@arch-cadre/core 0.0.42 → 0.0.44

package/dist/core/notifications/actions.js

@@ -0,0 +1,43 @@
+"use server";
+import { desc, eq } from "drizzle-orm";
+import { db } from "../../server/database/inject";
+import { notificationTable } from "../../server/database/schema";
+import { getCurrentSession } from "../auth/session";
+export async function getUserNotifications() {
+    const { user } = await getCurrentSession();
+    if (!user)
+        return null;
+    return await db
+        .select()
+        .from(notificationTable)
+        .where(eq(notificationTable.userId, user.id))
+        .orderBy(desc(notificationTable.createdAt));
+}
+export async function createNotification(data) {
+    const [notification] = await db
+        .insert(notificationTable)
+        .values({
+        ...data,
+        isRead: false,
+    })
+        .returning();
+    return notification;
+}
+export async function markNotificationAsRead(id) {
+    const [updated] = await db
+        .update(notificationTable)
+        .set({ isRead: true })
+        .where(eq(notificationTable.id, id))
+        .returning();
+    return updated;
+}
+export async function markAllNotificationsAsRead() {
+    const { user } = await getCurrentSession();
+    if (!user)
+        return null;
+    return await db
+        .update(notificationTable)
+        .set({ isRead: true })
+        .where(eq(notificationTable.userId, user.id))
+        .returning();
+}

package/dist/core/notifications/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./actions";
+export * from "./service";
+export * from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/core/notifications/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/core/notifications/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC;AAC1B,cAAc,WAAW,CAAC;AAC1B,cAAc,SAAS,CAAC"}

package/dist/core/notifications/index.js

@@ -0,0 +1,3 @@
+export * from "./actions";
+export * from "./service";
+export * from "./types";

package/dist/core/notifications/service.d.ts

@@ -0,0 +1,7 @@
+declare class NotificationService {
+    private initialized;
+    init(): void;
+}
+export declare const notificationService: NotificationService;
+export {};
+//# sourceMappingURL=service.d.ts.map

package/dist/core/notifications/service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.d.ts","sourceRoot":"","sources":["../../../src/core/notifications/service.ts"],"names":[],"mappings":"AAIA,cAAM,mBAAmB;IACvB,OAAO,CAAC,WAAW,CAAS;IAErB,IAAI;CAqCZ;AAOD,eAAO,MAAM,mBAAmB,qBAEL,CAAC"}

package/dist/core/notifications/service.js

@@ -0,0 +1,32 @@
+var _a;
+import { eventBus } from "../event-bus";
+import { createNotification } from "./actions";
+class NotificationService {
+    constructor() {
+        this.initialized = false;
+    }
+    init() {
+        if (this.initialized) {
+            // console.log("[Notification Service] Already initialized.");
+            return;
+        }
+        console.log("[Notification Service] Subscribing to notification:send...");
+        eventBus.subscribe("notification:send", "notification-service", async (event) => {
+            console.log("[Notification Service] Received notification:send event", event.payload);
+            try {
+                // const { createNotification } = await import("./actions");
+                const result = await createNotification(event.payload);
+                console.log("[Notification Service] Notification created successfully:", result.id);
+            }
+            catch (error) {
+                console.error("[Notification Service] Failed to process notification:send", error);
+            }
+        });
+        this.initialized = true;
+        console.log("[NotificationService] Initialized and listening for events.");
+    }
+}
+// Global Singleton Pattern
+const globalForNotifications = globalThis;
+export const notificationService = (_a = globalForNotifications.__KRYO_NOTIFICATION_SERVICE__) !== null && _a !== void 0 ? _a : new NotificationService();
+globalForNotifications.__KRYO_NOTIFICATION_SERVICE__ = notificationService;

package/dist/core/notifications/types.d.ts

@@ -0,0 +1,17 @@
+import type { InferSelectModel } from "drizzle-orm";
+import type { notificationTable } from "../../server/database/schema";
+export type Notification = InferSelectModel<typeof notificationTable>;
+export type CreateNotificationPayload = {
+    title: string;
+    content?: string;
+    type?: string;
+    target?: string;
+    userId: string;
+    resourceId?: string;
+    resourceType?: string;
+};
+export type NotificationEvents = {
+    "notification:send": CreateNotificationPayload;
+    "notification:created": Notification;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/core/notifications/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/notifications/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AAEtE,MAAM,MAAM,YAAY,GAAG,gBAAgB,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAEtE,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,mBAAmB,EAAE,yBAAyB,CAAC;IAC/C,sBAAsB,EAAE,YAAY,CAAC;CACtC,CAAC"}

package/dist/core/notifications/types.js

@@ -0,0 +1 @@
+export {};

package/dist/core/setup.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Checks if the system is installed.
+ * A system is considered installed if at least one user exists in the database.
+ */
+export declare function isSystemInstalled(): Promise<boolean>;
+//# sourceMappingURL=setup.d.ts.map

package/dist/core/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/core/setup.ts"],"names":[],"mappings":"AAIA;;;GAGG;AACH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAiB1D"}

package/dist/core/setup.js

@@ -0,0 +1,25 @@
+import { sql } from "drizzle-orm";
+import { db } from "../server/database/inject";
+import { userTable } from "../server/database/schema";
+/**
+ * Checks if the system is installed.
+ * A system is considered installed if at least one user exists in the database.
+ */
+export async function isSystemInstalled() {
+    var _a;
+    try {
+        // We check if the users table exists and has at least one record
+        console.log("[Kernel:Setup] Checking if system is installed...");
+        const result = await db
+            .select({ count: sql `count(*)` })
+            .from(userTable);
+        const count = Number(((_a = result[0]) === null || _a === void 0 ? void 0 : _a.count) || 0);
+        console.log(`[Kernel:Setup] User count: ${count}`);
+        return count > 0;
+    }
+    catch (error) {
+        console.log(`[Kernel:Setup] System not installed or error: ${error.message}`);
+        // If table doesn't exist, it's definitely not installed
+        return false;
+    }
+}

package/dist/core/types.d.ts

@@ -0,0 +1,10 @@
+export type UserRole = "user" | "admin" | string;
+export type UserPermission = string;
+export interface SystemEvent<T = any> {
+    type: string;
+    payload: T;
+    timestamp: number;
+    source: string;
+}
+export type EventHandler<T = any> = (event: SystemEvent<T>) => Promise<void> | void;
+//# sourceMappingURL=types.d.ts.map

package/dist/core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,OAAO,GAAG,MAAM,CAAC;AACjD,MAAM,MAAM,cAAc,GAAG,MAAM,CAAC;AAEpC,MAAM,WAAW,WAAW,CAAC,CAAC,GAAG,GAAG;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,CAAC,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,YAAY,CAAC,CAAC,GAAG,GAAG,IAAI,CAClC,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,KAClB,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC"}

package/dist/core/types.js

@@ -0,0 +1 @@
+export {};

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export * from "./core/auth/types";
+export * from "./core/auth/validation";
+export * from "./core/event-bus";
+export * from "./core/notifications/service";
+export * from "./core/notifications/types";
+export * from "./core/types";
+export * from "./server/database/schema";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AAGvC,cAAc,kBAAkB,CAAC;AAMjC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,cAAc,CAAC;AAE7B,cAAc,0BAA0B,CAAC"}

package/dist/index.js

@@ -0,0 +1,16 @@
+// export { ExtensionPoint } from "./client/extension-point";
+// export { ExtensionPointClient } from "./client/extension-point-client";
+// export { WidgetArea } from "./client/widget-area";
+// Common Types & Constants
+export * from "./core/auth/types";
+export * from "./core/auth/validation";
+// Shared Services (Singletons / Handlers)
+export * from "./core/event-bus";
+// Shared Constants & Models (Safe for Browser)
+// export * from "./core/modules/ui";
+// export * from "./core/modules/types";
+// Client Hooks & Providers
+export * from "./core/notifications/service";
+export * from "./core/notifications/types";
+export * from "./core/types";
+export * from "./server/database/schema";

package/dist/server/auth/email.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Validates the email format and length.
+ */
+export declare function verifyEmailInput(email: string): boolean;
+/**
+ * Checks if an email address is already in use.
+ * @returns True if the email is available, false otherwise.
+ */
+export declare function checkEmailAvailability(email: string): Promise<boolean>;
+//# sourceMappingURL=email.d.ts.map

package/dist/server/auth/email.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../../../src/server/auth/email.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEvD;AAED;;;GAGG;AACH,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAO5E"}

package/dist/server/auth/email.js

@@ -0,0 +1,20 @@
+import { count, eq } from "drizzle-orm";
+import { db } from "../database/inject";
+import { userTable } from "../database/schema";
+/**
+ * Validates the email format and length.
+ */
+export function verifyEmailInput(email) {
+    return /^.+@.+\..+$/.test(email) && email.length < 256 && email.length > 0;
+}
+/**
+ * Checks if an email address is already in use.
+ * @returns True if the email is available, false otherwise.
+ */
+export async function checkEmailAvailability(email) {
+    const [entries] = await db
+        .select({ count: count() })
+        .from(userTable)
+        .where(eq(userTable.email, email));
+    return entries.count === 0;
+}

package/dist/server/auth/{password.d.mts → password.d.ts}

@@ -1,23 +1,20 @@
-//#region src/server/auth/password.d.ts
 /**
  * Hashes the password using bcrypt.
  * @param password Password to be hashed.
  * @returns Returns the hashed password.
  */
-declare function hashPassword(password: string): Promise<string>;
+export declare function hashPassword(password: string): Promise<string>;
 /**
  * Verifies the password hash.
  * @param hash bcrypt hash.
  * @param password Password for comparison.
  * @returns Returns true if the password is correct, false otherwise.
  */
-declare function verifyPasswordHash(hash: string, password: string): Promise<boolean>;
+export declare function verifyPasswordHash(hash: string, password: string): Promise<boolean>;
 /**
  * Validates password strength.
  * @param password Password to validate.
  * @returns Returns true if the password meets complexity requirements.
  */
-declare function verifyPasswordStrength(password: string): Promise<boolean>;
-//#endregion
-export { hashPassword, verifyPasswordHash, verifyPasswordStrength };
-//# sourceMappingURL=password.d.mts.map
+export declare function verifyPasswordStrength(password: string): Promise<boolean>;
+//# sourceMappingURL=password.d.ts.map

package/dist/server/auth/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../../src/server/auth/password.ts"],"names":[],"mappings":"AAIA;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIpE;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC,CAGlB;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC,CAElB"}

package/dist/server/auth/password.js

@@ -0,0 +1,30 @@
+"use server";
+import bcrypt from "bcryptjs";
+/**
+ * Hashes the password using bcrypt.
+ * @param password Password to be hashed.
+ * @returns Returns the hashed password.
+ */
+export async function hashPassword(password) {
+    const saltRounds = 10;
+    return await bcrypt.hash(password, saltRounds);
+    // return password;
+}
+/**
+ * Verifies the password hash.
+ * @param hash bcrypt hash.
+ * @param password Password for comparison.
+ * @returns Returns true if the password is correct, false otherwise.
+ */
+export async function verifyPasswordHash(hash, password) {
+    return await bcrypt.compare(password, hash);
+    // return password === hash;
+}
+/**
+ * Validates password strength.
+ * @param password Password to validate.
+ * @returns Returns true if the password meets complexity requirements.
+ */
+export async function verifyPasswordStrength(password) {
+    return password.length >= 8 && password.length <= 255;
+}

package/dist/server/auth/types.d.ts

@@ -0,0 +1,13 @@
+export * from "../../core/auth/types";
+import type { UserSession as CoreUserSession, FullUser } from "../../core/auth/types";
+export interface User2FAStatus {
+    registeredTOTP: boolean;
+    registeredPasskey: boolean;
+    registered2FA: boolean;
+}
+/**
+ * @deprecated Use FullUser from core/auth/types
+ */
+export type UserWith2FA = FullUser;
+export type { CoreUserSession as UserSession };
+//# sourceMappingURL=types.d.ts.map

package/dist/server/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/server/auth/types.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AAEtC,OAAO,KAAK,EACV,WAAW,IAAI,eAAe,EAC9B,QAAQ,EACT,MAAM,uBAAuB,CAAC;AAE/B,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,MAAM,WAAW,GAAG,QAAQ,CAAC;AAEnC,YAAY,EAAE,eAAe,IAAI,WAAW,EAAE,CAAC"}

package/dist/server/auth/types.js

@@ -0,0 +1 @@
+export * from "../../core/auth/types";

package/dist/server/auth/user.d.ts

@@ -0,0 +1,54 @@
+import type { User } from "../../core/auth/types";
+/**
+ * Validates the username input.
+ */
+export declare function verifyUsernameInput(username: string): Promise<boolean>;
+/**
+ * Creates a new user with an initial recovery code and default 'user' role.
+ */
+export declare function createUser(email: string, username: string, password: string): Promise<User>;
+/**
+ * Creates a new user from an OAuth provider.
+ */
+export declare function createOAuthUser(email: string, name: string, image?: string): Promise<User>;
+/**
+ * Returns a user by ID.
+ */
+export declare function getUserById(userId: string): Promise<User | null>;
+/**
+ * Decrypts and returns the user's recovery code.
+ */
+export declare function getUserRecoverCode(userId: string): Promise<string>;
+/**
+ * Generates and sets a new recovery code for the user.
+ */
+export declare function resetUserRecoveryCode(userId: string): Promise<string>;
+/**
+ * Updates the user's password.
+ */
+export declare function updateUserPassword(userId: string, password: string): Promise<void>;
+/**
+ * Updates the user's name.
+ */
+export declare function updateUserName(userId: string, name: string): Promise<void>;
+/**
+ * Updates the user's image.
+ */
+export declare function updateUserAwatar(userId: string, image: string): Promise<void>;
+/**
+ * Updates the user's email and marks it as verified.
+ */
+export declare function updateUserEmailAndSetEmailAsVerified(userId: string, email: string): Promise<void>;
+/**
+ * Sets the user as email verified if the provided email matches.
+ */
+export declare function setUserAsEmailVerifiedIfEmailMatches(userId: string, email: string): Promise<boolean>;
+/**
+ * Returns the user's password hash.
+ */
+export declare function getUserPasswordHash(userId: string): Promise<string | null>;
+/**
+ * Returns a user by email.
+ */
+export declare function getUserFromEmail(email: string): Promise<User | null>;
+//# sourceMappingURL=user.d.ts.map

package/dist/server/auth/user.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.ts","sourceRoot":"","sources":["../../../src/server/auth/user.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAWlD;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAI5E;AAED;;GAEG;AACH,wBAAsB,UAAU,CAC9B,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CA0Cf;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAoCf;AAED;;GAEG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAStE;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAaxE;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAkB3E;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,IAAI,CAAC,CASf;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAOf;AACD;;GAEG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAOf;AAED;;GAEG;AACH,wBAAsB,oCAAoC,CACxD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,IAAI,CAAC,CAQf;AAED;;GAEG;AACH,wBAAsB,oCAAoC,CACxD,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,OAAO,CAAC,CAUlB;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAaxB;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAS1E"}

package/dist/server/auth/user.js

@@ -0,0 +1,222 @@
+"use server";
+import { and, eq } from "drizzle-orm";
+import { generateRandomRecoveryCode } from "../../core/auth/utils/encode";
+import { decryptToString, encryptString, } from "../../core/auth/utils/encryption";
+import { db } from "../database/inject";
+import { rolesTable, usersToRolesTable, userTable } from "../database/schema";
+import { sendRecoveryCode } from "../emails/index";
+import { hashPassword } from "./password";
+/**
+ * Validates the username input.
+ */
+export async function verifyUsernameInput(username) {
+    return (username.length > 3 && username.length < 32 && username.trim() === username);
+}
+/**
+ * Creates a new user with an initial recovery code and default 'user' role.
+ */
+export async function createUser(email, username, password) {
+    const passwordHash = await hashPassword(password);
+    const recoveryCode = generateRandomRecoveryCode();
+    const encryptedRecoveryCode = encryptString(recoveryCode);
+    return await db.transaction(async (tx) => {
+        const [row] = await tx
+            .insert(userTable)
+            .values({
+            email: email,
+            name: username,
+            password: passwordHash,
+            recovery_code: Buffer.from(encryptedRecoveryCode),
+        })
+            .returning();
+        if (!row) {
+            throw new Error("Failed to create user");
+        }
+        // Assign default 'user' role
+        let [role] = await tx
+            .select()
+            .from(rolesTable)
+            .where(eq(rolesTable.name, "user"));
+        if (!role) {
+            [role] = await tx
+                .insert(rolesTable)
+                .values({ name: "user", description: "Default user role" })
+                .returning();
+        }
+        await tx.insert(usersToRolesTable).values({
+            userId: row.id,
+            roleId: role.id,
+        });
+        await sendRecoveryCode(row.email, recoveryCode);
+        return row;
+    });
+}
+/**
+ * Creates a new user from an OAuth provider.
+ */
+export async function createOAuthUser(email, name, image) {
+    const recoveryCode = generateRandomRecoveryCode();
+    const encryptedRecoveryCode = encryptString(recoveryCode);
+    return await db.transaction(async (tx) => {
+        const [row] = await tx
+            .insert(userTable)
+            .values({
+            email: email,
+            name: name,
+            image: image,
+            emailVerifiedAt: new Date(),
+            recovery_code: Buffer.from(encryptedRecoveryCode),
+        })
+            .returning();
+        // Assign default 'user' role
+        let [role] = await tx
+            .select()
+            .from(rolesTable)
+            .where(eq(rolesTable.name, "user"));
+        if (!role) {
+            [role] = await tx
+                .insert(rolesTable)
+                .values({ name: "user", description: "Default user role" })
+                .returning();
+        }
+        await tx.insert(usersToRolesTable).values({
+            userId: row.id,
+            roleId: role.id,
+        });
+        return row;
+    });
+}
+/**
+ * Returns a user by ID.
+ */
+export async function getUserById(userId) {
+    const [user] = await db
+        .select()
+        .from(userTable)
+        .where(eq(userTable.id, userId));
+    if (!user)
+        return null;
+    const { password, recovery_code, ...safeUser } = user;
+    return safeUser;
+}
+/**
+ * Decrypts and returns the user's recovery code.
+ */
+export async function getUserRecoverCode(userId) {
+    const [user] = await db
+        .select({
+        recovery_code: userTable.recovery_code,
+    })
+        .from(userTable)
+        .where(eq(userTable.id, userId));
+    if (!user || !user.recovery_code) {
+        throw new Error("Recovery code not found for user");
+    }
+    return decryptToString(user.recovery_code);
+}
+/**
+ * Generates and sets a new recovery code for the user.
+ */
+export async function resetUserRecoveryCode(userId) {
+    const recoveryCode = generateRandomRecoveryCode();
+    const encrypted = encryptString(recoveryCode);
+    const [currentUser] = await db
+        .update(userTable)
+        .set({
+        recovery_code: Buffer.from(encrypted),
+    })
+        .where(eq(userTable.id, userId))
+        .returning();
+    if (!currentUser) {
+        throw new Error("User not found");
+    }
+    await sendRecoveryCode(currentUser.email, recoveryCode);
+    return recoveryCode;
+}
+/**
+ * Updates the user's password.
+ */
+export async function updateUserPassword(userId, password) {
+    const passwordHash = await hashPassword(password);
+    await db
+        .update(userTable)
+        .set({
+        password: passwordHash,
+    })
+        .where(eq(userTable.id, userId));
+}
+/**
+ * Updates the user's name.
+ */
+export async function updateUserName(userId, name) {
+    await db
+        .update(userTable)
+        .set({
+        name: name,
+    })
+        .where(eq(userTable.id, userId));
+}
+/**
+ * Updates the user's image.
+ */
+export async function updateUserAwatar(userId, image) {
+    await db
+        .update(userTable)
+        .set({
+        image,
+    })
+        .where(eq(userTable.id, userId));
+}
+/**
+ * Updates the user's email and marks it as verified.
+ */
+export async function updateUserEmailAndSetEmailAsVerified(userId, email) {
+    await db
+        .update(userTable)
+        .set({
+        email: email,
+        emailVerifiedAt: new Date(),
+    })
+        .where(eq(userTable.id, userId));
+}
+/**
+ * Sets the user as email verified if the provided email matches.
+ */
+export async function setUserAsEmailVerifiedIfEmailMatches(userId, email) {
+    const result = await db
+        .update(userTable)
+        .set({
+        emailVerifiedAt: new Date(),
+    })
+        .where(and(eq(userTable.id, userId), eq(userTable.email, email)))
+        .returning({ id: userTable.id });
+    return result.length > 0;
+}
+/**
+ * Returns the user's password hash.
+ */
+export async function getUserPasswordHash(userId) {
+    const [user] = await db
+        .select({
+        password: userTable.password,
+    })
+        .from(userTable)
+        .where(eq(userTable.id, userId));
+    if (!user) {
+        throw new Error("User not found");
+    }
+    return user.password;
+}
+/**
+ * Returns a user by email.
+ */
+export async function getUserFromEmail(email) {
+    const [user] = await db
+        .select()
+        .from(userTable)
+        .where(eq(userTable.email, email));
+    if (!user)
+        return null;
+    const { password, recovery_code, ...safeUser } = user;
+    return safeUser;
+}

package/dist/server/database/inject.d.ts

@@ -0,0 +1,11 @@
+import type { NodePgDatabase } from "drizzle-orm/node-postgres";
+import type * as schema from "./schema";
+export type KryoDatabase = NodePgDatabase<typeof schema>;
+export declare function injectDb(db: KryoDatabase): void;
+/**
+ * Shared 'db' proxy.
+ * Resolves to globalThis.__KRYO_DB__ on every property access.
+ * Safe to import statically at top-level.
+ */
+export declare const db: KryoDatabase;
+//# sourceMappingURL=inject.d.ts.map

package/dist/server/database/inject.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inject.d.ts","sourceRoot":"","sources":["../../../src/server/database/inject.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,KAAK,MAAM,MAAM,UAAU,CAAC;AAExC,MAAM,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,MAAM,CAAC,CAAC;AAKzD,wBAAgB,QAAQ,CAAC,EAAE,EAAE,YAAY,QAIxC;AAED;;;;GAIG;AACH,eAAO,MAAM,EAAE,cAmBb,CAAC"}