@lastshotlabs/bunshot 0.0.6 → 0.0.7

package/dist/adapters/memoryAuth.js

@@ -0,0 +1,207 @@
+import { HttpError } from "../lib/HttpError";
+const _users = new Map();
+const _byEmail = new Map();
+const _sessions = new Map();
+const _oauthStates = new Map();
+const _cache = new Map();
+const _verificationTokens = new Map();
+/** Reset all in-memory state. Useful for test isolation. */
+export const clearMemoryStore = () => {
+    _users.clear();
+    _byEmail.clear();
+    _sessions.clear();
+    _oauthStates.clear();
+    _cache.clear();
+    _verificationTokens.clear();
+};
+// ---------------------------------------------------------------------------
+// Auth adapter
+// ---------------------------------------------------------------------------
+export const memoryAuthAdapter = {
+    async findByEmail(email) {
+        const id = _byEmail.get(email.toLowerCase());
+        if (!id)
+            return null;
+        const user = _users.get(id);
+        if (!user || !user.passwordHash)
+            return null;
+        return { id: user.id, passwordHash: user.passwordHash };
+    },
+    async create(email, passwordHash) {
+        const normalised = email.toLowerCase();
+        if (_byEmail.has(normalised))
+            throw new HttpError(409, "Email already registered");
+        const id = crypto.randomUUID();
+        const user = { id, email: normalised, passwordHash, providerIds: [], roles: [], emailVerified: false };
+        _users.set(id, user);
+        _byEmail.set(normalised, id);
+        return { id };
+    },
+    async setPassword(userId, passwordHash) {
+        const user = _users.get(userId);
+        if (!user)
+            return;
+        user.passwordHash = passwordHash;
+    },
+    async findOrCreateByProvider(provider, providerId, profile) {
+        const key = `${provider}:${providerId}`;
+        // Find by provider key
+        for (const user of _users.values()) {
+            if (user.providerIds.includes(key))
+                return { id: user.id, created: false };
+        }
+        // Reject if email belongs to a credential account
+        if (profile.email) {
+            const existingId = _byEmail.get(profile.email.toLowerCase());
+            if (existingId)
+                throw new HttpError(409, "An account with this email already exists. Sign in with your credentials, then link Google from your account settings.");
+        }
+        const id = crypto.randomUUID();
+        const email = profile.email ? profile.email.toLowerCase() : null;
+        const user = { id, email, passwordHash: null, providerIds: [key], roles: [], emailVerified: false };
+        _users.set(id, user);
+        if (email)
+            _byEmail.set(email, id);
+        return { id, created: true };
+    },
+    async linkProvider(userId, provider, providerId) {
+        const user = _users.get(userId);
+        if (!user)
+            throw new HttpError(404, "User not found");
+        const key = `${provider}:${providerId}`;
+        if (!user.providerIds.includes(key))
+            user.providerIds.push(key);
+    },
+    async getRoles(userId) {
+        return _users.get(userId)?.roles ?? [];
+    },
+    async setRoles(userId, roles) {
+        const user = _users.get(userId);
+        if (!user)
+            return;
+        user.roles = [...roles];
+    },
+    async addRole(userId, role) {
+        const user = _users.get(userId);
+        if (!user)
+            return;
+        if (!user.roles.includes(role))
+            user.roles.push(role);
+    },
+    async removeRole(userId, role) {
+        const user = _users.get(userId);
+        if (!user)
+            return;
+        user.roles = user.roles.filter((r) => r !== role);
+    },
+    async getUser(userId) {
+        const user = _users.get(userId);
+        if (!user)
+            return null;
+        return {
+            email: user.email ?? undefined,
+            providerIds: [...user.providerIds],
+            emailVerified: user.emailVerified,
+        };
+    },
+    async unlinkProvider(userId, provider) {
+        const user = _users.get(userId);
+        if (!user)
+            throw new HttpError(404, "User not found");
+        user.providerIds = user.providerIds.filter((id) => !id.startsWith(`${provider}:`));
+    },
+    async findByIdentifier(value) {
+        const id = _byEmail.get(value.toLowerCase());
+        if (!id)
+            return null;
+        const user = _users.get(id);
+        if (!user || !user.passwordHash)
+            return null;
+        return { id: user.id, passwordHash: user.passwordHash };
+    },
+    async setEmailVerified(userId, verified) {
+        const user = _users.get(userId);
+        if (user)
+            user.emailVerified = verified;
+    },
+    async getEmailVerified(userId) {
+        return _users.get(userId)?.emailVerified ?? false;
+    },
+};
+// ---------------------------------------------------------------------------
+// Session helpers (used by src/lib/session.ts)
+// ---------------------------------------------------------------------------
+const SESSION_TTL_MS = 60 * 60 * 24 * 7 * 1000; // 7 days
+export const memoryCreateSession = (userId, token) => {
+    _sessions.set(userId, { token, expiresAt: Date.now() + SESSION_TTL_MS });
+};
+export const memoryGetSession = (userId) => {
+    const entry = _sessions.get(userId);
+    if (!entry || entry.expiresAt <= Date.now())
+        return null;
+    return entry.token;
+};
+export const memoryDeleteSession = (userId) => {
+    _sessions.delete(userId);
+};
+// ---------------------------------------------------------------------------
+// OAuth state helpers (used by src/lib/oauth.ts)
+// ---------------------------------------------------------------------------
+const OAUTH_STATE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+export const memoryStoreOAuthState = (state, codeVerifier, linkUserId) => {
+    _oauthStates.set(state, { codeVerifier, linkUserId, expiresAt: Date.now() + OAUTH_STATE_TTL_MS });
+};
+export const memoryConsumeOAuthState = (state) => {
+    const entry = _oauthStates.get(state);
+    if (!entry || entry.expiresAt <= Date.now()) {
+        _oauthStates.delete(state);
+        return null;
+    }
+    _oauthStates.delete(state);
+    return { codeVerifier: entry.codeVerifier, linkUserId: entry.linkUserId };
+};
+// ---------------------------------------------------------------------------
+// Cache helpers (used by src/middleware/cacheResponse.ts)
+// ---------------------------------------------------------------------------
+export const memoryGetCache = (key) => {
+    const entry = _cache.get(key);
+    if (!entry)
+        return null;
+    if (entry.expiresAt !== undefined && entry.expiresAt <= Date.now()) {
+        _cache.delete(key);
+        return null;
+    }
+    return entry.value;
+};
+export const memorySetCache = (key, value, ttlSeconds) => {
+    const expiresAt = ttlSeconds ? Date.now() + ttlSeconds * 1000 : undefined;
+    _cache.set(key, { value, expiresAt });
+};
+export const memoryDelCache = (key) => {
+    _cache.delete(key);
+};
+export const memoryDelCachePattern = (pattern) => {
+    // Convert glob * to a regex
+    const regex = new RegExp("^" + pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*/g, ".*") + "$");
+    for (const key of _cache.keys()) {
+        if (regex.test(key))
+            _cache.delete(key);
+    }
+};
+// ---------------------------------------------------------------------------
+// Email verification token helpers (used by src/lib/emailVerification.ts)
+// ---------------------------------------------------------------------------
+export const memoryCreateVerificationToken = (token, userId, email, ttlSeconds) => {
+    _verificationTokens.set(token, { userId, email, expiresAt: Date.now() + ttlSeconds * 1000 });
+};
+export const memoryGetVerificationToken = (token) => {
+    const entry = _verificationTokens.get(token);
+    if (!entry || entry.expiresAt <= Date.now()) {
+        _verificationTokens.delete(token);
+        return null;
+    }
+    return { userId: entry.userId, email: entry.email };
+};
+export const memoryDeleteVerificationToken = (token) => {
+    _verificationTokens.delete(token);
+};

package/dist/adapters/mongoAuth.js

@@ -0,0 +1,93 @@
+import { AuthUser } from "../models/AuthUser";
+import { HttpError } from "../lib/HttpError";
+export const mongoAuthAdapter = {
+    async findByEmail(email) {
+        const user = await AuthUser.findOne({ email });
+        if (!user)
+            return null;
+        return { id: String(user._id), passwordHash: user.password };
+    },
+    async create(email, passwordHash) {
+        try {
+            const user = await AuthUser.create({ email, password: passwordHash });
+            return { id: String(user._id) };
+        }
+        catch (err) {
+            if (err?.code === 11000)
+                throw new HttpError(409, "Email already registered");
+            throw err;
+        }
+    },
+    async setPassword(userId, passwordHash) {
+        await AuthUser.findByIdAndUpdate(userId, { password: passwordHash });
+    },
+    async findOrCreateByProvider(provider, providerId, profile) {
+        const key = `${provider}:${providerId}`;
+        // Find by provider key
+        let user = await AuthUser.findOne({ providerIds: key });
+        if (user)
+            return { id: String(user._id), created: false };
+        // Reject if the email belongs to a credential account — user must link manually
+        if (profile.email) {
+            const existing = await AuthUser.findOne({ email: profile.email });
+            if (existing)
+                throw new HttpError(409, "An account with this email already exists. Sign in with your credentials, then link Google from your account settings.");
+        }
+        // Create new user
+        user = await AuthUser.create({ email: profile.email, providerIds: [key] });
+        return { id: String(user._id), created: true };
+    },
+    async linkProvider(userId, provider, providerId) {
+        const key = `${provider}:${providerId}`;
+        const user = await AuthUser.findById(userId);
+        if (!user)
+            throw new HttpError(404, "User not found");
+        if (!user.providerIds.includes(key)) {
+            user.providerIds = [...user.providerIds, key];
+            await user.save();
+        }
+    },
+    async getRoles(userId) {
+        const user = await AuthUser.findById(userId, "roles").lean();
+        return user?.roles ?? [];
+    },
+    async setRoles(userId, roles) {
+        await AuthUser.findByIdAndUpdate(userId, { roles });
+    },
+    async addRole(userId, role) {
+        await AuthUser.findByIdAndUpdate(userId, { $addToSet: { roles: role } });
+    },
+    async removeRole(userId, role) {
+        await AuthUser.findByIdAndUpdate(userId, { $pull: { roles: role } });
+    },
+    async getUser(userId) {
+        const user = await AuthUser.findById(userId, "email providerIds emailVerified").lean();
+        if (!user)
+            return null;
+        return {
+            email: user.email,
+            providerIds: user.providerIds,
+            emailVerified: user.emailVerified ?? false,
+        };
+    },
+    async unlinkProvider(userId, provider) {
+        const user = await AuthUser.findById(userId);
+        if (!user)
+            throw new HttpError(404, "User not found");
+        user.providerIds = user.providerIds.filter((id) => !id.startsWith(`${provider}:`));
+        await user.save();
+    },
+    async findByIdentifier(value) {
+        const user = await AuthUser.findOne({ email: value });
+        if (!user)
+            return null;
+        return { id: String(user._id), passwordHash: user.password };
+    },
+    async setEmailVerified(userId, verified) {
+        await AuthUser.findByIdAndUpdate(userId, { emailVerified: verified });
+    },
+    async getEmailVerified(userId) {
+        const user = await AuthUser.findById(userId, "emailVerified").lean();
+        return user?.emailVerified ?? false;
+    },
+};

package/dist/adapters/sqliteAuth.js

@@ -0,0 +1,242 @@
+import { Database } from "bun:sqlite";
+import { HttpError } from "../lib/HttpError";
+// ---------------------------------------------------------------------------
+// DB singleton — call setSqliteDb(path) once at startup
+// ---------------------------------------------------------------------------
+let _db = null;
+export const setSqliteDb = (path) => {
+    _db = new Database(path, { create: true });
+    _db.run("PRAGMA journal_mode = WAL");
+    _db.run("PRAGMA foreign_keys = ON");
+    initSchema(_db);
+};
+function getDb() {
+    if (!_db)
+        throw new Error("SQLite not initialized — call setSqliteDb(path) before using sqliteAuthAdapter or sessionStore: 'sqlite'");
+    return _db;
+}
+// ---------------------------------------------------------------------------
+// Schema
+// ---------------------------------------------------------------------------
+function initSchema(db) {
+    db.run(`CREATE TABLE IF NOT EXISTS users (
+    id            TEXT PRIMARY KEY,
+    email         TEXT UNIQUE,
+    passwordHash  TEXT,
+    providerIds   TEXT NOT NULL DEFAULT '[]',
+    roles         TEXT NOT NULL DEFAULT '[]',
+    emailVerified INTEGER NOT NULL DEFAULT 0
+  )`);
+    // Add emailVerified to pre-existing databases that lack the column
+    try {
+        db.run("ALTER TABLE users ADD COLUMN emailVerified INTEGER NOT NULL DEFAULT 0");
+    }
+    catch { /* already exists */ }
+    db.run(`CREATE TABLE IF NOT EXISTS sessions (
+    userId    TEXT PRIMARY KEY,
+    token     TEXT NOT NULL,
+    expiresAt INTEGER NOT NULL
+  )`);
+    db.run(`CREATE TABLE IF NOT EXISTS oauth_states (
+    state        TEXT PRIMARY KEY,
+    codeVerifier TEXT,
+    linkUserId   TEXT,
+    expiresAt    INTEGER NOT NULL
+  )`);
+    db.run(`CREATE TABLE IF NOT EXISTS cache_entries (
+    key       TEXT PRIMARY KEY,
+    value     TEXT NOT NULL,
+    expiresAt INTEGER  -- NULL = indefinite
+  )`);
+    db.run(`CREATE TABLE IF NOT EXISTS email_verifications (
+    token     TEXT PRIMARY KEY,
+    userId    TEXT NOT NULL,
+    email     TEXT NOT NULL,
+    expiresAt INTEGER NOT NULL
+  )`);
+}
+// ---------------------------------------------------------------------------
+// Auth adapter
+// ---------------------------------------------------------------------------
+export const sqliteAuthAdapter = {
+    async findByEmail(email) {
+        const row = getDb().query("SELECT id, passwordHash FROM users WHERE email = ?").get(email);
+        return row ?? null;
+    },
+    async create(email, passwordHash) {
+        const id = crypto.randomUUID();
+        try {
+            getDb().run("INSERT INTO users (id, email, passwordHash) VALUES (?, ?, ?)", [id, email, passwordHash]);
+            return { id };
+        }
+        catch (err) {
+            if (err?.code === "SQLITE_CONSTRAINT_UNIQUE")
+                throw new HttpError(409, "Email already registered");
+            throw err;
+        }
+    },
+    async setPassword(userId, passwordHash) {
+        getDb().run("UPDATE users SET passwordHash = ? WHERE id = ?", [passwordHash, userId]);
+    },
+    async findOrCreateByProvider(provider, providerId, profile) {
+        const key = `${provider}:${providerId}`;
+        const db = getDb();
+        // Find by provider key using json_each
+        const existing = db.query("SELECT u.id FROM users u, json_each(u.providerIds) p WHERE p.value = ?").get(key);
+        if (existing)
+            return { id: existing.id, created: false };
+        // Reject if email belongs to a credential account
+        if (profile.email) {
+            const emailUser = db.query("SELECT id FROM users WHERE email = ?").get(profile.email);
+            if (emailUser)
+                throw new HttpError(409, "An account with this email already exists. Sign in with your credentials, then link Google from your account settings.");
+        }
+        const id = crypto.randomUUID();
+        db.run("INSERT INTO users (id, email, providerIds) VALUES (?, ?, ?)", [id, profile.email ?? null, JSON.stringify([key])]);
+        return { id, created: true };
+    },
+    async linkProvider(userId, provider, providerId) {
+        const key = `${provider}:${providerId}`;
+        const db = getDb();
+        const row = db.query("SELECT id, providerIds FROM users WHERE id = ?").get(userId);
+        if (!row)
+            throw new HttpError(404, "User not found");
+        const ids = JSON.parse(row.providerIds);
+        if (!ids.includes(key)) {
+            db.run("UPDATE users SET providerIds = ? WHERE id = ?", [JSON.stringify([...ids, key]), userId]);
+        }
+    },
+    async getRoles(userId) {
+        const row = getDb().query("SELECT roles FROM users WHERE id = ?").get(userId);
+        return row ? JSON.parse(row.roles) : [];
+    },
+    async setRoles(userId, roles) {
+        getDb().run("UPDATE users SET roles = ? WHERE id = ?", [JSON.stringify(roles), userId]);
+    },
+    async addRole(userId, role) {
+        const db = getDb();
+        const row = db.query("SELECT roles FROM users WHERE id = ?").get(userId);
+        if (!row)
+            return;
+        const roles = JSON.parse(row.roles);
+        if (!roles.includes(role)) {
+            db.run("UPDATE users SET roles = ? WHERE id = ?", [JSON.stringify([...roles, role]), userId]);
+        }
+    },
+    async removeRole(userId, role) {
+        const db = getDb();
+        const row = db.query("SELECT roles FROM users WHERE id = ?").get(userId);
+        if (!row)
+            return;
+        const roles = JSON.parse(row.roles);
+        db.run("UPDATE users SET roles = ? WHERE id = ?", [JSON.stringify(roles.filter((r) => r !== role)), userId]);
+    },
+    async getUser(userId) {
+        const row = getDb().query("SELECT email, providerIds, emailVerified FROM users WHERE id = ?").get(userId);
+        if (!row)
+            return null;
+        return {
+            email: row.email ?? undefined,
+            providerIds: JSON.parse(row.providerIds),
+            emailVerified: row.emailVerified === 1,
+        };
+    },
+    async unlinkProvider(userId, provider) {
+        const db = getDb();
+        const row = db.query("SELECT providerIds FROM users WHERE id = ?").get(userId);
+        if (!row)
+            throw new HttpError(404, "User not found");
+        const ids = JSON.parse(row.providerIds);
+        db.run("UPDATE users SET providerIds = ? WHERE id = ?", [JSON.stringify(ids.filter((id) => !id.startsWith(`${provider}:`))), userId]);
+    },
+    async findByIdentifier(value) {
+        const row = getDb().query("SELECT id, passwordHash FROM users WHERE email = ?").get(value);
+        return row ?? null;
+    },
+    async setEmailVerified(userId, verified) {
+        getDb().run("UPDATE users SET emailVerified = ? WHERE id = ?", [verified ? 1 : 0, userId]);
+    },
+    async getEmailVerified(userId) {
+        const row = getDb().query("SELECT emailVerified FROM users WHERE id = ?").get(userId);
+        return row?.emailVerified === 1;
+    },
+};
+// ---------------------------------------------------------------------------
+// Session helpers (used by src/lib/session.ts)
+// ---------------------------------------------------------------------------
+const SESSION_TTL_MS = 60 * 60 * 24 * 7 * 1000; // 7 days
+export const sqliteCreateSession = (userId, token) => {
+    const expiresAt = Date.now() + SESSION_TTL_MS;
+    getDb().run("INSERT INTO sessions (userId, token, expiresAt) VALUES (?, ?, ?) ON CONFLICT(userId) DO UPDATE SET token = excluded.token, expiresAt = excluded.expiresAt", [userId, token, expiresAt]);
+};
+export const sqliteGetSession = (userId) => {
+    const row = getDb().query("SELECT token FROM sessions WHERE userId = ? AND expiresAt > ?").get(userId, Date.now());
+    return row?.token ?? null;
+};
+export const sqliteDeleteSession = (userId) => {
+    getDb().run("DELETE FROM sessions WHERE userId = ?", [userId]);
+};
+// ---------------------------------------------------------------------------
+// OAuth state helpers (used by src/lib/oauth.ts)
+// ---------------------------------------------------------------------------
+const OAUTH_STATE_TTL_MS = 5 * 60 * 1000; // 5 minutes
+export const sqliteStoreOAuthState = (state, codeVerifier, linkUserId) => {
+    const expiresAt = Date.now() + OAUTH_STATE_TTL_MS;
+    getDb().run("INSERT INTO oauth_states (state, codeVerifier, linkUserId, expiresAt) VALUES (?, ?, ?, ?)", [state, codeVerifier ?? null, linkUserId ?? null, expiresAt]);
+};
+export const sqliteConsumeOAuthState = (state) => {
+    const row = getDb().query("DELETE FROM oauth_states WHERE state = ? AND expiresAt > ? RETURNING codeVerifier, linkUserId").get(state, Date.now());
+    if (!row)
+        return null;
+    return {
+        codeVerifier: row.codeVerifier ?? undefined,
+        linkUserId: row.linkUserId ?? undefined,
+    };
+};
+// ---------------------------------------------------------------------------
+// Cache helpers (used by src/middleware/cacheResponse.ts)
+// ---------------------------------------------------------------------------
+export const isSqliteReady = () => _db !== null;
+export const sqliteGetCache = (key) => {
+    const row = getDb().query("SELECT value FROM cache_entries WHERE key = ? AND (expiresAt IS NULL OR expiresAt > ?)").get(key, Date.now());
+    return row?.value ?? null;
+};
+export const sqliteSetCache = (key, value, ttlSeconds) => {
+    const expiresAt = ttlSeconds ? Date.now() + ttlSeconds * 1000 : null;
+    getDb().run("INSERT INTO cache_entries (key, value, expiresAt) VALUES (?, ?, ?) ON CONFLICT(key) DO UPDATE SET value = excluded.value, expiresAt = excluded.expiresAt", [key, value, expiresAt]);
+};
+export const sqliteDelCache = (key) => {
+    getDb().run("DELETE FROM cache_entries WHERE key = ?", [key]);
+};
+export const sqliteDelCachePattern = (pattern) => {
+    // Convert glob pattern (* wildcard) to a SQL LIKE pattern (% wildcard)
+    const likePattern = pattern.replace(/%/g, "\\%").replace(/_/g, "\\_").replace(/\*/g, "%");
+    getDb().run("DELETE FROM cache_entries WHERE key LIKE ? ESCAPE '\\'", [likePattern]);
+};
+// ---------------------------------------------------------------------------
+// Email verification token helpers (used by src/lib/emailVerification.ts)
+// ---------------------------------------------------------------------------
+export const sqliteCreateVerificationToken = (token, userId, email, ttlSeconds) => {
+    const expiresAt = Date.now() + ttlSeconds * 1000;
+    getDb().run("INSERT INTO email_verifications (token, userId, email, expiresAt) VALUES (?, ?, ?, ?)", [token, userId, email, expiresAt]);
+};
+export const sqliteGetVerificationToken = (token) => {
+    const row = getDb().query("SELECT userId, email FROM email_verifications WHERE token = ? AND expiresAt > ?").get(token, Date.now());
+    return row ?? null;
+};
+export const sqliteDeleteVerificationToken = (token) => {
+    getDb().run("DELETE FROM email_verifications WHERE token = ?", [token]);
+};
+// ---------------------------------------------------------------------------
+// Optional periodic cleanup of expired rows
+// ---------------------------------------------------------------------------
+export const startSqliteCleanup = (intervalMs = 3_600_000) => {
+    return setInterval(() => {
+        const db = getDb();
+        const now = Date.now();
+        db.run("DELETE FROM sessions WHERE expiresAt <= ?", [now]);
+        db.run("DELETE FROM oauth_states WHERE expiresAt <= ?", [now]);
+        db.run("DELETE FROM cache_entries WHERE expiresAt IS NOT NULL AND expiresAt <= ?", [now]);
+        db.run("DELETE FROM email_verifications WHERE expiresAt <= ?", [now]);
+    }, intervalMs);
+};