@kitledger/core 0.0.1 → 0.0.3

package/dist/schema.js

@@ -0,0 +1,159 @@
+import { relations } from "drizzle-orm";
+import { boolean, index, jsonb, pgTable, text, timestamp, uuid, varchar } from "drizzle-orm/pg-core";
+import { timestamps } from "./db.js";
+/**
+ * 1. Tables, Indexes, and Constraints
+ * This allows us to defined and view the database schema in a structured way.
+ */
+/**
+ * 1.1 Users and Roles
+ */
+export const api_tokens = pgTable("api_tokens", {
+    id: uuid("id").primaryKey(),
+    user_id: uuid("user_id")
+        .notNull()
+        .references(() => users.id),
+    name: varchar("name", { length: 64 }).notNull(),
+    revoked_at: timestamp("revoked_at"),
+}, (table) => [index("api_token_user_idx").on(table.user_id)]);
+export const permission_assignments = pgTable("permission_assignments", {
+    id: uuid("id").primaryKey(),
+    permission_id: uuid("permission_id")
+        .notNull()
+        .references(() => permissions.id),
+    user_id: uuid("user_id"),
+    role_id: uuid("role_id"),
+    ...timestamps,
+}, (table) => [
+    index("permission_assignment_user_idx").on(table.user_id),
+    index("permission_assignment_role_idx").on(table.role_id),
+    index("permission_assignment_permission_idx").on(table.permission_id),
+]);
+export const permissions = pgTable("permissions", {
+    id: uuid("id").primaryKey(),
+    name: varchar("name", { length: 64 }).notNull().unique(),
+    description: varchar("description", { length: 255 }),
+    ...timestamps,
+});
+export const roles = pgTable("roles", {
+    id: uuid("id").primaryKey(),
+    name: varchar("name", { length: 64 }).notNull().unique(),
+    description: varchar("description", { length: 255 }),
+    ...timestamps,
+});
+export const sessions = pgTable("sessions", {
+    id: uuid("id").primaryKey(),
+    user_id: uuid("user_id")
+        .notNull()
+        .references(() => users.id),
+    expires_at: timestamp("expires_at").notNull(),
+    ...timestamps,
+});
+export const system_permissions = pgTable("system_permissions", {
+    id: uuid("id").primaryKey(),
+    permission: varchar("permission", { length: 64 }).notNull(),
+    user_id: uuid("user_id")
+        .notNull()
+        .references(() => users.id),
+    ...timestamps,
+}, (table) => [
+    index("system_permission_user_idx").on(table.user_id),
+    index("system_permission_permission_idx").on(table.permission),
+]);
+export const users = pgTable("users", {
+    id: uuid("id").primaryKey(),
+    first_name: varchar("first_name", { length: 64 }).notNull(),
+    last_name: varchar("last_name", { length: 64 }).notNull(),
+    email: varchar("email", { length: 64 }).notNull().unique(),
+    password_hash: text("password_hash").notNull(),
+    ...timestamps,
+}, (table) => [index("user_email_idx").on(table.email)]);
+export const user_roles = pgTable("user_roles", {
+    id: uuid("id").primaryKey(),
+    user_id: uuid("user_id")
+        .notNull()
+        .references(() => users.id),
+    role_id: uuid("role_id")
+        .notNull()
+        .references(() => roles.id),
+    ...timestamps,
+});
+/**
+ * 1.5 Ledgers
+ */
+export const accounts = pgTable("accounts", {
+    id: uuid("id").primaryKey(),
+    ref_id: varchar("ref_id", { length: 64 }).notNull().unique(),
+    alt_id: varchar("alt_id", { length: 64 }).unique(),
+    balance_type: varchar("balance_type", { length: 10 }).notNull().$type(),
+    ledger_id: uuid("ledger_id").notNull(),
+    parent_id: uuid("parent_id"),
+    name: varchar("name", { length: 64 }).notNull(),
+    meta: jsonb("meta").$type(),
+    active: boolean("active").default(true).notNull(),
+    ...timestamps,
+});
+export const ledgers = pgTable("ledgers", {
+    id: uuid("id").primaryKey(),
+    ref_id: varchar("ref_id", { length: 64 }).notNull().unique(),
+    alt_id: varchar("alt_id", { length: 64 }).unique(),
+    name: varchar("name", { length: 64 }).notNull(),
+    description: varchar("description", { length: 255 }),
+    active: boolean("active").default(true).notNull(),
+    ...timestamps,
+});
+/**
+ * 2. Relations
+ * These are for Drizzle query building features and have no direct effect on the database schema.
+ */
+export const apiTokenRelations = relations(api_tokens, ({ one }) => ({
+    user: one(users, {
+        fields: [api_tokens.user_id],
+        references: [users.id],
+    }),
+}));
+export const permissionRelations = relations(permissions, ({ many }) => ({
+    permissionAssignments: many(permission_assignments),
+    roles: many(roles),
+    users: many(users),
+}));
+export const permissionAssignmentRelations = relations(permission_assignments, ({ one }) => ({
+    permission: one(permissions, {
+        fields: [permission_assignments.permission_id],
+        references: [permissions.id],
+    }),
+    user: one(users, {
+        fields: [permission_assignments.user_id],
+        references: [users.id],
+    }),
+    role: one(roles, {
+        fields: [permission_assignments.role_id],
+        references: [roles.id],
+    }),
+}));
+export const roleRelations = relations(roles, ({ many }) => ({
+    users: many(user_roles),
+    permissions: many(permission_assignments),
+}));
+export const systemPermissionRelations = relations(system_permissions, ({ one }) => ({
+    user: one(users, {
+        fields: [system_permissions.user_id],
+        references: [users.id],
+    }),
+}));
+export const userRelations = relations(users, ({ many }) => ({
+    roles: many(user_roles),
+    apiTokens: many(api_tokens),
+    permissions: many(permission_assignments),
+    system_permissions: many(system_permissions),
+}));
+export const userRoleRelations = relations(user_roles, ({ one }) => ({
+    user: one(users, {
+        fields: [user_roles.user_id],
+        references: [users.id],
+    }),
+    role: one(roles, {
+        fields: [user_roles.role_id],
+        references: [roles.id],
+    }),
+}));

package/dist/transactions.d.ts

@@ -3,11 +3,31 @@ export declare enum TransactionModelStatus {
     INACTIVE = 1,
     FROZEN = 2
 }
+export type Transaction<T = Record<string, any>> = {
+    id: string;
+    model_ref_id: string;
+    created_at: Date;
+    updated_at: Date;
+    data: T;
+};
+export type TransactionPipe<T> = (transaction: Transaction<T>) => Promise<Transaction<T> | void>;
+export type TransactionListener<T> = (transaction: Readonly<Transaction<T>>) => Promise<void>;
+export type TransactionModel<T = Record<string, any>> = {
+    ref_id: string;
+    alt_id?: string;
+    name: string;
+    status: TransactionModelStatus;
+    hooks?: {
+        creating?: TransactionPipe<T>[];
+        updating?: TransactionPipe<T>[];
+        created?: TransactionListener<T>[];
+        updated?: TransactionListener<T>[];
+    };
+};
 export type TransactionModelOptions = {
     ref_id: string;
     alt_id?: string;
     name: string;
     status?: TransactionModelStatus;
 };
-export type TransactionModel = TransactionModelOptions;
-export declare function defineTransactionModel(options: TransactionModelOptions): TransactionModelOptions;
+export declare function defineTransactionModel(options: TransactionModelOptions): TransactionModel;

package/dist/transactions.js

@@ -5,5 +5,9 @@ export var TransactionModelStatus;
     TransactionModelStatus[TransactionModelStatus["FROZEN"] = 2] = "FROZEN";
 })(TransactionModelStatus || (TransactionModelStatus = {}));
 export function defineTransactionModel(options) {
-    return options;
+    const transactionModel = {
+        ...options,
+        status: options.status ?? TransactionModelStatus.ACTIVE,
+    };
+    return transactionModel;
 }

package/dist/ui.d.ts

@@ -1,7 +1,8 @@
 export type StaticUIOptions = {
-    path: string;
-    htmlContent: string;
     assetsPath: string;
+    basePath: string;
+    htmlContent: string;
+    serverPath: string;
 };
 export type StaticUIConfig = StaticUIOptions;
 export declare function defineStaticUI(options: StaticUIOptions): StaticUIConfig;

package/dist/users.d.ts

@@ -0,0 +1,16 @@
+import type { AppUser, User, AuthConfigOptions } from "./auth.js";
+import { type KitledgerDb } from "./db.js";
+export declare function getSessionUserId(db: KitledgerDb, sessionId: string): Promise<string | null>;
+export declare function getTokenUserId(db: KitledgerDb, tokenId: string): Promise<string | null>;
+export declare function validateUserCredentials(db: KitledgerDb, email: string, password: string): Promise<{
+    id: string;
+    first_name: string;
+    last_name: string;
+    email: string;
+} | null>;
+export declare function getAuthUser(db: KitledgerDb, userId: string): Promise<AppUser | null>;
+export type NewSuperUser = Pick<User, "id" | "first_name" | "last_name" | "email"> & {
+    password: string;
+    api_token: string;
+};
+export declare function createSuperUser(db: KitledgerDb, authConfig: AuthConfigOptions, firstName: string, lastName: string, email: string, overrideExisting?: boolean): Promise<NewSuperUser | null>;

package/dist/users.js

@@ -0,0 +1,198 @@
+import { and, eq, gt, isNull, isNotNull } from "drizzle-orm";
+import { randomBytes } from "node:crypto";
+import { v7 } from "uuid";
+import { SYSTEM_ADMIN_PERMISSION } from "./auth.js";
+import { createToken } from "./auth.js";
+import { verifyPassword, hashPassword } from "./crypto.js";
+import { signToken, assembleApiTokenJwtPayload } from "./jwt.js";
+import { api_tokens, sessions, users, system_permissions } from "./schema.js";
+export async function getSessionUserId(db, sessionId) {
+    const session = await db.query.sessions.findFirst({
+        where: and(eq(sessions.id, sessionId), gt(sessions.expires_at, new Date())),
+        columns: {
+            user_id: true,
+        },
+    });
+    return session ? session.user_id : null;
+}
+export async function getTokenUserId(db, tokenId) {
+    const token = await db.query.api_tokens.findFirst({
+        where: and(eq(api_tokens.id, tokenId), isNull(api_tokens.revoked_at)),
+        columns: {
+            user_id: true,
+        },
+    });
+    if (token) {
+        return token.user_id;
+    }
+    else {
+        return null;
+    }
+}
+export async function validateUserCredentials(db, email, password) {
+    const user = await db.query.users.findFirst({
+        where: eq(users.email, email),
+        columns: {
+            id: true,
+            first_name: true,
+            last_name: true,
+            email: true,
+            password_hash: true,
+        },
+    });
+    if (!user || !user.password_hash) {
+        return null;
+    }
+    const validPassword = await verifyPassword(user.password_hash, password);
+    if (validPassword) {
+        return {
+            id: user.id,
+            first_name: user.first_name,
+            last_name: user.last_name,
+            email: user.email,
+        };
+    }
+    else {
+        return null;
+    }
+}
+export async function getAuthUser(db, userId) {
+    // 1. Fetch the user and all related data in one go.
+    // This requires the `userRelations` to be correctly defined (see below).
+    const userProfile = await db.query.users.findFirst({
+        where: eq(users.id, userId),
+        columns: {
+            password_hash: false, // Exclude the password hash
+        },
+        with: {
+            // Fetch system permissions (requires relation)
+            system_permissions: true,
+            // Fetch direct permission assignments
+            permissions: {
+                with: {
+                    permission: true, // Include the actual permission details
+                },
+            },
+            // Fetch user_roles
+            roles: {
+                with: {
+                    // For each user_role, fetch the role
+                    role: {
+                        with: {
+                            // For each role, fetch its permission assignments
+                            permissions: {
+                                with: {
+                                    permission: true, // Include the permission details
+                                },
+                            },
+                        },
+                    },
+                },
+            },
+        },
+    });
+    if (!userProfile) {
+        return null;
+    }
+    // 2. Process the nested data to match the AppUser type
+    // Get the final list of Role objects
+    const userRoles = userProfile.roles.map((userRole) => userRole.role);
+    // Use a Map to deduplicate permissions
+    const permissionMap = new Map();
+    // Add permissions from roles
+    for (const userRole of userProfile.roles) {
+        for (const permAssignment of userRole.role.permissions) {
+            if (permAssignment.permission) {
+                permissionMap.set(permAssignment.permission.id, permAssignment.permission);
+            }
+        }
+    }
+    // Add/overwrite with direct permissions
+    for (const permAssignment of userProfile.permissions) {
+        if (permAssignment.permission) {
+            permissionMap.set(permAssignment.permission.id, permAssignment.permission);
+        }
+    }
+    // Convert the map back to an array
+    const allPermissions = Array.from(permissionMap.values());
+    // 3. Construct the final AppUser object
+    const appUser = {
+        ...userProfile,
+        roles: userRoles,
+        permissions: allPermissions,
+        system_permissions: userProfile.system_permissions,
+    };
+    return appUser;
+}
+export async function createSuperUser(db, authConfig, firstName, lastName, email, overrideExisting = false) {
+    const newSuperUser = await db.transaction(async (tx) => {
+        // Check if a super user exists, regardless of email.
+        const existingAdmin = await tx
+            .select()
+            .from(system_permissions)
+            .where(and(isNotNull(system_permissions.user_id), eq(system_permissions.permission, SYSTEM_ADMIN_PERMISSION)))
+            .limit(1);
+        if (existingAdmin.length > 0 && !overrideExisting) {
+            console.error("A super user already exists. Aborting creation.");
+            return null;
+        }
+        try {
+            /**
+             * generate a random password.
+             */
+            const password = randomBytes(20).toString("hex");
+            let passwordHash = null;
+            try {
+                passwordHash = await hashPassword(password);
+            }
+            catch (error) {
+                console.error("Error hashing password:", error);
+                passwordHash = null;
+            }
+            if (!passwordHash) {
+                throw new Error("Failed to hash password");
+            }
+            const userId = v7();
+            const newUser = await tx
+                .insert(users)
+                .values({
+                id: userId,
+                first_name: firstName,
+                last_name: lastName,
+                email: email,
+                password_hash: passwordHash,
+                created_at: new Date(),
+            })
+                .returning();
+            await tx.insert(system_permissions).values({
+                id: v7(),
+                user_id: newUser[0].id,
+                permission: SYSTEM_ADMIN_PERMISSION,
+            });
+            return {
+                id: newUser[0].id,
+                first_name: firstName,
+                last_name: lastName,
+                email: email,
+                password: password,
+                api_token: "",
+            };
+        }
+        catch (error) {
+            console.error("Error creating super user:", error);
+            tx.rollback();
+            return null;
+        }
+    });
+    // Create API token for the new super user, using the encapsulated function.
+    if (!newSuperUser) {
+        return null;
+    }
+    const tokenName = `${firstName} ${lastName} Super User Token`.slice(0, 64);
+    const apiToken = await createToken(db, newSuperUser.id, tokenName);
+    if (!apiToken) {
+        console.error("Failed to create API token for super user");
+    }
+    newSuperUser.api_token = await signToken(authConfig, assembleApiTokenJwtPayload(apiToken));
+    return newSuperUser;
+}

package/dist/validation.d.ts

@@ -0,0 +1,22 @@
+import { type BaseIssue } from "valibot";
+export type ValidationError = {
+    type: "structure" | "data";
+    path: string | null;
+    message: string;
+};
+export declare function parseValibotIssues<T>(issues: BaseIssue<T>[]): ValidationError[];
+export type ValidationSuccess<T> = {
+    success: true;
+    data: T;
+};
+export type ValidationResult<T> = {
+    success: boolean;
+    data?: T;
+    errors?: ValidationError[];
+};
+export type ValidationFailure<T> = {
+    success: false;
+    data?: T;
+    errors?: ValidationError[];
+};
+export declare function isValidationFailure<T extends object, U>(result: T | ValidationResult<U>): result is ValidationResult<U>;

package/dist/validation.js

@@ -0,0 +1,10 @@
+export function parseValibotIssues(issues) {
+    return issues.map((issue) => ({
+        type: "structure",
+        path: issue.path ? issue.path.map((p) => p.key).join(".") : "",
+        message: issue.message,
+    }));
+}
+export function isValidationFailure(result) {
+    return "errors" in result;
+}

package/package.json

@@ -1,15 +1,9 @@
 {
   "name": "@kitledger/core",
+  "version": "0.0.3",
+  "private": false,
   "license": "Apache-2.0",
-  "version": "0.0.1",
   "type": "module",
-  "files": [
-    "dist"
-  ],
-  "private": false,
-  "publishConfig": {
-    "access": "public"
-  },
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -28,9 +22,29 @@
       "default": "./dist/ui.js"
     }
   },
+  "files": [
+    "dist"
+  ],
+  "dependencies": {
+    "@node-rs/argon2": "^2.0.2",
+    "drizzle-orm": "^0.45.1",
+    "jose": "^6.1.3",
+    "knex": "^3.1.0",
+    "pg": "^8.16.3",
+    "postgres": "^3.4.7",
+    "uuid": "^13.0.0",
+    "@kitledger/query": "0.0.15"
+  },
+  "devDependencies": {
+    "@faker-js/faker": "^10.1.0",
+    "drizzle-kit": "^0.31.8"
+  },
   "peerDependencies": {
     "valibot": "^1.1.0"
   },
+  "publishConfig": {
+    "access": "public"
+  },
   "scripts": {
     "build": "tsc",
     "typecheck": "tsc --noEmit"