@axium/server 0.8.0 → 0.9.0

package/dist/database.d.ts

@@ -38,8 +38,7 @@ export interface Schema {
         transports: AuthenticatorTransportFuture[];
     };
 }
-export interface Database extends Kysely<Schema>, AsyncDisposable {
-}
+export type Database = Kysely<Schema> & AsyncDisposable;
 export declare let database: Database;
 export declare function connect(): Database;
 export interface Stats {
@@ -47,7 +46,7 @@ export interface Stats {
     passkeys: number;
     sessions: number;
 }
-export declare function count(table: keyof Schema): Promise<number>;
+export declare function count<const T extends keyof Schema>(table: T): Promise<number>;
 export declare function status(): Promise<Stats>;
 export declare function statusText(): Promise<string>;
 export interface OpOptions extends MaybeOutput {
@@ -65,6 +64,7 @@ export interface PluginShortcuts {
 }
 export declare function init(opt: InitOptions): Promise<void>;
 export declare function check(opt: OpOptions): Promise<void>;
+export declare function clean(opt: Partial<OpOptions>): Promise<void>;
 /**
  * Completely remove Axium from the database.
  */

package/dist/database.js

@@ -73,7 +73,9 @@ export function connect() {
 }
 export async function count(table) {
     const db = connect();
-    return (await db.selectFrom(table).select(db.fn.countAll().as('count')).executeTakeFirstOrThrow()).count;
+    return (await db.selectFrom(table)
+        .select(db.fn.countAll().as('count'))
+        .executeTakeFirstOrThrow()).count;
 }
 export async function status() {
     return {
@@ -286,35 +288,62 @@ export async function check(opt) {
             await result_2;
     }
 }
-/**
- * Completely remove Axium from the database.
- */
-export async function uninstall(opt) {
+export async function clean(opt) {
     _fixOutput(opt);
+    const done = () => opt.output('done');
+    const now = new Date();
     const db = connect();
+    opt.output('start', 'Removing expired sessions');
+    await db.deleteFrom('sessions').where('sessions.expires', '<', now).execute().then(done);
+    opt.output('start', 'Removing expired verifications');
+    await db.deleteFrom('verifications').where('verifications.expires', '<', now).execute().then(done);
     for (const plugin of plugins) {
-        if (!plugin.db_remove)
+        if (!plugin.db_clean)
             continue;
         opt.output('plugin', plugin.name);
-        await plugin.db_remove(opt, db);
+        await plugin.db_clean(opt, db);
+    }
+}
+/**
+ * Completely remove Axium from the database.
+ */
+export async function uninstall(opt) {
+    const env_3 = { stack: [], error: void 0, hasError: false };
+    try {
+        _fixOutput(opt);
+        const db = __addDisposableResource(env_3, connect(), true);
+        for (const plugin of plugins) {
+            if (!plugin.db_remove)
+                continue;
+            opt.output('plugin', plugin.name);
+            await plugin.db_remove(opt, db);
+        }
+        const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
+        await _sql('DROP DATABASE axium', 'Dropping database');
+        await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
+        await _sql('DROP USER axium', 'Dropping user');
+        await getHBA(opt)
+            .then(([content, writeBack]) => {
+            opt.output('start', 'Checking for Axium HBA configuration');
+            if (!content.includes(pgHba))
+                throw 'missing.';
+            opt.output('done');
+            opt.output('start', 'Removing Axium HBA configuration');
+            const newContent = content.replace(pgHba, '');
+            opt.output('done');
+            writeBack(newContent);
+        })
+            .catch(e => opt.output('warn', e));
+    }
+    catch (e_3) {
+        env_3.error = e_3;
+        env_3.hasError = true;
+    }
+    finally {
+        const result_3 = __disposeResources(env_3);
+        if (result_3)
+            await result_3;
     }
-    await db.destroy();
-    const _sql = (command, message) => run(opt, message, `sudo -u postgres psql -c "${command}"`);
-    await _sql('DROP DATABASE axium', 'Dropping database');
-    await _sql('REVOKE ALL PRIVILEGES ON SCHEMA public FROM axium', 'Revoking schema privileges');
-    await _sql('DROP USER axium', 'Dropping user');
-    await getHBA(opt)
-        .then(([content, writeBack]) => {
-        opt.output('start', 'Checking for Axium HBA configuration');
-        if (!content.includes(pgHba))
-            throw 'missing.';
-        opt.output('done');
-        opt.output('start', 'Removing Axium HBA configuration');
-        const newContent = content.replace(pgHba, '');
-        opt.output('done');
-        writeBack(newContent);
-    })
-        .catch(e => opt.output('warn', e));
 }
 /**
  * Removes all data from tables.

package/dist/plugins.d.ts

@@ -9,6 +9,7 @@ export declare const Plugin: z.ZodObject<{
     db_init: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
     db_remove: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
     db_wipe: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
+    db_clean: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
 }, z.core.$strip>;
 export interface Plugin extends z.infer<typeof Plugin> {
 }

package/dist/plugins.js

@@ -14,6 +14,7 @@ export const Plugin = z.object({
     db_init: fn.optional(),
     db_remove: fn.optional(),
     db_wipe: fn.optional(),
+    db_clean: fn.optional(),
 });
 export const plugins = new Set();
 export function resolvePlugin(search) {

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@axium/server",
-	"version": "0.8.0",
+	"version": "0.9.0",
 	"author": "James Prevett <axium@jamespre.dev> (https://jamespre.dev)",
 	"funding": {
 		"type": "individual",
@@ -19,7 +19,7 @@
 	"types": "dist/index.d.ts",
 	"exports": {
 		".": "./dist/index.js",
-		"./*": "./dist/*",
+		"./*": "./dist/*.js",
 		"./web": "./web/index.js",
 		"./web/*": "./web/*"
 	},
@@ -33,18 +33,21 @@
 	"scripts": {
 		"build": "tsc"
 	},
+	"peerDependencies": {
+		"@axium/core": ">=0.3.0",
+		"@axium/client": ">=0.0.2",
+		"utilium": "^2.3.8",
+		"zod": "^3.25.61"
+	},
 	"dependencies": {
 		"@simplewebauthn/server": "^13.1.1",
 		"@sveltejs/kit": "^2.20.2",
 		"@types/pg": "^8.11.11",
 		"commander": "^13.1.0",
-		"kysely": "^0.27.5",
+		"kysely": "^0.28.0",
 		"logzen": "^0.7.0",
 		"mime": "^4.0.7",
-		"pg": "^8.14.1",
-		"utilium": "^2.3.8",
-		"zod": "^3.25.61",
-		"@axium/core": ">=0.2.0"
+		"pg": "^8.14.1"
 	},
 	"devDependencies": {
 		"@sveltejs/adapter-node": "^5.2.12",

package/web/api/metadata.ts

@@ -1,8 +1,8 @@
 import type { Result } from '@axium/core/api';
 import { requestMethods } from '@axium/core/requests';
-import { config } from '@axium/server/config.js';
-import { plugins } from '@axium/server/plugins.js';
-import { addRoute, routes } from '@axium/server/routes.js';
+import { config } from '@axium/server/config';
+import { plugins } from '@axium/server/plugins';
+import { addRoute, routes } from '@axium/server/routes';
 import { error } from '@sveltejs/kit';
 import pkg from '../../package.json' with { type: 'json' };
 

package/web/api/passkeys.ts

@@ -1,8 +1,8 @@
 import type { Result } from '@axium/core/api';
 import { PasskeyChangeable } from '@axium/core/schemas';
-import { getPasskey } from '@axium/server/auth.js';
-import { database as db } from '@axium/server/database.js';
-import { addRoute } from '@axium/server/routes.js';
+import { getPasskey } from '@axium/server/auth';
+import { database as db } from '@axium/server/database';
+import { addRoute } from '@axium/server/routes';
 import { error } from '@sveltejs/kit';
 import { omit } from 'utilium';
 import z from 'zod/v4';

package/web/api/register.ts

@@ -1,10 +1,10 @@
 /** Register a new user. */
 import type { Result } from '@axium/core/api';
 import { APIUserRegistration } from '@axium/core/schemas';
-import { createPasskey, getUser, getUserByEmail } from '@axium/server/auth.js';
-import config from '@axium/server/config.js';
-import { database as db, type Schema } from '@axium/server/database.js';
-import { addRoute } from '@axium/server/routes.js';
+import { createPasskey, getUser, getUserByEmail } from '@axium/server/auth';
+import config from '@axium/server/config';
+import { database as db, type Schema } from '@axium/server/database';
+import { addRoute } from '@axium/server/routes';
 import { generateRegistrationOptions, verifyRegistrationResponse } from '@simplewebauthn/server';
 import { error, type RequestEvent } from '@sveltejs/kit';
 import { randomUUID } from 'node:crypto';

package/web/api/session.ts

@@ -1,7 +1,7 @@
 import { authenticate } from '$lib/auth';
 import type { Result } from '@axium/core/api';
-import { connect, database as db } from '@axium/server/database.js';
-import { addRoute } from '@axium/server/routes.js';
+import { connect, database as db } from '@axium/server/database';
+import { addRoute } from '@axium/server/routes';
 import { error } from '@sveltejs/kit';
 import { omit } from 'utilium';
 import { getToken, stripUser } from './utils';

package/web/api/users.ts

@@ -1,20 +1,19 @@
 /** Register a new passkey for a new or existing user. */
 import type { Result } from '@axium/core/api';
-import { PasskeyAuthenticationResponse, UserAuthOptions } from '@axium/core/schemas';
+import { LogoutSessions, PasskeyAuthenticationResponse, UserAuthOptions } from '@axium/core/schemas';
 import { UserChangeable, type User } from '@axium/core/user';
 import {
 	createPasskey,
 	createVerification,
 	getPasskey,
 	getPasskeysByUserId,
-	getSession,
 	getSessions,
 	getUser,
 	useVerification,
-} from '@axium/server/auth.js';
-import { config } from '@axium/server/config.js';
-import { connect, database as db } from '@axium/server/database.js';
-import { addRoute } from '@axium/server/routes.js';
+} from '@axium/server/auth';
+import { config } from '@axium/server/config';
+import { connect, database as db } from '@axium/server/database';
+import { addRoute } from '@axium/server/routes';
 import {
 	generateAuthenticationOptions,
 	generateRegistrationOptions,
@@ -282,32 +281,44 @@ addRoute({
 		await checkAuth(event, userId);
 
 		return (await getSessions(userId).catch(e => error(503, 'Failed to get sessions' + (config.debug ? ': ' + e : '')))).map(s =>
-			pick(s, 'id', 'expires')
+			omit(s, 'token')
 		);
 	},
 	async DELETE(event: RequestEvent): Result<'DELETE', 'users/:id/sessions'> {
 		const { id: userId } = event.params;
-		const { id: sessionId } = await parseBody(event, z.object({ id: z.uuid() }));
+		const body = await parseBody(event, LogoutSessions);
 
-		await checkAuth(event, userId);
-
-		const session = await getSession(sessionId).catch(withError('Session does not exist', 404));
+		await checkAuth(event, userId, body.confirm_all);
 
-		if (session.userId !== userId) error(403, { message: 'Session does not belong to the user' });
+		const query = body.confirm_all ? db.deleteFrom('sessions') : db.deleteFrom('sessions').where('sessions.id', 'in', body.id);
 
-		await db
-			.deleteFrom('sessions')
-			.where('sessions.id', '=', session.id)
-			.executeTakeFirstOrThrow()
-			.catch(withError('Failed to delete session'));
+		const result = await query
+			.where('sessions.userId', '=', userId)
+			.returningAll()
+			.execute()
+			.catch(withError('Failed to delete one or more sessions'));
 
-		return;
+		return result.map(s => omit(s, 'token'));
 	},
 });
 
 addRoute({
 	path: '/api/users/:id/verify_email',
 	params,
+	async OPTIONS(event): Result<'OPTIONS', 'users/:id/verify_email'> {
+		const { id: userId } = event.params;
+
+		if (!config.auth.email_verification) return { enabled: false };
+
+		await checkAuth(event, userId);
+
+		const user = await getUser(userId);
+		if (!user) error(404, { message: 'User does not exist' });
+
+		if (!config.auth.email_verification) return { enabled: false };
+
+		return { enabled: true };
+	},
 	async GET(event): Result<'GET', 'users/:id/verify_email'> {
 		const { id: userId } = event.params;
 

package/web/api/utils.ts

@@ -1,7 +1,7 @@
 import { userProtectedFields, userPublicFields, type User } from '@axium/core/user';
 import type { NewSessionResponse } from '@axium/core/api';
-import { createSession, getSessionAndUser, type UserInternal } from '@axium/server/auth.js';
-import { config } from '@axium/server/config.js';
+import { createSession, getSessionAndUser, type UserInternal } from '@axium/server/auth';
+import { config } from '@axium/server/config';
 import { error, type RequestEvent } from '@sveltejs/kit';
 import { pick } from 'utilium';
 import z from 'zod/v4';

package/web/hooks.server.ts

@@ -1,6 +1,12 @@
-import { loadDefaultConfigs } from '@axium/server/config.js';
-import { _markDefaults } from '@axium/server/routes.js';
+import { loadDefaultConfigs } from '@axium/server/config';
+import { clean, database } from '@axium/server/database';
+import { _markDefaults } from '@axium/server/routes';
 import './api/index.js';
 
 _markDefaults();
 await loadDefaultConfigs();
+await clean({});
+
+process.on('beforeExit', async () => {
+	await database.destroy();
+});

package/web/lib/ClipboardCopy.svelte

@@ -0,0 +1,42 @@
+<script lang="ts">
+	import { fade } from 'svelte/transition';
+	import { wait } from 'utilium';
+	import Icon from './icons/Icon.svelte';
+
+	const { value, type = 'text/plain' }: { value: BlobPart; type?: string } = $props();
+
+	let success = $state(false);
+
+	async function onclick() {
+		const blob = new Blob([value], { type });
+		const item = new ClipboardItem({ [type]: blob });
+		await navigator.clipboard.write([item]);
+		success = true;
+		await wait(3000);
+		success = false;
+	}
+</script>
+
+<button {onclick}>
+	{#if success}
+		<span transition:fade><Icon i="check" /></span>
+	{:else}
+		<span transition:fade><Icon i="copy" /></span>
+	{/if}
+</button>
+
+<style>
+	button {
+		position: relative;
+		display: inline-block;
+		width: 1em;
+		height: 1em;
+		border: none;
+		background: transparent;
+	}
+
+	span {
+		position: absolute;
+		inset: 0;
+	}
+</style>

package/web/lib/FormDialog.svelte

@@ -1,8 +1,16 @@
 <script lang="ts">
 	import { goto } from '$app/navigation';
+	import { page } from '$app/state';
 	import Dialog from './Dialog.svelte';
 	import './styles.css';
 
+	function resolveRedirectAfter() {
+		const maybe = page.url.searchParams.get('after');
+		if (!maybe || maybe == page.url.pathname) return '/';
+		for (const prefix of ['/api/']) if (maybe.startsWith(prefix)) return '/';
+		return maybe || '/';
+	}
+
 	let {
 		children,
 		dialog = $bindable(),
@@ -42,7 +50,7 @@
 		const data = Object.fromEntries(new FormData(e.currentTarget));
 		submit(data)
 			.then(result => {
-				if (pageMode) goto('/');
+				if (pageMode) goto(resolveRedirectAfter());
 				else dialog.close();
 			})
 			.catch((e: unknown) => {

package/web/lib/auth.ts

@@ -1,5 +1,5 @@
-import type { SessionInternal, UserInternal } from '@axium/server/auth.js';
-import { getSessionAndUser } from '@axium/server/auth.js';
+import type { SessionInternal, UserInternal } from '@axium/server/auth';
+import { getSessionAndUser } from '@axium/server/auth';
 import type { RequestEvent } from '@sveltejs/kit';
 
 export async function authenticate(event: RequestEvent): Promise<(SessionInternal & { user: UserInternal | null }) | null> {

package/web/lib/icons/Icon.svelte

@@ -5,14 +5,10 @@
 	const urls = { light, solid, regular };
 	const { i } = $props();
 
-	const [style, id] = i.includes('/') ? i.split('/') : ['solid', i];
-	const url = urls[style];
+	const [style, id] = $derived(i.includes('/') ? i.split('/') : ['solid', i]);
+	const url = $derived(urls[style]);
 </script>
 
-<svelte:head>
-	<link rel="preload" href={url} />
-</svelte:head>
-
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="1em" height="1em">
 	<use href="{url}#{id}" />
 </svg>

package/web/lib/styles.css

@@ -4,6 +4,7 @@ body {
 	background-color: #222;
 	color: #bbb;
 	accent-color: #bbb;
+	overflow-y: scroll;
 }
 
 .main {
@@ -15,7 +16,7 @@ body {
 	gap: 1em;
 }
 
-div:not(.main):has(form.main) {
+.main-container:has(form.main) {
 	position: absolute;
 	inset: 0;
 	display: flex;
@@ -94,3 +95,8 @@ button:hover {
 .danger:hover {
 	background-color: #633;
 }
+
+:disabled,
+.disabled {
+	cursor: not-allowed;
+}

package/web/routes/[...path]/+page.server.ts

@@ -1,5 +1,5 @@
 import { error, redirect, type LoadEvent } from '@sveltejs/kit';
-import { resolveRoute } from '@axium/server/routes.js';
+import { resolveRoute } from '@axium/server/routes';
 
 export async function load(event: LoadEvent) {
 	const route = resolveRoute(event);

package/web/routes/[appId]/[...page]/+page.server.ts

@@ -1,5 +1,5 @@
 import { error, type LoadEvent } from '@sveltejs/kit';
-import { apps } from '@axium/server/apps.js';
+import { apps } from '@axium/server/apps';
 
 export async function load(event: LoadEvent) {
 	const app = apps.get(event.params.appId);