@base44-preview/cli 0.0.50-pr.475.9d797d7 → 0.0.50-pr.475.a2693b4

package/dist/cli/index.js

@@ -243211,6 +243211,7 @@ var package_default = {
     "@types/ejs": "^3.1.5",
     "@types/express": "^5.0.6",
     "@types/json-schema": "^7.0.15",
+    "@types/jsonwebtoken": "^9.0.10",
     "@types/lodash": "^4.17.24",
     "@types/multer": "^2.0.0",
     "@types/node": "^22.10.5",
@@ -243229,6 +243230,7 @@ var package_default = {
     globby: "^16.1.0",
     "http-proxy-middleware": "^3.0.5",
     "json-schema-to-typescript": "^15.0.4",
+    jsonwebtoken: "^9.0.3",
     json5: "^2.2.3",
     ky: "^1.14.2",
     lodash: "^4.17.23",
@@ -243244,6 +243246,7 @@ var package_default = {
     typescript: "^5.7.2",
     vitest: "^4.0.16",
     yaml: "^2.8.2",
+    qs: "^6.12.3",
     zod: "^4.3.5"
   },
   engines: {
@@ -253093,9 +253096,13 @@ function createFunctionRouter(manager, logger2) {
     on: {
       proxyReq: (proxyReq, req) => {
         const xAppId = req.headers["x-app-id"];
+        const authorization = req.headers.authorization;
         if (xAppId) {
           proxyReq.setHeader("Base44-App-Id", xAppId);
         }
+        if (authorization) {
+          proxyReq.setHeader("Base44-Service-Authorization", authorization);
+        }
         proxyReq.setHeader("Base44-Api-Url", `${req.protocol}://${req.headers.host}`);
       },
       error: (err, _req, res) => {
@@ -253320,7 +253327,9 @@ class Validator {
 }
 
 // src/cli/dev/dev-server/db/database.ts
+var PRIVATE_COLLECTION_PREFIX = "$";
 var USER_COLLECTION = "user";
+var PRIVATE_USER_COLLECTION = PRIVATE_COLLECTION_PREFIX + USER_COLLECTION;
 
 class Database {
   collections = new Map;
@@ -253342,6 +253351,7 @@ class Database {
     this.schemas.set(USER_COLLECTION, this.buildUserSchema(userEntity));
     const collection = new import_nedb.default;
     this.collections.set(USER_COLLECTION, collection);
+    this.collections.set(PRIVATE_USER_COLLECTION, new import_nedb.default);
     const userInfo = await readAuth();
     const now = getNowISOTimestamp();
     await collection.insertAsync({
@@ -253383,7 +253393,9 @@ class Database {
     return this.collections.get(this.normalizeName(name2));
   }
   getCollectionNames() {
-    return Array.from(this.collections.keys());
+    return Array.from(this.collections.keys()).filter((name2) => {
+      return !name2.startsWith(PRIVATE_COLLECTION_PREFIX);
+    });
   }
   dropAll() {
     for (const collection of this.collections.values()) {
@@ -253460,32 +253472,37 @@ var createJwtToken = (email3) => {
     expiresIn: "360d"
   });
 };
-var UserRegiterSchema = object({
-  id: string2(),
-  email: email2(),
-  otpCode: string2().length(6),
-  password: string2().min(8),
-  createdAt: number2().min(1)
-});
+var LoginBody = object({ email: email2(), password: string2() });
+var VerifyOtpBody = object({ email: email2(), otp_code: string2() });
 function createAuthRouter(db2, logger2) {
   const router = import_express2.Router({ mergeParams: true });
-  const userRegitrPendingMap = new Map;
   const parseBody = import_express2.json();
   router.post("/login", parseBody, async (req, res) => {
-    const { email: email3, password: _password } = req.body;
+    const { email: email3, password } = LoginBody.parse(req.body);
     const result = await db2.getCollection(USER_COLLECTION)?.findOneAsync({ email: email3 });
     if (result) {
-      res.json({
-        access_token: createJwtToken(email3),
-        success: true,
-        user: {}
-      });
+      const privateUserData = await db2.getCollection(PRIVATE_USER_COLLECTION)?.findOneAsync({ email: email3 });
+      if (result.role === "admin" || privateUserData?.password === password) {
+        res.json({
+          access_token: createJwtToken(email3),
+          success: true,
+          user: {}
+        });
+      } else {
+        res.status(400).json({
+          detail: "Invalid email or password",
+          error_type: "HTTPException",
+          message: "Invalid email or password",
+          request_id: null,
+          traceback: ""
+        });
+      }
       return;
     }
     res.status(401).json({ error: "Unauthorized" });
   });
   router.post("/register", parseBody, async (req, res) => {
-    const { email: email3, password } = req.body;
+    const { email: email3, password } = LoginBody.parse(req.body);
     if ((password || "").length < 8) {
       res.status(400).json({
         detail: "Password must be at least 8 characters long",
@@ -253507,15 +253524,30 @@ function createAuthRouter(db2, logger2) {
       });
       return;
     }
-    const otpCode = generateCode();
-    const id2 = nanoid3();
-    userRegitrPendingMap.set(email3, {
-      id: id2,
-      email: email3,
-      otpCode,
-      password,
-      createdAt: +Date.now()
+    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
+    const privateUserData = await privateUserCollection?.findOneAsync({
+      email: email3
     });
+    const otpCode = generateCode();
+    const id2 = privateUserData ? privateUserData.id : nanoid3();
+    if (!privateUserData) {
+      await privateUserCollection?.insertAsync({
+        id: id2,
+        email: email3,
+        otpCode,
+        password,
+        createdAt: Date.now()
+      });
+    } else {
+      await privateUserCollection?.updateAsync({
+        email: email3
+      }, {
+        $set: {
+          otpCode,
+          createdAt: Date.now()
+        }
+      });
+    }
     logger2.log(theme.styles.info(`
 In order to complete registration use this verification code: ${otpCode}
 `));
@@ -253526,16 +253558,24 @@ In order to complete registration use this verification code: ${otpCode}
     });
   });
   router.post("/verify-otp", parseBody, async (req, res) => {
-    const { email: email3, otp_code } = req.body;
-    const userData = userRegitrPendingMap.get(email3);
-    if (userData && userData.otpCode === otp_code) {
-      if (+Date.now() - userData.createdAt < 10 * 60 * 1000) {
+    const { email: email3, otp_code } = VerifyOtpBody.parse(req.body);
+    const privateUserCollection = db2.getCollection(PRIVATE_USER_COLLECTION);
+    const privateUserData = await privateUserCollection?.findOneAsync({
+      email: email3
+    });
+    if (privateUserData && privateUserData.otpCode === otp_code) {
+      if (+Date.now() - privateUserData.createdAt < 10 * 60 * 1000) {
+        await privateUserCollection?.updateAsync({
+          email: email3
+        }, {
+          $unset: { otpCode: true }
+        });
         const collection = db2.getCollection(USER_COLLECTION);
         const now = getNowISOTimestamp();
         const nameFromEmailMatch = /^([^@]+)/.exec(email3);
         const fullName = nameFromEmailMatch ? nameFromEmailMatch[1] : email3;
         await collection?.insertAsync({
-          id: userData.id,
+          id: privateUserData.id,
           email: email3,
           full_name: fullName,
           is_service: false,
@@ -253547,7 +253587,7 @@ In order to complete registration use this verification code: ${otpCode}
           updated_date: now
         });
         res.json({
-          id: userData.id,
+          id: privateUserData.id,
           access_token: createJwtToken(email3),
           message: "Email verified successfully. You are now logged in.",
           success: true
@@ -255715,7 +255755,7 @@ class WatchBase44 extends EventEmitter4 {
 var DEFAULT_PORT = 4400;
 var BASE44_APP_URL = "https://base44.app";
 async function createDevServer(options8) {
-  const { port: userPort, cwd } = options8;
+  const { port: userPort } = options8;
   const port = userPort ?? await getPorts({ port: DEFAULT_PORT });
   const baseUrl = `http://localhost:${port}`;
   const { functions, entities, project: project2 } = await options8.loadResources();
@@ -260359,4 +260399,4 @@ export {
   CLIExitError
 };
 
-//# debugId=5FDDF606296BF31964756E2164756E21
+//# debugId=CB186C06DA18198C64756E2164756E21