@arch-cadre/core 0.0.38 → 0.0.40

package/dist/core/auth/session.d.ts

@@ -0,0 +1,50 @@
+import type { AuthSession, Session, SessionFlags, UserSession } from "./types";
+/**
+ * Returns the user's IP address.
+ */
+export declare function getIPAddress(): Promise<string | null>;
+/**
+ * Validates the session token.
+ */
+export declare function validateSessionToken(token: string): Promise<AuthSession>;
+/**
+ * Returns the current user session from cookies.
+ */
+export declare const getCurrentSession: () => Promise<AuthSession>;
+/**
+ * Invalidates a single session.
+ */
+export declare function invalidateSession(sessionId: string): Promise<void>;
+/**
+ * Invalidates all user sessions.
+ */
+export declare function invalidateUserSessions(userId: string): Promise<void>;
+/**
+ * Sets the session token in a cookie.
+ */
+export declare function setSessionTokenCookie(token: string, expiresAt: Date): Promise<void>;
+/**
+ * Removes the session token cookie.
+ */
+export declare function deleteSessionTokenCookie(): Promise<void>;
+/**
+ * Generates a new random session token.
+ */
+export declare function generateSessionToken(): Promise<string>;
+/**
+ * Creates a new session in the database.
+ */
+export declare function createSession(token: string, userId: string, flags: SessionFlags): Promise<Session>;
+/**
+ * Signs the user out and redirects to the sign-in page.
+ */
+export declare function sessionSignOut(): Promise<void>;
+/**
+ * Get all active sessions for a user.
+ */
+export declare function getUserSessions(userId: string, currentSessionId: string): Promise<UserSession[]>;
+/**
+ * Invalidate all sessions for a user except the specified current one.
+ */
+export declare function invalidateOtherSessions(userId: string, currentSessionId: string): Promise<void>;
+//# sourceMappingURL=session.d.ts.map

package/dist/core/auth/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../src/core/auth/session.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EACV,WAAW,EACX,OAAO,EACP,YAAY,EAEZ,WAAW,EACZ,MAAM,SAAS,CAAC;AAEjB;;GAEG;AACH,wBAAsB,YAAY,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE3D;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,WAAW,CAAC,CAoCtB;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,QAAa,OAAO,CAAC,WAAW,CAS7D,CAAC;AAEF;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAExE;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE1E;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,IAAI,GACd,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,IAAI,CAAC,CAG9D;AAED;;GAEG;AACH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,MAAM,CAAC,CAI5D;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;GAEG;AACH,wBAAsB,cAAc,kBASnC;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,WAAW,EAAE,CAAC,CAYxB;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,IAAI,CAAC,CASf"}

package/dist/core/auth/session.js

@@ -0,0 +1,167 @@
+"use strict";
+"use server";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getCurrentSession = void 0;
+exports.getIPAddress = getIPAddress;
+exports.validateSessionToken = validateSessionToken;
+exports.invalidateSession = invalidateSession;
+exports.invalidateUserSessions = invalidateUserSessions;
+exports.setSessionTokenCookie = setSessionTokenCookie;
+exports.deleteSessionTokenCookie = deleteSessionTokenCookie;
+exports.generateSessionToken = generateSessionToken;
+exports.createSession = createSession;
+exports.sessionSignOut = sessionSignOut;
+exports.getUserSessions = getUserSessions;
+exports.invalidateOtherSessions = invalidateOtherSessions;
+const sha2_1 = require("@oslojs/crypto/sha2");
+const encoding_1 = require("@oslojs/encoding");
+const date_fns_1 = require("date-fns");
+const drizzle_orm_1 = require("drizzle-orm");
+const headers_1 = require("next/headers");
+const navigation_1 = require("next/navigation");
+const inject_1 = require("../../server/database/inject");
+const schema_1 = require("../../server/database/schema");
+const augment_1 = require("./augment");
+const logic_1 = require("./logic");
+/**
+ * Returns the user's IP address.
+ */
+async function getIPAddress() {
+    return (await (0, headers_1.headers)()).get("x-forwarded-for");
+}
+/**
+ * Validates the session token.
+ */
+async function validateSessionToken(token) {
+    const sessionId = (0, encoding_1.encodeHexLowerCase)((0, sha2_1.sha256)(new TextEncoder().encode(token)));
+    const [row] = await inject_1.db
+        .select({
+        session: schema_1.sessionTable,
+        user: schema_1.userTable,
+    })
+        .from(schema_1.sessionTable)
+        .innerJoin(schema_1.userTable, (0, drizzle_orm_1.eq)(schema_1.sessionTable.userId, schema_1.userTable.id))
+        .where((0, drizzle_orm_1.eq)(schema_1.sessionTable.id, sessionId));
+    if (!row || !row.user) {
+        return { session: null, user: null };
+    }
+    const { session: baseSession, user: baseUser } = row;
+    // STRICTLY remove non-serializable and sensitive fields
+    const { password, recovery_code, ...safeUser } = baseUser;
+    // Check if session is expired
+    if (new Date() > baseSession.expiresAt) {
+        await inject_1.db.delete(schema_1.sessionTable).where((0, drizzle_orm_1.eq)(schema_1.sessionTable.id, baseSession.id));
+        return { session: null, user: null };
+    }
+    // AUGMENT (EXTENSIBILITY POINTS)
+    const augmentedUser = await (0, logic_1.performFullUserAugmentation)(safeUser);
+    const augmentedSession = await (0, augment_1.augmentSession)(baseSession);
+    // ENSURE PLAIN OBJECTS for Client Components
+    return {
+        session: augmentedSession ? { ...augmentedSession } : null,
+        user: augmentedUser ? { ...augmentedUser } : null,
+    };
+}
+/**
+ * Returns the current user session from cookies.
+ */
+const getCurrentSession = async () => {
+    var _a, _b;
+    const cookieStore = await (0, headers_1.cookies)();
+    const token = (_b = (_a = cookieStore.get("session")) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : null;
+    if (token === null) {
+        return { session: null, user: null };
+    }
+    return await validateSessionToken(token);
+};
+exports.getCurrentSession = getCurrentSession;
+/**
+ * Invalidates a single session.
+ */
+async function invalidateSession(sessionId) {
+    await inject_1.db.delete(schema_1.sessionTable).where((0, drizzle_orm_1.eq)(schema_1.sessionTable.id, sessionId));
+}
+/**
+ * Invalidates all user sessions.
+ */
+async function invalidateUserSessions(userId) {
+    await inject_1.db.delete(schema_1.sessionTable).where((0, drizzle_orm_1.eq)(schema_1.sessionTable.userId, userId));
+}
+/**
+ * Sets the session token in a cookie.
+ */
+async function setSessionTokenCookie(token, expiresAt) {
+    const cookieStore = await (0, headers_1.cookies)();
+    cookieStore.set("session", token, {
+        httpOnly: true,
+        path: "/",
+        secure: process.env.NODE_ENV === "production",
+        sameSite: "lax",
+        expires: expiresAt,
+    });
+}
+/**
+ * Removes the session token cookie.
+ */
+async function deleteSessionTokenCookie() {
+    const cookieStore = await (0, headers_1.cookies)();
+    cookieStore.delete("session");
+}
+/**
+ * Generates a new random session token.
+ */
+async function generateSessionToken() {
+    const tokenBytes = new Uint8Array(20);
+    crypto.getRandomValues(tokenBytes);
+    return (0, encoding_1.encodeBase32LowerCaseNoPadding)(tokenBytes).toLowerCase();
+}
+/**
+ * Creates a new session in the database.
+ */
+async function createSession(token, userId, flags) {
+    const sessionId = (0, encoding_1.encodeHexLowerCase)((0, sha2_1.sha256)(new TextEncoder().encode(token)));
+    const [session] = await inject_1.db
+        .insert(schema_1.sessionTable)
+        .values({
+        id: sessionId,
+        expiresAt: new Date((0, date_fns_1.addDays)(new Date(), 7)),
+        active_organization_id: flags.activeOrganizationId,
+        userId: userId,
+    })
+        .returning();
+    return session;
+}
+/**
+ * Signs the user out and redirects to the sign-in page.
+ */
+async function sessionSignOut() {
+    const { session } = await (0, exports.getCurrentSession)();
+    if (session) {
+        await invalidateSession(session.id);
+        await deleteSessionTokenCookie();
+    }
+    (0, navigation_1.redirect)("/signin");
+}
+/**
+ * Get all active sessions for a user.
+ */
+async function getUserSessions(userId, currentSessionId) {
+    const sessions = await inject_1.db
+        .select()
+        .from(schema_1.sessionTable)
+        .where((0, drizzle_orm_1.eq)(schema_1.sessionTable.userId, userId));
+    return sessions.map((session) => ({
+        id: session.id,
+        createdAt: session.createdAt,
+        expiresAt: session.expiresAt,
+        isCurrent: session.id === currentSessionId,
+    }));
+}
+/**
+ * Invalidate all sessions for a user except the specified current one.
+ */
+async function invalidateOtherSessions(userId, currentSessionId) {
+    await inject_1.db
+        .delete(schema_1.sessionTable)
+        .where((0, drizzle_orm_1.and)((0, drizzle_orm_1.eq)(schema_1.sessionTable.userId, userId), (0, drizzle_orm_1.ne)(schema_1.sessionTable.id, currentSessionId)));
+}

package/dist/core/auth/types.d.ts

@@ -0,0 +1,52 @@
+import type { passwordResetSessionTable, sessionTable, userTable } from "../../server/database/schema";
+import type { UserPermission, UserRole } from "../types";
+export type { UserRole, UserPermission };
+export type User = typeof userTable.$inferSelect;
+export type Session = typeof sessionTable.$inferSelect & Record<string, any>;
+export type PasswordResetSession = typeof passwordResetSessionTable.$inferSelect & Record<string, any>;
+/**
+ * Represents a user with all potential extensions.
+ * Use this type in UI components that require data added by modules.
+ */
+export type FullUser = User & Record<string, any> & {
+    roles: UserRole[];
+    permissions: UserPermission[];
+};
+/**
+ * Basic session context.
+ */
+export interface AuthSession {
+    session: Session | null;
+    user: FullUser | null;
+}
+export interface SessionFlags {
+    [key: string]: any;
+}
+export type UserSession = {
+    id: string;
+    createdAt: Date;
+    expiresAt: Date;
+    isCurrent: boolean;
+    [key: string]: any;
+};
+export type AuthResponse = {
+    status: "SUCCESS";
+    session: Session;
+    user: FullUser;
+    redirect?: string;
+} | {
+    status: "CHALLENGE_REQUIRED";
+    type: string;
+    userId: string;
+    tempToken?: string;
+    redirect?: string;
+} | {
+    status: "ERROR";
+    message: string;
+    redirect?: string;
+};
+export interface PasswordResetAuthSession {
+    session: PasswordResetSession | null;
+    user: FullUser | null;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/auth/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,yBAAyB,EACzB,YAAY,EACZ,SAAS,EACV,MAAM,8BAA8B,CAAC;AACtC,OAAO,KAAK,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AAEzD,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;AAEzC,MAAM,MAAM,IAAI,GAAG,OAAO,SAAS,CAAC,YAAY,CAAC;AACjD,MAAM,MAAM,OAAO,GAAG,OAAO,YAAY,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC7E,MAAM,MAAM,oBAAoB,GAC9B,OAAO,yBAAyB,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAEtE;;;GAGG;AACH,MAAM,MAAM,QAAQ,GAAG,IAAI,GACzB,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG;IACpB,KAAK,EAAE,QAAQ,EAAE,CAAC;IAClB,WAAW,EAAE,cAAc,EAAE,CAAC;CAC/B,CAAC;AAEJ;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC;IACxB,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,OAAO,CAAC;IACnB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,YAAY,GACpB;IAAE,MAAM,EAAE,SAAS,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,QAAQ,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1E;IACA,MAAM,EAAE,oBAAoB,CAAC;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GACC;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAE5D,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,oBAAoB,GAAG,IAAI,CAAC;IACrC,IAAI,EAAE,QAAQ,GAAG,IAAI,CAAC;CACvB"}

package/dist/core/auth/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/core/auth/utils/encode.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Generates a random one-time code (OTP).
+ * @param length Length of the generated code (default 6).
+ * @returns A random uppercase base32 string.
+ */
+export declare function generateRandomOTP(length?: number): string;
+/**
+ * Generates a random recovery code.
+ * @returns A random uppercase base32 string.
+ */
+export declare function generateRandomRecoveryCode(): string;
+//# sourceMappingURL=encode.d.ts.map

package/dist/core/auth/utils/encode.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encode.d.ts","sourceRoot":"","sources":["../../../../src/core/auth/utils/encode.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,SAAI,GAAG,MAAM,CAIpD;AAED;;;GAGG;AACH,wBAAgB,0BAA0B,IAAI,MAAM,CAInD"}

package/dist/core/auth/utils/encode.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRandomOTP = generateRandomOTP;
+exports.generateRandomRecoveryCode = generateRandomRecoveryCode;
+const encoding_1 = require("@oslojs/encoding");
+/**
+ * Generates a random one-time code (OTP).
+ * @param length Length of the generated code (default 6).
+ * @returns A random uppercase base32 string.
+ */
+function generateRandomOTP(length = 6) {
+    const bytes = new Uint8Array(5);
+    crypto.getRandomValues(bytes);
+    return (0, encoding_1.encodeBase32UpperCaseNoPadding)(bytes).substring(0, length);
+}
+/**
+ * Generates a random recovery code.
+ * @returns A random uppercase base32 string.
+ */
+function generateRandomRecoveryCode() {
+    const recoveryCodeBytes = new Uint8Array(10);
+    crypto.getRandomValues(recoveryCodeBytes);
+    return (0, encoding_1.encodeBase32UpperCaseNoPadding)(recoveryCodeBytes);
+}

package/dist/core/auth/utils/encryption.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Encrypts data using AES-128-GCM.
+ * @param data Data to be encrypted.
+ * @returns Encrypted data including IV and auth tag.
+ */
+export declare function encrypt(data: Uint8Array): Uint8Array;
+/**
+ * Encrypts a string.
+ * @param data String to be encrypted.
+ * @returns Encrypted data as Uint8Array.
+ */
+export declare function encryptString(data: string): Uint8Array;
+/**
+ * Decrypts data using AES-128-GCM.
+ * @param encrypted Encrypted data (IV + content + auth tag).
+ * @returns Decrypted data.
+ */
+export declare function decrypt(encrypted: Uint8Array): Uint8Array;
+/**
+ * Decrypts data to a string.
+ * @param data Encrypted data.
+ * @returns Odszyfrowany ciąg znaków.
+ */
+export declare function decryptToString(data: Uint8Array): string;
+//# sourceMappingURL=encryption.d.ts.map

package/dist/core/auth/utils/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../../../src/core/auth/utils/encryption.ts"],"names":[],"mappings":"AAeA;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAUpD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,UAAU,CAEtD;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU,CAezD;AAED;;;;GAIG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,CAExD"}

package/dist/core/auth/utils/encryption.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encrypt = encrypt;
+exports.encryptString = encryptString;
+exports.decrypt = decrypt;
+exports.decryptToString = decryptToString;
+const node_crypto_1 = require("node:crypto");
+const binary_1 = require("@oslojs/binary");
+const encoding_1 = require("@oslojs/encoding");
+const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
+if (!ENCRYPTION_KEY) {
+    throw new Error("ENCRYPTION_KEY environment variable is not set");
+}
+/**
+ * The encryption key decoded from base64.
+ */
+const key = (0, encoding_1.decodeBase64)(ENCRYPTION_KEY);
+/**
+ * Encrypts data using AES-128-GCM.
+ * @param data Data to be encrypted.
+ * @returns Encrypted data including IV and auth tag.
+ */
+function encrypt(data) {
+    const iv = new Uint8Array(16);
+    crypto.getRandomValues(iv);
+    const cipher = (0, node_crypto_1.createCipheriv)("aes-128-gcm", key, iv);
+    const encrypted = new binary_1.DynamicBuffer(0);
+    encrypted.write(iv);
+    encrypted.write(cipher.update(data));
+    encrypted.write(cipher.final());
+    encrypted.write(cipher.getAuthTag());
+    return encrypted.bytes();
+}
+/**
+ * Encrypts a string.
+ * @param data String to be encrypted.
+ * @returns Encrypted data as Uint8Array.
+ */
+function encryptString(data) {
+    return encrypt(new TextEncoder().encode(data));
+}
+/**
+ * Decrypts data using AES-128-GCM.
+ * @param encrypted Encrypted data (IV + content + auth tag).
+ * @returns Decrypted data.
+ */
+function decrypt(encrypted) {
+    if (encrypted.byteLength < 33) {
+        throw new Error("Invalid encrypted data length");
+    }
+    const iv = encrypted.slice(0, 16);
+    const authTag = encrypted.slice(encrypted.byteLength - 16);
+    const content = encrypted.slice(16, encrypted.byteLength - 16);
+    const decipher = (0, node_crypto_1.createDecipheriv)("aes-128-gcm", key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = new binary_1.DynamicBuffer(0);
+    decrypted.write(decipher.update(content));
+    decrypted.write(decipher.final());
+    return decrypted.bytes();
+}
+/**
+ * Decrypts data to a string.
+ * @param data Encrypted data.
+ * @returns Odszyfrowany ciąg znaków.
+ */
+function decryptToString(data) {
+    return new TextDecoder().decode(decrypt(data));
+}

package/dist/core/auth/validation.d.ts

@@ -0,0 +1,44 @@
+import { z } from "zod";
+export declare const loginSchema: z.ZodObject<{
+    email: z.ZodString;
+    password: z.ZodString;
+    remember: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+export declare const registerSchema: z.ZodObject<{
+    username: z.ZodString;
+    email: z.ZodString;
+    password: z.ZodString;
+    terms: z.ZodBoolean;
+}, z.core.$strip>;
+export declare const forgotPasswordSchema: z.ZodObject<{
+    email: z.ZodString;
+}, z.core.$strip>;
+export declare const resetPasswordSchema: z.ZodObject<{
+    password: z.ZodString;
+    confirm: z.ZodString;
+}, z.core.$strip>;
+export declare const verifyEmailSchema: z.ZodObject<{
+    code: z.ZodString;
+}, z.core.$strip>;
+export declare const totpSetupSchema: z.ZodObject<{
+    code: z.ZodString;
+}, z.core.$strip>;
+export declare const totpVerifySchema: z.ZodObject<{
+    code: z.ZodString;
+}, z.core.$strip>;
+export declare const passkeysSetupSchema: z.ZodObject<{
+    name: z.ZodString;
+}, z.core.$strip>;
+export declare const recoveryCodeVerifySchema: z.ZodObject<{
+    code: z.ZodString;
+}, z.core.$strip>;
+export type LoginInput = z.infer<typeof loginSchema>;
+export type RegisterInput = z.infer<typeof registerSchema>;
+export type ForgotPasswordInput = z.infer<typeof forgotPasswordSchema>;
+export type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;
+export type TOTPSetupInput = z.infer<typeof totpSetupSchema>;
+export type TOTPVerifyInput = z.infer<typeof totpVerifySchema>;
+export type PasskeysSetupInput = z.infer<typeof passkeysSetupSchema>;
+export type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;
+export type RecoveryVerifyInput = z.infer<typeof recoveryCodeVerifySchema>;
+//# sourceMappingURL=validation.d.ts.map

package/dist/core/auth/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../../src/core/auth/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,eAAO,MAAM,WAAW;;;;iBAItB,CAAC;AAEH,eAAO,MAAM,cAAc;;;;;iBAKzB,CAAC;AAEH,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;iBAQ5B,CAAC;AAEL,eAAO,MAAM,iBAAiB;;iBAE5B,CAAC;AAGH,eAAO,MAAM,eAAe;;iBAE1B,CAAC;AAEH,eAAO,MAAM,gBAAgB;;iBAE3B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;iBAE9B,CAAC;AAEH,eAAO,MAAM,wBAAwB;;iBAEnC,CAAC;AAGH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AACrD,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAC3D,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AACvE,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACrE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAC7D,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC/D,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AACrE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AACjE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC"}

package/dist/core/auth/validation.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.recoveryCodeVerifySchema = exports.passkeysSetupSchema = exports.totpVerifySchema = exports.totpSetupSchema = exports.verifyEmailSchema = exports.resetPasswordSchema = exports.forgotPasswordSchema = exports.registerSchema = exports.loginSchema = void 0;
+const zod_1 = require("zod");
+// Auth validation schemas - CLEAN (No DB dependencies for client-side)
+exports.loginSchema = zod_1.z.object({
+    email: zod_1.z.string().email("Invalid email address"),
+    password: zod_1.z.string().min(8),
+    remember: zod_1.z.boolean().optional(),
+});
+exports.registerSchema = zod_1.z.object({
+    username: zod_1.z.string().min(2, "Name must be at least 2 characters"),
+    email: zod_1.z.string().email("Invalid email address"),
+    password: zod_1.z.string().min(8, "Password must be at least 8 characters"),
+    terms: zod_1.z.boolean().refine((val) => val === true, "You must accept the terms"),
+});
+exports.forgotPasswordSchema = zod_1.z.object({
+    email: zod_1.z.string().email("Invalid email address"),
+});
+exports.resetPasswordSchema = zod_1.z
+    .object({
+    password: zod_1.z.string().min(8, "Password must be at least 8 characters"),
+    confirm: zod_1.z.string(),
+})
+    .refine((data) => data.password === data.confirm, {
+    message: "Passwords do not match",
+    path: ["confirm"],
+});
+exports.verifyEmailSchema = zod_1.z.object({
+    code: zod_1.z.string().min(6).max(6),
+});
+// mfa validation schemas
+exports.totpSetupSchema = zod_1.z.object({
+    code: zod_1.z.string().regex(/^\d{6}$/, "Code must be 6 digits"),
+});
+exports.totpVerifySchema = zod_1.z.object({
+    code: zod_1.z.string().regex(/^\d{6}$/, "Code must be 6 digits"),
+});
+exports.passkeysSetupSchema = zod_1.z.object({
+    name: zod_1.z.string().min(1, "Passkey name is required"),
+});
+exports.recoveryCodeVerifySchema = zod_1.z.object({
+    code: zod_1.z.string().min(16, "Recovery code is required").max(16),
+});

package/dist/core/bootstrap.d.ts

@@ -0,0 +1,2 @@
+export declare function ensureSystemInitialized(providedDb?: any): Promise<void>;
+//# sourceMappingURL=bootstrap.d.ts.map

package/dist/core/bootstrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"","sources":["../../src/core/bootstrap.ts"],"names":[],"mappings":"AAQA,wBAAsB,uBAAuB,CAAC,UAAU,CAAC,EAAE,GAAG,iBAoD7D"}

package/dist/core/bootstrap.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureSystemInitialized = ensureSystemInitialized;
+const inject_1 = require("../server/database/inject");
+const email_verification_1 = require("./auth/email-verification");
+const event_bus_1 = require("./event-bus");
+const index_1 = require("./filesystem/index");
+const local_1 = require("./filesystem/providers/local");
+const service_1 = require("./notifications/service");
+const setup_1 = require("./setup");
+async function ensureSystemInitialized(providedDb) {
+    if (typeof window !== "undefined")
+        return;
+    const g = globalThis;
+    // 1. Immediate injection if provided
+    if (providedDb) {
+        (0, inject_1.injectDb)(providedDb);
+    }
+    // 2. Prevent infinite recursion and double initialization
+    if (g.__KRYO_INITIALIZED__)
+        return;
+    if (g.__KRYO_INITIALIZING__)
+        return; // Already in progress, don't block/deadlock
+    g.__KRYO_INITIALIZING__ = true;
+    try {
+        console.log("[Kryo:Bootstrap] Starting system initialization...");
+        // Check if we have DB after any possible injection
+        if (!g.__KRYO_DB__) {
+            console.warn("[Kryo:Bootstrap] DB not detected during bootstrap start. Trying to continue...");
+        }
+        // Check if system is installed before initializing modules
+        if (await (0, setup_1.isSystemInstalled)()) {
+            // Order matters: services first, then modules (which use services)
+            service_1.notificationService.init();
+            await (0, email_verification_1.initEmailVerification)();
+            // Auto-register local filesystem provider as a fallback
+            const local = new local_1.LocalFileProvider();
+            index_1.filesystemService.registerProvider(local);
+            index_1.filesystemService.setDefaultProvider(local.id);
+        }
+        else {
+            console.log("[Kryo:Bootstrap] System not installed. Skipping module initialization.");
+        }
+        await event_bus_1.eventBus.publish("system:start", { runtime: "nodejs" });
+        console.log("[Kryo:Bootstrap] System initialized successfully.");
+        g.__KRYO_INITIALIZED__ = true;
+    }
+    catch (error) {
+        console.error("[Kryo:Bootstrap] Initialization failed:", error);
+    }
+    finally {
+        g.__KRYO_INITIALIZING__ = false;
+    }
+}

package/dist/core/config.d.ts

@@ -0,0 +1,9 @@
+export interface KryoConfig {
+    /**
+     * Path to the directory with local modules.
+     * Default: "./modules"
+     */
+    modulesDirectory?: string;
+}
+export declare const DEFAULT_CONFIG: KryoConfig;
+//# sourceMappingURL=config.d.ts.map

package/dist/core/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,UAAU;IACzB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,eAAO,MAAM,cAAc,EAAE,UAE5B,CAAC"}

package/dist/core/config.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DEFAULT_CONFIG = void 0;
+exports.DEFAULT_CONFIG = {
+    modulesDirectory: "modules",
+};

package/dist/core/config.server.d.ts

@@ -0,0 +1,12 @@
+import { type KryoConfig } from "./config";
+/**
+ * Loads the Kryo configuration from kryo.config.ts or kryo.config in the current working directory.
+ * SERVER ONLY.
+ */
+export declare function getKryoConfig(): Promise<KryoConfig>;
+/**
+ * Helper returning the absolute path to the modules directory.
+ * SERVER ONLY.
+ */
+export declare function getModulesDir(): Promise<string>;
+//# sourceMappingURL=config.server.d.ts.map

package/dist/core/config.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.server.d.ts","sourceRoot":"","sources":["../../src/core/config.server.ts"],"names":[],"mappings":"AAEA,OAAO,EAAkB,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC;AAI3D;;;GAGG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,UAAU,CAAC,CAsDzD;AAED;;;GAGG;AACH,wBAAsB,aAAa,IAAI,OAAO,CAAC,MAAM,CAAC,CAKrD"}