@axium/server 0.16.2 → 0.17.0

package/build/server/manifest.js

@@ -10,15 +10,15 @@ return {
 	assets: new Set(["icons/brands.svg","icons/light.svg","icons/regular.svg","icons/solid.svg","styles.css"]),
 	mimeTypes: {".svg":"image/svg+xml",".css":"text/css"},
 	_: {
-		client: {start:"_app/immutable/entry/start.B8r-M4qY.js",app:"_app/immutable/entry/app.CYeEqzuG.js",imports:["_app/immutable/entry/start.B8r-M4qY.js","_app/immutable/chunks/Ccv5p-Lr.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/entry/app.CYeEqzuG.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/chunks/DsnmJJEf.js","_app/immutable/chunks/ct9jA5hl.js"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},
+		client: {start:"_app/immutable/entry/start.CkXOtoPI.js",app:"_app/immutable/entry/app.Bexu3pho.js",imports:["_app/immutable/entry/start.CkXOtoPI.js","_app/immutable/chunks/DQ-d8a5w.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/entry/app.Bexu3pho.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/chunks/DsnmJJEf.js","_app/immutable/chunks/ct9jA5hl.js"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},
 		nodes: [
 			__memo(() => import('./chunks/0-CUfr8UwD.js')),
-			__memo(() => import('./chunks/1-B46rUG8d.js')),
+			__memo(() => import('./chunks/1-Db3AncWW.js')),
 			__memo(() => import('./chunks/2-c1bljkMr.js')),
-			__memo(() => import('./chunks/3-CeRz1jLd.js')),
-			__memo(() => import('./chunks/4-CPwP8Ikn.js')),
-			__memo(() => import('./chunks/5-xNibYAp4.js')),
-			__memo(() => import('./chunks/6-CivW166X.js'))
+			__memo(() => import('./chunks/3-BzEpIldk.js')),
+			__memo(() => import('./chunks/4-J7bxt5HT.js')),
+			__memo(() => import('./chunks/5-uwjgYAk8.js')),
+			__memo(() => import('./chunks/6-Cj4cg3MT.js'))
 		],
 		routes: [
 			{

package/build/server/manifest.js.map

@@ -1 +1 @@
-{"version":3,"file":"manifest.js","sources":["../../.svelte-kit/adapter-node/manifest.js"],"sourcesContent":["export const manifest = (() => {\nfunction __memo(fn) {\n\tlet value;\n\treturn () => value ??= (value = fn());\n}\n\nreturn {\n\tappDir: \"_app\",\n\tappPath: \"_app\",\n\tassets: new Set([\"icons/brands.svg\",\"icons/light.svg\",\"icons/regular.svg\",\"icons/solid.svg\",\"styles.css\"]),\n\tmimeTypes: {\".svg\":\"image/svg+xml\",\".css\":\"text/css\"},\n\t_: {\n\t\tclient: {start:\"_app/immutable/entry/start.B8r-M4qY.js\",app:\"_app/immutable/entry/app.CYeEqzuG.js\",imports:[\"_app/immutable/entry/start.B8r-M4qY.js\",\"_app/immutable/chunks/Ccv5p-Lr.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/entry/app.CYeEqzuG.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/chunks/DsnmJJEf.js\",\"_app/immutable/chunks/ct9jA5hl.js\"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},\n\t\tnodes: [\n\t\t\t__memo(() => import('./nodes/0.js')),\n\t\t\t__memo(() => import('./nodes/1.js')),\n\t\t\t__memo(() => import('./nodes/2.js')),\n\t\t\t__memo(() => import('./nodes/3.js')),\n\t\t\t__memo(() => import('./nodes/4.js')),\n\t\t\t__memo(() => import('./nodes/5.js')),\n\t\t\t__memo(() => import('./nodes/6.js'))\n\t\t],\n\t\troutes: [\n\t\t\t{\n\t\t\t\tid: \"/_axium/default\",\n\t\t\t\tpattern: /^\\/_axium\\/default\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 2 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/account\",\n\t\t\t\tpattern: /^\\/account\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 3 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/login\",\n\t\t\t\tpattern: /^\\/login\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 4 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/logout\",\n\t\t\t\tpattern: /^\\/logout\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 5 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/register\",\n\t\t\t\tpattern: /^\\/register\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 6 },\n\t\t\t\tendpoint: null\n\t\t\t}\n\t\t],\n\t\tprerendered_routes: new Set([]),\n\t\tmatchers: async () => {\n\t\t\t\n\t\t\treturn {  };\n\t\t},\n\t\tserver_assets: {}\n\t}\n}\n})();\n\nexport const prerendered = new Set([]);\n\nexport const base = \"\";"],"names":[],"mappings":"AAAY,MAAC,QAAQ,GAAG,CAAC,MAAM;AAC/B,SAAS,MAAM,CAAC,EAAE,EAAE;AACpB,CAAC,IAAI,KAAK;AACV,CAAC,OAAO,MAAM,KAAK,MAAM,KAAK,GAAG,EAAE,EAAE,CAAC;AACtC;;AAEA,OAAO;AACP,CAAC,MAAM,EAAE,MAAM;AACf,CAAC,OAAO,EAAE,MAAM;AAChB,CAAC,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAC3G,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC;AACtD,CAAC,CAAC,EAAE;AACJ,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,wCAAwC,CAAC,GAAG,CAAC,sCAAsC,CAAC,OAAO,CAAC,CAAC,wCAAwC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,sCAAsC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,CAAC;AACzjB,EAAE,KAAK,EAAE;AACT,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC;AACtC,GAAG;AACH,EAAE,MAAM,EAAE;AACV,GAAG;AACH,IAAI,EAAE,EAAE,iBAAiB;AACzB,IAAI,OAAO,EAAE,wBAAwB;AACrC,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,UAAU;AAClB,IAAI,OAAO,EAAE,gBAAgB;AAC7B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,QAAQ;AAChB,IAAI,OAAO,EAAE,cAAc;AAC3B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,SAAS;AACjB,IAAI,OAAO,EAAE,eAAe;AAC5B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,WAAW;AACnB,IAAI,OAAO,EAAE,iBAAiB;AAC9B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd;AACA,GAAG;AACH,EAAE,kBAAkB,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC;AACjC,EAAE,QAAQ,EAAE,YAAY;AACxB;AACA,GAAG,OAAO,IAAI;AACd,EAAE,CAAC;AACH,EAAE,aAAa,EAAE;AACjB;AACA;AACA,CAAC;;AAEW,MAAC,WAAW,GAAG,IAAI,GAAG,CAAC,EAAE;;AAEzB,MAAC,IAAI,GAAG;;;;"}
+{"version":3,"file":"manifest.js","sources":["../../.svelte-kit/adapter-node/manifest.js"],"sourcesContent":["export const manifest = (() => {\nfunction __memo(fn) {\n\tlet value;\n\treturn () => value ??= (value = fn());\n}\n\nreturn {\n\tappDir: \"_app\",\n\tappPath: \"_app\",\n\tassets: new Set([\"icons/brands.svg\",\"icons/light.svg\",\"icons/regular.svg\",\"icons/solid.svg\",\"styles.css\"]),\n\tmimeTypes: {\".svg\":\"image/svg+xml\",\".css\":\"text/css\"},\n\t_: {\n\t\tclient: {start:\"_app/immutable/entry/start.CkXOtoPI.js\",app:\"_app/immutable/entry/app.Bexu3pho.js\",imports:[\"_app/immutable/entry/start.CkXOtoPI.js\",\"_app/immutable/chunks/DQ-d8a5w.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/entry/app.Bexu3pho.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/chunks/DsnmJJEf.js\",\"_app/immutable/chunks/ct9jA5hl.js\"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},\n\t\tnodes: [\n\t\t\t__memo(() => import('./nodes/0.js')),\n\t\t\t__memo(() => import('./nodes/1.js')),\n\t\t\t__memo(() => import('./nodes/2.js')),\n\t\t\t__memo(() => import('./nodes/3.js')),\n\t\t\t__memo(() => import('./nodes/4.js')),\n\t\t\t__memo(() => import('./nodes/5.js')),\n\t\t\t__memo(() => import('./nodes/6.js'))\n\t\t],\n\t\troutes: [\n\t\t\t{\n\t\t\t\tid: \"/_axium/default\",\n\t\t\t\tpattern: /^\\/_axium\\/default\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 2 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/account\",\n\t\t\t\tpattern: /^\\/account\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 3 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/login\",\n\t\t\t\tpattern: /^\\/login\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 4 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/logout\",\n\t\t\t\tpattern: /^\\/logout\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 5 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/register\",\n\t\t\t\tpattern: /^\\/register\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 6 },\n\t\t\t\tendpoint: null\n\t\t\t}\n\t\t],\n\t\tprerendered_routes: new Set([]),\n\t\tmatchers: async () => {\n\t\t\t\n\t\t\treturn {  };\n\t\t},\n\t\tserver_assets: {}\n\t}\n}\n})();\n\nexport const prerendered = new Set([]);\n\nexport const base = \"\";"],"names":[],"mappings":"AAAY,MAAC,QAAQ,GAAG,CAAC,MAAM;AAC/B,SAAS,MAAM,CAAC,EAAE,EAAE;AACpB,CAAC,IAAI,KAAK;AACV,CAAC,OAAO,MAAM,KAAK,MAAM,KAAK,GAAG,EAAE,EAAE,CAAC;AACtC;;AAEA,OAAO;AACP,CAAC,MAAM,EAAE,MAAM;AACf,CAAC,OAAO,EAAE,MAAM;AAChB,CAAC,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAC3G,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC;AACtD,CAAC,CAAC,EAAE;AACJ,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,wCAAwC,CAAC,GAAG,CAAC,sCAAsC,CAAC,OAAO,CAAC,CAAC,wCAAwC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,sCAAsC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,CAAC;AACzjB,EAAE,KAAK,EAAE;AACT,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC;AACtC,GAAG;AACH,EAAE,MAAM,EAAE;AACV,GAAG;AACH,IAAI,EAAE,EAAE,iBAAiB;AACzB,IAAI,OAAO,EAAE,wBAAwB;AACrC,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,UAAU;AAClB,IAAI,OAAO,EAAE,gBAAgB;AAC7B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,QAAQ;AAChB,IAAI,OAAO,EAAE,cAAc;AAC3B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,SAAS;AACjB,IAAI,OAAO,EAAE,eAAe;AAC5B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,WAAW;AACnB,IAAI,OAAO,EAAE,iBAAiB;AAC9B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd;AACA,GAAG;AACH,EAAE,kBAAkB,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC;AACjC,EAAE,QAAQ,EAAE,YAAY;AACxB;AACA,GAAG,OAAO,IAAI;AACd,EAAE,CAAC;AACH,EAAE,aAAa,EAAE;AACjB;AACA;AACA,CAAC;;AAEW,MAAC,WAAW,GAAG,IAAI,GAAG,CAAC,EAAE;;AAEzB,MAAC,IAAI,GAAG;;;;"}

package/dist/acl.d.ts

@@ -0,0 +1,54 @@
+import type { AccessControl, Permission } from '@axium/core';
+import type { ExpressionBuilder } from 'kysely';
+import { type Selectable } from 'kysely';
+import type { UserInternal } from './auth.js';
+import * as db from './database.js';
+interface AccessControllable {
+    userId: string;
+    publicPermission: Permission;
+}
+type _TableNames = (string & keyof db.Schema) & keyof {
+    [K in Exclude<keyof db.Schema, `acl.${string}`> as Selectable<db.Schema[K]> extends Omit<AccessControllable, 'acl'> ? K : never]: null;
+};
+/**
+ * `never` causes a ton of problems, so we use `string` if none of the tables are shareable.
+ */
+export type AccessControllableTableName = _TableNames extends never ? keyof db.Schema : _TableNames;
+export interface AccessControlInternal extends AccessControl {
+    user?: UserInternal;
+}
+export declare const ACLTypes: {
+    userId: {
+        type: string;
+        required: true;
+    };
+    createdAt: {
+        type: string;
+        required: true;
+        hasDefault: true;
+    };
+    itemId: {
+        type: string;
+        required: true;
+    };
+    permission: {
+        type: string;
+        required: true;
+        hasDefault: true;
+    };
+};
+/**
+ * Adds an Access Control List (ACL) in the database for managing access to rows in an existing table.
+ * @category Plugin API
+ */
+export declare function createACL(table: AccessControllableTableName): Promise<void>;
+export declare function dropACL(table: AccessControllableTableName): Promise<void>;
+export declare function wipeACL(table: AccessControllableTableName): Promise<void>;
+export declare function createEntry(itemType: AccessControllableTableName, data: Omit<AccessControl, 'createdAt'>): Promise<AccessControlInternal>;
+export declare function deleteEntry(itemType: AccessControllableTableName, itemId: string, userId: string): Promise<void>;
+/**
+ * Helper to select all shares for a given table, including the user information.
+ */
+export declare function sharesFrom(table: AccessControllableTableName): (eb: ExpressionBuilder<db.Schema, any>) => import("kysely").AliasedRawBuilder<Required<AccessControl>[], "shares">;
+export declare function getShares(itemType: AccessControllableTableName, itemId: string): Promise<Required<AccessControlInternal>[]>;
+export {};

package/dist/acl.js

@@ -0,0 +1,63 @@
+import { sql } from 'kysely';
+import { jsonArrayFrom } from 'kysely/helpers/postgres';
+import * as db from './database.js';
+import * as io from './io.js';
+const accessControllableTypes = {
+    userId: { type: 'uuid' },
+    publicPermission: { type: 'int4' },
+};
+export const ACLTypes = {
+    userId: { type: 'uuid', required: true },
+    createdAt: { type: 'timestamptz', required: true, hasDefault: true },
+    itemId: { type: 'uuid', required: true },
+    permission: { type: 'int4', required: true, hasDefault: true },
+};
+/**
+ * Adds an Access Control List (ACL) in the database for managing access to rows in an existing table.
+ * @category Plugin API
+ */
+export async function createACL(table) {
+    await db.checkTableTypes(table, accessControllableTypes, { strict: true, extra: false });
+    io.start(`Creating table acl.${table}`);
+    await db.database.schema
+        .createTable(`acl.${table}`)
+        .addColumn('userId', 'uuid', col => col.references('users.id').onDelete('cascade'))
+        .addColumn('itemId', 'uuid', col => col.references(`${table}.id`).onDelete('cascade'))
+        .addPrimaryKeyConstraint('PK_acl_' + table, ['userId', 'itemId'])
+        .addColumn('createdAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
+        .addColumn('permission', 'integer', col => col.notNull().check(sql `permission >= 0 AND permission <= 5`))
+        .execute()
+        .then(io.done)
+        .catch(db.warnExists);
+    await db.createIndex(`acl.${table}`, 'userId');
+    await db.createIndex(`acl.${table}`, 'itemId');
+}
+export async function dropACL(table) {
+    io.start(`Dropping table acl.${table}`);
+    await db.database.schema.dropTable(`acl.${table}`).execute().then(io.done).catch(db.warnExists);
+}
+export async function wipeACL(table) {
+    io.start(`Wiping table acl.${table}`);
+    await db.database.deleteFrom(`acl.${table}`).execute().then(io.done).catch(db.warnExists);
+}
+export async function createEntry(itemType, data) {
+    return await db.database.insertInto(`acl.${itemType}`).values(data).returningAll().executeTakeFirstOrThrow();
+}
+export async function deleteEntry(itemType, itemId, userId) {
+    await db.database.deleteFrom(`acl.${itemType}`).where('itemId', '=', itemId).where('userId', '=', userId).execute();
+}
+/**
+ * Helper to select all shares for a given table, including the user information.
+ */
+export function sharesFrom(table) {
+    return (eb) => jsonArrayFrom(eb
+        .selectFrom(`acl.${table} as _acl`)
+        .selectAll()
+        .select(db.userFromId)
+        .whereRef(`_acl.itemId`, '=', `${table}.id`))
+        .$castTo()
+        .as('shares');
+}
+export async function getShares(itemType, itemId) {
+    return await db.database.selectFrom(`acl.${itemType}`).where('itemId', '=', itemId).selectAll().select(db.userFromId).execute();
+}

package/dist/api/acl.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/api/acl.js

@@ -0,0 +1,21 @@
+import * as z from 'zod';
+import { addRoute } from '../routes.js';
+import { parseBody, withError } from '../requests.js';
+import { createEntry } from '../acl.js';
+addRoute({
+    path: '/api/acl/:itemType/:itemId',
+    params: {
+        itemType: z.string(),
+        itemId: z.uuid(),
+    },
+    async PUT(event) {
+        const type = event.params.itemType;
+        const itemId = event.params.itemId;
+        const data = await parseBody(event, z.object({
+            userId: z.uuid(),
+            permission: z.number().int().min(0).max(5),
+        }));
+        const share = await createEntry(type, { ...data, itemId }).catch(withError('Failed to create access control'));
+        return share;
+    },
+});

package/dist/api/passkeys.js

@@ -1,7 +1,7 @@
 import { PasskeyChangeable } from '@axium/core/schemas';
 import { error } from '@sveltejs/kit';
 import { omit } from 'utilium';
-import z from 'zod';
+import * as z from 'zod';
 import { getPasskey } from '../auth.js';
 import { database as db } from '../database.js';
 import { addRoute } from '../routes.js';

package/dist/api/register.js

@@ -2,7 +2,7 @@ import { APIUserRegistration } from '@axium/core/schemas';
 import { generateRegistrationOptions, verifyRegistrationResponse } from '@simplewebauthn/server';
 import { error } from '@sveltejs/kit';
 import { randomUUID } from 'node:crypto';
-import z from 'zod';
+import * as z from 'zod';
 import { createPasskey, getUser } from '../auth.js';
 import config from '../config.js';
 import { database as db } from '../database.js';

package/dist/api/users.js

@@ -1,14 +1,14 @@
 import { LogoutSessions, PasskeyAuthenticationResponse, PasskeyRegistration, UserAuthOptions } from '@axium/core/schemas';
 import { UserChangeable } from '@axium/core/user';
-import { generateAuthenticationOptions, generateRegistrationOptions, verifyAuthenticationResponse, verifyRegistrationResponse, } from '@simplewebauthn/server';
+import * as webauthn from '@simplewebauthn/server';
 import { error } from '@sveltejs/kit';
 import { omit, pick } from 'utilium';
-import z from 'zod';
-import { createPasskey, createVerification, getPasskey, getPasskeysByUserId, getSessions, getUser, useVerification, } from '../auth.js';
+import * as z from 'zod';
+import { createPasskey, createVerification, getPasskey, getPasskeysByUserId, getSessions, getUser, useVerification } from '../auth.js';
 import { config } from '../config.js';
 import { connect, database as db } from '../database.js';
-import { addRoute } from '../routes.js';
 import { checkAuth, createSessionData, parseBody, stripUser, withError } from '../requests.js';
+import { addRoute } from '../routes.js';
 const challenges = new Map();
 const params = { id: z.uuid() };
 /**
@@ -33,9 +33,9 @@ addRoute({
     params,
     async GET(event) {
         const userId = event.params.id;
-        const authed = await checkAuth(event, userId).catch(() => null);
-        const user = authed?.user || (await getUser(userId).catch(withError('User does not exist', 404)));
-        return stripUser(user, !!authed);
+        const auth = await checkAuth(event, userId).catch(() => null);
+        const user = auth?.user || (await getUser(userId).catch(withError('User does not exist', 404)));
+        return stripUser(user, !!auth);
     },
     async PATCH(event) {
         const userId = event.params.id;
@@ -87,7 +87,7 @@ addRoute({
         const passkeys = await getPasskeysByUserId(userId);
         if (!passkeys)
             error(409, { message: 'No passkeys exists for this user' });
-        const options = await generateAuthenticationOptions({
+        const options = await webauthn.generateAuthenticationOptions({
             rpID: config.auth.rp_id,
             allowCredentials: passkeys.map(passkey => pick(passkey, 'id', 'transports')),
         });
@@ -105,13 +105,15 @@ addRoute({
         const passkey = await getPasskey(response.id).catch(withError('Passkey does not exist', 404));
         if (passkey.userId !== userId)
             error(403, { message: 'Passkey does not belong to this user' });
-        const { verified } = await verifyAuthenticationResponse({
+        const { verified } = await webauthn
+            .verifyAuthenticationResponse({
             response,
             credential: passkey,
             expectedChallenge,
             expectedOrigin: config.auth.origin,
             expectedRPID: config.auth.rp_id,
-        }).catch(withError('Verification failed', 400));
+        })
+            .catch(withError('Verification failed', 400));
         if (!verified)
             error(401, { message: 'Verification failed' });
         switch (type) {
@@ -136,7 +138,7 @@ addRoute({
         const userId = event.params.id;
         const existing = await getPasskeysByUserId(userId);
         const { user } = await checkAuth(event, userId);
-        const options = await generateRegistrationOptions({
+        const options = await webauthn.generateRegistrationOptions({
             rpName: config.auth.rp_name,
             rpID: config.auth.rp_id,
             userName: userId,
@@ -172,11 +174,13 @@ addRoute({
         if (!expectedChallenge)
             error(404, { message: 'No registration challenge found for this user' });
         registrations.delete(userId);
-        const { verified, registrationInfo } = await verifyRegistrationResponse({
+        const { verified, registrationInfo } = await webauthn
+            .verifyRegistrationResponse({
             response,
             expectedChallenge,
             expectedOrigin: config.auth.origin,
-        }).catch(withError('Verification failed', 400));
+        })
+            .catch(withError('Verification failed', 400));
         if (!verified || !registrationInfo)
             error(401, { message: 'Verification failed' });
         const passkey = await createPasskey({

package/dist/auth.js

@@ -1,5 +1,6 @@
 import { randomBytes, randomUUID } from 'node:crypto';
 import { connect, database as db, userFromId } from './database.js';
+import { getToken } from './requests.js';
 export async function getUser(id) {
     connect();
     return await db.selectFrom('users').selectAll().where('id', '=', id).executeTakeFirstOrThrow();

package/dist/cli.js

@@ -58,7 +58,7 @@ import { join } from 'node:path/posix';
 import { createInterface } from 'node:readline/promises';
 import { styleText } from 'node:util';
 import { getByString, isJSON, setByString } from 'utilium';
-import z from 'zod';
+import * as z from 'zod';
 import $pkg from '../package.json' with { type: 'json' };
 import { apps } from './apps.js';
 import config, { configFiles, FileSchema, saveConfigTo } from './config.js';
@@ -105,6 +105,7 @@ const opts = {
         config.db.host = hostname || config.db.host;
         config.db.port = port && Number.isSafeInteger(parseInt(port)) ? parseInt(port) : config.db.port;
     }),
+    check: new Option('--check', 'check the database schema after initialization').default(false),
     force: new Option('-f, --force', 'force the operation').default(false),
     global: new Option('-g, --global', 'apply the operation globally').default(false),
     timeout: new Option('-t, --timeout <ms>', 'how long to wait for commands to complete.').default('1000').argParser(value => {
@@ -120,7 +121,9 @@ axiumDB
     .description('Initialize the database')
     .addOption(opts.force)
     .option('-s, --skip', 'If the user, database, or schema already exists, skip trying to create it.')
-    .action(async (opt) => {
+    .addOption(opts.check)
+    .action(async (_localOpts, _) => {
+    const opt = _.optsWithGlobals();
     await db.init(opt).catch(handleError);
 });
 axiumDB
@@ -129,7 +132,7 @@ axiumDB
     .description('Check the status of the database')
     .action(async () => {
     try {
-        console.log(await db.statusText());
+        console.log(await db.statText());
     }
     catch {
         output.error('Unavailable');
@@ -147,7 +150,7 @@ axiumDB
     const env_1 = { stack: [], error: void 0, hasError: false };
     try {
         const _ = __addDisposableResource(env_1, db.connect(), true);
-        const stats = await db.status().catch(exit);
+        const stats = await db.count('users', 'passkeys', 'sessions').catch(exit);
         if (!opt.force)
             for (const key of ['users', 'passkeys', 'sessions']) {
                 if (stats[key] == 0)
@@ -175,7 +178,7 @@ axiumDB
     const env_2 = { stack: [], error: void 0, hasError: false };
     try {
         const _ = __addDisposableResource(env_2, db.connect(), true);
-        const stats = await db.status().catch(exit);
+        const stats = await db.count('users', 'passkeys', 'sessions').catch(exit);
         if (!opt.force)
             for (const key of ['users', 'passkeys', 'sessions']) {
                 if (stats[key] == 0)
@@ -198,6 +201,7 @@ axiumDB
 axiumDB
     .command('check')
     .description('Check the structure of the database')
+    .option('-s, --strict', 'Throw errors instead of emitting warnings for most column problems')
     .action(async (opt) => {
     await db.check(opt).catch(exit);
 });
@@ -283,7 +287,7 @@ axiumConfig
     const schema = z.toJSONSchema(FileSchema, { io: 'input' });
     console.log(opt.json ? JSON.stringify(schema, configReplacer(opt), 4) : schema);
 });
-const axiumPlugin = program.command('plugins').description('Manage plugins').addOption(opts.global);
+const axiumPlugin = program.command('plugin').alias('plugins').description('Manage plugins').addOption(opts.global);
 axiumPlugin
     .command('list')
     .alias('ls')
@@ -329,7 +333,7 @@ axiumPlugin
             exit(`Can't find a plugin matching "${search}"`);
         const specifier = getSpecifier(plugin);
         const _ = __addDisposableResource(env_4, db.connect(), true);
-        await plugin.hooks.remove?.(opt, db.database);
+        await plugin.hooks.remove?.(opt);
         for (const [path, data] of configFiles) {
             if (!data.plugins)
                 continue;
@@ -354,6 +358,7 @@ axiumPlugin
     .alias('install')
     .description('Initialize a plugin. This could include adding tables to the database or linking routes.')
     .addOption(opts.timeout)
+    .addOption(opts.check)
     .argument('<plugin>', 'the plugin to initialize')
     .action(async (search, opt) => {
     const env_5 = { stack: [], error: void 0, hasError: false };
@@ -362,7 +367,7 @@ axiumPlugin
         if (!plugin)
             exit(`Can't find a plugin matching "${search}"`);
         const _ = __addDisposableResource(env_5, db.connect(), true);
-        await plugin.hooks.db_init?.({ force: false, ...opt, skip: true }, db.database);
+        await plugin.hooks.db_init?.({ force: false, ...opt, skip: true });
     }
     catch (e_5) {
         env_5.error = e_5;
@@ -568,7 +573,7 @@ program
         process.stdout.write(styleText('whiteBright', 'Database: '));
         const _ = __addDisposableResource(env_9, db.connect(), true);
         try {
-            console.log(await db.statusText());
+            console.log(await db.statText());
         }
         catch {
             output.error('Unavailable');
@@ -607,6 +612,7 @@ program
     .description('Install Axium server')
     .addOption(opts.force)
     .addOption(opts.host)
+    .addOption(opts.check)
     .action(async (opt) => {
     await db.init({ ...opt, skip: opt.dbSkip }).catch(handleError);
     await restrictedPorts({ method: 'node-cap', action: 'enable' }).catch(handleError);

package/dist/database.d.ts

@@ -1,4 +1,4 @@
-import type { Preferences } from '@axium/core';
+import type { Permission, Preferences } from '@axium/core';
 import type { AuthenticatorTransportFuture, CredentialDeviceType } from '@simplewebauthn/server';
 import type * as kysely from 'kysely';
 import { Kysely } from 'kysely';
@@ -41,37 +41,81 @@ export interface Schema {
         backedUp: boolean;
         transports: AuthenticatorTransportFuture[];
     };
+    [key: `acl.${string}`]: {
+        itemId: string;
+        userId: string;
+        createdAt: kysely.GeneratedAlways<Date>;
+        permission: Permission;
+    };
 }
 export type Database = Kysely<Schema> & AsyncDisposable;
 export declare let database: Database;
 export declare function connect(): Database;
-export declare function count<const T extends keyof Schema>(table: T): Promise<number>;
+export declare function count<const TB extends keyof Schema>(...tables: TB[]): Promise<{
+    [K in TB]: number;
+}>;
 export type TablesMatching<T> = (string & keyof Schema) & keyof {
     [K in keyof Schema as Schema[K] extends T ? K : never]: null;
 };
 /**
  * Select the user with the id from the userId column of a table, placing it in the `user` property.
  */
-export declare function userFromId(eb: kysely.ExpressionBuilder<Schema, any>): kysely.AliasedRawBuilder<UserInternal, 'user'>;
+export declare function userFromId(eb: kysely.ExpressionBuilder<Schema, TablesMatching<{
+    userId: string;
+}>>): kysely.AliasedRawBuilder<UserInternal, 'user'>;
 export interface Stats {
     users: number;
     passkeys: number;
     sessions: number;
 }
-export declare function status(): Promise<Stats>;
-export declare function statusText(): Promise<string>;
+export declare function statText(): Promise<string>;
 export interface OpOptions {
-    force: boolean;
+    force?: boolean;
 }
 export interface InitOptions extends OpOptions {
     skip: boolean;
+    check: boolean;
 }
 export declare function shouldRecreate(opt: InitOptions): boolean;
 export declare function getHBA(opt: OpOptions): Promise<[content: string, writeBack: (newContent: string) => void]>;
 /** Shortcut to output a warning if an error is thrown because relation already exists */
 export declare const warnExists: (error: string | Error) => void;
+export declare function createIndex(table: string, column: string, mod?: (ib: kysely.CreateIndexBuilder<string>) => kysely.CreateIndexBuilder<string>): Promise<void>;
 export declare function init(opt: InitOptions): Promise<void>;
-export declare function check(opt: OpOptions): Promise<void>;
+/**
+ * Expected column types for a table in the database.
+ */
+export type ColumnTypes<TableSchema extends object> = {
+    [K in keyof TableSchema & string]: {
+        type: string;
+        required?: boolean;
+        hasDefault?: boolean;
+    };
+};
+type _Expected = {
+    [K in keyof Schema & string]: ColumnTypes<Schema[K]>;
+};
+export interface ExpectedSchema extends _Expected {
+}
+export declare const expectedTypes: ExpectedSchema;
+export interface CheckOptions extends OpOptions {
+    /** Whether to throw an error instead of emitting a warning on most column issues */
+    strict?: boolean;
+    /**
+     * Memoized introspection table metadata.
+     * @internal @hidden
+     */
+    _metadata?: kysely.TableMetadata[];
+    /**
+     * Whether to check for extra columns.
+     */
+    extra?: boolean;
+}
+/**
+ * Checks that a table has the expected column types, nullability, and default values.
+ */
+export declare function checkTableTypes<TB extends keyof Schema & string>(tableName: TB, types: ColumnTypes<Schema[TB]>, opt: CheckOptions): Promise<void>;
+export declare function check(opt: CheckOptions): Promise<void>;
 export declare function clean(opt: Partial<OpOptions>): Promise<void>;
 /**
  * Completely remove Axium from the database.
@@ -82,3 +126,4 @@ export declare function uninstall(opt: OpOptions): Promise<void>;
  */
 export declare function wipe(opt: OpOptions): Promise<void>;
 export declare function rotatePassword(): Promise<void>;
+export {};