@arch-cadre/core 0.0.6

package/dist/server/auth/password.cjs

@@ -0,0 +1,37 @@
+"use server";
+
+const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
+let bcryptjs = require("bcryptjs");
+bcryptjs = require_runtime.__toESM(bcryptjs);
+
+//#region src/server/auth/password.ts
+/**
+* Hashes the password using bcrypt.
+* @param password Password to be hashed.
+* @returns Returns the hashed password.
+*/
+async function hashPassword(password) {
+	return await bcryptjs.default.hash(password, 10);
+}
+/**
+* Verifies the password hash.
+* @param hash bcrypt hash.
+* @param password Password for comparison.
+* @returns Returns true if the password is correct, false otherwise.
+*/
+async function verifyPasswordHash(hash, password) {
+	return await bcryptjs.default.compare(password, hash);
+}
+/**
+* Validates password strength.
+* @param password Password to validate.
+* @returns Returns true if the password meets complexity requirements.
+*/
+async function verifyPasswordStrength(password) {
+	return password.length >= 8 && password.length <= 255;
+}
+
+//#endregion
+exports.hashPassword = hashPassword;
+exports.verifyPasswordHash = verifyPasswordHash;
+exports.verifyPasswordStrength = verifyPasswordStrength;

package/dist/server/auth/password.d.cts

@@ -0,0 +1,23 @@
+//#region src/server/auth/password.d.ts
+/**
+ * Hashes the password using bcrypt.
+ * @param password Password to be hashed.
+ * @returns Returns the hashed password.
+ */
+declare function hashPassword(password: string): Promise<string>;
+/**
+ * Verifies the password hash.
+ * @param hash bcrypt hash.
+ * @param password Password for comparison.
+ * @returns Returns true if the password is correct, false otherwise.
+ */
+declare function verifyPasswordHash(hash: string, password: string): Promise<boolean>;
+/**
+ * Validates password strength.
+ * @param password Password to validate.
+ * @returns Returns true if the password meets complexity requirements.
+ */
+declare function verifyPasswordStrength(password: string): Promise<boolean>;
+//#endregion
+export { hashPassword, verifyPasswordHash, verifyPasswordStrength };
+//# sourceMappingURL=password.d.cts.map

package/dist/server/auth/password.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.cts","names":[],"sources":["../../../src/server/auth/password.ts"],"mappings":";;AASA;;;;iBAAsB,YAAA,CAAa,QAAA,WAAmB,OAAA;AAYtD;;;;;;AAAA,iBAAsB,kBAAA,CACpB,IAAA,UACA,QAAA,WACC,OAAA;;;AAUH;;;iBAAsB,sBAAA,CACpB,QAAA,WACC,OAAA"}

package/dist/server/auth/password.d.mts

@@ -0,0 +1,23 @@
+//#region src/server/auth/password.d.ts
+/**
+ * Hashes the password using bcrypt.
+ * @param password Password to be hashed.
+ * @returns Returns the hashed password.
+ */
+declare function hashPassword(password: string): Promise<string>;
+/**
+ * Verifies the password hash.
+ * @param hash bcrypt hash.
+ * @param password Password for comparison.
+ * @returns Returns true if the password is correct, false otherwise.
+ */
+declare function verifyPasswordHash(hash: string, password: string): Promise<boolean>;
+/**
+ * Validates password strength.
+ * @param password Password to validate.
+ * @returns Returns true if the password meets complexity requirements.
+ */
+declare function verifyPasswordStrength(password: string): Promise<boolean>;
+//#endregion
+export { hashPassword, verifyPasswordHash, verifyPasswordStrength };
+//# sourceMappingURL=password.d.mts.map

package/dist/server/auth/password.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.mts","names":[],"sources":["../../../src/server/auth/password.ts"],"mappings":";;AASA;;;;iBAAsB,YAAA,CAAa,QAAA,WAAmB,OAAA;AAYtD;;;;;;AAAA,iBAAsB,kBAAA,CACpB,IAAA,UACA,QAAA,WACC,OAAA;;;AAUH;;;iBAAsB,sBAAA,CACpB,QAAA,WACC,OAAA"}

package/dist/server/auth/password.mjs

@@ -0,0 +1,34 @@
+"use server";
+
+import bcrypt from "bcryptjs";
+
+//#region src/server/auth/password.ts
+/**
+* Hashes the password using bcrypt.
+* @param password Password to be hashed.
+* @returns Returns the hashed password.
+*/
+async function hashPassword(password) {
+	return await bcrypt.hash(password, 10);
+}
+/**
+* Verifies the password hash.
+* @param hash bcrypt hash.
+* @param password Password for comparison.
+* @returns Returns true if the password is correct, false otherwise.
+*/
+async function verifyPasswordHash(hash, password) {
+	return await bcrypt.compare(password, hash);
+}
+/**
+* Validates password strength.
+* @param password Password to validate.
+* @returns Returns true if the password meets complexity requirements.
+*/
+async function verifyPasswordStrength(password) {
+	return password.length >= 8 && password.length <= 255;
+}
+
+//#endregion
+export { hashPassword, verifyPasswordHash, verifyPasswordStrength };
+//# sourceMappingURL=password.mjs.map

package/dist/server/auth/password.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.mjs","names":[],"sources":["../../../src/server/auth/password.ts"],"sourcesContent":["\"use server\";\n\nimport bcrypt from \"bcryptjs\";\n\n/**\n * Hashes the password using bcrypt.\n * @param password Password to be hashed.\n * @returns Returns the hashed password.\n */\nexport async function hashPassword(password: string): Promise<string> {\n  const saltRounds = 10;\n  return await bcrypt.hash(password, saltRounds);\n  // return password;\n}\n\n/**\n * Verifies the password hash.\n * @param hash bcrypt hash.\n * @param password Password for comparison.\n * @returns Returns true if the password is correct, false otherwise.\n */\nexport async function verifyPasswordHash(\n  hash: string,\n  password: string,\n): Promise<boolean> {\n  return await bcrypt.compare(password, hash);\n  // return password === hash;\n}\n\n/**\n * Validates password strength.\n * @param password Password to validate.\n * @returns Returns true if the password meets complexity requirements.\n */\nexport async function verifyPasswordStrength(\n  password: string,\n): Promise<boolean> {\n  return password.length >= 8 && password.length <= 255;\n}\n"],"mappings":";;;;;;;;;;AASA,eAAsB,aAAa,UAAmC;AAEpE,QAAO,MAAM,OAAO,KAAK,UADN,GAC2B;;;;;;;;AAUhD,eAAsB,mBACpB,MACA,UACkB;AAClB,QAAO,MAAM,OAAO,QAAQ,UAAU,KAAK;;;;;;;AAS7C,eAAsB,uBACpB,UACkB;AAClB,QAAO,SAAS,UAAU,KAAK,SAAS,UAAU"}

package/dist/server/auth/user.cjs

@@ -0,0 +1,165 @@
+"use server";
+
+const require_runtime = require('../../_virtual/_rolldown/runtime.cjs');
+const require_inject = require('../database/inject.cjs');
+const require_schema = require('../database/schema.cjs');
+const require_index = require('../emails/index.cjs');
+const require_password = require('./password.cjs');
+const require_encode = require('../../core/auth/utils/encode.cjs');
+const require_encryption = require('../../core/auth/utils/encryption.cjs');
+let drizzle_orm = require("drizzle-orm");
+
+//#region src/server/auth/user.ts
+/**
+* Validates the username input.
+*/
+async function verifyUsernameInput(username) {
+	return username.length > 3 && username.length < 32 && username.trim() === username;
+}
+/**
+* Creates a new user with an initial recovery code and default 'user' role.
+*/
+async function createUser(email, username, password) {
+	const passwordHash = await require_password.hashPassword(password);
+	const recoveryCode = require_encode.generateRandomRecoveryCode();
+	const encryptedRecoveryCode = require_encryption.encryptString(recoveryCode);
+	return await require_inject.db.transaction(async (tx) => {
+		const [row] = await tx.insert(require_schema.userTable).values({
+			email,
+			name: username,
+			password: passwordHash,
+			recovery_code: Buffer.from(encryptedRecoveryCode)
+		}).returning();
+		if (!row) throw new Error("Failed to create user");
+		let [role] = await tx.select().from(require_schema.rolesTable).where((0, drizzle_orm.eq)(require_schema.rolesTable.name, "user"));
+		if (!role) [role] = await tx.insert(require_schema.rolesTable).values({
+			name: "user",
+			description: "Default user role"
+		}).returning();
+		await tx.insert(require_schema.usersToRolesTable).values({
+			userId: row.id,
+			roleId: role.id
+		});
+		await /* @__PURE__ */ require_index.sendRecoveryCode(row.email, recoveryCode);
+		return row;
+	});
+}
+/**
+* Creates a new user from an OAuth provider.
+*/
+async function createOAuthUser(email, name, image) {
+	const encryptedRecoveryCode = require_encryption.encryptString(require_encode.generateRandomRecoveryCode());
+	return await require_inject.db.transaction(async (tx) => {
+		const [row] = await tx.insert(require_schema.userTable).values({
+			email,
+			name,
+			image,
+			emailVerifiedAt: /* @__PURE__ */ new Date(),
+			recovery_code: Buffer.from(encryptedRecoveryCode)
+		}).returning();
+		let [role] = await tx.select().from(require_schema.rolesTable).where((0, drizzle_orm.eq)(require_schema.rolesTable.name, "user"));
+		if (!role) [role] = await tx.insert(require_schema.rolesTable).values({
+			name: "user",
+			description: "Default user role"
+		}).returning();
+		await tx.insert(require_schema.usersToRolesTable).values({
+			userId: row.id,
+			roleId: role.id
+		});
+		return row;
+	});
+}
+/**
+* Returns a user by ID.
+*/
+async function getUserById(userId) {
+	const [user] = await require_inject.db.select().from(require_schema.userTable).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+	if (!user) return null;
+	const { password, recovery_code, ...safeUser } = user;
+	return safeUser;
+}
+/**
+* Decrypts and returns the user's recovery code.
+*/
+async function getUserRecoverCode(userId) {
+	const [user] = await require_inject.db.select({ recovery_code: require_schema.userTable.recovery_code }).from(require_schema.userTable).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+	if (!user || !user.recovery_code) throw new Error("Recovery code not found for user");
+	return require_encryption.decryptToString(user.recovery_code);
+}
+/**
+* Generates and sets a new recovery code for the user.
+*/
+async function resetUserRecoveryCode(userId) {
+	const recoveryCode = require_encode.generateRandomRecoveryCode();
+	const encrypted = require_encryption.encryptString(recoveryCode);
+	const [currentUser] = await require_inject.db.update(require_schema.userTable).set({ recovery_code: Buffer.from(encrypted) }).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId)).returning();
+	if (!currentUser) throw new Error("User not found");
+	await /* @__PURE__ */ require_index.sendRecoveryCode(currentUser.email, recoveryCode);
+	return recoveryCode;
+}
+/**
+* Updates the user's password.
+*/
+async function updateUserPassword(userId, password) {
+	const passwordHash = await require_password.hashPassword(password);
+	await require_inject.db.update(require_schema.userTable).set({ password: passwordHash }).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+}
+/**
+* Updates the user's name.
+*/
+async function updateUserName(userId, name) {
+	await require_inject.db.update(require_schema.userTable).set({ name }).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+}
+/**
+* Updates the user's image.
+*/
+async function updateUserAwatar(userId, image) {
+	await require_inject.db.update(require_schema.userTable).set({ image }).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+}
+/**
+* Updates the user's email and marks it as verified.
+*/
+async function updateUserEmailAndSetEmailAsVerified(userId, email) {
+	await require_inject.db.update(require_schema.userTable).set({
+		email,
+		emailVerifiedAt: /* @__PURE__ */ new Date()
+	}).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+}
+/**
+* Sets the user as email verified if the provided email matches.
+*/
+async function setUserAsEmailVerifiedIfEmailMatches(userId, email) {
+	return (await require_inject.db.update(require_schema.userTable).set({ emailVerifiedAt: /* @__PURE__ */ new Date() }).where((0, drizzle_orm.and)((0, drizzle_orm.eq)(require_schema.userTable.id, userId), (0, drizzle_orm.eq)(require_schema.userTable.email, email))).returning({ id: require_schema.userTable.id })).length > 0;
+}
+/**
+* Returns the user's password hash.
+*/
+async function getUserPasswordHash(userId) {
+	const [user] = await require_inject.db.select({ password: require_schema.userTable.password }).from(require_schema.userTable).where((0, drizzle_orm.eq)(require_schema.userTable.id, userId));
+	if (!user) throw new Error("User not found");
+	return user.password;
+}
+/**
+* Returns a user by email.
+*/
+async function getUserFromEmail(email) {
+	const [user] = await require_inject.db.select().from(require_schema.userTable).where((0, drizzle_orm.eq)(require_schema.userTable.email, email));
+	if (!user) return null;
+	const { password, recovery_code, ...safeUser } = user;
+	return safeUser;
+}
+
+//#endregion
+exports.createOAuthUser = createOAuthUser;
+exports.createUser = createUser;
+exports.getUserById = getUserById;
+exports.getUserFromEmail = getUserFromEmail;
+exports.getUserPasswordHash = getUserPasswordHash;
+exports.getUserRecoverCode = getUserRecoverCode;
+exports.resetUserRecoveryCode = resetUserRecoveryCode;
+exports.setUserAsEmailVerifiedIfEmailMatches = setUserAsEmailVerifiedIfEmailMatches;
+exports.updateUserAwatar = updateUserAwatar;
+exports.updateUserEmailAndSetEmailAsVerified = updateUserEmailAndSetEmailAsVerified;
+exports.updateUserName = updateUserName;
+exports.updateUserPassword = updateUserPassword;
+exports.verifyUsernameInput = verifyUsernameInput;

package/dist/server/auth/user.d.cts

@@ -0,0 +1,58 @@
+import { User } from "../../core/auth/types.cjs";
+
+//#region src/server/auth/user.d.ts
+/**
+ * Validates the username input.
+ */
+declare function verifyUsernameInput(username: string): Promise<boolean>;
+/**
+ * Creates a new user with an initial recovery code and default 'user' role.
+ */
+declare function createUser(email: string, username: string, password: string): Promise<User>;
+/**
+ * Creates a new user from an OAuth provider.
+ */
+declare function createOAuthUser(email: string, name: string, image?: string): Promise<User>;
+/**
+ * Returns a user by ID.
+ */
+declare function getUserById(userId: string): Promise<User | null>;
+/**
+ * Decrypts and returns the user's recovery code.
+ */
+declare function getUserRecoverCode(userId: string): Promise<string>;
+/**
+ * Generates and sets a new recovery code for the user.
+ */
+declare function resetUserRecoveryCode(userId: string): Promise<string>;
+/**
+ * Updates the user's password.
+ */
+declare function updateUserPassword(userId: string, password: string): Promise<void>;
+/**
+ * Updates the user's name.
+ */
+declare function updateUserName(userId: string, name: string): Promise<void>;
+/**
+ * Updates the user's image.
+ */
+declare function updateUserAwatar(userId: string, image: string): Promise<void>;
+/**
+ * Updates the user's email and marks it as verified.
+ */
+declare function updateUserEmailAndSetEmailAsVerified(userId: string, email: string): Promise<void>;
+/**
+ * Sets the user as email verified if the provided email matches.
+ */
+declare function setUserAsEmailVerifiedIfEmailMatches(userId: string, email: string): Promise<boolean>;
+/**
+ * Returns the user's password hash.
+ */
+declare function getUserPasswordHash(userId: string): Promise<string | null>;
+/**
+ * Returns a user by email.
+ */
+declare function getUserFromEmail(email: string): Promise<User | null>;
+//#endregion
+export { createOAuthUser, createUser, getUserById, getUserFromEmail, getUserPasswordHash, getUserRecoverCode, resetUserRecoveryCode, setUserAsEmailVerifiedIfEmailMatches, updateUserAwatar, updateUserEmailAndSetEmailAsVerified, updateUserName, updateUserPassword, verifyUsernameInput };
+//# sourceMappingURL=user.d.cts.map

package/dist/server/auth/user.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.cts","names":[],"sources":["../../../src/server/auth/user.ts"],"mappings":";;;;;AAiBA;iBAAsB,mBAAA,CAAoB,QAAA,WAAmB,OAAA;;;;iBASvC,UAAA,CACpB,KAAA,UACA,QAAA,UACA,QAAA,WACC,OAAA,CAAQ,IAAA;;;;iBA+CW,eAAA,CACpB,KAAA,UACA,IAAA,UACA,KAAA,YACC,OAAA,CAAQ,IAAA;;;;iBAyCW,WAAA,CAAY,MAAA,WAAiB,OAAA,CAAQ,IAAA;;;AA7C3D;iBA2DsB,kBAAA,CAAmB,MAAA,WAAiB,OAAA;;;;iBAkBpC,qBAAA,CAAsB,MAAA,WAAiB,OAAA;;;;iBAuBvC,kBAAA,CACpB,MAAA,UACA,QAAA,WACC,OAAA;;AA1DH;;iBAwEsB,cAAA,CACpB,MAAA,UACA,IAAA,WACC,OAAA;;;;iBAWmB,gBAAA,CACpB,MAAA,UACA,KAAA,WACC,OAAA;;;AA3EH;iBAuFsB,oCAAA,CACpB,MAAA,UACA,KAAA,WACC,OAAA;;;;iBAamB,oCAAA,CACpB,MAAA,UACA,KAAA,WACC,OAAA;;;;iBAemB,mBAAA,CACpB,MAAA,WACC,OAAA;AAlFH;;;AAAA,iBAoGsB,gBAAA,CAAiB,KAAA,WAAgB,OAAA,CAAQ,IAAA"}

package/dist/server/auth/user.d.mts

@@ -0,0 +1,58 @@
+import { User } from "../../core/auth/types.mjs";
+
+//#region src/server/auth/user.d.ts
+/**
+ * Validates the username input.
+ */
+declare function verifyUsernameInput(username: string): Promise<boolean>;
+/**
+ * Creates a new user with an initial recovery code and default 'user' role.
+ */
+declare function createUser(email: string, username: string, password: string): Promise<User>;
+/**
+ * Creates a new user from an OAuth provider.
+ */
+declare function createOAuthUser(email: string, name: string, image?: string): Promise<User>;
+/**
+ * Returns a user by ID.
+ */
+declare function getUserById(userId: string): Promise<User | null>;
+/**
+ * Decrypts and returns the user's recovery code.
+ */
+declare function getUserRecoverCode(userId: string): Promise<string>;
+/**
+ * Generates and sets a new recovery code for the user.
+ */
+declare function resetUserRecoveryCode(userId: string): Promise<string>;
+/**
+ * Updates the user's password.
+ */
+declare function updateUserPassword(userId: string, password: string): Promise<void>;
+/**
+ * Updates the user's name.
+ */
+declare function updateUserName(userId: string, name: string): Promise<void>;
+/**
+ * Updates the user's image.
+ */
+declare function updateUserAwatar(userId: string, image: string): Promise<void>;
+/**
+ * Updates the user's email and marks it as verified.
+ */
+declare function updateUserEmailAndSetEmailAsVerified(userId: string, email: string): Promise<void>;
+/**
+ * Sets the user as email verified if the provided email matches.
+ */
+declare function setUserAsEmailVerifiedIfEmailMatches(userId: string, email: string): Promise<boolean>;
+/**
+ * Returns the user's password hash.
+ */
+declare function getUserPasswordHash(userId: string): Promise<string | null>;
+/**
+ * Returns a user by email.
+ */
+declare function getUserFromEmail(email: string): Promise<User | null>;
+//#endregion
+export { createOAuthUser, createUser, getUserById, getUserFromEmail, getUserPasswordHash, getUserRecoverCode, resetUserRecoveryCode, setUserAsEmailVerifiedIfEmailMatches, updateUserAwatar, updateUserEmailAndSetEmailAsVerified, updateUserName, updateUserPassword, verifyUsernameInput };
+//# sourceMappingURL=user.d.mts.map

package/dist/server/auth/user.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.d.mts","names":[],"sources":["../../../src/server/auth/user.ts"],"mappings":";;;;;AAiBA;iBAAsB,mBAAA,CAAoB,QAAA,WAAmB,OAAA;;;;iBASvC,UAAA,CACpB,KAAA,UACA,QAAA,UACA,QAAA,WACC,OAAA,CAAQ,IAAA;;;;iBA+CW,eAAA,CACpB,KAAA,UACA,IAAA,UACA,KAAA,YACC,OAAA,CAAQ,IAAA;;;;iBAyCW,WAAA,CAAY,MAAA,WAAiB,OAAA,CAAQ,IAAA;;;AA7C3D;iBA2DsB,kBAAA,CAAmB,MAAA,WAAiB,OAAA;;;;iBAkBpC,qBAAA,CAAsB,MAAA,WAAiB,OAAA;;;;iBAuBvC,kBAAA,CACpB,MAAA,UACA,QAAA,WACC,OAAA;;AA1DH;;iBAwEsB,cAAA,CACpB,MAAA,UACA,IAAA,WACC,OAAA;;;;iBAWmB,gBAAA,CACpB,MAAA,UACA,KAAA,WACC,OAAA;;;AA3EH;iBAuFsB,oCAAA,CACpB,MAAA,UACA,KAAA,WACC,OAAA;;;;iBAamB,oCAAA,CACpB,MAAA,UACA,KAAA,WACC,OAAA;;;;iBAemB,mBAAA,CACpB,MAAA,WACC,OAAA;AAlFH;;;AAAA,iBAoGsB,gBAAA,CAAiB,KAAA,WAAgB,OAAA,CAAQ,IAAA"}

package/dist/server/auth/user.mjs

@@ -0,0 +1,153 @@
+"use server";
+
+import { db } from "../database/inject.mjs";
+import { rolesTable, userTable, usersToRolesTable } from "../database/schema.mjs";
+import { sendRecoveryCode } from "../emails/index.mjs";
+import { hashPassword } from "./password.mjs";
+import { generateRandomRecoveryCode } from "../../core/auth/utils/encode.mjs";
+import { decryptToString, encryptString } from "../../core/auth/utils/encryption.mjs";
+import { and, eq } from "drizzle-orm";
+
+//#region src/server/auth/user.ts
+/**
+* Validates the username input.
+*/
+async function verifyUsernameInput(username) {
+	return username.length > 3 && username.length < 32 && username.trim() === username;
+}
+/**
+* Creates a new user with an initial recovery code and default 'user' role.
+*/
+async function createUser(email, username, password) {
+	const passwordHash = await hashPassword(password);
+	const recoveryCode = generateRandomRecoveryCode();
+	const encryptedRecoveryCode = encryptString(recoveryCode);
+	return await db.transaction(async (tx) => {
+		const [row] = await tx.insert(userTable).values({
+			email,
+			name: username,
+			password: passwordHash,
+			recovery_code: Buffer.from(encryptedRecoveryCode)
+		}).returning();
+		if (!row) throw new Error("Failed to create user");
+		let [role] = await tx.select().from(rolesTable).where(eq(rolesTable.name, "user"));
+		if (!role) [role] = await tx.insert(rolesTable).values({
+			name: "user",
+			description: "Default user role"
+		}).returning();
+		await tx.insert(usersToRolesTable).values({
+			userId: row.id,
+			roleId: role.id
+		});
+		await /* @__PURE__ */ sendRecoveryCode(row.email, recoveryCode);
+		return row;
+	});
+}
+/**
+* Creates a new user from an OAuth provider.
+*/
+async function createOAuthUser(email, name, image) {
+	const encryptedRecoveryCode = encryptString(generateRandomRecoveryCode());
+	return await db.transaction(async (tx) => {
+		const [row] = await tx.insert(userTable).values({
+			email,
+			name,
+			image,
+			emailVerifiedAt: /* @__PURE__ */ new Date(),
+			recovery_code: Buffer.from(encryptedRecoveryCode)
+		}).returning();
+		let [role] = await tx.select().from(rolesTable).where(eq(rolesTable.name, "user"));
+		if (!role) [role] = await tx.insert(rolesTable).values({
+			name: "user",
+			description: "Default user role"
+		}).returning();
+		await tx.insert(usersToRolesTable).values({
+			userId: row.id,
+			roleId: role.id
+		});
+		return row;
+	});
+}
+/**
+* Returns a user by ID.
+*/
+async function getUserById(userId) {
+	const [user] = await db.select().from(userTable).where(eq(userTable.id, userId));
+	if (!user) return null;
+	const { password, recovery_code, ...safeUser } = user;
+	return safeUser;
+}
+/**
+* Decrypts and returns the user's recovery code.
+*/
+async function getUserRecoverCode(userId) {
+	const [user] = await db.select({ recovery_code: userTable.recovery_code }).from(userTable).where(eq(userTable.id, userId));
+	if (!user || !user.recovery_code) throw new Error("Recovery code not found for user");
+	return decryptToString(user.recovery_code);
+}
+/**
+* Generates and sets a new recovery code for the user.
+*/
+async function resetUserRecoveryCode(userId) {
+	const recoveryCode = generateRandomRecoveryCode();
+	const encrypted = encryptString(recoveryCode);
+	const [currentUser] = await db.update(userTable).set({ recovery_code: Buffer.from(encrypted) }).where(eq(userTable.id, userId)).returning();
+	if (!currentUser) throw new Error("User not found");
+	await /* @__PURE__ */ sendRecoveryCode(currentUser.email, recoveryCode);
+	return recoveryCode;
+}
+/**
+* Updates the user's password.
+*/
+async function updateUserPassword(userId, password) {
+	const passwordHash = await hashPassword(password);
+	await db.update(userTable).set({ password: passwordHash }).where(eq(userTable.id, userId));
+}
+/**
+* Updates the user's name.
+*/
+async function updateUserName(userId, name) {
+	await db.update(userTable).set({ name }).where(eq(userTable.id, userId));
+}
+/**
+* Updates the user's image.
+*/
+async function updateUserAwatar(userId, image) {
+	await db.update(userTable).set({ image }).where(eq(userTable.id, userId));
+}
+/**
+* Updates the user's email and marks it as verified.
+*/
+async function updateUserEmailAndSetEmailAsVerified(userId, email) {
+	await db.update(userTable).set({
+		email,
+		emailVerifiedAt: /* @__PURE__ */ new Date()
+	}).where(eq(userTable.id, userId));
+}
+/**
+* Sets the user as email verified if the provided email matches.
+*/
+async function setUserAsEmailVerifiedIfEmailMatches(userId, email) {
+	return (await db.update(userTable).set({ emailVerifiedAt: /* @__PURE__ */ new Date() }).where(and(eq(userTable.id, userId), eq(userTable.email, email))).returning({ id: userTable.id })).length > 0;
+}
+/**
+* Returns the user's password hash.
+*/
+async function getUserPasswordHash(userId) {
+	const [user] = await db.select({ password: userTable.password }).from(userTable).where(eq(userTable.id, userId));
+	if (!user) throw new Error("User not found");
+	return user.password;
+}
+/**
+* Returns a user by email.
+*/
+async function getUserFromEmail(email) {
+	const [user] = await db.select().from(userTable).where(eq(userTable.email, email));
+	if (!user) return null;
+	const { password, recovery_code, ...safeUser } = user;
+	return safeUser;
+}
+
+//#endregion
+export { createOAuthUser, createUser, getUserById, getUserFromEmail, getUserPasswordHash, getUserRecoverCode, resetUserRecoveryCode, setUserAsEmailVerifiedIfEmailMatches, updateUserAwatar, updateUserEmailAndSetEmailAsVerified, updateUserName, updateUserPassword, verifyUsernameInput };
+//# sourceMappingURL=user.mjs.map

package/dist/server/auth/user.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"user.mjs","names":[],"sources":["../../../src/server/auth/user.ts"],"sourcesContent":["\"use server\";\n\nimport { and, eq } from \"drizzle-orm\";\nimport type { User } from \"../../core/auth/types\";\nimport { generateRandomRecoveryCode } from \"../../core/auth/utils/encode\";\nimport {\n  decryptToString,\n  encryptString,\n} from \"../../core/auth/utils/encryption\";\nimport { db } from \"../database/inject\";\nimport { rolesTable, usersToRolesTable, userTable } from \"../database/schema\";\nimport { sendRecoveryCode } from \"../emails\";\nimport { hashPassword } from \"./password\";\n\n/**\n * Validates the username input.\n */\nexport async function verifyUsernameInput(username: string): Promise<boolean> {\n  return (\n    username.length > 3 && username.length < 32 && username.trim() === username\n  );\n}\n\n/**\n * Creates a new user with an initial recovery code and default 'user' role.\n */\nexport async function createUser(\n  email: string,\n  username: string,\n  password: string,\n): Promise<User> {\n  const passwordHash = await hashPassword(password);\n  const recoveryCode = generateRandomRecoveryCode();\n  const encryptedRecoveryCode = encryptString(recoveryCode);\n\n  return await db.transaction(async (tx) => {\n    const [row] = await tx\n      .insert(userTable)\n      .values({\n        email: email,\n        name: username,\n        password: passwordHash,\n        recovery_code: Buffer.from(encryptedRecoveryCode),\n      })\n      .returning();\n\n    if (!row) {\n      throw new Error(\"Failed to create user\");\n    }\n\n    // Assign default 'user' role\n    let [role] = await tx\n      .select()\n      .from(rolesTable)\n      .where(eq(rolesTable.name, \"user\"));\n\n    if (!role) {\n      [role] = await tx\n        .insert(rolesTable)\n        .values({ name: \"user\", description: \"Default user role\" })\n        .returning();\n    }\n\n    await tx.insert(usersToRolesTable).values({\n      userId: row.id,\n      roleId: role.id,\n    });\n\n    await sendRecoveryCode(row.email, recoveryCode);\n\n    return row;\n  });\n}\n\n/**\n * Creates a new user from an OAuth provider.\n */\nexport async function createOAuthUser(\n  email: string,\n  name: string,\n  image?: string,\n): Promise<User> {\n  const recoveryCode = generateRandomRecoveryCode();\n  const encryptedRecoveryCode = encryptString(recoveryCode);\n\n  return await db.transaction(async (tx) => {\n    const [row] = await tx\n      .insert(userTable)\n      .values({\n        email: email,\n        name: name,\n        image: image,\n        emailVerifiedAt: new Date(),\n        recovery_code: Buffer.from(encryptedRecoveryCode),\n      })\n      .returning();\n\n    // Assign default 'user' role\n    let [role] = await tx\n      .select()\n      .from(rolesTable)\n      .where(eq(rolesTable.name, \"user\"));\n\n    if (!role) {\n      [role] = await tx\n        .insert(rolesTable)\n        .values({ name: \"user\", description: \"Default user role\" })\n        .returning();\n    }\n\n    await tx.insert(usersToRolesTable).values({\n      userId: row.id,\n      roleId: role.id,\n    });\n\n    return row;\n  });\n}\n\n/**\n * Returns a user by ID.\n */\nexport async function getUserById(userId: string): Promise<User | null> {\n  const [user] = await db\n    .select()\n    .from(userTable)\n    .where(eq(userTable.id, userId));\n\n  if (!user) return null;\n  const { password, recovery_code, ...safeUser } = user;\n  return safeUser as User;\n}\n\n/**\n * Decrypts and returns the user's recovery code.\n */\nexport async function getUserRecoverCode(userId: string): Promise<string> {\n  const [user] = await db\n    .select({\n      recovery_code: userTable.recovery_code,\n    })\n    .from(userTable)\n    .where(eq(userTable.id, userId));\n\n  if (!user || !user.recovery_code) {\n    throw new Error(\"Recovery code not found for user\");\n  }\n\n  return decryptToString(user.recovery_code);\n}\n\n/**\n * Generates and sets a new recovery code for the user.\n */\nexport async function resetUserRecoveryCode(userId: string): Promise<string> {\n  const recoveryCode = generateRandomRecoveryCode();\n  const encrypted = encryptString(recoveryCode);\n  const [currentUser] = await db\n    .update(userTable)\n    .set({\n      recovery_code: Buffer.from(encrypted),\n    })\n    .where(eq(userTable.id, userId))\n    .returning();\n\n  if (!currentUser) {\n    throw new Error(\"User not found\");\n  }\n\n  await sendRecoveryCode(currentUser.email, recoveryCode);\n\n  return recoveryCode;\n}\n\n/**\n * Updates the user's password.\n */\nexport async function updateUserPassword(\n  userId: string,\n  password: string,\n): Promise<void> {\n  const passwordHash = await hashPassword(password);\n\n  await db\n    .update(userTable)\n    .set({\n      password: passwordHash,\n    })\n    .where(eq(userTable.id, userId));\n}\n\n/**\n * Updates the user's name.\n */\nexport async function updateUserName(\n  userId: string,\n  name: string,\n): Promise<void> {\n  await db\n    .update(userTable)\n    .set({\n      name: name,\n    })\n    .where(eq(userTable.id, userId));\n}\n/**\n * Updates the user's image.\n */\nexport async function updateUserAwatar(\n  userId: string,\n  image: string,\n): Promise<void> {\n  await db\n    .update(userTable)\n    .set({\n      image,\n    })\n    .where(eq(userTable.id, userId));\n}\n\n/**\n * Updates the user's email and marks it as verified.\n */\nexport async function updateUserEmailAndSetEmailAsVerified(\n  userId: string,\n  email: string,\n): Promise<void> {\n  await db\n    .update(userTable)\n    .set({\n      email: email,\n      emailVerifiedAt: new Date(),\n    })\n    .where(eq(userTable.id, userId));\n}\n\n/**\n * Sets the user as email verified if the provided email matches.\n */\nexport async function setUserAsEmailVerifiedIfEmailMatches(\n  userId: string,\n  email: string,\n): Promise<boolean> {\n  const result = await db\n    .update(userTable)\n    .set({\n      emailVerifiedAt: new Date(),\n    })\n    .where(and(eq(userTable.id, userId), eq(userTable.email, email)))\n    .returning({ id: userTable.id });\n\n  return result.length > 0;\n}\n\n/**\n * Returns the user's password hash.\n */\nexport async function getUserPasswordHash(\n  userId: string,\n): Promise<string | null> {\n  const [user] = await db\n    .select({\n      password: userTable.password,\n    })\n    .from(userTable)\n    .where(eq(userTable.id, userId));\n\n  if (!user) {\n    throw new Error(\"User not found\");\n  }\n\n  return user.password;\n}\n\n/**\n * Returns a user by email.\n */\nexport async function getUserFromEmail(email: string): Promise<User | null> {\n  const [user] = await db\n    .select()\n    .from(userTable)\n    .where(eq(userTable.email, email));\n\n  if (!user) return null;\n  const { password, recovery_code, ...safeUser } = user;\n  return safeUser as User;\n}\n"],"mappings":";;;;;;;;;;;;;;AAiBA,eAAsB,oBAAoB,UAAoC;AAC5E,QACE,SAAS,SAAS,KAAK,SAAS,SAAS,MAAM,SAAS,MAAM,KAAK;;;;;AAOvE,eAAsB,WACpB,OACA,UACA,UACe;CACf,MAAM,eAAe,MAAM,aAAa,SAAS;CACjD,MAAM,eAAe,4BAA4B;CACjD,MAAM,wBAAwB,cAAc,aAAa;AAEzD,QAAO,MAAM,GAAG,YAAY,OAAO,OAAO;EACxC,MAAM,CAAC,OAAO,MAAM,GACjB,OAAO,UAAU,CACjB,OAAO;GACC;GACP,MAAM;GACN,UAAU;GACV,eAAe,OAAO,KAAK,sBAAsB;GAClD,CAAC,CACD,WAAW;AAEd,MAAI,CAAC,IACH,OAAM,IAAI,MAAM,wBAAwB;EAI1C,IAAI,CAAC,QAAQ,MAAM,GAChB,QAAQ,CACR,KAAK,WAAW,CAChB,MAAM,GAAG,WAAW,MAAM,OAAO,CAAC;AAErC,MAAI,CAAC,KACH,EAAC,QAAQ,MAAM,GACZ,OAAO,WAAW,CAClB,OAAO;GAAE,MAAM;GAAQ,aAAa;GAAqB,CAAC,CAC1D,WAAW;AAGhB,QAAM,GAAG,OAAO,kBAAkB,CAAC,OAAO;GACxC,QAAQ,IAAI;GACZ,QAAQ,KAAK;GACd,CAAC;AAEF,QAAM,iCAAiB,IAAI,OAAO,aAAa;AAE/C,SAAO;GACP;;;;;AAMJ,eAAsB,gBACpB,OACA,MACA,OACe;CAEf,MAAM,wBAAwB,cADT,4BAA4B,CACQ;AAEzD,QAAO,MAAM,GAAG,YAAY,OAAO,OAAO;EACxC,MAAM,CAAC,OAAO,MAAM,GACjB,OAAO,UAAU,CACjB,OAAO;GACC;GACD;GACC;GACP,iCAAiB,IAAI,MAAM;GAC3B,eAAe,OAAO,KAAK,sBAAsB;GAClD,CAAC,CACD,WAAW;EAGd,IAAI,CAAC,QAAQ,MAAM,GAChB,QAAQ,CACR,KAAK,WAAW,CAChB,MAAM,GAAG,WAAW,MAAM,OAAO,CAAC;AAErC,MAAI,CAAC,KACH,EAAC,QAAQ,MAAM,GACZ,OAAO,WAAW,CAClB,OAAO;GAAE,MAAM;GAAQ,aAAa;GAAqB,CAAC,CAC1D,WAAW;AAGhB,QAAM,GAAG,OAAO,kBAAkB,CAAC,OAAO;GACxC,QAAQ,IAAI;GACZ,QAAQ,KAAK;GACd,CAAC;AAEF,SAAO;GACP;;;;;AAMJ,eAAsB,YAAY,QAAsC;CACtE,MAAM,CAAC,QAAQ,MAAM,GAClB,QAAQ,CACR,KAAK,UAAU,CACf,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;AAElC,KAAI,CAAC,KAAM,QAAO;CAClB,MAAM,EAAE,UAAU,eAAe,GAAG,aAAa;AACjD,QAAO;;;;;AAMT,eAAsB,mBAAmB,QAAiC;CACxE,MAAM,CAAC,QAAQ,MAAM,GAClB,OAAO,EACN,eAAe,UAAU,eAC1B,CAAC,CACD,KAAK,UAAU,CACf,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;AAElC,KAAI,CAAC,QAAQ,CAAC,KAAK,cACjB,OAAM,IAAI,MAAM,mCAAmC;AAGrD,QAAO,gBAAgB,KAAK,cAAc;;;;;AAM5C,eAAsB,sBAAsB,QAAiC;CAC3E,MAAM,eAAe,4BAA4B;CACjD,MAAM,YAAY,cAAc,aAAa;CAC7C,MAAM,CAAC,eAAe,MAAM,GACzB,OAAO,UAAU,CACjB,IAAI,EACH,eAAe,OAAO,KAAK,UAAU,EACtC,CAAC,CACD,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC,CAC/B,WAAW;AAEd,KAAI,CAAC,YACH,OAAM,IAAI,MAAM,iBAAiB;AAGnC,OAAM,iCAAiB,YAAY,OAAO,aAAa;AAEvD,QAAO;;;;;AAMT,eAAsB,mBACpB,QACA,UACe;CACf,MAAM,eAAe,MAAM,aAAa,SAAS;AAEjD,OAAM,GACH,OAAO,UAAU,CACjB,IAAI,EACH,UAAU,cACX,CAAC,CACD,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;;;;;AAMpC,eAAsB,eACpB,QACA,MACe;AACf,OAAM,GACH,OAAO,UAAU,CACjB,IAAI,EACG,MACP,CAAC,CACD,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;;;;;AAKpC,eAAsB,iBACpB,QACA,OACe;AACf,OAAM,GACH,OAAO,UAAU,CACjB,IAAI,EACH,OACD,CAAC,CACD,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;;;;;AAMpC,eAAsB,qCACpB,QACA,OACe;AACf,OAAM,GACH,OAAO,UAAU,CACjB,IAAI;EACI;EACP,iCAAiB,IAAI,MAAM;EAC5B,CAAC,CACD,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;;;;;AAMpC,eAAsB,qCACpB,QACA,OACkB;AASlB,SARe,MAAM,GAClB,OAAO,UAAU,CACjB,IAAI,EACH,iCAAiB,IAAI,MAAM,EAC5B,CAAC,CACD,MAAM,IAAI,GAAG,UAAU,IAAI,OAAO,EAAE,GAAG,UAAU,OAAO,MAAM,CAAC,CAAC,CAChE,UAAU,EAAE,IAAI,UAAU,IAAI,CAAC,EAEpB,SAAS;;;;;AAMzB,eAAsB,oBACpB,QACwB;CACxB,MAAM,CAAC,QAAQ,MAAM,GAClB,OAAO,EACN,UAAU,UAAU,UACrB,CAAC,CACD,KAAK,UAAU,CACf,MAAM,GAAG,UAAU,IAAI,OAAO,CAAC;AAElC,KAAI,CAAC,KACH,OAAM,IAAI,MAAM,iBAAiB;AAGnC,QAAO,KAAK;;;;;AAMd,eAAsB,iBAAiB,OAAqC;CAC1E,MAAM,CAAC,QAAQ,MAAM,GAClB,QAAQ,CACR,KAAK,UAAU,CACf,MAAM,GAAG,UAAU,OAAO,MAAM,CAAC;AAEpC,KAAI,CAAC,KAAM,QAAO;CAClB,MAAM,EAAE,UAAU,eAAe,GAAG,aAAa;AACjD,QAAO"}

package/dist/server/database/inject.cjs

@@ -0,0 +1,24 @@
+
+//#region src/server/database/inject.ts
+const globalForDb = globalThis;
+function injectDb(db) {
+	if (globalForDb.__KRYO_DB__) return;
+	console.log("[Kryo:Core] >>> DATABASE INJECTED <<<");
+	globalForDb.__KRYO_DB__ = db;
+}
+/**
+* Shared 'db' proxy.
+* Resolves to globalThis.__KRYO_DB__ on every property access.
+* Safe to import statically at top-level.
+*/
+const db = new Proxy({}, { get(_, prop) {
+	if (prop === "then") return void 0;
+	if (typeof prop === "symbol" || prop === "inspect" || prop === "toString") return globalForDb.__KRYO_DB__?.[prop];
+	const database = globalForDb.__KRYO_DB__;
+	if (!database) throw new Error(`[Kryo:Core] Database access error: tried to use "db.${String(prop)}" but database is not injected yet. Ensure you call "ensureSystemInitialized()" before using the database.`);
+	return database[prop];
+} });
+
+//#endregion
+exports.db = db;
+exports.injectDb = injectDb;

package/dist/server/database/inject.d.cts

@@ -0,0 +1,15 @@
+import { schema_d_exports } from "./schema.cjs";
+import { NodePgDatabase } from "drizzle-orm/node-postgres";
+
+//#region src/server/database/inject.d.ts
+type KryoDatabase = NodePgDatabase<typeof schema_d_exports>;
+declare function injectDb(db: KryoDatabase): void;
+/**
+ * Shared 'db' proxy.
+ * Resolves to globalThis.__KRYO_DB__ on every property access.
+ * Safe to import statically at top-level.
+ */
+declare const db: KryoDatabase;
+//#endregion
+export { KryoDatabase, db, injectDb };
+//# sourceMappingURL=inject.d.cts.map

package/dist/server/database/inject.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"inject.d.cts","names":[],"sources":["../../../src/server/database/inject.ts"],"mappings":";;;;KAGY,YAAA,GAAe,cAAA,QAAsB,gBAAA;AAAA,iBAKjC,QAAA,CAAS,EAAA,EAAI,YAAA;AAL7B;;;;;AAAA,cAgBa,EAAA,EAAE,YAAA"}

package/dist/server/database/inject.d.mts

@@ -0,0 +1,15 @@
+import { schema_d_exports } from "./schema.mjs";
+import { NodePgDatabase } from "drizzle-orm/node-postgres";
+
+//#region src/server/database/inject.d.ts
+type KryoDatabase = NodePgDatabase<typeof schema_d_exports>;
+declare function injectDb(db: KryoDatabase): void;
+/**
+ * Shared 'db' proxy.
+ * Resolves to globalThis.__KRYO_DB__ on every property access.
+ * Safe to import statically at top-level.
+ */
+declare const db: KryoDatabase;
+//#endregion
+export { KryoDatabase, db, injectDb };
+//# sourceMappingURL=inject.d.mts.map