@intlayer/backend 3.0.0

package/dist/cjs/services/sessionAuth.service.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/services/sessionAuth.service.ts"],"sourcesContent":["import { logger } from '@logger';\nimport { ResponseWithInformation } from '@middlewares/sessionAuth.middleware';\nimport {\n  Cookies,\n  getClearCookieOptions,\n  getCookieOptions,\n  MAX_AGE,\n} from '@utils/cookies';\nimport { GenericError } from '@utils/errors';\nimport { mapUserToAPI } from '@utils/mapper/user';\nimport { hash, genSalt, compare } from 'bcrypt';\nimport type { Response } from 'express';\n// @ts-ignore express-intlayer not build yet\nimport { t } from 'express-intlayer';\nimport jwt from 'jsonwebtoken';\nimport type { Document, ObjectId } from 'mongoose';\nimport { v4 as uuidv4 } from 'uuid';\n// eslint-disable-next-line import/no-cycle\nimport { getUserByEmail, getUserById, updateUserById } from './user.service';\nimport type { Organization } from '@/types/organization.types';\nimport type { Project } from '@/types/project.types';\nimport type {\n  SessionProviders,\n  EmailPasswordSessionProvider,\n  GoogleSessionProvider,\n  GithubSessionProvider,\n  Session,\n} from '@/types/session.types';\nimport type { User, UserWithPasswordNotHashed } from '@/types/user.types';\n\n/**\n * Adds a session to a user or updates the existing one.\n * @param user - User object.\n * @returns Updated user object.\n */\nexport const addSession = async (user: User): Promise<User> => {\n  const userSessionToken = uuidv4();\n\n  const session: Session = {\n    sessionToken: userSessionToken,\n    expires: new Date(Date.now() + MAX_AGE),\n  };\n\n  const updatedUser: User = await updateUserById(user._id, { session });\n\n  return updatedUser;\n};\n\nexport const removeSession = async (user: User): Promise<User> => {\n  const session = undefined;\n\n  const updatedUser: User = await updateUserById(user._id, { session });\n\n  return updatedUser;\n};\n\n/**\n * Set user auth locals object\n * @param res - Express response object.\n * @param user - User object.\n */\nexport const setUserAuth = async (res: Response, user: User) => {\n  const formattedUser = mapUserToAPI(user);\n\n  const userToken = jwt.sign(formattedUser, process.env.JWT_TOKEN_SECRET!, {\n    expiresIn: MAX_AGE,\n  });\n\n  if (!userToken) {\n    throw new GenericError('JWT_TOKEN_CREATION_FAILED_USER', { user });\n  }\n\n  const cookieOptions = getCookieOptions();\n\n  res.cookie(Cookies.JWT_USER, userToken, cookieOptions);\n\n  const userWithSession = await addSession(user);\n\n  const userSessionToken = userWithSession.session?.sessionToken;\n\n  res.cookie(Cookies.JWT_AUTH, userSessionToken, cookieOptions);\n\n  res.locals.user = user;\n  logger.info(\n    `User logged in - User: Name: ${user.name}, id: ${String(user._id)}`\n  );\n};\n\n/**\n * Clears the JWT auth cookies and user locals object.\n * @param res - Express response object.\n */\nexport const clearUserAuth = async (res: ResponseWithInformation) => {\n  const { user } = res.locals;\n  const cookiesOptions = getClearCookieOptions();\n\n  if (user) {\n    await removeSession(user);\n  }\n\n  res.cookie(Cookies.JWT_AUTH, '', cookiesOptions);\n  res.cookie(Cookies.JWT_USER, '', cookiesOptions);\n\n  res.locals.user = null;\n  res.locals.authType = null;\n};\n\n/**\n *\n * @param res\n * @param organization\n * @returns\n */\nexport const setOrganizationAuth = (\n  res: ResponseWithInformation,\n  organization: Organization\n) => {\n  const organizationData = {\n    _id: organization._id,\n    name: organization.name,\n  };\n\n  const organizationToken = jwt.sign(\n    organizationData,\n    process.env.JWT_TOKEN_SECRET!,\n    {\n      expiresIn: MAX_AGE,\n    }\n  );\n\n  if (!organizationToken) {\n    throw new GenericError('JWT_TOKEN_CREATION_FAILED_ORGANIZATION', {\n      organization,\n    });\n  }\n\n  res.cookie(Cookies.JWT_ORGANIZATION, organizationToken, getCookieOptions());\n\n  res.locals.organization = organization;\n};\n\n/**\n * Clears the JWT organization cookies and organization locals object.\n * @param res - Express response object.\n */\nexport const clearOrganizationAuth = (res: ResponseWithInformation) => {\n  res.locals.organization = null;\n\n  res.cookie(Cookies.JWT_ORGANIZATION, '', getClearCookieOptions());\n};\n\n/**\n * Set project auth locals object\n * @param res - Express response object.\n * @param project - Project object.\n */\nexport const setProjectAuth = (\n  res: ResponseWithInformation,\n  project: Project\n) => {\n  const { organization } = res.locals;\n  const projectData = {\n    _id: project._id,\n    name: project.name,\n  };\n\n  const projectToken = jwt.sign(projectData, process.env.JWT_TOKEN_SECRET!, {\n    expiresIn: MAX_AGE,\n  });\n\n  if (!projectToken) {\n    throw new GenericError('JWT_TOKEN_CREATION_FAILED_PROJECT', {\n      project,\n    });\n  }\n\n  res.cookie(Cookies.JWT_PROJECT, projectToken, getCookieOptions());\n\n  if (!organization) {\n    throw new GenericError('ORGANIZATION_NOT_FOUND', {\n      project,\n    });\n  }\n\n  if (\n    // if the project is not in the organization's projects\n    String(organization._id) !== String(project.organizationId)\n  ) {\n    throw new GenericError('JWT_TOKEN_ORGANIZATION_MISMATCH_PROJECT', {\n      project,\n    });\n  }\n\n  res.locals.project = project;\n};\n\n/**\n * Clears the JWT project cookies and project locals object.\n * @param res - Express response object.\n */\nexport const clearProjectAuth = (res: Response) => {\n  res.locals.project = null;\n\n  res.cookie(Cookies.JWT_PROJECT, '', getClearCookieOptions());\n};\n\n/**\n * Activates a user by setting the emailValidated flag to true.\n * @param user - The user object.\n * @returns\n */\nexport const activateUser = async (\n  userId: string | ObjectId,\n  secret: string\n): Promise<User> => {\n  return await updateUserProvider(userId, 'email', {\n    secret,\n  });\n};\n\n/**\n * Generates a random secret string of a specified length.\n * @param length - The length of the secret.\n * @returns The generated secret string.\n */\nexport const generateSecret = (length: number): string => {\n  const characters =\n    'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';\n  return Array.from({ length }, () =>\n    characters.charAt(Math.floor(Math.random() * characters.length))\n  ).join('');\n};\n\n/**\n * Handles a password reset request for a user.\n * @param email - The user's email.\n * @param organization - The organization associated with the user.\n * @returns The user object or null if no user was found.\n */\nexport const requestPasswordReset = async (\n  email: string\n): Promise<User | null> => {\n  const user = await getUserByEmail(email);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { email });\n  }\n\n  return updateUserProvider(user._id as unknown as string, 'email', {\n    secret: generateSecret(35),\n  });\n};\n\n/**\n * Resets a user's password.\n * @param userId - The ID of the user.\n * @param secret - The secret token associated with the user.\n * @param newPassword - The new password to set.\n * @returns The updated user or null if the reset failed.\n */\nexport const resetUserPassword = async (\n  userId: string | ObjectId,\n  secret: string,\n  newPassword: string\n): Promise<User> => {\n  const emailAndPasswordProvider = await getUserProvider(userId, 'email');\n\n  if (!emailAndPasswordProvider) {\n    throw new GenericError('USER_PROVIDER_NOT_FOUND', { userId });\n  }\n\n  if (emailAndPasswordProvider.secret !== secret) {\n    throw new GenericError('USER_PROVIDER_SECRET_NOT_VALID', { userId });\n  }\n\n  const updatedUser: User = await updateUserProvider(userId, 'email', {\n    passwordHash: await hash(newPassword, await genSalt()),\n    secret,\n  });\n\n  return updatedUser;\n};\n\ntype UserProvider<T extends SessionProviders['provider']> = T extends 'email'\n  ? EmailPasswordSessionProvider\n  : T extends 'google'\n    ? GoogleSessionProvider\n    : T extends 'github'\n      ? GithubSessionProvider\n      : SessionProviders;\n\n/**\n * Gets a user's provider.\n * @param userId - The ID of the user.\n * @param provider - The provider to get.\n * @returns The user's provider.\n */\nexport const getUserProvider = async <T extends SessionProviders['provider']>(\n  userId: string | ObjectId,\n  provider: T,\n  providerAccountId?: string\n): Promise<UserProvider<T> | null> => {\n  const user = await getUserById(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  const userProvider = user.provider?.find(\n    (providerEl) =>\n      (providerEl.provider === provider && !providerAccountId) ||\n      (providerAccountId &&\n        (providerEl as GithubSessionProvider).providerAccountId ===\n          providerAccountId)\n  );\n\n  return (userProvider as UserProvider<T>) ?? null;\n};\n\n/**\n * Formats the given fields of a user's provider.\n * @param provider - The provider to update.\n * @param user - The user object.\n * @param providerUpdate - The updates to apply to the provider.\n * @returns The updated user provider.\n */\nexport const formatUserProviderUpdate = <\n  T extends SessionProviders['provider'],\n>(\n  provider: T,\n  user: Partial<User>,\n  providerUpdate: Partial<UserProvider<T>>\n): User['provider'] => {\n  const userProvider: SessionProviders[] = (\n    user.provider as unknown as Document\n  ).toObject();\n  const userProviderToUpdate = userProvider?.find(\n    (providerEl) => providerEl.provider === provider\n  );\n\n  let updatedProvider: User['provider'];\n\n  if (userProviderToUpdate) {\n    const otherProviders =\n      user.provider?.filter((p) => p.provider !== provider) ?? [];\n\n    updatedProvider = [\n      ...otherProviders,\n      { ...userProviderToUpdate, ...providerUpdate, provider },\n    ];\n  } else {\n    updatedProvider = [\n      ...(user.provider ?? []),\n      { ...providerUpdate, provider } as SessionProviders,\n    ];\n  }\n\n  return updatedProvider;\n};\n\n/**\n * Updates the given fields of a user's provider.\n * @param userId - The ID of the user.\n * @param provider - The provider to update.\n * @param providerUpdate - The updates to apply to the provider.\n * @returns The updated user.\n */\nexport const updateUserProvider = async <\n  T extends SessionProviders['provider'],\n>(\n  userId: string | ObjectId,\n  provider: T,\n  providerUpdate: Partial<UserProvider<T>>\n): Promise<User> => {\n  const user = await getUserById(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  const formattedProviderToUpdate = formatUserProviderUpdate(\n    provider,\n    user,\n    providerUpdate\n  );\n\n  const updatedUser: User = await updateUserById(userId, {\n    provider: formattedProviderToUpdate,\n  });\n\n  logger.info(\n    `User provider updated - User: Name: ${updatedUser.name}, id: ${String(updatedUser._id)} - Provider: ${provider}`\n  );\n\n  return updatedUser;\n};\n\n/**\n * Updates the given fields of a user's provider.\n * @param userId - The ID of the user.\n * @param provider - The updates to apply to the provider.\n * @returns The updated user.\n */\nexport const addUserProvider = async (\n  userId: string | ObjectId,\n  provider: SessionProviders\n): Promise<User> => {\n  const user = await getUserById(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  const existingProvider = await getUserProvider(userId, provider.provider);\n\n  if (existingProvider) {\n    throw new GenericError('USER_PROVIDER_ALREADY_EXISTS', {\n      userId,\n      provider,\n    });\n  }\n\n  const updatedProvider = [...(user.provider ?? []), provider];\n\n  const updatedUser = await updateUserById(userId, {\n    provider: updatedProvider,\n  });\n\n  logger.info(\n    `User provider added - User: Name: ${updatedUser.name}, id: ${String(updatedUser._id)} - Provider: ${provider.provider}`\n  );\n\n  return updatedUser;\n};\n\n/**\n * Removes a user's provider.\n * @param userId - The ID of the user.\n * @param provider - The provider to remove.\n * @returns The updated user.\n */\nexport const removeUserProvider = async (\n  userId: string | ObjectId,\n  provider: SessionProviders['provider'],\n  providerAccountId?: string\n) => {\n  const user = await getUserById(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  const existingProvider = await getUserProvider(\n    userId,\n    provider,\n    providerAccountId\n  );\n\n  if (!existingProvider) {\n    throw new GenericError('USER_PROVIDER_NOT_FOUND', {\n      userId,\n      provider,\n    });\n  }\n\n  const updatedProvider = user.provider?.filter(\n    (p) =>\n      p.provider !== provider &&\n      (!providerAccountId ||\n        (providerAccountId &&\n          (p as GithubSessionProvider).providerAccountId !== providerAccountId))\n  );\n\n  return await updateUserById(userId, {\n    provider: updatedProvider,\n  });\n};\n\ntype TestUserPasswordResult = { user: User | null; error?: string };\n\n/**\n * Logs in a user.\n * @param email - The user's email.\n * @param password - The user's password.\n * @returns The user object.\n */\nexport const testUserPassword = async (\n  email: string,\n  password: string\n): Promise<TestUserPasswordResult> => {\n  const user = await getUserByEmail(email);\n\n  if (!user) {\n    const errorMessages = {\n      en: `User not found - ${email}`,\n      fr: `Utilisateur non trouvé - ${email}`,\n      es: `Usuario no encontrado - ${email}`,\n    };\n\n    return { user: null, error: t(errorMessages) };\n  }\n\n  const userEmailPasswordProvider = user.provider?.find(\n    (provider) => provider.provider === 'email'\n  );\n\n  if (!userEmailPasswordProvider?.passwordHash) {\n    const errorMessages = {\n      en: `User request to login but no password defined: ${user.email}`,\n      fr: `Demande de connexion d'utilisateur mais pas de mot de passe défini : ${user.email}`,\n      es: `Solicitud de inicio de sesión de usuario pero no se define la contraseña : ${user.email}`,\n    };\n\n    return { user: null, error: t(errorMessages) };\n  }\n\n  const isMatch = await compare(\n    password,\n    userEmailPasswordProvider.passwordHash\n  );\n\n  if (!isMatch) {\n    const errorMessages = {\n      en: `Incorrect email or password: ${email}`,\n      fr: `Email ou mot de passe incorrect : ${email}`,\n      es: `Correo electrónico o contraseña incorrecta : ${email}`,\n    };\n\n    logger.error(errorMessages.en);\n\n    // Await a random time to prevent brute force attacks\n    const randomNumber = Math.floor(Math.random() * 1000) + 1000;\n    await new Promise((resolve) => setTimeout(resolve, randomNumber));\n\n    return { user: null, error: t(errorMessages) };\n  }\n\n  return { user };\n};\n\n/**\n * Hashes a user's password.\n * @param userWithPasswordNotHashed - The user object with password not hashed.\n * @returns The user object with hashed password.\n */\nexport const hashUserPassword = async (\n  userWithPasswordNotHashed: UserWithPasswordNotHashed\n): Promise<Partial<User>> => {\n  const { password, ...user } = userWithPasswordNotHashed;\n\n  if (!password) {\n    throw new GenericError('USER_PASSWORD_NOT_DEFINED', { user });\n  }\n\n  const userProvider = formatUserProviderUpdate('email', user, {\n    passwordHash: await hash(password, await genSalt()),\n    secret: generateSecret(35),\n  });\n\n  return { ...user, provider: userProvider };\n};\n\n/**\n * Changes a user's password.\n * @param userId - The ID of the user.\n * @param oldPassword - The user's old password.\n * @param newPassword - The user's new password.\n * @returns The updated user or null if the password change failed.\n */\nexport const changeUserPassword = async (\n  userId: string | ObjectId,\n  oldPassword: string,\n  newPassword: string\n) => {\n  const user = await getUserById(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  const { email } = user;\n\n  await testUserPassword(email, oldPassword);\n\n  const updatedUser: User = await updateUserProvider(userId, 'email', {\n    passwordHash: await hash(newPassword, await genSalt()),\n  });\n\n  return updatedUser;\n};\n\n/**\n * Resets a user's password.\n * @param userId - The ID of the user.\n * @param secret - The secret token associated with the user.\n * @param newPassword - The new password to set.\n * @returns The updated user or null if the reset failed.\n */\nexport const resetPassword = async (userId: string, password: string) => {\n  const user = await getUserById(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  const updatedUser: User = await updateUserProvider(userId, 'email', {\n    passwordHash: await hash(password, await genSalt()),\n  });\n\n  return updatedUser;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAuB;AAEvB,qBAKO;AACP,oBAA6B;AAC7B,kBAA6B;AAC7B,oBAAuC;AAGvC,8BAAkB;AAClB,0BAAgB;AAEhB,kBAA6B;AAE7B,IAAAA,eAA4D;AAiBrD,MAAM,aAAa,OAAO,SAA8B;AAC7D,QAAM,uBAAmB,YAAAC,IAAO;AAEhC,QAAM,UAAmB;AAAA,IACvB,cAAc;AAAA,IACd,SAAS,IAAI,KAAK,KAAK,IAAI,IAAI,sBAAO;AAAA,EACxC;AAEA,QAAM,cAAoB,UAAM,6BAAe,KAAK,KAAK,EAAE,QAAQ,CAAC;AAEpE,SAAO;AACT;AAEO,MAAM,gBAAgB,OAAO,SAA8B;AAChE,QAAM,UAAU;AAEhB,QAAM,cAAoB,UAAM,6BAAe,KAAK,KAAK,EAAE,QAAQ,CAAC;AAEpE,SAAO;AACT;AAOO,MAAM,cAAc,OAAO,KAAe,SAAe;AAC9D,QAAM,oBAAgB,0BAAa,IAAI;AAEvC,QAAM,YAAY,oBAAAC,QAAI,KAAK,eAAe,QAAQ,IAAI,kBAAmB;AAAA,IACvE,WAAW;AAAA,EACb,CAAC;AAED,MAAI,CAAC,WAAW;AACd,UAAM,IAAI,2BAAa,kCAAkC,EAAE,KAAK,CAAC;AAAA,EACnE;AAEA,QAAM,oBAAgB,iCAAiB;AAEvC,MAAI,OAAO,uBAAQ,UAAU,WAAW,aAAa;AAErD,QAAM,kBAAkB,MAAM,WAAW,IAAI;AAE7C,QAAM,mBAAmB,gBAAgB,SAAS;AAElD,MAAI,OAAO,uBAAQ,UAAU,kBAAkB,aAAa;AAE5D,MAAI,OAAO,OAAO;AAClB,uBAAO;AAAA,IACL,gCAAgC,KAAK,IAAI,SAAS,OAAO,KAAK,GAAG,CAAC;AAAA,EACpE;AACF;AAMO,MAAM,gBAAgB,OAAO,QAAiC;AACnE,QAAM,EAAE,KAAK,IAAI,IAAI;AACrB,QAAM,qBAAiB,sCAAsB;AAE7C,MAAI,MAAM;AACR,UAAM,cAAc,IAAI;AAAA,EAC1B;AAEA,MAAI,OAAO,uBAAQ,UAAU,IAAI,cAAc;AAC/C,MAAI,OAAO,uBAAQ,UAAU,IAAI,cAAc;AAE/C,MAAI,OAAO,OAAO;AAClB,MAAI,OAAO,WAAW;AACxB;AAQO,MAAM,sBAAsB,CACjC,KACA,iBACG;AACH,QAAM,mBAAmB;AAAA,IACvB,KAAK,aAAa;AAAA,IAClB,MAAM,aAAa;AAAA,EACrB;AAEA,QAAM,oBAAoB,oBAAAA,QAAI;AAAA,IAC5B;AAAA,IACA,QAAQ,IAAI;AAAA,IACZ;AAAA,MACE,WAAW;AAAA,IACb;AAAA,EACF;AAEA,MAAI,CAAC,mBAAmB;AACtB,UAAM,IAAI,2BAAa,0CAA0C;AAAA,MAC/D;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,uBAAQ,kBAAkB,uBAAmB,iCAAiB,CAAC;AAE1E,MAAI,OAAO,eAAe;AAC5B;AAMO,MAAM,wBAAwB,CAAC,QAAiC;AACrE,MAAI,OAAO,eAAe;AAE1B,MAAI,OAAO,uBAAQ,kBAAkB,QAAI,sCAAsB,CAAC;AAClE;AAOO,MAAM,iBAAiB,CAC5B,KACA,YACG;AACH,QAAM,EAAE,aAAa,IAAI,IAAI;AAC7B,QAAM,cAAc;AAAA,IAClB,KAAK,QAAQ;AAAA,IACb,MAAM,QAAQ;AAAA,EAChB;AAEA,QAAM,eAAe,oBAAAA,QAAI,KAAK,aAAa,QAAQ,IAAI,kBAAmB;AAAA,IACxE,WAAW;AAAA,EACb,CAAC;AAED,MAAI,CAAC,cAAc;AACjB,UAAM,IAAI,2BAAa,qCAAqC;AAAA,MAC1D;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,uBAAQ,aAAa,kBAAc,iCAAiB,CAAC;AAEhE,MAAI,CAAC,cAAc;AACjB,UAAM,IAAI,2BAAa,0BAA0B;AAAA,MAC/C;AAAA,IACF,CAAC;AAAA,EACH;AAEA;AAAA;AAAA,IAEE,OAAO,aAAa,GAAG,MAAM,OAAO,QAAQ,cAAc;AAAA,IAC1D;AACA,UAAM,IAAI,2BAAa,2CAA2C;AAAA,MAChE;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI,OAAO,UAAU;AACvB;AAMO,MAAM,mBAAmB,CAAC,QAAkB;AACjD,MAAI,OAAO,UAAU;AAErB,MAAI,OAAO,uBAAQ,aAAa,QAAI,sCAAsB,CAAC;AAC7D;AAOO,MAAM,eAAe,OAC1B,QACA,WACkB;AAClB,SAAO,MAAM,mBAAmB,QAAQ,SAAS;AAAA,IAC/C;AAAA,EACF,CAAC;AACH;AAOO,MAAM,iBAAiB,CAAC,WAA2B;AACxD,QAAM,aACJ;AACF,SAAO,MAAM;AAAA,IAAK,EAAE,OAAO;AAAA,IAAG,MAC5B,WAAW,OAAO,KAAK,MAAM,KAAK,OAAO,IAAI,WAAW,MAAM,CAAC;AAAA,EACjE,EAAE,KAAK,EAAE;AACX;AAQO,MAAM,uBAAuB,OAClC,UACyB;AACzB,QAAM,OAAO,UAAM,6BAAe,KAAK;AAEvC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,MAAM,CAAC;AAAA,EACpD;AAEA,SAAO,mBAAmB,KAAK,KAA0B,SAAS;AAAA,IAChE,QAAQ,eAAe,EAAE;AAAA,EAC3B,CAAC;AACH;AASO,MAAM,oBAAoB,OAC/B,QACA,QACA,gBACkB;AAClB,QAAM,2BAA2B,MAAM,gBAAgB,QAAQ,OAAO;AAEtE,MAAI,CAAC,0BAA0B;AAC7B,UAAM,IAAI,2BAAa,2BAA2B,EAAE,OAAO,CAAC;AAAA,EAC9D;AAEA,MAAI,yBAAyB,WAAW,QAAQ;AAC9C,UAAM,IAAI,2BAAa,kCAAkC,EAAE,OAAO,CAAC;AAAA,EACrE;AAEA,QAAM,cAAoB,MAAM,mBAAmB,QAAQ,SAAS;AAAA,IAClE,cAAc,UAAM,oBAAK,aAAa,UAAM,uBAAQ,CAAC;AAAA,IACrD;AAAA,EACF,CAAC;AAED,SAAO;AACT;AAgBO,MAAM,kBAAkB,OAC7B,QACA,UACA,sBACoC;AACpC,QAAM,OAAO,UAAM,0BAAY,MAAM;AAErC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,QAAM,eAAe,KAAK,UAAU;AAAA,IAClC,CAAC,eACE,WAAW,aAAa,YAAY,CAAC,qBACrC,qBACE,WAAqC,sBACpC;AAAA,EACR;AAEA,SAAQ,gBAAoC;AAC9C;AASO,MAAM,2BAA2B,CAGtC,UACA,MACA,mBACqB;AACrB,QAAM,eACJ,KAAK,SACL,SAAS;AACX,QAAM,uBAAuB,cAAc;AAAA,IACzC,CAAC,eAAe,WAAW,aAAa;AAAA,EAC1C;AAEA,MAAI;AAEJ,MAAI,sBAAsB;AACxB,UAAM,iBACJ,KAAK,UAAU,OAAO,CAAC,MAAM,EAAE,aAAa,QAAQ,KAAK,CAAC;AAE5D,sBAAkB;AAAA,MAChB,GAAG;AAAA,MACH,EAAE,GAAG,sBAAsB,GAAG,gBAAgB,SAAS;AAAA,IACzD;AAAA,EACF,OAAO;AACL,sBAAkB;AAAA,MAChB,GAAI,KAAK,YAAY,CAAC;AAAA,MACtB,EAAE,GAAG,gBAAgB,SAAS;AAAA,IAChC;AAAA,EACF;AAEA,SAAO;AACT;AASO,MAAM,qBAAqB,OAGhC,QACA,UACA,mBACkB;AAClB,QAAM,OAAO,UAAM,0BAAY,MAAM;AAErC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,QAAM,4BAA4B;AAAA,IAChC;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,cAAoB,UAAM,6BAAe,QAAQ;AAAA,IACrD,UAAU;AAAA,EACZ,CAAC;AAED,uBAAO;AAAA,IACL,uCAAuC,YAAY,IAAI,SAAS,OAAO,YAAY,GAAG,CAAC,gBAAgB,QAAQ;AAAA,EACjH;AAEA,SAAO;AACT;AAQO,MAAM,kBAAkB,OAC7B,QACA,aACkB;AAClB,QAAM,OAAO,UAAM,0BAAY,MAAM;AAErC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,QAAM,mBAAmB,MAAM,gBAAgB,QAAQ,SAAS,QAAQ;AAExE,MAAI,kBAAkB;AACpB,UAAM,IAAI,2BAAa,gCAAgC;AAAA,MACrD;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,kBAAkB,CAAC,GAAI,KAAK,YAAY,CAAC,GAAI,QAAQ;AAE3D,QAAM,cAAc,UAAM,6BAAe,QAAQ;AAAA,IAC/C,UAAU;AAAA,EACZ,CAAC;AAED,uBAAO;AAAA,IACL,qCAAqC,YAAY,IAAI,SAAS,OAAO,YAAY,GAAG,CAAC,gBAAgB,SAAS,QAAQ;AAAA,EACxH;AAEA,SAAO;AACT;AAQO,MAAM,qBAAqB,OAChC,QACA,UACA,sBACG;AACH,QAAM,OAAO,UAAM,0BAAY,MAAM;AAErC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,QAAM,mBAAmB,MAAM;AAAA,IAC7B;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,MAAI,CAAC,kBAAkB;AACrB,UAAM,IAAI,2BAAa,2BAA2B;AAAA,MAChD;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,kBAAkB,KAAK,UAAU;AAAA,IACrC,CAAC,MACC,EAAE,aAAa,aACd,CAAC,qBACC,qBACE,EAA4B,sBAAsB;AAAA,EAC3D;AAEA,SAAO,UAAM,6BAAe,QAAQ;AAAA,IAClC,UAAU;AAAA,EACZ,CAAC;AACH;AAUO,MAAM,mBAAmB,OAC9B,OACA,aACoC;AACpC,QAAM,OAAO,UAAM,6BAAe,KAAK;AAEvC,MAAI,CAAC,MAAM;AACT,UAAM,gBAAgB;AAAA,MACpB,IAAI,oBAAoB,KAAK;AAAA,MAC7B,IAAI,+BAA4B,KAAK;AAAA,MACrC,IAAI,2BAA2B,KAAK;AAAA,IACtC;AAEA,WAAO,EAAE,MAAM,MAAM,WAAO,2BAAE,aAAa,EAAE;AAAA,EAC/C;AAEA,QAAM,4BAA4B,KAAK,UAAU;AAAA,IAC/C,CAAC,aAAa,SAAS,aAAa;AAAA,EACtC;AAEA,MAAI,CAAC,2BAA2B,cAAc;AAC5C,UAAM,gBAAgB;AAAA,MACpB,IAAI,kDAAkD,KAAK,KAAK;AAAA,MAChE,IAAI,2EAAwE,KAAK,KAAK;AAAA,MACtF,IAAI,oFAA8E,KAAK,KAAK;AAAA,IAC9F;AAEA,WAAO,EAAE,MAAM,MAAM,WAAO,2BAAE,aAAa,EAAE;AAAA,EAC/C;AAEA,QAAM,UAAU,UAAM;AAAA,IACpB;AAAA,IACA,0BAA0B;AAAA,EAC5B;AAEA,MAAI,CAAC,SAAS;AACZ,UAAM,gBAAgB;AAAA,MACpB,IAAI,gCAAgC,KAAK;AAAA,MACzC,IAAI,qCAAqC,KAAK;AAAA,MAC9C,IAAI,sDAAgD,KAAK;AAAA,IAC3D;AAEA,yBAAO,MAAM,cAAc,EAAE;AAG7B,UAAM,eAAe,KAAK,MAAM,KAAK,OAAO,IAAI,GAAI,IAAI;AACxD,UAAM,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,YAAY,CAAC;AAEhE,WAAO,EAAE,MAAM,MAAM,WAAO,2BAAE,aAAa,EAAE;AAAA,EAC/C;AAEA,SAAO,EAAE,KAAK;AAChB;AAOO,MAAM,mBAAmB,OAC9B,8BAC2B;AAC3B,QAAM,EAAE,UAAU,GAAG,KAAK,IAAI;AAE9B,MAAI,CAAC,UAAU;AACb,UAAM,IAAI,2BAAa,6BAA6B,EAAE,KAAK,CAAC;AAAA,EAC9D;AAEA,QAAM,eAAe,yBAAyB,SAAS,MAAM;AAAA,IAC3D,cAAc,UAAM,oBAAK,UAAU,UAAM,uBAAQ,CAAC;AAAA,IAClD,QAAQ,eAAe,EAAE;AAAA,EAC3B,CAAC;AAED,SAAO,EAAE,GAAG,MAAM,UAAU,aAAa;AAC3C;AASO,MAAM,qBAAqB,OAChC,QACA,aACA,gBACG;AACH,QAAM,OAAO,UAAM,0BAAY,MAAM;AAErC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,QAAM,EAAE,MAAM,IAAI;AAElB,QAAM,iBAAiB,OAAO,WAAW;AAEzC,QAAM,cAAoB,MAAM,mBAAmB,QAAQ,SAAS;AAAA,IAClE,cAAc,UAAM,oBAAK,aAAa,UAAM,uBAAQ,CAAC;AAAA,EACvD,CAAC;AAED,SAAO;AACT;AASO,MAAM,gBAAgB,OAAO,QAAgB,aAAqB;AACvE,QAAM,OAAO,UAAM,0BAAY,MAAM;AAErC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,QAAM,cAAoB,MAAM,mBAAmB,QAAQ,SAAS;AAAA,IAClE,cAAc,UAAM,oBAAK,UAAU,UAAM,uBAAQ,CAAC;AAAA,EACpD,CAAC;AAED,SAAO;AACT;","names":["import_user","uuidv4","jwt"]}

package/dist/cjs/services/user.service.cjs

@@ -0,0 +1,155 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var user_service_exports = {};
+__export(user_service_exports, {
+  checkUserExists: () => checkUserExists,
+  countUsers: () => countUsers,
+  createUser: () => createUser,
+  deleteUser: () => deleteUser,
+  findUsers: () => findUsers,
+  getUserByAccount: () => getUserByAccount,
+  getUserByEmail: () => getUserByEmail,
+  getUserById: () => getUserById,
+  getUserBySession: () => getUserBySession,
+  getUsersByEmails: () => getUsersByEmails,
+  getUsersByIds: () => getUsersByIds,
+  updateUserById: () => updateUserById
+});
+module.exports = __toCommonJS(user_service_exports);
+var import_user = require('./../models/user.model.cjs');
+var import_errors = require('./../utils/errors/index.cjs');
+var import_validateUser = require('./../utils/validation/validateUser.cjs');
+var import_sessionAuth = require('./sessionAuth.service.cjs');
+const createUser = async (user) => {
+  const fieldsToCheck = ["email"];
+  const errors = (0, import_validateUser.validateUser)(user, fieldsToCheck);
+  if (Object.keys(errors).length > 0) {
+    throw new import_errors.GenericError("USER_INVALID_FIELDS", {
+      userEmail: user.email,
+      errors
+    });
+  }
+  let newUser;
+  if (user.password) {
+    const userWithHashedPassword = await (0, import_sessionAuth.hashUserPassword)(user);
+    newUser = await import_user.UserModel.create(userWithHashedPassword);
+  } else {
+    newUser = await import_user.UserModel.create(user);
+  }
+  if (!newUser) {
+    throw new import_errors.GenericError("USER_CREATION_FAILED", { userEmail: user.email });
+  }
+  return newUser;
+};
+const getUserByEmail = async (email) => {
+  return await import_user.UserModel.findOne({ email });
+};
+const getUsersByEmails = async (emails) => {
+  return await import_user.UserModel.find({ email: { $in: emails } });
+};
+const checkUserExists = async (email) => {
+  const user = await import_user.UserModel.exists({ email });
+  return user !== null;
+};
+const getUserById = async (userId) => {
+  return await import_user.UserModel.findById(userId);
+};
+const getUsersByIds = async (userIds) => {
+  return await import_user.UserModel.find({ _id: { $in: userIds } });
+};
+const getUserBySession = async (sessionToken) => {
+  const user = await import_user.UserModel.findOne({
+    "session.sessionToken": sessionToken
+  });
+  if (!user) {
+    throw new import_errors.GenericError("USER_NOT_FOUND", { sessionToken });
+  }
+  if (user.session?.expires && user.session.expires < /* @__PURE__ */ new Date()) {
+    throw new import_errors.GenericError("USER_SESSION_EXPIRED", {
+      sessionToken,
+      userId: user.id
+    });
+  }
+  return user;
+};
+const getUserByAccount = async (provider, providerAccountId) => {
+  const user = await import_user.UserModel.findOne({
+    provider: [{ provider, providerAccountId }]
+  });
+  if (!user) {
+    throw new import_errors.GenericError("USER_NOT_FOUND", {
+      provider,
+      providerAccountId
+    });
+  }
+  return user;
+};
+const findUsers = async (filters, skip, limit) => {
+  return await import_user.UserModel.find(filters).skip(skip).limit(limit);
+};
+const countUsers = async (filters) => {
+  const count = await import_user.UserModel.countDocuments(filters);
+  if (typeof count === "undefined") {
+    throw new import_errors.GenericError("USER_COUNT_FAILED");
+  }
+  return count;
+};
+const updateUserById = async (userId, updates) => {
+  const keyToValidate = Object.keys(updates);
+  const errors = (0, import_validateUser.validateUser)(updates, keyToValidate);
+  if (Object.keys(errors).length > 0) {
+    throw new import_errors.GenericError("USER_INVALID_FIELDS", {
+      userId,
+      errors
+    });
+  }
+  const result = await import_user.UserModel.updateOne({ _id: userId }, { $set: updates });
+  if (result.matchedCount === 0) {
+    throw new import_errors.GenericError("USER_UPDATE_FAILED", { userId });
+  }
+  const updatedUser = await import_user.UserModel.findById(userId);
+  if (!updatedUser) {
+    throw new import_errors.GenericError("USER_UPDATED_USER_NOT_FOUND", { userId });
+  }
+  return updatedUser;
+};
+const deleteUser = async (userId) => {
+  await getUserById(userId);
+  const user = await import_user.UserModel.findByIdAndDelete(userId);
+  if (!user) {
+    throw new import_errors.GenericError("USER_NOT_FOUND", { userId });
+  }
+  return user;
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  checkUserExists,
+  countUsers,
+  createUser,
+  deleteUser,
+  findUsers,
+  getUserByAccount,
+  getUserByEmail,
+  getUserById,
+  getUserBySession,
+  getUsersByEmails,
+  getUsersByIds,
+  updateUserById
+});
+//# sourceMappingURL=user.service.cjs.map

package/dist/cjs/services/user.service.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/services/user.service.ts"],"sourcesContent":["import { UserModel } from '@models/user.model';\nimport { GenericError } from '@utils/errors';\nimport type { UserFilters } from '@utils/filtersAndPagination/getUserFiltersAndPagination';\nimport {\n  type FieldsToCheck,\n  type UserFields,\n  validateUser,\n} from '@utils/validation/validateUser';\nimport type { ObjectId } from 'mongoose';\n// eslint-disable-next-line import/no-cycle\nimport { hashUserPassword } from './sessionAuth.service';\nimport type { SessionProviders } from '@/types/session.types';\nimport type {\n  User,\n  UserAPI,\n  UserDocument,\n  UserWithPasswordNotHashed,\n} from '@/types/user.types';\n\n/**\n * Creates a new user with password in the database and hashes the password.\n * @param user - User object with password not hashed.\n * @returns Created user object.\n */\nexport const createUser = async (user: UserWithPasswordNotHashed) => {\n  const fieldsToCheck: FieldsToCheck[] = ['email'];\n\n  const errors = validateUser(user, fieldsToCheck);\n\n  if (Object.keys(errors).length > 0) {\n    throw new GenericError('USER_INVALID_FIELDS', {\n      userEmail: user.email,\n      errors,\n    });\n  }\n\n  let newUser: User;\n\n  if (user.password) {\n    const userWithHashedPassword = await hashUserPassword(user);\n\n    newUser = await UserModel.create(userWithHashedPassword);\n  } else {\n    newUser = await UserModel.create(user);\n  }\n\n  if (!newUser) {\n    throw new GenericError('USER_CREATION_FAILED', { userEmail: user.email });\n  }\n\n  return newUser;\n};\n\n/**\n * Retrieves a user by email.\n * @param email - User's email.\n * @returns User object or null if no user was found.\n */\nexport const getUserByEmail = async (email: string): Promise<User | null> => {\n  return await UserModel.findOne({ email });\n};\n\n/**\n * Retrieves users list by email.\n * @param emails - Users email.\n * @returns User object or null if no user was found.\n */\nexport const getUsersByEmails = async (\n  emails: string[]\n): Promise<User[] | null> => {\n  return await UserModel.find({ email: { $in: emails } });\n};\n\n/**\n * Checks if a user exists by email.\n * @param email - User's email.\n * @returns True if the user exists, false otherwise.\n */\nexport const checkUserExists = async (email: string) => {\n  const user = await UserModel.exists({ email });\n  return user !== null;\n};\n\n/**\n * Retrieves a user by ID.\n * @param userId - User's ID.\n * @returns User object or null if no user was found.\n */\nexport const getUserById = async (\n  userId: string | ObjectId\n): Promise<User | null> => {\n  return await UserModel.findById(userId);\n};\n\n/**\n * Retrieves a user by ID.\n * @param userId - User's ID.\n * @returns User object or null if no user was found.\n */\nexport const getUsersByIds = async (\n  userIds: (string | ObjectId)[]\n): Promise<User[] | null> => {\n  return await UserModel.find({ _id: { $in: userIds } });\n};\n\n/**\n * Retrieves a user by session token.\n * @param sessionToken - The session token.\n * @returns User object or null if no user was found.\n */\nexport const getUserBySession = async (sessionToken: string) => {\n  // Get an user by session token and check if it expired\n  const user = await UserModel.findOne({\n    'session.sessionToken': sessionToken,\n  });\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { sessionToken });\n  }\n\n  if (user.session?.expires && user.session.expires < new Date()) {\n    throw new GenericError('USER_SESSION_EXPIRED', {\n      sessionToken,\n      userId: user.id,\n    });\n  }\n\n  return user;\n};\n\n/**\n * Retrieves a user by account.\n * @param provider - The provider of the account.\n * @param providerAccountId - The provider account ID.\n * @returns User object or null if no user was found.\n */\nexport const getUserByAccount = async (\n  provider: SessionProviders['provider'],\n  providerAccountId: string\n): Promise<User> => {\n  const user = await UserModel.findOne({\n    provider: [{ provider, providerAccountId }],\n  });\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', {\n      provider,\n      providerAccountId,\n    });\n  }\n\n  return user;\n};\n\n/**\n * Finds users based on filters and pagination options.\n * @param filters - MongoDB filter query.\n * @param skip - Number of documents to skip.\n * @param limit - Number of documents to limit.\n * @returns List of users matching the filters.\n */\nexport const findUsers = async (\n  filters: UserFilters,\n  skip: number,\n  limit: number\n): Promise<User[]> => {\n  return await UserModel.find(filters).skip(skip).limit(limit);\n};\n\n/**\n * Counts the total number of users that match the filters.\n * @param filters - MongoDB filter query.\n * @returns Total number of users.\n */\nexport const countUsers = async (filters: UserFilters): Promise<number> => {\n  const count = await UserModel.countDocuments(filters);\n\n  if (typeof count === 'undefined') {\n    throw new GenericError('USER_COUNT_FAILED');\n  }\n\n  return count;\n};\n\n/**\n * Updates a user's information.\n * @param user - The user object.\n * @param updates - The updates to apply to the user.\n * @returns The updated user.\n */\nexport const updateUserById = async (\n  userId: string | ObjectId,\n  updates: Partial<User>\n): Promise<User> => {\n  const keyToValidate = Object.keys(updates) as UserFields;\n  const errors = validateUser(updates, keyToValidate);\n\n  if (Object.keys(errors).length > 0) {\n    throw new GenericError('USER_INVALID_FIELDS', {\n      userId,\n      errors,\n    });\n  }\n\n  const result = await UserModel.updateOne({ _id: userId }, { $set: updates });\n\n  if (result.matchedCount === 0) {\n    throw new GenericError('USER_UPDATE_FAILED', { userId });\n  }\n\n  const updatedUser = await UserModel.findById(userId);\n\n  if (!updatedUser) {\n    throw new GenericError('USER_UPDATED_USER_NOT_FOUND', { userId });\n  }\n\n  return updatedUser;\n};\n\n/**\n * Deletes a user from the database.\n * @param userId - The user object.\n * @returns\n */\nexport const deleteUser = async (userId: string | ObjectId) => {\n  await getUserById(userId);\n\n  const user = await UserModel.findByIdAndDelete(userId);\n\n  if (!user) {\n    throw new GenericError('USER_NOT_FOUND', { userId });\n  }\n\n  return user;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,kBAA0B;AAC1B,oBAA6B;AAE7B,0BAIO;AAGP,yBAAiC;AAc1B,MAAM,aAAa,OAAO,SAAoC;AACnE,QAAM,gBAAiC,CAAC,OAAO;AAE/C,QAAM,aAAS,kCAAa,MAAM,aAAa;AAE/C,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,GAAG;AAClC,UAAM,IAAI,2BAAa,uBAAuB;AAAA,MAC5C,WAAW,KAAK;AAAA,MAChB;AAAA,IACF,CAAC;AAAA,EACH;AAEA,MAAI;AAEJ,MAAI,KAAK,UAAU;AACjB,UAAM,yBAAyB,UAAM,qCAAiB,IAAI;AAE1D,cAAU,MAAM,sBAAU,OAAO,sBAAsB;AAAA,EACzD,OAAO;AACL,cAAU,MAAM,sBAAU,OAAO,IAAI;AAAA,EACvC;AAEA,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,2BAAa,wBAAwB,EAAE,WAAW,KAAK,MAAM,CAAC;AAAA,EAC1E;AAEA,SAAO;AACT;AAOO,MAAM,iBAAiB,OAAO,UAAwC;AAC3E,SAAO,MAAM,sBAAU,QAAQ,EAAE,MAAM,CAAC;AAC1C;AAOO,MAAM,mBAAmB,OAC9B,WAC2B;AAC3B,SAAO,MAAM,sBAAU,KAAK,EAAE,OAAO,EAAE,KAAK,OAAO,EAAE,CAAC;AACxD;AAOO,MAAM,kBAAkB,OAAO,UAAkB;AACtD,QAAM,OAAO,MAAM,sBAAU,OAAO,EAAE,MAAM,CAAC;AAC7C,SAAO,SAAS;AAClB;AAOO,MAAM,cAAc,OACzB,WACyB;AACzB,SAAO,MAAM,sBAAU,SAAS,MAAM;AACxC;AAOO,MAAM,gBAAgB,OAC3B,YAC2B;AAC3B,SAAO,MAAM,sBAAU,KAAK,EAAE,KAAK,EAAE,KAAK,QAAQ,EAAE,CAAC;AACvD;AAOO,MAAM,mBAAmB,OAAO,iBAAyB;AAE9D,QAAM,OAAO,MAAM,sBAAU,QAAQ;AAAA,IACnC,wBAAwB;AAAA,EAC1B,CAAC;AAED,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,aAAa,CAAC;AAAA,EAC3D;AAEA,MAAI,KAAK,SAAS,WAAW,KAAK,QAAQ,UAAU,oBAAI,KAAK,GAAG;AAC9D,UAAM,IAAI,2BAAa,wBAAwB;AAAA,MAC7C;AAAA,MACA,QAAQ,KAAK;AAAA,IACf,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAQO,MAAM,mBAAmB,OAC9B,UACA,sBACkB;AAClB,QAAM,OAAO,MAAM,sBAAU,QAAQ;AAAA,IACnC,UAAU,CAAC,EAAE,UAAU,kBAAkB,CAAC;AAAA,EAC5C,CAAC;AAED,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB;AAAA,MACvC;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AASO,MAAM,YAAY,OACvB,SACA,MACA,UACoB;AACpB,SAAO,MAAM,sBAAU,KAAK,OAAO,EAAE,KAAK,IAAI,EAAE,MAAM,KAAK;AAC7D;AAOO,MAAM,aAAa,OAAO,YAA0C;AACzE,QAAM,QAAQ,MAAM,sBAAU,eAAe,OAAO;AAEpD,MAAI,OAAO,UAAU,aAAa;AAChC,UAAM,IAAI,2BAAa,mBAAmB;AAAA,EAC5C;AAEA,SAAO;AACT;AAQO,MAAM,iBAAiB,OAC5B,QACA,YACkB;AAClB,QAAM,gBAAgB,OAAO,KAAK,OAAO;AACzC,QAAM,aAAS,kCAAa,SAAS,aAAa;AAElD,MAAI,OAAO,KAAK,MAAM,EAAE,SAAS,GAAG;AAClC,UAAM,IAAI,2BAAa,uBAAuB;AAAA,MAC5C;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAEA,QAAM,SAAS,MAAM,sBAAU,UAAU,EAAE,KAAK,OAAO,GAAG,EAAE,MAAM,QAAQ,CAAC;AAE3E,MAAI,OAAO,iBAAiB,GAAG;AAC7B,UAAM,IAAI,2BAAa,sBAAsB,EAAE,OAAO,CAAC;AAAA,EACzD;AAEA,QAAM,cAAc,MAAM,sBAAU,SAAS,MAAM;AAEnD,MAAI,CAAC,aAAa;AAChB,UAAM,IAAI,2BAAa,+BAA+B,EAAE,OAAO,CAAC;AAAA,EAClE;AAEA,SAAO;AACT;AAOO,MAAM,aAAa,OAAO,WAA8B;AAC7D,QAAM,YAAY,MAAM;AAExB,QAAM,OAAO,MAAM,sBAAU,kBAAkB,MAAM;AAErD,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,2BAAa,kBAAkB,EAAE,OAAO,CAAC;AAAA,EACrD;AAEA,SAAO;AACT;","names":[]}

package/dist/cjs/types/Routes.cjs

@@ -0,0 +1,17 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var Routes_exports = {};
+module.exports = __toCommonJS(Routes_exports);
+//# sourceMappingURL=Routes.cjs.map

package/dist/cjs/types/Routes.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/types/Routes.ts"],"sourcesContent":["export type Route = {\n  urlModel: string;\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  url: string | ((args: any) => string);\n  method: 'GET' | 'POST' | 'PATCH' | 'PUT' | 'DELETE';\n};\n\nexport type Routes = Record<string, Route>;\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/cjs/types/dictionary.types.cjs

@@ -0,0 +1,17 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var dictionary_types_exports = {};
+module.exports = __toCommonJS(dictionary_types_exports);
+//# sourceMappingURL=dictionary.types.cjs.map

package/dist/cjs/types/dictionary.types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/types/dictionary.types.ts"],"sourcesContent":["import type { DictionaryValue } from '@intlayer/core';\nimport type { Model, ObjectId, Document } from 'mongoose';\nimport type { Project } from './project.types';\nimport type { User } from './user.types';\n\nexport type DictionaryCreationData = {\n  projectIds: (Project['_id'] | string)[];\n  key: string;\n  content?: DictionaryValue;\n  title?: string;\n  description?: string;\n  version?: number;\n  filePath?: string;\n};\n\nexport type DictionaryData = {\n  projectIds: (Project['_id'] | string)[];\n  key: string;\n  content: DictionaryValue[];\n  creatorId: User['_id'];\n  title?: string;\n  description?: string;\n  version?: number;\n  filePath?: Record<string, string>;\n};\n\nexport type Dictionary = DictionaryData & {\n  _id: ObjectId;\n  createdAt: number;\n  updatedAt: number;\n};\n\nexport type DictionaryAPI = Omit<DictionaryData, 'filePath' | 'content'> & {\n  content: DictionaryValue;\n  filePath?: string;\n};\n\nexport type DictionaryDocument = Document<Dictionary> & Dictionary;\nexport type DictionaryModelType = Model<Dictionary>;\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/cjs/types/organization.types.cjs

@@ -0,0 +1,17 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var organization_types_exports = {};
+module.exports = __toCommonJS(organization_types_exports);
+//# sourceMappingURL=organization.types.cjs.map

package/dist/cjs/types/organization.types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/types/organization.types.ts"],"sourcesContent":["import type { ObjectId, Document } from 'mongoose';\nimport type { User } from './user.types';\n\nexport type OrganizationCreationData = {\n  name: Organization['name'];\n};\n\nexport type OrganizationData = {\n  name: string;\n  membersIds: User['_id'][];\n  adminsIds: User['_id'][];\n};\n\nexport type Organization = OrganizationData & {\n  _id: ObjectId;\n  creatorId: User['_id'];\n  createdAt: number;\n  updatedAt: number;\n};\n\nexport type OrganizationAPI = Omit<OrganizationData, 'adminsIds'> & {\n  adminsIds?: User['_id'][];\n};\n\nexport type OrganizationDocument = Document<Organization> & Organization;\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/cjs/types/project.types.cjs

@@ -0,0 +1,17 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var project_types_exports = {};
+module.exports = __toCommonJS(project_types_exports);
+//# sourceMappingURL=project.types.cjs.map

package/dist/cjs/types/project.types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/types/project.types.ts"],"sourcesContent":["import type { Model, ObjectId, Document } from 'mongoose';\nimport type { Organization } from './organization.types';\nimport type { User } from './user.types';\n\nexport type ProjectCreationData = {\n  name: Project['name'];\n};\n\nexport type ProjectData = {\n  organizationId: Organization['_id'];\n  name: string;\n  membersIds: User['_id'][];\n  adminsIds: User['_id'][];\n  creatorId: User['_id'];\n};\n\nexport type AccessKeyData = {\n  name: string;\n  expiresAt?: Date;\n};\n\nexport type OAuth2AccessData = AccessKeyData & {\n  clientId: string;\n  clientSecret: string;\n  accessToken: string[];\n  userId: User['_id'];\n};\n\nexport type OAuth2Access = OAuth2AccessData & {\n  _id: ObjectId;\n  createdAt: number;\n  updatedAt: number;\n};\n\nexport type Project = ProjectData & {\n  _id: ObjectId;\n  createdAt: number;\n  updatedAt: number;\n  oAuth2Access: OAuth2Access[];\n};\n\nexport type ProjectAPI = Omit<ProjectData, 'adminsIds'> & {\n  adminsIds?: User['_id'][];\n};\n\nexport type ProjectDocument = Document<Project> & Project;\n\nexport type ProjectModelType = Model<Project>;\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/cjs/types/session.types.cjs

@@ -0,0 +1,17 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var session_types_exports = {};
+module.exports = __toCommonJS(session_types_exports);
+//# sourceMappingURL=session.types.cjs.map

package/dist/cjs/types/session.types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/types/session.types.ts"],"sourcesContent":["export interface EmailPasswordSessionProvider {\n  provider: 'email';\n  secret?: string;\n  emailValidated?: Date;\n  passwordHash?: string;\n}\n\nexport interface GoogleSessionProvider {\n  provider: 'google';\n  providerAccountId: string;\n}\n\nexport interface GithubSessionProvider {\n  provider: 'github';\n  providerAccountId: string;\n}\n\nexport type SessionProviders =\n  | EmailPasswordSessionProvider\n  | GoogleSessionProvider\n  | GithubSessionProvider;\n\nexport type Session = {\n  /** A randomly generated value that is used to get hold of the session. */\n  sessionToken: string;\n  /** Used to connect the session to a particular user */\n  expires: Date;\n};\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/cjs/types/user.types.cjs

@@ -0,0 +1,17 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var user_types_exports = {};
+module.exports = __toCommonJS(user_types_exports);
+//# sourceMappingURL=user.types.cjs.map

package/dist/cjs/types/user.types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/types/user.types.ts"],"sourcesContent":["import type { ObjectId, Model, Document } from 'mongoose';\nimport type { Session, SessionProviders } from './session.types';\n\nexport interface UserData {\n  email: string;\n  name: string;\n  phone?: string;\n  dateOfBirth?: Date;\n}\n\nexport interface User extends UserData {\n  _id: ObjectId;\n  provider?: SessionProviders[];\n  session?: Session;\n  createdAt: number;\n  updatedAt: number;\n}\n\nexport interface UserAPI\n  extends Omit<User, 'provider' | 'session' | 'createdAt'> {\n  role: string;\n}\n\nexport type UserDocument = Document<User> & User;\n\nexport type UserWithPasswordNotHashed = Partial<User> &\n  Pick<User, 'email'> & {\n    password?: string;\n  };\n\nexport type UserModelType = Model<User> & {\n  login: (email: string, password: string) => Promise<User>;\n  changePassword: (\n    userId: ObjectId | string,\n    oldPassword: string,\n    newPassword: string\n  ) => Promise<User>;\n  resetPassword: (userId: User['_id'], password: string) => Promise<User>;\n};\n"],"mappings":";;;;;;;;;;;;;;AAAA;AAAA;","names":[]}

package/dist/cjs/utils/CSRF.cjs

@@ -0,0 +1,47 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var CSRF_exports = {};
+__export(CSRF_exports, {
+  doubleCsrfProtection: () => doubleCsrfProtection,
+  generateToken: () => generateToken,
+  validateRequest: () => validateRequest
+});
+module.exports = __toCommonJS(CSRF_exports);
+var import_csrf_csrf = require("csrf-csrf");
+var import_cookies = require('./cookies.cjs');
+const {
+  generateToken,
+  // Use this in your routes to provide a CSRF hash + token cookie and token.
+  validateRequest,
+  // Also a convenience if you plan on making your own middleware.
+  doubleCsrfProtection
+  // This is the default CSRF protection middleware.
+} = (0, import_csrf_csrf.doubleCsrf)({
+  getSecret: () => process.env.CSRF_SECRET,
+  getTokenFromRequest: (req) => req.body.csrf_token,
+  cookieName: import_cookies.Cookies.XSRF_TOKEN,
+  cookieOptions: (0, import_cookies.getCookieOptions)()
+});
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  doubleCsrfProtection,
+  generateToken,
+  validateRequest
+});
+//# sourceMappingURL=CSRF.cjs.map

package/dist/cjs/utils/CSRF.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/CSRF.ts"],"sourcesContent":["import { doubleCsrf } from 'csrf-csrf';\nimport { Cookies, getCookieOptions } from './cookies';\n\nconst {\n  generateToken, // Use this in your routes to provide a CSRF hash + token cookie and token.\n  validateRequest, // Also a convenience if you plan on making your own middleware.\n  doubleCsrfProtection, // This is the default CSRF protection middleware.\n} = doubleCsrf({\n  getSecret: () => process.env.CSRF_SECRET!,\n  getTokenFromRequest: (req) => req.body.csrf_token,\n  cookieName: Cookies.XSRF_TOKEN,\n  cookieOptions: getCookieOptions(),\n});\n\nexport { generateToken, validateRequest, doubleCsrfProtection };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,uBAA2B;AAC3B,qBAA0C;AAE1C,MAAM;AAAA,EACJ;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF,QAAI,6BAAW;AAAA,EACb,WAAW,MAAM,QAAQ,IAAI;AAAA,EAC7B,qBAAqB,CAAC,QAAQ,IAAI,KAAK;AAAA,EACvC,YAAY,uBAAQ;AAAA,EACpB,mBAAe,iCAAiB;AAClC,CAAC;","names":[]}

package/dist/cjs/utils/accessControl.cjs

@@ -0,0 +1,121 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var accessControl_exports = {};
+__export(accessControl_exports, {
+  AccessRule: () => AccessRule,
+  accessControl: () => accessControl,
+  accessControlMiddleWare: () => accessControlMiddleWare
+});
+module.exports = __toCommonJS(accessControl_exports);
+var import_logger = require('./../logger/index.cjs');
+var import_httpStatusCodes = require('./httpStatusCodes.cjs');
+var AccessRule = /* @__PURE__ */ ((AccessRule2) => {
+  AccessRule2["none"] = "none";
+  AccessRule2["authenticated"] = "authenticated";
+  AccessRule2["admin"] = "admin";
+  AccessRule2["noneAuthenticated"] = "none-authenticated";
+  AccessRule2["hasOrganization"] = "has-organization";
+  AccessRule2["hasProject"] = "has-project";
+  AccessRule2["hasBearer"] = "has-bearer";
+  return AccessRule2;
+})(AccessRule || {});
+const accessControl = (res, accessRule) => {
+  const accessRuleArray = Array.isArray(accessRule) ? accessRule : [accessRule];
+  const localsAuthInformation = res.locals;
+  const { user, organization, project, authType } = localsAuthInformation;
+  if (accessRuleArray.includes("none" /* none */)) {
+    return {
+      success: true,
+      message: null,
+      data: { user, organization, project, authType }
+    };
+  }
+  let success = true;
+  const messages = [];
+  if (accessRuleArray.includes("authenticated" /* authenticated */)) {
+    if (!user) {
+      success = false;
+      messages.push("User is not authenticated");
+    }
+  }
+  if (accessRuleArray.includes("none-authenticated" /* noneAuthenticated */)) {
+    if (user) {
+      success = false;
+      messages.push("User is authenticated");
+    }
+  }
+  if (accessRuleArray.includes("has-organization" /* hasOrganization */)) {
+    if (!organization) {
+      success = false;
+      messages.push("Organization is not set");
+    }
+  }
+  if (accessRuleArray.includes("has-project" /* hasProject */)) {
+    if (!project) {
+      success = false;
+      messages.push("Project is not set");
+    }
+  }
+  const knownRules = Object.values(AccessRule);
+  const unknownRules = accessRuleArray.filter(
+    (rule) => !knownRules.includes(rule)
+  );
+  if (unknownRules.length > 0) {
+    success = false;
+    messages.push(`Unknown access rules: ${unknownRules.join(", ")}`);
+  }
+  return {
+    success,
+    message: messages.join(", "),
+    data: { user, organization, project, authType }
+  };
+};
+const accessControlMiddleWare = (...accessRules) => (_req, res, next) => {
+  let hasAccess = false;
+  for (const ruleGroup of accessRules) {
+    if (Array.isArray(ruleGroup)) {
+      const accessResults = ruleGroup.map(
+        (rule) => accessControl(res, rule).success
+      );
+      hasAccess = accessResults.every((result) => result);
+    } else {
+      const accessResult = accessControl(res, ruleGroup);
+      if (accessResult.success) {
+        hasAccess = true;
+      }
+    }
+    if (hasAccess) {
+      break;
+    }
+  }
+  if (!hasAccess) {
+    import_logger.logger.error("Access denied");
+    const errorStatusCode = import_httpStatusCodes.HttpStatusCodes.FORBIDDEN_403;
+    res.sendStatus(errorStatusCode);
+    return;
+  }
+  next();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AccessRule,
+  accessControl,
+  accessControlMiddleWare
+});
+//# sourceMappingURL=accessControl.cjs.map

package/dist/cjs/utils/accessControl.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/accessControl.ts"],"sourcesContent":["import { logger } from '@logger';\nimport { ResponseWithInformation } from '@middlewares/sessionAuth.middleware';\nimport type { NextFunction, Request } from 'express';\nimport { HttpStatusCodes } from './httpStatusCodes';\n\nexport enum AccessRule {\n  none = 'none',\n  authenticated = 'authenticated',\n  admin = 'admin',\n  noneAuthenticated = 'none-authenticated',\n  hasOrganization = 'has-organization',\n  hasProject = 'has-project',\n  hasBearer = 'has-bearer',\n}\n\nexport const accessControl = <R extends AccessRule | AccessRule[]>(\n  res: ResponseWithInformation,\n  accessRule: R\n) => {\n  const accessRuleArray: AccessRule[] = Array.isArray(accessRule)\n    ? accessRule\n    : [accessRule];\n\n  const localsAuthInformation = res.locals;\n  const { user, organization, project, authType } = localsAuthInformation;\n\n  // If 'none' access rule is present, immediately return success\n  if (accessRuleArray.includes(AccessRule.none)) {\n    return {\n      success: true,\n      message: null,\n      data: { user, organization, project, authType },\n    };\n  }\n\n  let success = true;\n  const messages: string[] = [];\n\n  // Check for 'authenticated' access rule\n  if (accessRuleArray.includes(AccessRule.authenticated)) {\n    if (!user) {\n      success = false;\n      messages.push('User is not authenticated');\n    }\n  }\n\n  // Check for 'admin' access rule\n  // if (accessRuleArray.includes(AccessRule.admin)) {\n  //   if (!user?.role.includes('admin')) {\n  //     success = false;\n  //     messages.push('User is not an admin');\n  //   }\n  // }\n\n  // Check for 'none-authenticated' access rule\n  if (accessRuleArray.includes(AccessRule.noneAuthenticated)) {\n    if (user) {\n      success = false;\n      messages.push('User is authenticated');\n    }\n  }\n\n  // Check for 'has-organization' access rule\n  if (accessRuleArray.includes(AccessRule.hasOrganization)) {\n    if (!organization) {\n      success = false;\n      messages.push('Organization is not set');\n    }\n  }\n\n  // Check for 'has-project' access rule\n  if (accessRuleArray.includes(AccessRule.hasProject)) {\n    if (!project) {\n      success = false;\n      messages.push('Project is not set');\n    }\n  }\n\n  // Handle unknown access rules\n  const knownRules = Object.values(AccessRule);\n  const unknownRules = accessRuleArray.filter(\n    (rule) => !knownRules.includes(rule)\n  );\n  if (unknownRules.length > 0) {\n    success = false;\n    messages.push(`Unknown access rules: ${unknownRules.join(', ')}`);\n  }\n\n  return {\n    success,\n    message: messages.join(', '),\n    data: { user, organization, project, authType },\n  };\n};\n\n/**\n * Middleware to control API access based on access rules.\n *\n * This middleware allows for multiple access rules to be passed, either as individual `AccessRule` or\n * an array of `AccessRule` groups. Access is granted if at least one of the following conditions is met:\n *\n * - The user satisfies all `AccessRule` within any group of rules passed as an array.\n * - The user satisfies any single `AccessRule` passed individually.\n *\n * Example usage:\n *\n * ```typescript\n * // Allow access if the user has both `hasProject` and `hasOrganization`, or if they have `admin` rights\n * app.use('/protected-route', apiAccessControlMiddleWare([AccessRule.hasProject, AccessRule.hasOrganization], AccessRule.admin));\n * ```\n *\n * In this example:\n * - The user will be granted access if they have both `hasProject` and `hasOrganization`.\n * - Alternatively, the user will also be granted access if they have `admin` privileges.\n *\n * @param {...(AccessRule | AccessRule[])[]} accessRules - One or more access rules or groups of access rules.\n * - Single `AccessRule`: The user must satisfy this rule for access to be granted.\n * - Array of `AccessRule`: The user must satisfy all rules in the array for access to be granted.\n * @returns {Function} Express middleware function that checks if the user has the required access.\n *\n * If the user does not meet any of the provided access rules, a 403 Forbidden status is returned.\n *\n * @example\n * // Example 1: Require admin privileges\n * app.use('/admin', apiAccessControlMiddleWare(AccessRule.admin));\n *\n * @example\n * // Example 2: Require both project and organization access, or admin privileges\n * app.use('/dashboard', apiAccessControlMiddleWare([AccessRule.hasProject, AccessRule.hasOrganization], AccessRule.admin));\n */\nexport const accessControlMiddleWare =\n  (...accessRules: (AccessRule | AccessRule[])[]) =>\n  (\n    _req: Request<unknown>,\n    res: ResponseWithInformation,\n    next: NextFunction\n  ): void => {\n    let hasAccess = false;\n\n    // Iterate over each access rule group (either single AccessRule or an array of AccessRules)\n    for (const ruleGroup of accessRules) {\n      if (Array.isArray(ruleGroup)) {\n        // If ruleGroup is an array, check if all rules in the group are satisfied\n        const accessResults = ruleGroup.map(\n          (rule) => accessControl(res, rule).success\n        );\n        hasAccess = accessResults.every((result) => result); // All rules must be satisfied in this case\n      } else {\n        // Single rule: just check this one\n        const accessResult = accessControl(res, ruleGroup);\n        if (accessResult.success) {\n          hasAccess = true;\n        }\n      }\n\n      // If access is granted at any point, stop further checks\n      if (hasAccess) {\n        break;\n      }\n    }\n\n    // If no access rule group was satisfied, deny access\n    if (!hasAccess) {\n      logger.error('Access denied');\n\n      const errorStatusCode = HttpStatusCodes.FORBIDDEN_403;\n      res.sendStatus(errorStatusCode);\n      return;\n    }\n\n    next();\n  };\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,oBAAuB;AAGvB,6BAAgC;AAEzB,IAAK,aAAL,kBAAKA,gBAAL;AACL,EAAAA,YAAA,UAAO;AACP,EAAAA,YAAA,mBAAgB;AAChB,EAAAA,YAAA,WAAQ;AACR,EAAAA,YAAA,uBAAoB;AACpB,EAAAA,YAAA,qBAAkB;AAClB,EAAAA,YAAA,gBAAa;AACb,EAAAA,YAAA,eAAY;AAPF,SAAAA;AAAA,GAAA;AAUL,MAAM,gBAAgB,CAC3B,KACA,eACG;AACH,QAAM,kBAAgC,MAAM,QAAQ,UAAU,IAC1D,aACA,CAAC,UAAU;AAEf,QAAM,wBAAwB,IAAI;AAClC,QAAM,EAAE,MAAM,cAAc,SAAS,SAAS,IAAI;AAGlD,MAAI,gBAAgB,SAAS,iBAAe,GAAG;AAC7C,WAAO;AAAA,MACL,SAAS;AAAA,MACT,SAAS;AAAA,MACT,MAAM,EAAE,MAAM,cAAc,SAAS,SAAS;AAAA,IAChD;AAAA,EACF;AAEA,MAAI,UAAU;AACd,QAAM,WAAqB,CAAC;AAG5B,MAAI,gBAAgB,SAAS,mCAAwB,GAAG;AACtD,QAAI,CAAC,MAAM;AACT,gBAAU;AACV,eAAS,KAAK,2BAA2B;AAAA,IAC3C;AAAA,EACF;AAWA,MAAI,gBAAgB,SAAS,4CAA4B,GAAG;AAC1D,QAAI,MAAM;AACR,gBAAU;AACV,eAAS,KAAK,uBAAuB;AAAA,IACvC;AAAA,EACF;AAGA,MAAI,gBAAgB,SAAS,wCAA0B,GAAG;AACxD,QAAI,CAAC,cAAc;AACjB,gBAAU;AACV,eAAS,KAAK,yBAAyB;AAAA,IACzC;AAAA,EACF;AAGA,MAAI,gBAAgB,SAAS,8BAAqB,GAAG;AACnD,QAAI,CAAC,SAAS;AACZ,gBAAU;AACV,eAAS,KAAK,oBAAoB;AAAA,IACpC;AAAA,EACF;AAGA,QAAM,aAAa,OAAO,OAAO,UAAU;AAC3C,QAAM,eAAe,gBAAgB;AAAA,IACnC,CAAC,SAAS,CAAC,WAAW,SAAS,IAAI;AAAA,EACrC;AACA,MAAI,aAAa,SAAS,GAAG;AAC3B,cAAU;AACV,aAAS,KAAK,yBAAyB,aAAa,KAAK,IAAI,CAAC,EAAE;AAAA,EAClE;AAEA,SAAO;AAAA,IACL;AAAA,IACA,SAAS,SAAS,KAAK,IAAI;AAAA,IAC3B,MAAM,EAAE,MAAM,cAAc,SAAS,SAAS;AAAA,EAChD;AACF;AAqCO,MAAM,0BACX,IAAI,gBACJ,CACE,MACA,KACA,SACS;AACT,MAAI,YAAY;AAGhB,aAAW,aAAa,aAAa;AACnC,QAAI,MAAM,QAAQ,SAAS,GAAG;AAE5B,YAAM,gBAAgB,UAAU;AAAA,QAC9B,CAAC,SAAS,cAAc,KAAK,IAAI,EAAE;AAAA,MACrC;AACA,kBAAY,cAAc,MAAM,CAAC,WAAW,MAAM;AAAA,IACpD,OAAO;AAEL,YAAM,eAAe,cAAc,KAAK,SAAS;AACjD,UAAI,aAAa,SAAS;AACxB,oBAAY;AAAA,MACd;AAAA,IACF;AAGA,QAAI,WAAW;AACb;AAAA,IACF;AAAA,EACF;AAGA,MAAI,CAAC,WAAW;AACd,yBAAO,MAAM,eAAe;AAE5B,UAAM,kBAAkB,uCAAgB;AACxC,QAAI,WAAW,eAAe;AAC9B;AAAA,EACF;AAEA,OAAK;AACP;","names":["AccessRule"]}

package/dist/cjs/utils/cookies.cjs

@@ -0,0 +1,59 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var cookies_exports = {};
+__export(cookies_exports, {
+  Cookies: () => Cookies,
+  MAX_AGE: () => MAX_AGE,
+  getClearCookieOptions: () => getClearCookieOptions,
+  getCookieOptions: () => getCookieOptions
+});
+module.exports = __toCommonJS(cookies_exports);
+const MAX_AGE = 3 * 24 * 60 * 60 * 1e3;
+var Cookies = /* @__PURE__ */ ((Cookies2) => {
+  Cookies2["JWT_AUTH"] = "intlayer_auth";
+  Cookies2["JWT_USER"] = "intlayer_user";
+  Cookies2["JWT_ORGANIZATION"] = "intlayer_organization";
+  Cookies2["JWT_PROJECT"] = "intlayer_project";
+  Cookies2["XSRF_TOKEN"] = "XSRF-TOKEN";
+  return Cookies2;
+})(Cookies || {});
+const getCookieOptions = (overwriteOption = {}) => ({
+  maxAge: MAX_AGE,
+  path: "/",
+  domain: process.env.DOMAIN,
+  httpOnly: true,
+  secure: process.env.NODE_ENV === "production",
+  // Enable for HTTPS in production
+  sameSite: "strict",
+  priority: "high",
+  ...overwriteOption
+});
+const getClearCookieOptions = (overwriteOption = {}) => ({
+  ...getCookieOptions(),
+  maxAge: 1,
+  ...overwriteOption
+});
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Cookies,
+  MAX_AGE,
+  getClearCookieOptions,
+  getCookieOptions
+});
+//# sourceMappingURL=cookies.cjs.map

package/dist/cjs/utils/cookies.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/utils/cookies.ts"],"sourcesContent":["import type { CookieOptions } from 'express';\n\nexport const MAX_AGE = 3 * 24 * 60 * 60 * 1000; // 3 days\n\nexport enum Cookies {\n  JWT_AUTH = 'intlayer_auth',\n  JWT_USER = 'intlayer_user',\n  JWT_ORGANIZATION = 'intlayer_organization',\n  JWT_PROJECT = 'intlayer_project',\n  XSRF_TOKEN = 'XSRF-TOKEN',\n}\n\nexport const getCookieOptions = (\n  overwriteOption: Partial<CookieOptions> = {}\n): CookieOptions => ({\n  maxAge: MAX_AGE,\n  path: '/',\n  domain: process.env.DOMAIN,\n  httpOnly: true,\n  secure: process.env.NODE_ENV === 'production', // Enable for HTTPS in production\n  sameSite: 'strict',\n  priority: 'high',\n  ...overwriteOption,\n});\n\nexport const getClearCookieOptions = (\n  overwriteOption: Partial<CookieOptions> = {}\n): CookieOptions => ({\n  ...getCookieOptions(),\n  maxAge: 1,\n  ...overwriteOption,\n});\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAEO,MAAM,UAAU,IAAI,KAAK,KAAK,KAAK;AAEnC,IAAK,UAAL,kBAAKA,aAAL;AACL,EAAAA,SAAA,cAAW;AACX,EAAAA,SAAA,cAAW;AACX,EAAAA,SAAA,sBAAmB;AACnB,EAAAA,SAAA,iBAAc;AACd,EAAAA,SAAA,gBAAa;AALH,SAAAA;AAAA,GAAA;AAQL,MAAM,mBAAmB,CAC9B,kBAA0C,CAAC,OACxB;AAAA,EACnB,QAAQ;AAAA,EACR,MAAM;AAAA,EACN,QAAQ,QAAQ,IAAI;AAAA,EACpB,UAAU;AAAA,EACV,QAAQ,QAAQ,IAAI,aAAa;AAAA;AAAA,EACjC,UAAU;AAAA,EACV,UAAU;AAAA,EACV,GAAG;AACL;AAEO,MAAM,wBAAwB,CACnC,kBAA0C,CAAC,OACxB;AAAA,EACnB,GAAG,iBAAiB;AAAA,EACpB,QAAQ;AAAA,EACR,GAAG;AACL;","names":["Cookies"]}