@kyro-cms/core 0.3.2 → 0.3.5

package/dist/chunk-BQ2T4WRS.js

@@ -0,0 +1,140 @@
+import { SQLiteAuthAdapter, PasswordPolicy, EmailTransport } from './chunk-RYDGMBIG.js';
+
+// src/auth/bootstrap.ts
+async function bootstrapAdmin(config) {
+  const {
+    adminEmail,
+    adminPassword,
+    adminRole = "super_admin",
+    tenantId,
+    emailConfig,
+    sendWelcomeEmail = false
+  } = config;
+  const authAdapter = config.authAdapter || new SQLiteAuthAdapter({
+    path: config.authDbPath || "./data/auth.db"
+  });
+  try {
+    await authAdapter.connect?.();
+  } catch (error) {
+    return {
+      success: false,
+      error: "Failed to connect to auth storage"
+    };
+  }
+  const passwordPolicy = new PasswordPolicy();
+  const passwordValidation = passwordPolicy.validate(adminPassword);
+  if (!passwordValidation.valid) {
+    await authAdapter.disconnect?.();
+    return {
+      success: false,
+      error: `Invalid password: ${passwordValidation.errors.join(", ")}`
+    };
+  }
+  const existingUser = await authAdapter.findUserByEmail(adminEmail);
+  if (existingUser) {
+    await authAdapter.disconnect?.();
+    return {
+      success: false,
+      error: "Admin user already exists"
+    };
+  }
+  try {
+    const user = await authAdapter.createUser({
+      email: adminEmail,
+      password: adminPassword,
+      role: adminRole || "admin",
+      tenantId
+    });
+    if (sendWelcomeEmail && emailConfig) {
+      const emailTransport = new EmailTransport(emailConfig);
+      const templates = emailTransport.getTemplates();
+      const welcomeTemplate = templates.welcome(adminEmail.split("@")[0]);
+      await emailTransport.send({
+        to: adminEmail,
+        ...welcomeTemplate
+      });
+    }
+    await authAdapter.disconnect?.();
+    return {
+      success: true,
+      user
+    };
+  } catch (error) {
+    await authAdapter.disconnect?.();
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : "Failed to create admin user"
+    };
+  }
+}
+async function checkBootstrapRequired(authAdapter, adminEmail) {
+  const existingUser = await authAdapter.findUserByEmail(adminEmail);
+  return !existingUser;
+}
+function getBootstrapFromEnv() {
+  const email = process.env.KYRO_ADMIN_EMAIL;
+  const password = process.env.KYRO_ADMIN_PASSWORD;
+  if (!email || !password) {
+    return null;
+  }
+  return {
+    authDbPath: process.env.KYRO_AUTH_DB_PATH || "./data/auth.db",
+    adminEmail: email,
+    adminPassword: password,
+    adminRole: process.env.KYRO_ADMIN_ROLE || "super_admin",
+    tenantId: process.env.KYRO_ADMIN_TENANT_ID,
+    emailConfig: process.env.SMTP_HOST ? {
+      provider: "smtp",
+      smtp: {
+        host: process.env.SMTP_HOST,
+        port: parseInt(process.env.SMTP_PORT || "587", 10),
+        secure: process.env.SMTP_SECURE === "true",
+        auth: {
+          user: process.env.SMTP_USER || "",
+          pass: process.env.SMTP_PASS || ""
+        }
+      },
+      from: process.env.SMTP_FROM || "noreply@example.com",
+      fromName: process.env.SMTP_FROM_NAME
+    } : void 0,
+    sendWelcomeEmail: process.env.KYRO_ADMIN_SEND_WELCOME === "true"
+  };
+}
+async function autoBootstrap() {
+  const config = getBootstrapFromEnv();
+  if (!config) {
+    return null;
+  }
+  console.log("Auto-bootstrapping admin user...");
+  const result = await bootstrapAdmin(config);
+  if (result.success) {
+    console.log(`Admin user created: ${config.adminEmail}`);
+  } else {
+    console.error(`Bootstrap failed: ${result.error}`);
+  }
+  return result;
+}
+async function bootstrapWithRetry(config, maxRetries = 3, retryDelayMs = 2e3) {
+  let lastError = "";
+  for (let i = 0; i < maxRetries; i++) {
+    const result = await bootstrapAdmin(config);
+    if (result.success) {
+      return result;
+    }
+    lastError = result.error || "Unknown error";
+    if (lastError.includes("already exists")) {
+      return result;
+    }
+    if (i < maxRetries - 1) {
+      await new Promise((resolve) => setTimeout(resolve, retryDelayMs));
+    }
+  }
+  return {
+    success: false,
+    error: `Failed after ${maxRetries} retries: ${lastError}`
+  };
+}
+
+export { autoBootstrap, bootstrapAdmin, bootstrapWithRetry, checkBootstrapRequired, getBootstrapFromEnv };
+//# sourceMappingURL=chunk-BQ2T4WRS.js.map
+//# sourceMappingURL=chunk-BQ2T4WRS.js.map

package/dist/chunk-BQ2T4WRS.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/auth/bootstrap.ts"],"names":[],"mappings":";;;AAsBA,eAAsB,eACpB,MAAA,EAC0B;AAC1B,EAAA,MAAM;AAAA,IACJ,UAAA;AAAA,IACA,aAAA;AAAA,IACA,SAAA,GAAY,aAAA;AAAA,IACZ,QAAA;AAAA,IACA,WAAA;AAAA,IACA,gBAAA,GAAmB;AAAA,GACrB,GAAI,MAAA;AAEJ,EAAA,MAAM,WAAA,GACJ,MAAA,CAAO,WAAA,IACP,IAAI,iBAAA,CAAkB;AAAA,IACpB,IAAA,EAAM,OAAO,UAAA,IAAc;AAAA,GAC5B,CAAA;AAEH,EAAA,IAAI;AACF,IAAA,MAAM,YAAY,OAAA,IAAU;AAAA,EAC9B,SAAS,KAAA,EAAO;AACd,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,EAAe;AAC1C,EAAA,MAAM,kBAAA,GAAqB,cAAA,CAAe,QAAA,CAAS,aAAa,CAAA;AAChE,EAAA,IAAI,CAAC,mBAAmB,KAAA,EAAO;AAC7B,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,OAAO,CAAA,kBAAA,EAAqB,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA;AAAA,KAClE;AAAA,EACF;AAEA,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EAAO;AAAA,KACT;AAAA,EACF;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,IAAA,GAAO,MAAM,WAAA,CAAY,UAAA,CAAW;AAAA,MACxC,KAAA,EAAO,UAAA;AAAA,MACP,QAAA,EAAU,aAAA;AAAA,MACV,MAAO,SAAA,IAA0B,OAAA;AAAA,MACjC;AAAA,KACD,CAAA;AAED,IAAA,IAAI,oBAAoB,WAAA,EAAa;AACnC,MAAA,MAAM,cAAA,GAAiB,IAAI,cAAA,CAAe,WAAW,CAAA;AACrD,MAAA,MAAM,SAAA,GAAY,eAAe,YAAA,EAAa;AAC9C,MAAA,MAAM,eAAA,GAAkB,UAAU,OAAA,CAAQ,UAAA,CAAW,MAAM,GAAG,CAAA,CAAE,CAAC,CAAC,CAAA;AAClE,MAAA,MAAM,eAAe,IAAA,CAAK;AAAA,QACxB,EAAA,EAAI,UAAA;AAAA,QACJ,GAAG;AAAA,OACJ,CAAA;AAAA,IACH;AAEA,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,IAAA;AAAA,MACT;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,YAAY,UAAA,IAAa;AAC/B,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,KAAA;AAAA,MACT,KAAA,EACE,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KAC7C;AAAA,EACF;AACF;AAEA,eAAsB,sBAAA,CACpB,aACA,UAAA,EACkB;AAClB,EAAA,MAAM,YAAA,GAAe,MAAM,WAAA,CAAY,eAAA,CAAgB,UAAU,CAAA;AACjE,EAAA,OAAO,CAAC,YAAA;AACV;AAEO,SAAS,mBAAA,GAA8C;AAC5D,EAAA,MAAM,KAAA,GAAQ,QAAQ,GAAA,CAAI,gBAAA;AAC1B,EAAA,MAAM,QAAA,GAAW,QAAQ,GAAA,CAAI,mBAAA;AAE7B,EAAA,IAAI,CAAC,KAAA,IAAS,CAAC,QAAA,EAAU;AACvB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,OAAA,CAAQ,GAAA,CAAI,iBAAA,IAAqB,gBAAA;AAAA,IAC7C,UAAA,EAAY,KAAA;AAAA,IACZ,aAAA,EAAe,QAAA;AAAA,IACf,SAAA,EAAW,OAAA,CAAQ,GAAA,CAAI,eAAA,IAAmB,aAAA;AAAA,IAC1C,QAAA,EAAU,QAAQ,GAAA,CAAI,oBAAA;AAAA,IACtB,WAAA,EAAa,OAAA,CAAQ,GAAA,CAAI,SAAA,GACrB;AAAA,MACE,QAAA,EAAU,MAAA;AAAA,MACV,IAAA,EAAM;AAAA,QACJ,IAAA,EAAM,QAAQ,GAAA,CAAI,SAAA;AAAA,QAClB,MAAM,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,OAAO,EAAE,CAAA;AAAA,QACjD,MAAA,EAAQ,OAAA,CAAQ,GAAA,CAAI,WAAA,KAAgB,MAAA;AAAA,QACpC,IAAA,EAAM;AAAA,UACJ,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,EAAA;AAAA,UAC/B,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa;AAAA;AACjC,OACF;AAAA,MACA,IAAA,EAAM,OAAA,CAAQ,GAAA,CAAI,SAAA,IAAa,qBAAA;AAAA,MAC/B,QAAA,EAAU,QAAQ,GAAA,CAAI;AAAA,KACxB,GACA,MAAA;AAAA,IACJ,gBAAA,EAAkB,OAAA,CAAQ,GAAA,CAAI,uBAAA,KAA4B;AAAA,GAC5D;AACF;AAEA,eAAsB,aAAA,GAAiD;AACrE,EAAA,MAAM,SAAS,mBAAA,EAAoB;AACnC,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAA,CAAQ,IAAI,kCAAkC,CAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,EAAA,IAAI,OAAO,OAAA,EAAS;AAClB,IAAA,OAAA,CAAQ,GAAA,CAAI,CAAA,oBAAA,EAAuB,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EACxD,CAAA,MAAO;AACL,IAAA,OAAA,CAAQ,KAAA,CAAM,CAAA,kBAAA,EAAqB,MAAA,CAAO,KAAK,CAAA,CAAE,CAAA;AAAA,EACnD;AAEA,EAAA,OAAO,MAAA;AACT;AAEA,eAAsB,kBAAA,CACpB,MAAA,EACA,UAAA,GAAqB,CAAA,EACrB,eAAuB,GAAA,EACG;AAC1B,EAAA,IAAI,SAAA,GAAoB,EAAA;AAExB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,UAAA,EAAY,CAAA,EAAA,EAAK;AACnC,IAAA,MAAM,MAAA,GAAS,MAAM,cAAA,CAAe,MAAM,CAAA;AAE1C,IAAA,IAAI,OAAO,OAAA,EAAS;AAClB,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,SAAA,GAAY,OAAO,KAAA,IAAS,eAAA;AAE5B,IAAA,IAAI,SAAA,CAAU,QAAA,CAAS,gBAAgB,CAAA,EAAG;AACxC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,IAAI,CAAA,GAAI,aAAa,CAAA,EAAG;AACtB,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,IAClE;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,KAAA;AAAA,IACT,KAAA,EAAO,CAAA,aAAA,EAAgB,UAAU,CAAA,UAAA,EAAa,SAAS,CAAA;AAAA,GACzD;AACF","file":"chunk-BQ2T4WRS.js","sourcesContent":["import { SQLiteAuthAdapter } from \"./sqlite-adapter.js\";\nimport { EmailTransport, type EmailConfig } from \"./nodemailer-transport.js\";\nimport { PasswordPolicy } from \"./security/password-policy.js\";\nimport type { AuthUser, UserRole, AuthAdapter } from \"./types.js\";\n\nexport interface BootstrapConfig {\n  authAdapter?: AuthAdapter;\n  authDbPath?: string;\n  adminEmail: string;\n  adminPassword: string;\n  adminRole?: string;\n  tenantId?: string;\n  emailConfig?: EmailConfig;\n  sendWelcomeEmail?: boolean;\n}\n\nexport interface BootstrapResult {\n  success: boolean;\n  user?: AuthUser;\n  error?: string;\n}\n\nexport async function bootstrapAdmin(\n  config: BootstrapConfig,\n): Promise<BootstrapResult> {\n  const {\n    adminEmail,\n    adminPassword,\n    adminRole = \"super_admin\",\n    tenantId,\n    emailConfig,\n    sendWelcomeEmail = false,\n  } = config;\n\n  const authAdapter =\n    config.authAdapter ||\n    new SQLiteAuthAdapter({\n      path: config.authDbPath || \"./data/auth.db\",\n    });\n\n  try {\n    await authAdapter.connect?.();\n  } catch (error) {\n    return {\n      success: false,\n      error: \"Failed to connect to auth storage\",\n    };\n  }\n\n  const passwordPolicy = new PasswordPolicy();\n  const passwordValidation = passwordPolicy.validate(adminPassword);\n  if (!passwordValidation.valid) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: `Invalid password: ${passwordValidation.errors.join(\", \")}`,\n    };\n  }\n\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  if (existingUser) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error: \"Admin user already exists\",\n    };\n  }\n\n  try {\n    const user = await authAdapter.createUser({\n      email: adminEmail,\n      password: adminPassword,\n      role: (adminRole as UserRole) || \"admin\",\n      tenantId,\n    });\n\n    if (sendWelcomeEmail && emailConfig) {\n      const emailTransport = new EmailTransport(emailConfig);\n      const templates = emailTransport.getTemplates();\n      const welcomeTemplate = templates.welcome(adminEmail.split(\"@\")[0]);\n      await emailTransport.send({\n        to: adminEmail,\n        ...welcomeTemplate,\n      });\n    }\n\n    await authAdapter.disconnect?.();\n    return {\n      success: true,\n      user,\n    };\n  } catch (error) {\n    await authAdapter.disconnect?.();\n    return {\n      success: false,\n      error:\n        error instanceof Error ? error.message : \"Failed to create admin user\",\n    };\n  }\n}\n\nexport async function checkBootstrapRequired(\n  authAdapter: AuthAdapter,\n  adminEmail: string,\n): Promise<boolean> {\n  const existingUser = await authAdapter.findUserByEmail(adminEmail);\n  return !existingUser;\n}\n\nexport function getBootstrapFromEnv(): BootstrapConfig | null {\n  const email = process.env.KYRO_ADMIN_EMAIL;\n  const password = process.env.KYRO_ADMIN_PASSWORD;\n\n  if (!email || !password) {\n    return null;\n  }\n\n  return {\n    authDbPath: process.env.KYRO_AUTH_DB_PATH || \"./data/auth.db\",\n    adminEmail: email,\n    adminPassword: password,\n    adminRole: process.env.KYRO_ADMIN_ROLE || \"super_admin\",\n    tenantId: process.env.KYRO_ADMIN_TENANT_ID,\n    emailConfig: process.env.SMTP_HOST\n      ? {\n          provider: \"smtp\",\n          smtp: {\n            host: process.env.SMTP_HOST,\n            port: parseInt(process.env.SMTP_PORT || \"587\", 10),\n            secure: process.env.SMTP_SECURE === \"true\",\n            auth: {\n              user: process.env.SMTP_USER || \"\",\n              pass: process.env.SMTP_PASS || \"\",\n            },\n          },\n          from: process.env.SMTP_FROM || \"noreply@example.com\",\n          fromName: process.env.SMTP_FROM_NAME,\n        }\n      : undefined,\n    sendWelcomeEmail: process.env.KYRO_ADMIN_SEND_WELCOME === \"true\",\n  };\n}\n\nexport async function autoBootstrap(): Promise<BootstrapResult | null> {\n  const config = getBootstrapFromEnv();\n  if (!config) {\n    return null;\n  }\n\n  console.log(\"Auto-bootstrapping admin user...\");\n  const result = await bootstrapAdmin(config);\n\n  if (result.success) {\n    console.log(`Admin user created: ${config.adminEmail}`);\n  } else {\n    console.error(`Bootstrap failed: ${result.error}`);\n  }\n\n  return result;\n}\n\nexport async function bootstrapWithRetry(\n  config: BootstrapConfig,\n  maxRetries: number = 3,\n  retryDelayMs: number = 2000,\n): Promise<BootstrapResult> {\n  let lastError: string = \"\";\n\n  for (let i = 0; i < maxRetries; i++) {\n    const result = await bootstrapAdmin(config);\n\n    if (result.success) {\n      return result;\n    }\n\n    lastError = result.error || \"Unknown error\";\n\n    if (lastError.includes(\"already exists\")) {\n      return result;\n    }\n\n    if (i < maxRetries - 1) {\n      await new Promise((resolve) => setTimeout(resolve, retryDelayMs));\n    }\n  }\n\n  return {\n    success: false,\n    error: `Failed after ${maxRetries} retries: ${lastError}`,\n  };\n}\n"]}

package/dist/{chunk-U74F3YZU.js → chunk-DBUYB32X.js}

@@ -1,4 +1,4 @@
-import { users, sessions, passwordHistory, lockouts, auditLogs } from './chunk-LTRCYJAG.js';
+import { users, sessions, passwordHistory, lockouts, auditLogs } from './chunk-WOWUL7ZY.js';
 import { eq, and, gt, desc, sql } from 'drizzle-orm';
 import bcrypt from 'bcryptjs';
 import { randomBytes } from 'crypto';
@@ -18,6 +18,7 @@ var PostgresAuthAdapter = class {
     const passwordHash = await this.hashPassword(data.password);
     const [user] = await this.db.insert(users).values({
       email: data.email.toLowerCase(),
+      name: data.name,
       passwordHash,
       role: data.role || "customer",
       tenantId: data.tenantId
@@ -34,6 +35,7 @@ var PostgresAuthAdapter = class {
   }
   async updateUser(id, data) {
     const dbData = { updatedAt: /* @__PURE__ */ new Date() };
+    if (data.name !== void 0) dbData.name = data.name;
     if (data.email !== void 0) dbData.email = data.email;
     if (data.passwordHash !== void 0)
       dbData.passwordHash = data.passwordHash;
@@ -83,6 +85,15 @@ var PostgresAuthAdapter = class {
     const [session] = await this.db.select().from(sessions).where(and(eq(sessions.token, token), gt(sessions.expiresAt, /* @__PURE__ */ new Date()))).limit(1);
     return session ? this.sessionToSession(session) : null;
   }
+  async findSessionByRefreshToken(refreshToken) {
+    const [session] = await this.db.select().from(sessions).where(
+      and(
+        eq(sessions.refreshToken, refreshToken),
+        gt(sessions.expiresAt, /* @__PURE__ */ new Date())
+      )
+    ).limit(1);
+    return session ? this.sessionToSession(session) : null;
+  }
   async deleteSession(sessionId) {
     await this.db.delete(sessions).where(eq(sessions.id, sessionId));
     return true;
@@ -219,6 +230,7 @@ var PostgresAuthAdapter = class {
   userToAuthUser(user) {
     return {
       id: user.id,
+      name: user.name || void 0,
       email: user.email,
       passwordHash: user.passwordHash || void 0,
       role: user.role,
@@ -246,5 +258,5 @@ var PostgresAuthAdapter = class {
 };
 
 export { PostgresAuthAdapter };
-//# sourceMappingURL=chunk-U74F3YZU.js.map
-//# sourceMappingURL=chunk-U74F3YZU.js.map
+//# sourceMappingURL=chunk-DBUYB32X.js.map
+//# sourceMappingURL=chunk-DBUYB32X.js.map

package/dist/chunk-DBUYB32X.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/database/drizzle/postgres-auth-adapter.ts"],"names":[],"mappings":";;;;;AA8BO,IAAM,sBAAN,MAAiD;AAAA,EAC9C,EAAA;AAAA,EACA,MAAA;AAAA,EACA,UAAA;AAAA,EACA,eAAA;AAAA,EAER,YAAY,OAAA,EAAqC;AAC/C,IAAA,IAAA,CAAK,KAAK,OAAA,CAAQ,EAAA;AAClB,IAAA,IAAA,CAAK,MAAA,GAAS,QAAQ,MAAA,IAAU,OAAA;AAChC,IAAA,IAAA,CAAK,UAAA,GAAa,QAAQ,UAAA,IAAc,KAAA;AACxC,IAAA,IAAA,CAAK,eAAA,GAAkB,QAAQ,eAAA,IAAmB,MAAA;AAAA,EACpD;AAAA,EAEA,MAAM,WAAW,IAAA,EAMK;AACpB,IAAA,MAAM,YAAA,GAAe,MAAM,IAAA,CAAK,YAAA,CAAa,KAAK,QAAQ,CAAA;AAC1D,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,CAAO,KAAK,CAAA,CACZ,MAAA,CAAO;AAAA,MACN,KAAA,EAAO,IAAA,CAAK,KAAA,CAAM,WAAA,EAAY;AAAA,MAC9B,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,YAAA;AAAA,MACA,IAAA,EAAO,KAAK,IAAA,IAAQ,UAAA;AAAA,MACpB,UAAU,IAAA,CAAK;AAAA,KAChB,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,eAAe,IAAI,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,gBAAgB,KAAA,EAAyC;AAC7D,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,KAAK,EAAA,CACvB,MAAA,GACA,IAAA,CAAK,KAAK,EACV,KAAA,CAAM,EAAA,CAAG,MAAM,KAAA,EAAO,KAAA,CAAM,aAAa,CAAC,CAAA,CAC1C,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,aAAa,EAAA,EAAsC;AACvD,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,QAAO,CACP,IAAA,CAAK,KAAK,CAAA,CACV,KAAA,CAAM,GAAG,KAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAA,CACtB,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,UAAA,CACJ,EAAA,EACA,IAAA,EAC0B;AAC1B,IAAA,MAAM,MAAA,GAAkC,EAAE,SAAA,kBAAW,IAAI,MAAK,EAAE;AAChE,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,MAAA,EAAW,MAAA,CAAO,OAAO,IAAA,CAAK,IAAA;AAChD,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,MAAA,EAAW,MAAA,CAAO,QAAQ,IAAA,CAAK,KAAA;AAClD,IAAA,IAAI,KAAK,YAAA,KAAiB,MAAA;AACxB,MAAA,MAAA,CAAO,eAAe,IAAA,CAAK,YAAA;AAC7B,IAAA,IAAI,IAAA,CAAK,IAAA,KAAS,MAAA,EAAW,MAAA,CAAO,OAAO,IAAA,CAAK,IAAA;AAChD,IAAA,IAAI,IAAA,CAAK,QAAA,KAAa,MAAA,EAAW,MAAA,CAAO,WAAW,IAAA,CAAK,QAAA;AACxD,IAAA,IAAI,KAAK,aAAA,KAAkB,MAAA;AACzB,MAAA,MAAA,CAAO,gBAAgB,IAAA,CAAK,aAAA;AAC9B,IAAA,IAAI,IAAA,CAAK,MAAA,KAAW,MAAA,EAAW,MAAA,CAAO,SAAS,IAAA,CAAK,MAAA;AACpD,IAAA,IAAI,KAAK,SAAA,KAAc,MAAA;AACrB,MAAA,MAAA,CAAO,YAAY,IAAA,CAAK,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,SAAS,CAAA,GAAI,IAAA;AACjE,IAAA,IAAI,KAAK,mBAAA,KAAwB,MAAA;AAC/B,MAAA,MAAA,CAAO,sBAAsB,IAAA,CAAK,mBAAA;AAEpC,IAAA,MAAM,CAAC,IAAI,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CACvB,OAAO,KAAK,CAAA,CACZ,IAAI,MAAM,CAAA,CACV,MAAM,EAAA,CAAG,KAAA,CAAM,IAAI,EAAE,CAAC,EACtB,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,GAAO,IAAA,CAAK,cAAA,CAAe,IAAI,CAAA,GAAI,IAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,WAAW,EAAA,EAA8B;AAC7C,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,KAAK,CAAA,CAAE,MAAM,EAAA,CAAG,KAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAA;AAClD,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,cAAA,CACJ,KAAA,EACA,QAAA,EAC0B;AAC1B,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,eAAA,CAAgB,KAAK,CAAA;AAC7C,IAAA,IAAI,CAAC,MAAM,OAAO,IAAA;AAClB,IAAA,MAAM,CAAC,MAAM,CAAA,GAAI,MAAM,KAAK,EAAA,CACzB,MAAA,GACA,IAAA,CAAK,KAAK,EACV,KAAA,CAAM,EAAA,CAAG,MAAM,KAAA,EAAO,KAAA,CAAM,aAAa,CAAC,CAAA,CAC1C,KAAA,CAAM,CAAC,CAAA;AACV,IAAA,IAAI,CAAC,MAAA,EAAQ,YAAA,EAAc,OAAO,IAAA;AAClC,IAAA,MAAM,QAAQ,MAAM,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,OAAO,YAAY,CAAA;AAChE,IAAA,OAAO,QAAQ,IAAA,GAAO,IAAA;AAAA,EACxB;AAAA,EAEA,MAAM,aAAa,QAAA,EAAmC;AACpD,IAAA,OAAO,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,EAAE,CAAA;AAAA,EACjC;AAAA,EAEA,MAAM,aAAA,CACJ,MAAA,EACA,IAAA,EACkB;AAClB,IAAA,MAAM,KAAA,GAAQ,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AAClD,IAAA,MAAM,YAAA,GAAe,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,WAAW,CAAA;AACzD,IAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,aAAa,GAAI,CAAA;AAC9D,IAAyB,IAAI,IAAA,CAAK,IAAA,CAAK,KAAI,GAAI,IAAA,CAAK,kBAAkB,GAAI;AAE1E,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,KAAK,EAAA,CAC1B,MAAA,CAAO,QAAQ,CAAA,CACf,MAAA,CAAO;AAAA,MACN,MAAA;AAAA,MACA,KAAA;AAAA,MACA,YAAA;AAAA,MACA,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB,WAAW,IAAA,EAAM,SAAA;AAAA,MACjB;AAAA,KACD,EACA,SAAA,EAAU;AAEb,IAAA,OAAO,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAAA,EACtC;AAAA,EAEA,MAAM,mBAAmB,KAAA,EAAwC;AAC/D,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,EAAA,CAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA,CAAM,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS,KAAA,EAAO,KAAK,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,SAAA,kBAAW,IAAI,IAAA,EAAM,CAAC,CAAC,CAAA,CACxE,KAAA,CAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA,GAAI,IAAA;AAAA,EACpD;AAAA,EAEA,MAAM,0BACJ,YAAA,EACyB;AACzB,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA;AAAA,MACC,GAAA;AAAA,QACE,EAAA,CAAG,QAAA,CAAS,YAAA,EAAc,YAAY,CAAA;AAAA,QACtC,EAAA,CAAG,QAAA,CAAS,SAAA,kBAAW,IAAI,MAAM;AAAA;AACnC,KACF,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAA,GAAI,IAAA;AAAA,EACpD;AAAA,EAEA,MAAM,cAAc,SAAA,EAAqC;AACvD,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,QAAQ,CAAA,CAAE,MAAM,EAAA,CAAG,QAAA,CAAS,EAAA,EAAI,SAAS,CAAC,CAAA;AAC/D,IAAA,OAAO,IAAA;AAAA,EACT;AAAA,EAEA,MAAM,mBAAmB,MAAA,EAAiC;AACxD,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,QAAQ,CAAA,CAAE,MAAM,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,CAAC,CAAA;AAChE,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEA,MAAM,oBAAA,CACJ,MAAA,EACA,YAAA,EACe;AACf,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,eAAe,EAAE,MAAA,CAAO;AAAA,MAC3C,MAAA;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAAA,EAEA,MAAM,kBAAA,CACJ,MAAA,EACA,KAAA,GAAgB,CAAA,EACG;AACnB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,EAAA,CACxB,MAAA,CAAO,EAAE,YAAA,EAAc,eAAA,CAAgB,YAAA,EAAc,CAAA,CACrD,IAAA,CAAK,eAAe,CAAA,CACpB,KAAA,CAAM,EAAA,CAAG,eAAA,CAAgB,MAAA,EAAQ,MAAM,CAAC,CAAA,CACxC,OAAA,CAAQ,IAAA,CAAK,eAAA,CAAgB,SAAS,CAAC,CAAA,CACvC,KAAA,CAAM,KAAK,CAAA;AAEd,IAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,YAAY,CAAA;AAAA,EAC1C;AAAA,EAEA,MAAM,mBAAA,CACJ,QAAA,EACA,MAAA,EACA,eAAuB,CAAA,EACL;AAClB,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,CAAK,kBAAA,CAAmB,QAAQ,YAAY,CAAA;AAElE,IAAA,KAAA,MAAW,QAAQ,OAAA,EAAS;AAC1B,MAAA,IAAI,MAAM,IAAA,CAAK,cAAA,CAAe,QAAA,EAAU,IAAI,CAAA,EAAG;AAC7C,QAAA,OAAO,IAAA;AAAA,MACT;AAAA,IACF;AAEA,IAAA,OAAO,KAAA;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,MAAA,EAAkC;AAC/C,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA;AAAA,MACC,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,CAAC,CAAC,OAAA;AAAA,EACX;AAAA,EAEA,MAAM,WAAW,MAAA,EAAuD;AACtE,IAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,GAC1B,MAAA,EAAO,CACP,IAAA,CAAK,QAAQ,CAAA,CACb,KAAA;AAAA,MACC,GAAA,CAAI,EAAA,CAAG,QAAA,CAAS,MAAA,EAAQ,MAAM,CAAA,EAAG,EAAA,CAAG,QAAA,CAAS,WAAA,kBAAa,IAAI,IAAA,EAAM,CAAC;AAAA,KACvE,CACC,MAAM,CAAC,CAAA;AAEV,IAAA,OAAO,OAAA,GAAU,EAAE,WAAA,EAAa,OAAA,CAAQ,aAAY,GAAI,IAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,mBAAA,CACJ,MAAA,EACA,SAAA,EACgD;AAChD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,YAAA,CAAa,MAAM,CAAA;AAC3C,IAAA,MAAM,QAAA,GAAA,CAAY,IAAA,EAAM,mBAAA,IAAuB,CAAA,IAAK,CAAA;AAEpD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,UAAU,CAAA;AAE/D,IAAA,MAAM,WAAA,GAAc,CAAA;AACpB,IAAA,MAAM,SAAS,QAAA,IAAY,WAAA;AAE3B,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,MAAM,eAAA,GAAkB,KAAK,EAAA,GAAK,GAAA;AAClC,MAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,QAAQ,EAAE,MAAA,CAAO;AAAA,QACpC,MAAA;AAAA,QACA,SAAA;AAAA,QACA,MAAA,EAAQ,gCAAA;AAAA,QACR,aAAa,IAAI,IAAA,CAAK,IAAA,CAAK,GAAA,KAAQ,eAAe;AAAA,OACnD,CAAA;AAAA,IACH;AAEA,IAAA,OAAO,EAAE,UAAU,MAAA,EAAO;AAAA,EAC5B;AAAA,EAEA,MAAM,cAAc,MAAA,EAA+B;AACjD,IAAA,MAAM,KAAK,UAAA,CAAW,MAAA,EAAQ,EAAE,mBAAA,EAAqB,GAAG,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAM,cACJ,MAAA,EAC8C;AAC9C,IAAA,MAAM;AAAA,MACJ,KAAA,GAAQ,EAAA;AAAA,MACR,MAAA,GAAS,CAAA;AAAA,MACT,MAAA;AAAA,MACA,MAAA;AAAA,MACA,QAAA;AAAA,MACA,UAAA;AAAA,MACA,OAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF,GAAI,MAAA;AAEJ,IAAA,MAAM,aAAa,EAAC;AACpB,IAAA,IAAI,QAAQ,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,MAAA,EAAQ,MAAM,CAAC,CAAA;AACxD,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AACzB,QAAA,UAAA,CAAW,KAAK,GAAA,CAAA,EAAM,SAAA,CAAU,MAAM,CAAA,OAAA,EAAU,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,MAC3D,CAAA,MAAO;AACL,QAAA,UAAA,CAAW,IAAA,CAAK,EAAA,CAAG,SAAA,CAAU,MAAA,EAAQ,MAAM,CAAC,CAAA;AAAA,MAC9C;AAAA,IACF;AACA,IAAA,IAAI,UAAU,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,QAAA,EAAU,QAAQ,CAAC,CAAA;AAC9D,IAAA,IAAI,YAAY,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,UAAA,EAAY,UAAU,CAAC,CAAA;AACpE,IAAA,IAAI,OAAA,KAAY,QAAW,UAAA,CAAW,IAAA,CAAK,GAAG,SAAA,CAAU,OAAA,EAAS,OAAO,CAAC,CAAA;AACzE,IAAA,IAAI,SAAA,aAAsB,IAAA,CAAK,GAAA,CAAA,EAAM,UAAU,SAAS,CAAA,IAAA,EAAO,SAAS,CAAA,CAAE,CAAA;AAC1E,IAAA,IAAI,OAAA,aAAoB,IAAA,CAAK,GAAA,CAAA,EAAM,UAAU,SAAS,CAAA,IAAA,EAAO,OAAO,CAAA,CAAE,CAAA;AAEtE,IAAA,MAAM,cAAc,UAAA,CAAW,MAAA,GAAS,IAAI,GAAA,CAAI,GAAG,UAAU,CAAA,GAAI,MAAA;AAEjE,IAAA,MAAM,WAAA,GAAc,MAAM,IAAA,CAAK,EAAA,CAC5B,OAAO,EAAE,KAAA,EAAO,GAAA,CAAA,QAAA,CAAA,EAAuB,CAAA,CACvC,IAAA,CAAK,SAAS,CAAA,CACd,MAAM,WAAW,CAAA;AAEpB,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,EAAA,CACrB,QAAO,CACP,IAAA,CAAK,SAAS,CAAA,CACd,KAAA,CAAM,WAAW,EACjB,OAAA,CAAQ,IAAA,CAAK,UAAU,SAAS,CAAC,EACjC,KAAA,CAAM,KAAK,CAAA,CACX,MAAA,CAAO,MAAM,CAAA;AAEhB,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,IAAA,CAAK,GAAA,CAAI,CAAC,GAAA,MAAS;AAAA,QACvB,IAAI,GAAA,CAAI,EAAA;AAAA,QACR,WAAW,GAAA,CAAI,SAAA;AAAA,QACf,QAAQ,GAAA,CAAI,MAAA;AAAA,QACZ,MAAA,EAAQ,IAAI,MAAA,IAAU,MAAA;AAAA,QACtB,SAAA,EAAW,IAAI,SAAA,IAAa,MAAA;AAAA,QAC5B,IAAA,EAAM,IAAI,IAAA,IAAQ,MAAA;AAAA,QAClB,UAAU,GAAA,CAAI,QAAA;AAAA,QACd,UAAA,EAAY,IAAI,UAAA,IAAc,MAAA;AAAA,QAC9B,OAAA,EAAS,IAAI,OAAA,IAAW,MAAA;AAAA,QACxB,SAAA,EAAW,IAAI,SAAA,IAAa,MAAA;AAAA,QAC5B,SAAA,EAAW,IAAI,SAAA,IAAa,MAAA;AAAA,QAC5B,SAAS,GAAA,CAAI,OAAA;AAAA,QACb,KAAA,EAAO,IAAI,KAAA,IAAS,MAAA;AAAA,QACpB,QAAA,EAAU,IAAI,QAAA,IAAY;AAAA,OAC5B,CAAE,CAAA;AAAA,MACF,OAAO,MAAA,CAAO,WAAA,CAAY,CAAC,CAAA,EAAG,SAAS,CAAC;AAAA,KAC1C;AAAA,EACF;AAAA,EAEA,MAAM,eACJ,IAAA,EACmB;AACnB,IAAA,MAAM,EAAA,GAAK,OAAO,UAAA,EAAW;AAC7B,IAAA,MAAM,SAAA,uBAAgB,IAAA,EAAK;AAE3B,IAAA,MAAM,IAAA,CAAK,EAAA,CAAG,MAAA,CAAO,SAAS,EAAE,MAAA,CAAO;AAAA,MACrC,EAAA;AAAA,MACA,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,UAAU,IAAA,CAAK,QAAA;AAAA,MACf;AAAA,KACD,CAAA;AAED,IAAA,OAAO;AAAA,MACL,GAAG,IAAA;AAAA,MACH,EAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEQ,eAAe,IAAA,EAA6B;AAClD,IAAA,OAAO;AAAA,MACL,IAAI,IAAA,CAAK,EAAA;AAAA,MACT,IAAA,EAAM,KAAK,IAAA,IAAQ,MAAA;AAAA,MACnB,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAA,EAAc,KAAK,YAAA,IAAgB,MAAA;AAAA,MACnC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,QAAA,EAAU,KAAK,QAAA,IAAY,MAAA;AAAA,MAC3B,aAAA,EAAe,KAAK,aAAA,IAAiB,KAAA;AAAA,MACrC,MAAA,EAAQ,KAAK,MAAA,IAAU,KAAA;AAAA,MACvB,SAAA,EAAW,IAAA,CAAK,SAAA,EAAW,WAAA,EAAY;AAAA,MACvC,mBAAA,EAAqB,KAAK,mBAAA,IAAuB,CAAA;AAAA,MACjD,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA,EAAY;AAAA,MACtC,SAAA,EAAW,IAAA,CAAK,SAAA,CAAU,WAAA;AAAY,KACxC;AAAA,EACF;AAAA,EAEQ,iBAAiB,OAAA,EAAgD;AACvE,IAAA,OAAO;AAAA,MACL,IAAI,OAAA,CAAQ,EAAA;AAAA,MACZ,QAAQ,OAAA,CAAQ,MAAA;AAAA,MAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,MACf,YAAA,EAAc,QAAQ,YAAA,IAAgB,MAAA;AAAA,MACtC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,OAAA,CAAQ,SAAA,CAAU,WAAA,EAAY;AAAA,MACzC,SAAA,EAAW,QAAQ,SAAA,IAAa,MAAA;AAAA,MAChC,SAAA,EAAW,QAAQ,SAAA,IAAa;AAAA,KAClC;AAAA,EACF;AACF","file":"chunk-DBUYB32X.js","sourcesContent":["import type { PostgresJsDatabase } from \"drizzle-orm/postgres-js\";\nimport { eq, and, gt, desc, sql } from \"drizzle-orm\";\nimport bcrypt from \"bcryptjs\";\nimport { randomBytes } from \"crypto\";\nimport type {\n  AuthAdapter,\n  AuthUser,\n  Session,\n  UserRole,\n} from \"../../auth/types.js\";\nimport {\n  users,\n  sessions,\n  passwordHistory,\n  auditLogs,\n  lockouts,\n  type AuthUser as AuthUserRow,\n} from \"./schema/auth.js\";\nimport type {\n  AuditLog,\n  AuditLogFilter,\n} from \"../../auth/security/audit-log.js\";\n\nexport interface PostgresAuthAdapterOptions {\n  db: PostgresJsDatabase;\n  prefix?: string;\n  sessionTTL?: number;\n  refreshTokenTTL?: number;\n}\n\nexport class PostgresAuthAdapter implements AuthAdapter {\n  private db: PostgresJsDatabase;\n  private prefix: string;\n  private sessionTTL: number;\n  private refreshTokenTTL: number;\n\n  constructor(options: PostgresAuthAdapterOptions) {\n    this.db = options.db;\n    this.prefix = options.prefix || \"kyro:\";\n    this.sessionTTL = options.sessionTTL || 86400;\n    this.refreshTokenTTL = options.refreshTokenTTL || 604800;\n  }\n\n  async createUser(data: {\n    email: string;\n    password: string;\n    name?: string;\n    role?: UserRole;\n    tenantId?: string;\n  }): Promise<AuthUser> {\n    const passwordHash = await this.hashPassword(data.password);\n    const [user] = await this.db\n      .insert(users)\n      .values({\n        email: data.email.toLowerCase(),\n        name: data.name,\n        passwordHash,\n        role: (data.role || \"customer\") as string,\n        tenantId: data.tenantId,\n      })\n      .returning();\n\n    return this.userToAuthUser(user);\n  }\n\n  async findUserByEmail(email: string): Promise<AuthUser | null> {\n    const [user] = await this.db\n      .select()\n      .from(users)\n      .where(eq(users.email, email.toLowerCase()))\n      .limit(1);\n\n    return user ? this.userToAuthUser(user) : null;\n  }\n\n  async findUserById(id: string): Promise<AuthUser | null> {\n    const [user] = await this.db\n      .select()\n      .from(users)\n      .where(eq(users.id, id))\n      .limit(1);\n\n    return user ? this.userToAuthUser(user) : null;\n  }\n\n  async updateUser(\n    id: string,\n    data: Partial<AuthUser>,\n  ): Promise<AuthUser | null> {\n    const dbData: Record<string, unknown> = { updatedAt: new Date() };\n    if (data.name !== undefined) dbData.name = data.name;\n    if (data.email !== undefined) dbData.email = data.email;\n    if (data.passwordHash !== undefined)\n      dbData.passwordHash = data.passwordHash;\n    if (data.role !== undefined) dbData.role = data.role;\n    if (data.tenantId !== undefined) dbData.tenantId = data.tenantId;\n    if (data.emailVerified !== undefined)\n      dbData.emailVerified = data.emailVerified;\n    if (data.locked !== undefined) dbData.locked = data.locked;\n    if (data.lastLogin !== undefined)\n      dbData.lastLogin = data.lastLogin ? new Date(data.lastLogin) : null;\n    if (data.failedLoginAttempts !== undefined)\n      dbData.failedLoginAttempts = data.failedLoginAttempts;\n\n    const [user] = await this.db\n      .update(users)\n      .set(dbData)\n      .where(eq(users.id, id))\n      .returning();\n\n    return user ? this.userToAuthUser(user) : null;\n  }\n\n  async deleteUser(id: string): Promise<boolean> {\n    await this.db.delete(users).where(eq(users.id, id));\n    return true;\n  }\n\n  async verifyPassword(\n    email: string,\n    password: string,\n  ): Promise<AuthUser | null> {\n    const user = await this.findUserByEmail(email);\n    if (!user) return null;\n    const [stored] = await this.db\n      .select()\n      .from(users)\n      .where(eq(users.email, email.toLowerCase()))\n      .limit(1);\n    if (!stored?.passwordHash) return null;\n    const valid = await bcrypt.compare(password, stored.passwordHash);\n    return valid ? user : null;\n  }\n\n  async hashPassword(password: string): Promise<string> {\n    return bcrypt.hash(password, 12);\n  }\n\n  async createSession(\n    userId: string,\n    data?: { ipAddress?: string; userAgent?: string },\n  ): Promise<Session> {\n    const token = randomBytes(32).toString(\"base64url\");\n    const refreshToken = randomBytes(32).toString(\"base64url\");\n    const expiresAt = new Date(Date.now() + this.sessionTTL * 1000);\n    const refreshExpiresAt = new Date(Date.now() + this.refreshTokenTTL * 1000);\n\n    const [session] = await this.db\n      .insert(sessions)\n      .values({\n        userId,\n        token,\n        refreshToken,\n        ipAddress: data?.ipAddress,\n        userAgent: data?.userAgent,\n        expiresAt,\n      })\n      .returning();\n\n    return this.sessionToSession(session);\n  }\n\n  async findSessionByToken(token: string): Promise<Session | null> {\n    const [session] = await this.db\n      .select()\n      .from(sessions)\n      .where(and(eq(sessions.token, token), gt(sessions.expiresAt, new Date())))\n      .limit(1);\n\n    return session ? this.sessionToSession(session) : null;\n  }\n\n  async findSessionByRefreshToken(\n    refreshToken: string,\n  ): Promise<Session | null> {\n    const [session] = await this.db\n      .select()\n      .from(sessions)\n      .where(\n        and(\n          eq(sessions.refreshToken, refreshToken),\n          gt(sessions.expiresAt, new Date()),\n        ),\n      )\n      .limit(1);\n\n    return session ? this.sessionToSession(session) : null;\n  }\n\n  async deleteSession(sessionId: string): Promise<boolean> {\n    await this.db.delete(sessions).where(eq(sessions.id, sessionId));\n    return true;\n  }\n\n  async deleteUserSessions(userId: string): Promise<number> {\n    await this.db.delete(sessions).where(eq(sessions.userId, userId));\n    return 1;\n  }\n\n  async addPasswordToHistory(\n    userId: string,\n    passwordHash: string,\n  ): Promise<void> {\n    await this.db.insert(passwordHistory).values({\n      userId,\n      passwordHash,\n    });\n  }\n\n  async getPasswordHistory(\n    userId: string,\n    count: number = 5,\n  ): Promise<string[]> {\n    const history = await this.db\n      .select({ passwordHash: passwordHistory.passwordHash })\n      .from(passwordHistory)\n      .where(eq(passwordHistory.userId, userId))\n      .orderBy(desc(passwordHistory.createdAt))\n      .limit(count);\n\n    return history.map((h) => h.passwordHash);\n  }\n\n  async isPasswordInHistory(\n    password: string,\n    userId: string,\n    historyCount: number = 5,\n  ): Promise<boolean> {\n    const history = await this.getPasswordHistory(userId, historyCount);\n\n    for (const hash of history) {\n      if (await this.verifyPassword(password, hash)) {\n        return true;\n      }\n    }\n\n    return false;\n  }\n\n  async isLocked(userId: string): Promise<boolean> {\n    const [lockout] = await this.db\n      .select()\n      .from(lockouts)\n      .where(\n        and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n      )\n      .limit(1);\n\n    return !!lockout;\n  }\n\n  async getLockout(userId: string): Promise<{ lockedUntil: Date } | null> {\n    const [lockout] = await this.db\n      .select()\n      .from(lockouts)\n      .where(\n        and(eq(lockouts.userId, userId), gt(lockouts.lockedUntil, new Date())),\n      )\n      .limit(1);\n\n    return lockout ? { lockedUntil: lockout.lockedUntil } : null;\n  }\n\n  async recordFailedAttempt(\n    userId: string,\n    ipAddress?: string,\n  ): Promise<{ attempts: number; locked: boolean }> {\n    const user = await this.findUserById(userId);\n    const attempts = (user?.failedLoginAttempts || 0) + 1;\n\n    await this.updateUser(userId, { failedLoginAttempts: attempts });\n\n    const maxAttempts = 5;\n    const locked = attempts >= maxAttempts;\n\n    if (locked) {\n      const lockoutDuration = 15 * 60 * 1000;\n      await this.db.insert(lockouts).values({\n        userId,\n        ipAddress,\n        reason: \"Too many failed login attempts\",\n        lockedUntil: new Date(Date.now() + lockoutDuration),\n      });\n    }\n\n    return { attempts, locked };\n  }\n\n  async resetAttempts(userId: string): Promise<void> {\n    await this.updateUser(userId, { failedLoginAttempts: 0 });\n  }\n\n  async findAuditLogs(\n    filter: AuditLogFilter,\n  ): Promise<{ logs: AuditLog[]; total: number }> {\n    const {\n      limit = 50,\n      offset = 0,\n      userId,\n      action,\n      resource,\n      resourceId,\n      success,\n      startDate,\n      endDate,\n    } = filter;\n\n    const conditions = [];\n    if (userId) conditions.push(eq(auditLogs.userId, userId));\n    if (action) {\n      if (Array.isArray(action)) {\n        conditions.push(sql`${auditLogs.action} = ANY(${action})`);\n      } else {\n        conditions.push(eq(auditLogs.action, action));\n      }\n    }\n    if (resource) conditions.push(eq(auditLogs.resource, resource));\n    if (resourceId) conditions.push(eq(auditLogs.resourceId, resourceId));\n    if (success !== undefined) conditions.push(eq(auditLogs.success, success));\n    if (startDate) conditions.push(sql`${auditLogs.timestamp} >= ${startDate}`);\n    if (endDate) conditions.push(sql`${auditLogs.timestamp} <= ${endDate}`);\n\n    const whereClause = conditions.length > 0 ? and(...conditions) : undefined;\n\n    const countResult = await this.db\n      .select({ count: sql<number>`count(*)` })\n      .from(auditLogs)\n      .where(whereClause);\n\n    const logs = await this.db\n      .select()\n      .from(auditLogs)\n      .where(whereClause)\n      .orderBy(desc(auditLogs.timestamp))\n      .limit(limit)\n      .offset(offset);\n\n    return {\n      logs: logs.map((log) => ({\n        id: log.id,\n        timestamp: log.timestamp,\n        action: log.action as AuditLog[\"action\"],\n        userId: log.userId || undefined,\n        userEmail: log.userEmail || undefined,\n        role: log.role || undefined,\n        resource: log.resource,\n        resourceId: log.resourceId || undefined,\n        changes: log.changes || undefined,\n        ipAddress: log.ipAddress || undefined,\n        userAgent: log.userAgent || undefined,\n        success: log.success,\n        error: log.error || undefined,\n        metadata: log.metadata || undefined,\n      })),\n      total: Number(countResult[0]?.count || 0),\n    };\n  }\n\n  async createAuditLog(\n    data: Omit<AuditLog, \"id\" | \"timestamp\">,\n  ): Promise<AuditLog> {\n    const id = crypto.randomUUID();\n    const timestamp = new Date();\n\n    await this.db.insert(auditLogs).values({\n      id,\n      action: data.action,\n      userId: data.userId,\n      userEmail: data.userEmail,\n      role: data.role,\n      resource: data.resource,\n      resourceId: data.resourceId,\n      changes: data.changes,\n      ipAddress: data.ipAddress,\n      userAgent: data.userAgent,\n      success: data.success,\n      error: data.error,\n      metadata: data.metadata,\n      timestamp,\n    });\n\n    return {\n      ...data,\n      id,\n      timestamp,\n    };\n  }\n\n  private userToAuthUser(user: AuthUserRow): AuthUser {\n    return {\n      id: user.id,\n      name: user.name || undefined,\n      email: user.email,\n      passwordHash: user.passwordHash || undefined,\n      role: user.role as UserRole,\n      tenantId: user.tenantId || undefined,\n      emailVerified: user.emailVerified || false,\n      locked: user.locked || false,\n      lastLogin: user.lastLogin?.toISOString(),\n      failedLoginAttempts: user.failedLoginAttempts || 0,\n      createdAt: user.createdAt.toISOString(),\n      updatedAt: user.updatedAt.toISOString(),\n    };\n  }\n\n  private sessionToSession(session: typeof sessions.$inferSelect): Session {\n    return {\n      id: session.id,\n      userId: session.userId,\n      token: session.token,\n      refreshToken: session.refreshToken || undefined,\n      expiresAt: session.expiresAt.toISOString(),\n      createdAt: session.createdAt.toISOString(),\n      ipAddress: session.ipAddress || undefined,\n      userAgent: session.userAgent || undefined,\n    };\n  }\n}\n"]}