npm - @happyvertical/smrt-users - Versions diffs - 0.31.0 → 0.31.1 - Mend

@happyvertical/smrt-users 0.31.0 → 0.31.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/dist/chunks/{TerminalAuthService-DoAMQ_yn.js → TerminalAuthService-DsQBk1Hc.js} +161 -71
package/dist/chunks/TerminalAuthService-DsQBk1Hc.js.map +1 -0
package/dist/chunks/{index-DkoYIvIu.js → index-Cp33Tyha.js} +10 -10
package/dist/chunks/{index-DkoYIvIu.js.map → index-Cp33Tyha.js.map} +1 -1
package/dist/collections/GroupMemberCollection.d.ts +9 -0
package/dist/collections/GroupMemberCollection.d.ts.map +1 -1
package/dist/collections/SessionCollection.d.ts.map +1 -1
package/dist/index.js +38 -100
package/dist/index.js.map +1 -1
package/dist/manifest.json +2 -2
package/dist/smrt-knowledge.json +4 -4
package/dist/svelte/components/InviteUserModal.svelte +72 -169
package/dist/svelte/components/InviteUserModal.svelte.d.ts.map +1 -1
package/dist/svelte/components/UserCard.svelte +2 -1
package/dist/svelte/components/UserCard.svelte.d.ts.map +1 -1
package/dist/svelte/components/UserForm.svelte +11 -4
package/dist/svelte/components/UserForm.svelte.d.ts.map +1 -1
package/dist/svelte/components/UserMenu.svelte +100 -25
package/dist/svelte/components/UserMenu.svelte.d.ts +5 -4
package/dist/svelte/components/UserMenu.svelte.d.ts.map +1 -1
package/dist/svelte/components/__tests__/InviteUserModal.test.js +11 -0
package/dist/svelte/components/__tests__/UserMenu.test.js +45 -0
package/dist/svelte/components/__tests__/UserStatus.test.js +36 -0
package/dist/sveltekit/index.d.ts +7 -1
package/dist/sveltekit/index.d.ts.map +1 -1
package/dist/sveltekit.js +15 -8
package/dist/sveltekit.js.map +1 -1
package/package.json +8 -8
package/dist/chunks/TerminalAuthService-DoAMQ_yn.js.map +0 -1

package/dist/chunks/{TerminalAuthService-DoAMQ_yn.js → TerminalAuthService-DsQBk1Hc.js} RENAMED Viewed

@@ -6,14 +6,14 @@ import { MembershipStatus, OverrideEffect, SessionStatus, TenantStatus, TenantPe
 ObjectRegistry.registerPackageManifest(
   new URL("./manifest.json", import.meta.url)
 );
-var __defProp$9 = Object.defineProperty;
-var __getOwnPropDesc$a = Object.getOwnPropertyDescriptor;
-var __decorateClass$a = (decorators, target, key, kind) => {
-  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$a(target, key) : target;
+var __defProp$a = Object.defineProperty;
+var __getOwnPropDesc$b = Object.getOwnPropertyDescriptor;
+var __decorateClass$b = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$b(target, key) : target;
   for (var i = decorators.length - 1, decorator; i >= 0; i--)
     if (decorator = decorators[i])
       result = (kind ? decorator(target, key, result) : decorator(result)) || result;
-  if (kind && result) __defProp$9(target, key, result);
+  if (kind && result) __defProp$a(target, key, result);
   return result;
 };
 let UsersCliAuthRequest = class extends SmrtObject {
@@ -26,31 +26,31 @@ let UsersCliAuthRequest = class extends SmrtObject {
   expiresAt = /* @__PURE__ */ new Date();
   approvedAt = null;
 };
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "text" })
 ], UsersCliAuthRequest.prototype, "userCode", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "text" })
 ], UsersCliAuthRequest.prototype, "deviceCodeHash", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "text" })
 ], UsersCliAuthRequest.prototype, "status", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "text" })
 ], UsersCliAuthRequest.prototype, "userId", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "text" })
 ], UsersCliAuthRequest.prototype, "tenantId", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "text" })
 ], UsersCliAuthRequest.prototype, "sessionId", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "datetime" })
 ], UsersCliAuthRequest.prototype, "expiresAt", 2);
-__decorateClass$a([
+__decorateClass$b([
   field({ type: "datetime", nullable: true })
 ], UsersCliAuthRequest.prototype, "approvedAt", 2);
-UsersCliAuthRequest = __decorateClass$a([
+UsersCliAuthRequest = __decorateClass$b([
   smrt({
     tableName: "users_cli_auth_requests",
     api: { include: [] },
@@ -98,6 +98,68 @@ class UsersCliAuthRequestCollection extends SmrtCollection {
     return count;
   }
 }
+var __defProp$9 = Object.defineProperty;
+var __getOwnPropDesc$a = Object.getOwnPropertyDescriptor;
+var __decorateClass$a = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc$a(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp$9(target, key, result);
+  return result;
+};
+let Group = class extends SmrtObject {
+  tenantId;
+  /**
+   * Display name for the group
+   */
+  name = "";
+  /**
+   * Description of the group
+   */
+  description = "";
+  constructor(options = {}) {
+    super(options);
+    if (options.tenantId !== void 0) this.tenantId = options.tenantId;
+    if (options.name !== void 0) this.name = options.name;
+    if (options.description !== void 0)
+      this.description = options.description;
+  }
+};
+__decorateClass$a([
+  foreignKey("Tenant", { required: true })
+], Group.prototype, "tenantId", 2);
+Group = __decorateClass$a([
+  smrt({
+    // #1400: read-only generated surface — RBAC/identity writes go through
+    // permission-gated services, not auth-only generated CRUD.
+    api: { include: ["list", "get"] },
+    mcp: { include: ["list", "get"] },
+    cli: true
+  })
+], Group);
+class GroupCollection extends SmrtCollection {
+  static _itemClass = Group;
+  /**
+   * Find all groups in a tenant
+   */
+  async findByTenant(tenantId) {
+    return await this.list({
+      where: { tenantId },
+      orderBy: "name ASC"
+    });
+  }
+  /**
+   * Find group by slug within a tenant
+   */
+  async findBySlug(slug, tenantId) {
+    const results = await this.list({
+      where: { slug, tenantId },
+      limit: 1
+    });
+    return results.length > 0 ? results[0] : null;
+  }
+}
 var __defProp$8 = Object.defineProperty;
 var __getOwnPropDesc$9 = Object.getOwnPropertyDescriptor;
 var __decorateClass$9 = (decorators, target, key, kind) => {
@@ -135,6 +197,22 @@ GroupMember = __decorateClass$9([
 ], GroupMember);
 class GroupMemberCollection extends SmrtCollection {
   static _itemClass = GroupMember;
+  /** Memoized Group collection, used to resolve the Group table name. */
+  groupCollection;
+  /**
+   * Resolve the database table name for the `Group` model from the registry
+   * (via a shared-connection GroupCollection) rather than hardcoding `groups`.
+   * A `@smrt({ tableName })` override or table prefix on Group would otherwise
+   * make raw joins reference a non-existent or foreign table.
+   */
+  async getGroupTableName() {
+    if (!this.groupCollection) {
+      this.groupCollection = await GroupCollection.create({
+        db: this.options.db
+      });
+    }
+    return this.groupCollection.tableName;
+  }
   /**
    * Find all members of a group
    */
@@ -203,10 +281,11 @@ class GroupMemberCollection extends SmrtCollection {
    * This prevents cross-tenant permission leakage by filtering groups by tenant
    */
   async getGroupIdsForTenant(userId, tenantId) {
+    const groupTable = await this.getGroupTableName();
     const sql = `
       SELECT gm.group_id
       FROM ${this.tableName} gm
-      INNER JOIN groups g ON g.id = gm.group_id
+      INNER JOIN ${groupTable} g ON g.id = gm.group_id
       WHERE gm.user_id = ? AND g.tenant_id = ?
     `;
     const result = await this.db.query(sql, userId, tenantId);
@@ -1047,8 +1126,17 @@ class SessionCollection extends SmrtCollection {
     if (!session) return null;
     if (!session.isValid()) {
       if (session.isExpired() && session.status === SessionStatus.ACTIVE) {
-        session.status = SessionStatus.EXPIRED;
-        await session.save();
+        const now = (/* @__PURE__ */ new Date()).toISOString();
+        await this.db.query(
+          `UPDATE ${this.tableName}
+           SET status = ?, updated_at = ?
+           WHERE id = ? AND status = ? AND expires_at < ?`,
+          SessionStatus.EXPIRED,
+          now,
+          sessionId,
+          SessionStatus.ACTIVE,
+          now
+        );
       }
       return null;
     }
@@ -5042,53 +5130,55 @@ class TerminalAuthRateLimitError extends TerminalAuthError {
   }
 }
 export {
-  JWSInvalid as $,
-  TenantPermissionOverride as A,
-  TenantPermissionOverrideCollection as B,
-  TerminalAuthError as C,
+  checkKeyLength as $,
+  Tenant as A,
+  TenantHierarchyError as B,
+  TenantPermissionOverride as C,
   DEFAULT_ROLES as D,
-  TerminalAuthRateLimitError as E,
-  TerminalAuthService as F,
-  GroupMember as G,
-  User as H,
-  UserCollection as I,
-  decodeOidcTransaction as J,
-  encodeOidcTransaction as K,
-  generateSessionId as L,
+  TenantPermissionOverrideCollection as E,
+  TerminalAuthError as F,
+  Group as G,
+  TerminalAuthRateLimitError as H,
+  TerminalAuthService as I,
+  User as J,
+  UserCollection as K,
+  decodeOidcTransaction as L,
   MembershipCollection as M,
-  getCurrentSessionPermissionContext as N,
+  encodeOidcTransaction as N,
   OidcLoginError as O,
   PermissionCollection as P,
-  getRequestScopedDatabase as Q,
+  generateSessionId as Q,
   RolePermission as R,
   Session as S,
   TenantCollection as T,
   UsersCliAuthRequest as U,
-  getUsersOidcConfig as V,
-  resolveOidcProviderConfig as W,
-  withSessionPermissionContext as X,
-  getSigKey as Y,
-  checkKeyLength as Z,
-  subtleAlgorithm as _,
+  getCurrentSessionPermissionContext as V,
+  getRequestScopedDatabase as W,
+  getUsersOidcConfig as X,
+  resolveOidcProviderConfig as Y,
+  withSessionPermissionContext as Z,
+  getSigKey as _,
   isValidPermissionSlug as a,
-  isDisjoint as a0,
-  validateCrit as a1,
-  checkKeyType as a2,
-  encode as a3,
-  encode$1 as a4,
-  concat as a5,
-  normalizeKey as a6,
-  JWTClaimsBuilder as a7,
-  JWTInvalid as a8,
-  errors as a9,
-  jwtVerify as aa,
-  compactVerify as ab,
-  createLocalJWKSet as ac,
-  createRemoteJWKSet as ad,
-  customFetch as ae,
-  flattenedVerify as af,
-  importJWK as ag,
-  jwksCache as ah,
+  subtleAlgorithm as a0,
+  JWSInvalid as a1,
+  isDisjoint as a2,
+  validateCrit as a3,
+  checkKeyType as a4,
+  encode as a5,
+  encode$1 as a6,
+  concat as a7,
+  normalizeKey as a8,
+  JWTClaimsBuilder as a9,
+  JWTInvalid as aa,
+  errors as ab,
+  jwtVerify as ac,
+  compactVerify as ad,
+  createLocalJWKSet as ae,
+  createRemoteJWKSet as af,
+  customFetch as ag,
+  flattenedVerify as ah,
+  importJWK as ai,
+  jwksCache as aj,
   DEFAULT_TENANT_POLICY as b,
   DEFAULT_ROLE_SLUGS as c,
   UsersCliAuthRequestCollection as d,
@@ -5097,22 +5187,22 @@ export {
   DEFAULT_CLI_SESSION_TTL_SECONDS as g,
   DEFAULT_SESSION_TTL as h,
   isValidEmail as i,
-  GroupMemberCollection as j,
-  GroupRole as k,
-  GroupRoleCollection as l,
-  MAX_TENANT_HIERARCHY_DEPTH as m,
+  GroupCollection as j,
+  GroupMember as k,
+  GroupMemberCollection as l,
+  GroupRole as m,
   normalizeEmail as n,
-  Membership as o,
+  GroupRoleCollection as o,
   parsePermissionSlug as p,
-  MembershipOverride as q,
-  MembershipOverrideCollection as r,
-  OidcLoginService as s,
-  Permission as t,
-  PermissionResolver as u,
-  RolePermissionCollection as v,
-  SessionCollection as w,
-  SessionService as x,
-  Tenant as y,
-  TenantHierarchyError as z
+  MAX_TENANT_HIERARCHY_DEPTH as q,
+  Membership as r,
+  MembershipOverride as s,
+  MembershipOverrideCollection as t,
+  OidcLoginService as u,
+  Permission as v,
+  PermissionResolver as w,
+  RolePermissionCollection as x,
+  SessionCollection as y,
+  SessionService as z
 };
-//# sourceMappingURL=TerminalAuthService-DoAMQ_yn.js.map
+//# sourceMappingURL=TerminalAuthService-DsQBk1Hc.js.map