@contractspec/lib.identity-rbac 1.57.0 → 1.59.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/browser/contracts/index.js +1045 -0
- package/dist/browser/contracts/organization.js +655 -0
- package/dist/browser/contracts/rbac.js +599 -0
- package/dist/browser/contracts/user.js +235 -0
- package/dist/browser/entities/index.js +464 -0
- package/dist/browser/entities/organization.js +150 -0
- package/dist/browser/entities/rbac.js +124 -0
- package/dist/browser/entities/user.js +168 -0
- package/dist/browser/events.js +374 -0
- package/dist/browser/identity-rbac.capability.js +28 -0
- package/dist/browser/identity-rbac.feature.js +67 -0
- package/dist/browser/index.js +2099 -0
- package/dist/browser/policies/engine.js +154 -0
- package/dist/browser/policies/index.js +154 -0
- package/dist/contracts/index.d.ts +4 -4
- package/dist/contracts/index.d.ts.map +1 -0
- package/dist/contracts/index.js +1045 -4
- package/dist/contracts/organization.d.ts +758 -764
- package/dist/contracts/organization.d.ts.map +1 -1
- package/dist/contracts/organization.js +653 -602
- package/dist/contracts/rbac.d.ts +517 -523
- package/dist/contracts/rbac.d.ts.map +1 -1
- package/dist/contracts/rbac.js +597 -481
- package/dist/contracts/user.d.ts +513 -519
- package/dist/contracts/user.d.ts.map +1 -1
- package/dist/contracts/user.js +222 -319
- package/dist/entities/index.d.ts +164 -169
- package/dist/entities/index.d.ts.map +1 -1
- package/dist/entities/index.js +462 -33
- package/dist/entities/organization.d.ts +58 -63
- package/dist/entities/organization.d.ts.map +1 -1
- package/dist/entities/organization.js +145 -145
- package/dist/entities/rbac.d.ts +62 -67
- package/dist/entities/rbac.d.ts.map +1 -1
- package/dist/entities/rbac.js +119 -132
- package/dist/entities/user.d.ts +66 -71
- package/dist/entities/user.d.ts.map +1 -1
- package/dist/entities/user.js +164 -189
- package/dist/events.d.ts +537 -543
- package/dist/events.d.ts.map +1 -1
- package/dist/events.js +343 -651
- package/dist/identity-rbac.capability.d.ts +2 -7
- package/dist/identity-rbac.capability.d.ts.map +1 -1
- package/dist/identity-rbac.capability.js +29 -29
- package/dist/identity-rbac.feature.d.ts +1 -6
- package/dist/identity-rbac.feature.d.ts.map +1 -1
- package/dist/identity-rbac.feature.js +66 -193
- package/dist/index.d.ts +6 -12
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +2100 -14
- package/dist/node/contracts/index.js +1045 -0
- package/dist/node/contracts/organization.js +655 -0
- package/dist/node/contracts/rbac.js +599 -0
- package/dist/node/contracts/user.js +235 -0
- package/dist/node/entities/index.js +464 -0
- package/dist/node/entities/organization.js +150 -0
- package/dist/node/entities/rbac.js +124 -0
- package/dist/node/entities/user.js +168 -0
- package/dist/node/events.js +374 -0
- package/dist/node/identity-rbac.capability.js +28 -0
- package/dist/node/identity-rbac.feature.js +67 -0
- package/dist/node/index.js +2099 -0
- package/dist/node/policies/engine.js +154 -0
- package/dist/node/policies/index.js +154 -0
- package/dist/policies/engine.d.ts +98 -101
- package/dist/policies/engine.d.ts.map +1 -1
- package/dist/policies/engine.js +151 -164
- package/dist/policies/index.d.ts +2 -2
- package/dist/policies/index.d.ts.map +1 -0
- package/dist/policies/index.js +154 -2
- package/package.json +149 -40
- package/dist/contracts/organization.js.map +0 -1
- package/dist/contracts/rbac.js.map +0 -1
- package/dist/contracts/user.js.map +0 -1
- package/dist/entities/index.js.map +0 -1
- package/dist/entities/organization.js.map +0 -1
- package/dist/entities/rbac.js.map +0 -1
- package/dist/entities/user.js.map +0 -1
- package/dist/events.js.map +0 -1
- package/dist/identity-rbac.capability.js.map +0 -1
- package/dist/identity-rbac.feature.js.map +0 -1
- package/dist/policies/engine.js.map +0 -1
package/dist/entities/user.js
CHANGED
|
@@ -1,194 +1,169 @@
|
|
|
1
|
+
// @bun
|
|
2
|
+
// src/entities/user.ts
|
|
1
3
|
import { defineEntity, field, index } from "@contractspec/lib.schema";
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
description: "Phone number"
|
|
87
|
-
}),
|
|
88
|
-
phoneNumberVerified: field.boolean({
|
|
89
|
-
default: false,
|
|
90
|
-
description: "Whether phone is verified"
|
|
91
|
-
}),
|
|
92
|
-
createdAt: field.createdAt(),
|
|
93
|
-
updatedAt: field.updatedAt(),
|
|
94
|
-
sessions: field.hasMany("Session"),
|
|
95
|
-
accounts: field.hasMany("Account"),
|
|
96
|
-
memberships: field.hasMany("Member"),
|
|
97
|
-
invitations: field.hasMany("Invitation"),
|
|
98
|
-
teamMemberships: field.hasMany("TeamMember"),
|
|
99
|
-
policyBindings: field.hasMany("PolicyBinding"),
|
|
100
|
-
apiKeys: field.hasMany("ApiKey"),
|
|
101
|
-
passkeys: field.hasMany("Passkey")
|
|
102
|
-
}
|
|
4
|
+
var UserEntity = defineEntity({
|
|
5
|
+
name: "User",
|
|
6
|
+
description: "A user of the platform. Users hold core profile information and authenticate via Account records.",
|
|
7
|
+
schema: "lssm_sigil",
|
|
8
|
+
map: "user",
|
|
9
|
+
fields: {
|
|
10
|
+
id: field.id({ description: "Unique user identifier" }),
|
|
11
|
+
email: field.email({ isUnique: true, description: "User email address" }),
|
|
12
|
+
emailVerified: field.boolean({
|
|
13
|
+
default: false,
|
|
14
|
+
description: "Whether email has been verified"
|
|
15
|
+
}),
|
|
16
|
+
name: field.string({ isOptional: true, description: "Display name" }),
|
|
17
|
+
firstName: field.string({ isOptional: true, description: "First name" }),
|
|
18
|
+
lastName: field.string({ isOptional: true, description: "Last name" }),
|
|
19
|
+
locale: field.string({
|
|
20
|
+
isOptional: true,
|
|
21
|
+
description: 'User locale (e.g., "en-US")'
|
|
22
|
+
}),
|
|
23
|
+
timezone: field.string({
|
|
24
|
+
isOptional: true,
|
|
25
|
+
description: 'Olson timezone (e.g., "Europe/Paris")'
|
|
26
|
+
}),
|
|
27
|
+
imageUrl: field.url({
|
|
28
|
+
isOptional: true,
|
|
29
|
+
description: "URL of avatar or profile picture"
|
|
30
|
+
}),
|
|
31
|
+
image: field.string({
|
|
32
|
+
isOptional: true,
|
|
33
|
+
description: "Legacy image field"
|
|
34
|
+
}),
|
|
35
|
+
metadata: field.json({
|
|
36
|
+
isOptional: true,
|
|
37
|
+
description: "Arbitrary user metadata"
|
|
38
|
+
}),
|
|
39
|
+
onboardingCompleted: field.boolean({
|
|
40
|
+
default: false,
|
|
41
|
+
description: "Whether onboarding is complete"
|
|
42
|
+
}),
|
|
43
|
+
onboardingStep: field.string({
|
|
44
|
+
isOptional: true,
|
|
45
|
+
description: "Current onboarding step"
|
|
46
|
+
}),
|
|
47
|
+
whitelistedAt: field.dateTime({
|
|
48
|
+
isOptional: true,
|
|
49
|
+
description: "When user was whitelisted"
|
|
50
|
+
}),
|
|
51
|
+
role: field.string({
|
|
52
|
+
isOptional: true,
|
|
53
|
+
default: '"user"',
|
|
54
|
+
description: "User role (user, admin)"
|
|
55
|
+
}),
|
|
56
|
+
banned: field.boolean({
|
|
57
|
+
default: false,
|
|
58
|
+
description: "Whether user is banned"
|
|
59
|
+
}),
|
|
60
|
+
banReason: field.string({
|
|
61
|
+
isOptional: true,
|
|
62
|
+
description: "Reason for ban"
|
|
63
|
+
}),
|
|
64
|
+
banExpires: field.dateTime({
|
|
65
|
+
isOptional: true,
|
|
66
|
+
description: "When ban expires"
|
|
67
|
+
}),
|
|
68
|
+
phoneNumber: field.string({
|
|
69
|
+
isOptional: true,
|
|
70
|
+
isUnique: true,
|
|
71
|
+
description: "Phone number"
|
|
72
|
+
}),
|
|
73
|
+
phoneNumberVerified: field.boolean({
|
|
74
|
+
default: false,
|
|
75
|
+
description: "Whether phone is verified"
|
|
76
|
+
}),
|
|
77
|
+
createdAt: field.createdAt(),
|
|
78
|
+
updatedAt: field.updatedAt(),
|
|
79
|
+
sessions: field.hasMany("Session"),
|
|
80
|
+
accounts: field.hasMany("Account"),
|
|
81
|
+
memberships: field.hasMany("Member"),
|
|
82
|
+
invitations: field.hasMany("Invitation"),
|
|
83
|
+
teamMemberships: field.hasMany("TeamMember"),
|
|
84
|
+
policyBindings: field.hasMany("PolicyBinding"),
|
|
85
|
+
apiKeys: field.hasMany("ApiKey"),
|
|
86
|
+
passkeys: field.hasMany("Passkey")
|
|
87
|
+
}
|
|
103
88
|
});
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
description: "Active team context"
|
|
139
|
-
}),
|
|
140
|
-
createdAt: field.createdAt(),
|
|
141
|
-
updatedAt: field.updatedAt(),
|
|
142
|
-
user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
|
|
143
|
-
}
|
|
89
|
+
var SessionEntity = defineEntity({
|
|
90
|
+
name: "Session",
|
|
91
|
+
description: "Represents a login session (e.g., web session or API token).",
|
|
92
|
+
schema: "lssm_sigil",
|
|
93
|
+
map: "session",
|
|
94
|
+
fields: {
|
|
95
|
+
id: field.id(),
|
|
96
|
+
userId: field.foreignKey(),
|
|
97
|
+
expiresAt: field.dateTime({ description: "Session expiration time" }),
|
|
98
|
+
token: field.string({ isUnique: true, description: "Session token" }),
|
|
99
|
+
ipAddress: field.string({
|
|
100
|
+
isOptional: true,
|
|
101
|
+
description: "Client IP address"
|
|
102
|
+
}),
|
|
103
|
+
userAgent: field.string({
|
|
104
|
+
isOptional: true,
|
|
105
|
+
description: "Client user agent"
|
|
106
|
+
}),
|
|
107
|
+
impersonatedBy: field.string({
|
|
108
|
+
isOptional: true,
|
|
109
|
+
description: "Admin impersonating this session"
|
|
110
|
+
}),
|
|
111
|
+
activeOrganizationId: field.string({
|
|
112
|
+
isOptional: true,
|
|
113
|
+
description: "Active org context"
|
|
114
|
+
}),
|
|
115
|
+
activeTeamId: field.string({
|
|
116
|
+
isOptional: true,
|
|
117
|
+
description: "Active team context"
|
|
118
|
+
}),
|
|
119
|
+
createdAt: field.createdAt(),
|
|
120
|
+
updatedAt: field.updatedAt(),
|
|
121
|
+
user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
|
|
122
|
+
}
|
|
144
123
|
});
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
|
|
171
|
-
},
|
|
172
|
-
indexes: [index.unique(["accountId", "providerId"])]
|
|
124
|
+
var AccountEntity = defineEntity({
|
|
125
|
+
name: "Account",
|
|
126
|
+
description: "External authentication accounts (OAuth, password, etc.).",
|
|
127
|
+
schema: "lssm_sigil",
|
|
128
|
+
map: "account",
|
|
129
|
+
fields: {
|
|
130
|
+
id: field.id(),
|
|
131
|
+
accountId: field.string({ description: "Account ID from provider" }),
|
|
132
|
+
providerId: field.string({ description: "Provider identifier" }),
|
|
133
|
+
userId: field.foreignKey(),
|
|
134
|
+
accessToken: field.string({ isOptional: true }),
|
|
135
|
+
refreshToken: field.string({ isOptional: true }),
|
|
136
|
+
idToken: field.string({ isOptional: true }),
|
|
137
|
+
accessTokenExpiresAt: field.dateTime({ isOptional: true }),
|
|
138
|
+
refreshTokenExpiresAt: field.dateTime({ isOptional: true }),
|
|
139
|
+
scope: field.string({ isOptional: true }),
|
|
140
|
+
password: field.string({
|
|
141
|
+
isOptional: true,
|
|
142
|
+
description: "Hashed password for password providers"
|
|
143
|
+
}),
|
|
144
|
+
createdAt: field.createdAt(),
|
|
145
|
+
updatedAt: field.updatedAt(),
|
|
146
|
+
user: field.belongsTo("User", ["userId"], ["id"], { onDelete: "Cascade" })
|
|
147
|
+
},
|
|
148
|
+
indexes: [index.unique(["accountId", "providerId"])]
|
|
173
149
|
});
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
createdAt: field.createdAt(),
|
|
188
|
-
updatedAt: field.updatedAt()
|
|
189
|
-
}
|
|
150
|
+
var VerificationEntity = defineEntity({
|
|
151
|
+
name: "Verification",
|
|
152
|
+
description: "Verification tokens for email/phone confirmation.",
|
|
153
|
+
schema: "lssm_sigil",
|
|
154
|
+
map: "verification",
|
|
155
|
+
fields: {
|
|
156
|
+
id: field.uuid(),
|
|
157
|
+
identifier: field.string({ description: "Email or phone being verified" }),
|
|
158
|
+
value: field.string({ description: "Verification code/token" }),
|
|
159
|
+
expiresAt: field.dateTime({ description: "Token expiration" }),
|
|
160
|
+
createdAt: field.createdAt(),
|
|
161
|
+
updatedAt: field.updatedAt()
|
|
162
|
+
}
|
|
190
163
|
});
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
164
|
+
export {
|
|
165
|
+
VerificationEntity,
|
|
166
|
+
UserEntity,
|
|
167
|
+
SessionEntity,
|
|
168
|
+
AccountEntity
|
|
169
|
+
};
|