@authrim/setup 0.1.140 → 0.1.142
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/keys.test.js +73 -2
- package/dist/__tests__/keys.test.js.map +1 -1
- package/dist/__tests__/migrate.test.js +4 -4
- package/dist/__tests__/migrate.test.js.map +1 -1
- package/dist/__tests__/paths.test.js +163 -1
- package/dist/__tests__/paths.test.js.map +1 -1
- package/dist/__tests__/source-context.test.d.ts +2 -0
- package/dist/__tests__/source-context.test.d.ts.map +1 -0
- package/dist/__tests__/source-context.test.js +72 -0
- package/dist/__tests__/source-context.test.js.map +1 -0
- package/dist/cli/commands/deploy.d.ts.map +1 -1
- package/dist/cli/commands/deploy.js +65 -37
- package/dist/cli/commands/deploy.js.map +1 -1
- package/dist/cli/commands/init.d.ts.map +1 -1
- package/dist/cli/commands/init.js +277 -198
- package/dist/cli/commands/init.js.map +1 -1
- package/dist/core/admin.d.ts +6 -1
- package/dist/core/admin.d.ts.map +1 -1
- package/dist/core/admin.js +45 -20
- package/dist/core/admin.js.map +1 -1
- package/dist/core/cloudflare.d.ts +38 -1
- package/dist/core/cloudflare.d.ts.map +1 -1
- package/dist/core/cloudflare.js +729 -115
- package/dist/core/cloudflare.js.map +1 -1
- package/dist/core/config.d.ts +164 -34
- package/dist/core/config.d.ts.map +1 -1
- package/dist/core/config.js +72 -18
- package/dist/core/config.js.map +1 -1
- package/dist/core/deploy.d.ts +18 -0
- package/dist/core/deploy.d.ts.map +1 -1
- package/dist/core/deploy.js +126 -25
- package/dist/core/deploy.js.map +1 -1
- package/dist/core/keys.d.ts +20 -4
- package/dist/core/keys.d.ts.map +1 -1
- package/dist/core/keys.js +77 -17
- package/dist/core/keys.js.map +1 -1
- package/dist/core/login-ui-client.d.ts +42 -0
- package/dist/core/login-ui-client.d.ts.map +1 -0
- package/dist/core/login-ui-client.js +173 -0
- package/dist/core/login-ui-client.js.map +1 -0
- package/dist/core/migrate.d.ts +37 -0
- package/dist/core/migrate.d.ts.map +1 -1
- package/dist/core/migrate.js +92 -2
- package/dist/core/migrate.js.map +1 -1
- package/dist/core/paths.d.ts +78 -13
- package/dist/core/paths.d.ts.map +1 -1
- package/dist/core/paths.js +135 -17
- package/dist/core/paths.js.map +1 -1
- package/dist/core/source-context.d.ts +22 -0
- package/dist/core/source-context.d.ts.map +1 -0
- package/dist/core/source-context.js +46 -0
- package/dist/core/source-context.js.map +1 -0
- package/dist/core/tenant-mode.d.ts +4 -0
- package/dist/core/tenant-mode.d.ts.map +1 -0
- package/dist/core/tenant-mode.js +17 -0
- package/dist/core/tenant-mode.js.map +1 -0
- package/dist/core/ui-deployment.d.ts +21 -0
- package/dist/core/ui-deployment.d.ts.map +1 -0
- package/dist/core/ui-deployment.js +90 -0
- package/dist/core/ui-deployment.js.map +1 -0
- package/dist/core/ui-env.d.ts +28 -0
- package/dist/core/ui-env.d.ts.map +1 -1
- package/dist/core/ui-env.js +16 -0
- package/dist/core/ui-env.js.map +1 -1
- package/dist/core/url-config.d.ts +16 -0
- package/dist/core/url-config.d.ts.map +1 -0
- package/dist/core/url-config.js +46 -0
- package/dist/core/url-config.js.map +1 -0
- package/dist/core/wrangler.d.ts +50 -1
- package/dist/core/wrangler.d.ts.map +1 -1
- package/dist/core/wrangler.js +171 -57
- package/dist/core/wrangler.js.map +1 -1
- package/dist/i18n/locales/de.d.ts.map +1 -1
- package/dist/i18n/locales/de.js +38 -1
- package/dist/i18n/locales/de.js.map +1 -1
- package/dist/i18n/locales/en.d.ts.map +1 -1
- package/dist/i18n/locales/en.js +38 -1
- package/dist/i18n/locales/en.js.map +1 -1
- package/dist/i18n/locales/es.d.ts.map +1 -1
- package/dist/i18n/locales/es.js +38 -1
- package/dist/i18n/locales/es.js.map +1 -1
- package/dist/i18n/locales/fr.d.ts.map +1 -1
- package/dist/i18n/locales/fr.js +38 -1
- package/dist/i18n/locales/fr.js.map +1 -1
- package/dist/i18n/locales/id.d.ts.map +1 -1
- package/dist/i18n/locales/id.js +38 -1
- package/dist/i18n/locales/id.js.map +1 -1
- package/dist/i18n/locales/ja.d.ts.map +1 -1
- package/dist/i18n/locales/ja.js +38 -1
- package/dist/i18n/locales/ja.js.map +1 -1
- package/dist/i18n/locales/ko.d.ts.map +1 -1
- package/dist/i18n/locales/ko.js +38 -1
- package/dist/i18n/locales/ko.js.map +1 -1
- package/dist/i18n/locales/pt.d.ts.map +1 -1
- package/dist/i18n/locales/pt.js +38 -1
- package/dist/i18n/locales/pt.js.map +1 -1
- package/dist/i18n/locales/ru.d.ts.map +1 -1
- package/dist/i18n/locales/ru.js +38 -1
- package/dist/i18n/locales/ru.js.map +1 -1
- package/dist/i18n/locales/zh-CN.d.ts.map +1 -1
- package/dist/i18n/locales/zh-CN.js +38 -1
- package/dist/i18n/locales/zh-CN.js.map +1 -1
- package/dist/i18n/locales/zh-TW.d.ts.map +1 -1
- package/dist/i18n/locales/zh-TW.js +38 -1
- package/dist/i18n/locales/zh-TW.js.map +1 -1
- package/dist/i18n/types.d.ts +8 -0
- package/dist/i18n/types.d.ts.map +1 -1
- package/dist/index.d.ts +8 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +46 -30
- package/dist/index.js.map +1 -1
- package/dist/web/api.d.ts.map +1 -1
- package/dist/web/api.js +243 -116
- package/dist/web/api.js.map +1 -1
- package/dist/web/ui.d.ts.map +1 -1
- package/dist/web/ui.js +513 -115
- package/dist/web/ui.js.map +1 -1
- package/migrations/000_fresh_schema.sql +229 -10
- package/migrations/admin/007_admin_role_inheritance.sql +32 -0
- package/migrations/admin/008_admin_rebac_definitions.sql +117 -0
- package/migrations/admin/009_optimize_admin_audit_indexes.sql +15 -0
- package/package.json +5 -5
package/dist/core/config.d.ts
CHANGED
|
@@ -7,21 +7,29 @@
|
|
|
7
7
|
import { z } from 'zod';
|
|
8
8
|
export declare const UrlConfigSchema: z.ZodObject<{
|
|
9
9
|
/** Custom domain (null = use auto-generated URL) */
|
|
10
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
10
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
11
11
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
12
|
-
auto: z.ZodOptional<z.ZodString
|
|
12
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
13
|
+
/** Cloudflare zone ID for custom domain (populated during setup) */
|
|
14
|
+
zoneId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
15
|
+
/** Whether to configure Workers custom domain binding */
|
|
16
|
+
customDomainBinding: z.ZodOptional<z.ZodBoolean>;
|
|
13
17
|
}, "strip", z.ZodTypeAny, {
|
|
14
18
|
custom?: string | null | undefined;
|
|
15
19
|
auto?: string | undefined;
|
|
20
|
+
zoneId?: string | null | undefined;
|
|
21
|
+
customDomainBinding?: boolean | undefined;
|
|
16
22
|
}, {
|
|
17
23
|
custom?: string | null | undefined;
|
|
18
24
|
auto?: string | undefined;
|
|
25
|
+
zoneId?: string | null | undefined;
|
|
26
|
+
customDomainBinding?: boolean | undefined;
|
|
19
27
|
}>;
|
|
20
28
|
export declare const UiUrlConfigSchema: z.ZodObject<{
|
|
21
29
|
/** Custom domain (null = use auto-generated URL) */
|
|
22
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
30
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
23
31
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
24
|
-
auto: z.ZodOptional<z.ZodString
|
|
32
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
25
33
|
/**
|
|
26
34
|
* Whether to serve this UI from the same domain as the API via proxy
|
|
27
35
|
* - true: UI is proxied through ar-router (e.g., https://api.example.com/admin)
|
|
@@ -41,22 +49,30 @@ export declare const UrlsConfigSchema: z.ZodObject<{
|
|
|
41
49
|
/** API / OIDC issuer URL */
|
|
42
50
|
api: z.ZodObject<{
|
|
43
51
|
/** Custom domain (null = use auto-generated URL) */
|
|
44
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
52
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
45
53
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
46
|
-
auto: z.ZodOptional<z.ZodString
|
|
54
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
55
|
+
/** Cloudflare zone ID for custom domain (populated during setup) */
|
|
56
|
+
zoneId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
57
|
+
/** Whether to configure Workers custom domain binding */
|
|
58
|
+
customDomainBinding: z.ZodOptional<z.ZodBoolean>;
|
|
47
59
|
}, "strip", z.ZodTypeAny, {
|
|
48
60
|
custom?: string | null | undefined;
|
|
49
61
|
auto?: string | undefined;
|
|
62
|
+
zoneId?: string | null | undefined;
|
|
63
|
+
customDomainBinding?: boolean | undefined;
|
|
50
64
|
}, {
|
|
51
65
|
custom?: string | null | undefined;
|
|
52
66
|
auto?: string | undefined;
|
|
67
|
+
zoneId?: string | null | undefined;
|
|
68
|
+
customDomainBinding?: boolean | undefined;
|
|
53
69
|
}>;
|
|
54
70
|
/** Login UI URL */
|
|
55
71
|
loginUi: z.ZodObject<{
|
|
56
72
|
/** Custom domain (null = use auto-generated URL) */
|
|
57
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
73
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
58
74
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
59
|
-
auto: z.ZodOptional<z.ZodString
|
|
75
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
60
76
|
/**
|
|
61
77
|
* Whether to serve this UI from the same domain as the API via proxy
|
|
62
78
|
* - true: UI is proxied through ar-router (e.g., https://api.example.com/admin)
|
|
@@ -75,9 +91,9 @@ export declare const UrlsConfigSchema: z.ZodObject<{
|
|
|
75
91
|
/** Admin UI URL */
|
|
76
92
|
adminUi: z.ZodObject<{
|
|
77
93
|
/** Custom domain (null = use auto-generated URL) */
|
|
78
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
94
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
79
95
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
80
|
-
auto: z.ZodOptional<z.ZodString
|
|
96
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
81
97
|
/**
|
|
82
98
|
* Whether to serve this UI from the same domain as the API via proxy
|
|
83
99
|
* - true: UI is proxied through ar-router (e.g., https://api.example.com/admin)
|
|
@@ -97,6 +113,8 @@ export declare const UrlsConfigSchema: z.ZodObject<{
|
|
|
97
113
|
api: {
|
|
98
114
|
custom?: string | null | undefined;
|
|
99
115
|
auto?: string | undefined;
|
|
116
|
+
zoneId?: string | null | undefined;
|
|
117
|
+
customDomainBinding?: boolean | undefined;
|
|
100
118
|
};
|
|
101
119
|
loginUi: {
|
|
102
120
|
sameAsApi: boolean;
|
|
@@ -112,6 +130,8 @@ export declare const UrlsConfigSchema: z.ZodObject<{
|
|
|
112
130
|
api: {
|
|
113
131
|
custom?: string | null | undefined;
|
|
114
132
|
auto?: string | undefined;
|
|
133
|
+
zoneId?: string | null | undefined;
|
|
134
|
+
customDomainBinding?: boolean | undefined;
|
|
115
135
|
};
|
|
116
136
|
loginUi: {
|
|
117
137
|
custom?: string | null | undefined;
|
|
@@ -152,32 +172,63 @@ export declare const EnvironmentConfigSchema: z.ZodObject<{
|
|
|
152
172
|
}, {
|
|
153
173
|
prefix: string;
|
|
154
174
|
}>;
|
|
175
|
+
/**
|
|
176
|
+
* User ID format options
|
|
177
|
+
* - nanoid: URL-safe 21-character IDs (default, recommended)
|
|
178
|
+
* - uuid: Standard UUID v4 format
|
|
179
|
+
*/
|
|
180
|
+
export declare const UserIdFormatSchema: z.ZodDefault<z.ZodEnum<["nanoid", "uuid"]>>;
|
|
155
181
|
export declare const TenantConfigSchema: z.ZodObject<{
|
|
156
|
-
/** Default tenant identifier
|
|
182
|
+
/** Default tenant identifier */
|
|
157
183
|
name: z.ZodDefault<z.ZodString>;
|
|
158
184
|
/** Human-readable tenant/organization name */
|
|
159
185
|
displayName: z.ZodDefault<z.ZodString>;
|
|
160
186
|
/**
|
|
161
|
-
* Multi-tenant mode
|
|
162
|
-
*
|
|
163
|
-
* - false: issuer = ISSUER_URL (single-tenant)
|
|
187
|
+
* @deprecated Multi-tenant mode is always enabled.
|
|
188
|
+
* Kept for backward compatibility during migration.
|
|
164
189
|
*/
|
|
165
190
|
multiTenant: z.ZodDefault<z.ZodBoolean>;
|
|
166
191
|
/**
|
|
167
|
-
* Base domain
|
|
168
|
-
*
|
|
192
|
+
* Base domain (root domain only, e.g., "authrim.com", "example.com")
|
|
193
|
+
* All tenant domains are subdomains of this: {tenant}.{baseDomain}
|
|
169
194
|
*/
|
|
170
195
|
baseDomain: z.ZodOptional<z.ZodString>;
|
|
196
|
+
/**
|
|
197
|
+
* User ID format for new users
|
|
198
|
+
* - nanoid: URL-safe 21-character IDs (default, recommended)
|
|
199
|
+
* - uuid: Standard UUID v4 format (36 characters with hyphens)
|
|
200
|
+
*
|
|
201
|
+
* Note: This setting cannot be changed after users are created.
|
|
202
|
+
*/
|
|
203
|
+
userIdFormat: z.ZodDefault<z.ZodEnum<["nanoid", "uuid"]>>;
|
|
204
|
+
/**
|
|
205
|
+
* Primary tenant ID for naked domain access.
|
|
206
|
+
* When set, naked domain (e.g., example.com) routes to this tenant.
|
|
207
|
+
* When unset, naked domain routes to the default tenant (name field).
|
|
208
|
+
*/
|
|
209
|
+
primaryTenant: z.ZodOptional<z.ZodString>;
|
|
210
|
+
/**
|
|
211
|
+
* Use naked domain as issuer URL.
|
|
212
|
+
* When true: https://example.com (no tenant subdomain)
|
|
213
|
+
* When false: https://tenant.example.com (with tenant subdomain)
|
|
214
|
+
*/
|
|
215
|
+
nakedDomain: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
|
|
171
216
|
}, "strip", z.ZodTypeAny, {
|
|
172
217
|
name: string;
|
|
173
218
|
displayName: string;
|
|
174
219
|
multiTenant: boolean;
|
|
220
|
+
userIdFormat: "nanoid" | "uuid";
|
|
175
221
|
baseDomain?: string | undefined;
|
|
222
|
+
primaryTenant?: string | undefined;
|
|
223
|
+
nakedDomain?: boolean | undefined;
|
|
176
224
|
}, {
|
|
177
225
|
name?: string | undefined;
|
|
178
226
|
displayName?: string | undefined;
|
|
179
227
|
multiTenant?: boolean | undefined;
|
|
180
228
|
baseDomain?: string | undefined;
|
|
229
|
+
userIdFormat?: "nanoid" | "uuid" | undefined;
|
|
230
|
+
primaryTenant?: string | undefined;
|
|
231
|
+
nakedDomain?: boolean | undefined;
|
|
181
232
|
}>;
|
|
182
233
|
export declare const ComponentsConfigSchema: z.ZodObject<{
|
|
183
234
|
/** Core API components (always enabled) */
|
|
@@ -375,16 +426,24 @@ export declare const KeysConfigSchema: z.ZodObject<{
|
|
|
375
426
|
/** Public key in JWK format */
|
|
376
427
|
publicKeyJwk: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
377
428
|
/**
|
|
378
|
-
* Path to secrets directory
|
|
379
|
-
* -
|
|
380
|
-
* -
|
|
429
|
+
* Path to secrets directory
|
|
430
|
+
* - External (.authrim-keys/{env}/): absolute path
|
|
431
|
+
* - Internal (.authrim/{env}/keys/): './keys/'
|
|
432
|
+
* - Legacy (.keys/{env}/): './.keys/{env}/'
|
|
381
433
|
*/
|
|
382
434
|
secretsPath: z.ZodDefault<z.ZodString>;
|
|
383
435
|
/** Whether to include secrets in config (not recommended) */
|
|
384
436
|
includeSecrets: z.ZodDefault<z.ZodBoolean>;
|
|
437
|
+
/**
|
|
438
|
+
* Key storage type
|
|
439
|
+
* - 'external': Keys stored in {cwd}/.authrim-keys/{env}/ (new default)
|
|
440
|
+
* - 'internal': Keys stored in .authrim/{env}/keys/ (within source)
|
|
441
|
+
*/
|
|
442
|
+
storageType: z.ZodDefault<z.ZodOptional<z.ZodEnum<["internal", "external"]>>>;
|
|
385
443
|
}, "strip", z.ZodTypeAny, {
|
|
386
444
|
secretsPath: string;
|
|
387
445
|
includeSecrets: boolean;
|
|
446
|
+
storageType: "internal" | "external";
|
|
388
447
|
keyId?: string | undefined;
|
|
389
448
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
390
449
|
}, {
|
|
@@ -392,6 +451,7 @@ export declare const KeysConfigSchema: z.ZodObject<{
|
|
|
392
451
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
393
452
|
secretsPath?: string | undefined;
|
|
394
453
|
includeSecrets?: boolean | undefined;
|
|
454
|
+
storageType?: "internal" | "external" | undefined;
|
|
395
455
|
}>;
|
|
396
456
|
export declare const CloudflareConfigSchema: z.ZodObject<{
|
|
397
457
|
/** Cloudflare account ID */
|
|
@@ -530,22 +590,30 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
530
590
|
/** API / OIDC issuer URL */
|
|
531
591
|
api: z.ZodObject<{
|
|
532
592
|
/** Custom domain (null = use auto-generated URL) */
|
|
533
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
593
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
534
594
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
535
|
-
auto: z.ZodOptional<z.ZodString
|
|
595
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
596
|
+
/** Cloudflare zone ID for custom domain (populated during setup) */
|
|
597
|
+
zoneId: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
598
|
+
/** Whether to configure Workers custom domain binding */
|
|
599
|
+
customDomainBinding: z.ZodOptional<z.ZodBoolean>;
|
|
536
600
|
}, "strip", z.ZodTypeAny, {
|
|
537
601
|
custom?: string | null | undefined;
|
|
538
602
|
auto?: string | undefined;
|
|
603
|
+
zoneId?: string | null | undefined;
|
|
604
|
+
customDomainBinding?: boolean | undefined;
|
|
539
605
|
}, {
|
|
540
606
|
custom?: string | null | undefined;
|
|
541
607
|
auto?: string | undefined;
|
|
608
|
+
zoneId?: string | null | undefined;
|
|
609
|
+
customDomainBinding?: boolean | undefined;
|
|
542
610
|
}>;
|
|
543
611
|
/** Login UI URL */
|
|
544
612
|
loginUi: z.ZodObject<{
|
|
545
613
|
/** Custom domain (null = use auto-generated URL) */
|
|
546
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
614
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
547
615
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
548
|
-
auto: z.ZodOptional<z.ZodString
|
|
616
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
549
617
|
/**
|
|
550
618
|
* Whether to serve this UI from the same domain as the API via proxy
|
|
551
619
|
* - true: UI is proxied through ar-router (e.g., https://api.example.com/admin)
|
|
@@ -564,9 +632,9 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
564
632
|
/** Admin UI URL */
|
|
565
633
|
adminUi: z.ZodObject<{
|
|
566
634
|
/** Custom domain (null = use auto-generated URL) */
|
|
567
|
-
custom: z.ZodOptional<z.ZodNullable<z.ZodString
|
|
635
|
+
custom: z.ZodOptional<z.ZodNullable<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>>;
|
|
568
636
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
569
|
-
auto: z.ZodOptional<z.ZodString
|
|
637
|
+
auto: z.ZodOptional<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>>;
|
|
570
638
|
/**
|
|
571
639
|
* Whether to serve this UI from the same domain as the API via proxy
|
|
572
640
|
* - true: UI is proxied through ar-router (e.g., https://api.example.com/admin)
|
|
@@ -586,6 +654,8 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
586
654
|
api: {
|
|
587
655
|
custom?: string | null | undefined;
|
|
588
656
|
auto?: string | undefined;
|
|
657
|
+
zoneId?: string | null | undefined;
|
|
658
|
+
customDomainBinding?: boolean | undefined;
|
|
589
659
|
};
|
|
590
660
|
loginUi: {
|
|
591
661
|
sameAsApi: boolean;
|
|
@@ -601,6 +671,8 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
601
671
|
api: {
|
|
602
672
|
custom?: string | null | undefined;
|
|
603
673
|
auto?: string | undefined;
|
|
674
|
+
zoneId?: string | null | undefined;
|
|
675
|
+
customDomainBinding?: boolean | undefined;
|
|
604
676
|
};
|
|
605
677
|
loginUi: {
|
|
606
678
|
custom?: string | null | undefined;
|
|
@@ -615,31 +687,56 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
615
687
|
}>>;
|
|
616
688
|
/** Tenant configuration */
|
|
617
689
|
tenant: z.ZodDefault<z.ZodObject<{
|
|
618
|
-
/** Default tenant identifier
|
|
690
|
+
/** Default tenant identifier */
|
|
619
691
|
name: z.ZodDefault<z.ZodString>;
|
|
620
692
|
/** Human-readable tenant/organization name */
|
|
621
693
|
displayName: z.ZodDefault<z.ZodString>;
|
|
622
694
|
/**
|
|
623
|
-
* Multi-tenant mode
|
|
624
|
-
*
|
|
625
|
-
* - false: issuer = ISSUER_URL (single-tenant)
|
|
695
|
+
* @deprecated Multi-tenant mode is always enabled.
|
|
696
|
+
* Kept for backward compatibility during migration.
|
|
626
697
|
*/
|
|
627
698
|
multiTenant: z.ZodDefault<z.ZodBoolean>;
|
|
628
699
|
/**
|
|
629
|
-
* Base domain
|
|
630
|
-
*
|
|
700
|
+
* Base domain (root domain only, e.g., "authrim.com", "example.com")
|
|
701
|
+
* All tenant domains are subdomains of this: {tenant}.{baseDomain}
|
|
631
702
|
*/
|
|
632
703
|
baseDomain: z.ZodOptional<z.ZodString>;
|
|
704
|
+
/**
|
|
705
|
+
* User ID format for new users
|
|
706
|
+
* - nanoid: URL-safe 21-character IDs (default, recommended)
|
|
707
|
+
* - uuid: Standard UUID v4 format (36 characters with hyphens)
|
|
708
|
+
*
|
|
709
|
+
* Note: This setting cannot be changed after users are created.
|
|
710
|
+
*/
|
|
711
|
+
userIdFormat: z.ZodDefault<z.ZodEnum<["nanoid", "uuid"]>>;
|
|
712
|
+
/**
|
|
713
|
+
* Primary tenant ID for naked domain access.
|
|
714
|
+
* When set, naked domain (e.g., example.com) routes to this tenant.
|
|
715
|
+
* When unset, naked domain routes to the default tenant (name field).
|
|
716
|
+
*/
|
|
717
|
+
primaryTenant: z.ZodOptional<z.ZodString>;
|
|
718
|
+
/**
|
|
719
|
+
* Use naked domain as issuer URL.
|
|
720
|
+
* When true: https://example.com (no tenant subdomain)
|
|
721
|
+
* When false: https://tenant.example.com (with tenant subdomain)
|
|
722
|
+
*/
|
|
723
|
+
nakedDomain: z.ZodOptional<z.ZodDefault<z.ZodBoolean>>;
|
|
633
724
|
}, "strip", z.ZodTypeAny, {
|
|
634
725
|
name: string;
|
|
635
726
|
displayName: string;
|
|
636
727
|
multiTenant: boolean;
|
|
728
|
+
userIdFormat: "nanoid" | "uuid";
|
|
637
729
|
baseDomain?: string | undefined;
|
|
730
|
+
primaryTenant?: string | undefined;
|
|
731
|
+
nakedDomain?: boolean | undefined;
|
|
638
732
|
}, {
|
|
639
733
|
name?: string | undefined;
|
|
640
734
|
displayName?: string | undefined;
|
|
641
735
|
multiTenant?: boolean | undefined;
|
|
642
736
|
baseDomain?: string | undefined;
|
|
737
|
+
userIdFormat?: "nanoid" | "uuid" | undefined;
|
|
738
|
+
primaryTenant?: string | undefined;
|
|
739
|
+
nakedDomain?: boolean | undefined;
|
|
643
740
|
}>>;
|
|
644
741
|
/** Enabled components */
|
|
645
742
|
components: z.ZodDefault<z.ZodObject<{
|
|
@@ -807,16 +904,24 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
807
904
|
/** Public key in JWK format */
|
|
808
905
|
publicKeyJwk: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
809
906
|
/**
|
|
810
|
-
* Path to secrets directory
|
|
811
|
-
* -
|
|
812
|
-
* -
|
|
907
|
+
* Path to secrets directory
|
|
908
|
+
* - External (.authrim-keys/{env}/): absolute path
|
|
909
|
+
* - Internal (.authrim/{env}/keys/): './keys/'
|
|
910
|
+
* - Legacy (.keys/{env}/): './.keys/{env}/'
|
|
813
911
|
*/
|
|
814
912
|
secretsPath: z.ZodDefault<z.ZodString>;
|
|
815
913
|
/** Whether to include secrets in config (not recommended) */
|
|
816
914
|
includeSecrets: z.ZodDefault<z.ZodBoolean>;
|
|
915
|
+
/**
|
|
916
|
+
* Key storage type
|
|
917
|
+
* - 'external': Keys stored in {cwd}/.authrim-keys/{env}/ (new default)
|
|
918
|
+
* - 'internal': Keys stored in .authrim/{env}/keys/ (within source)
|
|
919
|
+
*/
|
|
920
|
+
storageType: z.ZodDefault<z.ZodOptional<z.ZodEnum<["internal", "external"]>>>;
|
|
817
921
|
}, "strip", z.ZodTypeAny, {
|
|
818
922
|
secretsPath: string;
|
|
819
923
|
includeSecrets: boolean;
|
|
924
|
+
storageType: "internal" | "external";
|
|
820
925
|
keyId?: string | undefined;
|
|
821
926
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
822
927
|
}, {
|
|
@@ -824,6 +929,7 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
824
929
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
825
930
|
secretsPath?: string | undefined;
|
|
826
931
|
includeSecrets?: boolean | undefined;
|
|
932
|
+
storageType?: "internal" | "external" | undefined;
|
|
827
933
|
}>>;
|
|
828
934
|
/** Cloudflare configuration */
|
|
829
935
|
cloudflare: z.ZodDefault<z.ZodObject<{
|
|
@@ -910,6 +1016,7 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
910
1016
|
keys: {
|
|
911
1017
|
secretsPath: string;
|
|
912
1018
|
includeSecrets: boolean;
|
|
1019
|
+
storageType: "internal" | "external";
|
|
913
1020
|
keyId?: string | undefined;
|
|
914
1021
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
915
1022
|
};
|
|
@@ -921,7 +1028,10 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
921
1028
|
name: string;
|
|
922
1029
|
displayName: string;
|
|
923
1030
|
multiTenant: boolean;
|
|
1031
|
+
userIdFormat: "nanoid" | "uuid";
|
|
924
1032
|
baseDomain?: string | undefined;
|
|
1033
|
+
primaryTenant?: string | undefined;
|
|
1034
|
+
nakedDomain?: boolean | undefined;
|
|
925
1035
|
};
|
|
926
1036
|
components: {
|
|
927
1037
|
api: boolean;
|
|
@@ -992,6 +1102,8 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
992
1102
|
api: {
|
|
993
1103
|
custom?: string | null | undefined;
|
|
994
1104
|
auto?: string | undefined;
|
|
1105
|
+
zoneId?: string | null | undefined;
|
|
1106
|
+
customDomainBinding?: boolean | undefined;
|
|
995
1107
|
};
|
|
996
1108
|
loginUi: {
|
|
997
1109
|
sameAsApi: boolean;
|
|
@@ -1013,6 +1125,7 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
1013
1125
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
1014
1126
|
secretsPath?: string | undefined;
|
|
1015
1127
|
includeSecrets?: boolean | undefined;
|
|
1128
|
+
storageType?: "internal" | "external" | undefined;
|
|
1016
1129
|
} | undefined;
|
|
1017
1130
|
version?: string | undefined;
|
|
1018
1131
|
createdAt?: string | undefined;
|
|
@@ -1027,6 +1140,8 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
1027
1140
|
api: {
|
|
1028
1141
|
custom?: string | null | undefined;
|
|
1029
1142
|
auto?: string | undefined;
|
|
1143
|
+
zoneId?: string | null | undefined;
|
|
1144
|
+
customDomainBinding?: boolean | undefined;
|
|
1030
1145
|
};
|
|
1031
1146
|
loginUi: {
|
|
1032
1147
|
custom?: string | null | undefined;
|
|
@@ -1044,6 +1159,9 @@ export declare const AuthrimConfigSchema: z.ZodObject<{
|
|
|
1044
1159
|
displayName?: string | undefined;
|
|
1045
1160
|
multiTenant?: boolean | undefined;
|
|
1046
1161
|
baseDomain?: string | undefined;
|
|
1162
|
+
userIdFormat?: "nanoid" | "uuid" | undefined;
|
|
1163
|
+
primaryTenant?: string | undefined;
|
|
1164
|
+
nakedDomain?: boolean | undefined;
|
|
1047
1165
|
} | undefined;
|
|
1048
1166
|
components?: {
|
|
1049
1167
|
api?: boolean | undefined;
|
|
@@ -1142,6 +1260,7 @@ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
|
|
|
1142
1260
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
1143
1261
|
secretsPath?: string | undefined;
|
|
1144
1262
|
includeSecrets?: boolean | undefined;
|
|
1263
|
+
storageType?: "internal" | "external" | undefined;
|
|
1145
1264
|
} | undefined;
|
|
1146
1265
|
version?: string | undefined;
|
|
1147
1266
|
createdAt?: string | undefined;
|
|
@@ -1156,6 +1275,8 @@ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
|
|
|
1156
1275
|
api: {
|
|
1157
1276
|
custom?: string | null | undefined;
|
|
1158
1277
|
auto?: string | undefined;
|
|
1278
|
+
zoneId?: string | null | undefined;
|
|
1279
|
+
customDomainBinding?: boolean | undefined;
|
|
1159
1280
|
};
|
|
1160
1281
|
loginUi: {
|
|
1161
1282
|
custom?: string | null | undefined;
|
|
@@ -1173,6 +1294,9 @@ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
|
|
|
1173
1294
|
displayName?: string | undefined;
|
|
1174
1295
|
multiTenant?: boolean | undefined;
|
|
1175
1296
|
baseDomain?: string | undefined;
|
|
1297
|
+
userIdFormat?: "nanoid" | "uuid" | undefined;
|
|
1298
|
+
primaryTenant?: string | undefined;
|
|
1299
|
+
nakedDomain?: boolean | undefined;
|
|
1176
1300
|
} | undefined;
|
|
1177
1301
|
components?: {
|
|
1178
1302
|
api?: boolean | undefined;
|
|
@@ -1235,6 +1359,7 @@ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
|
|
|
1235
1359
|
keys: {
|
|
1236
1360
|
secretsPath: string;
|
|
1237
1361
|
includeSecrets: boolean;
|
|
1362
|
+
storageType: "internal" | "external";
|
|
1238
1363
|
keyId?: string | undefined;
|
|
1239
1364
|
publicKeyJwk?: Record<string, unknown> | undefined;
|
|
1240
1365
|
};
|
|
@@ -1246,7 +1371,10 @@ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
|
|
|
1246
1371
|
name: string;
|
|
1247
1372
|
displayName: string;
|
|
1248
1373
|
multiTenant: boolean;
|
|
1374
|
+
userIdFormat: "nanoid" | "uuid";
|
|
1249
1375
|
baseDomain?: string | undefined;
|
|
1376
|
+
primaryTenant?: string | undefined;
|
|
1377
|
+
nakedDomain?: boolean | undefined;
|
|
1250
1378
|
};
|
|
1251
1379
|
components: {
|
|
1252
1380
|
api: boolean;
|
|
@@ -1317,6 +1445,8 @@ export declare function safeParseConfig(data: unknown): z.SafeParseReturnType<{
|
|
|
1317
1445
|
api: {
|
|
1318
1446
|
custom?: string | null | undefined;
|
|
1319
1447
|
auto?: string | undefined;
|
|
1448
|
+
zoneId?: string | null | undefined;
|
|
1449
|
+
customDomainBinding?: boolean | undefined;
|
|
1320
1450
|
};
|
|
1321
1451
|
loginUi: {
|
|
1322
1452
|
sameAsApi: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAoBxB,eAAO,MAAM,eAAe;IAC1B,oDAAoD;;IAEpD,oDAAoD;;IAEpD,oEAAoE;;IAEpE,yDAAyD;;;;;;;;;;;;EAEzD,CAAC;AAEH,eAAO,MAAM,iBAAiB;IAC5B,oDAAoD;;IAEpD,oDAAoD;;IAEpD;;;;OAIG;;;;;;;;;;EAEH,CAAC;AAEH,eAAO,MAAM,gBAAgB;IAC3B,4BAA4B;;QAxB5B,oDAAoD;;QAEpD,oDAAoD;;QAEpD,oEAAoE;;QAEpE,yDAAyD;;;;;;;;;;;;;IAoBzD,mBAAmB;;QAfnB,oDAAoD;;QAEpD,oDAAoD;;QAEpD;;;;WAIG;;;;;;;;;;;IASH,mBAAmB;;QAjBnB,oDAAoD;;QAEpD,oDAAoD;;QAEpD;;;;WAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWH,CAAC;AAMH,eAAO,MAAM,gBAAgB;IAC3B,mDAAmD;;IAEnD,oCAAoC;;IAEpC,uBAAuB;;IAEvB,yCAAyC;;;;;;;;;;;;EAEzC,CAAC;AAMH,eAAO,MAAM,uBAAuB;IAClC,0DAA0D;;;;;;EAK1D,CAAC;AAMH;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,6CAA+C,CAAC;AAE/E,eAAO,MAAM,kBAAkB;IAC7B,gCAAgC;;IAEhC,8CAA8C;;IAE9C;;;OAGG;;IAEH;;;OAGG;;IAEH;;;;;;OAMG;;IAEH;;;;OAIG;;IAOH;;;;OAIG;;;;;;;;;;;;;;;;;;EAEH,CAAC;AAMH,eAAO,MAAM,sBAAsB;IACjC,2CAA2C;;IAE3C,yBAAyB;;IAEzB,yBAAyB;;IAEzB,0BAA0B;;IAE1B,6BAA6B;;IAE7B,6BAA6B;;IAE7B,8DAA8D;;IAE9D,gDAAgD;;;;;;;;;;;;;;;;;;;;EAEhD,CAAC;AAMH,eAAO,MAAM,gBAAgB;IAC3B,kCAAkC;;IAElC,mCAAmC;;IAEnC,wCAAwC;;IAExC,mCAAmC;;IAEnC,+BAA+B;;IAE/B,4BAA4B;;;;;;;;;;;;;;;;EAE5B,CAAC;AAMH,eAAO,MAAM,oBAAoB;IAC/B,gDAAgD;;IAEhD,6CAA6C;;IAE7C,qCAAqC;;IAErC,uCAAuC;;IAEvC,sDAAsD;;;;;;;;;;;;;;EAEtD,CAAC;AAMH,eAAO,MAAM,kBAAkB;;;;;;EAE7B,CAAC;AAEH,eAAO,MAAM,eAAe;;;;;;EAE1B,CAAC;AAEH,eAAO,MAAM,kBAAkB;IAC7B,sDAAsD;;IAEtD,4DAA4D;;IAE5D,4CAA4C;;IAE5C;;;OAGG;;;;;;;;;;;;EAEH,CAAC;AAEH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;QAb/B,sDAAsD;;QAEtD,4DAA4D;;QAE5D,4CAA4C;;QAE5C;;;WAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQH,CAAC;AAMH,eAAO,MAAM,gBAAgB;IAC3B,2BAA2B;;IAE3B,+BAA+B;;IAE/B;;;;;OAKG;;IAEH,6DAA6D;;IAE7D;;;;OAIG;;;;;;;;;;;;;;EAEH,CAAC;AAMH,eAAO,MAAM,sBAAsB;IACjC,4BAA4B;;;;;;EAE5B,CAAC;AAMH,gDAAgD;AAChD,eAAO,MAAM,gBAAgB,mEAQ3B,CAAC;AAEH,yCAAyC;AACzC,eAAO,MAAM,oBAAoB,2BAG/B,CAAC;AAEH,eAAO,MAAM,sBAAsB;IACjC,sEAAsE;;IAEtE,yEAAyE;;;;;;;;EAEzE,CAAC;AAEH,eAAO,MAAM,oBAAoB;IAC/B,2EAA2E;;QAP3E,sEAAsE;;QAEtE,yEAAyE;;;;;;;;;IAOzE,iEAAiE;;QATjE,sEAAsE;;QAEtE,yEAAyE;;;;;;;;;;;;;;;;;;;;;;;;;;;EASzE,CAAC;AAMH,eAAO,MAAM,oBAAoB;IAC/B;;;;;;OAMG;;IAEH;;;;;;OAMG;;;;;;;;EAEH,CAAC;AAMH,eAAO,MAAM,aAAa,sDAIxB,CAAC;AAMH,eAAO,MAAM,mBAAmB;IAC9B,mCAAmC;;IAEnC,yBAAyB;;IAEzB,4BAA4B;;IAG5B,yBAAyB;;QAzRzB,mDAAmD;;QAEnD,oCAAoC;;QAEpC,uBAAuB;;QAEvB,yCAAyC;;;;;;;;;;;;;IAsRzC,gCAAgC;;QA7QhC,0DAA0D;;;;;;;IAgR1D,wBAAwB;;QA5SxB,4BAA4B;;YAxB5B,oDAAoD;;YAEpD,oDAAoD;;YAEpD,oEAAoE;;YAEpE,yDAAyD;;;;;;;;;;;;;QAoBzD,mBAAmB;;YAfnB,oDAAoD;;YAEpD,oDAAoD;;YAEpD;;;;eAIG;;;;;;;;;;;QASH,mBAAmB;;YAjBnB,oDAAoD;;YAEpD,oDAAoD;;YAEpD;;;;eAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAoTH,2BAA2B;;QAhQ3B,gCAAgC;;QAEhC,8CAA8C;;QAE9C;;;WAGG;;QAEH;;;WAGG;;QAEH;;;;;;WAMG;;QAEH;;;;WAIG;;QAOH;;;;WAIG;;;;;;;;;;;;;;;;;;;IA8NH,yBAAyB;;QArNzB,2CAA2C;;QAE3C,yBAAyB;;QAEzB,yBAAyB;;QAEzB,0BAA0B;;QAE1B,6BAA6B;;QAE7B,6BAA6B;;QAE7B,8DAA8D;;QAE9D,gDAAgD;;;;;;;;;;;;;;;;;;;;;IA0MhD,mBAAmB;;IAGnB,oBAAoB;;QApMpB,kCAAkC;;QAElC,mCAAmC;;QAEnC,wCAAwC;;QAExC,mCAAmC;;QAEnC,+BAA+B;;QAE/B,4BAA4B;;;;;;;;;;;;;;;;;IA6L5B,6BAA6B;;QApL7B,gDAAgD;;QAEhD,6CAA6C;;QAE7C,qCAAqC;;QAErC,uCAAuC;;QAEvC,sDAAsD;;;;;;;;;;;;;;;IA+KtD,oBAAoB;;;;;;;;;;;;;;;;;YA9JpB,sDAAsD;;YAEtD,4DAA4D;;YAE5D,4CAA4C;;YAE5C;;;eAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAwJH,wBAAwB;;QAzIxB,2BAA2B;;QAE3B,+BAA+B;;QAE/B;;;;;WAKG;;QAEH,6DAA6D;;QAE7D;;;;WAIG;;;;;;;;;;;;;;;IA2HH,+BAA+B;;QAlH/B,4BAA4B;;;;;;;IAqH5B,wDAAwD;;QApFxD,2EAA2E;;YAP3E,sEAAsE;;YAEtE,yEAAyE;;;;;;;;;QAOzE,iEAAiE;;YATjE,sEAAsE;;YAEtE,yEAAyE;;;;;;;;;;;;;;;;;;;;;;;;;;;;IA4FzE,8DAA8D;;QA5E9D;;;;;;WAMG;;QAEH;;;;;;WAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgEH,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAChE,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AACxD,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAC5D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AACxE,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAC9D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AACpD,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC1D,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AACtE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAClE,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAMlE;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAQjE;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,OAAO,GAAG,aAAa,CAExD;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAE5C"}
|
package/dist/core/config.js
CHANGED
|
@@ -8,17 +8,34 @@ import { z } from 'zod';
|
|
|
8
8
|
// =============================================================================
|
|
9
9
|
// URL Configuration
|
|
10
10
|
// =============================================================================
|
|
11
|
+
/**
|
|
12
|
+
* Accepts a full URL or a bare hostname and normalizes to a full https:// URL.
|
|
13
|
+
* e.g. "example.com" → "https://example.com"
|
|
14
|
+
*/
|
|
15
|
+
const urlOrHostname = z
|
|
16
|
+
.string()
|
|
17
|
+
.transform((val) => {
|
|
18
|
+
if (!val.includes('://')) {
|
|
19
|
+
return `https://${val}`;
|
|
20
|
+
}
|
|
21
|
+
return val;
|
|
22
|
+
})
|
|
23
|
+
.pipe(z.string().url());
|
|
11
24
|
export const UrlConfigSchema = z.object({
|
|
12
25
|
/** Custom domain (null = use auto-generated URL) */
|
|
13
|
-
custom:
|
|
26
|
+
custom: urlOrHostname.nullable().optional(),
|
|
14
27
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
15
|
-
auto:
|
|
28
|
+
auto: urlOrHostname.optional(),
|
|
29
|
+
/** Cloudflare zone ID for custom domain (populated during setup) */
|
|
30
|
+
zoneId: z.string().nullable().optional(),
|
|
31
|
+
/** Whether to configure Workers custom domain binding */
|
|
32
|
+
customDomainBinding: z.boolean().optional(),
|
|
16
33
|
});
|
|
17
34
|
export const UiUrlConfigSchema = z.object({
|
|
18
35
|
/** Custom domain (null = use auto-generated URL) */
|
|
19
|
-
custom:
|
|
36
|
+
custom: urlOrHostname.nullable().optional(),
|
|
20
37
|
/** Auto-generated URL (workers.dev or pages.dev) */
|
|
21
|
-
auto:
|
|
38
|
+
auto: urlOrHostname.optional(),
|
|
22
39
|
/**
|
|
23
40
|
* Whether to serve this UI from the same domain as the API via proxy
|
|
24
41
|
* - true: UI is proxied through ar-router (e.g., https://api.example.com/admin)
|
|
@@ -59,22 +76,52 @@ export const EnvironmentConfigSchema = z.object({
|
|
|
59
76
|
// =============================================================================
|
|
60
77
|
// Tenant Configuration
|
|
61
78
|
// =============================================================================
|
|
79
|
+
/**
|
|
80
|
+
* User ID format options
|
|
81
|
+
* - nanoid: URL-safe 21-character IDs (default, recommended)
|
|
82
|
+
* - uuid: Standard UUID v4 format
|
|
83
|
+
*/
|
|
84
|
+
export const UserIdFormatSchema = z.enum(['nanoid', 'uuid']).default('nanoid');
|
|
62
85
|
export const TenantConfigSchema = z.object({
|
|
63
|
-
/** Default tenant identifier
|
|
86
|
+
/** Default tenant identifier */
|
|
64
87
|
name: z.string().default('default'),
|
|
65
88
|
/** Human-readable tenant/organization name */
|
|
66
89
|
displayName: z.string().default('Default Tenant'),
|
|
67
90
|
/**
|
|
68
|
-
* Multi-tenant mode
|
|
69
|
-
*
|
|
70
|
-
* - false: issuer = ISSUER_URL (single-tenant)
|
|
91
|
+
* @deprecated Multi-tenant mode is always enabled.
|
|
92
|
+
* Kept for backward compatibility during migration.
|
|
71
93
|
*/
|
|
72
94
|
multiTenant: z.boolean().default(false),
|
|
73
95
|
/**
|
|
74
|
-
* Base domain
|
|
75
|
-
*
|
|
96
|
+
* Base domain (root domain only, e.g., "authrim.com", "example.com")
|
|
97
|
+
* All tenant domains are subdomains of this: {tenant}.{baseDomain}
|
|
76
98
|
*/
|
|
77
99
|
baseDomain: z.string().optional(),
|
|
100
|
+
/**
|
|
101
|
+
* User ID format for new users
|
|
102
|
+
* - nanoid: URL-safe 21-character IDs (default, recommended)
|
|
103
|
+
* - uuid: Standard UUID v4 format (36 characters with hyphens)
|
|
104
|
+
*
|
|
105
|
+
* Note: This setting cannot be changed after users are created.
|
|
106
|
+
*/
|
|
107
|
+
userIdFormat: UserIdFormatSchema,
|
|
108
|
+
/**
|
|
109
|
+
* Primary tenant ID for naked domain access.
|
|
110
|
+
* When set, naked domain (e.g., example.com) routes to this tenant.
|
|
111
|
+
* When unset, naked domain routes to the default tenant (name field).
|
|
112
|
+
*/
|
|
113
|
+
primaryTenant: z
|
|
114
|
+
.string()
|
|
115
|
+
.min(1)
|
|
116
|
+
.max(63)
|
|
117
|
+
.regex(/^[a-z0-9-]+$/)
|
|
118
|
+
.optional(),
|
|
119
|
+
/**
|
|
120
|
+
* Use naked domain as issuer URL.
|
|
121
|
+
* When true: https://example.com (no tenant subdomain)
|
|
122
|
+
* When false: https://tenant.example.com (with tenant subdomain)
|
|
123
|
+
*/
|
|
124
|
+
nakedDomain: z.boolean().default(false).optional(),
|
|
78
125
|
});
|
|
79
126
|
// =============================================================================
|
|
80
127
|
// Components Configuration
|
|
@@ -119,13 +166,13 @@ export const OidcConfigSchema = z.object({
|
|
|
119
166
|
// =============================================================================
|
|
120
167
|
export const ShardingConfigSchema = z.object({
|
|
121
168
|
/** Number of authorization code store shards */
|
|
122
|
-
authCodeShards: z.number().int().positive().default(
|
|
169
|
+
authCodeShards: z.number().int().positive().default(4),
|
|
123
170
|
/** Number of refresh token rotator shards */
|
|
124
|
-
refreshTokenShards: z.number().int().positive().default(
|
|
171
|
+
refreshTokenShards: z.number().int().positive().default(4),
|
|
125
172
|
/** Number of session store shards */
|
|
126
|
-
sessionShards: z.number().int().positive().default(
|
|
173
|
+
sessionShards: z.number().int().positive().default(4),
|
|
127
174
|
/** Number of challenge store shards */
|
|
128
|
-
challengeShards: z.number().int().positive().default(
|
|
175
|
+
challengeShards: z.number().int().positive().default(4),
|
|
129
176
|
/** Number of flow state store shards (Flow Engine) */
|
|
130
177
|
flowStateShards: z.number().int().positive().default(32),
|
|
131
178
|
});
|
|
@@ -136,7 +183,7 @@ export const QueueFeatureSchema = z.object({
|
|
|
136
183
|
enabled: z.boolean().default(false),
|
|
137
184
|
});
|
|
138
185
|
export const R2FeatureSchema = z.object({
|
|
139
|
-
enabled: z.boolean().default(
|
|
186
|
+
enabled: z.boolean().default(true),
|
|
140
187
|
});
|
|
141
188
|
export const EmailFeatureSchema = z.object({
|
|
142
189
|
/** Email provider (resend, sendgrid, ses, or none) */
|
|
@@ -165,13 +212,20 @@ export const KeysConfigSchema = z.object({
|
|
|
165
212
|
/** Public key in JWK format */
|
|
166
213
|
publicKeyJwk: z.record(z.unknown()).optional(),
|
|
167
214
|
/**
|
|
168
|
-
* Path to secrets directory
|
|
169
|
-
* -
|
|
170
|
-
* -
|
|
215
|
+
* Path to secrets directory
|
|
216
|
+
* - External (.authrim-keys/{env}/): absolute path
|
|
217
|
+
* - Internal (.authrim/{env}/keys/): './keys/'
|
|
218
|
+
* - Legacy (.keys/{env}/): './.keys/{env}/'
|
|
171
219
|
*/
|
|
172
220
|
secretsPath: z.string().default('./keys/'),
|
|
173
221
|
/** Whether to include secrets in config (not recommended) */
|
|
174
222
|
includeSecrets: z.boolean().default(false),
|
|
223
|
+
/**
|
|
224
|
+
* Key storage type
|
|
225
|
+
* - 'external': Keys stored in {cwd}/.authrim-keys/{env}/ (new default)
|
|
226
|
+
* - 'internal': Keys stored in .authrim/{env}/keys/ (within source)
|
|
227
|
+
*/
|
|
228
|
+
storageType: z.enum(['internal', 'external']).optional().default('external'),
|
|
175
229
|
});
|
|
176
230
|
// =============================================================================
|
|
177
231
|
// Cloudflare Configuration
|