@fuzdev/fuz_app 0.39.0 → 0.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/CLAUDE.md +89 -17
- package/dist/auth/account_actions.d.ts +5 -3
- package/dist/auth/account_actions.d.ts.map +1 -1
- package/dist/auth/account_actions.js +5 -6
- package/dist/auth/account_routes.d.ts.map +1 -1
- package/dist/auth/account_routes.js +7 -7
- package/dist/auth/admin_action_specs.d.ts +6 -138
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +4 -2
- package/dist/auth/admin_actions.d.ts +4 -3
- package/dist/auth/admin_actions.d.ts.map +1 -1
- package/dist/auth/admin_actions.js +8 -9
- package/dist/auth/audit_log_queries.d.ts +16 -6
- package/dist/auth/audit_log_queries.d.ts.map +1 -1
- package/dist/auth/audit_log_queries.js +7 -8
- package/dist/auth/audit_log_schema.d.ts +24 -74
- package/dist/auth/audit_log_schema.d.ts.map +1 -1
- package/dist/auth/audit_log_schema.js +17 -2
- package/dist/auth/bootstrap_routes.d.ts.map +1 -1
- package/dist/auth/bootstrap_routes.js +3 -3
- package/dist/auth/cleanup.d.ts +9 -1
- package/dist/auth/cleanup.d.ts.map +1 -1
- package/dist/auth/cleanup.js +2 -2
- package/dist/auth/deps.d.ts +13 -1
- package/dist/auth/deps.d.ts.map +1 -1
- package/dist/auth/permit_offer_actions.d.ts +16 -2
- package/dist/auth/permit_offer_actions.d.ts.map +1 -1
- package/dist/auth/permit_offer_actions.js +26 -8
- package/dist/auth/self_service_role_actions.d.ts +136 -0
- package/dist/auth/self_service_role_actions.d.ts.map +1 -0
- package/dist/auth/self_service_role_actions.js +198 -0
- package/dist/auth/signup_routes.d.ts.map +1 -1
- package/dist/auth/signup_routes.js +2 -2
- package/dist/auth/standard_rpc_actions.d.ts +1 -1
- package/dist/auth/standard_rpc_actions.js +1 -1
- package/dist/server/app_backend.d.ts +9 -1
- package/dist/server/app_backend.d.ts.map +1 -1
- package/dist/server/app_backend.js +12 -1
- package/dist/ui/ui_format.d.ts +2 -3
- package/dist/ui/ui_format.d.ts.map +1 -1
- package/dist/ui/ui_format.js +1 -1
- package/package.json +1 -1
package/dist/auth/CLAUDE.md
CHANGED
|
@@ -163,8 +163,12 @@ Separated from runtime types to isolate DDL concerns. Consumed by
|
|
|
163
163
|
- `AuditEventType` (Zod enum), `AuditOutcome` (`'success' | 'failure'`).
|
|
164
164
|
- `AUDIT_METADATA_SCHEMAS` — per-type `z.looseObject`. Notable shapes:
|
|
165
165
|
- `permit_grant` — `scope_id`, optional `permit_id` (failed grants
|
|
166
|
-
omit — `web_grantable` denial never produces a row), optional
|
|
167
|
-
|
|
166
|
+
omit — `web_grantable` denial never produces a row), optional
|
|
167
|
+
`source_offer_id`, optional `self_service` (set by
|
|
168
|
+
`self_service_role_actions.ts`; declared on the schema rather than
|
|
169
|
+
riding on `z.looseObject` so the field is part of the documented surface).
|
|
170
|
+
- `permit_revoke` — `scope_id`, optional `reason`, optional
|
|
171
|
+
`self_service` (same self-service toggle).
|
|
168
172
|
- `permit_offer_create` — optional `offer_id` (failed creates omit).
|
|
169
173
|
- `permit_offer_supersede` — `reason: 'sibling_accepted' | 'permit_revoked'`
|
|
170
174
|
plus `cause_id` (accepted offer id or revoked permit id).
|
|
@@ -179,13 +183,22 @@ Separated from runtime types to isolate DDL concerns. Consumed by
|
|
|
179
183
|
- **Consumer extensibility**: `create_audit_log_config({extra_events})`
|
|
180
184
|
builds an `AuditLogConfig` merging builtins with consumer event-type
|
|
181
185
|
strings keyed to a Zod schema (validates metadata) or `null` (registers
|
|
182
|
-
without validation). Pass the result
|
|
183
|
-
|
|
184
|
-
|
|
186
|
+
without validation). Pass the result to `create_app_backend({audit_log_config})`
|
|
187
|
+
— it lands on `AppDeps.audit_log_config` and `audit_log_fire_and_forget`
|
|
188
|
+
reads it off the deps bundle automatically (defaults to
|
|
189
|
+
`BUILTIN_AUDIT_LOG_CONFIG` when absent). `query_audit_log` still accepts
|
|
190
|
+
the trailing `config` positional arg for in-transaction emit sites that
|
|
191
|
+
don't have `AppDeps`. Builtin collisions and `AuditEventTypeName`
|
|
185
192
|
format failures throw at construction. The DB column is `TEXT NOT NULL`
|
|
186
|
-
(no enum), so consumer types round-trip through list queries
|
|
187
|
-
|
|
188
|
-
|
|
193
|
+
(no enum), so consumer types round-trip through list queries, the
|
|
194
|
+
`audit_log_list` RPC, and SSE identically to builtins.
|
|
195
|
+
`AuditLogEvent.event_type` (row interface), `AuditLogEventJson.event_type`,
|
|
196
|
+
and the `audit_log_list` filter input are all `AuditEventTypeName`
|
|
197
|
+
(regex-validated string) — widened from the closed enum so consumer rows
|
|
198
|
+
round-trip through DB queries, `on_audit_event` callbacks, and
|
|
199
|
+
`spec.output.safeParse` identically to builtins. `AuditLogInput<T>` and
|
|
200
|
+
`AuditMetadataMap` stay closed-enum on the write side — metadata-narrowing
|
|
201
|
+
helpers like `get_audit_metadata` continue to require a builtin type guard.
|
|
189
202
|
- **Drift counters**: `audit_metadata_validation_failures` (schema mismatch)
|
|
190
203
|
and `audit_unknown_event_type_failures` (`event_type` not in active
|
|
191
204
|
config). Both fail-open. Independent in implementation; under the
|
|
@@ -457,12 +470,17 @@ run'` if the seed somehow missed (defensive — migrations always seed).
|
|
|
457
470
|
- `query_audit_log_list_for_account`, `query_audit_log_list_permit_history`
|
|
458
471
|
(filters to `permit_grant` / `permit_revoke`).
|
|
459
472
|
- `query_audit_log_cleanup_before`.
|
|
460
|
-
- **`audit_log_fire_and_forget(route, input,
|
|
473
|
+
- **`audit_log_fire_and_forget(route, input, deps)`** —
|
|
461
474
|
writes to `route.background_db` (pool-level), so audit entries persist
|
|
462
|
-
even when the request transaction rolls back.
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
475
|
+
even when the request transaction rolls back. `deps` is an
|
|
476
|
+
`AuditLogFireAndForgetDeps` bundle (`{log, on_audit_event, audit_log_config?}`)
|
|
477
|
+
— structurally compatible with `Pick<AppDeps, 'log' | 'on_audit_event' | 'audit_log_config'>`,
|
|
478
|
+
so call sites pass the surrounding deps object directly. Bundling
|
|
479
|
+
replaces the prior 5-arg positional signature; consumers that forgot
|
|
480
|
+
the trailing `config` would silently fall back to
|
|
481
|
+
`BUILTIN_AUDIT_LOG_CONFIG`. Write and `on_audit_event` callback
|
|
482
|
+
failures are logged separately. Pushes onto `route.pending_effects`
|
|
483
|
+
for test flushing.
|
|
466
484
|
|
|
467
485
|
### `migrations.ts`
|
|
468
486
|
|
|
@@ -777,7 +795,7 @@ Closure state:
|
|
|
777
795
|
`all_admin_action_specs: Array<RequestResponseActionSpec>` — codegen-ready
|
|
778
796
|
registry of all eleven specs (always includes the two app-settings specs).
|
|
779
797
|
|
|
780
|
-
Deps: `AdminActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event'>`.
|
|
798
|
+
Deps: `AdminActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'>`. The `audit_log_config` slot flows through to `audit_log_fire_and_forget` so consumer-extended event-type metadata gets validated.
|
|
781
799
|
|
|
782
800
|
### `permit_offer_action_specs.ts` + `permit_offer_actions.ts` — seven RPC actions
|
|
783
801
|
|
|
@@ -857,7 +875,7 @@ can't starve others; see `../http/CLAUDE.md` §Pending Effects):
|
|
|
857
875
|
- Revoke → `permit_revoke` to revokee + one `permit_offer_supersede` per
|
|
858
876
|
superseded sibling.
|
|
859
877
|
|
|
860
|
-
Deps: `PermitOfferActionDeps extends Pick<RouteFactoryDeps, 'log' | 'on_audit_event'> & {notification_sender?: NotificationSender | null}`.
|
|
878
|
+
Deps: `PermitOfferActionDeps extends Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'> & {notification_sender?: NotificationSender | null}`.
|
|
861
879
|
Notification sender is optional — when absent, WS fan-out is silently
|
|
862
880
|
skipped (DB-only side effects still happen).
|
|
863
881
|
|
|
@@ -870,6 +888,13 @@ Options:
|
|
|
870
888
|
- `authorize?: PermitOfferCreateAuthorize` — custom policy for
|
|
871
889
|
`permit_offer_create`. Signature:
|
|
872
890
|
`(auth, input: {to_account_id, role, scope_id}, deps: Pick<RouteFactoryDeps, 'log'>, ctx: ActionContext) => boolean | Promise<boolean>`.
|
|
891
|
+
Pre-built option: `authorize_admin_or_holder` admits any admin and
|
|
892
|
+
otherwise falls back to the symmetric default (caller must hold the
|
|
893
|
+
offered role globally). Drop into
|
|
894
|
+
`create_permit_offer_actions({authorize: authorize_admin_or_holder})`
|
|
895
|
+
or any factory that forwards `authorize` (e.g. `create_standard_rpc_actions`)
|
|
896
|
+
for the common "admins offer anything web_grantable; users offer what
|
|
897
|
+
they hold" pattern.
|
|
873
898
|
|
|
874
899
|
`all_permit_offer_action_specs: Array<RequestResponseActionSpec>` —
|
|
875
900
|
codegen-ready registry.
|
|
@@ -945,13 +970,55 @@ Audit events emitted (via `audit_log_fire_and_forget` with `ip: ctx.client_ip`):
|
|
|
945
970
|
IP is the resolved trusted-proxy value from `ActionContext.client_ip`,
|
|
946
971
|
matching the REST handler convention.
|
|
947
972
|
|
|
948
|
-
Deps: `AccountActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event'>`.
|
|
973
|
+
Deps: `AccountActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'>`.
|
|
949
974
|
Options: `{max_tokens?: number | null}` — defaults to `DEFAULT_MAX_TOKENS`
|
|
950
975
|
from `account_routes.ts`; `null` disables the cap.
|
|
951
976
|
|
|
952
977
|
`all_account_action_specs: Array<RequestResponseActionSpec>` — codegen-ready
|
|
953
978
|
registry of all seven specs.
|
|
954
979
|
|
|
980
|
+
### `self_service_role_actions.ts` — opt-in self-service role toggle
|
|
981
|
+
|
|
982
|
+
Two static `request_response` actions — `self_service_role_grant` and
|
|
983
|
+
`self_service_role_revoke` — that take `{role}` as input and toggle a
|
|
984
|
+
global permit on the caller. Both are idempotent: `granted: false` when
|
|
985
|
+
the caller already holds the role, `revoked: false` when they don't.
|
|
986
|
+
Audit metadata carries `self_service: true` so admin reviewers can
|
|
987
|
+
distinguish self-toggled permits from admin grants/offers. The
|
|
988
|
+
`permit_grant` / `permit_revoke` metadata schemas declare
|
|
989
|
+
`self_service: z.boolean().optional()` explicitly, so the field is
|
|
990
|
+
part of the documented surface rather than riding on `z.looseObject`
|
|
991
|
+
permissiveness.
|
|
992
|
+
|
|
993
|
+
Method names are static — `role` lives in the input, not the method
|
|
994
|
+
name. Mirrors the `permit_offer_create({role})` precedent. Per-role
|
|
995
|
+
parameterized methods would break the `satisfies RequestResponseActionSpec`
|
|
996
|
+
codegen invariant and grow the surface linearly per role.
|
|
997
|
+
|
|
998
|
+
`create_self_service_role_actions(deps, options)`:
|
|
999
|
+
|
|
1000
|
+
- `eligible_roles: ReadonlyArray<string>` — required allowlist. Roles
|
|
1001
|
+
outside the list are rejected with `forbidden` + reason
|
|
1002
|
+
`role_not_self_service_eligible` (exported as
|
|
1003
|
+
`ERROR_ROLE_NOT_SELF_SERVICE_ELIGIBLE`).
|
|
1004
|
+
- `roles?: RoleSchemaResult` — optional. When supplied, every entry in
|
|
1005
|
+
`eligible_roles` is checked against `roles.role_options` at factory
|
|
1006
|
+
time so typos throw at startup instead of at first call.
|
|
1007
|
+
|
|
1008
|
+
Grant path uses `query_permit_has_role` for a benign-TOCTOU pre-check
|
|
1009
|
+
(distinguishes new grant from idempotent re-grant), then
|
|
1010
|
+
`query_grant_permit` for the actual insert. Revoke path filters
|
|
1011
|
+
`query_permit_find_active_for_actor` in JS for the matching
|
|
1012
|
+
`(actor, role, scope_id IS NULL)` row before calling
|
|
1013
|
+
`query_revoke_permit`. Bundle is **not** included in
|
|
1014
|
+
`create_standard_rpc_actions` — `eligible_roles` is app-specific, opt-in,
|
|
1015
|
+
spread alongside the standard bundle when needed.
|
|
1016
|
+
|
|
1017
|
+
Deps: `SelfServiceRoleActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'>`.
|
|
1018
|
+
|
|
1019
|
+
`all_self_service_role_action_specs: Array<RequestResponseActionSpec>` —
|
|
1020
|
+
codegen-ready registry of both specs.
|
|
1021
|
+
|
|
955
1022
|
## Cleanup
|
|
956
1023
|
|
|
957
1024
|
`cleanup.ts` — periodic auth maintenance:
|
|
@@ -978,7 +1045,7 @@ resulting permit.
|
|
|
978
1045
|
|
|
979
1046
|
`deps.ts` defines:
|
|
980
1047
|
|
|
981
|
-
- **`AppDeps`** — the stateless capabilities bundle.
|
|
1048
|
+
- **`AppDeps`** — the stateless capabilities bundle. Eight members:
|
|
982
1049
|
- `stat`, `read_text_file`, `delete_file` — filesystem.
|
|
983
1050
|
- `keyring: Keyring` — HMAC-SHA256 signing.
|
|
984
1051
|
- `password: PasswordHashDeps` — use `argon2_password_deps` in production.
|
|
@@ -989,6 +1056,11 @@ resulting permit.
|
|
|
989
1056
|
INSERT. Wire to SSE broadcast for realtime audit streams. Defaults to
|
|
990
1057
|
noop when unwired. Flows automatically through every factory that
|
|
991
1058
|
receives `deps` / `RouteFactoryDeps`.
|
|
1059
|
+
- `audit_log_config?: AuditLogConfig` — optional consumer-extended audit
|
|
1060
|
+
config from `create_audit_log_config({extra_events})`. Wired into
|
|
1061
|
+
`audit_log_fire_and_forget` via the deps bundle so consumer event-type
|
|
1062
|
+
metadata gets validated. Absent → defaults to `BUILTIN_AUDIT_LOG_CONFIG`.
|
|
1063
|
+
Pass at the backend via `create_app_backend({audit_log_config})`.
|
|
992
1064
|
- **`RouteFactoryDeps = Omit<AppDeps, 'db'>`** — for route factories. Route
|
|
993
1065
|
handlers receive DB access via `RouteContext`, so factories don't capture
|
|
994
1066
|
a pool-level `Db`.
|
|
@@ -37,13 +37,15 @@ export interface AccountActionOptions {
|
|
|
37
37
|
* Dependencies for `create_account_actions`.
|
|
38
38
|
*
|
|
39
39
|
* Shares shape with `AdminActionDeps` / `PermitOfferActionDeps` so consumers
|
|
40
|
-
* can pass the same deps to every action factory.
|
|
40
|
+
* can pass the same deps to every action factory. `audit_log_config` is
|
|
41
|
+
* carried through `AppDeps` and consumed by `audit_log_fire_and_forget`;
|
|
42
|
+
* absent → defaults to `BUILTIN_AUDIT_LOG_CONFIG`.
|
|
41
43
|
*/
|
|
42
|
-
export type AccountActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event'>;
|
|
44
|
+
export type AccountActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'>;
|
|
43
45
|
/**
|
|
44
46
|
* Create the self-service account RPC actions.
|
|
45
47
|
*
|
|
46
|
-
* @param deps -
|
|
48
|
+
* @param deps - `AccountActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
|
|
47
49
|
* @param options - per-factory configuration
|
|
48
50
|
* @returns the `RpcAction` array to spread into a `create_rpc_endpoint` call
|
|
49
51
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAiC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAgBxF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAwBhD,4CAA4C;AAC5C,MAAM,WAAW,oBAAoB;IACpC;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED
|
|
1
|
+
{"version":3,"file":"account_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAiC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAgBxF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAwBhD,4CAA4C;AAC5C,MAAM,WAAW,oBAAoB;IACpC;;;;;OAKG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,iBAAiB,GAAG,IAAI,CACnC,gBAAgB,EAChB,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAC7C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,iBAAiB,EACvB,UAAS,oBAAyB,KAChC,KAAK,CAAC,SAAS,CAyHjB,CAAC"}
|
|
@@ -32,12 +32,11 @@ import { account_verify_action_spec, account_session_list_action_spec, account_s
|
|
|
32
32
|
/**
|
|
33
33
|
* Create the self-service account RPC actions.
|
|
34
34
|
*
|
|
35
|
-
* @param deps -
|
|
35
|
+
* @param deps - `AccountActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
|
|
36
36
|
* @param options - per-factory configuration
|
|
37
37
|
* @returns the `RpcAction` array to spread into a `create_rpc_endpoint` call
|
|
38
38
|
*/
|
|
39
39
|
export const create_account_actions = (deps, options = {}) => {
|
|
40
|
-
const { log, on_audit_event } = deps;
|
|
41
40
|
const { max_tokens = DEFAULT_MAX_TOKENS } = options;
|
|
42
41
|
const verify_handler = (_input, ctx) => {
|
|
43
42
|
const auth = ctx.auth;
|
|
@@ -58,7 +57,7 @@ export const create_account_actions = (deps, options = {}) => {
|
|
|
58
57
|
account_id: auth.account.id,
|
|
59
58
|
ip: ctx.client_ip,
|
|
60
59
|
metadata: { session_id: input.session_id },
|
|
61
|
-
},
|
|
60
|
+
}, deps);
|
|
62
61
|
return { ok: true, revoked };
|
|
63
62
|
};
|
|
64
63
|
const session_revoke_all_handler = async (_input, ctx) => {
|
|
@@ -70,7 +69,7 @@ export const create_account_actions = (deps, options = {}) => {
|
|
|
70
69
|
account_id: auth.account.id,
|
|
71
70
|
ip: ctx.client_ip,
|
|
72
71
|
metadata: { count },
|
|
73
|
-
},
|
|
72
|
+
}, deps);
|
|
74
73
|
return { ok: true, count };
|
|
75
74
|
};
|
|
76
75
|
const token_create_handler = async (input, ctx) => {
|
|
@@ -86,7 +85,7 @@ export const create_account_actions = (deps, options = {}) => {
|
|
|
86
85
|
account_id: auth.account.id,
|
|
87
86
|
ip: ctx.client_ip,
|
|
88
87
|
metadata: { token_id: id, name: input.name },
|
|
89
|
-
},
|
|
88
|
+
}, deps);
|
|
90
89
|
return { ok: true, token, id, name: input.name };
|
|
91
90
|
};
|
|
92
91
|
const token_list_handler = async (_input, ctx) => {
|
|
@@ -104,7 +103,7 @@ export const create_account_actions = (deps, options = {}) => {
|
|
|
104
103
|
account_id: auth.account.id,
|
|
105
104
|
ip: ctx.client_ip,
|
|
106
105
|
metadata: { token_id: input.token_id },
|
|
107
|
-
},
|
|
106
|
+
}, deps);
|
|
108
107
|
return { ok: true, revoked };
|
|
109
108
|
};
|
|
110
109
|
return [
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAsBxD,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAElF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAQhD,kFAAkF;AAClF,eAAO,MAAM,kBAAkB,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;kBAI9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,4EAA4E;AAC5E,eAAO,MAAM,iCAAiC;;;iBAG5C,CAAC;AACH,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAElG;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gCAAgC,GAAI,UAAU,oBAAoB,KAAG,SAmChF,CAAC;AAEH,iDAAiD;AACjD,MAAM,WAAW,oBAAoB;IACpC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8FAA8F;IAC9F,gBAAgB,CAAC,EAAE;QAAC,SAAS,EAAE,OAAO,CAAA;KAAC,CAAC;CACxC;AAED,4CAA4C;AAC5C,eAAO,MAAM,oBAAoB,IAAI,CAAC;AAEtC,8CAA8C;AAC9C,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAErC;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,MAAM,CAAC;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,KAAK,CAAC;AAQ/C;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kFAAkF;IAClF,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,uBAAuB;IACnE,4FAA4F;IAC5F,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,2FAA2F;IAC3F,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAID,oFAAoF;AACpF,eAAO,MAAM,UAAU;;;kBAGrB,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD,wFAAwF;AACxF,eAAO,MAAM,WAAW;;kBAEtB,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,2EAA2E;AAC3E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,wFAAwF;AACxF,eAAO,MAAM,YAAY;;;kBAGvB,CAAC;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD,sHAAsH;AACtH,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,uGAAuG;AACvG,eAAO,MAAM,oBAAoB;;;;kBAI/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,gBAAgB,EACtB,SAAS,mBAAmB,KAC1B,KAAK,CAAC,SAAS,
|
|
1
|
+
{"version":3,"file":"account_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAsBxD,OAAO,EAAkB,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAEtE,OAAO,EAA+B,KAAK,WAAW,EAAC,MAAM,oBAAoB,CAAC;AAElF,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AAQhD,kFAAkF;AAClF,eAAO,MAAM,kBAAkB,WAAW,CAAC;AAC3C,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;kBAI9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,4EAA4E;AAC5E,eAAO,MAAM,iCAAiC;;;iBAG5C,CAAC;AACH,MAAM,MAAM,iCAAiC,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iCAAiC,CAAC,CAAC;AAElG;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,gCAAgC,GAAI,UAAU,oBAAoB,KAAG,SAmChF,CAAC;AAEH,iDAAiD;AACjD,MAAM,WAAW,oBAAoB;IACpC,yDAAyD;IACzD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,8FAA8F;IAC9F,gBAAgB,CAAC,EAAE;QAAC,SAAS,EAAE,OAAO,CAAA;KAAC,CAAC;CACxC;AAED,4CAA4C;AAC5C,eAAO,MAAM,oBAAoB,IAAI,CAAC;AAEtC,8CAA8C;AAC9C,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAErC;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,MAAM,CAAC;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,4BAA4B,KAAK,CAAC;AAQ/C;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACvC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kFAAkF;IAClF,eAAe,EAAE,WAAW,GAAG,IAAI,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,mBAAoB,SAAQ,uBAAuB;IACnE,4FAA4F;IAC5F,0BAA0B,EAAE,WAAW,GAAG,IAAI,CAAC;IAC/C,2FAA2F;IAC3F,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B;;;;OAIG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B;;;OAGG;IACH,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAID,oFAAoF;AACpF,eAAO,MAAM,UAAU;;;kBAGrB,CAAC;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,UAAU,CAAC,CAAC;AAEpD,wFAAwF;AACxF,eAAO,MAAM,WAAW;;kBAEtB,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,2EAA2E;AAC3E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,wFAAwF;AACxF,eAAO,MAAM,YAAY;;;kBAGvB,CAAC;AACH,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD,sHAAsH;AACtH,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,uGAAuG;AACvG,eAAO,MAAM,oBAAoB;;;;kBAI/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,gBAAgB,EACtB,SAAS,mBAAmB,KAC1B,KAAK,CAAC,SAAS,CAgPjB,CAAC"}
|
|
@@ -174,7 +174,7 @@ export const PasswordChangeOutput = z.strictObject({
|
|
|
174
174
|
* @returns route specs (not yet applied to Hono)
|
|
175
175
|
*/
|
|
176
176
|
export const create_account_route_specs = (deps, options) => {
|
|
177
|
-
const { keyring, password
|
|
177
|
+
const { keyring, password } = deps;
|
|
178
178
|
const { session_options, ip_rate_limiter, login_account_rate_limiter, max_sessions = DEFAULT_MAX_SESSIONS, login_fail_floor_ms = DEFAULT_LOGIN_FAIL_FLOOR_MS, login_fail_jitter_ms = DEFAULT_LOGIN_FAIL_JITTER_MS, } = options;
|
|
179
179
|
return [
|
|
180
180
|
{
|
|
@@ -243,7 +243,7 @@ export const create_account_route_specs = (deps, options) => {
|
|
|
243
243
|
outcome: 'failure',
|
|
244
244
|
ip: get_client_ip(c),
|
|
245
245
|
metadata: { username },
|
|
246
|
-
}, deps
|
|
246
|
+
}, deps);
|
|
247
247
|
await delay;
|
|
248
248
|
return c.json({ error: ERROR_INVALID_CREDENTIALS }, 401);
|
|
249
249
|
}
|
|
@@ -259,7 +259,7 @@ export const create_account_route_specs = (deps, options) => {
|
|
|
259
259
|
account_id: account.id,
|
|
260
260
|
ip: get_client_ip(c),
|
|
261
261
|
metadata: { username },
|
|
262
|
-
}, deps
|
|
262
|
+
}, deps);
|
|
263
263
|
await delay;
|
|
264
264
|
return c.json({ error: ERROR_INVALID_CREDENTIALS }, 401);
|
|
265
265
|
}
|
|
@@ -280,7 +280,7 @@ export const create_account_route_specs = (deps, options) => {
|
|
|
280
280
|
event_type: 'login',
|
|
281
281
|
account_id: account.id,
|
|
282
282
|
ip: get_client_ip(c),
|
|
283
|
-
}, deps
|
|
283
|
+
}, deps);
|
|
284
284
|
return c.json({ ok: true });
|
|
285
285
|
},
|
|
286
286
|
},
|
|
@@ -304,7 +304,7 @@ export const create_account_route_specs = (deps, options) => {
|
|
|
304
304
|
actor_id: ctx.actor.id,
|
|
305
305
|
account_id: ctx.account.id,
|
|
306
306
|
ip: get_client_ip(c),
|
|
307
|
-
}, deps
|
|
307
|
+
}, deps);
|
|
308
308
|
return c.json({ ok: true, username: ctx.account.username });
|
|
309
309
|
},
|
|
310
310
|
},
|
|
@@ -351,7 +351,7 @@ export const create_account_route_specs = (deps, options) => {
|
|
|
351
351
|
actor_id: ctx.actor.id,
|
|
352
352
|
account_id: ctx.account.id,
|
|
353
353
|
ip: get_client_ip(c),
|
|
354
|
-
}, deps
|
|
354
|
+
}, deps);
|
|
355
355
|
return c.json({ error: ERROR_INVALID_CREDENTIALS }, 401);
|
|
356
356
|
}
|
|
357
357
|
// successful verification — reset rate limiters
|
|
@@ -371,7 +371,7 @@ export const create_account_route_specs = (deps, options) => {
|
|
|
371
371
|
account_id: ctx.account.id,
|
|
372
372
|
ip: get_client_ip(c),
|
|
373
373
|
metadata: { sessions_revoked, tokens_revoked },
|
|
374
|
-
}, deps
|
|
374
|
+
}, deps);
|
|
375
375
|
return c.json({ ok: true, sessions_revoked, tokens_revoked });
|
|
376
376
|
},
|
|
377
377
|
},
|
|
@@ -103,29 +103,7 @@ export type AdminTokenRevokeAllOutput = z.infer<typeof AdminTokenRevokeAllOutput
|
|
|
103
103
|
* after).
|
|
104
104
|
*/
|
|
105
105
|
export declare const AuditLogListInput: z.ZodObject<{
|
|
106
|
-
event_type: z.ZodOptional<z.ZodNullable<z.
|
|
107
|
-
login: "login";
|
|
108
|
-
logout: "logout";
|
|
109
|
-
bootstrap: "bootstrap";
|
|
110
|
-
signup: "signup";
|
|
111
|
-
password_change: "password_change";
|
|
112
|
-
session_revoke: "session_revoke";
|
|
113
|
-
session_revoke_all: "session_revoke_all";
|
|
114
|
-
token_create: "token_create";
|
|
115
|
-
token_revoke: "token_revoke";
|
|
116
|
-
token_revoke_all: "token_revoke_all";
|
|
117
|
-
permit_grant: "permit_grant";
|
|
118
|
-
permit_revoke: "permit_revoke";
|
|
119
|
-
permit_offer_create: "permit_offer_create";
|
|
120
|
-
permit_offer_accept: "permit_offer_accept";
|
|
121
|
-
permit_offer_decline: "permit_offer_decline";
|
|
122
|
-
permit_offer_retract: "permit_offer_retract";
|
|
123
|
-
permit_offer_expire: "permit_offer_expire";
|
|
124
|
-
permit_offer_supersede: "permit_offer_supersede";
|
|
125
|
-
invite_create: "invite_create";
|
|
126
|
-
invite_delete: "invite_delete";
|
|
127
|
-
app_settings_update: "app_settings_update";
|
|
128
|
-
}>>>;
|
|
106
|
+
event_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
129
107
|
outcome: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
130
108
|
success: "success";
|
|
131
109
|
failure: "failure";
|
|
@@ -141,29 +119,7 @@ export declare const AuditLogListOutput: z.ZodObject<{
|
|
|
141
119
|
events: z.ZodArray<z.ZodObject<{
|
|
142
120
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
143
121
|
seq: z.ZodNumber;
|
|
144
|
-
event_type: z.
|
|
145
|
-
login: "login";
|
|
146
|
-
logout: "logout";
|
|
147
|
-
bootstrap: "bootstrap";
|
|
148
|
-
signup: "signup";
|
|
149
|
-
password_change: "password_change";
|
|
150
|
-
session_revoke: "session_revoke";
|
|
151
|
-
session_revoke_all: "session_revoke_all";
|
|
152
|
-
token_create: "token_create";
|
|
153
|
-
token_revoke: "token_revoke";
|
|
154
|
-
token_revoke_all: "token_revoke_all";
|
|
155
|
-
permit_grant: "permit_grant";
|
|
156
|
-
permit_revoke: "permit_revoke";
|
|
157
|
-
permit_offer_create: "permit_offer_create";
|
|
158
|
-
permit_offer_accept: "permit_offer_accept";
|
|
159
|
-
permit_offer_decline: "permit_offer_decline";
|
|
160
|
-
permit_offer_retract: "permit_offer_retract";
|
|
161
|
-
permit_offer_expire: "permit_offer_expire";
|
|
162
|
-
permit_offer_supersede: "permit_offer_supersede";
|
|
163
|
-
invite_create: "invite_create";
|
|
164
|
-
invite_delete: "invite_delete";
|
|
165
|
-
app_settings_update: "app_settings_update";
|
|
166
|
-
}>;
|
|
122
|
+
event_type: z.ZodString;
|
|
167
123
|
outcome: z.ZodEnum<{
|
|
168
124
|
success: "success";
|
|
169
125
|
failure: "failure";
|
|
@@ -190,29 +146,7 @@ export declare const AuditLogPermitHistoryOutput: z.ZodObject<{
|
|
|
190
146
|
events: z.ZodArray<z.ZodObject<{
|
|
191
147
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
192
148
|
seq: z.ZodNumber;
|
|
193
|
-
event_type: z.
|
|
194
|
-
login: "login";
|
|
195
|
-
logout: "logout";
|
|
196
|
-
bootstrap: "bootstrap";
|
|
197
|
-
signup: "signup";
|
|
198
|
-
password_change: "password_change";
|
|
199
|
-
session_revoke: "session_revoke";
|
|
200
|
-
session_revoke_all: "session_revoke_all";
|
|
201
|
-
token_create: "token_create";
|
|
202
|
-
token_revoke: "token_revoke";
|
|
203
|
-
token_revoke_all: "token_revoke_all";
|
|
204
|
-
permit_grant: "permit_grant";
|
|
205
|
-
permit_revoke: "permit_revoke";
|
|
206
|
-
permit_offer_create: "permit_offer_create";
|
|
207
|
-
permit_offer_accept: "permit_offer_accept";
|
|
208
|
-
permit_offer_decline: "permit_offer_decline";
|
|
209
|
-
permit_offer_retract: "permit_offer_retract";
|
|
210
|
-
permit_offer_expire: "permit_offer_expire";
|
|
211
|
-
permit_offer_supersede: "permit_offer_supersede";
|
|
212
|
-
invite_create: "invite_create";
|
|
213
|
-
invite_delete: "invite_delete";
|
|
214
|
-
app_settings_update: "app_settings_update";
|
|
215
|
-
}>;
|
|
149
|
+
event_type: z.ZodString;
|
|
216
150
|
outcome: z.ZodEnum<{
|
|
217
151
|
success: "success";
|
|
218
152
|
failure: "failure";
|
|
@@ -419,29 +353,7 @@ export declare const audit_log_list_action_spec: {
|
|
|
419
353
|
};
|
|
420
354
|
side_effects: false;
|
|
421
355
|
input: z.ZodObject<{
|
|
422
|
-
event_type: z.ZodOptional<z.ZodNullable<z.
|
|
423
|
-
login: "login";
|
|
424
|
-
logout: "logout";
|
|
425
|
-
bootstrap: "bootstrap";
|
|
426
|
-
signup: "signup";
|
|
427
|
-
password_change: "password_change";
|
|
428
|
-
session_revoke: "session_revoke";
|
|
429
|
-
session_revoke_all: "session_revoke_all";
|
|
430
|
-
token_create: "token_create";
|
|
431
|
-
token_revoke: "token_revoke";
|
|
432
|
-
token_revoke_all: "token_revoke_all";
|
|
433
|
-
permit_grant: "permit_grant";
|
|
434
|
-
permit_revoke: "permit_revoke";
|
|
435
|
-
permit_offer_create: "permit_offer_create";
|
|
436
|
-
permit_offer_accept: "permit_offer_accept";
|
|
437
|
-
permit_offer_decline: "permit_offer_decline";
|
|
438
|
-
permit_offer_retract: "permit_offer_retract";
|
|
439
|
-
permit_offer_expire: "permit_offer_expire";
|
|
440
|
-
permit_offer_supersede: "permit_offer_supersede";
|
|
441
|
-
invite_create: "invite_create";
|
|
442
|
-
invite_delete: "invite_delete";
|
|
443
|
-
app_settings_update: "app_settings_update";
|
|
444
|
-
}>>>;
|
|
356
|
+
event_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
445
357
|
outcome: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
446
358
|
success: "success";
|
|
447
359
|
failure: "failure";
|
|
@@ -455,29 +367,7 @@ export declare const audit_log_list_action_spec: {
|
|
|
455
367
|
events: z.ZodArray<z.ZodObject<{
|
|
456
368
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
457
369
|
seq: z.ZodNumber;
|
|
458
|
-
event_type: z.
|
|
459
|
-
login: "login";
|
|
460
|
-
logout: "logout";
|
|
461
|
-
bootstrap: "bootstrap";
|
|
462
|
-
signup: "signup";
|
|
463
|
-
password_change: "password_change";
|
|
464
|
-
session_revoke: "session_revoke";
|
|
465
|
-
session_revoke_all: "session_revoke_all";
|
|
466
|
-
token_create: "token_create";
|
|
467
|
-
token_revoke: "token_revoke";
|
|
468
|
-
token_revoke_all: "token_revoke_all";
|
|
469
|
-
permit_grant: "permit_grant";
|
|
470
|
-
permit_revoke: "permit_revoke";
|
|
471
|
-
permit_offer_create: "permit_offer_create";
|
|
472
|
-
permit_offer_accept: "permit_offer_accept";
|
|
473
|
-
permit_offer_decline: "permit_offer_decline";
|
|
474
|
-
permit_offer_retract: "permit_offer_retract";
|
|
475
|
-
permit_offer_expire: "permit_offer_expire";
|
|
476
|
-
permit_offer_supersede: "permit_offer_supersede";
|
|
477
|
-
invite_create: "invite_create";
|
|
478
|
-
invite_delete: "invite_delete";
|
|
479
|
-
app_settings_update: "app_settings_update";
|
|
480
|
-
}>;
|
|
370
|
+
event_type: z.ZodString;
|
|
481
371
|
outcome: z.ZodEnum<{
|
|
482
372
|
success: "success";
|
|
483
373
|
failure: "failure";
|
|
@@ -511,29 +401,7 @@ export declare const audit_log_permit_history_action_spec: {
|
|
|
511
401
|
events: z.ZodArray<z.ZodObject<{
|
|
512
402
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
513
403
|
seq: z.ZodNumber;
|
|
514
|
-
event_type: z.
|
|
515
|
-
login: "login";
|
|
516
|
-
logout: "logout";
|
|
517
|
-
bootstrap: "bootstrap";
|
|
518
|
-
signup: "signup";
|
|
519
|
-
password_change: "password_change";
|
|
520
|
-
session_revoke: "session_revoke";
|
|
521
|
-
session_revoke_all: "session_revoke_all";
|
|
522
|
-
token_create: "token_create";
|
|
523
|
-
token_revoke: "token_revoke";
|
|
524
|
-
token_revoke_all: "token_revoke_all";
|
|
525
|
-
permit_grant: "permit_grant";
|
|
526
|
-
permit_revoke: "permit_revoke";
|
|
527
|
-
permit_offer_create: "permit_offer_create";
|
|
528
|
-
permit_offer_accept: "permit_offer_accept";
|
|
529
|
-
permit_offer_decline: "permit_offer_decline";
|
|
530
|
-
permit_offer_retract: "permit_offer_retract";
|
|
531
|
-
permit_offer_expire: "permit_offer_expire";
|
|
532
|
-
permit_offer_supersede: "permit_offer_supersede";
|
|
533
|
-
invite_create: "invite_create";
|
|
534
|
-
invite_delete: "invite_delete";
|
|
535
|
-
app_settings_update: "app_settings_update";
|
|
536
|
-
}>;
|
|
404
|
+
event_type: z.ZodString;
|
|
537
405
|
outcome: z.ZodEnum<{
|
|
538
406
|
success: "success";
|
|
539
407
|
failure: "failure";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAezE,sEAAsE;AACtE,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAI5C,iFAAiF;AACjF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,kFAAkF;AAClF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;kBAEnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB
|
|
1
|
+
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAezE,sEAAsE;AACtE,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAI5C,iFAAiF;AACjF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,kFAAkF;AAClF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;kBAEnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;kBAsB5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAWrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;kBAEtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe,WAAW,CAAC;AACxC,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,mDAAmD;AACnD,eAAO,MAAM,mBAAmB,WAAW,CAAC;AAC5C,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;CAUZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;CAUV,CAAC;AAEtC,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUZ,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;CAUD,CAAC;AAEtC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;CAUC,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;CAUD,CAAC;AAEtC,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;CAUP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
import { z } from 'zod';
|
|
19
19
|
import { ROLE_ADMIN, RoleName } from './role_schema.js';
|
|
20
20
|
import { AdminAccountEntryJson, Email, Username } from './account_schema.js';
|
|
21
|
-
import { AdminSessionJson,
|
|
21
|
+
import { AdminSessionJson, AuditEventTypeName, AuditLogEventWithUsernamesJson, AuditOutcome, PermitHistoryEventJson, } from './audit_log_schema.js';
|
|
22
22
|
import { InviteJson, InviteWithUsernamesJson } from './invite_schema.js';
|
|
23
23
|
import { AppSettingsWithUsernameJson } from './app_settings_schema.js';
|
|
24
24
|
import { AUDIT_LOG_DEFAULT_LIMIT } from './audit_log_queries.js';
|
|
@@ -64,7 +64,9 @@ export const AdminTokenRevokeAllOutput = z.strictObject({
|
|
|
64
64
|
* after).
|
|
65
65
|
*/
|
|
66
66
|
export const AuditLogListInput = z.strictObject({
|
|
67
|
-
event_type:
|
|
67
|
+
event_type: AuditEventTypeName.nullish().meta({
|
|
68
|
+
description: 'Filter by event type. Accepts builtin or consumer-registered names (regex-validated).',
|
|
69
|
+
}),
|
|
68
70
|
outcome: AuditOutcome.nullish().meta({
|
|
69
71
|
description: 'Filter by outcome (`success` or `failure`).',
|
|
70
72
|
}),
|
|
@@ -55,13 +55,14 @@ export interface AdminActionOptions {
|
|
|
55
55
|
* Shares shape with `PermitOfferActionDeps` so consumers can pass the same
|
|
56
56
|
* deps to both factories. `log` drives RPC-internal error logging;
|
|
57
57
|
* `on_audit_event` is wired by the two revoke-all mutations so SSE fan-out
|
|
58
|
-
* mirrors the former REST-route behavior.
|
|
58
|
+
* mirrors the former REST-route behavior. `audit_log_config` flows from
|
|
59
|
+
* `AppDeps` and is consumed by `audit_log_fire_and_forget`.
|
|
59
60
|
*/
|
|
60
|
-
export type AdminActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event'>;
|
|
61
|
+
export type AdminActionDeps = Pick<RouteFactoryDeps, 'log' | 'on_audit_event' | 'audit_log_config'>;
|
|
61
62
|
/**
|
|
62
63
|
* Create the admin-only RPC actions.
|
|
63
64
|
*
|
|
64
|
-
* @param deps -
|
|
65
|
+
* @param deps - `AdminActionDeps` slice of `AppDeps` (`log`, `on_audit_event`, optional `audit_log_config`)
|
|
65
66
|
* @param options - role schema for `grantable_roles` derivation
|
|
66
67
|
* @returns the `RpcAction` array to spread into a `create_rpc_endpoint` call
|
|
67
68
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAiC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAExF,OAAO,EAAuB,KAAK,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;AAuB7E,OAAO,EAAC,KAAK,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAK1D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AA8ChD,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IAClC;;;;OAIG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED
|
|
1
|
+
{"version":3,"file":"admin_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAiC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAExF,OAAO,EAAuB,KAAK,gBAAgB,EAAC,MAAM,kBAAkB,CAAC;AAuB7E,OAAO,EAAC,KAAK,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAK1D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AA8ChD,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IAClC;;;;OAIG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAAC,CAAC;AAEpG;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,eAAe,EACrB,UAAS,kBAAuB,KAC9B,KAAK,CAAC,SAAS,CAmSjB,CAAC"}
|