@factiii/auth 0.4.1 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.js +25 -15
  2. package/dist/index.mjs +25 -15
  3. package/package.json +1 -1
  4. package/prisma/schema.prisma +4 -2
package/dist/index.js CHANGED
@@ -905,13 +905,13 @@ var BaseProcedureFactory = class {
905
905
  }
906
906
  }
907
907
  if (!validCode) {
908
- const checkOTP = await this.config.prisma.oTP.findUnique({
909
- where: { userId: user.id }
908
+ const checkOTP = await this.config.prisma.oTP.findFirst({
909
+ where: { userId: user.id, code: Number(code), expiresAt: { gte: /* @__PURE__ */ new Date() } }
910
910
  });
911
- if (checkOTP && checkOTP.code === Number(code) && checkOTP.expiredAt >= /* @__PURE__ */ new Date()) {
911
+ if (checkOTP) {
912
912
  validCode = true;
913
913
  await this.config.prisma.oTP.delete({
914
- where: { userId: user.id }
914
+ where: { id: checkOTP.id }
915
915
  });
916
916
  }
917
917
  }
@@ -1169,10 +1169,22 @@ var BaseProcedureFactory = class {
1169
1169
  data: { password: hashedPassword }
1170
1170
  });
1171
1171
  await this.config.prisma.passwordReset.delete({ where: { id: token } });
1172
- await this.config.prisma.session.updateMany({
1172
+ const sessionsToDelete = await this.config.prisma.session.findMany({
1173
1173
  where: { userId: passwordReset.userId },
1174
- data: { revokedAt: /* @__PURE__ */ new Date() }
1174
+ select: { id: true, socketId: true, userId: true }
1175
+ });
1176
+ await this.config.prisma.session.deleteMany({
1177
+ where: { userId: passwordReset.userId }
1175
1178
  });
1179
+ for (const session of sessionsToDelete) {
1180
+ if (this.config.hooks?.onSessionRevoked) {
1181
+ await this.config.hooks.onSessionRevoked(
1182
+ session.id,
1183
+ session.socketId,
1184
+ "Password reset"
1185
+ );
1186
+ }
1187
+ }
1176
1188
  return { message: "Password updated. Please log in with your new password." };
1177
1189
  });
1178
1190
  }
@@ -1670,11 +1682,9 @@ var TwoFaProcedureFactory = class {
1670
1682
  throw new import_server6.TRPCError({ code: "FORBIDDEN", message: "Invalid credentials." });
1671
1683
  }
1672
1684
  const otp = generateOtp();
1673
- const expiredAt = new Date(Date.now() + this.config.tokenSettings.otpValidityMs);
1674
- await this.config.prisma.oTP.upsert({
1675
- where: { userId: user.id },
1676
- update: { code: otp, expiredAt },
1677
- create: { userId: user.id, code: otp, expiredAt }
1685
+ const expiresAt = new Date(Date.now() + this.config.tokenSettings.otpValidityMs);
1686
+ await this.config.prisma.oTP.create({
1687
+ data: { userId: user.id, code: otp, expiresAt }
1678
1688
  });
1679
1689
  if (this.config.emailService) {
1680
1690
  await this.config.emailService.sendOTPEmail(user.email, otp);
@@ -1693,14 +1703,14 @@ var TwoFaProcedureFactory = class {
1693
1703
  if (!user) {
1694
1704
  throw new import_server6.TRPCError({ code: "NOT_FOUND", message: "User not found" });
1695
1705
  }
1696
- const otp = await this.config.prisma.oTP.findUnique({
1697
- where: { userId: user.id }
1706
+ const otp = await this.config.prisma.oTP.findFirst({
1707
+ where: { userId: user.id, code, expiresAt: { gte: /* @__PURE__ */ new Date() } }
1698
1708
  });
1699
- if (!otp || otp.code !== code || otp.expiredAt < /* @__PURE__ */ new Date()) {
1709
+ if (!otp) {
1700
1710
  throw new import_server6.TRPCError({ code: "FORBIDDEN", message: "Invalid or expired OTP" });
1701
1711
  }
1702
1712
  await this.config.prisma.oTP.delete({
1703
- where: { userId: user.id }
1713
+ where: { id: otp.id }
1704
1714
  });
1705
1715
  await this.config.prisma.user.update({
1706
1716
  where: { id: user.id },
package/dist/index.mjs CHANGED
@@ -771,13 +771,13 @@ var BaseProcedureFactory = class {
771
771
  }
772
772
  }
773
773
  if (!validCode) {
774
- const checkOTP = await this.config.prisma.oTP.findUnique({
775
- where: { userId: user.id }
774
+ const checkOTP = await this.config.prisma.oTP.findFirst({
775
+ where: { userId: user.id, code: Number(code), expiresAt: { gte: /* @__PURE__ */ new Date() } }
776
776
  });
777
- if (checkOTP && checkOTP.code === Number(code) && checkOTP.expiredAt >= /* @__PURE__ */ new Date()) {
777
+ if (checkOTP) {
778
778
  validCode = true;
779
779
  await this.config.prisma.oTP.delete({
780
- where: { userId: user.id }
780
+ where: { id: checkOTP.id }
781
781
  });
782
782
  }
783
783
  }
@@ -1035,10 +1035,22 @@ var BaseProcedureFactory = class {
1035
1035
  data: { password: hashedPassword }
1036
1036
  });
1037
1037
  await this.config.prisma.passwordReset.delete({ where: { id: token } });
1038
- await this.config.prisma.session.updateMany({
1038
+ const sessionsToDelete = await this.config.prisma.session.findMany({
1039
1039
  where: { userId: passwordReset.userId },
1040
- data: { revokedAt: /* @__PURE__ */ new Date() }
1040
+ select: { id: true, socketId: true, userId: true }
1041
+ });
1042
+ await this.config.prisma.session.deleteMany({
1043
+ where: { userId: passwordReset.userId }
1041
1044
  });
1045
+ for (const session of sessionsToDelete) {
1046
+ if (this.config.hooks?.onSessionRevoked) {
1047
+ await this.config.hooks.onSessionRevoked(
1048
+ session.id,
1049
+ session.socketId,
1050
+ "Password reset"
1051
+ );
1052
+ }
1053
+ }
1042
1054
  return { message: "Password updated. Please log in with your new password." };
1043
1055
  });
1044
1056
  }
@@ -1536,11 +1548,9 @@ var TwoFaProcedureFactory = class {
1536
1548
  throw new TRPCError6({ code: "FORBIDDEN", message: "Invalid credentials." });
1537
1549
  }
1538
1550
  const otp = generateOtp();
1539
- const expiredAt = new Date(Date.now() + this.config.tokenSettings.otpValidityMs);
1540
- await this.config.prisma.oTP.upsert({
1541
- where: { userId: user.id },
1542
- update: { code: otp, expiredAt },
1543
- create: { userId: user.id, code: otp, expiredAt }
1551
+ const expiresAt = new Date(Date.now() + this.config.tokenSettings.otpValidityMs);
1552
+ await this.config.prisma.oTP.create({
1553
+ data: { userId: user.id, code: otp, expiresAt }
1544
1554
  });
1545
1555
  if (this.config.emailService) {
1546
1556
  await this.config.emailService.sendOTPEmail(user.email, otp);
@@ -1559,14 +1569,14 @@ var TwoFaProcedureFactory = class {
1559
1569
  if (!user) {
1560
1570
  throw new TRPCError6({ code: "NOT_FOUND", message: "User not found" });
1561
1571
  }
1562
- const otp = await this.config.prisma.oTP.findUnique({
1563
- where: { userId: user.id }
1572
+ const otp = await this.config.prisma.oTP.findFirst({
1573
+ where: { userId: user.id, code, expiresAt: { gte: /* @__PURE__ */ new Date() } }
1564
1574
  });
1565
- if (!otp || otp.code !== code || otp.expiredAt < /* @__PURE__ */ new Date()) {
1575
+ if (!otp) {
1566
1576
  throw new TRPCError6({ code: "FORBIDDEN", message: "Invalid or expired OTP" });
1567
1577
  }
1568
1578
  await this.config.prisma.oTP.delete({
1569
- where: { userId: user.id }
1579
+ where: { id: otp.id }
1570
1580
  });
1571
1581
  await this.config.prisma.user.update({
1572
1582
  where: { id: user.id },
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@factiii/auth",
3
- "version": "0.4.1",
3
+ "version": "0.5.1",
4
4
  "publishConfig": {
5
5
  "access": "public"
6
6
  },
package/prisma/schema.prisma CHANGED
@@ -116,11 +116,13 @@ model PasswordReset {
116
116
  // ==============================================================================
117
117
 
118
118
  model OTP {
119
+ id Int @id @default(autoincrement())
119
120
  code Int
120
- expiredAt DateTime
121
- userId Int @unique
121
+ expiresAt DateTime
122
+ userId Int
122
123
  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
123
124
 
125
+ @@index([userId])
124
126
  }
125
127
 
126
128
  // ==============================================================================