npm - @axium/server - Versions diffs - 0.17.0 → 0.18.0 - Mend

@axium/server 0.17.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (86) hide show

package/build/server/manifest.js CHANGED Viewed

@@ -10,15 +10,15 @@ return {
 	assets: new Set(["icons/brands.svg","icons/light.svg","icons/regular.svg","icons/solid.svg","styles.css"]),
 	mimeTypes: {".svg":"image/svg+xml",".css":"text/css"},
 	_: {
-		client: {start:"_app/immutable/entry/start.CkXOtoPI.js",app:"_app/immutable/entry/app.Bexu3pho.js",imports:["_app/immutable/entry/start.CkXOtoPI.js","_app/immutable/chunks/DQ-d8a5w.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/entry/app.Bexu3pho.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/chunks/DsnmJJEf.js","_app/immutable/chunks/ct9jA5hl.js"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},
+		client: {start:"_app/immutable/entry/start.CpRP1d0a.js",app:"_app/immutable/entry/app.J50e72uV.js",imports:["_app/immutable/entry/start.CpRP1d0a.js","_app/immutable/chunks/Bhc2cIbs.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/entry/app.J50e72uV.js","_app/immutable/chunks/B3bf7yrh.js","_app/immutable/chunks/D5lcOOwR.js","_app/immutable/chunks/DCs3KlJy.js","_app/immutable/chunks/DsnmJJEf.js","_app/immutable/chunks/ct9jA5hl.js"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},
 		nodes: [
 			__memo(() => import('./chunks/0-CUfr8UwD.js')),
-			__memo(() => import('./chunks/1-Db3AncWW.js')),
+			__memo(() => import('./chunks/1-Bg_TotRw.js')),
 			__memo(() => import('./chunks/2-c1bljkMr.js')),
-			__memo(() => import('./chunks/3-BzEpIldk.js')),
-			__memo(() => import('./chunks/4-J7bxt5HT.js')),
-			__memo(() => import('./chunks/5-uwjgYAk8.js')),
-			__memo(() => import('./chunks/6-Cj4cg3MT.js'))
+			__memo(() => import('./chunks/3-BjeVNwGc.js')),
+			__memo(() => import('./chunks/4-B_CUNdkn.js')),
+			__memo(() => import('./chunks/5-DTv8qrfa.js')),
+			__memo(() => import('./chunks/6-Cvu6ZsHJ.js'))
 		],
 		routes: [
 			{

package/build/server/manifest.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"manifest.js","sources":["../../.svelte-kit/adapter-node/manifest.js"],"sourcesContent":["export const manifest = (() => {\nfunction __memo(fn) {\n\tlet value;\n\treturn () => value ??= (value = fn());\n}\n\nreturn {\n\tappDir: \"_app\",\n\tappPath: \"_app\",\n\tassets: new Set([\"icons/brands.svg\",\"icons/light.svg\",\"icons/regular.svg\",\"icons/solid.svg\",\"styles.css\"]),\n\tmimeTypes: {\".svg\":\"image/svg+xml\",\".css\":\"text/css\"},\n\t_: {\n\t\tclient: {start:\"_app/immutable/entry/start.~~CkXOtoPI~~.js\",app:\"_app/immutable/entry/app.~~Bexu3pho~~.js\",imports:[\"_app/immutable/entry/start.~~CkXOtoPI~~.js\",\"_app/immutable/chunks/~~DQ-d8a5w~~.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/entry/app.~~Bexu3pho~~.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/chunks/DsnmJJEf.js\",\"_app/immutable/chunks/ct9jA5hl.js\"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},\n\t\tnodes: [\n\t\t\t__memo(() => import('./nodes/0.js')),\n\t\t\t__memo(() => import('./nodes/1.js')),\n\t\t\t__memo(() => import('./nodes/2.js')),\n\t\t\t__memo(() => import('./nodes/3.js')),\n\t\t\t__memo(() => import('./nodes/4.js')),\n\t\t\t__memo(() => import('./nodes/5.js')),\n\t\t\t__memo(() => import('./nodes/6.js'))\n\t\t],\n\t\troutes: [\n\t\t\t{\n\t\t\t\tid: \"/_axium/default\",\n\t\t\t\tpattern: /^\\/_axium\\/default\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 2 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/account\",\n\t\t\t\tpattern: /^\\/account\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 3 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/login\",\n\t\t\t\tpattern: /^\\/login\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 4 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/logout\",\n\t\t\t\tpattern: /^\\/logout\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 5 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/register\",\n\t\t\t\tpattern: /^\\/register\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 6 },\n\t\t\t\tendpoint: null\n\t\t\t}\n\t\t],\n\t\tprerendered_routes: new Set([]),\n\t\tmatchers: async () => {\n\t\t\t\n\t\t\treturn { };\n\t\t},\n\t\tserver_assets: {}\n\t}\n}\n})();\n\nexport const prerendered = new Set([]);\n\nexport const base = \"\";"],"names":[],"mappings":"AAAY,MAAC,QAAQ,GAAG,CAAC,MAAM;AAC/B,SAAS,MAAM,CAAC,EAAE,EAAE;AACpB,CAAC,IAAI,KAAK;AACV,CAAC,OAAO,MAAM,KAAK,MAAM,KAAK,GAAG,EAAE,EAAE,CAAC;AACtC;;AAEA,OAAO;AACP,CAAC,MAAM,EAAE,MAAM;AACf,CAAC,OAAO,EAAE,MAAM;AAChB,CAAC,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAC3G,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC;AACtD,CAAC,CAAC,EAAE;AACJ,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,wCAAwC,CAAC,GAAG,CAAC,sCAAsC,CAAC,OAAO,CAAC,CAAC,wCAAwC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,sCAAsC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,CAAC;AACzjB,EAAE,KAAK,EAAE;AACT,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC;AACtC,GAAG;AACH,EAAE,MAAM,EAAE;AACV,GAAG;AACH,IAAI,EAAE,EAAE,iBAAiB;AACzB,IAAI,OAAO,EAAE,wBAAwB;AACrC,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,UAAU;AAClB,IAAI,OAAO,EAAE,gBAAgB;AAC7B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,QAAQ;AAChB,IAAI,OAAO,EAAE,cAAc;AAC3B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,SAAS;AACjB,IAAI,OAAO,EAAE,eAAe;AAC5B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,WAAW;AACnB,IAAI,OAAO,EAAE,iBAAiB;AAC9B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd;AACA,GAAG;AACH,EAAE,kBAAkB,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC;AACjC,EAAE,QAAQ,EAAE,YAAY;AACxB;AACA,GAAG,OAAO,IAAI;AACd,EAAE,CAAC;AACH,EAAE,aAAa,EAAE;AACjB;AACA;AACA,CAAC;;AAEW,MAAC,WAAW,GAAG,IAAI,GAAG,CAAC,EAAE;;AAEzB,MAAC,IAAI,GAAG;;;;"}
1	+ {"version":3,"file":"manifest.js","sources":["../../.svelte-kit/adapter-node/manifest.js"],"sourcesContent":["export const manifest = (() => {\nfunction __memo(fn) {\n\tlet value;\n\treturn () => value ??= (value = fn());\n}\n\nreturn {\n\tappDir: \"_app\",\n\tappPath: \"_app\",\n\tassets: new Set([\"icons/brands.svg\",\"icons/light.svg\",\"icons/regular.svg\",\"icons/solid.svg\",\"styles.css\"]),\n\tmimeTypes: {\".svg\":\"image/svg+xml\",\".css\":\"text/css\"},\n\t_: {\n\t\tclient: {start:\"_app/immutable/entry/start.CpRP1d0a.js\",app:\"_app/immutable/entry/app.J50e72uV.js\",imports:[\"_app/immutable/entry/start.CpRP1d0a.js\",\"_app/immutable/chunks/Bhc2cIbs.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/entry/app.J50e72uV.js\",\"_app/immutable/chunks/B3bf7yrh.js\",\"_app/immutable/chunks/D5lcOOwR.js\",\"_app/immutable/chunks/DCs3KlJy.js\",\"_app/immutable/chunks/DsnmJJEf.js\",\"_app/immutable/chunks/ct9jA5hl.js\"],stylesheets:[],fonts:[],uses_env_dynamic_public:false},\n\t\tnodes: [\n\t\t\t__memo(() => import('./nodes/0.js')),\n\t\t\t__memo(() => import('./nodes/1.js')),\n\t\t\t__memo(() => import('./nodes/2.js')),\n\t\t\t__memo(() => import('./nodes/3.js')),\n\t\t\t__memo(() => import('./nodes/4.js')),\n\t\t\t__memo(() => import('./nodes/5.js')),\n\t\t\t__memo(() => import('./nodes/6.js'))\n\t\t],\n\t\troutes: [\n\t\t\t{\n\t\t\t\tid: \"/_axium/default\",\n\t\t\t\tpattern: /^\\/_axium\\/default\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 2 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/account\",\n\t\t\t\tpattern: /^\\/account\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 3 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/login\",\n\t\t\t\tpattern: /^\\/login\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 4 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/logout\",\n\t\t\t\tpattern: /^\\/logout\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 5 },\n\t\t\t\tendpoint: null\n\t\t\t},\n\t\t\t{\n\t\t\t\tid: \"/register\",\n\t\t\t\tpattern: /^\\/register\\/?$/,\n\t\t\t\tparams: [],\n\t\t\t\tpage: { layouts: [0,], errors: [1,], leaf: 6 },\n\t\t\t\tendpoint: null\n\t\t\t}\n\t\t],\n\t\tprerendered_routes: new Set([]),\n\t\tmatchers: async () => {\n\t\t\t\n\t\t\treturn { };\n\t\t},\n\t\tserver_assets: {}\n\t}\n}\n})();\n\nexport const prerendered = new Set([]);\n\nexport const base = \"\";"],"names":[],"mappings":"AAAY,MAAC,QAAQ,GAAG,CAAC,MAAM;AAC/B,SAAS,MAAM,CAAC,EAAE,EAAE;AACpB,CAAC,IAAI,KAAK;AACV,CAAC,OAAO,MAAM,KAAK,MAAM,KAAK,GAAG,EAAE,EAAE,CAAC;AACtC;;AAEA,OAAO;AACP,CAAC,MAAM,EAAE,MAAM;AACf,CAAC,OAAO,EAAE,MAAM;AAChB,CAAC,MAAM,EAAE,IAAI,GAAG,CAAC,CAAC,kBAAkB,CAAC,iBAAiB,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,YAAY,CAAC,CAAC;AAC3G,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC;AACtD,CAAC,CAAC,EAAE;AACJ,EAAE,MAAM,EAAE,CAAC,KAAK,CAAC,wCAAwC,CAAC,GAAG,CAAC,sCAAsC,CAAC,OAAO,CAAC,CAAC,wCAAwC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,sCAAsC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,mCAAmC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,uBAAuB,CAAC,KAAK,CAAC;AACzjB,EAAE,KAAK,EAAE;AACT,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC,CAAC;AACvC,GAAG,MAAM,CAAC,MAAM,OAAO,wBAAc,CAAC;AACtC,GAAG;AACH,EAAE,MAAM,EAAE;AACV,GAAG;AACH,IAAI,EAAE,EAAE,iBAAiB;AACzB,IAAI,OAAO,EAAE,wBAAwB;AACrC,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,UAAU;AAClB,IAAI,OAAO,EAAE,gBAAgB;AAC7B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,QAAQ;AAChB,IAAI,OAAO,EAAE,cAAc;AAC3B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,SAAS;AACjB,IAAI,OAAO,EAAE,eAAe;AAC5B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd,IAAI;AACJ,GAAG;AACH,IAAI,EAAE,EAAE,WAAW;AACnB,IAAI,OAAO,EAAE,iBAAiB;AAC9B,IAAI,MAAM,EAAE,EAAE;AACd,IAAI,IAAI,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,EAAE;AAClD,IAAI,QAAQ,EAAE;AACd;AACA,GAAG;AACH,EAAE,kBAAkB,EAAE,IAAI,GAAG,CAAC,EAAE,CAAC;AACjC,EAAE,QAAQ,EAAE,YAAY;AACxB;AACA,GAAG,OAAO,IAAI;AACd,EAAE,CAAC;AACH,EAAE,aAAa,EAAE;AACjB;AACA;AACA,CAAC;;AAEW,MAAC,WAAW,GAAG,IAAI,GAAG,CAAC,EAAE;;AAEzB,MAAC,IAAI,GAAG;;;;"}

package/dist/acl.d.ts CHANGED Viewed

@@ -1,23 +1,23 @@
 import type { AccessControl, Permission } from '@axium/core';
-import type { ExpressionBuilder } from 'kysely';
+import type { Expression, ExpressionBuilder } from 'kysely';
 import { type Selectable } from 'kysely';
 import type { UserInternal } from './auth.js';
 import * as db from './database.js';
-interface AccessControllable {
+export interface Target {
     userId: string;
     publicPermission: Permission;
 }
 type _TableNames = (string & keyof db.Schema) & keyof {
-    [K in Exclude<keyof db.Schema, `acl.${string}`> as Selectable<db.Schema[K]> extends Omit<AccessControllable, 'acl'> ? K : never]: null;
+    [K in Exclude<keyof db.Schema, `acl.${string}`> as Selectable<db.Schema[K]> extends Omit<Target, 'acl'> ? K : never]: null;
 };
 /**
  * `never` causes a ton of problems, so we use `string` if none of the tables are shareable.
  */
-export type AccessControllableTableName = _TableNames extends never ? keyof db.Schema : _TableNames;
+export type TargetName = _TableNames extends never ? keyof db.Schema : _TableNames;
 export interface AccessControlInternal extends AccessControl {
     user?: UserInternal;
 }
-export declare const ACLTypes: {
+export declare const expectedTypes: {
     userId: {
         type: string;
         required: true;
@@ -41,14 +41,15 @@ export declare const ACLTypes: {
  * Adds an Access Control List (ACL) in the database for managing access to rows in an existing table.
  * @category Plugin API
  */
-export declare function createACL(table: AccessControllableTableName): Promise<void>;
-export declare function dropACL(table: AccessControllableTableName): Promise<void>;
-export declare function wipeACL(table: AccessControllableTableName): Promise<void>;
-export declare function createEntry(itemType: AccessControllableTableName, data: Omit<AccessControl, 'createdAt'>): Promise<AccessControlInternal>;
-export declare function deleteEntry(itemType: AccessControllableTableName, itemId: string, userId: string): Promise<void>;
+export declare function createTable(table: TargetName): Promise<void>;
+export declare function dropTable(table: TargetName): Promise<void>;
+export declare function wipeTable(table: TargetName): Promise<void>;
+export declare function createEntry(itemType: TargetName, data: Omit<AccessControl, 'createdAt'>): Promise<AccessControlInternal>;
+export declare function deleteEntry(itemType: TargetName, itemId: string, userId: string): Promise<void>;
 /**
- * Helper to select all shares for a given table, including the user information.
+ * Helper to select all access controls for a given table, including the user information.
+ * @param onlyId If specified, only returns the access control for the given user ID.
  */
-export declare function sharesFrom(table: AccessControllableTableName): (eb: ExpressionBuilder<db.Schema, any>) => import("kysely").AliasedRawBuilder<Required<AccessControl>[], "shares">;
-export declare function getShares(itemType: AccessControllableTableName, itemId: string): Promise<Required<AccessControlInternal>[]>;
+export declare function from(table: TargetName, onlyId?: string | Expression<any>): (eb: ExpressionBuilder<db.Schema, any>) => import("kysely").AliasedRawBuilder<Required<AccessControl>[], "acl">;
+export declare function get(itemType: TargetName, itemId: string): Promise<Required<AccessControlInternal>[]>;
 export {};

package/dist/acl.js CHANGED Viewed

@@ -6,7 +6,7 @@ const accessControllableTypes = {
     userId: { type: 'uuid' },
     publicPermission: { type: 'int4' },
 };
-export const ACLTypes = {
+export const expectedTypes = {
     userId: { type: 'uuid', required: true },
     createdAt: { type: 'timestamptz', required: true, hasDefault: true },
     itemId: { type: 'uuid', required: true },
@@ -16,7 +16,7 @@ export const ACLTypes = {
  * Adds an Access Control List (ACL) in the database for managing access to rows in an existing table.
  * @category Plugin API
  */
-export async function createACL(table) {
+export async function createTable(table) {
     await db.checkTableTypes(table, accessControllableTypes, { strict: true, extra: false });
     io.start(`Creating table acl.${table}`);
     await db.database.schema
@@ -32,11 +32,11 @@ export async function createACL(table) {
     await db.createIndex(`acl.${table}`, 'userId');
     await db.createIndex(`acl.${table}`, 'itemId');
 }
-export async function dropACL(table) {
+export async function dropTable(table) {
     io.start(`Dropping table acl.${table}`);
     await db.database.schema.dropTable(`acl.${table}`).execute().then(io.done).catch(db.warnExists);
 }
-export async function wipeACL(table) {
+export async function wipeTable(table) {
     io.start(`Wiping table acl.${table}`);
     await db.database.deleteFrom(`acl.${table}`).execute().then(io.done).catch(db.warnExists);
 }
@@ -47,17 +47,19 @@ export async function deleteEntry(itemType, itemId, userId) {
     await db.database.deleteFrom(`acl.${itemType}`).where('itemId', '=', itemId).where('userId', '=', userId).execute();
 }
 /**
- * Helper to select all shares for a given table, including the user information.
+ * Helper to select all access controls for a given table, including the user information.
+ * @param onlyId If specified, only returns the access control for the given user ID.
  */
-export function sharesFrom(table) {
+export function from(table, onlyId) {
     return (eb) => jsonArrayFrom(eb
         .selectFrom(`acl.${table} as _acl`)
         .selectAll()
         .select(db.userFromId)
-        .whereRef(`_acl.itemId`, '=', `${table}.id`))
+        .whereRef(`_acl.itemId`, '=', `${table}.id`)
+        .$if(!!onlyId, qb => qb.where('userId', '=', onlyId)))
         .$castTo()
-        .as('shares');
+        .as('acl');
 }
-export async function getShares(itemType, itemId) {
+export async function get(itemType, itemId) {
     return await db.database.selectFrom(`acl.${itemType}`).where('itemId', '=', itemId).selectAll().select(db.userFromId).execute();
 }

package/dist/api/acl.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import * as z from 'zod';
 import { addRoute } from '../routes.js';
 import { parseBody, withError } from '../requests.js';
-import { createEntry } from '../acl.js';
+import * as acl from '../acl.js';
 addRoute({
     path: '/api/acl/:itemType/:itemId',
     params: {
@@ -15,7 +15,7 @@ addRoute({
             userId: z.uuid(),
             permission: z.number().int().min(0).max(5),
         }));
-        const share = await createEntry(type, { ...data, itemId }).catch(withError('Failed to create access control'));
+        const share = await acl.createEntry(type, { ...data, itemId }).catch(withError('Failed to create access control'));
         return share;
     },
 });

package/dist/api/passkeys.js CHANGED Viewed

@@ -2,10 +2,10 @@ import { PasskeyChangeable } from '@axium/core/schemas';
 import { error } from '@sveltejs/kit';
 import { omit } from 'utilium';
 import * as z from 'zod';
-import { getPasskey } from '../auth.js';
+import { checkAuthForUser, getPasskey } from '../auth.js';
 import { database as db } from '../database.js';
+import { parseBody, withError } from '../requests.js';
 import { addRoute } from '../routes.js';
-import { checkAuth, parseBody, withError } from '../requests.js';
 addRoute({
     path: '/api/passkeys/:id',
     params: {
@@ -13,13 +13,13 @@ addRoute({
     },
     async GET(event) {
         const passkey = await getPasskey(event.params.id);
-        await checkAuth(event, passkey.userId);
+        await checkAuthForUser(event, passkey.userId);
         return omit(passkey, 'counter', 'publicKey');
     },
     async PATCH(event) {
         const body = await parseBody(event, PasskeyChangeable);
         const passkey = await getPasskey(event.params.id);
-        await checkAuth(event, passkey.userId);
+        await checkAuthForUser(event, passkey.userId);
         const result = await db
             .updateTable('passkeys')
             .set(body)
@@ -31,7 +31,7 @@ addRoute({
     },
     async DELETE(event) {
         const passkey = await getPasskey(event.params.id);
-        await checkAuth(event, passkey.userId);
+        await checkAuthForUser(event, passkey.userId);
         const { count } = await db
             .selectFrom('passkeys')
             .select(db.fn.countAll().as('count'))

package/dist/api/session.js CHANGED Viewed

@@ -1,15 +1,16 @@
 import { error } from '@sveltejs/kit';
 import { omit } from 'utilium';
-import { authenticate } from '../auth.js';
+import { getSessionAndUser } from '../auth.js';
 import { connect, database as db } from '../database.js';
+import { getToken, stripUser, withError } from '../requests.js';
 import { addRoute } from '../routes.js';
-import { getToken, stripUser } from '../requests.js';
 addRoute({
     path: '/api/session',
     async GET(event) {
-        const result = await authenticate(event);
-        if (!result)
-            error(404, 'Session does not exist');
+        const token = getToken(event);
+        if (!token)
+            error(401, 'Missing token');
+        const result = await getSessionAndUser(token).catch(withError('Invalid session', 400));
         return {
             ...omit(result, 'token'),
             user: stripUser(result.user, true),

package/dist/api/users.js CHANGED Viewed

@@ -4,10 +4,10 @@ import * as webauthn from '@simplewebauthn/server';
 import { error } from '@sveltejs/kit';
 import { omit, pick } from 'utilium';
 import * as z from 'zod';
-import { createPasskey, createVerification, getPasskey, getPasskeysByUserId, getSessions, getUser, useVerification } from '../auth.js';
+import { checkAuthForUser, createPasskey, createVerification, getPasskey, getPasskeysByUserId, getSessions, getUser, useVerification, } from '../auth.js';
 import { config } from '../config.js';
 import { connect, database as db } from '../database.js';
-import { checkAuth, createSessionData, parseBody, stripUser, withError } from '../requests.js';
+import { createSessionData, parseBody, stripUser, withError } from '../requests.js';
 import { addRoute } from '../routes.js';
 const challenges = new Map();
 const params = { id: z.uuid() };
@@ -33,14 +33,14 @@ addRoute({
     params,
     async GET(event) {
         const userId = event.params.id;
-        const auth = await checkAuth(event, userId).catch(() => null);
+        const auth = await checkAuthForUser(event, userId).catch(() => null);
         const user = auth?.user || (await getUser(userId).catch(withError('User does not exist', 404)));
         return stripUser(user, !!auth);
     },
     async PATCH(event) {
         const userId = event.params.id;
         const body = await parseBody(event, UserChangeable);
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         if ('email' in body)
             body.emailVerified = null;
         const result = await db
@@ -54,7 +54,7 @@ addRoute({
     },
     async DELETE(event) {
         const userId = event.params.id;
-        await checkAuth(event, userId, true);
+        await checkAuthForUser(event, userId, true);
         const result = await db
             .deleteFrom('users')
             .where('id', '=', userId)
@@ -69,7 +69,7 @@ addRoute({
     params,
     async GET(event) {
         const userId = event.params.id;
-        const { user } = await checkAuth(event, userId);
+        const { user } = await checkAuthForUser(event, userId);
         const sessions = await getSessions(userId);
         return {
             ...stripUser(user, true),
@@ -137,7 +137,7 @@ addRoute({
     async OPTIONS(event) {
         const userId = event.params.id;
         const existing = await getPasskeysByUserId(userId);
-        const { user } = await checkAuth(event, userId);
+        const { user } = await checkAuthForUser(event, userId);
         const options = await webauthn.generateRegistrationOptions({
             rpName: config.auth.rp_name,
             rpID: config.auth.rp_id,
@@ -159,7 +159,7 @@ addRoute({
      */
     async GET(event) {
         const userId = event.params.id;
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         const passkeys = await getPasskeysByUserId(userId);
         return passkeys.map(p => omit(p, 'publicKey', 'counter'));
     },
@@ -169,7 +169,7 @@ addRoute({
     async PUT(event) {
         const userId = event.params.id;
         const response = await parseBody(event, PasskeyRegistration);
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         const expectedChallenge = registrations.get(userId);
         if (!expectedChallenge)
             error(404, { message: 'No registration challenge found for this user' });
@@ -198,13 +198,13 @@ addRoute({
     params,
     async GET(event) {
         const userId = event.params.id;
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         return (await getSessions(userId).catch(e => error(503, 'Failed to get sessions' + (config.debug ? ': ' + e : '')))).map(s => omit(s, 'token'));
     },
     async DELETE(event) {
         const userId = event.params.id;
         const body = await parseBody(event, LogoutSessions);
-        await checkAuth(event, userId, body.confirm_all);
+        await checkAuthForUser(event, userId, body.confirm_all);
         if (!body.confirm_all && !Array.isArray(body.id))
             error(400, { message: 'Invalid request body' });
         const query = body.confirm_all ? db.deleteFrom('sessions') : db.deleteFrom('sessions').where('sessions.id', 'in', body.id);
@@ -223,14 +223,14 @@ addRoute({
         const userId = event.params.id;
         if (!config.auth.email_verification)
             return { enabled: false };
-        await checkAuth(event, userId);
+        await checkAuthForUser(event, userId);
         if (!config.auth.email_verification)
             return { enabled: false };
         return { enabled: true };
     },
     async GET(event) {
         const userId = event.params.id;
-        const { user } = await checkAuth(event, userId);
+        const { user } = await checkAuthForUser(event, userId);
         if (user.emailVerified)
             error(409, { message: 'Email already verified' });
         const verification = await createVerification('verify_email', userId, config.auth.verification_timeout * 60);
@@ -239,7 +239,7 @@ addRoute({
     async POST(event) {
         const userId = event.params.id;
         const { token } = await parseBody(event, z.object({ token: z.string() }));
-        const { user } = await checkAuth(event, userId);
+        const { user } = await checkAuthForUser(event, userId);
         if (user.emailVerified)
             error(409, { message: 'Email already verified' });
         await useVerification('verify_email', userId, token).catch(withError('Invalid or expired verification token', 400));

package/dist/auth.d.ts CHANGED Viewed

@@ -1,7 +1,9 @@
+import type { Permission } from '@axium/core';
 import type { Passkey, Session, Verification } from '@axium/core/api';
 import type { User } from '@axium/core/user';
-import type { RequestEvent } from '@sveltejs/kit';
+import { type RequestEvent } from '@sveltejs/kit';
 import type { Insertable } from 'kysely';
+import * as acl from './acl.js';
 import { type Schema } from './database.js';
 export interface UserInternal extends User {
     isAdmin: boolean;
@@ -39,4 +41,15 @@ export declare function getPasskey(id: string): Promise<PasskeyInternal>;
 export declare function createPasskey(passkey: Omit<PasskeyInternal, 'createdAt'>): Promise<PasskeyInternal>;
 export declare function getPasskeysByUserId(userId: string): Promise<PasskeyInternal[]>;
 export declare function updatePasskeyCounter(id: PasskeyInternal['id'], newCounter: PasskeyInternal['counter']): Promise<PasskeyInternal>;
-export declare function authenticate(event: RequestEvent): Promise<SessionAndUser | null>;
+export interface UserAuthResult extends SessionAndUser {
+    /** The user authenticating the request. */
+    accessor: UserInternal;
+}
+export declare function checkAuthForUser(event: RequestEvent, userId: string, sensitive?: boolean): Promise<UserAuthResult>;
+export interface ItemAuthResult<T extends acl.Target> {
+    fromACL: boolean;
+    item: T;
+    user?: UserInternal;
+    session?: SessionInternal;
+}
+export declare function checkAuthForItem<const V extends acl.Target>(event: RequestEvent, itemType: acl.TargetName, itemId: string, permission: Permission): Promise<ItemAuthResult<V>>;

package/dist/auth.js CHANGED Viewed

@@ -1,6 +1,9 @@
+import { error } from '@sveltejs/kit';
 import { randomBytes, randomUUID } from 'node:crypto';
+import { omit } from 'utilium';
+import * as acl from './acl.js';
 import { connect, database as db, userFromId } from './database.js';
-import { getToken } from './requests.js';
+import { getToken, withError } from './requests.js';
 export async function getUser(id) {
     connect();
     return await db.selectFrom('users').selectAll().where('id', '=', id).executeTakeFirstOrThrow();
@@ -95,10 +98,56 @@ export async function updatePasskeyCounter(id, newCounter) {
         throw new Error('Passkey not found');
     return passkey;
 }
-export async function authenticate(event) {
-    const maybe_header = event.request.headers.get('Authorization');
-    const token = maybe_header?.startsWith('Bearer ') ? maybe_header.slice(7) : event.cookies.get('session_token');
+export async function checkAuthForUser(event, userId, sensitive = false) {
+    const token = getToken(event, sensitive);
     if (!token)
-        return null;
-    return await getSessionAndUser(token).catch(() => null);
+        throw error(401, 'Missing token');
+    const session = await getSessionAndUser(token).catch(withError('Invalid or expired session', 401));
+    if (session.userId !== userId) {
+        if (!session.user?.isAdmin)
+            error(403, 'User ID mismatch');
+        // Admins are allowed to manage other users.
+        const accessor = session.user;
+        session.user = await getUser(userId).catch(withError('Target user not found', 404));
+        return Object.assign(session, { accessor });
+    }
+    if (!session.elevated && sensitive)
+        error(403, 'This token can not be used for sensitive actions');
+    return Object.assign(session, { accessor: session.user });
+}
+export async function checkAuthForItem(event, itemType, itemId, permission) {
+    const token = getToken(event, true);
+    if (!token)
+        error(401, 'Missing token');
+    connect();
+    const session = await getSessionAndUser(token).catch(() => null);
+    const item = await db
+        .selectFrom(itemType)
+        .selectAll()
+        .where('id', '=', itemId)
+        .$if(!!session, eb => eb.select(acl.from(itemType, session.userId)))
+        .$castTo()
+        .executeTakeFirstOrThrow()
+        .catch(withError('Item not found', 404));
+    const result = {
+        session: session ? omit(session, 'user') : undefined,
+        item: omit(item, 'acl'),
+        user: session?.user,
+        fromACL: false,
+    };
+    if (item.publicPermission >= permission)
+        return result;
+    if (!session)
+        error(403, 'Access denied');
+    if (session.userId == item.userId)
+        return result;
+    result.fromACL = true;
+    if (!item.acl || !item.acl.length)
+        error(403, 'Access denied');
+    const [control] = item.acl;
+    if (control.userId !== session.userId)
+        error(500, 'Access control entry does not match session user'); // @todo: audit log
+    if (control.permission >= permission)
+        return result;
+    error(403, 'Access denied');
 }

package/dist/database.d.ts CHANGED Viewed

@@ -3,6 +3,12 @@ import type { AuthenticatorTransportFuture, CredentialDeviceType } from '@simple
 import type * as kysely from 'kysely';
 import { Kysely } from 'kysely';
 import type { UserInternal, VerificationRole } from './auth.js';
+export interface DBAccessControl {
+    itemId: string;
+    userId: string;
+    createdAt: kysely.GeneratedAlways<Date>;
+    permission: Permission;
+}
 export interface Schema {
     users: {
         id: string;
@@ -41,12 +47,7 @@ export interface Schema {
         backedUp: boolean;
         transports: AuthenticatorTransportFuture[];
     };
-    [key: `acl.${string}`]: {
-        itemId: string;
-        userId: string;
-        createdAt: kysely.GeneratedAlways<Date>;
-        permission: Permission;
-    };
+    [key: `acl.${string}`]: DBAccessControl;
 }
 export type Database = Kysely<Schema> & AsyncDisposable;
 export declare let database: Database;

package/dist/database.js CHANGED Viewed

@@ -58,7 +58,6 @@ import pg from 'pg';
 import config from './config.js';
 import * as io from './io.js';
 import { plugins } from './plugins.js';
-import * as acl from './acl.js';
 const sym = Symbol.for('Axium:database');
 export let database;
 export function connect() {

package/dist/requests.d.ts CHANGED Viewed

@@ -1,14 +1,9 @@
 import { type User } from '@axium/core/user';
 import { type HttpError, type RequestEvent } from '@sveltejs/kit';
 import * as z from 'zod';
-import { type SessionAndUser, type UserInternal } from './auth.js';
+import { type UserInternal } from './auth.js';
 export declare function parseBody<const Schema extends z.ZodType, const Result extends z.infer<Schema> = z.infer<Schema>>(event: RequestEvent, schema: Schema): Promise<Result>;
 export declare function getToken(event: RequestEvent, sensitive?: boolean): string | undefined;
-export interface AuthResult extends SessionAndUser {
-    /** The user authenticating the request. */
-    accessor: UserInternal;
-}
-export declare function checkAuth(event: RequestEvent, userId: string, sensitive?: boolean): Promise<AuthResult>;
 export declare function createSessionData(userId: string, elevated?: boolean): Promise<Response>;
 export declare function stripUser(user: UserInternal, includeProtected?: boolean): User;
 export declare function withError(text: string, code?: number): (e: Error | HttpError) => never;

package/dist/requests.js CHANGED Viewed

@@ -25,23 +25,6 @@ export function getToken(event, sensitive = false) {
         return event.cookies.get(sensitive ? 'elevated_token' : 'session_token');
     }
 }
-export async function checkAuth(event, userId, sensitive = false) {
-    const token = getToken(event, sensitive);
-    if (!token)
-        throw error(401, { message: 'Missing token' });
-    const session = await getSessionAndUser(token).catch(() => error(401, { message: 'Invalid or expired session' }));
-    if (session.userId !== userId) {
-        if (!session.user?.isAdmin)
-            error(403, { message: 'User ID mismatch' });
-        // Admins are allowed to manage other users.
-        const accessor = session.user;
-        session.user = await getUser(userId).catch(() => error(404, { message: 'Target user not found' }));
-        return Object.assign(session, { accessor });
-    }
-    if (!session.elevated && sensitive)
-        error(403, 'This token can not be used for sensitive actions');
-    return Object.assign(session, { accessor: session.user });
-}
 export async function createSessionData(userId, elevated = false) {
     const { token, expires } = await createSession(userId, elevated);
     const response = json({ userId, token: elevated ? '[[redacted:elevated]]' : token }, { status: 201 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/server",
-	"version": "0.17.0",
+	"version": "0.18.0",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",