@lastshotlabs/bunshot 0.0.20 → 0.0.25

package/dist/adapters/sqliteAuth.js

@@ -78,6 +78,10 @@ function initSchema(db) {
         db.run("ALTER TABLE sessions ADD COLUMN prevTokenExpiresAt INTEGER");
     }
     catch { /* already exists */ }
+    try {
+        db.run("ALTER TABLE sessions ADD COLUMN fingerprint TEXT");
+    }
+    catch { /* already exists */ }
     db.run("CREATE UNIQUE INDEX IF NOT EXISTS idx_sessions_refreshToken ON sessions(refreshToken) WHERE refreshToken IS NOT NULL");
     db.run(`CREATE TABLE IF NOT EXISTS oauth_states (
     state        TEXT PRIMARY KEY,
@@ -119,6 +123,35 @@ function initSchema(db) {
     createdAt    INTEGER NOT NULL
   )`);
     db.run("CREATE INDEX IF NOT EXISTS idx_webauthn_userId ON webauthn_credentials(userId)");
+    db.run(`CREATE TABLE IF NOT EXISTS groups (
+    id          TEXT    PRIMARY KEY,
+    name        TEXT    NOT NULL,
+    displayName TEXT,
+    description TEXT,
+    roles       TEXT    NOT NULL DEFAULT '[]',
+    tenantId    TEXT,
+    createdAt   INTEGER NOT NULL,
+    updatedAt   INTEGER NOT NULL
+  )`);
+    // SQLite UNIQUE treats each NULL as distinct, so we use partial indexes instead of
+    // a simple UNIQUE constraint on (name, tenantId). This correctly enforces name
+    // uniqueness within app-wide scope and within each tenant scope separately.
+    db.run("CREATE UNIQUE INDEX IF NOT EXISTS idx_groups_name_appwide ON groups(name) WHERE tenantId IS NULL");
+    db.run("CREATE UNIQUE INDEX IF NOT EXISTS idx_groups_name_tenant ON groups(name, tenantId) WHERE tenantId IS NOT NULL");
+    db.run("CREATE INDEX IF NOT EXISTS idx_groups_tenantId ON groups(tenantId)");
+    db.run(`CREATE TABLE IF NOT EXISTS group_memberships (
+    userId    TEXT    NOT NULL,
+    groupId   TEXT    NOT NULL REFERENCES groups(id) ON DELETE CASCADE,
+    roles     TEXT    NOT NULL DEFAULT '[]',
+    tenantId  TEXT,
+    createdAt INTEGER NOT NULL,
+    PRIMARY KEY (userId, groupId)
+  )`);
+    // NOTE: PRAGMA foreign_keys = ON is set in setSqliteDb() and must run per-connection.
+    // If any code path opens SQLite without going through setSqliteDb, ON DELETE CASCADE
+    // for group_memberships will silently not fire. All SQLite access must use setSqliteDb.
+    db.run("CREATE INDEX IF NOT EXISTS idx_gm_groupId ON group_memberships(groupId)");
+    db.run("CREATE INDEX IF NOT EXISTS idx_gm_userId_tenantId ON group_memberships(userId, tenantId)");
     db.run(`CREATE TABLE IF NOT EXISTS oauth_codes (
     codeHash     TEXT PRIMARY KEY,
     token        TEXT NOT NULL,
@@ -127,6 +160,12 @@ function initSchema(db) {
     refreshToken TEXT,
     expiresAt    INTEGER NOT NULL
   )`);
+    db.run(`CREATE TABLE IF NOT EXISTS deletion_cancel_tokens (
+    token     TEXT PRIMARY KEY,
+    userId    TEXT NOT NULL,
+    jobId     TEXT NOT NULL,
+    expiresAt INTEGER NOT NULL
+  )`);
 }
 // ---------------------------------------------------------------------------
 // Auth adapter
@@ -325,6 +364,148 @@ export const sqliteAuthAdapter = {
     async removeTenantRole(userId, tenantId, role) {
         getDb().run("DELETE FROM tenant_roles WHERE userId = ? AND tenantId = ? AND role = ?", [userId, tenantId, role]);
     },
+    // ---------------------------------------------------------------------------
+    // Groups
+    // ---------------------------------------------------------------------------
+    async createGroup(group) {
+        const id = crypto.randomUUID();
+        const now = Date.now();
+        try {
+            getDb().run("INSERT INTO groups (id, name, displayName, description, roles, tenantId, createdAt, updatedAt) VALUES (?, ?, ?, ?, ?, ?, ?, ?)", [id, group.name, group.displayName ?? null, group.description ?? null, JSON.stringify(group.roles ?? []), group.tenantId ?? null, now, now]);
+        }
+        catch (err) {
+            if (err?.code === "SQLITE_CONSTRAINT_UNIQUE" || err?.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
+                throw new HttpError(409, "A group with this name already exists in this scope");
+            }
+            throw err;
+        }
+        return { id };
+    },
+    async deleteGroup(groupId) {
+        // group_memberships are cascade-deleted via ON DELETE CASCADE (requires PRAGMA foreign_keys = ON)
+        getDb().run("DELETE FROM groups WHERE id = ?", [groupId]);
+    },
+    async getGroup(groupId) {
+        const row = getDb().query("SELECT id, name, displayName, description, roles, tenantId, createdAt, updatedAt FROM groups WHERE id = ?").get(groupId);
+        if (!row)
+            return null;
+        return { ...row, displayName: row.displayName ?? undefined, description: row.description ?? undefined, roles: JSON.parse(row.roles) };
+    },
+    async listGroups(tenantId, opts) {
+        const limit = Math.min(opts?.limit ?? 50, 200);
+        const offset = opts?.offset ?? 0;
+        const db = getDb();
+        const cols = "id, name, displayName, description, roles, tenantId, createdAt, updatedAt";
+        let rows;
+        let total;
+        if (tenantId === null) {
+            rows = db.query(`SELECT ${cols} FROM groups WHERE tenantId IS NULL LIMIT ? OFFSET ?`).all(limit, offset);
+            total = (db.query("SELECT COUNT(*) as c FROM groups WHERE tenantId IS NULL").get()?.c ?? 0);
+        }
+        else {
+            rows = db.query(`SELECT ${cols} FROM groups WHERE tenantId = ? LIMIT ? OFFSET ?`).all(tenantId, limit, offset);
+            total = (db.query("SELECT COUNT(*) as c FROM groups WHERE tenantId = ?").get(tenantId)?.c ?? 0);
+        }
+        const items = rows.map((r) => ({ ...r, displayName: r.displayName ?? undefined, description: r.description ?? undefined, roles: JSON.parse(r.roles) }));
+        return { items, total, limit, offset };
+    },
+    async updateGroup(groupId, updates) {
+        const db = getDb();
+        const now = Date.now();
+        const sets = ["updatedAt = ?"];
+        const params = [now];
+        if (updates.name !== undefined) {
+            sets.push("name = ?");
+            params.push(updates.name);
+        }
+        if ("displayName" in updates) {
+            sets.push("displayName = ?");
+            params.push(updates.displayName ?? null);
+        }
+        if ("description" in updates) {
+            sets.push("description = ?");
+            params.push(updates.description ?? null);
+        }
+        if (updates.roles !== undefined) {
+            sets.push("roles = ?");
+            params.push(JSON.stringify(updates.roles));
+        }
+        params.push(groupId);
+        db.run(`UPDATE groups SET ${sets.join(", ")} WHERE id = ?`, params);
+    },
+    async addGroupMember(groupId, userId, roles = []) {
+        const group = getDb().query("SELECT tenantId FROM groups WHERE id = ?").get(groupId);
+        if (!group)
+            throw new HttpError(404, "Group not found");
+        try {
+            getDb().run("INSERT INTO group_memberships (userId, groupId, roles, tenantId, createdAt) VALUES (?, ?, ?, ?, ?)", [userId, groupId, JSON.stringify(roles), group.tenantId ?? null, Date.now()]);
+        }
+        catch (err) {
+            if (err?.code === "SQLITE_CONSTRAINT_PRIMARYKEY" || err?.code === "SQLITE_CONSTRAINT_UNIQUE") {
+                throw new HttpError(409, "User is already a member of this group");
+            }
+            throw err;
+        }
+    },
+    async updateGroupMembership(groupId, userId, roles) {
+        getDb().run("UPDATE group_memberships SET roles = ? WHERE userId = ? AND groupId = ?", [JSON.stringify(roles), userId, groupId]);
+    },
+    async removeGroupMember(groupId, userId) {
+        getDb().run("DELETE FROM group_memberships WHERE userId = ? AND groupId = ?", [userId, groupId]);
+    },
+    async getGroupMembers(groupId, opts) {
+        const limit = Math.min(opts?.limit ?? 50, 200);
+        const offset = opts?.offset ?? 0;
+        const db = getDb();
+        const rows = db.query("SELECT userId, roles FROM group_memberships WHERE groupId = ? LIMIT ? OFFSET ?").all(groupId, limit, offset);
+        const total = db.query("SELECT COUNT(*) as c FROM group_memberships WHERE groupId = ?").get(groupId)?.c ?? 0;
+        return { items: rows.map((r) => ({ userId: r.userId, roles: JSON.parse(r.roles) })), total, limit, offset };
+    },
+    async getUserGroups(userId, tenantId) {
+        const db = getDb();
+        let memberRows;
+        if (tenantId === null) {
+            memberRows = db.query("SELECT groupId, roles as memberRoles FROM group_memberships WHERE userId = ? AND tenantId IS NULL").all(userId);
+        }
+        else {
+            memberRows = db.query("SELECT groupId, roles as memberRoles FROM group_memberships WHERE userId = ? AND tenantId = ?").all(userId, tenantId);
+        }
+        if (memberRows.length === 0)
+            return [];
+        const result = [];
+        for (const m of memberRows) {
+            const row = db.query("SELECT id, name, displayName, description, roles, tenantId, createdAt, updatedAt FROM groups WHERE id = ?").get(m.groupId);
+            if (row) {
+                result.push({
+                    group: { ...row, displayName: row.displayName ?? undefined, description: row.description ?? undefined, roles: JSON.parse(row.roles) },
+                    membershipRoles: JSON.parse(m.memberRoles),
+                });
+            }
+        }
+        return result;
+    },
+    async getEffectiveRoles(userId, tenantId) {
+        const db = getDb();
+        // Direct roles
+        let direct = [];
+        if (tenantId) {
+            const rows = db.query("SELECT role FROM tenant_roles WHERE userId = ? AND tenantId = ?").all(userId, tenantId);
+            direct = rows.map((r) => r.role);
+        }
+        else {
+            const row = db.query("SELECT roles FROM users WHERE id = ?").get(userId);
+            direct = row ? JSON.parse(row.roles) : [];
+        }
+        let memberRows;
+        if (tenantId === null) {
+            memberRows = db.query("SELECT g.roles as groupRoles, gm.roles as memberRoles FROM group_memberships gm JOIN groups g ON g.id = gm.groupId WHERE gm.userId = ? AND gm.tenantId IS NULL").all(userId);
+        }
+        else {
+            memberRows = db.query("SELECT g.roles as groupRoles, gm.roles as memberRoles FROM group_memberships gm JOIN groups g ON g.id = gm.groupId WHERE gm.userId = ? AND gm.tenantId = ?").all(userId, tenantId);
+        }
+        const groupRoles = memberRows.flatMap((r) => [...JSON.parse(r.groupRoles), ...JSON.parse(r.memberRoles)]);
+        return [...new Set([...direct, ...groupRoles])];
+    },
 };
 import { getPersistSessionMetadata, getIncludeInactiveSessions } from "../lib/appConfig";
 const SESSION_TTL_MS = 60 * 60 * 24 * 7 * 1000; // 7 days
@@ -413,6 +594,13 @@ export const sqliteRotateRefreshToken = (sessionId, newRefreshToken, newAccessTo
     const prevTokenExpiresAt = Date.now() + graceSeconds * 1000;
     getDb().run("UPDATE sessions SET prevRefreshToken = refreshToken, prevTokenExpiresAt = ?, refreshToken = ?, token = ? WHERE sessionId = ?", [prevTokenExpiresAt, newRefreshToken, newAccessToken, sessionId]);
 };
+export const sqliteGetSessionFingerprint = (sessionId) => {
+    const row = getDb().query("SELECT fingerprint FROM sessions WHERE sessionId = ?").get(sessionId);
+    return row?.fingerprint ?? null;
+};
+export const sqliteSetSessionFingerprint = (sessionId, fingerprint) => {
+    getDb().run("UPDATE sessions SET fingerprint = ? WHERE sessionId = ?", [fingerprint, sessionId]);
+};
 // ---------------------------------------------------------------------------
 // OAuth state helpers (used by src/lib/oauth.ts)
 // ---------------------------------------------------------------------------
@@ -475,6 +663,17 @@ export const sqliteConsumeResetToken = (hash) => {
     const row = getDb().query("DELETE FROM password_resets WHERE token = ? AND expiresAt > ? RETURNING userId, email").get(hash, Date.now());
     return row ?? null;
 };
+// ---------------------------------------------------------------------------
+// Account deletion cancel token helpers (used by src/lib/deletionCancelToken.ts)
+// ---------------------------------------------------------------------------
+export const sqliteCreateDeletionCancelToken = (token, userId, jobId, ttlSeconds) => {
+    const expiresAt = Date.now() + ttlSeconds * 1000;
+    getDb().run("INSERT INTO deletion_cancel_tokens (token, userId, jobId, expiresAt) VALUES (?, ?, ?, ?)", [token, userId, jobId, expiresAt]);
+};
+export const sqliteConsumeDeletionCancelToken = (hash) => {
+    const row = getDb().query("DELETE FROM deletion_cancel_tokens WHERE token = ? AND expiresAt > ? RETURNING userId, jobId").get(hash, Date.now());
+    return row ?? null;
+};
 export const sqliteStoreOAuthCode = (hash, payload, ttlSeconds) => {
     const expiresAt = Date.now() + ttlSeconds * 1000;
     getDb().run("INSERT INTO oauth_codes (codeHash, token, userId, email, refreshToken, expiresAt) VALUES (?, ?, ?, ?, ?, ?)", [hash, payload.token, payload.userId, payload.email ?? null, payload.refreshToken ?? null, expiresAt]);

package/dist/app.d.ts

@@ -1,7 +1,8 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
 import type { MiddlewareHandler } from "hono";
-import type { AppEnv } from "./lib/context";
-import type { PrimaryField, EmailVerificationConfig, PasswordResetConfig, PasswordPolicyConfig, RefreshTokenConfig, MfaConfig, MfaEmailOtpConfig, MfaWebAuthnConfig } from "./lib/appConfig";
+import type { AppEnv, ValidationErrorFormatter } from "./lib/context";
+import type { RequestLogEntry, LogLevel } from "./middleware/requestLogger";
+import type { PrimaryField, EmailVerificationConfig, PasswordResetConfig, PasswordPolicyConfig, RefreshTokenConfig, MfaConfig, MfaEmailOtpConfig, MfaWebAuthnConfig, SigningConfig } from "./lib/appConfig";
 import type { AuthAdapter } from "./lib/authAdapter";
 import type { OAuthProviderConfig } from "./lib/oauth";
 type StoreType = "redis" | "mongo" | "sqlite" | "memory";
@@ -204,7 +205,7 @@ export interface AuthSessionPolicyConfig {
      */
     trackLastActive?: boolean;
 }
-export type { PrimaryField, EmailVerificationConfig, PasswordResetConfig, RefreshTokenConfig, MfaConfig, MfaEmailOtpConfig, MfaWebAuthnConfig };
+export type { PrimaryField, EmailVerificationConfig, PasswordResetConfig, RefreshTokenConfig, MfaConfig, MfaEmailOtpConfig, MfaWebAuthnConfig, SigningConfig };
 export interface BotProtectionConfig {
     /**
      * List of IPv4 CIDRs (e.g. "198.51.100.0/24"), IPv4 addresses, or IPv6 addresses to block outright.
@@ -267,6 +268,11 @@ export interface SecurityConfig {
      * Only validates when the auth cookie is present on state-changing requests.
      */
     csrf?: CsrfConfig;
+    /**
+     * Unified HMAC signing for cookies, cursors, presigned URLs, request signing,
+     * idempotency key hashing, and session binding. All features are opt-in.
+     */
+    signing?: SigningConfig;
 }
 export interface ModelSchemasConfig {
     /**
@@ -331,6 +337,77 @@ export interface TenancyConfig {
     /** HTTP status when onResolve returns null. Default: 403. */
     rejectionStatus?: 403 | 404;
 }
+export interface LoggingConfig {
+    /** Enable structured request logging. Default: true. When false, no logger is registered at all. */
+    enabled?: boolean;
+    /** Custom log handler. Default: `console.log(JSON.stringify(entry))`. */
+    onLog?: (entry: RequestLogEntry) => void | Promise<void>;
+    /** Minimum log level to emit. Entries below this level are dropped. */
+    level?: LogLevel;
+    /**
+     * Paths to exclude from logging. Strings use **prefix matching**.
+     * Default: `["/health", "/docs", "/openapi.json"]`.
+     */
+    excludePaths?: (string | RegExp)[];
+    /** HTTP methods to exclude from logging (e.g. `["OPTIONS"]`). */
+    excludeMethods?: string[];
+}
+export interface MetricsConfig {
+    /** Enable the /metrics endpoint. Default: false (must be explicitly enabled). */
+    enabled?: boolean;
+    /**
+     * Auth protection for the /metrics endpoint.
+     * - `"userAuth"` — requires authenticated user session.
+     * - `"none"` — no auth (default — logs a production warning).
+     * - `MiddlewareHandler[]` — custom middleware stack.
+     */
+    auth?: "userAuth" | "none" | MiddlewareHandler<AppEnv>[];
+    /** Paths to exclude from metrics collection. Strings use prefix matching. */
+    excludePaths?: (string | RegExp)[];
+    /** Custom path normalizer to prevent high-cardinality labels. */
+    normalizePath?: (path: string) => string;
+    /** BullMQ queue names to report depth gauges for. */
+    queues?: string[];
+}
+export interface ValidationConfig {
+    /** Custom formatter for Zod validation errors. Receives issues + requestId, returns the JSON body. */
+    formatError?: ValidationErrorFormatter;
+}
+export interface VersioningConfig {
+    /**
+     * Version identifiers in ascending order, e.g. `["v1", "v2"]`.
+     * Each version needs a matching subdirectory under `routesDir` (e.g. `routes/v1/`).
+     */
+    versions: string[];
+    /**
+     * Subdirectory name for routes shared across all versions. Shared route schemas
+     * receive unprefixed names since they are version-agnostic. Default: `"shared"`.
+     * Set `false` to disable shared route discovery.
+     */
+    sharedDir?: string | false;
+    /**
+     * Which version `/docs` and `/openapi.json` redirect to.
+     * Defaults to the last version in the array (i.e. the latest).
+     */
+    defaultVersion?: string;
+}
+export interface PresignedUrlConfig {
+    expirySeconds?: number;
+    path?: string;
+}
+export interface UploadConfig {
+    storage: import("./lib/storageAdapter").StorageAdapter;
+    maxFileSize?: number;
+    maxFiles?: number;
+    allowedMimeTypes?: string[];
+    keyPrefix?: string;
+    generateKey?: (file: File, ctx: {
+        userId?: string;
+        tenantId?: string;
+    }) => string;
+    tenantScopedKeys?: boolean;
+    presignedUrls?: boolean | PresignedUrlConfig;
+}
 export interface CreateAppConfig {
     /** Absolute path to the service's routes directory (use import.meta.dir + "/routes") */
     routesDir: string;
@@ -355,5 +432,25 @@ export interface CreateAppConfig {
     jobs?: JobsConfig;
     /** Multi-tenancy configuration. When set, tenant middleware resolves tenant on each request. */
     tenancy?: TenancyConfig;
+    /**
+     * Groups feature configuration. When set, the groups lib is available.
+     * Set managementRoutes to mount built-in CRUD routes for groups and memberships.
+     */
+    groups?: import("./routes/groups").GroupsConfig;
+    /** Structured request logging configuration. Replaces Hono's built-in text logger. */
+    logging?: LoggingConfig;
+    /** Prometheus-compatible /metrics endpoint. Opt-in. */
+    metrics?: MetricsConfig;
+    /** Zod validation error formatting configuration. */
+    validation?: ValidationConfig;
+    /** File upload configuration. When set, registers storage adapter and upload settings. */
+    upload?: UploadConfig;
+    /**
+     * API versioning configuration. When set, routes are discovered per-version from
+     * subdirectories of `routesDir` (e.g. `routes/v1/`, `routes/v2/`). Each version
+     * gets its own OpenAPI spec at `/{version}/openapi.json` and Scalar docs at
+     * `/{version}/docs`. Root `/docs` becomes a version selector.
+     */
+    versioning?: VersioningConfig;
 }
 export declare const createApp: (config: CreateAppConfig) => Promise<OpenAPIHono<AppEnv>>;