@flowerforce/flowerbase 1.6.1 → 1.6.2-beta.0

package/dist/auth/providers/anon-user/controller.js

@@ -23,7 +23,7 @@ const utils_1 = require("../../utils");
 function anonUserController(app) {
     return __awaiter(this, void 0, void 0, function* () {
         const db = app.mongo.client.db(constants_1.DB_NAME);
-        const { authCollection, refreshTokensCollection, providers } = constants_1.AUTH_CONFIG;
+        const { authCollection, refreshTokensCollection } = constants_1.AUTH_CONFIG;
         const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
         const anonUserTtlSeconds = constants_1.DEFAULT_CONFIG.ANON_USER_TTL_SECONDS;
         try {
@@ -37,8 +37,9 @@ function anonUserController(app) {
         }
         app.post(utils_1.AUTH_ENDPOINTS.LOGIN, function () {
             return __awaiter(this, void 0, void 0, function* () {
-                const anonProvider = providers === null || providers === void 0 ? void 0 : providers['anon-user'];
-                if (anonProvider === null || anonProvider === void 0 ? void 0 : anonProvider.disabled) {
+                var _a;
+                const anonProvider = (_a = constants_1.AUTH_CONFIG.authProviders) === null || _a === void 0 ? void 0 : _a['anon-user'];
+                if (!anonProvider || anonProvider.disabled) {
                     throw new Error('Anonymous authentication disabled');
                 }
                 const now = new Date();

package/dist/auth/providers/custom-function/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AASzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBAgGlE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/custom-function/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AASzC;;;;GAIG;AACH,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,eAAe,iBAoGlE"}

package/dist/auth/providers/custom-function/controller.js

@@ -39,8 +39,13 @@ function customFunctionController(app) {
             schema: schema_1.LOGIN_SCHEMA
         }, function (req, reply) {
             return __awaiter(this, void 0, void 0, function* () {
-                const { providers } = constants_1.AUTH_CONFIG;
-                const authFunctionName = providers["custom-function"].authFunctionName;
+                var _a, _b;
+                const customFunctionProvider = (_a = constants_1.AUTH_CONFIG.authProviders) === null || _a === void 0 ? void 0 : _a['custom-function'];
+                if (!customFunctionProvider || customFunctionProvider.disabled) {
+                    throw new Error('Custom function authentication disabled');
+                }
+                const authFunctionName = (_b = customFunctionProvider
+                    .config) === null || _b === void 0 ? void 0 : _b.authFunctionName;
                 if (!authFunctionName || !functionsList[authFunctionName]) {
                     throw new Error("Missing Auth Function");
                 }

package/dist/auth/providers/local-userpass/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAqCzC;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,eAAe,iBAqVjE"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../../../src/auth/providers/local-userpass/controller.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAqCzC;;;;GAIG;AACH,wBAAsB,uBAAuB,CAAC,GAAG,EAAE,eAAe,iBA8WjE"}

package/dist/auth/providers/local-userpass/controller.js

@@ -47,6 +47,7 @@ function localUserPassController(app) {
         const registerMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS;
         const resetMaxAttempts = constants_1.DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS;
         const refreshTokenTtlMs = constants_1.DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000;
+        const resolveLocalUserpassProvider = () => { var _a; return (_a = constants_1.AUTH_CONFIG.authProviders) === null || _a === void 0 ? void 0 : _a['local-userpass']; };
         try {
             yield db.collection(resetPasswordCollection).createIndex({ createdAt: 1 }, { expireAfterSeconds: resetPasswordTtlSeconds });
         }
@@ -102,6 +103,10 @@ function localUserPassController(app) {
         app.post(utils_1.AUTH_ENDPOINTS.REGISTRATION, {
             schema: utils_1.REGISTRATION_SCHEMA
         }, (req, res) => __awaiter(this, void 0, void 0, function* () {
+            const localUserpassProvider = resolveLocalUserpassProvider();
+            if (!localUserpassProvider || localUserpassProvider.disabled) {
+                throw new Error('Local userpass authentication disabled');
+            }
             const key = `register:${req.ip}`;
             if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
                 res.status(429).send({ message: 'Too many requests' });
@@ -141,6 +146,10 @@ function localUserPassController(app) {
         app.post(utils_1.AUTH_ENDPOINTS.CONFIRM, {
             schema: utils_1.CONFIRM_USER_SCHEMA
         }, (req, res) => __awaiter(this, void 0, void 0, function* () {
+            const localUserpassProvider = resolveLocalUserpassProvider();
+            if (!localUserpassProvider || localUserpassProvider.disabled) {
+                throw new Error('Local userpass authentication disabled');
+            }
             const key = `confirm:${req.ip}`;
             if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                 res.status(429).send({ message: 'Too many requests' });
@@ -174,6 +183,10 @@ function localUserPassController(app) {
             schema: utils_1.LOGIN_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `login:${req.ip}`;
                 if (isRateLimited(key, loginMaxAttempts, rateLimitWindowMs)) {
                     res.status(429).send({ message: 'Too many requests' });
@@ -227,6 +240,10 @@ function localUserPassController(app) {
             schema: utils_1.RESET_SEND_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `reset:${req.ip}`;
                 if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                     res.status(429);
@@ -243,6 +260,10 @@ function localUserPassController(app) {
             schema: utils_1.RESET_CALL_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `reset:${req.ip}`;
                 if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                     res.status(429);
@@ -266,6 +287,10 @@ function localUserPassController(app) {
             schema: utils_1.CONFIRM_RESET_SCHEMA
         }, function (req, res) {
             return __awaiter(this, void 0, void 0, function* () {
+                const localUserpassProvider = resolveLocalUserpassProvider();
+                if (!localUserpassProvider || localUserpassProvider.disabled) {
+                    throw new Error('Local userpass authentication disabled');
+                }
                 const key = `reset-confirm:${req.ip}`;
                 if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
                     res.status(429);

package/dist/auth/utils.js

@@ -149,7 +149,7 @@ const loadAuthConfig = () => {
             'anon-user': {
                 name: 'anon-user',
                 type: 'anon-user',
-                disabled: false
+                disabled: true
             }
         };
     }

package/dist/constants.d.ts

@@ -24,6 +24,10 @@ export declare const DEFAULT_CONFIG: {
 export declare const API_VERSION: string;
 export declare const HTTPS_SCHEMA: string;
 export declare const DB_NAME: string;
+type AuthProviders = Record<string, {
+    disabled?: boolean;
+    config?: unknown;
+}>;
 export declare const AUTH_CONFIG: {
     authCollection: string;
     userCollection: string;
@@ -31,6 +35,7 @@ export declare const AUTH_CONFIG: {
     refreshTokensCollection: string;
     resetPasswordConfig: import("./auth/utils").Config;
     localUserpassConfig: import("./auth/utils").Config;
+    authProviders: AuthProviders;
     user_id_field: string;
     on_user_creation_function_name: string;
     providers: {
@@ -44,4 +49,5 @@ export declare const S3_CONFIG: {
     ACCESS_KEY_ID: string | undefined;
     SECRET_ACCESS_KEY: string | undefined;
 };
+export {};
 //# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAUpC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;iBAmBsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AAGpC,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;CAavB,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,CAAA;AAUpC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;iBAmBsB,eAAe,EAAE;;CAEjE,CAAA;AACD,eAAO,MAAM,WAAW,QAA8C,CAAA;AACtE,eAAO,MAAM,YAAY,QAA8B,CAAA;AACvD,eAAO,MAAM,OAAO,QAAgB,CAAA;AAEpC,KAAK,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAAA;AAE7E,eAAO,MAAM,WAAW;;;;;;;mBAOqB,aAAa;;;;;;;;;CAOzD,CAAA;AAID,eAAO,MAAM,SAAS;;;CAGrB,CAAA"}

package/dist/constants.js

@@ -49,6 +49,7 @@ exports.AUTH_CONFIG = {
     refreshTokensCollection: 'auth_refresh_tokens',
     resetPasswordConfig: (_a = configuration['local-userpass']) === null || _a === void 0 ? void 0 : _a.config,
     localUserpassConfig: (_b = configuration['local-userpass']) === null || _b === void 0 ? void 0 : _b.config,
+    authProviders: configuration,
     user_id_field,
     on_user_creation_function_name,
     providers: {

package/dist/features/triggers/interface.d.ts

@@ -23,6 +23,7 @@ type Config = {
     match: Record<string, unknown>;
     operation_types: string[];
     operation_type?: 'CREATE' | 'DELETE' | 'LOGOUT';
+    providers?: string[];
     project: Record<string, unknown>;
     service_name: string;
     skip_catchup_events: boolean;

package/dist/features/triggers/interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACnD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE5D,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,WAAW,CAAA;IACjB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB,EAAE;QAChB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,aAAa,EAAE,MAAM,CAAA;aACtB,CAAA;SACF,CAAA;KACF,CAAA;CACF;AAED,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,OAAO,CAAA;IACtB,2BAA2B,EAAE,OAAO,CAAA;IACpC,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;IAC/C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,sBAAsB,EAAE,OAAO,CAAA;IAC/B,SAAS,EAAE,OAAO,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,UAAU,GAAG,gBAAgB,CAAA;AACrE,MAAM,MAAM,QAAQ,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAAE,CAAA;AAE/D,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,QAAQ,CAAA;IACxB,GAAG,EAAE,eAAe,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,aAAa,EAAE,SAAS,CAAA;CACzB,CAAA"}
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/interface.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AACnD,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE5D,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,WAAW,CAAA;IACjB,QAAQ,EAAE,OAAO,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,gBAAgB,EAAE;QAChB,QAAQ,EAAE;YACR,MAAM,EAAE;gBACN,aAAa,EAAE,MAAM,CAAA;aACtB,CAAA;SACF,CAAA;KACF,CAAA;CACF;AAED,KAAK,MAAM,GAAG;IACZ,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,aAAa,EAAE,OAAO,CAAA;IACtB,2BAA2B,EAAE,OAAO,CAAA;IACpC,aAAa,CAAC,EAAE,OAAO,CAAA;IACvB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC9B,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,cAAc,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAA;IAC/C,SAAS,CAAC,EAAE,MAAM,EAAE,CAAA;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAChC,YAAY,EAAE,MAAM,CAAA;IACpB,mBAAmB,EAAE,OAAO,CAAA;IAC5B,sBAAsB,EAAE,OAAO,CAAA;IAC/B,SAAS,EAAE,OAAO,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAED,MAAM,MAAM,WAAW,GAAG,WAAW,GAAG,UAAU,GAAG,gBAAgB,CAAA;AACrE,MAAM,MAAM,QAAQ,GAAG;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,OAAO,CAAA;CAAE,EAAE,CAAA;AAE/D,MAAM,MAAM,aAAa,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,EAAE,QAAQ,CAAA;IACxB,GAAG,EAAE,eAAe,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,aAAa,EAAE,SAAS,CAAA;CACzB,CAAA"}

package/dist/features/triggers/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,aAAa,CAAA;AAqC9D;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAU,gBAAuB,KAAG,OAAO,CAAC,QAAQ,CAkB5E,CAAA;AAuaD,eAAO,MAAM,gBAAgB;0EAnZ1B,aAAa;yEAwVb,aAAa;+EAtSb,aAAa;CAqWf,CAAA"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/features/triggers/utils.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,aAAa,EAAW,QAAQ,EAAE,MAAM,aAAa,CAAA;AAqC9D;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY,GAAU,gBAAuB,KAAG,OAAO,CAAC,QAAQ,CAkB5E,CAAA;AAyeD,eAAO,MAAM,gBAAgB;0EArd1B,aAAa;yEA0Zb,aAAa;+EArUb,aAAa;CAoYf,CAAA"}

package/dist/features/triggers/utils.js

@@ -123,6 +123,38 @@ const mapOpInverse = {
     LOGOUT: ['update'],
 };
 const normalizeOperationTypes = (operationTypes = []) => operationTypes.map((op) => op.toLowerCase());
+const normalizeProviders = (providers = []) => providers
+    .map((provider) => (typeof provider === 'string' ? provider.trim().toLowerCase() : ''))
+    .filter((provider) => provider.length);
+const extractProvidersFromDocument = (document) => {
+    if (!document)
+        return [];
+    const providers = [];
+    const identities = document.identities;
+    if (Array.isArray(identities)) {
+        for (const identity of identities) {
+            if (!identity || typeof identity !== 'object')
+                continue;
+            const providerType = identity.provider_type;
+            if (typeof providerType === 'string') {
+                providers.push(providerType.toLowerCase());
+            }
+        }
+    }
+    const rootProviderType = document.provider_type;
+    if (typeof rootProviderType === 'string') {
+        providers.push(rootProviderType.toLowerCase());
+    }
+    return providers;
+};
+const matchesProviderFilter = (document, providerFilter) => {
+    if (!providerFilter.length)
+        return true;
+    const documentProviders = extractProvidersFromDocument(document);
+    if (!documentProviders.length)
+        return false;
+    return documentProviders.some((provider) => providerFilter.includes(provider));
+};
 const resolveDocumentOptions = ({ requestFullDocument, requestFullDocumentBeforeChange, normalizedOperations }) => {
     const includesUpdateOrReplace = normalizedOperations.some((op) => op === 'update' || op === 'replace');
     const fullDocument = (() => {
@@ -134,9 +166,10 @@ const resolveDocumentOptions = ({ requestFullDocument, requestFullDocumentBefore
     return { fullDocument, fullDocumentBeforeChange };
 };
 const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, function* ({ config, triggerHandler, functionsList, services, app }) {
-    var _b;
+    var _b, _c;
     const { database, isAutoTrigger, operation_types = [], operation_type } = config;
-    const authCollection = (_b = constants_1.AUTH_CONFIG.authCollection) !== null && _b !== void 0 ? _b : 'auth_users';
+    const providerFilter = normalizeProviders((_b = config.providers) !== null && _b !== void 0 ? _b : []);
+    const authCollection = (_c = constants_1.AUTH_CONFIG.authCollection) !== null && _c !== void 0 ? _c : 'auth_users';
     const collection = app.mongo.client.db(database || constants_1.DB_NAME).collection(authCollection);
     const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types;
     const normalizedOps = normalizeOperationTypes(operationCandidates);
@@ -216,6 +249,9 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                         _id: documentKey._id
                     }));
                 }
+                if (!matchesProviderFilter(logoutDocument, providerFilter)) {
+                    return;
+                }
                 const userData = buildUserData(logoutDocument);
                 if (!userData) {
                     return;
@@ -248,7 +284,11 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 if (isAutoTrigger || operation_type !== 'DELETE') {
                     return;
                 }
-                const userData = buildUserData(fullDocumentBeforeChange !== null && fullDocumentBeforeChange !== void 0 ? fullDocumentBeforeChange : confirmedDocument);
+                const deleteDocument = fullDocumentBeforeChange !== null && fullDocumentBeforeChange !== void 0 ? fullDocumentBeforeChange : confirmedDocument;
+                if (!matchesProviderFilter(deleteDocument, providerFilter)) {
+                    return;
+                }
+                const userData = buildUserData(deleteDocument);
                 if (!userData) {
                     return;
                 }
@@ -277,7 +317,16 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 return;
             }
             if (isReplace) {
-                const userData = buildUserData(confirmedDocument);
+                let replaceDocument = confirmedDocument;
+                if (!replaceDocument && providerFilter.length && (documentKey === null || documentKey === void 0 ? void 0 : documentKey._id)) {
+                    replaceDocument = (yield collection.findOne({
+                        _id: documentKey._id
+                    }));
+                }
+                if (!matchesProviderFilter(replaceDocument, providerFilter)) {
+                    return;
+                }
+                const userData = buildUserData(replaceDocument);
                 if (!userData) {
                     return;
                 }
@@ -323,6 +372,16 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
             if (!confirmedCandidate) {
                 return;
             }
+            let candidateDocument = confirmedDocument;
+            if (!candidateDocument && providerFilter.length && (documentKey === null || documentKey === void 0 ? void 0 : documentKey._id)) {
+                candidateDocument = (yield collection.findOne({
+                    _id: documentKey._id
+                }));
+                confirmedDocument = candidateDocument !== null && candidateDocument !== void 0 ? candidateDocument : confirmedDocument;
+            }
+            if (!matchesProviderFilter(candidateDocument, providerFilter)) {
+                return;
+            }
             const updateResult = yield collection.findOneAndUpdate({
                 _id: documentKey._id,
                 status: 'confirmed',
@@ -339,6 +398,9 @@ const handleAuthenticationTrigger = (_a) => __awaiter(void 0, [_a], void 0, func
                 return;
             }
             delete document.password;
+            if (!matchesProviderFilter(document, providerFilter)) {
+                return;
+            }
             const userData = buildUserData(document);
             if (!userData) {
                 return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.6.1",
+  "version": "1.6.2-beta.0",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/auth/providers/anon-user/controller.ts

@@ -13,7 +13,7 @@ import { LoginDto } from './dtos'
  */
 export async function anonUserController(app: FastifyInstance) {
   const db = app.mongo.client.db(DB_NAME)
-  const { authCollection, refreshTokensCollection, providers } = AUTH_CONFIG
+  const { authCollection, refreshTokensCollection } = AUTH_CONFIG
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
   const anonUserTtlSeconds = DEFAULT_CONFIG.ANON_USER_TTL_SECONDS
 
@@ -32,8 +32,8 @@ export async function anonUserController(app: FastifyInstance) {
   app.post<LoginDto>(
     AUTH_ENDPOINTS.LOGIN,
     async function () {
-      const anonProvider = providers?.['anon-user']
-      if (anonProvider?.disabled) {
+      const anonProvider = AUTH_CONFIG.authProviders?.['anon-user']
+      if (!anonProvider || anonProvider.disabled) {
         throw new Error('Anonymous authentication disabled')
       }
 

package/src/auth/providers/custom-function/controller.ts

@@ -33,8 +33,12 @@ export async function customFunctionController(app: FastifyInstance) {
       schema: LOGIN_SCHEMA
     },
     async function (req, reply) {
-      const { providers } = AUTH_CONFIG
-      const authFunctionName = providers["custom-function"].authFunctionName
+      const customFunctionProvider = AUTH_CONFIG.authProviders?.['custom-function']
+      if (!customFunctionProvider || customFunctionProvider.disabled) {
+        throw new Error('Custom function authentication disabled')
+      }
+      const authFunctionName = (customFunctionProvider as { config?: { authFunctionName?: string } })
+        .config?.authFunctionName
 
       if (!authFunctionName || !functionsList[authFunctionName]) {
         throw new Error("Missing Auth Function")

package/src/auth/providers/local-userpass/controller.ts

@@ -51,6 +51,7 @@ export async function localUserPassController(app: FastifyInstance) {
   const registerMaxAttempts = DEFAULT_CONFIG.AUTH_REGISTER_MAX_ATTEMPTS
   const resetMaxAttempts = DEFAULT_CONFIG.AUTH_RESET_MAX_ATTEMPTS
   const refreshTokenTtlMs = DEFAULT_CONFIG.REFRESH_TOKEN_TTL_DAYS * 24 * 60 * 60 * 1000
+  const resolveLocalUserpassProvider = () => AUTH_CONFIG.authProviders?.['local-userpass']
 
   try {
     await db.collection(resetPasswordCollection).createIndex(
@@ -132,6 +133,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: REGISTRATION_SCHEMA
     },
     async (req, res) => {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `register:${req.ip}`
       if (isRateLimited(key, registerMaxAttempts, rateLimitWindowMs)) {
         res.status(429).send({ message: 'Too many requests' })
@@ -178,6 +183,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: CONFIRM_USER_SCHEMA
     },
     async (req, res) => {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `confirm:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429).send({ message: 'Too many requests' })
@@ -222,6 +231,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: LOGIN_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `login:${req.ip}`
       if (isRateLimited(key, loginMaxAttempts, rateLimitWindowMs)) {
         res.status(429).send({ message: 'Too many requests' })
@@ -295,6 +308,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: RESET_SEND_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `reset:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429)
@@ -314,6 +331,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: RESET_CALL_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `reset:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429)
@@ -344,6 +365,10 @@ export async function localUserPassController(app: FastifyInstance) {
       schema: CONFIRM_RESET_SCHEMA
     },
     async function (req, res) {
+      const localUserpassProvider = resolveLocalUserpassProvider()
+      if (!localUserpassProvider || localUserpassProvider.disabled) {
+        throw new Error('Local userpass authentication disabled')
+      }
       const key = `reset-confirm:${req.ip}`
       if (isRateLimited(key, resetMaxAttempts, rateLimitWindowMs)) {
         res.status(429)

package/src/auth/utils.ts

@@ -208,7 +208,7 @@ export const loadAuthConfig = (): AuthConfig => {
       'anon-user': {
         name: 'anon-user',
         type: 'anon-user',
-        disabled: false
+        disabled: true
       }
     }
   }

package/src/constants.ts

@@ -35,6 +35,7 @@ export const API_VERSION = `/api/client/${DEFAULT_CONFIG.API_VERSION}`
 export const HTTPS_SCHEMA = DEFAULT_CONFIG.HTTPS_SCHEMA
 export const DB_NAME = database_name
 
+type AuthProviders = Record<string, { disabled?: boolean; config?: unknown }>
 // TODO spostare nell'oggetto providers anche le altre configurazioni
 export const AUTH_CONFIG = {
   authCollection: auth_collection,
@@ -43,6 +44,7 @@ export const AUTH_CONFIG = {
   refreshTokensCollection: 'auth_refresh_tokens',
   resetPasswordConfig: configuration['local-userpass']?.config,
   localUserpassConfig: configuration['local-userpass']?.config,
+  authProviders: configuration as unknown as AuthProviders,
   user_id_field,
   on_user_creation_function_name,
   providers: {

package/src/features/triggers/interface.ts

@@ -25,6 +25,7 @@ type Config = {
   match: Record<string, unknown>
   operation_types: string[]
   operation_type?: 'CREATE' | 'DELETE' | 'LOGOUT'
+  providers?: string[]
   project: Record<string, unknown>
   service_name: string
   skip_catchup_events: boolean

package/src/features/triggers/utils.ts

@@ -112,6 +112,41 @@ const mapOpInverse = {
 const normalizeOperationTypes = (operationTypes: string[] = []) =>
   operationTypes.map((op) => op.toLowerCase())
 
+const normalizeProviders = (providers: string[] = []) =>
+  providers
+    .map((provider) => (typeof provider === 'string' ? provider.trim().toLowerCase() : ''))
+    .filter((provider) => provider.length)
+
+const extractProvidersFromDocument = (document?: Record<string, unknown> | null) => {
+  if (!document) return []
+  const providers: string[] = []
+  const identities = (document as { identities?: unknown }).identities
+  if (Array.isArray(identities)) {
+    for (const identity of identities) {
+      if (!identity || typeof identity !== 'object') continue
+      const providerType = (identity as { provider_type?: unknown }).provider_type
+      if (typeof providerType === 'string') {
+        providers.push(providerType.toLowerCase())
+      }
+    }
+  }
+  const rootProviderType = (document as { provider_type?: unknown }).provider_type
+  if (typeof rootProviderType === 'string') {
+    providers.push(rootProviderType.toLowerCase())
+  }
+  return providers
+}
+
+const matchesProviderFilter = (
+  document: Record<string, unknown> | null | undefined,
+  providerFilter: string[]
+) => {
+  if (!providerFilter.length) return true
+  const documentProviders = extractProvidersFromDocument(document)
+  if (!documentProviders.length) return false
+  return documentProviders.some((provider) => providerFilter.includes(provider))
+}
+
 const resolveDocumentOptions = ({
   requestFullDocument,
   requestFullDocumentBeforeChange,
@@ -140,6 +175,7 @@ const handleAuthenticationTrigger = async ({
   app
 }: HandlerParams) => {
   const { database, isAutoTrigger, operation_types = [], operation_type } = config
+  const providerFilter = normalizeProviders(config.providers ?? [])
   const authCollection = AUTH_CONFIG.authCollection ?? 'auth_users'
   const collection = app.mongo.client.db(database || DB_NAME).collection(authCollection)
   const operationCandidates = operation_type ? mapOpInverse[operation_type] : operation_types
@@ -238,6 +274,9 @@ const handleAuthenticationTrigger = async ({
           _id: documentKey._id
         }) as Record<string, unknown> | null
       }
+      if (!matchesProviderFilter(logoutDocument, providerFilter)) {
+        return
+      }
       const userData = buildUserData(logoutDocument)
       if (!userData) {
         return
@@ -270,7 +309,11 @@ const handleAuthenticationTrigger = async ({
       if (isAutoTrigger || operation_type !== 'DELETE') {
         return
       }
-      const userData = buildUserData(fullDocumentBeforeChange ?? confirmedDocument)
+      const deleteDocument = fullDocumentBeforeChange ?? confirmedDocument
+      if (!matchesProviderFilter(deleteDocument, providerFilter)) {
+        return
+      }
+      const userData = buildUserData(deleteDocument)
       if (!userData) {
         return
       }
@@ -299,7 +342,16 @@ const handleAuthenticationTrigger = async ({
     }
 
     if (isReplace) {
-      const userData = buildUserData(confirmedDocument)
+      let replaceDocument = confirmedDocument
+      if (!replaceDocument && providerFilter.length && documentKey?._id) {
+        replaceDocument = await collection.findOne({
+          _id: documentKey._id
+        }) as Record<string, unknown> | null
+      }
+      if (!matchesProviderFilter(replaceDocument, providerFilter)) {
+        return
+      }
+      const userData = buildUserData(replaceDocument)
       if (!userData) {
         return
       }
@@ -347,6 +399,17 @@ const handleAuthenticationTrigger = async ({
       return
     }
 
+    let candidateDocument = confirmedDocument
+    if (!candidateDocument && providerFilter.length && documentKey?._id) {
+      candidateDocument = await collection.findOne({
+        _id: documentKey._id
+      }) as Record<string, unknown> | null
+      confirmedDocument = candidateDocument ?? confirmedDocument
+    }
+    if (!matchesProviderFilter(candidateDocument, providerFilter)) {
+      return
+    }
+
     const updateResult = await collection.findOneAndUpdate(
       {
         _id: documentKey._id,
@@ -371,6 +434,9 @@ const handleAuthenticationTrigger = async ({
 
     delete (document as { password?: unknown }).password
 
+    if (!matchesProviderFilter(document, providerFilter)) {
+      return
+    }
     const userData = buildUserData(document)
     if (!userData) {
       return