@axium/server 0.7.6 → 0.9.0

package/dist/apps.d.ts

@@ -0,0 +1,15 @@
+import type { LoadEvent, RequestEvent } from '@sveltejs/kit';
+import type { WebRoute, WebRouteOptions } from './routes.js';
+export interface CreateAppOptions {
+    id: string;
+    name?: string;
+}
+export declare const apps: Map<string, App>;
+export declare class App {
+    readonly id: string;
+    name: string;
+    protected readonly routes: Map<string, WebRoute>;
+    constructor(opt: CreateAppOptions);
+    addRoute(route: WebRouteOptions): void;
+    resolveRoute(event: RequestEvent | LoadEvent): WebRoute | undefined;
+}

package/dist/apps.js

@@ -0,0 +1,20 @@
+import { pick } from 'utilium';
+import { addRoute, resolveRoute } from './routes.js';
+export const apps = new Map();
+export class App {
+    id;
+    name;
+    routes = new Map();
+    constructor(opt) {
+        if (apps.has(opt.id))
+            throw new ReferenceError(`App with ID "${opt.id}" already exists.`);
+        Object.assign(this, pick(opt, 'id', 'name'));
+        apps.set(this.id, this);
+    }
+    addRoute(route) {
+        addRoute(route, this.routes);
+    }
+    resolveRoute(event) {
+        return resolveRoute(event, this.routes);
+    }
+}

package/dist/auth.d.ts

@@ -1,35 +1,58 @@
-import type { Adapter } from '@auth/core/adapters';
-import type { Provider } from '@auth/core/providers';
-import type { AuthConfig } from '@auth/core/types';
-import { Registration } from '@axium/core/schemas';
-/**
- * User preferences.
- * Modify with `declare module ...`
- */
-export interface Preferences {
+import type { Passkey, Session, Verification } from '@axium/core/api';
+import type { User } from '@axium/core/user';
+export interface UserInternal extends User {
+    password?: string | null;
+    salt?: string | null;
 }
-declare module '@auth/core/adapters' {
-    interface AdapterUser {
-        password: string | null;
-        salt: string | null;
-        preferences: Preferences;
-    }
+export declare function getUser(id: string): Promise<{
+    name: string;
+    id: string;
+    image: string | null | undefined;
+    email: string;
+    emailVerified: Date | null | undefined;
+    preferences: import("@axium/core/user").Preferences | undefined;
+} | null>;
+export declare function getUserByEmail(email: string): Promise<{
+    name: string;
+    id: string;
+    image: string | null | undefined;
+    email: string;
+    emailVerified: Date | null | undefined;
+    preferences: import("@axium/core/user").Preferences | undefined;
+} | null>;
+export declare function updateUser({ id, ...user }: UserInternal): Promise<{
+    name: string;
+    id: string;
+    image: string | null | undefined;
+    email: string;
+    emailVerified: Date | null | undefined;
+    preferences: import("@axium/core/user").Preferences | undefined;
+}>;
+export interface SessionInternal extends Session {
+    token: string;
 }
-export declare let adapter: Adapter;
-export declare function createAdapter(): void;
-/**
- * Login using credentials
- */
-export declare function register(credentials: Registration): Promise<{
-    user: import("@auth/core/adapters").AdapterUser;
-    session: import("@auth/core/adapters").AdapterSession;
+export declare function createSession(userId: string, elevated?: boolean): Promise<SessionInternal>;
+export declare function getSessionAndUser(token: string): Promise<SessionInternal & {
+    user: UserInternal | null;
 }>;
+export declare function getSession(sessionId: string): Promise<SessionInternal>;
+export declare function getSessions(userId: string): Promise<SessionInternal[]>;
+export type VerificationRole = 'verify_email' | 'login';
+export interface VerificationInternal extends Verification {
+    token: string;
+    role: VerificationRole;
+}
 /**
- * Authorize using credentials
+ * Create a verification
+ * @param expires How long the token should be valid for in seconds
  */
-export declare function authorize(credentials: Partial<Record<string, unknown>>): Promise<Omit<import("@auth/core/adapters").AdapterUser, "password" | "salt"> | null>;
-type Providers = Exclude<Provider, (...args: any[]) => any>[];
-export declare function getConfig(): AuthConfig & {
-    providers: Providers;
-};
-export {};
+export declare function createVerification(role: VerificationRole, userId: string, expires: number): Promise<VerificationInternal>;
+export declare function useVerification(role: VerificationRole, userId: string, token: string): Promise<VerificationInternal | undefined>;
+export interface PasskeyInternal extends Passkey {
+    publicKey: Uint8Array;
+    counter: number;
+}
+export declare function getPasskey(id: string): Promise<PasskeyInternal | null>;
+export declare function createPasskey(passkey: Omit<PasskeyInternal, 'createdAt'>): Promise<PasskeyInternal>;
+export declare function getPasskeysByUserId(userId: string): Promise<PasskeyInternal[]>;
+export declare function updatePasskeyCounter(id: PasskeyInternal['id'], newCounter: PasskeyInternal['counter']): Promise<PasskeyInternal>;

package/dist/auth.js

@@ -1,137 +1,110 @@
-import { CredentialsSignin } from '@auth/core/errors';
-import Credentials from '@auth/core/providers/credentials';
-import Passkey from '@auth/core/providers/passkey';
-import { KyselyAdapter } from '@auth/kysely-adapter';
-import { Login, Registration } from '@axium/core/schemas';
-import { genSaltSync, hashSync } from 'bcryptjs';
-import { randomBytes } from 'node:crypto';
-import { omit } from 'utilium';
-import config from './config.js';
-import * as db from './database.js';
-import { logger } from './io.js';
-export let adapter;
-export function createAdapter() {
-    if (adapter)
-        return;
-    const conn = db.connect();
-    adapter = Object.assign(KyselyAdapter(conn), {
-        async getAccount(providerAccountId, provider) {
-            const result = await conn.selectFrom('Account').selectAll().where('providerAccountId', '=', providerAccountId).where('provider', '=', provider).executeTakeFirst();
-            return result ?? null;
-        },
-        async getAuthenticator(credentialID) {
-            const result = await conn.selectFrom('Authenticator').selectAll().where('credentialID', '=', credentialID).executeTakeFirst();
-            return result ?? null;
-        },
-        async createAuthenticator(authenticator) {
-            await conn.insertInto('Authenticator').values(authenticator).executeTakeFirstOrThrow();
-            return authenticator;
-        },
-        async listAuthenticatorsByUserId(userId) {
-            const result = await conn.selectFrom('Authenticator').selectAll().where('userId', '=', userId).execute();
-            return result;
-        },
-        async updateAuthenticatorCounter(credentialID, newCounter) {
-            await conn.updateTable('Authenticator').set({ counter: newCounter }).where('credentialID', '=', credentialID).executeTakeFirstOrThrow();
-            const authenticator = await adapter.getAuthenticator?.(credentialID);
-            if (!authenticator)
-                throw new Error('Authenticator not found');
-            return authenticator;
-        },
-    });
+import { jsonObjectFrom } from 'kysely/helpers/postgres';
+import { randomBytes, randomUUID } from 'node:crypto';
+import { connect, database as db } from './database.js';
+export async function getUser(id) {
+    connect();
+    const result = await db.selectFrom('users').selectAll().where('id', '=', id).executeTakeFirst();
+    if (!result)
+        return null;
+    return result;
 }
-/**
- * Login using credentials
- */
-export async function register(credentials) {
-    const { email, password, name } = Registration.parse(credentials);
-    const existing = await adapter.getUserByEmail?.(email);
-    if (existing)
-        throw 'User already exists';
-    let id = crypto.randomUUID();
-    while (await adapter.getUser?.(id))
-        id = crypto.randomUUID();
-    const salt = genSaltSync(10);
-    const user = await adapter.createUser({
-        id,
-        name,
-        email,
-        emailVerified: null,
-        salt: password ? salt : null,
-        password: password ? hashSync(password, salt) : null,
-        preferences: {},
-    });
-    const expires = new Date();
-    expires.setMonth(expires.getMonth() + 1);
-    const session = await adapter.createSession({
-        sessionToken: randomBytes(64).toString('base64'),
-        userId: id,
-        expires,
-    });
-    return { user, session };
+export async function getUserByEmail(email) {
+    connect();
+    const result = await db.selectFrom('users').selectAll().where('email', '=', email).executeTakeFirst();
+    if (!result)
+        return null;
+    return result;
+}
+export async function updateUser({ id, ...user }) {
+    connect();
+    const query = db.updateTable('users').set(user).where('id', '=', id);
+    return await query.returningAll().executeTakeFirstOrThrow();
+}
+const in30days = () => new Date(Date.now() + 2592000000);
+const in10minutes = () => new Date(Date.now() + 600000);
+export async function createSession(userId, elevated = false) {
+    connect();
+    const session = {
+        id: randomUUID(),
+        userId,
+        token: randomBytes(64).toString('base64'),
+        expires: elevated ? in10minutes() : in30days(),
+        elevated,
+        created: new Date(),
+    };
+    await db.insertInto('sessions').values(session).execute();
+    return session;
+}
+export async function getSessionAndUser(token) {
+    connect();
+    const result = await db
+        .selectFrom('sessions')
+        .selectAll()
+        .select(eb => jsonObjectFrom(eb.selectFrom('users').selectAll().whereRef('users.id', '=', 'sessions.userId')).as('user'))
+        .where('sessions.token', '=', token)
+        .where('sessions.expires', '>', new Date())
+        .executeTakeFirst();
+    if (!result)
+        throw new Error('Session not found');
+    return result;
+}
+export async function getSession(sessionId) {
+    connect();
+    return await db
+        .selectFrom('sessions')
+        .selectAll()
+        .where('id', '=', sessionId)
+        .where('sessions.expires', '>', new Date())
+        .executeTakeFirstOrThrow();
+}
+export async function getSessions(userId) {
+    connect();
+    return await db.selectFrom('sessions').selectAll().where('userId', '=', userId).where('sessions.expires', '>', new Date()).execute();
 }
 /**
- * Authorize using credentials
+ * Create a verification
+ * @param expires How long the token should be valid for in seconds
  */
-export async function authorize(credentials) {
-    const { success, error, data } = Login.safeParse(credentials);
-    if (!success)
-        throw new CredentialsSignin(error);
-    const user = await adapter.getUserByEmail?.(data.email);
-    if (!user || !data.password || !user.salt)
-        return null;
-    if (user.password !== hashSync(data.password, user.salt))
+export async function createVerification(role, userId, expires) {
+    const token = randomBytes(64).toString('base64url');
+    const verification = { userId, token, expires: new Date(Date.now() + expires * 1000), role };
+    connect();
+    await db.insertInto('verifications').values(verification).executeTakeFirstOrThrow();
+    setTimeout(() => {
+        void db.deleteFrom('verifications').where('verifications.token', '=', verification.token).execute();
+    }, expires * 1000);
+    return verification;
+}
+export async function useVerification(role, userId, token) {
+    connect();
+    const query = db
+        .deleteFrom('verifications')
+        .where('verifications.token', '=', token)
+        .where('verifications.userId', '=', userId)
+        .where('verifications.role', '=', role);
+    return await query.returningAll().executeTakeFirst();
+}
+export async function getPasskey(id) {
+    connect();
+    const result = await db.selectFrom('passkeys').selectAll().where('id', '=', id).executeTakeFirst();
+    if (!result)
         return null;
-    return omit(user, 'password', 'salt');
+    return result;
 }
-export function getConfig() {
-    createAdapter();
-    const providers = [Passkey({})];
-    if (config.auth.credentials) {
-        providers.push(Credentials({
-            credentials: {
-                email: { label: 'Email', type: 'email' },
-                password: { label: 'Password', type: 'password' },
-            },
-            authorize,
-        }));
-    }
-    const debug = config.auth.debug ?? config.debug;
-    return {
-        adapter,
-        providers,
-        debug,
-        experimental: { enableWebAuthn: true },
-        secret: config.auth.secret,
-        useSecureCookies: config.auth.secure_cookies,
-        session: { strategy: 'database' },
-        logger: {
-            error(error) {
-                logger.error('[auth] ' + error.message);
-            },
-            warn(code) {
-                switch (code) {
-                    case 'experimental-webauthn':
-                    case 'debug-enabled':
-                        return;
-                    case 'csrf-disabled':
-                        logger.warn('CSRF protection is disabled.');
-                        break;
-                    case 'env-url-basepath-redundant':
-                    case 'env-url-basepath-mismatch':
-                    default:
-                        logger.warn('[auth] ' + code);
-                }
-            },
-            debug(message, metadata) {
-                debug && logger.debug('[auth]', message, metadata ? JSON.stringify(metadata, (k, v) => (k && JSON.stringify(v).length > 100 ? '...' : v)) : '');
-            },
-        },
-        callbacks: {
-            signIn({ user }) {
-                logger.info('[auth] signin', user.id ?? '', user.email ? `(${user.email})` : '');
-                return true;
-            },
-        },
-    };
+export async function createPasskey(passkey) {
+    connect();
+    const result = await db.insertInto('passkeys').values(passkey).returningAll().executeTakeFirstOrThrow();
+    return result;
+}
+export async function getPasskeysByUserId(userId) {
+    connect();
+    return await db.selectFrom('passkeys').selectAll().where('userId', '=', userId).execute();
+}
+export async function updatePasskeyCounter(id, newCounter) {
+    connect();
+    await db.updateTable('passkeys').set({ counter: newCounter }).where('id', '=', id).executeTakeFirstOrThrow();
+    const passkey = await getPasskey(id);
+    if (!passkey)
+        throw new Error('Passkey not found');
+    return passkey;
 }

package/dist/cli.js

@@ -1,6 +1,57 @@
 #!/usr/bin/env node
+var __addDisposableResource = (this && this.__addDisposableResource) || function (env, value, async) {
+    if (value !== null && value !== void 0) {
+        if (typeof value !== "object" && typeof value !== "function") throw new TypeError("Object expected.");
+        var dispose, inner;
+        if (async) {
+            if (!Symbol.asyncDispose) throw new TypeError("Symbol.asyncDispose is not defined.");
+            dispose = value[Symbol.asyncDispose];
+        }
+        if (dispose === void 0) {
+            if (!Symbol.dispose) throw new TypeError("Symbol.dispose is not defined.");
+            dispose = value[Symbol.dispose];
+            if (async) inner = dispose;
+        }
+        if (typeof dispose !== "function") throw new TypeError("Object not disposable.");
+        if (inner) dispose = function() { try { inner.call(this); } catch (e) { return Promise.reject(e); } };
+        env.stack.push({ value: value, dispose: dispose, async: async });
+    }
+    else if (async) {
+        env.stack.push({ async: true });
+    }
+    return value;
+};
+var __disposeResources = (this && this.__disposeResources) || (function (SuppressedError) {
+    return function (env) {
+        function fail(e) {
+            env.error = env.hasError ? new SuppressedError(e, env.error, "An error was suppressed during disposal.") : e;
+            env.hasError = true;
+        }
+        var r, s = 0;
+        function next() {
+            while (r = env.stack.pop()) {
+                try {
+                    if (!r.async && s === 1) return s = 0, env.stack.push(r), Promise.resolve().then(next);
+                    if (r.dispose) {
+                        var result = r.dispose.call(r.value);
+                        if (r.async) return s |= 2, Promise.resolve(result).then(next, function(e) { fail(e); return next(); });
+                    }
+                    else s |= 1;
+                }
+                catch (e) {
+                    fail(e);
+                }
+            }
+            if (s === 1) return env.hasError ? Promise.reject(env.error) : Promise.resolve();
+            if (env.hasError) throw env.error;
+        }
+        return next();
+    };
+})(typeof SuppressedError === "function" ? SuppressedError : function (error, suppressed, message) {
+    var e = new Error(message);
+    return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
+});
 import { Argument, Option, program } from 'commander';
-import { randomBytes } from 'node:crypto';
 import { styleText } from 'node:util';
 import { getByString, isJSON, setByString } from 'utilium';
 import $pkg from '../package.json' with { type: 'json' };
@@ -8,6 +59,7 @@ import config from './config.js';
 import * as db from './database.js';
 import { _portActions, _portMethods, exit, handleError, output, restrictedPorts } from './io.js';
 import { loadDefaultPlugins, plugins, pluginText, resolvePlugin } from './plugins.js';
+import { apps } from './apps.js';
 program
     .version($pkg.version)
     .name('axium')
@@ -25,10 +77,10 @@ program.hook('preAction', async function (_, action) {
     opt.force && output.warn('--force: Protections disabled.');
     if (opt.debug === false)
         config.set({ debug: false });
-    if (!config.auth.secret) {
+    /* if (!config.auth.secret) {
         config.save({ auth: { secret: process.env.AUTH_SECRET || randomBytes(32).toString('base64') } }, true);
         output.debug('Auto-generated a new auth secret');
-    }
+    } */
 });
 // Options shared by multiple (sub)commands
 const opts = {
@@ -76,32 +128,82 @@ axiumDB
     .description('Drop the Axium database and user')
     .addOption(opts.force)
     .action(async (opt) => {
-    const stats = await db.status().catch(exit);
-    if (!opt.force)
-        for (const key of ['users', 'accounts', 'sessions']) {
-            if (stats[key] == 0)
-                continue;
-            output.warn(`Database has existing ${key}. Use --force if you really want to drop the database.`);
-            process.exit(2);
-        }
-    await db.uninstall(opt).catch(exit);
-    await db.database.destroy();
+    const env_1 = { stack: [], error: void 0, hasError: false };
+    try {
+        const _ = __addDisposableResource(env_1, db.connect(), true);
+        const stats = await db.status().catch(exit);
+        if (!opt.force)
+            for (const key of ['users', 'passkeys', 'sessions']) {
+                if (stats[key] == 0)
+                    continue;
+                output.warn(`Database has existing ${key}. Use --force if you really want to drop the database.`);
+                process.exit(2);
+            }
+        await db.uninstall(opt).catch(exit);
+    }
+    catch (e_1) {
+        env_1.error = e_1;
+        env_1.hasError = true;
+    }
+    finally {
+        const result_1 = __disposeResources(env_1);
+        if (result_1)
+            await result_1;
+    }
 });
 axiumDB
     .command('wipe')
     .description('Wipe the database')
     .addOption(opts.force)
     .action(async (opt) => {
-    const stats = await db.status().catch(exit);
-    if (!opt.force)
-        for (const key of ['users', 'accounts', 'sessions']) {
-            if (stats[key] == 0)
-                continue;
-            output.warn(`Database has existing ${key}. Use --force if you really want to wipe the database.`);
-            process.exit(2);
-        }
-    await db.wipe(opt).catch(exit);
-    await db.database.destroy();
+    const env_2 = { stack: [], error: void 0, hasError: false };
+    try {
+        const _ = __addDisposableResource(env_2, db.connect(), true);
+        const stats = await db.status().catch(exit);
+        if (!opt.force)
+            for (const key of ['users', 'passkeys', 'sessions']) {
+                if (stats[key] == 0)
+                    continue;
+                output.warn(`Database has existing ${key}. Use --force if you really want to wipe the database.`);
+                process.exit(2);
+            }
+        await db.wipe(opt).catch(exit);
+    }
+    catch (e_2) {
+        env_2.error = e_2;
+        env_2.hasError = true;
+    }
+    finally {
+        const result_2 = __disposeResources(env_2);
+        if (result_2)
+            await result_2;
+    }
+});
+axiumDB
+    .command('check')
+    .description('Check the structure of the database')
+    .action(async (opt) => {
+    await db.check(opt).catch(exit);
+});
+axiumDB
+    .command('clean')
+    .description('Remove expired rows')
+    .addOption(opts.force)
+    .action(async (opt) => {
+    const env_3 = { stack: [], error: void 0, hasError: false };
+    try {
+        const _ = __addDisposableResource(env_3, db.connect(), true);
+        await db.clean(opt).catch(exit);
+    }
+    catch (e_3) {
+        env_3.error = e_3;
+        env_3.hasError = true;
+    }
+    finally {
+        const result_3 = __disposeResources(env_3);
+        if (result_3)
+            await result_3;
+    }
 });
 const axiumConfig = program
     .command('config')
@@ -111,7 +213,6 @@ const axiumConfig = program
     .option('-r, --redact', 'Do not output sensitive values');
 function configReplacer(opt) {
     return (key, value) => {
-        // eslint-disable-next-line @typescript-eslint/no-unsafe-return
         return opt.redact && ['password', 'secret'].includes(key) ? '[redacted]' : value;
     };
 }
@@ -191,33 +292,66 @@ axiumPlugin
         exit(`Can't find a plugin matching "${search}"`);
     console.log(pluginText(plugin));
 });
+const axiumApps = program.command('apps').description('Manage Axium apps').addOption(opts.global);
+axiumApps
+    .command('list')
+    .alias('ls')
+    .description('List apps added by plugins')
+    .option('-l, --long', 'use the long listing format')
+    .option('-b, --builtin', 'include built-in apps')
+    .action((opt) => {
+    if (!apps.size) {
+        console.log('No apps.');
+        return;
+    }
+    if (!opt.long) {
+        console.log(Array.from(apps.values().map(app => app.name)).join(', '));
+        return;
+    }
+    console.log(styleText('whiteBright', apps.size + ' app(s) loaded:'));
+    for (const app of apps.values()) {
+        console.log(app.name, styleText('dim', `(${app.id})`));
+    }
+});
 program
     .command('status')
     .alias('stats')
     .description('Get information about the server')
     .addOption(opts.host)
     .action(async () => {
-    console.log('Axium Server v' + program.version());
-    console.log(styleText('whiteBright', 'Debug mode:'), config.debug ? styleText('yellow', 'enabled') : 'disabled');
-    console.log(styleText('whiteBright', 'Loaded config files:'), config.files.keys().toArray().join(', '));
-    process.stdout.write(styleText('whiteBright', 'Database: '));
+    const env_4 = { stack: [], error: void 0, hasError: false };
     try {
-        console.log(await db.statusText());
+        console.log('Axium Server v' + program.version());
+        console.log(styleText('whiteBright', 'Debug mode:'), config.debug ? styleText('yellow', 'enabled') : 'disabled');
+        console.log(styleText('whiteBright', 'Loaded config files:'), config.files.keys().toArray().join(', '));
+        process.stdout.write(styleText('whiteBright', 'Database: '));
+        const _ = __addDisposableResource(env_4, db.connect(), true);
+        try {
+            console.log(await db.statusText());
+        }
+        catch {
+            output.error('Unavailable');
+        }
+        console.log(styleText('whiteBright', 'Credentials authentication:'), config.auth.credentials ? styleText('yellow', 'enabled') : 'disabled');
+        console.log(styleText('whiteBright', 'Loaded plugins:'), Array.from(plugins)
+            .map(plugin => plugin.id)
+            .join(', ') || styleText('dim', '(none)'));
+        for (const plugin of plugins) {
+            if (!plugin.statusText)
+                continue;
+            console.log(styleText('bold', plugin.name), plugin.version + ':');
+            console.log(await plugin.statusText());
+        }
     }
-    catch {
-        output.error('Unavailable');
+    catch (e_4) {
+        env_4.error = e_4;
+        env_4.hasError = true;
     }
-    console.log(styleText('whiteBright', 'Credentials authentication:'), config.auth.credentials ? styleText('yellow', 'enabled') : 'disabled');
-    console.log(styleText('whiteBright', 'Loaded plugins:'), Array.from(plugins)
-        .map(plugin => plugin.id)
-        .join(', ') || styleText('dim', '(none)'));
-    for (const plugin of plugins) {
-        if (!plugin.statusText)
-            continue;
-        console.log(styleText('bold', plugin.name), plugin.version + ':');
-        console.log(await plugin.statusText());
+    finally {
+        const result_4 = __disposeResources(env_4);
+        if (result_4)
+            await result_4;
     }
-    await db.database.destroy();
 });
 program
     .command('ports')
@@ -234,7 +368,7 @@ program
     .addOption(opts.force)
     .addOption(opts.host)
     .action(async (opt) => {
-    config.save({ auth: { secret: randomBytes(32).toString('base64') } }, true);
+    /* config.save({ auth: { secret: randomBytes(32).toString('base64') } }, true); */
     await db.init({ ...opt, skip: opt.dbSkip }).catch(handleError);
     await restrictedPorts({ method: 'node-cap', action: 'enable' }).catch(handleError);
 });