@kyro-cms/core 0.1.6 → 0.1.7

package/dist/{chunk-QUJ4OLSC.js → chunk-U74F3YZU.js}

@@ -1,5 +1,5 @@
-import { users, sessions, passwordHistory, lockouts } from './chunk-XTZSUDSI.js';
-import { eq, and, gt, desc } from 'drizzle-orm';
+import { users, sessions, passwordHistory, lockouts, auditLogs } from './chunk-LTRCYJAG.js';
+import { eq, and, gt, desc, sql } from 'drizzle-orm';
 import bcrypt from 'bcryptjs';
 import { randomBytes } from 'crypto';
 
@@ -15,9 +15,10 @@ var PostgresAuthAdapter = class {
     this.refreshTokenTTL = options.refreshTokenTTL || 604800;
   }
   async createUser(data) {
+    const passwordHash = await this.hashPassword(data.password);
     const [user] = await this.db.insert(users).values({
       email: data.email.toLowerCase(),
-      passwordHash: data.passwordHash,
+      passwordHash,
       role: data.role || "customer",
       tenantId: data.tenantId
     }).returning();
@@ -52,8 +53,13 @@ var PostgresAuthAdapter = class {
     await this.db.delete(users).where(eq(users.id, id));
     return true;
   }
-  async verifyPassword(password, hash) {
-    return bcrypt.compare(password, hash);
+  async verifyPassword(email, password) {
+    const user = await this.findUserByEmail(email);
+    if (!user) return null;
+    const [stored] = await this.db.select().from(users).where(eq(users.email, email.toLowerCase())).limit(1);
+    if (!stored?.passwordHash) return null;
+    const valid = await bcrypt.compare(password, stored.passwordHash);
+    return valid ? user : null;
   }
   async hashPassword(password) {
     return bcrypt.hash(password, 12);
@@ -136,6 +142,80 @@ var PostgresAuthAdapter = class {
   async resetAttempts(userId) {
     await this.updateUser(userId, { failedLoginAttempts: 0 });
   }
+  async findAuditLogs(filter) {
+    const {
+      limit = 50,
+      offset = 0,
+      userId,
+      action,
+      resource,
+      resourceId,
+      success,
+      startDate,
+      endDate
+    } = filter;
+    const conditions = [];
+    if (userId) conditions.push(eq(auditLogs.userId, userId));
+    if (action) {
+      if (Array.isArray(action)) {
+        conditions.push(sql`${auditLogs.action} = ANY(${action})`);
+      } else {
+        conditions.push(eq(auditLogs.action, action));
+      }
+    }
+    if (resource) conditions.push(eq(auditLogs.resource, resource));
+    if (resourceId) conditions.push(eq(auditLogs.resourceId, resourceId));
+    if (success !== void 0) conditions.push(eq(auditLogs.success, success));
+    if (startDate) conditions.push(sql`${auditLogs.timestamp} >= ${startDate}`);
+    if (endDate) conditions.push(sql`${auditLogs.timestamp} <= ${endDate}`);
+    const whereClause = conditions.length > 0 ? and(...conditions) : void 0;
+    const countResult = await this.db.select({ count: sql`count(*)` }).from(auditLogs).where(whereClause);
+    const logs = await this.db.select().from(auditLogs).where(whereClause).orderBy(desc(auditLogs.timestamp)).limit(limit).offset(offset);
+    return {
+      logs: logs.map((log) => ({
+        id: log.id,
+        timestamp: log.timestamp,
+        action: log.action,
+        userId: log.userId || void 0,
+        userEmail: log.userEmail || void 0,
+        role: log.role || void 0,
+        resource: log.resource,
+        resourceId: log.resourceId || void 0,
+        changes: log.changes || void 0,
+        ipAddress: log.ipAddress || void 0,
+        userAgent: log.userAgent || void 0,
+        success: log.success,
+        error: log.error || void 0,
+        metadata: log.metadata || void 0
+      })),
+      total: Number(countResult[0]?.count || 0)
+    };
+  }
+  async createAuditLog(data) {
+    const id = crypto.randomUUID();
+    const timestamp = /* @__PURE__ */ new Date();
+    await this.db.insert(auditLogs).values({
+      id,
+      action: data.action,
+      userId: data.userId,
+      userEmail: data.userEmail,
+      role: data.role,
+      resource: data.resource,
+      resourceId: data.resourceId,
+      changes: data.changes,
+      ipAddress: data.ipAddress,
+      userAgent: data.userAgent,
+      success: data.success,
+      error: data.error,
+      metadata: data.metadata,
+      timestamp
+    });
+    return {
+      ...data,
+      id,
+      timestamp
+    };
+  }
   userToAuthUser(user) {
     return {
       id: user.id,
@@ -166,5 +246,5 @@ var PostgresAuthAdapter = class {
 };
 
 export { PostgresAuthAdapter };
-//# sourceMappingURL=chunk-QUJ4OLSC.js.map
-//# sourceMappingURL=chunk-QUJ4OLSC.js.map
+//# sourceMappingURL=chunk-U74F3YZU.js.map
+//# sourceMappingURL=chunk-U74F3YZU.js.map

package/dist/chunk-U74F3YZU.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/database/drizzle/postgres-auth-adapter.ts"],"names":[],"mappings":";;;;;AA8BO,IAAM,sBAAN,MAAiD;AAAA,EAC9C,EAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EAER,YAAY,OAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,KAAK,OAAA,CAAQ,EAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,OAAA;AAChC,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,KAAA;AACxC,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAQ,eAAA,IAAmB,MAAA;AAAA,EACpD;AAAA,EAEA,MAAM,WAAW,IAAA,EAKK;AACpB,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,QAAQ,CAAA;AAC1D,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,CAAO,KAAK,CAAA,CACZ,MAAA,CAAO;AAAA,MACN,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,WAAA,EAAY;AAAA,MAC9B,YAAA;AAAA,MACA,IAAA,EAAO,KAAK,IAAA,IAAQ,UAAA;AAAA,MACpB,UAAU,IAAA,CAAK;AAAA,KAChB,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,eAAe,IAAI,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,gBAAgB,KAAA,EAAyC;AAC7D,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,GACA,IAAA,CAAK,KAAK,EACV,KAAA,CAAM,EAAA,CAAG,MAAM,KAAA,EAAO,KAAA,CAAM,aAAa,CAAC,CAAA,CAC1C,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,EAAA,EAAsC;AACvD,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,QAAO,CACP,IAAA,CAAK,KAAK,CAAA,CACV,KAAA,CAAM,GAAG,KAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAA,CACtB,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,CACJ,EAAA,EACA,IAAA,EAC0B;AAC1B,IAAA,MAAM,MAAA,GAAkC,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAChE,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,EAAW,MAAA,CAAO,QAAQ,IAAA,CAAK,KAAA;AAClD,IAAA,IAAI,KAAK,YAAA,KAAiB,MAAA;AACxB,MAAA,MAAA,CAAO,eAAe,IAAA,CAAK,YAAA;AAC7B,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,MAAA,EAAW,MAAA,CAAO,OAAO,IAAA,CAAK,IAAA;AAChD,IAAA,IAAI,IAAA,CAAK,QAAA,KAAa,MAAA,EAAW,MAAA,CAAO,WAAW,IAAA,CAAK,QAAA;AACxD,IAAA,IAAI,KAAK,aAAA,KAAkB,MAAA;AACzB,MAAA,MAAA,CAAO,gBAAgB,IAAA,CAAK,aAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,MAAA,EAAW,MAAA,CAAO,SAAS,IAAA,CAAK,MAAA;AACpD,IAAA,IAAI,KAAK,SAAA,KAAc,MAAA;AACrB,MAAA,MAAA,CAAO,YAAY,IAAA,CAAK,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA,GAAI,IAAA;AACjE,IAAA,IAAI,KAAK,mBAAA,KAAwB,MAAA;AAC/B,MAAA,MAAA,CAAO,sBAAsB,IAAA,CAAK,mBAAA;AAEpC,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,OAAO,KAAK,CAAA,CACZ,IAAI,MAAM,CAAA,CACV,MAAM,EAAA,CAAG,KAAA,CAAM,IAAI,EAAE,CAAC,EACtB,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,EAAA,EAA8B;AAC7C,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,KAAK,CAAA,CAAE,MAAM,EAAA,CAAG,KAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAA;AAClD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,cAAA,CACJ,KAAA,EACA,QAAA,EAC0B;AAC1B,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,eAAA,CAAgB,KAAK,CAAA;AAC7C,IAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAClB,IAAA,MAAM,CAAC,MAAM,CAAA,GAAI,MAAM,KAAK,EAAA,CACzB,MAAA,GACA,IAAA,CAAK,KAAK,EACV,KAAA,CAAM,EAAA,CAAG,MAAM,KAAA,EAAO,KAAA,CAAM,aAAa,CAAC,CAAA,CAC1C,KAAA,CAAM,CAAC,CAAA;AACV,IAAA,IAAI,CAAC,MAAA,EAAQ,YAAA,EAAc,OAAO,IAAA;AAClC,IAAA,MAAM,QAAQ,MAAM,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,OAAO,YAAY,CAAA;AAChE,IAAA,OAAO,QAAQ,IAAA,GAAO,IAAA;AAAA,EACxB;AAAA,EAEA,MAAM,aAAa,QAAA,EAAmC;AACpD,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,EAAE,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,aAAA,CACJ,MAAA,EACA,IAAA,EACkB;AAClB,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AAClD,IAAA,MAAM,YAAA,GAAe,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AACzD,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,aAAa,GAAI,CAAA;AAC9D,IAAyB,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,kBAAkB,GAAI;AAE1E,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,KAAK,EAAA,CAC1B,MAAA,CAAO,QAAQ,CAAA,CACf,MAAA,CAAO;AAAA,MACN,MAAA;AAAA,MACA,KAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB;AAAA,KACD,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,mBAAmB,KAAA,EAAwC;AAC/D,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,SAAA,kBAAW,IAAI,IAAA,EAAM,CAAC,CAAC,CAAA,CACxE,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA,GAAI,IAAA;AAAA,EACpD;AAAA,EAEA,MAAM,cAAc,SAAA,EAAqC;AACvD,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,QAAQ,CAAA,CAAE,MAAM,EAAA,CAAG,QAAA,CAAS,EAAA,EAAI,SAAS,CAAC,CAAA;AAC/D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAiC;AACxD,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,QAAQ,CAAA,CAAE,MAAM,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,CAAC,CAAA;AAChE,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,CACJ,MAAA,EACA,YAAA,EACe;AACf,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,eAAe,EAAE,MAAA,CAAO;AAAA,MAC3C,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,kBAAA,CACJ,MAAA,EACA,KAAA,GAAgB,CAAA,EACG;AACnB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,EAAA,CACxB,MAAA,CAAO,EAAE,YAAA,EAAc,eAAA,CAAgB,YAAA,EAAc,CAAA,CACrD,IAAA,CAAK,eAAe,CAAA,CACpB,KAAA,CAAM,EAAA,CAAG,eAAA,CAAgB,MAAA,EAAQ,MAAM,CAAC,CAAA,CACxC,OAAA,CAAQ,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAC,CAAA,CACvC,KAAA,CAAM,KAAK,CAAA;AAEd,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,YAAY,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,mBAAA,CACJ,QAAA,EACA,MAAA,EACA,eAAuB,CAAA,EACL;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,YAAY,CAAA;AAElE,IAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,MAAA,IAAI,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,EAAU,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,MAAA,EAAkC;AAC/C,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA;AAAA,MACC,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,CAAC,CAAC,OAAA;AAAA,EACX;AAAA,EAEA,MAAM,WAAW,MAAA,EAAuD;AACtE,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA;AAAA,MACC,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,EAAE,WAAA,EAAa,OAAA,CAAQ,aAAY,GAAI,IAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,mBAAA,CACJ,MAAA,EACA,SAAA,EACgD;AAChD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA;AAC3C,IAAA,MAAM,QAAA,GAAA,CAAY,IAAA,EAAM,mBAAA,IAAuB,CAAA,IAAK,CAAA;AAEpD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,UAAU,CAAA;AAE/D,IAAA,MAAM,WAAA,GAAc,CAAA;AACpB,IAAA,MAAM,SAAS,QAAA,IAAY,WAAA;AAE3B,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,MAAM,eAAA,GAAkB,KAAK,EAAA,GAAK,GAAA;AAClC,MAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,QAAQ,EAAE,MAAA,CAAO;AAAA,QACpC,MAAA;AAAA,QACA,SAAA;AAAA,QACA,MAAA,EAAQ,gCAAA;AAAA,QACR,aAAa,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,eAAe;AAAA,OACnD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,EAAE,UAAU,MAAA,EAAO;AAAA,EAC5B;AAAA,EAEA,MAAM,cAAc,MAAA,EAA+B;AACjD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,GAAG,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,cACJ,MAAA,EAC8C;AAC9C,IAAA,MAAM;AAAA,MACJ,KAAA,GAAQ,EAAA;AAAA,MACR,MAAA,GAAS,CAAA;AAAA,MACT,MAAA;AAAA,MACA,MAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA;AAAA,MACA,OAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF,GAAI,MAAA;AAEJ,IAAA,MAAM,aAAa,EAAC;AACpB,IAAA,IAAI,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,MAAA,EAAQ,MAAM,CAAC,CAAA;AACxD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,QAAA,UAAA,CAAW,KAAK,GAAA,CAAA,EAAM,SAAA,CAAU,MAAM,CAAA,OAAA,EAAU,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,MAC3D,CAAA,MAAO;AACL,QAAA,UAAA,CAAW,IAAA,CAAK,EAAA,CAAG,SAAA,CAAU,MAAA,EAAQ,MAAM,CAAC,CAAA;AAAA,MAC9C;AAAA,IACF;AACA,IAAA,IAAI,UAAU,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,QAAA,EAAU,QAAQ,CAAC,CAAA;AAC9D,IAAA,IAAI,YAAY,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,UAAA,EAAY,UAAU,CAAC,CAAA;AACpE,IAAA,IAAI,OAAA,KAAY,QAAW,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,OAAA,EAAS,OAAO,CAAC,CAAA;AACzE,IAAA,IAAI,SAAA,aAAsB,IAAA,CAAK,GAAA,CAAA,EAAM,UAAU,SAAS,CAAA,IAAA,EAAO,SAAS,CAAA,CAAE,CAAA;AAC1E,IAAA,IAAI,OAAA,aAAoB,IAAA,CAAK,GAAA,CAAA,EAAM,UAAU,SAAS,CAAA,IAAA,EAAO,OAAO,CAAA,CAAE,CAAA;AAEtE,IAAA,MAAM,cAAc,UAAA,CAAW,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,UAAU,CAAA,GAAI,MAAA;AAEjE,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,EAAA,CAC5B,OAAO,EAAE,KAAA,EAAO,GAAA,CAAA,QAAA,CAAA,EAAuB,CAAA,CACvC,IAAA,CAAK,SAAS,CAAA,CACd,MAAM,WAAW,CAAA;AAEpB,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,EAAA,CACrB,QAAO,CACP,IAAA,CAAK,SAAS,CAAA,CACd,KAAA,CAAM,WAAW,EACjB,OAAA,CAAQ,IAAA,CAAK,UAAU,SAAS,CAAC,EACjC,KAAA,CAAM,KAAK,CAAA,CACX,MAAA,CAAO,MAAM,CAAA;AAEhB,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,IAAA,CAAK,GAAA,CAAI,CAAC,GAAA,MAAS;AAAA,QACvB,IAAI,GAAA,CAAI,EAAA;AAAA,QACR,WAAW,GAAA,CAAI,SAAA;AAAA,QACf,QAAQ,GAAA,CAAI,MAAA;AAAA,QACZ,MAAA,EAAQ,IAAI,MAAA,IAAU,MAAA;AAAA,QACtB,SAAA,EAAW,IAAI,SAAA,IAAa,MAAA;AAAA,QAC5B,IAAA,EAAM,IAAI,IAAA,IAAQ,MAAA;AAAA,QAClB,UAAU,GAAA,CAAI,QAAA;AAAA,QACd,UAAA,EAAY,IAAI,UAAA,IAAc,MAAA;AAAA,QAC9B,OAAA,EAAS,IAAI,OAAA,IAAW,MAAA;AAAA,QACxB,SAAA,EAAW,IAAI,SAAA,IAAa,MAAA;AAAA,QAC5B,SAAA,EAAW,IAAI,SAAA,IAAa,MAAA;AAAA,QAC5B,SAAS,GAAA,CAAI,OAAA;AAAA,QACb,KAAA,EAAO,IAAI,KAAA,IAAS,MAAA;AAAA,QACpB,QAAA,EAAU,IAAI,QAAA,IAAY;AAAA,OAC5B,CAAE,CAAA;AAAA,MACF,OAAO,MAAA,CAAO,WAAA,CAAY,CAAC,CAAA,EAAG,SAAS,CAAC;AAAA,KAC1C;AAAA,EACF;AAAA,EAEA,MAAM,eACJ,IAAA,EACmB;AACnB,IAAA,MAAM,EAAA,GAAK,OAAO,UAAA,EAAW;AAC7B,IAAA,MAAM,SAAA,uBAAgB,IAAA,EAAK;AAE3B,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,SAAS,EAAE,MAAA,CAAO;AAAA,MACrC,EAAA;AAAA,MACA,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,UAAU,IAAA,CAAK,QAAA;AAAA,MACf;AAAA,KACD,CAAA;AAED,IAAA,OAAO;AAAA,MACL,GAAG,IAAA;AAAA,MACH,EAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEQ,eAAe,IAAA,EAA6B;AAClD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAA,EAAc,KAAK,YAAA,IAAgB,MAAA;AAAA,MACnC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAA,EAAU,KAAK,QAAA,IAAY,MAAA;AAAA,MAC3B,aAAA,EAAe,KAAK,aAAA,IAAiB,KAAA;AAAA,MACrC,MAAA,EAAQ,KAAK,MAAA,IAAU,KAAA;AAAA,MACvB,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,WAAA,EAAY;AAAA,MACvC,mBAAA,EAAqB,KAAK,mBAAA,IAAuB,CAAA;AAAA,MACjD,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,MACtC,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA;AAAY,KACxC;AAAA,EACF;AAAA,EAEQ,iBAAiB,OAAA,EAAgD;AACvE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,YAAA,EAAc,QAAQ,YAAA,IAAgB,MAAA;AAAA,MACtC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,QAAQ,SAAA,IAAa,MAAA;AAAA,MAChC,SAAA,EAAW,QAAQ,SAAA,IAAa;AAAA,KAClC;AAAA,EACF;AACF","file":"chunk-U74F3YZU.js","sourcesContent":["import type { PostgresJsDatabase } from \"drizzle-orm/postgres-js\";\nimport { eq, and, gt, desc, sql } from \"drizzle-orm\";\nimport bcrypt from \"bcryptjs\";\nimport { randomBytes } from \"crypto\";\nimport type {\n  AuthAdapter,\n  AuthUser,\n  Session,\n  UserRole,\n} from \"../../auth/types.js\";\nimport {\n  users,\n  sessions,\n  passwordHistory,\n  auditLogs,\n  lockouts,\n  type AuthUser as AuthUserRow,\n} from \"./schema/auth.js\";\nimport type {\n  AuditLog,\n  AuditLogFilter,\n} from \"../../auth/security/audit-log.js\";\n\nexport interface PostgresAuthAdapterOptions {\n  db: PostgresJsDatabase;\n  prefix?: string;\n  sessionTTL?: number;\n  refreshTokenTTL?: number;\n}\n\nexport class PostgresAuthAdapter implements AuthAdapter {\n  private db: PostgresJsDatabase;\n  private prefix: string;\n  private sessionTTL: number;\n  private refreshTokenTTL: number;\n\n  constructor(options: PostgresAuthAdapterOptions) {\n    this.db = options.db;\n    this.prefix = options.prefix || \"kyro:\";\n    this.sessionTTL = options.sessionTTL || 86400;\n    this.refreshTokenTTL = options.refreshTokenTTL || 604800;\n  }\n\n  async createUser(data: {\n    email: string;\n    password: string;\n    role?: UserRole;\n    tenantId?: string;\n  }): Promise<AuthUser> {\n    const passwordHash = await this.hashPassword(data.password);\n    const [user] = await this.db\n      .insert(users)\n      .values({\n        email: data.email.toLowerCase(),\n        passwordHash,\n        role: (data.role || \"customer\") as string,\n        tenantId: data.tenantId,\n      })\n      .returning();\n\n    return this.userToAuthUser(user);\n  }\n\n  async findUserByEmail(email: string): Promise<AuthUser | null> {\n    const [user] = await this.db\n      .select()\n      .from(users)\n      .where(eq(users.email, email.toLowerCase()))\n      .limit(1);\n\n    return user ? this.userToAuthUser(user) : null;\n  }\n\n  async findUserById(id: string): Promise<AuthUser | null> {\n    const [user] = await this.db\n      .select()\n      .from(users)\n      .where(eq(users.id, id))\n      .limit(1);\n\n    return user ? this.userToAuthUser(user) : null;\n  }\n\n  async updateUser(\n    id: string,\n    data: Partial<AuthUser>,\n  ): Promise<AuthUser | null> {\n    const dbData: Record<string, unknown> = { updatedAt: new Date() };\n    if (data.email !== undefined) dbData.email = data.email;\n    if (data.passwordHash !== undefined)\n      dbData.passwordHash = data.passwordHash;\n    if (data.role !== undefined) dbData.role = data.role;\n    if (data.tenantId !== undefined) dbData.tenantId = data.tenantId;\n    if (data.emailVerified !== undefined)\n      dbData.emailVerified = data.emailVerified;\n    if (data.locked !== undefined) dbData.locked = data.locked;\n    if (data.lastLogin !== undefined)\n      dbData.lastLogin = data.lastLogin ? new Date(data.lastLogin) : null;\n    if (data.failedLoginAttempts !== undefined)\n      dbData.failedLoginAttempts = data.failedLoginAttempts;\n\n    const [user] = await this.db\n      .update(users)\n      .set(dbData)\n      .where(eq(users.id, id))\n      .returning();\n\n    return user ? this.userToAuthUser(user) : null;\n  }\n\n  async deleteUser(id: string): Promise<boolean> {\n    await this.db.delete(users).where(eq(users.id, id));\n    return true;\n  }\n\n  async verifyPassword(\n    email: string,\n    password: string,\n  ): Promise<AuthUser | null> {\n    const user = await this.findUserByEmail(email);\n    if (!user) return null;\n    const [stored] = await this.db\n      .select()\n      .from(users)\n      .where(eq(users.email, email.toLowerCase()))\n      .limit(1);\n    if (!stored?.passwordHash) return null;\n    const valid = await bcrypt.compare(password, stored.passwordHash);\n    return valid ? user : null;\n  }\n\n  async hashPassword(password: string): Promise<string> {\n    return bcrypt.hash(password, 12);\n  }\n\n  async createSession(\n    userId: string,\n    data?: { ipAddress?: string; userAgent?: string },\n  ): Promise<Session> {\n    const token = randomBytes(32).toString(\"base64url\");\n    const refreshToken = randomBytes(32).toString(\"base64url\");\n    const expiresAt = new Date(Date.now() + this.sessionTTL * 1000);\n    const refreshExpiresAt = new Date(Date.now() + this.refreshTokenTTL * 1000);\n\n    const [session] = await this.db\n      .insert(sessions)\n      .values({\n        userId,\n        token,\n        refreshToken,\n        ipAddress: data?.ipAddress,\n        userAgent: data?.userAgent,\n        expiresAt,\n      })\n      .returning();\n\n    return this.sessionToSession(session);\n  }\n\n  async findSessionByToken(token: string): Promise<Session | null> {\n    const [session] = await this.db\n      .select()\n      .from(sessions)\n      .where(and(eq(sessions.token, token), gt(sessions.expiresAt, new Date())))\n      .limit(1);\n\n    return session ? this.sessionToSession(session) : null;\n  }\n\n  async deleteSession(sessionId: string): Promise<boolean> {\n    await this.db.delete(sessions).where(eq(sessions.id, sessionId));\n    return true;\n  }\n\n  async deleteUserSessions(userId: string): Promise<number> {\n    await this.db.delete(sessions).where(eq(sessions.userId, userId));\n    return 1;\n  }\n\n  async addPasswordToHistory(\n    userId: string,\n    passwordHash: string,\n  ): Promise<void> {\n    await this.db.insert(passwordHistory).values({\n      userId,\n      passwordHash,\n    });\n  }\n\n  async getPasswordHistory(\n    userId: string,\n    count: number = 5,\n  ): Promise<string[]> {\n    const history = await this.db\n      .select({ passwordHash: passwordHistory.passwordHash })\n      .from(passwordHistory)\n      .where(eq(passwordHistory.userId, userId))\n      .orderBy(desc(passwordHistory.createdAt))\n      .limit(count);\n\n    return history.map((h) => h.passwordHash);\n  }\n\n  async isPasswordInHistory(\n    password: string,\n    userId: string,\n    historyCount: number = 5,\n  ): Promise<boolean> {\n    const history = await this.getPasswordHistory(userId, historyCount);\n\n    for (const hash of history) {\n      if (await this.verifyPassword(password, hash)) {\n        return true;\n      }\n    }\n\n    return false;\n  }\n\n  async isLocked(userId: string): Promise<boolean> {\n    const [lockout] = await this.db\n      .select()\n      .from(lockouts)\n      .where(\n        and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n      )\n      .limit(1);\n\n    return !!lockout;\n  }\n\n  async getLockout(userId: string): Promise<{ lockedUntil: Date } | null> {\n    const [lockout] = await this.db\n      .select()\n      .from(lockouts)\n      .where(\n        and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n      )\n      .limit(1);\n\n    return lockout ? { lockedUntil: lockout.lockedUntil } : null;\n  }\n\n  async recordFailedAttempt(\n    userId: string,\n    ipAddress?: string,\n  ): Promise<{ attempts: number; locked: boolean }> {\n    const user = await this.findUserById(userId);\n    const attempts = (user?.failedLoginAttempts || 0) + 1;\n\n    await this.updateUser(userId, { failedLoginAttempts: attempts });\n\n    const maxAttempts = 5;\n    const locked = attempts >= maxAttempts;\n\n    if (locked) {\n      const lockoutDuration = 15 * 60 * 1000;\n      await this.db.insert(lockouts).values({\n        userId,\n        ipAddress,\n        reason: \"Too many failed login attempts\",\n        lockedUntil: new Date(Date.now() + lockoutDuration),\n      });\n    }\n\n    return { attempts, locked };\n  }\n\n  async resetAttempts(userId: string): Promise<void> {\n    await this.updateUser(userId, { failedLoginAttempts: 0 });\n  }\n\n  async findAuditLogs(\n    filter: AuditLogFilter,\n  ): Promise<{ logs: AuditLog[]; total: number }> {\n    const {\n      limit = 50,\n      offset = 0,\n      userId,\n      action,\n      resource,\n      resourceId,\n      success,\n      startDate,\n      endDate,\n    } = filter;\n\n    const conditions = [];\n    if (userId) conditions.push(eq(auditLogs.userId, userId));\n    if (action) {\n      if (Array.isArray(action)) {\n        conditions.push(sql`${auditLogs.action} = ANY(${action})`);\n      } else {\n        conditions.push(eq(auditLogs.action, action));\n      }\n    }\n    if (resource) conditions.push(eq(auditLogs.resource, resource));\n    if (resourceId) conditions.push(eq(auditLogs.resourceId, resourceId));\n    if (success !== undefined) conditions.push(eq(auditLogs.success, success));\n    if (startDate) conditions.push(sql`${auditLogs.timestamp} >= ${startDate}`);\n    if (endDate) conditions.push(sql`${auditLogs.timestamp} <= ${endDate}`);\n\n    const whereClause = conditions.length > 0 ? and(...conditions) : undefined;\n\n    const countResult = await this.db\n      .select({ count: sql<number>`count(*)` })\n      .from(auditLogs)\n      .where(whereClause);\n\n    const logs = await this.db\n      .select()\n      .from(auditLogs)\n      .where(whereClause)\n      .orderBy(desc(auditLogs.timestamp))\n      .limit(limit)\n      .offset(offset);\n\n    return {\n      logs: logs.map((log) => ({\n        id: log.id,\n        timestamp: log.timestamp,\n        action: log.action as AuditLog[\"action\"],\n        userId: log.userId || undefined,\n        userEmail: log.userEmail || undefined,\n        role: log.role || undefined,\n        resource: log.resource,\n        resourceId: log.resourceId || undefined,\n        changes: log.changes || undefined,\n        ipAddress: log.ipAddress || undefined,\n        userAgent: log.userAgent || undefined,\n        success: log.success,\n        error: log.error || undefined,\n        metadata: log.metadata || undefined,\n      })),\n      total: Number(countResult[0]?.count || 0),\n    };\n  }\n\n  async createAuditLog(\n    data: Omit<AuditLog, \"id\" | \"timestamp\">,\n  ): Promise<AuditLog> {\n    const id = crypto.randomUUID();\n    const timestamp = new Date();\n\n    await this.db.insert(auditLogs).values({\n      id,\n      action: data.action,\n      userId: data.userId,\n      userEmail: data.userEmail,\n      role: data.role,\n      resource: data.resource,\n      resourceId: data.resourceId,\n      changes: data.changes,\n      ipAddress: data.ipAddress,\n      userAgent: data.userAgent,\n      success: data.success,\n      error: data.error,\n      metadata: data.metadata,\n      timestamp,\n    });\n\n    return {\n      ...data,\n      id,\n      timestamp,\n    };\n  }\n\n  private userToAuthUser(user: AuthUserRow): AuthUser {\n    return {\n      id: user.id,\n      email: user.email,\n      passwordHash: user.passwordHash || undefined,\n      role: user.role as UserRole,\n      tenantId: user.tenantId || undefined,\n      emailVerified: user.emailVerified || false,\n      locked: user.locked || false,\n      lastLogin: user.lastLogin?.toISOString(),\n      failedLoginAttempts: user.failedLoginAttempts || 0,\n      createdAt: user.createdAt.toISOString(),\n      updatedAt: user.updatedAt.toISOString(),\n    };\n  }\n\n  private sessionToSession(session: typeof sessions.$inferSelect): Session {\n    return {\n      id: session.id,\n      userId: session.userId,\n      token: session.token,\n      refreshToken: session.refreshToken || undefined,\n      expiresAt: session.expiresAt.toISOString(),\n      createdAt: session.createdAt.toISOString(),\n      ipAddress: session.ipAddress || undefined,\n      userAgent: session.userAgent || undefined,\n    };\n  }\n}\n"]}

package/dist/chunk-VIONYQ2K.cjs

@@ -0,0 +1,517 @@
+'use strict';
+
+var crypto = require('crypto');
+
+// src/access/types.ts
+async function evaluateAccess(access, args) {
+  if (typeof access === "boolean") {
+    return access;
+  }
+  if (typeof access === "function") {
+    return await access(args);
+  }
+  return true;
+}
+function mergeWhereClauses(...whereClauses) {
+  const result = {};
+  for (const clause of whereClauses) {
+    if (clause && typeof clause === "object") {
+      Object.assign(result, clause);
+    }
+  }
+  return result;
+}
+function getWhereClause(access, args) {
+  return evaluateAccess(access, args).then((result) => {
+    if (result === true) return void 0;
+    if (result === false) return { _id: { $eq: null } };
+    return result;
+  });
+}
+
+// src/webhooks/types.ts
+var WEBHOOK_EVENTS = {
+  COLLECTION_CREATE: "collection.create",
+  COLLECTION_UPDATE: "collection.update",
+  COLLECTION_DELETE: "collection.delete",
+  MEDIA_UPLOAD: "media.upload",
+  MEDIA_DELETE: "media.delete",
+  AUTH_LOGIN: "auth.login",
+  AUTH_REGISTER: "auth.register",
+  AUTH_LOGOUT: "auth.logout",
+  ORDER_CREATED: "order.created",
+  ORDER_PAID: "order.paid",
+  ORDER_SHIPPED: "order.shipped",
+  ORDER_DELIVERED: "order.delivered"
+};
+var ALL_WEBHOOK_EVENTS = Object.values(WEBHOOK_EVENTS);
+var WEBHOOK_COLLECTION = "_webhooks";
+var WEBHOOK_DELIVERY_COLLECTION = "_webhook_deliveries";
+function signPayload(payload, secret) {
+  return `sha256=${crypto.createHmac("sha256", secret).update(payload).digest("hex")}`;
+}
+function generateWebhookSecret() {
+  return crypto.randomBytes(32).toString("hex");
+}
+async function deliverWebhook(webhook, payload, options = {}) {
+  const timeout = options.timeout || 3e4;
+  const startTime = Date.now();
+  const body = JSON.stringify(payload);
+  const headers = {
+    "Content-Type": "application/json",
+    "User-Agent": "Kyro-CMS-Webhook/1.0",
+    "X-Webhook-Event": payload.event,
+    "X-Webhook-Delivery": payload.id,
+    "X-Webhook-Timestamp": payload.timestamp,
+    ...webhook.headers || {}
+  };
+  if (webhook.secret) {
+    const signature = signPayload(body, webhook.secret);
+    headers["X-Webhook-Signature"] = signature;
+  }
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), timeout);
+  try {
+    const response = await fetch(webhook.url, {
+      method: "POST",
+      headers,
+      body,
+      signal: controller.signal
+    });
+    clearTimeout(timeoutId);
+    const duration = Date.now() - startTime;
+    let responseBody;
+    try {
+      const text = await response.text();
+      responseBody = text.slice(0, 1e3);
+    } catch {
+    }
+    const result = {
+      success: response.ok,
+      status: response.status,
+      statusText: response.statusText,
+      body: responseBody,
+      duration
+    };
+    if (result.success && options.onSuccess) {
+      options.onSuccess(result);
+    } else if (!result.success && options.onFailure) {
+      options.onFailure(`HTTP ${response.status}: ${response.statusText}`);
+    }
+    return result;
+  } catch (error) {
+    clearTimeout(timeoutId);
+    const duration = Date.now() - startTime;
+    const errorMessage = error.name === "AbortError" ? `Request timed out after ${timeout}ms` : error.message || "Unknown error";
+    if (options.onFailure) {
+      options.onFailure(errorMessage);
+    }
+    return {
+      success: false,
+      status: 0,
+      duration,
+      error: errorMessage
+    };
+  }
+}
+async function deliverWithRetry(webhook, payload, deliveryId, options = {}) {
+  const maxRetries = options.maxRetries ?? 5;
+  const baseDelay = options.retryDelay ?? 1e3;
+  let lastResult = null;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    if (attempt > 0) {
+      const delay = Math.min(baseDelay * Math.pow(2, attempt - 1), 3e4);
+      if (options.onRetry) {
+        options.onRetry(attempt, `Retrying in ${delay}ms...`);
+      }
+      await sleep(delay);
+    }
+    if (options.onRetry && attempt > 0) {
+      options.onRetry(attempt, `Attempt ${attempt + 1}/${maxRetries + 1}`);
+    }
+    lastResult = await deliverWebhook(webhook, payload, {
+      ...options,
+      onRetry: void 0,
+      onSuccess: void 0,
+      onFailure: void 0
+    });
+    if (lastResult.success) {
+      return lastResult;
+    }
+    if (lastResult.error?.includes("timed out") && attempt < maxRetries) {
+      continue;
+    }
+    if (lastResult.status >= 400 && lastResult.status < 500) {
+      return lastResult;
+    }
+  }
+  return lastResult || {
+    success: false,
+    status: 0,
+    duration: 0,
+    error: "All delivery attempts failed"
+  };
+}
+function buildDeliveryRecord(deliveryId, webhookId, event, payload, attempt, result) {
+  return {
+    id: deliveryId,
+    webhookId,
+    event,
+    payload,
+    attempt,
+    status: result.success ? "success" : "failed",
+    responseStatus: result.status || void 0,
+    responseBody: result.body,
+    duration: result.duration,
+    error: result.error,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    deliveredAt: result.success ? (/* @__PURE__ */ new Date()).toISOString() : void 0
+  };
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function createTestPayload() {
+  return {
+    id: `test_${Date.now()}`,
+    event: "collection.create",
+    timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+    collection: "test",
+    operation: "create",
+    data: { message: "This is a test webhook delivery" },
+    user: { id: "system", email: "system@kyro.dev", role: "super_admin" }
+  };
+}
+var WebhookService = class {
+  db;
+  constructor(db) {
+    this.db = db;
+  }
+  async getWebhooks(filters) {
+    const result = await this.db.find({
+      collection: WEBHOOK_COLLECTION,
+      where: filters?.status ? { status: { equals: filters.status } } : {},
+      limit: 100,
+      page: 1
+    });
+    const webhooks = result.docs;
+    if (filters?.event) {
+      return webhooks.filter(
+        (w) => w.events.includes(filters.event)
+      );
+    }
+    return webhooks;
+  }
+  async getWebhookById(id) {
+    return this.db.findByID({
+      collection: WEBHOOK_COLLECTION,
+      id
+    });
+  }
+  async createWebhook(data) {
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    const secret = data.secret || generateWebhookSecret();
+    const webhook = {
+      id: crypto.randomUUID(),
+      name: data.name,
+      url: data.url,
+      events: data.events,
+      status: data.status || "active",
+      secret,
+      headers: data.headers || {},
+      createdAt: now,
+      updatedAt: now
+    };
+    await this.db.create({
+      collection: WEBHOOK_COLLECTION,
+      data: webhook
+    });
+    return webhook;
+  }
+  async updateWebhook(id, data) {
+    const existing = await this.getWebhookById(id);
+    if (!existing) return null;
+    const updated = {
+      ...existing,
+      ...data,
+      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if (data.secret === "" && "secret" in data) {
+      delete updated.secret;
+    }
+    await this.db.update({
+      collection: WEBHOOK_COLLECTION,
+      id,
+      data: updated
+    });
+    return updated;
+  }
+  async deleteWebhook(id) {
+    await this.db.delete({
+      collection: WEBHOOK_COLLECTION,
+      id
+    });
+  }
+  async trigger(event, payloadData) {
+    const webhooks = await this.getWebhooks();
+    const activeWebhooks = webhooks.filter((w) => w.status === "active");
+    const matchingWebhooks = activeWebhooks.filter(
+      (w) => w.events.includes(event)
+    );
+    if (matchingWebhooks.length === 0) {
+      return [];
+    }
+    const payload = {
+      id: `wh_${Date.now()}_${crypto.randomUUID().slice(0, 8)}`,
+      event,
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      ...payloadData
+    };
+    const results = [];
+    for (const webhook of matchingWebhooks) {
+      const result = await this.triggerWebhook(webhook, payload);
+      results.push(result);
+    }
+    return results;
+  }
+  async triggerWebhook(webhook, payload) {
+    const deliveryId = `dlv_${Date.now()}_${crypto.randomUUID().slice(0, 8)}`;
+    try {
+      const result = await deliverWithRetry(webhook, payload, deliveryId, {
+        maxRetries: 5,
+        retryDelay: 1e3
+      });
+      const deliveryRecord = buildDeliveryRecord(
+        deliveryId,
+        webhook.id,
+        webhook.events[0],
+        payload,
+        1,
+        result
+      );
+      try {
+        await this.db.create({
+          collection: WEBHOOK_DELIVERY_COLLECTION,
+          data: deliveryRecord
+        });
+      } catch {
+        console.warn(
+          "[WebhookService] Failed to save delivery record:",
+          deliveryId
+        );
+      }
+      if (!result.success) {
+        await this.updateWebhook(webhook.id, {
+          status: "error",
+          lastError: result.error
+        }).catch(() => {
+        });
+      } else {
+        await this.updateWebhook(webhook.id, {
+          status: "active",
+          lastTriggered: (/* @__PURE__ */ new Date()).toISOString()
+        }).catch(() => {
+        });
+      }
+      return {
+        deliveryId,
+        webhookId: webhook.id,
+        event: webhook.events[0],
+        status: result.success ? "success" : "failed",
+        responseStatus: result.status,
+        duration: result.duration,
+        error: result.error
+      };
+    } catch (error) {
+      return {
+        deliveryId,
+        webhookId: webhook.id,
+        event: webhook.events[0],
+        status: "failed",
+        error: error.message
+      };
+    }
+  }
+  async testWebhook(webhookId) {
+    const webhook = await this.getWebhookById(webhookId);
+    if (!webhook) return null;
+    const payload = {
+      id: `test_${Date.now()}`,
+      event: webhook.events[0] || "collection.create",
+      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+      collection: "test",
+      operation: "create",
+      data: { message: "This is a test webhook delivery from Kyro CMS" },
+      user: {
+        id: "system",
+        email: "system@kyro.dev",
+        role: "super_admin"
+      }
+    };
+    return this.triggerWebhook(webhook, payload);
+  }
+  async getDeliveryHistory(webhookId, limit = 50) {
+    const result = await this.db.find({
+      collection: WEBHOOK_DELIVERY_COLLECTION,
+      where: { webhookId: { equals: webhookId } },
+      sort: "-createdAt",
+      limit,
+      page: 1
+    });
+    return result.docs;
+  }
+  async retryDelivery(deliveryId) {
+    const delivery = await this.db.findByID({
+      collection: WEBHOOK_DELIVERY_COLLECTION,
+      id: deliveryId
+    });
+    if (!delivery) return null;
+    const webhook = await this.getWebhookById(delivery.webhookId);
+    if (!webhook) return null;
+    return this.triggerWebhook(webhook, delivery.payload);
+  }
+};
+function createWebhookService(db) {
+  return new WebhookService(db);
+}
+var API_KEY_COLLECTION = "_api_keys";
+function generateKeyPrefix(key) {
+  return key.substring(0, 8);
+}
+function constantTimeCompare(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  try {
+    return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b));
+  } catch {
+    return false;
+  }
+}
+async function validateApiKey(rawKey, db, userLookup) {
+  if (!rawKey || typeof rawKey !== "string") {
+    return { valid: false, error: "No API key provided" };
+  }
+  if (!rawKey.startsWith("kyro_")) {
+    return { valid: false, error: "Invalid API key format" };
+  }
+  const keyPrefix = generateKeyPrefix(rawKey);
+  try {
+    const result = await db.find({
+      collection: API_KEY_COLLECTION,
+      where: { keyPrefix: { equals: keyPrefix } },
+      limit: 100,
+      page: 1
+    });
+    if (!result.docs || result.docs.length === 0) {
+      return { valid: false, error: "Invalid API key" };
+    }
+    let matchedKey = null;
+    for (const doc of result.docs) {
+      const record = doc;
+      if (constantTimeCompare(record.key, rawKey)) {
+        matchedKey = record;
+        break;
+      }
+    }
+    if (!matchedKey) {
+      return { valid: false, error: "Invalid API key" };
+    }
+    if (matchedKey.expiresAt) {
+      const expiresAt = new Date(matchedKey.expiresAt);
+      if (expiresAt < /* @__PURE__ */ new Date()) {
+        return { valid: false, error: "API key has expired" };
+      }
+    }
+    try {
+      await db.update({
+        collection: API_KEY_COLLECTION,
+        id: matchedKey.id,
+        data: { lastUsedAt: (/* @__PURE__ */ new Date()).toISOString() }
+      });
+    } catch {
+    }
+    const user = {
+      id: matchedKey.userId,
+      role: matchedKey.role || "author",
+      tenantId: matchedKey.tenantId
+    };
+    if (userLookup) {
+      const dbUser = await userLookup(matchedKey.userId);
+      if (dbUser) {
+        Object.assign(user, dbUser);
+      }
+    }
+    return {
+      valid: true,
+      userId: matchedKey.userId,
+      user,
+      permissions: matchedKey.permissions || [],
+      apiKeyId: matchedKey.id,
+      tenantId: user.tenantId,
+      role: user.role
+    };
+  } catch (error) {
+    console.error("[ApiKey] Validation error:", error);
+    return { valid: false, error: "Failed to validate API key" };
+  }
+}
+function extractApiKeyFromRequest(request) {
+  const authHeader = request.headers.get("Authorization");
+  if (authHeader) {
+    if (authHeader.startsWith("ApiKey ")) {
+      return authHeader.slice(7).trim();
+    }
+    if (authHeader.startsWith("Bearer ")) {
+      return null;
+    }
+  }
+  const xApiKey = request.headers.get("X-API-Key");
+  if (xApiKey) {
+    return xApiKey.trim();
+  }
+  return null;
+}
+function createApiKeyContext(result) {
+  if (!result.valid || !result.userId) {
+    return null;
+  }
+  return {
+    userId: result.userId,
+    user: result.user || {},
+    permissions: result.permissions || [],
+    apiKeyId: result.apiKeyId || "",
+    tenantId: result.tenantId,
+    role: result.role
+  };
+}
+function hasApiKeyPermission(permissions, required) {
+  if (permissions.length === 0) return false;
+  if (permissions.includes("*")) return true;
+  if (permissions.includes(required)) return true;
+  const [resource, action] = required.split(":");
+  if (permissions.includes(`${resource}:*`)) return true;
+  return false;
+}
+
+exports.ALL_WEBHOOK_EVENTS = ALL_WEBHOOK_EVENTS;
+exports.WEBHOOK_COLLECTION = WEBHOOK_COLLECTION;
+exports.WEBHOOK_DELIVERY_COLLECTION = WEBHOOK_DELIVERY_COLLECTION;
+exports.WEBHOOK_EVENTS = WEBHOOK_EVENTS;
+exports.WebhookService = WebhookService;
+exports.buildDeliveryRecord = buildDeliveryRecord;
+exports.createApiKeyContext = createApiKeyContext;
+exports.createTestPayload = createTestPayload;
+exports.createWebhookService = createWebhookService;
+exports.deliverWebhook = deliverWebhook;
+exports.deliverWithRetry = deliverWithRetry;
+exports.evaluateAccess = evaluateAccess;
+exports.extractApiKeyFromRequest = extractApiKeyFromRequest;
+exports.generateWebhookSecret = generateWebhookSecret;
+exports.getWhereClause = getWhereClause;
+exports.hasApiKeyPermission = hasApiKeyPermission;
+exports.mergeWhereClauses = mergeWhereClauses;
+exports.signPayload = signPayload;
+exports.validateApiKey = validateApiKey;
+//# sourceMappingURL=chunk-VIONYQ2K.cjs.map
+//# sourceMappingURL=chunk-VIONYQ2K.cjs.map