npm - @intlayer/backend - Versions diffs - 7.5.10 → 7.5.11 - Mend

@intlayer/backend 7.5.10 → 7.5.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (109) hide show

package/dist/esm/services/gitlab.service.mjs ADDED Viewed

@@ -0,0 +1,217 @@
+import { logger } from "../logger/index.mjs";
+import { getDBClient } from "../utils/mongoDB/connectDB.mjs";
+import { configurationFilesCandidates } from "@intlayer/config";
+import { ObjectId } from "mongodb";
+//#region src/services/gitlab.service.ts
+const GITLAB_DEFAULT_URL = "https://gitlab.com";
+/**
+* Get GitLab authorization URL for OAuth flow
+*/
+const getAuthorizationUrl = (redirectUri, instanceUrl, login) => {
+	const clientId = process.env.GITLAB_CLIENT_ID;
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	if (!clientId) throw new Error("GitLab Client ID is not configured");
+	const params = new URLSearchParams({
+		client_id: clientId,
+		redirect_uri: redirectUri,
+		response_type: "code",
+		scope: "api read_repository",
+		state: "gitlab_oauth"
+	});
+	if (login) params.append("login_hint", login);
+	return `${baseUrl}/oauth/authorize?${params.toString()}`;
+};
+/**
+* Exchange GitLab authorization code for access token
+*/
+const exchangeCodeForToken = async (code, redirectUri, instanceUrl) => {
+	const clientId = process.env.GITLAB_CLIENT_ID;
+	const clientSecret = process.env.GITLAB_CLIENT_SECRET;
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	if (!clientId || !clientSecret) throw new Error("GitLab OAuth credentials are not configured");
+	try {
+		const response = await fetch(`${baseUrl}/oauth/token`, {
+			method: "POST",
+			headers: {
+				"Content-Type": "application/json",
+				Accept: "application/json"
+			},
+			body: JSON.stringify({
+				client_id: clientId,
+				client_secret: clientSecret,
+				code,
+				grant_type: "authorization_code",
+				redirect_uri: redirectUri
+			})
+		});
+		if (!response.ok) throw new Error(`GitLab token exchange failed: ${response.statusText}`);
+		const data = await response.json();
+		if (data.error) throw new Error(`GitLab token error: ${data.error_description}`);
+		return data.access_token;
+	} catch (error) {
+		logger.error("Error exchanging GitLab code for token:", error);
+		throw error;
+	}
+};
+/**
+* Get user's GitLab projects/repositories
+*/
+const getUserProjects = async (accessToken, instanceUrl) => {
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	try {
+		const response = await fetch(`${baseUrl}/api/v4/projects?membership=true&order_by=last_activity_at&per_page=100`, { headers: {
+			Authorization: `Bearer ${accessToken}`,
+			Accept: "application/json"
+		} });
+		if (!response.ok) throw new Error(`Failed to fetch GitLab projects: ${response.statusText}`);
+		return await response.json();
+	} catch (error) {
+		logger.error("Error fetching GitLab projects:", error);
+		throw error;
+	}
+};
+/**
+* Check if valid intlayer configuration files exist in a GitLab repository (Recursively).
+* Returns an array of file paths found.
+*/
+const checkIntlayerConfig = async (accessToken, projectId, branch = "main", instanceUrl) => {
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	try {
+		const response = await fetch(`${baseUrl}/api/v4/projects/${projectId}/repository/tree?ref=${encodeURIComponent(branch)}&recursive=true&per_page=10000`, { headers: {
+			Authorization: `Bearer ${accessToken}`,
+			Accept: "application/json"
+		} });
+		if (!response.ok) {
+			if (response.status === 404) return [];
+			throw new Error(`Failed to fetch repository tree: ${response.statusText}`);
+		}
+		return (await response.json()).filter((item) => {
+			if (item.type !== "blob") return false;
+			return configurationFilesCandidates.some((candidate) => item.path.endsWith(candidate));
+		}).map((item) => item.path);
+	} catch (error) {
+		if (error.status === 404) return [];
+		logger.error("Error checking intlayer configuration on GitLab:", error);
+		return [];
+	}
+};
+/**
+* Get repository file contents from GitLab and decode it
+*/
+const getRepositoryFileContents = async (accessToken, projectId, path, branch = "main", instanceUrl) => {
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	try {
+		const encodedPath = encodeURIComponent(path);
+		const response = await fetch(`${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}/raw?ref=${encodeURIComponent(branch)}`, { headers: {
+			Authorization: `Bearer ${accessToken}`,
+			Accept: "application/json"
+		} });
+		if (!response.ok) {
+			if (response.status === 404) return null;
+			throw new Error(`Failed to fetch file contents: ${response.statusText}`);
+		}
+		return await response.text();
+	} catch (error) {
+		if (error.status === 404) return null;
+		logger.error("Error fetching GitLab file contents:", error);
+		throw error;
+	}
+};
+/**
+* Get GitLab access token from user's linked account
+*/
+const getGitLabTokenFromUser = async (userId) => {
+	try {
+		const db = getDBClient().db();
+		let account = await db.collection("account").findOne({
+			userId,
+			providerId: "gitlab"
+		});
+		if (!account && ObjectId.isValid(userId)) account = await db.collection("account").findOne({
+			userId: new ObjectId(userId),
+			providerId: "gitlab"
+		});
+		if (!account) account = await db.collection("accounts").findOne({
+			userId,
+			providerId: "gitlab"
+		});
+		if (!account && ObjectId.isValid(userId)) account = await db.collection("accounts").findOne({
+			userId: new ObjectId(userId),
+			providerId: "gitlab"
+		});
+		if (!account) return null;
+		return account.accessToken || account.access_token || null;
+	} catch (error) {
+		logger.error("Error retrieving GitLab token from DB:", error);
+		return null;
+	}
+};
+/**
+* Check if a GitLab CI pipeline file exists
+*/
+const checkPipelineFileExists = async (accessToken, projectId, filename = ".gitlab-ci.yml", branch = "main", instanceUrl) => {
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	try {
+		const encodedPath = encodeURIComponent(filename);
+		const response = await fetch(`${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}?ref=${encodeURIComponent(branch)}`, { headers: {
+			Authorization: `Bearer ${accessToken}`,
+			Accept: "application/json"
+		} });
+		if (response.status === 404) return false;
+		if (!response.ok) throw new Error(`Failed to check file existence: ${response.statusText}`);
+		return true;
+	} catch (error) {
+		if (error.status === 404) return false;
+		logger.error("Error checking pipeline file existence:", error);
+		throw error;
+	}
+};
+/**
+* Create or update a GitLab CI pipeline file
+*/
+const createPipelineFile = async (accessToken, projectId, filename = ".gitlab-ci.yml", content, branch = "main", instanceUrl, message = "Add Intlayer CI pipeline") => {
+	const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;
+	try {
+		const encodedPath = encodeURIComponent(filename);
+		const encodedContent = Buffer.from(content, "utf-8").toString("base64");
+		let existingContentSha;
+		try {
+			const checkResponse = await fetch(`${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}?ref=${encodeURIComponent(branch)}`, { headers: {
+				Authorization: `Bearer ${accessToken}`,
+				Accept: "application/json"
+			} });
+			if (checkResponse.ok) existingContentSha = (await checkResponse.json()).content_sha256;
+		} catch (error) {
+			if (error.status !== 404) throw error;
+		}
+		const body = {
+			branch,
+			content: encodedContent,
+			commit_message: message,
+			encoding: "base64"
+		};
+		if (existingContentSha) body.last_commit_id = existingContentSha;
+		const response = await fetch(`${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}`, {
+			method: "PUT",
+			headers: {
+				Authorization: `Bearer ${accessToken}`,
+				"Content-Type": "application/json",
+				Accept: "application/json"
+			},
+			body: JSON.stringify(body)
+		});
+		if (!response.ok) {
+			const errorText = await response.text();
+			throw new Error(`Failed to create/update pipeline file: ${errorText}`);
+		}
+		logger.info(`Successfully ${existingContentSha ? "updated" : "created"} pipeline file ${filename} for project ${projectId}`);
+	} catch (error) {
+		logger.error("Error creating/updating pipeline file:", error);
+		throw error;
+	}
+};
+//#endregion
+export { checkIntlayerConfig, checkPipelineFileExists, createPipelineFile, exchangeCodeForToken, getAuthorizationUrl, getGitLabTokenFromUser, getRepositoryFileContents, getUserProjects };
+//# sourceMappingURL=gitlab.service.mjs.map

package/dist/esm/services/gitlab.service.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"gitlab.service.mjs","names":["error: any","existingContentSha: string | undefined","body: any"],"sources":["../../../src/services/gitlab.service.ts"],"sourcesContent":["import { configurationFilesCandidates } from '@intlayer/config';\nimport { logger } from '@logger';\nimport { getDBClient } from '@utils/mongoDB/connectDB';\nimport { ObjectId } from 'mongodb';\n\nconst GITLAB_DEFAULT_URL = 'https://gitlab.com';\n\nexport type GitLabProject = {\n id: number;\n name: string;\n path_with_namespace: string;\n web_url: string;\n default_branch: string;\n visibility: string;\n last_activity_at: string;\n namespace: {\n id: number;\n name: string;\n path: string;\n };\n};\n\nexport type GitLabTreeItem = {\n id: string;\n name: string;\n type: 'tree' | 'blob';\n path: string;\n mode: string;\n};\n\n/**\n * Get GitLab authorization URL for OAuth flow\n */\nexport const getAuthorizationUrl = (\n redirectUri: string,\n instanceUrl?: string,\n login?: string\n): string => {\n const clientId = process.env.GITLAB_CLIENT_ID;\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n if (!clientId) {\n throw new Error('GitLab Client ID is not configured');\n }\n\n const params = new URLSearchParams({\n client_id: clientId,\n redirect_uri: redirectUri,\n response_type: 'code',\n scope: 'api read_repository',\n state: 'gitlab_oauth',\n });\n\n if (login) {\n params.append('login_hint', login);\n }\n\n return `${baseUrl}/oauth/authorize?${params.toString()}`;\n};\n\n/**\n * Exchange GitLab authorization code for access token\n */\nexport const exchangeCodeForToken = async (\n code: string,\n redirectUri: string,\n instanceUrl?: string\n): Promise<string> => {\n const clientId = process.env.GITLAB_CLIENT_ID;\n const clientSecret = process.env.GITLAB_CLIENT_SECRET;\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n if (!clientId || !clientSecret) {\n throw new Error('GitLab OAuth credentials are not configured');\n }\n\n try {\n const response = await fetch(`${baseUrl}/oauth/token`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n Accept: 'application/json',\n },\n body: JSON.stringify({\n client_id: clientId,\n client_secret: clientSecret,\n code,\n grant_type: 'authorization_code',\n redirect_uri: redirectUri,\n }),\n });\n\n if (!response.ok) {\n throw new Error(`GitLab token exchange failed: ${response.statusText}`);\n }\n\n const data = await response.json();\n\n if (data.error) {\n throw new Error(`GitLab token error: ${data.error_description}`);\n }\n\n return data.access_token;\n } catch (error) {\n logger.error('Error exchanging GitLab code for token:', error);\n throw error;\n }\n};\n\n/**\n * Get user's GitLab projects/repositories\n */\nexport const getUserProjects = async (\n accessToken: string,\n instanceUrl?: string\n): Promise<GitLabProject[]> => {\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n try {\n const response = await fetch(\n `${baseUrl}/api/v4/projects?membership=true&order_by=last_activity_at&per_page=100`,\n {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: 'application/json',\n },\n }\n );\n\n if (!response.ok) {\n throw new Error(\n `Failed to fetch GitLab projects: ${response.statusText}`\n );\n }\n\n const projects: GitLabProject[] = await response.json();\n return projects;\n } catch (error) {\n logger.error('Error fetching GitLab projects:', error);\n throw error;\n }\n};\n\n/**\n * Check if valid intlayer configuration files exist in a GitLab repository (Recursively).\n * Returns an array of file paths found.\n */\nexport const checkIntlayerConfig = async (\n accessToken: string,\n projectId: number,\n branch: string = 'main',\n instanceUrl?: string\n): Promise<string[]> => {\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n try {\n // Use GitLab's repository tree API with recursive option\n const response = await fetch(\n `${baseUrl}/api/v4/projects/${projectId}/repository/tree?ref=${encodeURIComponent(branch)}&recursive=true&per_page=10000`,\n {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: 'application/json',\n },\n }\n );\n\n if (!response.ok) {\n if (response.status === 404) return [];\n throw new Error(\n `Failed to fetch repository tree: ${response.statusText}`\n );\n }\n\n const tree: GitLabTreeItem[] = await response.json();\n\n // Filter files that match the configuration candidates\n const foundFiles = tree\n .filter((item) => {\n if (item.type !== 'blob') return false;\n return (configurationFilesCandidates as readonly string[]).some(\n (candidate) => item.path.endsWith(candidate)\n );\n })\n .map((item) => item.path);\n\n return foundFiles;\n } catch (error: any) {\n if (error.status === 404) return [];\n logger.error('Error checking intlayer configuration on GitLab:', error);\n return [];\n }\n};\n\n/**\n * Get repository file contents from GitLab and decode it\n */\nexport const getRepositoryFileContents = async (\n accessToken: string,\n projectId: number,\n path: string,\n branch: string = 'main',\n instanceUrl?: string\n): Promise<string | null> => {\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n try {\n const encodedPath = encodeURIComponent(path);\n const response = await fetch(\n `${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}/raw?ref=${encodeURIComponent(branch)}`,\n {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: 'application/json',\n },\n }\n );\n\n if (!response.ok) {\n if (response.status === 404) return null;\n throw new Error(`Failed to fetch file contents: ${response.statusText}`);\n }\n\n const content = await response.text();\n return content;\n } catch (error: any) {\n if (error.status === 404) return null;\n logger.error('Error fetching GitLab file contents:', error);\n throw error;\n }\n};\n\n/**\n * Get GitLab access token from user's linked account\n */\nexport const getGitLabTokenFromUser = async (\n userId: string\n): Promise<string | null> => {\n try {\n const client = getDBClient();\n const db = client.db();\n\n let account = await db.collection('account').findOne({\n userId: userId,\n providerId: 'gitlab',\n });\n\n if (!account && ObjectId.isValid(userId)) {\n account = await db.collection('account').findOne({\n userId: new ObjectId(userId),\n providerId: 'gitlab',\n });\n }\n\n if (!account) {\n account = await db.collection('accounts').findOne({\n userId: userId,\n providerId: 'gitlab',\n });\n }\n\n if (!account && ObjectId.isValid(userId)) {\n account = await db.collection('accounts').findOne({\n userId: new ObjectId(userId),\n providerId: 'gitlab',\n });\n }\n\n if (!account) {\n return null;\n }\n\n const accessToken = account.accessToken || account.access_token;\n\n return accessToken || null;\n } catch (error) {\n logger.error('Error retrieving GitLab token from DB:', error);\n return null;\n }\n};\n\n/**\n * Check if a GitLab CI pipeline file exists\n */\nexport const checkPipelineFileExists = async (\n accessToken: string,\n projectId: number,\n filename: string = '.gitlab-ci.yml',\n branch: string = 'main',\n instanceUrl?: string\n): Promise<boolean> => {\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n try {\n const encodedPath = encodeURIComponent(filename);\n const response = await fetch(\n `${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}?ref=${encodeURIComponent(branch)}`,\n {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: 'application/json',\n },\n }\n );\n\n if (response.status === 404) return false;\n if (!response.ok) {\n throw new Error(`Failed to check file existence: ${response.statusText}`);\n }\n\n return true;\n } catch (error: any) {\n if (error.status === 404) return false;\n logger.error('Error checking pipeline file existence:', error);\n throw error;\n }\n};\n\n/**\n * Create or update a GitLab CI pipeline file\n */\nexport const createPipelineFile = async (\n accessToken: string,\n projectId: number,\n filename: string = '.gitlab-ci.yml',\n content: string,\n branch: string = 'main',\n instanceUrl?: string,\n message: string = 'Add Intlayer CI pipeline'\n): Promise<void> => {\n const baseUrl = instanceUrl || GITLAB_DEFAULT_URL;\n\n try {\n const encodedPath = encodeURIComponent(filename);\n const encodedContent = Buffer.from(content, 'utf-8').toString('base64');\n\n // Check if file exists to get content_sha256 for update\n let existingContentSha: string | undefined;\n try {\n const checkResponse = await fetch(\n `${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}?ref=${encodeURIComponent(branch)}`,\n {\n headers: {\n Authorization: `Bearer ${accessToken}`,\n Accept: 'application/json',\n },\n }\n );\n\n if (checkResponse.ok) {\n const fileData = await checkResponse.json();\n existingContentSha = fileData.content_sha256;\n }\n } catch (error: any) {\n if (error.status !== 404) {\n throw error;\n }\n // File doesn't exist, will create new one\n }\n\n const body: any = {\n branch,\n content: encodedContent,\n commit_message: message,\n encoding: 'base64',\n };\n\n if (existingContentSha) {\n body.last_commit_id = existingContentSha;\n }\n\n const response = await fetch(\n `${baseUrl}/api/v4/projects/${projectId}/repository/files/${encodedPath}`,\n {\n method: 'PUT',\n headers: {\n Authorization: `Bearer ${accessToken}`,\n 'Content-Type': 'application/json',\n Accept: 'application/json',\n },\n body: JSON.stringify(body),\n }\n );\n\n if (!response.ok) {\n const errorText = await response.text();\n throw new Error(`Failed to create/update pipeline file: ${errorText}`);\n }\n\n logger.info(\n `Successfully ${existingContentSha ? 'updated' : 'created'} pipeline file ${filename} for project ${projectId}`\n );\n } catch (error) {\n logger.error('Error creating/updating pipeline file:', error);\n throw error;\n }\n};\n"],"mappings":";;;;;;AAKA,MAAM,qBAAqB;;;;AA4B3B,MAAa,uBACX,aACA,aACA,UACW;CACX,MAAM,WAAW,QAAQ,IAAI;CAC7B,MAAM,UAAU,eAAe;AAE/B,KAAI,CAAC,SACH,OAAM,IAAI,MAAM,qCAAqC;CAGvD,MAAM,SAAS,IAAI,gBAAgB;EACjC,WAAW;EACX,cAAc;EACd,eAAe;EACf,OAAO;EACP,OAAO;EACR,CAAC;AAEF,KAAI,MACF,QAAO,OAAO,cAAc,MAAM;AAGpC,QAAO,GAAG,QAAQ,mBAAmB,OAAO,UAAU;;;;;AAMxD,MAAa,uBAAuB,OAClC,MACA,aACA,gBACoB;CACpB,MAAM,WAAW,QAAQ,IAAI;CAC7B,MAAM,eAAe,QAAQ,IAAI;CACjC,MAAM,UAAU,eAAe;AAE/B,KAAI,CAAC,YAAY,CAAC,aAChB,OAAM,IAAI,MAAM,8CAA8C;AAGhE,KAAI;EACF,MAAM,WAAW,MAAM,MAAM,GAAG,QAAQ,eAAe;GACrD,QAAQ;GACR,SAAS;IACP,gBAAgB;IAChB,QAAQ;IACT;GACD,MAAM,KAAK,UAAU;IACnB,WAAW;IACX,eAAe;IACf;IACA,YAAY;IACZ,cAAc;IACf,CAAC;GACH,CAAC;AAEF,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,iCAAiC,SAAS,aAAa;EAGzE,MAAM,OAAO,MAAM,SAAS,MAAM;AAElC,MAAI,KAAK,MACP,OAAM,IAAI,MAAM,uBAAuB,KAAK,oBAAoB;AAGlE,SAAO,KAAK;UACL,OAAO;AACd,SAAO,MAAM,2CAA2C,MAAM;AAC9D,QAAM;;;;;;AAOV,MAAa,kBAAkB,OAC7B,aACA,gBAC6B;CAC7B,MAAM,UAAU,eAAe;AAE/B,KAAI;EACF,MAAM,WAAW,MAAM,MACrB,GAAG,QAAQ,0EACX,EACE,SAAS;GACP,eAAe,UAAU;GACzB,QAAQ;GACT,EACF,CACF;AAED,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MACR,oCAAoC,SAAS,aAC9C;AAIH,SADkC,MAAM,SAAS,MAAM;UAEhD,OAAO;AACd,SAAO,MAAM,mCAAmC,MAAM;AACtD,QAAM;;;;;;;AAQV,MAAa,sBAAsB,OACjC,aACA,WACA,SAAiB,QACjB,gBACsB;CACtB,MAAM,UAAU,eAAe;AAE/B,KAAI;EAEF,MAAM,WAAW,MAAM,MACrB,GAAG,QAAQ,mBAAmB,UAAU,uBAAuB,mBAAmB,OAAO,CAAC,iCAC1F,EACE,SAAS;GACP,eAAe,UAAU;GACzB,QAAQ;GACT,EACF,CACF;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,OAAI,SAAS,WAAW,IAAK,QAAO,EAAE;AACtC,SAAM,IAAI,MACR,oCAAoC,SAAS,aAC9C;;AAeH,UAZ+B,MAAM,SAAS,MAAM,EAIjD,QAAQ,SAAS;AAChB,OAAI,KAAK,SAAS,OAAQ,QAAO;AACjC,UAAQ,6BAAmD,MACxD,cAAc,KAAK,KAAK,SAAS,UAAU,CAC7C;IACD,CACD,KAAK,SAAS,KAAK,KAAK;UAGpBA,OAAY;AACnB,MAAI,MAAM,WAAW,IAAK,QAAO,EAAE;AACnC,SAAO,MAAM,oDAAoD,MAAM;AACvE,SAAO,EAAE;;;;;;AAOb,MAAa,4BAA4B,OACvC,aACA,WACA,MACA,SAAiB,QACjB,gBAC2B;CAC3B,MAAM,UAAU,eAAe;AAE/B,KAAI;EACF,MAAM,cAAc,mBAAmB,KAAK;EAC5C,MAAM,WAAW,MAAM,MACrB,GAAG,QAAQ,mBAAmB,UAAU,oBAAoB,YAAY,WAAW,mBAAmB,OAAO,IAC7G,EACE,SAAS;GACP,eAAe,UAAU;GACzB,QAAQ;GACT,EACF,CACF;AAED,MAAI,CAAC,SAAS,IAAI;AAChB,OAAI,SAAS,WAAW,IAAK,QAAO;AACpC,SAAM,IAAI,MAAM,kCAAkC,SAAS,aAAa;;AAI1E,SADgB,MAAM,SAAS,MAAM;UAE9BA,OAAY;AACnB,MAAI,MAAM,WAAW,IAAK,QAAO;AACjC,SAAO,MAAM,wCAAwC,MAAM;AAC3D,QAAM;;;;;;AAOV,MAAa,yBAAyB,OACpC,WAC2B;AAC3B,KAAI;EAEF,MAAM,KADS,aAAa,CACV,IAAI;EAEtB,IAAI,UAAU,MAAM,GAAG,WAAW,UAAU,CAAC,QAAQ;GAC3C;GACR,YAAY;GACb,CAAC;AAEF,MAAI,CAAC,WAAW,SAAS,QAAQ,OAAO,CACtC,WAAU,MAAM,GAAG,WAAW,UAAU,CAAC,QAAQ;GAC/C,QAAQ,IAAI,SAAS,OAAO;GAC5B,YAAY;GACb,CAAC;AAGJ,MAAI,CAAC,QACH,WAAU,MAAM,GAAG,WAAW,WAAW,CAAC,QAAQ;GACxC;GACR,YAAY;GACb,CAAC;AAGJ,MAAI,CAAC,WAAW,SAAS,QAAQ,OAAO,CACtC,WAAU,MAAM,GAAG,WAAW,WAAW,CAAC,QAAQ;GAChD,QAAQ,IAAI,SAAS,OAAO;GAC5B,YAAY;GACb,CAAC;AAGJ,MAAI,CAAC,QACH,QAAO;AAKT,SAFoB,QAAQ,eAAe,QAAQ,gBAE7B;UACf,OAAO;AACd,SAAO,MAAM,0CAA0C,MAAM;AAC7D,SAAO;;;;;;AAOX,MAAa,0BAA0B,OACrC,aACA,WACA,WAAmB,kBACnB,SAAiB,QACjB,gBACqB;CACrB,MAAM,UAAU,eAAe;AAE/B,KAAI;EACF,MAAM,cAAc,mBAAmB,SAAS;EAChD,MAAM,WAAW,MAAM,MACrB,GAAG,QAAQ,mBAAmB,UAAU,oBAAoB,YAAY,OAAO,mBAAmB,OAAO,IACzG,EACE,SAAS;GACP,eAAe,UAAU;GACzB,QAAQ;GACT,EACF,CACF;AAED,MAAI,SAAS,WAAW,IAAK,QAAO;AACpC,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,mCAAmC,SAAS,aAAa;AAG3E,SAAO;UACAA,OAAY;AACnB,MAAI,MAAM,WAAW,IAAK,QAAO;AACjC,SAAO,MAAM,2CAA2C,MAAM;AAC9D,QAAM;;;;;;AAOV,MAAa,qBAAqB,OAChC,aACA,WACA,WAAmB,kBACnB,SACA,SAAiB,QACjB,aACA,UAAkB,+BACA;CAClB,MAAM,UAAU,eAAe;AAE/B,KAAI;EACF,MAAM,cAAc,mBAAmB,SAAS;EAChD,MAAM,iBAAiB,OAAO,KAAK,SAAS,QAAQ,CAAC,SAAS,SAAS;EAGvE,IAAIC;AACJ,MAAI;GACF,MAAM,gBAAgB,MAAM,MAC1B,GAAG,QAAQ,mBAAmB,UAAU,oBAAoB,YAAY,OAAO,mBAAmB,OAAO,IACzG,EACE,SAAS;IACP,eAAe,UAAU;IACzB,QAAQ;IACT,EACF,CACF;AAED,OAAI,cAAc,GAEhB,uBADiB,MAAM,cAAc,MAAM,EACb;WAEzBD,OAAY;AACnB,OAAI,MAAM,WAAW,IACnB,OAAM;;EAKV,MAAME,OAAY;GAChB;GACA,SAAS;GACT,gBAAgB;GAChB,UAAU;GACX;AAED,MAAI,mBACF,MAAK,iBAAiB;EAGxB,MAAM,WAAW,MAAM,MACrB,GAAG,QAAQ,mBAAmB,UAAU,oBAAoB,eAC5D;GACE,QAAQ;GACR,SAAS;IACP,eAAe,UAAU;IACzB,gBAAgB;IAChB,QAAQ;IACT;GACD,MAAM,KAAK,UAAU,KAAK;GAC3B,CACF;AAED,MAAI,CAAC,SAAS,IAAI;GAChB,MAAM,YAAY,MAAM,SAAS,MAAM;AACvC,SAAM,IAAI,MAAM,0CAA0C,YAAY;;AAGxE,SAAO,KACL,gBAAgB,qBAAqB,YAAY,UAAU,iBAAiB,SAAS,eAAe,YACrG;UACM,OAAO;AACd,SAAO,MAAM,0CAA0C,MAAM;AAC7D,QAAM"}

package/dist/esm/services/webhook.service.mjs ADDED Viewed

@@ -0,0 +1,164 @@
+import { logger } from "../logger/index.mjs";
+import { createHmac } from "node:crypto";
+import { Octokit } from "@octokit/rest";
+//#region src/services/webhook.service.ts
+/**
+* Main entry point to trigger all configured CI pipelines for a project
+*/
+const triggerAll = async (project) => {
+	const results = [];
+	if (project.repository && project.webhooks?.autoTriggerBuilds) try {
+		await triggerGitPipeline(project);
+		results.push({
+			target: project.repository.provider,
+			success: true
+		});
+	} catch (error) {
+		logger.error(`Failed to trigger ${project.repository.provider}`, error);
+		results.push({
+			target: project.repository.provider,
+			success: false,
+			message: error.message || String(error)
+		});
+	}
+	const webhooks = project.webhooks?.webhooks || [];
+	for (const hook of webhooks) {
+		if (!hook.enabled) continue;
+		try {
+			await triggerGenericWebhook(hook);
+			results.push({
+				target: hook.name,
+				success: true
+			});
+		} catch (error) {
+			logger.error(`Failed to trigger webhook ${hook.name}`, error);
+			results.push({
+				target: hook.name,
+				success: false,
+				message: error.message || String(error)
+			});
+		}
+	}
+	return results;
+};
+/**
+* Triggers a single webhook by index
+*/
+const triggerSingleWebhook = async (project, webhookIndex) => {
+	const webhooks = project.webhooks?.webhooks || [];
+	if (webhookIndex < 0 || webhookIndex >= webhooks.length) throw new Error(`Webhook index ${webhookIndex} is out of range`);
+	const hook = webhooks[webhookIndex];
+	if (!hook.enabled) throw new Error(`Webhook "${hook.name}" is disabled`);
+	try {
+		await triggerGenericWebhook(hook);
+		return {
+			target: hook.name,
+			success: true
+		};
+	} catch (error) {
+		logger.error(`Failed to trigger webhook ${hook.name}`, error);
+		return {
+			target: hook.name,
+			success: false,
+			message: error.message || String(error)
+		};
+	}
+};
+const triggerGitPipeline = async (project) => {
+	const { repository, oAuth2Access } = project;
+	if (!repository) throw new Error("No repository configured");
+	const token = oAuth2Access?.[0]?.accessToken?.[0];
+	if (!token) throw new Error("No valid OAuth token found");
+	const { provider } = repository;
+	switch (provider) {
+		case "github": return triggerGithub(repository, token);
+		case "gitlab": return triggerGitlab(repository, token);
+		case "bitbucket": return triggerBitbucket(repository, token);
+		default: throw new Error(`Unknown provider: ${provider}`);
+	}
+};
+const triggerGithub = async (repo, token) => {
+	await new Octokit({ auth: token }).repos.createDispatchEvent({
+		owner: repo.owner,
+		repo: repo.repository,
+		event_type: "intlayer_cms_update",
+		client_payload: {
+			timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+			source: "intlayer-cms"
+		}
+	});
+	logger.info(`Successfully triggered GitHub Action for ${repo.owner}/${repo.repository}`);
+};
+const triggerGitlab = async (repo, token) => {
+	const projectId = encodeURIComponent(`${repo.owner}/${repo.repository}`);
+	const branch = repo.branch || "main";
+	const url = `${repo.instanceUrl || "https://gitlab.com"}/api/v4/projects/${projectId}/trigger/pipeline`;
+	const formData = new FormData();
+	formData.append("token", token);
+	formData.append("ref", branch);
+	formData.append("variables[INTLAYER_UPDATE]", "true");
+	const res = await fetch(url, {
+		method: "POST",
+		body: formData
+	});
+	if (!res.ok) {
+		const errorText = await res.text();
+		throw new Error(`GitLab error: ${res.status} - ${errorText}`);
+	}
+	logger.info(`Successfully triggered GitLab pipeline for ${repo.owner}/${repo.repository}`);
+};
+const triggerBitbucket = async (repo, token) => {
+	const workspace = repo.workspace || repo.owner;
+	const branch = repo.branch || "main";
+	const url = `https://api.bitbucket.org/2.0/repositories/${workspace}/${repo.repository}/pipelines/`;
+	const body = {
+		target: {
+			ref_type: "branch",
+			type: "pipeline_ref_target",
+			ref_name: branch
+		},
+		variables: [{
+			key: "INTLAYER_UPDATE",
+			value: "true",
+			secured: false
+		}]
+	};
+	const res = await fetch(url, {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${token}`,
+			"Content-Type": "application/json"
+		},
+		body: JSON.stringify(body)
+	});
+	if (!res.ok) {
+		const errorText = await res.text();
+		throw new Error(`Bitbucket error: ${res.status} - ${errorText}`);
+	}
+	logger.info(`Successfully triggered Bitbucket pipeline for ${workspace}/${repo.repository}`);
+};
+const triggerGenericWebhook = async (hook) => {
+	const headers = { "Content-Type": "application/json" };
+	if (hook.secret) {
+		const payload = JSON.stringify({ event: "intlayer_cms_update" });
+		headers["X-Intlayer-Signature"] = createHmac("sha256", hook.secret).update(payload).digest("hex");
+	}
+	const res = await fetch(hook.url, {
+		method: "POST",
+		headers,
+		body: JSON.stringify({
+			event: "intlayer_cms_update",
+			timestamp: (/* @__PURE__ */ new Date()).toISOString()
+		})
+	});
+	if (!res.ok) {
+		const errorText = await res.text();
+		throw new Error(`Webhook ${hook.name} failed: ${res.status} - ${errorText}`);
+	}
+	logger.info(`Successfully triggered webhook: ${hook.name}`);
+};
+//#endregion
+export { triggerAll, triggerSingleWebhook };
+//# sourceMappingURL=webhook.service.mjs.map

package/dist/esm/services/webhook.service.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"webhook.service.mjs","names":["results: TriggerResult[]","error: any","headers: Record<string, string>"],"sources":["../../../src/services/webhook.service.ts"],"sourcesContent":["import { createHmac } from 'node:crypto';\nimport { logger } from '@logger';\nimport { Octokit } from '@octokit/rest';\nimport type { Project } from '@/types/project.types';\n\nexport type TriggerResult = {\n target: string;\n success: boolean;\n message?: string;\n};\n\n/**\n * Main entry point to trigger all configured CI pipelines for a project\n */\nexport const triggerAll = async (\n project: Project\n): Promise<TriggerResult[]> => {\n const results: TriggerResult[] = [];\n\n // Trigger Git Provider Pipeline (if configured)\n if (project.repository && project.webhooks?.autoTriggerBuilds) {\n try {\n await triggerGitPipeline(project);\n results.push({\n target: project.repository.provider,\n success: true,\n });\n } catch (error: any) {\n logger.error(`Failed to trigger ${project.repository.provider}`, error);\n results.push({\n target: project.repository.provider,\n success: false,\n message: error.message || String(error),\n });\n }\n }\n\n // Trigger Generic Webhooks (Vercel, etc.)\n const webhooks = project.webhooks?.webhooks || [];\n\n // Using Promise.all is often better here, but keeping your sequential loop logic for safety\n for (const hook of webhooks) {\n if (!hook.enabled) continue;\n try {\n await triggerGenericWebhook(hook);\n results.push({ target: hook.name, success: true });\n } catch (error: any) {\n logger.error(`Failed to trigger webhook ${hook.name}`, error);\n results.push({\n target: hook.name,\n success: false,\n message: error.message || String(error),\n });\n }\n }\n\n return results;\n};\n\n/**\n * Triggers a single webhook by index\n */\nexport const triggerSingleWebhook = async (\n project: Project,\n webhookIndex: number\n): Promise<TriggerResult> => {\n const webhooks = project.webhooks?.webhooks || [];\n\n if (webhookIndex < 0 || webhookIndex >= webhooks.length) {\n throw new Error(`Webhook index ${webhookIndex} is out of range`);\n }\n\n const hook = webhooks[webhookIndex];\n\n if (!hook.enabled) {\n throw new Error(`Webhook \"${hook.name}\" is disabled`);\n }\n\n try {\n await triggerGenericWebhook(hook);\n return { target: hook.name, success: true };\n } catch (error: any) {\n logger.error(`Failed to trigger webhook ${hook.name}`, error);\n return {\n target: hook.name,\n success: false,\n message: error.message || String(error),\n };\n }\n};\n\n// Internal Helper Functions (equivalent to private static methods)\n\nconst triggerGitPipeline = async (project: Project) => {\n const { repository, oAuth2Access } = project;\n\n if (!repository) throw new Error('No repository configured');\n\n const token = oAuth2Access?.[0]?.accessToken?.[0]; // Get the first valid token\n\n if (!token) throw new Error('No valid OAuth token found');\n\n const { provider } = repository;\n\n switch (provider) {\n case 'github':\n return triggerGithub(repository, token);\n case 'gitlab':\n return triggerGitlab(repository, token);\n case 'bitbucket':\n return triggerBitbucket(repository, token);\n default:\n throw new Error(`Unknown provider: ${provider as string}`);\n }\n};\n\nconst triggerGithub = async (repo: any, token: string) => {\n const octokit = new Octokit({ auth: token });\n\n // Triggers a 'repository_dispatch' event\n // Workflow must listen to: types: [intlayer_cms_update]\n await octokit.repos.createDispatchEvent({\n owner: repo.owner,\n repo: repo.repository,\n event_type: 'intlayer_cms_update',\n client_payload: {\n timestamp: new Date().toISOString(),\n source: 'intlayer-cms',\n },\n });\n\n logger.info(\n `Successfully triggered GitHub Action for ${repo.owner}/${repo.repository}`\n );\n};\n\n// GitLab\nconst triggerGitlab = async (repo: any, token: string) => {\n // GitLab needs Project ID (int) or URL-encoded path \"owner/repo\"\n const projectId = encodeURIComponent(`${repo.owner}/${repo.repository}`);\n const branch = repo.branch || 'main';\n const baseUrl = repo.instanceUrl || 'https://gitlab.com';\n\n const url = `${baseUrl}/api/v4/projects/${projectId}/trigger/pipeline`;\n\n const formData = new FormData();\n formData.append('token', token); // Or a specific trigger token if stored separately\n formData.append('ref', branch);\n formData.append('variables[INTLAYER_UPDATE]', 'true');\n\n const res = await fetch(url, { method: 'POST', body: formData });\n if (!res.ok) {\n const errorText = await res.text();\n throw new Error(`GitLab error: ${res.status} - ${errorText}`);\n }\n\n logger.info(\n `Successfully triggered GitLab pipeline for ${repo.owner}/${repo.repository}`\n );\n};\n\n// Bitbucket\nconst triggerBitbucket = async (repo: any, token: string) => {\n const workspace = repo.workspace || repo.owner; // Bitbucket uses 'workspace'\n const branch = repo.branch || 'main';\n const url = `https://api.bitbucket.org/2.0/repositories/${workspace}/${repo.repository}/pipelines/`;\n\n const body = {\n target: {\n ref_type: 'branch',\n type: 'pipeline_ref_target',\n ref_name: branch,\n // Optional: Target a custom pipeline for security\n // selector: { type: 'custom', pattern: 'intlayer-update' }\n },\n variables: [{ key: 'INTLAYER_UPDATE', value: 'true', secured: false }],\n };\n\n const res = await fetch(url, {\n method: 'POST',\n headers: {\n Authorization: `Bearer ${token}`,\n 'Content-Type': 'application/json',\n },\n body: JSON.stringify(body),\n });\n\n if (!res.ok) {\n const errorText = await res.text();\n throw new Error(`Bitbucket error: ${res.status} - ${errorText}`);\n }\n\n logger.info(\n `Successfully triggered Bitbucket pipeline for ${workspace}/${repo.repository}`\n );\n};\n\n// Generic Webhook\nconst triggerGenericWebhook = async (hook: any) => {\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n };\n\n // Add secret signature if provided (for webhook verification)\n if (hook.secret) {\n // Simple HMAC-SHA256 signature (can be enhanced)\n const payload = JSON.stringify({ event: 'intlayer_cms_update' });\n const signature = createHmac('sha256', hook.secret)\n .update(payload)\n .digest('hex');\n headers['X-Intlayer-Signature'] = signature;\n }\n\n const res = await fetch(hook.url, {\n method: 'POST',\n headers,\n body: JSON.stringify({\n event: 'intlayer_cms_update',\n timestamp: new Date().toISOString(),\n }),\n });\n\n if (!res.ok) {\n const errorText = await res.text();\n throw new Error(\n `Webhook ${hook.name} failed: ${res.status} - ${errorText}`\n );\n }\n\n logger.info(`Successfully triggered webhook: ${hook.name}`);\n};\n"],"mappings":";;;;;;;;AAcA,MAAa,aAAa,OACxB,YAC6B;CAC7B,MAAMA,UAA2B,EAAE;AAGnC,KAAI,QAAQ,cAAc,QAAQ,UAAU,kBAC1C,KAAI;AACF,QAAM,mBAAmB,QAAQ;AACjC,UAAQ,KAAK;GACX,QAAQ,QAAQ,WAAW;GAC3B,SAAS;GACV,CAAC;UACKC,OAAY;AACnB,SAAO,MAAM,qBAAqB,QAAQ,WAAW,YAAY,MAAM;AACvE,UAAQ,KAAK;GACX,QAAQ,QAAQ,WAAW;GAC3B,SAAS;GACT,SAAS,MAAM,WAAW,OAAO,MAAM;GACxC,CAAC;;CAKN,MAAM,WAAW,QAAQ,UAAU,YAAY,EAAE;AAGjD,MAAK,MAAM,QAAQ,UAAU;AAC3B,MAAI,CAAC,KAAK,QAAS;AACnB,MAAI;AACF,SAAM,sBAAsB,KAAK;AACjC,WAAQ,KAAK;IAAE,QAAQ,KAAK;IAAM,SAAS;IAAM,CAAC;WAC3CA,OAAY;AACnB,UAAO,MAAM,6BAA6B,KAAK,QAAQ,MAAM;AAC7D,WAAQ,KAAK;IACX,QAAQ,KAAK;IACb,SAAS;IACT,SAAS,MAAM,WAAW,OAAO,MAAM;IACxC,CAAC;;;AAIN,QAAO;;;;;AAMT,MAAa,uBAAuB,OAClC,SACA,iBAC2B;CAC3B,MAAM,WAAW,QAAQ,UAAU,YAAY,EAAE;AAEjD,KAAI,eAAe,KAAK,gBAAgB,SAAS,OAC/C,OAAM,IAAI,MAAM,iBAAiB,aAAa,kBAAkB;CAGlE,MAAM,OAAO,SAAS;AAEtB,KAAI,CAAC,KAAK,QACR,OAAM,IAAI,MAAM,YAAY,KAAK,KAAK,eAAe;AAGvD,KAAI;AACF,QAAM,sBAAsB,KAAK;AACjC,SAAO;GAAE,QAAQ,KAAK;GAAM,SAAS;GAAM;UACpCA,OAAY;AACnB,SAAO,MAAM,6BAA6B,KAAK,QAAQ,MAAM;AAC7D,SAAO;GACL,QAAQ,KAAK;GACb,SAAS;GACT,SAAS,MAAM,WAAW,OAAO,MAAM;GACxC;;;AAML,MAAM,qBAAqB,OAAO,YAAqB;CACrD,MAAM,EAAE,YAAY,iBAAiB;AAErC,KAAI,CAAC,WAAY,OAAM,IAAI,MAAM,2BAA2B;CAE5D,MAAM,QAAQ,eAAe,IAAI,cAAc;AAE/C,KAAI,CAAC,MAAO,OAAM,IAAI,MAAM,6BAA6B;CAEzD,MAAM,EAAE,aAAa;AAErB,SAAQ,UAAR;EACE,KAAK,SACH,QAAO,cAAc,YAAY,MAAM;EACzC,KAAK,SACH,QAAO,cAAc,YAAY,MAAM;EACzC,KAAK,YACH,QAAO,iBAAiB,YAAY,MAAM;EAC5C,QACE,OAAM,IAAI,MAAM,qBAAqB,WAAqB;;;AAIhE,MAAM,gBAAgB,OAAO,MAAW,UAAkB;AAKxD,OAJgB,IAAI,QAAQ,EAAE,MAAM,OAAO,CAAC,CAI9B,MAAM,oBAAoB;EACtC,OAAO,KAAK;EACZ,MAAM,KAAK;EACX,YAAY;EACZ,gBAAgB;GACd,4BAAW,IAAI,MAAM,EAAC,aAAa;GACnC,QAAQ;GACT;EACF,CAAC;AAEF,QAAO,KACL,4CAA4C,KAAK,MAAM,GAAG,KAAK,aAChE;;AAIH,MAAM,gBAAgB,OAAO,MAAW,UAAkB;CAExD,MAAM,YAAY,mBAAmB,GAAG,KAAK,MAAM,GAAG,KAAK,aAAa;CACxE,MAAM,SAAS,KAAK,UAAU;CAG9B,MAAM,MAAM,GAFI,KAAK,eAAe,qBAEb,mBAAmB,UAAU;CAEpD,MAAM,WAAW,IAAI,UAAU;AAC/B,UAAS,OAAO,SAAS,MAAM;AAC/B,UAAS,OAAO,OAAO,OAAO;AAC9B,UAAS,OAAO,8BAA8B,OAAO;CAErD,MAAM,MAAM,MAAM,MAAM,KAAK;EAAE,QAAQ;EAAQ,MAAM;EAAU,CAAC;AAChE,KAAI,CAAC,IAAI,IAAI;EACX,MAAM,YAAY,MAAM,IAAI,MAAM;AAClC,QAAM,IAAI,MAAM,iBAAiB,IAAI,OAAO,KAAK,YAAY;;AAG/D,QAAO,KACL,8CAA8C,KAAK,MAAM,GAAG,KAAK,aAClE;;AAIH,MAAM,mBAAmB,OAAO,MAAW,UAAkB;CAC3D,MAAM,YAAY,KAAK,aAAa,KAAK;CACzC,MAAM,SAAS,KAAK,UAAU;CAC9B,MAAM,MAAM,8CAA8C,UAAU,GAAG,KAAK,WAAW;CAEvF,MAAM,OAAO;EACX,QAAQ;GACN,UAAU;GACV,MAAM;GACN,UAAU;GAGX;EACD,WAAW,CAAC;GAAE,KAAK;GAAmB,OAAO;GAAQ,SAAS;GAAO,CAAC;EACvE;CAED,MAAM,MAAM,MAAM,MAAM,KAAK;EAC3B,QAAQ;EACR,SAAS;GACP,eAAe,UAAU;GACzB,gBAAgB;GACjB;EACD,MAAM,KAAK,UAAU,KAAK;EAC3B,CAAC;AAEF,KAAI,CAAC,IAAI,IAAI;EACX,MAAM,YAAY,MAAM,IAAI,MAAM;AAClC,QAAM,IAAI,MAAM,oBAAoB,IAAI,OAAO,KAAK,YAAY;;AAGlE,QAAO,KACL,iDAAiD,UAAU,GAAG,KAAK,aACpE;;AAIH,MAAM,wBAAwB,OAAO,SAAc;CACjD,MAAMC,UAAkC,EACtC,gBAAgB,oBACjB;AAGD,KAAI,KAAK,QAAQ;EAEf,MAAM,UAAU,KAAK,UAAU,EAAE,OAAO,uBAAuB,CAAC;AAIhE,UAAQ,0BAHU,WAAW,UAAU,KAAK,OAAO,CAChD,OAAO,QAAQ,CACf,OAAO,MAAM;;CAIlB,MAAM,MAAM,MAAM,MAAM,KAAK,KAAK;EAChC,QAAQ;EACR;EACA,MAAM,KAAK,UAAU;GACnB,OAAO;GACP,4BAAW,IAAI,MAAM,EAAC,aAAa;GACpC,CAAC;EACH,CAAC;AAEF,KAAI,CAAC,IAAI,IAAI;EACX,MAAM,YAAY,MAAM,IAAI,MAAM;AAClC,QAAM,IAAI,MACR,WAAW,KAAK,KAAK,WAAW,IAAI,OAAO,KAAK,YACjD;;AAGH,QAAO,KAAK,mCAAmC,KAAK,OAAO"}

package/dist/esm/utils/auth/getAuth.mjs CHANGED Viewed

@@ -163,14 +163,6 @@ const getAuth = (dbClient) => {
 			},
 			resetPasswordTokenExpiresIn: 3600
 		},
-		accountLinking: {
-			enabled: true,
-			trustedProviders: [
-				"google",
-				"github",
-				"linkedin"
-			]
-		},
 		emailVerification: {
 			autoSignInAfterVerification: true,
 			sendOnSignIn: true,
@@ -187,7 +179,7 @@ const getAuth = (dbClient) => {
 		crossSubDomainCookies: {
 			enabled: true,
 			additionalCookies: ["session_token"],
-			domain: process.env.APP_URL
+			domain: process.env.DOMAIN
 		},
 		cookiePrefix: "intlayer",
 		cookies: { session_token: {
@@ -198,6 +190,20 @@ const getAuth = (dbClient) => {
 			}
 		} },
 		trustedOrigins: [process.env.WEBSITE_URL, process.env.APP_URL],
+		accountLinking: {
+			enabled: true,
+			trustedProviders: [
+				"google",
+				"github",
+				"linkedin",
+				"gitlab",
+				"atlassian",
+				"microsoft",
+				"email-password",
+				"magic-link",
+				"passkey"
+			]
+		},
 		socialProviders: {
 			google: {
 				clientId: process.env.GOOGLE_CLIENT_ID,

package/dist/esm/utils/auth/getAuth.mjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getAuth.mjs","names":["userAPI: UserAPI \| null","organizationAPI: OrganizationAPI \| null","projectAPI: ProjectAPI \| null"],"sources":["../../../../src/utils/auth/getAuth.ts"],"sourcesContent":["import { passkey } from '@better-auth/passkey';\nimport { sso } from '@better-auth/sso';\nimport { sendVerificationUpdate } from '@controllers/user.controller';\nimport { logger } from '@logger';\nimport { sendEmail } from '@services/email.service';\nimport { getOrganizationById } from '@services/organization.service';\nimport { getProjectById } from '@services/project.service';\nimport { getUserById } from '@services/user.service';\nimport { mapOrganizationToAPI } from '@utils/mapper/organization';\nimport { mapProjectToAPI } from '@utils/mapper/project';\nimport { mapSessionToAPI } from '@utils/mapper/session';\nimport { mapUserToAPI } from '@utils/mapper/user';\nimport {\n computeEffectivePermission,\n getSessionRoles,\n intersectPermissions,\n} from '@utils/permissions';\nimport { betterAuth, type OmitId } from 'better-auth';\nimport { mongodbAdapter } from 'better-auth/adapters/mongodb';\nimport { createAuthMiddleware } from 'better-auth/api';\nimport { customSession, lastLoginMethod, twoFactor } from 'better-auth/plugins';\nimport { magicLink } from 'better-auth/plugins/magic-link';\nimport type { MongoClient } from 'mongodb';\nimport type { OrganizationAPI } from '@/types/organization.types';\nimport type { ProjectAPI } from '@/types/project.types';\nimport type {\n Session,\n SessionContext,\n SessionDataApi,\n} from '@/types/session.types';\nimport type { User, UserAPI } from '@/types/user.types';\n\nexport type Auth = ReturnType<typeof betterAuth>;\n\nexport const formatSession = (session: SessionContext): OmitId<Session> => {\n const roles = getSessionRoles(session);\n let permissions = computeEffectivePermission(roles);\n\n // Intersect in the case a Access Token try to override the permissions\n if (session.permissions) {\n permissions = intersectPermissions(permissions, session.permissions);\n }\n\n const resultSession = {\n session: session.session,\n user: session.user,\n organization: session.organization,\n project: session.project,\n authType: 'session',\n permissions,\n roles,\n } as OmitId<Session>;\n\n return resultSession;\n};\n\nexport const getAuth = (dbClient: MongoClient): Auth => {\n if (!dbClient) {\n throw new Error('MongoDB connection not established');\n }\n\n const auth = betterAuth({\n appName: 'Intlayer',\n\n database: mongodbAdapter(dbClient.db()),\n\n /*\n User model\n /\n user: {\n modelName: 'users',\n },\n\n databaseHooks: {\n user: {\n create: {\n // Runs once, immediately after the INSERT\n after: async (user) => {\n if (!user?.emailVerified) return;\n\n await sendEmail({\n type: 'welcome',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n loginLink: `${process.env.APP_URL}/auth/login`,\n locale: (user as any).lang,\n });\n logger.info('Welcome e‑mail delivered', {\n email: user.email,\n });\n },\n },\n },\n },\n\n hooks: {\n after: createAuthMiddleware(async (ctx) => {\n const { path, context } = ctx;\n\n const newUser = context.newSession?.user;\n const existingUser = context.session?.user;\n const user = newUser ?? existingUser;\n\n if (!user) return;\n\n if (path.includes('/verify-email')) {\n sendVerificationUpdate(user as unknown as User);\n logger.info('SSE verification update sent', {\n email: user.email,\n userId: user.id,\n });\n\n await sendEmail({\n type: 'welcome',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n loginLink: `${process.env.APP_URL}/auth/login`,\n locale: (user as any).lang,\n });\n logger.info('Welcome e‑mail delivered', {\n email: user.email,\n });\n }\n }),\n },\n\n advanced: {\n // 1️⃣ Change or drop the global prefix\n // cookiePrefix: \"intlayer\", // => intlayer.session_token\n cookiePrefix: 'intlayer', // => session_token (no prefix)\n\n // 2️⃣ Override just the session‑token cookie\n cookies: {\n session_token: {\n // name: 'intlayer_session_token', // final name depends on the prefix above\n // attributes: { sameSite: \"lax\", maxAge: 60 60 * 24 } // optional\n },\n },\n\n // 3️⃣ (optional) turn off the automatic __Secure‑ prefix in non‑prod\n // useSecureCookies: false,\n },\n\n secret: process.env.BETTER_AUTH_SECRET as string,\n session: {\n modelName: 'sessions',\n id: 'id',\n\n additionalFields: {\n activeOrganizationId: { type: 'string', nullable: true, input: false },\n activeProjectId: { type: 'string', nullable: true, input: false },\n },\n },\n\n plugins: [\n customSession(async ({ session }) => {\n const typedSession = session as unknown as SessionDataApi;\n\n let userAPI: UserAPI \| null = null;\n let organizationAPI: OrganizationAPI \| null = null;\n let projectAPI: ProjectAPI \| null = null;\n\n if (typedSession.userId) {\n const userData = await getUserById(typedSession.userId);\n\n if (userData) {\n userAPI = mapUserToAPI(userData);\n }\n }\n\n if (typedSession.activeOrganizationId) {\n const orgData = await getOrganizationById(\n typedSession.activeOrganizationId\n );\n\n if (orgData) {\n organizationAPI = mapOrganizationToAPI(orgData);\n }\n }\n if (typedSession.activeProjectId) {\n const projectData = await getProjectById(\n typedSession.activeProjectId\n );\n\n if (projectData) {\n projectAPI = mapProjectToAPI(projectData);\n }\n }\n\n const sessionWithNoPermission: SessionContext = {\n session: typedSession,\n user: userAPI!,\n organization: organizationAPI ?? null,\n project: projectAPI ?? null,\n authType: 'session',\n };\n\n const formattedSession = formatSession(sessionWithNoPermission);\n\n return mapSessionToAPI(formattedSession);\n }),\n lastLoginMethod({\n storeInDatabase: true, // adds user.lastLoginMethod in DB and session\n schema: {\n user: {\n lastLoginMethod: 'lastLoginMethod', // Custom field name\n },\n },\n customResolveMethod: (context) => {\n // When user clicks the magic link\n if (context.path === '/magic-link/verify') {\n return 'magic-link';\n }\n\n // Fallback to default behavior for everything else\n return null;\n },\n }),\n passkey({\n rpID: process.env.DOMAIN,\n rpName: 'Intlayer',\n }),\n twoFactor(),\n magicLink({\n sendMagicLink: async ({ email, url }) => {\n logger.info('sending magic link', { email, url });\n await sendEmail({\n type: 'magicLink',\n to: email,\n username: email.split('@')[0],\n magicLink: url,\n });\n },\n }),\n sso({\n organizationProvisioning: {},\n }),\n ],\n\n emailAndPassword: {\n enabled: true,\n disableSignUp: false,\n requireEmailVerification: true,\n minPasswordLength: 8,\n maxPasswordLength: 128,\n autoSignIn: true,\n sendResetPassword: async ({ user, token }) => {\n logger.info('sending reset password email', { email: user.email });\n await sendEmail({\n type: 'resetPassword',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n resetLink: `${process.env.APP_URL}/auth/password/reset?token=${token}`,\n });\n },\n resetPasswordTokenExpiresIn: 3600,\n },\n accountLinking: {\n enabled: true, // allow linking in general\n trustedProviders: ['google', 'github', 'linkedin'], // optional: auto‑link when Google verifies the e‑mail\n },\n emailVerification: {\n autoSignInAfterVerification: true,\n sendOnSignIn: true,\n sendVerificationEmail: async ({ user, url }) => {\n logger.info('sending verification email', { email: user.email });\n await sendEmail({\n type: 'validate',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n validationLink: url,\n });\n },\n },\n\n crossSubDomainCookies: {\n enabled: true,\n additionalCookies: ['session_token'],\n domain: process.env.APP_URL as string,\n },\n cookiePrefix: 'intlayer',\n cookies: {\n session_token: {\n name: 'session_token',\n attributes: {\n httpOnly: true,\n secure: true,\n },\n },\n },\n\n trustedOrigins: [\n process.env.WEBSITE_URL as string,\n process.env.APP_URL as string,\n ],\n\n socialProviders: {\n google: {\n clientId: process.env.GOOGLE_CLIENT_ID as string,\n clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,\n },\n github: {\n clientId: process.env.GITHUB_CLIENT_ID as string,\n clientSecret: process.env.GITHUB_CLIENT_SECRET as string,\n },\n atlassian: {\n clientId: process.env.ATLASSIAN_CLIENT_ID as string,\n clientSecret: process.env.ATLASSIAN_CLIENT_SECRET as string,\n },\n gitlab: {\n clientId: process.env.GITLAB_CLIENT_ID as string,\n clientSecret: process.env.GITLAB_CLIENT_SECRET as string,\n },\n linkedin: {\n clientId: process.env.LINKEDIN_CLIENT_ID as string,\n clientSecret: process.env.LINKEDIN_CLIENT_SECRET as string,\n },\n microsoft: {\n clientId: process.env.MICROSOFT_CLIENT_ID as string,\n clientSecret: process.env.MICROSOFT_CLIENT_SECRET as string,\n },\n // socialProviders: {\n // apple: {\n // clientId: process.env.APPLE_CLIENT_ID as string,\n // clientSecret: process.env.APPLE_CLIENT_SECRET as string,\n // // Optional\n // appBundleIdentifier: process.env\n // .APPLE_APP_BUNDLE_IDENTIFIER as string,\n // },\n // },\n // // Add appleid.apple.com to trustedOrigins for Sign In with Apple flows\n // trustedOrigins: ['https://appleid.apple.com'],\n },\n\n logger: {\n log: (level, message, ...args) => logger[level](message, ...args),\n },\n });\n\n return auth;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAkCA,MAAa,iBAAiB,YAA6C;CACzE,MAAM,QAAQ,gBAAgB,QAAQ;CACtC,IAAI,cAAc,2BAA2B,MAAM;AAGnD,KAAI,QAAQ,YACV,eAAc,qBAAqB,aAAa,QAAQ,YAAY;AAatE,QAVsB;EACpB,SAAS,QAAQ;EACjB,MAAM,QAAQ;EACd,cAAc,QAAQ;EACtB,SAAS,QAAQ;EACjB,UAAU;EACV;EACA;EACD;;AAKH,MAAa,WAAW,aAAgC;AACtD,KAAI,CAAC,SACH,OAAM,IAAI,MAAM,qCAAqC;AAyRvD,QAtRa,WAAW;EACtB,SAAS;EAET,UAAU,eAAe,SAAS,IAAI,CAAC;EAKvC,MAAM,EACJ,WAAW,SACZ;EAED,eAAe,EACb,MAAM,EACJ,QAAQ,EAEN,OAAO,OAAO,SAAS;AACrB,OAAI,CAAC,MAAM,cAAe;AAE1B,SAAM,UAAU;IACd,MAAM;IACN,IAAI,KAAK;IACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;IAC7C,WAAW,GAAG,QAAQ,IAAI,QAAQ;IAClC,QAAS,KAAa;IACvB,CAAC;AACF,UAAO,KAAK,4BAA4B,EACtC,OAAO,KAAK,OACb,CAAC;KAEL,EACF,EACF;EAED,OAAO,EACL,OAAO,qBAAqB,OAAO,QAAQ;GACzC,MAAM,EAAE,MAAM,YAAY;GAE1B,MAAM,UAAU,QAAQ,YAAY;GACpC,MAAM,eAAe,QAAQ,SAAS;GACtC,MAAM,OAAO,WAAW;AAExB,OAAI,CAAC,KAAM;AAEX,OAAI,KAAK,SAAS,gBAAgB,EAAE;AAClC,2BAAuB,KAAwB;AAC/C,WAAO,KAAK,gCAAgC;KAC1C,OAAO,KAAK;KACZ,QAAQ,KAAK;KACd,CAAC;AAEF,UAAM,UAAU;KACd,MAAM;KACN,IAAI,KAAK;KACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;KAC7C,WAAW,GAAG,QAAQ,IAAI,QAAQ;KAClC,QAAS,KAAa;KACvB,CAAC;AACF,WAAO,KAAK,4BAA4B,EACtC,OAAO,KAAK,OACb,CAAC;;IAEJ,EACH;EAED,UAAU;GAGR,cAAc;GAGd,SAAS,EACP,eAAe,EAGd,EACF;GAIF;EAED,QAAQ,QAAQ,IAAI;EACpB,SAAS;GACP,WAAW;GACX,IAAI;GAEJ,kBAAkB;IAChB,sBAAsB;KAAE,MAAM;KAAU,UAAU;KAAM,OAAO;KAAO;IACtE,iBAAiB;KAAE,MAAM;KAAU,UAAU;KAAM,OAAO;KAAO;IAClE;GACF;EAED,SAAS;GACP,cAAc,OAAO,EAAE,cAAc;IACnC,MAAM,eAAe;IAErB,IAAIA,UAA0B;IAC9B,IAAIC,kBAA0C;IAC9C,IAAIC,aAAgC;AAEpC,QAAI,aAAa,QAAQ;KACvB,MAAM,WAAW,MAAM,YAAY,aAAa,OAAO;AAEvD,SAAI,SACF,WAAU,aAAa,SAAS;;AAIpC,QAAI,aAAa,sBAAsB;KACrC,MAAM,UAAU,MAAM,oBACpB,aAAa,qBACd;AAED,SAAI,QACF,mBAAkB,qBAAqB,QAAQ;;AAGnD,QAAI,aAAa,iBAAiB;KAChC,MAAM,cAAc,MAAM,eACxB,aAAa,gBACd;AAED,SAAI,YACF,cAAa,gBAAgB,YAAY;;AAc7C,WAAO,gBAFkB,cARuB;KAC9C,SAAS;KACT,MAAM;KACN,cAAc,mBAAmB;KACjC,SAAS,cAAc;KACvB,UAAU;KACX,CAE8D,CAEvB;KACxC;GACF,gBAAgB;IACd,iBAAiB;IACjB,QAAQ,EACN,MAAM,EACJ,iBAAiB,mBAClB,EACF;IACD,sBAAsB,YAAY;AAEhC,SAAI,QAAQ,SAAS,qBACnB,QAAO;AAIT,YAAO;;IAEV,CAAC;GACF,QAAQ;IACN,MAAM,QAAQ,IAAI;IAClB,QAAQ;IACT,CAAC;GACF,WAAW;GACX,UAAU,EACR,eAAe,OAAO,EAAE,OAAO,UAAU;AACvC,WAAO,KAAK,sBAAsB;KAAE;KAAO;KAAK,CAAC;AACjD,UAAM,UAAU;KACd,MAAM;KACN,IAAI;KACJ,UAAU,MAAM,MAAM,IAAI,CAAC;KAC3B,WAAW;KACZ,CAAC;MAEL,CAAC;GACF,IAAI,EACF,0BAA0B,EAAE,EAC7B,CAAC;GACH;EAED,kBAAkB;GAChB,SAAS;GACT,eAAe;GACf,0BAA0B;GAC1B,mBAAmB;GACnB,mBAAmB;GACnB,YAAY;GACZ,mBAAmB,OAAO,EAAE,MAAM,YAAY;AAC5C,WAAO,KAAK,gCAAgC,EAAE,OAAO,KAAK,OAAO,CAAC;AAClE,UAAM,UAAU;KACd,MAAM;KACN,IAAI,KAAK;KACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;KAC7C,WAAW,GAAG,QAAQ,IAAI,QAAQ,6BAA6B;KAChE,CAAC;;GAEJ,6BAA6B;GAC9B;EACD,gBAAgB;GACd,SAAS;GACT,kBAAkB;IAAC;IAAU;IAAU;IAAW;GACnD;EACD,mBAAmB;GACjB,6BAA6B;GAC7B,cAAc;GACd,uBAAuB,OAAO,EAAE,MAAM,UAAU;AAC9C,WAAO,KAAK,8BAA8B,EAAE,OAAO,KAAK,OAAO,CAAC;AAChE,UAAM,UAAU;KACd,MAAM;KACN,IAAI,KAAK;KACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;KAC7C,gBAAgB;KACjB,CAAC;;GAEL;EAED,uBAAuB;GACrB,SAAS;GACT,mBAAmB,CAAC,gBAAgB;GACpC,QAAQ,QAAQ,IAAI;GACrB;EACD,cAAc;EACd,SAAS,EACP,eAAe;GACb,MAAM;GACN,YAAY;IACV,UAAU;IACV,QAAQ;IACT;GACF,EACF;EAED,gBAAgB,CACd,QAAQ,IAAI,aACZ,QAAQ,IAAI,QACb;EAED,iBAAiB;GACf,QAAQ;IACN,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,QAAQ;IACN,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,WAAW;IACT,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,QAAQ;IACN,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,UAAU;IACR,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,WAAW;IACT,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GAYF;EAED,QAAQ,EACN,MAAM,OAAO,SAAS,GAAG,SAAS,OAAO,OAAO,SAAS,GAAG,KAAK,EAClE;EACF,CAAC"}
1	+ {"version":3,"file":"getAuth.mjs","names":["userAPI: UserAPI \| null","organizationAPI: OrganizationAPI \| null","projectAPI: ProjectAPI \| null"],"sources":["../../../../src/utils/auth/getAuth.ts"],"sourcesContent":["import { passkey } from '@better-auth/passkey';\nimport { sso } from '@better-auth/sso';\nimport { sendVerificationUpdate } from '@controllers/user.controller';\nimport { logger } from '@logger';\nimport { sendEmail } from '@services/email.service';\nimport { getOrganizationById } from '@services/organization.service';\nimport { getProjectById } from '@services/project.service';\nimport { getUserById } from '@services/user.service';\nimport { mapOrganizationToAPI } from '@utils/mapper/organization';\nimport { mapProjectToAPI } from '@utils/mapper/project';\nimport { mapSessionToAPI } from '@utils/mapper/session';\nimport { mapUserToAPI } from '@utils/mapper/user';\nimport {\n computeEffectivePermission,\n getSessionRoles,\n intersectPermissions,\n} from '@utils/permissions';\nimport { betterAuth, type OmitId } from 'better-auth';\nimport { mongodbAdapter } from 'better-auth/adapters/mongodb';\nimport { createAuthMiddleware } from 'better-auth/api';\nimport { customSession, lastLoginMethod, twoFactor } from 'better-auth/plugins';\nimport { magicLink } from 'better-auth/plugins/magic-link';\nimport type { MongoClient } from 'mongodb';\nimport type { OrganizationAPI } from '@/types/organization.types';\nimport type { ProjectAPI } from '@/types/project.types';\nimport type {\n Session,\n SessionContext,\n SessionDataApi,\n} from '@/types/session.types';\nimport type { User, UserAPI } from '@/types/user.types';\n\nexport type Auth = ReturnType<typeof betterAuth>;\n\nexport const formatSession = (session: SessionContext): OmitId<Session> => {\n const roles = getSessionRoles(session);\n let permissions = computeEffectivePermission(roles);\n\n // Intersect in the case a Access Token try to override the permissions\n if (session.permissions) {\n permissions = intersectPermissions(permissions, session.permissions);\n }\n\n const resultSession = {\n session: session.session,\n user: session.user,\n organization: session.organization,\n project: session.project,\n authType: 'session',\n permissions,\n roles,\n } as OmitId<Session>;\n\n return resultSession;\n};\n\nexport const getAuth = (dbClient: MongoClient): Auth => {\n if (!dbClient) {\n throw new Error('MongoDB connection not established');\n }\n\n const auth = betterAuth({\n appName: 'Intlayer',\n\n database: mongodbAdapter(dbClient.db()),\n\n /*\n User model\n /\n user: {\n modelName: 'users',\n },\n\n databaseHooks: {\n user: {\n create: {\n // Runs once, immediately after the INSERT\n after: async (user) => {\n if (!user?.emailVerified) return;\n\n await sendEmail({\n type: 'welcome',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n loginLink: `${process.env.APP_URL}/auth/login`,\n locale: (user as any).lang,\n });\n logger.info('Welcome e‑mail delivered', {\n email: user.email,\n });\n },\n },\n },\n },\n\n hooks: {\n after: createAuthMiddleware(async (ctx) => {\n const { path, context } = ctx;\n\n const newUser = context.newSession?.user;\n const existingUser = context.session?.user;\n const user = newUser ?? existingUser;\n\n if (!user) return;\n\n if (path.includes('/verify-email')) {\n sendVerificationUpdate(user as unknown as User);\n logger.info('SSE verification update sent', {\n email: user.email,\n userId: user.id,\n });\n\n await sendEmail({\n type: 'welcome',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n loginLink: `${process.env.APP_URL}/auth/login`,\n locale: (user as any).lang,\n });\n logger.info('Welcome e‑mail delivered', {\n email: user.email,\n });\n }\n }),\n },\n\n advanced: {\n cookiePrefix: 'intlayer', // => session_token (no prefix)\n\n // Override just the session‑token cookie\n cookies: {\n session_token: {\n // name: 'intlayer_session_token', // final name depends on the prefix above\n // attributes: { sameSite: \"lax\", maxAge: 60 60 * 24 } // optional\n },\n },\n },\n\n secret: process.env.BETTER_AUTH_SECRET as string,\n session: {\n modelName: 'sessions',\n id: 'id',\n\n additionalFields: {\n activeOrganizationId: { type: 'string', nullable: true, input: false },\n activeProjectId: { type: 'string', nullable: true, input: false },\n },\n },\n\n plugins: [\n customSession(async ({ session }) => {\n const typedSession = session as unknown as SessionDataApi;\n\n let userAPI: UserAPI \| null = null;\n let organizationAPI: OrganizationAPI \| null = null;\n let projectAPI: ProjectAPI \| null = null;\n\n if (typedSession.userId) {\n const userData = await getUserById(typedSession.userId);\n\n if (userData) {\n userAPI = mapUserToAPI(userData);\n }\n }\n\n if (typedSession.activeOrganizationId) {\n const orgData = await getOrganizationById(\n typedSession.activeOrganizationId\n );\n\n if (orgData) {\n organizationAPI = mapOrganizationToAPI(orgData);\n }\n }\n if (typedSession.activeProjectId) {\n const projectData = await getProjectById(\n typedSession.activeProjectId\n );\n\n if (projectData) {\n projectAPI = mapProjectToAPI(projectData);\n }\n }\n\n const sessionWithNoPermission: SessionContext = {\n session: typedSession,\n user: userAPI!,\n organization: organizationAPI ?? null,\n project: projectAPI ?? null,\n authType: 'session',\n };\n\n const formattedSession = formatSession(sessionWithNoPermission);\n\n return mapSessionToAPI(formattedSession);\n }),\n lastLoginMethod({\n storeInDatabase: true, // adds user.lastLoginMethod in DB and session\n schema: {\n user: {\n lastLoginMethod: 'lastLoginMethod', // Custom field name\n },\n },\n customResolveMethod: (context) => {\n // When user clicks the magic link\n if (context.path === '/magic-link/verify') {\n return 'magic-link';\n }\n\n // Fallback to default behavior for everything else\n return null;\n },\n }),\n passkey({\n rpID: process.env.DOMAIN,\n rpName: 'Intlayer',\n }),\n twoFactor(),\n magicLink({\n sendMagicLink: async ({ email, url }) => {\n logger.info('sending magic link', { email, url });\n await sendEmail({\n type: 'magicLink',\n to: email,\n username: email.split('@')[0],\n magicLink: url,\n });\n },\n }),\n sso({\n organizationProvisioning: {},\n }),\n ],\n\n emailAndPassword: {\n enabled: true,\n disableSignUp: false,\n requireEmailVerification: true,\n minPasswordLength: 8,\n maxPasswordLength: 128,\n autoSignIn: true,\n sendResetPassword: async ({ user, token }) => {\n logger.info('sending reset password email', { email: user.email });\n await sendEmail({\n type: 'resetPassword',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n resetLink: `${process.env.APP_URL}/auth/password/reset?token=${token}`,\n });\n },\n resetPasswordTokenExpiresIn: 3600,\n },\n\n emailVerification: {\n autoSignInAfterVerification: true,\n sendOnSignIn: true,\n sendVerificationEmail: async ({ user, url }) => {\n logger.info('sending verification email', { email: user.email });\n await sendEmail({\n type: 'validate',\n to: user.email,\n username: user.name ?? user.email.split('@')[0],\n validationLink: url,\n });\n },\n },\n\n crossSubDomainCookies: {\n enabled: true,\n additionalCookies: ['session_token'],\n domain: process.env.DOMAIN as string,\n },\n cookiePrefix: 'intlayer',\n cookies: {\n session_token: {\n name: 'session_token',\n attributes: {\n httpOnly: true,\n secure: true,\n },\n },\n },\n\n trustedOrigins: [\n process.env.WEBSITE_URL as string,\n process.env.APP_URL as string,\n ],\n\n accountLinking: {\n enabled: true, // allow linking in general\n trustedProviders: [\n 'google',\n 'github',\n 'linkedin',\n 'gitlab',\n 'atlassian',\n 'microsoft',\n 'email-password',\n 'magic-link',\n 'passkey',\n ],\n },\n socialProviders: {\n google: {\n clientId: process.env.GOOGLE_CLIENT_ID as string,\n clientSecret: process.env.GOOGLE_CLIENT_SECRET as string,\n },\n github: {\n clientId: process.env.GITHUB_CLIENT_ID as string,\n clientSecret: process.env.GITHUB_CLIENT_SECRET as string,\n },\n atlassian: {\n clientId: process.env.ATLASSIAN_CLIENT_ID as string,\n clientSecret: process.env.ATLASSIAN_CLIENT_SECRET as string,\n },\n gitlab: {\n clientId: process.env.GITLAB_CLIENT_ID as string,\n clientSecret: process.env.GITLAB_CLIENT_SECRET as string,\n },\n linkedin: {\n clientId: process.env.LINKEDIN_CLIENT_ID as string,\n clientSecret: process.env.LINKEDIN_CLIENT_SECRET as string,\n },\n microsoft: {\n clientId: process.env.MICROSOFT_CLIENT_ID as string,\n clientSecret: process.env.MICROSOFT_CLIENT_SECRET as string,\n },\n // socialProviders: {\n // apple: {\n // clientId: process.env.APPLE_CLIENT_ID as string,\n // clientSecret: process.env.APPLE_CLIENT_SECRET as string,\n // // Optional\n // appBundleIdentifier: process.env\n // .APPLE_APP_BUNDLE_IDENTIFIER as string,\n // },\n // },\n // // Add appleid.apple.com to trustedOrigins for Sign In with Apple flows\n // trustedOrigins: ['https://appleid.apple.com'],\n },\n\n logger: {\n log: (level, message, ...args) => logger[level](message, ...args),\n },\n });\n\n return auth;\n};\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAkCA,MAAa,iBAAiB,YAA6C;CACzE,MAAM,QAAQ,gBAAgB,QAAQ;CACtC,IAAI,cAAc,2BAA2B,MAAM;AAGnD,KAAI,QAAQ,YACV,eAAc,qBAAqB,aAAa,QAAQ,YAAY;AAatE,QAVsB;EACpB,SAAS,QAAQ;EACjB,MAAM,QAAQ;EACd,cAAc,QAAQ;EACtB,SAAS,QAAQ;EACjB,UAAU;EACV;EACA;EACD;;AAKH,MAAa,WAAW,aAAgC;AACtD,KAAI,CAAC,SACH,OAAM,IAAI,MAAM,qCAAqC;AA+RvD,QA5Ra,WAAW;EACtB,SAAS;EAET,UAAU,eAAe,SAAS,IAAI,CAAC;EAKvC,MAAM,EACJ,WAAW,SACZ;EAED,eAAe,EACb,MAAM,EACJ,QAAQ,EAEN,OAAO,OAAO,SAAS;AACrB,OAAI,CAAC,MAAM,cAAe;AAE1B,SAAM,UAAU;IACd,MAAM;IACN,IAAI,KAAK;IACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;IAC7C,WAAW,GAAG,QAAQ,IAAI,QAAQ;IAClC,QAAS,KAAa;IACvB,CAAC;AACF,UAAO,KAAK,4BAA4B,EACtC,OAAO,KAAK,OACb,CAAC;KAEL,EACF,EACF;EAED,OAAO,EACL,OAAO,qBAAqB,OAAO,QAAQ;GACzC,MAAM,EAAE,MAAM,YAAY;GAE1B,MAAM,UAAU,QAAQ,YAAY;GACpC,MAAM,eAAe,QAAQ,SAAS;GACtC,MAAM,OAAO,WAAW;AAExB,OAAI,CAAC,KAAM;AAEX,OAAI,KAAK,SAAS,gBAAgB,EAAE;AAClC,2BAAuB,KAAwB;AAC/C,WAAO,KAAK,gCAAgC;KAC1C,OAAO,KAAK;KACZ,QAAQ,KAAK;KACd,CAAC;AAEF,UAAM,UAAU;KACd,MAAM;KACN,IAAI,KAAK;KACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;KAC7C,WAAW,GAAG,QAAQ,IAAI,QAAQ;KAClC,QAAS,KAAa;KACvB,CAAC;AACF,WAAO,KAAK,4BAA4B,EACtC,OAAO,KAAK,OACb,CAAC;;IAEJ,EACH;EAED,UAAU;GACR,cAAc;GAGd,SAAS,EACP,eAAe,EAGd,EACF;GACF;EAED,QAAQ,QAAQ,IAAI;EACpB,SAAS;GACP,WAAW;GACX,IAAI;GAEJ,kBAAkB;IAChB,sBAAsB;KAAE,MAAM;KAAU,UAAU;KAAM,OAAO;KAAO;IACtE,iBAAiB;KAAE,MAAM;KAAU,UAAU;KAAM,OAAO;KAAO;IAClE;GACF;EAED,SAAS;GACP,cAAc,OAAO,EAAE,cAAc;IACnC,MAAM,eAAe;IAErB,IAAIA,UAA0B;IAC9B,IAAIC,kBAA0C;IAC9C,IAAIC,aAAgC;AAEpC,QAAI,aAAa,QAAQ;KACvB,MAAM,WAAW,MAAM,YAAY,aAAa,OAAO;AAEvD,SAAI,SACF,WAAU,aAAa,SAAS;;AAIpC,QAAI,aAAa,sBAAsB;KACrC,MAAM,UAAU,MAAM,oBACpB,aAAa,qBACd;AAED,SAAI,QACF,mBAAkB,qBAAqB,QAAQ;;AAGnD,QAAI,aAAa,iBAAiB;KAChC,MAAM,cAAc,MAAM,eACxB,aAAa,gBACd;AAED,SAAI,YACF,cAAa,gBAAgB,YAAY;;AAc7C,WAAO,gBAFkB,cARuB;KAC9C,SAAS;KACT,MAAM;KACN,cAAc,mBAAmB;KACjC,SAAS,cAAc;KACvB,UAAU;KACX,CAE8D,CAEvB;KACxC;GACF,gBAAgB;IACd,iBAAiB;IACjB,QAAQ,EACN,MAAM,EACJ,iBAAiB,mBAClB,EACF;IACD,sBAAsB,YAAY;AAEhC,SAAI,QAAQ,SAAS,qBACnB,QAAO;AAIT,YAAO;;IAEV,CAAC;GACF,QAAQ;IACN,MAAM,QAAQ,IAAI;IAClB,QAAQ;IACT,CAAC;GACF,WAAW;GACX,UAAU,EACR,eAAe,OAAO,EAAE,OAAO,UAAU;AACvC,WAAO,KAAK,sBAAsB;KAAE;KAAO;KAAK,CAAC;AACjD,UAAM,UAAU;KACd,MAAM;KACN,IAAI;KACJ,UAAU,MAAM,MAAM,IAAI,CAAC;KAC3B,WAAW;KACZ,CAAC;MAEL,CAAC;GACF,IAAI,EACF,0BAA0B,EAAE,EAC7B,CAAC;GACH;EAED,kBAAkB;GAChB,SAAS;GACT,eAAe;GACf,0BAA0B;GAC1B,mBAAmB;GACnB,mBAAmB;GACnB,YAAY;GACZ,mBAAmB,OAAO,EAAE,MAAM,YAAY;AAC5C,WAAO,KAAK,gCAAgC,EAAE,OAAO,KAAK,OAAO,CAAC;AAClE,UAAM,UAAU;KACd,MAAM;KACN,IAAI,KAAK;KACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;KAC7C,WAAW,GAAG,QAAQ,IAAI,QAAQ,6BAA6B;KAChE,CAAC;;GAEJ,6BAA6B;GAC9B;EAED,mBAAmB;GACjB,6BAA6B;GAC7B,cAAc;GACd,uBAAuB,OAAO,EAAE,MAAM,UAAU;AAC9C,WAAO,KAAK,8BAA8B,EAAE,OAAO,KAAK,OAAO,CAAC;AAChE,UAAM,UAAU;KACd,MAAM;KACN,IAAI,KAAK;KACT,UAAU,KAAK,QAAQ,KAAK,MAAM,MAAM,IAAI,CAAC;KAC7C,gBAAgB;KACjB,CAAC;;GAEL;EAED,uBAAuB;GACrB,SAAS;GACT,mBAAmB,CAAC,gBAAgB;GACpC,QAAQ,QAAQ,IAAI;GACrB;EACD,cAAc;EACd,SAAS,EACP,eAAe;GACb,MAAM;GACN,YAAY;IACV,UAAU;IACV,QAAQ;IACT;GACF,EACF;EAED,gBAAgB,CACd,QAAQ,IAAI,aACZ,QAAQ,IAAI,QACb;EAED,gBAAgB;GACd,SAAS;GACT,kBAAkB;IAChB;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACD;GACF;EACD,iBAAiB;GACf,QAAQ;IACN,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,QAAQ;IACN,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,WAAW;IACT,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,QAAQ;IACN,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,UAAU;IACR,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GACD,WAAW;IACT,UAAU,QAAQ,IAAI;IACtB,cAAc,QAAQ,IAAI;IAC3B;GAYF;EAED,QAAQ,EACN,MAAM,OAAO,SAAS,GAAG,SAAS,OAAO,OAAO,SAAS,GAAG,KAAK,EAClE;EACF,CAAC"}