@lastshotlabs/bunshot 0.0.21 → 0.0.27

package/dist/adapters/localStorage.d.ts

@@ -0,0 +1,6 @@
+import type { StorageAdapter } from "../lib/storageAdapter";
+export interface LocalStorageConfig {
+    directory: string;
+    baseUrl?: string;
+}
+export declare const localStorage: (config: LocalStorageConfig) => StorageAdapter;

package/dist/adapters/localStorage.js

@@ -0,0 +1,59 @@
+import { unlink } from "node:fs/promises";
+import { resolve, sep, dirname } from "node:path";
+import { HttpError } from "../lib/HttpError";
+function resolveKey(directory, key) {
+    if (!key || !key.trim())
+        throw new HttpError(400, "Invalid storage key");
+    const normalized = key.replace(/\\/g, "/");
+    if (normalized.startsWith("/") || /^[a-zA-Z]:/.test(normalized) || normalized.startsWith("//")) {
+        throw new HttpError(400, "Invalid storage key");
+    }
+    const root = resolve(directory);
+    const candidate = resolve(root, normalized);
+    if (candidate === root || !candidate.startsWith(root + sep)) {
+        throw new HttpError(400, "Invalid storage key");
+    }
+    return candidate;
+}
+export const localStorage = (config) => ({
+    async put(key, data, _meta) {
+        const filePath = resolveKey(config.directory, key);
+        // Ensure parent directory exists
+        const dir = dirname(filePath);
+        if (dir) {
+            const { mkdir } = await import("node:fs/promises");
+            await mkdir(dir, { recursive: true });
+        }
+        if (data instanceof Blob) {
+            await Bun.write(filePath, data);
+        }
+        else if (data instanceof ReadableStream) {
+            const response = new Response(data);
+            const blob = await response.blob();
+            await Bun.write(filePath, blob);
+        }
+        else {
+            await Bun.write(filePath, data);
+        }
+        const url = config.baseUrl ? `${config.baseUrl.replace(/\/$/, "")}/${key}` : undefined;
+        return { ...(url !== undefined ? { url } : {}) };
+    },
+    async get(key) {
+        const filePath = resolveKey(config.directory, key);
+        const file = Bun.file(filePath);
+        const exists = await file.exists();
+        if (!exists)
+            return null;
+        const stream = file.stream();
+        return { stream, size: file.size };
+    },
+    async delete(key) {
+        const filePath = resolveKey(config.directory, key);
+        try {
+            await unlink(filePath);
+        }
+        catch {
+            // File doesn't exist — ignore
+        }
+    },
+});

package/dist/adapters/memoryAuth.d.ts

@@ -10,6 +10,10 @@ export declare const memoryGetUserSessions: (userId: string) => SessionInfo[];
 export declare const memoryGetActiveSessionCount: (userId: string) => number;
 export declare const memoryEvictOldestSession: (userId: string) => void;
 export declare const memoryUpdateSessionLastActive: (sessionId: string) => void;
+export declare const memoryGetSessionFingerprint: (sessionId: string) => string | null;
+export declare const memorySetSessionFingerprint: (sessionId: string, fingerprint: string) => void;
+export declare const memoryGetMfaVerifiedAt: (sessionId: string) => number | null;
+export declare const memorySetMfaVerifiedAt: (sessionId: string, ts: number) => void;
 export declare const memorySetRefreshToken: (sessionId: string, refreshToken: string) => void;
 import type { RefreshResult } from "../lib/session";
 export declare const memoryGetSessionByRefreshToken: (refreshToken: string) => RefreshResult | null;
@@ -29,6 +33,10 @@ export declare const memoryGetVerificationToken: (token: string) => {
     email: string;
 } | null;
 export declare const memoryDeleteVerificationToken: (token: string) => void;
+export declare const memoryConsumeVerificationToken: (token: string) => {
+    userId: string;
+    email: string;
+} | null;
 export declare const memoryCreateResetToken: (token: string, userId: string, email: string, ttlSeconds: number) => void;
 export declare const memoryConsumeResetToken: (hash: string) => {
     userId: string;
@@ -37,3 +45,8 @@ export declare const memoryConsumeResetToken: (hash: string) => {
 import type { OAuthCodePayload } from "../lib/oauthCode";
 export declare const memoryStoreOAuthCode: (hash: string, payload: OAuthCodePayload, ttlSeconds: number) => void;
 export declare const memoryConsumeOAuthCode: (hash: string) => OAuthCodePayload | null;
+export declare const memoryCreateDeletionCancelToken: (token: string, userId: string, jobId: string, ttlSeconds: number) => void;
+export declare const memoryConsumeDeletionCancelToken: (hash: string) => {
+    userId: string;
+    jobId: string;
+} | null;

package/dist/adapters/memoryAuth.js

@@ -2,6 +2,12 @@ import { HttpError } from "../lib/HttpError";
 import { getPersistSessionMetadata, getIncludeInactiveSessions } from "../lib/appConfig";
 import { clearMemoryRateLimitStore } from "../lib/authRateLimit";
 import { clearMemoryMfaChallenges } from "../lib/mfaChallenge";
+import { clearAuditLogMemoryStore } from "../lib/auditLog";
+import { clearPresenceStore } from "../lib/wsPresence";
+import { clearWsMessageMemoryStore } from "../lib/wsMessages";
+import { clearHeartbeatState } from "../lib/wsHeartbeat";
+import { clearMemoryUploadStore } from "./memoryStorage";
+import { clearUploadRegistry } from "../lib/uploadRegistry";
 const _users = new Map();
 const _byEmail = new Map();
 const _sessions = new Map(); // sessionId → session
@@ -11,8 +17,12 @@ const _oauthStates = new Map();
 const _cache = new Map();
 const _verificationTokens = new Map();
 const _resetTokens = new Map();
+const _cancelTokens = new Map();
 const _oauthCodes = new Map();
 const _tenantRoles = new Map(); // "userId:tenantId" → roles
+const _groups = new Map(); // groupId → GroupRecord
+const _groupMemberships = new Map();
+const _m2mClients = new Map();
 /** Reset all in-memory state. Useful for test isolation. */
 export const clearMemoryStore = () => {
     _users.clear();
@@ -21,13 +31,23 @@ export const clearMemoryStore = () => {
     _userSessionIds.clear();
     _refreshTokenIndex.clear();
     _tenantRoles.clear();
+    _groups.clear();
+    _groupMemberships.clear();
     _oauthStates.clear();
     _oauthCodes.clear();
     _cache.clear();
     _verificationTokens.clear();
     _resetTokens.clear();
+    _cancelTokens.clear();
+    _m2mClients.clear();
     clearMemoryRateLimitStore();
     clearMemoryMfaChallenges();
+    clearAuditLogMemoryStore();
+    clearPresenceStore();
+    clearWsMessageMemoryStore();
+    clearHeartbeatState();
+    clearMemoryUploadStore();
+    clearUploadRegistry();
 };
 // ---------------------------------------------------------------------------
 // Auth adapter
@@ -47,7 +67,7 @@ export const memoryAuthAdapter = {
         if (_byEmail.has(normalised))
             throw new HttpError(409, "Email already registered");
         const id = crypto.randomUUID();
-        const user = { id, email: normalised, passwordHash, providerIds: [], roles: [], emailVerified: false, mfaSecret: null, mfaEnabled: false, recoveryCodes: [], mfaMethods: [], webauthnCredentials: [] };
+        const user = { id, email: normalised, passwordHash, providerIds: [], roles: [], emailVerified: false, mfaSecret: null, mfaEnabled: false, recoveryCodes: [], mfaMethods: [], webauthnCredentials: [], suspended: false };
         _users.set(id, user);
         _byEmail.set(normalised, id);
         return { id };
@@ -73,7 +93,7 @@ export const memoryAuthAdapter = {
         }
         const id = crypto.randomUUID();
         const email = profile.email ? profile.email.toLowerCase() : null;
-        const user = { id, email, passwordHash: null, providerIds: [key], roles: [], emailVerified: false, mfaSecret: null, mfaEnabled: false, recoveryCodes: [], mfaMethods: [], webauthnCredentials: [] };
+        const user = { id, email, passwordHash: null, providerIds: [key], roles: [], emailVerified: false, mfaSecret: null, mfaEnabled: false, recoveryCodes: [], mfaMethods: [], webauthnCredentials: [], suspended: false };
         _users.set(id, user);
         if (email)
             _byEmail.set(email, id);
@@ -117,6 +137,12 @@ export const memoryAuthAdapter = {
             email: user.email ?? undefined,
             providerIds: [...user.providerIds],
             emailVerified: user.emailVerified,
+            displayName: user.displayName,
+            firstName: user.firstName,
+            lastName: user.lastName,
+            externalId: user.externalId,
+            suspended: user.suspended,
+            suspendedReason: user.suspendedReason,
         };
     },
     async unlinkProvider(userId, provider) {
@@ -242,6 +268,194 @@ export const memoryAuthAdapter = {
             _tenantRoles.set(key, current.filter((r) => r !== role));
         }
     },
+    async setSuspended(userId, suspended, reason) {
+        const user = _users.get(userId);
+        if (!user)
+            return;
+        user.suspended = suspended;
+        if (suspended) {
+            user.suspendedAt = new Date();
+            user.suspendedReason = reason;
+        }
+        else {
+            user.suspendedAt = undefined;
+            user.suspendedReason = undefined;
+        }
+    },
+    async getSuspended(userId) {
+        const user = _users.get(userId);
+        if (!user)
+            return null;
+        return { suspended: user.suspended, suspendedReason: user.suspendedReason };
+    },
+    async updateProfile(userId, fields) {
+        const user = _users.get(userId);
+        if (!user)
+            return;
+        if ("displayName" in fields)
+            user.displayName = fields.displayName;
+        if ("firstName" in fields)
+            user.firstName = fields.firstName;
+        if ("lastName" in fields)
+            user.lastName = fields.lastName;
+        if ("externalId" in fields)
+            user.externalId = fields.externalId;
+    },
+    async listUsers(query) {
+        let users = [..._users.values()];
+        if (query.email !== undefined)
+            users = users.filter((u) => u.email === query.email);
+        if (query.externalId !== undefined)
+            users = users.filter((u) => u.externalId === query.externalId);
+        if (query.suspended !== undefined)
+            users = users.filter((u) => u.suspended === query.suspended);
+        const totalResults = users.length;
+        const startIndex = query.startIndex ?? 0;
+        const count = query.count ?? 100;
+        const page = users.slice(startIndex, startIndex + count);
+        return {
+            users: page.map((u) => ({
+                id: u.id,
+                email: u.email ?? undefined,
+                displayName: u.displayName,
+                firstName: u.firstName,
+                lastName: u.lastName,
+                externalId: u.externalId,
+                suspended: u.suspended,
+                suspendedAt: u.suspendedAt,
+                suspendedReason: u.suspendedReason,
+                emailVerified: u.emailVerified,
+                providerIds: [...u.providerIds],
+            })),
+            totalResults,
+        };
+    },
+    // ---------------------------------------------------------------------------
+    // Groups
+    // ---------------------------------------------------------------------------
+    async createGroup(group) {
+        // Enforce name uniqueness within scope (null = app-wide, string = tenant-scoped)
+        for (const g of _groups.values()) {
+            if (g.name === group.name && g.tenantId === group.tenantId) {
+                throw new HttpError(409, "A group with this name already exists in this scope");
+            }
+        }
+        const id = crypto.randomUUID();
+        const now = Date.now();
+        _groups.set(id, { ...group, id, createdAt: now, updatedAt: now });
+        return { id };
+    },
+    async deleteGroup(groupId) {
+        _groups.delete(groupId);
+        // Cascade: remove all memberships for this group
+        for (const [userId, memberships] of _groupMemberships) {
+            const filtered = memberships.filter((m) => m.groupId !== groupId);
+            if (filtered.length !== memberships.length) {
+                _groupMemberships.set(userId, filtered);
+            }
+        }
+    },
+    async getGroup(groupId) {
+        return _groups.get(groupId) ?? null;
+    },
+    async listGroups(tenantId, opts) {
+        const limit = Math.min(opts?.limit ?? 50, 200);
+        const offset = opts?.offset ?? 0;
+        const all = [..._groups.values()].filter((g) => g.tenantId === tenantId);
+        return { items: all.slice(offset, offset + limit), total: all.length, limit, offset };
+    },
+    async updateGroup(groupId, updates) {
+        const group = _groups.get(groupId);
+        if (!group)
+            return;
+        const now = Date.now();
+        _groups.set(groupId, { ...group, ...updates, id: group.id, tenantId: group.tenantId, createdAt: group.createdAt, updatedAt: now });
+    },
+    async addGroupMember(groupId, userId, roles = []) {
+        const group = _groups.get(groupId);
+        if (!group)
+            throw new HttpError(404, "Group not found");
+        const existing = _groupMemberships.get(userId) ?? [];
+        if (existing.some((m) => m.groupId === groupId)) {
+            throw new HttpError(409, "User is already a member of this group");
+        }
+        _groupMemberships.set(userId, [...existing, {
+                groupId, roles: [...roles], tenantId: group.tenantId, createdAt: Date.now(),
+            }]);
+    },
+    async updateGroupMembership(groupId, userId, roles) {
+        const memberships = _groupMemberships.get(userId);
+        if (!memberships)
+            return;
+        const idx = memberships.findIndex((m) => m.groupId === groupId);
+        if (idx === -1)
+            return;
+        memberships[idx] = { ...memberships[idx], roles: [...roles] };
+    },
+    async removeGroupMember(groupId, userId) {
+        const memberships = _groupMemberships.get(userId);
+        if (!memberships)
+            return;
+        _groupMemberships.set(userId, memberships.filter((m) => m.groupId !== groupId));
+    },
+    async getGroupMembers(groupId, opts) {
+        const limit = Math.min(opts?.limit ?? 50, 200);
+        const offset = opts?.offset ?? 0;
+        const all = [];
+        for (const [userId, memberships] of _groupMemberships) {
+            const m = memberships.find((m) => m.groupId === groupId);
+            if (m)
+                all.push({ userId, roles: [...m.roles] });
+        }
+        return { items: all.slice(offset, offset + limit), total: all.length, limit, offset };
+    },
+    async getUserGroups(userId, tenantId) {
+        const memberships = (_groupMemberships.get(userId) ?? []).filter((m) => m.tenantId === tenantId);
+        const result = [];
+        for (const m of memberships) {
+            const group = _groups.get(m.groupId);
+            if (group)
+                result.push({ group: { ...group }, membershipRoles: [...m.roles] });
+        }
+        return result;
+    },
+    async getEffectiveRoles(userId, tenantId) {
+        const direct = tenantId
+            ? (_tenantRoles.get(`${userId}:${tenantId}`) ?? [])
+            : (_users.get(userId)?.roles ?? []);
+        const memberships = (_groupMemberships.get(userId) ?? []).filter((m) => m.tenantId === tenantId);
+        const groupRoles = memberships.flatMap((m) => [
+            ...(_groups.get(m.groupId)?.roles ?? []),
+            ...m.roles,
+        ]);
+        return [...new Set([...direct, ...groupRoles])];
+    },
+    // ---------------------------------------------------------------------------
+    // M2M client credentials
+    // ---------------------------------------------------------------------------
+    async getM2MClient(clientId) {
+        for (const c of _m2mClients.values()) {
+            if (c.clientId === clientId && c.active)
+                return { ...c };
+        }
+        return null;
+    },
+    async createM2MClient(data) {
+        const id = crypto.randomUUID();
+        _m2mClients.set(id, { id, ...data, active: true });
+        return { id };
+    },
+    async deleteM2MClient(clientId) {
+        for (const [key, c] of _m2mClients.entries()) {
+            if (c.clientId === clientId) {
+                _m2mClients.delete(key);
+                return;
+            }
+        }
+    },
+    async listM2MClients() {
+        return Array.from(_m2mClients.values()).map(({ clientSecretHash: _, ...rest }) => rest);
+    },
 };
 // ---------------------------------------------------------------------------
 // Session helpers (used by src/lib/session.ts)
@@ -349,6 +563,22 @@ export const memoryUpdateSessionLastActive = (sessionId) => {
     if (entry)
         entry.lastActiveAt = Date.now();
 };
+export const memoryGetSessionFingerprint = (sessionId) => {
+    return _sessions.get(sessionId)?.fingerprint ?? null;
+};
+export const memorySetSessionFingerprint = (sessionId, fingerprint) => {
+    const entry = _sessions.get(sessionId);
+    if (entry)
+        entry.fingerprint = fingerprint;
+};
+export const memoryGetMfaVerifiedAt = (sessionId) => {
+    return _sessions.get(sessionId)?.mfaVerifiedAt ?? null;
+};
+export const memorySetMfaVerifiedAt = (sessionId, ts) => {
+    const entry = _sessions.get(sessionId);
+    if (entry)
+        entry.mfaVerifiedAt = ts;
+};
 export const memorySetRefreshToken = (sessionId, refreshToken) => {
     const entry = _sessions.get(sessionId);
     if (!entry)
@@ -455,6 +685,15 @@ export const memoryGetVerificationToken = (token) => {
 export const memoryDeleteVerificationToken = (token) => {
     _verificationTokens.delete(token);
 };
+export const memoryConsumeVerificationToken = (token) => {
+    const entry = _verificationTokens.get(token);
+    if (!entry || entry.expiresAt <= Date.now()) {
+        _verificationTokens.delete(token);
+        return null;
+    }
+    _verificationTokens.delete(token);
+    return { userId: entry.userId, email: entry.email };
+};
 // ---------------------------------------------------------------------------
 // Password reset token helpers (used by src/lib/resetPassword.ts)
 // ---------------------------------------------------------------------------
@@ -488,3 +727,23 @@ export const memoryConsumeOAuthCode = (hash) => {
     _oauthCodes.delete(hash);
     return { token: entry.token, userId: entry.userId, email: entry.email, refreshToken: entry.refreshToken };
 };
+// ---------------------------------------------------------------------------
+// Account deletion cancel token helpers (used by src/lib/deletionCancelToken.ts)
+// ---------------------------------------------------------------------------
+export const memoryCreateDeletionCancelToken = (token, userId, jobId, ttlSeconds) => {
+    const now = Date.now();
+    for (const [k, v] of _cancelTokens) {
+        if (v.expiresAt <= now)
+            _cancelTokens.delete(k);
+    }
+    _cancelTokens.set(token, { userId, jobId, expiresAt: now + ttlSeconds * 1000 });
+};
+export const memoryConsumeDeletionCancelToken = (hash) => {
+    const entry = _cancelTokens.get(hash);
+    if (!entry || entry.expiresAt <= Date.now()) {
+        _cancelTokens.delete(hash);
+        return null;
+    }
+    _cancelTokens.delete(hash);
+    return { userId: entry.userId, jobId: entry.jobId };
+};

package/dist/adapters/memoryStorage.d.ts

@@ -0,0 +1,3 @@
+import type { StorageAdapter } from "../lib/storageAdapter";
+export declare const clearMemoryUploadStore: () => void;
+export declare const memoryStorage: () => StorageAdapter;

package/dist/adapters/memoryStorage.js

@@ -0,0 +1,44 @@
+const _store = new Map();
+export const clearMemoryUploadStore = () => {
+    _store.clear();
+};
+export const memoryStorage = () => ({
+    async put(key, data, meta) {
+        let buf;
+        if (data instanceof Blob) {
+            buf = Buffer.from(await data.arrayBuffer());
+        }
+        else if (data instanceof ReadableStream) {
+            const chunks = [];
+            const reader = data.getReader();
+            while (true) {
+                const { done, value } = await reader.read();
+                if (done)
+                    break;
+                if (value)
+                    chunks.push(value);
+            }
+            buf = Buffer.concat(chunks);
+        }
+        else {
+            buf = data;
+        }
+        _store.set(key, { data: buf, mimeType: meta.mimeType, size: meta.size });
+        return {};
+    },
+    async get(key) {
+        const entry = _store.get(key);
+        if (!entry)
+            return null;
+        const stream = new ReadableStream({
+            start(controller) {
+                controller.enqueue(entry.data);
+                controller.close();
+            },
+        });
+        return { stream, mimeType: entry.mimeType, size: entry.size };
+    },
+    async delete(key) {
+        _store.delete(key);
+    },
+});