@fuzdev/fuz_app 0.57.0 → 0.57.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions/heartbeat.d.ts +1 -1
- package/dist/actions/heartbeat.js +1 -1
- package/dist/auth/CLAUDE.md +6 -6
- package/dist/auth/account_action_specs.d.ts +4 -4
- package/dist/auth/account_action_specs.d.ts.map +1 -1
- package/dist/auth/account_action_specs.js +4 -2
- package/dist/auth/admin_action_specs.d.ts +24 -24
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +30 -13
- package/dist/auth/admin_actions.d.ts.map +1 -1
- package/dist/auth/admin_actions.js +1 -6
- package/dist/auth/audit_log_queries.d.ts.map +1 -1
- package/dist/auth/audit_log_queries.js +25 -8
- package/dist/auth/role_grant_offer_action_specs.d.ts +8 -8
- package/dist/auth/role_grant_offer_action_specs.d.ts.map +1 -1
- package/dist/auth/role_grant_offer_action_specs.js +8 -4
- package/dist/http/CLAUDE.md +1 -1
- package/dist/http/error_schemas.d.ts +0 -2
- package/dist/http/error_schemas.d.ts.map +1 -1
- package/dist/http/error_schemas.js +0 -2
- package/dist/testing/adversarial_input.d.ts.map +1 -1
- package/dist/testing/adversarial_input.js +14 -1
- package/dist/testing/schema_generators.d.ts.map +1 -1
- package/dist/testing/schema_generators.js +26 -1
- package/dist/ui/AdminAuditLog.svelte +13 -4
- package/dist/ui/AdminAuditLog.svelte.d.ts.map +1 -1
- package/dist/ui/AdminRoleGrantHistory.svelte +7 -2
- package/dist/ui/AdminRoleGrantHistory.svelte.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -34,7 +34,7 @@ export declare const heartbeat_action_spec: {
|
|
|
34
34
|
actor: "none";
|
|
35
35
|
};
|
|
36
36
|
side_effects: false;
|
|
37
|
-
input: z.ZodObject<{}, z.core.$strict
|
|
37
|
+
input: z.ZodDefault<z.ZodObject<{}, z.core.$strict>>;
|
|
38
38
|
output: z.ZodObject<{}, z.core.$strict>;
|
|
39
39
|
async: true;
|
|
40
40
|
description: string;
|
|
@@ -30,7 +30,7 @@ export const heartbeat_action_spec = {
|
|
|
30
30
|
initiator: 'frontend',
|
|
31
31
|
auth: { account: 'required', actor: 'none' },
|
|
32
32
|
side_effects: false,
|
|
33
|
-
input: z.strictObject({}),
|
|
33
|
+
input: z.strictObject({}).default({}),
|
|
34
34
|
output: z.strictObject({}),
|
|
35
35
|
async: true,
|
|
36
36
|
description: 'Shared activity ping — keeps the socket alive and exercises the dispatch path.',
|
package/dist/auth/CLAUDE.md
CHANGED
|
@@ -1253,12 +1253,12 @@ that scripted oracles surface in audit. Tighten downstream via
|
|
|
1253
1253
|
|
|
1254
1254
|
Error reasons returned via `error.data.reason`:
|
|
1255
1255
|
|
|
1256
|
-
| Method | Error
|
|
1257
|
-
| -------------------------- |
|
|
1258
|
-
| `admin_session_revoke_all` | `ERROR_ACCOUNT_NOT_FOUND` (404 via `jsonrpc_errors.not_found`)
|
|
1259
|
-
| `admin_token_revoke_all` | `ERROR_ACCOUNT_NOT_FOUND`
|
|
1260
|
-
| `invite_create` | `
|
|
1261
|
-
| `invite_delete` | `ERROR_INVITE_NOT_FOUND` (not_found)
|
|
1256
|
+
| Method | Error |
|
|
1257
|
+
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
1258
|
+
| `admin_session_revoke_all` | `ERROR_ACCOUNT_NOT_FOUND` (404 via `jsonrpc_errors.not_found`) |
|
|
1259
|
+
| `admin_token_revoke_all` | `ERROR_ACCOUNT_NOT_FOUND` |
|
|
1260
|
+
| `invite_create` | `ERROR_INVITE_ACCOUNT_EXISTS_USERNAME`, `ERROR_INVITE_ACCOUNT_EXISTS_EMAIL`, `ERROR_INVITE_DUPLICATE` (conflict). Empty input is rejected at the schema via `.refine()` — surfaces as standard `invalid_params` with `error.data.issues` (Zod issues array), not a `reason` code. |
|
|
1261
|
+
| `invite_delete` | `ERROR_INVITE_NOT_FOUND` (not_found) |
|
|
1262
1262
|
|
|
1263
1263
|
Audit events fired by handlers (all pass `ip: ctx.client_ip` for
|
|
1264
1264
|
transport-uniform forensics — matches the REST convention and the
|
|
@@ -47,9 +47,9 @@ export declare const SessionRevokeAllOutput: z.ZodObject<{
|
|
|
47
47
|
}, z.core.$strict>;
|
|
48
48
|
export type SessionRevokeAllOutput = z.infer<typeof SessionRevokeAllOutput>;
|
|
49
49
|
/** Input for `account_token_create`. */
|
|
50
|
-
export declare const TokenCreateInput: z.ZodObject<{
|
|
50
|
+
export declare const TokenCreateInput: z.ZodPrefault<z.ZodObject<{
|
|
51
51
|
name: z.ZodDefault<z.ZodString>;
|
|
52
|
-
}, z.core.$strict
|
|
52
|
+
}, z.core.$strict>>;
|
|
53
53
|
export type TokenCreateInput = z.infer<typeof TokenCreateInput>;
|
|
54
54
|
/** Output for `account_token_create`. `token` is returned exactly once. */
|
|
55
55
|
export declare const TokenCreateOutput: z.ZodObject<{
|
|
@@ -173,9 +173,9 @@ export declare const account_token_create_action_spec: {
|
|
|
173
173
|
actor: "none";
|
|
174
174
|
};
|
|
175
175
|
side_effects: true;
|
|
176
|
-
input: z.ZodObject<{
|
|
176
|
+
input: z.ZodPrefault<z.ZodObject<{
|
|
177
177
|
name: z.ZodDefault<z.ZodString>;
|
|
178
|
-
}, z.core.$strict
|
|
178
|
+
}, z.core.$strict>>;
|
|
179
179
|
output: z.ZodObject<{
|
|
180
180
|
ok: z.ZodLiteral<true>;
|
|
181
181
|
token: z.ZodString;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"account_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAMzE,6EAA6E;AAC7E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,yCAAyC;AACzC,eAAO,MAAM,iBAAiB;;;;;;;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,iFAAiF;AACjF,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,6DAA6D;AAC7D,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,+CAA+C;AAC/C,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;
|
|
1
|
+
{"version":3,"file":"account_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/account_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAMzE,6EAA6E;AAC7E,eAAO,MAAM,WAAW,WAAW,CAAC;AACpC,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEtD,uDAAuD;AACvD,eAAO,MAAM,gBAAgB,WAAW,CAAC;AACzC,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,yCAAyC;AACzC,eAAO,MAAM,iBAAiB;;;;;;;;kBAE5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,2EAA2E;AAC3E,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,iFAAiF;AACjF,eAAO,MAAM,mBAAmB;;;kBAG9B,CAAC;AACH,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,6DAA6D;AAC7D,eAAO,MAAM,qBAAqB,WAAW,CAAC;AAC9C,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,+CAA+C;AAC/C,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;mBAOf,CAAC;AACf,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,2EAA2E;AAC3E,eAAO,MAAM,iBAAiB;;;;;kBAK5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,qDAAqD;AACrD,eAAO,MAAM,cAAc,WAAW,CAAC;AACvC,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,4DAA4D;AAC5D,eAAO,MAAM,eAAe;;;;;;;;;;kBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,wCAAwC;AACxC,eAAO,MAAM,gBAAgB;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,+EAA+E;AAC/E,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAIlE,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;;CAUR,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;CAUV,CAAC;AAEtC,eAAO,MAAM,sCAAsC;;;;;;;;;;;;;;;;CAUd,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;;;CAUR,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,gCAAgC;;;;;;;;;;;;;;;;;;CAUR,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,EAAE,KAAK,CAAC,yBAAyB,CAQrE,CAAC"}
|
|
@@ -37,12 +37,14 @@ export const SessionRevokeAllOutput = z.strictObject({
|
|
|
37
37
|
count: z.number(),
|
|
38
38
|
});
|
|
39
39
|
/** Input for `account_token_create`. */
|
|
40
|
-
export const TokenCreateInput = z
|
|
40
|
+
export const TokenCreateInput = z
|
|
41
|
+
.strictObject({
|
|
41
42
|
name: z
|
|
42
43
|
.string()
|
|
43
44
|
.default('CLI token')
|
|
44
45
|
.meta({ description: 'Human-friendly label; shown in the token list.' }),
|
|
45
|
-
})
|
|
46
|
+
})
|
|
47
|
+
.prefault({});
|
|
46
48
|
/** Output for `account_token_create`. `token` is returned exactly once. */
|
|
47
49
|
export const TokenCreateOutput = z.strictObject({
|
|
48
50
|
ok: z.literal(true),
|
|
@@ -24,11 +24,11 @@ export declare const ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT = 50;
|
|
|
24
24
|
/** Max `admin_account_list` page size. */
|
|
25
25
|
export declare const ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200;
|
|
26
26
|
/** Input for `admin_account_list`. */
|
|
27
|
-
export declare const AdminAccountListInput: z.ZodObject<{
|
|
27
|
+
export declare const AdminAccountListInput: z.ZodDefault<z.ZodObject<{
|
|
28
28
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
29
29
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
30
30
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
31
|
-
}, z.core.$strict
|
|
31
|
+
}, z.core.$strict>>;
|
|
32
32
|
export type AdminAccountListInput = z.infer<typeof AdminAccountListInput>;
|
|
33
33
|
/** Output for `admin_account_list`. */
|
|
34
34
|
export declare const AdminAccountListOutput: z.ZodObject<{
|
|
@@ -70,9 +70,9 @@ export declare const AdminAccountListOutput: z.ZodObject<{
|
|
|
70
70
|
}, z.core.$strict>;
|
|
71
71
|
export type AdminAccountListOutput = z.infer<typeof AdminAccountListOutput>;
|
|
72
72
|
/** Input for `admin_session_list`. */
|
|
73
|
-
export declare const AdminSessionListInput: z.ZodObject<{
|
|
73
|
+
export declare const AdminSessionListInput: z.ZodDefault<z.ZodObject<{
|
|
74
74
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
75
|
-
}, z.core.$strict
|
|
75
|
+
}, z.core.$strict>>;
|
|
76
76
|
export type AdminSessionListInput = z.infer<typeof AdminSessionListInput>;
|
|
77
77
|
/** Output for `admin_session_list`. Cross-account listing; fan-out already scoped by role auth. */
|
|
78
78
|
export declare const AdminSessionListOutput: z.ZodObject<{
|
|
@@ -116,7 +116,7 @@ export type AdminTokenRevokeAllOutput = z.infer<typeof AdminTokenRevokeAllOutput
|
|
|
116
116
|
* fill (caller supplies the highest seq seen; server returns everything
|
|
117
117
|
* after).
|
|
118
118
|
*/
|
|
119
|
-
export declare const AuditLogListInput: z.ZodObject<{
|
|
119
|
+
export declare const AuditLogListInput: z.ZodDefault<z.ZodObject<{
|
|
120
120
|
event_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
121
121
|
outcome: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
122
122
|
success: "success";
|
|
@@ -127,7 +127,7 @@ export declare const AuditLogListInput: z.ZodObject<{
|
|
|
127
127
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
128
128
|
since_seq: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
129
129
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
130
|
-
}, z.core.$strict
|
|
130
|
+
}, z.core.$strict>>;
|
|
131
131
|
export type AuditLogListInput = z.infer<typeof AuditLogListInput>;
|
|
132
132
|
/** Output for `audit_log_list`. */
|
|
133
133
|
export declare const AuditLogListOutput: z.ZodObject<{
|
|
@@ -152,11 +152,11 @@ export declare const AuditLogListOutput: z.ZodObject<{
|
|
|
152
152
|
}, z.core.$strict>;
|
|
153
153
|
export type AuditLogListOutput = z.infer<typeof AuditLogListOutput>;
|
|
154
154
|
/** Input for `audit_log_role_grant_history`. */
|
|
155
|
-
export declare const AuditLogRoleGrantHistoryInput: z.ZodObject<{
|
|
155
|
+
export declare const AuditLogRoleGrantHistoryInput: z.ZodDefault<z.ZodObject<{
|
|
156
156
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
157
157
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
158
158
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
159
|
-
}, z.core.$strict
|
|
159
|
+
}, z.core.$strict>>;
|
|
160
160
|
export type AuditLogRoleGrantHistoryInput = z.infer<typeof AuditLogRoleGrantHistoryInput>;
|
|
161
161
|
/** Output for `audit_log_role_grant_history`. */
|
|
162
162
|
export declare const AuditLogRoleGrantHistoryOutput: z.ZodObject<{
|
|
@@ -202,9 +202,9 @@ export declare const InviteCreateOutput: z.ZodObject<{
|
|
|
202
202
|
}, z.core.$strict>;
|
|
203
203
|
export type InviteCreateOutput = z.infer<typeof InviteCreateOutput>;
|
|
204
204
|
/** Input for `invite_list`. */
|
|
205
|
-
export declare const InviteListInput: z.ZodObject<{
|
|
205
|
+
export declare const InviteListInput: z.ZodDefault<z.ZodObject<{
|
|
206
206
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
207
|
-
}, z.core.$strict
|
|
207
|
+
}, z.core.$strict>>;
|
|
208
208
|
export type InviteListInput = z.infer<typeof InviteListInput>;
|
|
209
209
|
/** Output for `invite_list`. Uses the enriched row including creator/claimer usernames. */
|
|
210
210
|
export declare const InviteListOutput: z.ZodObject<{
|
|
@@ -233,9 +233,9 @@ export declare const InviteDeleteOutput: z.ZodObject<{
|
|
|
233
233
|
}, z.core.$strict>;
|
|
234
234
|
export type InviteDeleteOutput = z.infer<typeof InviteDeleteOutput>;
|
|
235
235
|
/** Input for `app_settings_get`. */
|
|
236
|
-
export declare const AppSettingsGetInput: z.ZodObject<{
|
|
236
|
+
export declare const AppSettingsGetInput: z.ZodDefault<z.ZodObject<{
|
|
237
237
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
238
|
-
}, z.core.$strict
|
|
238
|
+
}, z.core.$strict>>;
|
|
239
239
|
export type AppSettingsGetInput = z.infer<typeof AppSettingsGetInput>;
|
|
240
240
|
/** Output for `app_settings_get`. */
|
|
241
241
|
export declare const AppSettingsGetOutput: z.ZodObject<{
|
|
@@ -274,11 +274,11 @@ export declare const admin_account_list_action_spec: {
|
|
|
274
274
|
roles: string[];
|
|
275
275
|
};
|
|
276
276
|
side_effects: false;
|
|
277
|
-
input: z.ZodObject<{
|
|
277
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
278
278
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
279
279
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
280
280
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
281
|
-
}, z.core.$strict
|
|
281
|
+
}, z.core.$strict>>;
|
|
282
282
|
output: z.ZodObject<{
|
|
283
283
|
accounts: z.ZodArray<z.ZodObject<{
|
|
284
284
|
account: z.ZodObject<{
|
|
@@ -329,9 +329,9 @@ export declare const admin_session_list_action_spec: {
|
|
|
329
329
|
roles: string[];
|
|
330
330
|
};
|
|
331
331
|
side_effects: false;
|
|
332
|
-
input: z.ZodObject<{
|
|
332
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
333
333
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
334
|
-
}, z.core.$strict
|
|
334
|
+
}, z.core.$strict>>;
|
|
335
335
|
output: z.ZodObject<{
|
|
336
336
|
sessions: z.ZodArray<z.ZodObject<{
|
|
337
337
|
id: z.ZodString;
|
|
@@ -399,7 +399,7 @@ export declare const audit_log_list_action_spec: {
|
|
|
399
399
|
roles: string[];
|
|
400
400
|
};
|
|
401
401
|
side_effects: false;
|
|
402
|
-
input: z.ZodObject<{
|
|
402
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
403
403
|
event_type: z.ZodOptional<z.ZodNullable<z.ZodString>>;
|
|
404
404
|
outcome: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
|
|
405
405
|
success: "success";
|
|
@@ -410,7 +410,7 @@ export declare const audit_log_list_action_spec: {
|
|
|
410
410
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
411
411
|
since_seq: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
412
412
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
413
|
-
}, z.core.$strict
|
|
413
|
+
}, z.core.$strict>>;
|
|
414
414
|
output: z.ZodObject<{
|
|
415
415
|
events: z.ZodArray<z.ZodObject<{
|
|
416
416
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
@@ -444,11 +444,11 @@ export declare const audit_log_role_grant_history_action_spec: {
|
|
|
444
444
|
roles: string[];
|
|
445
445
|
};
|
|
446
446
|
side_effects: false;
|
|
447
|
-
input: z.ZodObject<{
|
|
447
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
448
448
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
449
449
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
450
450
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
451
|
-
}, z.core.$strict
|
|
451
|
+
}, z.core.$strict>>;
|
|
452
452
|
output: z.ZodObject<{
|
|
453
453
|
events: z.ZodArray<z.ZodObject<{
|
|
454
454
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
@@ -513,9 +513,9 @@ export declare const invite_list_action_spec: {
|
|
|
513
513
|
roles: string[];
|
|
514
514
|
};
|
|
515
515
|
side_effects: false;
|
|
516
|
-
input: z.ZodObject<{
|
|
516
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
517
517
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
518
|
-
}, z.core.$strict
|
|
518
|
+
}, z.core.$strict>>;
|
|
519
519
|
output: z.ZodObject<{
|
|
520
520
|
invites: z.ZodArray<z.ZodObject<{
|
|
521
521
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
@@ -563,9 +563,9 @@ export declare const app_settings_get_action_spec: {
|
|
|
563
563
|
roles: string[];
|
|
564
564
|
};
|
|
565
565
|
side_effects: false;
|
|
566
|
-
input: z.ZodObject<{
|
|
566
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
567
567
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
568
|
-
}, z.core.$strict
|
|
568
|
+
}, z.core.$strict>>;
|
|
569
569
|
output: z.ZodObject<{
|
|
570
570
|
settings: z.ZodObject<{
|
|
571
571
|
open_signup: z.ZodBoolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAgBzE,+BAA+B;AAC/B,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,8CAA8C;AAC9C,eAAO,MAAM,gCAAgC,KAAK,CAAC;AACnD,0CAA0C;AAC1C,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAIhD,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;
|
|
1
|
+
{"version":3,"file":"admin_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAgBzE,+BAA+B;AAC/B,eAAO,MAAM,wBAAwB,MAAM,CAAC;AAE5C,8CAA8C;AAC9C,eAAO,MAAM,gCAAgC,KAAK,CAAC;AACnD,0CAA0C;AAC1C,eAAO,MAAM,4BAA4B,MAAM,CAAC;AAIhD,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;;mBAcrB,CAAC;AACd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;mBAIrB,CAAC;AACd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAE1E,mGAAmG;AACnG,eAAO,MAAM,sBAAsB;;;;;;;;;kBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;kBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;kBAGnC,CAAC;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;mBAyBjB,CAAC;AACd,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,mCAAmC;AACnC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,gDAAgD;AAChD,eAAO,MAAM,6BAA6B;;;;mBAc7B,CAAC;AACd,MAAM,MAAM,6BAA6B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,6BAA6B,CAAC,CAAC;AAE1F,iDAAiD;AACjD,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;kBAEzC,CAAC;AACH,MAAM,MAAM,8BAA8B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,8BAA8B,CAAC,CAAC;AAE5F,wFAAwF;AACxF,eAAO,MAAM,iBAAiB;;;;kBAS3B,CAAC;AACJ,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;;;;;;;;;;kBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,+BAA+B;AAC/B,eAAO,MAAM,eAAe;;mBAIf,CAAC;AACd,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D,2FAA2F;AAC3F,eAAO,MAAM,gBAAgB;;;;;;;;;;;;kBAE3B,CAAC;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAC;AAEhE,iCAAiC;AACjC,eAAO,MAAM,iBAAiB;;;kBAG5B,CAAC;AACH,MAAM,MAAM,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAElE,kCAAkC;AAClC,eAAO,MAAM,kBAAkB;;kBAE7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,oCAAoC;AACpC,eAAO,MAAM,mBAAmB;;mBAInB,CAAC;AACd,MAAM,MAAM,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEtE,qCAAqC;AACrC,eAAO,MAAM,oBAAoB;;;;;;;kBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB;;;kBAGjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,wCAAwC;AACxC,eAAO,MAAM,uBAAuB;;;;;;;;kBAGlC,CAAC;AACH,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAI9E,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,8BAA8B;;;;;;;;;;;;;;;;;;;;;;;;;CAUN,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,kCAAkC;;;;;;;;;;;;;;;;;;;;;CAWV,CAAC;AAEtC,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUF,CAAC;AAEtC,eAAO,MAAM,wCAAwC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUhB,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUC,CAAC;AAEtC,eAAO,MAAM,yBAAyB;;;;;;;;;;;;;;;;;;;;CAWD,CAAC;AAEtC,eAAO,MAAM,4BAA4B;;;;;;;;;;;;;;;;;;;;;;;CAUJ,CAAC;AAEtC,eAAO,MAAM,+BAA+B;;;;;;;;;;;;;;;;;;;;;;;;;;CAWP,CAAC;AAEtC;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,EAAE,KAAK,CAAC,yBAAyB,CAYnE,CAAC"}
|
|
@@ -32,7 +32,8 @@ export const ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT = 50;
|
|
|
32
32
|
export const ADMIN_ACCOUNT_LIST_LIMIT_MAX = 200;
|
|
33
33
|
// -- Input/output schemas ---------------------------------------------------
|
|
34
34
|
/** Input for `admin_account_list`. */
|
|
35
|
-
export const AdminAccountListInput = z
|
|
35
|
+
export const AdminAccountListInput = z
|
|
36
|
+
.strictObject({
|
|
36
37
|
acting: ActingActor,
|
|
37
38
|
limit: z
|
|
38
39
|
.number()
|
|
@@ -44,16 +45,19 @@ export const AdminAccountListInput = z.strictObject({
|
|
|
44
45
|
description: `Max accounts to return (default ${ADMIN_ACCOUNT_LIST_DEFAULT_LIMIT}, max ${ADMIN_ACCOUNT_LIST_LIMIT_MAX}).`,
|
|
45
46
|
}),
|
|
46
47
|
offset: z.number().int().min(0).nullish().meta({ description: 'Pagination offset.' }),
|
|
47
|
-
})
|
|
48
|
+
})
|
|
49
|
+
.default({});
|
|
48
50
|
/** Output for `admin_account_list`. */
|
|
49
51
|
export const AdminAccountListOutput = z.strictObject({
|
|
50
52
|
accounts: z.array(AdminAccountEntryJson),
|
|
51
53
|
grantable_roles: z.array(RoleName),
|
|
52
54
|
});
|
|
53
55
|
/** Input for `admin_session_list`. */
|
|
54
|
-
export const AdminSessionListInput = z
|
|
56
|
+
export const AdminSessionListInput = z
|
|
57
|
+
.strictObject({
|
|
55
58
|
acting: ActingActor,
|
|
56
|
-
})
|
|
59
|
+
})
|
|
60
|
+
.default({});
|
|
57
61
|
/** Output for `admin_session_list`. Cross-account listing; fan-out already scoped by role auth. */
|
|
58
62
|
export const AdminSessionListOutput = z.strictObject({
|
|
59
63
|
sessions: z.array(AdminSessionJson),
|
|
@@ -84,7 +88,8 @@ export const AdminTokenRevokeAllOutput = z.strictObject({
|
|
|
84
88
|
* fill (caller supplies the highest seq seen; server returns everything
|
|
85
89
|
* after).
|
|
86
90
|
*/
|
|
87
|
-
export const AuditLogListInput = z
|
|
91
|
+
export const AuditLogListInput = z
|
|
92
|
+
.strictObject({
|
|
88
93
|
event_type: AuditEventTypeName.nullish().meta({
|
|
89
94
|
description: 'Filter by event type. Accepts builtin or consumer-registered names (regex-validated).',
|
|
90
95
|
}),
|
|
@@ -106,13 +111,15 @@ export const AuditLogListInput = z.strictObject({
|
|
|
106
111
|
description: 'Gap-fill from this seq forward. Used for SSE reconnection.',
|
|
107
112
|
}),
|
|
108
113
|
acting: ActingActor,
|
|
109
|
-
})
|
|
114
|
+
})
|
|
115
|
+
.default({});
|
|
110
116
|
/** Output for `audit_log_list`. */
|
|
111
117
|
export const AuditLogListOutput = z.strictObject({
|
|
112
118
|
events: z.array(AuditLogEventWithUsernamesJson),
|
|
113
119
|
});
|
|
114
120
|
/** Input for `audit_log_role_grant_history`. */
|
|
115
|
-
export const AuditLogRoleGrantHistoryInput = z
|
|
121
|
+
export const AuditLogRoleGrantHistoryInput = z
|
|
122
|
+
.strictObject({
|
|
116
123
|
limit: z
|
|
117
124
|
.number()
|
|
118
125
|
.int()
|
|
@@ -124,16 +131,22 @@ export const AuditLogRoleGrantHistoryInput = z.strictObject({
|
|
|
124
131
|
}),
|
|
125
132
|
offset: z.number().int().min(0).nullish().meta({ description: 'Pagination offset.' }),
|
|
126
133
|
acting: ActingActor,
|
|
127
|
-
})
|
|
134
|
+
})
|
|
135
|
+
.default({});
|
|
128
136
|
/** Output for `audit_log_role_grant_history`. */
|
|
129
137
|
export const AuditLogRoleGrantHistoryOutput = z.strictObject({
|
|
130
138
|
events: z.array(RoleGrantHistoryEventJson),
|
|
131
139
|
});
|
|
132
140
|
/** Input for `invite_create`. At least one of `email` / `username` must be provided. */
|
|
133
|
-
export const InviteCreateInput = z
|
|
141
|
+
export const InviteCreateInput = z
|
|
142
|
+
.strictObject({
|
|
134
143
|
email: Email.nullish().meta({ description: 'Invitee email.' }),
|
|
135
144
|
username: Username.nullish().meta({ description: 'Invitee username.' }),
|
|
136
145
|
acting: ActingActor,
|
|
146
|
+
})
|
|
147
|
+
.refine((v) => v.email != null || v.username != null, {
|
|
148
|
+
message: 'at least one of email or username is required',
|
|
149
|
+
path: ['email'],
|
|
137
150
|
});
|
|
138
151
|
/** Output for `invite_create`. */
|
|
139
152
|
export const InviteCreateOutput = z.strictObject({
|
|
@@ -141,9 +154,11 @@ export const InviteCreateOutput = z.strictObject({
|
|
|
141
154
|
invite: InviteJson,
|
|
142
155
|
});
|
|
143
156
|
/** Input for `invite_list`. */
|
|
144
|
-
export const InviteListInput = z
|
|
157
|
+
export const InviteListInput = z
|
|
158
|
+
.strictObject({
|
|
145
159
|
acting: ActingActor,
|
|
146
|
-
})
|
|
160
|
+
})
|
|
161
|
+
.default({});
|
|
147
162
|
/** Output for `invite_list`. Uses the enriched row including creator/claimer usernames. */
|
|
148
163
|
export const InviteListOutput = z.strictObject({
|
|
149
164
|
invites: z.array(InviteWithUsernamesJson),
|
|
@@ -158,9 +173,11 @@ export const InviteDeleteOutput = z.strictObject({
|
|
|
158
173
|
ok: z.literal(true),
|
|
159
174
|
});
|
|
160
175
|
/** Input for `app_settings_get`. */
|
|
161
|
-
export const AppSettingsGetInput = z
|
|
176
|
+
export const AppSettingsGetInput = z
|
|
177
|
+
.strictObject({
|
|
162
178
|
acting: ActingActor,
|
|
163
|
-
})
|
|
179
|
+
})
|
|
180
|
+
.default({});
|
|
164
181
|
/** Output for `app_settings_get`. */
|
|
165
182
|
export const AppSettingsGetOutput = z.strictObject({
|
|
166
183
|
settings: AppSettingsWithUsernameJson,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAsC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAE7F,OAAO,EAGN,KAAK,gBAAgB,EACrB,MAAM,kBAAkB,CAAC;AAuB1B,OAAO,EAAC,KAAK,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAK1D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"admin_actions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/admin_actions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAsC,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAE7F,OAAO,EAGN,KAAK,gBAAgB,EACrB,MAAM,kBAAkB,CAAC;AAuB1B,OAAO,EAAC,KAAK,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAK1D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,WAAW,CAAC;AA6ChD,0CAA0C;AAC1C,MAAM,WAAW,kBAAkB;IAClC;;;;;OAKG;IACH,KAAK,CAAC,EAAE,gBAAgB,CAAC;IACzB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,WAAW,CAAC;CAC3B;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,IAAI,CAAC,gBAAgB,EAAE,KAAK,GAAG,OAAO,CAAC,EAC7C,UAAS,kBAAuB,KAC9B,KAAK,CAAC,SAAS,CA0PjB,CAAC"}
|
|
@@ -40,7 +40,7 @@ import { query_create_invite, query_invite_delete_unclaimed, query_invite_list_a
|
|
|
40
40
|
import {} from './app_settings_schema.js';
|
|
41
41
|
import { query_app_settings_load_with_username, query_app_settings_update, } from './app_settings_queries.js';
|
|
42
42
|
import { is_pg_unique_violation } from '../db/pg_error.js';
|
|
43
|
-
import { ERROR_ACCOUNT_NOT_FOUND, ERROR_INVITE_ACCOUNT_EXISTS_EMAIL, ERROR_INVITE_ACCOUNT_EXISTS_USERNAME, ERROR_INVITE_DUPLICATE,
|
|
43
|
+
import { ERROR_ACCOUNT_NOT_FOUND, ERROR_INVITE_ACCOUNT_EXISTS_EMAIL, ERROR_INVITE_ACCOUNT_EXISTS_USERNAME, ERROR_INVITE_DUPLICATE, ERROR_INVITE_NOT_FOUND, } from '../http/error_schemas.js';
|
|
44
44
|
import { admin_account_list_action_spec, admin_session_list_action_spec, admin_session_revoke_all_action_spec, admin_token_revoke_all_action_spec, audit_log_list_action_spec, audit_log_role_grant_history_action_spec, invite_create_action_spec, invite_list_action_spec, invite_delete_action_spec, app_settings_get_action_spec, app_settings_update_action_spec, } from './admin_action_specs.js';
|
|
45
45
|
/**
|
|
46
46
|
* Create the admin-only RPC actions.
|
|
@@ -145,11 +145,6 @@ export const create_admin_actions = (deps, options = {}) => {
|
|
|
145
145
|
const auth = ctx.auth;
|
|
146
146
|
const email = input.email ?? null;
|
|
147
147
|
const username = input.username ?? null;
|
|
148
|
-
if (!email && !username) {
|
|
149
|
-
throw jsonrpc_errors.invalid_params('invite must specify email or username', {
|
|
150
|
-
reason: ERROR_INVITE_MISSING_IDENTIFIER,
|
|
151
|
-
});
|
|
152
|
-
}
|
|
153
148
|
if (username) {
|
|
154
149
|
const existing = await query_account_by_username(ctx, username);
|
|
155
150
|
if (existing) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit_log_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAGN,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC9B,MAAM,uBAAuB,CAAC;AAa/B,iFAAiF;AACjF,eAAO,MAAM,sCAAsC,QAAO,MACvB,CAAC;AAEpC,0CAA0C;AAC1C,eAAO,MAAM,wCAAwC,QAAO,IAE3D,CAAC;AAYF,gFAAgF;AAChF,eAAO,MAAM,qCAAqC,QAAO,MACvB,CAAC;AAEnC,0CAA0C;AAC1C,eAAO,MAAM,uCAAuC,QAAO,IAE1D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,eAAe,GAAU,CAAC,SAAS,MAAM,EACrD,MAAM,SAAS,EACf,OAAO,aAAa,CAAC,CAAC,CAAC,EACvB,SAAQ,cAAyC,KAC/C,OAAO,CAAC,aAAa,CAoCvB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAwC9B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mCAAmC,GAC/C,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,
|
|
1
|
+
{"version":3,"file":"audit_log_queries.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/audit_log_queries.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAGN,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,aAAa,EAClB,KAAK,mBAAmB,EACxB,KAAK,8BAA8B,EACnC,KAAK,yBAAyB,EAC9B,MAAM,uBAAuB,CAAC;AAa/B,iFAAiF;AACjF,eAAO,MAAM,sCAAsC,QAAO,MACvB,CAAC;AAEpC,0CAA0C;AAC1C,eAAO,MAAM,wCAAwC,QAAO,IAE3D,CAAC;AAYF,gFAAgF;AAChF,eAAO,MAAM,qCAAqC,QAAO,MACvB,CAAC;AAEnC,0CAA0C;AAC1C,eAAO,MAAM,uCAAuC,QAAO,IAE1D,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,eAAe,GAAU,CAAC,SAAS,MAAM,EACrD,MAAM,SAAS,EACf,OAAO,aAAa,CAAC,CAAC,CAAC,EACvB,SAAQ,cAAyC,KAC/C,OAAO,CAAC,aAAa,CAoCvB,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,CAwC9B,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,mCAAmC,GAC/C,MAAM,SAAS,EACf,UAAU,mBAAmB,KAC3B,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAwD/C,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uCAAuC,GACnD,MAAM,SAAS,EACf,cAA+B,EAC/B,eAAU,KACR,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAmB1C,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,8BAA8B,GAC1C,MAAM,SAAS,EACf,QAAQ,IAAI,KACV,OAAO,CAAC,MAAM,CAMhB,CAAC"}
|
|
@@ -169,12 +169,22 @@ export const query_audit_log_list_with_usernames = async (deps, options) => {
|
|
|
169
169
|
const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
|
|
170
170
|
const limit = options?.limit ?? AUDIT_LOG_DEFAULT_LIMIT;
|
|
171
171
|
const offset = options?.offset ?? 0;
|
|
172
|
+
// Chain through `actor` when `actor_id` / `target_actor_id` is set (audit
|
|
173
|
+
// events stamped post-Stage-4), falling back to the direct
|
|
174
|
+
// `account_id` / `target_account_id` JOIN for events whose principal
|
|
175
|
+
// has no actor binding (admin password reset, session revoke, etc.).
|
|
176
|
+
// Under v1 1:1 the two branches resolve to the same username; the
|
|
177
|
+
// chain is forensic future-proofing for N:1 multi-actor.
|
|
172
178
|
return deps.db.query(`SELECT al.*,
|
|
173
|
-
|
|
174
|
-
|
|
179
|
+
COALESCE(origin_act_acc.username, origin_acc.username) AS username,
|
|
180
|
+
COALESCE(target_act_acc.username, target_acc.username) AS target_username
|
|
175
181
|
FROM audit_log al
|
|
176
|
-
LEFT JOIN
|
|
177
|
-
LEFT JOIN account
|
|
182
|
+
LEFT JOIN actor origin_act ON origin_act.id = al.actor_id
|
|
183
|
+
LEFT JOIN account origin_act_acc ON origin_act_acc.id = origin_act.account_id
|
|
184
|
+
LEFT JOIN account origin_acc ON origin_acc.id = al.account_id
|
|
185
|
+
LEFT JOIN actor target_act ON target_act.id = al.target_actor_id
|
|
186
|
+
LEFT JOIN account target_act_acc ON target_act_acc.id = target_act.account_id
|
|
187
|
+
LEFT JOIN account target_acc ON target_acc.id = al.target_account_id
|
|
178
188
|
${where} ORDER BY al.seq DESC LIMIT $${param_index++} OFFSET $${param_index}`, [...params, limit, offset]);
|
|
179
189
|
};
|
|
180
190
|
/**
|
|
@@ -186,12 +196,19 @@ export const query_audit_log_list_with_usernames = async (deps, options) => {
|
|
|
186
196
|
* @returns role_grant history events with `username` and `target_username`
|
|
187
197
|
*/
|
|
188
198
|
export const query_audit_log_list_role_grant_history = async (deps, limit = AUDIT_LOG_DEFAULT_LIMIT, offset = 0) => {
|
|
199
|
+
// Same actor-chained JOIN as `query_audit_log_list_with_usernames` —
|
|
200
|
+
// see the comment there for rationale (forensic future-proofing for
|
|
201
|
+
// N:1 multi-actor; v1 1:1 picks the same username via either branch).
|
|
189
202
|
return deps.db.query(`SELECT al.*,
|
|
190
|
-
|
|
191
|
-
|
|
203
|
+
COALESCE(origin_act_acc.username, origin_acc.username) AS username,
|
|
204
|
+
COALESCE(target_act_acc.username, target_acc.username) AS target_username
|
|
192
205
|
FROM audit_log al
|
|
193
|
-
LEFT JOIN
|
|
194
|
-
LEFT JOIN account
|
|
206
|
+
LEFT JOIN actor origin_act ON origin_act.id = al.actor_id
|
|
207
|
+
LEFT JOIN account origin_act_acc ON origin_act_acc.id = origin_act.account_id
|
|
208
|
+
LEFT JOIN account origin_acc ON origin_acc.id = al.account_id
|
|
209
|
+
LEFT JOIN actor target_act ON target_act.id = al.target_actor_id
|
|
210
|
+
LEFT JOIN account target_act_acc ON target_act_acc.id = target_act.account_id
|
|
211
|
+
LEFT JOIN account target_acc ON target_acc.id = al.target_account_id
|
|
195
212
|
WHERE al.event_type IN ('role_grant_create', 'role_grant_revoke')
|
|
196
213
|
ORDER BY al.seq DESC LIMIT $1 OFFSET $2`, [limit, offset]);
|
|
197
214
|
};
|
|
@@ -77,10 +77,10 @@ export declare const RoleGrantOfferRetractInput: z.ZodObject<{
|
|
|
77
77
|
}, z.core.$strict>;
|
|
78
78
|
export type RoleGrantOfferRetractInput = z.infer<typeof RoleGrantOfferRetractInput>;
|
|
79
79
|
/** Input for `role_grant_offer_list`. `account_id` is admin-only (inspect another account's inbox). */
|
|
80
|
-
export declare const RoleGrantOfferListInput: z.ZodObject<{
|
|
80
|
+
export declare const RoleGrantOfferListInput: z.ZodDefault<z.ZodObject<{
|
|
81
81
|
account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
|
|
82
82
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
83
|
-
}, z.core.$strict
|
|
83
|
+
}, z.core.$strict>>;
|
|
84
84
|
export type RoleGrantOfferListInput = z.infer<typeof RoleGrantOfferListInput>;
|
|
85
85
|
/**
|
|
86
86
|
* Input for `role_grant_revoke`. Admin-only mutation that revokes an active
|
|
@@ -101,12 +101,12 @@ export type RoleGrantRevokeInput = z.infer<typeof RoleGrantRevokeInput>;
|
|
|
101
101
|
* in either direction (recipient or grantor), including terminal rows, newest
|
|
102
102
|
* first. `account_id` is admin-only.
|
|
103
103
|
*/
|
|
104
|
-
export declare const RoleGrantOfferHistoryInput: z.ZodObject<{
|
|
104
|
+
export declare const RoleGrantOfferHistoryInput: z.ZodDefault<z.ZodObject<{
|
|
105
105
|
account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
|
|
106
106
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
107
107
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
108
108
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
109
|
-
}, z.core.$strict
|
|
109
|
+
}, z.core.$strict>>;
|
|
110
110
|
export type RoleGrantOfferHistoryInput = z.infer<typeof RoleGrantOfferHistoryInput>;
|
|
111
111
|
/** Output for `role_grant_offer_create`. */
|
|
112
112
|
export declare const RoleGrantOfferCreateOutput: z.ZodObject<{
|
|
@@ -340,10 +340,10 @@ export declare const role_grant_offer_list_action_spec: {
|
|
|
340
340
|
actor: "required";
|
|
341
341
|
};
|
|
342
342
|
side_effects: false;
|
|
343
|
-
input: z.ZodObject<{
|
|
343
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
344
344
|
account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
|
|
345
345
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
346
|
-
}, z.core.$strict
|
|
346
|
+
}, z.core.$strict>>;
|
|
347
347
|
output: z.ZodObject<{
|
|
348
348
|
offers: z.ZodArray<z.ZodObject<{
|
|
349
349
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
@@ -376,12 +376,12 @@ export declare const role_grant_offer_history_action_spec: {
|
|
|
376
376
|
actor: "required";
|
|
377
377
|
};
|
|
378
378
|
side_effects: false;
|
|
379
|
-
input: z.ZodObject<{
|
|
379
|
+
input: z.ZodDefault<z.ZodObject<{
|
|
380
380
|
account_id: z.ZodOptional<z.ZodNullable<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>>;
|
|
381
381
|
limit: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
382
382
|
offset: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
|
|
383
383
|
acting: z.ZodOptional<z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">>;
|
|
384
|
-
}, z.core.$strict
|
|
384
|
+
}, z.core.$strict>>;
|
|
385
385
|
output: z.ZodObject<{
|
|
386
386
|
offers: z.ZodArray<z.ZodObject<{
|
|
387
387
|
id: z.core.$ZodBranded<z.ZodUUID, "Uuid", "out">;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"role_grant_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_grant_offer_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAUzE,oEAAoE;AACpE,eAAO,MAAM,kCAAkC,EAAG,8BAAuC,CAAC;AAC1F,kEAAkE;AAClE,eAAO,MAAM,+BAA+B,EAAG,2BAAoC,CAAC;AACpF,sDAAsD;AACtD,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,wGAAwG;AACxG,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AACtF,uIAAuI;AACvI,eAAO,MAAM,yCAAyC,EACrD,qCAA8C,CAAC;AAChD,gKAAgK;AAChK,eAAO,MAAM,qCAAqC,EAAG,iCAA0C,CAAC;AAChG,6FAA6F;AAC7F,eAAO,MAAM,qCAAqC,EAAG,iCAA0C,CAAC;AAChG,wHAAwH;AACxH,eAAO,MAAM,6CAA6C,EACzD,yCAAkD,CAAC;AAIpD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;kBAoBpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;;kBAQrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,uGAAuG;AACvG,eAAO,MAAM,uBAAuB;;;
|
|
1
|
+
{"version":3,"file":"role_grant_offer_action_specs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/auth/role_grant_offer_action_specs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AAUzE,oEAAoE;AACpE,eAAO,MAAM,kCAAkC,EAAG,8BAAuC,CAAC;AAC1F,kEAAkE;AAClE,eAAO,MAAM,+BAA+B,EAAG,2BAAoC,CAAC;AACpF,sDAAsD;AACtD,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAClF,wGAAwG;AACxG,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AACtF,uIAAuI;AACvI,eAAO,MAAM,yCAAyC,EACrD,qCAA8C,CAAC;AAChD,gKAAgK;AAChK,eAAO,MAAM,qCAAqC,EAAG,iCAA0C,CAAC;AAChG,6FAA6F;AAC7F,eAAO,MAAM,qCAAqC,EAAG,iCAA0C,CAAC;AAChG,wHAAwH;AACxH,eAAO,MAAM,6CAA6C,EACzD,yCAAkD,CAAC;AAIpD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB;;;;;;;;kBAoBpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,2CAA2C;AAC3C,eAAO,MAAM,yBAAyB;;;kBAGpC,CAAC;AACH,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,yBAAyB,CAAC,CAAC;AAElF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;;kBAQrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;kBAGrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,uGAAuG;AACvG,eAAO,MAAM,uBAAuB;;;mBAOvB,CAAC;AACd,MAAM,MAAM,uBAAuB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,uBAAuB,CAAC,CAAC;AAE9E;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB;;;;;kBAQ/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;GAIG;AACH,eAAO,MAAM,0BAA0B;;;;;mBAa1B,CAAC;AACd,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;kBAErC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,4CAA4C;AAC5C,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;;;;;;;kBAIrC,CAAC;AACH,MAAM,MAAM,0BAA0B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,0BAA0B,CAAC,CAAC;AAEpF,0EAA0E;AAC1E,eAAO,MAAM,sBAAsB;;kBAAwC,CAAC;AAC5E,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,0CAA0C;AAC1C,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;kBAAwD,CAAC;AAC9F,MAAM,MAAM,wBAAwB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAEhF,6CAA6C;AAC7C,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;kBAAwD,CAAC;AACjG,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,sCAAsC;AACtC,eAAO,MAAM,qBAAqB;;;kBAGhC,CAAC;AACH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC;AAI1E,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiBX,CAAC;AAEtC,eAAO,MAAM,mCAAmC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiBX,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,iCAAiC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWT,CAAC;AAEtC,eAAO,MAAM,oCAAoC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAWZ,CAAC;AAEtC,eAAO,MAAM,6BAA6B;;;;;;;;;;;;;;;;;;;;;;;;CAaL,CAAC;AAEtC;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,KAAK,CAAC,yBAAyB,CAQ9E,CAAC"}
|
|
@@ -93,12 +93,14 @@ export const RoleGrantOfferRetractInput = z.strictObject({
|
|
|
93
93
|
acting: ActingActor,
|
|
94
94
|
});
|
|
95
95
|
/** Input for `role_grant_offer_list`. `account_id` is admin-only (inspect another account's inbox). */
|
|
96
|
-
export const RoleGrantOfferListInput = z
|
|
96
|
+
export const RoleGrantOfferListInput = z
|
|
97
|
+
.strictObject({
|
|
97
98
|
account_id: Uuid.nullish().meta({
|
|
98
99
|
description: 'Admin-only — list offers for another account. Defaults to the caller.',
|
|
99
100
|
}),
|
|
100
101
|
acting: ActingActor,
|
|
101
|
-
})
|
|
102
|
+
})
|
|
103
|
+
.default({});
|
|
102
104
|
/**
|
|
103
105
|
* Input for `role_grant_revoke`. Admin-only mutation that revokes an active
|
|
104
106
|
* role_grant on a target actor. `actor_id` is the natural key — role_grants are
|
|
@@ -119,7 +121,8 @@ export const RoleGrantRevokeInput = z.strictObject({
|
|
|
119
121
|
* in either direction (recipient or grantor), including terminal rows, newest
|
|
120
122
|
* first. `account_id` is admin-only.
|
|
121
123
|
*/
|
|
122
|
-
export const RoleGrantOfferHistoryInput = z
|
|
124
|
+
export const RoleGrantOfferHistoryInput = z
|
|
125
|
+
.strictObject({
|
|
123
126
|
account_id: Uuid.nullish().meta({
|
|
124
127
|
description: 'Admin-only — history for another account. Defaults to the caller.',
|
|
125
128
|
}),
|
|
@@ -130,7 +133,8 @@ export const RoleGrantOfferHistoryInput = z.strictObject({
|
|
|
130
133
|
description: 'Pagination offset (default 0).',
|
|
131
134
|
}),
|
|
132
135
|
acting: ActingActor,
|
|
133
|
-
})
|
|
136
|
+
})
|
|
137
|
+
.default({});
|
|
134
138
|
/** Output for `role_grant_offer_create`. */
|
|
135
139
|
export const RoleGrantOfferCreateOutput = z.strictObject({
|
|
136
140
|
offer: RoleGrantOfferJson,
|
package/dist/http/CLAUDE.md
CHANGED
|
@@ -287,7 +287,7 @@ invariant 2's throw) was the empirical confirmation.
|
|
|
287
287
|
- **Bootstrap**: `ERROR_ALREADY_BOOTSTRAPPED`, `ERROR_TOKEN_FILE_MISSING`,
|
|
288
288
|
`ERROR_BOOTSTRAP_NOT_CONFIGURED`
|
|
289
289
|
- **Signup/invites**: `ERROR_NO_MATCHING_INVITE`, `ERROR_SIGNUP_CONFLICT`,
|
|
290
|
-
`ERROR_INVITE_NOT_FOUND`,
|
|
290
|
+
`ERROR_INVITE_NOT_FOUND`,
|
|
291
291
|
`ERROR_INVITE_DUPLICATE`, `ERROR_INVITE_ACCOUNT_EXISTS_USERNAME`,
|
|
292
292
|
`ERROR_INVITE_ACCOUNT_EXISTS_EMAIL`
|
|
293
293
|
- **Admin**: `ERROR_ROLE_NOT_WEB_GRANTABLE`, `ERROR_ROLE_GRANT_NOT_FOUND`,
|
|
@@ -102,8 +102,6 @@ export declare const ERROR_NO_MATCHING_INVITE: "no_matching_invite";
|
|
|
102
102
|
export declare const ERROR_SIGNUP_CONFLICT: "signup_conflict";
|
|
103
103
|
/** Invite not found (for delete operations). */
|
|
104
104
|
export declare const ERROR_INVITE_NOT_FOUND: "invite_not_found";
|
|
105
|
-
/** Invite must have at least an email or username. */
|
|
106
|
-
export declare const ERROR_INVITE_MISSING_IDENTIFIER: "invite_missing_identifier";
|
|
107
105
|
/** An unclaimed invite already exists for this email or username. */
|
|
108
106
|
export declare const ERROR_INVITE_DUPLICATE: "invite_duplicate";
|
|
109
107
|
/** An account already exists with this invite's username. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"error_schemas.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/error_schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAc,KAAK,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAI5D,0CAA0C;AAC1C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,uDAAuD;AACvD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,6CAA6C;AAC7C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAI1E,wCAAwC;AACxC,eAAO,MAAM,6BAA6B,EAAG,yBAAkC,CAAC;AAEhF,+CAA+C;AAC/C,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF,yCAAyC;AACzC,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,sFAAsF;AACtF,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,qDAAqD;AACrD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAIpE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,wCAAwC;AACxC,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,sEAAsE;AACtE,eAAO,MAAM,6BAA6B,EAAG,0CAAmD,CAAC;AAEjG,uEAAuE;AACvE,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,0CAA0C;AAC1C,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAE9D;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E;;;;;;;GAOG;AACH,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAIlE,wFAAwF;AACxF,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8EAA8E;AAC9E,eAAO,MAAM,mCAAmC,EAAG,+BAAwC,CAAC;AAE5F,uDAAuD;AACvD,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,qEAAqE;AACrE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,8DAA8D;AAC9D,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,0GAA0G;AAC1G,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,gDAAgD;AAChD,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,
|
|
1
|
+
{"version":3,"file":"error_schemas.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/error_schemas.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAAc,KAAK,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAI5D,0CAA0C;AAC1C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,uDAAuD;AACvD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,6CAA6C;AAC7C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAI1E,wCAAwC;AACxC,eAAO,MAAM,6BAA6B,EAAG,yBAAkC,CAAC;AAEhF,+CAA+C;AAC/C,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAElF,yCAAyC;AACzC,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,sFAAsF;AACtF,eAAO,MAAM,yBAAyB,EAAG,qBAA8B,CAAC;AAExE,qDAAqD;AACrD,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAIpE,uCAAuC;AACvC,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,wCAAwC;AACxC,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE,sEAAsE;AACtE,eAAO,MAAM,6BAA6B,EAAG,0CAAmD,CAAC;AAEjG,uEAAuE;AACvE,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,0CAA0C;AAC1C,eAAO,MAAM,uBAAuB,EAAG,mBAA4B,CAAC;AAEpE;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,EAAG,gBAAyB,CAAC;AAE9D;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E;;;;;;;GAOG;AACH,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAIlE,wFAAwF;AACxF,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8EAA8E;AAC9E,eAAO,MAAM,mCAAmC,EAAG,+BAAwC,CAAC;AAE5F,uDAAuD;AACvD,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,qEAAqE;AACrE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,8CAA8C;AAC9C,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,8DAA8D;AAC9D,eAAO,MAAM,8BAA8B,EAAG,0BAAmC,CAAC;AAIlF,0DAA0D;AAC1D,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAEtE,0GAA0G;AAC1G,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,gDAAgD;AAChD,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,qEAAqE;AACrE,eAAO,MAAM,sBAAsB,EAAG,kBAA2B,CAAC;AAElE,6DAA6D;AAC7D,eAAO,MAAM,oCAAoC,EAAG,gCAAyC,CAAC;AAE9F,0DAA0D;AAC1D,eAAO,MAAM,iCAAiC,EAAG,6BAAsC,CAAC;AAIxF,6DAA6D;AAC7D,eAAO,MAAM,4BAA4B,EAAG,wBAAiC,CAAC;AAE9E,gEAAgE;AAChE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,oEAAoE;AACpE,eAAO,MAAM,wBAAwB,EAAG,oBAA6B,CAAC;AAItE,kDAAkD;AAClD,eAAO,MAAM,2BAA2B,EAAG,uBAAgC,CAAC;AAE5E,oDAAoD;AACpD,eAAO,MAAM,qBAAqB,EAAG,iBAA0B,CAAC;AAEhE,iEAAiE;AACjE,eAAO,MAAM,0BAA0B,EAAG,sBAA+B,CAAC;AAE1E,6CAA6C;AAC7C,eAAO,MAAM,mBAAmB,EAAG,eAAwB,CAAC;AAE5D,wEAAwE;AACxE,eAAO,MAAM,gCAAgC,EAAG,4BAAqC,CAAC;AAKtF,iFAAiF;AACjF,eAAO,MAAM,QAAQ;;iBAAqC,CAAC;AAC3D,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,QAAQ,CAAC,CAAC;AAEhD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;iBAgB1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe;;;iBAG1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;;;;;;;GAUG;AACH,eAAO,MAAM,2BAA2B;;;iBAGtC,CAAC;AACH,MAAM,MAAM,2BAA2B,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAEtF,2EAA2E;AAC3E,eAAO,MAAM,cAAc;;;iBAGzB,CAAC;AACH,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAE5D,uFAAuF;AACvF,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE,qFAAqF;AACrF,eAAO,MAAM,eAAe;;iBAE1B,CAAC;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC;AAE9D;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,kBAAkB;;;;;;iBAG7B,CAAC;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAC;AAEpE,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,eAAO,MAAM,sBAAsB;;iBAEjC,CAAC;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAE5E,eAAO,MAAM,oBAAoB;;iBAE/B,CAAC;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,oBAAoB,CAAC,CAAC;AAExE;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;AAEnE;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY;;;;EAAoC,CAAC;AAC9D,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAC;AAExD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,WAAW,yBAAyB;IACzC,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,UAAU,CAAC,EAAE,YAAY,CAAC;CAC1B;AAED,eAAO,MAAM,oBAAoB,GAAI,yDAMlC,yBAAyB,KAAG,iBAwC9B,CAAC"}
|
|
@@ -108,8 +108,6 @@ export const ERROR_NO_MATCHING_INVITE = 'no_matching_invite';
|
|
|
108
108
|
export const ERROR_SIGNUP_CONFLICT = 'signup_conflict';
|
|
109
109
|
/** Invite not found (for delete operations). */
|
|
110
110
|
export const ERROR_INVITE_NOT_FOUND = 'invite_not_found';
|
|
111
|
-
/** Invite must have at least an email or username. */
|
|
112
|
-
export const ERROR_INVITE_MISSING_IDENTIFIER = 'invite_missing_identifier';
|
|
113
111
|
/** An unclaimed invite already exists for this email or username. */
|
|
114
112
|
export const ERROR_INVITE_DUPLICATE = 'invite_duplicate';
|
|
115
113
|
/** An account already exists with this invite's username. */
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adversarial_input.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_input.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAUtB,OAAO,EAEN,0BAA0B,EAC1B,uBAAuB,EAGvB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AA8ChE,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,OAAO,0BAA0B,GAAG,OAAO,uBAAuB,CAAC;CACnF;AAED,UAAU,cAAc;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAID;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,aAAa,
|
|
1
|
+
{"version":3,"file":"adversarial_input.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_input.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAUtB,OAAO,EAEN,0BAA0B,EAC1B,uBAAuB,EAGvB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AA8ChE,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,OAAO,0BAA0B,GAAG,OAAO,uBAAuB,CAAC;CACnF;AAED,UAAU,cAAc;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAID;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,aAAa,CAoMtF,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GAAI,eAAe,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,cAAc,CA+B3F,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,aAAa,CA4CxF,CAAC;AAqBF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GAAI,SAAS,sBAAsB,KAAG,IA4M5E,CAAC"}
|
|
@@ -89,7 +89,20 @@ export const generate_input_test_cases = (input_schema) => {
|
|
|
89
89
|
continue;
|
|
90
90
|
base[field.name] = generate_valid_value(field, object_schema.shape[field.name]);
|
|
91
91
|
}
|
|
92
|
-
|
|
92
|
+
let base_result = input_schema.safeParse(base);
|
|
93
|
+
if (!base_result.success) {
|
|
94
|
+
// Fallback for schemas with a top-level `.refine()` that requires at
|
|
95
|
+
// least one of N optional fields. Fill optional fields until the base
|
|
96
|
+
// satisfies validation; surfaces a clear error if no combination works.
|
|
97
|
+
for (const field of fields) {
|
|
98
|
+
if (field.required || field.has_default || field.name in base)
|
|
99
|
+
continue;
|
|
100
|
+
base[field.name] = generate_valid_value(field, object_schema.shape[field.name]);
|
|
101
|
+
base_result = input_schema.safeParse(base);
|
|
102
|
+
if (base_result.success)
|
|
103
|
+
break;
|
|
104
|
+
}
|
|
105
|
+
}
|
|
93
106
|
if (!base_result.success) {
|
|
94
107
|
throw new Error(`adversarial_input: generated base object fails validation for schema — ` +
|
|
95
108
|
`fix generate_valid_value for: ${base_result.error.issues.map((i) => `${i.path.join('.')}: ${i.message}`).join(', ')}`);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema_generators.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/schema_generators.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAKN,KAAK,YAAY,EACjB,MAAM,yBAAyB,CAAC;AAIjC;;;GAGG;AACH,eAAO,MAAM,aAAa,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,MAAM,GAAG,
|
|
1
|
+
{"version":3,"file":"schema_generators.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/schema_generators.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;GAQG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AACtB,OAAO,EAKN,KAAK,YAAY,EACjB,MAAM,yBAAyB,CAAC;AAIjC;;;GAGG;AACH,eAAO,MAAM,aAAa,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,MAAM,GAAG,IAkBhE,CAAC;AA+FF,qEAAqE;AACrE,eAAO,MAAM,oBAAoB,GAAI,OAAO,YAAY,EAAE,cAAc,CAAC,CAAC,OAAO,KAAG,OA+EnF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,kBAAkB,GAAI,MAAM,MAAM,EAAE,gBAAgB,CAAC,CAAC,SAAS,KAAG,MAa9E,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,mBAAmB,GAC/B,cAAc,CAAC,CAAC,OAAO,KACrB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SA6B5B,CAAC"}
|
|
@@ -22,6 +22,18 @@ export const detect_format = (field_schema) => {
|
|
|
22
22
|
return json.format;
|
|
23
23
|
if (typeof json.pattern === 'string')
|
|
24
24
|
return 'pattern';
|
|
25
|
+
// `.nullish()` / `.nullable()` produce `anyOf: [{format, …}, {type: 'null'}]`
|
|
26
|
+
// — descend into the first non-null branch so format/pattern surface.
|
|
27
|
+
if (Array.isArray(json.anyOf)) {
|
|
28
|
+
for (const branch of json.anyOf) {
|
|
29
|
+
if (branch.type === 'null')
|
|
30
|
+
continue;
|
|
31
|
+
if (typeof branch.format === 'string')
|
|
32
|
+
return branch.format;
|
|
33
|
+
if (typeof branch.pattern === 'string')
|
|
34
|
+
return 'pattern';
|
|
35
|
+
}
|
|
36
|
+
}
|
|
25
37
|
}
|
|
26
38
|
catch {
|
|
27
39
|
// schema can't be converted, no format
|
|
@@ -254,7 +266,20 @@ export const generate_valid_body = (input_schema) => {
|
|
|
254
266
|
continue;
|
|
255
267
|
body[field.name] = generate_valid_value(field, object_schema.shape[field.name]);
|
|
256
268
|
}
|
|
257
|
-
|
|
269
|
+
let result = input_schema.safeParse(body);
|
|
270
|
+
if (!result.success) {
|
|
271
|
+
// Fallback for schemas with a top-level `.refine()` that requires at
|
|
272
|
+
// least one of N optional fields. Fill optional fields until the body
|
|
273
|
+
// satisfies validation.
|
|
274
|
+
for (const field of fields) {
|
|
275
|
+
if (field.required || field.has_default || field.name in body)
|
|
276
|
+
continue;
|
|
277
|
+
body[field.name] = generate_valid_value(field, object_schema.shape[field.name]);
|
|
278
|
+
result = input_schema.safeParse(body);
|
|
279
|
+
if (result.success)
|
|
280
|
+
break;
|
|
281
|
+
}
|
|
282
|
+
}
|
|
258
283
|
if (!result.success) {
|
|
259
284
|
throw new Error(`generate_valid_body: generated body fails validation — ` +
|
|
260
285
|
`fix generate_valid_value for: ${result.error.issues.map((i) => `${i.path.join('.')}: ${i.message}`).join(', ')}`);
|
|
@@ -58,12 +58,17 @@
|
|
|
58
58
|
load();
|
|
59
59
|
};
|
|
60
60
|
|
|
61
|
+
// Primary identity is actor-grain (`actor_id` / `target_actor_id`,
|
|
62
|
+
// Stage 4 columns); falls back to the account-grain pair for events
|
|
63
|
+
// whose principal has no actor binding (admin verbs). The username
|
|
64
|
+
// resolver in the query chains the same fallback, so the displayed
|
|
65
|
+
// label is identical under v1 1:1.
|
|
61
66
|
const columns: Array<DatatableColumn<AuditLogEventWithUsernamesJson>> = [
|
|
62
67
|
{key: 'created_at', label: 'time', width: 100},
|
|
63
68
|
{key: 'event_type', label: 'event', width: 200},
|
|
64
69
|
{key: 'outcome', label: 'outcome', width: 100},
|
|
65
|
-
{key: '
|
|
66
|
-
{key: '
|
|
70
|
+
{key: 'actor_id', label: 'actor', width: 130},
|
|
71
|
+
{key: 'target_actor_id', label: 'target', width: 130},
|
|
67
72
|
{key: 'ip', label: 'ip', width: 130},
|
|
68
73
|
{key: 'metadata', label: 'metadata', width: 200},
|
|
69
74
|
];
|
|
@@ -114,20 +119,24 @@
|
|
|
114
119
|
>
|
|
115
120
|
{row.outcome}
|
|
116
121
|
</span>
|
|
117
|
-
{:else if column.key === '
|
|
122
|
+
{:else if column.key === 'actor_id'}
|
|
118
123
|
<span class="text_50">
|
|
119
124
|
{#if row.username}
|
|
120
125
|
{row.username}
|
|
126
|
+
{:else if row.actor_id}
|
|
127
|
+
{truncate_uuid(row.actor_id)}
|
|
121
128
|
{:else if row.account_id}
|
|
122
129
|
{truncate_uuid(row.account_id)}
|
|
123
130
|
{:else}
|
|
124
131
|
-
|
|
125
132
|
{/if}
|
|
126
133
|
</span>
|
|
127
|
-
{:else if column.key === '
|
|
134
|
+
{:else if column.key === 'target_actor_id'}
|
|
128
135
|
<span class="text_50">
|
|
129
136
|
{#if row.target_username}
|
|
130
137
|
{row.target_username}
|
|
138
|
+
{:else if row.target_actor_id}
|
|
139
|
+
{truncate_uuid(row.target_actor_id)}
|
|
131
140
|
{:else if row.target_account_id}
|
|
132
141
|
{truncate_uuid(row.target_account_id)}
|
|
133
142
|
{:else}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AdminAuditLog.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAuditLog.svelte"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"AdminAuditLog.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminAuditLog.svelte"],"names":[],"mappings":"AAyKA,QAAA,MAAM,aAAa,2DAAwC,CAAC;AAC5D,KAAK,aAAa,GAAG,UAAU,CAAC,OAAO,aAAa,CAAC,CAAC;AACtD,eAAe,aAAa,CAAC"}
|
|
@@ -72,10 +72,15 @@
|
|
|
72
72
|
{/if}
|
|
73
73
|
{/if}
|
|
74
74
|
{:else if column.key === 'username'}
|
|
75
|
-
|
|
75
|
+
<!-- Prefer actor-grain id in the truncated fallback; account is
|
|
76
|
+
the second fallback for events with no actor binding. -->
|
|
77
|
+
<span class="text_50"
|
|
78
|
+
>{row.username ?? truncate_uuid(row.actor_id ?? row.account_id ?? '?')}</span
|
|
79
|
+
>
|
|
76
80
|
{:else if column.key === 'target_username'}
|
|
77
81
|
<span class="text_50"
|
|
78
|
-
>{row.target_username ??
|
|
82
|
+
>{row.target_username ??
|
|
83
|
+
truncate_uuid(row.target_actor_id ?? row.target_account_id ?? '?')}</span
|
|
79
84
|
>
|
|
80
85
|
{:else if column.key === 'created_at'}
|
|
81
86
|
<span title={format_datetime_local(row.created_at)}>
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AdminRoleGrantHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminRoleGrantHistory.svelte"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"AdminRoleGrantHistory.svelte.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/ui/AdminRoleGrantHistory.svelte"],"names":[],"mappings":"AAmGA,QAAA,MAAM,qBAAqB,2DAAwC,CAAC;AACpE,KAAK,qBAAqB,GAAG,UAAU,CAAC,OAAO,qBAAqB,CAAC,CAAC;AACtE,eAAe,qBAAqB,CAAC"}
|