@axium/server 0.7.6 → 0.9.0

package/dist/database.js

@@ -52,6 +52,7 @@ var __disposeResources = (this && this.__disposeResources) || (function (Suppres
 });
 import { Kysely, PostgresDialect, sql } from 'kysely';
 import { randomBytes } from 'node:crypto';
+import { readFileSync, writeFileSync } from 'node:fs';
 import pg from 'pg';
 import config from './config.js';
 import { _fixOutput, run, someWarnings } from './io.js';
@@ -72,19 +73,21 @@ export function connect() {
 }
 export async function count(table) {
     const db = connect();
-    return (await db.selectFrom(table).select(db.fn.countAll().as('count')).executeTakeFirstOrThrow()).count;
+    return (await db.selectFrom(table)
+        .select(db.fn.countAll().as('count'))
+        .executeTakeFirstOrThrow()).count;
 }
 export async function status() {
     return {
-        users: await count('User'),
-        accounts: await count('Account'),
-        sessions: await count('Session'),
+        users: await count('users'),
+        passkeys: await count('passkeys'),
+        sessions: await count('sessions'),
     };
 }
 export async function statusText() {
     try {
         const stats = await status();
-        return `${stats.users} users, ${stats.accounts} accounts, ${stats.sessions} sessions`;
+        return `${stats.users} users, ${stats.passkeys} passkeys, ${stats.sessions} sessions`;
     }
     catch (error) {
         throw typeof error == 'object' && 'message' in error ? error.message : error;
@@ -102,6 +105,30 @@ export function shouldRecreate(opt) {
     opt.output('warn', 'already exists. Use --skip to skip or --force to re-create.');
     throw 2;
 }
+export async function getHBA(opt) {
+    const hbaShowResult = await run(opt, 'Finding pg_hba.conf', `sudo -u postgres psql -c "SHOW hba_file"`);
+    opt.output('start', 'Resolving pg_hba.conf path');
+    const hbaPath = hbaShowResult.match(/^\s*(.+\.conf)\s*$/m)?.[1]?.trim();
+    if (!hbaPath) {
+        throw 'failed. You will need to add password-based auth for the axium user manually.';
+    }
+    opt.output('done');
+    opt.output('debug', `Found pg_hba.conf at ${hbaPath}`);
+    opt.output('start', 'Reading HBA configuration');
+    const content = readFileSync(hbaPath, 'utf-8');
+    opt.output('done');
+    const writeBack = (newContent) => {
+        opt.output('start', 'Writing HBA configuration');
+        writeFileSync(hbaPath, newContent);
+        opt.output('done');
+    };
+    return [content, writeBack];
+}
+const pgHba = `
+local axium axium md5
+host  axium axium 127.0.0.1/32 md5
+host  axium axium ::1/128 md5
+`;
 export async function init(opt) {
     const env_1 = { stack: [], error: void 0, hasError: false };
     try {
@@ -110,8 +137,10 @@ export async function init(opt) {
             config.save({ db: { password: randomBytes(32).toString('base64') } }, true);
             opt.output('debug', 'Generated password and wrote to global config');
         }
+        await run(opt, 'Checking for sudo', 'which sudo');
+        await run(opt, 'Checking for psql', 'which psql');
         const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
-        const warnExists = someWarnings(opt.output, [/(schema|relation) "\w+" already exists/, 'already exists.']);
+        const warnExists = someWarnings(opt.output, [/(schema|relation) "[\w.]+" already exists/, 'already exists.']);
         const done = () => opt.output('done');
         await _sql('CREATE DATABASE axium', 'Creating database').catch(async (error) => {
             if (error != 'database "axium" already exists')
@@ -134,79 +163,73 @@ export async function init(opt) {
         await _sql('GRANT ALL PRIVILEGES ON DATABASE axium TO axium', 'Granting database privileges');
         await _sql('GRANT ALL PRIVILEGES ON SCHEMA public TO axium', 'Granting schema privileges');
         await _sql('ALTER DATABASE axium OWNER TO axium', 'Setting database owner');
+        await getHBA(opt)
+            .then(([content, writeBack]) => {
+            opt.output('start', 'Checking for Axium HBA configuration');
+            if (content.includes(pgHba))
+                throw 'already exists.';
+            done();
+            opt.output('start', 'Adding Axium HBA configuration');
+            const newContent = content.replace(/^local\s+all\s+all.*$/m, `$&\n${pgHba}`);
+            done();
+            writeBack(newContent);
+        })
+            .catch(e => opt.output('warn', e));
         await _sql('SELECT pg_reload_conf()', 'Reloading configuration');
         const db = __addDisposableResource(env_1, connect(), true);
-        opt.output('start', 'Creating table User');
+        opt.output('start', 'Creating table users');
         await db.schema
-            .createTable('User')
+            .createTable('users')
             .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
             .addColumn('name', 'text')
             .addColumn('email', 'text', col => col.unique().notNull())
             .addColumn('emailVerified', 'timestamptz')
             .addColumn('image', 'text')
-            .addColumn('password', 'text')
-            .addColumn('salt', 'text')
             .addColumn('preferences', 'jsonb', col => col.notNull().defaultTo(sql `'{}'::jsonb`))
             .execute()
             .then(done)
             .catch(warnExists);
-        opt.output('start', 'Creating table Account');
+        opt.output('start', 'Creating table sessions');
         await db.schema
-            .createTable('Account')
+            .createTable('sessions')
             .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('userId', 'uuid', col => col.references('User.id').onDelete('cascade').notNull())
-            .addColumn('type', 'text', col => col.notNull())
-            .addColumn('provider', 'text', col => col.notNull())
-            .addColumn('providerAccountId', 'text', col => col.notNull())
-            .addColumn('refresh_token', 'text')
-            .addColumn('access_token', 'text')
-            .addColumn('expires_at', 'bigint')
-            .addColumn('token_type', 'text')
-            .addColumn('scope', 'text')
-            .addColumn('id_token', 'text')
-            .addColumn('session_state', 'text')
-            .execute()
-            .then(done)
-            .catch(warnExists);
-        opt.output('start', 'Creating index for Account.userId');
-        await db.schema.createIndex('Account_userId_index').on('Account').column('userId').execute().then(done).catch(warnExists);
-        opt.output('start', 'Creating table Session');
-        await db.schema
-            .createTable('Session')
-            .addColumn('id', 'uuid', col => col.primaryKey().defaultTo(sql `gen_random_uuid()`))
-            .addColumn('userId', 'uuid', col => col.references('User.id').onDelete('cascade').notNull())
-            .addColumn('sessionToken', 'text', col => col.notNull().unique())
+            .addColumn('userId', 'uuid', col => col.references('users.id').onDelete('cascade').notNull())
+            .addColumn('token', 'text', col => col.notNull().unique())
+            .addColumn('created', 'timestamptz', col => col.notNull())
             .addColumn('expires', 'timestamptz', col => col.notNull())
+            .addColumn('elevated', 'boolean', col => col.notNull())
             .execute()
             .then(done)
             .catch(warnExists);
-        opt.output('start', 'Creating index for Session.userId');
-        await db.schema.createIndex('Session_userId_index').on('Session').column('userId').execute().then(done).catch(warnExists);
-        opt.output('start', 'Creating table VerificationToken');
+        opt.output('start', 'Creating index for sessions.userId');
+        await db.schema.createIndex('sessions_userId_index').on('sessions').column('userId').execute().then(done).catch(warnExists);
+        opt.output('start', 'Creating table verifications');
         await db.schema
-            .createTable('VerificationToken')
-            .addColumn('identifier', 'text', col => col.notNull())
+            .createTable('verifications')
+            .addColumn('userId', 'uuid', col => col.references('users.id').onDelete('cascade').notNull())
             .addColumn('token', 'text', col => col.notNull().unique())
             .addColumn('expires', 'timestamptz', col => col.notNull())
+            .addColumn('role', 'text', col => col.notNull())
             .execute()
             .then(done)
             .catch(warnExists);
-        opt.output('start', 'Creating table Authenticator');
+        opt.output('start', 'Creating table passkeys');
         await db.schema
-            .createTable('Authenticator')
-            .addColumn('credentialID', 'text', col => col.primaryKey().notNull())
-            .addColumn('userId', 'uuid', col => col.notNull().references('User.id').onDelete('cascade').onUpdate('cascade'))
-            .addColumn('providerAccountId', 'text', col => col.notNull())
-            .addColumn('credentialPublicKey', 'text', col => col.notNull())
+            .createTable('passkeys')
+            .addColumn('id', 'text', col => col.primaryKey().notNull())
+            .addColumn('name', 'text')
+            .addColumn('createdAt', 'timestamptz', col => col.notNull().defaultTo(sql `now()`))
+            .addColumn('userId', 'uuid', col => col.notNull().references('users.id').onDelete('cascade').onUpdate('cascade'))
+            .addColumn('publicKey', 'bytea', col => col.notNull())
             .addColumn('counter', 'integer', col => col.notNull())
-            .addColumn('credentialDeviceType', 'text', col => col.notNull())
-            .addColumn('credentialBackedUp', 'boolean', col => col.notNull())
-            .addColumn('transports', 'text')
+            .addColumn('deviceType', 'text', col => col.notNull())
+            .addColumn('backedUp', 'boolean', col => col.notNull())
+            .addColumn('transports', sql `text[]`)
             .execute()
             .then(done)
             .catch(warnExists);
-        opt.output('start', 'Creating index for Authenticator.credentialID');
-        await db.schema.createIndex('Authenticator_credentialID_key').on('Authenticator').column('credentialID').execute().then(done).catch(warnExists);
+        opt.output('start', 'Creating index for passkeys.id');
+        await db.schema.createIndex('passkeys_id_key').on('passkeys').column('id').execute().then(done).catch(warnExists);
         for (const plugin of plugins) {
             if (!plugin.db_init)
                 continue;
@@ -224,23 +247,103 @@ export async function init(opt) {
             await result_1;
     }
 }
-/**
- * Completely remove Axium from the database.
- */
-export async function uninstall(opt) {
+export async function check(opt) {
+    const env_2 = { stack: [], error: void 0, hasError: false };
+    try {
+        _fixOutput(opt);
+        await run(opt, 'Checking for sudo', 'which sudo');
+        await run(opt, 'Checking for psql', 'which psql');
+        const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
+        const done = () => opt.output('done');
+        const throwUnlessRows = (text) => {
+            if (text.includes('(0 rows)'))
+                throw 'missing.';
+            return text;
+        };
+        await _sql(`SELECT 1 FROM pg_database WHERE datname = 'axium'`, 'Checking for database').then(throwUnlessRows);
+        await _sql(`SELECT 1 FROM pg_roles WHERE rolname = 'axium'`, 'Checking for user').then(throwUnlessRows);
+        opt.output('start', 'Connecting to database');
+        const db = __addDisposableResource(env_2, connect(), true);
+        done();
+        opt.output('start', `Checking users table`);
+        await db.selectFrom('users').select(['id', 'email', 'emailVerified', 'image', 'name', 'preferences']).execute().then(done);
+        opt.output('start', `Checking sessions table`);
+        await db.selectFrom('sessions').select(['id', 'userId', 'token', 'created', 'expires', 'elevated']).execute().then(done);
+        opt.output('start', `Checking verifications table`);
+        await db.selectFrom('verifications').select(['userId', 'token', 'expires', 'role']).execute().then(done);
+        opt.output('start', `Checking passkeys table`);
+        await db
+            .selectFrom('passkeys')
+            .select(['id', 'name', 'createdAt', 'userId', 'publicKey', 'counter', 'deviceType', 'backedUp', 'transports'])
+            .execute()
+            .then(done);
+    }
+    catch (e_2) {
+        env_2.error = e_2;
+        env_2.hasError = true;
+    }
+    finally {
+        const result_2 = __disposeResources(env_2);
+        if (result_2)
+            await result_2;
+    }
+}
+export async function clean(opt) {
     _fixOutput(opt);
+    const done = () => opt.output('done');
+    const now = new Date();
     const db = connect();
+    opt.output('start', 'Removing expired sessions');
+    await db.deleteFrom('sessions').where('sessions.expires', '<', now).execute().then(done);
+    opt.output('start', 'Removing expired verifications');
+    await db.deleteFrom('verifications').where('verifications.expires', '<', now).execute().then(done);
     for (const plugin of plugins) {
-        if (!plugin.db_remove)
+        if (!plugin.db_clean)
             continue;
         opt.output('plugin', plugin.name);
-        await plugin.db_remove(opt, db);
+        await plugin.db_clean(opt, db);
+    }
+}
+/**
+ * Completely remove Axium from the database.
+ */
+export async function uninstall(opt) {
+    const env_3 = { stack: [], error: void 0, hasError: false };
+    try {
+        _fixOutput(opt);
+        const db = __addDisposableResource(env_3, connect(), true);
+        for (const plugin of plugins) {
+            if (!plugin.db_remove)
+                continue;
+            opt.output('plugin', plugin.name);
+            await plugin.db_remove(opt, db);
+        }
+        const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
+        await _sql('DROP DATABASE axium', 'Dropping database');
+        await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
+        await _sql('DROP USER axium', 'Dropping user');
+        await getHBA(opt)
+            .then(([content, writeBack]) => {
+            opt.output('start', 'Checking for Axium HBA configuration');
+            if (!content.includes(pgHba))
+                throw 'missing.';
+            opt.output('done');
+            opt.output('start', 'Removing Axium HBA configuration');
+            const newContent = content.replace(pgHba, '');
+            opt.output('done');
+            writeBack(newContent);
+        })
+            .catch(e => opt.output('warn', e));
+    }
+    catch (e_3) {
+        env_3.error = e_3;
+        env_3.hasError = true;
+    }
+    finally {
+        const result_3 = __disposeResources(env_3);
+        if (result_3)
+            await result_3;
     }
-    await db.destroy();
-    const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
-    await _sql('DROP DATABASE axium', 'Dropping database');
-    await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
-    await _sql('DROP USER axium', 'Dropping user');
 }
 /**
  * Removes all data from tables.
@@ -254,7 +357,7 @@ export async function wipe(opt) {
         opt.output('plugin', plugin.name);
         await plugin.db_wipe(opt, db);
     }
-    for (const table of ['User', 'Account', 'Session', 'VerificationToken', 'Authenticator']) {
+    for (const table of ['users', 'passkeys', 'sessions', 'verifications']) {
         opt.output('start', `Removing data from ${table}`);
         await db.deleteFrom(table).execute();
         opt.output('done');

package/dist/io.js

@@ -65,7 +65,11 @@ export async function run(opts, message, command) {
         return value;
     }
     catch (error) {
-        throw error == '[command]' ? stderr?.slice(0, 100) || 'failed.' : typeof error == 'object' && 'message' in error ? error.message : error;
+        throw error == '[command]'
+            ? stderr?.slice(0, 100) || 'failed.'
+            : typeof error == 'object' && 'message' in error
+                ? error.message
+                : error;
     }
 }
 /** Yet another convenience function */
@@ -149,7 +153,7 @@ export async function restrictedPorts(opt) {
                 opt.output('done');
                 return '/usr/sbin/setcap';
             });
-            opt.output('debug', 'Using setup at ' + setcap);
+            opt.output('debug', 'Using setcap at ' + setcap);
             let { node } = opt;
             node ||= await run(opt, 'Finding node', 'command -v node')
                 .then(e => e.trim())

package/dist/plugins.d.ts

@@ -1,32 +1,16 @@
-import * as z from 'zod';
+import z from 'zod/v4';
+export declare const fn: z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>;
 export declare const Plugin: z.ZodObject<{
     id: z.ZodString;
     name: z.ZodString;
     version: z.ZodString;
     description: z.ZodOptional<z.ZodString>;
-    statusText: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodPromise<z.ZodString>]>>>;
-    db_init: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
-    db_remove: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
-    db_wipe: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
-}, "strip", z.ZodTypeAny, {
-    name: string;
-    id: string;
-    version: string;
-    description?: string | undefined;
-    statusText?: ((...args: unknown[]) => string | Promise<string>) | undefined;
-    db_init?: ((...args: unknown[]) => unknown) | undefined;
-    db_remove?: ((...args: unknown[]) => unknown) | undefined;
-    db_wipe?: ((...args: unknown[]) => unknown) | undefined;
-}, {
-    name: string;
-    id: string;
-    version: string;
-    description?: string | undefined;
-    statusText?: ((...args: unknown[]) => string | Promise<string>) | undefined;
-    db_init?: ((...args: unknown[]) => unknown) | undefined;
-    db_remove?: ((...args: unknown[]) => unknown) | undefined;
-    db_wipe?: ((...args: unknown[]) => unknown) | undefined;
-}>;
+    statusText: z.ZodCustom<z.core.$InferInnerFunctionTypeAsync<z.core.$ZodTuple<[], null>, z.ZodString>, z.core.$InferInnerFunctionTypeAsync<z.core.$ZodTuple<[], null>, z.ZodString>>;
+    db_init: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
+    db_remove: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
+    db_wipe: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
+    db_clean: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
+}, z.core.$strip>;
 export interface Plugin extends z.infer<typeof Plugin> {
 }
 export declare const plugins: Set<Plugin>;

package/dist/plugins.js

@@ -1,23 +1,20 @@
 import * as fs from 'node:fs';
 import { join, resolve } from 'node:path/posix';
 import { styleText } from 'node:util';
-import * as z from 'zod';
-import { fromZodError } from 'zod-validation-error';
+import z from 'zod/v4';
 import { findDir, output } from './io.js';
-import { fileURLToPath } from 'node:url';
+import { zAsyncFunction } from '@axium/core/schemas';
+export const fn = z.custom(data => typeof data === 'function');
 export const Plugin = z.object({
     id: z.string(),
     name: z.string(),
     version: z.string(),
     description: z.string().optional(),
-    statusText: z
-        .function()
-        .args()
-        .returns(z.union([z.string(), z.promise(z.string())]))
-        .optional(),
-    db_init: z.function().optional(),
-    db_remove: z.function().optional(),
-    db_wipe: z.function().optional(),
+    statusText: zAsyncFunction(z.function({ input: [], output: z.string() })),
+    db_init: fn.optional(),
+    db_remove: fn.optional(),
+    db_wipe: fn.optional(),
+    db_clean: fn.optional(),
 });
 export const plugins = new Set();
 export function resolvePlugin(search) {
@@ -32,7 +29,6 @@ export function pluginText(plugin) {
         plugin.id,
         `Version: ${plugin.version}`,
         `Description: ${plugin.description ?? styleText('dim', '(none)')}`,
-        `Status text integration: ${plugin.statusText ? styleText('whiteBright', 'yes') : styleText('yellow', 'no')}`,
         `Database integration: ${[plugin.db_init, plugin.db_remove, plugin.db_wipe]
             .filter(Boolean)
             .map(fn => fn?.name.slice(3))
@@ -41,8 +37,8 @@ export function pluginText(plugin) {
 }
 export async function loadPlugin(specifier) {
     try {
-        const plugin = await Plugin.parseAsync(await import(specifier)).catch(e => {
-            throw fromZodError(e);
+        const plugin = await Plugin.parseAsync(await import(/* @vite-ignore */ specifier)).catch(e => {
+            throw z.prettifyError(e);
         });
         plugins.add(plugin);
         output.debug(`Loaded plugin: "${plugin.name}" (${plugin.id}) ${plugin.version}`);

package/dist/routes.d.ts

@@ -0,0 +1,55 @@
+import type { RequestMethod } from '@axium/core/requests';
+import type { LoadEvent, RequestEvent } from '@sveltejs/kit';
+import type { Component } from 'svelte';
+import type z from 'zod/v4';
+type _Params = Partial<Record<string, string>>;
+export type EndpointHandlers<Params extends _Params = _Params> = Partial<Record<RequestMethod, (event: RequestEvent<Params>) => object | Promise<object>>>;
+export type RouteParamOptions = z.ZodType;
+export interface CommonRouteOptions<Params extends _Params = _Params> {
+    path: string;
+    params?: {
+        [K in keyof Params]?: RouteParamOptions;
+    };
+}
+/**
+ * A route with server-side handlers for different HTTP methods.
+ */
+export interface ServerRouteOptions<Params extends _Params = _Params> extends CommonRouteOptions<Params>, EndpointHandlers<Params> {
+}
+export interface WebRouteOptions extends CommonRouteOptions {
+    load?(event: RequestEvent): object | Promise<object>;
+    /** the Svelte page */
+    page?: Component;
+}
+export type RouteOptions = ServerRouteOptions | WebRouteOptions;
+export interface RouteCommon {
+    path: string;
+    params?: Record<string, RouteParamOptions>;
+    [kBuiltin]: boolean;
+}
+export interface ServerRoute extends RouteCommon, EndpointHandlers {
+    server: true;
+}
+export interface WebRoute extends RouteCommon {
+    server: false;
+    load?(event: LoadEvent): object | Promise<object>;
+    page?: Component;
+}
+export type Route = ServerRoute | WebRoute;
+/**
+ * @internal
+ */
+export declare const routes: Map<string, Route>;
+declare const kBuiltin: unique symbol;
+export declare function addRoute(opt: RouteOptions, _routeMap?: Map<string, Route>): void;
+/**
+ * Resolve a request URL into a route.
+ * This handles parsing of parameters in the URL.
+ */
+export declare function resolveRoute<T extends Route>(event: RequestEvent | LoadEvent, _routeMap?: Map<string, T>): T | undefined;
+/**
+ * This function marks all existing routes as built-in.
+ * @internal
+ */
+export declare function _markDefaults(): void;
+export {};

package/dist/routes.js

@@ -0,0 +1,54 @@
+/**
+ * @internal
+ */
+export const routes = new Map();
+const kBuiltin = Symbol('kBuiltin');
+export function addRoute(opt, _routeMap = routes) {
+    const route = { ...opt, server: !('page' in opt), [kBuiltin]: false };
+    if (!route.path.startsWith('/')) {
+        throw new Error(`Route path must start with a slash: ${route.path}`);
+    }
+    if (route.path.startsWith('/api/') && !route.server) {
+        throw new Error(`API routes cannot have a client page: ${route.path}`);
+    }
+    _routeMap.set(route.path, route);
+}
+/**
+ * Resolve a request URL into a route.
+ * This handles parsing of parameters in the URL.
+ */
+export function resolveRoute(event, _routeMap = routes) {
+    const { pathname } = event.url;
+    if (_routeMap.has(pathname) && !pathname.split('/').some(p => p.startsWith(':')))
+        return _routeMap.get(pathname);
+    // Otherwise we must have a parameterized route
+    routes: for (const route of _routeMap.values()) {
+        const params = {};
+        // Split the path and route into parts, zipped together
+        const pathParts = pathname.split('/').filter(Boolean);
+        for (const routePart of route.path.split('/').filter(Boolean)) {
+            const pathPart = pathParts.shift();
+            if (!pathPart)
+                continue routes;
+            if (pathPart == routePart)
+                continue;
+            if (!routePart.startsWith(':'))
+                continue routes;
+            params[routePart.slice(1)] = pathPart;
+        }
+        // we didn't find a match, since an exact match would have been found already
+        if (pathParts.length || !Object.keys(params).length)
+            continue;
+        event.params = params;
+        return route;
+    }
+}
+/**
+ * This function marks all existing routes as built-in.
+ * @internal
+ */
+export function _markDefaults() {
+    for (const route of routes.values()) {
+        route[kBuiltin] = true;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/server",
-	"version": "0.7.6",
+	"version": "0.9.0",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",
@@ -19,10 +19,9 @@
 	"types": "dist/index.d.ts",
 	"exports": {
 		".": "./dist/index.js",
-		"./*": "./dist/*",
+		"./*": "./dist/*.js",
 		"./web": "./web/index.js",
-		"./web/*": "./web/*",
-		"./web/server": "./web/index.server.js"
+		"./web/*": "./web/*"
 	},
 	"files": [
 		"dist",
@@ -35,27 +34,23 @@
 		"build": "tsc"
 	},
 	"peerDependencies": {
-		"@axium/core": ">=0.0.2"
+		"@axium/core": ">=0.3.0",
+		"@axium/client": ">=0.0.2",
+		"utilium": "^2.3.8",
+		"zod": "^3.25.61"
 	},
 	"dependencies": {
-		"@auth/core": "^0.38.0",
-		"@auth/kysely-adapter": "^1.8.0",
+		"@simplewebauthn/server": "^13.1.1",
+		"@sveltejs/kit": "^2.20.2",
 		"@types/pg": "^8.11.11",
-		"bcryptjs": "^3.0.2",
 		"commander": "^13.1.0",
-		"kysely": "^0.27.5",
+		"kysely": "^0.28.0",
 		"logzen": "^0.7.0",
 		"mime": "^4.0.7",
-		"pg": "^8.14.1",
-		"utilium": "^2.3.0",
-		"zod-validation-error": "^3.4.0"
+		"pg": "^8.14.1"
 	},
 	"devDependencies": {
-		"@auth/sveltekit": "^1.8.0",
-		"@simplewebauthn/browser": "^9.0.1",
-		"@simplewebauthn/server": "^9.0.3",
 		"@sveltejs/adapter-node": "^5.2.12",
-		"@sveltejs/kit": "^2.20.2",
 		"svelte": "^5.25.3",
 		"vite-plugin-mkcert": "^1.17.8"
 	}

package/web/api/index.ts

@@ -0,0 +1,7 @@
+import './metadata.js';
+import './passkeys.js';
+import './register.js';
+import './session.js';
+import './users.js';
+export * from './schemas.js';
+export * from './utils.js';

package/web/api/metadata.ts

@@ -0,0 +1,35 @@
+import type { Result } from '@axium/core/api';
+import { requestMethods } from '@axium/core/requests';
+import { config } from '@axium/server/config';
+import { plugins } from '@axium/server/plugins';
+import { addRoute, routes } from '@axium/server/routes';
+import { error } from '@sveltejs/kit';
+import pkg from '../../package.json' with { type: 'json' };
+
+addRoute({
+	path: '/api/metadata',
+	async GET(): Result<'GET', 'metadata'> {
+		if (config.api.disable_metadata) {
+			error(401, { message: 'API metadata is disabled' });
+		}
+
+		return {
+			version: pkg.version,
+			routes: Object.fromEntries(
+				routes
+					.entries()
+					.filter(([path]) => path.startsWith('/api/'))
+					.map(([path, route]) => [
+						path,
+						{
+							params: Object.fromEntries(
+								Object.entries(route.params || {}).map(([key, type]) => [key, type ? type.def.type : null])
+							),
+							methods: requestMethods.filter(m => m in route),
+						},
+					])
+			),
+			plugins: Object.fromEntries(plugins.values().map(plugin => [plugin.id, plugin.version])),
+		};
+	},
+});