@kyro-cms/core 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap-BDTTUGY2.js +4 -0
- package/dist/{bootstrap-Q2TWUQF3.js.map → bootstrap-BDTTUGY2.js.map} +1 -1
- package/dist/bootstrap-X6TP3NKX.cjs +29 -0
- package/dist/{bootstrap-2WJK6PG7.cjs.map → bootstrap-X6TP3NKX.cjs.map} +1 -1
- package/dist/chunk-5BLDMQED.cjs +18 -0
- package/dist/{chunk-Q7SFCCGT.cjs.map → chunk-5BLDMQED.cjs.map} +1 -1
- package/dist/{chunk-U4CHJTWX.cjs → chunk-7G6EVYCU.cjs} +5 -5
- package/dist/{chunk-U4CHJTWX.cjs.map → chunk-7G6EVYCU.cjs.map} +1 -1
- package/dist/chunk-A3RQWHKD.cjs +263 -0
- package/dist/chunk-A3RQWHKD.cjs.map +1 -0
- package/dist/{chunk-V67YXRBT.js → chunk-C74MQIRL.js} +517 -203
- package/dist/chunk-C74MQIRL.js.map +1 -0
- package/dist/{chunk-XLMVCGXA.js → chunk-LRTZJJPD.js} +3 -3
- package/dist/{chunk-XLMVCGXA.js.map → chunk-LRTZJJPD.js.map} +1 -1
- package/dist/{chunk-I4BORBXT.cjs → chunk-MHS6CPO5.cjs} +517 -204
- package/dist/chunk-MHS6CPO5.cjs.map +1 -0
- package/dist/chunk-NSBPE2FW.js +15 -0
- package/dist/{chunk-PZ5AY32C.js.map → chunk-NSBPE2FW.js.map} +1 -1
- package/dist/{chunk-M4JFHQ5J.js → chunk-QUJ4OLSC.js} +3 -3
- package/dist/{chunk-M4JFHQ5J.js.map → chunk-QUJ4OLSC.js.map} +1 -1
- package/dist/{chunk-5AOILNGY.cjs → chunk-TZFJMPCH.cjs} +4 -4
- package/dist/{chunk-5AOILNGY.cjs.map → chunk-TZFJMPCH.cjs.map} +1 -1
- package/dist/chunk-VMSRTAH7.js +256 -0
- package/dist/chunk-VMSRTAH7.js.map +1 -0
- package/dist/{chunk-KA3UOIFC.js → chunk-XTZSUDSI.js} +3 -3
- package/dist/{chunk-KA3UOIFC.js.map → chunk-XTZSUDSI.js.map} +1 -1
- package/dist/{chunk-KWTKEBHM.cjs → chunk-YD7Y25W7.cjs} +19 -19
- package/dist/{chunk-KWTKEBHM.cjs.map → chunk-YD7Y25W7.cjs.map} +1 -1
- package/dist/cli/index.cjs +5 -5
- package/dist/cli/index.js +5 -5
- package/dist/database-7CJOXEZR.js +5 -0
- package/dist/{database-37KXWUER.js.map → database-7CJOXEZR.js.map} +1 -1
- package/dist/database-QOIV44GT.cjs +22 -0
- package/dist/{database-LJKD3HE4.cjs.map → database-QOIV44GT.cjs.map} +1 -1
- package/dist/drizzle/index.cjs +8 -8
- package/dist/drizzle/index.d.cts +1 -1
- package/dist/drizzle/index.d.ts +1 -1
- package/dist/drizzle/index.js +4 -4
- package/dist/graphql/index.cjs +1 -1
- package/dist/graphql/index.js +1 -1
- package/dist/{index-CzkEHKqu.d.cts → index-BMySjW6o.d.cts} +6 -0
- package/dist/{index-BVFlb7uU.d.ts → index-CMUNCIWQ.d.ts} +6 -0
- package/dist/index.cjs +727 -346
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +229 -62
- package/dist/index.d.ts +229 -62
- package/dist/index.js +706 -331
- package/dist/index.js.map +1 -1
- package/dist/mongodb/index.cjs +1 -1
- package/dist/mongodb/index.js +1 -1
- package/dist/postgres-auth-adapter-REJFUMP7.js +5 -0
- package/dist/{postgres-auth-adapter-LTDUGBMB.js.map → postgres-auth-adapter-REJFUMP7.js.map} +1 -1
- package/dist/postgres-auth-adapter-VK6GY7LX.cjs +14 -0
- package/dist/{postgres-auth-adapter-CYZAVPPP.cjs.map → postgres-auth-adapter-VK6GY7LX.cjs.map} +1 -1
- package/dist/redis-adapter-4YDY4LWE.js +4 -0
- package/dist/redis-adapter-4YDY4LWE.js.map +1 -0
- package/dist/redis-adapter-LBLNKGNS.cjs +13 -0
- package/dist/redis-adapter-LBLNKGNS.cjs.map +1 -0
- package/dist/rest/index.cjs +1 -1
- package/dist/rest/index.js +1 -1
- package/dist/templates/index.cjs +1 -1
- package/dist/templates/index.js +1 -1
- package/dist/trpc/index.cjs +1 -1
- package/dist/trpc/index.js +1 -1
- package/dist/ws/index.cjs +1 -1
- package/dist/ws/index.js +1 -1
- package/package.json +2 -2
- package/dist/bootstrap-2WJK6PG7.cjs +0 -29
- package/dist/bootstrap-Q2TWUQF3.js +0 -4
- package/dist/chunk-I4BORBXT.cjs.map +0 -1
- package/dist/chunk-PZ5AY32C.js +0 -9
- package/dist/chunk-Q7SFCCGT.cjs +0 -11
- package/dist/chunk-V67YXRBT.js.map +0 -1
- package/dist/database-37KXWUER.js +0 -5
- package/dist/database-LJKD3HE4.cjs +0 -22
- package/dist/postgres-auth-adapter-CYZAVPPP.cjs +0 -14
- package/dist/postgres-auth-adapter-LTDUGBMB.js +0 -5
|
@@ -0,0 +1,256 @@
|
|
|
1
|
+
import Redis from 'ioredis';
|
|
2
|
+
import bcrypt from 'bcryptjs';
|
|
3
|
+
import { randomBytes } from 'crypto';
|
|
4
|
+
|
|
5
|
+
// src/auth/redis-adapter.ts
|
|
6
|
+
var DEFAULT_PREFIX = "kyro:auth:";
|
|
7
|
+
var DEFAULT_TOKEN_EXPIRATION = 86400;
|
|
8
|
+
var DEFAULT_REFRESH_EXPIRATION = 604800;
|
|
9
|
+
var RedisAuthAdapter = class {
|
|
10
|
+
redis;
|
|
11
|
+
prefix;
|
|
12
|
+
tokenExpiration;
|
|
13
|
+
refreshExpiration;
|
|
14
|
+
constructor(options = {}) {
|
|
15
|
+
const url = options.url || `redis://${options.host || "localhost"}:${options.port || 6379}`;
|
|
16
|
+
this.redis = new Redis(url, {
|
|
17
|
+
password: options.password,
|
|
18
|
+
db: options.db,
|
|
19
|
+
lazyConnect: true,
|
|
20
|
+
tls: options.tls ? {} : void 0
|
|
21
|
+
});
|
|
22
|
+
this.prefix = options.keyPrefix || DEFAULT_PREFIX;
|
|
23
|
+
this.tokenExpiration = options.tokenExpiration || DEFAULT_TOKEN_EXPIRATION;
|
|
24
|
+
this.refreshExpiration = options.refreshTokenExpiration || DEFAULT_REFRESH_EXPIRATION;
|
|
25
|
+
}
|
|
26
|
+
async connect() {
|
|
27
|
+
await this.redis.connect();
|
|
28
|
+
}
|
|
29
|
+
async disconnect() {
|
|
30
|
+
await this.redis.quit();
|
|
31
|
+
}
|
|
32
|
+
userKey(userId) {
|
|
33
|
+
return `${this.prefix}users:${userId}`;
|
|
34
|
+
}
|
|
35
|
+
sessionKey(sessionId) {
|
|
36
|
+
return `${this.prefix}sessions:${sessionId}`;
|
|
37
|
+
}
|
|
38
|
+
refreshKey(token) {
|
|
39
|
+
return `${this.prefix}refresh:${token}`;
|
|
40
|
+
}
|
|
41
|
+
userByEmailKey(email) {
|
|
42
|
+
return `${this.prefix}users:email:${email.toLowerCase()}`;
|
|
43
|
+
}
|
|
44
|
+
passwordHistoryKey(userId) {
|
|
45
|
+
return `${this.prefix}users:${userId}:password_history`;
|
|
46
|
+
}
|
|
47
|
+
async createUser(data) {
|
|
48
|
+
const userId = randomBytes(16).toString("hex");
|
|
49
|
+
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
50
|
+
const user = {
|
|
51
|
+
id: userId,
|
|
52
|
+
email: data.email.toLowerCase(),
|
|
53
|
+
passwordHash: data.passwordHash,
|
|
54
|
+
role: data.role || "customer",
|
|
55
|
+
tenantId: data.tenantId,
|
|
56
|
+
createdAt: now,
|
|
57
|
+
updatedAt: now
|
|
58
|
+
};
|
|
59
|
+
const pipeline = this.redis.pipeline();
|
|
60
|
+
pipeline.hset(this.userKey(userId), this.userToHash(user));
|
|
61
|
+
pipeline.set(this.userByEmailKey(data.email), userId);
|
|
62
|
+
await pipeline.exec();
|
|
63
|
+
return user;
|
|
64
|
+
}
|
|
65
|
+
async findUserByEmail(email) {
|
|
66
|
+
const userId = await this.redis.get(
|
|
67
|
+
this.userByEmailKey(email.toLowerCase())
|
|
68
|
+
);
|
|
69
|
+
if (!userId) return null;
|
|
70
|
+
return this.findUserById(userId);
|
|
71
|
+
}
|
|
72
|
+
async findUserById(userId) {
|
|
73
|
+
const data = await this.redis.hgetall(this.userKey(userId));
|
|
74
|
+
if (!data || Object.keys(data).length === 0) return null;
|
|
75
|
+
return this.hashToUser(data);
|
|
76
|
+
}
|
|
77
|
+
async updateUser(userId, data) {
|
|
78
|
+
const existing = await this.findUserById(userId);
|
|
79
|
+
if (!existing) return null;
|
|
80
|
+
const updated = {
|
|
81
|
+
...existing,
|
|
82
|
+
...data,
|
|
83
|
+
id: userId,
|
|
84
|
+
updatedAt: (/* @__PURE__ */ new Date()).toISOString()
|
|
85
|
+
};
|
|
86
|
+
if (data.email && data.email !== existing.email) {
|
|
87
|
+
const pipeline = this.redis.pipeline();
|
|
88
|
+
pipeline.del(this.userByEmailKey(existing.email));
|
|
89
|
+
pipeline.set(this.userByEmailKey(data.email), userId);
|
|
90
|
+
await pipeline.exec();
|
|
91
|
+
}
|
|
92
|
+
await this.redis.hset(this.userKey(userId), this.userToHash(updated));
|
|
93
|
+
return updated;
|
|
94
|
+
}
|
|
95
|
+
async deleteUser(userId) {
|
|
96
|
+
const user = await this.findUserById(userId);
|
|
97
|
+
if (!user) return false;
|
|
98
|
+
const pipeline = this.redis.pipeline();
|
|
99
|
+
pipeline.del(this.userKey(userId));
|
|
100
|
+
pipeline.del(this.userByEmailKey(user.email));
|
|
101
|
+
pipeline.del(this.passwordHistoryKey(userId));
|
|
102
|
+
await pipeline.exec();
|
|
103
|
+
return true;
|
|
104
|
+
}
|
|
105
|
+
async hashPassword(password) {
|
|
106
|
+
return bcrypt.hash(password, 12);
|
|
107
|
+
}
|
|
108
|
+
async verifyPassword(password, hash) {
|
|
109
|
+
return bcrypt.compare(password, hash);
|
|
110
|
+
}
|
|
111
|
+
async createSession(userId, data = {}) {
|
|
112
|
+
const sessionId = randomBytes(32).toString("hex");
|
|
113
|
+
const token = randomBytes(32).toString("base64url");
|
|
114
|
+
const refreshToken = randomBytes(32).toString("base64url");
|
|
115
|
+
const now = /* @__PURE__ */ new Date();
|
|
116
|
+
const session = {
|
|
117
|
+
id: sessionId,
|
|
118
|
+
userId,
|
|
119
|
+
token,
|
|
120
|
+
refreshToken,
|
|
121
|
+
expiresAt: new Date(
|
|
122
|
+
now.getTime() + this.tokenExpiration * 1e3
|
|
123
|
+
).toISOString(),
|
|
124
|
+
createdAt: now.toISOString(),
|
|
125
|
+
ipAddress: data.ipAddress,
|
|
126
|
+
userAgent: data.userAgent
|
|
127
|
+
};
|
|
128
|
+
const pipeline = this.redis.pipeline();
|
|
129
|
+
pipeline.hset(this.sessionKey(sessionId), this.sessionToHash(session));
|
|
130
|
+
pipeline.setex(
|
|
131
|
+
this.refreshKey(refreshToken),
|
|
132
|
+
this.refreshExpiration,
|
|
133
|
+
sessionId
|
|
134
|
+
);
|
|
135
|
+
await pipeline.exec();
|
|
136
|
+
return session;
|
|
137
|
+
}
|
|
138
|
+
async findSessionByToken(token) {
|
|
139
|
+
const data = await this.redis.hgetall(this.sessionKey(token));
|
|
140
|
+
if (!data || Object.keys(data).length === 0) return null;
|
|
141
|
+
return this.hashToSession(data);
|
|
142
|
+
}
|
|
143
|
+
async deleteSession(sessionId) {
|
|
144
|
+
const session = await this.redis.hgetall(this.sessionKey(sessionId));
|
|
145
|
+
if (!session || Object.keys(session).length === 0) return false;
|
|
146
|
+
const pipeline = this.redis.pipeline();
|
|
147
|
+
pipeline.del(this.sessionKey(sessionId));
|
|
148
|
+
if (session.refreshToken) {
|
|
149
|
+
pipeline.del(this.refreshKey(session.refreshToken));
|
|
150
|
+
}
|
|
151
|
+
await pipeline.exec();
|
|
152
|
+
return true;
|
|
153
|
+
}
|
|
154
|
+
async deleteUserSessions(userId) {
|
|
155
|
+
const pattern = `${this.prefix}sessions:*`;
|
|
156
|
+
let cursor = "0";
|
|
157
|
+
let deleted = 0;
|
|
158
|
+
do {
|
|
159
|
+
const [nextCursor, keys] = await this.redis.scan(
|
|
160
|
+
cursor,
|
|
161
|
+
"MATCH",
|
|
162
|
+
pattern,
|
|
163
|
+
"COUNT",
|
|
164
|
+
100
|
|
165
|
+
);
|
|
166
|
+
cursor = nextCursor;
|
|
167
|
+
for (const key of keys) {
|
|
168
|
+
const sessionData = await this.redis.hgetall(key);
|
|
169
|
+
if (sessionData.userId === userId) {
|
|
170
|
+
const sessionId = key.replace(`${this.prefix}sessions:`, "");
|
|
171
|
+
await this.deleteSession(sessionId);
|
|
172
|
+
deleted++;
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
} while (cursor !== "0");
|
|
176
|
+
return deleted;
|
|
177
|
+
}
|
|
178
|
+
async addPasswordToHistory(userId, passwordHash) {
|
|
179
|
+
await this.redis.lpush(this.passwordHistoryKey(userId), passwordHash);
|
|
180
|
+
await this.redis.ltrim(this.passwordHistoryKey(userId), 0, 4);
|
|
181
|
+
}
|
|
182
|
+
async getPasswordHistory(userId, count = 5) {
|
|
183
|
+
return this.redis.lrange(this.passwordHistoryKey(userId), 0, count - 1);
|
|
184
|
+
}
|
|
185
|
+
async isPasswordInHistory(password, userId, historyCount = 5) {
|
|
186
|
+
const history = await this.getPasswordHistory(userId, historyCount);
|
|
187
|
+
for (const hash of history) {
|
|
188
|
+
if (await this.verifyPassword(password, hash)) {
|
|
189
|
+
return true;
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
return false;
|
|
193
|
+
}
|
|
194
|
+
userToHash(user) {
|
|
195
|
+
const hash = {
|
|
196
|
+
id: user.id,
|
|
197
|
+
email: user.email,
|
|
198
|
+
passwordHash: user.passwordHash || "",
|
|
199
|
+
role: user.role,
|
|
200
|
+
createdAt: user.createdAt,
|
|
201
|
+
updatedAt: user.updatedAt
|
|
202
|
+
};
|
|
203
|
+
if (user.tenantId) hash.tenantId = user.tenantId;
|
|
204
|
+
if (user.emailVerified !== void 0)
|
|
205
|
+
hash.emailVerified = String(user.emailVerified);
|
|
206
|
+
if (user.locked !== void 0) hash.locked = String(user.locked);
|
|
207
|
+
if (user.lastLogin) hash.lastLogin = user.lastLogin;
|
|
208
|
+
if (user.failedLoginAttempts !== void 0)
|
|
209
|
+
hash.failedLoginAttempts = String(user.failedLoginAttempts);
|
|
210
|
+
return hash;
|
|
211
|
+
}
|
|
212
|
+
hashToUser(hash) {
|
|
213
|
+
return {
|
|
214
|
+
id: hash.id,
|
|
215
|
+
email: hash.email,
|
|
216
|
+
passwordHash: hash.passwordHash,
|
|
217
|
+
role: hash.role,
|
|
218
|
+
tenantId: hash.tenantId,
|
|
219
|
+
createdAt: hash.createdAt,
|
|
220
|
+
updatedAt: hash.updatedAt,
|
|
221
|
+
emailVerified: hash.emailVerified === "true",
|
|
222
|
+
locked: hash.locked === "true",
|
|
223
|
+
lastLogin: hash.lastLogin,
|
|
224
|
+
failedLoginAttempts: hash.failedLoginAttempts ? parseInt(hash.failedLoginAttempts, 10) : 0
|
|
225
|
+
};
|
|
226
|
+
}
|
|
227
|
+
sessionToHash(session) {
|
|
228
|
+
const hash = {
|
|
229
|
+
id: session.id,
|
|
230
|
+
userId: session.userId,
|
|
231
|
+
token: session.token,
|
|
232
|
+
expiresAt: session.expiresAt,
|
|
233
|
+
createdAt: session.createdAt
|
|
234
|
+
};
|
|
235
|
+
if (session.refreshToken) hash.refreshToken = session.refreshToken;
|
|
236
|
+
if (session.ipAddress) hash.ipAddress = session.ipAddress;
|
|
237
|
+
if (session.userAgent) hash.userAgent = session.userAgent;
|
|
238
|
+
return hash;
|
|
239
|
+
}
|
|
240
|
+
hashToSession(hash) {
|
|
241
|
+
return {
|
|
242
|
+
id: hash.id,
|
|
243
|
+
userId: hash.userId,
|
|
244
|
+
token: hash.token,
|
|
245
|
+
refreshToken: hash.refreshToken,
|
|
246
|
+
expiresAt: hash.expiresAt,
|
|
247
|
+
createdAt: hash.createdAt,
|
|
248
|
+
ipAddress: hash.ipAddress,
|
|
249
|
+
userAgent: hash.userAgent
|
|
250
|
+
};
|
|
251
|
+
}
|
|
252
|
+
};
|
|
253
|
+
|
|
254
|
+
export { RedisAuthAdapter };
|
|
255
|
+
//# sourceMappingURL=chunk-VMSRTAH7.js.map
|
|
256
|
+
//# sourceMappingURL=chunk-VMSRTAH7.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/auth/redis-adapter.ts"],"names":[],"mappings":";;;;;AAiBA,IAAM,cAAA,GAAiB,YAAA;AACvB,IAAM,wBAAA,GAA2B,KAAA;AACjC,IAAM,0BAAA,GAA6B,MAAA;AAE5B,IAAM,mBAAN,MAA8C;AAAA,EAC3C,KAAA;AAAA,EACA,MAAA;AAAA,EACA,eAAA;AAAA,EACA,iBAAA;AAAA,EAER,WAAA,CAAY,OAAA,GAAmC,EAAC,EAAG;AACjD,IAAA,MAAM,GAAA,GACJ,OAAA,CAAQ,GAAA,IACR,CAAA,QAAA,EAAW,OAAA,CAAQ,QAAQ,WAAW,CAAA,CAAA,EAAI,OAAA,CAAQ,IAAA,IAAQ,IAAI,CAAA,CAAA;AAEhE,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAI,KAAA,CAAM,GAAA,EAAK;AAAA,MAC1B,UAAU,OAAA,CAAQ,QAAA;AAAA,MAClB,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,WAAA,EAAa,IAAA;AAAA,MACb,GAAA,EAAK,OAAA,CAAQ,GAAA,GAAM,EAAC,GAAI;AAAA,KACzB,CAAA;AAED,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,SAAA,IAAa,cAAA;AACnC,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAQ,eAAA,IAAmB,wBAAA;AAClD,IAAA,IAAA,CAAK,iBAAA,GACH,QAAQ,sBAAA,IAA0B,0BAAA;AAAA,EACtC;AAAA,EAEA,MAAM,OAAA,GAAyB;AAC7B,IAAA,MAAM,IAAA,CAAK,MAAM,OAAA,EAAQ;AAAA,EAC3B;AAAA,EAEA,MAAM,UAAA,GAA4B;AAChC,IAAA,MAAM,IAAA,CAAK,MAAM,IAAA,EAAK;AAAA,EACxB;AAAA,EAEQ,QAAQ,MAAA,EAAwB;AACtC,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,MAAA,EAAS,MAAM,CAAA,CAAA;AAAA,EACtC;AAAA,EAEQ,WAAW,SAAA,EAA2B;AAC5C,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,SAAA,EAAY,SAAS,CAAA,CAAA;AAAA,EAC5C;AAAA,EAEQ,WAAW,KAAA,EAAuB;AACxC,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,QAAA,EAAW,KAAK,CAAA,CAAA;AAAA,EACvC;AAAA,EAEQ,eAAe,KAAA,EAAuB;AAC5C,IAAA,OAAO,GAAG,IAAA,CAAK,MAAM,CAAA,YAAA,EAAe,KAAA,CAAM,aAAa,CAAA,CAAA;AAAA,EACzD;AAAA,EAEQ,mBAAmB,MAAA,EAAwB;AACjD,IAAA,OAAO,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,MAAA,EAAS,MAAM,CAAA,iBAAA,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,WAAW,IAAA,EAKK;AACpB,IAAA,MAAM,MAAA,GAAS,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,KAAK,CAAA;AAC7C,IAAA,MAAM,GAAA,GAAA,iBAAM,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAEnC,IAAA,MAAM,IAAA,GAAiB;AAAA,MACrB,EAAA,EAAI,MAAA;AAAA,MACJ,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,WAAA,EAAY;AAAA,MAC9B,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,IAAA,EAAO,KAAK,IAAA,IAAQ,UAAA;AAAA,MACpB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,SAAA,EAAW,GAAA;AAAA,MACX,SAAA,EAAW;AAAA,KACb;AAEA,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,QAAA,EAAS;AAErC,IAAA,QAAA,CAAS,IAAA,CAAK,KAAK,OAAA,CAAQ,MAAM,GAAG,IAAA,CAAK,UAAA,CAAW,IAAI,CAAC,CAAA;AACzD,IAAA,QAAA,CAAS,IAAI,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,KAAK,GAAG,MAAM,CAAA;AAEpD,IAAA,MAAM,SAAS,IAAA,EAAK;AAEpB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,gBAAgB,KAAA,EAAyC;AAC7D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,KAAA,CAAM,GAAA;AAAA,MAC9B,IAAA,CAAK,cAAA,CAAe,KAAA,CAAM,WAAA,EAAa;AAAA,KACzC;AACA,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AACpB,IAAA,OAAO,IAAA,CAAK,aAAa,MAAM,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,aAAa,MAAA,EAA0C;AAC3D,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,KAAA,CAAM,QAAQ,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAC,CAAA;AAC1D,IAAA,IAAI,CAAC,QAAQ,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,CAAE,MAAA,KAAW,GAAG,OAAO,IAAA;AACpD,IAAA,OAAO,IAAA,CAAK,WAAW,IAAI,CAAA;AAAA,EAC7B;AAAA,EAEA,MAAM,UAAA,CACJ,MAAA,EACA,IAAA,EAC0B;AAC1B,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA;AAC/C,IAAA,IAAI,CAAC,UAAU,OAAO,IAAA;AAEtB,IAAA,MAAM,OAAA,GAAoB;AAAA,MACxB,GAAG,QAAA;AAAA,MACH,GAAG,IAAA;AAAA,MACH,EAAA,EAAI,MAAA;AAAA,MACJ,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AAEA,IAAA,IAAI,IAAA,CAAK,KAAA,IAAS,IAAA,CAAK,KAAA,KAAU,SAAS,KAAA,EAAO;AAC/C,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,QAAA,EAAS;AACrC,MAAA,QAAA,CAAS,GAAA,CAAI,IAAA,CAAK,cAAA,CAAe,QAAA,CAAS,KAAK,CAAC,CAAA;AAChD,MAAA,QAAA,CAAS,IAAI,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,KAAK,GAAG,MAAM,CAAA;AACpD,MAAA,MAAM,SAAS,IAAA,EAAK;AAAA,IACtB;AAEA,IAAA,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAA,EAAG,IAAA,CAAK,UAAA,CAAW,OAAO,CAAC,CAAA;AACpE,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,WAAW,MAAA,EAAkC;AACjD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA;AAC3C,IAAA,IAAI,CAAC,MAAM,OAAO,KAAA;AAElB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,QAAA,EAAS;AACrC,IAAA,QAAA,CAAS,GAAA,CAAI,IAAA,CAAK,OAAA,CAAQ,MAAM,CAAC,CAAA;AACjC,IAAA,QAAA,CAAS,GAAA,CAAI,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,KAAK,CAAC,CAAA;AAC5C,IAAA,QAAA,CAAS,GAAA,CAAI,IAAA,CAAK,kBAAA,CAAmB,MAAM,CAAC,CAAA;AAC5C,IAAA,MAAM,SAAS,IAAA,EAAK;AAEpB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,aAAa,QAAA,EAAmC;AACpD,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,EAAE,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,cAAA,CAAe,QAAA,EAAkB,IAAA,EAAgC;AACrE,IAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,IAAI,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,aAAA,CACJ,MAAA,EACA,IAAA,GAGI,EAAC,EACa;AAClB,IAAA,MAAM,SAAA,GAAY,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,KAAK,CAAA;AAChD,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AAClD,IAAA,MAAM,YAAA,GAAe,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AACzD,IAAA,MAAM,GAAA,uBAAU,IAAA,EAAK;AAErB,IAAA,MAAM,OAAA,GAAmB;AAAA,MACvB,EAAA,EAAI,SAAA;AAAA,MACJ,MAAA;AAAA,MACA,KAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAW,IAAI,IAAA;AAAA,QACb,GAAA,CAAI,OAAA,EAAQ,GAAI,IAAA,CAAK,eAAA,GAAkB;AAAA,QACvC,WAAA,EAAY;AAAA,MACd,SAAA,EAAW,IAAI,WAAA,EAAY;AAAA,MAC3B,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK;AAAA,KAClB;AAEA,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,QAAA,EAAS;AAErC,IAAA,QAAA,CAAS,IAAA,CAAK,KAAK,UAAA,CAAW,SAAS,GAAG,IAAA,CAAK,aAAA,CAAc,OAAO,CAAC,CAAA;AACrE,IAAA,QAAA,CAAS,KAAA;AAAA,MACP,IAAA,CAAK,WAAW,YAAY,CAAA;AAAA,MAC5B,IAAA,CAAK,iBAAA;AAAA,MACL;AAAA,KACF;AAEA,IAAA,MAAM,SAAS,IAAA,EAAK;AAEpB,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,KAAA,EAAwC;AAC/D,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,KAAA,CAAM,QAAQ,IAAA,CAAK,UAAA,CAAW,KAAK,CAAC,CAAA;AAC5D,IAAA,IAAI,CAAC,QAAQ,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,CAAE,MAAA,KAAW,GAAG,OAAO,IAAA;AACpD,IAAA,OAAO,IAAA,CAAK,cAAc,IAAI,CAAA;AAAA,EAChC;AAAA,EAEA,MAAM,cAAc,SAAA,EAAqC;AACvD,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,KAAA,CAAM,QAAQ,IAAA,CAAK,UAAA,CAAW,SAAS,CAAC,CAAA;AACnE,IAAA,IAAI,CAAC,WAAW,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,MAAA,KAAW,GAAG,OAAO,KAAA;AAE1D,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,QAAA,EAAS;AACrC,IAAA,QAAA,CAAS,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,SAAS,CAAC,CAAA;AACvC,IAAA,IAAI,QAAQ,YAAA,EAAc;AACxB,MAAA,QAAA,CAAS,GAAA,CAAI,IAAA,CAAK,UAAA,CAAW,OAAA,CAAQ,YAAY,CAAC,CAAA;AAAA,IACpD;AACA,IAAA,MAAM,SAAS,IAAA,EAAK;AAEpB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAiC;AACxD,IAAA,MAAM,OAAA,GAAU,CAAA,EAAG,IAAA,CAAK,MAAM,CAAA,UAAA,CAAA;AAC9B,IAAA,IAAI,MAAA,GAAS,GAAA;AACb,IAAA,IAAI,OAAA,GAAU,CAAA;AAEd,IAAA,GAAG;AACD,MAAA,MAAM,CAAC,UAAA,EAAY,IAAI,CAAA,GAAI,MAAM,KAAK,KAAA,CAAM,IAAA;AAAA,QAC1C,MAAA;AAAA,QACA,OAAA;AAAA,QACA,OAAA;AAAA,QACA,OAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,MAAA,GAAS,UAAA;AAET,MAAA,KAAA,MAAW,OAAO,IAAA,EAAM;AACtB,QAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,KAAA,CAAM,QAAQ,GAAG,CAAA;AAChD,QAAA,IAAI,WAAA,CAAY,WAAW,MAAA,EAAQ;AACjC,UAAA,MAAM,YAAY,GAAA,CAAI,OAAA,CAAQ,GAAG,IAAA,CAAK,MAAM,aAAa,EAAE,CAAA;AAC3D,UAAA,MAAM,IAAA,CAAK,cAAc,SAAS,CAAA;AAClC,UAAA,OAAA,EAAA;AAAA,QACF;AAAA,MACF;AAAA,IACF,SAAS,MAAA,KAAW,GAAA;AAEpB,IAAA,OAAO,OAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,CACJ,MAAA,EACA,YAAA,EACe;AACf,IAAA,MAAM,KAAK,KAAA,CAAM,KAAA,CAAM,KAAK,kBAAA,CAAmB,MAAM,GAAG,YAAY,CAAA;AACpE,IAAA,MAAM,IAAA,CAAK,MAAM,KAAA,CAAM,IAAA,CAAK,mBAAmB,MAAM,CAAA,EAAG,GAAG,CAAC,CAAA;AAAA,EAC9D;AAAA,EAEA,MAAM,kBAAA,CACJ,MAAA,EACA,KAAA,GAAgB,CAAA,EACG;AACnB,IAAA,OAAO,IAAA,CAAK,MAAM,MAAA,CAAO,IAAA,CAAK,mBAAmB,MAAM,CAAA,EAAG,CAAA,EAAG,KAAA,GAAQ,CAAC,CAAA;AAAA,EACxE;AAAA,EAEA,MAAM,mBAAA,CACJ,QAAA,EACA,MAAA,EACA,eAAuB,CAAA,EACL;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,YAAY,CAAA;AAElE,IAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,MAAA,IAAI,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,EAAU,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEQ,WAAW,IAAA,EAAwC;AACzD,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAA,EAAc,KAAK,YAAA,IAAgB,EAAA;AAAA,MACnC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK;AAAA,KAClB;AAEA,IAAA,IAAI,IAAA,CAAK,QAAA,EAAU,IAAA,CAAK,QAAA,GAAW,IAAA,CAAK,QAAA;AACxC,IAAA,IAAI,KAAK,aAAA,KAAkB,MAAA;AACzB,MAAA,IAAA,CAAK,aAAA,GAAgB,MAAA,CAAO,IAAA,CAAK,aAAa,CAAA;AAChD,IAAA,IAAI,KAAK,MAAA,KAAW,MAAA,OAAgB,MAAA,GAAS,MAAA,CAAO,KAAK,MAAM,CAAA;AAC/D,IAAA,IAAI,IAAA,CAAK,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,SAAA;AAC1C,IAAA,IAAI,KAAK,mBAAA,KAAwB,MAAA;AAC/B,MAAA,IAAA,CAAK,mBAAA,GAAsB,MAAA,CAAO,IAAA,CAAK,mBAAmB,CAAA;AAE5D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,WAAW,IAAA,EAAwC;AACzD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,aAAA,EAAe,KAAK,aAAA,KAAkB,MAAA;AAAA,MACtC,MAAA,EAAQ,KAAK,MAAA,KAAW,MAAA;AAAA,MACxB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,qBAAqB,IAAA,CAAK,mBAAA,GACtB,SAAS,IAAA,CAAK,mBAAA,EAAqB,EAAE,CAAA,GACrC;AAAA,KACN;AAAA,EACF;AAAA,EAEQ,cAAc,OAAA,EAA0C;AAC9D,IAAA,MAAM,IAAA,GAA+B;AAAA,MACnC,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,WAAW,OAAA,CAAQ;AAAA,KACrB;AAEA,IAAA,IAAI,OAAA,CAAQ,YAAA,EAAc,IAAA,CAAK,YAAA,GAAe,OAAA,CAAQ,YAAA;AACtD,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,OAAA,CAAQ,SAAA;AAChD,IAAA,IAAI,OAAA,CAAQ,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,OAAA,CAAQ,SAAA;AAEhD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEQ,cAAc,IAAA,EAAuC;AAC3D,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK;AAAA,KAClB;AAAA,EACF;AACF","file":"chunk-VMSRTAH7.js","sourcesContent":["import Redis from \"ioredis\";\nimport type { AuthAdapter, AuthUser, Session, UserRole } from \"./types.js\";\nimport bcrypt from \"bcryptjs\";\nimport { randomBytes } from \"crypto\";\n\nexport interface RedisAuthAdapterOptions {\n url?: string;\n host?: string;\n port?: number;\n password?: string;\n db?: number;\n keyPrefix?: string;\n tokenExpiration?: number;\n refreshTokenExpiration?: number;\n tls?: boolean;\n}\n\nconst DEFAULT_PREFIX = \"kyro:auth:\";\nconst DEFAULT_TOKEN_EXPIRATION = 86400;\nconst DEFAULT_REFRESH_EXPIRATION = 604800;\n\nexport class RedisAuthAdapter implements AuthAdapter {\n private redis: Redis;\n private prefix: string;\n private tokenExpiration: number;\n private refreshExpiration: number;\n\n constructor(options: RedisAuthAdapterOptions = {}) {\n const url =\n options.url ||\n `redis://${options.host || \"localhost\"}:${options.port || 6379}`;\n\n this.redis = new Redis(url, {\n password: options.password,\n db: options.db,\n lazyConnect: true,\n tls: options.tls ? {} : undefined,\n });\n\n this.prefix = options.keyPrefix || DEFAULT_PREFIX;\n this.tokenExpiration = options.tokenExpiration || DEFAULT_TOKEN_EXPIRATION;\n this.refreshExpiration =\n options.refreshTokenExpiration || DEFAULT_REFRESH_EXPIRATION;\n }\n\n async connect(): Promise<void> {\n await this.redis.connect();\n }\n\n async disconnect(): Promise<void> {\n await this.redis.quit();\n }\n\n private userKey(userId: string): string {\n return `${this.prefix}users:${userId}`;\n }\n\n private sessionKey(sessionId: string): string {\n return `${this.prefix}sessions:${sessionId}`;\n }\n\n private refreshKey(token: string): string {\n return `${this.prefix}refresh:${token}`;\n }\n\n private userByEmailKey(email: string): string {\n return `${this.prefix}users:email:${email.toLowerCase()}`;\n }\n\n private passwordHistoryKey(userId: string): string {\n return `${this.prefix}users:${userId}:password_history`;\n }\n\n async createUser(data: {\n email: string;\n passwordHash: string;\n role?: UserRole;\n tenantId?: string;\n }): Promise<AuthUser> {\n const userId = randomBytes(16).toString(\"hex\");\n const now = new Date().toISOString();\n\n const user: AuthUser = {\n id: userId,\n email: data.email.toLowerCase(),\n passwordHash: data.passwordHash,\n role: (data.role || \"customer\") as UserRole,\n tenantId: data.tenantId,\n createdAt: now,\n updatedAt: now,\n };\n\n const pipeline = this.redis.pipeline();\n\n pipeline.hset(this.userKey(userId), this.userToHash(user));\n pipeline.set(this.userByEmailKey(data.email), userId);\n\n await pipeline.exec();\n\n return user;\n }\n\n async findUserByEmail(email: string): Promise<AuthUser | null> {\n const userId = await this.redis.get(\n this.userByEmailKey(email.toLowerCase()),\n );\n if (!userId) return null;\n return this.findUserById(userId);\n }\n\n async findUserById(userId: string): Promise<AuthUser | null> {\n const data = await this.redis.hgetall(this.userKey(userId));\n if (!data || Object.keys(data).length === 0) return null;\n return this.hashToUser(data);\n }\n\n async updateUser(\n userId: string,\n data: Partial<AuthUser>,\n ): Promise<AuthUser | null> {\n const existing = await this.findUserById(userId);\n if (!existing) return null;\n\n const updated: AuthUser = {\n ...existing,\n ...data,\n id: userId,\n updatedAt: new Date().toISOString(),\n };\n\n if (data.email && data.email !== existing.email) {\n const pipeline = this.redis.pipeline();\n pipeline.del(this.userByEmailKey(existing.email));\n pipeline.set(this.userByEmailKey(data.email), userId);\n await pipeline.exec();\n }\n\n await this.redis.hset(this.userKey(userId), this.userToHash(updated));\n return updated;\n }\n\n async deleteUser(userId: string): Promise<boolean> {\n const user = await this.findUserById(userId);\n if (!user) return false;\n\n const pipeline = this.redis.pipeline();\n pipeline.del(this.userKey(userId));\n pipeline.del(this.userByEmailKey(user.email));\n pipeline.del(this.passwordHistoryKey(userId));\n await pipeline.exec();\n\n return true;\n }\n\n async hashPassword(password: string): Promise<string> {\n return bcrypt.hash(password, 12);\n }\n\n async verifyPassword(password: string, hash: string): Promise<boolean> {\n return bcrypt.compare(password, hash);\n }\n\n async createSession(\n userId: string,\n data: {\n ipAddress?: string;\n userAgent?: string;\n } = {},\n ): Promise<Session> {\n const sessionId = randomBytes(32).toString(\"hex\");\n const token = randomBytes(32).toString(\"base64url\");\n const refreshToken = randomBytes(32).toString(\"base64url\");\n const now = new Date();\n\n const session: Session = {\n id: sessionId,\n userId,\n token,\n refreshToken,\n expiresAt: new Date(\n now.getTime() + this.tokenExpiration * 1000,\n ).toISOString(),\n createdAt: now.toISOString(),\n ipAddress: data.ipAddress,\n userAgent: data.userAgent,\n };\n\n const pipeline = this.redis.pipeline();\n\n pipeline.hset(this.sessionKey(sessionId), this.sessionToHash(session));\n pipeline.setex(\n this.refreshKey(refreshToken),\n this.refreshExpiration,\n sessionId,\n );\n\n await pipeline.exec();\n\n return session;\n }\n\n async findSessionByToken(token: string): Promise<Session | null> {\n const data = await this.redis.hgetall(this.sessionKey(token));\n if (!data || Object.keys(data).length === 0) return null;\n return this.hashToSession(data);\n }\n\n async deleteSession(sessionId: string): Promise<boolean> {\n const session = await this.redis.hgetall(this.sessionKey(sessionId));\n if (!session || Object.keys(session).length === 0) return false;\n\n const pipeline = this.redis.pipeline();\n pipeline.del(this.sessionKey(sessionId));\n if (session.refreshToken) {\n pipeline.del(this.refreshKey(session.refreshToken));\n }\n await pipeline.exec();\n\n return true;\n }\n\n async deleteUserSessions(userId: string): Promise<number> {\n const pattern = `${this.prefix}sessions:*`;\n let cursor = \"0\";\n let deleted = 0;\n\n do {\n const [nextCursor, keys] = await this.redis.scan(\n cursor,\n \"MATCH\",\n pattern,\n \"COUNT\",\n 100,\n );\n cursor = nextCursor;\n\n for (const key of keys) {\n const sessionData = await this.redis.hgetall(key);\n if (sessionData.userId === userId) {\n const sessionId = key.replace(`${this.prefix}sessions:`, \"\");\n await this.deleteSession(sessionId);\n deleted++;\n }\n }\n } while (cursor !== \"0\");\n\n return deleted;\n }\n\n async addPasswordToHistory(\n userId: string,\n passwordHash: string,\n ): Promise<void> {\n await this.redis.lpush(this.passwordHistoryKey(userId), passwordHash);\n await this.redis.ltrim(this.passwordHistoryKey(userId), 0, 4);\n }\n\n async getPasswordHistory(\n userId: string,\n count: number = 5,\n ): Promise<string[]> {\n return this.redis.lrange(this.passwordHistoryKey(userId), 0, count - 1);\n }\n\n async isPasswordInHistory(\n password: string,\n userId: string,\n historyCount: number = 5,\n ): Promise<boolean> {\n const history = await this.getPasswordHistory(userId, historyCount);\n\n for (const hash of history) {\n if (await this.verifyPassword(password, hash)) {\n return true;\n }\n }\n\n return false;\n }\n\n private userToHash(user: AuthUser): Record<string, string> {\n const hash: Record<string, string> = {\n id: user.id,\n email: user.email,\n passwordHash: user.passwordHash || \"\",\n role: user.role,\n createdAt: user.createdAt,\n updatedAt: user.updatedAt,\n };\n\n if (user.tenantId) hash.tenantId = user.tenantId;\n if (user.emailVerified !== undefined)\n hash.emailVerified = String(user.emailVerified);\n if (user.locked !== undefined) hash.locked = String(user.locked);\n if (user.lastLogin) hash.lastLogin = user.lastLogin;\n if (user.failedLoginAttempts !== undefined)\n hash.failedLoginAttempts = String(user.failedLoginAttempts);\n\n return hash;\n }\n\n private hashToUser(hash: Record<string, string>): AuthUser {\n return {\n id: hash.id,\n email: hash.email,\n passwordHash: hash.passwordHash,\n role: hash.role as UserRole,\n tenantId: hash.tenantId,\n createdAt: hash.createdAt,\n updatedAt: hash.updatedAt,\n emailVerified: hash.emailVerified === \"true\",\n locked: hash.locked === \"true\",\n lastLogin: hash.lastLogin,\n failedLoginAttempts: hash.failedLoginAttempts\n ? parseInt(hash.failedLoginAttempts, 10)\n : 0,\n };\n }\n\n private sessionToHash(session: Session): Record<string, string> {\n const hash: Record<string, string> = {\n id: session.id,\n userId: session.userId,\n token: session.token,\n expiresAt: session.expiresAt,\n createdAt: session.createdAt,\n };\n\n if (session.refreshToken) hash.refreshToken = session.refreshToken;\n if (session.ipAddress) hash.ipAddress = session.ipAddress;\n if (session.userAgent) hash.userAgent = session.userAgent;\n\n return hash;\n }\n\n private hashToSession(hash: Record<string, string>): Session {\n return {\n id: hash.id,\n userId: hash.userId,\n token: hash.token,\n refreshToken: hash.refreshToken,\n expiresAt: hash.expiresAt,\n createdAt: hash.createdAt,\n ipAddress: hash.ipAddress,\n userAgent: hash.userAgent,\n };\n }\n}\n"]}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { __export } from './chunk-
|
|
1
|
+
import { __export } from './chunk-NSBPE2FW.js';
|
|
2
2
|
import { pgTable, timestamp, jsonb, integer, boolean, uuid, varchar, uniqueIndex, index, text } from 'drizzle-orm/pg-core';
|
|
3
3
|
|
|
4
4
|
// src/database/drizzle/schema/auth.ts
|
|
@@ -202,5 +202,5 @@ var lockouts = pgTable(
|
|
|
202
202
|
);
|
|
203
203
|
|
|
204
204
|
export { auth_exports, lockouts, passwordHistory, sessions, users };
|
|
205
|
-
//# sourceMappingURL=chunk-
|
|
206
|
-
//# sourceMappingURL=chunk-
|
|
205
|
+
//# sourceMappingURL=chunk-XTZSUDSI.js.map
|
|
206
|
+
//# sourceMappingURL=chunk-XTZSUDSI.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/database/drizzle/schema/auth.ts"],"names":[],"mappings":";;;;AAAA,IAAA,YAAA,GAAA;AAAA,QAAA,CAAA,YAAA,EAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,KAAA,EAAA,MAAA,KAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,KAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAaO,IAAM,KAAA,GAAQ,OAAA;AAAA,EACnB,OAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,KAAA,EAAO,QAAQ,OAAA,EAAS,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACjD,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACtD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,EAAA,EAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,IAClE,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,IAC1B,aAAA,EAAe,OAAA,CAAQ,gBAAgB,CAAA,CAAE,QAAQ,KAAK,CAAA;AAAA,IACtD,MAAA,EAAQ,OAAA,CAAQ,QAAQ,CAAA,CAAE,QAAQ,KAAK,CAAA;AAAA,IACvC,SAAA,EAAW,UAAU,YAAY,CAAA;AAAA,IACjC,mBAAA,EAAqB,OAAA,CAAQ,uBAAuB,CAAA,CAAE,QAAQ,CAAC,CAAA;AAAA,IAC/D,QAAA,EAAU,KAAA,CAAM,UAAU,CAAA,CAAE,KAAA,EAA+B;AAAA,IAC3D,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA,EAAQ;AAAA,IACxD,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,WAAA,CAAY,iBAAiB,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IAC7C,KAAA,CAAM,kBAAkB,CAAA,CAAE,EAAA,CAAG,MAAM,QAAQ,CAAA;AAAA,IAC3C,KAAA,CAAM,gBAAgB,CAAA,CAAE,EAAA,CAAG,MAAM,IAAI;AAAA;AAEzC;AAEO,IAAM,KAAA,GAAQ,OAAA;AAAA,EACnB,OAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,KAAK,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACxD,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,IAC3C,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,KAAA,EAAM;AAAA,IACjC,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,IAC/B,WAAA,EAAa,MAAM,aAAa,CAAA,CAAE,OAAgB,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,IAC9D,QAAA,EAAU,OAAA,CAAQ,WAAW,CAAA,CAAE,QAAQ,KAAK,CAAA;AAAA,IAC5C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA,EAAQ;AAAA,IACxD,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,UAAU,CAAC,KAAA,CAAM,iBAAiB,CAAA,CAAE,EAAA,CAAG,KAAA,CAAM,KAAK,CAAC;AACtD,CAAA;AAEO,IAAM,WAAA,GAAc,OAAA;AAAA,EACzB,aAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,SAAA,EAAW,CAAA;AAAA,IAC1E,QAAA,EAAU,QAAQ,UAAA,EAAY,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACvD,MAAA,EAAQ,QAAQ,QAAA,EAAU,EAAE,QAAQ,EAAA,EAAI,EAAE,OAAA,EAAQ;AAAA,IAClD,UAAA,EAAY,KAAA,CAAM,YAAY,CAAA,CAAE,KAAA,EAA+B;AAAA,IAC/D,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,sBAAsB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC7C,KAAA,CAAM,0BAA0B,CAAA,CAAE,EAAA,CAAG,MAAM,QAAQ;AAAA;AAEvD,CAAA;AAEO,IAAM,QAAA,GAAW,OAAA;AAAA,EACtB,UAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,KAAA,EAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,KAAK,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IAC1D,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACtD,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IAC/C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,IAC5B,SAAA,EAAW,SAAA,CAAU,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,mBAAmB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC1C,KAAA,CAAM,oBAAoB,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IAC1C,KAAA,CAAM,sBAAsB,CAAA,CAAE,EAAA,CAAG,MAAM,SAAS;AAAA;AAEpD;AAEO,IAAM,SAAA,GAAY,OAAA;AAAA,EACvB,YAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,QAAQ,QAAA,EAAU,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACnD,QAAQ,IAAA,CAAK,SAAS,EAAE,UAAA,CAAW,MAAM,MAAM,EAAA,EAAI;AAAA,MACjD,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IACD,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IAChD,MAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IACpC,QAAA,EAAU,QAAQ,UAAA,EAAY,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACvD,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,IAC9B,OAAA,EACE,KAAA,CAAM,SAAS,CAAA,CAAE,KAAA,EAAuD;AAAA,IAC1E,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IAC/C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,IAC5B,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,IAClD,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,IACnB,QAAA,EAAU,KAAA,CAAM,UAAU,CAAA,CAAE,KAAA,EAA+B;AAAA,IAC3D,WAAW,SAAA,CAAU,WAAW,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GACzD;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,qBAAqB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC5C,KAAA,CAAM,uBAAuB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC9C,KAAA,CAAM,yBAAyB,CAAA,CAAE,EAAA,CAAG,MAAM,QAAQ,CAAA;AAAA,IAClD,KAAA,CAAM,0BAA0B,CAAA,CAAE,EAAA,CAAG,MAAM,SAAS;AAAA;AAExD,CAAA;AAEO,IAAM,OAAA,GAAU,OAAA;AAAA,EACrB,SAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,IAAA,EAAM,QAAQ,MAAA,EAAQ,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAC/C,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,KAAK,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACxD,QAAA,EAAU,MAAM,UAAU,CAAA,CAAE,OAA+B,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,IACvE,QAAA,EAAU,OAAA,CAAQ,WAAW,CAAA,CAAE,QAAQ,IAAI,CAAA;AAAA,IAC3C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA,EAAQ;AAAA,IACxD,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,UAAU,CAAC,WAAA,CAAY,kBAAkB,CAAA,CAAE,EAAA,CAAG,KAAA,CAAM,IAAI,CAAC;AAC5D,CAAA;AAEO,IAAM,OAAA,GAAU,OAAA;AAAA,EACrB,UAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,IAAA,EAAM,QAAQ,MAAA,EAAQ,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAC/C,GAAA,EAAK,OAAA,CAAQ,KAAA,EAAO,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACrD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,QAAQ,CAAA,EAAG,EAAE,OAAA,EAAQ;AAAA,IACxD,WAAA,EAAa,MAAM,aAAa,CAAA,CAAE,OAAgB,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,IAC9D,UAAA,EAAY,UAAU,cAAc,CAAA;AAAA,IACpC,SAAA,EAAW,UAAU,YAAY,CAAA;AAAA,IACjC,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,mBAAmB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC1C,KAAA,CAAM,kBAAkB,CAAA,CAAE,EAAA,CAAG,MAAM,GAAG;AAAA;AAE1C,CAAA;AAEO,IAAM,kBAAA,GAAqB,OAAA;AAAA,EAChC,qBAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,KAAA,EAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACzD,SAAA,EAAW,SAAA,CAAU,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,+BAA+B,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IACrD,KAAA,CAAM,8BAA8B,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM;AAAA;AAEzD,CAAA;AAEO,IAAM,cAAA,GAAiB,OAAA;AAAA,EAC5B,iBAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,KAAA,EAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACzD,SAAA,EAAW,SAAA,CAAU,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3C,MAAA,EAAQ,UAAU,SAAS,CAAA;AAAA,IAC3B,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,2BAA2B,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IACjD,KAAA,CAAM,0BAA0B,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM;AAAA;AAErD,CAAA;AAEO,IAAM,eAAA,GAAkB,OAAA;AAAA,EAC7B,kBAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,YAAA,EAAc,QAAQ,eAAA,EAAiB,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAChE,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,UAAU,CAAC,KAAA,CAAM,2BAA2B,CAAA,CAAE,EAAA,CAAG,KAAA,CAAM,MAAM,CAAC;AACjE;AAEO,IAAM,QAAA,GAAW,OAAA;AAAA,EACtB,UAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IAC/C,QAAQ,OAAA,CAAQ,QAAA,EAAU,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACzC,WAAA,EAAa,SAAA,CAAU,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC/C,UAAA,EAAY,UAAU,aAAa,CAAA;AAAA,IACnC,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,mBAAmB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC1C,KAAA,CAAM,iBAAiB,CAAA,CAAE,EAAA,CAAG,MAAM,SAAS,CAAA;AAAA,IAC3C,KAAA,CAAM,2BAA2B,CAAA,CAAE,EAAA,CAAG,MAAM,WAAW;AAAA;AAE3D","file":"chunk-KA3UOIFC.js","sourcesContent":["import {\n pgTable,\n uuid,\n varchar,\n boolean,\n timestamp,\n integer,\n text,\n jsonb,\n index,\n uniqueIndex,\n} from \"drizzle-orm/pg-core\";\n\nexport const users = pgTable(\n \"users\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n email: varchar(\"email\", { length: 255 }).notNull(),\n passwordHash: varchar(\"password_hash\", { length: 255 }),\n role: varchar(\"role\", { length: 50 }).notNull().default(\"customer\"),\n tenantId: uuid(\"tenant_id\"),\n emailVerified: boolean(\"email_verified\").default(false),\n locked: boolean(\"locked\").default(false),\n lastLogin: timestamp(\"last_login\"),\n failedLoginAttempts: integer(\"failed_login_attempts\").default(0),\n metadata: jsonb(\"metadata\").$type<Record<string, unknown>>(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n updatedAt: timestamp(\"updated_at\").defaultNow().notNull(),\n },\n (table) => [\n uniqueIndex(\"users_email_idx\").on(table.email),\n index(\"users_tenant_idx\").on(table.tenantId),\n index(\"users_role_idx\").on(table.role),\n ],\n);\n\nexport const roles = pgTable(\n \"roles\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n name: varchar(\"name\", { length: 100 }).notNull().unique(),\n level: integer(\"level\").notNull().default(0),\n inherits: text(\"inherits\").array(),\n description: text(\"description\"),\n permissions: jsonb(\"permissions\").$type<string[]>().default([]),\n isSystem: boolean(\"is_system\").default(false),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n updatedAt: timestamp(\"updated_at\").defaultNow().notNull(),\n },\n (table) => [index(\"roles_level_idx\").on(table.level)],\n);\n\nexport const permissions = pgTable(\n \"permissions\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n roleId: uuid(\"role_id\").references(() => roles.id, { onDelete: \"cascade\" }),\n resource: varchar(\"resource\", { length: 100 }).notNull(),\n action: varchar(\"action\", { length: 50 }).notNull(),\n conditions: jsonb(\"conditions\").$type<Record<string, unknown>>(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"permissions_role_idx\").on(table.roleId),\n index(\"permissions_resource_idx\").on(table.resource),\n ],\n);\n\nexport const sessions = pgTable(\n \"sessions\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n token: varchar(\"token\", { length: 512 }).notNull().unique(),\n refreshToken: varchar(\"refresh_token\", { length: 512 }),\n ipAddress: varchar(\"ip_address\", { length: 45 }),\n userAgent: text(\"user_agent\"),\n expiresAt: timestamp(\"expires_at\").notNull(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"sessions_user_idx\").on(table.userId),\n index(\"sessions_token_idx\").on(table.token),\n index(\"sessions_expires_idx\").on(table.expiresAt),\n ],\n);\n\nexport const auditLogs = pgTable(\n \"audit_logs\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n action: varchar(\"action\", { length: 100 }).notNull(),\n userId: uuid(\"user_id\").references(() => users.id, {\n onDelete: \"set null\",\n }),\n userEmail: varchar(\"user_email\", { length: 255 }),\n role: varchar(\"role\", { length: 50 }),\n resource: varchar(\"resource\", { length: 100 }).notNull(),\n resourceId: uuid(\"resource_id\"),\n changes:\n jsonb(\"changes\").$type<{ field: string; old: unknown; new: unknown }[]>(),\n ipAddress: varchar(\"ip_address\", { length: 45 }),\n userAgent: text(\"user_agent\"),\n success: boolean(\"success\").notNull().default(true),\n error: text(\"error\"),\n metadata: jsonb(\"metadata\").$type<Record<string, unknown>>(),\n timestamp: timestamp(\"timestamp\").defaultNow().notNull(),\n },\n (table) => [\n index(\"audit_logs_user_idx\").on(table.userId),\n index(\"audit_logs_action_idx\").on(table.action),\n index(\"audit_logs_resource_idx\").on(table.resource),\n index(\"audit_logs_timestamp_idx\").on(table.timestamp),\n ],\n);\n\nexport const tenants = pgTable(\n \"tenants\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n name: varchar(\"name\", { length: 255 }).notNull(),\n slug: varchar(\"slug\", { length: 100 }).notNull().unique(),\n settings: jsonb(\"settings\").$type<Record<string, unknown>>().default({}),\n isActive: boolean(\"is_active\").default(true),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n updatedAt: timestamp(\"updated_at\").defaultNow().notNull(),\n },\n (table) => [uniqueIndex(\"tenants_slug_idx\").on(table.slug)],\n);\n\nexport const apiKeys = pgTable(\n \"api_keys\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n name: varchar(\"name\", { length: 255 }).notNull(),\n key: varchar(\"key\", { length: 64 }).notNull().unique(),\n keyPrefix: varchar(\"key_prefix\", { length: 8 }).notNull(),\n permissions: jsonb(\"permissions\").$type<string[]>().default([]),\n lastUsedAt: timestamp(\"last_used_at\"),\n expiresAt: timestamp(\"expires_at\"),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"api_keys_user_idx\").on(table.userId),\n index(\"api_keys_key_idx\").on(table.key),\n ],\n);\n\nexport const emailVerifications = pgTable(\n \"email_verifications\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n token: varchar(\"token\", { length: 64 }).notNull().unique(),\n expiresAt: timestamp(\"expires_at\").notNull(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"email_verifications_token_idx\").on(table.token),\n index(\"email_verifications_user_idx\").on(table.userId),\n ],\n);\n\nexport const passwordResets = pgTable(\n \"password_resets\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n token: varchar(\"token\", { length: 64 }).notNull().unique(),\n expiresAt: timestamp(\"expires_at\").notNull(),\n usedAt: timestamp(\"used_at\"),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"password_resets_token_idx\").on(table.token),\n index(\"password_resets_user_idx\").on(table.userId),\n ],\n);\n\nexport const passwordHistory = pgTable(\n \"password_history\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n passwordHash: varchar(\"password_hash\", { length: 255 }).notNull(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [index(\"password_history_user_idx\").on(table.userId)],\n);\n\nexport const lockouts = pgTable(\n \"lockouts\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n ipAddress: varchar(\"ip_address\", { length: 45 }),\n reason: varchar(\"reason\", { length: 255 }),\n lockedUntil: timestamp(\"locked_until\").notNull(),\n releasedAt: timestamp(\"released_at\"),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"lockouts_user_idx\").on(table.userId),\n index(\"lockouts_ip_idx\").on(table.ipAddress),\n index(\"lockouts_locked_until_idx\").on(table.lockedUntil),\n ],\n);\n\nexport type AuthUser = typeof users.$inferSelect;\nexport type AuthUserNew = typeof users.$inferInsert;\nexport type AuthRole = typeof roles.$inferSelect;\nexport type AuthRoleNew = typeof roles.$inferInsert;\nexport type AuthSession = typeof sessions.$inferSelect;\nexport type AuthSessionNew = typeof sessions.$inferInsert;\nexport type AuthAuditLog = typeof auditLogs.$inferSelect;\nexport type AuthAuditLogNew = typeof auditLogs.$inferInsert;\nexport type AuthTenant = typeof tenants.$inferSelect;\nexport type AuthTenantNew = typeof tenants.$inferInsert;\nexport type AuthApiKey = typeof apiKeys.$inferSelect;\nexport type AuthApiKeyNew = typeof apiKeys.$inferInsert;\nexport type AuthEmailVerification = typeof emailVerifications.$inferSelect;\nexport type AuthPasswordReset = typeof passwordResets.$inferSelect;\nexport type AuthPasswordHistoryEntry = typeof passwordHistory.$inferSelect;\nexport type AuthLockout = typeof lockouts.$inferSelect;\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/database/drizzle/schema/auth.ts"],"names":[],"mappings":";;;;AAAA,IAAA,YAAA,GAAA;AAAA,QAAA,CAAA,YAAA,EAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,SAAA,EAAA,MAAA,SAAA;AAAA,EAAA,kBAAA,EAAA,MAAA,kBAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,eAAA,EAAA,MAAA,eAAA;AAAA,EAAA,cAAA,EAAA,MAAA,cAAA;AAAA,EAAA,WAAA,EAAA,MAAA,WAAA;AAAA,EAAA,KAAA,EAAA,MAAA,KAAA;AAAA,EAAA,QAAA,EAAA,MAAA,QAAA;AAAA,EAAA,OAAA,EAAA,MAAA,OAAA;AAAA,EAAA,KAAA,EAAA,MAAA;AAAA,CAAA,CAAA;AAaO,IAAM,KAAA,GAAQ,OAAA;AAAA,EACnB,OAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,KAAA,EAAO,QAAQ,OAAA,EAAS,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACjD,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACtD,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,EAAA,EAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,OAAA,CAAQ,UAAU,CAAA;AAAA,IAClE,QAAA,EAAU,KAAK,WAAW,CAAA;AAAA,IAC1B,aAAA,EAAe,OAAA,CAAQ,gBAAgB,CAAA,CAAE,QAAQ,KAAK,CAAA;AAAA,IACtD,MAAA,EAAQ,OAAA,CAAQ,QAAQ,CAAA,CAAE,QAAQ,KAAK,CAAA;AAAA,IACvC,SAAA,EAAW,UAAU,YAAY,CAAA;AAAA,IACjC,mBAAA,EAAqB,OAAA,CAAQ,uBAAuB,CAAA,CAAE,QAAQ,CAAC,CAAA;AAAA,IAC/D,QAAA,EAAU,KAAA,CAAM,UAAU,CAAA,CAAE,KAAA,EAA+B;AAAA,IAC3D,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA,EAAQ;AAAA,IACxD,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,WAAA,CAAY,iBAAiB,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IAC7C,KAAA,CAAM,kBAAkB,CAAA,CAAE,EAAA,CAAG,MAAM,QAAQ,CAAA;AAAA,IAC3C,KAAA,CAAM,gBAAgB,CAAA,CAAE,EAAA,CAAG,MAAM,IAAI;AAAA;AAEzC;AAEO,IAAM,KAAA,GAAQ,OAAA;AAAA,EACnB,OAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,KAAK,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACxD,OAAO,OAAA,CAAQ,OAAO,EAAE,OAAA,EAAQ,CAAE,QAAQ,CAAC,CAAA;AAAA,IAC3C,QAAA,EAAU,IAAA,CAAK,UAAU,CAAA,CAAE,KAAA,EAAM;AAAA,IACjC,WAAA,EAAa,KAAK,aAAa,CAAA;AAAA,IAC/B,WAAA,EAAa,MAAM,aAAa,CAAA,CAAE,OAAgB,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,IAC9D,QAAA,EAAU,OAAA,CAAQ,WAAW,CAAA,CAAE,QAAQ,KAAK,CAAA;AAAA,IAC5C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA,EAAQ;AAAA,IACxD,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,UAAU,CAAC,KAAA,CAAM,iBAAiB,CAAA,CAAE,EAAA,CAAG,KAAA,CAAM,KAAK,CAAC;AACtD,CAAA;AAEO,IAAM,WAAA,GAAc,OAAA;AAAA,EACzB,aAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CAAE,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,SAAA,EAAW,CAAA;AAAA,IAC1E,QAAA,EAAU,QAAQ,UAAA,EAAY,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACvD,MAAA,EAAQ,QAAQ,QAAA,EAAU,EAAE,QAAQ,EAAA,EAAI,EAAE,OAAA,EAAQ;AAAA,IAClD,UAAA,EAAY,KAAA,CAAM,YAAY,CAAA,CAAE,KAAA,EAA+B;AAAA,IAC/D,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,sBAAsB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC7C,KAAA,CAAM,0BAA0B,CAAA,CAAE,EAAA,CAAG,MAAM,QAAQ;AAAA;AAEvD,CAAA;AAEO,IAAM,QAAA,GAAW,OAAA;AAAA,EACtB,UAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,KAAA,EAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,KAAK,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IAC1D,cAAc,OAAA,CAAQ,eAAA,EAAiB,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACtD,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IAC/C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,IAC5B,SAAA,EAAW,SAAA,CAAU,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,mBAAmB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC1C,KAAA,CAAM,oBAAoB,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IAC1C,KAAA,CAAM,sBAAsB,CAAA,CAAE,EAAA,CAAG,MAAM,SAAS;AAAA;AAEpD;AAEO,IAAM,SAAA,GAAY,OAAA;AAAA,EACvB,YAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,QAAQ,QAAA,EAAU,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACnD,QAAQ,IAAA,CAAK,SAAS,EAAE,UAAA,CAAW,MAAM,MAAM,EAAA,EAAI;AAAA,MACjD,QAAA,EAAU;AAAA,KACX,CAAA;AAAA,IACD,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IAChD,MAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IACpC,QAAA,EAAU,QAAQ,UAAA,EAAY,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IACvD,UAAA,EAAY,KAAK,aAAa,CAAA;AAAA,IAC9B,OAAA,EACE,KAAA,CAAM,SAAS,CAAA,CAAE,KAAA,EAAuD;AAAA,IAC1E,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IAC/C,SAAA,EAAW,KAAK,YAAY,CAAA;AAAA,IAC5B,SAAS,OAAA,CAAQ,SAAS,EAAE,OAAA,EAAQ,CAAE,QAAQ,IAAI,CAAA;AAAA,IAClD,KAAA,EAAO,KAAK,OAAO,CAAA;AAAA,IACnB,QAAA,EAAU,KAAA,CAAM,UAAU,CAAA,CAAE,KAAA,EAA+B;AAAA,IAC3D,WAAW,SAAA,CAAU,WAAW,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GACzD;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,qBAAqB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC5C,KAAA,CAAM,uBAAuB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC9C,KAAA,CAAM,yBAAyB,CAAA,CAAE,EAAA,CAAG,MAAM,QAAQ,CAAA;AAAA,IAClD,KAAA,CAAM,0BAA0B,CAAA,CAAE,EAAA,CAAG,MAAM,SAAS;AAAA;AAExD,CAAA;AAEO,IAAM,OAAA,GAAU,OAAA;AAAA,EACrB,SAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,IAAA,EAAM,QAAQ,MAAA,EAAQ,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAC/C,IAAA,EAAM,OAAA,CAAQ,MAAA,EAAQ,EAAE,MAAA,EAAQ,KAAK,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACxD,QAAA,EAAU,MAAM,UAAU,CAAA,CAAE,OAA+B,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,IACvE,QAAA,EAAU,OAAA,CAAQ,WAAW,CAAA,CAAE,QAAQ,IAAI,CAAA;AAAA,IAC3C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA,EAAQ;AAAA,IACxD,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,UAAU,CAAC,WAAA,CAAY,kBAAkB,CAAA,CAAE,EAAA,CAAG,KAAA,CAAM,IAAI,CAAC;AAC5D,CAAA;AAEO,IAAM,OAAA,GAAU,OAAA;AAAA,EACrB,UAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,IAAA,EAAM,QAAQ,MAAA,EAAQ,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAC/C,GAAA,EAAK,OAAA,CAAQ,KAAA,EAAO,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACrD,SAAA,EAAW,QAAQ,YAAA,EAAc,EAAE,QAAQ,CAAA,EAAG,EAAE,OAAA,EAAQ;AAAA,IACxD,WAAA,EAAa,MAAM,aAAa,CAAA,CAAE,OAAgB,CAAE,OAAA,CAAQ,EAAE,CAAA;AAAA,IAC9D,UAAA,EAAY,UAAU,cAAc,CAAA;AAAA,IACpC,SAAA,EAAW,UAAU,YAAY,CAAA;AAAA,IACjC,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,mBAAmB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC1C,KAAA,CAAM,kBAAkB,CAAA,CAAE,EAAA,CAAG,MAAM,GAAG;AAAA;AAE1C,CAAA;AAEO,IAAM,kBAAA,GAAqB,OAAA;AAAA,EAChC,qBAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,KAAA,EAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACzD,SAAA,EAAW,SAAA,CAAU,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3C,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,+BAA+B,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IACrD,KAAA,CAAM,8BAA8B,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM;AAAA;AAEzD,CAAA;AAEO,IAAM,cAAA,GAAiB,OAAA;AAAA,EAC5B,iBAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,KAAA,EAAO,OAAA,CAAQ,OAAA,EAAS,EAAE,MAAA,EAAQ,IAAI,CAAA,CAAE,OAAA,EAAQ,CAAE,MAAA,EAAO;AAAA,IACzD,SAAA,EAAW,SAAA,CAAU,YAAY,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC3C,MAAA,EAAQ,UAAU,SAAS,CAAA;AAAA,IAC3B,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,2BAA2B,CAAA,CAAE,EAAA,CAAG,MAAM,KAAK,CAAA;AAAA,IACjD,KAAA,CAAM,0BAA0B,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM;AAAA;AAErD,CAAA;AAEO,IAAM,eAAA,GAAkB,OAAA;AAAA,EAC7B,kBAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,YAAA,EAAc,QAAQ,eAAA,EAAiB,EAAE,QAAQ,GAAA,EAAK,EAAE,OAAA,EAAQ;AAAA,IAChE,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,UAAU,CAAC,KAAA,CAAM,2BAA2B,CAAA,CAAE,EAAA,CAAG,KAAA,CAAM,MAAM,CAAC;AACjE;AAEO,IAAM,QAAA,GAAW,OAAA;AAAA,EACtB,UAAA;AAAA,EACA;AAAA,IACE,IAAI,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,GAAa,aAAA,EAAc;AAAA,IAC1C,MAAA,EAAQ,IAAA,CAAK,SAAS,CAAA,CACnB,OAAA,EAAQ,CACR,UAAA,CAAW,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,QAAA,EAAU,WAAW,CAAA;AAAA,IACrD,WAAW,OAAA,CAAQ,YAAA,EAAc,EAAE,MAAA,EAAQ,IAAI,CAAA;AAAA,IAC/C,QAAQ,OAAA,CAAQ,QAAA,EAAU,EAAE,MAAA,EAAQ,KAAK,CAAA;AAAA,IACzC,WAAA,EAAa,SAAA,CAAU,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,IAC/C,UAAA,EAAY,UAAU,aAAa,CAAA;AAAA,IACnC,WAAW,SAAA,CAAU,YAAY,CAAA,CAAE,UAAA,GAAa,OAAA;AAAQ,GAC1D;AAAA,EACA,CAAC,KAAA,KAAU;AAAA,IACT,KAAA,CAAM,mBAAmB,CAAA,CAAE,EAAA,CAAG,MAAM,MAAM,CAAA;AAAA,IAC1C,KAAA,CAAM,iBAAiB,CAAA,CAAE,EAAA,CAAG,MAAM,SAAS,CAAA;AAAA,IAC3C,KAAA,CAAM,2BAA2B,CAAA,CAAE,EAAA,CAAG,MAAM,WAAW;AAAA;AAE3D","file":"chunk-XTZSUDSI.js","sourcesContent":["import {\n pgTable,\n uuid,\n varchar,\n boolean,\n timestamp,\n integer,\n text,\n jsonb,\n index,\n uniqueIndex,\n} from \"drizzle-orm/pg-core\";\n\nexport const users = pgTable(\n \"users\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n email: varchar(\"email\", { length: 255 }).notNull(),\n passwordHash: varchar(\"password_hash\", { length: 255 }),\n role: varchar(\"role\", { length: 50 }).notNull().default(\"customer\"),\n tenantId: uuid(\"tenant_id\"),\n emailVerified: boolean(\"email_verified\").default(false),\n locked: boolean(\"locked\").default(false),\n lastLogin: timestamp(\"last_login\"),\n failedLoginAttempts: integer(\"failed_login_attempts\").default(0),\n metadata: jsonb(\"metadata\").$type<Record<string, unknown>>(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n updatedAt: timestamp(\"updated_at\").defaultNow().notNull(),\n },\n (table) => [\n uniqueIndex(\"users_email_idx\").on(table.email),\n index(\"users_tenant_idx\").on(table.tenantId),\n index(\"users_role_idx\").on(table.role),\n ],\n);\n\nexport const roles = pgTable(\n \"roles\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n name: varchar(\"name\", { length: 100 }).notNull().unique(),\n level: integer(\"level\").notNull().default(0),\n inherits: text(\"inherits\").array(),\n description: text(\"description\"),\n permissions: jsonb(\"permissions\").$type<string[]>().default([]),\n isSystem: boolean(\"is_system\").default(false),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n updatedAt: timestamp(\"updated_at\").defaultNow().notNull(),\n },\n (table) => [index(\"roles_level_idx\").on(table.level)],\n);\n\nexport const permissions = pgTable(\n \"permissions\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n roleId: uuid(\"role_id\").references(() => roles.id, { onDelete: \"cascade\" }),\n resource: varchar(\"resource\", { length: 100 }).notNull(),\n action: varchar(\"action\", { length: 50 }).notNull(),\n conditions: jsonb(\"conditions\").$type<Record<string, unknown>>(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"permissions_role_idx\").on(table.roleId),\n index(\"permissions_resource_idx\").on(table.resource),\n ],\n);\n\nexport const sessions = pgTable(\n \"sessions\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n token: varchar(\"token\", { length: 512 }).notNull().unique(),\n refreshToken: varchar(\"refresh_token\", { length: 512 }),\n ipAddress: varchar(\"ip_address\", { length: 45 }),\n userAgent: text(\"user_agent\"),\n expiresAt: timestamp(\"expires_at\").notNull(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"sessions_user_idx\").on(table.userId),\n index(\"sessions_token_idx\").on(table.token),\n index(\"sessions_expires_idx\").on(table.expiresAt),\n ],\n);\n\nexport const auditLogs = pgTable(\n \"audit_logs\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n action: varchar(\"action\", { length: 100 }).notNull(),\n userId: uuid(\"user_id\").references(() => users.id, {\n onDelete: \"set null\",\n }),\n userEmail: varchar(\"user_email\", { length: 255 }),\n role: varchar(\"role\", { length: 50 }),\n resource: varchar(\"resource\", { length: 100 }).notNull(),\n resourceId: uuid(\"resource_id\"),\n changes:\n jsonb(\"changes\").$type<{ field: string; old: unknown; new: unknown }[]>(),\n ipAddress: varchar(\"ip_address\", { length: 45 }),\n userAgent: text(\"user_agent\"),\n success: boolean(\"success\").notNull().default(true),\n error: text(\"error\"),\n metadata: jsonb(\"metadata\").$type<Record<string, unknown>>(),\n timestamp: timestamp(\"timestamp\").defaultNow().notNull(),\n },\n (table) => [\n index(\"audit_logs_user_idx\").on(table.userId),\n index(\"audit_logs_action_idx\").on(table.action),\n index(\"audit_logs_resource_idx\").on(table.resource),\n index(\"audit_logs_timestamp_idx\").on(table.timestamp),\n ],\n);\n\nexport const tenants = pgTable(\n \"tenants\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n name: varchar(\"name\", { length: 255 }).notNull(),\n slug: varchar(\"slug\", { length: 100 }).notNull().unique(),\n settings: jsonb(\"settings\").$type<Record<string, unknown>>().default({}),\n isActive: boolean(\"is_active\").default(true),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n updatedAt: timestamp(\"updated_at\").defaultNow().notNull(),\n },\n (table) => [uniqueIndex(\"tenants_slug_idx\").on(table.slug)],\n);\n\nexport const apiKeys = pgTable(\n \"api_keys\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n name: varchar(\"name\", { length: 255 }).notNull(),\n key: varchar(\"key\", { length: 64 }).notNull().unique(),\n keyPrefix: varchar(\"key_prefix\", { length: 8 }).notNull(),\n permissions: jsonb(\"permissions\").$type<string[]>().default([]),\n lastUsedAt: timestamp(\"last_used_at\"),\n expiresAt: timestamp(\"expires_at\"),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"api_keys_user_idx\").on(table.userId),\n index(\"api_keys_key_idx\").on(table.key),\n ],\n);\n\nexport const emailVerifications = pgTable(\n \"email_verifications\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n token: varchar(\"token\", { length: 64 }).notNull().unique(),\n expiresAt: timestamp(\"expires_at\").notNull(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"email_verifications_token_idx\").on(table.token),\n index(\"email_verifications_user_idx\").on(table.userId),\n ],\n);\n\nexport const passwordResets = pgTable(\n \"password_resets\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n token: varchar(\"token\", { length: 64 }).notNull().unique(),\n expiresAt: timestamp(\"expires_at\").notNull(),\n usedAt: timestamp(\"used_at\"),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"password_resets_token_idx\").on(table.token),\n index(\"password_resets_user_idx\").on(table.userId),\n ],\n);\n\nexport const passwordHistory = pgTable(\n \"password_history\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n passwordHash: varchar(\"password_hash\", { length: 255 }).notNull(),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [index(\"password_history_user_idx\").on(table.userId)],\n);\n\nexport const lockouts = pgTable(\n \"lockouts\",\n {\n id: uuid(\"id\").primaryKey().defaultRandom(),\n userId: uuid(\"user_id\")\n .notNull()\n .references(() => users.id, { onDelete: \"cascade\" }),\n ipAddress: varchar(\"ip_address\", { length: 45 }),\n reason: varchar(\"reason\", { length: 255 }),\n lockedUntil: timestamp(\"locked_until\").notNull(),\n releasedAt: timestamp(\"released_at\"),\n createdAt: timestamp(\"created_at\").defaultNow().notNull(),\n },\n (table) => [\n index(\"lockouts_user_idx\").on(table.userId),\n index(\"lockouts_ip_idx\").on(table.ipAddress),\n index(\"lockouts_locked_until_idx\").on(table.lockedUntil),\n ],\n);\n\nexport type AuthUser = typeof users.$inferSelect;\nexport type AuthUserNew = typeof users.$inferInsert;\nexport type AuthRole = typeof roles.$inferSelect;\nexport type AuthRoleNew = typeof roles.$inferInsert;\nexport type AuthSession = typeof sessions.$inferSelect;\nexport type AuthSessionNew = typeof sessions.$inferInsert;\nexport type AuthAuditLog = typeof auditLogs.$inferSelect;\nexport type AuthAuditLogNew = typeof auditLogs.$inferInsert;\nexport type AuthTenant = typeof tenants.$inferSelect;\nexport type AuthTenantNew = typeof tenants.$inferInsert;\nexport type AuthApiKey = typeof apiKeys.$inferSelect;\nexport type AuthApiKeyNew = typeof apiKeys.$inferInsert;\nexport type AuthEmailVerification = typeof emailVerifications.$inferSelect;\nexport type AuthPasswordReset = typeof passwordResets.$inferSelect;\nexport type AuthPasswordHistoryEntry = typeof passwordHistory.$inferSelect;\nexport type AuthLockout = typeof lockouts.$inferSelect;\n"]}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var chunkTZFJMPCH_cjs = require('./chunk-TZFJMPCH.cjs');
|
|
4
4
|
var drizzleOrm = require('drizzle-orm');
|
|
5
5
|
var bcrypt = require('bcryptjs');
|
|
6
6
|
var crypto = require('crypto');
|
|
@@ -21,7 +21,7 @@ var PostgresAuthAdapter = class {
|
|
|
21
21
|
this.refreshTokenTTL = options.refreshTokenTTL || 604800;
|
|
22
22
|
}
|
|
23
23
|
async createUser(data) {
|
|
24
|
-
const [user] = await this.db.insert(
|
|
24
|
+
const [user] = await this.db.insert(chunkTZFJMPCH_cjs.users).values({
|
|
25
25
|
email: data.email.toLowerCase(),
|
|
26
26
|
passwordHash: data.passwordHash,
|
|
27
27
|
role: data.role || "customer",
|
|
@@ -30,11 +30,11 @@ var PostgresAuthAdapter = class {
|
|
|
30
30
|
return this.userToAuthUser(user);
|
|
31
31
|
}
|
|
32
32
|
async findUserByEmail(email) {
|
|
33
|
-
const [user] = await this.db.select().from(
|
|
33
|
+
const [user] = await this.db.select().from(chunkTZFJMPCH_cjs.users).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.users.email, email.toLowerCase())).limit(1);
|
|
34
34
|
return user ? this.userToAuthUser(user) : null;
|
|
35
35
|
}
|
|
36
36
|
async findUserById(id) {
|
|
37
|
-
const [user] = await this.db.select().from(
|
|
37
|
+
const [user] = await this.db.select().from(chunkTZFJMPCH_cjs.users).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.users.id, id)).limit(1);
|
|
38
38
|
return user ? this.userToAuthUser(user) : null;
|
|
39
39
|
}
|
|
40
40
|
async updateUser(id, data) {
|
|
@@ -51,11 +51,11 @@ var PostgresAuthAdapter = class {
|
|
|
51
51
|
dbData.lastLogin = data.lastLogin ? new Date(data.lastLogin) : null;
|
|
52
52
|
if (data.failedLoginAttempts !== void 0)
|
|
53
53
|
dbData.failedLoginAttempts = data.failedLoginAttempts;
|
|
54
|
-
const [user] = await this.db.update(
|
|
54
|
+
const [user] = await this.db.update(chunkTZFJMPCH_cjs.users).set(dbData).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.users.id, id)).returning();
|
|
55
55
|
return user ? this.userToAuthUser(user) : null;
|
|
56
56
|
}
|
|
57
57
|
async deleteUser(id) {
|
|
58
|
-
await this.db.delete(
|
|
58
|
+
await this.db.delete(chunkTZFJMPCH_cjs.users).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.users.id, id));
|
|
59
59
|
return true;
|
|
60
60
|
}
|
|
61
61
|
async verifyPassword(password, hash) {
|
|
@@ -69,7 +69,7 @@ var PostgresAuthAdapter = class {
|
|
|
69
69
|
const refreshToken = crypto.randomBytes(32).toString("base64url");
|
|
70
70
|
const expiresAt = new Date(Date.now() + this.sessionTTL * 1e3);
|
|
71
71
|
new Date(Date.now() + this.refreshTokenTTL * 1e3);
|
|
72
|
-
const [session] = await this.db.insert(
|
|
72
|
+
const [session] = await this.db.insert(chunkTZFJMPCH_cjs.sessions).values({
|
|
73
73
|
userId,
|
|
74
74
|
token,
|
|
75
75
|
refreshToken,
|
|
@@ -80,25 +80,25 @@ var PostgresAuthAdapter = class {
|
|
|
80
80
|
return this.sessionToSession(session);
|
|
81
81
|
}
|
|
82
82
|
async findSessionByToken(token) {
|
|
83
|
-
const [session] = await this.db.select().from(
|
|
83
|
+
const [session] = await this.db.select().from(chunkTZFJMPCH_cjs.sessions).where(drizzleOrm.and(drizzleOrm.eq(chunkTZFJMPCH_cjs.sessions.token, token), drizzleOrm.gt(chunkTZFJMPCH_cjs.sessions.expiresAt, /* @__PURE__ */ new Date()))).limit(1);
|
|
84
84
|
return session ? this.sessionToSession(session) : null;
|
|
85
85
|
}
|
|
86
86
|
async deleteSession(sessionId) {
|
|
87
|
-
await this.db.delete(
|
|
87
|
+
await this.db.delete(chunkTZFJMPCH_cjs.sessions).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.sessions.id, sessionId));
|
|
88
88
|
return true;
|
|
89
89
|
}
|
|
90
90
|
async deleteUserSessions(userId) {
|
|
91
|
-
await this.db.delete(
|
|
91
|
+
await this.db.delete(chunkTZFJMPCH_cjs.sessions).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.sessions.userId, userId));
|
|
92
92
|
return 1;
|
|
93
93
|
}
|
|
94
94
|
async addPasswordToHistory(userId, passwordHash) {
|
|
95
|
-
await this.db.insert(
|
|
95
|
+
await this.db.insert(chunkTZFJMPCH_cjs.passwordHistory).values({
|
|
96
96
|
userId,
|
|
97
97
|
passwordHash
|
|
98
98
|
});
|
|
99
99
|
}
|
|
100
100
|
async getPasswordHistory(userId, count = 5) {
|
|
101
|
-
const history = await this.db.select({ passwordHash:
|
|
101
|
+
const history = await this.db.select({ passwordHash: chunkTZFJMPCH_cjs.passwordHistory.passwordHash }).from(chunkTZFJMPCH_cjs.passwordHistory).where(drizzleOrm.eq(chunkTZFJMPCH_cjs.passwordHistory.userId, userId)).orderBy(drizzleOrm.desc(chunkTZFJMPCH_cjs.passwordHistory.createdAt)).limit(count);
|
|
102
102
|
return history.map((h) => h.passwordHash);
|
|
103
103
|
}
|
|
104
104
|
async isPasswordInHistory(password, userId, historyCount = 5) {
|
|
@@ -111,14 +111,14 @@ var PostgresAuthAdapter = class {
|
|
|
111
111
|
return false;
|
|
112
112
|
}
|
|
113
113
|
async isLocked(userId) {
|
|
114
|
-
const [lockout] = await this.db.select().from(
|
|
115
|
-
drizzleOrm.and(drizzleOrm.eq(
|
|
114
|
+
const [lockout] = await this.db.select().from(chunkTZFJMPCH_cjs.lockouts).where(
|
|
115
|
+
drizzleOrm.and(drizzleOrm.eq(chunkTZFJMPCH_cjs.lockouts.userId, userId), drizzleOrm.gt(chunkTZFJMPCH_cjs.lockouts.lockedUntil, /* @__PURE__ */ new Date()))
|
|
116
116
|
).limit(1);
|
|
117
117
|
return !!lockout;
|
|
118
118
|
}
|
|
119
119
|
async getLockout(userId) {
|
|
120
|
-
const [lockout] = await this.db.select().from(
|
|
121
|
-
drizzleOrm.and(drizzleOrm.eq(
|
|
120
|
+
const [lockout] = await this.db.select().from(chunkTZFJMPCH_cjs.lockouts).where(
|
|
121
|
+
drizzleOrm.and(drizzleOrm.eq(chunkTZFJMPCH_cjs.lockouts.userId, userId), drizzleOrm.gt(chunkTZFJMPCH_cjs.lockouts.lockedUntil, /* @__PURE__ */ new Date()))
|
|
122
122
|
).limit(1);
|
|
123
123
|
return lockout ? { lockedUntil: lockout.lockedUntil } : null;
|
|
124
124
|
}
|
|
@@ -130,7 +130,7 @@ var PostgresAuthAdapter = class {
|
|
|
130
130
|
const locked = attempts >= maxAttempts;
|
|
131
131
|
if (locked) {
|
|
132
132
|
const lockoutDuration = 15 * 60 * 1e3;
|
|
133
|
-
await this.db.insert(
|
|
133
|
+
await this.db.insert(chunkTZFJMPCH_cjs.lockouts).values({
|
|
134
134
|
userId,
|
|
135
135
|
ipAddress,
|
|
136
136
|
reason: "Too many failed login attempts",
|
|
@@ -172,5 +172,5 @@ var PostgresAuthAdapter = class {
|
|
|
172
172
|
};
|
|
173
173
|
|
|
174
174
|
exports.PostgresAuthAdapter = PostgresAuthAdapter;
|
|
175
|
-
//# sourceMappingURL=chunk-
|
|
176
|
-
//# sourceMappingURL=chunk-
|
|
175
|
+
//# sourceMappingURL=chunk-YD7Y25W7.cjs.map
|
|
176
|
+
//# sourceMappingURL=chunk-YD7Y25W7.cjs.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/database/drizzle/postgres-auth-adapter.ts"],"names":["users","eq","bcrypt","randomBytes","sessions","and","gt","passwordHistory","desc","lockouts"],"mappings":";;;;;;;;;;;AA0BO,IAAM,sBAAN,MAAiD;AAAA,EAC9C,EAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EAER,YAAY,OAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,KAAK,OAAA,CAAQ,EAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,OAAA;AAChC,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,KAAA;AACxC,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAQ,eAAA,IAAmB,MAAA;AAAA,EACpD;AAAA,EAEA,MAAM,WAAW,IAAA,EAKK;AACpB,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,CAAOA,uBAAK,CAAA,CACZ,MAAA,CAAO;AAAA,MACN,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,WAAA,EAAY;AAAA,MAC9B,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,IAAA,EAAO,KAAK,IAAA,IAAQ,UAAA;AAAA,MACpB,UAAU,IAAA,CAAK;AAAA,KAChB,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,eAAe,IAAI,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,gBAAgB,KAAA,EAAyC;AAC7D,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,GACA,IAAA,CAAKA,uBAAK,EACV,KAAA,CAAMC,aAAA,CAAGD,wBAAM,KAAA,EAAO,KAAA,CAAM,aAAa,CAAC,CAAA,CAC1C,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,EAAA,EAAsC;AACvD,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,QAAO,CACP,IAAA,CAAKA,uBAAK,CAAA,CACV,KAAA,CAAMC,cAAGD,uBAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAA,CACtB,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,CACJ,EAAA,EACA,IAAA,EAC0B;AAC1B,IAAA,MAAM,MAAA,GAAkC,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAChE,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,EAAW,MAAA,CAAO,QAAQ,IAAA,CAAK,KAAA;AAClD,IAAA,IAAI,KAAK,YAAA,KAAiB,MAAA;AACxB,MAAA,MAAA,CAAO,eAAe,IAAA,CAAK,YAAA;AAC7B,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,MAAA,EAAW,MAAA,CAAO,OAAO,IAAA,CAAK,IAAA;AAChD,IAAA,IAAI,IAAA,CAAK,QAAA,KAAa,MAAA,EAAW,MAAA,CAAO,WAAW,IAAA,CAAK,QAAA;AACxD,IAAA,IAAI,KAAK,aAAA,KAAkB,MAAA;AACzB,MAAA,MAAA,CAAO,gBAAgB,IAAA,CAAK,aAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,MAAA,EAAW,MAAA,CAAO,SAAS,IAAA,CAAK,MAAA;AACpD,IAAA,IAAI,KAAK,SAAA,KAAc,MAAA;AACrB,MAAA,MAAA,CAAO,YAAY,IAAA,CAAK,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA,GAAI,IAAA;AACjE,IAAA,IAAI,KAAK,mBAAA,KAAwB,MAAA;AAC/B,MAAA,MAAA,CAAO,sBAAsB,IAAA,CAAK,mBAAA;AAEpC,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,OAAOA,uBAAK,CAAA,CACZ,IAAI,MAAM,CAAA,CACV,MAAMC,aAAA,CAAGD,uBAAA,CAAM,IAAI,EAAE,CAAC,EACtB,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,EAAA,EAA8B;AAC7C,IAAe,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOA,uBAAK,CAAA,CAAE,KAAA,CAAMC,aAAA,CAAGD,uBAAA,CAAM,EAAA,EAAI,EAAE,CAAC;AACjE,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,cAAA,CAAe,QAAA,EAAkB,IAAA,EAAgC;AACrE,IAAA,OAAOE,uBAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,IAAI,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,aAAa,QAAA,EAAmC;AACpD,IAAA,OAAOA,uBAAA,CAAO,IAAA,CAAK,QAAA,EAAU,EAAE,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,aAAA,CACJ,MAAA,EACA,IAAA,EACkB;AAClB,IAAA,MAAM,KAAA,GAAQC,kBAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AAClD,IAAA,MAAM,YAAA,GAAeA,kBAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AACzD,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,aAAa,GAAI,CAAA;AAC9D,IAAyB,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,kBAAkB,GAAI;AAE1E,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,KAAK,EAAA,CAC1B,MAAA,CAAOC,0BAAQ,CAAA,CACf,MAAA,CAAO;AAAA,MACN,MAAA;AAAA,MACA,KAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB;AAAA,KACD,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,mBAAmB,KAAA,EAAwC;AAC/D,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CAC1B,MAAA,EAAO,CACP,IAAA,CAAKA,0BAAQ,CAAA,CACb,KAAA,CAAMC,cAAA,CAAIJ,aAAA,CAAGG,0BAAA,CAAS,KAAA,EAAO,KAAK,CAAA,EAAGE,aAAA,CAAGF,0BAAA,CAAS,SAAA,kBAAW,IAAI,IAAA,EAAM,CAAC,CAAC,CAAA,CACxE,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA,GAAI,IAAA;AAAA,EACpD;AAAA,EAEA,MAAM,cAAc,SAAA,EAAqC;AACvD,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOA,0BAAQ,CAAA,CAAE,MAAMH,aAAA,CAAGG,0BAAA,CAAS,EAAA,EAAI,SAAS,CAAC,CAAA;AAC/D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAiC;AACxD,IAAe,MAAM,IAAA,CAAK,EAAA,CACvB,MAAA,CAAOA,0BAAQ,CAAA,CACf,KAAA,CAAMH,aAAA,CAAGG,0BAAA,CAAS,MAAA,EAAQ,MAAM,CAAC;AACpC,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,CACJ,MAAA,EACA,YAAA,EACe;AACf,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOG,iCAAe,EAAE,MAAA,CAAO;AAAA,MAC3C,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,kBAAA,CACJ,MAAA,EACA,KAAA,GAAgB,CAAA,EACG;AACnB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,EAAA,CACxB,MAAA,CAAO,EAAE,YAAA,EAAcA,iCAAA,CAAgB,YAAA,EAAc,CAAA,CACrD,IAAA,CAAKA,iCAAe,CAAA,CACpB,KAAA,CAAMN,aAAA,CAAGM,iCAAA,CAAgB,MAAA,EAAQ,MAAM,CAAC,CAAA,CACxC,OAAA,CAAQC,eAAA,CAAKD,iCAAA,CAAgB,SAAS,CAAC,CAAA,CACvC,KAAA,CAAM,KAAK,CAAA;AAEd,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,YAAY,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,mBAAA,CACJ,QAAA,EACA,MAAA,EACA,eAAuB,CAAA,EACL;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,YAAY,CAAA;AAElE,IAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,MAAA,IAAI,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,EAAU,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,MAAA,EAAkC;AAC/C,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAKE,0BAAQ,CAAA,CACb,KAAA;AAAA,MACCJ,cAAA,CAAIJ,aAAA,CAAGQ,0BAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAGH,aAAA,CAAGG,0BAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,CAAC,CAAC,OAAA;AAAA,EACX;AAAA,EAEA,MAAM,WAAW,MAAA,EAAuD;AACtE,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAKA,0BAAQ,CAAA,CACb,KAAA;AAAA,MACCJ,cAAA,CAAIJ,aAAA,CAAGQ,0BAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAGH,aAAA,CAAGG,0BAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,EAAE,WAAA,EAAa,OAAA,CAAQ,aAAY,GAAI,IAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,mBAAA,CACJ,MAAA,EACA,SAAA,EACgD;AAChD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA;AAC3C,IAAA,MAAM,QAAA,GAAA,CAAY,IAAA,EAAM,mBAAA,IAAuB,CAAA,IAAK,CAAA;AAEpD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,UAAU,CAAA;AAE/D,IAAA,MAAM,WAAA,GAAc,CAAA;AACpB,IAAA,MAAM,SAAS,QAAA,IAAY,WAAA;AAE3B,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,MAAM,eAAA,GAAkB,KAAK,EAAA,GAAK,GAAA;AAClC,MAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOA,0BAAQ,EAAE,MAAA,CAAO;AAAA,QACpC,MAAA;AAAA,QACA,SAAA;AAAA,QACA,MAAA,EAAQ,gCAAA;AAAA,QACR,aAAa,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,eAAe;AAAA,OACnD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,EAAE,UAAU,MAAA,EAAO;AAAA,EAC5B;AAAA,EAEA,MAAM,cAAc,MAAA,EAA+B;AACjD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,GAAG,CAAA;AAAA,EAC1D;AAAA,EAEQ,eAAe,IAAA,EAA6B;AAClD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAA,EAAc,KAAK,YAAA,IAAgB,MAAA;AAAA,MACnC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAA,EAAU,KAAK,QAAA,IAAY,MAAA;AAAA,MAC3B,aAAA,EAAe,KAAK,aAAA,IAAiB,KAAA;AAAA,MACrC,MAAA,EAAQ,KAAK,MAAA,IAAU,KAAA;AAAA,MACvB,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,WAAA,EAAY;AAAA,MACvC,mBAAA,EAAqB,KAAK,mBAAA,IAAuB,CAAA;AAAA,MACjD,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,MACtC,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA;AAAY,KACxC;AAAA,EACF;AAAA,EAEQ,iBAAiB,OAAA,EAAgD;AACvE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,YAAA,EAAc,QAAQ,YAAA,IAAgB,MAAA;AAAA,MACtC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,QAAQ,SAAA,IAAa,MAAA;AAAA,MAChC,SAAA,EAAW,QAAQ,SAAA,IAAa;AAAA,KAClC;AAAA,EACF;AACF","file":"chunk-KWTKEBHM.cjs","sourcesContent":["import type { PostgresJsDatabase } from \"drizzle-orm/postgres-js\";\nimport { eq, and, gt, desc } from \"drizzle-orm\";\nimport bcrypt from \"bcryptjs\";\nimport { randomBytes } from \"crypto\";\nimport type {\n AuthAdapter,\n AuthUser,\n Session,\n UserRole,\n} from \"../../auth/types.js\";\nimport {\n users,\n sessions,\n passwordHistory,\n auditLogs,\n lockouts,\n type AuthUser as AuthUserRow,\n} from \"./schema/auth.js\";\n\nexport interface PostgresAuthAdapterOptions {\n db: PostgresJsDatabase;\n prefix?: string;\n sessionTTL?: number;\n refreshTokenTTL?: number;\n}\n\nexport class PostgresAuthAdapter implements AuthAdapter {\n private db: PostgresJsDatabase;\n private prefix: string;\n private sessionTTL: number;\n private refreshTokenTTL: number;\n\n constructor(options: PostgresAuthAdapterOptions) {\n this.db = options.db;\n this.prefix = options.prefix || \"kyro:\";\n this.sessionTTL = options.sessionTTL || 86400;\n this.refreshTokenTTL = options.refreshTokenTTL || 604800;\n }\n\n async createUser(data: {\n email: string;\n passwordHash: string;\n role?: UserRole;\n tenantId?: string;\n }): Promise<AuthUser> {\n const [user] = await this.db\n .insert(users)\n .values({\n email: data.email.toLowerCase(),\n passwordHash: data.passwordHash,\n role: (data.role || \"customer\") as string,\n tenantId: data.tenantId,\n })\n .returning();\n\n return this.userToAuthUser(user);\n }\n\n async findUserByEmail(email: string): Promise<AuthUser | null> {\n const [user] = await this.db\n .select()\n .from(users)\n .where(eq(users.email, email.toLowerCase()))\n .limit(1);\n\n return user ? this.userToAuthUser(user) : null;\n }\n\n async findUserById(id: string): Promise<AuthUser | null> {\n const [user] = await this.db\n .select()\n .from(users)\n .where(eq(users.id, id))\n .limit(1);\n\n return user ? this.userToAuthUser(user) : null;\n }\n\n async updateUser(\n id: string,\n data: Partial<AuthUser>,\n ): Promise<AuthUser | null> {\n const dbData: Record<string, unknown> = { updatedAt: new Date() };\n if (data.email !== undefined) dbData.email = data.email;\n if (data.passwordHash !== undefined)\n dbData.passwordHash = data.passwordHash;\n if (data.role !== undefined) dbData.role = data.role;\n if (data.tenantId !== undefined) dbData.tenantId = data.tenantId;\n if (data.emailVerified !== undefined)\n dbData.emailVerified = data.emailVerified;\n if (data.locked !== undefined) dbData.locked = data.locked;\n if (data.lastLogin !== undefined)\n dbData.lastLogin = data.lastLogin ? new Date(data.lastLogin) : null;\n if (data.failedLoginAttempts !== undefined)\n dbData.failedLoginAttempts = data.failedLoginAttempts;\n\n const [user] = await this.db\n .update(users)\n .set(dbData)\n .where(eq(users.id, id))\n .returning();\n\n return user ? this.userToAuthUser(user) : null;\n }\n\n async deleteUser(id: string): Promise<boolean> {\n const result = await this.db.delete(users).where(eq(users.id, id));\n return true;\n }\n\n async verifyPassword(password: string, hash: string): Promise<boolean> {\n return bcrypt.compare(password, hash);\n }\n\n async hashPassword(password: string): Promise<string> {\n return bcrypt.hash(password, 12);\n }\n\n async createSession(\n userId: string,\n data?: { ipAddress?: string; userAgent?: string },\n ): Promise<Session> {\n const token = randomBytes(32).toString(\"base64url\");\n const refreshToken = randomBytes(32).toString(\"base64url\");\n const expiresAt = new Date(Date.now() + this.sessionTTL * 1000);\n const refreshExpiresAt = new Date(Date.now() + this.refreshTokenTTL * 1000);\n\n const [session] = await this.db\n .insert(sessions)\n .values({\n userId,\n token,\n refreshToken,\n ipAddress: data?.ipAddress,\n userAgent: data?.userAgent,\n expiresAt,\n })\n .returning();\n\n return this.sessionToSession(session);\n }\n\n async findSessionByToken(token: string): Promise<Session | null> {\n const [session] = await this.db\n .select()\n .from(sessions)\n .where(and(eq(sessions.token, token), gt(sessions.expiresAt, new Date())))\n .limit(1);\n\n return session ? this.sessionToSession(session) : null;\n }\n\n async deleteSession(sessionId: string): Promise<boolean> {\n await this.db.delete(sessions).where(eq(sessions.id, sessionId));\n return true;\n }\n\n async deleteUserSessions(userId: string): Promise<number> {\n const result = await this.db\n .delete(sessions)\n .where(eq(sessions.userId, userId));\n return 1;\n }\n\n async addPasswordToHistory(\n userId: string,\n passwordHash: string,\n ): Promise<void> {\n await this.db.insert(passwordHistory).values({\n userId,\n passwordHash,\n });\n }\n\n async getPasswordHistory(\n userId: string,\n count: number = 5,\n ): Promise<string[]> {\n const history = await this.db\n .select({ passwordHash: passwordHistory.passwordHash })\n .from(passwordHistory)\n .where(eq(passwordHistory.userId, userId))\n .orderBy(desc(passwordHistory.createdAt))\n .limit(count);\n\n return history.map((h) => h.passwordHash);\n }\n\n async isPasswordInHistory(\n password: string,\n userId: string,\n historyCount: number = 5,\n ): Promise<boolean> {\n const history = await this.getPasswordHistory(userId, historyCount);\n\n for (const hash of history) {\n if (await this.verifyPassword(password, hash)) {\n return true;\n }\n }\n\n return false;\n }\n\n async isLocked(userId: string): Promise<boolean> {\n const [lockout] = await this.db\n .select()\n .from(lockouts)\n .where(\n and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n )\n .limit(1);\n\n return !!lockout;\n }\n\n async getLockout(userId: string): Promise<{ lockedUntil: Date } | null> {\n const [lockout] = await this.db\n .select()\n .from(lockouts)\n .where(\n and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n )\n .limit(1);\n\n return lockout ? { lockedUntil: lockout.lockedUntil } : null;\n }\n\n async recordFailedAttempt(\n userId: string,\n ipAddress?: string,\n ): Promise<{ attempts: number; locked: boolean }> {\n const user = await this.findUserById(userId);\n const attempts = (user?.failedLoginAttempts || 0) + 1;\n\n await this.updateUser(userId, { failedLoginAttempts: attempts });\n\n const maxAttempts = 5;\n const locked = attempts >= maxAttempts;\n\n if (locked) {\n const lockoutDuration = 15 * 60 * 1000;\n await this.db.insert(lockouts).values({\n userId,\n ipAddress,\n reason: \"Too many failed login attempts\",\n lockedUntil: new Date(Date.now() + lockoutDuration),\n });\n }\n\n return { attempts, locked };\n }\n\n async resetAttempts(userId: string): Promise<void> {\n await this.updateUser(userId, { failedLoginAttempts: 0 });\n }\n\n private userToAuthUser(user: AuthUserRow): AuthUser {\n return {\n id: user.id,\n email: user.email,\n passwordHash: user.passwordHash || undefined,\n role: user.role as UserRole,\n tenantId: user.tenantId || undefined,\n emailVerified: user.emailVerified || false,\n locked: user.locked || false,\n lastLogin: user.lastLogin?.toISOString(),\n failedLoginAttempts: user.failedLoginAttempts || 0,\n createdAt: user.createdAt.toISOString(),\n updatedAt: user.updatedAt.toISOString(),\n };\n }\n\n private sessionToSession(session: typeof sessions.$inferSelect): Session {\n return {\n id: session.id,\n userId: session.userId,\n token: session.token,\n refreshToken: session.refreshToken || undefined,\n expiresAt: session.expiresAt.toISOString(),\n createdAt: session.createdAt.toISOString(),\n ipAddress: session.ipAddress || undefined,\n userAgent: session.userAgent || undefined,\n };\n }\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/database/drizzle/postgres-auth-adapter.ts"],"names":["users","eq","bcrypt","randomBytes","sessions","and","gt","passwordHistory","desc","lockouts"],"mappings":";;;;;;;;;;;AA0BO,IAAM,sBAAN,MAAiD;AAAA,EAC9C,EAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EAER,YAAY,OAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,KAAK,OAAA,CAAQ,EAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,OAAA;AAChC,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,KAAA;AACxC,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAQ,eAAA,IAAmB,MAAA;AAAA,EACpD;AAAA,EAEA,MAAM,WAAW,IAAA,EAKK;AACpB,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,CAAOA,uBAAK,CAAA,CACZ,MAAA,CAAO;AAAA,MACN,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,WAAA,EAAY;AAAA,MAC9B,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,IAAA,EAAO,KAAK,IAAA,IAAQ,UAAA;AAAA,MACpB,UAAU,IAAA,CAAK;AAAA,KAChB,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,eAAe,IAAI,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,gBAAgB,KAAA,EAAyC;AAC7D,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,GACA,IAAA,CAAKA,uBAAK,EACV,KAAA,CAAMC,aAAA,CAAGD,wBAAM,KAAA,EAAO,KAAA,CAAM,aAAa,CAAC,CAAA,CAC1C,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,EAAA,EAAsC;AACvD,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,QAAO,CACP,IAAA,CAAKA,uBAAK,CAAA,CACV,KAAA,CAAMC,cAAGD,uBAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAA,CACtB,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,CACJ,EAAA,EACA,IAAA,EAC0B;AAC1B,IAAA,MAAM,MAAA,GAAkC,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAChE,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,EAAW,MAAA,CAAO,QAAQ,IAAA,CAAK,KAAA;AAClD,IAAA,IAAI,KAAK,YAAA,KAAiB,MAAA;AACxB,MAAA,MAAA,CAAO,eAAe,IAAA,CAAK,YAAA;AAC7B,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,MAAA,EAAW,MAAA,CAAO,OAAO,IAAA,CAAK,IAAA;AAChD,IAAA,IAAI,IAAA,CAAK,QAAA,KAAa,MAAA,EAAW,MAAA,CAAO,WAAW,IAAA,CAAK,QAAA;AACxD,IAAA,IAAI,KAAK,aAAA,KAAkB,MAAA;AACzB,MAAA,MAAA,CAAO,gBAAgB,IAAA,CAAK,aAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,MAAA,EAAW,MAAA,CAAO,SAAS,IAAA,CAAK,MAAA;AACpD,IAAA,IAAI,KAAK,SAAA,KAAc,MAAA;AACrB,MAAA,MAAA,CAAO,YAAY,IAAA,CAAK,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA,GAAI,IAAA;AACjE,IAAA,IAAI,KAAK,mBAAA,KAAwB,MAAA;AAC/B,MAAA,MAAA,CAAO,sBAAsB,IAAA,CAAK,mBAAA;AAEpC,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,OAAOA,uBAAK,CAAA,CACZ,IAAI,MAAM,CAAA,CACV,MAAMC,aAAA,CAAGD,uBAAA,CAAM,IAAI,EAAE,CAAC,EACtB,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,EAAA,EAA8B;AAC7C,IAAe,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOA,uBAAK,CAAA,CAAE,KAAA,CAAMC,aAAA,CAAGD,uBAAA,CAAM,EAAA,EAAI,EAAE,CAAC;AACjE,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,cAAA,CAAe,QAAA,EAAkB,IAAA,EAAgC;AACrE,IAAA,OAAOE,uBAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,IAAI,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,aAAa,QAAA,EAAmC;AACpD,IAAA,OAAOA,uBAAA,CAAO,IAAA,CAAK,QAAA,EAAU,EAAE,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,aAAA,CACJ,MAAA,EACA,IAAA,EACkB;AAClB,IAAA,MAAM,KAAA,GAAQC,kBAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AAClD,IAAA,MAAM,YAAA,GAAeA,kBAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AACzD,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,aAAa,GAAI,CAAA;AAC9D,IAAyB,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,kBAAkB,GAAI;AAE1E,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,KAAK,EAAA,CAC1B,MAAA,CAAOC,0BAAQ,CAAA,CACf,MAAA,CAAO;AAAA,MACN,MAAA;AAAA,MACA,KAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB;AAAA,KACD,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,mBAAmB,KAAA,EAAwC;AAC/D,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CAC1B,MAAA,EAAO,CACP,IAAA,CAAKA,0BAAQ,CAAA,CACb,KAAA,CAAMC,cAAA,CAAIJ,aAAA,CAAGG,0BAAA,CAAS,KAAA,EAAO,KAAK,CAAA,EAAGE,aAAA,CAAGF,0BAAA,CAAS,SAAA,kBAAW,IAAI,IAAA,EAAM,CAAC,CAAC,CAAA,CACxE,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA,GAAI,IAAA;AAAA,EACpD;AAAA,EAEA,MAAM,cAAc,SAAA,EAAqC;AACvD,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOA,0BAAQ,CAAA,CAAE,MAAMH,aAAA,CAAGG,0BAAA,CAAS,EAAA,EAAI,SAAS,CAAC,CAAA;AAC/D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAiC;AACxD,IAAe,MAAM,IAAA,CAAK,EAAA,CACvB,MAAA,CAAOA,0BAAQ,CAAA,CACf,KAAA,CAAMH,aAAA,CAAGG,0BAAA,CAAS,MAAA,EAAQ,MAAM,CAAC;AACpC,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,CACJ,MAAA,EACA,YAAA,EACe;AACf,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOG,iCAAe,EAAE,MAAA,CAAO;AAAA,MAC3C,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,kBAAA,CACJ,MAAA,EACA,KAAA,GAAgB,CAAA,EACG;AACnB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,EAAA,CACxB,MAAA,CAAO,EAAE,YAAA,EAAcA,iCAAA,CAAgB,YAAA,EAAc,CAAA,CACrD,IAAA,CAAKA,iCAAe,CAAA,CACpB,KAAA,CAAMN,aAAA,CAAGM,iCAAA,CAAgB,MAAA,EAAQ,MAAM,CAAC,CAAA,CACxC,OAAA,CAAQC,eAAA,CAAKD,iCAAA,CAAgB,SAAS,CAAC,CAAA,CACvC,KAAA,CAAM,KAAK,CAAA;AAEd,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,YAAY,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,mBAAA,CACJ,QAAA,EACA,MAAA,EACA,eAAuB,CAAA,EACL;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,YAAY,CAAA;AAElE,IAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,MAAA,IAAI,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,EAAU,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,MAAA,EAAkC;AAC/C,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAKE,0BAAQ,CAAA,CACb,KAAA;AAAA,MACCJ,cAAA,CAAIJ,aAAA,CAAGQ,0BAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAGH,aAAA,CAAGG,0BAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,CAAC,CAAC,OAAA;AAAA,EACX;AAAA,EAEA,MAAM,WAAW,MAAA,EAAuD;AACtE,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAKA,0BAAQ,CAAA,CACb,KAAA;AAAA,MACCJ,cAAA,CAAIJ,aAAA,CAAGQ,0BAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAGH,aAAA,CAAGG,0BAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,EAAE,WAAA,EAAa,OAAA,CAAQ,aAAY,GAAI,IAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,mBAAA,CACJ,MAAA,EACA,SAAA,EACgD;AAChD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA;AAC3C,IAAA,MAAM,QAAA,GAAA,CAAY,IAAA,EAAM,mBAAA,IAAuB,CAAA,IAAK,CAAA;AAEpD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,UAAU,CAAA;AAE/D,IAAA,MAAM,WAAA,GAAc,CAAA;AACpB,IAAA,MAAM,SAAS,QAAA,IAAY,WAAA;AAE3B,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,MAAM,eAAA,GAAkB,KAAK,EAAA,GAAK,GAAA;AAClC,MAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAOA,0BAAQ,EAAE,MAAA,CAAO;AAAA,QACpC,MAAA;AAAA,QACA,SAAA;AAAA,QACA,MAAA,EAAQ,gCAAA;AAAA,QACR,aAAa,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,eAAe;AAAA,OACnD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,EAAE,UAAU,MAAA,EAAO;AAAA,EAC5B;AAAA,EAEA,MAAM,cAAc,MAAA,EAA+B;AACjD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,GAAG,CAAA;AAAA,EAC1D;AAAA,EAEQ,eAAe,IAAA,EAA6B;AAClD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAA,EAAc,KAAK,YAAA,IAAgB,MAAA;AAAA,MACnC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAA,EAAU,KAAK,QAAA,IAAY,MAAA;AAAA,MAC3B,aAAA,EAAe,KAAK,aAAA,IAAiB,KAAA;AAAA,MACrC,MAAA,EAAQ,KAAK,MAAA,IAAU,KAAA;AAAA,MACvB,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,WAAA,EAAY;AAAA,MACvC,mBAAA,EAAqB,KAAK,mBAAA,IAAuB,CAAA;AAAA,MACjD,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,MACtC,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA;AAAY,KACxC;AAAA,EACF;AAAA,EAEQ,iBAAiB,OAAA,EAAgD;AACvE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,YAAA,EAAc,QAAQ,YAAA,IAAgB,MAAA;AAAA,MACtC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,QAAQ,SAAA,IAAa,MAAA;AAAA,MAChC,SAAA,EAAW,QAAQ,SAAA,IAAa;AAAA,KAClC;AAAA,EACF;AACF","file":"chunk-YD7Y25W7.cjs","sourcesContent":["import type { PostgresJsDatabase } from \"drizzle-orm/postgres-js\";\nimport { eq, and, gt, desc } from \"drizzle-orm\";\nimport bcrypt from \"bcryptjs\";\nimport { randomBytes } from \"crypto\";\nimport type {\n AuthAdapter,\n AuthUser,\n Session,\n UserRole,\n} from \"../../auth/types.js\";\nimport {\n users,\n sessions,\n passwordHistory,\n auditLogs,\n lockouts,\n type AuthUser as AuthUserRow,\n} from \"./schema/auth.js\";\n\nexport interface PostgresAuthAdapterOptions {\n db: PostgresJsDatabase;\n prefix?: string;\n sessionTTL?: number;\n refreshTokenTTL?: number;\n}\n\nexport class PostgresAuthAdapter implements AuthAdapter {\n private db: PostgresJsDatabase;\n private prefix: string;\n private sessionTTL: number;\n private refreshTokenTTL: number;\n\n constructor(options: PostgresAuthAdapterOptions) {\n this.db = options.db;\n this.prefix = options.prefix || \"kyro:\";\n this.sessionTTL = options.sessionTTL || 86400;\n this.refreshTokenTTL = options.refreshTokenTTL || 604800;\n }\n\n async createUser(data: {\n email: string;\n passwordHash: string;\n role?: UserRole;\n tenantId?: string;\n }): Promise<AuthUser> {\n const [user] = await this.db\n .insert(users)\n .values({\n email: data.email.toLowerCase(),\n passwordHash: data.passwordHash,\n role: (data.role || \"customer\") as string,\n tenantId: data.tenantId,\n })\n .returning();\n\n return this.userToAuthUser(user);\n }\n\n async findUserByEmail(email: string): Promise<AuthUser | null> {\n const [user] = await this.db\n .select()\n .from(users)\n .where(eq(users.email, email.toLowerCase()))\n .limit(1);\n\n return user ? this.userToAuthUser(user) : null;\n }\n\n async findUserById(id: string): Promise<AuthUser | null> {\n const [user] = await this.db\n .select()\n .from(users)\n .where(eq(users.id, id))\n .limit(1);\n\n return user ? this.userToAuthUser(user) : null;\n }\n\n async updateUser(\n id: string,\n data: Partial<AuthUser>,\n ): Promise<AuthUser | null> {\n const dbData: Record<string, unknown> = { updatedAt: new Date() };\n if (data.email !== undefined) dbData.email = data.email;\n if (data.passwordHash !== undefined)\n dbData.passwordHash = data.passwordHash;\n if (data.role !== undefined) dbData.role = data.role;\n if (data.tenantId !== undefined) dbData.tenantId = data.tenantId;\n if (data.emailVerified !== undefined)\n dbData.emailVerified = data.emailVerified;\n if (data.locked !== undefined) dbData.locked = data.locked;\n if (data.lastLogin !== undefined)\n dbData.lastLogin = data.lastLogin ? new Date(data.lastLogin) : null;\n if (data.failedLoginAttempts !== undefined)\n dbData.failedLoginAttempts = data.failedLoginAttempts;\n\n const [user] = await this.db\n .update(users)\n .set(dbData)\n .where(eq(users.id, id))\n .returning();\n\n return user ? this.userToAuthUser(user) : null;\n }\n\n async deleteUser(id: string): Promise<boolean> {\n const result = await this.db.delete(users).where(eq(users.id, id));\n return true;\n }\n\n async verifyPassword(password: string, hash: string): Promise<boolean> {\n return bcrypt.compare(password, hash);\n }\n\n async hashPassword(password: string): Promise<string> {\n return bcrypt.hash(password, 12);\n }\n\n async createSession(\n userId: string,\n data?: { ipAddress?: string; userAgent?: string },\n ): Promise<Session> {\n const token = randomBytes(32).toString(\"base64url\");\n const refreshToken = randomBytes(32).toString(\"base64url\");\n const expiresAt = new Date(Date.now() + this.sessionTTL * 1000);\n const refreshExpiresAt = new Date(Date.now() + this.refreshTokenTTL * 1000);\n\n const [session] = await this.db\n .insert(sessions)\n .values({\n userId,\n token,\n refreshToken,\n ipAddress: data?.ipAddress,\n userAgent: data?.userAgent,\n expiresAt,\n })\n .returning();\n\n return this.sessionToSession(session);\n }\n\n async findSessionByToken(token: string): Promise<Session | null> {\n const [session] = await this.db\n .select()\n .from(sessions)\n .where(and(eq(sessions.token, token), gt(sessions.expiresAt, new Date())))\n .limit(1);\n\n return session ? this.sessionToSession(session) : null;\n }\n\n async deleteSession(sessionId: string): Promise<boolean> {\n await this.db.delete(sessions).where(eq(sessions.id, sessionId));\n return true;\n }\n\n async deleteUserSessions(userId: string): Promise<number> {\n const result = await this.db\n .delete(sessions)\n .where(eq(sessions.userId, userId));\n return 1;\n }\n\n async addPasswordToHistory(\n userId: string,\n passwordHash: string,\n ): Promise<void> {\n await this.db.insert(passwordHistory).values({\n userId,\n passwordHash,\n });\n }\n\n async getPasswordHistory(\n userId: string,\n count: number = 5,\n ): Promise<string[]> {\n const history = await this.db\n .select({ passwordHash: passwordHistory.passwordHash })\n .from(passwordHistory)\n .where(eq(passwordHistory.userId, userId))\n .orderBy(desc(passwordHistory.createdAt))\n .limit(count);\n\n return history.map((h) => h.passwordHash);\n }\n\n async isPasswordInHistory(\n password: string,\n userId: string,\n historyCount: number = 5,\n ): Promise<boolean> {\n const history = await this.getPasswordHistory(userId, historyCount);\n\n for (const hash of history) {\n if (await this.verifyPassword(password, hash)) {\n return true;\n }\n }\n\n return false;\n }\n\n async isLocked(userId: string): Promise<boolean> {\n const [lockout] = await this.db\n .select()\n .from(lockouts)\n .where(\n and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n )\n .limit(1);\n\n return !!lockout;\n }\n\n async getLockout(userId: string): Promise<{ lockedUntil: Date } | null> {\n const [lockout] = await this.db\n .select()\n .from(lockouts)\n .where(\n and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n )\n .limit(1);\n\n return lockout ? { lockedUntil: lockout.lockedUntil } : null;\n }\n\n async recordFailedAttempt(\n userId: string,\n ipAddress?: string,\n ): Promise<{ attempts: number; locked: boolean }> {\n const user = await this.findUserById(userId);\n const attempts = (user?.failedLoginAttempts || 0) + 1;\n\n await this.updateUser(userId, { failedLoginAttempts: attempts });\n\n const maxAttempts = 5;\n const locked = attempts >= maxAttempts;\n\n if (locked) {\n const lockoutDuration = 15 * 60 * 1000;\n await this.db.insert(lockouts).values({\n userId,\n ipAddress,\n reason: \"Too many failed login attempts\",\n lockedUntil: new Date(Date.now() + lockoutDuration),\n });\n }\n\n return { attempts, locked };\n }\n\n async resetAttempts(userId: string): Promise<void> {\n await this.updateUser(userId, { failedLoginAttempts: 0 });\n }\n\n private userToAuthUser(user: AuthUserRow): AuthUser {\n return {\n id: user.id,\n email: user.email,\n passwordHash: user.passwordHash || undefined,\n role: user.role as UserRole,\n tenantId: user.tenantId || undefined,\n emailVerified: user.emailVerified || false,\n locked: user.locked || false,\n lastLogin: user.lastLogin?.toISOString(),\n failedLoginAttempts: user.failedLoginAttempts || 0,\n createdAt: user.createdAt.toISOString(),\n updatedAt: user.updatedAt.toISOString(),\n };\n }\n\n private sessionToSession(session: typeof sessions.$inferSelect): Session {\n return {\n id: session.id,\n userId: session.userId,\n token: session.token,\n refreshToken: session.refreshToken || undefined,\n expiresAt: session.expiresAt.toISOString(),\n createdAt: session.createdAt.toISOString(),\n ipAddress: session.ipAddress || undefined,\n userAgent: session.userAgent || undefined,\n };\n }\n}\n"]}
|
package/dist/cli/index.cjs
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
'use strict';
|
|
3
3
|
|
|
4
|
-
require('../chunk-
|
|
4
|
+
require('../chunk-5BLDMQED.cjs');
|
|
5
5
|
var commander = require('commander');
|
|
6
6
|
var fs = require('fs');
|
|
7
7
|
var path = require('path');
|
|
@@ -354,9 +354,9 @@ authCommand.command("bootstrap").description("Create initial admin user").option
|
|
|
354
354
|
console.log(` Email: ${options.email}`);
|
|
355
355
|
console.log(` Role: ${options.role}`);
|
|
356
356
|
try {
|
|
357
|
-
const { bootstrapAdmin } = await import('../bootstrap-
|
|
358
|
-
const { PostgresAuthAdapter } = await import('../postgres-auth-adapter-
|
|
359
|
-
const { createDatabase } = await import('../database-
|
|
357
|
+
const { bootstrapAdmin } = await import('../bootstrap-X6TP3NKX.cjs');
|
|
358
|
+
const { PostgresAuthAdapter } = await import('../postgres-auth-adapter-VK6GY7LX.cjs');
|
|
359
|
+
const { createDatabase } = await import('../database-QOIV44GT.cjs');
|
|
360
360
|
const { client, db } = await createDatabase();
|
|
361
361
|
const adapter = new PostgresAuthAdapter({ db });
|
|
362
362
|
const result = await bootstrapAdmin({
|
|
@@ -380,7 +380,7 @@ authCommand.command("bootstrap").description("Create initial admin user").option
|
|
|
380
380
|
program.command("health").description("Check system health").action(async () => {
|
|
381
381
|
console.log("\u{1F3E5} System Health Check");
|
|
382
382
|
try {
|
|
383
|
-
const { createDatabase } = await import('../database-
|
|
383
|
+
const { createDatabase } = await import('../database-QOIV44GT.cjs');
|
|
384
384
|
const { client } = await createDatabase();
|
|
385
385
|
await client.unsafe("SELECT 1");
|
|
386
386
|
console.log(" \u2705 Database: Connected");
|