@arch-cadre/core 0.0.6

package/dist/core/auth/types.d.mts

@@ -0,0 +1,55 @@
+import { passwordResetSessionTable, sessionTable, userTable } from "../../server/database/schema.mjs";
+import { UserPermission, UserRole } from "../types.mjs";
+
+//#region src/core/auth/types.d.ts
+type User = typeof userTable.$inferSelect;
+type Session = typeof sessionTable.$inferSelect & Record<string, any>;
+type PasswordResetSession = typeof passwordResetSessionTable.$inferSelect & Record<string, any>;
+/**
+ * Represents a user with all potential extensions.
+ * Use this type in UI components that require data added by modules.
+ */
+type FullUser = User & Record<string, any> & {
+  roles: UserRole[];
+  permissions: UserPermission[];
+};
+/**
+ * Basic session context.
+ */
+interface AuthSession {
+  session: Session | null;
+  user: FullUser | null;
+}
+interface SessionFlags {
+  [key: string]: any;
+}
+type UserSession = {
+  id: string;
+  createdAt: Date;
+  expiresAt: Date;
+  isCurrent: boolean;
+  [key: string]: any;
+};
+type AuthResponse = {
+  status: "SUCCESS";
+  session: Session;
+  user: FullUser;
+  redirect?: string;
+} | {
+  status: "CHALLENGE_REQUIRED";
+  type: string;
+  userId: string;
+  tempToken?: string;
+  redirect?: string;
+} | {
+  status: "ERROR";
+  message: string;
+  redirect?: string;
+};
+interface PasswordResetAuthSession {
+  session: PasswordResetSession | null;
+  user: FullUser | null;
+}
+//#endregion
+export { AuthResponse, AuthSession, FullUser, PasswordResetAuthSession, PasswordResetSession, Session, SessionFlags, User, UserSession };
+//# sourceMappingURL=types.d.mts.map

package/dist/core/auth/types.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.mts","names":[],"sources":["../../../src/core/auth/types.ts"],"mappings":";;;;KASY,IAAA,UAAc,SAAA,CAAU,YAAA;AAAA,KACxB,OAAA,UAAiB,YAAA,CAAa,YAAA,GAAe,MAAA;AAAA,KAC7C,oBAAA,UACH,yBAAA,CAA0B,YAAA,GAAe,MAAA;;;;AAFlD;KAQY,QAAA,GAAW,IAAA,GACrB,MAAA;EACE,KAAA,EAAO,QAAA;EACP,WAAA,EAAa,cAAA;AAAA;;;;UAMA,WAAA;EACf,OAAA,EAAS,OAAA;EACT,IAAA,EAAM,QAAA;AAAA;AAAA,UAGS,YAAA;EAAA,CACd,GAAA;AAAA;AAAA,KAGS,WAAA;EACV,EAAA;EACA,SAAA,EAAW,IAAA;EACX,SAAA,EAAW,IAAA;EACX,SAAA;EAAA,CACC,GAAA;AAAA;AAAA,KAGS,YAAA;EACN,MAAA;EAAmB,OAAA,EAAS,OAAA;EAAS,IAAA,EAAM,QAAA;EAAU,QAAA;AAAA;EAErD,MAAA;EACA,IAAA;EACA,MAAA;EACA,SAAA;EACA,QAAA;AAAA;EAEA,MAAA;EAAiB,OAAA;EAAiB,QAAA;AAAA;AAAA,UAEvB,wBAAA;EACf,OAAA,EAAS,oBAAA;EACT,IAAA,EAAM,QAAA;AAAA"}

package/dist/core/auth/utils/encode.cjs

@@ -0,0 +1,27 @@
+const require_runtime = require('../../../_virtual/_rolldown/runtime.cjs');
+let _oslojs_encoding = require("@oslojs/encoding");
+
+//#region src/core/auth/utils/encode.ts
+/**
+* Generates a random one-time code (OTP).
+* @param length Length of the generated code (default 6).
+* @returns A random uppercase base32 string.
+*/
+function generateRandomOTP(length = 6) {
+	const bytes = new Uint8Array(5);
+	crypto.getRandomValues(bytes);
+	return (0, _oslojs_encoding.encodeBase32UpperCaseNoPadding)(bytes).substring(0, length);
+}
+/**
+* Generates a random recovery code.
+* @returns A random uppercase base32 string.
+*/
+function generateRandomRecoveryCode() {
+	const recoveryCodeBytes = new Uint8Array(10);
+	crypto.getRandomValues(recoveryCodeBytes);
+	return (0, _oslojs_encoding.encodeBase32UpperCaseNoPadding)(recoveryCodeBytes);
+}
+
+//#endregion
+exports.generateRandomOTP = generateRandomOTP;
+exports.generateRandomRecoveryCode = generateRandomRecoveryCode;

package/dist/core/auth/utils/encode.d.cts

@@ -0,0 +1,15 @@
+//#region src/core/auth/utils/encode.d.ts
+/**
+ * Generates a random one-time code (OTP).
+ * @param length Length of the generated code (default 6).
+ * @returns A random uppercase base32 string.
+ */
+declare function generateRandomOTP(length?: number): string;
+/**
+ * Generates a random recovery code.
+ * @returns A random uppercase base32 string.
+ */
+declare function generateRandomRecoveryCode(): string;
+//#endregion
+export { generateRandomOTP, generateRandomRecoveryCode };
+//# sourceMappingURL=encode.d.cts.map

package/dist/core/auth/utils/encode.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encode.d.cts","names":[],"sources":["../../../../src/core/auth/utils/encode.ts"],"mappings":";;AAOA;;;;iBAAgB,iBAAA,CAAkB,MAAA;AAUlC;;;;AAAA,iBAAgB,0BAAA,CAAA"}

package/dist/core/auth/utils/encode.d.mts

@@ -0,0 +1,15 @@
+//#region src/core/auth/utils/encode.d.ts
+/**
+ * Generates a random one-time code (OTP).
+ * @param length Length of the generated code (default 6).
+ * @returns A random uppercase base32 string.
+ */
+declare function generateRandomOTP(length?: number): string;
+/**
+ * Generates a random recovery code.
+ * @returns A random uppercase base32 string.
+ */
+declare function generateRandomRecoveryCode(): string;
+//#endregion
+export { generateRandomOTP, generateRandomRecoveryCode };
+//# sourceMappingURL=encode.d.mts.map

package/dist/core/auth/utils/encode.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encode.d.mts","names":[],"sources":["../../../../src/core/auth/utils/encode.ts"],"mappings":";;AAOA;;;;iBAAgB,iBAAA,CAAkB,MAAA;AAUlC;;;;AAAA,iBAAgB,0BAAA,CAAA"}

package/dist/core/auth/utils/encode.mjs

@@ -0,0 +1,26 @@
+import { encodeBase32UpperCaseNoPadding } from "@oslojs/encoding";
+
+//#region src/core/auth/utils/encode.ts
+/**
+* Generates a random one-time code (OTP).
+* @param length Length of the generated code (default 6).
+* @returns A random uppercase base32 string.
+*/
+function generateRandomOTP(length = 6) {
+	const bytes = new Uint8Array(5);
+	crypto.getRandomValues(bytes);
+	return encodeBase32UpperCaseNoPadding(bytes).substring(0, length);
+}
+/**
+* Generates a random recovery code.
+* @returns A random uppercase base32 string.
+*/
+function generateRandomRecoveryCode() {
+	const recoveryCodeBytes = new Uint8Array(10);
+	crypto.getRandomValues(recoveryCodeBytes);
+	return encodeBase32UpperCaseNoPadding(recoveryCodeBytes);
+}
+
+//#endregion
+export { generateRandomOTP, generateRandomRecoveryCode };
+//# sourceMappingURL=encode.mjs.map

package/dist/core/auth/utils/encode.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"encode.mjs","names":[],"sources":["../../../../src/core/auth/utils/encode.ts"],"sourcesContent":["import { encodeBase32UpperCaseNoPadding } from \"@oslojs/encoding\";\n\n/**\n * Generates a random one-time code (OTP).\n * @param length Length of the generated code (default 6).\n * @returns A random uppercase base32 string.\n */\nexport function generateRandomOTP(length = 6): string {\n  const bytes = new Uint8Array(5);\n  crypto.getRandomValues(bytes);\n  return encodeBase32UpperCaseNoPadding(bytes).substring(0, length);\n}\n\n/**\n * Generates a random recovery code.\n * @returns A random uppercase base32 string.\n */\nexport function generateRandomRecoveryCode(): string {\n  const recoveryCodeBytes = new Uint8Array(10);\n  crypto.getRandomValues(recoveryCodeBytes);\n  return encodeBase32UpperCaseNoPadding(recoveryCodeBytes);\n}\n"],"mappings":";;;;;;;;AAOA,SAAgB,kBAAkB,SAAS,GAAW;CACpD,MAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,QAAO,gBAAgB,MAAM;AAC7B,QAAO,+BAA+B,MAAM,CAAC,UAAU,GAAG,OAAO;;;;;;AAOnE,SAAgB,6BAAqC;CACnD,MAAM,oBAAoB,IAAI,WAAW,GAAG;AAC5C,QAAO,gBAAgB,kBAAkB;AACzC,QAAO,+BAA+B,kBAAkB"}

package/dist/core/auth/utils/encryption.cjs

@@ -0,0 +1,67 @@
+const require_runtime = require('../../../_virtual/_rolldown/runtime.cjs');
+let _oslojs_encoding = require("@oslojs/encoding");
+let node_crypto = require("node:crypto");
+let _oslojs_binary = require("@oslojs/binary");
+
+//#region src/core/auth/utils/encryption.ts
+const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
+if (!ENCRYPTION_KEY) throw new Error("ENCRYPTION_KEY environment variable is not set");
+/**
+* The encryption key decoded from base64.
+*/
+const key = (0, _oslojs_encoding.decodeBase64)(ENCRYPTION_KEY);
+/**
+* Encrypts data using AES-128-GCM.
+* @param data Data to be encrypted.
+* @returns Encrypted data including IV and auth tag.
+*/
+function encrypt(data) {
+	const iv = new Uint8Array(16);
+	crypto.getRandomValues(iv);
+	const cipher = (0, node_crypto.createCipheriv)("aes-128-gcm", key, iv);
+	const encrypted = new _oslojs_binary.DynamicBuffer(0);
+	encrypted.write(iv);
+	encrypted.write(cipher.update(data));
+	encrypted.write(cipher.final());
+	encrypted.write(cipher.getAuthTag());
+	return encrypted.bytes();
+}
+/**
+* Encrypts a string.
+* @param data String to be encrypted.
+* @returns Encrypted data as Uint8Array.
+*/
+function encryptString(data) {
+	return encrypt(new TextEncoder().encode(data));
+}
+/**
+* Decrypts data using AES-128-GCM.
+* @param encrypted Encrypted data (IV + content + auth tag).
+* @returns Decrypted data.
+*/
+function decrypt(encrypted) {
+	if (encrypted.byteLength < 33) throw new Error("Invalid encrypted data length");
+	const iv = encrypted.slice(0, 16);
+	const authTag = encrypted.slice(encrypted.byteLength - 16);
+	const content = encrypted.slice(16, encrypted.byteLength - 16);
+	const decipher = (0, node_crypto.createDecipheriv)("aes-128-gcm", key, iv);
+	decipher.setAuthTag(authTag);
+	const decrypted = new _oslojs_binary.DynamicBuffer(0);
+	decrypted.write(decipher.update(content));
+	decrypted.write(decipher.final());
+	return decrypted.bytes();
+}
+/**
+* Decrypts data to a string.
+* @param data Encrypted data.
+* @returns Odszyfrowany ciąg znaków.
+*/
+function decryptToString(data) {
+	return new TextDecoder().decode(decrypt(data));
+}
+
+//#endregion
+exports.decrypt = decrypt;
+exports.decryptToString = decryptToString;
+exports.encrypt = encrypt;
+exports.encryptString = encryptString;

package/dist/core/auth/utils/encryption.d.cts

@@ -0,0 +1,28 @@
+//#region src/core/auth/utils/encryption.d.ts
+/**
+ * Encrypts data using AES-128-GCM.
+ * @param data Data to be encrypted.
+ * @returns Encrypted data including IV and auth tag.
+ */
+declare function encrypt(data: Uint8Array): Uint8Array;
+/**
+ * Encrypts a string.
+ * @param data String to be encrypted.
+ * @returns Encrypted data as Uint8Array.
+ */
+declare function encryptString(data: string): Uint8Array;
+/**
+ * Decrypts data using AES-128-GCM.
+ * @param encrypted Encrypted data (IV + content + auth tag).
+ * @returns Decrypted data.
+ */
+declare function decrypt(encrypted: Uint8Array): Uint8Array;
+/**
+ * Decrypts data to a string.
+ * @param data Encrypted data.
+ * @returns Odszyfrowany ciąg znaków.
+ */
+declare function decryptToString(data: Uint8Array): string;
+//#endregion
+export { decrypt, decryptToString, encrypt, encryptString };
+//# sourceMappingURL=encryption.d.cts.map

package/dist/core/auth/utils/encryption.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.cts","names":[],"sources":["../../../../src/core/auth/utils/encryption.ts"],"mappings":";;AAoBA;;;;iBAAgB,OAAA,CAAQ,IAAA,EAAM,UAAA,GAAa,UAAA;;;;;AAiB3C;iBAAgB,aAAA,CAAc,IAAA,WAAe,UAAA;;;;AAS7C;;iBAAgB,OAAA,CAAQ,SAAA,EAAW,UAAA,GAAa,UAAA;;;;;;iBAsBhC,eAAA,CAAgB,IAAA,EAAM,UAAA"}

package/dist/core/auth/utils/encryption.d.mts

@@ -0,0 +1,28 @@
+//#region src/core/auth/utils/encryption.d.ts
+/**
+ * Encrypts data using AES-128-GCM.
+ * @param data Data to be encrypted.
+ * @returns Encrypted data including IV and auth tag.
+ */
+declare function encrypt(data: Uint8Array): Uint8Array;
+/**
+ * Encrypts a string.
+ * @param data String to be encrypted.
+ * @returns Encrypted data as Uint8Array.
+ */
+declare function encryptString(data: string): Uint8Array;
+/**
+ * Decrypts data using AES-128-GCM.
+ * @param encrypted Encrypted data (IV + content + auth tag).
+ * @returns Decrypted data.
+ */
+declare function decrypt(encrypted: Uint8Array): Uint8Array;
+/**
+ * Decrypts data to a string.
+ * @param data Encrypted data.
+ * @returns Odszyfrowany ciąg znaków.
+ */
+declare function decryptToString(data: Uint8Array): string;
+//#endregion
+export { decrypt, decryptToString, encrypt, encryptString };
+//# sourceMappingURL=encryption.d.mts.map

package/dist/core/auth/utils/encryption.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.mts","names":[],"sources":["../../../../src/core/auth/utils/encryption.ts"],"mappings":";;AAoBA;;;;iBAAgB,OAAA,CAAQ,IAAA,EAAM,UAAA,GAAa,UAAA;;;;;AAiB3C;iBAAgB,aAAA,CAAc,IAAA,WAAe,UAAA;;;;AAS7C;;iBAAgB,OAAA,CAAQ,SAAA,EAAW,UAAA,GAAa,UAAA;;;;;;iBAsBhC,eAAA,CAAgB,IAAA,EAAM,UAAA"}

package/dist/core/auth/utils/encryption.mjs

@@ -0,0 +1,64 @@
+import { decodeBase64 } from "@oslojs/encoding";
+import { createCipheriv, createDecipheriv } from "node:crypto";
+import { DynamicBuffer } from "@oslojs/binary";
+
+//#region src/core/auth/utils/encryption.ts
+const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;
+if (!ENCRYPTION_KEY) throw new Error("ENCRYPTION_KEY environment variable is not set");
+/**
+* The encryption key decoded from base64.
+*/
+const key = decodeBase64(ENCRYPTION_KEY);
+/**
+* Encrypts data using AES-128-GCM.
+* @param data Data to be encrypted.
+* @returns Encrypted data including IV and auth tag.
+*/
+function encrypt(data) {
+	const iv = new Uint8Array(16);
+	crypto.getRandomValues(iv);
+	const cipher = createCipheriv("aes-128-gcm", key, iv);
+	const encrypted = new DynamicBuffer(0);
+	encrypted.write(iv);
+	encrypted.write(cipher.update(data));
+	encrypted.write(cipher.final());
+	encrypted.write(cipher.getAuthTag());
+	return encrypted.bytes();
+}
+/**
+* Encrypts a string.
+* @param data String to be encrypted.
+* @returns Encrypted data as Uint8Array.
+*/
+function encryptString(data) {
+	return encrypt(new TextEncoder().encode(data));
+}
+/**
+* Decrypts data using AES-128-GCM.
+* @param encrypted Encrypted data (IV + content + auth tag).
+* @returns Decrypted data.
+*/
+function decrypt(encrypted) {
+	if (encrypted.byteLength < 33) throw new Error("Invalid encrypted data length");
+	const iv = encrypted.slice(0, 16);
+	const authTag = encrypted.slice(encrypted.byteLength - 16);
+	const content = encrypted.slice(16, encrypted.byteLength - 16);
+	const decipher = createDecipheriv("aes-128-gcm", key, iv);
+	decipher.setAuthTag(authTag);
+	const decrypted = new DynamicBuffer(0);
+	decrypted.write(decipher.update(content));
+	decrypted.write(decipher.final());
+	return decrypted.bytes();
+}
+/**
+* Decrypts data to a string.
+* @param data Encrypted data.
+* @returns Odszyfrowany ciąg znaków.
+*/
+function decryptToString(data) {
+	return new TextDecoder().decode(decrypt(data));
+}
+
+//#endregion
+export { decrypt, decryptToString, encrypt, encryptString };
+//# sourceMappingURL=encryption.mjs.map

package/dist/core/auth/utils/encryption.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.mjs","names":[],"sources":["../../../../src/core/auth/utils/encryption.ts"],"sourcesContent":["import { createCipheriv, createDecipheriv } from \"node:crypto\";\nimport { DynamicBuffer } from \"@oslojs/binary\";\nimport { decodeBase64 } from \"@oslojs/encoding\";\n\nconst ENCRYPTION_KEY = process.env.ENCRYPTION_KEY;\n\nif (!ENCRYPTION_KEY) {\n  throw new Error(\"ENCRYPTION_KEY environment variable is not set\");\n}\n\n/**\n * The encryption key decoded from base64.\n */\nconst key = decodeBase64(ENCRYPTION_KEY);\n\n/**\n * Encrypts data using AES-128-GCM.\n * @param data Data to be encrypted.\n * @returns Encrypted data including IV and auth tag.\n */\nexport function encrypt(data: Uint8Array): Uint8Array {\n  const iv = new Uint8Array(16);\n  crypto.getRandomValues(iv);\n  const cipher = createCipheriv(\"aes-128-gcm\", key, iv);\n  const encrypted = new DynamicBuffer(0);\n  encrypted.write(iv);\n  encrypted.write(cipher.update(data));\n  encrypted.write(cipher.final());\n  encrypted.write(cipher.getAuthTag());\n  return encrypted.bytes();\n}\n\n/**\n * Encrypts a string.\n * @param data String to be encrypted.\n * @returns Encrypted data as Uint8Array.\n */\nexport function encryptString(data: string): Uint8Array {\n  return encrypt(new TextEncoder().encode(data));\n}\n\n/**\n * Decrypts data using AES-128-GCM.\n * @param encrypted Encrypted data (IV + content + auth tag).\n * @returns Decrypted data.\n */\nexport function decrypt(encrypted: Uint8Array): Uint8Array {\n  if (encrypted.byteLength < 33) {\n    throw new Error(\"Invalid encrypted data length\");\n  }\n  const iv = encrypted.slice(0, 16);\n  const authTag = encrypted.slice(encrypted.byteLength - 16);\n  const content = encrypted.slice(16, encrypted.byteLength - 16);\n\n  const decipher = createDecipheriv(\"aes-128-gcm\", key, iv);\n  decipher.setAuthTag(authTag);\n\n  const decrypted = new DynamicBuffer(0);\n  decrypted.write(decipher.update(content));\n  decrypted.write(decipher.final());\n  return decrypted.bytes();\n}\n\n/**\n * Decrypts data to a string.\n * @param data Encrypted data.\n * @returns Odszyfrowany ciąg znaków.\n */\nexport function decryptToString(data: Uint8Array): string {\n  return new TextDecoder().decode(decrypt(data));\n}\n"],"mappings":";;;;;AAIA,MAAM,iBAAiB,QAAQ,IAAI;AAEnC,IAAI,CAAC,eACH,OAAM,IAAI,MAAM,iDAAiD;;;;AAMnE,MAAM,MAAM,aAAa,eAAe;;;;;;AAOxC,SAAgB,QAAQ,MAA8B;CACpD,MAAM,KAAK,IAAI,WAAW,GAAG;AAC7B,QAAO,gBAAgB,GAAG;CAC1B,MAAM,SAAS,eAAe,eAAe,KAAK,GAAG;CACrD,MAAM,YAAY,IAAI,cAAc,EAAE;AACtC,WAAU,MAAM,GAAG;AACnB,WAAU,MAAM,OAAO,OAAO,KAAK,CAAC;AACpC,WAAU,MAAM,OAAO,OAAO,CAAC;AAC/B,WAAU,MAAM,OAAO,YAAY,CAAC;AACpC,QAAO,UAAU,OAAO;;;;;;;AAQ1B,SAAgB,cAAc,MAA0B;AACtD,QAAO,QAAQ,IAAI,aAAa,CAAC,OAAO,KAAK,CAAC;;;;;;;AAQhD,SAAgB,QAAQ,WAAmC;AACzD,KAAI,UAAU,aAAa,GACzB,OAAM,IAAI,MAAM,gCAAgC;CAElD,MAAM,KAAK,UAAU,MAAM,GAAG,GAAG;CACjC,MAAM,UAAU,UAAU,MAAM,UAAU,aAAa,GAAG;CAC1D,MAAM,UAAU,UAAU,MAAM,IAAI,UAAU,aAAa,GAAG;CAE9D,MAAM,WAAW,iBAAiB,eAAe,KAAK,GAAG;AACzD,UAAS,WAAW,QAAQ;CAE5B,MAAM,YAAY,IAAI,cAAc,EAAE;AACtC,WAAU,MAAM,SAAS,OAAO,QAAQ,CAAC;AACzC,WAAU,MAAM,SAAS,OAAO,CAAC;AACjC,QAAO,UAAU,OAAO;;;;;;;AAQ1B,SAAgB,gBAAgB,MAA0B;AACxD,QAAO,IAAI,aAAa,CAAC,OAAO,QAAQ,KAAK,CAAC"}

package/dist/core/auth/validation.cjs

@@ -0,0 +1,39 @@
+const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
+let zod = require("zod");
+
+//#region src/core/auth/validation.ts
+const loginSchema = zod.z.object({
+	email: zod.z.string().email("Invalid email address"),
+	password: zod.z.string().min(8),
+	remember: zod.z.boolean().optional()
+});
+const registerSchema = zod.z.object({
+	username: zod.z.string().min(2, "Name must be at least 2 characters"),
+	email: zod.z.string().email("Invalid email address"),
+	password: zod.z.string().min(8, "Password must be at least 8 characters"),
+	terms: zod.z.boolean().refine((val) => val === true, "You must accept the terms")
+});
+const forgotPasswordSchema = zod.z.object({ email: zod.z.string().email("Invalid email address") });
+const resetPasswordSchema = zod.z.object({
+	password: zod.z.string().min(8, "Password must be at least 8 characters"),
+	confirm: zod.z.string()
+}).refine((data) => data.password === data.confirm, {
+	message: "Passwords do not match",
+	path: ["confirm"]
+});
+const verifyEmailSchema = zod.z.object({ code: zod.z.string().min(6).max(6) });
+const totpSetupSchema = zod.z.object({ code: zod.z.string().regex(/^\d{6}$/, "Code must be 6 digits") });
+const totpVerifySchema = zod.z.object({ code: zod.z.string().regex(/^\d{6}$/, "Code must be 6 digits") });
+const passkeysSetupSchema = zod.z.object({ name: zod.z.string().min(1, "Passkey name is required") });
+const recoveryCodeVerifySchema = zod.z.object({ code: zod.z.string().min(16, "Recovery code is required").max(16) });
+
+//#endregion
+exports.forgotPasswordSchema = forgotPasswordSchema;
+exports.loginSchema = loginSchema;
+exports.passkeysSetupSchema = passkeysSetupSchema;
+exports.recoveryCodeVerifySchema = recoveryCodeVerifySchema;
+exports.registerSchema = registerSchema;
+exports.resetPasswordSchema = resetPasswordSchema;
+exports.totpSetupSchema = totpSetupSchema;
+exports.totpVerifySchema = totpVerifySchema;
+exports.verifyEmailSchema = verifyEmailSchema;

package/dist/core/auth/validation.d.cts

@@ -0,0 +1,48 @@
+import { z } from "zod";
+
+//#region src/core/auth/validation.d.ts
+declare const loginSchema: z.ZodObject<{
+  email: z.ZodString;
+  password: z.ZodString;
+  remember: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+declare const registerSchema: z.ZodObject<{
+  username: z.ZodString;
+  email: z.ZodString;
+  password: z.ZodString;
+  terms: z.ZodBoolean;
+}, z.core.$strip>;
+declare const forgotPasswordSchema: z.ZodObject<{
+  email: z.ZodString;
+}, z.core.$strip>;
+declare const resetPasswordSchema: z.ZodObject<{
+  password: z.ZodString;
+  confirm: z.ZodString;
+}, z.core.$strip>;
+declare const verifyEmailSchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+declare const totpSetupSchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+declare const totpVerifySchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+declare const passkeysSetupSchema: z.ZodObject<{
+  name: z.ZodString;
+}, z.core.$strip>;
+declare const recoveryCodeVerifySchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+type LoginInput = z.infer<typeof loginSchema>;
+type RegisterInput = z.infer<typeof registerSchema>;
+type ForgotPasswordInput = z.infer<typeof forgotPasswordSchema>;
+type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;
+type TOTPSetupInput = z.infer<typeof totpSetupSchema>;
+type TOTPVerifyInput = z.infer<typeof totpVerifySchema>;
+type PasskeysSetupInput = z.infer<typeof passkeysSetupSchema>;
+type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;
+type RecoveryVerifyInput = z.infer<typeof recoveryCodeVerifySchema>;
+//#endregion
+export { ForgotPasswordInput, LoginInput, PasskeysSetupInput, RecoveryVerifyInput, RegisterInput, ResetPasswordInput, TOTPSetupInput, TOTPVerifyInput, VerifyEmailInput, forgotPasswordSchema, loginSchema, passkeysSetupSchema, recoveryCodeVerifySchema, registerSchema, resetPasswordSchema, totpSetupSchema, totpVerifySchema, verifyEmailSchema };
+//# sourceMappingURL=validation.d.cts.map

package/dist/core/auth/validation.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.cts","names":[],"sources":["../../../src/core/auth/validation.ts"],"mappings":";;;cAGa,WAAA,EAAW,CAAA,CAAA,SAAA;;;;;cAMX,cAAA,EAAc,CAAA,CAAA,SAAA;;;;;;cAOd,oBAAA,EAAoB,CAAA,CAAA,SAAA;;;cAIpB,mBAAA,EAAmB,CAAA,CAAA,SAAA;;;;cAUnB,iBAAA,EAAiB,CAAA,CAAA,SAAA;;;cAKjB,eAAA,EAAe,CAAA,CAAA,SAAA;;;cAIf,gBAAA,EAAgB,CAAA,CAAA,SAAA;;;cAIhB,mBAAA,EAAmB,CAAA,CAAA,SAAA;;;cAInB,wBAAA,EAAwB,CAAA,CAAA,SAAA;;;KAKzB,UAAA,GAAa,CAAA,CAAE,KAAA,QAAa,WAAA;AAAA,KAC5B,aAAA,GAAgB,CAAA,CAAE,KAAA,QAAa,cAAA;AAAA,KAC/B,mBAAA,GAAsB,CAAA,CAAE,KAAA,QAAa,oBAAA;AAAA,KACrC,kBAAA,GAAqB,CAAA,CAAE,KAAA,QAAa,mBAAA;AAAA,KACpC,cAAA,GAAiB,CAAA,CAAE,KAAA,QAAa,eAAA;AAAA,KAChC,eAAA,GAAkB,CAAA,CAAE,KAAA,QAAa,gBAAA;AAAA,KACjC,kBAAA,GAAqB,CAAA,CAAE,KAAA,QAAa,mBAAA;AAAA,KACpC,gBAAA,GAAmB,CAAA,CAAE,KAAA,QAAa,iBAAA;AAAA,KAClC,mBAAA,GAAsB,CAAA,CAAE,KAAA,QAAa,wBAAA"}

package/dist/core/auth/validation.d.mts

@@ -0,0 +1,48 @@
+import { z } from "zod";
+
+//#region src/core/auth/validation.d.ts
+declare const loginSchema: z.ZodObject<{
+  email: z.ZodString;
+  password: z.ZodString;
+  remember: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+declare const registerSchema: z.ZodObject<{
+  username: z.ZodString;
+  email: z.ZodString;
+  password: z.ZodString;
+  terms: z.ZodBoolean;
+}, z.core.$strip>;
+declare const forgotPasswordSchema: z.ZodObject<{
+  email: z.ZodString;
+}, z.core.$strip>;
+declare const resetPasswordSchema: z.ZodObject<{
+  password: z.ZodString;
+  confirm: z.ZodString;
+}, z.core.$strip>;
+declare const verifyEmailSchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+declare const totpSetupSchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+declare const totpVerifySchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+declare const passkeysSetupSchema: z.ZodObject<{
+  name: z.ZodString;
+}, z.core.$strip>;
+declare const recoveryCodeVerifySchema: z.ZodObject<{
+  code: z.ZodString;
+}, z.core.$strip>;
+type LoginInput = z.infer<typeof loginSchema>;
+type RegisterInput = z.infer<typeof registerSchema>;
+type ForgotPasswordInput = z.infer<typeof forgotPasswordSchema>;
+type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;
+type TOTPSetupInput = z.infer<typeof totpSetupSchema>;
+type TOTPVerifyInput = z.infer<typeof totpVerifySchema>;
+type PasskeysSetupInput = z.infer<typeof passkeysSetupSchema>;
+type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;
+type RecoveryVerifyInput = z.infer<typeof recoveryCodeVerifySchema>;
+//#endregion
+export { ForgotPasswordInput, LoginInput, PasskeysSetupInput, RecoveryVerifyInput, RegisterInput, ResetPasswordInput, TOTPSetupInput, TOTPVerifyInput, VerifyEmailInput, forgotPasswordSchema, loginSchema, passkeysSetupSchema, recoveryCodeVerifySchema, registerSchema, resetPasswordSchema, totpSetupSchema, totpVerifySchema, verifyEmailSchema };
+//# sourceMappingURL=validation.d.mts.map

package/dist/core/auth/validation.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.mts","names":[],"sources":["../../../src/core/auth/validation.ts"],"mappings":";;;cAGa,WAAA,EAAW,CAAA,CAAA,SAAA;;;;;cAMX,cAAA,EAAc,CAAA,CAAA,SAAA;;;;;;cAOd,oBAAA,EAAoB,CAAA,CAAA,SAAA;;;cAIpB,mBAAA,EAAmB,CAAA,CAAA,SAAA;;;;cAUnB,iBAAA,EAAiB,CAAA,CAAA,SAAA;;;cAKjB,eAAA,EAAe,CAAA,CAAA,SAAA;;;cAIf,gBAAA,EAAgB,CAAA,CAAA,SAAA;;;cAIhB,mBAAA,EAAmB,CAAA,CAAA,SAAA;;;cAInB,wBAAA,EAAwB,CAAA,CAAA,SAAA;;;KAKzB,UAAA,GAAa,CAAA,CAAE,KAAA,QAAa,WAAA;AAAA,KAC5B,aAAA,GAAgB,CAAA,CAAE,KAAA,QAAa,cAAA;AAAA,KAC/B,mBAAA,GAAsB,CAAA,CAAE,KAAA,QAAa,oBAAA;AAAA,KACrC,kBAAA,GAAqB,CAAA,CAAE,KAAA,QAAa,mBAAA;AAAA,KACpC,cAAA,GAAiB,CAAA,CAAE,KAAA,QAAa,eAAA;AAAA,KAChC,eAAA,GAAkB,CAAA,CAAE,KAAA,QAAa,gBAAA;AAAA,KACjC,kBAAA,GAAqB,CAAA,CAAE,KAAA,QAAa,mBAAA;AAAA,KACpC,gBAAA,GAAmB,CAAA,CAAE,KAAA,QAAa,iBAAA;AAAA,KAClC,mBAAA,GAAsB,CAAA,CAAE,KAAA,QAAa,wBAAA"}

package/dist/core/auth/validation.mjs

@@ -0,0 +1,31 @@
+import { z } from "zod";
+
+//#region src/core/auth/validation.ts
+const loginSchema = z.object({
+	email: z.string().email("Invalid email address"),
+	password: z.string().min(8),
+	remember: z.boolean().optional()
+});
+const registerSchema = z.object({
+	username: z.string().min(2, "Name must be at least 2 characters"),
+	email: z.string().email("Invalid email address"),
+	password: z.string().min(8, "Password must be at least 8 characters"),
+	terms: z.boolean().refine((val) => val === true, "You must accept the terms")
+});
+const forgotPasswordSchema = z.object({ email: z.string().email("Invalid email address") });
+const resetPasswordSchema = z.object({
+	password: z.string().min(8, "Password must be at least 8 characters"),
+	confirm: z.string()
+}).refine((data) => data.password === data.confirm, {
+	message: "Passwords do not match",
+	path: ["confirm"]
+});
+const verifyEmailSchema = z.object({ code: z.string().min(6).max(6) });
+const totpSetupSchema = z.object({ code: z.string().regex(/^\d{6}$/, "Code must be 6 digits") });
+const totpVerifySchema = z.object({ code: z.string().regex(/^\d{6}$/, "Code must be 6 digits") });
+const passkeysSetupSchema = z.object({ name: z.string().min(1, "Passkey name is required") });
+const recoveryCodeVerifySchema = z.object({ code: z.string().min(16, "Recovery code is required").max(16) });
+
+//#endregion
+export { forgotPasswordSchema, loginSchema, passkeysSetupSchema, recoveryCodeVerifySchema, registerSchema, resetPasswordSchema, totpSetupSchema, totpVerifySchema, verifyEmailSchema };
+//# sourceMappingURL=validation.mjs.map

package/dist/core/auth/validation.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.mjs","names":[],"sources":["../../../src/core/auth/validation.ts"],"sourcesContent":["import { z } from \"zod\";\n\n// Auth validation schemas - CLEAN (No DB dependencies for client-side)\nexport const loginSchema = z.object({\n  email: z.string().email(\"Invalid email address\"),\n  password: z.string().min(8),\n  remember: z.boolean().optional(),\n});\n\nexport const registerSchema = z.object({\n  username: z.string().min(2, \"Name must be at least 2 characters\"),\n  email: z.string().email(\"Invalid email address\"),\n  password: z.string().min(8, \"Password must be at least 8 characters\"),\n  terms: z.boolean().refine((val) => val === true, \"You must accept the terms\"),\n});\n\nexport const forgotPasswordSchema = z.object({\n  email: z.string().email(\"Invalid email address\"),\n});\n\nexport const resetPasswordSchema = z\n  .object({\n    password: z.string().min(8, \"Password must be at least 8 characters\"),\n    confirm: z.string(),\n  })\n  .refine((data) => data.password === data.confirm, {\n    message: \"Passwords do not match\",\n    path: [\"confirm\"],\n  });\n\nexport const verifyEmailSchema = z.object({\n  code: z.string().min(6).max(6),\n});\n\n// mfa validation schemas\nexport const totpSetupSchema = z.object({\n  code: z.string().regex(/^\\d{6}$/, \"Code must be 6 digits\"),\n});\n\nexport const totpVerifySchema = z.object({\n  code: z.string().regex(/^\\d{6}$/, \"Code must be 6 digits\"),\n});\n\nexport const passkeysSetupSchema = z.object({\n  name: z.string().min(1, \"Passkey name is required\"),\n});\n\nexport const recoveryCodeVerifySchema = z.object({\n  code: z.string().min(16, \"Recovery code is required\").max(16),\n});\n\n// Type exports for use in components\nexport type LoginInput = z.infer<typeof loginSchema>;\nexport type RegisterInput = z.infer<typeof registerSchema>;\nexport type ForgotPasswordInput = z.infer<typeof forgotPasswordSchema>;\nexport type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;\nexport type TOTPSetupInput = z.infer<typeof totpSetupSchema>;\nexport type TOTPVerifyInput = z.infer<typeof totpVerifySchema>;\nexport type PasskeysSetupInput = z.infer<typeof passkeysSetupSchema>;\nexport type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;\nexport type RecoveryVerifyInput = z.infer<typeof recoveryCodeVerifySchema>;\n"],"mappings":";;;AAGA,MAAa,cAAc,EAAE,OAAO;CAClC,OAAO,EAAE,QAAQ,CAAC,MAAM,wBAAwB;CAChD,UAAU,EAAE,QAAQ,CAAC,IAAI,EAAE;CAC3B,UAAU,EAAE,SAAS,CAAC,UAAU;CACjC,CAAC;AAEF,MAAa,iBAAiB,EAAE,OAAO;CACrC,UAAU,EAAE,QAAQ,CAAC,IAAI,GAAG,qCAAqC;CACjE,OAAO,EAAE,QAAQ,CAAC,MAAM,wBAAwB;CAChD,UAAU,EAAE,QAAQ,CAAC,IAAI,GAAG,yCAAyC;CACrE,OAAO,EAAE,SAAS,CAAC,QAAQ,QAAQ,QAAQ,MAAM,4BAA4B;CAC9E,CAAC;AAEF,MAAa,uBAAuB,EAAE,OAAO,EAC3C,OAAO,EAAE,QAAQ,CAAC,MAAM,wBAAwB,EACjD,CAAC;AAEF,MAAa,sBAAsB,EAChC,OAAO;CACN,UAAU,EAAE,QAAQ,CAAC,IAAI,GAAG,yCAAyC;CACrE,SAAS,EAAE,QAAQ;CACpB,CAAC,CACD,QAAQ,SAAS,KAAK,aAAa,KAAK,SAAS;CAChD,SAAS;CACT,MAAM,CAAC,UAAU;CAClB,CAAC;AAEJ,MAAa,oBAAoB,EAAE,OAAO,EACxC,MAAM,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,EAC/B,CAAC;AAGF,MAAa,kBAAkB,EAAE,OAAO,EACtC,MAAM,EAAE,QAAQ,CAAC,MAAM,WAAW,wBAAwB,EAC3D,CAAC;AAEF,MAAa,mBAAmB,EAAE,OAAO,EACvC,MAAM,EAAE,QAAQ,CAAC,MAAM,WAAW,wBAAwB,EAC3D,CAAC;AAEF,MAAa,sBAAsB,EAAE,OAAO,EAC1C,MAAM,EAAE,QAAQ,CAAC,IAAI,GAAG,2BAA2B,EACpD,CAAC;AAEF,MAAa,2BAA2B,EAAE,OAAO,EAC/C,MAAM,EAAE,QAAQ,CAAC,IAAI,IAAI,4BAA4B,CAAC,IAAI,GAAG,EAC9D,CAAC"}

package/dist/core/bootstrap.cjs

@@ -0,0 +1,32 @@
+const require_event_bus = require('./event-bus.cjs');
+const require_inject = require('../server/database/inject.cjs');
+const require_email_verification = require('./auth/email-verification.cjs');
+const require_setup = require('./setup.cjs');
+const require_service = require('./notifications/service.cjs');
+
+//#region src/core/bootstrap.ts
+async function ensureSystemInitialized(providedDb) {
+	if (typeof window !== "undefined") return;
+	const g = globalThis;
+	if (providedDb) require_inject.injectDb(providedDb);
+	if (g.__KRYO_INITIALIZED__) return;
+	if (g.__KRYO_INITIALIZING__) return;
+	g.__KRYO_INITIALIZING__ = true;
+	try {
+		console.log("[Kryo:Bootstrap] Starting system initialization...");
+		if (!g.__KRYO_DB__) console.warn("[Kryo:Bootstrap] DB not detected during bootstrap start. Trying to continue...");
+		require_service.notificationService.init();
+		await require_email_verification.initEmailVerification();
+		if (await require_setup.isSystemInstalled()) {} else console.log("[Kryo:Bootstrap] System not installed. Skipping module initialization.");
+		await require_event_bus.eventBus.publish("system:start", { runtime: "nodejs" });
+		console.log("[Kryo:Bootstrap] System initialized successfully.");
+		g.__KRYO_INITIALIZED__ = true;
+	} catch (error) {
+		console.error("[Kryo:Bootstrap] Initialization failed:", error);
+	} finally {
+		g.__KRYO_INITIALIZING__ = false;
+	}
+}
+
+//#endregion
+exports.ensureSystemInitialized = ensureSystemInitialized;

package/dist/core/bootstrap.d.cts

@@ -0,0 +1,5 @@
+//#region src/core/bootstrap.d.ts
+declare function ensureSystemInitialized(providedDb?: any): Promise<void>;
+//#endregion
+export { ensureSystemInitialized };
+//# sourceMappingURL=bootstrap.d.cts.map

package/dist/core/bootstrap.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.cts","names":[],"sources":["../../src/core/bootstrap.ts"],"mappings":";iBAMsB,uBAAA,CAAwB,UAAA,SAAgB,OAAA"}

package/dist/core/bootstrap.d.mts

@@ -0,0 +1,5 @@
+//#region src/core/bootstrap.d.ts
+declare function ensureSystemInitialized(providedDb?: any): Promise<void>;
+//#endregion
+export { ensureSystemInitialized };
+//# sourceMappingURL=bootstrap.d.mts.map

package/dist/core/bootstrap.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.mts","names":[],"sources":["../../src/core/bootstrap.ts"],"mappings":";iBAMsB,uBAAA,CAAwB,UAAA,SAAgB,OAAA"}

package/dist/core/bootstrap.mjs

@@ -0,0 +1,33 @@
+import { eventBus } from "./event-bus.mjs";
+import { injectDb } from "../server/database/inject.mjs";
+import { initEmailVerification } from "./auth/email-verification.mjs";
+import { isSystemInstalled } from "./setup.mjs";
+import { notificationService } from "./notifications/service.mjs";
+
+//#region src/core/bootstrap.ts
+async function ensureSystemInitialized(providedDb) {
+	if (typeof window !== "undefined") return;
+	const g = globalThis;
+	if (providedDb) injectDb(providedDb);
+	if (g.__KRYO_INITIALIZED__) return;
+	if (g.__KRYO_INITIALIZING__) return;
+	g.__KRYO_INITIALIZING__ = true;
+	try {
+		console.log("[Kryo:Bootstrap] Starting system initialization...");
+		if (!g.__KRYO_DB__) console.warn("[Kryo:Bootstrap] DB not detected during bootstrap start. Trying to continue...");
+		notificationService.init();
+		await initEmailVerification();
+		if (await isSystemInstalled()) {} else console.log("[Kryo:Bootstrap] System not installed. Skipping module initialization.");
+		await eventBus.publish("system:start", { runtime: "nodejs" });
+		console.log("[Kryo:Bootstrap] System initialized successfully.");
+		g.__KRYO_INITIALIZED__ = true;
+	} catch (error) {
+		console.error("[Kryo:Bootstrap] Initialization failed:", error);
+	} finally {
+		g.__KRYO_INITIALIZING__ = false;
+	}
+}
+
+//#endregion
+export { ensureSystemInitialized };
+//# sourceMappingURL=bootstrap.mjs.map