@arch-cadre/core 0.0.6

package/dist/_virtual/_rolldown/runtime.cjs

@@ -0,0 +1,29 @@
+//#region \0rolldown/runtime.js
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", {
+	value: mod,
+	enumerable: true
+}) : target, mod));
+
+//#endregion
+
+exports.__toESM = __toESM;

package/dist/_virtual/_rolldown/runtime.mjs

@@ -0,0 +1,18 @@
+//#region \0rolldown/runtime.js
+var __defProp = Object.defineProperty;
+var __exportAll = (all, no_symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (!no_symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+
+//#endregion
+export { __exportAll };

package/dist/core/auth/augment.cjs

@@ -0,0 +1,71 @@
+
+//#region src/core/auth/augment.ts
+const globalForAugment = globalThis;
+const identityAugmenters = globalForAugment.__WINKLY_IDENTITY_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
+const sessionAugmenters = globalForAugment.__WINKLY_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
+const passwordResetSessionAugmenters = globalForAugment.__WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
+globalForAugment.__WINKLY_IDENTITY_AUGMENTERS__ = identityAugmenters;
+globalForAugment.__WINKLY_SESSION_AUGMENTERS__ = sessionAugmenters;
+globalForAugment.__WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__ = passwordResetSessionAugmenters;
+function registerIdentityAugmenter(augmenter) {
+	identityAugmenters.add(augmenter);
+}
+function registerSessionAugmenter(augmenter) {
+	sessionAugmenters.add(augmenter);
+}
+function registerPasswordResetSessionAugmenter(augmenter) {
+	passwordResetSessionAugmenters.add(augmenter);
+}
+/**
+* EXECUTION FUNCTIONS
+*/
+async function augmentUser(user, coreRbacData) {
+	let augmentedData = coreRbacData || {};
+	for (const augmenter of identityAugmenters) {
+		const data = await augmenter(user);
+		augmentedData = {
+			...augmentedData,
+			...data
+		};
+	}
+	return {
+		...user,
+		...augmentedData
+	};
+}
+async function augmentSession(session) {
+	let augmentedData = {};
+	for (const augmenter of sessionAugmenters) {
+		const data = await augmenter(session);
+		augmentedData = {
+			...augmentedData,
+			...data
+		};
+	}
+	return {
+		...session,
+		...augmentedData
+	};
+}
+async function augmentPasswordResetSession(session) {
+	let augmentedData = {};
+	for (const augmenter of passwordResetSessionAugmenters) {
+		const data = await augmenter(session);
+		augmentedData = {
+			...augmentedData,
+			...data
+		};
+	}
+	return {
+		...session,
+		...augmentedData
+	};
+}
+
+//#endregion
+exports.augmentPasswordResetSession = augmentPasswordResetSession;
+exports.augmentSession = augmentSession;
+exports.augmentUser = augmentUser;
+exports.registerIdentityAugmenter = registerIdentityAugmenter;
+exports.registerPasswordResetSessionAugmenter = registerPasswordResetSessionAugmenter;
+exports.registerSessionAugmenter = registerSessionAugmenter;

package/dist/core/auth/augment.d.cts

@@ -0,0 +1,20 @@
+import { FullUser, PasswordResetSession, Session, User } from "./types.cjs";
+
+//#region src/core/auth/augment.d.ts
+/**
+ * REGISTRIES FOR MODULAR EXTENSIONS
+ */
+type IdentityAugmenter = (user: User) => Promise<Partial<FullUser>>;
+type SessionAugmenter = (session: Session) => Promise<Partial<Session>>;
+type PasswordResetSessionAugmenter = (session: PasswordResetSession) => Promise<Partial<PasswordResetSession>>;
+declare function registerIdentityAugmenter(augmenter: IdentityAugmenter): void;
+declare function registerSessionAugmenter(augmenter: SessionAugmenter): void;
+declare function registerPasswordResetSessionAugmenter(augmenter: PasswordResetSessionAugmenter): void;
+/**
+ * EXECUTION FUNCTIONS
+ */
+declare function augmentUser(user: User, coreRbacData?: Record<string, any>): Promise<FullUser>;
+declare function augmentSession(session: Session): Promise<Session>;
+//#endregion
+export { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter };
+//# sourceMappingURL=augment.d.cts.map

package/dist/core/auth/augment.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"augment.d.cts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,iBAwBL,yBAAA,CAA0B,SAAA,EAAW,iBAAA;AAAA,iBAIrC,wBAAA,CAAyB,SAAA,EAAW,gBAAA;AAAA,iBAIpC,qCAAA,CACd,SAAA,EAAW,6BAAA;;;;iBAQS,WAAA,CACpB,IAAA,EAAM,IAAA,EACN,YAAA,GAAe,MAAA,gBACd,OAAA,CAAQ,QAAA;AAAA,iBASW,cAAA,CAAe,OAAA,EAAS,OAAA,GAAU,OAAA,CAAQ,OAAA"}

package/dist/core/auth/augment.d.mts

@@ -0,0 +1,20 @@
+import { FullUser, PasswordResetSession, Session, User } from "./types.mjs";
+
+//#region src/core/auth/augment.d.ts
+/**
+ * REGISTRIES FOR MODULAR EXTENSIONS
+ */
+type IdentityAugmenter = (user: User) => Promise<Partial<FullUser>>;
+type SessionAugmenter = (session: Session) => Promise<Partial<Session>>;
+type PasswordResetSessionAugmenter = (session: PasswordResetSession) => Promise<Partial<PasswordResetSession>>;
+declare function registerIdentityAugmenter(augmenter: IdentityAugmenter): void;
+declare function registerSessionAugmenter(augmenter: SessionAugmenter): void;
+declare function registerPasswordResetSessionAugmenter(augmenter: PasswordResetSessionAugmenter): void;
+/**
+ * EXECUTION FUNCTIONS
+ */
+declare function augmentUser(user: User, coreRbacData?: Record<string, any>): Promise<FullUser>;
+declare function augmentSession(session: Session): Promise<Session>;
+//#endregion
+export { augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter };
+//# sourceMappingURL=augment.d.mts.map

package/dist/core/auth/augment.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"augment.d.mts","names":[],"sources":["../../../src/core/auth/augment.ts"],"mappings":";;;;;AAA6E;KAMxE,iBAAA,IAAqB,IAAA,EAAM,IAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,QAAA;AAAA,KACpD,gBAAA,IAAoB,OAAA,EAAS,OAAA,KAAY,OAAA,CAAQ,OAAA,CAAQ,OAAA;AAAA,KACzD,6BAAA,IACH,OAAA,EAAS,oBAAA,KACN,OAAA,CAAQ,OAAA,CAAQ,oBAAA;AAAA,iBAwBL,yBAAA,CAA0B,SAAA,EAAW,iBAAA;AAAA,iBAIrC,wBAAA,CAAyB,SAAA,EAAW,gBAAA;AAAA,iBAIpC,qCAAA,CACd,SAAA,EAAW,6BAAA;;;;iBAQS,WAAA,CACpB,IAAA,EAAM,IAAA,EACN,YAAA,GAAe,MAAA,gBACd,OAAA,CAAQ,QAAA;AAAA,iBASW,cAAA,CAAe,OAAA,EAAS,OAAA,GAAU,OAAA,CAAQ,OAAA"}

package/dist/core/auth/augment.mjs

@@ -0,0 +1,66 @@
+//#region src/core/auth/augment.ts
+const globalForAugment = globalThis;
+const identityAugmenters = globalForAugment.__WINKLY_IDENTITY_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
+const sessionAugmenters = globalForAugment.__WINKLY_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
+const passwordResetSessionAugmenters = globalForAugment.__WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__ ?? /* @__PURE__ */ new Set();
+globalForAugment.__WINKLY_IDENTITY_AUGMENTERS__ = identityAugmenters;
+globalForAugment.__WINKLY_SESSION_AUGMENTERS__ = sessionAugmenters;
+globalForAugment.__WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__ = passwordResetSessionAugmenters;
+function registerIdentityAugmenter(augmenter) {
+	identityAugmenters.add(augmenter);
+}
+function registerSessionAugmenter(augmenter) {
+	sessionAugmenters.add(augmenter);
+}
+function registerPasswordResetSessionAugmenter(augmenter) {
+	passwordResetSessionAugmenters.add(augmenter);
+}
+/**
+* EXECUTION FUNCTIONS
+*/
+async function augmentUser(user, coreRbacData) {
+	let augmentedData = coreRbacData || {};
+	for (const augmenter of identityAugmenters) {
+		const data = await augmenter(user);
+		augmentedData = {
+			...augmentedData,
+			...data
+		};
+	}
+	return {
+		...user,
+		...augmentedData
+	};
+}
+async function augmentSession(session) {
+	let augmentedData = {};
+	for (const augmenter of sessionAugmenters) {
+		const data = await augmenter(session);
+		augmentedData = {
+			...augmentedData,
+			...data
+		};
+	}
+	return {
+		...session,
+		...augmentedData
+	};
+}
+async function augmentPasswordResetSession(session) {
+	let augmentedData = {};
+	for (const augmenter of passwordResetSessionAugmenters) {
+		const data = await augmenter(session);
+		augmentedData = {
+			...augmentedData,
+			...data
+		};
+	}
+	return {
+		...session,
+		...augmentedData
+	};
+}
+
+//#endregion
+export { augmentPasswordResetSession, augmentSession, augmentUser, registerIdentityAugmenter, registerPasswordResetSessionAugmenter, registerSessionAugmenter };
+//# sourceMappingURL=augment.mjs.map

package/dist/core/auth/augment.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"augment.mjs","names":[],"sources":["../../../src/core/auth/augment.ts"],"sourcesContent":["import type { FullUser, PasswordResetSession, Session, User } from \"./types\";\n\n/**\n * REGISTRIES FOR MODULAR EXTENSIONS\n */\n\ntype IdentityAugmenter = (user: User) => Promise<Partial<FullUser>>;\ntype SessionAugmenter = (session: Session) => Promise<Partial<Session>>;\ntype PasswordResetSessionAugmenter = (\n  session: PasswordResetSession,\n) => Promise<Partial<PasswordResetSession>>;\n\nconst globalForAugment = globalThis as unknown as {\n  __WINKLY_IDENTITY_AUGMENTERS__: Set<IdentityAugmenter> | undefined;\n  __WINKLY_SESSION_AUGMENTERS__: Set<SessionAugmenter> | undefined;\n  __WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__:\n    | Set<PasswordResetSessionAugmenter>\n    | undefined;\n};\n\nconst identityAugmenters =\n  globalForAugment.__WINKLY_IDENTITY_AUGMENTERS__ ??\n  new Set<IdentityAugmenter>();\nconst sessionAugmenters =\n  globalForAugment.__WINKLY_SESSION_AUGMENTERS__ ?? new Set<SessionAugmenter>();\nconst passwordResetSessionAugmenters =\n  globalForAugment.__WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__ ??\n  new Set<PasswordResetSessionAugmenter>();\n\nglobalForAugment.__WINKLY_IDENTITY_AUGMENTERS__ = identityAugmenters;\nglobalForAugment.__WINKLY_SESSION_AUGMENTERS__ = sessionAugmenters;\nglobalForAugment.__WINKLY_PASSWORD_RESET_SESSION_AUGMENTERS__ =\n  passwordResetSessionAugmenters;\n\nexport function registerIdentityAugmenter(augmenter: IdentityAugmenter) {\n  identityAugmenters.add(augmenter);\n}\n\nexport function registerSessionAugmenter(augmenter: SessionAugmenter) {\n  sessionAugmenters.add(augmenter);\n}\n\nexport function registerPasswordResetSessionAugmenter(\n  augmenter: PasswordResetSessionAugmenter,\n) {\n  passwordResetSessionAugmenters.add(augmenter);\n}\n\n/**\n * EXECUTION FUNCTIONS\n */\nexport async function augmentUser(\n  user: User,\n  coreRbacData?: Record<string, any>,\n): Promise<FullUser> {\n  let augmentedData = coreRbacData || {};\n  for (const augmenter of identityAugmenters) {\n    const data = await augmenter(user);\n    augmentedData = { ...augmentedData, ...data };\n  }\n  return { ...user, ...augmentedData } as FullUser;\n}\n\nexport async function augmentSession(session: Session): Promise<Session> {\n  let augmentedData = {};\n  for (const augmenter of sessionAugmenters) {\n    const data = await augmenter(session);\n    augmentedData = { ...augmentedData, ...data };\n  }\n  return { ...session, ...augmentedData } as Session;\n}\n\nexport async function augmentPasswordResetSession(\n  session: PasswordResetSession,\n): Promise<PasswordResetSession> {\n  let augmentedData = {};\n  for (const augmenter of passwordResetSessionAugmenters) {\n    const data = await augmenter(session);\n    augmentedData = { ...augmentedData, ...data };\n  }\n  return { ...session, ...augmentedData } as PasswordResetSession;\n}\n"],"mappings":";AAYA,MAAM,mBAAmB;AAQzB,MAAM,qBACJ,iBAAiB,kDACjB,IAAI,KAAwB;AAC9B,MAAM,oBACJ,iBAAiB,iDAAiC,IAAI,KAAuB;AAC/E,MAAM,iCACJ,iBAAiB,gEACjB,IAAI,KAAoC;AAE1C,iBAAiB,iCAAiC;AAClD,iBAAiB,gCAAgC;AACjD,iBAAiB,+CACf;AAEF,SAAgB,0BAA0B,WAA8B;AACtE,oBAAmB,IAAI,UAAU;;AAGnC,SAAgB,yBAAyB,WAA6B;AACpE,mBAAkB,IAAI,UAAU;;AAGlC,SAAgB,sCACd,WACA;AACA,gCAA+B,IAAI,UAAU;;;;;AAM/C,eAAsB,YACpB,MACA,cACmB;CACnB,IAAI,gBAAgB,gBAAgB,EAAE;AACtC,MAAK,MAAM,aAAa,oBAAoB;EAC1C,MAAM,OAAO,MAAM,UAAU,KAAK;AAClC,kBAAgB;GAAE,GAAG;GAAe,GAAG;GAAM;;AAE/C,QAAO;EAAE,GAAG;EAAM,GAAG;EAAe;;AAGtC,eAAsB,eAAe,SAAoC;CACvE,IAAI,gBAAgB,EAAE;AACtB,MAAK,MAAM,aAAa,mBAAmB;EACzC,MAAM,OAAO,MAAM,UAAU,QAAQ;AACrC,kBAAgB;GAAE,GAAG;GAAe,GAAG;GAAM;;AAE/C,QAAO;EAAE,GAAG;EAAS,GAAG;EAAe;;AAGzC,eAAsB,4BACpB,SAC+B;CAC/B,IAAI,gBAAgB,EAAE;AACtB,MAAK,MAAM,aAAa,gCAAgC;EACtD,MAAM,OAAO,MAAM,UAAU,QAAQ;AACrC,kBAAgB;GAAE,GAAG;GAAe,GAAG;GAAM;;AAE/C,QAAO;EAAE,GAAG;EAAS,GAAG;EAAe"}

package/dist/core/auth/email-verification.cjs

@@ -0,0 +1,99 @@
+"use server";
+
+const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
+const require_inject = require('../../server/database/inject.cjs');
+const require_schema = require('../../server/database/schema.cjs');
+const require_index = require('../../server/emails/index.cjs');
+const require_encode = require('./utils/encode.cjs');
+const require_logic = require('./logic.cjs');
+const require_session = require('./session.cjs');
+let drizzle_orm = require("drizzle-orm");
+let date_fns = require("date-fns");
+let next_headers = require("next/headers");
+
+//#region src/core/auth/email-verification.ts
+/**
+* Register Email Verification as a Core Security Requirement.
+*/
+async function initEmailVerification() {
+	require_logic.registerSecurityRequirement(async (_session, user) => {
+		if (!user.emailVerifiedAt) return {
+			satisfied: false,
+			redirect: "/verify-email?unverified"
+		};
+		return { satisfied: true };
+	});
+}
+/**
+* Retrieves a specific email verification request for a user.
+*/
+async function getUserEmailVerificationRequest(userId, id) {
+	const [session] = await require_inject.db.select().from(require_schema.emailVerificationTable).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.emailVerificationTable.id, id), (0, drizzle_orm.eq)(require_schema.emailVerificationTable.userId, userId)));
+	return session;
+}
+/**
+* Creates a new email verification request, deleting any existing one for the user.
+*/
+async function createEmailVerificationRequest(userId, email) {
+	await deleteUserEmailVerificationRequest(userId);
+	const code = require_encode.generateRandomOTP();
+	const [verificationRequest] = await require_inject.db.insert(require_schema.emailVerificationTable).values({
+		userId,
+		code,
+		email,
+		expiresAt: new Date((0, date_fns.addHours)(/* @__PURE__ */ new Date(), 1))
+	}).returning();
+	return verificationRequest;
+}
+/**
+* Deletes all email verification requests for a user.
+*/
+async function deleteUserEmailVerificationRequest(userId) {
+	await require_inject.db.delete(require_schema.emailVerificationTable).where((0, drizzle_orm.eq)(require_schema.emailVerificationTable.userId, userId));
+}
+/**
+* Sends a verification email with the OTP code.
+*/
+async function sendVerificationEmail(email, code) {
+	await /* @__PURE__ */ require_index.sendVerifyEmail(email, code);
+}
+/**
+* Sets the email verification request ID in a cookie.
+*/
+async function setEmailVerificationRequestCookie(request) {
+	(await (0, next_headers.cookies)()).set("email_verification", request.id, {
+		httpOnly: true,
+		path: "/",
+		secure: process.env.NODE_ENV === "production",
+		sameSite: "lax",
+		expires: request.expiresAt
+	});
+}
+/**
+* Removes the email verification request cookie.
+*/
+async function deleteEmailVerificationRequestCookie() {
+	(await (0, next_headers.cookies)()).delete("email_verification");
+}
+/**
+* Retrieves the current email verification request based on session and cookie.
+*/
+async function getUserEmailVerificationRequestFromRequest() {
+	const { user } = await require_session.getCurrentSession();
+	if (!user) return null;
+	const id = (await (0, next_headers.cookies)()).get("email_verification")?.value ?? null;
+	if (!id) return null;
+	const request = await getUserEmailVerificationRequest(user.id, id);
+	if (!request) await deleteEmailVerificationRequestCookie();
+	return request;
+}
+
+//#endregion
+exports.createEmailVerificationRequest = createEmailVerificationRequest;
+exports.deleteEmailVerificationRequestCookie = deleteEmailVerificationRequestCookie;
+exports.deleteUserEmailVerificationRequest = deleteUserEmailVerificationRequest;
+exports.getUserEmailVerificationRequest = getUserEmailVerificationRequest;
+exports.getUserEmailVerificationRequestFromRequest = getUserEmailVerificationRequestFromRequest;
+exports.initEmailVerification = initEmailVerification;
+exports.sendVerificationEmail = sendVerificationEmail;
+exports.setEmailVerificationRequestCookie = setEmailVerificationRequestCookie;

package/dist/core/auth/email-verification.d.cts

@@ -0,0 +1,62 @@
+import { emailVerificationTable } from "../../server/database/schema.cjs";
+
+//#region src/core/auth/email-verification.d.ts
+/**
+ * Register Email Verification as a Core Security Requirement.
+ */
+declare function initEmailVerification(): Promise<void>;
+/**
+ * Retrieves a specific email verification request for a user.
+ */
+declare function getUserEmailVerificationRequest(userId: string, id: string): Promise<{
+  id: string;
+  email: string;
+  code: string;
+  userId: string;
+  expiresAt: Date;
+  createdAt: Date;
+  updatedAt: Date | null;
+}>;
+/**
+ * Creates a new email verification request, deleting any existing one for the user.
+ */
+declare function createEmailVerificationRequest(userId: string, email: string): Promise<{
+  id: string;
+  email: string;
+  createdAt: Date;
+  updatedAt: Date | null;
+  userId: string;
+  expiresAt: Date;
+  code: string;
+}>;
+/**
+ * Deletes all email verification requests for a user.
+ */
+declare function deleteUserEmailVerificationRequest(userId: string): Promise<void>;
+/**
+ * Sends a verification email with the OTP code.
+ */
+declare function sendVerificationEmail(email: string, code: string): Promise<void>;
+/**
+ * Sets the email verification request ID in a cookie.
+ */
+declare function setEmailVerificationRequestCookie(request: typeof emailVerificationTable.$inferSelect): Promise<void>;
+/**
+ * Removes the email verification request cookie.
+ */
+declare function deleteEmailVerificationRequestCookie(): Promise<void>;
+/**
+ * Retrieves the current email verification request based on session and cookie.
+ */
+declare function getUserEmailVerificationRequestFromRequest(): Promise<{
+  id: string;
+  email: string;
+  code: string;
+  userId: string;
+  expiresAt: Date;
+  createdAt: Date;
+  updatedAt: Date | null;
+} | null>;
+//#endregion
+export { createEmailVerificationRequest, deleteEmailVerificationRequestCookie, deleteUserEmailVerificationRequest, getUserEmailVerificationRequest, getUserEmailVerificationRequestFromRequest, initEmailVerification, sendVerificationEmail, setEmailVerificationRequestCookie };
+//# sourceMappingURL=email-verification.d.cts.map

package/dist/core/auth/email-verification.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-verification.d.cts","names":[],"sources":["../../../src/core/auth/email-verification.ts"],"mappings":";;;;;AAeA;iBAAsB,qBAAA,CAAA,GAAqB,OAAA;;;;iBAerB,+BAAA,CACpB,MAAA,UACA,EAAA,WAAU,OAAA;;;;;;;;;;;;iBAkBU,8BAAA,CACpB,MAAA,UACA,KAAA,WAAa,OAAA;;;;;;;;;;;;iBAsBO,kCAAA,CACpB,MAAA,WACC,OAAA;;;;iBASmB,qBAAA,CACpB,KAAA,UACA,IAAA,WACC,OAAA;;;;iBAOmB,iCAAA,CACpB,OAAA,SAAgB,sBAAA,CAAuB,YAAA,GACtC,OAAA;;;;iBAemB,oCAAA,CAAA,GAAwC,OAAA;;;;iBAQxC,0CAAA,CAAA,GAA0C,OAAA"}

package/dist/core/auth/email-verification.d.mts

@@ -0,0 +1,62 @@
+import { emailVerificationTable } from "../../server/database/schema.mjs";
+
+//#region src/core/auth/email-verification.d.ts
+/**
+ * Register Email Verification as a Core Security Requirement.
+ */
+declare function initEmailVerification(): Promise<void>;
+/**
+ * Retrieves a specific email verification request for a user.
+ */
+declare function getUserEmailVerificationRequest(userId: string, id: string): Promise<{
+  id: string;
+  email: string;
+  code: string;
+  userId: string;
+  expiresAt: Date;
+  createdAt: Date;
+  updatedAt: Date | null;
+}>;
+/**
+ * Creates a new email verification request, deleting any existing one for the user.
+ */
+declare function createEmailVerificationRequest(userId: string, email: string): Promise<{
+  id: string;
+  email: string;
+  createdAt: Date;
+  updatedAt: Date | null;
+  userId: string;
+  expiresAt: Date;
+  code: string;
+}>;
+/**
+ * Deletes all email verification requests for a user.
+ */
+declare function deleteUserEmailVerificationRequest(userId: string): Promise<void>;
+/**
+ * Sends a verification email with the OTP code.
+ */
+declare function sendVerificationEmail(email: string, code: string): Promise<void>;
+/**
+ * Sets the email verification request ID in a cookie.
+ */
+declare function setEmailVerificationRequestCookie(request: typeof emailVerificationTable.$inferSelect): Promise<void>;
+/**
+ * Removes the email verification request cookie.
+ */
+declare function deleteEmailVerificationRequestCookie(): Promise<void>;
+/**
+ * Retrieves the current email verification request based on session and cookie.
+ */
+declare function getUserEmailVerificationRequestFromRequest(): Promise<{
+  id: string;
+  email: string;
+  code: string;
+  userId: string;
+  expiresAt: Date;
+  createdAt: Date;
+  updatedAt: Date | null;
+} | null>;
+//#endregion
+export { createEmailVerificationRequest, deleteEmailVerificationRequestCookie, deleteUserEmailVerificationRequest, getUserEmailVerificationRequest, getUserEmailVerificationRequestFromRequest, initEmailVerification, sendVerificationEmail, setEmailVerificationRequestCookie };
+//# sourceMappingURL=email-verification.d.mts.map

package/dist/core/auth/email-verification.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-verification.d.mts","names":[],"sources":["../../../src/core/auth/email-verification.ts"],"mappings":";;;;;AAeA;iBAAsB,qBAAA,CAAA,GAAqB,OAAA;;;;iBAerB,+BAAA,CACpB,MAAA,UACA,EAAA,WAAU,OAAA;;;;;;;;;;;;iBAkBU,8BAAA,CACpB,MAAA,UACA,KAAA,WAAa,OAAA;;;;;;;;;;;;iBAsBO,kCAAA,CACpB,MAAA,WACC,OAAA;;;;iBASmB,qBAAA,CACpB,KAAA,UACA,IAAA,WACC,OAAA;;;;iBAOmB,iCAAA,CACpB,OAAA,SAAgB,sBAAA,CAAuB,YAAA,GACtC,OAAA;;;;iBAemB,oCAAA,CAAA,GAAwC,OAAA;;;;iBAQxC,0CAAA,CAAA,GAA0C,OAAA"}

package/dist/core/auth/email-verification.mjs

@@ -0,0 +1,92 @@
+"use server";
+
+import { db } from "../../server/database/inject.mjs";
+import { emailVerificationTable } from "../../server/database/schema.mjs";
+import { sendVerifyEmail } from "../../server/emails/index.mjs";
+import { generateRandomOTP } from "./utils/encode.mjs";
+import { registerSecurityRequirement } from "./logic.mjs";
+import { getCurrentSession } from "./session.mjs";
+import { and, eq } from "drizzle-orm";
+import { addHours } from "date-fns";
+import { cookies } from "next/headers";
+
+//#region src/core/auth/email-verification.ts
+/**
+* Register Email Verification as a Core Security Requirement.
+*/
+async function initEmailVerification() {
+	registerSecurityRequirement(async (_session, user) => {
+		if (!user.emailVerifiedAt) return {
+			satisfied: false,
+			redirect: "/verify-email?unverified"
+		};
+		return { satisfied: true };
+	});
+}
+/**
+* Retrieves a specific email verification request for a user.
+*/
+async function getUserEmailVerificationRequest(userId, id) {
+	const [session] = await db.select().from(emailVerificationTable).where(and(eq(emailVerificationTable.id, id), eq(emailVerificationTable.userId, userId)));
+	return session;
+}
+/**
+* Creates a new email verification request, deleting any existing one for the user.
+*/
+async function createEmailVerificationRequest(userId, email) {
+	await deleteUserEmailVerificationRequest(userId);
+	const code = generateRandomOTP();
+	const [verificationRequest] = await db.insert(emailVerificationTable).values({
+		userId,
+		code,
+		email,
+		expiresAt: new Date(addHours(/* @__PURE__ */ new Date(), 1))
+	}).returning();
+	return verificationRequest;
+}
+/**
+* Deletes all email verification requests for a user.
+*/
+async function deleteUserEmailVerificationRequest(userId) {
+	await db.delete(emailVerificationTable).where(eq(emailVerificationTable.userId, userId));
+}
+/**
+* Sends a verification email with the OTP code.
+*/
+async function sendVerificationEmail(email, code) {
+	await /* @__PURE__ */ sendVerifyEmail(email, code);
+}
+/**
+* Sets the email verification request ID in a cookie.
+*/
+async function setEmailVerificationRequestCookie(request) {
+	(await cookies()).set("email_verification", request.id, {
+		httpOnly: true,
+		path: "/",
+		secure: process.env.NODE_ENV === "production",
+		sameSite: "lax",
+		expires: request.expiresAt
+	});
+}
+/**
+* Removes the email verification request cookie.
+*/
+async function deleteEmailVerificationRequestCookie() {
+	(await cookies()).delete("email_verification");
+}
+/**
+* Retrieves the current email verification request based on session and cookie.
+*/
+async function getUserEmailVerificationRequestFromRequest() {
+	const { user } = await getCurrentSession();
+	if (!user) return null;
+	const id = (await cookies()).get("email_verification")?.value ?? null;
+	if (!id) return null;
+	const request = await getUserEmailVerificationRequest(user.id, id);
+	if (!request) await deleteEmailVerificationRequestCookie();
+	return request;
+}
+
+//#endregion
+export { createEmailVerificationRequest, deleteEmailVerificationRequestCookie, deleteUserEmailVerificationRequest, getUserEmailVerificationRequest, getUserEmailVerificationRequestFromRequest, initEmailVerification, sendVerificationEmail, setEmailVerificationRequestCookie };
+//# sourceMappingURL=email-verification.mjs.map

package/dist/core/auth/email-verification.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-verification.mjs","names":[],"sources":["../../../src/core/auth/email-verification.ts"],"sourcesContent":["\"use server\";\n\nimport { addHours } from \"date-fns\";\nimport { and, eq } from \"drizzle-orm\";\nimport { cookies } from \"next/headers\";\nimport { db } from \"../../server/database/inject\";\nimport { emailVerificationTable } from \"../../server/database/schema\";\nimport { sendVerifyEmail } from \"../../server/emails\";\nimport { registerSecurityRequirement } from \"./logic\";\nimport { getCurrentSession } from \"./session\";\nimport { generateRandomOTP } from \"./utils/encode\";\n\n/**\n * Register Email Verification as a Core Security Requirement.\n */\nexport async function initEmailVerification() {\n  registerSecurityRequirement(async (_session, user) => {\n    if (!user.emailVerifiedAt) {\n      return {\n        satisfied: false,\n        redirect: \"/verify-email?unverified\",\n      };\n    }\n    return { satisfied: true };\n  });\n}\n\n/**\n * Retrieves a specific email verification request for a user.\n */\nexport async function getUserEmailVerificationRequest(\n  userId: string,\n  id: string,\n) {\n  const [session] = await db\n    .select()\n    .from(emailVerificationTable)\n    .where(\n      and(\n        eq(emailVerificationTable.id, id),\n        eq(emailVerificationTable.userId, userId),\n      ),\n    );\n\n  return session;\n}\n\n/**\n * Creates a new email verification request, deleting any existing one for the user.\n */\nexport async function createEmailVerificationRequest(\n  userId: string,\n  email: string,\n) {\n  await deleteUserEmailVerificationRequest(userId);\n\n  const code = generateRandomOTP();\n\n  const [verificationRequest] = await db\n    .insert(emailVerificationTable)\n    .values({\n      userId,\n      code,\n      email,\n      expiresAt: new Date(addHours(new Date(), 1)),\n    })\n    .returning();\n\n  return verificationRequest;\n}\n\n/**\n * Deletes all email verification requests for a user.\n */\nexport async function deleteUserEmailVerificationRequest(\n  userId: string,\n): Promise<void> {\n  await db\n    .delete(emailVerificationTable)\n    .where(eq(emailVerificationTable.userId, userId));\n}\n\n/**\n * Sends a verification email with the OTP code.\n */\nexport async function sendVerificationEmail(\n  email: string,\n  code: string,\n): Promise<void> {\n  await sendVerifyEmail(email, code);\n}\n\n/**\n * Sets the email verification request ID in a cookie.\n */\nexport async function setEmailVerificationRequestCookie(\n  request: typeof emailVerificationTable.$inferSelect,\n): Promise<void> {\n  const cookieStore = await cookies();\n\n  cookieStore.set(\"email_verification\", request.id, {\n    httpOnly: true,\n    path: \"/\",\n    secure: process.env.NODE_ENV === \"production\",\n    sameSite: \"lax\",\n    expires: request.expiresAt,\n  });\n}\n\n/**\n * Removes the email verification request cookie.\n */\nexport async function deleteEmailVerificationRequestCookie(): Promise<void> {\n  const cookieStore = await cookies();\n  cookieStore.delete(\"email_verification\");\n}\n\n/**\n * Retrieves the current email verification request based on session and cookie.\n */\nexport async function getUserEmailVerificationRequestFromRequest() {\n  const { user } = await getCurrentSession();\n\n  if (!user) {\n    return null;\n  }\n\n  const cookieStore = await cookies();\n  const id = cookieStore.get(\"email_verification\")?.value ?? null;\n\n  if (!id) {\n    return null;\n  }\n\n  const request = await getUserEmailVerificationRequest(user.id, id);\n\n  if (!request) {\n    await deleteEmailVerificationRequestCookie();\n  }\n\n  return request;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAeA,eAAsB,wBAAwB;AAC5C,6BAA4B,OAAO,UAAU,SAAS;AACpD,MAAI,CAAC,KAAK,gBACR,QAAO;GACL,WAAW;GACX,UAAU;GACX;AAEH,SAAO,EAAE,WAAW,MAAM;GAC1B;;;;;AAMJ,eAAsB,gCACpB,QACA,IACA;CACA,MAAM,CAAC,WAAW,MAAM,GACrB,QAAQ,CACR,KAAK,uBAAuB,CAC5B,MACC,IACE,GAAG,uBAAuB,IAAI,GAAG,EACjC,GAAG,uBAAuB,QAAQ,OAAO,CAC1C,CACF;AAEH,QAAO;;;;;AAMT,eAAsB,+BACpB,QACA,OACA;AACA,OAAM,mCAAmC,OAAO;CAEhD,MAAM,OAAO,mBAAmB;CAEhC,MAAM,CAAC,uBAAuB,MAAM,GACjC,OAAO,uBAAuB,CAC9B,OAAO;EACN;EACA;EACA;EACA,WAAW,IAAI,KAAK,yBAAS,IAAI,MAAM,EAAE,EAAE,CAAC;EAC7C,CAAC,CACD,WAAW;AAEd,QAAO;;;;;AAMT,eAAsB,mCACpB,QACe;AACf,OAAM,GACH,OAAO,uBAAuB,CAC9B,MAAM,GAAG,uBAAuB,QAAQ,OAAO,CAAC;;;;;AAMrD,eAAsB,sBACpB,OACA,MACe;AACf,OAAM,gCAAgB,OAAO,KAAK;;;;;AAMpC,eAAsB,kCACpB,SACe;AAGf,EAFoB,MAAM,SAAS,EAEvB,IAAI,sBAAsB,QAAQ,IAAI;EAChD,UAAU;EACV,MAAM;EACN,QAAQ,QAAQ,IAAI,aAAa;EACjC,UAAU;EACV,SAAS,QAAQ;EAClB,CAAC;;;;;AAMJ,eAAsB,uCAAsD;AAE1E,EADoB,MAAM,SAAS,EACvB,OAAO,qBAAqB;;;;;AAM1C,eAAsB,6CAA6C;CACjE,MAAM,EAAE,SAAS,MAAM,mBAAmB;AAE1C,KAAI,CAAC,KACH,QAAO;CAIT,MAAM,MADc,MAAM,SAAS,EACZ,IAAI,qBAAqB,EAAE,SAAS;AAE3D,KAAI,CAAC,GACH,QAAO;CAGT,MAAM,UAAU,MAAM,gCAAgC,KAAK,IAAI,GAAG;AAElE,KAAI,CAAC,QACH,OAAM,sCAAsC;AAG9C,QAAO"}