npm - @m5kdev/backend - Versions diffs - 0.7.0 → 0.8.0 - Mend

@m5kdev/backend 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (559) hide show

package/dist/src/modules/connect/connect.oauth.mjs ADDED Viewed

@@ -0,0 +1,145 @@
+import { logger } from "../../utils/logger.mjs";
+import * as client from "openid-client";
+//#region src/modules/connect/connect.oauth.ts
+const oauthStateStore = /* @__PURE__ */ new Map();
+const STATE_TTL_MS = 600 * 1e3;
+function getStateKey(sessionId, provider) {
+	return `${sessionId}:${provider}`;
+}
+async function generateOAuthState(sessionId, provider) {
+	const state = client.randomState();
+	const codeVerifier = client.randomPKCECodeVerifier();
+	const oauthState = {
+		state,
+		codeVerifier,
+		codeChallenge: await client.calculatePKCECodeChallenge(codeVerifier),
+		sessionId,
+		provider
+	};
+	const key = getStateKey(sessionId, provider);
+	oauthStateStore.set(key, oauthState);
+	setTimeout(() => {
+		oauthStateStore.delete(key);
+	}, STATE_TTL_MS);
+	return oauthState;
+}
+function getOAuthState(sessionId, provider, state) {
+	const key = getStateKey(sessionId, provider);
+	const stored = oauthStateStore.get(key);
+	if (!stored || stored.state !== state) return null;
+	oauthStateStore.delete(key);
+	return stored;
+}
+async function createConfiguration(provider) {
+	const clientAuth = provider.clientSecret ? client.ClientSecretPost(provider.clientSecret) : client.None();
+	if (provider.issuerConfig) {
+		const serverMetadata = {
+			issuer: provider.issuerConfig.issuer,
+			authorization_endpoint: provider.issuerConfig.authorization_endpoint,
+			token_endpoint: provider.issuerConfig.token_endpoint,
+			...provider.issuerConfig.userinfo_endpoint && { userinfo_endpoint: provider.issuerConfig.userinfo_endpoint },
+			...provider.id === "linkedin" && { jwks_uri: "https://www.linkedin.com/oauth/openid/jwks" }
+		};
+		const clientMetadata = {
+			client_id: provider.clientId,
+			...provider.clientSecret && { client_secret: provider.clientSecret },
+			redirect_uris: [provider.redirectUri]
+		};
+		return new client.Configuration(serverMetadata, provider.clientId, clientMetadata, clientAuth);
+	}
+	if (!provider.issuerUrl) throw new Error("Provider must have either issuerConfig or issuerUrl");
+	const serverUrl = new URL(provider.issuerUrl);
+	return await client.discovery(serverUrl, provider.clientId, void 0, clientAuth);
+}
+async function buildAuthorizationUrl(provider, state) {
+	const config = await createConfiguration(provider);
+	const parameters = {
+		scope: provider.scopes.join(" "),
+		state: state.state,
+		redirect_uri: provider.redirectUri
+	};
+	if (provider.supportsPKCE !== false) {
+		parameters.code_challenge = state.codeChallenge;
+		parameters.code_challenge_method = "S256";
+	}
+	return client.buildAuthorizationUrl(config, parameters).toString();
+}
+async function exchangeCodeForTokens(provider, code, codeVerifier, redirectUri, state) {
+	const logger$1 = logger.child({ layer: "exchangeCodeForTokens" });
+	try {
+		if (provider.id === "linkedin" && provider.issuerConfig) {
+			const tokenEndpoint = provider.issuerConfig.token_endpoint;
+			const body = new URLSearchParams({
+				grant_type: "authorization_code",
+				code,
+				redirect_uri: provider.redirectUri,
+				client_id: provider.clientId,
+				client_secret: provider.clientSecret
+			});
+			const response = await fetch(tokenEndpoint, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: body.toString()
+			});
+			if (!response.ok) {
+				const errorData = await response.json().catch(() => ({}));
+				throw new Error(`LinkedIn token exchange failed: ${response.status} ${response.statusText} - ${JSON.stringify(errorData)}`);
+			}
+			const tokenData = await response.json();
+			return {
+				accessToken: tokenData.access_token,
+				refreshToken: tokenData.refresh_token,
+				tokenType: tokenData.token_type || "bearer",
+				expiresAt: tokenData.expires_in ? new Date(Date.now() + tokenData.expires_in * 1e3) : void 0,
+				scope: tokenData.scope
+			};
+		}
+		const config = await createConfiguration(provider);
+		const currentUrl = new URL(redirectUri);
+		currentUrl.searchParams.set("code", code);
+		currentUrl.searchParams.set("state", state);
+		const checks = { expectedState: state };
+		if (provider.supportsPKCE !== false) checks.pkceCodeVerifier = codeVerifier;
+		const tokenSet = await client.authorizationCodeGrant(config, currentUrl, checks);
+		return {
+			accessToken: tokenSet.access_token,
+			refreshToken: tokenSet.refresh_token,
+			tokenType: tokenSet.token_type,
+			expiresAt: tokenSet.expires_in ? new Date(Date.now() + tokenSet.expires_in * 1e3) : void 0,
+			scope: tokenSet.scope
+		};
+	} catch (error) {
+		logger$1.error("Token exchange error", {
+			error,
+			provider: provider.id
+		});
+		if (error instanceof Error) {
+			const errorMessage = error.message || "Unknown error";
+			if (provider.id === "linkedin" && errorMessage.includes("JWT claim") && error.code === "OAUTH_JWT_CLAIM_COMPARISON_FAILED") {
+				logger$1.warn("LinkedIn ID token validation failed, but token exchange may have succeeded. Check if access token is available.", { error: errorMessage });
+				throw new Error(`LinkedIn ID token validation failed: ${errorMessage}. This is a known issue with LinkedIn's OpenID Connect implementation.`);
+			}
+			const errorDetails = error.cause;
+			const linkedInError = errorDetails?.error;
+			const linkedInErrorDescription = errorDetails?.error_description;
+			const fullErrorMessage = linkedInError ? `LinkedIn OAuth error: ${linkedInError}${linkedInErrorDescription ? ` - ${linkedInErrorDescription}` : ""}` : `Token exchange failed: ${errorMessage}${errorDetails ? ` - Details: ${JSON.stringify(errorDetails)}` : ""}`;
+			throw new Error(fullErrorMessage);
+		}
+		throw error;
+	}
+}
+async function refreshAccessToken(provider, refreshToken) {
+	const config = await createConfiguration(provider);
+	const tokenSet = await client.refreshTokenGrant(config, refreshToken);
+	return {
+		accessToken: tokenSet.access_token,
+		refreshToken: tokenSet.refresh_token || refreshToken,
+		tokenType: tokenSet.token_type,
+		expiresAt: tokenSet.expires_in ? new Date(Date.now() + tokenSet.expires_in * 1e3) : void 0,
+		scope: tokenSet.scope
+	};
+}
+//#endregion
+export { buildAuthorizationUrl, createConfiguration, exchangeCodeForTokens, generateOAuthState, getOAuthState, refreshAccessToken };
+//# sourceMappingURL=connect.oauth.mjs.map

package/dist/src/modules/connect/connect.oauth.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"connect.oauth.mjs","names":["logger","rootLogger"],"sources":["../../../../src/modules/connect/connect.oauth.ts"],"sourcesContent":["import * as client from \"openid-client\";\r\nimport { logger as rootLogger } from \"../../utils/logger\";\r\nimport type { ConnectProvider } from \"./connect.types\";\r\n\r\nexport interface OAuthState {\r\n state: string;\r\n codeVerifier: string;\r\n codeChallenge: string;\r\n sessionId: string;\r\n provider: string;\r\n}\r\n\r\n// In-memory store for OAuth state (keyed by sessionId + provider)\r\n// In production, consider using Redis with TTL\r\nconst oauthStateStore = new Map<string, OAuthState>();\r\n\r\nconst STATE_TTL_MS = 10 * 60 * 1000; // 10 minutes\r\n\r\nfunction getStateKey(sessionId: string, provider: string): string {\r\n return `${sessionId}:${provider}`;\r\n}\r\n\r\nexport async function generateOAuthState(sessionId: string, provider: string): Promise<OAuthState> {\r\n const state = client.randomState();\r\n const codeVerifier = client.randomPKCECodeVerifier();\r\n const codeChallenge = await client.calculatePKCECodeChallenge(codeVerifier);\r\n\r\n const oauthState: OAuthState = {\r\n state,\r\n codeVerifier,\r\n codeChallenge,\r\n sessionId,\r\n provider,\r\n };\r\n\r\n const key = getStateKey(sessionId, provider);\r\n oauthStateStore.set(key, oauthState);\r\n\r\n // Clean up after TTL\r\n setTimeout(() => {\r\n oauthStateStore.delete(key);\r\n }, STATE_TTL_MS);\r\n\r\n return oauthState;\r\n}\r\n\r\nexport function getOAuthState(\r\n sessionId: string,\r\n provider: string,\r\n state: string\r\n): OAuthState | null {\r\n const key = getStateKey(sessionId, provider);\r\n const stored = oauthStateStore.get(key);\r\n\r\n if (!stored || stored.state !== state) {\r\n return null;\r\n }\r\n\r\n // Clean up after use\r\n oauthStateStore.delete(key);\r\n return stored;\r\n}\r\n\r\nexport async function createConfiguration(\r\n provider: ConnectProvider\r\n): Promise<client.Configuration> {\r\n // LinkedIn uses client_secret_post (form-encoded body parameters)\r\n // The library's ClientSecretPost handles this correctly\r\n const clientAuth = provider.clientSecret\r\n ? client.ClientSecretPost(provider.clientSecret)\r\n : client.None();\r\n\r\n if (provider.issuerConfig) {\r\n // Use manual issuer config (e.g., LinkedIn) - create Configuration directly\r\n // LinkedIn doesn't support OpenID Connect discovery\r\n const serverMetadata: client.ServerMetadata = {\r\n issuer: provider.issuerConfig.issuer,\r\n authorization_endpoint: provider.issuerConfig.authorization_endpoint,\r\n token_endpoint: provider.issuerConfig.token_endpoint,\r\n ...(provider.issuerConfig.userinfo_endpoint && {\r\n userinfo_endpoint: provider.issuerConfig.userinfo_endpoint,\r\n }),\r\n // LinkedIn JWKS URI for ID token signature verification\r\n ...(provider.id === \"linkedin\" && {\r\n jwks_uri: \"https://www.linkedin.com/oauth/openid/jwks\",\r\n }),\r\n };\r\n\r\n const clientMetadata: Partial<client.ClientMetadata> = {\r\n client_id: provider.clientId,\r\n ...(provider.clientSecret && { client_secret: provider.clientSecret }),\r\n redirect_uris: [provider.redirectUri],\r\n };\r\n\r\n return new client.Configuration(serverMetadata, provider.clientId, clientMetadata, clientAuth);\r\n }\r\n\r\n // Auto-discovery from well-known endpoint\r\n if (!provider.issuerUrl) {\r\n throw new Error(\"Provider must have either issuerConfig or issuerUrl\");\r\n }\r\n\r\n const serverUrl = new URL(provider.issuerUrl);\r\n return await client.discovery(serverUrl, provider.clientId, undefined, clientAuth);\r\n}\r\n\r\nexport async function buildAuthorizationUrl(\r\n provider: ConnectProvider,\r\n state: OAuthState\r\n): Promise<string> {\r\n const config = await createConfiguration(provider);\r\n\r\n const parameters: Record<string, string> = {\r\n scope: provider.scopes.join(\" \"),\r\n state: state.state,\r\n redirect_uri: provider.redirectUri,\r\n };\r\n\r\n // Add PKCE parameters only if provider supports it\r\n if (provider.supportsPKCE !== false) {\r\n parameters.code_challenge = state.codeChallenge;\r\n parameters.code_challenge_method = \"S256\";\r\n }\r\n\r\n const url = client.buildAuthorizationUrl(config, parameters);\r\n return url.toString();\r\n}\r\n\r\nexport async function exchangeCodeForTokens(\r\n provider: ConnectProvider,\r\n code: string,\r\n codeVerifier: string,\r\n redirectUri: string,\r\n state: string\r\n): Promise<{\r\n accessToken: string;\r\n refreshToken?: string;\r\n tokenType?: string;\r\n expiresAt?: Date;\r\n scope?: string;\r\n}> {\r\n const logger = rootLogger.child({ layer: \"exchangeCodeForTokens\" });\r\n\r\n try {\r\n // LinkedIn-specific workaround: Manual token exchange to bypass ID token validation\r\n // LinkedIn's OpenID Connect ID token has non-standard claim format\r\n if (provider.id === \"linkedin\" && provider.issuerConfig) {\r\n const tokenEndpoint = provider.issuerConfig.token_endpoint;\r\n const body = new URLSearchParams({\r\n grant_type: \"authorization_code\",\r\n code,\r\n redirect_uri: provider.redirectUri,\r\n client_id: provider.clientId,\r\n client_secret: provider.clientSecret,\r\n });\r\n\r\n const response = await fetch(tokenEndpoint, {\r\n method: \"POST\",\r\n headers: {\r\n \"Content-Type\": \"application/x-www-form-urlencoded\",\r\n },\r\n body: body.toString(),\r\n });\r\n\r\n if (!response.ok) {\r\n const errorData = await response.json().catch(() => ({}));\r\n throw new Error(\r\n `LinkedIn token exchange failed: ${response.status} ${response.statusText} - ${JSON.stringify(errorData)}`\r\n );\r\n }\r\n\r\n const tokenData = (await response.json()) as {\r\n access_token: string;\r\n refresh_token?: string;\r\n token_type?: string;\r\n expires_in?: number;\r\n scope?: string;\r\n };\r\n\r\n return {\r\n accessToken: tokenData.access_token,\r\n refreshToken: tokenData.refresh_token,\r\n tokenType: tokenData.token_type || \"bearer\",\r\n expiresAt: tokenData.expires_in\r\n ? new Date(Date.now() + tokenData.expires_in * 1000)\r\n : undefined,\r\n scope: tokenData.scope,\r\n };\r\n }\r\n\r\n // Standard flow for other providers\r\n const config = await createConfiguration(provider);\r\n const currentUrl = new URL(redirectUri);\r\n currentUrl.searchParams.set(\"code\", code);\r\n currentUrl.searchParams.set(\"state\", state);\r\n\r\n const checks: {\r\n pkceCodeVerifier?: string;\r\n expectedState: string;\r\n } = {\r\n expectedState: state,\r\n };\r\n\r\n // Only include PKCE verifier if provider supports it\r\n if (provider.supportsPKCE !== false) {\r\n checks.pkceCodeVerifier = codeVerifier;\r\n }\r\n\r\n const tokenSet = await client.authorizationCodeGrant(config, currentUrl, checks);\r\n\r\n return {\r\n accessToken: tokenSet.access_token,\r\n refreshToken: tokenSet.refresh_token,\r\n tokenType: tokenSet.token_type,\r\n expiresAt: tokenSet.expires_in\r\n ? new Date(Date.now() + tokenSet.expires_in * 1000)\r\n : undefined,\r\n scope: tokenSet.scope,\r\n };\r\n } catch (error: unknown) {\r\n // Enhanced error logging for OAuth issues\r\n logger.error(\"Token exchange error\", { error, provider: provider.id });\r\n\r\n if (error instanceof Error) {\r\n const errorMessage = error.message || \"Unknown error\";\r\n\r\n // Check if this is an ID token validation error for LinkedIn\r\n // LinkedIn's ID token may have non-standard claim format, but we can still use the access token\r\n if (\r\n provider.id === \"linkedin\" &&\r\n errorMessage.includes(\"JWT claim\") &&\r\n (error as { code?: string }).code === \"OAUTH_JWT_CLAIM_COMPARISON_FAILED\"\r\n ) {\r\n // Try to extract access token from the error response if available\r\n // This is a workaround for LinkedIn's ID token validation issues\r\n logger.warn(\r\n \"LinkedIn ID token validation failed, but token exchange may have succeeded. Check if access token is available.\",\r\n { error: errorMessage }\r\n );\r\n // Re-throw for now - we need the access token to continue\r\n // In a production scenario, you might want to manually parse the token response\r\n throw new Error(\r\n `LinkedIn ID token validation failed: ${errorMessage}. This is a known issue with LinkedIn's OpenID Connect implementation.`\r\n );\r\n }\r\n\r\n // ResponseBodyError from oauth4webapi has a 'cause' property with the error details\r\n const responseBodyError = error as { cause?: Record<string, unknown> };\r\n const errorDetails = responseBodyError.cause;\r\n\r\n // Extract error and error_description from LinkedIn's response\r\n const linkedInError = errorDetails?.error as string | undefined;\r\n const linkedInErrorDescription = errorDetails?.error_description as string | undefined;\r\n\r\n const fullErrorMessage = linkedInError\r\n ? `LinkedIn OAuth error: ${linkedInError}${linkedInErrorDescription ? ` - ${linkedInErrorDescription}` : \"\"}`\r\n : `Token exchange failed: ${errorMessage}${\r\n errorDetails ? ` - Details: ${JSON.stringify(errorDetails)}` : \"\"\r\n }`;\r\n\r\n throw new Error(fullErrorMessage);\r\n }\r\n throw error;\r\n }\r\n}\r\n\r\nexport async function refreshAccessToken(\r\n provider: ConnectProvider,\r\n refreshToken: string\r\n): Promise<{\r\n accessToken: string;\r\n refreshToken?: string;\r\n tokenType?: string;\r\n expiresAt?: Date;\r\n scope?: string;\r\n}> {\r\n const config = await createConfiguration(provider);\r\n\r\n const tokenSet = await client.refreshTokenGrant(config, refreshToken);\r\n\r\n return {\r\n accessToken: tokenSet.access_token,\r\n refreshToken: tokenSet.refresh_token || refreshToken,\r\n tokenType: tokenSet.token_type,\r\n expiresAt: tokenSet.expires_in ? new Date(Date.now() + tokenSet.expires_in * 1000) : undefined,\r\n scope: tokenSet.scope,\r\n };\r\n}\r\n"],"mappings":";;;AAcA,MAAM,kCAAkB,IAAI,KAAyB;AAErD,MAAM,eAAe,MAAU;AAE/B,SAAS,YAAY,WAAmB,UAA0B;AAChE,QAAO,GAAG,UAAU,GAAG;;AAGzB,eAAsB,mBAAmB,WAAmB,UAAuC;CACjG,MAAM,QAAQ,OAAO,aAAa;CAClC,MAAM,eAAe,OAAO,wBAAwB;CAGpD,MAAM,aAAyB;EAC7B;EACA;EACA,eALoB,MAAM,OAAO,2BAA2B,aAAa;EAMzE;EACA;EACD;CAED,MAAM,MAAM,YAAY,WAAW,SAAS;AAC5C,iBAAgB,IAAI,KAAK,WAAW;AAGpC,kBAAiB;AACf,kBAAgB,OAAO,IAAI;IAC1B,aAAa;AAEhB,QAAO;;AAGT,SAAgB,cACd,WACA,UACA,OACmB;CACnB,MAAM,MAAM,YAAY,WAAW,SAAS;CAC5C,MAAM,SAAS,gBAAgB,IAAI,IAAI;AAEvC,KAAI,CAAC,UAAU,OAAO,UAAU,MAC9B,QAAO;AAIT,iBAAgB,OAAO,IAAI;AAC3B,QAAO;;AAGT,eAAsB,oBACpB,UAC+B;CAG/B,MAAM,aAAa,SAAS,eACxB,OAAO,iBAAiB,SAAS,aAAa,GAC9C,OAAO,MAAM;AAEjB,KAAI,SAAS,cAAc;EAGzB,MAAM,iBAAwC;GAC5C,QAAQ,SAAS,aAAa;GAC9B,wBAAwB,SAAS,aAAa;GAC9C,gBAAgB,SAAS,aAAa;GACtC,GAAI,SAAS,aAAa,qBAAqB,EAC7C,mBAAmB,SAAS,aAAa,mBAC1C;GAED,GAAI,SAAS,OAAO,cAAc,EAChC,UAAU,8CACX;GACF;EAED,MAAM,iBAAiD;GACrD,WAAW,SAAS;GACpB,GAAI,SAAS,gBAAgB,EAAE,eAAe,SAAS,cAAc;GACrE,eAAe,CAAC,SAAS,YAAY;GACtC;AAED,SAAO,IAAI,OAAO,cAAc,gBAAgB,SAAS,UAAU,gBAAgB,WAAW;;AAIhG,KAAI,CAAC,SAAS,UACZ,OAAM,IAAI,MAAM,sDAAsD;CAGxE,MAAM,YAAY,IAAI,IAAI,SAAS,UAAU;AAC7C,QAAO,MAAM,OAAO,UAAU,WAAW,SAAS,UAAU,KAAA,GAAW,WAAW;;AAGpF,eAAsB,sBACpB,UACA,OACiB;CACjB,MAAM,SAAS,MAAM,oBAAoB,SAAS;CAElD,MAAM,aAAqC;EACzC,OAAO,SAAS,OAAO,KAAK,IAAI;EAChC,OAAO,MAAM;EACb,cAAc,SAAS;EACxB;AAGD,KAAI,SAAS,iBAAiB,OAAO;AACnC,aAAW,iBAAiB,MAAM;AAClC,aAAW,wBAAwB;;AAIrC,QADY,OAAO,sBAAsB,QAAQ,WAAW,CACjD,UAAU;;AAGvB,eAAsB,sBACpB,UACA,MACA,cACA,aACA,OAOC;CACD,MAAMA,WAASC,OAAW,MAAM,EAAE,OAAO,yBAAyB,CAAC;AAEnE,KAAI;AAGF,MAAI,SAAS,OAAO,cAAc,SAAS,cAAc;GACvD,MAAM,gBAAgB,SAAS,aAAa;GAC5C,MAAM,OAAO,IAAI,gBAAgB;IAC/B,YAAY;IACZ;IACA,cAAc,SAAS;IACvB,WAAW,SAAS;IACpB,eAAe,SAAS;IACzB,CAAC;GAEF,MAAM,WAAW,MAAM,MAAM,eAAe;IAC1C,QAAQ;IACR,SAAS,EACP,gBAAgB,qCACjB;IACD,MAAM,KAAK,UAAU;IACtB,CAAC;AAEF,OAAI,CAAC,SAAS,IAAI;IAChB,MAAM,YAAY,MAAM,SAAS,MAAM,CAAC,aAAa,EAAE,EAAE;AACzD,UAAM,IAAI,MACR,mCAAmC,SAAS,OAAO,GAAG,SAAS,WAAW,KAAK,KAAK,UAAU,UAAU,GACzG;;GAGH,MAAM,YAAa,MAAM,SAAS,MAAM;AAQxC,UAAO;IACL,aAAa,UAAU;IACvB,cAAc,UAAU;IACxB,WAAW,UAAU,cAAc;IACnC,WAAW,UAAU,aACjB,IAAI,KAAK,KAAK,KAAK,GAAG,UAAU,aAAa,IAAK,GAClD,KAAA;IACJ,OAAO,UAAU;IAClB;;EAIH,MAAM,SAAS,MAAM,oBAAoB,SAAS;EAClD,MAAM,aAAa,IAAI,IAAI,YAAY;AACvC,aAAW,aAAa,IAAI,QAAQ,KAAK;AACzC,aAAW,aAAa,IAAI,SAAS,MAAM;EAE3C,MAAM,SAGF,EACF,eAAe,OAChB;AAGD,MAAI,SAAS,iBAAiB,MAC5B,QAAO,mBAAmB;EAG5B,MAAM,WAAW,MAAM,OAAO,uBAAuB,QAAQ,YAAY,OAAO;AAEhF,SAAO;GACL,aAAa,SAAS;GACtB,cAAc,SAAS;GACvB,WAAW,SAAS;GACpB,WAAW,SAAS,aAChB,IAAI,KAAK,KAAK,KAAK,GAAG,SAAS,aAAa,IAAK,GACjD,KAAA;GACJ,OAAO,SAAS;GACjB;UACM,OAAgB;AAEvB,WAAO,MAAM,wBAAwB;GAAE;GAAO,UAAU,SAAS;GAAI,CAAC;AAEtE,MAAI,iBAAiB,OAAO;GAC1B,MAAM,eAAe,MAAM,WAAW;AAItC,OACE,SAAS,OAAO,cAChB,aAAa,SAAS,YAAY,IACjC,MAA4B,SAAS,qCACtC;AAGA,aAAO,KACL,mHACA,EAAE,OAAO,cAAc,CACxB;AAGD,UAAM,IAAI,MACR,wCAAwC,aAAa,wEACtD;;GAKH,MAAM,eADoB,MACa;GAGvC,MAAM,gBAAgB,cAAc;GACpC,MAAM,2BAA2B,cAAc;GAE/C,MAAM,mBAAmB,gBACrB,yBAAyB,gBAAgB,2BAA2B,MAAM,6BAA6B,OACvG,0BAA0B,eACxB,eAAe,eAAe,KAAK,UAAU,aAAa,KAAK;AAGrE,SAAM,IAAI,MAAM,iBAAiB;;AAEnC,QAAM;;;AAIV,eAAsB,mBACpB,UACA,cAOC;CACD,MAAM,SAAS,MAAM,oBAAoB,SAAS;CAElD,MAAM,WAAW,MAAM,OAAO,kBAAkB,QAAQ,aAAa;AAErE,QAAO;EACL,aAAa,SAAS;EACtB,cAAc,SAAS,iBAAiB;EACxC,WAAW,SAAS;EACpB,WAAW,SAAS,aAAa,IAAI,KAAK,KAAK,KAAK,GAAG,SAAS,aAAa,IAAK,GAAG,KAAA;EACrF,OAAO,SAAS;EACjB"}

package/dist/src/modules/connect/connect.repository.d.mts ADDED Viewed

@@ -0,0 +1,419 @@
+import { ServerResult } from "../base/base.dto.mjs";
+import { BaseTableRepository } from "../base/base.repository.mjs";
+import { ConnectListInputSchema } from "./connect.dto.mjs";
+import { InferInsertModel, InferSelectModel } from "drizzle-orm";
+import * as _$drizzle_orm_sqlite_core0 from "drizzle-orm/sqlite-core";
+import { LibSQLDatabase } from "drizzle-orm/libsql";
+//#region src/modules/connect/connect.repository.d.ts
+declare const schema: {
+  connect: _$drizzle_orm_sqlite_core0.SQLiteTableWithColumns<{
+    name: "connect";
+    schema: undefined;
+    columns: {
+      id: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "id";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: true;
+        hasDefault: true;
+        isPrimaryKey: true;
+        isAutoincrement: false;
+        hasRuntimeDefault: true;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      userId: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "user_id";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: true;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      provider: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "provider";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: true;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      accountType: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "account_type";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: true;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      providerAccountId: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "provider_account_id";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: true;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      handle: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "handle";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      displayName: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "display_name";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      avatarUrl: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "avatar_url";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      accessToken: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "access_token";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: true;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      refreshToken: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "refresh_token";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      tokenType: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "token_type";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      scope: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "scope";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      expiresAt: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "expires_at";
+        tableName: "connect";
+        dataType: "date";
+        columnType: "SQLiteTimestamp";
+        data: Date;
+        driverParam: number;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {}>;
+      parentId: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "parent_id";
+        tableName: "connect";
+        dataType: "string";
+        columnType: "SQLiteText";
+        data: string;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: [string, ...string[]];
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {
+        length: number | undefined;
+      }>;
+      metadataJson: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "metadata_json";
+        tableName: "connect";
+        dataType: "json";
+        columnType: "SQLiteTextJson";
+        data: unknown;
+        driverParam: string;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {}>;
+      revokedAt: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "revoked_at";
+        tableName: "connect";
+        dataType: "date";
+        columnType: "SQLiteTimestamp";
+        data: Date;
+        driverParam: number;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {}>;
+      lastRefreshedAt: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "last_refreshed_at";
+        tableName: "connect";
+        dataType: "date";
+        columnType: "SQLiteTimestamp";
+        data: Date;
+        driverParam: number;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {}>;
+      createdAt: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "created_at";
+        tableName: "connect";
+        dataType: "date";
+        columnType: "SQLiteTimestamp";
+        data: Date;
+        driverParam: number;
+        notNull: true;
+        hasDefault: true;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: true;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {}>;
+      updatedAt: _$drizzle_orm_sqlite_core0.SQLiteColumn<{
+        name: "updated_at";
+        tableName: "connect";
+        dataType: "date";
+        columnType: "SQLiteTimestamp";
+        data: Date;
+        driverParam: number;
+        notNull: false;
+        hasDefault: false;
+        isPrimaryKey: false;
+        isAutoincrement: false;
+        hasRuntimeDefault: false;
+        enumValues: undefined;
+        baseColumn: never;
+        identity: undefined;
+        generated: undefined;
+      }, {}, {}>;
+    };
+    dialect: "sqlite";
+  }>;
+};
+type Schema = typeof schema;
+type Orm = LibSQLDatabase<Schema>;
+type ConnectRow = InferSelectModel<Schema["connect"]>;
+type ConnectInsert = InferInsertModel<Schema["connect"]>;
+declare class ConnectRepository extends BaseTableRepository<Orm, Schema, Record<string, never>, Schema["connect"]> {
+  list(data: ConnectListInputSchema & {
+    userId: string;
+  }, tx?: Orm): Promise<ServerResult<{
+    id: string;
+    userId: string;
+    provider: string;
+    accountType: string;
+    providerAccountId: string;
+    handle: string | null;
+    displayName: string | null;
+    avatarUrl: string | null;
+    accessToken: string;
+    refreshToken: string | null;
+    tokenType: string | null;
+    scope: string | null;
+    expiresAt: Date | null;
+    parentId: string | null;
+    metadataJson: unknown;
+    revokedAt: Date | null;
+    lastRefreshedAt: Date | null;
+    createdAt: Date;
+    updatedAt: Date | null;
+  }[]>>;
+  upsert(data: ConnectInsert, tx?: Orm): Promise<ServerResult<{
+    id: string;
+    createdAt: Date;
+    updatedAt: Date | null;
+    userId: string;
+    provider: string;
+    expiresAt: Date | null;
+    accessToken: string;
+    refreshToken: string | null;
+    scope: string | null;
+    accountType: string;
+    providerAccountId: string;
+    handle: string | null;
+    displayName: string | null;
+    avatarUrl: string | null;
+    tokenType: string | null;
+    parentId: string | null;
+    metadataJson: unknown;
+    revokedAt: Date | null;
+    lastRefreshedAt: Date | null;
+  }>>;
+}
+//#endregion
+export { ConnectInsert, ConnectRepository, ConnectRow };
+//# sourceMappingURL=connect.repository.d.mts.map

package/dist/src/modules/connect/connect.repository.mjs ADDED Viewed

@@ -0,0 +1,40 @@
+import { BaseTableRepository } from "../base/base.repository.mjs";
+import { connect_db_exports } from "./connect.db.mjs";
+import { and, eq, inArray, isNull } from "drizzle-orm";
+import { ok } from "neverthrow";
+//#region src/modules/connect/connect.repository.ts
+({ ...connect_db_exports });
+var ConnectRepository = class extends BaseTableRepository {
+	async list(data, tx) {
+		return this.throwableAsync(async () => {
+			const db = tx ?? this.orm;
+			const { ConditionBuilder } = this.helpers;
+			const conditions = new ConditionBuilder();
+			if (data.providers) conditions.push(inArray(this.schema.connect.provider, data.providers));
+			if (data.inactive) conditions.push(isNull(this.schema.connect.revokedAt));
+			conditions.push(eq(this.schema.connect.userId, data.userId));
+			return ok(await db.select().from(this.schema.connect).where(conditions.join()));
+		});
+	}
+	async upsert(data, tx) {
+		return this.throwableAsync(async () => {
+			const db = tx ?? this.orm;
+			const [existing] = await db.select().from(this.schema.connect).where(and(eq(this.schema.connect.userId, data.userId), eq(this.schema.connect.provider, data.provider), eq(this.schema.connect.providerAccountId, data.providerAccountId))).limit(1);
+			if (existing) {
+				const [updated] = await db.update(this.schema.connect).set({
+					...data,
+					updatedAt: /* @__PURE__ */ new Date(),
+					lastRefreshedAt: /* @__PURE__ */ new Date()
+				}).where(eq(this.schema.connect.id, existing.id)).returning();
+				return ok(updated);
+			}
+			const [created] = await db.insert(this.schema.connect).values(data).returning();
+			if (!created) return this.error("UNPROCESSABLE_CONTENT");
+			return ok(created);
+		});
+	}
+};
+//#endregion
+export { ConnectRepository };
+//# sourceMappingURL=connect.repository.mjs.map

package/dist/src/modules/connect/connect.repository.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"connect.repository.mjs","names":["connect"],"sources":["../../../../src/modules/connect/connect.repository.ts"],"sourcesContent":["import type { InferInsertModel, InferSelectModel } from \"drizzle-orm\";\r\nimport { and, eq, inArray, isNull } from \"drizzle-orm\";\r\nimport type { LibSQLDatabase } from \"drizzle-orm/libsql\";\r\nimport { ok } from \"neverthrow\";\r\nimport { BaseTableRepository } from \"../base/base.repository\";\r\nimport * as connect from \"./connect.db\";\r\nimport type { ConnectListInputSchema } from \"./connect.dto\";\r\n\r\nconst schema = { ...connect };\r\ntype Schema = typeof schema;\r\ntype Orm = LibSQLDatabase<Schema>;\r\n\r\nexport type ConnectRow = InferSelectModel<Schema[\"connect\"]>;\r\nexport type ConnectInsert = InferInsertModel<Schema[\"connect\"]>;\r\n\r\nexport class ConnectRepository extends BaseTableRepository<Orm, Schema, Record<string, never>, Schema[\"connect\"]> {\r\n async list(data: ConnectListInputSchema & { userId: string }, tx?: Orm) {\r\n return this.throwableAsync(async () => {\r\n const db = tx ?? this.orm;\r\n const { ConditionBuilder } = this.helpers;\r\n const conditions = new ConditionBuilder();\r\n if (data.providers) conditions.push(inArray(this.schema.connect.provider, data.providers));\r\n if (data.inactive) conditions.push(isNull(this.schema.connect.revokedAt));\r\n conditions.push(eq(this.schema.connect.userId, data.userId));\r\n const rows = await db.select().from(this.schema.connect).where(conditions.join());\r\n return ok(rows);\r\n });\r\n }\r\n\r\n async upsert(data: ConnectInsert, tx?: Orm) {\r\n return this.throwableAsync(async () => {\r\n const db = tx ?? this.orm;\r\n const [existing] = await db\r\n .select()\r\n .from(this.schema.connect)\r\n .where(\r\n and(\r\n eq(this.schema.connect.userId, data.userId),\r\n eq(this.schema.connect.provider, data.provider),\r\n eq(this.schema.connect.providerAccountId, data.providerAccountId)\r\n )\r\n )\r\n .limit(1);\r\n\r\n if (existing) {\r\n // Update existing\r\n const [updated] = await db\r\n .update(this.schema.connect)\r\n .set({\r\n ...data,\r\n updatedAt: new Date(),\r\n lastRefreshedAt: new Date(),\r\n })\r\n .where(eq(this.schema.connect.id, existing.id))\r\n .returning();\r\n return ok(updated);\r\n }\r\n\r\n // Create new\r\n const [created] = await db.insert(this.schema.connect).values(data).returning();\r\n if (!created) return this.error(\"UNPROCESSABLE_CONTENT\");\r\n return ok(created);\r\n });\r\n }\r\n}\r\n"],"mappings":";;;;;CAQe,EAAE,GAAGA,oBAAS;AAO7B,IAAa,oBAAb,cAAuC,oBAA2E;CAChH,MAAM,KAAK,MAAmD,IAAU;AACtE,SAAO,KAAK,eAAe,YAAY;GACrC,MAAM,KAAK,MAAM,KAAK;GACtB,MAAM,EAAE,qBAAqB,KAAK;GAClC,MAAM,aAAa,IAAI,kBAAkB;AACzC,OAAI,KAAK,UAAW,YAAW,KAAK,QAAQ,KAAK,OAAO,QAAQ,UAAU,KAAK,UAAU,CAAC;AAC1F,OAAI,KAAK,SAAU,YAAW,KAAK,OAAO,KAAK,OAAO,QAAQ,UAAU,CAAC;AACzE,cAAW,KAAK,GAAG,KAAK,OAAO,QAAQ,QAAQ,KAAK,OAAO,CAAC;AAE5D,UAAO,GADM,MAAM,GAAG,QAAQ,CAAC,KAAK,KAAK,OAAO,QAAQ,CAAC,MAAM,WAAW,MAAM,CAAC,CAClE;IACf;;CAGJ,MAAM,OAAO,MAAqB,IAAU;AAC1C,SAAO,KAAK,eAAe,YAAY;GACrC,MAAM,KAAK,MAAM,KAAK;GACtB,MAAM,CAAC,YAAY,MAAM,GACtB,QAAQ,CACR,KAAK,KAAK,OAAO,QAAQ,CACzB,MACC,IACE,GAAG,KAAK,OAAO,QAAQ,QAAQ,KAAK,OAAO,EAC3C,GAAG,KAAK,OAAO,QAAQ,UAAU,KAAK,SAAS,EAC/C,GAAG,KAAK,OAAO,QAAQ,mBAAmB,KAAK,kBAAkB,CAClE,CACF,CACA,MAAM,EAAE;AAEX,OAAI,UAAU;IAEZ,MAAM,CAAC,WAAW,MAAM,GACrB,OAAO,KAAK,OAAO,QAAQ,CAC3B,IAAI;KACH,GAAG;KACH,2BAAW,IAAI,MAAM;KACrB,iCAAiB,IAAI,MAAM;KAC5B,CAAC,CACD,MAAM,GAAG,KAAK,OAAO,QAAQ,IAAI,SAAS,GAAG,CAAC,CAC9C,WAAW;AACd,WAAO,GAAG,QAAQ;;GAIpB,MAAM,CAAC,WAAW,MAAM,GAAG,OAAO,KAAK,OAAO,QAAQ,CAAC,OAAO,KAAK,CAAC,WAAW;AAC/E,OAAI,CAAC,QAAS,QAAO,KAAK,MAAM,wBAAwB;AACxD,UAAO,GAAG,QAAQ;IAClB"}

package/dist/src/modules/connect/connect.router.d.mts ADDED Viewed

@@ -0,0 +1,9 @@
+import { AuthMiddleware } from "../auth/auth.middleware.mjs";
+import { ConnectService } from "./connect.service.mjs";
+import { Router } from "express";
+//#region src/modules/connect/connect.router.d.ts
+declare function createConnectRouter(authMiddleware: AuthMiddleware, connectService: ConnectService): Router;
+//#endregion
+export { createConnectRouter };
+//# sourceMappingURL=connect.router.d.mts.map