlD;KAQY,QAAA,GAAW,IAAA,GACrB,MAAA;EACE,KAAA,EAAO,QAAA;EACP,WAAA,EAAa,cAAA;AAAA;;;;UAMA,WAAA;EACf,OAAA,EAAS,OAAA;EACT,IAAA,EAAM,QAAA;AAAA;AAAA,UAGS,YAAA;EAAA,CACd,GAAA;AAAA;AAAA,KAGS,WAAA;EACV,EAAA;EACA,SAAA,EAAW,IAAA;EACX,SAAA,EAAW,IAAA;EACX,SAAA;EAAA,CACC,GAAA;AAAA;AAAA,KAGS,YAAA;EACN,MAAA;EAAmB,OAAA,EAAS,OAAA;EAAS,IAAA,EAAM,QAAA;EAAU,QAAA;AAAA;EAEvD,MAAA;EACA,IAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEE,MAAA;EAAiB,OAAA;EAAiB,QAAA;AAAA;AAAA,UAEvB,wBAAA;EACf,OAAA,EAAS,oBAAA;EACT,IAAA,EAAM,QAAA;AAAA"}

package/dist/core/auth/utils/encode.cjs

@@ -1 +0,0 @@
-require(`../../../_virtual/_rolldown/runtime.cjs`);let e=require(`@oslojs/encoding`);function t(t=6){let n=new Uint8Array(5);return crypto.getRandomValues(n),(0,e.encodeBase32UpperCaseNoPadding)(n).substring(0,t)}function n(){let t=new Uint8Array(10);return crypto.getRandomValues(t),(0,e.encodeBase32UpperCaseNoPadding)(t)}exports.generateRandomOTP=t,exports.generateRandomRecoveryCode=n;

package/dist/core/auth/utils/encode.d.cts

@@ -1,15 +0,0 @@
-//#region src/core/auth/utils/encode.d.ts
-/**
- * Generates a random one-time code (OTP).
- * @param length Length of the generated code (default 6).
- * @returns A random uppercase base32 string.
- */
-declare function generateRandomOTP(length?: number): string;
-/**
- * Generates a random recovery code.
- * @returns A random uppercase base32 string.
- */
-declare function generateRandomRecoveryCode(): string;
-//#endregion
-export { generateRandomOTP, generateRandomRecoveryCode };
-//# sourceMappingURL=encode.d.cts.map

package/dist/core/auth/utils/encode.d.cts.map

@@ -1 +0,0 @@
-{"version":3,"file":"encode.d.cts","names":[],"sources":["../../../../src/core/auth/utils/encode.ts"],"mappings":";;AAOA;;;;iBAAgB,iBAAA,CAAkB,MAAA;AAUlC;;;;AAAA,iBAAgB,0BAAA,CAAA"}

package/dist/core/auth/utils/encryption.cjs

@@ -1 +0,0 @@
-require(`../../../_virtual/_rolldown/runtime.cjs`);let e=require(`@oslojs/encoding`),t=require(`node:crypto`),n=require(`@oslojs/binary`);const r=process.env.ENCRYPTION_KEY;if(!r)throw Error(`ENCRYPTION_KEY environment variable is not set`);const i=(0,e.decodeBase64)(r);function a(e){let r=new Uint8Array(16);crypto.getRandomValues(r);let a=(0,t.createCipheriv)(`aes-128-gcm`,i,r),o=new n.DynamicBuffer(0);return o.write(r),o.write(a.update(e)),o.write(a.final()),o.write(a.getAuthTag()),o.bytes()}function o(e){return a(new TextEncoder().encode(e))}function s(e){if(e.byteLength<33)throw Error(`Invalid encrypted data length`);let r=e.slice(0,16),a=e.slice(e.byteLength-16),o=e.slice(16,e.byteLength-16),s=(0,t.createDecipheriv)(`aes-128-gcm`,i,r);s.setAuthTag(a);let c=new n.DynamicBuffer(0);return c.write(s.update(o)),c.write(s.final()),c.bytes()}function c(e){return new TextDecoder().decode(s(e))}exports.decrypt=s,exports.decryptToString=c,exports.encrypt=a,exports.encryptString=o;