@betterportal/auth-default 10.0.0 → 10.0.1

package/lib/plugins/service-betterportal-auth-default/bp-routes/refresh/index.js

@@ -1,92 +1,2 @@
-import * as av from "anyvali";
-// Infer used at runtime cast for typed body access.
-import { createHandler } from "@betterportal/framework";
-export const QuerySchema = av.object({}, { unknownKeys: "strip" });
-export const HeadersSchema = av.object({
-    "x-bp-refresh": av.optional(av.string().minLength(1))
-}, { unknownKeys: "strip" });
-export const RequestSchema = av.object({
-    refreshToken: av.optional(av.string().minLength(1).describe("Signed refresh token issued by the auth service."))
-}, { unknownKeys: "strip" });
-export const ResponseSchema = av.object({
-    status: av.enum_(["ok", "error"]).describe("Refresh request outcome."),
-    message: av.optional(av.string()).describe("Human-readable status or error message for the renderer."),
-    accessToken: av.optional(av.string()).describe("New signed JWT access token returned when refresh succeeds."),
-    expiresInSeconds: av.optional(av.int().min(1)).describe("New access token lifetime in seconds.")
-}, { unknownKeys: "strip" });
-export const title = "Refresh Token";
-export const description = "Exchange a refresh token for a new access token.";
-export const role = "auth.refresh";
-export const auth = {
-    required: false,
-    permissions: []
-};
-export const cacheHints = {
-    ttlSeconds: 0,
-    varyBy: []
-};
-function runtimeFrom(ctx) {
-    const runtime = ctx.plugin?.runtime;
-    if (!runtime)
-        throw new Error("Auth runtime not available on handler context");
-    return runtime;
-}
-export const handlePost = createHandler({ response: ResponseSchema, request: RequestSchema }, async (ctx) => {
-    const runtime = runtimeFrom(ctx);
-    const tenantId = ctx.tenant.id;
-    const appId = ctx.app.id;
-    const body = ctx.request;
-    const headers = ctx.headers;
-    const refreshToken = body.refreshToken ?? headers["x-bp-refresh"];
-    if (!refreshToken) {
-        return {
-            status: "error",
-            message: "Refresh token missing."
-        };
-    }
-    let claims;
-    try {
-        claims = await runtime.tokenIssuer.verifyRefreshToken({
-            refreshToken,
-            tenantId,
-            appId
-        });
-    }
-    catch {
-        return {
-            status: "error",
-            message: "Refresh token invalid or expired."
-        };
-    }
-    const user = runtime.userStore.findById(claims.sub);
-    if (!user || !user.enabled) {
-        return {
-            status: "error",
-            message: "User no longer exists or is disabled."
-        };
-    }
-    const roles = user.appRoles[appId] ?? [];
-    const issued = runtime.tokenIssuer.issueTokenPair({
-        sub: user.id,
-        tenantId: user.tenantId,
-        appId,
-        roles,
-        name: user.name ?? user.username,
-        email: user.email,
-        picture: user.picture
-    }, {
-        includeRefreshToken: false
-    });
-    ctx.bpHeaders?.set("Authorization", `Bearer ${issued.accessToken}`, {
-        expiresInSeconds: issued.accessTokenExpiresInSeconds,
-        locked: true,
-        refreshPath: "/refresh",
-        refreshBeforeSeconds: 60
-    });
-    return {
-        status: "ok",
-        accessToken: issued.accessToken,
-        expiresInSeconds: issued.accessTokenExpiresInSeconds
-    };
-});
+export { title, description, auth, role, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/refresh/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,oDAAoD;AACpD,OAAO,EACL,aAAa,EAGd,MAAM,yBAAyB,CAAC;AAGjC,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AACnE,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CACtD,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC,CAAC;CACjH,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC/E,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,0DAA0D,CAAC;IACtG,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IAC7G,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,uCAAuC,CAAC;CACjG,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,eAAe,CAAC;AACrC,MAAM,CAAC,MAAM,WAAW,GAAG,kDAAkD,CAAC;AAC9E,MAAM,CAAC,MAAM,IAAI,GAAG,cAAc,CAAC;AAEnC,MAAM,CAAC,MAAM,IAAI,GAAuB;IACtC,QAAQ,EAAE,KAAK;IACf,WAAW,EAAE,EAAE;CAChB,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAe;IACpC,UAAU,EAAE,CAAC;IACb,MAAM,EAAE,EAAE;CACX,CAAC;AAEF,SAAS,WAAW,CAAC,GAAyB;IAC5C,MAAM,OAAO,GAAI,GAAG,CAAC,MAAgD,EAAE,OAAO,CAAC;IAC/E,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IAC/E,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE,EACpD,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;IAEzB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAsC,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAsC,CAAC;IAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IAClE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,wBAAwB;SAClC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC;YACpD,YAAY;YACZ,QAAQ;YACR,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,mCAAmC;SAC7C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACpD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,uCAAuC;SACjD,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC;QAChD,GAAG,EAAE,IAAI,CAAC,EAAE;QACZ,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK;QACL,KAAK;QACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ;QAChC,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,EAAE;QACD,mBAAmB,EAAE,KAAK;KAC3B,CAAC,CAAC;IAEH,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,CAAC,WAAW,EAAE,EAAE;QAClE,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,UAAU;QACvB,oBAAoB,EAAE,EAAE;KACzB,CAAC,CAAC;IAEH,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;KACrD,CAAC;AACJ,CAAC,CACF,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/refresh/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/refresh/route.impl.d.ts

@@ -0,0 +1,31 @@
+import * as av from "anyvali";
+import type { Infer } from "anyvali";
+import { type ApiAuthRequirement, type CacheHints } from "@betterportal/framework";
+export declare const QuerySchema: av.ObjectSchema<{}>;
+export declare const HeadersSchema: av.ObjectSchema<{
+    "x-bp-refresh": av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const RequestSchema: av.ObjectSchema<{
+    refreshToken: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const ResponseSchema: av.ObjectSchema<{
+    status: av.EnumSchema<readonly ["ok", "error"]>;
+    message: av.OptionalSchema<av.StringSchema>;
+    accessToken: av.OptionalSchema<av.StringSchema>;
+    expiresInSeconds: av.OptionalSchema<av.IntSchema>;
+}>;
+export type ResponseData = Infer<typeof ResponseSchema>;
+export declare const title = "Refresh Token";
+export declare const description = "Exchange a refresh token for a new access token.";
+export declare const role = "auth.refresh";
+export declare const auth: ApiAuthRequirement;
+export declare const cacheHints: CacheHints;
+export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, Record<string, unknown>, Record<string, string>, {
+    refreshToken?: string | undefined;
+}, {
+    status: "ok" | "error";
+    message?: string | undefined;
+    accessToken?: string | undefined;
+    expiresInSeconds?: number | undefined;
+}, unknown, Record<string, unknown>>;
+//# sourceMappingURL=route.impl.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/refresh/route.impl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/refresh/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EAChB,MAAM,yBAAyB,CAAC;AAGjC,eAAO,MAAM,WAAW,qBAA0C,CAAC;AACnE,eAAO,MAAM,aAAa;;EAEE,CAAC;AAE7B,eAAO,MAAM,aAAa;;EAEE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;EAKC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,kBAAkB,CAAC;AACrC,eAAO,MAAM,WAAW,qDAAqD,CAAC;AAC9E,eAAO,MAAM,IAAI,iBAAiB,CAAC;AAEnC,eAAO,MAAM,IAAI,EAAE,kBAGlB,CAAC;AAEF,eAAO,MAAM,UAAU,EAAE,UAGxB,CAAC;AAQF,eAAO,MAAM,UAAU;;;;;;;oCAiEtB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/refresh/route.impl.js

@@ -0,0 +1,92 @@
+import * as av from "anyvali";
+// Infer used at runtime cast for typed body access.
+import { createHandler } from "@betterportal/framework";
+export const QuerySchema = av.object({}, { unknownKeys: "strip" });
+export const HeadersSchema = av.object({
+    "x-bp-refresh": av.optional(av.string().minLength(1))
+}, { unknownKeys: "strip" });
+export const RequestSchema = av.object({
+    refreshToken: av.optional(av.string().minLength(1).describe("Signed refresh token issued by the auth service."))
+}, { unknownKeys: "strip" });
+export const ResponseSchema = av.object({
+    status: av.enum_(["ok", "error"]).describe("Refresh request outcome."),
+    message: av.optional(av.string()).describe("Human-readable status or error message for the renderer."),
+    accessToken: av.optional(av.string()).describe("New signed JWT access token returned when refresh succeeds."),
+    expiresInSeconds: av.optional(av.int().min(1)).describe("New access token lifetime in seconds.")
+}, { unknownKeys: "strip" });
+export const title = "Refresh Token";
+export const description = "Exchange a refresh token for a new access token.";
+export const role = "auth.refresh";
+export const auth = {
+    required: false,
+    permissions: []
+};
+export const cacheHints = {
+    ttlSeconds: 0,
+    varyBy: []
+};
+function runtimeFrom(ctx) {
+    const runtime = ctx.plugin?.runtime;
+    if (!runtime)
+        throw new Error("Auth runtime not available on handler context");
+    return runtime;
+}
+export const handlePost = createHandler({ response: ResponseSchema, request: RequestSchema }, async (ctx) => {
+    const runtime = runtimeFrom(ctx);
+    const tenantId = ctx.tenant.id;
+    const appId = ctx.app.id;
+    const body = ctx.request;
+    const headers = ctx.headers;
+    const refreshToken = body.refreshToken ?? headers["x-bp-refresh"];
+    if (!refreshToken) {
+        return {
+            status: "error",
+            message: "Refresh token missing."
+        };
+    }
+    let claims;
+    try {
+        claims = await runtime.tokenIssuer.verifyRefreshToken({
+            refreshToken,
+            tenantId,
+            appId
+        });
+    }
+    catch {
+        return {
+            status: "error",
+            message: "Refresh token invalid or expired."
+        };
+    }
+    const user = runtime.userStore.findById(claims.sub);
+    if (!user || !user.enabled) {
+        return {
+            status: "error",
+            message: "User no longer exists or is disabled."
+        };
+    }
+    const roles = user.appRoles[appId] ?? [];
+    const issued = runtime.tokenIssuer.issueTokenPair({
+        sub: user.id,
+        tenantId: user.tenantId,
+        appId,
+        roles,
+        name: user.name ?? user.username,
+        email: user.email,
+        picture: user.picture
+    }, {
+        includeRefreshToken: false
+    });
+    ctx.bpHeaders?.set("Authorization", `Bearer ${issued.accessToken}`, {
+        expiresInSeconds: issued.accessTokenExpiresInSeconds,
+        locked: true,
+        refreshPath: "/refresh",
+        refreshBeforeSeconds: 60
+    });
+    return {
+        status: "ok",
+        accessToken: issued.accessToken,
+        expiresInSeconds: issued.accessTokenExpiresInSeconds
+    };
+});
+//# sourceMappingURL=route.impl.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/refresh/route.impl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/refresh/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,oDAAoD;AACpD,OAAO,EACL,aAAa,EAGd,MAAM,yBAAyB,CAAC;AAGjC,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AACnE,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,cAAc,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;CACtD,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,YAAY,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,kDAAkD,CAAC,CAAC;CACjH,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC/E,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,0DAA0D,CAAC;IACtG,WAAW,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,6DAA6D,CAAC;IAC7G,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,uCAAuC,CAAC;CACjG,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,eAAe,CAAC;AACrC,MAAM,CAAC,MAAM,WAAW,GAAG,kDAAkD,CAAC;AAC9E,MAAM,CAAC,MAAM,IAAI,GAAG,cAAc,CAAC;AAEnC,MAAM,CAAC,MAAM,IAAI,GAAuB;IACtC,QAAQ,EAAE,KAAK;IACf,WAAW,EAAE,EAAE;CAChB,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAe;IACpC,UAAU,EAAE,CAAC;IACb,MAAM,EAAE,EAAE;CACX,CAAC;AAEF,SAAS,WAAW,CAAC,GAAyB;IAC5C,MAAM,OAAO,GAAI,GAAG,CAAC,MAAgD,EAAE,OAAO,CAAC;IAC/E,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IAC/E,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE,EACpD,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;IAEzB,MAAM,IAAI,GAAG,GAAG,CAAC,OAAsC,CAAC;IACxD,MAAM,OAAO,GAAG,GAAG,CAAC,OAAsC,CAAC;IAC3D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IAClE,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,wBAAwB;SAClC,CAAC;IACJ,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,kBAAkB,CAAC;YACpD,YAAY;YACZ,QAAQ;YACR,KAAK;SACN,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,mCAAmC;SAC7C,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACpD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,uCAAuC;SACjD,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC;QAChD,GAAG,EAAE,IAAI,CAAC,EAAE;QACZ,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK;QACL,KAAK;QACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ;QAChC,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,EAAE;QACD,mBAAmB,EAAE,KAAK;KAC3B,CAAC,CAAC;IAEH,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,eAAe,EAAE,UAAU,MAAM,CAAC,WAAW,EAAE,EAAE;QAClE,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;QACpD,MAAM,EAAE,IAAI;QACZ,WAAW,EAAE,UAAU;QACvB,oBAAoB,EAAE,EAAE;KACzB,CAAC,CAAC;IAEH,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,gBAAgB,EAAE,MAAM,CAAC,2BAA2B;KACrD,CAAC;AACJ,CAAC,CACF,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/GET.d.ts

@@ -0,0 +1,3 @@
+export { ResponseSchema, QuerySchema, HeadersSchema, RequestSchema } from "./route.impl.js";
+export { handleGet as default } from "./route.impl.js";
+//# sourceMappingURL=GET.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/GET.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GET.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/GET.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EAAE,SAAS,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/GET.js

@@ -0,0 +1,3 @@
+export { ResponseSchema, QuerySchema, HeadersSchema, RequestSchema } from "./route.impl.js";
+export { handleGet as default } from "./route.impl.js";
+//# sourceMappingURL=GET.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/GET.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GET.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/GET.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EAAE,SAAS,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/POST.d.ts

@@ -0,0 +1,3 @@
+export { ResponseSchema, QuerySchema, HeadersSchema, RequestSchema } from "./route.impl.js";
+export { handlePost as default } from "./route.impl.js";
+//# sourceMappingURL=POST.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/POST.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"POST.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/POST.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/POST.js

@@ -0,0 +1,3 @@
+export { ResponseSchema, QuerySchema, HeadersSchema, RequestSchema } from "./route.impl.js";
+export { handlePost as default } from "./route.impl.js";
+//# sourceMappingURL=POST.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/POST.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"POST.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/POST.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,WAAW,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5F,OAAO,EAAE,UAAU,IAAI,OAAO,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/{index.400.js → 400.d.ts}

@@ -3,5 +3,5 @@
  * context). Same renderer as the main view - it re-renders the form with the
  * error message so the response swaps into #bp-main like any other view.
  */
-export { render } from "./index.js";
-//# sourceMappingURL=index.400.js.map
+export { render } from "./GET.js";
+//# sourceMappingURL=400.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/400.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"400.d.ts","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/400.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/{index.400.d.ts → 400.js}

@@ -3,5 +3,5 @@
  * context). Same renderer as the main view - it re-renders the form with the
  * error message so the response swaps into #bp-main like any other view.
  */
-export { render } from "./index.js";
-//# sourceMappingURL=index.400.d.ts.map
+export { render } from "./GET.js";
+//# sourceMappingURL=400.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/400.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"400.js","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/400.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/{index.d.ts → GET.d.ts}

@@ -1,4 +1,4 @@
 import type { HtmlRenderable } from "@betterportal/framework";
-import type { ResponseData } from "../index.js";
+import type { ResponseData } from "../route.impl.js";
 export declare function render(data: ResponseData): HtmlRenderable;
-//# sourceMappingURL=index.d.ts.map
+//# sourceMappingURL=GET.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/GET.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"GET.d.ts","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/GET.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AA6FrD,wBAAgB,MAAM,CAAC,IAAI,EAAE,YAAY,GAAG,cAAc,CAwCzD"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/{index.js → GET.js}

@@ -60,4 +60,4 @@ export function render(data) {
     // GET, zero users - the first-admin form.
     return renderForm(data);
 }
-//# sourceMappingURL=index.js.map
+//# sourceMappingURL=GET.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/GET.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"GET.js","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/_theme.bootstrap1/GET.tsx"],"names":[],"mappings":";AAAA,gCAAgC;AAChC,OAAO,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAI9B,qFAAqF;AACrF,SAAS,UAAU,CAAC,GAAuB,EAAE,QAAgB;IAC3D,IAAI,CAAC,GAAG;QAAE,OAAO,QAAQ,CAAC;IAC1B,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,QAAQ,CAAC;IAClB,CAAC;AACH,CAAC;AAED,6EAA6E;AAC7E,SAAS,cAAc;IACrB,2EAA2E;IAC3E,2DAA2D;IAC3D,OAAO,EAAE,CAAC;;;;;;;;;;;;;;OAcL,CAAC,CAAC;AACT,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,OAAe,EAAE,KAAa;IAC/D,OAAO,CACL,wBACU,GAAG,gBACA,mBAAmB,eACpB,UAAU,aACZ,WAAW,iBACN,OAAO,YAEpB,cAAK,KAAK,EAAC,oCAAoC,YAC7C,cAAK,KAAK,EAAC,kCAAkC,EAAC,IAAI,EAAC,QAAQ,YAAC,eAAM,KAAK,EAAC,iBAAiB,YAAE,KAAK,GAAQ,GAAM,GAC1G,GACF,CACP,CAAC;AACJ,CAAC;AAED,SAAS,UAAU,CAAC,IAAkB;IACpC,OAAO,CACL,eAAK,KAAK,EAAC,gBAAgB,EAAC,KAAK,EAAC,mBAAmB,aACnD,cAAK,KAAK,EAAC,yBAAyB,YAClC,eAAK,KAAK,EAAC,WAAW,aACpB,aAAI,KAAK,EAAC,6BAA6B,mCAAwB,EAC/D,YAAG,KAAK,EAAC,uCAAuC,kHAE5C,EACJ,gBACE,EAAE,EAAC,kBAAkB,aACb,MAAM,eACJ,UAAU,aACZ,WAAW,aAEnB,eAAK,KAAK,EAAC,MAAM,aACf,gBAAO,KAAK,EAAC,YAAY,2BAAmB,EAC5C,gBAAO,IAAI,EAAC,MAAM,EAAC,KAAK,EAAC,cAAc,EAAC,IAAI,EAAC,UAAU,EAAC,YAAY,EAAC,UAAU,EAAC,QAAQ,QAAC,SAAS,SAAG,IACjG,EACN,eAAK,KAAK,EAAC,MAAM,aACf,gBAAO,KAAK,EAAC,YAAY,sBAAc,EACvC,gBAAO,IAAI,EAAC,OAAO,EAAC,KAAK,EAAC,cAAc,EAAC,IAAI,EAAC,OAAO,EAAC,YAAY,EAAC,OAAO,GAAG,IACzE,EACN,eAAK,KAAK,EAAC,MAAM,aACf,iBAAO,KAAK,EAAC,YAAY,4BAAY,eAAM,KAAK,EAAC,sBAAsB,8BAAqB,IAAQ,EACpG,gBAAO,IAAI,EAAC,UAAU,EAAC,KAAK,EAAC,cAAc,EAAC,IAAI,EAAC,UAAU,EAAC,YAAY,EAAC,cAAc,EAAC,SAAS,EAAC,GAAG,EAAC,QAAQ,SAAG,IAC7G,EACN,eAAK,KAAK,EAAC,MAAM,aACf,gBAAO,KAAK,EAAC,YAAY,mCAA2B,EACpD,gBAAO,IAAI,EAAC,UAAU,EAAC,KAAK,EAAC,cAAc,EAAC,EAAE,EAAC,qBAAqB,EAAC,YAAY,EAAC,cAAc,EAAC,SAAS,EAAC,GAAG,EAAC,QAAQ,SAAG,IACtH,EACN,cAAK,KAAK,EAAE,sBAAsB,IAAI,CAAC,MAAM,KAAK,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,EAAE,EAAC,mBAAmB,YAChH,IAAI,CAAC,MAAM,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAChD,EACN,iBAAQ,IAAI,EAAC,QAAQ,EAAC,KAAK,EAAC,uBAAuB,qCAA8B,IAC5E,IACH,GACF,EACN,2BAAS,cAAc,EAAE,GAAU,IAC/B,CACP,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,IAAkB;IACvC,mEAAmE;IACnE,IAAI,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;QACtC,OAAO,CACL,cAAK,KAAK,EAAC,gBAAgB,EAAC,KAAK,EAAC,mBAAmB,YACnD,cAAK,KAAK,EAAC,yBAAyB,YAClC,eAAK,KAAK,EAAC,uBAAuB,aAChC,aAAI,KAAK,EAAC,iBAAiB,8BAAmB,EAC9C,eAAK,KAAK,EAAC,0BAA0B,aACnC,2BAAS,IAAI,CAAC,IAAI,CAAC,QAAQ,GAAU,2CACjC,EACN,YAAG,KAAK,EAAC,2BAA2B,yCAA6B,EAChE,IAAI,CAAC,QAAQ;4BACZ,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,2BAA2B,CAAC;4BAC/F,CAAC,CAAC,YAAG,KAAK,EAAC,sBAAsB,EAAC,IAAI,EAAC,QAAQ,wBAAY,IACzD,GACF,GACF,CACP,CAAC;IACJ,CAAC;IAED,6EAA6E;IAC7E,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAC5B,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED,8EAA8E;IAC9E,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,OAAO,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,EAAE,2BAA2B,CAAC,CAAC;QACvG,CAAC;QACD,OAAO,CACL,cAAK,KAAK,EAAC,gBAAgB,EAAC,KAAK,EAAC,mBAAmB,YACnD,eAAK,KAAK,EAAC,uBAAuB,yCAAyB,YAAG,IAAI,EAAC,QAAQ,wBAAY,iBAAe,GAClG,CACP,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/index.d.ts

@@ -1,64 +1,2 @@
-import * as av from "anyvali";
-import type { Infer } from "anyvali";
-import { type ApiAuthRequirement, type CacheHints, type BetterPortalRouteChrome } from "@betterportal/framework";
-export declare const QuerySchema: av.ObjectSchema<{
-    next: av.OptionalSchema<av.StringSchema>;
-}>;
-export declare const HeadersSchema: av.ObjectSchema<{}>;
-export declare const RequestSchema: av.ObjectSchema<{
-    username: av.StringSchema;
-    password: av.StringSchema;
-    email: av.OptionalSchema<av.StringSchema>;
-    name: av.OptionalSchema<av.StringSchema>;
-}>;
-export declare const ResponseSchema: av.ObjectSchema<{
-    status: av.EnumSchema<readonly ["ok", "error"]>;
-    message: av.OptionalSchema<av.StringSchema>;
-    user: av.OptionalSchema<av.ObjectSchema<{
-        id: av.StringSchema;
-        username: av.StringSchema;
-        isFirstAdmin: av.BoolSchema;
-    }>>;
-    registrationOpen: av.OptionalSchema<av.BoolSchema>;
-    loginUrl: av.OptionalSchema<av.StringSchema>;
-}>;
-export type ResponseData = Infer<typeof ResponseSchema>;
-export declare const title = "Register First Admin";
-export declare const description = "Open registration for the very first user. Once any user exists, this endpoint requires admin auth.";
-export declare const role = "auth.register";
-export declare const dependencies: string[];
-export declare const chrome: BetterPortalRouteChrome;
-export declare const auth: ApiAuthRequirement;
-export declare const cacheHints: CacheHints;
-export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
-    next?: string | undefined;
-}, Record<string, string>, Record<string, unknown>, {
-    status: "ok" | "error";
-    message?: string | undefined;
-    user?: {
-        id: string;
-        username: string;
-        isFirstAdmin: boolean;
-    } | undefined;
-    registrationOpen?: boolean | undefined;
-    loginUrl?: string | undefined;
-}, unknown, Record<string, unknown>>;
-export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, {
-    next?: string | undefined;
-}, Record<string, string>, {
-    username: string;
-    password: string;
-    email?: string | undefined;
-    name?: string | undefined;
-}, {
-    status: "ok" | "error";
-    message?: string | undefined;
-    user?: {
-        id: string;
-        username: string;
-        isFirstAdmin: boolean;
-    } | undefined;
-    registrationOpen?: boolean | undefined;
-    loginUrl?: string | undefined;
-}, unknown, Record<string, unknown>>;
+export { title, description, auth, role, dependencies, chrome, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EACf,KAAK,uBAAuB,EAC7B,MAAM,yBAAyB,CAAC;AAGjC,eAAO,MAAM,WAAW;;EAEI,CAAC;AAC7B,eAAO,MAAM,aAAa,qBAA0C,CAAC;AAErE,eAAO,MAAM,aAAa;;;;;EAKE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;;;;;;EAaC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,yBAAyB,CAAC;AAC5C,eAAO,MAAM,WAAW,wGAAwG,CAAC;AAEjI,eAAO,MAAM,IAAI,kBAAkB,CAAC;AACpC,eAAO,MAAM,YAAY,UAAkB,CAAC;AAC5C,eAAO,MAAM,MAAM,EAAE,uBAA8C,CAAC;AAEpE,eAAO,MAAM,IAAI,EAAE,kBAGlB,CAAC;AAEF,eAAO,MAAM,UAAU,EAAE,UAGxB,CAAC;AAgBF,eAAO,MAAM,SAAS;;;;;;;;;;;;oCAWrB,CAAC;AAEF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;oCA8CtB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/index.js

@@ -1,106 +1,2 @@
-import * as av from "anyvali";
-import { createHandler } from "@betterportal/framework";
-export const QuerySchema = av.object({
-    next: av.optional(av.string()).describe("The view path to pass through to login after first-admin registration.")
-}, { unknownKeys: "strip" });
-export const HeadersSchema = av.object({}, { unknownKeys: "strip" });
-export const RequestSchema = av.object({
-    username: av.string().minLength(1).describe("Username for the first admin account."),
-    password: av.string().minLength(8).describe("Password for the first admin account."),
-    email: av.optional(av.string()).describe("Email address for the first admin account."),
-    name: av.optional(av.string()).describe("Display name for the first admin account.")
-}, { unknownKeys: "strip" });
-export const ResponseSchema = av.object({
-    status: av.enum_(["ok", "error"]).describe("Registration request outcome."),
-    message: av.optional(av.string()).describe("Human-readable status or error message for the renderer."),
-    user: av.optional(av.object({
-        id: av.string().describe("Stable UUIDv7 user id."),
-        username: av.string().describe("Created account username."),
-        isFirstAdmin: av.bool().describe("True when this account is the deployment's first admin.")
-    }, { unknownKeys: "strip" }).describe("Created first-admin user summary.")),
-    // GET state for the theme renderer: registrations are closed once any user
-    // exists; loginUrl (self-origin, absolute) is where the renderer sends the
-    // browser in that case - and after a successful first-admin creation.
-    registrationOpen: av.optional(av.bool()).describe("True while the auth service has zero users; once false, the renderer should send the browser to login."),
-    loginUrl: av.optional(av.string()).describe("Absolute self-origin URL of this auth service's login view, used when registration is closed and after successful first-admin creation.")
-}, { unknownKeys: "strip" });
-export const title = "Register First Admin";
-export const description = "Open registration for the very first user. Once any user exists, this endpoint requires admin auth.";
-export const role = "auth.register";
-export const dependencies = ["login.index"];
-export const chrome = { fullScreen: true };
-export const auth = {
-    required: false,
-    permissions: []
-};
-export const cacheHints = {
-    ttlSeconds: 0,
-    varyBy: []
-};
-/** Self-origin absolute URL for a path, derived from the request Host header. */
-function runtimeFrom(ctx) {
-    const runtime = ctx.plugin?.runtime;
-    if (!runtime)
-        throw new Error("Auth runtime not available on handler context");
-    return runtime;
-}
-function selfUrl(ctx, path, next) {
-    const host = ctx.headers.host;
-    if (!host)
-        return undefined;
-    const proto = ctx.headers["x-forwarded-proto"] ?? "http";
-    return `${proto}://${host}${path}${next ? `?next=${encodeURIComponent(next)}` : ""}`;
-}
-export const handleGet = createHandler({ response: ResponseSchema, query: QuerySchema }, (ctx) => {
-    const runtime = runtimeFrom(ctx);
-    const next = ctx.query.next;
-    return {
-        status: "ok",
-        registrationOpen: runtime.userStore.hasNoUsers(),
-        loginUrl: selfUrl(ctx, "/login", next)
-    };
-});
-export const handlePost = createHandler({ response: ResponseSchema, request: RequestSchema, query: QuerySchema }, async (ctx) => {
-    const runtime = runtimeFrom(ctx);
-    const tenantId = ctx.tenant.id;
-    const appId = ctx.app.id;
-    if (!runtime.userStore.hasNoUsers()) {
-        // Registration is closed once any user exists. Respond 404 so the route
-        // appears not to exist (no user-enumeration surface).
-        ctx.setStatus?.(404);
-        return {
-            status: "error",
-            message: ""
-        };
-    }
-    const body = ctx.request;
-    try {
-        const created = await runtime.userStore.createUser({
-            username: body.username,
-            password: body.password,
-            email: body.email,
-            name: body.name,
-            tenantId,
-            appRoles: { [appId]: ["admin"] }
-        });
-        return {
-            status: "ok",
-            message: "First admin created.",
-            user: {
-                id: created.id,
-                username: created.username,
-                isFirstAdmin: true
-            },
-            // For the themed success view: where to send the browser to sign in.
-            loginUrl: selfUrl(ctx, "/login", ctx.query.next)
-        };
-    }
-    catch (err) {
-        ctx.setStatus?.(400);
-        return {
-            status: "error",
-            message: err.message
-        };
-    }
-});
+export { title, description, auth, role, dependencies, chrome, cacheHints } from "./route.impl.js";
 //# sourceMappingURL=index.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EACL,aAAa,EAId,MAAM,yBAAyB,CAAC;AAGjC,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC,MAAM,CAAC;IACnC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,wEAAwE,CAAC;CAClH,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAC7B,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAErE,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC,MAAM,CAAC;IACrC,QAAQ,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IACpF,QAAQ,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,uCAAuC,CAAC;IACpF,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,4CAA4C,CAAC;IACtF,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,2CAA2C,CAAC;CACrF,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAE7B,MAAM,CAAC,MAAM,cAAc,GAAG,EAAE,CAAC,MAAM,CAAC;IACtC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,EAAE,OAAO,CAAU,CAAC,CAAC,QAAQ,CAAC,+BAA+B,CAAC;IACpF,OAAO,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,0DAA0D,CAAC;IACtG,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,CAAC;QAC1B,EAAE,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;QAClD,QAAQ,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,2BAA2B,CAAC;QAC3D,YAAY,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,yDAAyD,CAAC;KAC5F,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,mCAAmC,CAAC,CAAC;IAC3E,2EAA2E;IAC3E,2EAA2E;IAC3E,sEAAsE;IACtE,gBAAgB,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,wGAAwG,CAAC;IAC3J,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,yIAAyI,CAAC;CACvL,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,KAAK,GAAG,sBAAsB,CAAC;AAC5C,MAAM,CAAC,MAAM,WAAW,GAAG,qGAAqG,CAAC;AAEjI,MAAM,CAAC,MAAM,IAAI,GAAG,eAAe,CAAC;AACpC,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,aAAa,CAAC,CAAC;AAC5C,MAAM,CAAC,MAAM,MAAM,GAA4B,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;AAEpE,MAAM,CAAC,MAAM,IAAI,GAAuB;IACtC,QAAQ,EAAE,KAAK;IACf,WAAW,EAAE,EAAE;CAChB,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAe;IACpC,UAAU,EAAE,CAAC;IACb,MAAM,EAAE,EAAE;CACX,CAAC;AAEF,iFAAiF;AACjF,SAAS,WAAW,CAAC,GAAyB;IAC5C,MAAM,OAAO,GAAI,GAAG,CAAC,MAAgD,EAAE,OAAO,CAAC;IAC/E,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IAC/E,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,OAAO,CAAC,GAAwC,EAAE,IAAY,EAAE,IAAa;IACpF,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;IAC9B,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC;IACzD,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,kBAAkB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;AACvF,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,aAAa,CACpC,EAAE,QAAQ,EAAE,cAAc,EAAE,KAAK,EAAE,WAAW,EAAE,EAChD,CAAC,GAAG,EAAE,EAAE;IACN,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,IAAI,GAAI,GAAG,CAAC,KAA2B,CAAC,IAAI,CAAC;IACnD,OAAO;QACL,MAAM,EAAE,IAAa;QACrB,gBAAgB,EAAE,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE;QAChD,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,IAAI,CAAC;KACvC,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,MAAM,CAAC,MAAM,UAAU,GAAG,aAAa,CACrC,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE,WAAW,EAAE,EACxE,KAAK,EAAE,GAAG,EAAE,EAAE;IACZ,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IACjC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;IAEzB,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC;QACpC,wEAAwE;QACxE,sDAAsD;QACtD,GAAG,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC;QACrB,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAE,EAAE;SACZ,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,GAAG,GAAG,CAAC,OAAsC,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC;YACjD,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,QAAQ;YACR,QAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE;SACjC,CAAC,CAAC;QACH,OAAO;YACL,MAAM,EAAE,IAAa;YACrB,OAAO,EAAE,sBAAsB;YAC/B,IAAI,EAAE;gBACJ,EAAE,EAAE,OAAO,CAAC,EAAE;gBACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,YAAY,EAAE,IAAI;aACnB;YACD,qEAAqE;YACrE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAG,GAAG,CAAC,KAA2B,CAAC,IAAI,CAAC;SACxE,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,SAAS,EAAE,CAAC,GAAG,CAAC,CAAC;QACrB,OAAO;YACL,MAAM,EAAE,OAAgB;YACxB,OAAO,EAAG,GAAa,CAAC,OAAO;SAChC,CAAC;IACJ,CAAC;AACH,CAAC,CACF,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/route.impl.d.ts

@@ -0,0 +1,64 @@
+import * as av from "anyvali";
+import type { Infer } from "anyvali";
+import { type ApiAuthRequirement, type CacheHints, type BetterPortalRouteChrome } from "@betterportal/framework";
+export declare const QuerySchema: av.ObjectSchema<{
+    next: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const HeadersSchema: av.ObjectSchema<{}>;
+export declare const RequestSchema: av.ObjectSchema<{
+    username: av.StringSchema;
+    password: av.StringSchema;
+    email: av.OptionalSchema<av.StringSchema>;
+    name: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const ResponseSchema: av.ObjectSchema<{
+    status: av.EnumSchema<readonly ["ok", "error"]>;
+    message: av.OptionalSchema<av.StringSchema>;
+    user: av.OptionalSchema<av.ObjectSchema<{
+        id: av.StringSchema;
+        username: av.StringSchema;
+        isFirstAdmin: av.BoolSchema;
+    }>>;
+    registrationOpen: av.OptionalSchema<av.BoolSchema>;
+    loginUrl: av.OptionalSchema<av.StringSchema>;
+}>;
+export type ResponseData = Infer<typeof ResponseSchema>;
+export declare const title = "Register First Admin";
+export declare const description = "Open registration for the very first user. Once any user exists, this endpoint requires admin auth.";
+export declare const role = "auth.register";
+export declare const dependencies: string[];
+export declare const chrome: BetterPortalRouteChrome;
+export declare const auth: ApiAuthRequirement;
+export declare const cacheHints: CacheHints;
+export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    next?: string | undefined;
+}, Record<string, string>, Record<string, unknown>, {
+    status: "ok" | "error";
+    message?: string | undefined;
+    user?: {
+        id: string;
+        username: string;
+        isFirstAdmin: boolean;
+    } | undefined;
+    registrationOpen?: boolean | undefined;
+    loginUrl?: string | undefined;
+}, unknown, Record<string, unknown>>;
+export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    next?: string | undefined;
+}, Record<string, string>, {
+    username: string;
+    password: string;
+    email?: string | undefined;
+    name?: string | undefined;
+}, {
+    status: "ok" | "error";
+    message?: string | undefined;
+    user?: {
+        id: string;
+        username: string;
+        isFirstAdmin: boolean;
+    } | undefined;
+    registrationOpen?: boolean | undefined;
+    loginUrl?: string | undefined;
+}, unknown, Record<string, unknown>>;
+//# sourceMappingURL=route.impl.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/register/route.impl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"route.impl.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/register/route.impl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EACf,KAAK,uBAAuB,EAC7B,MAAM,yBAAyB,CAAC;AAGjC,eAAO,MAAM,WAAW;;EAEI,CAAC;AAC7B,eAAO,MAAM,aAAa,qBAA0C,CAAC;AAErE,eAAO,MAAM,aAAa;;;;;EAKE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;;;;;;EAaC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,yBAAyB,CAAC;AAC5C,eAAO,MAAM,WAAW,wGAAwG,CAAC;AAEjI,eAAO,MAAM,IAAI,kBAAkB,CAAC;AACpC,eAAO,MAAM,YAAY,UAAkB,CAAC;AAC5C,eAAO,MAAM,MAAM,EAAE,uBAA8C,CAAC;AAEpE,eAAO,MAAM,IAAI,EAAE,kBAGlB,CAAC;AAEF,eAAO,MAAM,UAAU,EAAE,UAGxB,CAAC;AAgBF,eAAO,MAAM,SAAS;;;;;;;;;;;;oCAWrB,CAAC;AAEF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;oCA8CtB,CAAC"}