@flowerforce/flowerbase 1.2.1-beta.8 → 1.3.0

package/CHANGELOG.md

@@ -1,3 +1,77 @@
+## 1.3.0 (2026-01-14)
+
+
+### 🚀 Features
+
+- add createdAt on collection auth_user ([87d4e81](https://github.com/flowerforce/flowerbase/commit/87d4e81))
+
+- add log error ([fde3fb1](https://github.com/flowerforce/flowerbase/commit/fde3fb1))
+
+- safe aggregate ([d715444](https://github.com/flowerforce/flowerbase/commit/d715444))
+
+- fix rules and tests ([0bbc9c6](https://github.com/flowerforce/flowerbase/commit/0bbc9c6))
+
+- remove sendgrid module ([f7b3d5f](https://github.com/flowerforce/flowerbase/commit/f7b3d5f))
+
+- security check ([aec94cc](https://github.com/flowerforce/flowerbase/commit/aec94cc))
+
+- add rate limit auth ([346fb12](https://github.com/flowerforce/flowerbase/commit/346fb12))
+
+- add basic auth swagger UI ([ac6b331](https://github.com/flowerforce/flowerbase/commit/ac6b331))
+
+- add rate limit reset password ([c9dcf48](https://github.com/flowerforce/flowerbase/commit/c9dcf48))
+
+- check refresh token ([db8204d](https://github.com/flowerforce/flowerbase/commit/db8204d))
+
+- add findOneAndUpdate ([9ac5b1e](https://github.com/flowerforce/flowerbase/commit/9ac5b1e))
+
+- add confirm user with custom function ([da8990d](https://github.com/flowerforce/flowerbase/commit/da8990d))
+
+- add catch error functions ([ef05b22](https://github.com/flowerforce/flowerbase/commit/ef05b22))
+
+- add anon-user ([2ed0086](https://github.com/flowerforce/flowerbase/commit/2ed0086))
+
+- add rate limit register ([74eb725](https://github.com/flowerforce/flowerbase/commit/74eb725))
+
+- add %%root record in rule ([6a95425](https://github.com/flowerforce/flowerbase/commit/6a95425))
+
+
+### 🩹 Fixes
+
+- cors methods ([c570d3a](https://github.com/flowerforce/flowerbase/commit/c570d3a))
+
+- check missing currentFunction ([7be4845](https://github.com/flowerforce/flowerbase/commit/7be4845))
+
+- reset password endpoint and auth tests ([daef161](https://github.com/flowerforce/flowerbase/commit/daef161))
+
+- reset password ([0dcb9f6](https://github.com/flowerforce/flowerbase/commit/0dcb9f6))
+
+- payload reset password legacy ([1219fd1](https://github.com/flowerforce/flowerbase/commit/1219fd1))
+
+- exports and import modulo in functions ([f5d0b96](https://github.com/flowerforce/flowerbase/commit/f5d0b96))
+
+- revoke token ([8ac3084](https://github.com/flowerforce/flowerbase/commit/8ac3084))
+
+- payload findOneAndUpdate ([5545232](https://github.com/flowerforce/flowerbase/commit/5545232))
+
+- trigger auth ([b376b30](https://github.com/flowerforce/flowerbase/commit/b376b30))
+
+- user auto confirm ([2639e70](https://github.com/flowerforce/flowerbase/commit/2639e70))
+
+- args auth event trigger ([dc78945](https://github.com/flowerforce/flowerbase/commit/dc78945))
+
+- async aggregate ([53ea8e7](https://github.com/flowerforce/flowerbase/commit/53ea8e7))
+
+- trigger crash ([d517f97](https://github.com/flowerforce/flowerbase/commit/d517f97))
+
+- user id jwt ([bfae07c](https://github.com/flowerforce/flowerbase/commit/bfae07c))
+
+- location hostname ([0e831ad](https://github.com/flowerforce/flowerbase/commit/0e831ad))
+
+- add error 401 custom auth ([d8b2eda](https://github.com/flowerforce/flowerbase/commit/d8b2eda))
+
+- **localUserPassController:** userWithCustomData ([3d8e257](https://github.com/flowerforce/flowerbase/commit/3d8e257))
+
 ## 1.2.0 (2025-10-14)
 
 

package/README.md

@@ -229,11 +229,12 @@ However, all users will be required to reset their passwords since it is not pos
 
 ### ✅ Supported Auth Method
 
-The only authentication mode currently re-implemented in `@flowerforce/flowerbase` is:
+The authentication modes currently re-implemented in `@flowerforce/flowerbase` are:
 
 - Local Email/Password (local-userpass)
+- Anonymous (anon-user)
 
-> Other methods (OAuth, API key, anonymous, etc.) are not supported yet.
+> Other methods (OAuth, API key, etc.) are not supported yet.
 
 ####  Example user:
 ```js
@@ -270,13 +271,18 @@ Example
         "name": "local-userpass",
         "type": "local-userpass",
         "disabled": false,
-        "auth_collection": "my-users-collection" //custom collection name
+        "auth_collection": "my-users-collection", //custom collection name
         "config": {
             "autoConfirm": true,
             "resetPasswordSubject": "reset",
             "resetPasswordUrl": "https://my.app.url/password-reset",
             "runConfirmationFunction": false
         }
+    },
+    "anon-user": {
+        "name": "anon-user",
+        "type": "anon-user",
+        "disabled": false
     }
 }
 

package/dist/auth/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/auth/controller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAQzC;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,iBA4IxD"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/auth/controller.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAQzC;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,GAAG,EAAE,eAAe,iBA+IxD"}

package/dist/auth/controller.js

@@ -12,8 +12,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.authController = authController;
 const bson_1 = require("bson");
 const constants_1 = require("../constants");
-const utils_1 = require("./utils");
 const crypto_1 = require("../utils/crypto");
+const utils_1 = require("./utils");
 const HANDLER_TYPE = 'preHandler';
 /**
  * Controller for handling user authentication, profile retrieval, and session management.
@@ -95,7 +95,7 @@ function authController(app) {
                     : {};
                 res.status(201);
                 return {
-                    access_token: this.createAccessToken(Object.assign(Object.assign({}, auth_user), { user_data: user }))
+                    access_token: this.createAccessToken(Object.assign(Object.assign({}, auth_user), { user_data: Object.assign(Object.assign({}, user), { id: req.user.sub }) }))
                 };
             });
         });

package/dist/auth/plugins/jwt.js

@@ -88,8 +88,8 @@ exports.default = (0, fastify_plugin_1.default)(function (fastify, opts) {
         });
         fastify.decorate('createAccessToken', function (user) {
             const id = user._id.toString();
-            const userDataId = user.user_data._id.toString();
-            const user_data = Object.assign({ _id: userDataId, id: userDataId, email: user.email }, user.user_data);
+            // const userDataId = user.user_data._id.toString()
+            const user_data = Object.assign(Object.assign({}, user.user_data), { _id: id, id: id, email: user.email });
             return this.jwt.sign({
                 typ: 'access',
                 id,
@@ -99,7 +99,7 @@ exports.default = (0, fastify_plugin_1.default)(function (fastify, opts) {
             }, {
                 iss: BAAS_ID,
                 jti: BAAS_ID,
-                sub: user._id.toJSON(),
+                sub: id,
                 expiresIn: '300m'
             });
         });

package/dist/auth/providers/anon-user/controller.d.ts

@@ -0,0 +1,8 @@
+import { FastifyInstance } from 'fastify';
+/**
+ * Controller for handling anonymous user login.
+ * @testable
+ * @param {FastifyInstance} app - The Fastify instance.
+ */
+export declare function anonUserController(app: FastifyInstance): Promise<void>;
+//# sourceMappingURL=controller.d.ts.map

package/dist/auth/providers/anon-user/controller.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/anon-user/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAOzC;;;;GAIG;AACH,wBAAsB,kBAAkB,CAAC,GAAG,EAAE,eAAe,iBA8E5D"}

package/dist/auth/providers/anon-user/controller.js

@@ -0,0 +1,90 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.anonUserController = anonUserController;
+const constants_1 = require("../../../constants");
+const crypto_1 = require("../../../utils/crypto");
+const handleUserRegistration_model_1 = require("../../../shared/models/handleUserRegistration.model");
+const utils_1 = require("../../utils");
+/**
+ * Controller for handling anonymous user login.
+ * @testable
+ * @param {FastifyInstance} app - The Fastify instance.
+ */
+function anonUserController(app) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const db = app.mongo.client.db(constants_1.DB_NAME);
+        const { authCollection, refreshTokensCollection, providers } = constants_1.AUTH_CONFIG;
+        const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
+        const anonUserTtlSeconds = constants_1.DEFAULT_CONFIG.ANON_USER_TTL_SECONDS;
+        try {
+            yield db.collection(authCollection).createIndex({ createdAt: 1 }, {
+                expireAfterSeconds: anonUserTtlSeconds,
+                partialFilterExpression: { 'identities.provider_type': handleUserRegistration_model_1.PROVIDER.ANON_USER }
+            });
+        }
+        catch (error) {
+            console.error('Failed to ensure anonymous user TTL index', error);
+        }
+        app.post(utils_1.AUTH_ENDPOINTS.LOGIN, function () {
+            return __awaiter(this, void 0, void 0, function* () {
+                const anonProvider = providers === null || providers === void 0 ? void 0 : providers['anon-user'];
+                if (anonProvider === null || anonProvider === void 0 ? void 0 : anonProvider.disabled) {
+                    throw new Error('Anonymous authentication disabled');
+                }
+                const now = new Date();
+                const insertResult = yield db.collection(authCollection).insertOne({
+                    status: 'confirmed',
+                    createdAt: now,
+                    custom_data: {},
+                    identities: [
+                        {
+                            provider_type: handleUserRegistration_model_1.PROVIDER.ANON_USER,
+                            provider_data: {}
+                        }
+                    ]
+                });
+                const userId = insertResult.insertedId;
+                yield db.collection(authCollection).updateOne({ _id: userId }, {
+                    $set: {
+                        identities: [
+                            {
+                                id: userId.toString(),
+                                provider_id: userId.toString(),
+                                provider_type: handleUserRegistration_model_1.PROVIDER.ANON_USER,
+                                provider_data: {}
+                            }
+                        ]
+                    }
+                });
+                const currentUserData = {
+                    _id: userId,
+                    user_data: {}
+                };
+                const refreshToken = this.createRefreshToken(currentUserData);
+                const refreshTokenHash = (0, crypto_1.hashToken)(refreshToken);
+                yield db.collection(refreshTokensCollection).insertOne({
+                    userId,
+                    tokenHash: refreshTokenHash,
+                    createdAt: now,
+                    expiresAt: new Date(Date.now() + refreshTokenTtlMs),
+                    revokedAt: null
+                });
+                return {
+                    access_token: this.createAccessToken(currentUserData),
+                    refresh_token: refreshToken,
+                    device_id: '',
+                    user_id: userId.toString()
+                };
+            });
+        });
+    });
+}

package/dist/auth/providers/anon-user/dtos.d.ts

@@ -0,0 +1,10 @@
+export type LoginSuccessDto = {
+    access_token: string;
+    device_id: string;
+    refresh_token: string;
+    user_id: string;
+};
+export interface LoginDto {
+    Reply: LoginSuccessDto;
+}
+//# sourceMappingURL=dtos.d.ts.map

package/dist/auth/providers/anon-user/dtos.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dtos.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/anon-user/dtos.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,KAAK,EAAE,eAAe,CAAA;CACvB"}

package/dist/auth/providers/anon-user/dtos.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/auth/providers/custom-function/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAgBzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBA8FlE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AASzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBAgGlE"}

package/dist/auth/providers/custom-function/controller.js

@@ -8,14 +8,9 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.customFunctionController = customFunctionController;
 const constants_1 = require("../../../constants");
-const handleUserRegistration_1 = __importDefault(require("../../../shared/handleUserRegistration"));
-const handleUserRegistration_model_1 = require("../../../shared/models/handleUserRegistration.model");
 const state_1 = require("../../../state");
 const context_1 = require("../../../utils/context");
 const crypto_1 = require("../../../utils/crypto");
@@ -31,7 +26,7 @@ function customFunctionController(app) {
         const functionsList = state_1.StateManager.select('functions');
         const services = state_1.StateManager.select('services');
         const db = app.mongo.client.db(constants_1.DB_NAME);
-        const { refreshTokensCollection } = constants_1.AUTH_CONFIG;
+        const { authCollection, refreshTokensCollection } = constants_1.AUTH_CONFIG;
         const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
         /**
          * Endpoint for user login.
@@ -42,7 +37,7 @@ function customFunctionController(app) {
          */
         app.post(utils_1.AUTH_ENDPOINTS.LOGIN, {
             schema: schema_1.LOGIN_SCHEMA
-        }, function (req) {
+        }, function (req, reply) {
             return __awaiter(this, void 0, void 0, function* () {
                 const { providers } = constants_1.AUTH_CONFIG;
                 const authFunctionName = providers["custom-function"].authFunctionName;
@@ -50,7 +45,7 @@ function customFunctionController(app) {
                     throw new Error("Missing Auth Function");
                 }
                 const { ips, host, hostname, url, method, ip, id } = req;
-                const res = yield (0, context_1.GenerateContext)({
+                const authResult = yield (0, context_1.GenerateContext)({
                     args: [
                         req.body
                     ],
@@ -70,34 +65,36 @@ function customFunctionController(app) {
                         id
                     }
                 });
-                if (res.id) {
-                    const user = yield (0, handleUserRegistration_1.default)(app, { run_as_system: true, skipUserCheck: true, provider: handleUserRegistration_model_1.PROVIDER.CUSTOM_FUNCTION })({ email: res.id, password: (0, utils_1.generatePassword)() });
-                    if (!(user === null || user === void 0 ? void 0 : user.insertedId)) {
-                        throw new Error('Failed to register custom user');
-                    }
-                    const currentUserData = {
-                        _id: user.insertedId,
-                        user_data: {
-                            _id: user.insertedId
-                        }
-                    };
-                    const refreshToken = this.createRefreshToken(currentUserData);
-                    const refreshTokenHash = (0, crypto_1.hashToken)(refreshToken);
-                    yield db.collection(refreshTokensCollection).insertOne({
-                        userId: user.insertedId,
-                        tokenHash: refreshTokenHash,
-                        createdAt: new Date(),
-                        expiresAt: new Date(Date.now() + refreshTokenTtlMs),
-                        revokedAt: null
-                    });
-                    return {
-                        access_token: this.createAccessToken(currentUserData),
-                        refresh_token: refreshToken,
-                        device_id: '',
-                        user_id: user.insertedId.toString()
-                    };
+                if (!authResult.id) {
+                    reply.code(401).send({ message: 'Unauthorized' });
+                    return;
+                }
+                const authUser = yield db.collection(authCollection).findOne({ email: authResult.id });
+                if (!authUser) {
+                    reply.code(401).send({ message: 'Unauthorized' });
+                    return;
                 }
-                throw new Error("Authentication Failed");
+                const currentUserData = {
+                    _id: authUser._id,
+                    user_data: {
+                        _id: authUser._id
+                    }
+                };
+                const refreshToken = this.createRefreshToken(currentUserData);
+                const refreshTokenHash = (0, crypto_1.hashToken)(refreshToken);
+                yield db.collection(refreshTokensCollection).insertOne({
+                    userId: authUser._id,
+                    tokenHash: refreshTokenHash,
+                    createdAt: new Date(),
+                    expiresAt: new Date(Date.now() + refreshTokenTtlMs),
+                    revokedAt: null
+                });
+                return {
+                    access_token: this.createAccessToken(currentUserData),
+                    refresh_token: refreshToken,
+                    device_id: '',
+                    user_id: authUser._id.toString()
+                };
             });
         });
     });

package/dist/auth/providers/custom-function/dtos.d.ts

@@ -8,8 +8,11 @@ export type LoginSuccessDto = {
     refresh_token: string;
     user_id: string;
 };
+export type LoginErrorDto = {
+    message: string;
+};
 export interface LoginDto {
     Body: LoginUserDto;
-    Reply: LoginSuccessDto;
+    Reply: LoginSuccessDto | LoginErrorDto;
 }
 //# sourceMappingURL=dtos.d.ts.map

package/dist/auth/providers/custom-function/dtos.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dtos.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/dtos.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,eAAe,CAAA;CACvB"}
+{"version":3,"file":"dtos.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/dtos.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,eAAe,GAAG,aAAa,CAAA;CACvC"}

package/dist/auth/providers/local-userpass/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAmCzC;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,eAAe,iBA2TjE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAqCzC;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,eAAe,iBAsUjE"}

package/dist/auth/providers/local-userpass/controller.js

@@ -14,7 +14,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.localUserPassController = localUserPassController;
 const constants_1 = require("../../../constants");
-const services_1 = require("../../../services");
 const handleUserRegistration_1 = __importDefault(require("../../../shared/handleUserRegistration"));
 const handleUserRegistration_model_1 = require("../../../shared/models/handleUserRegistration.model");
 const state_1 = require("../../../state");
@@ -38,14 +37,14 @@ const isRateLimited = (key, maxAttempts, windowMs) => {
  */
 function localUserPassController(app) {
     return __awaiter(this, void 0, void 0, function* () {
-        const functionsList = state_1.StateManager.select('functions');
-        const { authCollection, userCollection, user_id_field, on_user_creation_function_name } = constants_1.AUTH_CONFIG;
+        const { authCollection, userCollection, user_id_field } = constants_1.AUTH_CONFIG;
         const { resetPasswordCollection } = constants_1.AUTH_CONFIG;
         const { refreshTokensCollection } = constants_1.AUTH_CONFIG;
         const db = app.mongo.client.db(constants_1.DB_NAME);
         const resetPasswordTtlSeconds = constants_1.DEFAULT_CONFIG.RESET_PASSWORD_TTL_SECONDS;
         const rateLimitWindowMs = constants_1.DEFAULT_CONFIG.AUTH_RATE_LIMIT_WINDOW_MS;
         const loginMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_LOGIN_MAX_ATTEMPTS;
+        const registerMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS;
         const resetMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS;
         const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
         try {
@@ -103,6 +102,11 @@ function localUserPassController(app) {
         app.post(utils_1.AUTH_ENDPOINTS.REGISTRATION, {
             schema: utils_1.REGISTRATION_SCHEMA
         }, (req, res) => __awaiter(this, void 0, void 0, function* () {
+            const key = `register:${req.ip}`;
+            if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
+                res.status(429).send({ message: 'Too many requests' });
+                return;
+            }
             const result = yield (0, handleUserRegistration_1.default)(app, { run_as_system: true, provider: handleUserRegistration_model_1.PROVIDER.LOCAL_USERPASS })({ email: req.body.email.toLowerCase(), password: req.body.password });
             if (!(result === null || result === void 0 ? void 0 : result.insertedId)) {
                 res === null || res === void 0 ? void 0 : res.status(500);
@@ -111,6 +115,38 @@ function localUserPassController(app) {
             res === null || res === void 0 ? void 0 : res.status(201);
             return { userId: result.insertedId.toString() };
         }));
+        /**
+         * Endpoint for confirming a user registration.
+         *
+         * @route {POST} /confirm
+         * @param {ConfirmUserDto} req - The request object with confirmation data.
+         * @returns {Promise<Object>} A promise resolving with confirmation status.
+         */
+        app.post(utils_1.AUTH_ENDPOINTS.CONFIRM, {
+            schema: utils_1.CONFIRM_USER_SCHEMA
+        }, (req, res) => __awaiter(this, void 0, void 0, function* () {
+            const key = `confirm:${req.ip}`;
+            if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
+                res.status(429).send({ message: 'Too many requests' });
+                return;
+            }
+            const existing = yield db.collection(authCollection).findOne({
+                confirmationToken: req.body.token,
+                confirmationTokenId: req.body.tokenId
+            });
+            if (!existing) {
+                res.status(500);
+                throw new Error(utils_1.AUTH_ERRORS.INVALID_TOKEN);
+            }
+            if (existing.status !== 'confirmed') {
+                yield db.collection(authCollection).updateOne({ _id: existing._id }, {
+                    $set: { status: 'confirmed' },
+                    $unset: { confirmationToken: '', confirmationTokenId: '' }
+                });
+            }
+            res.status(200);
+            return { status: 'confirmed' };
+        }));
         /**
          * Endpoint for user login.
          *
@@ -144,36 +180,8 @@ function localUserPassController(app) {
                     : {};
                 authUser === null || authUser === void 0 ? true : delete authUser.password;
                 const userWithCustomData = Object.assign(Object.assign({}, authUser), { user_data: Object.assign(Object.assign({}, (user || {})), { _id: authUser._id }), data: { email: authUser.email }, id: authUser._id.toString() });
-                if (authUser && authUser.status === 'pending') {
-                    try {
-                        yield (db === null || db === void 0 ? void 0 : db.collection(authCollection).updateOne({ _id: authUser._id }, {
-                            $set: {
-                                status: 'confirmed'
-                            }
-                        }));
-                    }
-                    catch (error) {
-                        console.log('>>> 🚀 ~ localUserPassController ~ error:', error);
-                    }
-                }
-                if (authUser &&
-                    authUser.status === 'pending' &&
-                    on_user_creation_function_name &&
-                    functionsList[on_user_creation_function_name]) {
-                    try {
-                        yield (0, context_1.GenerateContext)({
-                            args: [userWithCustomData],
-                            app,
-                            rules: {},
-                            user: userWithCustomData,
-                            currentFunction: functionsList[on_user_creation_function_name],
-                            functionsList,
-                            services: services_1.services
-                        });
-                    }
-                    catch (error) {
-                        console.log('localUserPassController - /login - GenerateContext - CATCH:', error);
-                    }
+                if (authUser && authUser.status !== 'confirmed') {
+                    throw new Error(utils_1.AUTH_ERRORS.USER_NOT_CONFIRMED);
                 }
                 const refreshToken = this.createRefreshToken(userWithCustomData);
                 const refreshTokenHash = (0, crypto_1.hashToken)(refreshToken);

package/dist/auth/providers/local-userpass/dtos.d.ts

@@ -41,4 +41,10 @@ export interface ConfirmResetPasswordDto {
         password: string;
     };
 }
+export interface ConfirmUserDto {
+    Body: {
+        token: string;
+        tokenId: string;
+    };
+}
 //# sourceMappingURL=dtos.d.ts.map

package/dist/auth/providers/local-userpass/dtos.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dtos.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/dtos.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,eAAe,CAAA;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,eAAe,GAAG,gBAAgB,CAAA;CAC1C;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;CACF;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,OAAO,EAAE,CAAA;KACtB,CAAA;CACF;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;QACb,OAAO,EAAE,MAAM,CAAA;QACf,QAAQ,EAAE,MAAM,CAAA;KACjB,CAAA;CACF"}
+{"version":3,"file":"dtos.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/dtos.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG;IAC5B,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,YAAY,GAAG;IACzB,QAAQ,EAAE,MAAM,CAAA;IAChB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,EAAE,MAAM,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,eAAe,CAAA;CACtB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,YAAY,CAAA;IAClB,KAAK,EAAE,eAAe,GAAG,gBAAgB,CAAA;CAC1C;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;KACd,CAAA;CACF;AAED,MAAM,WAAW,oBAAoB;IACnC,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;QACb,QAAQ,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,OAAO,EAAE,CAAA;KACtB,CAAA;CACF;AAED,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;QACb,OAAO,EAAE,MAAM,CAAA;QACf,QAAQ,EAAE,MAAM,CAAA;KACjB,CAAA;CACF;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE;QACJ,KAAK,EAAE,MAAM,CAAA;QACb,OAAO,EAAE,MAAM,CAAA;KAChB,CAAA;CACF"}

package/dist/auth/utils.d.ts

@@ -72,6 +72,20 @@ export declare const CONFIRM_RESET_SCHEMA: {
         required: string[];
     };
 };
+export declare const CONFIRM_USER_SCHEMA: {
+    body: {
+        type: string;
+        properties: {
+            token: {
+                type: string;
+            };
+            tokenId: {
+                type: string;
+            };
+        };
+        required: string[];
+    };
+};
 export declare const RESET_SCHEMA: {
     body: {
         type: string;
@@ -108,6 +122,7 @@ export declare const REGISTRATION_SCHEMA: {
 export declare enum AUTH_ENDPOINTS {
     LOGIN = "/login",
     REGISTRATION = "/register",
+    CONFIRM = "/confirm",
     PROFILE = "/profile",
     SESSION = "/session",
     RESET = "/reset/send",
@@ -119,13 +134,15 @@ export declare enum AUTH_ERRORS {
     INVALID_CREDENTIALS = "Invalid credentials",
     INVALID_TOKEN = "Invalid refresh token provided",
     INVALID_RESET_PARAMS = "Invalid token or tokenId provided",
-    MISSING_RESET_FUNCTION = "Missing reset function"
+    MISSING_RESET_FUNCTION = "Missing reset function",
+    USER_NOT_CONFIRMED = "User not confirmed"
 }
 export interface AuthConfig {
     auth_collection?: string;
     'api-key': ApiKey;
     'local-userpass': LocalUserpass;
     'custom-function': CustomFunction;
+    'anon-user'?: AnonUser;
 }
 interface ApiKey {
     name: string;
@@ -146,8 +163,14 @@ interface CustomFunction {
         "authFunctionName": string;
     };
 }
+export interface AnonUser {
+    name: "anon-user";
+    type: "anon-user";
+    disabled: boolean;
+}
 export interface Config {
     autoConfirm: boolean;
+    confirmationFunctionName?: string;
     resetFunctionName: string;
     resetPasswordUrl: string;
     runConfirmationFunction: boolean;

package/dist/auth/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/auth/utils.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;CAcxB,CAAA;AAED,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;CAa7B,CAAA;AAED,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;CAe7B,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;CAUhC,CAAA;AAED,eAAO,MAAM,YAAY;;;;;;;;;;;;;CAAoB,CAAA;AAE7C,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;CAc/B,CAAA;AAED,oBAAY,cAAc;IACxB,KAAK,WAAW;IAChB,YAAY,cAAc;IAC1B,OAAO,aAAa;IACpB,OAAO,aAAa;IACpB,KAAK,gBAAgB;IACrB,UAAU,gBAAgB;IAC1B,aAAa,WAAW;IACxB,UAAU,sBAAsB;CACjC;AAED,oBAAY,WAAW;IACrB,mBAAmB,wBAAwB;IAC3C,aAAa,mCAAmC;IAChD,oBAAoB,sCAAsC;IAC1D,sBAAsB,2BAA2B;CAClD;AAED,MAAM,WAAW,UAAU;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,EAAE,aAAa,CAAA;IAC/B,iBAAiB,EAAE,cAAc,CAAA;CAClC;AAED,UAAU,MAAM;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,OAAO,CAAA;CAClB;AACD,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,UAAU,cAAc;IACtB,IAAI,EAAE,iBAAiB,CAAC;IACxB,IAAI,EAAE,iBAAiB,CAAC;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE;QACN,kBAAkB,EAAE,MAAM,CAAA;KAC3B,CAAA;CACF;AAED,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,OAAO,CAAA;IACpB,iBAAiB,EAAE,MAAM,CAAA;IACzB,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,OAAO,CAAA;IAChC,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAA;IAChB,kBAAkB,EAAE,MAAM,CAAA;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,8BAA8B,EAAE,MAAM,CAAA;CACvC;AAMD;;;GAGG;AACH,eAAO,MAAM,cAAc,QAAO,UAGjC,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,kBAAkB,QAAO,oBAGrC,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,eAAW,WAG3C,CAAA"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../src/auth/utils.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;CAcxB,CAAA;AAED,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;CAa7B,CAAA;AAED,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;CAe7B,CAAA;AAED,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;CAUhC,CAAA;AAED,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;CAS/B,CAAA;AAED,eAAO,MAAM,YAAY;;;;;;;;;;;;;CAAoB,CAAA;AAE7C,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;CAc/B,CAAA;AAED,oBAAY,cAAc;IACxB,KAAK,WAAW;IAChB,YAAY,cAAc;IAC1B,OAAO,aAAa;IACpB,OAAO,aAAa;IACpB,OAAO,aAAa;IACpB,KAAK,gBAAgB;IACrB,UAAU,gBAAgB;IAC1B,aAAa,WAAW;IACxB,UAAU,sBAAsB;CACjC;AAED,oBAAY,WAAW;IACrB,mBAAmB,wBAAwB;IAC3C,aAAa,mCAAmC;IAChD,oBAAoB,sCAAsC;IAC1D,sBAAsB,2BAA2B;IACjD,kBAAkB,uBAAuB;CAC1C;AAED,MAAM,WAAW,UAAU;IACzB,eAAe,CAAC,EAAE,MAAM,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,EAAE,aAAa,CAAA;IAC/B,iBAAiB,EAAE,cAAc,CAAA;IACjC,WAAW,CAAC,EAAE,QAAQ,CAAA;CACvB;AAED,UAAU,MAAM;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,OAAO,CAAA;CAClB;AACD,UAAU,aAAa;IACrB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;CACf;AAED,UAAU,cAAc;IACtB,IAAI,EAAE,iBAAiB,CAAC;IACxB,IAAI,EAAE,iBAAiB,CAAC;IACxB,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,EAAE;QACN,kBAAkB,EAAE,MAAM,CAAA;KAC3B,CAAA;CACF;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,WAAW,CAAA;IACjB,IAAI,EAAE,WAAW,CAAA;IACjB,QAAQ,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,OAAO,CAAA;IACpB,wBAAwB,CAAC,EAAE,MAAM,CAAA;IACjC,iBAAiB,EAAE,MAAM,CAAA;IACzB,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,OAAO,CAAA;IAChC,gBAAgB,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAA;IAChB,kBAAkB,EAAE,MAAM,CAAA;IAC1B,aAAa,EAAE,MAAM,CAAA;IACrB,eAAe,EAAE,MAAM,CAAA;IACvB,aAAa,EAAE,MAAM,CAAA;IACrB,8BAA8B,EAAE,MAAM,CAAA;CACvC;AAMD;;;GAGG;AACH,eAAO,MAAM,cAAc,QAAO,UAGjC,CAAA;AAED;;;GAGG;AACH,eAAO,MAAM,kBAAkB,QAAO,oBAGrC,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,eAAW,WAG3C,CAAA"}