npm - @dyrected/core - Versions diffs - 2.5.24 → 2.5.26 - Mend

@dyrected/core 2.5.24 → 2.5.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

package/dist/__tests__/app.test.d.ts +2 -0
package/dist/__tests__/app.test.d.ts.map +1 -0
package/dist/__tests__/app.test.js +27 -0
package/dist/__tests__/app.test.js.map +1 -0
package/dist/__tests__/config.test.d.ts +2 -0
package/dist/__tests__/config.test.d.ts.map +1 -0
package/dist/__tests__/config.test.js +34 -0
package/dist/__tests__/config.test.js.map +1 -0
package/dist/__tests__/deleteMany.test.d.ts +2 -0
package/dist/__tests__/deleteMany.test.d.ts.map +1 -0
package/dist/__tests__/deleteMany.test.js +75 -0
package/dist/__tests__/deleteMany.test.js.map +1 -0
package/dist/__tests__/depth.test.d.ts +2 -0
package/dist/__tests__/depth.test.d.ts.map +1 -0
package/dist/__tests__/depth.test.js +81 -0
package/dist/__tests__/depth.test.js.map +1 -0
package/dist/__tests__/dynamic-options.test.d.ts +2 -0
package/dist/__tests__/dynamic-options.test.d.ts.map +1 -0
package/dist/__tests__/dynamic-options.test.js +132 -0
package/dist/__tests__/dynamic-options.test.js.map +1 -0
package/dist/__tests__/field-inference.test-types.d.ts +24 -0
package/dist/__tests__/field-inference.test-types.d.ts.map +1 -0
package/dist/__tests__/field-inference.test-types.js +87 -0
package/dist/__tests__/field-inference.test-types.js.map +1 -0
package/dist/__tests__/hooks.test.d.ts +2 -0
package/dist/__tests__/hooks.test.d.ts.map +1 -0
package/dist/__tests__/hooks.test.js +320 -0
package/dist/__tests__/hooks.test.js.map +1 -0
package/dist/__tests__/mocks.d.ts +68 -0
package/dist/__tests__/mocks.d.ts.map +1 -0
package/dist/__tests__/mocks.js +151 -0
package/dist/__tests__/mocks.js.map +1 -0
package/dist/__tests__/router.test.d.ts +2 -0
package/dist/__tests__/router.test.d.ts.map +1 -0
package/dist/__tests__/router.test.js +48 -0
package/dist/__tests__/router.test.js.map +1 -0
package/dist/__tests__/where.test.d.ts +2 -0
package/dist/__tests__/where.test.d.ts.map +1 -0
package/dist/__tests__/where.test.js +97 -0
package/dist/__tests__/where.test.js.map +1 -0
package/dist/app-BOrsS7Tz.d.cts +1771 -0
package/dist/app-BOrsS7Tz.d.ts +1771 -0
package/dist/app-BibuoHQG.d.cts +1764 -0
package/dist/app-BibuoHQG.d.ts +1764 -0
package/dist/app-aW2FMuYM.d.cts +1759 -0
package/dist/app-aW2FMuYM.d.ts +1759 -0
package/dist/app.d.ts +21 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +56 -0
package/dist/app.js.map +1 -0
package/dist/auth/jexl.d.ts +10 -0
package/dist/auth/jexl.d.ts.map +1 -0
package/dist/auth/jexl.js +22 -0
package/dist/auth/jexl.js.map +1 -0
package/dist/auth/password.d.ts +10 -0
package/dist/auth/password.d.ts.map +1 -0
package/dist/auth/password.js +28 -0
package/dist/auth/password.js.map +1 -0
package/dist/auth/token.d.ts +20 -0
package/dist/auth/token.d.ts.map +1 -0
package/dist/auth/token.js +40 -0
package/dist/auth/token.js.map +1 -0
package/dist/chunk-4EDMZAM5.js +2692 -0
package/dist/chunk-FDQYPPG3.js +2698 -0
package/dist/chunk-NKDX67AW.js +2698 -0
package/dist/chunk-SUGK7UYL.js +311 -0
package/dist/chunk-ZFAOBRHT.js +2709 -0
package/dist/controllers/auth.controller.d.ts +125 -0
package/dist/controllers/auth.controller.d.ts.map +1 -0
package/dist/controllers/auth.controller.js +323 -0
package/dist/controllers/auth.controller.js.map +1 -0
package/dist/controllers/collection.controller.d.ts +88 -0
package/dist/controllers/collection.controller.d.ts.map +1 -0
package/dist/controllers/collection.controller.js +554 -0
package/dist/controllers/collection.controller.js.map +1 -0
package/dist/controllers/global.controller.d.ts +17 -0
package/dist/controllers/global.controller.d.ts.map +1 -0
package/dist/controllers/global.controller.js +116 -0
package/dist/controllers/global.controller.js.map +1 -0
package/dist/controllers/media.controller.d.ts +36 -0
package/dist/controllers/media.controller.d.ts.map +1 -0
package/dist/controllers/media.controller.js +155 -0
package/dist/controllers/media.controller.js.map +1 -0
package/dist/controllers/preview.controller.d.ts +37 -0
package/dist/controllers/preview.controller.d.ts.map +1 -0
package/dist/controllers/preview.controller.js +48 -0
package/dist/controllers/preview.controller.js.map +1 -0
package/dist/index-Bp7PDOYG.d.cts +1750 -0
package/dist/index-Bp7PDOYG.d.ts +1750 -0
package/dist/index-DfAmTZXk.d.cts +1749 -0
package/dist/index-DfAmTZXk.d.ts +1749 -0
package/dist/index.cjs +19 -2324
package/dist/index.d.cts +5 -6
package/dist/index.d.ts +5 -6
package/dist/index.d.ts.map +1 -0
package/dist/index.js +3 -5
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +18 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +45 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/router.d.ts +8 -0
package/dist/router.d.ts.map +1 -0
package/dist/router.js +463 -0
package/dist/router.js.map +1 -0
package/dist/server.cjs +237 -45
package/dist/server.d.cts +22 -4
package/dist/server.d.ts +22 -4
package/dist/server.d.ts.map +1 -0
package/dist/server.js +2429 -8
package/dist/server.js.map +1 -0
package/dist/services/audit.service.d.ts +23 -0
package/dist/services/audit.service.d.ts.map +1 -0
package/dist/services/audit.service.js +28 -0
package/dist/services/audit.service.js.map +1 -0
package/dist/services/defaults.service.d.ts +8 -0
package/dist/services/defaults.service.d.ts.map +1 -0
package/dist/services/defaults.service.js +55 -0
package/dist/services/defaults.service.js.map +1 -0
package/dist/services/email.service.d.ts +33 -0
package/dist/services/email.service.d.ts.map +1 -0
package/dist/services/email.service.js +219 -0
package/dist/services/email.service.js.map +1 -0
package/dist/services/media.service.d.ts +20 -0
package/dist/services/media.service.d.ts.map +1 -0
package/dist/services/media.service.js +49 -0
package/dist/services/media.service.js.map +1 -0
package/dist/services/population.service.d.ts +20 -0
package/dist/services/population.service.d.ts.map +1 -0
package/dist/services/population.service.js +168 -0
package/dist/services/population.service.js.map +1 -0
package/dist/types/index.d.ts +1749 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +3 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/config.d.ts +8 -0
package/dist/utils/config.d.ts.map +1 -0
package/dist/utils/config.js +153 -0
package/dist/utils/config.js.map +1 -0
package/dist/utils/hooks.d.ts +41 -0
package/dist/utils/hooks.d.ts.map +1 -0
package/dist/utils/hooks.js +169 -0
package/dist/utils/hooks.js.map +1 -0
package/dist/utils/openapi.d.ts +6 -0
package/dist/utils/openapi.d.ts.map +1 -0
package/dist/utils/openapi.js +331 -0
package/dist/utils/openapi.js.map +1 -0
package/dist/utils/parse-where.d.ts +63 -0
package/dist/utils/parse-where.d.ts.map +1 -0
package/dist/utils/parse-where.js +196 -0
package/dist/utils/parse-where.js.map +1 -0
package/dist/utils/readonly-db.d.ts +9 -0
package/dist/utils/readonly-db.d.ts.map +1 -0
package/dist/utils/readonly-db.js +21 -0
package/dist/utils/readonly-db.js.map +1 -0
package/dist/utils/setup-prompt.d.ts +11 -0
package/dist/utils/setup-prompt.d.ts.map +1 -0
package/dist/utils/setup-prompt.js +863 -0
package/dist/utils/setup-prompt.js.map +1 -0
package/dist/utils/swagger.d.ts +5 -0
package/dist/utils/swagger.d.ts.map +1 -0
package/dist/utils/swagger.js +51 -0
package/dist/utils/swagger.js.map +1 -0
package/dist/utils/where-sanitizer.d.ts +10 -0
package/dist/utils/where-sanitizer.d.ts.map +1 -0
package/dist/utils/where-sanitizer.js +63 -0
package/dist/utils/where-sanitizer.js.map +1 -0
package/dist/where-sanitizer-DQIWTQZW.js +50 -0
package/package.json +1 -1

package/dist/app.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import { Hono } from 'hono';
+import type { DyrectedConfig } from './types/index.js';
+export interface DyrectedContext {
+    Variables: {
+        config: DyrectedConfig;
+        siteId?: string;
+        workspaceId?: string;
+        /** Decoded JWT payload set by requireAuth() or optionalAuth() middleware. */
+        user?: {
+            sub: string;
+            email: string;
+            collection: string;
+            [key: string]: any;
+        };
+    };
+}
+/**
+ * Create the main Dyrected Hono application.
+ */
+export declare function createDyrectedApp(rawConfig: DyrectedConfig): Promise<Hono<DyrectedContext, import("hono/types").BlankSchema, "/">>;
+//# sourceMappingURL=app.d.ts.map

package/dist/app.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAKvD,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE;QACT,MAAM,EAAE,cAAc,CAAC;QACvB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,6EAA6E;QAC7E,IAAI,CAAC,EAAE;YACL,GAAG,EAAE,MAAM,CAAC;YACZ,KAAK,EAAE,MAAM,CAAC;YACd,UAAU,EAAE,MAAM,CAAC;YACnB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;SACpB,CAAC;KACH,CAAC;CACH;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,cAAc,yEAoDhE"}

package/dist/app.js ADDED Viewed

@@ -0,0 +1,56 @@
+import { Hono } from 'hono';
+import { cors } from 'hono/cors';
+import { requestId } from 'hono/request-id';
+import { registerRoutes } from './router.js';
+import { normalizeConfig } from './utils/config.js';
+import { optionalAuth } from './middleware/auth.js';
+/**
+ * Create the main Dyrected Hono application.
+ */
+export async function createDyrectedApp(rawConfig) {
+    const config = normalizeConfig(rawConfig);
+    const app = new Hono();
+    // 0. Sync Database Schema if adapter supports it
+    if (config.db?.sync) {
+        await config.db.sync(config.collections, config.globals);
+    }
+    // 1. Standard Middleware
+    app.use('*', requestId());
+    // Decode bearer token if present so user is available in CRUD hooks and audit logging.
+    app.use('*', optionalAuth());
+    app.use('*', async (c, next) => {
+        const start = Date.now();
+        await next();
+        const ms = Date.now() - start;
+        console.log(`[dyrected/api] ${c.req.method} ${c.req.path} ${c.res.status} - ${ms}ms`);
+    });
+    app.use('*', cors());
+    // 2. Site Resolution Middleware
+    app.use('*', async (c, next) => {
+        c.set('config', config);
+        // If an upstream middleware (e.g. cloud app) hasn't already set the siteId,
+        // fallback to 'default' for self-hosted/singleton mode.
+        if (!c.get('siteId')) {
+            c.set('siteId', 'default');
+        }
+        await next();
+    });
+    // 3. Health Check & Debug
+    app.get('/health', (c) => c.json({ status: 'ok', version: '0.0.1' }));
+    app.get('/routes', (c) => {
+        const routes = app.routes.map(r => ({ method: r.method, path: r.path }));
+        return c.json({ routes });
+    });
+    // 4. Global Error Handler
+    app.onError((err, c) => {
+        console.error(`[dyrected/core] Uncaught Error:`, err);
+        return c.json({
+            message: err.message || 'Internal Server Error',
+            stack: process.env.NODE_ENV === 'development' ? err.stack : undefined
+        }, 500);
+    });
+    // 5. Dynamic Routing
+    registerRoutes(app, config);
+    return app;
+}
+//# sourceMappingURL=app.js.map

package/dist/app.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"app.js","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAE5C,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAiBpD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,SAAyB;IAC/D,MAAM,MAAM,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAmB,CAAC;IAExC,iDAAiD;IACjD,IAAI,MAAM,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC;QACpB,MAAM,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3D,CAAC;IAED,yBAAyB;IACzB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC;IAC1B,uFAAuF;IACvF,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,YAAY,EAAE,CAAC,CAAC;IAC7B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,EAAE,CAAC;QACb,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,MAAM,EAAE,IAAI,CAAC,CAAC;IACxF,CAAC,CAAC,CAAC;IACH,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;IAErB,gCAAgC;IAChC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QAC7B,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QACxB,4EAA4E;QAC5E,wDAAwD;QACxD,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrB,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC7B,CAAC;QACD,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACtE,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;QACvB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;QACzE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,0BAA0B;IAC1B,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACrB,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;QACtD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,uBAAuB;YAC/C,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;SACtE,EAAE,GAAG,CAAC,CAAC;IACV,CAAC,CAAC,CAAC;IAEH,qBAAqB;IACrB,cAAc,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAE5B,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/auth/jexl.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Jexl evaluator for Dyrected access control.
+ * Allows for serializable, dynamic permissions based on user state, request, and document.
+ */
+export declare function evaluateAccess(expression: string | boolean | undefined | null, context: {
+    user?: any;
+    req?: any;
+    doc?: any;
+}): Promise<boolean>;
+//# sourceMappingURL=jexl.d.ts.map

package/dist/auth/jexl.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"jexl.d.ts","sourceRoot":"","sources":["../../src/auth/jexl.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAsB,cAAc,CAClC,UAAU,EAAE,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,IAAI,EAC/C,OAAO,EAAE;IAAE,IAAI,CAAC,EAAE,GAAG,CAAC;IAAC,GAAG,CAAC,EAAE,GAAG,CAAC;IAAC,GAAG,CAAC,EAAE,GAAG,CAAA;CAAE,GAC5C,OAAO,CAAC,OAAO,CAAC,CAalB"}

package/dist/auth/jexl.js ADDED Viewed

@@ -0,0 +1,22 @@
+import jexl from 'jexl';
+/**
+ * Jexl evaluator for Dyrected access control.
+ * Allows for serializable, dynamic permissions based on user state, request, and document.
+ */
+export async function evaluateAccess(expression, context) {
+    // If no expression is provided, default to closed (false) for security
+    // unless explicitly specified otherwise in the core router logic.
+    if (expression === undefined || expression === null)
+        return false;
+    if (typeof expression === 'boolean')
+        return expression;
+    try {
+        const result = await jexl.eval(expression, context);
+        return !!result;
+    }
+    catch (err) {
+        console.error('[dyrected/core] Jexl evaluation failed:', err);
+        return false;
+    }
+}
+//# sourceMappingURL=jexl.js.map

package/dist/auth/jexl.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jexl.js","sourceRoot":"","sources":["../../src/auth/jexl.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,UAA+C,EAC/C,OAA6C;IAE7C,uEAAuE;IACvE,kEAAkE;IAClE,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAClE,IAAI,OAAO,UAAU,KAAK,SAAS;QAAE,OAAO,UAAU,CAAC;IAEvD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACpD,OAAO,CAAC,CAAC,MAAM,CAAC;IAClB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,CAAC;QAC9D,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/auth/password.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Hash a plain-text password using scrypt.
+ * Returns a `salt:hash` string safe to store in the database.
+ */
+export declare function hashPassword(plain: string): Promise<string>;
+/**
+ * Verify a plain-text password against a stored `salt:hash` string.
+ */
+export declare function verifyPassword(plain: string, stored: string): Promise<boolean>;
+//# sourceMappingURL=password.d.ts.map

package/dist/auth/password.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAQA;;;GAGG;AACH,wBAAsB,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIjE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CASpF"}

package/dist/auth/password.js ADDED Viewed

@@ -0,0 +1,28 @@
+import { promisify } from 'node:util';
+import { scrypt, randomBytes, timingSafeEqual } from 'node:crypto';
+const scryptAsync = promisify(scrypt);
+const SALT_LEN = 16;
+const KEY_LEN = 64;
+/**
+ * Hash a plain-text password using scrypt.
+ * Returns a `salt:hash` string safe to store in the database.
+ */
+export async function hashPassword(plain) {
+    const salt = randomBytes(SALT_LEN).toString('hex');
+    const derivedKey = (await scryptAsync(plain, salt, KEY_LEN));
+    return `${salt}:${derivedKey.toString('hex')}`;
+}
+/**
+ * Verify a plain-text password against a stored `salt:hash` string.
+ */
+export async function verifyPassword(plain, stored) {
+    const [salt, storedHash] = stored.split(':');
+    if (!salt || !storedHash)
+        return false;
+    const derivedKey = (await scryptAsync(plain, salt, KEY_LEN));
+    const storedBuffer = Buffer.from(storedHash, 'hex');
+    if (derivedKey.length !== storedBuffer.length)
+        return false;
+    return timingSafeEqual(derivedKey, storedBuffer);
+}
+//# sourceMappingURL=password.js.map

package/dist/auth/password.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnE,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAEtC,MAAM,QAAQ,GAAG,EAAE,CAAC;AACpB,MAAM,OAAO,GAAG,EAAE,CAAC;AAEnB;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,KAAa;IAC9C,MAAM,IAAI,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAW,CAAC;IACvE,OAAO,GAAG,IAAI,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACjD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAa,EAAE,MAAc;IAChE,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAEvC,MAAM,UAAU,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,OAAO,CAAC,CAAW,CAAC;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAEpD,IAAI,UAAU,CAAC,MAAM,KAAK,YAAY,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC5D,OAAO,eAAe,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;AACnD,CAAC"}

package/dist/auth/token.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { type JWTPayload } from 'jose';
+export interface CollectionTokenPayload extends JWTPayload {
+    sub: string;
+    email: string;
+    collection: string;
+    purpose?: 'invite' | 'reset';
+}
+/**
+ * Issue a signed JWT for a user document in an auth collection.
+ */
+export declare function signCollectionToken(payload: Omit<CollectionTokenPayload, 'iat' | 'exp'>, expiresIn?: string): Promise<string>;
+/**
+ * Verify and decode a collection JWT. Throws if invalid or expired.
+ */
+export declare function verifyCollectionToken(token: string): Promise<CollectionTokenPayload>;
+/**
+ * Decode a token without verification (read-only, for middleware that wants to be non-blocking).
+ */
+export declare function decodeCollectionToken(token: string): CollectionTokenPayload | null;
+//# sourceMappingURL=token.d.ts.map

package/dist/auth/token.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token.d.ts","sourceRoot":"","sources":["../../src/auth/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiC,KAAK,UAAU,EAAE,MAAM,MAAM,CAAC;AAGtE,MAAM,WAAW,sBAAuB,SAAQ,UAAU;IACxD,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC;CAC9B;AAeD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,IAAI,CAAC,sBAAsB,EAAE,KAAK,GAAG,KAAK,CAAC,EACpD,SAAS,GAAE,MAAuB,GACjC,OAAO,CAAC,MAAM,CAAC,CAMjB;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC,CAG1F;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,MAAM,GAAG,sBAAsB,GAAG,IAAI,CAMlF"}

package/dist/auth/token.js ADDED Viewed

@@ -0,0 +1,40 @@
+import { SignJWT, jwtVerify, decodeJwt } from 'jose';
+import { TextEncoder } from 'node:util';
+function getSecret() {
+    const secret = process.env.DYRECTED_JWT_SECRET || process.env.JWT_SECRET;
+    if (!secret) {
+        throw new Error('[dyrected/core] DYRECTED_JWT_SECRET is not set. ' +
+            'Add it to your environment variables to enable auth collections.');
+    }
+    return new TextEncoder().encode(secret);
+}
+const DEFAULT_EXPIRY = '7d';
+/**
+ * Issue a signed JWT for a user document in an auth collection.
+ */
+export async function signCollectionToken(payload, expiresIn = DEFAULT_EXPIRY) {
+    return new SignJWT({ ...payload })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setIssuedAt()
+        .setExpirationTime(expiresIn)
+        .sign(getSecret());
+}
+/**
+ * Verify and decode a collection JWT. Throws if invalid or expired.
+ */
+export async function verifyCollectionToken(token) {
+    const { payload } = await jwtVerify(token, getSecret());
+    return payload;
+}
+/**
+ * Decode a token without verification (read-only, for middleware that wants to be non-blocking).
+ */
+export function decodeCollectionToken(token) {
+    try {
+        return decodeJwt(token);
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=token.js.map

package/dist/auth/token.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/auth/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAmB,MAAM,MAAM,CAAC;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AASxC,SAAS,SAAS;IAChB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;IACzE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CACb,kDAAkD;YAClD,kEAAkE,CACnE,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,cAAc,GAAG,IAAI,CAAC;AAE5B;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,OAAoD,EACpD,YAAoB,cAAc;IAElC,OAAO,IAAI,OAAO,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC;SAC/B,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,iBAAiB,CAAC,SAAS,CAAC;SAC5B,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;AACvB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,KAAa;IACvD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IACxD,OAAO,OAAiC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,IAAI,CAAC;QACH,OAAO,SAAS,CAAC,KAAK,CAA2B,CAAC;IACpD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}