@axium/server 0.10.0 → 0.11.0

package/dist/api/register.js

@@ -34,7 +34,7 @@ async function OPTIONS(event) {
 }
 async function POST(event) {
     const { userId, email, name, response } = await parseBody(event, APIUserRegistration);
-    const existing = await db.selectFrom('users').selectAll().where('email', '=', email).executeTakeFirst();
+    const existing = await db.selectFrom('users').selectAll().where('email', '=', email.toLowerCase()).executeTakeFirst();
     if (existing)
         error(409, { message: 'Email already in use' });
     const expectedChallenge = registrations.get(userId);
@@ -50,7 +50,7 @@ async function POST(event) {
         error(401, { message: 'Verification failed' });
     await db
         .insertInto('users')
-        .values({ id: userId, name, email })
+        .values({ id: userId, name, email: email.toLowerCase() })
         .executeTakeFirstOrThrow()
         .catch(withError('Failed to create user'));
     await createPasskey({
@@ -60,7 +60,7 @@ async function POST(event) {
         deviceType: registrationInfo.credentialDeviceType,
         backedUp: registrationInfo.credentialBackedUp,
     }).catch(e => error(500, { message: 'Failed to create passkey' + (config.debug ? `: ${e.message}` : '') }));
-    return await createSessionData(event, userId);
+    return await createSessionData(userId);
 }
 addRoute({
     path: '/api/register',

package/dist/api/users.js

@@ -116,11 +116,11 @@ addRoute({
             error(401, { message: 'Verification failed' });
         switch (type) {
             case 'login':
-                return await createSessionData(event, userId);
+                return await createSessionData(userId);
             case 'action':
                 if ((Date.now() - passkey.createdAt.getTime()) / 60_000 < config.auth.passkey_probation)
                     error(403, { message: 'You can not authorize sensitive actions with a newly created passkey' });
-                return await createSessionData(event, userId, true);
+                return await createSessionData(userId, true);
         }
     },
 });

package/dist/auth.d.ts

@@ -1,19 +1,15 @@
 import type { Passkey, Session, Verification } from '@axium/core/api';
 import type { User } from '@axium/core/user';
 import type { RequestEvent } from '@sveltejs/kit';
+import { type Schema } from './database.js';
+import type { Insertable } from 'kysely';
 export interface UserInternal extends User {
-    password?: string | null;
-    salt?: string | null;
+    isAdmin: boolean;
+    /** Tags are internal, roles are public */
+    tags: string[];
 }
 export declare function getUser(id: string): Promise<UserInternal>;
-export declare function updateUser({ id, ...user }: UserInternal): Promise<{
-    id: string;
-    name: string;
-    email: string;
-    emailVerified: Date | null | undefined;
-    image: string | null | undefined;
-    preferences: import("@axium/core/user").Preferences | undefined;
-}>;
+export declare function updateUser({ id, ...user }: Insertable<Schema['users']>): Promise<UserInternal>;
 export interface SessionInternal extends Session {
     token: string;
 }

package/dist/cli.js

@@ -51,17 +51,35 @@ var __disposeResources = (this && this.__disposeResources) || (function (Suppres
     var e = new Error(message);
     return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
 });
+import { formatDateRange } from '@axium/core/format';
 import { Argument, Option, program } from 'commander';
+import { access } from 'node:fs/promises';
 import { join } from 'node:path/posix';
+import { createInterface } from 'node:readline/promises';
 import { styleText } from 'node:util';
 import { getByString, isJSON, setByString } from 'utilium';
+import z from 'zod/v4';
 import $pkg from '../package.json' with { type: 'json' };
 import { apps } from './apps.js';
 import config, { configFiles, saveConfigTo } from './config.js';
 import * as db from './database.js';
-import { _portActions, _portMethods, defaultOutput, exit, handleError, output, restrictedPorts } from './io.js';
+import { _portActions, _portMethods, exit, handleError, output, restrictedPorts, setCommandTimeout, warn } from './io.js';
+import { linkRoutes, listRouteLinks, unlinkRoutes } from './linking.js';
 import { getSpecifier, plugins, pluginText, resolvePlugin } from './plugins.js';
 import { serve } from './serve.js';
+function readline() {
+    const rl = createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return Object.assign(rl, {
+        [Symbol.dispose]: rl.close.bind(rl),
+    });
+}
+function userText(user, bold = false) {
+    const text = `${user.name} <${user.email}> (${user.id})`;
+    return bold ? styleText('bold', text) : text;
+}
 program
     .version($pkg.version)
     .name('axium')
@@ -89,13 +107,14 @@ const opts = {
     }),
     force: new Option('-f, --force', 'force the operation').default(false),
     global: new Option('-g, --global', 'apply the operation globally').default(false),
+    timeout: new Option('-t, --timeout <ms>', 'how long to wait for commands to complete.').default('1000').argParser(value => {
+        const timeout = parseInt(value);
+        if (!Number.isSafeInteger(timeout) || timeout < 0)
+            warn('Invalid timeout value, using default.');
+        setCommandTimeout(timeout);
+    }),
 };
-const axiumDB = program
-    .command('db')
-    .alias('database')
-    .description('Manage the database')
-    .option('-t, --timeout <ms>', 'how long to wait for commands to complete.', '1000')
-    .addOption(opts.host);
+const axiumDB = program.command('db').alias('database').description('Manage the database').addOption(opts.timeout).addOption(opts.host);
 axiumDB
     .command('init')
     .description('Initialize the database')
@@ -298,7 +317,7 @@ axiumPlugin
             exit(`Can't find a plugin matching "${search}"`);
         const specifier = getSpecifier(plugin);
         const _ = __addDisposableResource(env_4, db.connect(), true);
-        await plugin.db_remove?.({ ...opt, output: defaultOutput }, db.database);
+        await plugin.hooks.remove?.(opt, db.database);
         for (const [path, data] of configFiles) {
             if (!data.plugins)
                 continue;
@@ -317,6 +336,32 @@ axiumPlugin
             await result_4;
     }
 });
+axiumPlugin
+    .command('init')
+    .alias('setup')
+    .alias('install')
+    .description('Initialize a plugin. This could include adding tables to the database or linking routes.')
+    .addOption(opts.timeout)
+    .argument('<plugin>', 'the plugin to initialize')
+    .action(async (search, opt) => {
+    const env_5 = { stack: [], error: void 0, hasError: false };
+    try {
+        const plugin = resolvePlugin(search);
+        if (!plugin)
+            exit(`Can't find a plugin matching "${search}"`);
+        const _ = __addDisposableResource(env_5, db.connect(), true);
+        await plugin.hooks.db_init?.({ force: false, ...opt, skip: true }, db.database);
+    }
+    catch (e_5) {
+        env_5.error = e_5;
+        env_5.hasError = true;
+    }
+    finally {
+        const result_5 = __disposeResources(env_5);
+        if (result_5)
+            await result_5;
+    }
+});
 const axiumApps = program.command('apps').description('Manage Axium apps').addOption(opts.global);
 axiumApps
     .command('list')
@@ -338,19 +383,178 @@ axiumApps
         console.log(app.name, styleText('dim', `(${app.id})`));
     }
 });
+const lookup = new Argument('<user>', 'the UUID or email of the user to operate on').argParser(async (lookup) => {
+    const value = await (lookup.includes('@') ? z.email() : z.uuid())
+        .parseAsync(lookup.toLowerCase())
+        .catch(() => exit('Invalid user ID or email.'));
+    db.connect();
+    const result = await db.database
+        .selectFrom('users')
+        .where(value.includes('@') ? 'email' : 'id', '=', value)
+        .selectAll()
+        .executeTakeFirst();
+    if (!result)
+        exit('No user with matching ID or email.');
+    return result;
+});
+/**
+ * Updates an array of strings by adding or removing items.
+ * Only returns whether the array was updated and diff text for what actually changed.
+ */
+function diffUpdate(original, add, remove) {
+    const diffs = [];
+    // update the values
+    if (add) {
+        for (const role of add) {
+            if (original.includes(role))
+                continue;
+            original.push(role);
+            diffs.push(styleText('green', '+' + role));
+        }
+    }
+    if (remove)
+        original = original.filter(item => {
+            const allow = !remove.includes(item);
+            if (!allow)
+                diffs.push(styleText('red', '-' + item));
+            return allow;
+        });
+    return [!!diffs.length, original, diffs.join(', ')];
+}
+program
+    .command('user')
+    .description('Get or change information about a user')
+    .addArgument(lookup)
+    .option('-S, --sessions', 'show user sessions')
+    .option('-P, --passkeys', 'show user passkeys')
+    .option('--add-role <role...>', 'add roles to the user')
+    .option('--remove-role <role...>', 'remove roles from the user')
+    .option('--tag <tag...>', 'Add tags to the user')
+    .option('--untag <tag...>', 'Remove tags from the user')
+    .option('--delete', 'Delete the user')
+    .action(async (_user, opt) => {
+    const env_6 = { stack: [], error: void 0, hasError: false };
+    try {
+        let user = await _user;
+        const _ = __addDisposableResource(env_6, db.connect(), true);
+        const [updatedRoles, roles, rolesDiff] = diffUpdate(user.roles, opt.addRole, opt.removeRole);
+        const [updatedTags, tags, tagsDiff] = diffUpdate(user.tags, opt.tag, opt.untag);
+        if (updatedRoles || updatedTags) {
+            user = await db.database
+                .updateTable('users')
+                .set({ roles, tags })
+                .returningAll()
+                .executeTakeFirstOrThrow()
+                .then(u => {
+                if (updatedRoles && rolesDiff)
+                    console.log(`> Updated roles: ${rolesDiff}`);
+                if (updatedTags && tagsDiff)
+                    console.log(`> Updated tags: ${tagsDiff}`);
+                return u;
+            })
+                .catch(e => exit('Failed to update user roles: ' + e.message));
+        }
+        if (opt.delete) {
+            const env_7 = { stack: [], error: void 0, hasError: false };
+            try {
+                const rl = __addDisposableResource(env_7, readline(), false);
+                const confirmed = await rl
+                    .question(`Are you sure you want to delete ${userText(user, true)}? (y/N) `)
+                    .then(v => z.stringbool().parseAsync(v))
+                    .catch(() => false);
+                if (!confirmed)
+                    console.log(styleText('dim', '> Delete aborted.'));
+                else
+                    await db.database
+                        .deleteFrom('users')
+                        .where('id', '=', user.id)
+                        .executeTakeFirstOrThrow()
+                        .then(() => console.log(styleText(['red', 'bold'], '> Deleted')))
+                        .catch(e => exit('Failed to delete user: ' + e.message));
+            }
+            catch (e_6) {
+                env_7.error = e_6;
+                env_7.hasError = true;
+            }
+            finally {
+                __disposeResources(env_7);
+            }
+        }
+        console.log([
+            user.isAdmin && styleText('redBright', 'Administrator'),
+            'UUID: ' + user.id,
+            'Name: ' + user.name,
+            `Email: ${user.email}, ${user.emailVerified ? 'verified on ' + formatDateRange(user.emailVerified) : styleText(config.auth.email_verification ? 'yellow' : 'dim', 'not verified')}`,
+            'Registered ' + formatDateRange(user.registeredAt),
+            `Roles: ${user.roles.length ? user.roles.join(', ') : styleText('dim', '(none)')}`,
+            `Tags: ${user.tags.length ? user.tags.join(', ') : styleText('dim', '(none)')}`,
+        ]
+            .filter(Boolean)
+            .join('\n'));
+        if (opt.sessions) {
+            const sessions = await db.database.selectFrom('sessions').where('userId', '=', user.id).selectAll().execute();
+            console.log(styleText('bold', 'Sessions:'));
+            if (!sessions.length)
+                console.log(styleText('dim', '(none)'));
+            else
+                for (const session of sessions) {
+                    console.log(`\t${session.id}\tcreated ${formatDateRange(session.created).padEnd(40)}\texpires ${formatDateRange(session.expires).padEnd(40)}\t${session.elevated ? styleText('yellow', '(elevated)') : ''}`);
+                }
+        }
+        if (opt.passkeys) {
+            const passkeys = await db.database.selectFrom('passkeys').where('userId', '=', user.id).selectAll().execute();
+            console.log(styleText('bold', 'Passkeys:'));
+            for (const passkey of passkeys) {
+                console.log(`\t${passkey.id}: created ${formatDateRange(passkey.createdAt).padEnd(40)} used ${passkey.counter} times. ${passkey.deviceType}, ${passkey.backedUp ? '' : 'not '}backed up; transports are [${passkey.transports.join(', ')}], ${passkey.name ? 'named ' + JSON.stringify(passkey.name) : 'unnamed'}.`);
+            }
+        }
+    }
+    catch (e_7) {
+        env_6.error = e_7;
+        env_6.hasError = true;
+    }
+    finally {
+        const result_6 = __disposeResources(env_6);
+        if (result_6)
+            await result_6;
+    }
+});
+program
+    .command('toggle-admin')
+    .description('Toggle whether a user is an administrator')
+    .addArgument(lookup)
+    .action(async (_user) => {
+    const env_8 = { stack: [], error: void 0, hasError: false };
+    try {
+        const user = await _user;
+        const _ = __addDisposableResource(env_8, db.connect(), true);
+        const isAdmin = !user.isAdmin;
+        await db.database.updateTable('users').set({ isAdmin }).where('id', '=', user.id).executeTakeFirstOrThrow();
+        console.log(`${userText(user)} is ${isAdmin ? 'now' : 'no longer'} an administrator. (${styleText(['whiteBright', 'bold'], isAdmin.toString())})`);
+    }
+    catch (e_8) {
+        env_8.error = e_8;
+        env_8.hasError = true;
+    }
+    finally {
+        const result_7 = __disposeResources(env_8);
+        if (result_7)
+            await result_7;
+    }
+});
 program
     .command('status')
     .alias('stats')
     .description('Get information about the server')
     .addOption(opts.host)
     .action(async () => {
-    const env_5 = { stack: [], error: void 0, hasError: false };
+    const env_9 = { stack: [], error: void 0, hasError: false };
     try {
         console.log('Axium Server v' + program.version());
         console.log(styleText('whiteBright', 'Debug mode:'), config.debug ? styleText('yellow', 'enabled') : 'disabled');
         console.log(styleText('whiteBright', 'Loaded config files:'), config.files.keys().toArray().join(', '));
         process.stdout.write(styleText('whiteBright', 'Database: '));
-        const _ = __addDisposableResource(env_5, db.connect(), true);
+        const _ = __addDisposableResource(env_9, db.connect(), true);
         try {
             console.log(await db.statusText());
         }
@@ -367,14 +571,14 @@ program
             console.log(await plugin.statusText());
         }
     }
-    catch (e_5) {
-        env_5.error = e_5;
-        env_5.hasError = true;
+    catch (e_9) {
+        env_9.error = e_9;
+        env_9.hasError = true;
     }
     finally {
-        const result_5 = __disposeResources(env_5);
-        if (result_5)
-            await result_5;
+        const result_8 = __disposeResources(env_9);
+        if (result_8)
+            await result_8;
     }
 });
 program
@@ -411,4 +615,18 @@ program
         console.log('Server is listening on port ' + port);
     });
 });
+program.command('link').description('Link svelte page routes').action(linkRoutes);
+program.command('unlink').description('Unlink svelte page routes').action(unlinkRoutes);
+program
+    .command('list-links')
+    .description('List linked routes')
+    .action(async () => {
+    for (const link of listRouteLinks()) {
+        const idText = link.id.startsWith('#') ? `(${link.id.slice(1)})` : link.id;
+        const toColor = await access(link.to)
+            .then(() => 'white')
+            .catch(() => 'redBright');
+        console.log(`${idText}:\t ${styleText('cyanBright', link.from)}\t->\t${styleText(toColor, link.to)}`);
+    }
+});
 program.parse();

package/dist/config.d.ts

@@ -34,12 +34,15 @@ export interface Config extends Record<string, unknown> {
         console: boolean;
     };
     web: {
-        prefix: string;
         assets: string;
-        secure: boolean;
+        disable_cache: boolean;
         port: number;
+        prefix: string;
+        routes: string;
+        secure: boolean;
         ssl_key: string;
         ssl_cert: string;
+        template: string;
     };
 }
 export declare const configFiles: Map<string, File>;
@@ -92,12 +95,15 @@ export declare const File: z.ZodObject<{
         console: z.ZodOptional<z.ZodBoolean>;
     }, z.core.$strip>>;
     web: z.ZodOptional<z.ZodObject<{
-        prefix: z.ZodOptional<z.ZodString>;
         assets: z.ZodOptional<z.ZodString>;
-        secure: z.ZodOptional<z.ZodBoolean>;
+        disable_cache: z.ZodOptional<z.ZodBoolean>;
         port: z.ZodOptional<z.ZodNumber>;
+        prefix: z.ZodOptional<z.ZodString>;
+        routes: z.ZodOptional<z.ZodString>;
+        secure: z.ZodOptional<z.ZodBoolean>;
         ssl_key: z.ZodOptional<z.ZodString>;
         ssl_cert: z.ZodOptional<z.ZodString>;
+        template: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
     include: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
     plugins: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;

package/dist/config.js

@@ -51,12 +51,15 @@ export const config = _unique('config', {
         level: 'info',
     },
     web: {
-        prefix: '',
         assets: '',
-        secure: true,
+        disable_cache: false,
         port: 443,
+        prefix: '',
+        routes: 'routes',
+        secure: true,
         ssl_key: resolve(dirs[0], 'ssl_key.pem'),
         ssl_cert: resolve(dirs[0], 'ssl_cert.pem'),
+        template: join(import.meta.dirname, '../web/template.html'),
     },
 });
 export default config;
@@ -106,12 +109,15 @@ export const File = z
         .partial(),
     web: z
         .object({
-        prefix: z.string(),
         assets: z.string(),
-        secure: z.boolean(),
+        disable_cache: z.boolean(),
         port: z.number().min(1).max(65535),
+        prefix: z.string(),
+        routes: z.string(),
+        secure: z.boolean(),
         ssl_key: z.string(),
         ssl_cert: z.string(),
+        template: z.string(),
     })
         .partial(),
     include: z.array(z.string()).optional(),
@@ -152,7 +158,7 @@ export async function loadConfig(path, options = {}) {
     catch (e) {
         if (!options.optional)
             throw e;
-        config.debug && output.debug(`Skipping config at ${path} (${e.message})`);
+        output.debug(`Skipping config at ${path} (${e.message})`);
         return;
     }
     const file = options.strict ? File.parse(json) : json;
@@ -184,7 +190,7 @@ export function saveConfigTo(path, changed) {
     setConfig(changed);
     const config = configFiles.get(path) ?? {};
     Object.assign(config, { ...changed, db: { ...config.db, ...changed.db } });
-    config.debug && output.debug(`Wrote config to ${path}`);
+    output.debug(`Wrote config to ${path}`);
     writeFileSync(path, JSON.stringify(config));
 }
 /**

package/dist/database.d.ts

@@ -1,16 +1,19 @@
 import type { Preferences } from '@axium/core';
+import type { AuthenticatorTransportFuture, CredentialDeviceType } from '@simplewebauthn/server';
 import { Kysely, type GeneratedAlways } from 'kysely';
 import type { VerificationRole } from './auth.js';
-import type { MaybeOutput, WithOutput } from './io.js';
-import type { AuthenticatorTransportFuture, CredentialDeviceType } from '@simplewebauthn/server';
 export interface Schema {
     users: {
-        id: GeneratedAlways<string> & string;
+        id: string;
         email: string;
         name: string;
         image?: string | null;
         emailVerified?: Date | null;
-        preferences?: Preferences;
+        preferences: Preferences;
+        isAdmin: boolean;
+        roles: string[];
+        tags: string[];
+        registeredAt: GeneratedAlways<Date>;
     };
     sessions: {
         id: GeneratedAlways<string>;
@@ -49,19 +52,16 @@ export interface Stats {
 export declare function count<const T extends keyof Schema>(table: T): Promise<number>;
 export declare function status(): Promise<Stats>;
 export declare function statusText(): Promise<string>;
-export interface OpOptions extends MaybeOutput {
-    timeout: number;
+export interface OpOptions {
     force: boolean;
 }
 export interface InitOptions extends OpOptions {
     skip: boolean;
 }
-export declare function shouldRecreate(opt: InitOptions & WithOutput): boolean;
-export declare function getHBA(opt: OpOptions & WithOutput): Promise<[content: string, writeBack: (newContent: string) => void]>;
-export interface PluginShortcuts {
-    done: () => void;
-    warnExists: (error: string | Error) => void;
-}
+export declare function shouldRecreate(opt: InitOptions): boolean;
+export declare function getHBA(opt: OpOptions): Promise<[content: string, writeBack: (newContent: string) => void]>;
+/** Shortcut to output a warning if an error is thrown because relation already exists */
+export declare const warnExists: (error: string | Error) => void;
 export declare function init(opt: InitOptions): Promise<void>;
 export declare function check(opt: OpOptions): Promise<void>;
 export declare function clean(opt: Partial<OpOptions>): Promise<void>;