@archlast/server 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +104 -100
- package/dist/admin/auth.d.ts +24 -5
- package/dist/admin/auth.js +49 -25
- package/dist/admin/schema.d.ts +122 -32
- package/dist/admin/schema.js +131 -95
- package/dist/admin/seed.d.ts +1 -1
- package/dist/admin/seed.js +79 -47
- package/dist/auth/api-key-resolver.d.ts +1 -1
- package/dist/auth/api-key-resolver.js +7 -3
- package/dist/auth/archlast-auth-adapter.d.ts +2 -5
- package/dist/auth/archlast-auth-adapter.js +1 -1
- package/dist/auth/better-auth-adapter.d.ts.map +1 -1
- package/dist/auth/better-auth-adapter.js +41 -26
- package/dist/auth/better-auth-adapter.js.map +1 -1
- package/dist/auth/better-auth-admin.d.ts.map +1 -1
- package/dist/auth/better-auth-admin.js +1 -1
- package/dist/auth/better-auth-admin.js.map +1 -1
- package/dist/auth/better-auth-api-key-resolver.js +1 -1
- package/dist/auth/better-auth-api-key-resolver.js.map +1 -1
- package/dist/auth/better-auth-instance.d.ts +249 -301
- package/dist/auth/better-auth-instance.d.ts.map +1 -1
- package/dist/auth/better-auth-instance.js +11 -0
- package/dist/auth/better-auth-instance.js.map +1 -1
- package/dist/auth/better-auth-seed.d.ts +5 -2
- package/dist/auth/better-auth-seed.js +31 -22
- package/dist/auth/better-auth-session-adapter.d.ts.map +1 -1
- package/dist/auth/better-auth-session-adapter.js +14 -10
- package/dist/auth/better-auth-session-adapter.js.map +1 -1
- package/dist/auth/errors.d.ts.map +1 -1
- package/dist/auth/errors.js +11 -11
- package/dist/auth/errors.js.map +1 -1
- package/dist/auth/oauth-proxy.d.ts +5 -2
- package/dist/auth/oauth-proxy.js +23 -27
- package/dist/auth/resolver.d.ts.map +1 -1
- package/dist/auth/resolver.js.map +1 -1
- package/dist/auth/role-helpers.d.ts +1 -1
- package/dist/auth/role-helpers.d.ts.map +1 -1
- package/dist/auth/role-helpers.js.map +1 -1
- package/dist/auth/session-manager.d.ts +2 -5
- package/dist/auth/session-manager.js +16 -6
- package/dist/auth/system/better-auth-schema.d.ts.map +1 -1
- package/dist/auth/system/better-auth-schema.js +6 -23
- package/dist/auth/system/better-auth-schema.js.map +1 -1
- package/dist/cache/circuit-breaker.d.ts +81 -0
- package/dist/cache/circuit-breaker.d.ts.map +1 -0
- package/dist/cache/circuit-breaker.js +170 -0
- package/dist/cache/circuit-breaker.js.map +1 -0
- package/dist/cache/client.d.ts +6 -3
- package/dist/cache/client.d.ts.map +1 -1
- package/dist/cache/client.js +12 -53
- package/dist/cache/client.js.map +1 -1
- package/dist/cache/index.d.ts +2 -0
- package/dist/cache/index.d.ts.map +1 -1
- package/dist/cache/index.js +5 -1
- package/dist/cache/index.js.map +1 -1
- package/dist/cache/invalidation-queue.d.ts +63 -0
- package/dist/cache/invalidation-queue.d.ts.map +1 -0
- package/dist/cache/invalidation-queue.js +196 -0
- package/dist/cache/invalidation-queue.js.map +1 -0
- package/dist/cache/layers.d.ts +14 -4
- package/dist/cache/layers.d.ts.map +1 -1
- package/dist/cache/layers.js +66 -72
- package/dist/cache/layers.js.map +1 -1
- package/dist/cache/manager.d.ts.map +1 -1
- package/dist/cache/manager.js +6 -41
- package/dist/cache/manager.js.map +1 -1
- package/dist/cache/protocol.d.ts +4 -39
- package/dist/cache/protocol.d.ts.map +1 -1
- package/dist/cache/protocol.js.map +1 -1
- package/dist/cache/redis-adapter.d.ts +103 -0
- package/dist/cache/redis-adapter.d.ts.map +1 -0
- package/dist/cache/redis-adapter.js +424 -0
- package/dist/cache/redis-adapter.js.map +1 -0
- package/dist/cache/run-sidecar.js +10 -1
- package/dist/cache/run-sidecar.js.map +1 -1
- package/dist/cache/sidecar-server.d.ts +51 -1
- package/dist/cache/sidecar-server.d.ts.map +1 -1
- package/dist/cache/sidecar-server.js +368 -22
- package/dist/cache/sidecar-server.js.map +1 -1
- package/dist/cache/store.d.ts +43 -0
- package/dist/cache/store.d.ts.map +1 -1
- package/dist/cache/store.js +69 -76
- package/dist/cache/store.js.map +1 -1
- package/dist/cache/strategies.d.ts +2 -9
- package/dist/cache/strategies.d.ts.map +1 -1
- package/dist/cache/types.d.ts +130 -0
- package/dist/cache/types.d.ts.map +1 -0
- package/dist/cache/types.js +60 -0
- package/dist/cache/types.js.map +1 -0
- package/dist/config/bullmq.d.ts +16 -0
- package/dist/config/bullmq.d.ts.map +1 -0
- package/dist/config/bullmq.js +103 -0
- package/dist/config/bullmq.js.map +1 -0
- package/dist/config/index.d.ts +1 -0
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +1 -0
- package/dist/config/index.js.map +1 -1
- package/dist/config/schema.d.ts +80 -6
- package/dist/config/schema.d.ts.map +1 -1
- package/dist/config/schema.js +71 -6
- package/dist/config/schema.js.map +1 -1
- package/dist/config/service.d.ts +54 -4
- package/dist/config/service.d.ts.map +1 -1
- package/dist/config/service.js +56 -2
- package/dist/config/service.js.map +1 -1
- package/dist/controllers/admin/admin-tokens.controller.d.ts +131 -115
- package/dist/controllers/admin/admin-tokens.controller.js +117 -98
- package/dist/controllers/admin/api-keys.controller.d.ts +1 -1
- package/dist/controllers/admin/api-keys.controller.d.ts.map +1 -1
- package/dist/controllers/admin/api-keys.controller.js.map +1 -1
- package/dist/controllers/admin/app-users.controller.d.ts +274 -243
- package/dist/controllers/admin/app-users.controller.js +301 -257
- package/dist/controllers/admin/auth.controller.d.ts +260 -236
- package/dist/controllers/admin/auth.controller.js +197 -174
- package/dist/controllers/admin/backup.controller.d.ts.map +1 -1
- package/dist/controllers/admin/backup.controller.js.map +1 -1
- package/dist/controllers/admin/settings.controller.d.ts +1 -1
- package/dist/controllers/admin/storage-stats.controller.d.ts +63 -0
- package/dist/controllers/admin/storage-stats.controller.d.ts.map +1 -0
- package/dist/controllers/admin/storage-stats.controller.js +33 -0
- package/dist/controllers/admin/storage-stats.controller.js.map +1 -0
- package/dist/controllers/admin/tenants.controller.d.ts.map +1 -1
- package/dist/controllers/admin/tenants.controller.js.map +1 -1
- package/dist/controllers/admin/users.controller.d.ts +1 -1
- package/dist/controllers/admin/users.controller.d.ts.map +1 -1
- package/dist/controllers/admin/users.controller.js.map +1 -1
- package/dist/controllers/auth.controller.d.ts +289 -271
- package/dist/controllers/auth.controller.js +275 -226
- package/dist/controllers/crud-generator.controller.d.ts.map +1 -1
- package/dist/controllers/crud-generator.controller.js +127 -125
- package/dist/controllers/crud-generator.controller.js.map +1 -1
- package/dist/controllers/index.d.ts +1 -1
- package/dist/controllers/index.d.ts.map +1 -1
- package/dist/controllers/index.js.map +1 -1
- package/dist/controllers/introspection.controller.d.ts +642 -0
- package/dist/controllers/introspection.controller.d.ts.map +1 -1
- package/dist/controllers/introspection.controller.js +611 -0
- package/dist/controllers/introspection.controller.js.map +1 -1
- package/dist/controllers/invite.controller.d.ts +190 -170
- package/dist/controllers/invite.controller.js +183 -164
- package/dist/controllers/mfa.controller.d.ts +205 -183
- package/dist/controllers/mfa.controller.js +131 -111
- package/dist/controllers/otp.controller.d.ts +194 -171
- package/dist/controllers/otp.controller.js +192 -175
- package/dist/controllers/storage.controller.d.ts.map +1 -1
- package/dist/controllers/storage.controller.js.map +1 -1
- package/dist/controllers/system.controller.d.ts +5 -3
- package/dist/controllers/system.controller.d.ts.map +1 -1
- package/dist/controllers/system.controller.js +4 -2
- package/dist/controllers/system.controller.js.map +1 -1
- package/dist/controllers/tenant.controller.d.ts +258 -227
- package/dist/controllers/tenant.controller.js +224 -200
- package/dist/db/cachedclient.d.ts +6 -11
- package/dist/db/cachedclient.d.ts.map +1 -1
- package/dist/db/cachedclient.js +79 -43
- package/dist/db/cachedclient.js.map +1 -1
- package/dist/db/distributed-client.d.ts +79 -24
- package/dist/db/distributed-client.js +23 -24
- package/dist/db/factory.d.ts +3 -8
- package/dist/db/factory.d.ts.map +1 -1
- package/dist/db/factory.js +3 -22
- package/dist/db/factory.js.map +1 -1
- package/dist/db/socket-client.d.ts +7 -0
- package/dist/db/socket-client.d.ts.map +1 -1
- package/dist/db/socket-client.js +140 -11
- package/dist/db/socket-client.js.map +1 -1
- package/dist/deployment/handler.d.ts +10 -2
- package/dist/deployment/handler.d.ts.map +1 -1
- package/dist/deployment/handler.js +70 -15
- package/dist/deployment/handler.js.map +1 -1
- package/dist/deployment/persistence.d.ts.map +1 -1
- package/dist/deployment/persistence.js +6 -1
- package/dist/deployment/persistence.js.map +1 -1
- package/dist/docker/compose.d.ts.map +1 -1
- package/dist/docker/compose.js +76 -0
- package/dist/docker/compose.js.map +1 -1
- package/dist/engine/runner.d.ts.map +1 -1
- package/dist/engine/runner.js +0 -43
- package/dist/engine/runner.js.map +1 -1
- package/dist/functions/built-in/auth-apikey.d.ts.map +1 -1
- package/dist/functions/built-in/auth-apikey.js.map +1 -1
- package/dist/functions/built-in/system-cache.d.ts.map +1 -1
- package/dist/functions/built-in/system-cache.js +6 -31
- package/dist/functions/built-in/system-cache.js.map +1 -1
- package/dist/functions/built-in/system-data.d.ts.map +1 -1
- package/dist/functions/built-in/system-data.js +4 -2
- package/dist/functions/built-in/system-data.js.map +1 -1
- package/dist/functions/definition.d.ts.map +1 -1
- package/dist/functions/definition.js +6 -2
- package/dist/functions/definition.js.map +1 -1
- package/dist/http/routes/metrics.d.ts +42 -0
- package/dist/http/routes/metrics.d.ts.map +1 -0
- package/dist/http/routes/metrics.js +29 -0
- package/dist/http/routes/metrics.js.map +1 -0
- package/dist/http/server.d.ts +1 -0
- package/dist/http/server.d.ts.map +1 -1
- package/dist/http/server.js +41 -3
- package/dist/http/server.js.map +1 -1
- package/dist/ipc/socket-bridge.d.ts +1 -0
- package/dist/ipc/socket-bridge.d.ts.map +1 -1
- package/dist/ipc/socket-bridge.js +5 -1
- package/dist/ipc/socket-bridge.js.map +1 -1
- package/dist/jobs/bullmq-adapter.d.ts +154 -0
- package/dist/jobs/bullmq-adapter.d.ts.map +1 -0
- package/dist/jobs/bullmq-adapter.js +688 -0
- package/dist/jobs/bullmq-adapter.js.map +1 -0
- package/dist/jobs/bullmq-circuit-breaker.d.ts +133 -0
- package/dist/jobs/bullmq-circuit-breaker.d.ts.map +1 -0
- package/dist/jobs/bullmq-circuit-breaker.js +323 -0
- package/dist/jobs/bullmq-circuit-breaker.js.map +1 -0
- package/dist/jobs/bullmq-dlq-manager.d.ts +155 -0
- package/dist/jobs/bullmq-dlq-manager.d.ts.map +1 -0
- package/dist/jobs/bullmq-dlq-manager.js +325 -0
- package/dist/jobs/bullmq-dlq-manager.js.map +1 -0
- package/dist/jobs/bullmq-metrics.d.ts +104 -0
- package/dist/jobs/bullmq-metrics.d.ts.map +1 -0
- package/dist/jobs/bullmq-metrics.js +323 -0
- package/dist/jobs/bullmq-metrics.js.map +1 -0
- package/dist/jobs/bullmq-priority-service.d.ts +173 -0
- package/dist/jobs/bullmq-priority-service.d.ts.map +1 -0
- package/dist/jobs/bullmq-priority-service.js +390 -0
- package/dist/jobs/bullmq-priority-service.js.map +1 -0
- package/dist/jobs/bullmq-scheduler.d.ts +111 -0
- package/dist/jobs/bullmq-scheduler.d.ts.map +1 -0
- package/dist/jobs/bullmq-scheduler.js +300 -0
- package/dist/jobs/bullmq-scheduler.js.map +1 -0
- package/dist/jobs/bullmq-worker.d.ts +155 -0
- package/dist/jobs/bullmq-worker.d.ts.map +1 -0
- package/dist/jobs/bullmq-worker.js +651 -0
- package/dist/jobs/bullmq-worker.js.map +1 -0
- package/dist/jobs/circuit-breaker.d.ts +120 -0
- package/dist/jobs/circuit-breaker.d.ts.map +1 -0
- package/dist/jobs/circuit-breaker.js +262 -0
- package/dist/jobs/circuit-breaker.js.map +1 -0
- package/dist/jobs/index.d.ts +1 -1
- package/dist/jobs/index.d.ts.map +1 -1
- package/dist/jobs/index.js.map +1 -1
- package/dist/jobs/queue.d.ts +120 -1
- package/dist/jobs/queue.d.ts.map +1 -1
- package/dist/jobs/queue.js +487 -9
- package/dist/jobs/queue.js.map +1 -1
- package/dist/jobs/redis-connection.d.ts +50 -0
- package/dist/jobs/redis-connection.d.ts.map +1 -0
- package/dist/jobs/redis-connection.js +123 -0
- package/dist/jobs/redis-connection.js.map +1 -0
- package/dist/jobs/run-scheduler.js +163 -10
- package/dist/jobs/run-scheduler.js.map +1 -1
- package/dist/jobs/run-worker.js +101 -9
- package/dist/jobs/run-worker.js.map +1 -1
- package/dist/jobs/worker-thread.d.ts +6 -0
- package/dist/jobs/worker-thread.d.ts.map +1 -1
- package/dist/jobs/worker-thread.js +37 -8
- package/dist/jobs/worker-thread.js.map +1 -1
- package/dist/jobs/worker.d.ts +33 -0
- package/dist/jobs/worker.d.ts.map +1 -1
- package/dist/jobs/worker.js +358 -115
- package/dist/jobs/worker.js.map +1 -1
- package/dist/linq/async-enumerable.d.ts.map +1 -1
- package/dist/linq/async-enumerable.js.map +1 -1
- package/dist/linq/enumerable.d.ts.map +1 -1
- package/dist/linq/enumerable.js +10 -10
- package/dist/linq/enumerable.js.map +1 -1
- package/dist/metrics/collector.d.ts +26 -0
- package/dist/metrics/collector.d.ts.map +1 -0
- package/dist/metrics/collector.js +103 -0
- package/dist/metrics/collector.js.map +1 -0
- package/dist/polling/updates.controller.d.ts +57 -0
- package/dist/polling/updates.controller.d.ts.map +1 -0
- package/dist/polling/updates.controller.js +70 -0
- package/dist/polling/updates.controller.js.map +1 -0
- package/dist/repository/db-set.d.ts.map +1 -1
- package/dist/repository/db-set.js +12 -8
- package/dist/repository/db-set.js.map +1 -1
- package/dist/repository/ef-core.d.ts.map +1 -1
- package/dist/repository/ef-core.js +6 -6
- package/dist/repository/ef-core.js.map +1 -1
- package/dist/repository/factory.d.ts +1 -1
- package/dist/repository/factory.d.ts.map +1 -1
- package/dist/repository/factory.js.map +1 -1
- package/dist/repository/interfaces.d.ts.map +1 -1
- package/dist/repository/interfaces.js.map +1 -1
- package/dist/repository/queryable.d.ts.map +1 -1
- package/dist/repository/queryable.js.map +1 -1
- package/dist/rpc/adapter.d.ts.map +1 -1
- package/dist/rpc/adapter.js.map +1 -1
- package/dist/rpc/router.d.ts +2 -2
- package/dist/rpc/router.d.ts.map +1 -1
- package/dist/rpc/router.js +1 -1
- package/dist/rpc/router.js.map +1 -1
- package/dist/schema/relationship-types.d.ts +7 -2
- package/dist/schema/relationship-types.js +1 -1
- package/dist/schema/types.d.ts.map +1 -1
- package/dist/services/admin/app-users.service.d.ts +1 -1
- package/dist/services/admin/app-users.service.js +31 -38
- package/dist/services/admin/auth.service.d.ts +1 -1
- package/dist/services/admin/auth.service.js +11 -5
- package/dist/services/admin/backup/BackupOrchestrator.d.ts.map +1 -1
- package/dist/services/admin/backup/BackupOrchestrator.js +4 -7
- package/dist/services/admin/backup/BackupOrchestrator.js.map +1 -1
- package/dist/services/admin/backup/SqliteGenerator.js +8 -8
- package/dist/services/admin/backup/StorageStreamer.d.ts +3 -3
- package/dist/services/admin/backup/StorageStreamer.d.ts.map +1 -1
- package/dist/services/admin/backup/StorageStreamer.js +16 -55
- package/dist/services/admin/backup/StorageStreamer.js.map +1 -1
- package/dist/services/admin/backup/ZipComposer.d.ts +2 -0
- package/dist/services/admin/backup/ZipComposer.d.ts.map +1 -1
- package/dist/services/admin/backup/ZipComposer.js +23 -0
- package/dist/services/admin/backup/ZipComposer.js.map +1 -1
- package/dist/services/admin/backup.service.d.ts.map +1 -1
- package/dist/services/admin/backup.service.js.map +1 -1
- package/dist/services/admin/data.service.d.ts.map +1 -1
- package/dist/services/admin/data.service.js +287 -286
- package/dist/services/admin/data.service.js.map +1 -1
- package/dist/services/admin/tenants.service.d.ts.map +1 -1
- package/dist/services/admin/tenants.service.js.map +1 -1
- package/dist/services/auth.service.d.ts +2 -3
- package/dist/services/auth.service.js +16 -16
- package/dist/services/invite.service.d.ts +1 -1
- package/dist/services/invite.service.js +17 -15
- package/dist/services/storage.service.d.ts.map +1 -1
- package/dist/services/storage.service.js +35 -4
- package/dist/services/storage.service.js.map +1 -1
- package/dist/services/system.service.d.ts.map +1 -1
- package/dist/services/system.service.js +1 -1
- package/dist/services/system.service.js.map +1 -1
- package/dist/services/tenant.service.d.ts +1 -1
- package/dist/services/tenant.service.js +43 -31
- package/dist/sse/subscriptions.controller.d.ts +57 -0
- package/dist/sse/subscriptions.controller.d.ts.map +1 -0
- package/dist/sse/subscriptions.controller.js +127 -0
- package/dist/sse/subscriptions.controller.js.map +1 -0
- package/dist/startup/bootstrap.d.ts +13 -2
- package/dist/startup/bootstrap.d.ts.map +1 -1
- package/dist/startup/bootstrap.js +85 -13
- package/dist/startup/bootstrap.js.map +1 -1
- package/dist/storage/s3-backend.d.ts.map +1 -1
- package/dist/storage/s3-backend.js +3 -3
- package/dist/storage/s3-backend.js.map +1 -1
- package/dist/websocket/server.d.ts.map +1 -1
- package/dist/websocket/server.js +14 -3
- package/dist/websocket/server.js.map +1 -1
- package/docker/README.md +309 -11
- package/package.json +214 -210
- package/templates/.env.example +115 -55
- package/templates/archlast.config.js +51 -37
- package/templates/docker-compose.prod.yml +32 -15
- package/templates/docker-compose.yml +117 -33
package/README.md
CHANGED
|
@@ -1,100 +1,104 @@
|
|
|
1
|
-
# @archlast/server
|
|
2
|
-
|
|
3
|
-
Type-safe server definitions and runtime helpers for Archlast. This package is
|
|
4
|
-
used to define schema, functions, and shared types, and it ships Docker
|
|
5
|
-
templates for runtime deployment.
|
|
6
|
-
|
|
7
|
-
## Install
|
|
8
|
-
|
|
9
|
-
```bash
|
|
10
|
-
npm install -D @archlast/server
|
|
11
|
-
```
|
|
12
|
-
|
|
13
|
-
## Library vs runtime
|
|
14
|
-
|
|
15
|
-
This package is a dev-time library for schema and function definitions. The
|
|
16
|
-
runtime server is delivered via the Docker image (`algochad/archlast-server`) and managed
|
|
17
|
-
by the CLI (`archlast start`).
|
|
18
|
-
|
|
19
|
-
## Schema
|
|
20
|
-
|
|
21
|
-
```ts
|
|
22
|
-
import { defineSchema, defineTable, v } from "@archlast/server/schema/definition";
|
|
23
|
-
|
|
24
|
-
export default defineSchema({
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
});
|
|
30
|
-
```
|
|
31
|
-
|
|
32
|
-
## Functions
|
|
33
|
-
|
|
34
|
-
```ts
|
|
35
|
-
import { query, mutation } from "@archlast/server/functions/definition";
|
|
36
|
-
import { z } from "zod";
|
|
37
|
-
|
|
38
|
-
export const list = query({
|
|
39
|
-
|
|
40
|
-
});
|
|
41
|
-
|
|
42
|
-
export const create = mutation({
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
});
|
|
46
|
-
```
|
|
47
|
-
|
|
48
|
-
Other function types:
|
|
49
|
-
|
|
50
|
-
- `
|
|
51
|
-
- `
|
|
52
|
-
- `
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
- `@archlast/server/
|
|
72
|
-
- `@archlast/server/
|
|
73
|
-
- `@archlast/server/
|
|
74
|
-
- `@archlast/server/
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
- `
|
|
93
|
-
- `
|
|
94
|
-
- `
|
|
95
|
-
- `
|
|
96
|
-
- `
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
1
|
+
# @archlast/server
|
|
2
|
+
|
|
3
|
+
Type-safe server definitions and runtime helpers for Archlast. This package is
|
|
4
|
+
used to define schema, functions, and shared types, and it ships Docker
|
|
5
|
+
templates for runtime deployment.
|
|
6
|
+
|
|
7
|
+
## Install
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npm install -D @archlast/server
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
## Library vs runtime
|
|
14
|
+
|
|
15
|
+
This package is a dev-time library for schema and function definitions. The
|
|
16
|
+
runtime server is delivered via the Docker image (`algochad/archlast-server`) and managed
|
|
17
|
+
by the CLI (`archlast start`).
|
|
18
|
+
|
|
19
|
+
## Schema
|
|
20
|
+
|
|
21
|
+
```ts
|
|
22
|
+
import { defineSchema, defineTable, v } from "@archlast/server/schema/definition";
|
|
23
|
+
|
|
24
|
+
export default defineSchema({
|
|
25
|
+
tasks: defineTable({
|
|
26
|
+
id: v.id(),
|
|
27
|
+
text: v.string(),
|
|
28
|
+
}),
|
|
29
|
+
});
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
## Functions
|
|
33
|
+
|
|
34
|
+
```ts
|
|
35
|
+
import { query, mutation } from "@archlast/server/functions/definition";
|
|
36
|
+
import { z } from "zod";
|
|
37
|
+
|
|
38
|
+
export const list = query({
|
|
39
|
+
handler: async (ctx) => ctx.db.table("tasks").findMany(),
|
|
40
|
+
});
|
|
41
|
+
|
|
42
|
+
export const create = mutation({
|
|
43
|
+
args: { text: z.string() },
|
|
44
|
+
handler: async (ctx, args) => ctx.db.table("tasks").insert({ text: args.text }),
|
|
45
|
+
});
|
|
46
|
+
```
|
|
47
|
+
|
|
48
|
+
Other function types:
|
|
49
|
+
|
|
50
|
+
- `action` for long running tasks
|
|
51
|
+
- `http` for explicit HTTP routes
|
|
52
|
+
- `webhook` for signed incoming events
|
|
53
|
+
- `rpc` for tRPC-style public procedures
|
|
54
|
+
|
|
55
|
+
## Auth and permissions
|
|
56
|
+
|
|
57
|
+
All functions default to `auth: "required"`. You can mark functions public or
|
|
58
|
+
optional, and attach permissions.
|
|
59
|
+
|
|
60
|
+
```ts
|
|
61
|
+
export const publicPing = query({
|
|
62
|
+
auth: "public",
|
|
63
|
+
handler: async () => "pong",
|
|
64
|
+
});
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
## Runtime exports
|
|
68
|
+
|
|
69
|
+
Common entry points:
|
|
70
|
+
|
|
71
|
+
- `@archlast/server/schema/definition` and `@archlast/server/schema/validators`
|
|
72
|
+
- `@archlast/server/functions/definition` and `@archlast/server/functions/types`
|
|
73
|
+
- `@archlast/server/http` and `@archlast/server/webhook`
|
|
74
|
+
- `@archlast/server/jobs`
|
|
75
|
+
- `@archlast/server/storage/types`
|
|
76
|
+
- `@archlast/server/context`
|
|
77
|
+
|
|
78
|
+
## Docker templates
|
|
79
|
+
|
|
80
|
+
Templates live under `templates/` in this package:
|
|
81
|
+
|
|
82
|
+
- `docker-compose.yml`, `docker-compose.dev.yml`, `docker-compose.prod.yml`
|
|
83
|
+
- `.env.example`
|
|
84
|
+
- `archlast.config.js`
|
|
85
|
+
|
|
86
|
+
The CLI uses these templates to generate a local Docker setup.
|
|
87
|
+
|
|
88
|
+
## Environment configuration
|
|
89
|
+
|
|
90
|
+
Key variables used by the server runtime:
|
|
91
|
+
|
|
92
|
+
- `PORT` (default: 4000)
|
|
93
|
+
- `ARCHLAST_DB_ROOT` (default: `./data`)
|
|
94
|
+
- `ARCHLAST_ALLOWED_ORIGINS` (CSV)
|
|
95
|
+
- `ARCHLAST_CORS_ALLOW_CREDENTIALS` (`true` or `false`)
|
|
96
|
+
- `STORAGE_ROOT` and `STORAGE_SIGNING_SECRET`
|
|
97
|
+
- `S3_ENABLED`, `S3_BUCKET`, `S3_REGION`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`
|
|
98
|
+
- `ARCHLAST_ADMIN_TOKEN` (deprecated), `ARCHLAST_AUTH_TOKEN_PEPPER`
|
|
99
|
+
- `ARCHLAST_DASHBOARD_DIR` or `ARCHLAST_DASHBOARD_URL`
|
|
100
|
+
- `ARCHLAST_STORE_PORT`, `ARCHLAST_STORE_NO_TLS`
|
|
101
|
+
|
|
102
|
+
## Publishing (maintainers)
|
|
103
|
+
|
|
104
|
+
See `docs/npm-publishing.md` for release and publish steps.
|
package/dist/admin/auth.d.ts
CHANGED
|
@@ -29,11 +29,23 @@ export declare function isSetupRequired(db: IDatabaseClient): Promise<boolean>;
|
|
|
29
29
|
/**
|
|
30
30
|
* Setup: Create the first admin user
|
|
31
31
|
*/
|
|
32
|
-
export declare function setupFirstAdmin(
|
|
32
|
+
export declare function setupFirstAdmin(
|
|
33
|
+
db: IDatabaseClient,
|
|
34
|
+
username: string,
|
|
35
|
+
password: string,
|
|
36
|
+
userAgent: string | null,
|
|
37
|
+
ipAddress: string | null
|
|
38
|
+
): Promise<SetupResult | AuthError>;
|
|
33
39
|
/**
|
|
34
40
|
* Login: Authenticate admin user
|
|
35
41
|
*/
|
|
36
|
-
export declare function loginAdmin(
|
|
42
|
+
export declare function loginAdmin(
|
|
43
|
+
db: IDatabaseClient,
|
|
44
|
+
username: string,
|
|
45
|
+
password: string,
|
|
46
|
+
userAgent: string | null,
|
|
47
|
+
ipAddress: string | null
|
|
48
|
+
): Promise<LoginResult | AuthError>;
|
|
37
49
|
/**
|
|
38
50
|
* Logout: Invalidate session
|
|
39
51
|
*/
|
|
@@ -41,7 +53,10 @@ export declare function logoutAdmin(db: IDatabaseClient, token: string): Promise
|
|
|
41
53
|
/**
|
|
42
54
|
* Verify session and get admin user
|
|
43
55
|
*/
|
|
44
|
-
export declare function verifyAdminSession(
|
|
56
|
+
export declare function verifyAdminSession(
|
|
57
|
+
db: IDatabaseClient,
|
|
58
|
+
token: string
|
|
59
|
+
): Promise<{
|
|
45
60
|
user: Omit<AdminUser, "password_hash">;
|
|
46
61
|
session: AdminSession;
|
|
47
62
|
} | null>;
|
|
@@ -56,7 +71,11 @@ export declare function extractAdminSessionTokens(req: Request): string[];
|
|
|
56
71
|
* 2. ast_ session tokens (login sessions) - not obfuscated (for browser)
|
|
57
72
|
* 3. ak_ API keys (legacy, user-created) - not obfuscated
|
|
58
73
|
*/
|
|
59
|
-
export declare function requireAdminAuth(
|
|
74
|
+
export declare function requireAdminAuth(
|
|
75
|
+
db: IDatabaseClient,
|
|
76
|
+
req: Request,
|
|
77
|
+
requestPath?: string
|
|
78
|
+
): Promise<{
|
|
60
79
|
user: Omit<AdminUser, "password_hash">;
|
|
61
80
|
session: AdminSession;
|
|
62
81
|
} | null>;
|
|
@@ -76,4 +95,4 @@ export declare function getUserAgent(req: Request): string | null;
|
|
|
76
95
|
* Get IP address from request
|
|
77
96
|
*/
|
|
78
97
|
export declare function getIpAddress(req: Request): string | null;
|
|
79
|
-
//# sourceMappingURL=auth.d.ts.map
|
|
98
|
+
//# sourceMappingURL=auth.d.ts.map
|
package/dist/admin/auth.js
CHANGED
|
@@ -43,7 +43,10 @@ async function setupFirstAdmin(db, username, password, userAgent, ipAddress) {
|
|
|
43
43
|
// Validate username
|
|
44
44
|
const normalizedUsername = (0, schema_js_1.normalizeUsername)(username);
|
|
45
45
|
if (!(0, schema_js_1.isValidUsername)(normalizedUsername)) {
|
|
46
|
-
return {
|
|
46
|
+
return {
|
|
47
|
+
success: false,
|
|
48
|
+
error: "Invalid username. Must be 3-32 characters, alphanumeric and underscore only.",
|
|
49
|
+
};
|
|
47
50
|
}
|
|
48
51
|
// Validate password
|
|
49
52
|
if (!password || password.length < 8) {
|
|
@@ -52,10 +55,21 @@ async function setupFirstAdmin(db, username, password, userAgent, ipAddress) {
|
|
|
52
55
|
// Hash password
|
|
53
56
|
const passwordHash = await (0, crypto_js_1.hashPassword)(password);
|
|
54
57
|
// Create first admin user (always super admin)
|
|
55
|
-
const user = await (0, schema_js_1.createFirstAdminUser)(
|
|
58
|
+
const user = await (0, schema_js_1.createFirstAdminUser)(
|
|
59
|
+
db,
|
|
60
|
+
normalizedUsername,
|
|
61
|
+
passwordHash
|
|
62
|
+
);
|
|
56
63
|
// Create session
|
|
57
64
|
const token = `ast_${(0, cuid2_1.createId)()}`; // Admin Session Token
|
|
58
|
-
const session = await (0, schema_js_1.createAdminSession)(
|
|
65
|
+
const session = await (0, schema_js_1.createAdminSession)(
|
|
66
|
+
db,
|
|
67
|
+
user._id,
|
|
68
|
+
token,
|
|
69
|
+
exports.ADMIN_SESSION_TTL_MS,
|
|
70
|
+
userAgent,
|
|
71
|
+
ipAddress
|
|
72
|
+
);
|
|
59
73
|
return {
|
|
60
74
|
success: true,
|
|
61
75
|
token: session.token,
|
|
@@ -70,8 +84,7 @@ async function setupFirstAdmin(db, username, password, userAgent, ipAddress) {
|
|
|
70
84
|
updated_at: user.updated_at,
|
|
71
85
|
},
|
|
72
86
|
};
|
|
73
|
-
}
|
|
74
|
-
catch (err) {
|
|
87
|
+
} catch (err) {
|
|
75
88
|
logger_js_1.logger.log({
|
|
76
89
|
timestamp: Date.now(),
|
|
77
90
|
level: "error",
|
|
@@ -100,7 +113,14 @@ async function loginAdmin(db, username, password, userAgent, ipAddress) {
|
|
|
100
113
|
}
|
|
101
114
|
// Create session
|
|
102
115
|
const token = `ast_${(0, cuid2_1.createId)()}`;
|
|
103
|
-
const session = await (0, schema_js_1.createAdminSession)(
|
|
116
|
+
const session = await (0, schema_js_1.createAdminSession)(
|
|
117
|
+
db,
|
|
118
|
+
user._id,
|
|
119
|
+
token,
|
|
120
|
+
exports.ADMIN_SESSION_TTL_MS,
|
|
121
|
+
userAgent,
|
|
122
|
+
ipAddress
|
|
123
|
+
);
|
|
104
124
|
return {
|
|
105
125
|
success: true,
|
|
106
126
|
token: session.token,
|
|
@@ -115,8 +135,7 @@ async function loginAdmin(db, username, password, userAgent, ipAddress) {
|
|
|
115
135
|
updated_at: user.updated_at,
|
|
116
136
|
},
|
|
117
137
|
};
|
|
118
|
-
}
|
|
119
|
-
catch (err) {
|
|
138
|
+
} catch (err) {
|
|
120
139
|
logger_js_1.logger.log({
|
|
121
140
|
timestamp: Date.now(),
|
|
122
141
|
level: "error",
|
|
@@ -167,8 +186,7 @@ async function verifyAdminSession(db, token) {
|
|
|
167
186
|
},
|
|
168
187
|
session,
|
|
169
188
|
};
|
|
170
|
-
}
|
|
171
|
-
catch (err) {
|
|
189
|
+
} catch (err) {
|
|
172
190
|
logger_js_1.logger.log({
|
|
173
191
|
timestamp: Date.now(),
|
|
174
192
|
level: "error",
|
|
@@ -185,7 +203,8 @@ async function verifyAdminSession(db, token) {
|
|
|
185
203
|
// ============================================================================
|
|
186
204
|
// TOKEN OBFUSCATION
|
|
187
205
|
// ============================================================================
|
|
188
|
-
const TOKEN_OBFUSCATION_SECRET =
|
|
206
|
+
const TOKEN_OBFUSCATION_SECRET =
|
|
207
|
+
process.env.ARCHLAST_TOKEN_OBFUSCATION_SECRET || "archlast-default-secret-change-in-production";
|
|
189
208
|
const TIMESTAMP_WINDOW_MS = 5 * 60 * 1000; // 5 minutes
|
|
190
209
|
/**
|
|
191
210
|
* Deobfuscate a dynamic token and return the raw token
|
|
@@ -219,7 +238,9 @@ function deobfuscateToken(obfuscated, requestPath) {
|
|
|
219
238
|
.update(message)
|
|
220
239
|
.digest("base64url");
|
|
221
240
|
// Use timing-safe comparison to prevent timing attacks
|
|
222
|
-
if (
|
|
241
|
+
if (
|
|
242
|
+
!(0, crypto_1.timingSafeEqual)(Buffer.from(signature), Buffer.from(expectedSignature))
|
|
243
|
+
) {
|
|
223
244
|
logger_js_1.logger.log({
|
|
224
245
|
timestamp: Date.now(),
|
|
225
246
|
level: "warn",
|
|
@@ -235,8 +256,7 @@ function deobfuscateToken(obfuscated, requestPath) {
|
|
|
235
256
|
message: `[Token Obfuscation] ✓ Token deobfuscated successfully`,
|
|
236
257
|
});
|
|
237
258
|
return token;
|
|
238
|
-
}
|
|
239
|
-
catch (error) {
|
|
259
|
+
} catch (error) {
|
|
240
260
|
logger_js_1.logger.log({
|
|
241
261
|
timestamp: Date.now(),
|
|
242
262
|
level: "error",
|
|
@@ -256,16 +276,14 @@ function extractAndDeobfuscateTokens(req, requestPath) {
|
|
|
256
276
|
const xAdminToken = req.headers.get("x-admin-token");
|
|
257
277
|
if (xAdminToken) {
|
|
258
278
|
const deobfuscated = deobfuscateToken(xAdminToken, requestPath);
|
|
259
|
-
if (deobfuscated)
|
|
260
|
-
tokens.push(deobfuscated);
|
|
279
|
+
if (deobfuscated) tokens.push(deobfuscated);
|
|
261
280
|
}
|
|
262
281
|
// 2. Authorization header
|
|
263
282
|
const authHeader = req.headers.get("authorization");
|
|
264
283
|
if (authHeader?.startsWith("Bearer ")) {
|
|
265
284
|
const token = authHeader.slice(7);
|
|
266
285
|
const deobfuscated = deobfuscateToken(token, requestPath);
|
|
267
|
-
if (deobfuscated)
|
|
268
|
-
tokens.push(deobfuscated);
|
|
286
|
+
if (deobfuscated) tokens.push(deobfuscated);
|
|
269
287
|
}
|
|
270
288
|
// 3. Cookie (session tokens are not obfuscated)
|
|
271
289
|
const cookieHeader = req.headers.get("cookie");
|
|
@@ -287,8 +305,7 @@ function extractAdminSessionTokens(req) {
|
|
|
287
305
|
const tokens = [];
|
|
288
306
|
// 1. X-Admin-Token header (highest priority, manual bypass)
|
|
289
307
|
const xAdminToken = req.headers.get("x-admin-token");
|
|
290
|
-
if (xAdminToken)
|
|
291
|
-
tokens.push(xAdminToken);
|
|
308
|
+
if (xAdminToken) tokens.push(xAdminToken);
|
|
292
309
|
// 2. Authorization header
|
|
293
310
|
const authHeader = req.headers.get("authorization");
|
|
294
311
|
if (authHeader?.startsWith("Bearer ")) {
|
|
@@ -334,7 +351,7 @@ async function requireAdminAuth(db, req, requestPath) {
|
|
|
334
351
|
level: "debug",
|
|
335
352
|
kind: "system",
|
|
336
353
|
message: `[Admin Auth] Found ${tokens.length} token(s)`,
|
|
337
|
-
context: { tokenTypes: tokens.map(t => `${t.slice(0, 4)}...${t.slice(-4)}`) },
|
|
354
|
+
context: { tokenTypes: tokens.map((t) => `${t.slice(0, 4)}...${t.slice(-4)}`) },
|
|
338
355
|
});
|
|
339
356
|
for (const token of tokens) {
|
|
340
357
|
// 1. Check for sat_ admin tokens (Server Admin Tokens - dashboard-generated)
|
|
@@ -357,7 +374,10 @@ async function requireAdminAuth(db, req, requestPath) {
|
|
|
357
374
|
});
|
|
358
375
|
}
|
|
359
376
|
if (adminTokenRecord) {
|
|
360
|
-
const user = await (0, schema_js_1.findAdminUserById)(
|
|
377
|
+
const user = await (0, schema_js_1.findAdminUserById)(
|
|
378
|
+
db,
|
|
379
|
+
adminTokenRecord.created_by_admin_id
|
|
380
|
+
);
|
|
361
381
|
if (user) {
|
|
362
382
|
await (0, schema_js_1.updateAdminTokenLastUsed)(db, adminTokenRecord._id);
|
|
363
383
|
const now = Date.now();
|
|
@@ -384,7 +404,8 @@ async function requireAdminAuth(db, req, requestPath) {
|
|
|
384
404
|
_collection: "admin_tokens",
|
|
385
405
|
admin_user_id: user._id,
|
|
386
406
|
token: adminTokenRecord.token,
|
|
387
|
-
expires_at:
|
|
407
|
+
expires_at:
|
|
408
|
+
adminTokenRecord.expires_at ?? now + exports.ADMIN_SESSION_TTL_MS,
|
|
388
409
|
user_agent: req.headers.get("user-agent"),
|
|
389
410
|
ip_address: getIpAddress(req),
|
|
390
411
|
created_at: adminTokenRecord.created_at,
|
|
@@ -405,7 +426,10 @@ async function requireAdminAuth(db, req, requestPath) {
|
|
|
405
426
|
if (token.startsWith("ak_")) {
|
|
406
427
|
const apiKey = await (0, schema_js_1.findApiKeyByKey)(db, token);
|
|
407
428
|
if (apiKey) {
|
|
408
|
-
const user = await (0, schema_js_1.findAdminUserById)(
|
|
429
|
+
const user = await (0, schema_js_1.findAdminUserById)(
|
|
430
|
+
db,
|
|
431
|
+
apiKey.created_by_admin_id
|
|
432
|
+
);
|
|
409
433
|
if (user) {
|
|
410
434
|
await (0, schema_js_1.updateApiKeyLastUsed)(db, apiKey._id);
|
|
411
435
|
const now = Date.now();
|
|
@@ -484,4 +508,4 @@ function getIpAddress(req) {
|
|
|
484
508
|
// Fallback to direct connection (may be proxy IP in production)
|
|
485
509
|
return null;
|
|
486
510
|
}
|
|
487
|
-
//# sourceMappingURL=auth.js.map
|
|
511
|
+
//# sourceMappingURL=auth.js.map
|