@fuzdev/fuz_app 0.54.0 → 0.56.0

package/dist/auth/require_keeper.js

@@ -1,35 +0,0 @@
-/**
- * Keeper credential type guard.
- *
- * Two-part check:
- * 1. Credential type must be `daemon_token` (not session cookie, not API token).
- * 2. Account must hold active keeper permit.
- *
- * Both must pass. A session cookie from the bootstrap account still fails check #1.
- *
- * @module
- */
-import { get_request_context, has_role } from './request_context.js';
-import { CREDENTIAL_TYPE_KEY } from '../hono_context.js';
-import { ROLE_KEEPER } from './role_schema.js';
-import { ERROR_AUTHENTICATION_REQUIRED, ERROR_INSUFFICIENT_PERMISSIONS, ERROR_KEEPER_REQUIRES_DAEMON_TOKEN, } from '../http/error_schemas.js';
-/**
- * Middleware that requires keeper credentials.
- *
- * Returns 401 if unauthenticated, 403 if credential type is not
- * `daemon_token` or if the keeper role is missing.
- */
-export const require_keeper = async (c, next) => {
-    const ctx = get_request_context(c);
-    if (!ctx) {
-        return c.json({ error: ERROR_AUTHENTICATION_REQUIRED }, 401);
-    }
-    const credential_type = c.get(CREDENTIAL_TYPE_KEY);
-    if (credential_type !== 'daemon_token') {
-        return c.json({ error: ERROR_KEEPER_REQUIRES_DAEMON_TOKEN, credential_type: credential_type ?? 'none' }, 403);
-    }
-    if (!has_role(ctx, ROLE_KEEPER)) {
-        return c.json({ error: ERROR_INSUFFICIENT_PERMISSIONS, required_role: ROLE_KEEPER }, 403);
-    }
-    await next();
-};

package/dist/auth/route_guards.d.ts

@@ -1,21 +0,0 @@
-/**
- * Auth guard resolver for the route spec system.
- *
- * Maps `RouteAuth` discriminants to auth middleware handlers.
- * Injected into `apply_route_specs` to decouple the generic HTTP
- * framework (`http/route_spec.ts`) from auth-specific middleware.
- *
- * @module
- */
-import type { AuthGuardResolver } from '../http/route_spec.js';
-/**
- * Standard auth guard resolver for fuz_app.
- *
- * Maps `RouteAuth` to middleware:
- * - `none` → no guards
- * - `authenticated` → `require_auth`
- * - `role` → `require_role(role)`
- * - `keeper` → `require_keeper`
- */
-export declare const fuz_auth_guard_resolver: AuthGuardResolver;
-//# sourceMappingURL=route_guards.d.ts.map

package/dist/auth/route_guards.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"route_guards.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/route_guards.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,uBAAuB,CAAC;AAE7D;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,iBAWrC,CAAC"}

package/dist/auth/route_guards.js

@@ -1,32 +0,0 @@
-/**
- * Auth guard resolver for the route spec system.
- *
- * Maps `RouteAuth` discriminants to auth middleware handlers.
- * Injected into `apply_route_specs` to decouple the generic HTTP
- * framework (`http/route_spec.ts`) from auth-specific middleware.
- *
- * @module
- */
-import { require_auth, require_role } from './request_context.js';
-import { require_keeper } from './require_keeper.js';
-/**
- * Standard auth guard resolver for fuz_app.
- *
- * Maps `RouteAuth` to middleware:
- * - `none` → no guards
- * - `authenticated` → `require_auth`
- * - `role` → `require_role(role)`
- * - `keeper` → `require_keeper`
- */
-export const fuz_auth_guard_resolver = (auth) => {
-    switch (auth.type) {
-        case 'none':
-            return [];
-        case 'authenticated':
-            return [require_auth];
-        case 'role':
-            return [require_role(auth.role)];
-        case 'keeper':
-            return [require_keeper];
-    }
-};

package/dist/auth/session_lifecycle.d.ts

@@ -1,37 +0,0 @@
-/**
- * Session lifecycle — creation and cookie management shared across login and bootstrap flows.
- *
- * @module
- */
-import type { Context } from 'hono';
-import type { Keyring } from './keyring.js';
-import { type SessionOptions } from './session_cookie.js';
-import type { QueryDeps } from '../db/query_deps.js';
-/**
- * Options for `create_session_and_set_cookie`.
- */
-export interface CreateSessionAndSetCookieOptions {
-    /** Keyring for cookie signing. */
-    keyring: Keyring;
-    /** Query deps (needs db for session creation). */
-    deps: QueryDeps;
-    /** Hono context for setting the cookie. */
-    c: Context;
-    /** The account to create a session for. */
-    account_id: string;
-    /** Session cookie configuration. */
-    session_options: SessionOptions<string>;
-    /** Per-account session cap (`null` to skip enforcement). */
-    max_sessions?: number | null;
-}
-/**
- * Create an auth session and set the session cookie on the response.
- *
- * Shared by login and bootstrap — generates a token, hashes it, persists
- * the session row, optionally enforces a per-account session limit, and
- * sets the signed cookie.
- *
- * @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
- */
-export declare const create_session_and_set_cookie: (options: CreateSessionAndSetCookieOptions) => Promise<void>;
-//# sourceMappingURL=session_lifecycle.d.ts.map

package/dist/auth/session_lifecycle.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"session_lifecycle.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/session_lifecycle.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,MAAM,CAAC;AAElC,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASrF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD;;GAEG;AACH,MAAM,WAAW,gCAAgC;IAChD,kCAAkC;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,kDAAkD;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,2CAA2C;IAC3C,CAAC,EAAE,OAAO,CAAC;IACX,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4DAA4D;IAC5D,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,SAAS,gCAAgC,KACvC,OAAO,CAAC,IAAI,CAad,CAAC"}

package/dist/auth/session_lifecycle.js

@@ -1,29 +0,0 @@
-/**
- * Session lifecycle — creation and cookie management shared across login and bootstrap flows.
- *
- * @module
- */
-import { create_session_cookie_value } from './session_cookie.js';
-import { set_session_cookie } from './session_middleware.js';
-import { generate_session_token, hash_session_token, AUTH_SESSION_LIFETIME_MS, query_create_session, query_session_enforce_limit, } from './session_queries.js';
-/**
- * Create an auth session and set the session cookie on the response.
- *
- * Shared by login and bootstrap — generates a token, hashes it, persists
- * the session row, optionally enforces a per-account session limit, and
- * sets the signed cookie.
- *
- * @mutates `auth_session` table - inserts the new session row (and evicts older rows when `max_sessions` is set)
- */
-export const create_session_and_set_cookie = async (options) => {
-    const { keyring, deps, c, account_id, session_options, max_sessions } = options;
-    const session_token = generate_session_token();
-    const token_hash = hash_session_token(session_token);
-    const expires_at = new Date(Date.now() + AUTH_SESSION_LIFETIME_MS);
-    await query_create_session(deps, token_hash, account_id, expires_at);
-    if (max_sessions != null) {
-        await query_session_enforce_limit(deps, account_id, max_sessions);
-    }
-    const cookie_value = await create_session_cookie_value(keyring, session_token, session_options);
-    set_session_cookie(c, cookie_value, session_options);
-};

package/dist/ui/AdminPermitHistory.svelte.d.ts

@@ -1,4 +0,0 @@
-declare const AdminPermitHistory: import("svelte").Component<Record<string, never>, {}, "">;
-type AdminPermitHistory = ReturnType<typeof AdminPermitHistory>;
-export default AdminPermitHistory;
-//# sourceMappingURL=AdminPermitHistory.svelte.d.ts.map

package/dist/ui/AdminPermitHistory.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"AdminPermitHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminPermitHistory.svelte"],"names":[],"mappings":"AAiGA,QAAA,MAAM,kBAAkB,2DAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/PermitOfferForm.svelte.d.ts

@@ -1,14 +0,0 @@
-import { type PermitOfferJson } from '../auth/permit_offer_schema.js';
-type $$ComponentProps = {
-    to_account_id: string;
-    /** Roles the caller may offer — caller filters by `web_grantable` upstream. */
-    roles: Array<string>;
-    /** Resource scope for the offer; `null` (default) yields a global offer. */
-    scope_id?: string | null;
-    on_created?: (offer: PermitOfferJson) => void;
-    format_role?: (role: string) => string;
-};
-declare const PermitOfferForm: import("svelte").Component<$$ComponentProps, {}, "">;
-type PermitOfferForm = ReturnType<typeof PermitOfferForm>;
-export default PermitOfferForm;
-//# sourceMappingURL=PermitOfferForm.svelte.d.ts.map

package/dist/ui/PermitOfferForm.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PermitOfferForm.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferForm.svelte"],"names":[],"mappings":"AAiBA,OAAO,EAEL,KAAK,eAAe,EACpB,MAAM,gCAAgC,CAAC;AAOxC,KAAK,gBAAgB,GAAI;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,+EAA+E;IAC/E,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,4EAA4E;IAC5E,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;IAC9C,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAsGH,QAAA,MAAM,eAAe,sDAAwC,CAAC;AAC9D,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,eAAe,CAAC,CAAC;AAC1D,eAAe,eAAe,CAAC"}

package/dist/ui/PermitOfferHistory.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PermitOfferHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferHistory.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,oFAAoF;IACpF,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AAkGH,QAAA,MAAM,kBAAkB,sDAAwC,CAAC;AACjE,KAAK,kBAAkB,GAAG,UAAU,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAChE,eAAe,kBAAkB,CAAC"}

package/dist/ui/PermitOfferInbox.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"PermitOfferInbox.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/PermitOfferInbox.svelte"],"names":[],"mappings":"AAmBA,OAAO,EAA4C,KAAK,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAE7F,KAAK,gBAAgB,GAAI;IACxB,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,aAAa,EAAE,MAAM,KAAK,MAAM,CAAC;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;IAC3B,+DAA+D;IAC/D,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;CACvC,CAAC;AA2FH,QAAA,MAAM,gBAAgB,sDAAwC,CAAC;AAC/D,KAAK,gBAAgB,GAAG,UAAU,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAC5D,eAAe,gBAAgB,CAAC"}

package/dist/ui/permit_offers_state.svelte.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"permit_offers_state.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/permit_offers_state.svelte.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH,OAAO,EAAC,QAAQ,EAAC,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,gCAAgC,CAAC;AAUpE;;;;GAIG;AACH,eAAO,MAAM,2BAA2B;;;;CAAsC,CAAC;AAE/E;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,OAAO,CAAC;QAAC,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IACtD,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KAChB,KAAK,OAAO,CAAC;QAAC,MAAM,EAAE,KAAK,CAAC,eAAe,CAAC,CAAA;KAAC,CAAC,CAAC;IAChD,MAAM,EAAE,CAAC,MAAM,EAAE;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,KAAK,OAAO,CAAC;QAAC,KAAK,EAAE,eAAe,CAAA;KAAC,CAAC,CAAC;IACxC,MAAM,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QACrC,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,eAAe,CAAC;QACvB,oBAAoB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACpC,CAAC,CAAC;IACH,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;IAC3E,OAAO,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC,CAAC;CACnD;AAED,yFAAyF;AACzF,MAAM,WAAW,uBAAuB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,CAAC;CAChB;AAED,qFAAqF;AACrF,MAAM,MAAM,oBAAoB,GAAG,CAClC,OAAO,EAAE,CAAC,YAAY,EAAE,uBAAuB,KAAK,IAAI,KACpD,MAAM,IAAI,CAAC;AAEhB,MAAM,WAAW,wBAAwB;IACxC,GAAG,EAAE,eAAe,CAAC;IACrB,oFAAoF;IACpF,UAAU,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAChC;;;OAGG;IACH,QAAQ,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;CAC9B;AAQD,qBAAa,iBAAkB,SAAQ,QAAQ;;IAO9C,sEAAsE;IACtE,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAatC;IAEH,mEAAmE;IACnE,QAAQ,CAAC,QAAQ,EAAE,KAAK,CAAC,eAAe,CAAC,CAatC;IAEH,qFAAqF;IACrF,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,eAAe,CAAC,CAIrC;IAEH,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAkC;gBAErD,OAAO,EAAE,wBAAwB;IAO7C,4DAA4D;IACtD,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAO5B,6DAA6D;IACvD,aAAa,CAAC,OAAO,CAAC,EAAE;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAO/E,8EAA8E;IACxE,MAAM,CAAC,MAAM,EAAE;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxB,GAAG,OAAO,CAAC,eAAe,GAAG,SAAS,CAAC;IAQxC,qGAAqG;IAC/F,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAavC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAOhE,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9C;;;OAGG;IACH,SAAS,CAAC,YAAY,EAAE,oBAAoB,GAAG,MAAM,IAAI;IAMzD;;;;;;OAMG;IACH,kBAAkB,CAAC,YAAY,EAAE,uBAAuB,GAAG,IAAI;IAwB/D,qDAAqD;IAC5C,KAAK,IAAI,IAAI;CAmBtB"}