@arch-cadre/core 0.0.55 → 0.0.57

package/dist/core/auth/logic.d.ts

@@ -1,106 +0,0 @@
-import { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter } from "./augment";
-import type { AuthResponse, FullUser, Session, SessionFlags, User, UserPermission, UserRole } from "./types";
-import { type LoginInput, type RegisterInput } from "./validation";
-/**
- * Registry for login validators (e.g. 2FA module)
- */
-type AuthValidator = (userId: string) => Promise<AuthResponse | null>;
-/**
- * Registry for Security Requirements (e.g. checking if 2FA is needed for a session)
- */
-type SecurityRequirement = (session: Session, user: FullUser) => Promise<{
-    satisfied: boolean;
-    redirect?: string;
-} | null>;
-/**
- * Registry for password reset validators (e.g. 2FA module requiring check during reset)
- */
-type PasswordResetValidator = (userId: string) => Promise<AuthResponse | null>;
-/**
- * Registry for email verification validators
- */
-type EmailVerificationValidator = (userId: string) => Promise<AuthResponse | null>;
-export declare function registerAuthValidator(validator: AuthValidator): Promise<void>;
-export declare function registerPasswordResetValidator(validator: PasswordResetValidator): Promise<void>;
-export declare function registerEmailVerificationValidator(validator: EmailVerificationValidator): Promise<void>;
-export { registerIdentityAugmenter, registerSessionAugmenter, registerPasswordResetSessionAugmenter, augmentUser, augmentSession, };
-export declare function registerSecurityRequirement(requirement: SecurityRequirement): Promise<void>;
-export declare function runPasswordResetValidators(userId: string): Promise<AuthResponse | null>;
-export declare function runEmailVerificationValidators(userId: string): Promise<AuthResponse | null>;
-/**
- * Augments a base user with data from all registered modules.
- * This is now just a wrapper that includes core RBAC data.
- */
-export declare function performFullUserAugmentation(user: User): Promise<FullUser>;
-/**
- * Checks if the current session satisfies all registered security requirements.
- */
-export declare function checkSecurity(session: Session, user: FullUser, requiredRoles?: UserRole[], requiredPermissions?: UserPermission[], fallbackRedirect?: string): Promise<{
-    satisfied: boolean;
-    redirect: string | undefined;
-} | {
-    satisfied: boolean;
-    redirect?: undefined;
-}>;
-/**
- * Sign In Logic
- */
-export declare function signIn(data: LoginInput): Promise<AuthResponse>;
-/**
- * Sign Up Logic
- */
-export declare function signUp(data: RegisterInput): Promise<{
-    session: {
-        [x: string]: any;
-        id: string;
-        createdAt: Date;
-        updatedAt: Date | null;
-        userId: string;
-        active_organization_id: string | null;
-        expiresAt: Date;
-    };
-    user: {
-        [x: string]: any;
-        id: string;
-        email: string;
-        name: string;
-        password: string | null;
-        image: string | null;
-        recovery_code: Buffer<ArrayBufferLike>;
-        emailVerifiedAt: Date | null;
-        createdAt: Date;
-        updatedAt: Date | null;
-        roles: UserRole[];
-        permissions: UserPermission[];
-    };
-}>;
-/**
- * Finalizes login after a challenge
- */
-export declare function finalizeLogin(userId: string, flags: SessionFlags): Promise<{
-    session: {
-        [x: string]: any;
-        id: string;
-        createdAt: Date;
-        updatedAt: Date | null;
-        userId: string;
-        active_organization_id: string | null;
-        expiresAt: Date;
-    } | null;
-    user: {
-        id: string;
-        email: string;
-        name: string;
-        password: string | null;
-        image: string | null;
-        recovery_code: Buffer<ArrayBufferLike>;
-        emailVerifiedAt: Date | null;
-        createdAt: Date;
-        updatedAt: Date | null;
-    } | null;
-}>;
-/**
- * Sign Out
- */
-export declare function signOut(): Promise<void>;
-//# sourceMappingURL=logic.d.ts.map

package/dist/core/auth/logic.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"logic.d.ts","sourceRoot":"","sources":["../../../src/core/auth/logic.ts"],"names":[],"mappings":"AAuBA,OAAO,EACL,cAAc,EACd,WAAW,EACX,yBAAyB,EACzB,qCAAqC,EACrC,wBAAwB,EACzB,MAAM,WAAW,CAAC;AAcnB,OAAO,KAAK,EACV,YAAY,EACZ,QAAQ,EACR,OAAO,EACP,YAAY,EACZ,IAAI,EACJ,cAAc,EACd,QAAQ,EACT,MAAM,SAAS,CAAC;AACjB,OAAO,EACL,KAAK,UAAU,EAEf,KAAK,aAAa,EAEnB,MAAM,cAAc,CAAC;AA6DtB;;GAEG;AACH,KAAK,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;AAEtE;;GAEG;AACH,KAAK,mBAAmB,GAAG,CACzB,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,QAAQ,KACX,OAAO,CAAC;IAAE,SAAS,EAAE,OAAO,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,CAAC;AAE/D;;GAEG;AACH,KAAK,sBAAsB,GAAG,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;AAE/E;;GAEG;AACH,KAAK,0BAA0B,GAAG,CAChC,MAAM,EAAE,MAAM,KACX,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;AA6BlC,wBAAsB,qBAAqB,CAAC,SAAS,EAAE,aAAa,iBAEnE;AAED,wBAAsB,8BAA8B,CAClD,SAAS,EAAE,sBAAsB,iBAGlC;AAED,wBAAsB,kCAAkC,CACtD,SAAS,EAAE,0BAA0B,iBAGtC;AAED,OAAO,EACL,yBAAyB,EACzB,wBAAwB,EACxB,qCAAqC,EACrC,WAAW,EACX,cAAc,GACf,CAAC;AAEF,wBAAsB,2BAA2B,CAC/C,WAAW,EAAE,mBAAmB,iBAGjC;AAED,wBAAsB,0BAA0B,CAC9C,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAM9B;AAED,wBAAsB,8BAA8B,CAClD,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAM9B;AAED;;;GAGG;AACH,wBAAsB,2BAA2B,CAC/C,IAAI,EAAE,IAAI,GACT,OAAO,CAAC,QAAQ,CAAC,CAGnB;AAED;;GAEG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,QAAQ,EACd,aAAa,CAAC,EAAE,QAAQ,EAAE,EAC1B,mBAAmB,CAAC,EAAE,cAAc,EAAE,EACtC,gBAAgB,CAAC,EAAE,MAAM;;;;;;GA0D1B;AAED;;GAEG;AACH,wBAAsB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC,YAAY,CAAC,CAgCpE;AAED;;GAEG;AACH,wBAAsB,MAAM,CAAC,IAAI,EAAE,aAAa;;;;;;;;;;;;;;;;;;;;;;;;GAmC/C;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY;;;;;;;;;;;;;;;;;;;;;GAetE;AAED;;GAEG;AACH,wBAAsB,OAAO,kBAS5B"}

package/dist/core/auth/logic.js

@@ -1,245 +0,0 @@
-"use server";
-var _a, _b, _c, _d;
-import { eq, inArray } from "drizzle-orm";
-import { verifyPasswordHash, verifyPasswordStrength, } from "../../server/auth/password";
-import { createUser, getUserById, getUserFromEmail, getUserPasswordHash, verifyUsernameInput, } from "../../server/auth/user";
-import { db } from "../../server/database/inject";
-import { permissionsTable, rolesTable, rolesToPermissionsTable, usersToPermissionsTable, usersToRolesTable, } from "../../server/database/schema";
-import { eventBus } from "../event-bus";
-import { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter, } from "./augment";
-import { createEmailVerificationRequest, sendVerificationEmail, setEmailVerificationRequestCookie, } from "./email-verification";
-import { createSession, deleteSessionTokenCookie, generateSessionToken, getCurrentSession, invalidateSession, setSessionTokenCookie, } from "./session";
-import { loginSchema, registerSchema, } from "./validation";
-/**
- * Podstawowy moduł rozszerzający tożsamość dla ról i uprawnień
- */
-async function coreRbacAugmenter(user) {
-    try {
-        // 1. Fetch direct roles
-        const userRoles = await db
-            .select({ name: rolesTable.name })
-            .from(usersToRolesTable)
-            .innerJoin(rolesTable, eq(usersToRolesTable.roleId, rolesTable.id))
-            .where(eq(usersToRolesTable.userId, user.id));
-        const roles = userRoles.map((r) => r.name);
-        // 2. Fetch direct permissions
-        const userDirectPerms = await db
-            .select({ name: permissionsTable.name })
-            .from(usersToPermissionsTable)
-            .innerJoin(permissionsTable, eq(usersToPermissionsTable.permissionId, permissionsTable.id))
-            .where(eq(usersToPermissionsTable.userId, user.id));
-        const directPerms = userDirectPerms.map((p) => p.name);
-        // 3. Fetch permissions from roles
-        let rolePerms = [];
-        if (roles.length > 0) {
-            const roleIdsResult = await db
-                .select({ id: rolesTable.id })
-                .from(rolesTable)
-                .where(inArray(rolesTable.name, roles));
-            const roleIds = roleIdsResult.map((r) => r.id);
-            if (roleIds.length > 0) {
-                const rolePermsData = await db
-                    .select({ name: permissionsTable.name })
-                    .from(rolesToPermissionsTable)
-                    .innerJoin(permissionsTable, eq(rolesToPermissionsTable.permissionId, permissionsTable.id))
-                    .where(inArray(rolesToPermissionsTable.roleId, roleIds));
-                rolePerms = rolePermsData.map((p) => p.name);
-            }
-        }
-        return {
-            roles,
-            permissions: Array.from(new Set([...directPerms, ...rolePerms])),
-        };
-    }
-    catch (error) {
-        console.error("[Auth:RBAC] Failed to augment user:", error);
-        return { roles: [], permissions: [] };
-    }
-}
-const globalForAuth = globalThis;
-const authValidators = (_a = globalForAuth.__KRYO_AUTH_VALIDATORS__) !== null && _a !== void 0 ? _a : new Set();
-const securityRequirements = (_b = globalForAuth.__KRYO_SECURITY_REQUIREMENTS__) !== null && _b !== void 0 ? _b : new Set();
-const passwordResetValidators = (_c = globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__) !== null && _c !== void 0 ? _c : new Set();
-const emailVerificationValidators = (_d = globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__) !== null && _d !== void 0 ? _d : new Set();
-globalForAuth.__KRYO_AUTH_VALIDATORS__ = authValidators;
-globalForAuth.__KRYO_SECURITY_REQUIREMENTS__ = securityRequirements;
-globalForAuth.__KRYO_PASSWORD_RESET_VALIDATORS__ = passwordResetValidators;
-globalForAuth.__KRYO_EMAIL_VERIFICATION_VALIDATORS__ =
-    emailVerificationValidators;
-export async function registerAuthValidator(validator) {
-    authValidators.add(validator);
-}
-export async function registerPasswordResetValidator(validator) {
-    passwordResetValidators.add(validator);
-}
-export async function registerEmailVerificationValidator(validator) {
-    emailVerificationValidators.add(validator);
-}
-export { registerIdentityAugmenter, registerSessionAugmenter, registerPasswordResetSessionAugmenter, augmentUser, augmentSession, };
-export async function registerSecurityRequirement(requirement) {
-    securityRequirements.add(requirement);
-}
-export async function runPasswordResetValidators(userId) {
-    for (const validator of passwordResetValidators) {
-        const interception = await validator(userId);
-        if (interception)
-            return interception;
-    }
-    return null;
-}
-export async function runEmailVerificationValidators(userId) {
-    for (const validator of emailVerificationValidators) {
-        const interception = await validator(userId);
-        if (interception)
-            return interception;
-    }
-    return null;
-}
-/**
- * Augments a base user with data from all registered modules.
- * This is now just a wrapper that includes core RBAC data.
- */
-export async function performFullUserAugmentation(user) {
-    const coreRbacData = await coreRbacAugmenter(user);
-    return await augmentUser(user, coreRbacData);
-}
-/**
- * Checks if the current session satisfies all registered security requirements.
- */
-export async function checkSecurity(session, user, requiredRoles, requiredPermissions, fallbackRedirect) {
-    var _a;
-    if (!user) {
-        console.warn("User is required for security check");
-        return { satisfied: false, redirect: fallbackRedirect !== null && fallbackRedirect !== void 0 ? fallbackRedirect : "/signin" };
-    }
-    const userRoles = Array.isArray(user.roles) ? user.roles : [];
-    const userPermissions = Array.isArray(user.permissions)
-        ? user.permissions
-        : [];
-    // 1. Core Role Check (At least one role must match)
-    if (requiredRoles && requiredRoles.length > 0) {
-        const hasRole = requiredRoles.some((role) => userRoles.includes(role));
-        if (!hasRole) {
-            console.warn(`User lacks required roles: ${requiredRoles.join(", ")}`);
-            return {
-                satisfied: false,
-                redirect: fallbackRedirect,
-            };
-        }
-    }
-    // 2. Core Permission Check (ALL permissions must match)
-    if (requiredPermissions && requiredPermissions.length > 0) {
-        const hasAllPermissions = requiredPermissions.every((perm) => userPermissions.includes(perm));
-        if (!hasAllPermissions) {
-            console.warn(`User lacks required permissions: ${requiredPermissions.join(", ")}`);
-            return {
-                satisfied: false,
-                redirect: fallbackRedirect,
-            };
-        }
-    }
-    // 3. Modular Requirements Check
-    if (securityRequirements) {
-        for (const requirement of securityRequirements) {
-            try {
-                const result = await requirement(session, user);
-                if (result && !result.satisfied) {
-                    return {
-                        ...result,
-                        redirect: (_a = result.redirect) !== null && _a !== void 0 ? _a : fallbackRedirect,
-                    };
-                }
-            }
-            catch (error) {
-                console.error("[Auth:Security] Requirement failed:", error);
-            }
-        }
-    }
-    return { satisfied: true };
-}
-/**
- * Sign In Logic
- */
-export async function signIn(data) {
-    const { email, password } = await loginSchema.parseAsync(data);
-    const user = await getUserFromEmail(email);
-    if (!user) {
-        return { status: "ERROR", message: "Invalid email or password" };
-    }
-    const passwordHash = await getUserPasswordHash(user.id);
-    if (!passwordHash || !(await verifyPasswordHash(passwordHash, password))) {
-        return { status: "ERROR", message: "Invalid email or password" };
-    }
-    // Interception Layer
-    for (const validator of authValidators) {
-        const interception = await validator(user.id);
-        if (interception)
-            return interception;
-    }
-    const sessionFlags = {};
-    const sessionToken = await generateSessionToken();
-    const session = await createSession(sessionToken, user.id, sessionFlags);
-    await setSessionTokenCookie(sessionToken, session.expiresAt);
-    const fullUser = await performFullUserAugmentation(user);
-    await eventBus.publish("auth:session-created", { session, user: fullUser });
-    return {
-        status: "SUCCESS",
-        session: { ...session },
-        user: { ...fullUser },
-    };
-}
-/**
- * Sign Up Logic
- */
-export async function signUp(data) {
-    const { email, username, password } = registerSchema.parse(data);
-    if (!(await verifyUsernameInput(username))) {
-        throw new Error("Invalid username");
-    }
-    if (!(await verifyPasswordStrength(password))) {
-        throw new Error("Weak password");
-    }
-    const user = await createUser(email, username, password);
-    const verificationRequest = await createEmailVerificationRequest(user.id, user.email);
-    await sendVerificationEmail(verificationRequest.email, verificationRequest.code);
-    await setEmailVerificationRequestCookie(verificationRequest);
-    const sessionFlags = {};
-    const sessionToken = await generateSessionToken();
-    const session = await createSession(sessionToken, user.id, sessionFlags);
-    await setSessionTokenCookie(sessionToken, session.expiresAt);
-    const fullUser = await performFullUserAugmentation(user);
-    await eventBus.publish("auth:session-created", { session, user: fullUser });
-    return {
-        session: { ...session },
-        user: { ...fullUser },
-    };
-}
-/**
- * Finalizes login after a challenge
- */
-export async function finalizeLogin(userId, flags) {
-    const sessionToken = await generateSessionToken();
-    const session = await createSession(sessionToken, userId, flags);
-    await setSessionTokenCookie(sessionToken, session.expiresAt);
-    const user = await getUserById(userId);
-    if (user) {
-        await eventBus.publish("auth:session-created", { session, user });
-    }
-    return {
-        session: session ? { ...session } : null,
-        user: user ? { ...user } : null,
-    };
-}
-/**
- * Sign Out
- */
-export async function signOut() {
-    const { session, user } = await getCurrentSession();
-    if (session) {
-        if (user) {
-            await eventBus.publish("auth:signed-out", { userId: user.id });
-        }
-        await invalidateSession(session.id);
-        await deleteSessionTokenCookie();
-    }
-}

package/dist/core/auth/password-reset.d.ts

@@ -1,35 +0,0 @@
-import type { PasswordResetAuthSession, PasswordResetSession } from "./types";
-/**
- * Creates a new password reset session.
- */
-export declare function createPasswordResetSession(token: string, userId: string, email: string): Promise<PasswordResetSession>;
-/**
- * Validates the password reset session token and retrieves user data.
- * The user data is augmented by registered modules (e.g. 2FA).
- */
-export declare function validatePasswordResetSessionToken(token: string): Promise<PasswordResetAuthSession>;
-/**
- * Marks the password reset session as email verified.
- */
-export declare function setPasswordResetSessionAsEmailVerified(sessionId: string): Promise<void>;
-/**
- * Invalidates all password reset sessions for a user.
- */
-export declare function invalidateUserPasswordResetSessions(userId: string): Promise<void>;
-/**
- * Validates the current password reset session from cookies.
- */
-export declare function getCurrentPasswordResetSession(): Promise<PasswordResetAuthSession>;
-/**
- * Sets the password reset session token cookie.
- */
-export declare function setPasswordResetSessionTokenCookie(token: string, expiresAt: Date): Promise<void>;
-/**
- * Deletes the password reset session token cookie.
- */
-export declare function deletePasswordResetSessionTokenCookie(): Promise<void>;
-/**
- * Sends a password reset email with the OTP code.
- */
-export declare function sendPasswordResetEmail(email: string, code: string): Promise<void>;
-//# sourceMappingURL=password-reset.d.ts.map

package/dist/core/auth/password-reset.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"password-reset.d.ts","sourceRoot":"","sources":["../../../src/core/auth/password-reset.ts"],"names":[],"mappings":"AAeA,OAAO,KAAK,EAAE,wBAAwB,EAAE,oBAAoB,EAAE,MAAM,SAAS,CAAC;AAG9E;;GAEG;AACH,wBAAsB,0BAA0B,CAC9C,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,oBAAoB,CAAC,CAe/B;AAED;;;GAGG;AACH,wBAAsB,iCAAiC,CACrD,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,wBAAwB,CAAC,CAoCnC;AAED;;GAEG;AACH,wBAAsB,sCAAsC,CAC1D,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,IAAI,CAAC,CAOf;AAED;;GAEG;AACH,wBAAsB,mCAAmC,CACvD,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,IAAI,CAAC,CAIf;AAED;;GAEG;AACH,wBAAsB,8BAA8B,IAAI,OAAO,CAAC,wBAAwB,CAAC,CAexF;AAED;;GAEG;AACH,wBAAsB,kCAAkC,CACtD,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,IAAI,GACd,OAAO,CAAC,IAAI,CAAC,CAUf;AAED;;GAEG;AACH,wBAAsB,qCAAqC,IAAI,OAAO,CAAC,IAAI,CAAC,CAG3E;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC,CAEf"}

package/dist/core/auth/password-reset.js

@@ -1,122 +0,0 @@
-"use server";
-import { sha256 } from "@oslojs/crypto/sha2";
-import { encodeHexLowerCase } from "@oslojs/encoding";
-import { addHours } from "date-fns";
-import { eq } from "drizzle-orm";
-import { cookies } from "next/headers";
-import { db } from "../../server/database/inject";
-import { passwordResetSessionTable, userTable, } from "../../server/database/schema";
-import { sendResetPassword } from "../../server/emails/index";
-import { augmentPasswordResetSession } from "./augment";
-import { performFullUserAugmentation } from "./logic";
-import { generateRandomOTP } from "./utils/encode";
-/**
- * Creates a new password reset session.
- */
-export async function createPasswordResetSession(token, userId, email) {
-    const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-    const [session] = await db
-        .insert(passwordResetSessionTable)
-        .values({
-        id: sessionId,
-        email: email,
-        code: generateRandomOTP(),
-        expiresAt: new Date(addHours(new Date(), 1)),
-        userId: userId,
-    })
-        .returning();
-    return session;
-}
-/**
- * Validates the password reset session token and retrieves user data.
- * The user data is augmented by registered modules (e.g. 2FA).
- */
-export async function validatePasswordResetSessionToken(token) {
-    const sessionId = encodeHexLowerCase(sha256(new TextEncoder().encode(token)));
-    const [row] = await db
-        .select({
-        session: passwordResetSessionTable,
-        user: userTable,
-    })
-        .from(passwordResetSessionTable)
-        .innerJoin(userTable, eq(passwordResetSessionTable.userId, userTable.id))
-        .where(eq(passwordResetSessionTable.id, sessionId));
-    if (!row || !row.user) {
-        return { session: null, user: null };
-    }
-    const { session: baseSession, user: baseUser } = row;
-    // Check for expiration
-    if (new Date() > baseSession.expiresAt) {
-        await db
-            .delete(passwordResetSessionTable)
-            .where(eq(passwordResetSessionTable.id, baseSession.id));
-        return { session: null, user: null };
-    }
-    // STRICTLY remove non-serializable and sensitive fields
-    const { password, recovery_code, ...safeUser } = baseUser;
-    // AUGMENT (EXTENSIBILITY POINTS)
-    const user = await performFullUserAugmentation(safeUser);
-    const session = await augmentPasswordResetSession(baseSession);
-    return { session, user };
-}
-/**
- * Marks the password reset session as email verified.
- */
-export async function setPasswordResetSessionAsEmailVerified(sessionId) {
-    await db
-        .update(passwordResetSessionTable)
-        .set({
-        emailVerified: true,
-    })
-        .where(eq(passwordResetSessionTable.id, sessionId));
-}
-/**
- * Invalidates all password reset sessions for a user.
- */
-export async function invalidateUserPasswordResetSessions(userId) {
-    await db
-        .delete(passwordResetSessionTable)
-        .where(eq(passwordResetSessionTable.userId, userId));
-}
-/**
- * Validates the current password reset session from cookies.
- */
-export async function getCurrentPasswordResetSession() {
-    var _a, _b;
-    const cookieStore = await cookies();
-    const token = (_b = (_a = cookieStore.get("password_reset_session")) === null || _a === void 0 ? void 0 : _a.value) !== null && _b !== void 0 ? _b : null;
-    if (token === null) {
-        return { session: null, user: null };
-    }
-    const result = await validatePasswordResetSessionToken(token);
-    if (result.session === null) {
-        await deletePasswordResetSessionTokenCookie();
-    }
-    return result;
-}
-/**
- * Sets the password reset session token cookie.
- */
-export async function setPasswordResetSessionTokenCookie(token, expiresAt) {
-    const cookieStore = await cookies();
-    cookieStore.set("password_reset_session", token, {
-        expires: expiresAt,
-        sameSite: "lax",
-        httpOnly: true,
-        path: "/",
-        secure: process.env.NODE_ENV === "production",
-    });
-}
-/**
- * Deletes the password reset session token cookie.
- */
-export async function deletePasswordResetSessionTokenCookie() {
-    const cookieStore = await cookies();
-    cookieStore.delete("password_reset_session");
-}
-/**
- * Sends a password reset email with the OTP code.
- */
-export async function sendPasswordResetEmail(email, code) {
-    await sendResetPassword(email, code);
-}

package/dist/core/auth/rbac.d.ts

@@ -1,56 +0,0 @@
-/**
- * CORE RBAC LOGIC
- * This file handles all database operations for Roles and Permissions.
- */
-export declare function getRoles(): Promise<{
-    id: string;
-    name: string;
-    description: string | null;
-}[]>;
-export declare function getRoleById(roleId: string): Promise<{
-    id: string;
-    name: string;
-    description: string | null;
-}>;
-export declare function createRole(name: string, description?: string): Promise<{
-    id: string;
-    name: string;
-    description: string | null;
-}[]>;
-export declare function deleteRole(roleId: string): Promise<import("pg").QueryResult<never>>;
-export declare function getPermissions(): Promise<{
-    id: string;
-    name: string;
-    description: string | null;
-}[]>;
-export declare function createPermission(name: string, description?: string): Promise<{
-    id: string;
-    name: string;
-    description: string | null;
-}[]>;
-export declare function deletePermission(permissionId: string): Promise<import("pg").QueryResult<never>>;
-export declare function getRolePermissions(roleId: string): Promise<{
-    id: string;
-    name: string;
-}[]>;
-export declare function assignPermissionToRole(roleId: string, permissionId: string): Promise<import("pg").QueryResult<never>>;
-export declare function revokePermissionFromRole(roleId: string, permissionId: string): Promise<import("pg").QueryResult<never>>;
-export declare function assignRoleToUser(userId: string, roleId: string): Promise<import("pg").QueryResult<never>>;
-export declare function revokeRoleFromUser(userId: string, roleId: string): Promise<import("pg").QueryResult<never>>;
-export declare function assignPermissionToUser(userId: string, permissionId: string): Promise<import("pg").QueryResult<never>>;
-export declare function revokePermissionFromUser(userId: string, permissionId: string): Promise<import("pg").QueryResult<never>>;
-export declare function getUserRbacData(userId: string): Promise<{
-    roles: {
-        id: string;
-        name: string;
-    }[];
-    directPermissions: {
-        id: string;
-        name: string;
-    }[];
-    effectivePermissions: {
-        id: string;
-        name: string;
-    }[];
-}>;
-//# sourceMappingURL=rbac.d.ts.map

package/dist/core/auth/rbac.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/core/auth/rbac.ts"],"names":[],"mappings":"AAkBA;;;GAGG;AAIH,wBAAsB,QAAQ;;;;KAE7B;AAED,wBAAsB,WAAW,CAAC,MAAM,EAAE,MAAM;;;;GAM/C;AAED,wBAAsB,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM;;;;KAElE;AAED,wBAAsB,UAAU,CAAC,MAAM,EAAE,MAAM,4CAE9C;AAID,wBAAsB,cAAc;;;;KAKnC;AAED,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM;;;;KAKxE;AAED,wBAAsB,gBAAgB,CAAC,YAAY,EAAE,MAAM,4CAI1D;AAID,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM;;;KAYtD;AAED,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,4CAMrB;AAED,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,4CAUrB;AAID,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,4CAKpE;AAED,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,4CAStE;AAED,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,4CAMrB;AAED,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,4CAUrB;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE,MAAM;;;;;;;;;;YAwCP,MAAM;cAAQ,MAAM;;GAUhE"}