@archlast/server 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +104 -100
- package/dist/admin/auth.d.ts +24 -5
- package/dist/admin/auth.js +49 -25
- package/dist/admin/schema.d.ts +122 -32
- package/dist/admin/schema.js +131 -95
- package/dist/admin/seed.d.ts +1 -1
- package/dist/admin/seed.js +79 -47
- package/dist/auth/api-key-resolver.d.ts +1 -1
- package/dist/auth/api-key-resolver.js +7 -3
- package/dist/auth/archlast-auth-adapter.d.ts +2 -5
- package/dist/auth/archlast-auth-adapter.js +1 -1
- package/dist/auth/better-auth-adapter.d.ts.map +1 -1
- package/dist/auth/better-auth-adapter.js +41 -26
- package/dist/auth/better-auth-adapter.js.map +1 -1
- package/dist/auth/better-auth-admin.d.ts.map +1 -1
- package/dist/auth/better-auth-admin.js +1 -1
- package/dist/auth/better-auth-admin.js.map +1 -1
- package/dist/auth/better-auth-api-key-resolver.js +1 -1
- package/dist/auth/better-auth-api-key-resolver.js.map +1 -1
- package/dist/auth/better-auth-instance.d.ts +249 -301
- package/dist/auth/better-auth-instance.d.ts.map +1 -1
- package/dist/auth/better-auth-instance.js +11 -0
- package/dist/auth/better-auth-instance.js.map +1 -1
- package/dist/auth/better-auth-seed.d.ts +5 -2
- package/dist/auth/better-auth-seed.js +31 -22
- package/dist/auth/better-auth-session-adapter.d.ts.map +1 -1
- package/dist/auth/better-auth-session-adapter.js +14 -10
- package/dist/auth/better-auth-session-adapter.js.map +1 -1
- package/dist/auth/errors.d.ts.map +1 -1
- package/dist/auth/errors.js +11 -11
- package/dist/auth/errors.js.map +1 -1
- package/dist/auth/oauth-proxy.d.ts +5 -2
- package/dist/auth/oauth-proxy.js +23 -27
- package/dist/auth/resolver.d.ts.map +1 -1
- package/dist/auth/resolver.js.map +1 -1
- package/dist/auth/role-helpers.d.ts +1 -1
- package/dist/auth/role-helpers.d.ts.map +1 -1
- package/dist/auth/role-helpers.js.map +1 -1
- package/dist/auth/session-manager.d.ts +2 -5
- package/dist/auth/session-manager.js +16 -6
- package/dist/auth/system/better-auth-schema.d.ts.map +1 -1
- package/dist/auth/system/better-auth-schema.js +6 -23
- package/dist/auth/system/better-auth-schema.js.map +1 -1
- package/dist/cache/circuit-breaker.d.ts +81 -0
- package/dist/cache/circuit-breaker.d.ts.map +1 -0
- package/dist/cache/circuit-breaker.js +170 -0
- package/dist/cache/circuit-breaker.js.map +1 -0
- package/dist/cache/client.d.ts +6 -3
- package/dist/cache/client.d.ts.map +1 -1
- package/dist/cache/client.js +12 -53
- package/dist/cache/client.js.map +1 -1
- package/dist/cache/index.d.ts +2 -0
- package/dist/cache/index.d.ts.map +1 -1
- package/dist/cache/index.js +5 -1
- package/dist/cache/index.js.map +1 -1
- package/dist/cache/invalidation-queue.d.ts +63 -0
- package/dist/cache/invalidation-queue.d.ts.map +1 -0
- package/dist/cache/invalidation-queue.js +196 -0
- package/dist/cache/invalidation-queue.js.map +1 -0
- package/dist/cache/layers.d.ts +14 -4
- package/dist/cache/layers.d.ts.map +1 -1
- package/dist/cache/layers.js +66 -72
- package/dist/cache/layers.js.map +1 -1
- package/dist/cache/manager.d.ts.map +1 -1
- package/dist/cache/manager.js +6 -41
- package/dist/cache/manager.js.map +1 -1
- package/dist/cache/protocol.d.ts +4 -39
- package/dist/cache/protocol.d.ts.map +1 -1
- package/dist/cache/protocol.js.map +1 -1
- package/dist/cache/redis-adapter.d.ts +103 -0
- package/dist/cache/redis-adapter.d.ts.map +1 -0
- package/dist/cache/redis-adapter.js +424 -0
- package/dist/cache/redis-adapter.js.map +1 -0
- package/dist/cache/run-sidecar.js +10 -1
- package/dist/cache/run-sidecar.js.map +1 -1
- package/dist/cache/sidecar-server.d.ts +51 -1
- package/dist/cache/sidecar-server.d.ts.map +1 -1
- package/dist/cache/sidecar-server.js +368 -22
- package/dist/cache/sidecar-server.js.map +1 -1
- package/dist/cache/store.d.ts +43 -0
- package/dist/cache/store.d.ts.map +1 -1
- package/dist/cache/store.js +69 -76
- package/dist/cache/store.js.map +1 -1
- package/dist/cache/strategies.d.ts +2 -9
- package/dist/cache/strategies.d.ts.map +1 -1
- package/dist/cache/types.d.ts +130 -0
- package/dist/cache/types.d.ts.map +1 -0
- package/dist/cache/types.js +60 -0
- package/dist/cache/types.js.map +1 -0
- package/dist/config/bullmq.d.ts +16 -0
- package/dist/config/bullmq.d.ts.map +1 -0
- package/dist/config/bullmq.js +103 -0
- package/dist/config/bullmq.js.map +1 -0
- package/dist/config/index.d.ts +1 -0
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +1 -0
- package/dist/config/index.js.map +1 -1
- package/dist/config/schema.d.ts +80 -6
- package/dist/config/schema.d.ts.map +1 -1
- package/dist/config/schema.js +71 -6
- package/dist/config/schema.js.map +1 -1
- package/dist/config/service.d.ts +54 -4
- package/dist/config/service.d.ts.map +1 -1
- package/dist/config/service.js +56 -2
- package/dist/config/service.js.map +1 -1
- package/dist/controllers/admin/admin-tokens.controller.d.ts +131 -115
- package/dist/controllers/admin/admin-tokens.controller.js +117 -98
- package/dist/controllers/admin/api-keys.controller.d.ts +1 -1
- package/dist/controllers/admin/api-keys.controller.d.ts.map +1 -1
- package/dist/controllers/admin/api-keys.controller.js.map +1 -1
- package/dist/controllers/admin/app-users.controller.d.ts +274 -243
- package/dist/controllers/admin/app-users.controller.js +301 -257
- package/dist/controllers/admin/auth.controller.d.ts +260 -236
- package/dist/controllers/admin/auth.controller.js +197 -174
- package/dist/controllers/admin/backup.controller.d.ts.map +1 -1
- package/dist/controllers/admin/backup.controller.js.map +1 -1
- package/dist/controllers/admin/settings.controller.d.ts +1 -1
- package/dist/controllers/admin/storage-stats.controller.d.ts +63 -0
- package/dist/controllers/admin/storage-stats.controller.d.ts.map +1 -0
- package/dist/controllers/admin/storage-stats.controller.js +33 -0
- package/dist/controllers/admin/storage-stats.controller.js.map +1 -0
- package/dist/controllers/admin/tenants.controller.d.ts.map +1 -1
- package/dist/controllers/admin/tenants.controller.js.map +1 -1
- package/dist/controllers/admin/users.controller.d.ts +1 -1
- package/dist/controllers/admin/users.controller.d.ts.map +1 -1
- package/dist/controllers/admin/users.controller.js.map +1 -1
- package/dist/controllers/auth.controller.d.ts +289 -271
- package/dist/controllers/auth.controller.js +275 -226
- package/dist/controllers/crud-generator.controller.d.ts.map +1 -1
- package/dist/controllers/crud-generator.controller.js +127 -125
- package/dist/controllers/crud-generator.controller.js.map +1 -1
- package/dist/controllers/index.d.ts +1 -1
- package/dist/controllers/index.d.ts.map +1 -1
- package/dist/controllers/index.js.map +1 -1
- package/dist/controllers/introspection.controller.d.ts +642 -0
- package/dist/controllers/introspection.controller.d.ts.map +1 -1
- package/dist/controllers/introspection.controller.js +611 -0
- package/dist/controllers/introspection.controller.js.map +1 -1
- package/dist/controllers/invite.controller.d.ts +190 -170
- package/dist/controllers/invite.controller.js +183 -164
- package/dist/controllers/mfa.controller.d.ts +205 -183
- package/dist/controllers/mfa.controller.js +131 -111
- package/dist/controllers/otp.controller.d.ts +194 -171
- package/dist/controllers/otp.controller.js +192 -175
- package/dist/controllers/storage.controller.d.ts.map +1 -1
- package/dist/controllers/storage.controller.js.map +1 -1
- package/dist/controllers/system.controller.d.ts +5 -3
- package/dist/controllers/system.controller.d.ts.map +1 -1
- package/dist/controllers/system.controller.js +4 -2
- package/dist/controllers/system.controller.js.map +1 -1
- package/dist/controllers/tenant.controller.d.ts +258 -227
- package/dist/controllers/tenant.controller.js +224 -200
- package/dist/db/cachedclient.d.ts +6 -11
- package/dist/db/cachedclient.d.ts.map +1 -1
- package/dist/db/cachedclient.js +79 -43
- package/dist/db/cachedclient.js.map +1 -1
- package/dist/db/distributed-client.d.ts +79 -24
- package/dist/db/distributed-client.js +23 -24
- package/dist/db/factory.d.ts +3 -8
- package/dist/db/factory.d.ts.map +1 -1
- package/dist/db/factory.js +3 -22
- package/dist/db/factory.js.map +1 -1
- package/dist/db/socket-client.d.ts +7 -0
- package/dist/db/socket-client.d.ts.map +1 -1
- package/dist/db/socket-client.js +140 -11
- package/dist/db/socket-client.js.map +1 -1
- package/dist/deployment/handler.d.ts +10 -2
- package/dist/deployment/handler.d.ts.map +1 -1
- package/dist/deployment/handler.js +70 -15
- package/dist/deployment/handler.js.map +1 -1
- package/dist/deployment/persistence.d.ts.map +1 -1
- package/dist/deployment/persistence.js +6 -1
- package/dist/deployment/persistence.js.map +1 -1
- package/dist/docker/compose.d.ts.map +1 -1
- package/dist/docker/compose.js +76 -0
- package/dist/docker/compose.js.map +1 -1
- package/dist/engine/runner.d.ts.map +1 -1
- package/dist/engine/runner.js +0 -43
- package/dist/engine/runner.js.map +1 -1
- package/dist/functions/built-in/auth-apikey.d.ts.map +1 -1
- package/dist/functions/built-in/auth-apikey.js.map +1 -1
- package/dist/functions/built-in/system-cache.d.ts.map +1 -1
- package/dist/functions/built-in/system-cache.js +6 -31
- package/dist/functions/built-in/system-cache.js.map +1 -1
- package/dist/functions/built-in/system-data.d.ts.map +1 -1
- package/dist/functions/built-in/system-data.js +4 -2
- package/dist/functions/built-in/system-data.js.map +1 -1
- package/dist/functions/definition.d.ts.map +1 -1
- package/dist/functions/definition.js +6 -2
- package/dist/functions/definition.js.map +1 -1
- package/dist/http/routes/metrics.d.ts +42 -0
- package/dist/http/routes/metrics.d.ts.map +1 -0
- package/dist/http/routes/metrics.js +29 -0
- package/dist/http/routes/metrics.js.map +1 -0
- package/dist/http/server.d.ts +1 -0
- package/dist/http/server.d.ts.map +1 -1
- package/dist/http/server.js +41 -3
- package/dist/http/server.js.map +1 -1
- package/dist/ipc/socket-bridge.d.ts +1 -0
- package/dist/ipc/socket-bridge.d.ts.map +1 -1
- package/dist/ipc/socket-bridge.js +5 -1
- package/dist/ipc/socket-bridge.js.map +1 -1
- package/dist/jobs/bullmq-adapter.d.ts +154 -0
- package/dist/jobs/bullmq-adapter.d.ts.map +1 -0
- package/dist/jobs/bullmq-adapter.js +688 -0
- package/dist/jobs/bullmq-adapter.js.map +1 -0
- package/dist/jobs/bullmq-circuit-breaker.d.ts +133 -0
- package/dist/jobs/bullmq-circuit-breaker.d.ts.map +1 -0
- package/dist/jobs/bullmq-circuit-breaker.js +323 -0
- package/dist/jobs/bullmq-circuit-breaker.js.map +1 -0
- package/dist/jobs/bullmq-dlq-manager.d.ts +155 -0
- package/dist/jobs/bullmq-dlq-manager.d.ts.map +1 -0
- package/dist/jobs/bullmq-dlq-manager.js +325 -0
- package/dist/jobs/bullmq-dlq-manager.js.map +1 -0
- package/dist/jobs/bullmq-metrics.d.ts +104 -0
- package/dist/jobs/bullmq-metrics.d.ts.map +1 -0
- package/dist/jobs/bullmq-metrics.js +323 -0
- package/dist/jobs/bullmq-metrics.js.map +1 -0
- package/dist/jobs/bullmq-priority-service.d.ts +173 -0
- package/dist/jobs/bullmq-priority-service.d.ts.map +1 -0
- package/dist/jobs/bullmq-priority-service.js +390 -0
- package/dist/jobs/bullmq-priority-service.js.map +1 -0
- package/dist/jobs/bullmq-scheduler.d.ts +111 -0
- package/dist/jobs/bullmq-scheduler.d.ts.map +1 -0
- package/dist/jobs/bullmq-scheduler.js +300 -0
- package/dist/jobs/bullmq-scheduler.js.map +1 -0
- package/dist/jobs/bullmq-worker.d.ts +155 -0
- package/dist/jobs/bullmq-worker.d.ts.map +1 -0
- package/dist/jobs/bullmq-worker.js +651 -0
- package/dist/jobs/bullmq-worker.js.map +1 -0
- package/dist/jobs/circuit-breaker.d.ts +120 -0
- package/dist/jobs/circuit-breaker.d.ts.map +1 -0
- package/dist/jobs/circuit-breaker.js +262 -0
- package/dist/jobs/circuit-breaker.js.map +1 -0
- package/dist/jobs/index.d.ts +1 -1
- package/dist/jobs/index.d.ts.map +1 -1
- package/dist/jobs/index.js.map +1 -1
- package/dist/jobs/queue.d.ts +120 -1
- package/dist/jobs/queue.d.ts.map +1 -1
- package/dist/jobs/queue.js +487 -9
- package/dist/jobs/queue.js.map +1 -1
- package/dist/jobs/redis-connection.d.ts +50 -0
- package/dist/jobs/redis-connection.d.ts.map +1 -0
- package/dist/jobs/redis-connection.js +123 -0
- package/dist/jobs/redis-connection.js.map +1 -0
- package/dist/jobs/run-scheduler.js +163 -10
- package/dist/jobs/run-scheduler.js.map +1 -1
- package/dist/jobs/run-worker.js +101 -9
- package/dist/jobs/run-worker.js.map +1 -1
- package/dist/jobs/worker-thread.d.ts +6 -0
- package/dist/jobs/worker-thread.d.ts.map +1 -1
- package/dist/jobs/worker-thread.js +37 -8
- package/dist/jobs/worker-thread.js.map +1 -1
- package/dist/jobs/worker.d.ts +33 -0
- package/dist/jobs/worker.d.ts.map +1 -1
- package/dist/jobs/worker.js +358 -115
- package/dist/jobs/worker.js.map +1 -1
- package/dist/linq/async-enumerable.d.ts.map +1 -1
- package/dist/linq/async-enumerable.js.map +1 -1
- package/dist/linq/enumerable.d.ts.map +1 -1
- package/dist/linq/enumerable.js +10 -10
- package/dist/linq/enumerable.js.map +1 -1
- package/dist/metrics/collector.d.ts +26 -0
- package/dist/metrics/collector.d.ts.map +1 -0
- package/dist/metrics/collector.js +103 -0
- package/dist/metrics/collector.js.map +1 -0
- package/dist/polling/updates.controller.d.ts +57 -0
- package/dist/polling/updates.controller.d.ts.map +1 -0
- package/dist/polling/updates.controller.js +70 -0
- package/dist/polling/updates.controller.js.map +1 -0
- package/dist/repository/db-set.d.ts.map +1 -1
- package/dist/repository/db-set.js +12 -8
- package/dist/repository/db-set.js.map +1 -1
- package/dist/repository/ef-core.d.ts.map +1 -1
- package/dist/repository/ef-core.js +6 -6
- package/dist/repository/ef-core.js.map +1 -1
- package/dist/repository/factory.d.ts +1 -1
- package/dist/repository/factory.d.ts.map +1 -1
- package/dist/repository/factory.js.map +1 -1
- package/dist/repository/interfaces.d.ts.map +1 -1
- package/dist/repository/interfaces.js.map +1 -1
- package/dist/repository/queryable.d.ts.map +1 -1
- package/dist/repository/queryable.js.map +1 -1
- package/dist/rpc/adapter.d.ts.map +1 -1
- package/dist/rpc/adapter.js.map +1 -1
- package/dist/rpc/router.d.ts +2 -2
- package/dist/rpc/router.d.ts.map +1 -1
- package/dist/rpc/router.js +1 -1
- package/dist/rpc/router.js.map +1 -1
- package/dist/schema/relationship-types.d.ts +7 -2
- package/dist/schema/relationship-types.js +1 -1
- package/dist/schema/types.d.ts.map +1 -1
- package/dist/services/admin/app-users.service.d.ts +1 -1
- package/dist/services/admin/app-users.service.js +31 -38
- package/dist/services/admin/auth.service.d.ts +1 -1
- package/dist/services/admin/auth.service.js +11 -5
- package/dist/services/admin/backup/BackupOrchestrator.d.ts.map +1 -1
- package/dist/services/admin/backup/BackupOrchestrator.js +4 -7
- package/dist/services/admin/backup/BackupOrchestrator.js.map +1 -1
- package/dist/services/admin/backup/SqliteGenerator.js +8 -8
- package/dist/services/admin/backup/StorageStreamer.d.ts +3 -3
- package/dist/services/admin/backup/StorageStreamer.d.ts.map +1 -1
- package/dist/services/admin/backup/StorageStreamer.js +16 -55
- package/dist/services/admin/backup/StorageStreamer.js.map +1 -1
- package/dist/services/admin/backup/ZipComposer.d.ts +2 -0
- package/dist/services/admin/backup/ZipComposer.d.ts.map +1 -1
- package/dist/services/admin/backup/ZipComposer.js +23 -0
- package/dist/services/admin/backup/ZipComposer.js.map +1 -1
- package/dist/services/admin/backup.service.d.ts.map +1 -1
- package/dist/services/admin/backup.service.js.map +1 -1
- package/dist/services/admin/data.service.d.ts.map +1 -1
- package/dist/services/admin/data.service.js +287 -286
- package/dist/services/admin/data.service.js.map +1 -1
- package/dist/services/admin/tenants.service.d.ts.map +1 -1
- package/dist/services/admin/tenants.service.js.map +1 -1
- package/dist/services/auth.service.d.ts +2 -3
- package/dist/services/auth.service.js +16 -16
- package/dist/services/invite.service.d.ts +1 -1
- package/dist/services/invite.service.js +17 -15
- package/dist/services/storage.service.d.ts.map +1 -1
- package/dist/services/storage.service.js +35 -4
- package/dist/services/storage.service.js.map +1 -1
- package/dist/services/system.service.d.ts.map +1 -1
- package/dist/services/system.service.js +1 -1
- package/dist/services/system.service.js.map +1 -1
- package/dist/services/tenant.service.d.ts +1 -1
- package/dist/services/tenant.service.js +43 -31
- package/dist/sse/subscriptions.controller.d.ts +57 -0
- package/dist/sse/subscriptions.controller.d.ts.map +1 -0
- package/dist/sse/subscriptions.controller.js +127 -0
- package/dist/sse/subscriptions.controller.js.map +1 -0
- package/dist/startup/bootstrap.d.ts +13 -2
- package/dist/startup/bootstrap.d.ts.map +1 -1
- package/dist/startup/bootstrap.js +85 -13
- package/dist/startup/bootstrap.js.map +1 -1
- package/dist/storage/s3-backend.d.ts.map +1 -1
- package/dist/storage/s3-backend.js +3 -3
- package/dist/storage/s3-backend.js.map +1 -1
- package/dist/websocket/server.d.ts.map +1 -1
- package/dist/websocket/server.js +14 -3
- package/dist/websocket/server.js.map +1 -1
- package/docker/README.md +309 -11
- package/package.json +214 -210
- package/templates/.env.example +115 -55
- package/templates/archlast.config.js +51 -37
- package/templates/docker-compose.prod.yml +32 -15
- package/templates/docker-compose.yml +117 -33
|
@@ -26,130 +26,150 @@ exports.mfaController = new elysia_1.Elysia({ prefix: "/mfa", tags: ["MFA"] })
|
|
|
26
26
|
* POST /_auth/mfa/enroll
|
|
27
27
|
* Start TOTP enrollment
|
|
28
28
|
*/
|
|
29
|
-
.post(
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
29
|
+
.post(
|
|
30
|
+
"/enroll",
|
|
31
|
+
async (ctx) => {
|
|
32
|
+
const { rawDb, user } = (0, context_helper_js_1.getCtx)(ctx);
|
|
33
|
+
const { body, set } = (0, context_helper_js_1.getCtx)(ctx);
|
|
34
|
+
if (!user) {
|
|
35
|
+
set.status = 401;
|
|
36
|
+
return { error: "Unauthorized" };
|
|
37
|
+
}
|
|
38
|
+
const mfaService = (0, index_js_1.createMfaService)(rawDb);
|
|
39
|
+
const result = await mfaService.enrollTotp({
|
|
40
|
+
userId: user.id,
|
|
41
|
+
issuer: body.issuer || "Archlast",
|
|
42
|
+
accountName: user.tenantId || user.id,
|
|
43
|
+
});
|
|
44
|
+
return {
|
|
45
|
+
success: true,
|
|
46
|
+
secret: result.secret,
|
|
47
|
+
uri: result.uri,
|
|
48
|
+
qrDataUrl: result.qrDataUrl,
|
|
49
|
+
};
|
|
50
|
+
},
|
|
51
|
+
{
|
|
52
|
+
body: EnrollSchema,
|
|
53
|
+
detail: {
|
|
54
|
+
summary: "Enroll TOTP",
|
|
55
|
+
description: "Start TOTP enrollment and get QR code",
|
|
56
|
+
},
|
|
57
|
+
}
|
|
58
|
+
)
|
|
55
59
|
/**
|
|
56
60
|
* POST /_auth/mfa/verify-enrollment
|
|
57
61
|
* Verify TOTP enrollment with code
|
|
58
62
|
*/
|
|
59
|
-
.post(
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
63
|
+
.post(
|
|
64
|
+
"/verify-enrollment",
|
|
65
|
+
async (ctx) => {
|
|
66
|
+
const { rawDb, user } = ctx;
|
|
67
|
+
const { body, set } = (0, context_helper_js_1.getCtx)(ctx);
|
|
68
|
+
if (!user) {
|
|
69
|
+
set.status = 401;
|
|
70
|
+
return { error: "Unauthorized" };
|
|
71
|
+
}
|
|
72
|
+
const mfaService = (0, index_js_1.createMfaService)(rawDb);
|
|
73
|
+
const result = await mfaService.verifyTotpEnrollment({
|
|
74
|
+
userId: user.id,
|
|
75
|
+
code: body.code,
|
|
76
|
+
});
|
|
77
|
+
if (!result.valid) {
|
|
78
|
+
return { valid: false, error: "Invalid code" };
|
|
79
|
+
}
|
|
80
|
+
// Generate backup codes after successful enrollment
|
|
81
|
+
const backupCodes = await mfaService.generateBackupCodes(user.id);
|
|
82
|
+
return {
|
|
83
|
+
valid: true,
|
|
84
|
+
backupCodes: backupCodes.codes,
|
|
85
|
+
};
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
body: VerifyEnrollmentSchema,
|
|
89
|
+
detail: {
|
|
90
|
+
summary: "Verify TOTP enrollment",
|
|
91
|
+
description: "Complete TOTP enrollment with verification code",
|
|
92
|
+
},
|
|
93
|
+
}
|
|
94
|
+
)
|
|
87
95
|
/**
|
|
88
96
|
* POST /_auth/mfa/challenge
|
|
89
97
|
* Verify TOTP code during login
|
|
90
98
|
*/
|
|
91
|
-
.post(
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
99
|
+
.post(
|
|
100
|
+
"/challenge",
|
|
101
|
+
async (ctx) => {
|
|
102
|
+
const { rawDb } = ctx;
|
|
103
|
+
const { body, set } = (0, context_helper_js_1.getCtx)(ctx);
|
|
104
|
+
const mfaService = (0, index_js_1.createMfaService)(rawDb);
|
|
105
|
+
// Try TOTP first
|
|
106
|
+
let result = await mfaService.verifyTotp({
|
|
107
|
+
userId: body.userId,
|
|
108
|
+
code: body.code,
|
|
109
|
+
});
|
|
110
|
+
// If TOTP fails, try backup code
|
|
111
|
+
if (!result.valid) {
|
|
112
|
+
result = await mfaService.verifyBackupCode({
|
|
113
|
+
userId: body.userId,
|
|
114
|
+
code: body.code,
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
return { valid: result.valid };
|
|
118
|
+
},
|
|
119
|
+
{
|
|
120
|
+
body: ChallengeSchema,
|
|
121
|
+
detail: {
|
|
122
|
+
summary: "MFA challenge",
|
|
123
|
+
description: "Verify TOTP or backup code during login",
|
|
124
|
+
},
|
|
125
|
+
}
|
|
126
|
+
)
|
|
115
127
|
/**
|
|
116
128
|
* GET /_auth/mfa/status
|
|
117
129
|
* Check if MFA is enabled
|
|
118
130
|
*/
|
|
119
|
-
.get(
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
131
|
+
.get(
|
|
132
|
+
"/status",
|
|
133
|
+
async (ctx) => {
|
|
134
|
+
const { rawDb, user } = ctx;
|
|
135
|
+
const { set } = (0, context_helper_js_1.getCtx)(ctx);
|
|
136
|
+
if (!user) {
|
|
137
|
+
set.status = 401;
|
|
138
|
+
return { error: "Unauthorized" };
|
|
139
|
+
}
|
|
140
|
+
const mfaService = (0, index_js_1.createMfaService)(rawDb);
|
|
141
|
+
const hasMfa = await mfaService.hasMfaEnabled(user.id);
|
|
142
|
+
return { enabled: hasMfa };
|
|
143
|
+
},
|
|
144
|
+
{
|
|
145
|
+
detail: {
|
|
146
|
+
summary: "MFA status",
|
|
147
|
+
description: "Check if MFA is enabled for current user",
|
|
148
|
+
},
|
|
149
|
+
}
|
|
150
|
+
)
|
|
135
151
|
/**
|
|
136
152
|
* DELETE /_auth/mfa
|
|
137
153
|
* Disable MFA for user
|
|
138
154
|
*/
|
|
139
|
-
.delete(
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
155
|
+
.delete(
|
|
156
|
+
"/",
|
|
157
|
+
async (ctx) => {
|
|
158
|
+
const { rawDb, user } = ctx;
|
|
159
|
+
const { set } = (0, context_helper_js_1.getCtx)(ctx);
|
|
160
|
+
if (!user) {
|
|
161
|
+
set.status = 401;
|
|
162
|
+
return { error: "Unauthorized" };
|
|
163
|
+
}
|
|
164
|
+
const mfaService = (0, index_js_1.createMfaService)(rawDb);
|
|
165
|
+
await mfaService.removeMfa(user.id);
|
|
166
|
+
return { success: true };
|
|
167
|
+
},
|
|
168
|
+
{
|
|
169
|
+
detail: {
|
|
170
|
+
summary: "Disable MFA",
|
|
171
|
+
description: "Remove MFA from current user account",
|
|
172
|
+
},
|
|
173
|
+
}
|
|
174
|
+
);
|
|
175
|
+
//# sourceMappingURL=mfa.controller.js.map
|
|
@@ -3,125 +3,59 @@
|
|
|
3
3
|
* Handles /_auth/otp/* endpoints for magic links and email verification
|
|
4
4
|
*/
|
|
5
5
|
import { Elysia } from "elysia";
|
|
6
|
-
export declare const otpController: Elysia<
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
otp: {};
|
|
32
|
-
} & {
|
|
33
|
-
otp: {
|
|
34
|
-
send: {
|
|
35
|
-
post: {
|
|
36
|
-
body: {
|
|
37
|
-
type?: string | undefined;
|
|
38
|
-
email: string;
|
|
39
|
-
};
|
|
40
|
-
params: {};
|
|
41
|
-
query: unknown;
|
|
42
|
-
headers: unknown;
|
|
43
|
-
response: {
|
|
44
|
-
200: {
|
|
45
|
-
error: string;
|
|
46
|
-
} | {
|
|
47
|
-
code?: string | undefined;
|
|
48
|
-
success: boolean;
|
|
49
|
-
expiresAt: number;
|
|
50
|
-
error?: undefined;
|
|
51
|
-
};
|
|
52
|
-
422: {
|
|
53
|
-
type: "validation";
|
|
54
|
-
on: string;
|
|
55
|
-
summary?: string;
|
|
56
|
-
message?: string;
|
|
57
|
-
found?: unknown;
|
|
58
|
-
property?: string;
|
|
59
|
-
expected?: string;
|
|
60
|
-
};
|
|
61
|
-
};
|
|
62
|
-
};
|
|
6
|
+
export declare const otpController: Elysia<
|
|
7
|
+
"/otp",
|
|
8
|
+
{
|
|
9
|
+
decorator: {};
|
|
10
|
+
store: {};
|
|
11
|
+
derive: {};
|
|
12
|
+
resolve: {};
|
|
13
|
+
},
|
|
14
|
+
{
|
|
15
|
+
typebox: {};
|
|
16
|
+
error: {};
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
schema: {};
|
|
20
|
+
standaloneSchema: {};
|
|
21
|
+
macro: {};
|
|
22
|
+
macroFn: {};
|
|
23
|
+
parser: {};
|
|
24
|
+
response: {};
|
|
25
|
+
} & {
|
|
26
|
+
schema: {};
|
|
27
|
+
standaloneSchema: {};
|
|
28
|
+
macro: Partial<{}>;
|
|
29
|
+
macroFn: ({ onBeforeHandle }: any) => {
|
|
30
|
+
requireAuth(enabled: boolean): void;
|
|
63
31
|
};
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
email: string;
|
|
72
|
-
code: string;
|
|
73
|
-
};
|
|
74
|
-
params: {};
|
|
75
|
-
query: unknown;
|
|
76
|
-
headers: unknown;
|
|
77
|
-
response: {
|
|
78
|
-
200: {
|
|
79
|
-
error: string;
|
|
80
|
-
valid?: undefined;
|
|
81
|
-
userId?: undefined;
|
|
82
|
-
} | {
|
|
83
|
-
valid: boolean;
|
|
84
|
-
error: string;
|
|
85
|
-
userId?: undefined;
|
|
86
|
-
} | {
|
|
87
|
-
valid: boolean;
|
|
88
|
-
userId: string | undefined;
|
|
89
|
-
error?: undefined;
|
|
90
|
-
};
|
|
91
|
-
422: {
|
|
92
|
-
type: "validation";
|
|
93
|
-
on: string;
|
|
94
|
-
summary?: string;
|
|
95
|
-
message?: string;
|
|
96
|
-
found?: unknown;
|
|
97
|
-
property?: string;
|
|
98
|
-
expected?: string;
|
|
99
|
-
};
|
|
100
|
-
};
|
|
101
|
-
};
|
|
102
|
-
};
|
|
103
|
-
};
|
|
104
|
-
} & {
|
|
105
|
-
otp: {
|
|
106
|
-
"magic-link": {
|
|
32
|
+
parser: {};
|
|
33
|
+
response: {};
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
otp: {};
|
|
37
|
+
} & {
|
|
38
|
+
otp: {
|
|
107
39
|
send: {
|
|
108
40
|
post: {
|
|
109
41
|
body: {
|
|
110
|
-
|
|
42
|
+
type?: string | undefined;
|
|
111
43
|
email: string;
|
|
112
44
|
};
|
|
113
45
|
params: {};
|
|
114
46
|
query: unknown;
|
|
115
47
|
headers: unknown;
|
|
116
48
|
response: {
|
|
117
|
-
200:
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
49
|
+
200:
|
|
50
|
+
| {
|
|
51
|
+
error: string;
|
|
52
|
+
}
|
|
53
|
+
| {
|
|
54
|
+
code?: string | undefined;
|
|
55
|
+
success: boolean;
|
|
56
|
+
expiresAt: number;
|
|
57
|
+
error?: undefined;
|
|
58
|
+
};
|
|
125
59
|
422: {
|
|
126
60
|
type: "validation";
|
|
127
61
|
on: string;
|
|
@@ -135,35 +69,35 @@ export declare const otpController: Elysia<"/otp", {
|
|
|
135
69
|
};
|
|
136
70
|
};
|
|
137
71
|
};
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
otp: {
|
|
141
|
-
"magic-link": {
|
|
72
|
+
} & {
|
|
73
|
+
otp: {
|
|
142
74
|
verify: {
|
|
143
75
|
post: {
|
|
144
76
|
body: {
|
|
145
|
-
|
|
77
|
+
type?: string | undefined;
|
|
78
|
+
email: string;
|
|
79
|
+
code: string;
|
|
146
80
|
};
|
|
147
81
|
params: {};
|
|
148
82
|
query: unknown;
|
|
149
83
|
headers: unknown;
|
|
150
84
|
response: {
|
|
151
|
-
200:
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
85
|
+
200:
|
|
86
|
+
| {
|
|
87
|
+
error: string;
|
|
88
|
+
valid?: undefined;
|
|
89
|
+
userId?: undefined;
|
|
90
|
+
}
|
|
91
|
+
| {
|
|
92
|
+
valid: boolean;
|
|
93
|
+
error: string;
|
|
94
|
+
userId?: undefined;
|
|
95
|
+
}
|
|
96
|
+
| {
|
|
97
|
+
valid: boolean;
|
|
98
|
+
userId: string | undefined;
|
|
99
|
+
error?: undefined;
|
|
100
|
+
};
|
|
167
101
|
422: {
|
|
168
102
|
type: "validation";
|
|
169
103
|
on: string;
|
|
@@ -177,44 +111,133 @@ export declare const otpController: Elysia<"/otp", {
|
|
|
177
111
|
};
|
|
178
112
|
};
|
|
179
113
|
};
|
|
180
|
-
}
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
114
|
+
} & {
|
|
115
|
+
otp: {
|
|
116
|
+
"magic-link": {
|
|
117
|
+
send: {
|
|
118
|
+
post: {
|
|
119
|
+
body: {
|
|
120
|
+
redirectUrl?: string | undefined;
|
|
121
|
+
email: string;
|
|
122
|
+
};
|
|
123
|
+
params: {};
|
|
124
|
+
query: unknown;
|
|
125
|
+
headers: unknown;
|
|
126
|
+
response: {
|
|
127
|
+
200:
|
|
128
|
+
| {
|
|
129
|
+
error: string;
|
|
130
|
+
}
|
|
131
|
+
| {
|
|
132
|
+
url?: string | undefined;
|
|
133
|
+
success: boolean;
|
|
134
|
+
expiresAt: number;
|
|
135
|
+
error?: undefined;
|
|
136
|
+
};
|
|
137
|
+
422: {
|
|
138
|
+
type: "validation";
|
|
139
|
+
on: string;
|
|
140
|
+
summary?: string;
|
|
141
|
+
message?: string;
|
|
142
|
+
found?: unknown;
|
|
143
|
+
property?: string;
|
|
144
|
+
expected?: string;
|
|
145
|
+
};
|
|
146
|
+
};
|
|
147
|
+
};
|
|
148
|
+
};
|
|
149
|
+
};
|
|
150
|
+
};
|
|
151
|
+
} & {
|
|
152
|
+
otp: {
|
|
153
|
+
"magic-link": {
|
|
154
|
+
verify: {
|
|
155
|
+
post: {
|
|
156
|
+
body: {
|
|
157
|
+
token: string;
|
|
158
|
+
};
|
|
159
|
+
params: {};
|
|
160
|
+
query: unknown;
|
|
161
|
+
headers: unknown;
|
|
162
|
+
response: {
|
|
163
|
+
200:
|
|
164
|
+
| {
|
|
165
|
+
error: string;
|
|
166
|
+
valid?: undefined;
|
|
167
|
+
userId?: undefined;
|
|
168
|
+
email?: undefined;
|
|
169
|
+
}
|
|
170
|
+
| {
|
|
171
|
+
valid: boolean;
|
|
172
|
+
error: string;
|
|
173
|
+
userId?: undefined;
|
|
174
|
+
email?: undefined;
|
|
175
|
+
}
|
|
176
|
+
| {
|
|
177
|
+
valid: boolean;
|
|
178
|
+
userId: string | undefined;
|
|
179
|
+
email: string | undefined;
|
|
180
|
+
error?: undefined;
|
|
181
|
+
};
|
|
182
|
+
422: {
|
|
183
|
+
type: "validation";
|
|
184
|
+
on: string;
|
|
185
|
+
summary?: string;
|
|
186
|
+
message?: string;
|
|
187
|
+
found?: unknown;
|
|
188
|
+
property?: string;
|
|
189
|
+
expected?: string;
|
|
190
|
+
};
|
|
191
|
+
};
|
|
192
|
+
};
|
|
193
|
+
};
|
|
194
|
+
};
|
|
195
|
+
};
|
|
196
|
+
},
|
|
197
|
+
{
|
|
198
|
+
derive: {};
|
|
199
|
+
resolve: {};
|
|
200
|
+
schema: {};
|
|
201
|
+
standaloneSchema: {};
|
|
202
|
+
response: {};
|
|
203
|
+
},
|
|
204
|
+
{
|
|
205
|
+
derive: {};
|
|
206
|
+
resolve: {};
|
|
207
|
+
schema: {};
|
|
208
|
+
standaloneSchema: {};
|
|
209
|
+
response: {};
|
|
210
|
+
} & {
|
|
211
|
+
derive:
|
|
212
|
+
| {
|
|
213
|
+
readonly auth: null;
|
|
214
|
+
readonly user: null;
|
|
215
|
+
}
|
|
216
|
+
| {
|
|
217
|
+
readonly auth: import("../auth/interfaces.js").AuthContext;
|
|
218
|
+
readonly user: {
|
|
219
|
+
id: string;
|
|
220
|
+
tenantId: string | null;
|
|
221
|
+
session: import("../auth/interfaces.js").AuthSession | null;
|
|
222
|
+
} | null;
|
|
223
|
+
};
|
|
224
|
+
resolve: {};
|
|
225
|
+
schema: {};
|
|
226
|
+
standaloneSchema: {};
|
|
227
|
+
response: import("elysia").ExtractErrorFromHandle<
|
|
228
|
+
| {
|
|
229
|
+
readonly auth: null;
|
|
230
|
+
readonly user: null;
|
|
231
|
+
}
|
|
232
|
+
| {
|
|
233
|
+
readonly auth: import("../auth/interfaces.js").AuthContext;
|
|
234
|
+
readonly user: {
|
|
235
|
+
id: string;
|
|
236
|
+
tenantId: string | null;
|
|
237
|
+
session: import("../auth/interfaces.js").AuthSession | null;
|
|
238
|
+
} | null;
|
|
239
|
+
}
|
|
240
|
+
>;
|
|
241
|
+
}
|
|
242
|
+
>;
|
|
243
|
+
//# sourceMappingURL=otp.controller.d.ts.map
|