@goplusvn/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/audit/index.d.mts +115 -0
- package/dist/audit/index.d.ts +115 -0
- package/dist/audit/index.js +204 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/audit/index.mjs +200 -0
- package/dist/audit/index.mjs.map +1 -0
- package/dist/auth/index.d.mts +86 -0
- package/dist/auth/index.d.ts +86 -0
- package/dist/auth/index.js +210 -0
- package/dist/auth/index.js.map +1 -0
- package/dist/auth/index.mjs +198 -0
- package/dist/auth/index.mjs.map +1 -0
- package/dist/button-1dWvP9Ib.d.mts +30 -0
- package/dist/button-1dWvP9Ib.d.ts +30 -0
- package/dist/calendar-2QzdEo1z.d.mts +20 -0
- package/dist/calendar-2QzdEo1z.d.ts +20 -0
- package/dist/code-generation/index.d.mts +30 -0
- package/dist/code-generation/index.d.ts +30 -0
- package/dist/code-generation/index.js +31 -0
- package/dist/code-generation/index.js.map +1 -0
- package/dist/code-generation/index.mjs +28 -0
- package/dist/code-generation/index.mjs.map +1 -0
- package/dist/configs/index.d.mts +175 -0
- package/dist/configs/index.d.ts +175 -0
- package/dist/configs/index.js +254 -0
- package/dist/configs/index.js.map +1 -0
- package/dist/configs/index.mjs +233 -0
- package/dist/configs/index.mjs.map +1 -0
- package/dist/crud/index.d.mts +646 -0
- package/dist/crud/index.d.ts +646 -0
- package/dist/crud/index.js +11772 -0
- package/dist/crud/index.js.map +1 -0
- package/dist/crud/index.mjs +11665 -0
- package/dist/crud/index.mjs.map +1 -0
- package/dist/crud/server.d.mts +20 -0
- package/dist/crud/server.d.ts +20 -0
- package/dist/crud/server.js +123 -0
- package/dist/crud/server.js.map +1 -0
- package/dist/crud/server.mjs +120 -0
- package/dist/crud/server.mjs.map +1 -0
- package/dist/data-table-skeleton-12NA8Mjx.d.mts +39 -0
- package/dist/data-table-skeleton-12NA8Mjx.d.ts +39 -0
- package/dist/dialog-bKfjZMTd.d.mts +22 -0
- package/dist/dialog-bKfjZMTd.d.ts +22 -0
- package/dist/dynamic-icon-DrGIiu2N.d.mts +10 -0
- package/dist/dynamic-icon-DrGIiu2N.d.ts +10 -0
- package/dist/home/index.d.mts +269 -0
- package/dist/home/index.d.ts +269 -0
- package/dist/home/index.js +1678 -0
- package/dist/home/index.js.map +1 -0
- package/dist/home/index.mjs +1635 -0
- package/dist/home/index.mjs.map +1 -0
- package/dist/hooks/index.d.mts +7 -0
- package/dist/hooks/index.d.ts +7 -0
- package/dist/hooks/index.js +8316 -0
- package/dist/hooks/index.js.map +1 -0
- package/dist/hooks/index.mjs +8255 -0
- package/dist/hooks/index.mjs.map +1 -0
- package/dist/index-50hpiPrV.d.ts +116 -0
- package/dist/index-B9zQVEVi.d.mts +116 -0
- package/dist/index.d.mts +5 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.js +123 -0
- package/dist/index.js.map +1 -0
- package/dist/index.mjs +118 -0
- package/dist/index.mjs.map +1 -0
- package/dist/infrastructure/index.d.mts +423 -0
- package/dist/infrastructure/index.d.ts +423 -0
- package/dist/infrastructure/index.js +633 -0
- package/dist/infrastructure/index.js.map +1 -0
- package/dist/infrastructure/index.mjs +619 -0
- package/dist/infrastructure/index.mjs.map +1 -0
- package/dist/label-DWTEkNPo.d.ts +226 -0
- package/dist/label-LPpdcoBx.d.mts +226 -0
- package/dist/layout/index.d.mts +48 -0
- package/dist/layout/index.d.ts +48 -0
- package/dist/layout/index.js +117 -0
- package/dist/layout/index.js.map +1 -0
- package/dist/layout/index.mjs +90 -0
- package/dist/layout/index.mjs.map +1 -0
- package/dist/navigation/index.d.mts +16 -0
- package/dist/navigation/index.d.ts +16 -0
- package/dist/navigation/index.js +53 -0
- package/dist/navigation/index.js.map +1 -0
- package/dist/navigation/index.mjs +50 -0
- package/dist/navigation/index.mjs.map +1 -0
- package/dist/notification/index.d.mts +105 -0
- package/dist/notification/index.d.ts +105 -0
- package/dist/notification/index.js +278 -0
- package/dist/notification/index.js.map +1 -0
- package/dist/notification/index.mjs +274 -0
- package/dist/notification/index.mjs.map +1 -0
- package/dist/organization/index.d.mts +99 -0
- package/dist/organization/index.d.ts +99 -0
- package/dist/organization/index.js +360 -0
- package/dist/organization/index.js.map +1 -0
- package/dist/organization/index.mjs +352 -0
- package/dist/organization/index.mjs.map +1 -0
- package/dist/plugin/index.d.mts +83 -0
- package/dist/plugin/index.d.ts +83 -0
- package/dist/plugin/index.js +86 -0
- package/dist/plugin/index.js.map +1 -0
- package/dist/plugin/index.mjs +84 -0
- package/dist/plugin/index.mjs.map +1 -0
- package/dist/providers/index.d.mts +25 -0
- package/dist/providers/index.d.ts +25 -0
- package/dist/providers/index.js +84 -0
- package/dist/providers/index.js.map +1 -0
- package/dist/providers/index.mjs +77 -0
- package/dist/providers/index.mjs.map +1 -0
- package/dist/rbac/index.d.mts +226 -0
- package/dist/rbac/index.d.ts +226 -0
- package/dist/rbac/index.js +4784 -0
- package/dist/rbac/index.js.map +1 -0
- package/dist/rbac/index.mjs +4722 -0
- package/dist/rbac/index.mjs.map +1 -0
- package/dist/rbac/permissions.d.mts +26 -0
- package/dist/rbac/permissions.d.ts +26 -0
- package/dist/rbac/permissions.js +94 -0
- package/dist/rbac/permissions.js.map +1 -0
- package/dist/rbac/permissions.mjs +90 -0
- package/dist/rbac/permissions.mjs.map +1 -0
- package/dist/rbac/server.d.mts +1 -0
- package/dist/rbac/server.d.ts +1 -0
- package/dist/rbac/server.js +128 -0
- package/dist/rbac/server.js.map +1 -0
- package/dist/rbac/server.mjs +124 -0
- package/dist/rbac/server.mjs.map +1 -0
- package/dist/schemas/index.d.mts +1257 -0
- package/dist/schemas/index.d.ts +1257 -0
- package/dist/schemas/index.js +572 -0
- package/dist/schemas/index.js.map +1 -0
- package/dist/schemas/index.mjs +523 -0
- package/dist/schemas/index.mjs.map +1 -0
- package/dist/server-QuYCTa89.d.mts +83 -0
- package/dist/server-QuYCTa89.d.ts +83 -0
- package/dist/sonner-C74GlRDQ.d.mts +71 -0
- package/dist/sonner-C74GlRDQ.d.ts +71 -0
- package/dist/status-BOXZgIqX.d.mts +12 -0
- package/dist/status-BOXZgIqX.d.ts +12 -0
- package/dist/system/index.d.mts +77 -0
- package/dist/system/index.d.ts +77 -0
- package/dist/system/index.js +102 -0
- package/dist/system/index.js.map +1 -0
- package/dist/system/index.mjs +100 -0
- package/dist/system/index.mjs.map +1 -0
- package/dist/tabs-C6FfBwPY.d.mts +18 -0
- package/dist/tabs-C6FfBwPY.d.ts +18 -0
- package/dist/tenant-provider-B8eC_Wpb.d.mts +27 -0
- package/dist/tenant-provider-B8eC_Wpb.d.ts +27 -0
- package/dist/types/index.d.mts +469 -0
- package/dist/types/index.d.ts +469 -0
- package/dist/types/index.js +25 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/index.mjs +21 -0
- package/dist/types/index.mjs.map +1 -0
- package/dist/ui/auth.d.mts +39 -0
- package/dist/ui/auth.d.ts +39 -0
- package/dist/ui/auth.js +4941 -0
- package/dist/ui/auth.js.map +1 -0
- package/dist/ui/auth.mjs +4896 -0
- package/dist/ui/auth.mjs.map +1 -0
- package/dist/ui/crud.d.mts +2 -0
- package/dist/ui/crud.d.ts +2 -0
- package/dist/ui/crud.js +4 -0
- package/dist/ui/crud.js.map +1 -0
- package/dist/ui/crud.mjs +3 -0
- package/dist/ui/crud.mjs.map +1 -0
- package/dist/ui/data-display.d.mts +596 -0
- package/dist/ui/data-display.d.ts +596 -0
- package/dist/ui/data-display.js +5307 -0
- package/dist/ui/data-display.js.map +1 -0
- package/dist/ui/data-display.mjs +5212 -0
- package/dist/ui/data-display.mjs.map +1 -0
- package/dist/ui/feedback.d.mts +55 -0
- package/dist/ui/feedback.d.ts +55 -0
- package/dist/ui/feedback.js +2608 -0
- package/dist/ui/feedback.js.map +1 -0
- package/dist/ui/feedback.mjs +2526 -0
- package/dist/ui/feedback.mjs.map +1 -0
- package/dist/ui/forms.d.mts +309 -0
- package/dist/ui/forms.d.ts +309 -0
- package/dist/ui/forms.js +4656 -0
- package/dist/ui/forms.js.map +1 -0
- package/dist/ui/forms.mjs +4571 -0
- package/dist/ui/forms.mjs.map +1 -0
- package/dist/ui/index.d.mts +331 -0
- package/dist/ui/index.d.ts +331 -0
- package/dist/ui/index.js +16953 -0
- package/dist/ui/index.js.map +1 -0
- package/dist/ui/index.mjs +16598 -0
- package/dist/ui/index.mjs.map +1 -0
- package/dist/ui/primitives/client.d.mts +61 -0
- package/dist/ui/primitives/client.d.ts +61 -0
- package/dist/ui/primitives/client.js +3408 -0
- package/dist/ui/primitives/client.js.map +1 -0
- package/dist/ui/primitives/client.mjs +3256 -0
- package/dist/ui/primitives/client.mjs.map +1 -0
- package/dist/ui/primitives.d.mts +113 -0
- package/dist/ui/primitives.d.ts +113 -0
- package/dist/ui/primitives.js +3356 -0
- package/dist/ui/primitives.js.map +1 -0
- package/dist/ui/primitives.mjs +3227 -0
- package/dist/ui/primitives.mjs.map +1 -0
- package/dist/user/index.d.mts +228 -0
- package/dist/user/index.d.ts +228 -0
- package/dist/user/index.js +4306 -0
- package/dist/user/index.js.map +1 -0
- package/dist/user/index.mjs +4260 -0
- package/dist/user/index.mjs.map +1 -0
- package/dist/utils/index.d.mts +205 -0
- package/dist/utils/index.d.ts +205 -0
- package/dist/utils/index.js +574 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/index.mjs +514 -0
- package/dist/utils/index.mjs.map +1 -0
- package/dist/workflow/index.d.mts +40 -0
- package/dist/workflow/index.d.ts +40 -0
- package/dist/workflow/index.js +3710 -0
- package/dist/workflow/index.js.map +1 -0
- package/dist/workflow/index.mjs +3677 -0
- package/dist/workflow/index.mjs.map +1 -0
- package/package.json +311 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/infrastructure/logger/logger.ts","../../src/audit/memory-audit-logger.ts","../../src/audit/audit-manager.ts"],"names":["logger"],"mappings":";AAEA,IAAM,UAAA,GAAuC;AAAA,EAC3C,KAAA,EAAO,CAAA;AAAA,EACP,KAAA,EAAO,CAAA;AAAA,EACP,IAAA,EAAM,CAAA;AAAA,EACN,IAAA,EAAM,CAAA;AAAA,EACN,KAAA,EAAO;AACT,CAAA;AAEA,SAAS,WAAA,GAAwB;AAC/B,EAAA,MAAM,QAAA,GAAW,OAAA,CAAQ,GAAA,CAAI,SAAA,EAAW,WAAA,EAAY;AACpD,EAAA,IAAI,QAAA,IAAY,UAAA,CAAW,QAAQ,CAAA,KAAM,MAAA,EAAW;AAClD,IAAA,OAAO,QAAA;AAAA,EACT;AACA,EAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,GAAe,MAAA,GAAS,OAAA;AAC1D;AAEA,SAAS,aAAA,CACP,KAAA,EACA,IAAA,EACA,OAAA,EACA,OAAA,EACQ;AACR,EAAA,MAAM,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AACzC,EAAA,MAAM,aAAa,OAAA,GAAU,CAAA,CAAA,EAAI,KAAK,SAAA,CAAU,OAAO,CAAC,CAAA,CAAA,GAAK,EAAA;AAC7D,EAAA,OAAO,CAAA,EAAG,SAAS,CAAA,EAAA,EAAK,KAAA,CAAM,WAAA,EAAa,CAAA,GAAA,EAAM,IAAI,CAAA,EAAA,EAAK,OAAO,CAAA,EAAG,UAAU,CAAA,CAAA;AAChF;AAEA,SAAS,SAAA,CAAU,OAAiB,QAAA,EAA6B;AAC/D,EAAA,OAAO,UAAA,CAAW,KAAK,CAAA,IAAK,UAAA,CAAW,QAAQ,CAAA;AACjD;AAEA,IAAM,gBAAN,MAAsC;AAAA,EAIpC,WAAA,CAAY,OAAA,GAAyB,EAAC,EAAG;AACvC,IAAA,IAAA,CAAK,IAAA,GAAO,QAAQ,IAAA,IAAQ,KAAA;AAC5B,IAAA,IAAA,CAAK,KAAA,GAAQ,OAAA,CAAQ,KAAA,IAAS,WAAA,EAAY;AAAA,EAC5C;AAAA,EAEA,KAAA,CAAM,SAAiB,OAAA,EAA4B;AACjD,IAAA,IAAI,SAAA,CAAU,OAAA,EAAS,IAAA,CAAK,KAAK,CAAA,EAAG;AAClC,MAAA,OAAA,CAAQ,IAAI,aAAA,CAAc,OAAA,EAAS,KAAK,IAAA,EAAM,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,IACjE;AAAA,EACF;AAAA,EAEA,KAAA,CAAM,SAAiB,OAAA,EAA4B;AACjD,IAAA,IAAI,SAAA,CAAU,OAAA,EAAS,IAAA,CAAK,KAAK,CAAA,EAAG;AAClC,MAAA,OAAA,CAAQ,IAAI,aAAA,CAAc,OAAA,EAAS,KAAK,IAAA,EAAM,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,IACjE;AAAA,EACF;AAAA,EAEA,IAAA,CAAK,SAAiB,OAAA,EAA4B;AAChD,IAAA,IAAI,SAAA,CAAU,MAAA,EAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AACjC,MAAA,OAAA,CAAQ,KAAK,aAAA,CAAc,MAAA,EAAQ,KAAK,IAAA,EAAM,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,IACjE;AAAA,EACF;AAAA,EAEA,IAAA,CAAK,SAAiB,OAAA,EAA4B;AAChD,IAAA,IAAI,SAAA,CAAU,MAAA,EAAQ,IAAA,CAAK,KAAK,CAAA,EAAG;AACjC,MAAA,OAAA,CAAQ,KAAK,aAAA,CAAc,MAAA,EAAQ,KAAK,IAAA,EAAM,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,IACjE;AAAA,EACF;AAAA,EAEA,KAAA,CAAM,SAAiB,OAAA,EAA4B;AACjD,IAAA,IAAI,SAAA,CAAU,OAAA,EAAS,IAAA,CAAK,KAAK,CAAA,EAAG;AAClC,MAAA,OAAA,CAAQ,MAAM,aAAA,CAAc,OAAA,EAAS,KAAK,IAAA,EAAM,OAAA,EAAS,OAAO,CAAC,CAAA;AAAA,IACnE;AAAA,EACF;AACF,CAAA;AAcO,SAAS,YAAA,CACd,aAAA,GAAwC,EAAC,EACjC;AACR,EAAA,MAAM,UACJ,OAAO,aAAA,KAAkB,WAAW,EAAE,IAAA,EAAM,eAAc,GAAI,aAAA;AAEhE,EAAA,OAAO,IAAI,cAAc,OAAO,CAAA;AAClC;AAGsB,aAAa,KAAK;;;AC5EjC,IAAM,oBAAN,MAA+C;AAAA,EAIpD,WAAA,CAAY,UAAU,GAAA,EAAM;AAH5B,IAAA,IAAA,CAAQ,OAAmB,EAAC;AAI1B,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AAAA,EAEA,MAAM,IAAI,KAAA,EAAgC;AAExC,IAAA,IAAA,CAAK,IAAA,CAAK,QAAQ,KAAK,CAAA;AAGvB,IAAA,IAAI,IAAA,CAAK,IAAA,CAAK,MAAA,GAAS,IAAA,CAAK,OAAA,EAAS;AACnC,MAAA,IAAA,CAAK,OAAO,IAAA,CAAK,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA;AAAA,IAC7C;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA,CAAQ,MAAA,GAAyB,EAAC,EAAe;AAC/C,IAAA,IAAI,WAAW,IAAA,CAAK,IAAA;AAEpB,IAAA,IAAI,OAAO,QAAA,EAAU;AACnB,MAAA,QAAA,GAAW,SAAS,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,SAAA,IAAa,OAAO,QAAS,CAAA;AAAA,IACvE;AAEA,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,QAAA,GAAW,SAAS,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,SAAA,IAAa,OAAO,MAAO,CAAA;AAAA,IACrE;AAEA,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,QAAA,GAAW,SAAS,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,MAAA,KAAW,OAAO,MAAM,CAAA;AAAA,IAClE;AAEA,IAAA,IAAI,OAAO,MAAA,EAAQ;AACjB,MAAA,QAAA,GAAW,SAAS,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,MAAA,KAAW,OAAO,MAAM,CAAA;AAAA,IAClE;AAEA,IAAA,IAAI,OAAO,QAAA,EAAU;AACnB,MAAA,QAAA,GAAW,SAAS,MAAA,CAAO,CAAC,QAAQ,GAAA,CAAI,QAAA,KAAa,OAAO,QAAQ,CAAA;AAAA,IACtE;AAGA,IAAA,IAAI,OAAO,IAAA,EAAM;AACf,MAAA,QAAA,GAAW,QAAA,CAAS,MAAA,CAAO,CAAC,GAAA,KAAQ;AAClC,QAAA,IAAI,OAAO,IAAA,KAAS,OAAA,EAAS,OAAA,CAAQ,GAAA,CAAI,UAAU,GAAA,KAAQ,GAAA;AAC3D,QAAA,IAAI,OAAO,IAAA,KAAS,SAAA;AAClB,UAAA,OAAA,CAAQ,IAAI,MAAA,IAAU,GAAA,KAAQ,GAAA,IAAA,CAAQ,GAAA,CAAI,UAAU,GAAA,IAAO,GAAA;AAC7D,QAAA,OAAA,CAAQ,GAAA,CAAI,UAAU,GAAA,IAAO,GAAA;AAAA,MAC/B,CAAC,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,MAAA,GAAS,OAAO,MAAA,IAAU,CAAA;AAChC,IAAA,MAAM,KAAA,GAAQ,OAAO,KAAA,IAAS,EAAA;AAE9B,IAAA,OAAO,QAAA,CAAS,KAAA,CAAM,MAAA,EAAQ,MAAA,GAAS,KAAK,CAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,KAAA,GAAc;AACZ,IAAA,IAAA,CAAK,OAAO,EAAC;AAAA,EACf;AACF,CAAA;;;AC5EA,IAAMA,OAAAA,GAAS,aAAa,cAAc,CAAA;AAM1C,IAAM,qBAAN,MAAgD;AAAA,EAC9C,MAAM,IAAI,KAAA,EAAgC;AACxC,IAAAA,OAAAA,CAAO,KAAK,CAAA,OAAA,EAAU,KAAA,CAAM,MAAM,CAAA,CAAA,EAAI,KAAA,CAAM,QAAQ,CAAA,CAAA,EAAI;AAAA,MACtD,IAAI,KAAA,CAAM,EAAA;AAAA,MACV,YAAY,KAAA,CAAM,UAAA;AAAA,MAClB,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,SAAS,KAAA,CAAM;AAAA,KAChB,CAAA;AAAA,EACH;AACF;AAmBA,IAAM,mBAAN,MAAuB;AAAA,EAIrB,WAAA,CAAY,OAAA,GAA+B,EAAC,EAAG;AAC7C,IAAA,IAAA,CAAK,WAAA,GAAc,OAAA,CAAQ,MAAA,IAAU,IAAI,iBAAA,EAAkB;AAC3D,IAAA,IAAA,CAAK,oBAAoB,IAAI,GAAA;AAAA,MAC3B,QAAQ,OAAA,IAAW,CAAC,UAAU,QAAA,EAAU,QAAA,EAAU,SAAS,QAAQ;AAAA,KACrE;AAAA,EACF;AAAA;AAAA,EAGA,UAAU,WAAA,EAAgC;AACxC,IAAA,IAAA,CAAK,WAAA,GAAc,WAAA;AAAA,EACrB;AAAA;AAAA,EAGA,eAAe,MAAA,EAAsB;AACnC,IAAA,IAAA,CAAK,iBAAA,CAAkB,IAAI,MAAM,CAAA;AAAA,EACnC;AAAA;AAAA,EAGA,aAAa,MAAA,EAAyB;AACpC,IAAA,OAAO,IAAA,CAAK,iBAAA,CAAkB,GAAA,CAAI,MAAM,CAAA;AAAA,EAC1C;AAAA;AAAA,EAGA,MAAM,IAAI,KAAA,EAAwC;AAChD,IAAA,MAAM,KAAA,GAAkB;AAAA,MACtB,EAAA,EAAI,OAAO,UAAA,EAAW;AAAA,MACtB,GAAG,KAAA;AAAA,MACH,SAAA,sBAAe,IAAA;AAAK,KACtB;AAEA,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,WAAA,CAAY,GAAA,CAAI,KAAK,CAAA;AAAA,IAClC,SAAS,KAAA,EAAO;AACd,MAAAA,OAAAA,CAAO,MAAM,2BAAA,EAA6B,EAAE,OAAO,MAAA,CAAO,KAAK,GAAG,CAAA;AAAA,IACpE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA,CAAQ,MAAA,GAAc,EAAC,EAAe;AACpC,IAAA,IAAI,SAAA,IAAa,KAAK,WAAA,EAAa;AACjC,MAAA,OAAQ,IAAA,CAAK,WAAA,CAAoB,OAAA,CAAQ,MAAM,CAAA;AAAA,IACjD;AACA,IAAA,OAAO,EAAC;AAAA,EACV;AAAA;AAAA,EAGA,UAAA,GAAa;AACX,IAAA,OAAO,OACL,KAMA,IAAA,KACkB;AAClB,MAAA,MAAM,SAAA,GAAY,KAAK,GAAA,EAAI;AAC3B,MAAA,IAAI,KAAA,GAAsB,IAAA;AAE1B,MAAA,IAAI;AACF,QAAA,MAAM,IAAA,EAAK;AAAA,MACb,SAAS,CAAA,EAAG;AACV,QAAA,KAAA,GAAQ,CAAA;AACR,QAAA,MAAM,CAAA;AAAA,MACR,CAAA,SAAE;AACA,QAAA,IAAI,IAAI,MAAA,IAAU,IAAA,CAAK,aAAa,GAAA,CAAI,MAAA,CAAO,UAAU,CAAA,EAAG;AAC1D,UAAA,MAAM,KAAK,GAAA,CAAI;AAAA,YACb,MAAA,EAAQ,IAAI,MAAA,CAAO,UAAA;AAAA,YACnB,QAAA,EAAU,IAAI,MAAA,CAAO,YAAA;AAAA,YACrB,MAAA,EAAQ,GAAA,CAAI,KAAA,EAAO,WAAA,EAAa,EAAA;AAAA,YAChC,QAAA,EAAU,IAAI,KAAA,EAAO,WAAA;AAAA,YACrB,EAAA,EAAI,IAAI,OAAA,EAAS,EAAA;AAAA,YACjB,SAAA,EAAW,GAAA,CAAI,OAAA,EAAS,MAAA,GAAS,YAAY,CAAA;AAAA,YAC7C,MAAA,EAAQ,GAAA,CAAI,MAAA,KAAW,KAAA,GAAQ,GAAA,GAAM,GAAA,CAAA;AAAA,YACrC,QAAA,EAAU;AAAA,cACR,QAAA,EAAU,IAAA,CAAK,GAAA,EAAI,GAAI,SAAA;AAAA,cACvB,GAAI,KAAA,IAAS,EAAE,KAAA,EAAO,MAAM,OAAA;AAAQ;AACtC,WACD,CAAA;AAAA,QACH;AAAA,MACF;AAAA,IACF,CAAA;AAAA,EACF;AACF;AAGO,IAAM,YAAA,GAAe,IAAI,gBAAA","file":"index.mjs","sourcesContent":["import type { Logger, LoggerOptions, LogContext, LogLevel } from \"./types\";\n\nconst LOG_LEVELS: Record<LogLevel, number> = {\n trace: 0,\n debug: 1,\n info: 2,\n warn: 3,\n error: 4,\n};\n\nfunction getLogLevel(): LogLevel {\n const envLevel = process.env.LOG_LEVEL?.toLowerCase() as LogLevel;\n if (envLevel && LOG_LEVELS[envLevel] !== undefined) {\n return envLevel;\n }\n return process.env.NODE_ENV === \"production\" ? \"info\" : \"debug\";\n}\n\nfunction formatMessage(\n level: LogLevel,\n name: string,\n message: string,\n context?: LogContext,\n): string {\n const timestamp = new Date().toISOString();\n const contextStr = context ? ` ${JSON.stringify(context)}` : \"\";\n return `${timestamp} [${level.toUpperCase()}] [${name}] ${message}${contextStr}`;\n}\n\nfunction shouldLog(level: LogLevel, minLevel: LogLevel): boolean {\n return LOG_LEVELS[level] >= LOG_LEVELS[minLevel];\n}\n\nclass ConsoleLogger implements Logger {\n private name: string;\n private level: LogLevel;\n\n constructor(options: LoggerOptions = {}) {\n this.name = options.name || \"App\";\n this.level = options.level || getLogLevel();\n }\n\n trace(message: string, context?: LogContext): void {\n if (shouldLog(\"trace\", this.level)) {\n console.log(formatMessage(\"trace\", this.name, message, context));\n }\n }\n\n debug(message: string, context?: LogContext): void {\n if (shouldLog(\"debug\", this.level)) {\n console.log(formatMessage(\"debug\", this.name, message, context));\n }\n }\n\n info(message: string, context?: LogContext): void {\n if (shouldLog(\"info\", this.level)) {\n console.info(formatMessage(\"info\", this.name, message, context));\n }\n }\n\n warn(message: string, context?: LogContext): void {\n if (shouldLog(\"warn\", this.level)) {\n console.warn(formatMessage(\"warn\", this.name, message, context));\n }\n }\n\n error(message: string, context?: LogContext): void {\n if (shouldLog(\"error\", this.level)) {\n console.error(formatMessage(\"error\", this.name, message, context));\n }\n }\n}\n\n/**\n * Create a logger instance with the given name/options\n *\n * @example\n * ```typescript\n * import { createLogger } from '@goerp/core/infrastructure';\n *\n * const logger = createLogger('OrderService');\n * logger.info('Order created', { orderId: '123' });\n * logger.error('Payment failed', { error: err.message });\n * ```\n */\nexport function createLogger(\n nameOrOptions: string | LoggerOptions = {},\n): Logger {\n const options =\n typeof nameOrOptions === \"string\" ? { name: nameOrOptions } : nameOrOptions;\n\n return new ConsoleLogger(options);\n}\n\n// Default app logger\nexport const logger = createLogger(\"App\");\n","import type { AuditLog, AuditLogger } from \"./types\";\n\n/**\n * Filter options for retrieving audit logs\n */\nexport interface AuditLogFilter {\n fromDate?: Date;\n toDate?: Date;\n userId?: string;\n action?: string;\n resource?: string;\n type?: \"info\" | \"warning\" | \"error\";\n limit?: number;\n offset?: number;\n}\n\n/**\n * In-memory audit logger that supports retrieval\n */\nexport class MemoryAuditLogger implements AuditLogger {\n private logs: AuditLog[] = [];\n private readonly maxLogs: number;\n\n constructor(maxLogs = 1000) {\n this.maxLogs = maxLogs;\n }\n\n async log(entry: AuditLog): Promise<void> {\n // Add to beginning of array\n this.logs.unshift(entry);\n\n // Trim if exceeds max size\n if (this.logs.length > this.maxLogs) {\n this.logs = this.logs.slice(0, this.maxLogs);\n }\n }\n\n /**\n * Get logs with filtering\n */\n getLogs(filter: AuditLogFilter = {}): AuditLog[] {\n let filtered = this.logs;\n\n if (filter.fromDate) {\n filtered = filtered.filter((log) => log.createdAt >= filter.fromDate!);\n }\n\n if (filter.toDate) {\n filtered = filtered.filter((log) => log.createdAt <= filter.toDate!);\n }\n\n if (filter.userId) {\n filtered = filtered.filter((log) => log.userId === filter.userId);\n }\n\n if (filter.action) {\n filtered = filtered.filter((log) => log.action === filter.action);\n }\n\n if (filter.resource) {\n filtered = filtered.filter((log) => log.resource === filter.resource);\n }\n\n // \"type\" filter is a fuzzy mapping based on status code or action name for demo purposes\n if (filter.type) {\n filtered = filtered.filter((log) => {\n if (filter.type === \"error\") return (log.status || 200) >= 400;\n if (filter.type === \"warning\")\n return (log.status || 200) >= 300 && (log.status || 200) < 400;\n return (log.status || 200) < 300;\n });\n }\n\n const offset = filter.offset || 0;\n const limit = filter.limit || 50;\n\n return filtered.slice(offset, offset + limit);\n }\n\n /**\n * Clear all logs\n */\n clear(): void {\n this.logs = [];\n }\n}\n","import type {\n AuditLog,\n AuditLogger,\n AuditManagerOptions,\n CreateAuditInput,\n} from \"./types\";\nimport { createLogger } from \"../infrastructure/logger\";\nimport { MemoryAuditLogger } from \"./memory-audit-logger\";\n\nconst logger = createLogger(\"AuditManager\");\n\n/**\n * Console-based audit logger (default)\n * In production, replace with database or external service\n */\nclass ConsoleAuditLogger implements AuditLogger {\n async log(entry: AuditLog): Promise<void> {\n logger.info(`AUDIT: ${entry.action} ${entry.resource}`, {\n id: entry.id,\n resourceId: entry.resourceId,\n userId: entry.userId,\n changes: entry.changes,\n });\n }\n}\n\n/**\n * AuditManager - tracks actions for compliance and debugging\n *\n * @example\n * ```typescript\n * import { auditManager } from '@goerp/core/audit';\n *\n * // Log an action\n * await auditManager.log({\n * action: 'update',\n * resource: 'purchase-order',\n * resourceId: '123',\n * userId: session.user.id,\n * changes: { status: { old: 'pending', new: 'approved' } }\n * });\n * ```\n */\nclass AuditManagerImpl {\n private auditLogger: AuditLogger;\n private registeredActions: Set<string>;\n\n constructor(options: AuditManagerOptions = {}) {\n this.auditLogger = options.logger || new MemoryAuditLogger();\n this.registeredActions = new Set(\n options.actions || [\"create\", \"update\", \"delete\", \"login\", \"logout\"],\n );\n }\n\n /** Set custom audit logger */\n setLogger(auditLogger: AuditLogger): void {\n this.auditLogger = auditLogger;\n }\n\n /** Register action for automatic auditing */\n registerAction(action: string): void {\n this.registeredActions.add(action);\n }\n\n /** Check if action is registered for auditing */\n isRegistered(action: string): boolean {\n return this.registeredActions.has(action);\n }\n\n /** Log an audit entry */\n async log(input: CreateAuditInput): Promise<void> {\n const entry: AuditLog = {\n id: crypto.randomUUID(),\n ...input,\n createdAt: new Date(),\n };\n\n try {\n await this.auditLogger.log(entry);\n } catch (error) {\n logger.error(\"Failed to log audit entry\", { error: String(error) });\n }\n }\n\n /**\n * Get logs if the logger supports it (specifically MemoryAuditLogger)\n */\n getLogs(filter: any = {}): AuditLog[] {\n if (\"getLogs\" in this.auditLogger) {\n return (this.auditLogger as any).getLogs(filter);\n }\n return [];\n }\n\n /** Create middleware for automatic API route auditing */\n middleware() {\n return async (\n ctx: {\n action?: { actionName: string; resourceName: string };\n state?: { currentUser?: { id: string }; currentRole?: string };\n request?: { ip?: string; header?: Record<string, string> };\n status?: number;\n },\n next: () => Promise<void>,\n ): Promise<void> => {\n const startTime = Date.now();\n let error: Error | null = null;\n\n try {\n await next();\n } catch (e) {\n error = e as Error;\n throw e;\n } finally {\n if (ctx.action && this.isRegistered(ctx.action.actionName)) {\n await this.log({\n action: ctx.action.actionName,\n resource: ctx.action.resourceName,\n userId: ctx.state?.currentUser?.id,\n roleName: ctx.state?.currentRole,\n ip: ctx.request?.ip,\n userAgent: ctx.request?.header?.[\"user-agent\"],\n status: ctx.status || (error ? 500 : 200),\n metadata: {\n duration: Date.now() - startTime,\n ...(error && { error: error.message }),\n },\n });\n }\n }\n };\n }\n}\n\n// Singleton instance\nexport const auditManager = new AuditManagerImpl();\n\n// Export class for testing\nexport { AuditManagerImpl, ConsoleAuditLogger, MemoryAuditLogger };\n"]}
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { Session } from 'next-auth';
|
|
2
|
+
|
|
3
|
+
interface AuthPrismaClient {
|
|
4
|
+
user: any;
|
|
5
|
+
}
|
|
6
|
+
declare function verifyPassword(password: string, hash: string): Promise<boolean>;
|
|
7
|
+
interface AuthenticatedUser {
|
|
8
|
+
id: string;
|
|
9
|
+
email: string | null;
|
|
10
|
+
name: string;
|
|
11
|
+
avatar: string | null;
|
|
12
|
+
status: string;
|
|
13
|
+
}
|
|
14
|
+
interface AuthError {
|
|
15
|
+
message: string;
|
|
16
|
+
email?: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Authenticate user with email and password
|
|
20
|
+
* Returns user data if successful, throws error if failed
|
|
21
|
+
*/
|
|
22
|
+
declare function authenticateUser(db: AuthPrismaClient, email: string, password: string): Promise<AuthenticatedUser>;
|
|
23
|
+
|
|
24
|
+
interface Permission {
|
|
25
|
+
resourceCode: string;
|
|
26
|
+
actionCode: string;
|
|
27
|
+
}
|
|
28
|
+
interface ExtendedUser {
|
|
29
|
+
id: string;
|
|
30
|
+
name?: string | null;
|
|
31
|
+
email?: string | null;
|
|
32
|
+
image?: string | null;
|
|
33
|
+
roles?: string[];
|
|
34
|
+
permissions?: Permission[];
|
|
35
|
+
}
|
|
36
|
+
interface UserSession {
|
|
37
|
+
user: ExtendedUser;
|
|
38
|
+
}
|
|
39
|
+
interface CrudPermissionResult {
|
|
40
|
+
create: boolean;
|
|
41
|
+
view: boolean;
|
|
42
|
+
update: boolean;
|
|
43
|
+
delete: boolean;
|
|
44
|
+
export: boolean;
|
|
45
|
+
import: boolean;
|
|
46
|
+
approve: boolean;
|
|
47
|
+
reject: boolean;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Get action code from action name
|
|
51
|
+
*/
|
|
52
|
+
declare function getActionCode(action: string): string;
|
|
53
|
+
/**
|
|
54
|
+
* Get all permissions from session
|
|
55
|
+
*/
|
|
56
|
+
declare function getUserPermissions(session: Session | null): Permission[];
|
|
57
|
+
/**
|
|
58
|
+
* Get CRUD permissions from session for a specific entity
|
|
59
|
+
*/
|
|
60
|
+
declare function getCrudPermissionsFromSession(session: Session | null, entity: string): CrudPermissionResult;
|
|
61
|
+
/**
|
|
62
|
+
* Check if user has a specific permission
|
|
63
|
+
*/
|
|
64
|
+
declare function checkPermission(session: Session | null, resourceCode: string, actionCode: string): boolean;
|
|
65
|
+
/**
|
|
66
|
+
* Alias for checkPermission
|
|
67
|
+
*/
|
|
68
|
+
declare function hasPermission(session: Session | null, resourceCode: string, actionCode: string): boolean;
|
|
69
|
+
/**
|
|
70
|
+
* Require permission - throw error if not authorized
|
|
71
|
+
*/
|
|
72
|
+
declare function requirePermission(session: Session | null, resourceCode: string, actionCode: string): void;
|
|
73
|
+
/**
|
|
74
|
+
* Check if user has a specific role
|
|
75
|
+
*/
|
|
76
|
+
declare function hasRole(session: Session | null, roleCode: string): boolean;
|
|
77
|
+
/**
|
|
78
|
+
* Check if user has any of the specified roles
|
|
79
|
+
*/
|
|
80
|
+
declare function hasAnyRole(session: Session | null, roleCodes: string[]): boolean;
|
|
81
|
+
/**
|
|
82
|
+
* Check if user is admin
|
|
83
|
+
*/
|
|
84
|
+
declare function isAdmin(session: Session | null): boolean;
|
|
85
|
+
|
|
86
|
+
export { type AuthError, type AuthPrismaClient, type AuthenticatedUser, type CrudPermissionResult, type ExtendedUser, type Permission, type UserSession, authenticateUser, checkPermission, getActionCode, getCrudPermissionsFromSession, getUserPermissions, hasAnyRole, hasPermission, hasRole, isAdmin, requirePermission, verifyPassword };
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
import { Session } from 'next-auth';
|
|
2
|
+
|
|
3
|
+
interface AuthPrismaClient {
|
|
4
|
+
user: any;
|
|
5
|
+
}
|
|
6
|
+
declare function verifyPassword(password: string, hash: string): Promise<boolean>;
|
|
7
|
+
interface AuthenticatedUser {
|
|
8
|
+
id: string;
|
|
9
|
+
email: string | null;
|
|
10
|
+
name: string;
|
|
11
|
+
avatar: string | null;
|
|
12
|
+
status: string;
|
|
13
|
+
}
|
|
14
|
+
interface AuthError {
|
|
15
|
+
message: string;
|
|
16
|
+
email?: string;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Authenticate user with email and password
|
|
20
|
+
* Returns user data if successful, throws error if failed
|
|
21
|
+
*/
|
|
22
|
+
declare function authenticateUser(db: AuthPrismaClient, email: string, password: string): Promise<AuthenticatedUser>;
|
|
23
|
+
|
|
24
|
+
interface Permission {
|
|
25
|
+
resourceCode: string;
|
|
26
|
+
actionCode: string;
|
|
27
|
+
}
|
|
28
|
+
interface ExtendedUser {
|
|
29
|
+
id: string;
|
|
30
|
+
name?: string | null;
|
|
31
|
+
email?: string | null;
|
|
32
|
+
image?: string | null;
|
|
33
|
+
roles?: string[];
|
|
34
|
+
permissions?: Permission[];
|
|
35
|
+
}
|
|
36
|
+
interface UserSession {
|
|
37
|
+
user: ExtendedUser;
|
|
38
|
+
}
|
|
39
|
+
interface CrudPermissionResult {
|
|
40
|
+
create: boolean;
|
|
41
|
+
view: boolean;
|
|
42
|
+
update: boolean;
|
|
43
|
+
delete: boolean;
|
|
44
|
+
export: boolean;
|
|
45
|
+
import: boolean;
|
|
46
|
+
approve: boolean;
|
|
47
|
+
reject: boolean;
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Get action code from action name
|
|
51
|
+
*/
|
|
52
|
+
declare function getActionCode(action: string): string;
|
|
53
|
+
/**
|
|
54
|
+
* Get all permissions from session
|
|
55
|
+
*/
|
|
56
|
+
declare function getUserPermissions(session: Session | null): Permission[];
|
|
57
|
+
/**
|
|
58
|
+
* Get CRUD permissions from session for a specific entity
|
|
59
|
+
*/
|
|
60
|
+
declare function getCrudPermissionsFromSession(session: Session | null, entity: string): CrudPermissionResult;
|
|
61
|
+
/**
|
|
62
|
+
* Check if user has a specific permission
|
|
63
|
+
*/
|
|
64
|
+
declare function checkPermission(session: Session | null, resourceCode: string, actionCode: string): boolean;
|
|
65
|
+
/**
|
|
66
|
+
* Alias for checkPermission
|
|
67
|
+
*/
|
|
68
|
+
declare function hasPermission(session: Session | null, resourceCode: string, actionCode: string): boolean;
|
|
69
|
+
/**
|
|
70
|
+
* Require permission - throw error if not authorized
|
|
71
|
+
*/
|
|
72
|
+
declare function requirePermission(session: Session | null, resourceCode: string, actionCode: string): void;
|
|
73
|
+
/**
|
|
74
|
+
* Check if user has a specific role
|
|
75
|
+
*/
|
|
76
|
+
declare function hasRole(session: Session | null, roleCode: string): boolean;
|
|
77
|
+
/**
|
|
78
|
+
* Check if user has any of the specified roles
|
|
79
|
+
*/
|
|
80
|
+
declare function hasAnyRole(session: Session | null, roleCodes: string[]): boolean;
|
|
81
|
+
/**
|
|
82
|
+
* Check if user is admin
|
|
83
|
+
*/
|
|
84
|
+
declare function isAdmin(session: Session | null): boolean;
|
|
85
|
+
|
|
86
|
+
export { type AuthError, type AuthPrismaClient, type AuthenticatedUser, type CrudPermissionResult, type ExtendedUser, type Permission, type UserSession, authenticateUser, checkPermission, getActionCode, getCrudPermissionsFromSession, getUserPermissions, hasAnyRole, hasPermission, hasRole, isAdmin, requirePermission, verifyPassword };
|
|
@@ -0,0 +1,210 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
// src/auth/auth-service.ts
|
|
4
|
+
async function verifyPassword(password, hash) {
|
|
5
|
+
try {
|
|
6
|
+
const bcrypt = await import('bcryptjs');
|
|
7
|
+
return bcrypt.compareSync(password, hash);
|
|
8
|
+
} catch (error) {
|
|
9
|
+
console.error("Error verifying password", error);
|
|
10
|
+
return false;
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
async function authenticateUser(db, email, password) {
|
|
14
|
+
try {
|
|
15
|
+
const user = await db.user.findUnique({
|
|
16
|
+
where: { email: email.toLowerCase().trim() },
|
|
17
|
+
select: {
|
|
18
|
+
id: true,
|
|
19
|
+
email: true,
|
|
20
|
+
name: true,
|
|
21
|
+
avatar: true,
|
|
22
|
+
password: true,
|
|
23
|
+
isActive: true
|
|
24
|
+
}
|
|
25
|
+
});
|
|
26
|
+
if (!user) {
|
|
27
|
+
throw new Error("Invalid email or password");
|
|
28
|
+
}
|
|
29
|
+
if (!user.isActive) {
|
|
30
|
+
throw new Error("ACCOUNT_SUSPENDED");
|
|
31
|
+
}
|
|
32
|
+
if (!user.password) {
|
|
33
|
+
throw new Error("Invalid email or password");
|
|
34
|
+
}
|
|
35
|
+
const isPasswordValid = await verifyPassword(password, user.password);
|
|
36
|
+
if (!isPasswordValid) {
|
|
37
|
+
throw new Error("Invalid email or password");
|
|
38
|
+
}
|
|
39
|
+
await db.user.update({
|
|
40
|
+
where: { id: user.id },
|
|
41
|
+
data: { lastLoginAt: /* @__PURE__ */ new Date() }
|
|
42
|
+
});
|
|
43
|
+
return {
|
|
44
|
+
id: user.id,
|
|
45
|
+
name: user.name || "",
|
|
46
|
+
email: user.email,
|
|
47
|
+
avatar: user.avatar || null,
|
|
48
|
+
status: "ONLINE"
|
|
49
|
+
};
|
|
50
|
+
} catch (error) {
|
|
51
|
+
if (error instanceof Error) {
|
|
52
|
+
throw error;
|
|
53
|
+
}
|
|
54
|
+
throw new Error("Error signing in");
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
// src/auth/index.ts
|
|
59
|
+
var ADMIN_ROLE_CODE = "admin";
|
|
60
|
+
var BYPASS_AUTH = process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
|
|
61
|
+
var ACTION_CODES = {
|
|
62
|
+
create: "create",
|
|
63
|
+
view: "view",
|
|
64
|
+
update: "update",
|
|
65
|
+
delete: "delete",
|
|
66
|
+
export: "export",
|
|
67
|
+
import: "import",
|
|
68
|
+
approve: "approve",
|
|
69
|
+
reject: "reject"
|
|
70
|
+
};
|
|
71
|
+
function getActionCode(action) {
|
|
72
|
+
return ACTION_CODES[action] || action;
|
|
73
|
+
}
|
|
74
|
+
function getUserPermissions(session) {
|
|
75
|
+
if (!session?.user) return [];
|
|
76
|
+
const user = session.user;
|
|
77
|
+
if (!user.permissions) {
|
|
78
|
+
return [];
|
|
79
|
+
}
|
|
80
|
+
return user.permissions;
|
|
81
|
+
}
|
|
82
|
+
function getCrudPermissionsFromSession(session, entity) {
|
|
83
|
+
if (BYPASS_AUTH) {
|
|
84
|
+
return {
|
|
85
|
+
create: true,
|
|
86
|
+
view: true,
|
|
87
|
+
update: true,
|
|
88
|
+
delete: true,
|
|
89
|
+
export: true,
|
|
90
|
+
import: true,
|
|
91
|
+
approve: true,
|
|
92
|
+
reject: true
|
|
93
|
+
};
|
|
94
|
+
}
|
|
95
|
+
if (!session?.user) {
|
|
96
|
+
return {
|
|
97
|
+
create: false,
|
|
98
|
+
view: false,
|
|
99
|
+
update: false,
|
|
100
|
+
delete: false,
|
|
101
|
+
export: false,
|
|
102
|
+
import: false,
|
|
103
|
+
approve: false,
|
|
104
|
+
reject: false
|
|
105
|
+
};
|
|
106
|
+
}
|
|
107
|
+
const user = session.user;
|
|
108
|
+
if (!user.id) {
|
|
109
|
+
return {
|
|
110
|
+
create: false,
|
|
111
|
+
view: false,
|
|
112
|
+
update: false,
|
|
113
|
+
delete: false,
|
|
114
|
+
export: false,
|
|
115
|
+
import: false,
|
|
116
|
+
approve: false,
|
|
117
|
+
reject: false
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
const isAdmin2 = user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN");
|
|
121
|
+
if (isAdmin2) {
|
|
122
|
+
return {
|
|
123
|
+
create: true,
|
|
124
|
+
view: true,
|
|
125
|
+
update: true,
|
|
126
|
+
delete: true,
|
|
127
|
+
export: true,
|
|
128
|
+
import: true,
|
|
129
|
+
approve: true,
|
|
130
|
+
reject: true
|
|
131
|
+
};
|
|
132
|
+
}
|
|
133
|
+
const permissions = user.permissions || [];
|
|
134
|
+
const permissionKeys = new Set(
|
|
135
|
+
permissions.map((p) => `${p.resourceCode}:${p.actionCode}`)
|
|
136
|
+
);
|
|
137
|
+
const hasPermission2 = (action) => {
|
|
138
|
+
const key = `${entity}:${action}`;
|
|
139
|
+
return permissionKeys.has(key);
|
|
140
|
+
};
|
|
141
|
+
return {
|
|
142
|
+
create: hasPermission2(getActionCode("create")),
|
|
143
|
+
view: hasPermission2(getActionCode("view")),
|
|
144
|
+
update: hasPermission2(getActionCode("update")),
|
|
145
|
+
delete: hasPermission2(getActionCode("delete")),
|
|
146
|
+
export: hasPermission2(getActionCode("export")),
|
|
147
|
+
import: hasPermission2(getActionCode("import")),
|
|
148
|
+
approve: hasPermission2(getActionCode("approve")),
|
|
149
|
+
reject: hasPermission2(getActionCode("reject"))
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
function checkPermission(session, resourceCode, actionCode) {
|
|
153
|
+
if (BYPASS_AUTH) {
|
|
154
|
+
return true;
|
|
155
|
+
}
|
|
156
|
+
if (!session?.user) return false;
|
|
157
|
+
const user = session.user;
|
|
158
|
+
if (!user.permissions || user.permissions.length === 0) {
|
|
159
|
+
return false;
|
|
160
|
+
}
|
|
161
|
+
if (user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN")) {
|
|
162
|
+
return true;
|
|
163
|
+
}
|
|
164
|
+
return user.permissions.some(
|
|
165
|
+
(p) => p.resourceCode === resourceCode && p.actionCode === actionCode
|
|
166
|
+
);
|
|
167
|
+
}
|
|
168
|
+
function hasPermission(session, resourceCode, actionCode) {
|
|
169
|
+
return checkPermission(session, resourceCode, actionCode);
|
|
170
|
+
}
|
|
171
|
+
function requirePermission(session, resourceCode, actionCode) {
|
|
172
|
+
if (!checkPermission(session, resourceCode, actionCode)) {
|
|
173
|
+
throw new Error(
|
|
174
|
+
`Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`
|
|
175
|
+
);
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
function hasRole(session, roleCode) {
|
|
179
|
+
if (!session?.user) return false;
|
|
180
|
+
const user = session.user;
|
|
181
|
+
if (!user.roles) {
|
|
182
|
+
return false;
|
|
183
|
+
}
|
|
184
|
+
return user.roles.includes(roleCode);
|
|
185
|
+
}
|
|
186
|
+
function hasAnyRole(session, roleCodes) {
|
|
187
|
+
if (!session?.user) return false;
|
|
188
|
+
const user = session.user;
|
|
189
|
+
if (!user.roles) {
|
|
190
|
+
return false;
|
|
191
|
+
}
|
|
192
|
+
return roleCodes.some((role) => user.roles.includes(role));
|
|
193
|
+
}
|
|
194
|
+
function isAdmin(session) {
|
|
195
|
+
return hasRole(session, ADMIN_ROLE_CODE);
|
|
196
|
+
}
|
|
197
|
+
|
|
198
|
+
exports.authenticateUser = authenticateUser;
|
|
199
|
+
exports.checkPermission = checkPermission;
|
|
200
|
+
exports.getActionCode = getActionCode;
|
|
201
|
+
exports.getCrudPermissionsFromSession = getCrudPermissionsFromSession;
|
|
202
|
+
exports.getUserPermissions = getUserPermissions;
|
|
203
|
+
exports.hasAnyRole = hasAnyRole;
|
|
204
|
+
exports.hasPermission = hasPermission;
|
|
205
|
+
exports.hasRole = hasRole;
|
|
206
|
+
exports.isAdmin = isAdmin;
|
|
207
|
+
exports.requirePermission = requirePermission;
|
|
208
|
+
exports.verifyPassword = verifyPassword;
|
|
209
|
+
//# sourceMappingURL=index.js.map
|
|
210
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../../src/auth/auth-service.ts","../../src/auth/index.ts"],"names":["isAdmin","hasPermission"],"mappings":";;;AAMA,eAAsB,cAAA,CACpB,UACA,IAAA,EACkB;AAClB,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,MAAM,OAAO,UAAU,CAAA;AACtC,IAAA,OAAO,MAAA,CAAO,WAAA,CAAY,QAAA,EAAU,IAAI,CAAA;AAAA,EAC1C,SAAS,KAAA,EAAO;AACd,IAAA,OAAA,CAAQ,KAAA,CAAM,4BAA4B,KAAK,CAAA;AAC/C,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAmBA,eAAsB,gBAAA,CACpB,EAAA,EACA,KAAA,EACA,QAAA,EAC4B;AAC5B,EAAA,IAAI;AAEF,IAAA,MAAM,IAAA,GAAO,MAAM,EAAA,CAAG,IAAA,CAAK,UAAA,CAAW;AAAA,MACpC,OAAO,EAAE,KAAA,EAAO,MAAM,WAAA,EAAY,CAAE,MAAK,EAAE;AAAA,MAC3C,MAAA,EAAQ;AAAA,QACN,EAAA,EAAI,IAAA;AAAA,QACJ,KAAA,EAAO,IAAA;AAAA,QACP,IAAA,EAAM,IAAA;AAAA,QACN,MAAA,EAAQ,IAAA;AAAA,QACR,QAAA,EAAU,IAAA;AAAA,QACV,QAAA,EAAU;AAAA;AACZ,KACD,CAAA;AAGD,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,MAAM,IAAI,MAAM,mBAAmB,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,CAAC,KAAK,QAAA,EAAU;AAClB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAEA,IAAA,MAAM,eAAA,GAAkB,MAAM,cAAA,CAAe,QAAA,EAAU,KAAK,QAAQ,CAAA;AACpE,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,IAC7C;AAGA,IAAA,MAAM,EAAA,CAAG,KAAK,MAAA,CAAO;AAAA,MACnB,KAAA,EAAO,EAAE,EAAA,EAAI,IAAA,CAAK,EAAA,EAAG;AAAA,MACrB,IAAA,EAAM,EAAE,WAAA,kBAAa,IAAI,MAAK;AAAE,KACjC,CAAA;AAGD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,IAAA,EAAM,KAAK,IAAA,IAAQ,EAAA;AAAA,MACnB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,MAAA,EAAQ,KAAK,MAAA,IAAU,IAAA;AAAA,MACvB,MAAA,EAAQ;AAAA,KACV;AAAA,EACF,SAAS,KAAA,EAAO;AAEd,IAAA,IAAI,iBAAiB,KAAA,EAAO;AAC1B,MAAA,MAAM,KAAA;AAAA,IACR;AACA,IAAA,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAAA,EACpC;AACF;;;ACpDA,IAAM,eAAA,GAAkB,OAAA;AACxB,IAAM,cACJ,OAAA,CAAQ,GAAA,CAAI,gBAAgB,MAAA,IAAU,OAAA,CAAQ,IAAI,WAAA,KAAgB,GAAA;AAGpE,IAAM,YAAA,GAAuC;AAAA,EAC3C,MAAA,EAAQ,QAAA;AAAA,EACR,IAAA,EAAM,MAAA;AAAA,EACN,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,MAAA,EAAQ,QAAA;AAAA,EACR,OAAA,EAAS,SAAA;AAAA,EACT,MAAA,EAAQ;AACV,CAAA;AAKO,SAAS,cAAc,MAAA,EAAwB;AACpD,EAAA,OAAO,YAAA,CAAa,MAAM,CAAA,IAAK,MAAA;AACjC;AASO,SAAS,mBAAmB,OAAA,EAAuC;AACxE,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,EAAC;AAC5B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,WAAA,EAAa;AACrB,IAAA,OAAO,EAAC;AAAA,EACV;AACA,EAAA,OAAO,IAAA,CAAK,WAAA;AACd;AAKO,SAAS,6BAAA,CACd,SACA,MAAA,EACsB;AAEtB,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM;AAClB,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAEA,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,EAAA,EAAI;AACZ,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,KAAA;AAAA,MACR,IAAA,EAAM,KAAA;AAAA,MACN,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,MAAA,EAAQ,KAAA;AAAA,MACR,OAAA,EAAS,KAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAMA,QAAAA,GACJ,KAAK,KAAA,EAAO,QAAA,CAAS,eAAe,CAAA,IACpC,IAAA,CAAK,KAAA,EAAO,QAAA,CAAS,aAAa,CAAA;AACpC,EAAA,IAAIA,QAAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAA;AAAA,MACR,IAAA,EAAM,IAAA;AAAA,MACN,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,MAAA,EAAQ,IAAA;AAAA,MACR,OAAA,EAAS,IAAA;AAAA,MACT,MAAA,EAAQ;AAAA,KACV;AAAA,EACF;AAGA,EAAA,MAAM,WAAA,GAAc,IAAA,CAAK,WAAA,IAAe,EAAC;AACzC,EAAA,MAAM,iBAAiB,IAAI,GAAA;AAAA,IACzB,WAAA,CAAY,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,EAAG,EAAE,YAAY,CAAA,CAAA,EAAI,CAAA,CAAE,UAAU,CAAA,CAAE;AAAA,GAC5D;AAEA,EAAA,MAAMC,cAAAA,GAAgB,CAAC,MAAA,KAAmB;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAA;AAC/B,IAAA,OAAO,cAAA,CAAe,IAAI,GAAG,CAAA;AAAA,EAC/B,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,IAAA,EAAMA,cAAAA,CAAc,aAAA,CAAc,MAAM,CAAC,CAAA;AAAA,IACzC,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC,CAAA;AAAA,IAC7C,OAAA,EAASA,cAAAA,CAAc,aAAA,CAAc,SAAS,CAAC,CAAA;AAAA,IAC/C,MAAA,EAAQA,cAAAA,CAAc,aAAA,CAAc,QAAQ,CAAC;AAAA,GAC/C;AACF;AAKO,SAAS,eAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACS;AACT,EAAA,IAAI,WAAA,EAAa;AACf,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,IAAA,CAAK,WAAA,IAAe,IAAA,CAAK,WAAA,CAAY,WAAW,CAAA,EAAG;AACtD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IACE,IAAA,CAAK,OAAO,QAAA,CAAS,eAAe,KACpC,IAAA,CAAK,KAAA,EAAO,QAAA,CAAS,aAAa,CAAA,EAClC;AACA,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,KAAK,WAAA,CAAY,IAAA;AAAA,IACtB,CAAC,CAAA,KAAM,CAAA,CAAE,YAAA,KAAiB,YAAA,IAAgB,EAAE,UAAA,KAAe;AAAA,GAC7D;AACF;AAKO,SAAS,aAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACS;AACT,EAAA,OAAO,eAAA,CAAgB,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA;AAC1D;AAKO,SAAS,iBAAA,CACd,OAAA,EACA,YAAA,EACA,UAAA,EACM;AACN,EAAA,IAAI,CAAC,eAAA,CAAgB,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA,EAAG;AACvD,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,4CAAA,EAA+C,UAAU,CAAA,IAAA,EAAO,YAAY,CAAA;AAAA,KAC9E;AAAA,EACF;AACF;AAKO,SAAS,OAAA,CAAQ,SAAyB,QAAA,EAA2B;AAC1E,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,QAAA,CAAS,QAAQ,CAAA;AACrC;AAKO,SAAS,UAAA,CACd,SACA,SAAA,EACS;AACT,EAAA,IAAI,CAAC,OAAA,EAAS,IAAA,EAAM,OAAO,KAAA;AAC3B,EAAA,MAAM,OAAO,OAAA,CAAQ,IAAA;AAErB,EAAA,IAAI,CAAC,KAAK,KAAA,EAAO;AACf,IAAA,OAAO,KAAA;AAAA,EACT;AACA,EAAA,OAAO,SAAA,CAAU,KAAK,CAAC,IAAA,KAAS,KAAK,KAAA,CAAO,QAAA,CAAS,IAAI,CAAC,CAAA;AAC5D;AAKO,SAAS,QAAQ,OAAA,EAAkC;AACxD,EAAA,OAAO,OAAA,CAAQ,SAAS,eAAe,CAAA;AACzC","file":"index.js","sourcesContent":["// Define the shape of the Prisma Client required by this service\nexport interface AuthPrismaClient {\n user: any;\n}\n\n// Dynamic import bcryptjs to avoid Edge Runtime issues\nexport async function verifyPassword(\n password: string,\n hash: string,\n): Promise<boolean> {\n try {\n const bcrypt = await import(\"bcryptjs\");\n return bcrypt.compareSync(password, hash);\n } catch (error) {\n console.error(\"Error verifying password\", error);\n return false;\n }\n}\n\nexport interface AuthenticatedUser {\n id: string;\n email: string | null;\n name: string;\n avatar: string | null;\n status: string;\n}\n\nexport interface AuthError {\n message: string;\n email?: string;\n}\n\n/**\n * Authenticate user with email and password\n * Returns user data if successful, throws error if failed\n */\nexport async function authenticateUser(\n db: AuthPrismaClient,\n email: string,\n password: string,\n): Promise<AuthenticatedUser> {\n try {\n // Query user from database by email\n const user = await db.user.findUnique({\n where: { email: email.toLowerCase().trim() },\n select: {\n id: true,\n email: true,\n name: true,\n avatar: true,\n password: true,\n isActive: true,\n },\n });\n\n // Check if user exists\n if (!user) {\n throw new Error(\"Invalid email or password\");\n }\n\n // Check if user account is suspended/inactive\n if (!user.isActive) {\n throw new Error(\"ACCOUNT_SUSPENDED\");\n }\n\n // Verify password\n if (!user.password) {\n throw new Error(\"Invalid email or password\");\n }\n\n const isPasswordValid = await verifyPassword(password, user.password);\n if (!isPasswordValid) {\n throw new Error(\"Invalid email or password\");\n }\n\n // Update last login time\n await db.user.update({\n where: { id: user.id },\n data: { lastLoginAt: new Date() },\n });\n\n // Return user data (without password)\n return {\n id: user.id,\n name: user.name || \"\",\n email: user.email,\n avatar: user.avatar || null,\n status: \"ONLINE\",\n };\n } catch (error) {\n // Re-throw error with proper message\n if (error instanceof Error) {\n throw error;\n }\n throw new Error(\"Error signing in\");\n }\n}\n","// @goerp/core/auth\n// Authentication and RBAC utilities for GoERP\n\nimport type { Session } from \"next-auth\";\n\nexport * from \"./auth-service\";\n\n// ============================================================================\n// Types\n// ============================================================================\n\nexport interface Permission {\n resourceCode: string;\n actionCode: string;\n}\n\nexport interface ExtendedUser {\n id: string;\n name?: string | null;\n email?: string | null;\n image?: string | null;\n roles?: string[];\n permissions?: Permission[];\n}\n\nexport interface UserSession {\n user: ExtendedUser;\n}\n\nexport interface CrudPermissionResult {\n create: boolean;\n view: boolean;\n update: boolean;\n delete: boolean;\n export: boolean;\n import: boolean;\n approve: boolean;\n reject: boolean;\n}\n\n// ============================================================================\n// Constants\n// ============================================================================\n\nconst ADMIN_ROLE_CODE = \"admin\";\nconst BYPASS_AUTH =\n process.env.BYPASS_AUTH === \"true\" || process.env.BYPASS_AUTH === \"1\";\n\n// Action code mapping\nconst ACTION_CODES: Record<string, string> = {\n create: \"create\",\n view: \"view\",\n update: \"update\",\n delete: \"delete\",\n export: \"export\",\n import: \"import\",\n approve: \"approve\",\n reject: \"reject\",\n};\n\n/**\n * Get action code from action name\n */\nexport function getActionCode(action: string): string {\n return ACTION_CODES[action] || action;\n}\n\n// ============================================================================\n// Permission Functions\n// ============================================================================\n\n/**\n * Get all permissions from session\n */\nexport function getUserPermissions(session: Session | null): Permission[] {\n if (!session?.user) return [];\n const user = session.user as ExtendedUser;\n\n if (!user.permissions) {\n return [];\n }\n return user.permissions;\n}\n\n/**\n * Get CRUD permissions from session for a specific entity\n */\nexport function getCrudPermissionsFromSession(\n session: Session | null,\n entity: string,\n): CrudPermissionResult {\n // TEMPORARY: Return all permissions as true if bypass is enabled\n if (BYPASS_AUTH) {\n return {\n create: true,\n view: true,\n update: true,\n delete: true,\n export: true,\n import: true,\n approve: true,\n reject: true,\n };\n }\n\n if (!session?.user) {\n return {\n create: false,\n view: false,\n update: false,\n delete: false,\n export: false,\n import: false,\n approve: false,\n reject: false,\n };\n }\n\n const user = session.user as ExtendedUser;\n\n if (!user.id) {\n return {\n create: false,\n view: false,\n update: false,\n delete: false,\n export: false,\n import: false,\n approve: false,\n reject: false,\n };\n }\n\n // Check admin role first (fastest check)\n const isAdmin =\n user.roles?.includes(ADMIN_ROLE_CODE) ||\n user.roles?.includes(\"SUPER_ADMIN\");\n if (isAdmin) {\n return {\n create: true,\n view: true,\n update: true,\n delete: true,\n export: true,\n import: true,\n approve: true,\n reject: true,\n };\n }\n\n // Pre-compute permission keys for fast lookup\n const permissions = user.permissions || [];\n const permissionKeys = new Set(\n permissions.map((p) => `${p.resourceCode}:${p.actionCode}`),\n );\n\n const hasPermission = (action: string) => {\n const key = `${entity}:${action}`;\n return permissionKeys.has(key);\n };\n\n return {\n create: hasPermission(getActionCode(\"create\")),\n view: hasPermission(getActionCode(\"view\")),\n update: hasPermission(getActionCode(\"update\")),\n delete: hasPermission(getActionCode(\"delete\")),\n export: hasPermission(getActionCode(\"export\")),\n import: hasPermission(getActionCode(\"import\")),\n approve: hasPermission(getActionCode(\"approve\")),\n reject: hasPermission(getActionCode(\"reject\")),\n };\n}\n\n/**\n * Check if user has a specific permission\n */\nexport function checkPermission(\n session: Session | null,\n resourceCode: string,\n actionCode: string,\n): boolean {\n if (BYPASS_AUTH) {\n return true;\n }\n\n if (!session?.user) return false;\n const user = session.user as ExtendedUser;\n\n if (!user.permissions || user.permissions.length === 0) {\n return false;\n }\n\n // Admin role bypass\n if (\n user.roles?.includes(ADMIN_ROLE_CODE) ||\n user.roles?.includes(\"SUPER_ADMIN\")\n ) {\n return true;\n }\n\n return user.permissions.some(\n (p) => p.resourceCode === resourceCode && p.actionCode === actionCode,\n );\n}\n\n/**\n * Alias for checkPermission\n */\nexport function hasPermission(\n session: Session | null,\n resourceCode: string,\n actionCode: string,\n): boolean {\n return checkPermission(session, resourceCode, actionCode);\n}\n\n/**\n * Require permission - throw error if not authorized\n */\nexport function requirePermission(\n session: Session | null,\n resourceCode: string,\n actionCode: string,\n): void {\n if (!checkPermission(session, resourceCode, actionCode)) {\n throw new Error(\n `Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`,\n );\n }\n}\n\n/**\n * Check if user has a specific role\n */\nexport function hasRole(session: Session | null, roleCode: string): boolean {\n if (!session?.user) return false;\n const user = session.user as ExtendedUser;\n\n if (!user.roles) {\n return false;\n }\n return user.roles.includes(roleCode);\n}\n\n/**\n * Check if user has any of the specified roles\n */\nexport function hasAnyRole(\n session: Session | null,\n roleCodes: string[],\n): boolean {\n if (!session?.user) return false;\n const user = session.user as ExtendedUser;\n\n if (!user.roles) {\n return false;\n }\n return roleCodes.some((role) => user.roles!.includes(role));\n}\n\n/**\n * Check if user is admin\n */\nexport function isAdmin(session: Session | null): boolean {\n return hasRole(session, ADMIN_ROLE_CODE);\n}\n"]}
|
|
@@ -0,0 +1,198 @@
|
|
|
1
|
+
// src/auth/auth-service.ts
|
|
2
|
+
async function verifyPassword(password, hash) {
|
|
3
|
+
try {
|
|
4
|
+
const bcrypt = await import('bcryptjs');
|
|
5
|
+
return bcrypt.compareSync(password, hash);
|
|
6
|
+
} catch (error) {
|
|
7
|
+
console.error("Error verifying password", error);
|
|
8
|
+
return false;
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
async function authenticateUser(db, email, password) {
|
|
12
|
+
try {
|
|
13
|
+
const user = await db.user.findUnique({
|
|
14
|
+
where: { email: email.toLowerCase().trim() },
|
|
15
|
+
select: {
|
|
16
|
+
id: true,
|
|
17
|
+
email: true,
|
|
18
|
+
name: true,
|
|
19
|
+
avatar: true,
|
|
20
|
+
password: true,
|
|
21
|
+
isActive: true
|
|
22
|
+
}
|
|
23
|
+
});
|
|
24
|
+
if (!user) {
|
|
25
|
+
throw new Error("Invalid email or password");
|
|
26
|
+
}
|
|
27
|
+
if (!user.isActive) {
|
|
28
|
+
throw new Error("ACCOUNT_SUSPENDED");
|
|
29
|
+
}
|
|
30
|
+
if (!user.password) {
|
|
31
|
+
throw new Error("Invalid email or password");
|
|
32
|
+
}
|
|
33
|
+
const isPasswordValid = await verifyPassword(password, user.password);
|
|
34
|
+
if (!isPasswordValid) {
|
|
35
|
+
throw new Error("Invalid email or password");
|
|
36
|
+
}
|
|
37
|
+
await db.user.update({
|
|
38
|
+
where: { id: user.id },
|
|
39
|
+
data: { lastLoginAt: /* @__PURE__ */ new Date() }
|
|
40
|
+
});
|
|
41
|
+
return {
|
|
42
|
+
id: user.id,
|
|
43
|
+
name: user.name || "",
|
|
44
|
+
email: user.email,
|
|
45
|
+
avatar: user.avatar || null,
|
|
46
|
+
status: "ONLINE"
|
|
47
|
+
};
|
|
48
|
+
} catch (error) {
|
|
49
|
+
if (error instanceof Error) {
|
|
50
|
+
throw error;
|
|
51
|
+
}
|
|
52
|
+
throw new Error("Error signing in");
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
// src/auth/index.ts
|
|
57
|
+
var ADMIN_ROLE_CODE = "admin";
|
|
58
|
+
var BYPASS_AUTH = process.env.BYPASS_AUTH === "true" || process.env.BYPASS_AUTH === "1";
|
|
59
|
+
var ACTION_CODES = {
|
|
60
|
+
create: "create",
|
|
61
|
+
view: "view",
|
|
62
|
+
update: "update",
|
|
63
|
+
delete: "delete",
|
|
64
|
+
export: "export",
|
|
65
|
+
import: "import",
|
|
66
|
+
approve: "approve",
|
|
67
|
+
reject: "reject"
|
|
68
|
+
};
|
|
69
|
+
function getActionCode(action) {
|
|
70
|
+
return ACTION_CODES[action] || action;
|
|
71
|
+
}
|
|
72
|
+
function getUserPermissions(session) {
|
|
73
|
+
if (!session?.user) return [];
|
|
74
|
+
const user = session.user;
|
|
75
|
+
if (!user.permissions) {
|
|
76
|
+
return [];
|
|
77
|
+
}
|
|
78
|
+
return user.permissions;
|
|
79
|
+
}
|
|
80
|
+
function getCrudPermissionsFromSession(session, entity) {
|
|
81
|
+
if (BYPASS_AUTH) {
|
|
82
|
+
return {
|
|
83
|
+
create: true,
|
|
84
|
+
view: true,
|
|
85
|
+
update: true,
|
|
86
|
+
delete: true,
|
|
87
|
+
export: true,
|
|
88
|
+
import: true,
|
|
89
|
+
approve: true,
|
|
90
|
+
reject: true
|
|
91
|
+
};
|
|
92
|
+
}
|
|
93
|
+
if (!session?.user) {
|
|
94
|
+
return {
|
|
95
|
+
create: false,
|
|
96
|
+
view: false,
|
|
97
|
+
update: false,
|
|
98
|
+
delete: false,
|
|
99
|
+
export: false,
|
|
100
|
+
import: false,
|
|
101
|
+
approve: false,
|
|
102
|
+
reject: false
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
const user = session.user;
|
|
106
|
+
if (!user.id) {
|
|
107
|
+
return {
|
|
108
|
+
create: false,
|
|
109
|
+
view: false,
|
|
110
|
+
update: false,
|
|
111
|
+
delete: false,
|
|
112
|
+
export: false,
|
|
113
|
+
import: false,
|
|
114
|
+
approve: false,
|
|
115
|
+
reject: false
|
|
116
|
+
};
|
|
117
|
+
}
|
|
118
|
+
const isAdmin2 = user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN");
|
|
119
|
+
if (isAdmin2) {
|
|
120
|
+
return {
|
|
121
|
+
create: true,
|
|
122
|
+
view: true,
|
|
123
|
+
update: true,
|
|
124
|
+
delete: true,
|
|
125
|
+
export: true,
|
|
126
|
+
import: true,
|
|
127
|
+
approve: true,
|
|
128
|
+
reject: true
|
|
129
|
+
};
|
|
130
|
+
}
|
|
131
|
+
const permissions = user.permissions || [];
|
|
132
|
+
const permissionKeys = new Set(
|
|
133
|
+
permissions.map((p) => `${p.resourceCode}:${p.actionCode}`)
|
|
134
|
+
);
|
|
135
|
+
const hasPermission2 = (action) => {
|
|
136
|
+
const key = `${entity}:${action}`;
|
|
137
|
+
return permissionKeys.has(key);
|
|
138
|
+
};
|
|
139
|
+
return {
|
|
140
|
+
create: hasPermission2(getActionCode("create")),
|
|
141
|
+
view: hasPermission2(getActionCode("view")),
|
|
142
|
+
update: hasPermission2(getActionCode("update")),
|
|
143
|
+
delete: hasPermission2(getActionCode("delete")),
|
|
144
|
+
export: hasPermission2(getActionCode("export")),
|
|
145
|
+
import: hasPermission2(getActionCode("import")),
|
|
146
|
+
approve: hasPermission2(getActionCode("approve")),
|
|
147
|
+
reject: hasPermission2(getActionCode("reject"))
|
|
148
|
+
};
|
|
149
|
+
}
|
|
150
|
+
function checkPermission(session, resourceCode, actionCode) {
|
|
151
|
+
if (BYPASS_AUTH) {
|
|
152
|
+
return true;
|
|
153
|
+
}
|
|
154
|
+
if (!session?.user) return false;
|
|
155
|
+
const user = session.user;
|
|
156
|
+
if (!user.permissions || user.permissions.length === 0) {
|
|
157
|
+
return false;
|
|
158
|
+
}
|
|
159
|
+
if (user.roles?.includes(ADMIN_ROLE_CODE) || user.roles?.includes("SUPER_ADMIN")) {
|
|
160
|
+
return true;
|
|
161
|
+
}
|
|
162
|
+
return user.permissions.some(
|
|
163
|
+
(p) => p.resourceCode === resourceCode && p.actionCode === actionCode
|
|
164
|
+
);
|
|
165
|
+
}
|
|
166
|
+
function hasPermission(session, resourceCode, actionCode) {
|
|
167
|
+
return checkPermission(session, resourceCode, actionCode);
|
|
168
|
+
}
|
|
169
|
+
function requirePermission(session, resourceCode, actionCode) {
|
|
170
|
+
if (!checkPermission(session, resourceCode, actionCode)) {
|
|
171
|
+
throw new Error(
|
|
172
|
+
`Unauthorized: User does not have permission ${actionCode} on ${resourceCode}`
|
|
173
|
+
);
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
function hasRole(session, roleCode) {
|
|
177
|
+
if (!session?.user) return false;
|
|
178
|
+
const user = session.user;
|
|
179
|
+
if (!user.roles) {
|
|
180
|
+
return false;
|
|
181
|
+
}
|
|
182
|
+
return user.roles.includes(roleCode);
|
|
183
|
+
}
|
|
184
|
+
function hasAnyRole(session, roleCodes) {
|
|
185
|
+
if (!session?.user) return false;
|
|
186
|
+
const user = session.user;
|
|
187
|
+
if (!user.roles) {
|
|
188
|
+
return false;
|
|
189
|
+
}
|
|
190
|
+
return roleCodes.some((role) => user.roles.includes(role));
|
|
191
|
+
}
|
|
192
|
+
function isAdmin(session) {
|
|
193
|
+
return hasRole(session, ADMIN_ROLE_CODE);
|
|
194
|
+
}
|
|
195
|
+
|
|
196
|
+
export { authenticateUser, checkPermission, getActionCode, getCrudPermissionsFromSession, getUserPermissions, hasAnyRole, hasPermission, hasRole, isAdmin, requirePermission, verifyPassword };
|
|
197
|
+
//# sourceMappingURL=index.mjs.map
|
|
198
|
+
//# sourceMappingURL=index.mjs.map
|