@goplusvn/core 0.1.0 → 0.1.2

package/dist/auth/index.js

@@ -1,210 +0,0 @@
-'use strict';
-
-// src/auth/auth-service.ts
-async function verifyPassword(password, hash) {
-  try {
-    const bcrypt = await import('bcryptjs');
-    return bcrypt.compareSync(password, hash);
-  } catch (error) {
-    console.error("Error verifying password", error);
-    return false;
-  }
-}
-async function authenticateUser(db, email, password) {
-  try {
-    const user = await db.user.findUnique({
-      where: { email: email.toLowerCase().trim() },
-      select: {
-        id: true,
-        email: true,
-        name: true,
-        avatar: true,
-        password: true,
-        isActive: true
-      }
-    });
-    if (!user) {
-      throw new Error("Invalid email or password");
-    }
-    if (!user.isActive) {
-      throw new Error("ACCOUNT_SUSPENDED");
-    }
-    if (!user.password) {
-      throw new Error("Invalid email or password");
-    }
-    const isPasswordValid = await verifyPassword(password, user.password);
-    if (!isPasswordValid) {
-      throw new Error("Invalid email or password");
-    }
-    await db.user.update({
-      where: { id: user.id },
-      data: { lastLoginAt: /* @__PURE__ */ new Date() }
-    });
-    return {
-      id: user.id,
-      name: user.name || "",
-      email: user.email,
-      avatar: user.avatar || null,
-      status: "ONLINE"
-    };
-  } catch (error) {
-    if (error instanceof Error) {
-      throw error;
-    }
-    throw new Error("Error signing in");
-  }
-}
-
-// src/auth/index.ts
-var ADMIN_ROLE_CODE = "admin";
-var BYPASS_AUTH = process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
-var ACTION_CODES = {
-  create: "create",
-  view: "view",
-  update: "update",
-  delete: "delete",
-  export: "export",
-  import: "import",
-  approve: "approve",
-  reject: "reject"
-};
-function getActionCode(action) {
-  return ACTION_CODES[action] || action;
-}
-function getUserPermissions(session) {
-  if (!session?.user) return [];
-  const user = session.user;
-  if (!user.permissions) {
-    return [];
-  }
-  return user.permissions;
-}
-function getCrudPermissionsFromSession(session, entity) {
-  if (BYPASS_AUTH) {
-    return {
-      create: true,
-      view: true,
-      update: true,
-      delete: true,
-      export: true,
-      import: true,
-      approve: true,
-      reject: true
-    };
-  }
-  if (!session?.user) {
-    return {
-      create: false,
-      view: false,
-      update: false,
-      delete: false,
-      export: false,
-      import: false,
-      approve: false,
-      reject: false
-    };
-  }
-  const user = session.user;
-  if (!user.id) {
-    return {
-      create: false,
-      view: false,
-      update: false,
-      delete: false,
-      export: false,
-      import: false,
-      approve: false,
-      reject: false
-    };
-  }
-  const isAdmin2 = user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN");
-  if (isAdmin2) {
-    return {
-      create: true,
-      view: true,
-      update: true,
-      delete: true,
-      export: true,
-      import: true,
-      approve: true,
-      reject: true
-    };
-  }
-  const permissions = user.permissions || [];
-  const permissionKeys = new Set(
-    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`)
-  );
-  const hasPermission2 = (action) => {
-    const key = `${entity}:${action}`;
-    return permissionKeys.has(key);
-  };
-  return {
-    create: hasPermission2(getActionCode("create")),
-    view: hasPermission2(getActionCode("view")),
-    update: hasPermission2(getActionCode("update")),
-    delete: hasPermission2(getActionCode("delete")),
-    export: hasPermission2(getActionCode("export")),
-    import: hasPermission2(getActionCode("import")),
-    approve: hasPermission2(getActionCode("approve")),
-    reject: hasPermission2(getActionCode("reject"))
-  };
-}
-function checkPermission(session, resourceCode, actionCode) {
-  if (BYPASS_AUTH) {
-    return true;
-  }
-  if (!session?.user) return false;
-  const user = session.user;
-  if (!user.permissions || user.permissions.length === 0) {
-    return false;
-  }
-  if (user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN")) {
-    return true;
-  }
-  return user.permissions.some(
-    (p) => p.resourceCode === resourceCode && p.actionCode === actionCode
-  );
-}
-function hasPermission(session, resourceCode, actionCode) {
-  return checkPermission(session, resourceCode, actionCode);
-}
-function requirePermission(session, resourceCode, actionCode) {
-  if (!checkPermission(session, resourceCode, actionCode)) {
-    throw new Error(
-      `Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`
-    );
-  }
-}
-function hasRole(session, roleCode) {
-  if (!session?.user) return false;
-  const user = session.user;
-  if (!user.roles) {
-    return false;
-  }
-  return user.roles.includes(roleCode);
-}
-function hasAnyRole(session, roleCodes) {
-  if (!session?.user) return false;
-  const user = session.user;
-  if (!user.roles) {
-    return false;
-  }
-  return roleCodes.some((role) => user.roles.includes(role));
-}
-function isAdmin(session) {
-  return hasRole(session, ADMIN_ROLE_CODE);
-}
-
-exports.authenticateUser = authenticateUser;
-exports.checkPermission = checkPermission;
-exports.getActionCode = getActionCode;
-exports.getCrudPermissionsFromSession = getCrudPermissionsFromSession;
-exports.getUserPermissions = getUserPermissions;
-exports.hasAnyRole = hasAnyRole;
-exports.hasPermission = hasPermission;
-exports.hasRole = hasRole;
-exports.isAdmin = isAdmin;
-exports.requirePermission = requirePermission;
-exports.verifyPassword = verifyPassword;
-//# sourceMappingURL=index.js.map
-//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/auth/auth-service.ts","../../src/auth/index.ts"],"names":["isAdmin","hasPermission"],"mappings":";;;AAMA,eAAsB,cAAA,CACpB,UACA,IAAA,EACkB;AAClB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,OAAO,UAAU,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,WAAA,CAAY,QAAA,EAAU,IAAI,CAAA;AAAA,EAC1C,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4BAA4B,KAAK,CAAA;AAC/C,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAmBA,eAAsB,gBAAA,CACpB,EAAA,EACA,KAAA,EACA,QAAA,EAC4B;AAC5B,EAAA,IAAI;AAEF,IAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,IAAA,CAAK,UAAA,CAAW;AAAA,MACpC,OAAO,EAAE,KAAA,EAAO,MAAM,WAAA,EAAY,CAAE,MAAK,EAAE;AAAA,MAC3C,MAAA,EAAQ;AAAA,QACN,EAAA,EAAI,IAAA;AAAA,QACJ,KAAA,EAAO,IAAA;AAAA,QACP,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,QAAA,EAAU,IAAA;AAAA,QACV,QAAA,EAAU;AAAA;AACZ,KACD,CAAA;AAGD,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,eAAA,GAAkB,MAAM,cAAA,CAAe,QAAA,EAAU,KAAK,QAAQ,CAAA;AACpE,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,EAAA,CAAG,KAAK,MAAA,CAAO;AAAA,MACnB,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,MACrB,IAAA,EAAM,EAAE,WAAA,kBAAa,IAAI,MAAK;AAAE,KACjC,CAAA;AAGD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,IAAA,EAAM,KAAK,IAAA,IAAQ,EAAA;AAAA,MACnB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAA,EAAQ,KAAK,MAAA,IAAU,IAAA;AAAA,MACvB,MAAA,EAAQ;AAAA,KACV;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,MAAA,MAAM,KAAA;AAAA,IACR;AACA,IAAA,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAAA,EACpC;AACF;;;ACpDA,IAAM,eAAA,GAAkB,OAAA;AACxB,IAAM,cACJ,OAAA,CAAQ,GAAA,CAAI,gBAAgB,MAAA,IAAU,OAAA,CAAQ,IAAI,WAAA,KAAgB,GAAA;AAGpE,IAAM,YAAA,GAAuC;AAAA,EAC3C,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,MAAA;AAAA,EACN,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAS,SAAA;AAAA,EACT,MAAA,EAAQ;AACV,CAAA;AAKO,SAAS,cAAc,MAAA,EAAwB;AACpD,EAAA,OAAO,YAAA,CAAa,MAAM,CAAA,IAAK,MAAA;AACjC;AASO,SAAS,mBAAmB,OAAA,EAAuC;AACxE,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,EAAC;AAC5B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,OAAO,IAAA,CAAK,WAAA;AACd;AAKO,SAAS,6BAAA,CACd,SACA,MAAA,EACsB;AAEtB,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AAClB,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAMA,QAAAA,GACJ,KAAK,KAAA,EAAO,QAAA,CAAS,eAAe,CAAA,IACpC,IAAA,CAAK,KAAA,EAAO,QAAA,CAAS,aAAa,CAAA;AACpC,EAAA,IAAIA,QAAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAM,WAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AACzC,EAAA,MAAM,iBAAiB,IAAI,GAAA;AAAA,IACzB,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,EAAG,EAAE,YAAY,CAAA,CAAA,EAAI,CAAA,CAAE,UAAU,CAAA,CAAE;AAAA,GAC5D;AAEA,EAAA,MAAMC,cAAAA,GAAgB,CAAC,MAAA,KAAmB;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC/B,IAAA,OAAO,cAAA,CAAe,IAAI,GAAG,CAAA;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,IAAA,EAAMA,cAAAA,CAAc,aAAA,CAAc,MAAM,CAAC,CAAA;AAAA,IACzC,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,OAAA,EAASA,cAAAA,CAAc,aAAA,CAAc,SAAS,CAAC,CAAA;AAAA,IAC/C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC;AAAA,GAC/C;AACF;AAKO,SAAS,eAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACS;AACT,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,IAAA,CAAK,WAAA,IAAe,IAAA,CAAK,WAAA,CAAY,WAAW,CAAA,EAAG;AACtD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IACE,IAAA,CAAK,OAAO,QAAA,CAAS,eAAe,KACpC,IAAA,CAAK,KAAA,EAAO,QAAA,CAAS,aAAa,CAAA,EAClC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,KAAK,WAAA,CAAY,IAAA;AAAA,IACtB,CAAC,CAAA,KAAM,CAAA,CAAE,YAAA,KAAiB,YAAA,IAAgB,EAAE,UAAA,KAAe;AAAA,GAC7D;AACF;AAKO,SAAS,aAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACS;AACT,EAAA,OAAO,eAAA,CAAgB,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA;AAC1D;AAKO,SAAS,iBAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACM;AACN,EAAA,IAAI,CAAC,eAAA,CAAgB,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,4CAAA,EAA+C,UAAU,CAAA,IAAA,EAAO,YAAY,CAAA;AAAA,KAC9E;AAAA,EACF;AACF;AAKO,SAAS,OAAA,CAAQ,SAAyB,QAAA,EAA2B;AAC1E,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,QAAQ,CAAA;AACrC;AAKO,SAAS,UAAA,CACd,SACA,SAAA,EACS;AACT,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,KAAA,CAAO,QAAA,CAAS,IAAI,CAAC,CAAA;AAC5D;AAKO,SAAS,QAAQ,OAAA,EAAkC;AACxD,EAAA,OAAO,OAAA,CAAQ,SAAS,eAAe,CAAA;AACzC","file":"index.js","sourcesContent":["// Define the shape of the Prisma Client required by this service\nexport interface AuthPrismaClient {\n  user: any;\n}\n\n// Dynamic import bcryptjs to avoid Edge Runtime issues\nexport async function verifyPassword(\n  password: string,\n  hash: string,\n): Promise<boolean> {\n  try {\n    const bcrypt = await import(\"bcryptjs\");\n    return bcrypt.compareSync(password, hash);\n  } catch (error) {\n    console.error(\"Error verifying password\", error);\n    return false;\n  }\n}\n\nexport interface AuthenticatedUser {\n  id: string;\n  email: string | null;\n  name: string;\n  avatar: string | null;\n  status: string;\n}\n\nexport interface AuthError {\n  message: string;\n  email?: string;\n}\n\n/**\n * Authenticate user with email and password\n * Returns user data if successful, throws error if failed\n */\nexport async function authenticateUser(\n  db: AuthPrismaClient,\n  email: string,\n  password: string,\n): Promise<AuthenticatedUser> {\n  try {\n    // Query user from database by email\n    const user = await db.user.findUnique({\n      where: { email: email.toLowerCase().trim() },\n      select: {\n        id: true,\n        email: true,\n        name: true,\n        avatar: true,\n        password: true,\n        isActive: true,\n      },\n    });\n\n    // Check if user exists\n    if (!user) {\n      throw new Error(\"Invalid email or password\");\n    }\n\n    // Check if user account is suspended/inactive\n    if (!user.isActive) {\n      throw new Error(\"ACCOUNT_SUSPENDED\");\n    }\n\n    // Verify password\n    if (!user.password) {\n      throw new Error(\"Invalid email or password\");\n    }\n\n    const isPasswordValid = await verifyPassword(password, user.password);\n    if (!isPasswordValid) {\n      throw new Error(\"Invalid email or password\");\n    }\n\n    // Update last login time\n    await db.user.update({\n      where: { id: user.id },\n      data: { lastLoginAt: new Date() },\n    });\n\n    // Return user data (without password)\n    return {\n      id: user.id,\n      name: user.name || \"\",\n      email: user.email,\n      avatar: user.avatar || null,\n      status: \"ONLINE\",\n    };\n  } catch (error) {\n    // Re-throw error with proper message\n    if (error instanceof Error) {\n      throw error;\n    }\n    throw new Error(\"Error signing in\");\n  }\n}\n","// @goerp/core/auth\n// Authentication and RBAC utilities for GoERP\n\nimport type { Session } from \"next-auth\";\n\nexport * from \"./auth-service\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\nexport interface Permission {\n  resourceCode: string;\n  actionCode: string;\n}\n\nexport interface ExtendedUser {\n  id: string;\n  name?: string | null;\n  email?: string | null;\n  image?: string | null;\n  roles?: string[];\n  permissions?: Permission[];\n}\n\nexport interface UserSession {\n  user: ExtendedUser;\n}\n\nexport interface CrudPermissionResult {\n  create: boolean;\n  view: boolean;\n  update: boolean;\n  delete: boolean;\n  export: boolean;\n  import: boolean;\n  approve: boolean;\n  reject: boolean;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\nconst ADMIN_ROLE_CODE = \"admin\";\nconst BYPASS_AUTH =\n  process.env.BYPASS_AUTH === \"true\" || process.env.BYPASS_AUTH === \"1\";\n\n// Action code mapping\nconst ACTION_CODES: Record<string, string> = {\n  create: \"create\",\n  view: \"view\",\n  update: \"update\",\n  delete: \"delete\",\n  export: \"export\",\n  import: \"import\",\n  approve: \"approve\",\n  reject: \"reject\",\n};\n\n/**\n * Get action code from action name\n */\nexport function getActionCode(action: string): string {\n  return ACTION_CODES[action] || action;\n}\n\n// ============================================================================\n// Permission Functions\n// ============================================================================\n\n/**\n * Get all permissions from session\n */\nexport function getUserPermissions(session: Session | null): Permission[] {\n  if (!session?.user) return [];\n  const user = session.user as ExtendedUser;\n\n  if (!user.permissions) {\n    return [];\n  }\n  return user.permissions;\n}\n\n/**\n * Get CRUD permissions from session for a specific entity\n */\nexport function getCrudPermissionsFromSession(\n  session: Session | null,\n  entity: string,\n): CrudPermissionResult {\n  // TEMPORARY: Return all permissions as true if bypass is enabled\n  if (BYPASS_AUTH) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  if (!session?.user) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  const user = session.user as ExtendedUser;\n\n  if (!user.id) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  // Check admin role first (fastest check)\n  const isAdmin =\n    user.roles?.includes(ADMIN_ROLE_CODE) ||\n    user.roles?.includes(\"SUPER_ADMIN\");\n  if (isAdmin) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  // Pre-compute permission keys for fast lookup\n  const permissions = user.permissions || [];\n  const permissionKeys = new Set(\n    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`),\n  );\n\n  const hasPermission = (action: string) => {\n    const key = `${entity}:${action}`;\n    return permissionKeys.has(key);\n  };\n\n  return {\n    create: hasPermission(getActionCode(\"create\")),\n    view: hasPermission(getActionCode(\"view\")),\n    update: hasPermission(getActionCode(\"update\")),\n    delete: hasPermission(getActionCode(\"delete\")),\n    export: hasPermission(getActionCode(\"export\")),\n    import: hasPermission(getActionCode(\"import\")),\n    approve: hasPermission(getActionCode(\"approve\")),\n    reject: hasPermission(getActionCode(\"reject\")),\n  };\n}\n\n/**\n * Check if user has a specific permission\n */\nexport function checkPermission(\n  session: Session | null,\n  resourceCode: string,\n  actionCode: string,\n): boolean {\n  if (BYPASS_AUTH) {\n    return true;\n  }\n\n  if (!session?.user) return false;\n  const user = session.user as ExtendedUser;\n\n  if (!user.permissions || user.permissions.length === 0) {\n    return false;\n  }\n\n  // Admin role bypass\n  if (\n    user.roles?.includes(ADMIN_ROLE_CODE) ||\n    user.roles?.includes(\"SUPER_ADMIN\")\n  ) {\n    return true;\n  }\n\n  return user.permissions.some(\n    (p) => p.resourceCode === resourceCode && p.actionCode === actionCode,\n  );\n}\n\n/**\n * Alias for checkPermission\n */\nexport function hasPermission(\n  session: Session | null,\n  resourceCode: string,\n  actionCode: string,\n): boolean {\n  return checkPermission(session, resourceCode, actionCode);\n}\n\n/**\n * Require permission - throw error if not authorized\n */\nexport function requirePermission(\n  session: Session | null,\n  resourceCode: string,\n  actionCode: string,\n): void {\n  if (!checkPermission(session, resourceCode, actionCode)) {\n    throw new Error(\n      `Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`,\n    );\n  }\n}\n\n/**\n * Check if user has a specific role\n */\nexport function hasRole(session: Session | null, roleCode: string): boolean {\n  if (!session?.user) return false;\n  const user = session.user as ExtendedUser;\n\n  if (!user.roles) {\n    return false;\n  }\n  return user.roles.includes(roleCode);\n}\n\n/**\n * Check if user has any of the specified roles\n */\nexport function hasAnyRole(\n  session: Session | null,\n  roleCodes: string[],\n): boolean {\n  if (!session?.user) return false;\n  const user = session.user as ExtendedUser;\n\n  if (!user.roles) {\n    return false;\n  }\n  return roleCodes.some((role) => user.roles!.includes(role));\n}\n\n/**\n * Check if user is admin\n */\nexport function isAdmin(session: Session | null): boolean {\n  return hasRole(session, ADMIN_ROLE_CODE);\n}\n"]}

package/dist/auth/index.mjs

@@ -1,198 +0,0 @@
-// src/auth/auth-service.ts
-async function verifyPassword(password, hash) {
-  try {
-    const bcrypt = await import('bcryptjs');
-    return bcrypt.compareSync(password, hash);
-  } catch (error) {
-    console.error("Error verifying password", error);
-    return false;
-  }
-}
-async function authenticateUser(db, email, password) {
-  try {
-    const user = await db.user.findUnique({
-      where: { email: email.toLowerCase().trim() },
-      select: {
-        id: true,
-        email: true,
-        name: true,
-        avatar: true,
-        password: true,
-        isActive: true
-      }
-    });
-    if (!user) {
-      throw new Error("Invalid email or password");
-    }
-    if (!user.isActive) {
-      throw new Error("ACCOUNT_SUSPENDED");
-    }
-    if (!user.password) {
-      throw new Error("Invalid email or password");
-    }
-    const isPasswordValid = await verifyPassword(password, user.password);
-    if (!isPasswordValid) {
-      throw new Error("Invalid email or password");
-    }
-    await db.user.update({
-      where: { id: user.id },
-      data: { lastLoginAt: /* @__PURE__ */ new Date() }
-    });
-    return {
-      id: user.id,
-      name: user.name || "",
-      email: user.email,
-      avatar: user.avatar || null,
-      status: "ONLINE"
-    };
-  } catch (error) {
-    if (error instanceof Error) {
-      throw error;
-    }
-    throw new Error("Error signing in");
-  }
-}
-
-// src/auth/index.ts
-var ADMIN_ROLE_CODE = "admin";
-var BYPASS_AUTH = process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
-var ACTION_CODES = {
-  create: "create",
-  view: "view",
-  update: "update",
-  delete: "delete",
-  export: "export",
-  import: "import",
-  approve: "approve",
-  reject: "reject"
-};
-function getActionCode(action) {
-  return ACTION_CODES[action] || action;
-}
-function getUserPermissions(session) {
-  if (!session?.user) return [];
-  const user = session.user;
-  if (!user.permissions) {
-    return [];
-  }
-  return user.permissions;
-}
-function getCrudPermissionsFromSession(session, entity) {
-  if (BYPASS_AUTH) {
-    return {
-      create: true,
-      view: true,
-      update: true,
-      delete: true,
-      export: true,
-      import: true,
-      approve: true,
-      reject: true
-    };
-  }
-  if (!session?.user) {
-    return {
-      create: false,
-      view: false,
-      update: false,
-      delete: false,
-      export: false,
-      import: false,
-      approve: false,
-      reject: false
-    };
-  }
-  const user = session.user;
-  if (!user.id) {
-    return {
-      create: false,
-      view: false,
-      update: false,
-      delete: false,
-      export: false,
-      import: false,
-      approve: false,
-      reject: false
-    };
-  }
-  const isAdmin2 = user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN");
-  if (isAdmin2) {
-    return {
-      create: true,
-      view: true,
-      update: true,
-      delete: true,
-      export: true,
-      import: true,
-      approve: true,
-      reject: true
-    };
-  }
-  const permissions = user.permissions || [];
-  const permissionKeys = new Set(
-    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`)
-  );
-  const hasPermission2 = (action) => {
-    const key = `${entity}:${action}`;
-    return permissionKeys.has(key);
-  };
-  return {
-    create: hasPermission2(getActionCode("create")),
-    view: hasPermission2(getActionCode("view")),
-    update: hasPermission2(getActionCode("update")),
-    delete: hasPermission2(getActionCode("delete")),
-    export: hasPermission2(getActionCode("export")),
-    import: hasPermission2(getActionCode("import")),
-    approve: hasPermission2(getActionCode("approve")),
-    reject: hasPermission2(getActionCode("reject"))
-  };
-}
-function checkPermission(session, resourceCode, actionCode) {
-  if (BYPASS_AUTH) {
-    return true;
-  }
-  if (!session?.user) return false;
-  const user = session.user;
-  if (!user.permissions || user.permissions.length === 0) {
-    return false;
-  }
-  if (user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN")) {
-    return true;
-  }
-  return user.permissions.some(
-    (p) => p.resourceCode === resourceCode && p.actionCode === actionCode
-  );
-}
-function hasPermission(session, resourceCode, actionCode) {
-  return checkPermission(session, resourceCode, actionCode);
-}
-function requirePermission(session, resourceCode, actionCode) {
-  if (!checkPermission(session, resourceCode, actionCode)) {
-    throw new Error(
-      `Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`
-    );
-  }
-}
-function hasRole(session, roleCode) {
-  if (!session?.user) return false;
-  const user = session.user;
-  if (!user.roles) {
-    return false;
-  }
-  return user.roles.includes(roleCode);
-}
-function hasAnyRole(session, roleCodes) {
-  if (!session?.user) return false;
-  const user = session.user;
-  if (!user.roles) {
-    return false;
-  }
-  return roleCodes.some((role) => user.roles.includes(role));
-}
-function isAdmin(session) {
-  return hasRole(session, ADMIN_ROLE_CODE);
-}
-
-export { authenticateUser, checkPermission, getActionCode, getCrudPermissionsFromSession, getUserPermissions, hasAnyRole, hasPermission, hasRole, isAdmin, requirePermission, verifyPassword };
-//# sourceMappingURL=index.mjs.map
-//# sourceMappingURL=index.mjs.map

package/dist/auth/index.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../src/auth/auth-service.ts","../../src/auth/index.ts"],"names":["isAdmin","hasPermission"],"mappings":";AAMA,eAAsB,cAAA,CACpB,UACA,IAAA,EACkB;AAClB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,OAAO,UAAU,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,WAAA,CAAY,QAAA,EAAU,IAAI,CAAA;AAAA,EAC1C,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4BAA4B,KAAK,CAAA;AAC/C,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAmBA,eAAsB,gBAAA,CACpB,EAAA,EACA,KAAA,EACA,QAAA,EAC4B;AAC5B,EAAA,IAAI;AAEF,IAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,IAAA,CAAK,UAAA,CAAW;AAAA,MACpC,OAAO,EAAE,KAAA,EAAO,MAAM,WAAA,EAAY,CAAE,MAAK,EAAE;AAAA,MAC3C,MAAA,EAAQ;AAAA,QACN,EAAA,EAAI,IAAA;AAAA,QACJ,KAAA,EAAO,IAAA;AAAA,QACP,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,QAAA,EAAU,IAAA;AAAA,QACV,QAAA,EAAU;AAAA;AACZ,KACD,CAAA;AAGD,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,eAAA,GAAkB,MAAM,cAAA,CAAe,QAAA,EAAU,KAAK,QAAQ,CAAA;AACpE,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,EAAA,CAAG,KAAK,MAAA,CAAO;AAAA,MACnB,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,MACrB,IAAA,EAAM,EAAE,WAAA,kBAAa,IAAI,MAAK;AAAE,KACjC,CAAA;AAGD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,IAAA,EAAM,KAAK,IAAA,IAAQ,EAAA;AAAA,MACnB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAA,EAAQ,KAAK,MAAA,IAAU,IAAA;AAAA,MACvB,MAAA,EAAQ;AAAA,KACV;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,MAAA,MAAM,KAAA;AAAA,IACR;AACA,IAAA,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAAA,EACpC;AACF;;;ACpDA,IAAM,eAAA,GAAkB,OAAA;AACxB,IAAM,cACJ,OAAA,CAAQ,GAAA,CAAI,gBAAgB,MAAA,IAAU,OAAA,CAAQ,IAAI,WAAA,KAAgB,GAAA;AAGpE,IAAM,YAAA,GAAuC;AAAA,EAC3C,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,MAAA;AAAA,EACN,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAS,SAAA;AAAA,EACT,MAAA,EAAQ;AACV,CAAA;AAKO,SAAS,cAAc,MAAA,EAAwB;AACpD,EAAA,OAAO,YAAA,CAAa,MAAM,CAAA,IAAK,MAAA;AACjC;AASO,SAAS,mBAAmB,OAAA,EAAuC;AACxE,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,EAAC;AAC5B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,OAAO,IAAA,CAAK,WAAA;AACd;AAKO,SAAS,6BAAA,CACd,SACA,MAAA,EACsB;AAEtB,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AAClB,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAMA,QAAAA,GACJ,KAAK,KAAA,EAAO,QAAA,CAAS,eAAe,CAAA,IACpC,IAAA,CAAK,KAAA,EAAO,QAAA,CAAS,aAAa,CAAA;AACpC,EAAA,IAAIA,QAAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAM,WAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AACzC,EAAA,MAAM,iBAAiB,IAAI,GAAA;AAAA,IACzB,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,EAAG,EAAE,YAAY,CAAA,CAAA,EAAI,CAAA,CAAE,UAAU,CAAA,CAAE;AAAA,GAC5D;AAEA,EAAA,MAAMC,cAAAA,GAAgB,CAAC,MAAA,KAAmB;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC/B,IAAA,OAAO,cAAA,CAAe,IAAI,GAAG,CAAA;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,IAAA,EAAMA,cAAAA,CAAc,aAAA,CAAc,MAAM,CAAC,CAAA;AAAA,IACzC,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,OAAA,EAASA,cAAAA,CAAc,aAAA,CAAc,SAAS,CAAC,CAAA;AAAA,IAC/C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC;AAAA,GAC/C;AACF;AAKO,SAAS,eAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACS;AACT,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,IAAA,CAAK,WAAA,IAAe,IAAA,CAAK,WAAA,CAAY,WAAW,CAAA,EAAG;AACtD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IACE,IAAA,CAAK,OAAO,QAAA,CAAS,eAAe,KACpC,IAAA,CAAK,KAAA,EAAO,QAAA,CAAS,aAAa,CAAA,EAClC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,KAAK,WAAA,CAAY,IAAA;AAAA,IACtB,CAAC,CAAA,KAAM,CAAA,CAAE,YAAA,KAAiB,YAAA,IAAgB,EAAE,UAAA,KAAe;AAAA,GAC7D;AACF;AAKO,SAAS,aAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACS;AACT,EAAA,OAAO,eAAA,CAAgB,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA;AAC1D;AAKO,SAAS,iBAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACM;AACN,EAAA,IAAI,CAAC,eAAA,CAAgB,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,4CAAA,EAA+C,UAAU,CAAA,IAAA,EAAO,YAAY,CAAA;AAAA,KAC9E;AAAA,EACF;AACF;AAKO,SAAS,OAAA,CAAQ,SAAyB,QAAA,EAA2B;AAC1E,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,QAAQ,CAAA;AACrC;AAKO,SAAS,UAAA,CACd,SACA,SAAA,EACS;AACT,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,KAAA,CAAO,QAAA,CAAS,IAAI,CAAC,CAAA;AAC5D;AAKO,SAAS,QAAQ,OAAA,EAAkC;AACxD,EAAA,OAAO,OAAA,CAAQ,SAAS,eAAe,CAAA;AACzC","file":"index.mjs","sourcesContent":["// Define the shape of the Prisma Client required by this service\nexport interface AuthPrismaClient {\n  user: any;\n}\n\n// Dynamic import bcryptjs to avoid Edge Runtime issues\nexport async function verifyPassword(\n  password: string,\n  hash: string,\n): Promise<boolean> {\n  try {\n    const bcrypt = await import(\"bcryptjs\");\n    return bcrypt.compareSync(password, hash);\n  } catch (error) {\n    console.error(\"Error verifying password\", error);\n    return false;\n  }\n}\n\nexport interface AuthenticatedUser {\n  id: string;\n  email: string | null;\n  name: string;\n  avatar: string | null;\n  status: string;\n}\n\nexport interface AuthError {\n  message: string;\n  email?: string;\n}\n\n/**\n * Authenticate user with email and password\n * Returns user data if successful, throws error if failed\n */\nexport async function authenticateUser(\n  db: AuthPrismaClient,\n  email: string,\n  password: string,\n): Promise<AuthenticatedUser> {\n  try {\n    // Query user from database by email\n    const user = await db.user.findUnique({\n      where: { email: email.toLowerCase().trim() },\n      select: {\n        id: true,\n        email: true,\n        name: true,\n        avatar: true,\n        password: true,\n        isActive: true,\n      },\n    });\n\n    // Check if user exists\n    if (!user) {\n      throw new Error(\"Invalid email or password\");\n    }\n\n    // Check if user account is suspended/inactive\n    if (!user.isActive) {\n      throw new Error(\"ACCOUNT_SUSPENDED\");\n    }\n\n    // Verify password\n    if (!user.password) {\n      throw new Error(\"Invalid email or password\");\n    }\n\n    const isPasswordValid = await verifyPassword(password, user.password);\n    if (!isPasswordValid) {\n      throw new Error(\"Invalid email or password\");\n    }\n\n    // Update last login time\n    await db.user.update({\n      where: { id: user.id },\n      data: { lastLoginAt: new Date() },\n    });\n\n    // Return user data (without password)\n    return {\n      id: user.id,\n      name: user.name || \"\",\n      email: user.email,\n      avatar: user.avatar || null,\n      status: \"ONLINE\",\n    };\n  } catch (error) {\n    // Re-throw error with proper message\n    if (error instanceof Error) {\n      throw error;\n    }\n    throw new Error(\"Error signing in\");\n  }\n}\n","// @goerp/core/auth\n// Authentication and RBAC utilities for GoERP\n\nimport type { Session } from \"next-auth\";\n\nexport * from \"./auth-service\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\nexport interface Permission {\n  resourceCode: string;\n  actionCode: string;\n}\n\nexport interface ExtendedUser {\n  id: string;\n  name?: string | null;\n  email?: string | null;\n  image?: string | null;\n  roles?: string[];\n  permissions?: Permission[];\n}\n\nexport interface UserSession {\n  user: ExtendedUser;\n}\n\nexport interface CrudPermissionResult {\n  create: boolean;\n  view: boolean;\n  update: boolean;\n  delete: boolean;\n  export: boolean;\n  import: boolean;\n  approve: boolean;\n  reject: boolean;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\nconst ADMIN_ROLE_CODE = \"admin\";\nconst BYPASS_AUTH =\n  process.env.BYPASS_AUTH === \"true\" || process.env.BYPASS_AUTH === \"1\";\n\n// Action code mapping\nconst ACTION_CODES: Record<string, string> = {\n  create: \"create\",\n  view: \"view\",\n  update: \"update\",\n  delete: \"delete\",\n  export: \"export\",\n  import: \"import\",\n  approve: \"approve\",\n  reject: \"reject\",\n};\n\n/**\n * Get action code from action name\n */\nexport function getActionCode(action: string): string {\n  return ACTION_CODES[action] || action;\n}\n\n// ============================================================================\n// Permission Functions\n// ============================================================================\n\n/**\n * Get all permissions from session\n */\nexport function getUserPermissions(session: Session | null): Permission[] {\n  if (!session?.user) return [];\n  const user = session.user as ExtendedUser;\n\n  if (!user.permissions) {\n    return [];\n  }\n  return user.permissions;\n}\n\n/**\n * Get CRUD permissions from session for a specific entity\n */\nexport function getCrudPermissionsFromSession(\n  session: Session | null,\n  entity: string,\n): CrudPermissionResult {\n  // TEMPORARY: Return all permissions as true if bypass is enabled\n  if (BYPASS_AUTH) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  if (!session?.user) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  const user = session.user as ExtendedUser;\n\n  if (!user.id) {\n    return {\n      create: false,\n      view: false,\n      update: false,\n      delete: false,\n      export: false,\n      import: false,\n      approve: false,\n      reject: false,\n    };\n  }\n\n  // Check admin role first (fastest check)\n  const isAdmin =\n    user.roles?.includes(ADMIN_ROLE_CODE) ||\n    user.roles?.includes(\"SUPER_ADMIN\");\n  if (isAdmin) {\n    return {\n      create: true,\n      view: true,\n      update: true,\n      delete: true,\n      export: true,\n      import: true,\n      approve: true,\n      reject: true,\n    };\n  }\n\n  // Pre-compute permission keys for fast lookup\n  const permissions = user.permissions || [];\n  const permissionKeys = new Set(\n    permissions.map((p) => `${p.resourceCode}:${p.actionCode}`),\n  );\n\n  const hasPermission = (action: string) => {\n    const key = `${entity}:${action}`;\n    return permissionKeys.has(key);\n  };\n\n  return {\n    create: hasPermission(getActionCode(\"create\")),\n    view: hasPermission(getActionCode(\"view\")),\n    update: hasPermission(getActionCode(\"update\")),\n    delete: hasPermission(getActionCode(\"delete\")),\n    export: hasPermission(getActionCode(\"export\")),\n    import: hasPermission(getActionCode(\"import\")),\n    approve: hasPermission(getActionCode(\"approve\")),\n    reject: hasPermission(getActionCode(\"reject\")),\n  };\n}\n\n/**\n * Check if user has a specific permission\n */\nexport function checkPermission(\n  session: Session | null,\n  resourceCode: string,\n  actionCode: string,\n): boolean {\n  if (BYPASS_AUTH) {\n    return true;\n  }\n\n  if (!session?.user) return false;\n  const user = session.user as ExtendedUser;\n\n  if (!user.permissions || user.permissions.length === 0) {\n    return false;\n  }\n\n  // Admin role bypass\n  if (\n    user.roles?.includes(ADMIN_ROLE_CODE) ||\n    user.roles?.includes(\"SUPER_ADMIN\")\n  ) {\n    return true;\n  }\n\n  return user.permissions.some(\n    (p) => p.resourceCode === resourceCode && p.actionCode === actionCode,\n  );\n}\n\n/**\n * Alias for checkPermission\n */\nexport function hasPermission(\n  session: Session | null,\n  resourceCode: string,\n  actionCode: string,\n): boolean {\n  return checkPermission(session, resourceCode, actionCode);\n}\n\n/**\n * Require permission - throw error if not authorized\n */\nexport function requirePermission(\n  session: Session | null,\n  resourceCode: string,\n  actionCode: string,\n): void {\n  if (!checkPermission(session, resourceCode, actionCode)) {\n    throw new Error(\n      `Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`,\n    );\n  }\n}\n\n/**\n * Check if user has a specific role\n */\nexport function hasRole(session: Session | null, roleCode: string): boolean {\n  if (!session?.user) return false;\n  const user = session.user as ExtendedUser;\n\n  if (!user.roles) {\n    return false;\n  }\n  return user.roles.includes(roleCode);\n}\n\n/**\n * Check if user has any of the specified roles\n */\nexport function hasAnyRole(\n  session: Session | null,\n  roleCodes: string[],\n): boolean {\n  if (!session?.user) return false;\n  const user = session.user as ExtendedUser;\n\n  if (!user.roles) {\n    return false;\n  }\n  return roleCodes.some((role) => user.roles!.includes(role));\n}\n\n/**\n * Check if user is admin\n */\nexport function isAdmin(session: Session | null): boolean {\n  return hasRole(session, ADMIN_ROLE_CODE);\n}\n"]}

package/dist/button-1dWvP9Ib.d.mts

@@ -1,30 +0,0 @@
-import * as class_variance_authority_types from 'class-variance-authority/types';
-import * as React from 'react';
-import { VariantProps } from 'class-variance-authority';
-
-/**
- * Button Variants — Enhanced with Plane-inspired semantic tokens
- *
- * New variants:
- * - accent: Brand CTA button (indigo)
- * - danger: Destructive action (red, solid)
- * - danger-outline: Destructive action (red, outlined)
- * - success: Positive action (green)
- *
- * New sizes:
- * - xs: Ultra-compact for ERP table actions
- * - compact: Compact for toolbars
- */
-declare const buttonVariants: (props?: ({
-    variant?: "default" | "destructive" | "outline" | "secondary" | "ghost" | "link" | "success" | "accent" | "danger" | "danger-outline" | "tertiary" | null | undefined;
-    size?: "icon" | "compact" | "default" | "sm" | "lg" | "xs" | "icon-sm" | "icon-xs" | null | undefined;
-} & class_variance_authority_types.ClassProp) | undefined) => string;
-interface ButtonProps extends React.ButtonHTMLAttributes<HTMLButtonElement>, VariantProps<typeof buttonVariants> {
-    asChild?: boolean;
-    loading?: boolean;
-    prependIcon?: React.ReactElement;
-    appendIcon?: React.ReactElement;
-}
-declare const Button: React.ForwardRefExoticComponent<ButtonProps & React.RefAttributes<HTMLButtonElement>>;
-
-export { Button as B, type ButtonProps as a, buttonVariants as b };

package/dist/button-1dWvP9Ib.d.ts

@@ -1,30 +0,0 @@
-import * as class_variance_authority_types from 'class-variance-authority/types';
-import * as React from 'react';
-import { VariantProps } from 'class-variance-authority';
-
-/**
- * Button Variants — Enhanced with Plane-inspired semantic tokens
- *
- * New variants:
- * - accent: Brand CTA button (indigo)
- * - danger: Destructive action (red, solid)
- * - danger-outline: Destructive action (red, outlined)
- * - success: Positive action (green)
- *
- * New sizes:
- * - xs: Ultra-compact for ERP table actions
- * - compact: Compact for toolbars
- */
-declare const buttonVariants: (props?: ({
-    variant?: "default" | "destructive" | "outline" | "secondary" | "ghost" | "link" | "success" | "accent" | "danger" | "danger-outline" | "tertiary" | null | undefined;
-    size?: "icon" | "compact" | "default" | "sm" | "lg" | "xs" | "icon-sm" | "icon-xs" | null | undefined;
-} & class_variance_authority_types.ClassProp) | undefined) => string;
-interface ButtonProps extends React.ButtonHTMLAttributes<HTMLButtonElement>, VariantProps<typeof buttonVariants> {
-    asChild?: boolean;
-    loading?: boolean;
-    prependIcon?: React.ReactElement;
-    appendIcon?: React.ReactElement;
-}
-declare const Button: React.ForwardRefExoticComponent<ButtonProps & React.RefAttributes<HTMLButtonElement>>;
-
-export { Button as B, type ButtonProps as a, buttonVariants as b };

package/dist/calendar-2QzdEo1z.d.mts

@@ -1,20 +0,0 @@
-import * as react_jsx_runtime from 'react/jsx-runtime';
-import * as React from 'react';
-import { ComponentProps } from 'react';
-import * as PopoverPrimitive from '@radix-ui/react-popover';
-import { DayPicker } from 'react-day-picker';
-
-declare function Popover({ ...props }: ComponentProps<typeof PopoverPrimitive.Root>): react_jsx_runtime.JSX.Element;
-declare function PopoverTrigger({ className, ...props }: ComponentProps<typeof PopoverPrimitive.Trigger>): react_jsx_runtime.JSX.Element;
-declare function PopoverAnchor({ ...props }: ComponentProps<typeof PopoverPrimitive.Anchor>): react_jsx_runtime.JSX.Element;
-declare function PopoverContent({ className, align, sideOffset, container, ...props }: ComponentProps<typeof PopoverPrimitive.Content> & {
-    container?: HTMLElement;
-}): react_jsx_runtime.JSX.Element;
-
-type CalendarProps = React.ComponentProps<typeof DayPicker>;
-declare function Calendar({ className, classNames, showOutsideDays, ...props }: CalendarProps): react_jsx_runtime.JSX.Element;
-declare namespace Calendar {
-    var displayName: string;
-}
-
-export { Calendar as C, Popover as P, type CalendarProps as a, PopoverAnchor as b, PopoverContent as c, PopoverTrigger as d };

package/dist/calendar-2QzdEo1z.d.ts

@@ -1,20 +0,0 @@
-import * as react_jsx_runtime from 'react/jsx-runtime';
-import * as React from 'react';
-import { ComponentProps } from 'react';
-import * as PopoverPrimitive from '@radix-ui/react-popover';
-import { DayPicker } from 'react-day-picker';
-
-declare function Popover({ ...props }: ComponentProps<typeof PopoverPrimitive.Root>): react_jsx_runtime.JSX.Element;
-declare function PopoverTrigger({ className, ...props }: ComponentProps<typeof PopoverPrimitive.Trigger>): react_jsx_runtime.JSX.Element;
-declare function PopoverAnchor({ ...props }: ComponentProps<typeof PopoverPrimitive.Anchor>): react_jsx_runtime.JSX.Element;
-declare function PopoverContent({ className, align, sideOffset, container, ...props }: ComponentProps<typeof PopoverPrimitive.Content> & {
-    container?: HTMLElement;
-}): react_jsx_runtime.JSX.Element;
-
-type CalendarProps = React.ComponentProps<typeof DayPicker>;
-declare function Calendar({ className, classNames, showOutsideDays, ...props }: CalendarProps): react_jsx_runtime.JSX.Element;
-declare namespace Calendar {
-    var displayName: string;
-}
-
-export { Calendar as C, Popover as P, type CalendarProps as a, PopoverAnchor as b, PopoverContent as c, PopoverTrigger as d };

package/dist/code-generation/index.d.mts

@@ -1,30 +0,0 @@
-interface CodeGenerationRule {
-    id: string;
-    entityType: string;
-    ruleName: string;
-    prefix: string;
-    pattern: string;
-    sequenceLength: number;
-    resetDaily: boolean;
-    resetMonthly: boolean;
-    resetYearly: boolean;
-    isActive: boolean;
-    createdAt: Date;
-    updatedAt: Date;
-}
-interface CodeGenerationContext {
-    userId: string;
-    date?: Date;
-}
-/**
- * Parse pattern string and replace placeholders
- * Example: "{PREFIX}-{SEQ:3}" -> "WA-001"
- */
-declare function parsePattern(pattern: string, placeholders: Record<string, string>): string;
-/**
- * Build search pattern based on rule configuration
- * Used to query DB for latest code
- */
-declare function buildSearchPattern(rule: Partial<CodeGenerationRule>, date: Date): string;
-
-export { type CodeGenerationContext, type CodeGenerationRule, buildSearchPattern, parsePattern };

package/dist/code-generation/index.d.ts

@@ -1,30 +0,0 @@
-interface CodeGenerationRule {
-    id: string;
-    entityType: string;
-    ruleName: string;
-    prefix: string;
-    pattern: string;
-    sequenceLength: number;
-    resetDaily: boolean;
-    resetMonthly: boolean;
-    resetYearly: boolean;
-    isActive: boolean;
-    createdAt: Date;
-    updatedAt: Date;
-}
-interface CodeGenerationContext {
-    userId: string;
-    date?: Date;
-}
-/**
- * Parse pattern string and replace placeholders
- * Example: "{PREFIX}-{SEQ:3}" -> "WA-001"
- */
-declare function parsePattern(pattern: string, placeholders: Record<string, string>): string;
-/**
- * Build search pattern based on rule configuration
- * Used to query DB for latest code
- */
-declare function buildSearchPattern(rule: Partial<CodeGenerationRule>, date: Date): string;
-
-export { type CodeGenerationContext, type CodeGenerationRule, buildSearchPattern, parsePattern };

package/dist/code-generation/index.js

@@ -1,31 +0,0 @@
-'use strict';
-
-// src/code-generation/index.ts
-function parsePattern(pattern, placeholders) {
-  let result = pattern;
-  for (const [key, value] of Object.entries(placeholders)) {
-    const regex = new RegExp(`\\{${key}(?::\\d+)?\\}`, "g");
-    result = result.replace(regex, value);
-  }
-  return result;
-}
-function buildSearchPattern(rule, date) {
-  const { prefix, resetDaily, resetMonthly, resetYearly } = rule;
-  let searchPattern = `${prefix}-`;
-  if (resetDaily) {
-    const dateStr = `${date.getFullYear()}${(date.getMonth() + 1).toString().padStart(2, "0")}${date.getDate().toString().padStart(2, "0")}`;
-    searchPattern += `${dateStr}-`;
-  } else if (resetMonthly) {
-    const monthStr = `${date.getFullYear()}${(date.getMonth() + 1).toString().padStart(2, "0")}`;
-    searchPattern += `${monthStr}-`;
-  } else if (resetYearly) {
-    const yearStr = date.getFullYear().toString();
-    searchPattern += `${yearStr}-`;
-  }
-  return searchPattern;
-}
-
-exports.buildSearchPattern = buildSearchPattern;
-exports.parsePattern = parsePattern;
-//# sourceMappingURL=index.js.map
-//# sourceMappingURL=index.js.map