@axium/server 0.7.6 → 0.8.0

package/dist/apps.d.ts

@@ -0,0 +1,15 @@
+import type { LoadEvent, RequestEvent } from '@sveltejs/kit';
+import type { WebRoute, WebRouteOptions } from './routes.js';
+export interface CreateAppOptions {
+    id: string;
+    name?: string;
+}
+export declare const apps: Map<string, App>;
+export declare class App {
+    readonly id: string;
+    name: string;
+    protected readonly routes: Map<string, WebRoute>;
+    constructor(opt: CreateAppOptions);
+    addRoute(route: WebRouteOptions): void;
+    resolveRoute(event: RequestEvent | LoadEvent): WebRoute | undefined;
+}

package/dist/apps.js

@@ -0,0 +1,20 @@
+import { pick } from 'utilium';
+import { addRoute, resolveRoute } from './routes.js';
+export const apps = new Map();
+export class App {
+    id;
+    name;
+    routes = new Map();
+    constructor(opt) {
+        if (apps.has(opt.id))
+            throw new ReferenceError(`App with ID "${opt.id}" already exists.`);
+        Object.assign(this, pick(opt, 'id', 'name'));
+        apps.set(this.id, this);
+    }
+    addRoute(route) {
+        addRoute(route, this.routes);
+    }
+    resolveRoute(event) {
+        return resolveRoute(event, this.routes);
+    }
+}

package/dist/auth.d.ts

@@ -1,35 +1,68 @@
-import type { Adapter } from '@auth/core/adapters';
-import type { Provider } from '@auth/core/providers';
-import type { AuthConfig } from '@auth/core/types';
-import { Registration } from '@axium/core/schemas';
-/**
- * User preferences.
- * Modify with `declare module ...`
- */
-export interface Preferences {
+import type { Passkey, Session, Verification } from '@axium/core/api';
+import type { User } from '@axium/core/user';
+export interface UserInternal extends User {
+    password?: string | null;
+    salt?: string | null;
 }
-declare module '@auth/core/adapters' {
-    interface AdapterUser {
-        password: string | null;
-        salt: string | null;
-        preferences: Preferences;
-    }
+export declare function getUser(id: string): Promise<{
+    name: string;
+    id: string;
+    image: string | null | undefined;
+    email: string;
+    emailVerified: Date | null | undefined;
+    preferences: import("@axium/core/user").Preferences | undefined;
+} | null>;
+export declare function getUserByEmail(email: string): Promise<{
+    name: string;
+    id: string;
+    image: string | null | undefined;
+    email: string;
+    emailVerified: Date | null | undefined;
+    preferences: import("@axium/core/user").Preferences | undefined;
+} | null>;
+export declare function updateUser({ id, ...user }: UserInternal): Promise<{
+    name: string;
+    id: string;
+    image: string | null | undefined;
+    email: string;
+    emailVerified: Date | null | undefined;
+    preferences: import("@axium/core/user").Preferences | undefined;
+}>;
+export interface SessionInternal extends Session {
+    token: string;
+    elevated: boolean;
 }
-export declare let adapter: Adapter;
-export declare function createAdapter(): void;
-/**
- * Login using credentials
- */
-export declare function register(credentials: Registration): Promise<{
-    user: import("@auth/core/adapters").AdapterUser;
-    session: import("@auth/core/adapters").AdapterSession;
+export declare function createSession(userId: string, elevated?: boolean): Promise<SessionInternal>;
+export declare function checkExpiration(session: SessionInternal): Promise<void>;
+export declare function getSessionAndUser(token: string): Promise<SessionInternal & {
+    user: UserInternal | null;
+}>;
+export declare function getSession(sessionId: string): Promise<SessionInternal>;
+export declare function getSessions(userId: string): Promise<SessionInternal[]>;
+export declare function updateSession(session: SessionInternal): Promise<{
+    id: string;
+    expires: Date;
+    token: string;
+    userId: string;
+    created: Date;
+    elevated: boolean;
 }>;
+export type VerificationRole = 'verify_email' | 'login';
+export interface VerificationInternal extends Verification {
+    token: string;
+    role: VerificationRole;
+}
 /**
- * Authorize using credentials
+ * Create a verification
+ * @param expires How long the token should be valid for in seconds
  */
-export declare function authorize(credentials: Partial<Record<string, unknown>>): Promise<Omit<import("@auth/core/adapters").AdapterUser, "password" | "salt"> | null>;
-type Providers = Exclude<Provider, (...args: any[]) => any>[];
-export declare function getConfig(): AuthConfig & {
-    providers: Providers;
-};
-export {};
+export declare function createVerification(role: VerificationRole, userId: string, expires: number): Promise<VerificationInternal>;
+export declare function useVerification(role: VerificationRole, userId: string, token: string): Promise<VerificationInternal | undefined>;
+export interface PasskeyInternal extends Passkey {
+    publicKey: Uint8Array;
+    counter: number;
+}
+export declare function getPasskey(id: string): Promise<PasskeyInternal | null>;
+export declare function createPasskey(passkey: Omit<PasskeyInternal, 'createdAt'>): Promise<PasskeyInternal>;
+export declare function getPasskeysByUserId(userId: string): Promise<PasskeyInternal[]>;
+export declare function updatePasskeyCounter(id: PasskeyInternal['id'], newCounter: PasskeyInternal['counter']): Promise<PasskeyInternal>;

package/dist/auth.js

@@ -1,137 +1,118 @@
-import { CredentialsSignin } from '@auth/core/errors';
-import Credentials from '@auth/core/providers/credentials';
-import Passkey from '@auth/core/providers/passkey';
-import { KyselyAdapter } from '@auth/kysely-adapter';
-import { Login, Registration } from '@axium/core/schemas';
-import { genSaltSync, hashSync } from 'bcryptjs';
-import { randomBytes } from 'node:crypto';
-import { omit } from 'utilium';
-import config from './config.js';
-import * as db from './database.js';
-import { logger } from './io.js';
-export let adapter;
-export function createAdapter() {
-    if (adapter)
+import { jsonObjectFrom } from 'kysely/helpers/postgres';
+import { randomBytes, randomUUID } from 'node:crypto';
+import { connect, database as db } from './database.js';
+export async function getUser(id) {
+    connect();
+    const result = await db.selectFrom('users').selectAll().where('id', '=', id).executeTakeFirst();
+    if (!result)
+        return null;
+    return result;
+}
+export async function getUserByEmail(email) {
+    connect();
+    const result = await db.selectFrom('users').selectAll().where('email', '=', email).executeTakeFirst();
+    if (!result)
+        return null;
+    return result;
+}
+export async function updateUser({ id, ...user }) {
+    connect();
+    const query = db.updateTable('users').set(user).where('id', '=', id);
+    return await query.returningAll().executeTakeFirstOrThrow();
+}
+const in30days = () => new Date(Date.now() + 2592000000);
+const in10minutes = () => new Date(Date.now() + 600000);
+export async function createSession(userId, elevated = false) {
+    connect();
+    const session = {
+        id: randomUUID(),
+        userId,
+        token: randomBytes(64).toString('base64'),
+        expires: elevated ? in10minutes() : in30days(),
+        elevated,
+        created: new Date(),
+    };
+    await db.insertInto('sessions').values(session).execute();
+    return session;
+}
+export async function checkExpiration(session) {
+    if (session.expires.getTime() > Date.now())
         return;
-    const conn = db.connect();
-    adapter = Object.assign(KyselyAdapter(conn), {
-        async getAccount(providerAccountId, provider) {
-            const result = await conn.selectFrom('Account').selectAll().where('providerAccountId', '=', providerAccountId).where('provider', '=', provider).executeTakeFirst();
-            return result ?? null;
-        },
-        async getAuthenticator(credentialID) {
-            const result = await conn.selectFrom('Authenticator').selectAll().where('credentialID', '=', credentialID).executeTakeFirst();
-            return result ?? null;
-        },
-        async createAuthenticator(authenticator) {
-            await conn.insertInto('Authenticator').values(authenticator).executeTakeFirstOrThrow();
-            return authenticator;
-        },
-        async listAuthenticatorsByUserId(userId) {
-            const result = await conn.selectFrom('Authenticator').selectAll().where('userId', '=', userId).execute();
-            return result;
-        },
-        async updateAuthenticatorCounter(credentialID, newCounter) {
-            await conn.updateTable('Authenticator').set({ counter: newCounter }).where('credentialID', '=', credentialID).executeTakeFirstOrThrow();
-            const authenticator = await adapter.getAuthenticator?.(credentialID);
-            if (!authenticator)
-                throw new Error('Authenticator not found');
-            return authenticator;
-        },
-    });
+    await db.deleteFrom('sessions').where('sessions.id', '=', session.id).executeTakeFirstOrThrow();
+    throw new Error('Session expired');
 }
-/**
- * Login using credentials
- */
-export async function register(credentials) {
-    const { email, password, name } = Registration.parse(credentials);
-    const existing = await adapter.getUserByEmail?.(email);
-    if (existing)
-        throw 'User already exists';
-    let id = crypto.randomUUID();
-    while (await adapter.getUser?.(id))
-        id = crypto.randomUUID();
-    const salt = genSaltSync(10);
-    const user = await adapter.createUser({
-        id,
-        name,
-        email,
-        emailVerified: null,
-        salt: password ? salt : null,
-        password: password ? hashSync(password, salt) : null,
-        preferences: {},
-    });
-    const expires = new Date();
-    expires.setMonth(expires.getMonth() + 1);
-    const session = await adapter.createSession({
-        sessionToken: randomBytes(64).toString('base64'),
-        userId: id,
-        expires,
-    });
-    return { user, session };
+export async function getSessionAndUser(token) {
+    connect();
+    const result = await db
+        .selectFrom('sessions')
+        .selectAll()
+        .select(eb => jsonObjectFrom(eb.selectFrom('users').selectAll().whereRef('users.id', '=', 'sessions.userId')).as('user'))
+        .where('sessions.token', '=', token)
+        .executeTakeFirst();
+    if (!result)
+        throw new Error('Session not found');
+    await checkExpiration(result);
+    return result;
+}
+export async function getSession(sessionId) {
+    connect();
+    const session = await db.selectFrom('sessions').selectAll().where('id', '=', sessionId).executeTakeFirstOrThrow();
+    await checkExpiration(session);
+    return session;
+}
+export async function getSessions(userId) {
+    connect();
+    return await db.selectFrom('sessions').selectAll().where('userId', '=', userId).execute();
+}
+export async function updateSession(session) {
+    connect();
+    const query = db.updateTable('sessions').set(session).where('sessions.token', '=', session.token);
+    return await query.returningAll().executeTakeFirstOrThrow();
 }
 /**
- * Authorize using credentials
+ * Create a verification
+ * @param expires How long the token should be valid for in seconds
  */
-export async function authorize(credentials) {
-    const { success, error, data } = Login.safeParse(credentials);
-    if (!success)
-        throw new CredentialsSignin(error);
-    const user = await adapter.getUserByEmail?.(data.email);
-    if (!user || !data.password || !user.salt)
-        return null;
-    if (user.password !== hashSync(data.password, user.salt))
+export async function createVerification(role, userId, expires) {
+    const token = randomBytes(64).toString('base64url');
+    const verification = { userId, token, expires: new Date(Date.now() + expires * 1000), role };
+    connect();
+    await db.insertInto('verifications').values(verification).executeTakeFirstOrThrow();
+    setTimeout(() => {
+        void db.deleteFrom('verifications').where('verifications.token', '=', verification.token).execute();
+    }, expires * 1000);
+    return verification;
+}
+export async function useVerification(role, userId, token) {
+    connect();
+    const query = db
+        .deleteFrom('verifications')
+        .where('verifications.token', '=', token)
+        .where('verifications.userId', '=', userId)
+        .where('verifications.role', '=', role);
+    return await query.returningAll().executeTakeFirst();
+}
+export async function getPasskey(id) {
+    connect();
+    const result = await db.selectFrom('passkeys').selectAll().where('id', '=', id).executeTakeFirst();
+    if (!result)
         return null;
-    return omit(user, 'password', 'salt');
+    return result;
 }
-export function getConfig() {
-    createAdapter();
-    const providers = [Passkey({})];
-    if (config.auth.credentials) {
-        providers.push(Credentials({
-            credentials: {
-                email: { label: 'Email', type: 'email' },
-                password: { label: 'Password', type: 'password' },
-            },
-            authorize,
-        }));
-    }
-    const debug = config.auth.debug ?? config.debug;
-    return {
-        adapter,
-        providers,
-        debug,
-        experimental: { enableWebAuthn: true },
-        secret: config.auth.secret,
-        useSecureCookies: config.auth.secure_cookies,
-        session: { strategy: 'database' },
-        logger: {
-            error(error) {
-                logger.error('[auth] ' + error.message);
-            },
-            warn(code) {
-                switch (code) {
-                    case 'experimental-webauthn':
-                    case 'debug-enabled':
-                        return;
-                    case 'csrf-disabled':
-                        logger.warn('CSRF protection is disabled.');
-                        break;
-                    case 'env-url-basepath-redundant':
-                    case 'env-url-basepath-mismatch':
-                    default:
-                        logger.warn('[auth] ' + code);
-                }
-            },
-            debug(message, metadata) {
-                debug && logger.debug('[auth]', message, metadata ? JSON.stringify(metadata, (k, v) => (k && JSON.stringify(v).length > 100 ? '...' : v)) : '');
-            },
-        },
-        callbacks: {
-            signIn({ user }) {
-                logger.info('[auth] signin', user.id ?? '', user.email ? `(${user.email})` : '');
-                return true;
-            },
-        },
-    };
+export async function createPasskey(passkey) {
+    connect();
+    const result = await db.insertInto('passkeys').values(passkey).returningAll().executeTakeFirstOrThrow();
+    return result;
+}
+export async function getPasskeysByUserId(userId) {
+    connect();
+    return await db.selectFrom('passkeys').selectAll().where('userId', '=', userId).execute();
+}
+export async function updatePasskeyCounter(id, newCounter) {
+    connect();
+    await db.updateTable('passkeys').set({ counter: newCounter }).where('id', '=', id).executeTakeFirstOrThrow();
+    const passkey = await getPasskey(id);
+    if (!passkey)
+        throw new Error('Passkey not found');
+    return passkey;
 }

package/dist/cli.js

@@ -1,6 +1,5 @@
 #!/usr/bin/env node
 import { Argument, Option, program } from 'commander';
-import { randomBytes } from 'node:crypto';
 import { styleText } from 'node:util';
 import { getByString, isJSON, setByString } from 'utilium';
 import $pkg from '../package.json' with { type: 'json' };
@@ -8,6 +7,7 @@ import config from './config.js';
 import * as db from './database.js';
 import { _portActions, _portMethods, exit, handleError, output, restrictedPorts } from './io.js';
 import { loadDefaultPlugins, plugins, pluginText, resolvePlugin } from './plugins.js';
+import { apps } from './apps.js';
 program
     .version($pkg.version)
     .name('axium')
@@ -25,10 +25,10 @@ program.hook('preAction', async function (_, action) {
     opt.force && output.warn('--force: Protections disabled.');
     if (opt.debug === false)
         config.set({ debug: false });
-    if (!config.auth.secret) {
+    /* if (!config.auth.secret) {
         config.save({ auth: { secret: process.env.AUTH_SECRET || randomBytes(32).toString('base64') } }, true);
         output.debug('Auto-generated a new auth secret');
-    }
+    } */
 });
 // Options shared by multiple (sub)commands
 const opts = {
@@ -78,7 +78,7 @@ axiumDB
     .action(async (opt) => {
     const stats = await db.status().catch(exit);
     if (!opt.force)
-        for (const key of ['users', 'accounts', 'sessions']) {
+        for (const key of ['users', 'passkeys', 'sessions']) {
             if (stats[key] == 0)
                 continue;
             output.warn(`Database has existing ${key}. Use --force if you really want to drop the database.`);
@@ -94,7 +94,7 @@ axiumDB
     .action(async (opt) => {
     const stats = await db.status().catch(exit);
     if (!opt.force)
-        for (const key of ['users', 'accounts', 'sessions']) {
+        for (const key of ['users', 'passkeys', 'sessions']) {
             if (stats[key] == 0)
                 continue;
             output.warn(`Database has existing ${key}. Use --force if you really want to wipe the database.`);
@@ -103,6 +103,12 @@ axiumDB
     await db.wipe(opt).catch(exit);
     await db.database.destroy();
 });
+axiumDB
+    .command('check')
+    .description('Check the structure of the database')
+    .action(async (opt) => {
+    await db.check(opt).catch(exit);
+});
 const axiumConfig = program
     .command('config')
     .description('Manage the configuration')
@@ -191,6 +197,27 @@ axiumPlugin
         exit(`Can't find a plugin matching "${search}"`);
     console.log(pluginText(plugin));
 });
+const axiumApps = program.command('apps').description('Manage Axium apps').addOption(opts.global);
+axiumApps
+    .command('list')
+    .alias('ls')
+    .description('List apps added by plugins')
+    .option('-l, --long', 'use the long listing format')
+    .option('-b, --builtin', 'include built-in apps')
+    .action((opt) => {
+    if (!apps.size) {
+        console.log('No apps.');
+        return;
+    }
+    if (!opt.long) {
+        console.log(Array.from(apps.values().map(app => app.name)).join(', '));
+        return;
+    }
+    console.log(styleText('whiteBright', apps.size + ' app(s) loaded:'));
+    for (const app of apps.values()) {
+        console.log(app.name, styleText('dim', `(${app.id})`));
+    }
+});
 program
     .command('status')
     .alias('stats')
@@ -234,7 +261,7 @@ program
     .addOption(opts.force)
     .addOption(opts.host)
     .action(async (opt) => {
-    config.save({ auth: { secret: randomBytes(32).toString('base64') } }, true);
+    /* config.save({ auth: { secret: randomBytes(32).toString('base64') } }, true); */
     await db.init({ ...opt, skip: opt.dbSkip }).catch(handleError);
     await restrictedPorts({ method: 'node-cap', action: 'enable' }).catch(handleError);
 });