@axium/server 0.9.0 → 0.10.0

package/dist/cli.js

@@ -52,14 +52,16 @@ var __disposeResources = (this && this.__disposeResources) || (function (Suppres
     return e.name = "SuppressedError", e.error = error, e.suppressed = suppressed, e;
 });
 import { Argument, Option, program } from 'commander';
+import { join } from 'node:path/posix';
 import { styleText } from 'node:util';
 import { getByString, isJSON, setByString } from 'utilium';
 import $pkg from '../package.json' with { type: 'json' };
-import config from './config.js';
-import * as db from './database.js';
-import { _portActions, _portMethods, exit, handleError, output, restrictedPorts } from './io.js';
-import { loadDefaultPlugins, plugins, pluginText, resolvePlugin } from './plugins.js';
 import { apps } from './apps.js';
+import config, { configFiles, saveConfigTo } from './config.js';
+import * as db from './database.js';
+import { _portActions, _portMethods, defaultOutput, exit, handleError, output, restrictedPorts } from './io.js';
+import { getSpecifier, plugins, pluginText, resolvePlugin } from './plugins.js';
+import { serve } from './serve.js';
 program
     .version($pkg.version)
     .name('axium')
@@ -72,15 +74,10 @@ program.on('option:debug', () => config.set({ debug: true }));
 program.on('option:config', () => void config.load(program.opts().config));
 program.hook('preAction', async function (_, action) {
     await config.loadDefaults();
-    await loadDefaultPlugins();
     const opt = action.optsWithGlobals();
     opt.force && output.warn('--force: Protections disabled.');
     if (opt.debug === false)
         config.set({ debug: false });
-    /* if (!config.auth.secret) {
-        config.save({ auth: { secret: process.env.AUTH_SECRET || randomBytes(32).toString('base64') } }, true);
-        output.debug('Auto-generated a new auth secret');
-    } */
 });
 // Options shared by multiple (sub)commands
 const opts = {
@@ -255,11 +252,7 @@ axiumConfig
     for (const path of config.files.keys())
         console.log(path);
 });
-const axiumPlugin = program
-    .command('plugins')
-    .description('Manage plugins')
-    .addOption(opts.global)
-    .option('--safe', 'do not perform actions that would execute code from plugins.');
+const axiumPlugin = program.command('plugins').description('Manage plugins').addOption(opts.global);
 axiumPlugin
     .command('list')
     .alias('ls')
@@ -279,7 +272,7 @@ axiumPlugin
     }
     console.log(styleText('whiteBright', plugins.size + ' plugin(s) loaded:'));
     for (const plugin of plugins) {
-        console.log(plugin.name, styleText('dim', `(${plugin.id})`), opt.versions ? plugin.version : '');
+        console.log(plugin.name, opt.versions ? plugin.version : '');
     }
 });
 axiumPlugin
@@ -292,6 +285,38 @@ axiumPlugin
         exit(`Can't find a plugin matching "${search}"`);
     console.log(pluginText(plugin));
 });
+axiumPlugin
+    .command('remove')
+    .alias('rm')
+    .description('Remove a plugin')
+    .argument('<plugin>', 'the plugin to remove')
+    .action(async (search, opt) => {
+    const env_4 = { stack: [], error: void 0, hasError: false };
+    try {
+        const plugin = resolvePlugin(search);
+        if (!plugin)
+            exit(`Can't find a plugin matching "${search}"`);
+        const specifier = getSpecifier(plugin);
+        const _ = __addDisposableResource(env_4, db.connect(), true);
+        await plugin.db_remove?.({ ...opt, output: defaultOutput }, db.database);
+        for (const [path, data] of configFiles) {
+            if (!data.plugins)
+                continue;
+            data.plugins = data.plugins.filter(p => p !== specifier);
+            saveConfigTo(path, data);
+        }
+        plugins.delete(plugin);
+    }
+    catch (e_4) {
+        env_4.error = e_4;
+        env_4.hasError = true;
+    }
+    finally {
+        const result_4 = __disposeResources(env_4);
+        if (result_4)
+            await result_4;
+    }
+});
 const axiumApps = program.command('apps').description('Manage Axium apps').addOption(opts.global);
 axiumApps
     .command('list')
@@ -319,22 +344,21 @@ program
     .description('Get information about the server')
     .addOption(opts.host)
     .action(async () => {
-    const env_4 = { stack: [], error: void 0, hasError: false };
+    const env_5 = { stack: [], error: void 0, hasError: false };
     try {
         console.log('Axium Server v' + program.version());
         console.log(styleText('whiteBright', 'Debug mode:'), config.debug ? styleText('yellow', 'enabled') : 'disabled');
         console.log(styleText('whiteBright', 'Loaded config files:'), config.files.keys().toArray().join(', '));
         process.stdout.write(styleText('whiteBright', 'Database: '));
-        const _ = __addDisposableResource(env_4, db.connect(), true);
+        const _ = __addDisposableResource(env_5, db.connect(), true);
         try {
             console.log(await db.statusText());
         }
         catch {
             output.error('Unavailable');
         }
-        console.log(styleText('whiteBright', 'Credentials authentication:'), config.auth.credentials ? styleText('yellow', 'enabled') : 'disabled');
         console.log(styleText('whiteBright', 'Loaded plugins:'), Array.from(plugins)
-            .map(plugin => plugin.id)
+            .map(plugin => plugin.name)
             .join(', ') || styleText('dim', '(none)'));
         for (const plugin of plugins) {
             if (!plugin.statusText)
@@ -343,14 +367,14 @@ program
             console.log(await plugin.statusText());
         }
     }
-    catch (e_4) {
-        env_4.error = e_4;
-        env_4.hasError = true;
+    catch (e_5) {
+        env_5.error = e_5;
+        env_5.hasError = true;
     }
     finally {
-        const result_4 = __disposeResources(env_4);
-        if (result_4)
-            await result_4;
+        const result_5 = __disposeResources(env_5);
+        if (result_5)
+            await result_5;
     }
 });
 program
@@ -368,8 +392,23 @@ program
     .addOption(opts.force)
     .addOption(opts.host)
     .action(async (opt) => {
-    /* config.save({ auth: { secret: randomBytes(32).toString('base64') } }, true); */
     await db.init({ ...opt, skip: opt.dbSkip }).catch(handleError);
     await restrictedPorts({ method: 'node-cap', action: 'enable' }).catch(handleError);
 });
+program
+    .command('serve')
+    .description('Start the Axium server')
+    .option('-p, --port <port>', 'the port to listen on')
+    .option('--ssl <prefix>', 'the prefix for the cert.pem and key.pem SSL files')
+    .action(async (opt) => {
+    const server = await serve({
+        secure: opt.ssl ? true : config.web.secure,
+        ssl_cert: opt.ssl ? join(opt.ssl, 'cert.pem') : config.web.ssl_cert,
+        ssl_key: opt.ssl ? join(opt.ssl, 'key.pem') : config.web.ssl_key,
+    });
+    const port = !Number.isNaN(Number.parseInt(opt.port ?? '')) ? Number.parseInt(opt.port) : config.web.port;
+    server.listen(port, () => {
+        console.log('Server is listening on port ' + port);
+    });
+});
 program.parse();

package/dist/config.d.ts

@@ -10,8 +10,6 @@ export interface Config extends Record<string, unknown> {
         disabled: string[];
     };
     auth: {
-        credentials: boolean;
-        debug: boolean;
         origin: string;
         /** In minutes */
         passkey_probation: number;
@@ -37,19 +35,24 @@ export interface Config extends Record<string, unknown> {
     };
     web: {
         prefix: string;
+        assets: string;
+        secure: boolean;
+        port: number;
+        ssl_key: string;
+        ssl_cert: string;
     };
 }
-export declare const configFiles: Map<string, PartialRecursive<Config>>;
+export declare const configFiles: Map<string, File>;
 export declare function plainConfig(): Omit<Config, keyof typeof configShortcuts>;
 declare const configShortcuts: {
-    findPath: typeof findConfigPath;
+    findPath: typeof findConfigPaths;
     load: typeof loadConfig;
     loadDefaults: typeof loadDefaultConfigs;
     plain: typeof plainConfig;
     save: typeof saveConfig;
     saveTo: typeof saveConfigTo;
     set: typeof setConfig;
-    files: Map<string, PartialRecursive<Config>>;
+    files: Map<string, File>;
 };
 export declare const config: Config & typeof configShortcuts;
 export default config;
@@ -62,8 +65,6 @@ export declare const File: z.ZodObject<{
         disabled: z.ZodOptional<z.ZodArray<z.ZodString>>;
     }, z.core.$strip>>;
     auth: z.ZodOptional<z.ZodObject<{
-        credentials: z.ZodOptional<z.ZodBoolean>;
-        debug: z.ZodOptional<z.ZodBoolean>;
         origin: z.ZodOptional<z.ZodString>;
         passkey_probation: z.ZodOptional<z.ZodNumber>;
         rp_id: z.ZodOptional<z.ZodString>;
@@ -92,12 +93,18 @@ export declare const File: z.ZodObject<{
     }, z.core.$strip>>;
     web: z.ZodOptional<z.ZodObject<{
         prefix: z.ZodOptional<z.ZodString>;
+        assets: z.ZodOptional<z.ZodString>;
+        secure: z.ZodOptional<z.ZodBoolean>;
+        port: z.ZodOptional<z.ZodNumber>;
+        ssl_key: z.ZodOptional<z.ZodString>;
+        ssl_cert: z.ZodOptional<z.ZodString>;
     }, z.core.$strip>>;
     include: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
     plugins: z.ZodOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
 }, z.core.$loose>;
 export interface File extends PartialRecursive<Config>, z.infer<typeof File> {
 }
+export declare function addConfigDefaults(other: PartialRecursive<Config>, _target?: Record<string, any>): void;
 /**
  * Update the current config
  */
@@ -132,4 +139,4 @@ export declare function saveConfigTo(path: string, changed: PartialRecursive<Con
 /**
  * Find the path to the config file
  */
-export declare function findConfigPath(global: boolean): string;
+export declare function findConfigPaths(): string[];

package/dist/config.js

@@ -3,14 +3,15 @@ import { existsSync, readFileSync, writeFileSync } from 'node:fs';
 import { dirname, join, resolve } from 'node:path/posix';
 import { deepAssign, omit } from 'utilium';
 import * as z from 'zod/v4';
-import { findDir, logger, output } from './io.js';
+import { _setDebugOutput, dirs, logger, output } from './io.js';
 import { loadPlugin } from './plugins.js';
-export const configFiles = new Map();
+import { _unique } from './state.js';
+export const configFiles = _unique('configFiles', new Map());
 export function plainConfig() {
     return omit(config, Object.keys(configShortcuts));
 }
 const configShortcuts = {
-    findPath: findConfigPath,
+    findPath: findConfigPaths,
     load: loadConfig,
     loadDefaults: loadDefaultConfigs,
     plain: plainConfig,
@@ -19,18 +20,16 @@ const configShortcuts = {
     set: setConfig,
     files: configFiles,
 };
-export const config = {
+export const config = _unique('config', {
     ...configShortcuts,
     api: {
         disable_metadata: false,
-        cookie_auth: false,
+        cookie_auth: true,
     },
     apps: {
         disabled: [],
     },
     auth: {
-        credentials: false,
-        debug: false,
         origin: 'https://test.localhost',
         passkey_probation: 60,
         rp_id: 'test.localhost',
@@ -53,8 +52,13 @@ export const config = {
     },
     web: {
         prefix: '',
+        assets: '',
+        secure: true,
+        port: 443,
+        ssl_key: resolve(dirs[0], 'ssl_key.pem'),
+        ssl_cert: resolve(dirs[0], 'ssl_cert.pem'),
     },
-};
+});
 export default config;
 // config from file
 export const File = z
@@ -72,8 +76,6 @@ export const File = z
         .partial(),
     auth: z
         .object({
-        credentials: z.boolean(),
-        debug: z.boolean(),
         origin: z.string(),
         /** In minutes */
         passkey_probation: z.number(),
@@ -105,12 +107,28 @@ export const File = z
     web: z
         .object({
         prefix: z.string(),
+        assets: z.string(),
+        secure: z.boolean(),
+        port: z.number().min(1).max(65535),
+        ssl_key: z.string(),
+        ssl_cert: z.string(),
     })
         .partial(),
     include: z.array(z.string()).optional(),
     plugins: z.array(z.string()).optional(),
 })
     .partial();
+export function addConfigDefaults(other, _target = config) {
+    for (const [key, value] of Object.entries(other)) {
+        if (!(key in _target) || _target[key] === null || _target[key] === undefined || Number.isNaN(_target[key])) {
+            _target[key] = value;
+            continue;
+        }
+        if (typeof value == 'object' && value != null && typeof _target[key] == 'object') {
+            addConfigDefaults(value, _target[key]);
+        }
+    }
+}
 /**
  * Update the current config
  */
@@ -119,11 +137,14 @@ export function setConfig(other) {
     logger.detach(output);
     if (config.log.console)
         logger.attach(output, { output: config.log.level });
+    _setDebugOutput(config.debug);
 }
 /**
  * Load the config from the provided path
  */
 export async function loadConfig(path, options = {}) {
+    if (configFiles.has(path))
+        return;
     let json;
     try {
         json = JSON.parse(readFileSync(path, 'utf8'));
@@ -137,13 +158,14 @@ export async function loadConfig(path, options = {}) {
     const file = options.strict ? File.parse(json) : json;
     configFiles.set(path, file);
     setConfig(file);
+    output.debug('Loaded config: ' + path);
     for (const include of file.include ?? [])
         await loadConfig(join(dirname(path), include), { optional: true });
     for (const plugin of file.plugins ?? [])
         await loadPlugin(plugin.startsWith('.') ? resolve(dirname(path), plugin) : plugin);
 }
 export async function loadDefaultConfigs() {
-    for (const path of [findConfigPath(true), findConfigPath(false)]) {
+    for (const path of findConfigPaths()) {
         if (!existsSync(path))
             writeFileSync(path, '{}');
         await loadConfig(path, { optional: true });
@@ -153,7 +175,7 @@ export async function loadDefaultConfigs() {
  * Update the current config and write the updated config to the appropriate file
  */
 export function saveConfig(changed, global = false) {
-    saveConfigTo(process.env.AXIUM_CONFIG ?? findConfigPath(global), changed);
+    saveConfigTo(findConfigPaths().at(global ? 0 : -1), changed);
 }
 /**
  * Update the current config and write the updated config to the provided path
@@ -168,10 +190,11 @@ export function saveConfigTo(path, changed) {
 /**
  * Find the path to the config file
  */
-export function findConfigPath(global) {
+export function findConfigPaths() {
+    const paths = dirs.map(dir => join(dir, 'config.json'));
     if (process.env.AXIUM_CONFIG)
-        return process.env.AXIUM_CONFIG;
-    return join(findDir(global), 'config.json');
+        paths.push(process.env.AXIUM_CONFIG);
+    return paths;
 }
 if (process.env.AXIUM_CONFIG)
     await loadConfig(process.env.AXIUM_CONFIG);

package/dist/database.js

@@ -57,10 +57,13 @@ import pg from 'pg';
 import config from './config.js';
 import { _fixOutput, run, someWarnings } from './io.js';
 import { plugins } from './plugins.js';
+const sym = Symbol.for('Axium:database');
 export let database;
 export function connect() {
     if (database)
         return database;
+    if (globalThis[sym])
+        return (database = globalThis[sym]);
     const _db = new Kysely({
         dialect: new PostgresDialect({ pool: new pg.Pool(config.db) }),
     });
@@ -69,6 +72,7 @@ export function connect() {
             await _db.destroy();
         },
     });
+    globalThis[sym] = database;
     return database;
 }
 export async function count(table) {

package/dist/io.d.ts

@@ -1,10 +1,11 @@
 import { Logger } from 'logzen';
+export declare const systemDir = "/etc/axium";
+export declare const userDir: string;
+export declare const dirs: string[];
+export declare const logger: Logger;
 /**
- * Find the Axium directory.
- * This directory includes things like config files, secrets, etc.
+ * @internal
  */
-export declare function findDir(global: boolean): string;
-export declare const logger: Logger;
 export declare const output: {
     constructor: {
         name: string;
@@ -36,6 +37,7 @@ export interface MaybeOutput {
 export interface WithOutput {
     output: Output;
 }
+export declare function _setDebugOutput(enabled: boolean): void;
 export declare function defaultOutput(tag: 'done'): void;
 export declare function defaultOutput(tag: Exclude<OutputTag, 'done'>, message: string): void;
 /**

package/dist/io.js

@@ -2,29 +2,32 @@ import { Logger } from 'logzen';
 import { exec } from 'node:child_process';
 import * as fs from 'node:fs';
 import { homedir } from 'node:os';
-import { join } from 'node:path/posix';
+import { dirname, join, resolve } from 'node:path/posix';
 import { styleText } from 'node:util';
-import config from './config.js';
-/**
- * Find the Axium directory.
- * This directory includes things like config files, secrets, etc.
- */
-export function findDir(global) {
-    if (process.env.AXIUM_DIR)
-        return process.env.AXIUM_DIR;
-    if (global && process.getuid?.() === 0)
-        return '/etc/axium';
-    if (global)
-        return join(homedir(), '.axium');
-    return '.axium';
+import { _unique } from './state.js';
+export const systemDir = '/etc/axium';
+export const userDir = join(homedir(), '.axium');
+export const dirs = _unique('dirs', [systemDir, userDir]);
+for (let dir = resolve(process.cwd()); dir !== '/'; dir = dirname(dir)) {
+    if (fs.existsSync(join(dir, '.axium')))
+        dirs.push(join(dir, '.axium'));
+}
+if (process.env.AXIUM_DIR)
+    dirs.push(process.env.AXIUM_DIR);
+try {
+    fs.mkdirSync(systemDir, { recursive: true });
+}
+catch {
+    // Missing permissions
 }
-if (process.getuid?.() === 0)
-    fs.mkdirSync('/etc/axium', { recursive: true });
-fs.mkdirSync(findDir(false), { recursive: true });
+fs.mkdirSync(userDir, { recursive: true });
 export const logger = new Logger({
     hideWarningStack: true,
     noGlobalConsole: true,
 });
+/**
+ * @internal
+ */
 export const output = {
     constructor: { name: 'Console' },
     error(message) {
@@ -40,7 +43,7 @@ export const output = {
         console.log(message);
     },
     debug(message) {
-        console.debug(message.startsWith('\x1b') ? message : styleText('gray', message));
+        _debugOutput && console.debug(message.startsWith('\x1b') ? message : styleText('gray', message));
     },
 };
 logger.attach(output);
@@ -85,10 +88,14 @@ export function handleError(e) {
     else
         exit(e);
 }
+let _debugOutput = false;
+export function _setDebugOutput(enabled) {
+    _debugOutput = enabled;
+}
 export function defaultOutput(tag, message = '') {
     switch (tag) {
         case 'debug':
-            config.debug && output.debug(message);
+            _debugOutput && output.debug(message);
             break;
         case 'info':
             console.log(message);

package/dist/plugins.d.ts

@@ -1,7 +1,6 @@
 import z from 'zod/v4';
 export declare const fn: z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>;
 export declare const Plugin: z.ZodObject<{
-    id: z.ZodString;
     name: z.ZodString;
     version: z.ZodString;
     description: z.ZodOptional<z.ZodString>;
@@ -11,11 +10,14 @@ export declare const Plugin: z.ZodObject<{
     db_wipe: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
     db_clean: z.ZodOptional<z.ZodCustom<(...args: unknown[]) => any, (...args: unknown[]) => any>>;
 }, z.core.$strip>;
+declare const kSpecifier: unique symbol;
 export interface Plugin extends z.infer<typeof Plugin> {
+    [kSpecifier]: string;
 }
 export declare const plugins: Set<Plugin>;
 export declare function resolvePlugin(search: string): Plugin | undefined;
 export declare function pluginText(plugin: Plugin): string;
 export declare function loadPlugin(specifier: string): Promise<void>;
+export declare function getSpecifier(plugin: Plugin): string;
 export declare function loadPlugins(dir: string): Promise<void>;
-export declare function loadDefaultPlugins(): Promise<void>;
+export {};

package/dist/plugins.js

@@ -1,12 +1,12 @@
+import { zAsyncFunction } from '@axium/core/schemas';
 import * as fs from 'node:fs';
-import { join, resolve } from 'node:path/posix';
+import { resolve } from 'node:path/posix';
 import { styleText } from 'node:util';
 import z from 'zod/v4';
-import { findDir, output } from './io.js';
-import { zAsyncFunction } from '@axium/core/schemas';
+import { output } from './io.js';
+import { _unique } from './state.js';
 export const fn = z.custom(data => typeof data === 'function');
 export const Plugin = z.object({
-    id: z.string(),
     name: z.string(),
     version: z.string(),
     description: z.string().optional(),
@@ -16,17 +16,17 @@ export const Plugin = z.object({
     db_wipe: fn.optional(),
     db_clean: fn.optional(),
 });
-export const plugins = new Set();
+const kSpecifier = Symbol('specifier');
+export const plugins = _unique('plugins', new Set());
 export function resolvePlugin(search) {
     for (const plugin of plugins) {
-        if (plugin.name.startsWith(search) || plugin.id.startsWith(search))
+        if (plugin.name.startsWith(search))
             return plugin;
     }
 }
 export function pluginText(plugin) {
     return [
         styleText('whiteBright', plugin.name),
-        plugin.id,
         `Version: ${plugin.version}`,
         `Description: ${plugin.description ?? styleText('dim', '(none)')}`,
         `Database integration: ${[plugin.db_init, plugin.db_remove, plugin.db_wipe]
@@ -37,16 +37,21 @@ export function pluginText(plugin) {
 }
 export async function loadPlugin(specifier) {
     try {
-        const plugin = await Plugin.parseAsync(await import(/* @vite-ignore */ specifier)).catch(e => {
+        const imported = await import(/* @vite-ignore */ specifier);
+        const maybePlugin = 'default' in imported ? imported.default : imported;
+        const plugin = Object.assign(await Plugin.parseAsync(maybePlugin).catch(e => {
             throw z.prettifyError(e);
-        });
+        }), { [kSpecifier]: specifier });
         plugins.add(plugin);
-        output.debug(`Loaded plugin: "${plugin.name}" (${plugin.id}) ${plugin.version}`);
+        output.debug(`Loaded plugin: ${plugin.name} ${plugin.version}`);
     }
     catch (e) {
         output.debug(`Failed to load plugin from ${specifier}: ${e.message || e}`);
     }
 }
+export function getSpecifier(plugin) {
+    return plugin[kSpecifier];
+}
 export async function loadPlugins(dir) {
     fs.mkdirSync(dir, { recursive: true });
     const files = fs.readdirSync(dir);
@@ -58,7 +63,3 @@ export async function loadPlugins(dir) {
         await loadPlugin(path);
     }
 }
-export async function loadDefaultPlugins() {
-    await loadPlugins(join(findDir(true), 'plugins'));
-    await loadPlugins(join(findDir(false), 'plugins'));
-}

package/dist/requests.d.ts

@@ -0,0 +1,11 @@
+import type { NewSessionResponse } from '@axium/core/api';
+import { type User } from '@axium/core/user';
+import { type HttpError, type RequestEvent } from '@sveltejs/kit';
+import z from 'zod/v4';
+import { type SessionAndUser, type UserInternal } from './auth.js';
+export declare function parseBody<const Schema extends z.ZodType, const Result extends z.infer<Schema> = z.infer<Schema>>(event: RequestEvent, schema: Schema): Promise<Result>;
+export declare function getToken(event: RequestEvent, sensitive?: boolean): string | undefined;
+export declare function checkAuth(event: RequestEvent, userId: string, sensitive?: boolean): Promise<SessionAndUser>;
+export declare function createSessionData(event: RequestEvent, userId: string, elevated?: boolean): Promise<NewSessionResponse>;
+export declare function stripUser(user: UserInternal, includeProtected?: boolean): User;
+export declare function withError(text: string, code?: number): (e: Error | HttpError) => never;

package/dist/requests.js

@@ -0,0 +1,58 @@
+import { userProtectedFields, userPublicFields } from '@axium/core/user';
+import { error } from '@sveltejs/kit';
+import { pick } from 'utilium';
+import z from 'zod/v4';
+import { createSession, getSessionAndUser } from './auth.js';
+import { config } from './config.js';
+export async function parseBody(event, schema) {
+    const contentType = event.request.headers.get('content-type');
+    if (!contentType || !contentType.includes('application/json'))
+        error(415, { message: 'Invalid content type' });
+    const body = await event.request.json().catch(() => error(415, { message: 'Invalid JSON' }));
+    try {
+        return schema.parse(body);
+    }
+    catch (e) {
+        error(400, { message: z.prettifyError(e) });
+    }
+}
+export function getToken(event, sensitive = false) {
+    const header_token = event.request.headers.get('Authorization')?.replace('Bearer ', '');
+    if (header_token)
+        return header_token;
+    if (config.debug || config.api.cookie_auth) {
+        return event.cookies.get(sensitive ? 'elevated_token' : 'session_token');
+    }
+}
+export async function checkAuth(event, userId, sensitive = false) {
+    const token = getToken(event, sensitive);
+    if (!token)
+        throw error(401, { message: 'Missing token' });
+    const session = await getSessionAndUser(token).catch(() => error(401, { message: 'Invalid or expired session' }));
+    if (session.user?.id !== userId /* && !user.isAdmin */)
+        error(403, { message: 'User ID mismatch' });
+    if (!session.elevated && sensitive)
+        error(403, 'This token can not be used for sensitive actions');
+    return session;
+}
+export async function createSessionData(event, userId, elevated = false) {
+    const { token } = await createSession(userId, elevated);
+    if (elevated) {
+        event.cookies.set('elevated_token', token, { httpOnly: true, path: '/', expires: new Date(Date.now() + 10 * 60_000) });
+        return { userId, token: '[[redacted:elevated]]' };
+    }
+    else {
+        event.cookies.set('session_token', token, { httpOnly: config.auth.secure_cookies, path: '/' });
+        return { userId, token };
+    }
+}
+export function stripUser(user, includeProtected = false) {
+    return pick(user, ...userPublicFields, ...(includeProtected ? userProtectedFields : []));
+}
+export function withError(text, code = 500) {
+    return function (e) {
+        if ('body' in e)
+            throw e;
+        error(code, { message: text + (config.debug && e.message ? `: ${e.message}` : '') });
+    };
+}