@kyro-cms/core 0.1.0 → 0.1.2

package/dist/index.d.ts

@@ -5,18 +5,24 @@ import * as hono from 'hono';
 import * as hono_types from 'hono/types';
 import { R as Registry } from './index-4fJKLFK2.js';
 export { c as createRegistry, g as getRegistry, r as resetRegistry } from './index-4fJKLFK2.js';
-import { B as BaseAdapter, K as KyroConfig, f as User, g as Request, C as CollectionConfig, G as GlobalConfig, F as Field, a as FindArgs, b as FindResult, c as FindByIDArgs, d as CreateArgs, U as UpdateArgs, D as DeleteArgs, H as Hook } from './types-BGM5MV_K.js';
+import { B as BaseAdapter, K as KyroConfig, f as User, g as Request$1, C as CollectionConfig, G as GlobalConfig, F as Field, a as FindArgs, b as FindResult, c as FindByIDArgs, d as CreateArgs, U as UpdateArgs, D as DeleteArgs, H as Hook } from './types-BGM5MV_K.js';
 export { A as ALL_FIELD_TYPES, h as AccessArgs, i as AccessControl, j as AdapterConfig, k as AdminConfig, l as ArrayField, m as AuthConfig, n as BaseField, o as Block, p as BlocksField, q as COMPLEX_FIELD_TYPES, r as CheckboxField, s as CodeField, t as CollapsibleField, u as CollectionAccess, v as CollectionHooks, w as ColorField, x as CreateResult, y as DateField, E as EmailField, z as FieldAccess, I as FieldAdmin, J as FieldHooks, L as FieldType, M as GlobalAccess, N as GlobalHooks, O as GroupField, Q as HookArgs, S as ImageSize, T as JSONField, V as LAYOUT_FIELD_TYPES, W as MarkdownField, X as NumberField, Y as PRIMITIVE_FIELD_TYPES, Z as PasswordField, P as PluginConfig, _ as RELATIONAL_FIELD_TYPES, $ as RadioField, R as RelationshipField, a0 as RichTextBlock, a1 as RichTextField, a2 as RowField, a3 as SelectField, a4 as TabsField, a5 as TextField, a6 as TextareaField, a7 as UploadConfig, e as UploadField, a8 as ValidateOptions, a9 as VersionConfig, aa as WhereClause, ab as evaluateAccess, ac as getWhereClause, ad as isArrayField, ae as isBlocksField, af as isGroupField, ag as isLayoutField, ah as isNumberField, ai as isRelationshipField, aj as isRichTextField, ak as isSelectField, al as isTextField, am as isUploadField, an as mergeWhereClauses, ao as runFieldHooks, ap as runHooks } from './types-BGM5MV_K.js';
 import { KyroPubSub, KyroWSServer } from './ws/index.js';
 export { PubSub, createWSServer } from './ws/index.js';
 import { ZodTypeAny } from 'zod';
 export { z } from 'zod';
 import { A as AbstractBaseAdapter } from './base-CQkFzqQl.js';
-export { DrizzleAdapter, collectionToDrizzleSchema, createDrizzleAdapter, fieldToDrizzleType } from './drizzle/index.js';
+import { A as AuthAdapter, U as UserRole, a as AuthUser, S as Session, b as AuthTokenConfig, R as RegisterData, c as AuthResult, L as LoginCredentials, J as JWTPayload } from './index-BVFlb7uU.js';
+export { D as DrizzleAdapter, P as PostgresAuthAdapter, d as collectionToDrizzleSchema, e as createDatabase, f as createDrizzleAdapter, g as fieldToDrizzleType, r as runMigrations, s as seedDefaultRoles } from './index-BVFlb7uU.js';
 export { MongoDBAdapter, createMongoDBAdapter } from './mongodb/index.js';
 export { buildGraphQLSchema, createGraphQLSchema } from './graphql/index.js';
 export { createHonoApp, createRESTAPI } from './rest/index.js';
+export { TemplateConfig, allSettingsGlobals, blogCollections, blogGlobals, coreSettingsGlobals, createTemplateConfig, ecommerceCollections, ecommerceGlobals, ecommerceSettingsGlobals, kitchenSinkCollections, mediaCollections, minimalCollections } from './templates/index.js';
+import Redis from 'ioredis';
+import { SentMessageInfo } from 'nodemailer';
 import 'ws';
+import 'drizzle-orm/postgres-js';
+import 'postgres';
 
 declare class Kyro {
     registry: Registry;
@@ -28,17 +34,17 @@ declare class Kyro {
     init(): Promise<void>;
     getREST(options?: {
         user?: User;
-        req?: Request;
+        req?: Request$1;
         tenantID?: string;
     }): hono.Hono<hono_types.BlankEnv, hono_types.BlankSchema, "/">;
     getGraphQL(options?: {
         user?: User;
-        req?: Request;
+        req?: Request$1;
         tenantID?: string;
     }): graphql.GraphQLSchema;
     getTRPC(options?: {
         user?: User;
-        req?: Request;
+        req?: Request$1;
         tenantID?: string;
     }): KyroRouter;
     startWebSocket(options?: {
@@ -95,6 +101,7 @@ type AdapterOptions = DrizzleAdapterOptions | MongoDBAdapterOptions;
 
 declare class LocalAdapter extends AbstractBaseAdapter {
     private db;
+    private path?;
     private migrations;
     constructor(options: {
         db?: any;
@@ -332,77 +339,368 @@ interface FieldStyling {
 }
 declare const defaultFieldStyling: Record<string, FieldStyling>;
 
-interface AuthUser {
-    id: string;
-    email: string;
-    passwordHash?: string;
-    role: UserRole;
-    tenant?: string;
-    createdAt: Date;
-    updatedAt: Date;
-}
-type UserRole = 'admin' | 'editor' | 'author' | 'customer' | 'vendor';
-interface Session {
-    id: string;
-    userId: string;
-    token: string;
-    expiresAt: Date;
-    createdAt: Date;
-    ipAddress?: string;
-    userAgent?: string;
-}
-interface JWTPayload {
-    sub: string;
-    email: string;
-    role: UserRole;
-    tenant?: string;
-    iat: number;
-    exp: number;
-}
-interface AuthTokenConfig {
-    secret: string;
-    expiresIn?: string | number;
-    refreshExpiresIn?: string | number;
-    issuer?: string;
-    audience?: string[];
-    saltRounds?: number;
-}
-interface LoginCredentials {
-    email: string;
-    password: string;
-}
-interface RegisterData {
-    email: string;
-    password: string;
-    role?: UserRole;
-    tenant?: string;
-}
-interface AuthResult {
-    success: boolean;
-    user?: AuthUser;
-    session?: Session;
-    token?: string;
-    error?: string;
-}
-interface AuthAdapter {
+interface RedisAuthAdapterOptions {
+    url?: string;
+    host?: string;
+    port?: number;
+    password?: string;
+    db?: number;
+    keyPrefix?: string;
+    tokenExpiration?: number;
+    refreshTokenExpiration?: number;
+    tls?: boolean;
+}
+declare class RedisAuthAdapter implements AuthAdapter {
+    private redis;
+    private prefix;
+    private tokenExpiration;
+    private refreshExpiration;
+    constructor(options?: RedisAuthAdapterOptions);
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    private userKey;
+    private sessionKey;
+    private refreshKey;
+    private userByEmailKey;
+    private passwordHistoryKey;
     createUser(data: {
         email: string;
         passwordHash: string;
-        role: UserRole;
-        tenant?: string;
+        role?: UserRole;
+        tenantId?: string;
     }): Promise<AuthUser>;
     findUserByEmail(email: string): Promise<AuthUser | null>;
-    findUserById(id: string): Promise<AuthUser | null>;
-    updateUser(id: string, data: Partial<AuthUser>): Promise<AuthUser>;
-    deleteUser(id: string): Promise<void>;
-    verifyPassword(password: string, hash: string): Promise<boolean>;
+    findUserById(userId: string): Promise<AuthUser | null>;
+    updateUser(userId: string, data: Partial<AuthUser>): Promise<AuthUser | null>;
+    deleteUser(userId: string): Promise<boolean>;
     hashPassword(password: string): Promise<string>;
-    createSession(userId: string, token: string, expiresAt: Date): Promise<Session>;
+    verifyPassword(password: string, hash: string): Promise<boolean>;
+    createSession(userId: string, data?: {
+        ipAddress?: string;
+        userAgent?: string;
+    }): Promise<Session>;
     findSessionByToken(token: string): Promise<Session | null>;
-    deleteSession(token: string): Promise<void>;
-    deleteUserSessions(userId: string): Promise<void>;
+    deleteSession(sessionId: string): Promise<boolean>;
+    deleteUserSessions(userId: string): Promise<number>;
+    addPasswordToHistory(userId: string, passwordHash: string): Promise<void>;
+    getPasswordHistory(userId: string, count?: number): Promise<string[]>;
+    isPasswordInHistory(password: string, userId: string, historyCount?: number): Promise<boolean>;
+    private userToHash;
+    private hashToUser;
+    private sessionToHash;
+    private hashToSession;
+}
+
+interface EmailConfig {
+    host: string;
+    port: number;
+    secure: boolean;
+    auth: {
+        user: string;
+        pass: string;
+    };
+    from: string;
+    fromName?: string;
+}
+interface EmailOptions {
+    to: string | string[];
+    subject: string;
+    html: string;
+    text?: string;
+}
+interface EmailTemplates {
+    verifyEmail: (link: string, userName?: string) => {
+        subject: string;
+        html: string;
+        text: string;
+    };
+    resetPassword: (link: string, userName?: string) => {
+        subject: string;
+        html: string;
+        text: string;
+    };
+    welcome: (userName?: string) => {
+        subject: string;
+        html: string;
+        text: string;
+    };
+    accountLocked: (attempts: number, duration: number, userName?: string) => {
+        subject: string;
+        html: string;
+        text: string;
+    };
+    passwordChanged: (userName?: string) => {
+        subject: string;
+        html: string;
+        text: string;
+    };
+    newLogin: (location: string, time: string, userName?: string) => {
+        subject: string;
+        html: string;
+        text: string;
+    };
+}
+declare class EmailTransport {
+    private transporter;
+    private from;
+    private fromName;
+    private templates;
+    constructor(config: EmailConfig, templates?: Partial<EmailTemplates>);
+    send(options: EmailOptions): Promise<SentMessageInfo>;
+    getTemplates(): EmailTemplates;
+    verifyConnection(): Promise<boolean>;
+    static fromEnv(): EmailTransport | null;
 }
 
+interface BootstrapConfig {
+    redisUrl?: string;
+    redisHost?: string;
+    redisPort?: number;
+    redisPassword?: string;
+    authAdapter?: AuthAdapter;
+    adminEmail: string;
+    adminPassword: string;
+    adminRole?: string;
+    tenantId?: string;
+    emailConfig?: {
+        host: string;
+        port: number;
+        secure: boolean;
+        auth: {
+            user: string;
+            pass: string;
+        };
+        from: string;
+        fromName?: string;
+    };
+    sendWelcomeEmail?: boolean;
+}
+interface BootstrapResult {
+    success: boolean;
+    user?: AuthUser;
+    error?: string;
+}
+declare function bootstrapAdmin(config: BootstrapConfig): Promise<BootstrapResult>;
+declare function getBootstrapFromEnv(): BootstrapConfig | null;
+declare function autoBootstrap(): Promise<BootstrapResult | null>;
+
+interface PasswordPolicyConfig {
+    minLength: number;
+    requireUppercase: boolean;
+    requireLowercase: boolean;
+    requireNumbers: boolean;
+    requireSpecialChars: boolean;
+    preventReuse: number;
+    maxLength?: number;
+}
+interface ValidationResult {
+    valid: boolean;
+    errors: string[];
+}
+declare class PasswordPolicy {
+    private config;
+    constructor(config?: Partial<PasswordPolicyConfig>);
+    validate(password: string): ValidationResult;
+    checkReuse(passwordHash: string, history: string[], verifyFn: (password: string, hash: string) => Promise<boolean>): Promise<ValidationResult>;
+    isInHistory(password: string, history: string[], verifyFn: (password: string, hash: string) => Promise<boolean>): Promise<boolean>;
+    generatePassword(length?: number): string;
+    getStrength(password: string): {
+        score: number;
+        label: string;
+        feedback: string[];
+    };
+    setConfig(config: Partial<PasswordPolicyConfig>): void;
+    getConfig(): PasswordPolicyConfig;
+}
+
+interface LockoutConfig {
+    maxAttempts: number;
+    lockDuration: number;
+    notifyUser: boolean;
+    notifyAdmin: boolean;
+    adminNotifyAfter: number;
+}
+interface LockoutStatus {
+    locked: boolean;
+    attemptsRemaining: number;
+    lockedUntil?: Date;
+    totalAttempts: number;
+}
+declare class AccountLockout {
+    private redis;
+    private prefix;
+    private config;
+    constructor(redis: Redis, config?: Partial<LockoutConfig>, prefix?: string);
+    private lockKey;
+    private historyKey;
+    checkLockout(userId: string): Promise<LockoutStatus>;
+    recordFailedAttempt(userId: string): Promise<LockoutStatus>;
+    lockAccount(userId: string, duration?: number): Promise<void>;
+    unlockAccount(userId: string): Promise<void>;
+    resetAttempts(userId: string): Promise<void>;
+    getLockoutHistory(userId: string, limit?: number): Promise<Date[]>;
+    getLockoutStats(userId: string): Promise<{
+        totalFailedAttempts: number;
+        lockoutCount: number;
+        lastLockout: Date | null;
+        averageAttemptsBeforeLockout: number;
+    }>;
+    shouldNotifyAdmin(currentAttempts: number): boolean;
+    getConfig(): LockoutConfig;
+    setConfig(config: Partial<LockoutConfig>): void;
+}
+
+interface RateLimitConfig {
+    window: number;
+    max: number;
+}
+interface RateLimitResult {
+    allowed: boolean;
+    remaining: number;
+    resetAt: number;
+    retryAfter?: number;
+}
+declare class RateLimiter {
+    private redis;
+    private prefix;
+    private limits;
+    private userLimits;
+    constructor(redis: Redis, limits?: Record<string, RateLimitConfig>, userLimits?: Record<string, RateLimitConfig>, prefix?: string);
+    private getKey;
+    check(type: string, identifier: string): Promise<RateLimitResult>;
+    checkUser(type: string, userId: string, identifier: string): Promise<RateLimitResult>;
+    reset(type: string, identifier: string): Promise<void>;
+    resetUser(type: string, userId: string, identifier: string): Promise<void>;
+    getStatus(type: string, identifier: string): Promise<{
+        count: number;
+        limit: number;
+        remaining: number;
+        resetAt: number;
+    }>;
+    setLimit(type: string, config: RateLimitConfig): void;
+    setUserLimit(type: string, config: RateLimitConfig): void;
+}
+
+type AuditAction = "login" | "logout" | "login_failed" | "register" | "verify_email" | "password_change" | "password_reset" | "password_reset_request" | "role_change" | "permission_change" | "document_create" | "document_update" | "document_delete" | "settings_change" | "user_lockout" | "user_unlock" | "user_create" | "user_update" | "user_delete" | "api_request" | "api_key_create" | "api_key_delete" | "tenant_create" | "tenant_delete";
+interface AuditLog {
+    id: string;
+    timestamp: Date;
+    action: AuditAction;
+    userId?: string;
+    userEmail?: string;
+    role?: string;
+    resource: string;
+    resourceId?: string;
+    changes?: {
+        field: string;
+        old: any;
+        new: any;
+    }[];
+    ipAddress?: string;
+    userAgent?: string;
+    success: boolean;
+    error?: string;
+    metadata?: Record<string, any>;
+}
+interface AuditLogFilter {
+    userId?: string;
+    action?: AuditAction | AuditAction[];
+    resource?: string;
+    resourceId?: string;
+    success?: boolean;
+    startDate?: Date;
+    endDate?: Date;
+    limit?: number;
+    offset?: number;
+}
+declare class AuditLogger {
+    private redis;
+    private prefix;
+    private retentionDays;
+    constructor(redis: Redis, retentionDays?: number, prefix?: string);
+    log(data: Omit<AuditLog, "id" | "timestamp">): Promise<string>;
+    get(id: string): Promise<AuditLog | null>;
+    query(filter?: AuditLogFilter): Promise<{
+        logs: AuditLog[];
+        total: number;
+    }>;
+    getRecent(limit?: number): Promise<AuditLog[]>;
+    getUserActivity(userId: string, limit?: number): Promise<AuditLog[]>;
+    getStats(startDate?: Date, endDate?: Date): Promise<{
+        totalEvents: number;
+        byAction: Record<string, number>;
+        successRate: number;
+        failedLogins: number;
+        uniqueUsers: Set<string>;
+    }>;
+    cleanup(): Promise<number>;
+    private getKeyForDate;
+    private getKeysForDateRange;
+    private matchesFilter;
+    private serializeLog;
+    private deserializeLog;
+}
+declare function createAuditContext(req: Request): {
+    ipAddress: string;
+    userAgent: string;
+};
+
+interface AuthRoutesConfig {
+    redis: RedisAuthAdapter;
+    email?: EmailTransport;
+    jwtSecret: string;
+    jwtExpiresIn?: string;
+    jwtIssuer?: string;
+    jwtAudience?: string;
+    passwordPolicy?: PasswordPolicy;
+    lockout?: AccountLockout;
+    rateLimiter?: RateLimiter;
+    auditLogger?: AuditLogger;
+    baseUrl?: string;
+    emailVerificationRequired?: boolean;
+}
+declare class AuthRoutes {
+    private redis;
+    private email?;
+    private jwtSecret;
+    private jwtExpiresIn;
+    private jwtIssuer?;
+    private jwtAudience?;
+    private passwordPolicy;
+    private lockout?;
+    private rateLimiter?;
+    private auditLogger?;
+    private baseUrl;
+    private emailVerificationRequired;
+    constructor(config: AuthRoutesConfig);
+    register(req: Request): Promise<Response>;
+    login(req: Request): Promise<Response>;
+    logout(req: Request): Promise<Response>;
+    refresh(req: Request): Promise<Response>;
+    me(req: Request): Promise<Response>;
+    changePassword(req: Request): Promise<Response>;
+    forgotPassword(req: Request): Promise<Response>;
+    verifyEmail(req: Request): Promise<Response>;
+    private recordFailedLogin;
+    private sanitizeUser;
+    private jsonResponse;
+    private errorResponse;
+    private rateLimitResponse;
+}
+
+interface KyroAuthConfig {
+    redis: RedisAuthAdapter;
+    redisClient: Redis;
+    email?: EmailTransport;
+    passwordPolicy: PasswordPolicy;
+    lockout?: AccountLockout;
+    rateLimiter?: RateLimiter;
+    auditLogger?: AuditLogger;
+    routes: AuthRoutes;
+}
+declare function createAuthConfig(): Promise<KyroAuthConfig>;
+declare const authConfig: Promise<KyroAuthConfig>;
+
 declare class Auth {
     private adapter;
     private config;
@@ -522,4 +820,20 @@ declare function isPublished(status: VersionStatus): boolean;
 declare function isDraft(status: VersionStatus): boolean;
 declare function isArchived(status: VersionStatus): boolean;
 
-export { AbstractBaseAdapter, type AdapterOptions, type AdminStylingConfig, AnalyticsPlugin, Auth, type AuthAdapter, type AuthResult, type Session as AuthSession, type AuthTokenConfig, type AuthUser, BaseAdapter, CSSGenerator, CollectionConfig, CommentsPlugin, type CompareVersionsOptions, ConfigValidationError, CreateArgs, type CreateVersionOptions, type DatabaseConnectionOptions, type DatabaseType, DeleteArgs, type DraftPublishConfig, type DrizzleAdapterOptions, Field, type FieldStyling, FindArgs, FindByIDArgs, FindResult, GlobalConfig, Hook, type JWTPayload, Kyro, KyroConfig, KyroPlugin, KyroPubSub, KyroWSServer, LocalAdapter, type LoginCredentials, type MongoDBAdapterOptions, type PluginAPI, type PluginHooks, PluginManager, type PublishVersionOptions, type RegisterData, Registry, Request, ReviewsPlugin, SEOPLugin, type StylingConfig, type StylingMode, type ThemeBorderRadius, type ThemeColors, type ThemeConfig, type ThemeFonts, type ThemeShadows, type ThemeSpacing, UpdateArgs, User, type UserRole, type Version, type VersionAdapter, type VersionDiff, type VersionHistoryOptions, VersionManager, type VersionPublishSchedule, type VersionStatus, WishlistPlugin, collectionToCreateZod, collectionToUpdateZod, collectionToWhereZod, collectionToZod, createAdminStyling, createAuth, createKyro, createLocalAdapter, createVersionManager, defaultDarkTheme, defaultFieldStyling, defaultLightTheme, ecommerce2026Theme, fieldToZod, generateCSSVariables, generateTailwindConfig, getDefaultDraftPublishConfig, globalToZod, isArchived, isDraft, isPublished, presetPlugins, validateCollection, validateConfig, validateFields, validateGlobal };
+declare function defineConfig(config: {
+    collections?: CollectionConfig[] | Record<string, CollectionConfig>;
+    globals?: GlobalConfig[] | Record<string, GlobalConfig>;
+    adapter: KyroConfig["adapter"];
+    plugins?: KyroConfig["plugins"];
+    auth?: KyroConfig["auth"];
+    cors?: KyroConfig["cors"];
+    admin?: KyroConfig["admin"];
+    upload?: KyroConfig["upload"];
+    graphQL?: KyroConfig["graphQL"];
+    typescript?: KyroConfig["typescript"];
+    localization?: KyroConfig["localization"];
+    rateLimit?: KyroConfig["rateLimit"];
+    debug?: KyroConfig["debug"];
+}): KyroConfig;
+
+export { AbstractBaseAdapter, AccountLockout, type AdapterOptions, type AdminStylingConfig, AnalyticsPlugin, type AuditAction, type AuditLog, type AuditLogFilter, AuditLogger, Auth, AuthAdapter, AuthResult, Session as AuthSession, AuthTokenConfig, AuthUser, BaseAdapter, CSSGenerator, CollectionConfig, CommentsPlugin, type CompareVersionsOptions, ConfigValidationError, CreateArgs, type CreateVersionOptions, type DatabaseConnectionOptions, type DatabaseType, DeleteArgs, type DraftPublishConfig, type DrizzleAdapterOptions, EmailTransport, Field, type FieldStyling, FindArgs, FindByIDArgs, FindResult, GlobalConfig, Hook, JWTPayload, Kyro, type KyroAuthConfig, KyroConfig, KyroPlugin, KyroPubSub, KyroWSServer, LocalAdapter, LoginCredentials, type MongoDBAdapterOptions, PasswordPolicy, type PluginAPI, type PluginHooks, PluginManager, type PublishVersionOptions, RateLimiter, RedisAuthAdapter, RegisterData, Registry, Request$1 as Request, ReviewsPlugin, SEOPLugin, type StylingConfig, type StylingMode, type ThemeBorderRadius, type ThemeColors, type ThemeConfig, type ThemeFonts, type ThemeShadows, type ThemeSpacing, UpdateArgs, User, UserRole, type Version, type VersionAdapter, type VersionDiff, type VersionHistoryOptions, VersionManager, type VersionPublishSchedule, type VersionStatus, WishlistPlugin, authConfig, autoBootstrap, bootstrapAdmin, collectionToCreateZod, collectionToUpdateZod, collectionToWhereZod, collectionToZod, createAdminStyling, createAuditContext, createAuth, createAuthConfig, createKyro, createLocalAdapter, createVersionManager, defaultDarkTheme, defaultFieldStyling, defaultLightTheme, defineConfig, ecommerce2026Theme, fieldToZod, generateCSSVariables, generateTailwindConfig, getBootstrapFromEnv, getDefaultDraftPublishConfig, globalToZod, isArchived, isDraft, isPublished, presetPlugins, validateCollection, validateConfig, validateFields, validateGlobal };