@axium/server 0.8.0 → 0.10.0

package/dist/config.js

@@ -1,55 +1,17 @@
-/* eslint-disable @typescript-eslint/no-unsafe-assignment */
 import { levelText } from 'logzen';
 import { existsSync, readFileSync, writeFileSync } from 'node:fs';
 import { dirname, join, resolve } from 'node:path/posix';
 import { deepAssign, omit } from 'utilium';
-import * as z from 'zod';
-import { findDir, logger, output } from './io.js';
+import * as z from 'zod/v4';
+import { _setDebugOutput, dirs, logger, output } from './io.js';
 import { loadPlugin } from './plugins.js';
-export const Schema = z
-    .object({
-    api: z.object({
-        disable_metadata: z.boolean(),
-        cookie_auth: z.boolean(),
-    }),
-    apps: z.object({
-        disabled: z.array(z.string()),
-    }),
-    auth: z.object({
-        credentials: z.boolean(),
-        debug: z.boolean(),
-        origin: z.string(),
-        /** In minutes */
-        passkey_probation: z.number(),
-        rp_id: z.string(),
-        rp_name: z.string(),
-        secure_cookies: z.boolean(),
-        /** In minutes */
-        verification_timeout: z.number(),
-    }),
-    db: z.object({
-        host: z.string(),
-        port: z.number(),
-        password: z.string(),
-        user: z.string(),
-        database: z.string(),
-    }),
-    debug: z.boolean(),
-    log: z.object({
-        level: z.enum(levelText),
-        console: z.boolean(),
-    }),
-    web: z.object({
-        prefix: z.string(),
-    }),
-})
-    .passthrough();
-export const configFiles = new Map();
+import { _unique } from './state.js';
+export const configFiles = _unique('configFiles', new Map());
 export function plainConfig() {
     return omit(config, Object.keys(configShortcuts));
 }
 const configShortcuts = {
-    findPath: findConfigPath,
+    findPath: findConfigPaths,
     load: loadConfig,
     loadDefaults: loadDefaultConfigs,
     plain: plainConfig,
@@ -58,24 +20,23 @@ const configShortcuts = {
     set: setConfig,
     files: configFiles,
 };
-export const config = {
+export const config = _unique('config', {
     ...configShortcuts,
     api: {
         disable_metadata: false,
-        cookie_auth: false,
+        cookie_auth: true,
     },
     apps: {
         disabled: [],
     },
     auth: {
-        credentials: false,
-        debug: false,
         origin: 'https://test.localhost',
         passkey_probation: 60,
         rp_id: 'test.localhost',
         rp_name: 'Axium',
         secure_cookies: true,
         verification_timeout: 60,
+        email_verification: false,
     },
     db: {
         database: process.env.PGDATABASE || 'axium',
@@ -91,16 +52,83 @@ export const config = {
     },
     web: {
         prefix: '',
+        assets: '',
+        secure: true,
+        port: 443,
+        ssl_key: resolve(dirs[0], 'ssl_key.pem'),
+        ssl_cert: resolve(dirs[0], 'ssl_cert.pem'),
     },
-};
+});
 export default config;
 // config from file
-export const File = Schema.deepPartial()
-    .extend({
+export const File = z
+    .looseObject({
+    api: z
+        .object({
+        disable_metadata: z.boolean(),
+        cookie_auth: z.boolean(),
+    })
+        .partial(),
+    apps: z
+        .object({
+        disabled: z.array(z.string()),
+    })
+        .partial(),
+    auth: z
+        .object({
+        origin: z.string(),
+        /** In minutes */
+        passkey_probation: z.number(),
+        rp_id: z.string(),
+        rp_name: z.string(),
+        secure_cookies: z.boolean(),
+        /** In minutes */
+        verification_timeout: z.number(),
+        /** Whether users can verify emails */
+        email_verification: z.boolean(),
+    })
+        .partial(),
+    db: z
+        .object({
+        host: z.string(),
+        port: z.number(),
+        password: z.string(),
+        user: z.string(),
+        database: z.string(),
+    })
+        .partial(),
+    debug: z.boolean(),
+    log: z
+        .object({
+        level: z.enum(levelText),
+        console: z.boolean(),
+    })
+        .partial(),
+    web: z
+        .object({
+        prefix: z.string(),
+        assets: z.string(),
+        secure: z.boolean(),
+        port: z.number().min(1).max(65535),
+        ssl_key: z.string(),
+        ssl_cert: z.string(),
+    })
+        .partial(),
     include: z.array(z.string()).optional(),
     plugins: z.array(z.string()).optional(),
 })
-    .passthrough();
+    .partial();
+export function addConfigDefaults(other, _target = config) {
+    for (const [key, value] of Object.entries(other)) {
+        if (!(key in _target) || _target[key] === null || _target[key] === undefined || Number.isNaN(_target[key])) {
+            _target[key] = value;
+            continue;
+        }
+        if (typeof value == 'object' && value != null && typeof _target[key] == 'object') {
+            addConfigDefaults(value, _target[key]);
+        }
+    }
+}
 /**
  * Update the current config
  */
@@ -109,11 +137,14 @@ export function setConfig(other) {
     logger.detach(output);
     if (config.log.console)
         logger.attach(output, { output: config.log.level });
+    _setDebugOutput(config.debug);
 }
 /**
  * Load the config from the provided path
  */
 export async function loadConfig(path, options = {}) {
+    if (configFiles.has(path))
+        return;
     let json;
     try {
         json = JSON.parse(readFileSync(path, 'utf8'));
@@ -127,13 +158,14 @@ export async function loadConfig(path, options = {}) {
     const file = options.strict ? File.parse(json) : json;
     configFiles.set(path, file);
     setConfig(file);
+    output.debug('Loaded config: ' + path);
     for (const include of file.include ?? [])
         await loadConfig(join(dirname(path), include), { optional: true });
     for (const plugin of file.plugins ?? [])
         await loadPlugin(plugin.startsWith('.') ? resolve(dirname(path), plugin) : plugin);
 }
 export async function loadDefaultConfigs() {
-    for (const path of [findConfigPath(true), findConfigPath(false)]) {
+    for (const path of findConfigPaths()) {
         if (!existsSync(path))
             writeFileSync(path, '{}');
         await loadConfig(path, { optional: true });
@@ -143,7 +175,7 @@ export async function loadDefaultConfigs() {
  * Update the current config and write the updated config to the appropriate file
  */
 export function saveConfig(changed, global = false) {
-    saveConfigTo(process.env.AXIUM_CONFIG ?? findConfigPath(global), changed);
+    saveConfigTo(findConfigPaths().at(global ? 0 : -1), changed);
 }
 /**
  * Update the current config and write the updated config to the provided path
@@ -158,10 +190,11 @@ export function saveConfigTo(path, changed) {
 /**
  * Find the path to the config file
  */
-export function findConfigPath(global) {
+export function findConfigPaths() {
+    const paths = dirs.map(dir => join(dir, 'config.json'));
     if (process.env.AXIUM_CONFIG)
-        return process.env.AXIUM_CONFIG;
-    return join(findDir(global), 'config.json');
+        paths.push(process.env.AXIUM_CONFIG);
+    return paths;
 }
 if (process.env.AXIUM_CONFIG)
     await loadConfig(process.env.AXIUM_CONFIG);

package/dist/database.d.ts

@@ -38,8 +38,7 @@ export interface Schema {
         transports: AuthenticatorTransportFuture[];
     };
 }
-export interface Database extends Kysely<Schema>, AsyncDisposable {
-}
+export type Database = Kysely<Schema> & AsyncDisposable;
 export declare let database: Database;
 export declare function connect(): Database;
 export interface Stats {
@@ -47,7 +46,7 @@ export interface Stats {
     passkeys: number;
     sessions: number;
 }
-export declare function count(table: keyof Schema): Promise<number>;
+export declare function count<const T extends keyof Schema>(table: T): Promise<number>;
 export declare function status(): Promise<Stats>;
 export declare function statusText(): Promise<string>;
 export interface OpOptions extends MaybeOutput {
@@ -65,6 +64,7 @@ export interface PluginShortcuts {
 }
 export declare function init(opt: InitOptions): Promise<void>;
 export declare function check(opt: OpOptions): Promise<void>;
+export declare function clean(opt: Partial<OpOptions>): Promise<void>;
 /**
  * Completely remove Axium from the database.
  */

package/dist/database.js

@@ -57,10 +57,13 @@ import pg from 'pg';
 import config from './config.js';
 import { _fixOutput, run, someWarnings } from './io.js';
 import { plugins } from './plugins.js';
+const sym = Symbol.for('Axium:database');
 export let database;
 export function connect() {
     if (database)
         return database;
+    if (globalThis[sym])
+        return (database = globalThis[sym]);
     const _db = new Kysely({
         dialect: new PostgresDialect({ pool: new pg.Pool(config.db) }),
     });
@@ -69,11 +72,14 @@ export function connect() {
             await _db.destroy();
         },
     });
+    globalThis[sym] = database;
     return database;
 }
 export async function count(table) {
     const db = connect();
-    return (await db.selectFrom(table).select(db.fn.countAll().as('count')).executeTakeFirstOrThrow()).count;
+    return (await db.selectFrom(table)
+        .select(db.fn.countAll().as('count'))
+        .executeTakeFirstOrThrow()).count;
 }
 export async function status() {
     return {
@@ -286,35 +292,62 @@ export async function check(opt) {
             await result_2;
     }
 }
-/**
- * Completely remove Axium from the database.
- */
-export async function uninstall(opt) {
+export async function clean(opt) {
     _fixOutput(opt);
+    const done = () => opt.output('done');
+    const now = new Date();
     const db = connect();
+    opt.output('start', 'Removing expired sessions');
+    await db.deleteFrom('sessions').where('sessions.expires', '<', now).execute().then(done);
+    opt.output('start', 'Removing expired verifications');
+    await db.deleteFrom('verifications').where('verifications.expires', '<', now).execute().then(done);
     for (const plugin of plugins) {
-        if (!plugin.db_remove)
+        if (!plugin.db_clean)
             continue;
         opt.output('plugin', plugin.name);
-        await plugin.db_remove(opt, db);
+        await plugin.db_clean(opt, db);
+    }
+}
+/**
+ * Completely remove Axium from the database.
+ */
+export async function uninstall(opt) {
+    const env_3 = { stack: [], error: void 0, hasError: false };
+    try {
+        _fixOutput(opt);
+        const db = __addDisposableResource(env_3, connect(), true);
+        for (const plugin of plugins) {
+            if (!plugin.db_remove)
+                continue;
+            opt.output('plugin', plugin.name);
+            await plugin.db_remove(opt, db);
+        }
+        const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
+        await _sql('DROP DATABASE axium', 'Dropping database');
+        await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
+        await _sql('DROP USER axium', 'Dropping user');
+        await getHBA(opt)
+            .then(([content, writeBack]) => {
+            opt.output('start', 'Checking for Axium HBA configuration');
+            if (!content.includes(pgHba))
+                throw 'missing.';
+            opt.output('done');
+            opt.output('start', 'Removing Axium HBA configuration');
+            const newContent = content.replace(pgHba, '');
+            opt.output('done');
+            writeBack(newContent);
+        })
+            .catch(e => opt.output('warn', e));
+    }
+    catch (e_3) {
+        env_3.error = e_3;
+        env_3.hasError = true;
+    }
+    finally {
+        const result_3 = __disposeResources(env_3);
+        if (result_3)
+            await result_3;
     }
-    await db.destroy();
-    const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
-    await _sql('DROP DATABASE axium', 'Dropping database');
-    await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
-    await _sql('DROP USER axium', 'Dropping user');
-    await getHBA(opt)
-        .then(([content, writeBack]) => {
-        opt.output('start', 'Checking for Axium HBA configuration');
-        if (!content.includes(pgHba))
-            throw 'missing.';
-        opt.output('done');
-        opt.output('start', 'Removing Axium HBA configuration');
-        const newContent = content.replace(pgHba, '');
-        opt.output('done');
-        writeBack(newContent);
-    })
-        .catch(e => opt.output('warn', e));
 }
 /**
  * Removes all data from tables.

package/dist/io.d.ts

@@ -1,10 +1,11 @@
 import { Logger } from 'logzen';
+export declare const systemDir = "/etc/axium";
+export declare const userDir: string;
+export declare const dirs: string[];
+export declare const logger: Logger;
 /**
- * Find the Axium directory.
- * This directory includes things like config files, secrets, etc.
+ * @internal
  */
-export declare function findDir(global: boolean): string;
-export declare const logger: Logger;
 export declare const output: {
     constructor: {
         name: string;
@@ -36,6 +37,7 @@ export interface MaybeOutput {
 export interface WithOutput {
     output: Output;
 }
+export declare function _setDebugOutput(enabled: boolean): void;
 export declare function defaultOutput(tag: 'done'): void;
 export declare function defaultOutput(tag: Exclude<OutputTag, 'done'>, message: string): void;
 /**

package/dist/io.js

@@ -2,29 +2,32 @@ import { Logger } from 'logzen';
 import { exec } from 'node:child_process';
 import * as fs from 'node:fs';
 import { homedir } from 'node:os';
-import { join } from 'node:path/posix';
+import { dirname, join, resolve } from 'node:path/posix';
 import { styleText } from 'node:util';
-import config from './config.js';
-/**
- * Find the Axium directory.
- * This directory includes things like config files, secrets, etc.
- */
-export function findDir(global) {
-    if (process.env.AXIUM_DIR)
-        return process.env.AXIUM_DIR;
-    if (global && process.getuid?.() === 0)
-        return '/etc/axium';
-    if (global)
-        return join(homedir(), '.axium');
-    return '.axium';
+import { _unique } from './state.js';
+export const systemDir = '/etc/axium';
+export const userDir = join(homedir(), '.axium');
+export const dirs = _unique('dirs', [systemDir, userDir]);
+for (let dir = resolve(process.cwd()); dir !== '/'; dir = dirname(dir)) {
+    if (fs.existsSync(join(dir, '.axium')))
+        dirs.push(join(dir, '.axium'));
+}
+if (process.env.AXIUM_DIR)
+    dirs.push(process.env.AXIUM_DIR);
+try {
+    fs.mkdirSync(systemDir, { recursive: true });
+}
+catch {
+    // Missing permissions
 }
-if (process.getuid?.() === 0)
-    fs.mkdirSync('/etc/axium', { recursive: true });
-fs.mkdirSync(findDir(false), { recursive: true });
+fs.mkdirSync(userDir, { recursive: true });
 export const logger = new Logger({
     hideWarningStack: true,
     noGlobalConsole: true,
 });
+/**
+ * @internal
+ */
 export const output = {
     constructor: { name: 'Console' },
     error(message) {
@@ -40,7 +43,7 @@ export const output = {
         console.log(message);
     },
     debug(message) {
-        console.debug(message.startsWith('\x1b') ? message : styleText('gray', message));
+        _debugOutput && console.debug(message.startsWith('\x1b') ? message : styleText('gray', message));
     },
 };
 logger.attach(output);
@@ -85,10 +88,14 @@ export function handleError(e) {
     else
         exit(e);
 }
+let _debugOutput = false;
+export function _setDebugOutput(enabled) {
+    _debugOutput = enabled;
+}
 export function defaultOutput(tag, message = '') {
     switch (tag) {
         case 'debug':
-            config.debug && output.debug(message);
+            _debugOutput && output.debug(message);
             break;
         case 'info':
             console.log(message);

package/dist/plugins.d.ts

@@ -1,7 +1,6 @@
 import z from 'zod/v4';
 export declare const fn: z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>;
 export declare const Plugin: z.ZodObject<{
-    id: z.ZodString;
     name: z.ZodString;
     version: z.ZodString;
     description: z.ZodOptional<z.ZodString>;
@@ -9,12 +8,16 @@ export declare const Plugin: z.ZodObject<{
     db_init: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
     db_remove: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
     db_wipe: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
+    db_clean: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
 }, z.core.$strip>;
+declare const kSpecifier: unique symbol;
 export interface Plugin extends z.infer<typeof Plugin> {
+    [kSpecifier]: string;
 }
 export declare const plugins: Set<Plugin>;
 export declare function resolvePlugin(search: string): Plugin | undefined;
 export declare function pluginText(plugin: Plugin): string;
 export declare function loadPlugin(specifier: string): Promise<void>;
+export declare function getSpecifier(plugin: Plugin): string;
 export declare function loadPlugins(dir: string): Promise<void>;
-export declare function loadDefaultPlugins(): Promise<void>;
+export {};

package/dist/plugins.js

@@ -1,12 +1,12 @@
+import { zAsyncFunction } from '@axium/core/schemas';
 import * as fs from 'node:fs';
-import { join, resolve } from 'node:path/posix';
+import { resolve } from 'node:path/posix';
 import { styleText } from 'node:util';
 import z from 'zod/v4';
-import { findDir, output } from './io.js';
-import { zAsyncFunction } from '@axium/core/schemas';
+import { output } from './io.js';
+import { _unique } from './state.js';
 export const fn = z.custom(data => typeof data === 'function');
 export const Plugin = z.object({
-    id: z.string(),
     name: z.string(),
     version: z.string(),
     description: z.string().optional(),
@@ -14,18 +14,19 @@ export const Plugin = z.object({
     db_init: fn.optional(),
     db_remove: fn.optional(),
     db_wipe: fn.optional(),
+    db_clean: fn.optional(),
 });
-export const plugins = new Set();
+const kSpecifier = Symbol('specifier');
+export const plugins = _unique('plugins', new Set());
 export function resolvePlugin(search) {
     for (const plugin of plugins) {
-        if (plugin.name.startsWith(search) || plugin.id.startsWith(search))
+        if (plugin.name.startsWith(search))
             return plugin;
     }
 }
 export function pluginText(plugin) {
     return [
         styleText('whiteBright', plugin.name),
-        plugin.id,
         `Version: ${plugin.version}`,
         `Description: ${plugin.description ?? styleText('dim', '(none)')}`,
         `Database integration: ${[plugin.db_init, plugin.db_remove, plugin.db_wipe]
@@ -36,16 +37,21 @@ export function pluginText(plugin) {
 }
 export async function loadPlugin(specifier) {
     try {
-        const plugin = await Plugin.parseAsync(await import(/* @vite-ignore */ specifier)).catch(e => {
+        const imported = await import(/* @vite-ignore */ specifier);
+        const maybePlugin = 'default' in imported ? imported.default : imported;
+        const plugin = Object.assign(await Plugin.parseAsync(maybePlugin).catch(e => {
             throw z.prettifyError(e);
-        });
+        }), { [kSpecifier]: specifier });
         plugins.add(plugin);
-        output.debug(`Loaded plugin: "${plugin.name}" (${plugin.id}) ${plugin.version}`);
+        output.debug(`Loaded plugin: ${plugin.name} ${plugin.version}`);
     }
     catch (e) {
         output.debug(`Failed to load plugin from ${specifier}: ${e.message || e}`);
     }
 }
+export function getSpecifier(plugin) {
+    return plugin[kSpecifier];
+}
 export async function loadPlugins(dir) {
     fs.mkdirSync(dir, { recursive: true });
     const files = fs.readdirSync(dir);
@@ -57,7 +63,3 @@ export async function loadPlugins(dir) {
         await loadPlugin(path);
     }
 }
-export async function loadDefaultPlugins() {
-    await loadPlugins(join(findDir(true), 'plugins'));
-    await loadPlugins(join(findDir(false), 'plugins'));
-}

package/dist/requests.d.ts

@@ -0,0 +1,11 @@
+import type { NewSessionResponse } from '@axium/core/api';
+import { type User } from '@axium/core/user';
+import { type HttpError, type RequestEvent } from '@sveltejs/kit';
+import z from 'zod/v4';
+import { type SessionAndUser, type UserInternal } from './auth.js';
+export declare function parseBody<const Schema extends z.ZodType, const Result extends z.infer<Schema> = z.infer<Schema>>(event: RequestEvent, schema: Schema): Promise<Result>;
+export declare function getToken(event: RequestEvent, sensitive?: boolean): string | undefined;
+export declare function checkAuth(event: RequestEvent, userId: string, sensitive?: boolean): Promise<SessionAndUser>;
+export declare function createSessionData(event: RequestEvent, userId: string, elevated?: boolean): Promise<NewSessionResponse>;
+export declare function stripUser(user: UserInternal, includeProtected?: boolean): User;
+export declare function withError(text: string, code?: number): (e: Error | HttpError) => never;

package/dist/requests.js

@@ -0,0 +1,58 @@
+import { userProtectedFields, userPublicFields } from '@axium/core/user';
+import { error } from '@sveltejs/kit';
+import { pick } from 'utilium';
+import z from 'zod/v4';
+import { createSession, getSessionAndUser } from './auth.js';
+import { config } from './config.js';
+export async function parseBody(event, schema) {
+    const contentType = event.request.headers.get('content-type');
+    if (!contentType || !contentType.includes('application/json'))
+        error(415, { message: 'Invalid content type' });
+    const body = await event.request.json().catch(() => error(415, { message: 'Invalid JSON' }));
+    try {
+        return schema.parse(body);
+    }
+    catch (e) {
+        error(400, { message: z.prettifyError(e) });
+    }
+}
+export function getToken(event, sensitive = false) {
+    const header_token = event.request.headers.get('Authorization')?.replace('Bearer ', '');
+    if (header_token)
+        return header_token;
+    if (config.debug || config.api.cookie_auth) {
+        return event.cookies.get(sensitive ? 'elevated_token' : 'session_token');
+    }
+}
+export async function checkAuth(event, userId, sensitive = false) {
+    const token = getToken(event, sensitive);
+    if (!token)
+        throw error(401, { message: 'Missing token' });
+    const session = await getSessionAndUser(token).catch(() => error(401, { message: 'Invalid or expired session' }));
+    if (session.user?.id !== userId /* && !user.isAdmin */)
+        error(403, { message: 'User ID mismatch' });
+    if (!session.elevated && sensitive)
+        error(403, 'This token can not be used for sensitive actions');
+    return session;
+}
+export async function createSessionData(event, userId, elevated = false) {
+    const { token } = await createSession(userId, elevated);
+    if (elevated) {
+        event.cookies.set('elevated_token', token, { httpOnly: true, path: '/', expires: new Date(Date.now() + 10 * 60_000) });
+        return { userId, token: '[[redacted:elevated]]' };
+    }
+    else {
+        event.cookies.set('session_token', token, { httpOnly: config.auth.secure_cookies, path: '/' });
+        return { userId, token };
+    }
+}
+export function stripUser(user, includeProtected = false) {
+    return pick(user, ...userPublicFields, ...(includeProtected ? userProtectedFields : []));
+}
+export function withError(text, code = 500) {
+    return function (e) {
+        if ('body' in e)
+            throw e;
+        error(code, { message: text + (config.debug && e.message ? `: ${e.message}` : '') });
+    };
+}