@fuzdev/fuz_app 0.52.0 → 0.53.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions/CLAUDE.md +29 -9
- package/dist/actions/action_codegen.d.ts +10 -35
- package/dist/actions/action_codegen.d.ts.map +1 -1
- package/dist/actions/action_codegen.js +13 -42
- package/dist/actions/action_peer.d.ts.map +1 -1
- package/dist/actions/action_peer.js +0 -9
- package/dist/actions/action_registry.d.ts +0 -4
- package/dist/actions/action_registry.d.ts.map +1 -1
- package/dist/actions/action_registry.js +4 -10
- package/dist/actions/action_rpc.d.ts +16 -0
- package/dist/actions/action_rpc.d.ts.map +1 -1
- package/dist/actions/action_rpc.js +41 -20
- package/dist/actions/action_spec.d.ts +54 -5
- package/dist/actions/action_spec.d.ts.map +1 -1
- package/dist/actions/action_spec.js +21 -5
- package/dist/actions/frontend_rpc_client.d.ts +1 -9
- package/dist/actions/frontend_rpc_client.d.ts.map +1 -1
- package/dist/actions/frontend_rpc_client.js +1 -9
- package/dist/actions/register_action_ws.d.ts +16 -0
- package/dist/actions/register_action_ws.d.ts.map +1 -1
- package/dist/actions/register_action_ws.js +41 -1
- package/dist/actions/request_tracker.svelte.d.ts +10 -15
- package/dist/actions/request_tracker.svelte.d.ts.map +1 -1
- package/dist/actions/request_tracker.svelte.js +10 -15
- package/dist/actions/rpc_client.d.ts +0 -1
- package/dist/actions/rpc_client.d.ts.map +1 -1
- package/dist/actions/rpc_client.js +3 -17
- package/dist/actions/socket.svelte.d.ts +0 -1
- package/dist/actions/socket.svelte.d.ts.map +1 -1
- package/dist/actions/socket.svelte.js +0 -1
- package/dist/actions/transports.d.ts +4 -3
- package/dist/actions/transports.d.ts.map +1 -1
- package/dist/actions/transports.js +4 -13
- package/dist/actions/transports_ws_auth_guard.d.ts +0 -2
- package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
- package/dist/actions/transports_ws_auth_guard.js +0 -2
- package/dist/actions/transports_ws_backend.d.ts.map +1 -1
- package/dist/actions/transports_ws_backend.js +0 -9
- package/dist/auth/CLAUDE.md +24 -14
- package/dist/auth/account_queries.d.ts +0 -3
- package/dist/auth/account_queries.d.ts.map +1 -1
- package/dist/auth/account_queries.js +0 -3
- package/dist/auth/admin_action_specs.d.ts +5 -0
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +5 -0
- package/dist/auth/api_token_queries.d.ts +0 -1
- package/dist/auth/api_token_queries.d.ts.map +1 -1
- package/dist/auth/api_token_queries.js +0 -1
- package/dist/auth/audit_log_queries.d.ts +0 -1
- package/dist/auth/audit_log_queries.d.ts.map +1 -1
- package/dist/auth/audit_log_queries.js +0 -1
- package/dist/auth/audit_log_routes.d.ts +2 -2
- package/dist/auth/audit_log_routes.js +2 -2
- package/dist/auth/invite_queries.d.ts +0 -1
- package/dist/auth/invite_queries.d.ts.map +1 -1
- package/dist/auth/invite_queries.js +0 -1
- package/dist/auth/permit_offer_action_specs.d.ts +1 -0
- package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
- package/dist/auth/permit_offer_action_specs.js +1 -0
- package/dist/auth/permit_offer_queries.d.ts +0 -1
- package/dist/auth/permit_offer_queries.d.ts.map +1 -1
- package/dist/auth/permit_offer_queries.js +0 -1
- package/dist/auth/permit_queries.d.ts +0 -1
- package/dist/auth/permit_queries.d.ts.map +1 -1
- package/dist/auth/permit_queries.js +0 -1
- package/dist/auth/session_lifecycle.d.ts +0 -1
- package/dist/auth/session_lifecycle.d.ts.map +1 -1
- package/dist/auth/session_lifecycle.js +0 -1
- package/dist/auth/session_middleware.d.ts +0 -4
- package/dist/auth/session_middleware.d.ts.map +1 -1
- package/dist/auth/session_middleware.js +0 -4
- package/dist/cli/config.d.ts +0 -3
- package/dist/cli/config.d.ts.map +1 -1
- package/dist/cli/config.js +0 -3
- package/dist/cli/daemon.d.ts +1 -1
- package/dist/cli/daemon.js +1 -1
- package/dist/db/create_db.d.ts +0 -1
- package/dist/db/create_db.d.ts.map +1 -1
- package/dist/db/create_db.js +0 -1
- package/dist/db/db.d.ts +0 -4
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/db.js +0 -4
- package/dist/db/db_pg.d.ts +2 -2
- package/dist/db/db_pg.js +2 -2
- package/dist/db/db_pglite.d.ts +1 -2
- package/dist/db/db_pglite.d.ts.map +1 -1
- package/dist/db/db_pglite.js +1 -2
- package/dist/db/migrate.d.ts +0 -1
- package/dist/db/migrate.d.ts.map +1 -1
- package/dist/db/migrate.js +0 -1
- package/dist/dev/setup.d.ts +0 -3
- package/dist/dev/setup.d.ts.map +1 -1
- package/dist/dev/setup.js +0 -3
- package/dist/env/load.d.ts +0 -2
- package/dist/env/load.d.ts.map +1 -1
- package/dist/env/load.js +0 -2
- package/dist/hono_context.d.ts +2 -5
- package/dist/hono_context.d.ts.map +1 -1
- package/dist/hono_context.js +2 -5
- package/dist/http/common_routes.d.ts +0 -8
- package/dist/http/common_routes.d.ts.map +1 -1
- package/dist/http/common_routes.js +0 -8
- package/dist/http/db_routes.d.ts +0 -3
- package/dist/http/db_routes.d.ts.map +1 -1
- package/dist/http/db_routes.js +0 -3
- package/dist/http/error_schemas.d.ts +12 -11
- package/dist/http/error_schemas.d.ts.map +1 -1
- package/dist/http/error_schemas.js +11 -7
- package/dist/http/jsonrpc_errors.d.ts +0 -6
- package/dist/http/jsonrpc_errors.d.ts.map +1 -1
- package/dist/http/jsonrpc_errors.js +0 -6
- package/dist/http/origin.d.ts +6 -13
- package/dist/http/origin.d.ts.map +1 -1
- package/dist/http/origin.js +7 -14
- package/dist/http/proxy.d.ts +1 -7
- package/dist/http/proxy.d.ts.map +1 -1
- package/dist/http/proxy.js +1 -7
- package/dist/http/route_spec.d.ts +13 -35
- package/dist/http/route_spec.d.ts.map +1 -1
- package/dist/http/route_spec.js +10 -22
- package/dist/http/schema_helpers.d.ts +0 -4
- package/dist/http/schema_helpers.d.ts.map +1 -1
- package/dist/http/schema_helpers.js +0 -4
- package/dist/http/surface.d.ts +2 -12
- package/dist/http/surface.d.ts.map +1 -1
- package/dist/http/surface.js +1 -12
- package/dist/rate_limiter.d.ts +16 -0
- package/dist/rate_limiter.d.ts.map +1 -1
- package/dist/rate_limiter.js +26 -0
- package/dist/realtime/sse.d.ts +0 -1
- package/dist/realtime/sse.d.ts.map +1 -1
- package/dist/realtime/sse.js +0 -1
- package/dist/realtime/subscriber_registry.d.ts +0 -3
- package/dist/realtime/subscriber_registry.d.ts.map +1 -1
- package/dist/realtime/subscriber_registry.js +0 -3
- package/dist/runtime/fs.d.ts +1 -4
- package/dist/runtime/fs.d.ts.map +1 -1
- package/dist/runtime/fs.js +1 -4
- package/dist/runtime/mock.d.ts +0 -3
- package/dist/runtime/mock.d.ts.map +1 -1
- package/dist/runtime/mock.js +0 -3
- package/dist/server/app_server.d.ts +27 -5
- package/dist/server/app_server.d.ts.map +1 -1
- package/dist/server/app_server.js +19 -7
- package/dist/server/startup.d.ts +0 -2
- package/dist/server/startup.d.ts.map +1 -1
- package/dist/server/startup.js +0 -2
- package/dist/server/static.d.ts +0 -1
- package/dist/server/static.d.ts.map +1 -1
- package/dist/server/static.js +0 -1
- package/dist/server/validate_nginx.d.ts +0 -3
- package/dist/server/validate_nginx.d.ts.map +1 -1
- package/dist/server/validate_nginx.js +0 -3
- package/dist/testing/CLAUDE.md +1 -1
- package/dist/testing/admin_integration.d.ts +0 -1
- package/dist/testing/admin_integration.d.ts.map +1 -1
- package/dist/testing/admin_integration.js +3 -6
- package/dist/testing/adversarial_404.d.ts +0 -2
- package/dist/testing/adversarial_404.d.ts.map +1 -1
- package/dist/testing/adversarial_404.js +0 -2
- package/dist/testing/adversarial_headers.d.ts +0 -1
- package/dist/testing/adversarial_headers.d.ts.map +1 -1
- package/dist/testing/adversarial_headers.js +0 -1
- package/dist/testing/adversarial_input.d.ts +0 -2
- package/dist/testing/adversarial_input.d.ts.map +1 -1
- package/dist/testing/adversarial_input.js +0 -2
- package/dist/testing/app_server.d.ts +22 -0
- package/dist/testing/app_server.d.ts.map +1 -1
- package/dist/testing/app_server.js +2 -4
- package/dist/testing/assertions.d.ts +0 -4
- package/dist/testing/assertions.d.ts.map +1 -1
- package/dist/testing/assertions.js +0 -4
- package/dist/testing/attack_surface.d.ts +0 -4
- package/dist/testing/attack_surface.d.ts.map +1 -1
- package/dist/testing/attack_surface.js +0 -4
- package/dist/testing/audit_completeness.d.ts +0 -1
- package/dist/testing/audit_completeness.d.ts.map +1 -1
- package/dist/testing/audit_completeness.js +0 -1
- package/dist/testing/auth_apps.d.ts +2 -10
- package/dist/testing/auth_apps.d.ts.map +1 -1
- package/dist/testing/auth_apps.js +2 -10
- package/dist/testing/data_exposure.d.ts +0 -11
- package/dist/testing/data_exposure.d.ts.map +1 -1
- package/dist/testing/data_exposure.js +0 -11
- package/dist/testing/db.d.ts +0 -6
- package/dist/testing/db.d.ts.map +1 -1
- package/dist/testing/db.js +0 -6
- package/dist/testing/error_coverage.d.ts +0 -14
- package/dist/testing/error_coverage.d.ts.map +1 -1
- package/dist/testing/error_coverage.js +0 -14
- package/dist/testing/integration.d.ts +0 -1
- package/dist/testing/integration.d.ts.map +1 -1
- package/dist/testing/integration.js +0 -1
- package/dist/testing/integration_helpers.d.ts +1 -36
- package/dist/testing/integration_helpers.d.ts.map +1 -1
- package/dist/testing/integration_helpers.js +1 -43
- package/dist/testing/middleware.d.ts +0 -10
- package/dist/testing/middleware.d.ts.map +1 -1
- package/dist/testing/middleware.js +0 -10
- package/dist/testing/mock_fs.d.ts +0 -2
- package/dist/testing/mock_fs.d.ts.map +1 -1
- package/dist/testing/mock_fs.js +0 -2
- package/dist/testing/rate_limiting.d.ts +0 -1
- package/dist/testing/rate_limiting.d.ts.map +1 -1
- package/dist/testing/rate_limiting.js +0 -1
- package/dist/testing/round_trip.d.ts +0 -2
- package/dist/testing/round_trip.d.ts.map +1 -1
- package/dist/testing/round_trip.js +0 -2
- package/dist/testing/rpc_attack_surface.d.ts +0 -2
- package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
- package/dist/testing/rpc_attack_surface.js +0 -2
- package/dist/testing/rpc_helpers.d.ts +0 -6
- package/dist/testing/rpc_helpers.d.ts.map +1 -1
- package/dist/testing/rpc_helpers.js +0 -6
- package/dist/testing/rpc_round_trip.d.ts +0 -2
- package/dist/testing/rpc_round_trip.d.ts.map +1 -1
- package/dist/testing/rpc_round_trip.js +0 -2
- package/dist/testing/schema_generators.d.ts +0 -3
- package/dist/testing/schema_generators.d.ts.map +1 -1
- package/dist/testing/schema_generators.js +17 -3
- package/dist/testing/sse_round_trip.d.ts +0 -1
- package/dist/testing/sse_round_trip.d.ts.map +1 -1
- package/dist/testing/sse_round_trip.js +0 -1
- package/dist/testing/standard.d.ts +0 -2
- package/dist/testing/standard.d.ts.map +1 -1
- package/dist/testing/standard.js +0 -2
- package/dist/testing/stubs.d.ts +3 -5
- package/dist/testing/stubs.d.ts.map +1 -1
- package/dist/testing/stubs.js +5 -5
- package/dist/testing/surface_invariants.d.ts +0 -3
- package/dist/testing/surface_invariants.d.ts.map +1 -1
- package/dist/testing/surface_invariants.js +0 -3
- package/dist/ui/CLAUDE.md +1 -1
- package/dist/ui/audit_log_state.svelte.js +1 -1
- package/dist/ui/position_helpers.d.ts +0 -3
- package/dist/ui/position_helpers.d.ts.map +1 -1
- package/dist/ui/position_helpers.js +0 -3
- package/dist/ui/sidebar_state.svelte.d.ts +1 -2
- package/dist/ui/sidebar_state.svelte.d.ts.map +1 -1
- package/dist/ui/sidebar_state.svelte.js +1 -2
- package/dist/ui/ui_fetch.d.ts +1 -7
- package/dist/ui/ui_fetch.d.ts.map +1 -1
- package/dist/ui/ui_fetch.js +1 -7
- package/dist/ui/ui_format.d.ts +2 -14
- package/dist/ui/ui_format.d.ts.map +1 -1
- package/dist/ui/ui_format.js +2 -14
- package/package.json +2 -2
|
@@ -50,9 +50,10 @@ export class Transports {
|
|
|
50
50
|
this.#current_transport = transport;
|
|
51
51
|
}
|
|
52
52
|
/**
|
|
53
|
-
*
|
|
54
|
-
*
|
|
55
|
-
*
|
|
53
|
+
* Resolve a transport. With `allow_fallback`, walks specified → current →
|
|
54
|
+
* any-ready; without, returns the named transport (or current) only when
|
|
55
|
+
* it's ready.
|
|
56
|
+
*
|
|
56
57
|
* @returns the resolved transport, or `null` when none is ready
|
|
57
58
|
*/
|
|
58
59
|
get_transport(transport_name) {
|
|
@@ -76,11 +77,6 @@ export class Transports {
|
|
|
76
77
|
get_transport_by_name(transport_name) {
|
|
77
78
|
return this.#transport_by_name.get(transport_name) ?? null;
|
|
78
79
|
}
|
|
79
|
-
/**
|
|
80
|
-
* Gets the specified transport, defaulting to the current.
|
|
81
|
-
* @param transport_name - optional transport type to use instead of the current
|
|
82
|
-
* @returns the resolved transport when ready, else `null`
|
|
83
|
-
*/
|
|
84
80
|
#get_exact(transport_name) {
|
|
85
81
|
const transport = transport_name
|
|
86
82
|
? this.#transport_by_name.get(transport_name)
|
|
@@ -90,11 +86,6 @@ export class Transports {
|
|
|
90
86
|
}
|
|
91
87
|
return null;
|
|
92
88
|
}
|
|
93
|
-
/**
|
|
94
|
-
* Gets the appropriate transport.
|
|
95
|
-
* @param transport_name - optional transport type or array of types to use instead of the current
|
|
96
|
-
* @returns the first ready transport (specified → current → any), or `null`
|
|
97
|
-
*/
|
|
98
89
|
#get_first_ready(transport_name) {
|
|
99
90
|
// First try the specified transport(s) if provided
|
|
100
91
|
if (transport_name) {
|
|
@@ -45,7 +45,6 @@ export declare const WS_DISCONNECT_EVENT_TYPES: ReadonlySet<string>;
|
|
|
45
45
|
* the submitted session_id), so reacting to them would let any authenticated
|
|
46
46
|
* user close another user's socket by guessing a session hash or token id.
|
|
47
47
|
*
|
|
48
|
-
* @param transport - the backend WebSocket transport to guard
|
|
49
48
|
* @param log - logger for disconnect events (info level on non-zero closures)
|
|
50
49
|
* @returns an `on_audit_event` callback suitable for `CreateAppBackendOptions`.
|
|
51
50
|
* The returned callback mutates `transport` (closing matching sockets via
|
|
@@ -78,7 +77,6 @@ export declare const create_ws_auth_guard: (transport: BackendWebsocketTransport
|
|
|
78
77
|
* to them would let an unauthenticated probe close the targeted account's
|
|
79
78
|
* sockets by submitting a logout for an arbitrary `account_id`.
|
|
80
79
|
*
|
|
81
|
-
* @param transport - the backend WebSocket transport to guard
|
|
82
80
|
* @param log - logger for disconnect events (info level on non-zero closures)
|
|
83
81
|
* @returns an `on_audit_event` callback wireable alongside `create_ws_auth_guard`.
|
|
84
82
|
* The returned callback mutates `transport` via `close_sockets_for_account`
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transports_ws_auth_guard.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/transports_ws_auth_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,4BAA4B,CAAC;AAE1E;;;;;;;;GAQG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;AAE/D;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB,EAAE,WAAW,CAAC,MAAM,CAMxD,CAAC;AAEH
|
|
1
|
+
{"version":3,"file":"transports_ws_auth_guard.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/transports_ws_auth_guard.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,4BAA4B,CAAC;AAE1E;;;;;;;;GAQG;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;AAE/D;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB,EAAE,WAAW,CAAC,MAAM,CAMxD,CAAC;AAEH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,oBAAoB,GAChC,WAAW,yBAAyB,EACpC,KAAK,MAAM,KACT,iBA6CF,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,eAAO,MAAM,uBAAuB,GACnC,WAAW,yBAAyB,EACpC,KAAK,MAAM,KACT,iBAaF,CAAC"}
|
|
@@ -38,7 +38,6 @@ export const WS_DISCONNECT_EVENT_TYPES = new Set([
|
|
|
38
38
|
* the submitted session_id), so reacting to them would let any authenticated
|
|
39
39
|
* user close another user's socket by guessing a session hash or token id.
|
|
40
40
|
*
|
|
41
|
-
* @param transport - the backend WebSocket transport to guard
|
|
42
41
|
* @param log - logger for disconnect events (info level on non-zero closures)
|
|
43
42
|
* @returns an `on_audit_event` callback suitable for `CreateAppBackendOptions`.
|
|
44
43
|
* The returned callback mutates `transport` (closing matching sockets via
|
|
@@ -112,7 +111,6 @@ export const create_ws_auth_guard = (transport, log) => {
|
|
|
112
111
|
* to them would let an unauthenticated probe close the targeted account's
|
|
113
112
|
* sockets by submitting a logout for an arbitrary `account_id`.
|
|
114
113
|
*
|
|
115
|
-
* @param transport - the backend WebSocket transport to guard
|
|
116
114
|
* @param log - logger for disconnect events (info level on non-zero closures)
|
|
117
115
|
* @returns an `on_audit_event` callback wireable alongside `create_ws_auth_guard`.
|
|
118
116
|
* The returned callback mutates `transport` via `close_sockets_for_account`
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transports_ws_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/transports_ws_backend.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,SAAS,CAAC;AACvC,OAAO,EAAc,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE9D,OAAO,KAAK,EAEX,gCAAgC,EAChC,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,MAAM,oBAAoB,CAAC;AAO5B,OAAO,EAA2B,KAAK,SAAS,EAAE,KAAK,oBAAoB,EAAC,MAAM,iBAAiB,CAAC;AAIpG;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IAClC,sEAAsE;IACtE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,4CAA4C;IAC5C,UAAU,EAAE,IAAI,CAAC;IACjB,sEAAsE;IACtE,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,4BAA6B,SAAQ,SAAS;IAC9D,kBAAkB,EAAE,CACnB,OAAO,EAAE,gCAAgC,EACzC,SAAS,EAAE,CAAC,QAAQ,EAAE,kBAAkB,KAAK,OAAO,KAChD,MAAM,CAAC;CACZ;AAED,qDAAqD;AACrD,eAAO,MAAM,iCAAiC,GAC7C,WAAW,SAAS,KAClB,SAAS,IAAI,4BAEqE,CAAC;AAEtF,qBAAa,yBAA0B,YAAW,4BAA4B;;IAC7E,QAAQ,CAAC,cAAc,EAAG,uBAAuB,CAAU;IAY3D;;;;;;;;;;;;OAYG;IACH,cAAc,CACb,EAAE,EAAE,SAAS,EACb,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,UAAU,EAAE,IAAI,EAChB,YAAY,GAAE,MAAM,GAAG,IAAW,GAChC,IAAI;IAQP;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,EAAE,SAAS,GAAG,IAAI;IA0BtC;;;;;;OAMG;IACH,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAIrD;;;;;;OAMG;IACH,yBAAyB,CAAC,UAAU,EAAE,IAAI,GAAG,MAAM;IAInD;;;;;;;;;;OAUG;IACH,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM;
|
|
1
|
+
{"version":3,"file":"transports_ws_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/actions/transports_ws_backend.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,SAAS,CAAC;AACvC,OAAO,EAAc,KAAK,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE9D,OAAO,KAAK,EAEX,gCAAgC,EAChC,mBAAmB,EACnB,cAAc,EACd,sBAAsB,EACtB,oBAAoB,EACpB,MAAM,oBAAoB,CAAC;AAO5B,OAAO,EAA2B,KAAK,SAAS,EAAE,KAAK,oBAAoB,EAAC,MAAM,iBAAiB,CAAC;AAIpG;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IAClC,sEAAsE;IACtE,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,4CAA4C;IAC5C,UAAU,EAAE,IAAI,CAAC;IACjB,sEAAsE;IACtE,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,4BAA6B,SAAQ,SAAS;IAC9D,kBAAkB,EAAE,CACnB,OAAO,EAAE,gCAAgC,EACzC,SAAS,EAAE,CAAC,QAAQ,EAAE,kBAAkB,KAAK,OAAO,KAChD,MAAM,CAAC;CACZ;AAED,qDAAqD;AACrD,eAAO,MAAM,iCAAiC,GAC7C,WAAW,SAAS,KAClB,SAAS,IAAI,4BAEqE,CAAC;AAEtF,qBAAa,yBAA0B,YAAW,4BAA4B;;IAC7E,QAAQ,CAAC,cAAc,EAAG,uBAAuB,CAAU;IAY3D;;;;;;;;;;;;OAYG;IACH,cAAc,CACb,EAAE,EAAE,SAAS,EACb,UAAU,EAAE,MAAM,GAAG,IAAI,EACzB,UAAU,EAAE,IAAI,EAChB,YAAY,GAAE,MAAM,GAAG,IAAW,GAChC,IAAI;IAQP;;;;;;OAMG;IACH,iBAAiB,CAAC,EAAE,EAAE,SAAS,GAAG,IAAI;IA0BtC;;;;;;OAMG;IACH,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM;IAIrD;;;;;;OAMG;IACH,yBAAyB,CAAC,UAAU,EAAE,IAAI,GAAG,MAAM;IAInD;;;;;;;;;;OAUG;IACH,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM;IAgB/C,IAAI,CACT,OAAO,EAAE,cAAc,EACvB,OAAO,CAAC,EAAE,oBAAoB,GAC5B,OAAO,CAAC,sBAAsB,CAAC;IAC5B,IAAI,CACT,OAAO,EAAE,mBAAmB,EAC5B,OAAO,CAAC,EAAE,oBAAoB,GAC5B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA0CvC;;;;;;;;;OASG;IACH,kBAAkB,CACjB,OAAO,EAAE,gCAAgC,EACzC,SAAS,EAAE,CAAC,QAAQ,EAAE,kBAAkB,KAAK,OAAO,GAClD,MAAM;IAoBT;;;;;;;;;;;;;OAaG;IACH,eAAe,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,gCAAgC,GAAG,MAAM;IAIpF,QAAQ,IAAI,OAAO;IAInB;;;;;;;OAOG;IACH,oBAAoB,IAAI,MAAM;CAG9B"}
|
|
@@ -105,17 +105,11 @@ export class BackendWebsocketTransport {
|
|
|
105
105
|
close_sockets_for_token(api_token_id) {
|
|
106
106
|
return this.#close_where((id) => id.api_token_id === api_token_id);
|
|
107
107
|
}
|
|
108
|
-
/**
|
|
109
|
-
* Remove all tracking state for a connection.
|
|
110
|
-
*/
|
|
111
108
|
#cleanup_connection(connection_id, ws) {
|
|
112
109
|
this.#connections.delete(connection_id);
|
|
113
110
|
this.#connection_ids.delete(ws);
|
|
114
111
|
this.#connection_identities.delete(connection_id);
|
|
115
112
|
}
|
|
116
|
-
/**
|
|
117
|
-
* Clean up a connection and close its socket with a revocation code.
|
|
118
|
-
*/
|
|
119
113
|
#revoke_connection(connection_id, ws) {
|
|
120
114
|
this.#cleanup_connection(connection_id, ws);
|
|
121
115
|
ws.close(WS_CLOSE_SESSION_REVOKED, 'Session revoked');
|
|
@@ -135,9 +129,6 @@ export class BackendWebsocketTransport {
|
|
|
135
129
|
return create_jsonrpc_error_response(to_jsonrpc_message_id(message), jsonrpc_error_messages.internal_error(error instanceof Error ? error.message : 'failed to broadcast notification'));
|
|
136
130
|
}
|
|
137
131
|
}
|
|
138
|
-
/**
|
|
139
|
-
* Broadcast a message to all connected clients.
|
|
140
|
-
*/
|
|
141
132
|
#broadcast(message) {
|
|
142
133
|
const serialized = JSON.stringify(message);
|
|
143
134
|
for (const ws of this.#connections.values()) {
|
package/dist/auth/CLAUDE.md
CHANGED
|
@@ -835,7 +835,7 @@ The 2026-04-22 RPC migration moved audit-log list + permit-history reads
|
|
|
835
835
|
(plus admin session listing) to `admin_actions.ts`. The sole remaining
|
|
836
836
|
REST concern is the optional SSE stream:
|
|
837
837
|
|
|
838
|
-
- **`GET /audit
|
|
838
|
+
- **`GET /audit/stream`** — optional, wired only when
|
|
839
839
|
`AuditLogRouteOptions.stream` is passed. Streams aren't an RPC concern.
|
|
840
840
|
Uses `AUTH_SESSION_TOKEN_HASH_KEY` for SSE `scope` identity (so
|
|
841
841
|
`session_revoke` can close only that session's stream); `groups: [account_id]`
|
|
@@ -872,19 +872,29 @@ enforces admin before the handler runs. `permit_revoke` in
|
|
|
872
872
|
sibling methods are authenticated-but-not-admin — the dispatcher checks
|
|
873
873
|
auth per-spec, so mixed-auth endpoints compose cleanly.
|
|
874
874
|
|
|
875
|
-
| Spec | Side effects | Input | Output |
|
|
876
|
-
| -------------------------------------- | ------------ | --------------------------------------------------------- | ----------------------------- |
|
|
877
|
-
| `admin_account_list_action_spec` | false | `z.void()` | `{accounts, grantable_roles}` |
|
|
878
|
-
| `admin_session_list_action_spec` | false | `z.void()` | `{sessions}` |
|
|
879
|
-
| `admin_session_revoke_all_action_spec` | true | `{account_id}` | `{ok, count}` |
|
|
880
|
-
| `admin_token_revoke_all_action_spec` | true | `{account_id}` | `{ok, count}` |
|
|
881
|
-
| `audit_log_list_action_spec` | false | `{event_type?, account_id?, limit?, offset?, since_seq?}` | `{events}` |
|
|
882
|
-
| `audit_log_permit_history_action_spec` | false | `{limit?, offset?}` | `{events}` |
|
|
883
|
-
| `invite_create_action_spec` | true | `{email?, username?}` | `{ok, invite}` |
|
|
884
|
-
| `invite_list_action_spec` | false | `z.void()` | `{invites}` |
|
|
885
|
-
| `invite_delete_action_spec` | true | `{invite_id}` | `{ok}` |
|
|
886
|
-
| `app_settings_get_action_spec` | false | `z.void()` | `{settings}` |
|
|
887
|
-
| `app_settings_update_action_spec` | true | `{open_signup}` | `{ok, settings}` |
|
|
875
|
+
| Spec | Side effects | Rate limit | Input | Output |
|
|
876
|
+
| -------------------------------------- | ------------ | ----------- | --------------------------------------------------------- | ----------------------------- |
|
|
877
|
+
| `admin_account_list_action_spec` | false | | `z.void()` | `{accounts, grantable_roles}` |
|
|
878
|
+
| `admin_session_list_action_spec` | false | | `z.void()` | `{sessions}` |
|
|
879
|
+
| `admin_session_revoke_all_action_spec` | true | `'account'` | `{account_id}` | `{ok, count}` |
|
|
880
|
+
| `admin_token_revoke_all_action_spec` | true | `'account'` | `{account_id}` | `{ok, count}` |
|
|
881
|
+
| `audit_log_list_action_spec` | false | | `{event_type?, account_id?, limit?, offset?, since_seq?}` | `{events}` |
|
|
882
|
+
| `audit_log_permit_history_action_spec` | false | | `{limit?, offset?}` | `{events}` |
|
|
883
|
+
| `invite_create_action_spec` | true | `'account'` | `{email?, username?}` | `{ok, invite}` |
|
|
884
|
+
| `invite_list_action_spec` | false | | `z.void()` | `{invites}` |
|
|
885
|
+
| `invite_delete_action_spec` | true | `'account'` | `{invite_id}` | `{ok}` |
|
|
886
|
+
| `app_settings_get_action_spec` | false | | `z.void()` | `{settings}` |
|
|
887
|
+
| `app_settings_update_action_spec` | true | `'account'` | `{open_signup}` | `{ok, settings}` |
|
|
888
|
+
|
|
889
|
+
Mutating admin specs declare `rate_limit: 'account'` — keyed on the
|
|
890
|
+
admin's `request_context.actor.id`. The dispatcher's per-action hook
|
|
891
|
+
(shared by HTTP RPC + WS) records every invocation regardless of
|
|
892
|
+
outcome so successful probes (e.g. `invite_create`'s account-existence
|
|
893
|
+
oracle on the `LOWER()` lookup in `query_account_by_username/_by_email`)
|
|
894
|
+
consume budget. Default `DEFAULT_ACTION_ACCOUNT_RATE_LIMIT` is 1200/15min
|
|
895
|
+
per actor — permissive enough for any human admin workflow, slow enough
|
|
896
|
+
that scripted oracles surface in audit. Tighten downstream via
|
|
897
|
+
`AppServerOptions.action_account_rate_limiter`.
|
|
888
898
|
|
|
889
899
|
`AUDIT_LOG_LIST_LIMIT_MAX = 200` — page size clamp (mirrors the former REST
|
|
890
900
|
route).
|
|
@@ -15,7 +15,6 @@ import { type Account, type Actor, type CreateAccountInput, type AdminAccountEnt
|
|
|
15
15
|
* @param input - the account fields
|
|
16
16
|
* @returns the created account
|
|
17
17
|
* @mutates `account` table - inserts the new row
|
|
18
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
19
18
|
*/
|
|
20
19
|
export declare const query_create_account: (deps: QueryDeps, input: CreateAccountInput) => Promise<Account>;
|
|
21
20
|
/**
|
|
@@ -66,7 +65,6 @@ export declare const query_account_has_any: (deps: QueryDeps) => Promise<boolean
|
|
|
66
65
|
* @param name - display name (defaults to account username)
|
|
67
66
|
* @returns the created actor
|
|
68
67
|
* @mutates `actor` table - inserts the new row
|
|
69
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
70
68
|
*/
|
|
71
69
|
export declare const query_create_actor: (deps: QueryDeps, account_id: string, name: string) => Promise<Actor>;
|
|
72
70
|
/**
|
|
@@ -88,7 +86,6 @@ export declare const query_actor_by_id: (deps: QueryDeps, id: string) => Promise
|
|
|
88
86
|
* @param input - the account fields
|
|
89
87
|
* @returns the created account and actor
|
|
90
88
|
* @mutates `account` and `actor` tables - inserts one row in each
|
|
91
|
-
* @throws Error if either INSERT does not return a row
|
|
92
89
|
*/
|
|
93
90
|
export declare const query_create_account_with_actor: (deps: QueryDeps, input: CreateAccountInput) => Promise<{
|
|
94
91
|
account: Account;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAEN,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,MAAM,qBAAqB,CAAC;AAE7B
|
|
1
|
+
{"version":3,"file":"account_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAEN,KAAK,OAAO,EACZ,KAAK,KAAK,EACV,KAAK,kBAAkB,EACvB,KAAK,qBAAqB,EAC1B,MAAM,qBAAqB,CAAC;AAE7B;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,OAAO,kBAAkB,KACvB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,OAAO,GAAG,SAAS,CAE7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,OAAO,GAAG,SAAS,CAI7B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,OAAO,GAAG,SAAS,CAS7B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,eAAe,MAAM,EACrB,YAAY,MAAM,GAAG,IAAI,KACvB,OAAO,CAAC,IAAI,CAKd,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,GAAU,MAAM,SAAS,EAAE,IAAI,MAAM,KAAG,OAAO,CAAC,OAAO,CAKvF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,OAAO,CAK5E,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,MAAM,MAAM,KACV,OAAO,CAAC,KAAK,CAMf,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,KAAK,GAAG,SAAS,CAE3B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,KAAK,GAAG,SAAS,CAE3B,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,SAAS,EACf,OAAO,kBAAkB,KACvB,OAAO,CAAC;IAAC,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAI1C,CAAC;AAyBF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,SAAS,KACb,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,CA+EtC,CAAC"}
|
|
@@ -15,7 +15,6 @@ import { to_admin_account, } from './account_schema.js';
|
|
|
15
15
|
* @param input - the account fields
|
|
16
16
|
* @returns the created account
|
|
17
17
|
* @mutates `account` table - inserts the new row
|
|
18
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
19
18
|
*/
|
|
20
19
|
export const query_create_account = async (deps, input) => {
|
|
21
20
|
const row = await deps.db.query_one(`INSERT INTO account (username, password_hash, email)
|
|
@@ -96,7 +95,6 @@ export const query_account_has_any = async (deps) => {
|
|
|
96
95
|
* @param name - display name (defaults to account username)
|
|
97
96
|
* @returns the created actor
|
|
98
97
|
* @mutates `actor` table - inserts the new row
|
|
99
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
100
98
|
*/
|
|
101
99
|
export const query_create_actor = async (deps, account_id, name) => {
|
|
102
100
|
const row = await deps.db.query_one(`INSERT INTO actor (account_id, name) VALUES ($1, $2) RETURNING *`, [account_id, name]);
|
|
@@ -125,7 +123,6 @@ export const query_actor_by_id = async (deps, id) => {
|
|
|
125
123
|
* @param input - the account fields
|
|
126
124
|
* @returns the created account and actor
|
|
127
125
|
* @mutates `account` and `actor` tables - inserts one row in each
|
|
128
|
-
* @throws Error if either INSERT does not return a row
|
|
129
126
|
*/
|
|
130
127
|
export const query_create_account_with_actor = async (deps, input) => {
|
|
131
128
|
const account = await query_create_account(deps, input);
|
|
@@ -325,6 +325,7 @@ export declare const admin_session_revoke_all_action_spec: {
|
|
|
325
325
|
}, z.core.$strict>;
|
|
326
326
|
async: true;
|
|
327
327
|
description: string;
|
|
328
|
+
rate_limit: "account";
|
|
328
329
|
};
|
|
329
330
|
export declare const admin_token_revoke_all_action_spec: {
|
|
330
331
|
method: string;
|
|
@@ -343,6 +344,7 @@ export declare const admin_token_revoke_all_action_spec: {
|
|
|
343
344
|
}, z.core.$strict>;
|
|
344
345
|
async: true;
|
|
345
346
|
description: string;
|
|
347
|
+
rate_limit: "account";
|
|
346
348
|
};
|
|
347
349
|
export declare const audit_log_list_action_spec: {
|
|
348
350
|
method: string;
|
|
@@ -445,6 +447,7 @@ export declare const invite_create_action_spec: {
|
|
|
445
447
|
}, z.core.$strict>;
|
|
446
448
|
async: true;
|
|
447
449
|
description: string;
|
|
450
|
+
rate_limit: "account";
|
|
448
451
|
};
|
|
449
452
|
export declare const invite_list_action_spec: {
|
|
450
453
|
method: string;
|
|
@@ -487,6 +490,7 @@ export declare const invite_delete_action_spec: {
|
|
|
487
490
|
}, z.core.$strict>;
|
|
488
491
|
async: true;
|
|
489
492
|
description: string;
|
|
493
|
+
rate_limit: "account";
|
|
490
494
|
};
|
|
491
495
|
export declare const app_settings_get_action_spec: {
|
|
492
496
|
method: string;
|
|
@@ -530,6 +534,7 @@ export declare const app_settings_update_action_spec: {
|
|
|
530
534
|
}, z.core.$strict>;
|
|
531
535
|
async: true;
|
|
532
536
|
description: string;
|
|
537
|
+
rate_limit: "account";
|
|
533
538
|
};
|
|
534
539
|
/**
|
|
535
540
|
* All admin action specs — a codegen-ready registry. Consumers spread this
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAczE,sEAAsE;AACtE,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAI5C,iFAAiF;AACjF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,kFAAkF;AAClF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;kBAEnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;kBAsB5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAWrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;kBAEtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe,WAAW,CAAC;AACxC,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,mDAAmD;AACnD,eAAO,MAAM,mBAAmB,WAAW,CAAC;AAC5C,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC
|
|
1
|
+
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAczE,sEAAsE;AACtE,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAI5C,iFAAiF;AACjF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,kFAAkF;AAClF,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;kBAEnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;kBAsB5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAWrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;kBAEtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe,WAAW,CAAC;AACxC,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,mDAAmD;AACnD,eAAO,MAAM,mBAAmB,WAAW,CAAC;AAC5C,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;CAWV,CAAC;AAEtC,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUZ,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;CAUC,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;CAWP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}
|
|
@@ -177,6 +177,7 @@ export const admin_session_revoke_all_action_spec = {
|
|
|
177
177
|
output: AdminSessionRevokeAllOutput,
|
|
178
178
|
async: true,
|
|
179
179
|
description: 'Revoke all sessions for an account. Admin-only.',
|
|
180
|
+
rate_limit: 'account',
|
|
180
181
|
};
|
|
181
182
|
export const admin_token_revoke_all_action_spec = {
|
|
182
183
|
method: 'admin_token_revoke_all',
|
|
@@ -188,6 +189,7 @@ export const admin_token_revoke_all_action_spec = {
|
|
|
188
189
|
output: AdminTokenRevokeAllOutput,
|
|
189
190
|
async: true,
|
|
190
191
|
description: 'Revoke all API tokens for an account. Admin-only.',
|
|
192
|
+
rate_limit: 'account',
|
|
191
193
|
};
|
|
192
194
|
export const audit_log_list_action_spec = {
|
|
193
195
|
method: 'audit_log_list',
|
|
@@ -221,6 +223,7 @@ export const invite_create_action_spec = {
|
|
|
221
223
|
output: InviteCreateOutput,
|
|
222
224
|
async: true,
|
|
223
225
|
description: 'Create an invite addressed to an email, username, or both. Admin-only.',
|
|
226
|
+
rate_limit: 'account',
|
|
224
227
|
};
|
|
225
228
|
export const invite_list_action_spec = {
|
|
226
229
|
method: 'invite_list',
|
|
@@ -243,6 +246,7 @@ export const invite_delete_action_spec = {
|
|
|
243
246
|
output: InviteDeleteOutput,
|
|
244
247
|
async: true,
|
|
245
248
|
description: 'Delete an unclaimed invite. Admin-only.',
|
|
249
|
+
rate_limit: 'account',
|
|
246
250
|
};
|
|
247
251
|
export const app_settings_get_action_spec = {
|
|
248
252
|
method: 'app_settings_get',
|
|
@@ -265,6 +269,7 @@ export const app_settings_update_action_spec = {
|
|
|
265
269
|
output: AppSettingsUpdateOutput,
|
|
266
270
|
async: true,
|
|
267
271
|
description: 'Update global app settings (currently just the open signup toggle). Admin-only.',
|
|
272
|
+
rate_limit: 'account',
|
|
268
273
|
};
|
|
269
274
|
/**
|
|
270
275
|
* All admin action specs — a codegen-ready registry. Consumers spread this
|
|
@@ -21,7 +21,6 @@ export interface ApiTokenQueryDeps extends QueryDeps {
|
|
|
21
21
|
* @param expires_at - optional expiration
|
|
22
22
|
* @returns the stored token record
|
|
23
23
|
* @mutates `api_token` table - inserts the new row keyed by `id`
|
|
24
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
25
24
|
*/
|
|
26
25
|
export declare const query_create_api_token: (deps: QueryDeps, id: string, account_id: string, name: string, token_hash: string, expires_at?: Date | null) => Promise<ApiToken>;
|
|
27
26
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api_token_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/api_token_queries.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,qBAAqB,CAAC;AAGlD,yEAAyE;AACzE,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IACnD,GAAG,EAAE,MAAM,CAAC;CACZ;AAED
|
|
1
|
+
{"version":3,"file":"api_token_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/api_token_queries.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,qBAAqB,CAAC;AAGlD,yEAAyE;AACzE,MAAM,WAAW,iBAAkB,SAAQ,SAAS;IACnD,GAAG,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,sBAAsB,GAClC,MAAM,SAAS,EACf,IAAI,MAAM,EACV,YAAY,MAAM,EAClB,MAAM,MAAM,EACZ,YAAY,MAAM,EAClB,aAAa,IAAI,GAAG,IAAI,KACtB,OAAO,CAAC,QAAQ,CAQlB,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,iBAAiB,EACvB,WAAW,MAAM,EACjB,IAAI,MAAM,GAAG,SAAS,EACtB,iBAAiB,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,SAAS,KAC/C,OAAO,CAAC,QAAQ,GAAG,SAAS,CAuB9B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,IAAI,MAAM,EACV,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAMjB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,EACf,YAAY,MAAM,KAChB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC,CAM7C,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,YAAY,MAAM,KAChB,OAAO,CAAC,MAAM,CAYhB,CAAC"}
|
|
@@ -16,7 +16,6 @@ import { hash_api_token } from './api_token.js';
|
|
|
16
16
|
* @param expires_at - optional expiration
|
|
17
17
|
* @returns the stored token record
|
|
18
18
|
* @mutates `api_token` table - inserts the new row keyed by `id`
|
|
19
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
20
19
|
*/
|
|
21
20
|
export const query_create_api_token = async (deps, id, account_id, name, token_hash, expires_at) => {
|
|
22
21
|
const row = await deps.db.query_one(`INSERT INTO api_token (id, account_id, name, token_hash, expires_at)
|
|
@@ -38,7 +38,6 @@ export declare const reset_audit_unknown_event_type_failures: () => void;
|
|
|
38
38
|
* @returns the inserted audit log row
|
|
39
39
|
* @mutates `audit_log` table - inserts the new row
|
|
40
40
|
* @mutates drift counters - bumps `audit_unknown_event_type_failures` and/or `audit_metadata_validation_failures` on mismatch
|
|
41
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
42
41
|
*/
|
|
43
42
|
export declare const query_audit_log: <T extends string>(deps: QueryDeps, input: AuditLogInput<T>, config?: AuditLogConfig) => Promise<AuditLogEvent>;
|
|
44
43
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit_log_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,YAAY,EAAC,MAAM,uBAAuB,CAAC;AACxD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,WAAW,CAAC;AACvC,OAAO,EAGN,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,8BAA8B,EACnC,KAAK,sBAAsB,EAC3B,MAAM,uBAAuB,CAAC;AAa/B,iFAAiF;AACjF,eAAO,MAAM,sCAAsC,QAAO,MACvB,CAAC;AAEpC,0CAA0C;AAC1C,eAAO,MAAM,wCAAwC,QAAO,IAE3D,CAAC;AAYF,gFAAgF;AAChF,eAAO,MAAM,qCAAqC,QAAO,MACvB,CAAC;AAEnC,0CAA0C;AAC1C,eAAO,MAAM,uCAAuC,QAAO,IAE1D,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"audit_log_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,YAAY,EAAC,MAAM,uBAAuB,CAAC;AACxD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,WAAW,CAAC;AACvC,OAAO,EAGN,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,8BAA8B,EACnC,KAAK,sBAAsB,EAC3B,MAAM,uBAAuB,CAAC;AAa/B,iFAAiF;AACjF,eAAO,MAAM,sCAAsC,QAAO,MACvB,CAAC;AAEpC,0CAA0C;AAC1C,eAAO,MAAM,wCAAwC,QAAO,IAE3D,CAAC;AAYF,gFAAgF;AAChF,eAAO,MAAM,qCAAqC,QAAO,MACvB,CAAC;AAEnC,0CAA0C;AAC1C,eAAO,MAAM,uCAAuC,QAAO,IAE1D,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,eAAe,GAAU,CAAC,SAAS,MAAM,EACrD,MAAM,SAAS,EACf,OAAO,aAAa,CAAC,CAAC,CAAC,EACvB,SAAQ,cAAyC,KAC/C,OAAO,CAAC,aAAa,CAmCvB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAwC9B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mCAAmC,GAC/C,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CA8C/C,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAA+B,KAC7B,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAO9B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,mCAAmC,GAC/C,MAAM,SAAS,EACf,cAA+B,EAC/B,eAAU,KACR,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAYvC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,8BAA8B,GAC1C,MAAM,SAAS,EACf,QAAQ,IAAI,KACV,OAAO,CAAC,MAAM,CAMhB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,MAAM,yBAAyB,GAAG,IAAI,CAC3C,OAAO,EACP,KAAK,GAAG,gBAAgB,GAAG,kBAAkB,CAC7C,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GAAI,CAAC,SAAS,MAAM,EACzD,OAAO,IAAI,CAAC,YAAY,EAAE,eAAe,GAAG,iBAAiB,CAAC,EAC9D,OAAO,aAAa,CAAC,CAAC,CAAC,EACvB,MAAM,yBAAyB,KAC7B,OAAO,CAAC,IAAI,CAed,CAAC"}
|
|
@@ -59,7 +59,6 @@ export const reset_audit_unknown_event_type_failures = () => {
|
|
|
59
59
|
* @returns the inserted audit log row
|
|
60
60
|
* @mutates `audit_log` table - inserts the new row
|
|
61
61
|
* @mutates drift counters - bumps `audit_unknown_event_type_failures` and/or `audit_metadata_validation_failures` on mismatch
|
|
62
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
63
62
|
*/
|
|
64
63
|
export const query_audit_log = async (deps, input, config = BUILTIN_AUDIT_LOG_CONFIG) => {
|
|
65
64
|
if (!config.event_types.includes(input.event_type)) {
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* The two list-reads (`audit_log_list`, `audit_log_permit_history`) moved to
|
|
5
5
|
* RPC in `auth/admin_actions.ts`, and the admin session listing moved to
|
|
6
6
|
* `admin_session_list` on the same file. What remains here is the optional
|
|
7
|
-
* `GET /audit
|
|
7
|
+
* `GET /audit/stream` SSE route — streams aren't an action-kind, so they
|
|
8
8
|
* stay on REST. The event payload broadcast on the stream surfaces via
|
|
9
9
|
* `AUDIT_LOG_EVENT_SPECS` (one `EventSpec` per audit event type) declared
|
|
10
10
|
* alongside the broadcaster in `../realtime/sse_auth_guard.ts`.
|
|
@@ -20,7 +20,7 @@ export interface AuditLogRouteOptions {
|
|
|
20
20
|
/** Role required to access audit routes. Default `'admin'`. */
|
|
21
21
|
required_role?: string;
|
|
22
22
|
/**
|
|
23
|
-
* When provided, includes an SSE route at `/audit
|
|
23
|
+
* When provided, includes an SSE route at `/audit/stream` for realtime audit events.
|
|
24
24
|
* The `subscribe` function receives the stream, channels, and the subscriber's `account_id`
|
|
25
25
|
* as an identity key — enabling `close_by_identity()` for auth revocation.
|
|
26
26
|
*/
|
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* The two list-reads (`audit_log_list`, `audit_log_permit_history`) moved to
|
|
5
5
|
* RPC in `auth/admin_actions.ts`, and the admin session listing moved to
|
|
6
6
|
* `admin_session_list` on the same file. What remains here is the optional
|
|
7
|
-
* `GET /audit
|
|
7
|
+
* `GET /audit/stream` SSE route — streams aren't an action-kind, so they
|
|
8
8
|
* stay on REST. The event payload broadcast on the stream surfaces via
|
|
9
9
|
* `AUDIT_LOG_EVENT_SPECS` (one `EventSpec` per audit event type) declared
|
|
10
10
|
* alongside the broadcaster in `../realtime/sse_auth_guard.ts`.
|
|
@@ -32,7 +32,7 @@ export const create_audit_log_route_specs = (options) => {
|
|
|
32
32
|
return [
|
|
33
33
|
{
|
|
34
34
|
method: 'GET',
|
|
35
|
-
path: '/audit
|
|
35
|
+
path: '/audit/stream',
|
|
36
36
|
auth: { type: 'role', role },
|
|
37
37
|
description: 'Subscribe to realtime audit log events',
|
|
38
38
|
input: z.null(),
|
|
@@ -15,7 +15,6 @@ import type { Invite, CreateInviteInput, InviteWithUsernamesJson } from './invit
|
|
|
15
15
|
* @param input - the invite fields
|
|
16
16
|
* @returns the created invite
|
|
17
17
|
* @mutates `invite` table - inserts the new row
|
|
18
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
19
18
|
*/
|
|
20
19
|
export declare const query_create_invite: (deps: QueryDeps, input: CreateInviteInput) => Promise<Invite>;
|
|
21
20
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"invite_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAE,iBAAiB,EAAE,uBAAuB,EAAC,MAAM,oBAAoB,CAAC;AAE3F
|
|
1
|
+
{"version":3,"file":"invite_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/invite_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAE,iBAAiB,EAAE,uBAAuB,EAAC,MAAM,oBAAoB,CAAC;AAE3F;;;;;;;GAOG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,OAAO,iBAAiB,KACtB,OAAO,CAAC,MAAM,CAQhB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,EACf,OAAO,MAAM,KACX,OAAO,CAAC,MAAM,GAAG,SAAS,CAK5B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,MAAM,GAAG,SAAS,CAK5B,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAC7C,MAAM,SAAS,EACf,OAAO,MAAM,GAAG,IAAI,EACpB,UAAU,MAAM,KACd,OAAO,CAAC,MAAM,GAAG,SAAS,CAe5B,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,WAAW,MAAM,EACjB,YAAY,MAAM,KAChB,OAAO,CAAC,OAAO,CAQjB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAU,MAAM,SAAS,KAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAElF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,oCAAoC,GAChD,MAAM,SAAS,KACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAUxC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,IAAI,MAAM,KACR,OAAO,CAAC,OAAO,CAMjB,CAAC"}
|
|
@@ -14,7 +14,6 @@ import { assert_row } from '../db/assert_row.js';
|
|
|
14
14
|
* @param input - the invite fields
|
|
15
15
|
* @returns the created invite
|
|
16
16
|
* @mutates `invite` table - inserts the new row
|
|
17
|
-
* @throws Error if the INSERT does not return a row (failed `assert_row` invariant)
|
|
18
17
|
*/
|
|
19
18
|
export const query_create_invite = async (deps, input) => {
|
|
20
19
|
const row = await deps.db.query_one(`INSERT INTO invite (email, username, created_by)
|
|
@@ -359,6 +359,7 @@ export declare const permit_revoke_action_spec: {
|
|
|
359
359
|
async: true;
|
|
360
360
|
description: string;
|
|
361
361
|
error_reasons: ("account_not_found" | "role_not_web_grantable" | "permit_not_found")[];
|
|
362
|
+
rate_limit: "account";
|
|
362
363
|
};
|
|
363
364
|
/**
|
|
364
365
|
* All permit-offer action specs — a codegen-ready registry. Consumers spread
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAUzE,gEAAgE;AAChE,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,kEAAkE;AAClE,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAC9D,sDAAsD;AACtD,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAC5D,wGAAwG;AACxG,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAChE,qGAAqG;AACrG,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,gKAAgK;AAChK,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAI1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;kBAWjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;kBAOlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,mGAAmG;AACnG,eAAO,MAAM,oBAAoB;;kBAI/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB;;;;kBAO5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE;;;;GAIG;AACH,eAAO,MAAM,uBAAuB;;;;kBAUlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;kBAIlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,kEAAkE;AAClE,eAAO,MAAM,mBAAmB;;kBAAwC,CAAC;AACzE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AACxF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,yCAAyC;AACzC,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AAC3F,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgBP,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAYP,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWL,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,yBAAyB
|
|
1
|
+
{"version":3,"file":"permit_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAUzE,gEAAgE;AAChE,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AACpE,kEAAkE;AAClE,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAC9D,sDAAsD;AACtD,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAC5D,wGAAwG;AACxG,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAChE,qGAAqG;AACrG,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,gKAAgK;AAChK,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAI1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;kBAWjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;kBAOlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,mGAAmG;AACnG,eAAO,MAAM,oBAAoB;;kBAI/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;;;GAMG;AACH,eAAO,MAAM,iBAAiB;;;;kBAO5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE;;;;GAIG;AACH,eAAO,MAAM,uBAAuB;;;;kBAUlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;kBAElC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;kBAIlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E,kEAAkE;AAClE,eAAO,MAAM,mBAAmB;;kBAAwC,CAAC;AACzE,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AACxF,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,yCAAyC;AACzC,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;kBAAqD,CAAC;AAC3F,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAIpE,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgBP,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAYP,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWL,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWR,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;CAaD,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,6BAA6B,EAAE,KAAK,CAAC,yBAAyB,CAQ1E,CAAC"}
|
|
@@ -209,6 +209,7 @@ export const permit_revoke_action_spec = {
|
|
|
209
209
|
async: true,
|
|
210
210
|
description: 'Revoke an active permit on a target actor. Admin-only. Supersedes any pending offers for the same (account, role, scope). Fires permit_revoke + permit_offer_supersede notifications.',
|
|
211
211
|
error_reasons: [ERROR_PERMIT_NOT_FOUND, ERROR_ACCOUNT_NOT_FOUND, ERROR_ROLE_NOT_WEB_GRANTABLE],
|
|
212
|
+
rate_limit: 'account',
|
|
212
213
|
};
|
|
213
214
|
/**
|
|
214
215
|
* All permit-offer action specs — a codegen-ready registry. Consumers spread
|
|
@@ -69,7 +69,6 @@ export declare class PermitOfferSelfTargetError extends Error {
|
|
|
69
69
|
*
|
|
70
70
|
* @mutates `permit_offer` table - inserts a new offer or upserts the matching pending row
|
|
71
71
|
* @throws PermitOfferSelfTargetError if the offering actor belongs to `to_account_id`
|
|
72
|
-
* @throws Error if the INSERT/UPSERT does not return a row (failed `assert_row` invariant)
|
|
73
72
|
*/
|
|
74
73
|
export declare const query_permit_offer_create: (deps: QueryDeps, input: CreatePermitOfferInput) => Promise<PermitOffer>;
|
|
75
74
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit_offer_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAEhD,OAAO,EAEN,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzD;;;;;GAKG;AACH,qBAAa,+BAAgC,SAAQ,KAAK;gBAC7C,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;gBACrC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;gBACtC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;;GAMG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;;CAKpD;AAED
|
|
1
|
+
{"version":3,"file":"permit_offer_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_offer_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,qBAAqB,CAAC;AAEhD,OAAO,EAEN,KAAK,sBAAsB,EAC3B,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,uBAAuB,CAAC;AAEzD;;;;;GAKG;AACH,qBAAa,+BAAgC,SAAQ,KAAK;gBAC7C,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;gBACrC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;GAKG;AACH,qBAAa,wBAAyB,SAAQ,KAAK;gBACtC,QAAQ,EAAE,MAAM;CAI5B;AAED;;;;;;GAMG;AACH,qBAAa,0BAA2B,SAAQ,KAAK;;CAKpD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,yBAAyB,GACrC,MAAM,SAAS,EACf,OAAO,sBAAsB,KAC3B,OAAO,CAAC,WAAW,CAyBrB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,eAAe,MAAM,EACrB,QAAQ,MAAM,GAAG,IAAI,KACnB,OAAO,CAAC,WAAW,GAAG,IAAI,CAe5B,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,0BAA0B,GACtC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,eAAe,MAAM,KACnB,OAAO,CAAC,WAAW,GAAG,IAAI,CAe5B,CAAC;AA8BF;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,GACnC,MAAM,SAAS,EACf,eAAe,MAAM,KACnB,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAY5B,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sCAAsC,GAClD,MAAM,SAAS,EACf,YAAY,MAAM,EAClB,cAAW,EACX,eAAU,KACR,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAS5B,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,+BAA+B,GAC3C,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,WAAW,GAAG,IAAI,CAY5B,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,SAAS,KACb,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAU5B,CAAC;AAEF,sCAAsC;AACtC,MAAM,WAAW,gBAAgB;IAChC,QAAQ,EAAE,IAAI,CAAC;IACf,mGAAmG;IACnG,aAAa,EAAE,IAAI,CAAC;IACpB,gDAAgD;IAChD,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACnB;AAED,yHAAyH;AACzH,MAAM,WAAW,iBAAiB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,WAAW,CAAC;IACnB,4IAA4I;IAC5I,OAAO,EAAE,OAAO,CAAC;IACjB;;;;;OAKG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IAC1C,sLAAsL;IACtL,YAAY,EAAE,KAAK,CAAC,aAAa,CAAC,CAAC;CACnC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,OAAO,gBAAgB,KACrB,OAAO,CAAC,iBAAiB,CAqK3B,CAAC"}
|
|
@@ -80,7 +80,6 @@ export class PermitOfferSelfTargetError extends Error {
|
|
|
80
80
|
*
|
|
81
81
|
* @mutates `permit_offer` table - inserts a new offer or upserts the matching pending row
|
|
82
82
|
* @throws PermitOfferSelfTargetError if the offering actor belongs to `to_account_id`
|
|
83
|
-
* @throws Error if the INSERT/UPSERT does not return a row (failed `assert_row` invariant)
|
|
84
83
|
*/
|
|
85
84
|
export const query_permit_offer_create = async (deps, input) => {
|
|
86
85
|
const actor = await query_actor_by_account(deps, input.to_account_id);
|
|
@@ -25,7 +25,6 @@ import { type SupersededOffer } from './permit_offer_schema.js';
|
|
|
25
25
|
* @param input - the permit fields
|
|
26
26
|
* @returns the created or existing active permit
|
|
27
27
|
* @mutates `permit` table - inserts a row when no active permit matches `(actor_id, role, scope_id)`
|
|
28
|
-
* @throws Error if the idempotent fallback `SELECT` does not return a row (failed `assert_row` invariant)
|
|
29
28
|
*/
|
|
30
29
|
export declare const query_grant_permit: (deps: QueryDeps, input: GrantPermitInput) => Promise<Permit>;
|
|
31
30
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"permit_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,MAAM,EAAE,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAmC,KAAK,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAEhG
|
|
1
|
+
{"version":3,"file":"permit_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/permit_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAEjD,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AACnD,OAAO,KAAK,EAAC,MAAM,EAAE,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAmC,KAAK,eAAe,EAAC,MAAM,0BAA0B,CAAC;AAEhG;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,kBAAkB,GAC9B,MAAM,SAAS,EACf,OAAO,gBAAgB,KACrB,OAAO,CAAC,MAAM,CA4BhB,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,WAAW,MAAM,EACjB,UAAU,MAAM,KACd,OAAO,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAC,GAAG,IAAI,CAO/B,CAAC;AAEF,6GAA6G;AAC7G,MAAM,WAAW,kBAAkB;IAClC,EAAE,EAAE,IAAI,CAAC;IACT,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,IAAI,GAAG,IAAI,CAAC;IACtB;;;;;;;;OAQG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,mBAAmB,GAC/B,MAAM,SAAS,EACf,WAAW,IAAI,EACf,UAAU,IAAI,EACd,YAAY,IAAI,GAAG,IAAI,EACvB,SAAS,MAAM,GAAG,IAAI,KACpB,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAsCnC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CASvB,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,GACjC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,MAAM,MAAM,EACZ,WAAW,MAAM,GAAG,IAAI,KACtB,OAAO,CAAC,OAAO,CAajB,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,SAAS,EACf,UAAU,MAAM,KACd,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAKvB,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,qCAAqC,GACjD,MAAM,SAAS,EACf,MAAM,MAAM,KACV,OAAO,CAAC,MAAM,GAAG,IAAI,CAavB,CAAC;AAEF,sIAAsI;AACtI,MAAM,WAAW,oBAAoB;IACpC;;;;OAIG;IACH,OAAO,EAAE,KAAK,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,IAAI,CAAC;QAAC,UAAU,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IAClF;;;;;;;;;;OAUG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,SAAS,EACf,UAAU,IAAI,EACd,YAAY,IAAI,GAAG,IAAI,EACvB,SAAS,MAAM,GAAG,IAAI,KACpB,OAAO,CAAC,oBAAoB,CA2C9B,CAAC;AAEF,yHAAyH;AACzH,MAAM,WAAW,gBAAgB;IAChC;;;;OAIG;IACH,OAAO,EAAE,KAAK,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,CAAC,CAAC;IAC/F;;;;;OAKG;IACH,iBAAiB,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CAC1C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,wBAAwB,GACpC,MAAM,SAAS,EACf,UAAU,MAAM,EAChB,MAAM,MAAM,EACZ,YAAY,MAAM,GAAG,IAAI,EACzB,SAAS,MAAM,GAAG,IAAI,KACpB,OAAO,CAAC,gBAAgB,CA2C1B,CAAC"}
|
|
@@ -23,7 +23,6 @@ import { PERMIT_OFFER_SCOPE_SENTINEL_UUID } from './permit_offer_schema.js';
|
|
|
23
23
|
* @param input - the permit fields
|
|
24
24
|
* @returns the created or existing active permit
|
|
25
25
|
* @mutates `permit` table - inserts a row when no active permit matches `(actor_id, role, scope_id)`
|
|
26
|
-
* @throws Error if the idempotent fallback `SELECT` does not return a row (failed `assert_row` invariant)
|
|
27
26
|
*/
|
|
28
27
|
export const query_grant_permit = async (deps, input) => {
|
|
29
28
|
const inserted = await deps.db.query_one(`INSERT INTO permit (actor_id, role, scope_id, expires_at, granted_by, source_offer_id)
|
|
@@ -32,7 +32,6 @@ export interface CreateSessionAndSetCookieOptions {
|
|
|
32
32
|
* sets the signed cookie.
|
|
33
33
|
*
|
|
34
34
|
* @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
|
|
35
|
-
* @mutates `options.c` - writes the signed session cookie via `Set-Cookie`
|
|
36
35
|
*/
|
|
37
36
|
export declare const create_session_and_set_cookie: (options: CreateSessionAndSetCookieOptions) => Promise<void>;
|
|
38
37
|
//# sourceMappingURL=session_lifecycle.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED
|
|
1
|
+
{"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,SAAS,gCAAgC,KACvC,OAAO,CAAC,IAAI,CAad,CAAC"}
|
|
@@ -14,7 +14,6 @@ import { generate_session_token, hash_session_token, AUTH_SESSION_LIFETIME_MS, q
|
|
|
14
14
|
* sets the signed cookie.
|
|
15
15
|
*
|
|
16
16
|
* @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
|
|
17
|
-
* @mutates `options.c` - writes the signed session cookie via `Set-Cookie`
|
|
18
17
|
*/
|
|
19
18
|
export const create_session_and_set_cookie = async (options) => {
|
|
20
19
|
const { keyring, deps, c, account_id, session_options, max_sessions } = options;
|
|
@@ -14,14 +14,10 @@ import { type SessionOptions } from './session_cookie.js';
|
|
|
14
14
|
export declare const get_session_cookie: <T>(c: Context, options: SessionOptions<T>) => string | undefined;
|
|
15
15
|
/**
|
|
16
16
|
* Set the session cookie on a response.
|
|
17
|
-
*
|
|
18
|
-
* @mutates `c` - writes the `Set-Cookie` header
|
|
19
17
|
*/
|
|
20
18
|
export declare const set_session_cookie: <T>(c: Context, value: string, options: SessionOptions<T>) => void;
|
|
21
19
|
/**
|
|
22
20
|
* Clear the session cookie on a response.
|
|
23
|
-
*
|
|
24
|
-
* @mutates `c` - writes a cookie-clearing `Set-Cookie` header
|
|
25
21
|
*/
|
|
26
22
|
export declare const clear_session_cookie: <T>(c: Context, options: SessionOptions<T>) => void;
|
|
27
23
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAGrD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EACN,KAAK,cAAc,EAInB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,MAAM,GAAG,SAEX,CAAC;AAEF
|
|
1
|
+
{"version":3,"file":"session_middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_middleware.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAE,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAGrD,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EACN,KAAK,cAAc,EAInB,MAAM,qBAAqB,CAAC;AAE7B;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,MAAM,GAAG,SAEX,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,EACnC,GAAG,OAAO,EACV,OAAO,MAAM,EACb,SAAS,cAAc,CAAC,CAAC,CAAC,KACxB,IASF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,GAAI,CAAC,EAAE,GAAG,OAAO,EAAE,SAAS,cAAc,CAAC,CAAC,CAAC,KAAG,IAMhF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,EAClD,SAAS,OAAO,EAChB,SAAS,cAAc,CAAC,SAAS,CAAC,KAChC,iBAgBF,CAAC"}
|