@meridianjs/auth 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.mts +11 -0
- package/dist/index.d.ts +11 -0
- package/dist/index.js +35 -0
- package/dist/index.mjs +35 -0
- package/package.json +1 -1
package/dist/index.d.mts
CHANGED
|
@@ -61,6 +61,17 @@ declare class AuthModuleService extends AuthModuleService_base {
|
|
|
61
61
|
* 3. Create new user
|
|
62
62
|
*/
|
|
63
63
|
loginOrRegisterWithGoogle(input: GoogleAuthInput): Promise<AuthResult>;
|
|
64
|
+
/**
|
|
65
|
+
* Restore a soft-deleted user via an invite link.
|
|
66
|
+
* Updates their name, password, and role, then issues a fresh session token.
|
|
67
|
+
* The user's ID — and all history tied to it — is preserved.
|
|
68
|
+
*/
|
|
69
|
+
restoreFromInvite(userId: string, input: {
|
|
70
|
+
password: string;
|
|
71
|
+
first_name?: string;
|
|
72
|
+
last_name?: string;
|
|
73
|
+
role?: UserRole;
|
|
74
|
+
}): Promise<AuthResult>;
|
|
64
75
|
/** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
|
|
65
76
|
verifyToken(token: string, secret: string): JwtPayload;
|
|
66
77
|
/** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
|
package/dist/index.d.ts
CHANGED
|
@@ -61,6 +61,17 @@ declare class AuthModuleService extends AuthModuleService_base {
|
|
|
61
61
|
* 3. Create new user
|
|
62
62
|
*/
|
|
63
63
|
loginOrRegisterWithGoogle(input: GoogleAuthInput): Promise<AuthResult>;
|
|
64
|
+
/**
|
|
65
|
+
* Restore a soft-deleted user via an invite link.
|
|
66
|
+
* Updates their name, password, and role, then issues a fresh session token.
|
|
67
|
+
* The user's ID — and all history tied to it — is preserved.
|
|
68
|
+
*/
|
|
69
|
+
restoreFromInvite(userId: string, input: {
|
|
70
|
+
password: string;
|
|
71
|
+
first_name?: string;
|
|
72
|
+
last_name?: string;
|
|
73
|
+
role?: UserRole;
|
|
74
|
+
}): Promise<AuthResult>;
|
|
64
75
|
/** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
|
|
65
76
|
verifyToken(token: string, secret: string): JwtPayload;
|
|
66
77
|
/** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
|
package/dist/index.js
CHANGED
|
@@ -99,6 +99,9 @@ var AuthModuleService = class extends (0, import_framework_utils.MeridianService
|
|
|
99
99
|
if (!user) {
|
|
100
100
|
throw Object.assign(new Error("Invalid credentials"), { status: 401 });
|
|
101
101
|
}
|
|
102
|
+
if (user.deleted_at) {
|
|
103
|
+
throw Object.assign(new Error("Invalid credentials"), { status: 401 });
|
|
104
|
+
}
|
|
102
105
|
if (!user.is_active) {
|
|
103
106
|
throw Object.assign(new Error("Account deactivated"), { status: 403 });
|
|
104
107
|
}
|
|
@@ -144,6 +147,9 @@ var AuthModuleService = class extends (0, import_framework_utils.MeridianService
|
|
|
144
147
|
}
|
|
145
148
|
}
|
|
146
149
|
if (user) {
|
|
150
|
+
if (user.deleted_at) {
|
|
151
|
+
throw Object.assign(new Error("Invalid credentials"), { status: 401 });
|
|
152
|
+
}
|
|
147
153
|
if (!user.is_active) {
|
|
148
154
|
throw Object.assign(new Error("Account deactivated"), { status: 403 });
|
|
149
155
|
}
|
|
@@ -201,6 +207,35 @@ var AuthModuleService = class extends (0, import_framework_utils.MeridianService
|
|
|
201
207
|
token
|
|
202
208
|
};
|
|
203
209
|
}
|
|
210
|
+
/**
|
|
211
|
+
* Restore a soft-deleted user via an invite link.
|
|
212
|
+
* Updates their name, password, and role, then issues a fresh session token.
|
|
213
|
+
* The user's ID — and all history tied to it — is preserved.
|
|
214
|
+
*/
|
|
215
|
+
async restoreFromInvite(userId, input) {
|
|
216
|
+
const userService = this.container.resolve("userModuleService");
|
|
217
|
+
const config = this.container.resolve("config");
|
|
218
|
+
const password_hash = await import_bcrypt.default.hash(input.password, BCRYPT_ROUNDS);
|
|
219
|
+
const user = await userService.restoreUser(userId, {
|
|
220
|
+
password_hash,
|
|
221
|
+
first_name: input.first_name ?? null,
|
|
222
|
+
last_name: input.last_name ?? null,
|
|
223
|
+
role: input.role ?? "member"
|
|
224
|
+
});
|
|
225
|
+
const permissions = await this.resolvePermissions(user.app_role_id);
|
|
226
|
+
const { token, jti, expiresAt } = this.signToken(user.id, null, [user.role], permissions, config.projectConfig.jwtSecret);
|
|
227
|
+
await userService.createSession(jti, user.id, expiresAt).catch(() => {
|
|
228
|
+
});
|
|
229
|
+
return {
|
|
230
|
+
user: {
|
|
231
|
+
id: user.id,
|
|
232
|
+
email: user.email,
|
|
233
|
+
first_name: user.first_name ?? null,
|
|
234
|
+
last_name: user.last_name ?? null
|
|
235
|
+
},
|
|
236
|
+
token
|
|
237
|
+
};
|
|
238
|
+
}
|
|
204
239
|
/** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
|
|
205
240
|
verifyToken(token, secret) {
|
|
206
241
|
return import_jsonwebtoken.default.verify(token, secret, { algorithms: ["HS256"] });
|
package/dist/index.mjs
CHANGED
|
@@ -59,6 +59,9 @@ var AuthModuleService = class extends MeridianService({}) {
|
|
|
59
59
|
if (!user) {
|
|
60
60
|
throw Object.assign(new Error("Invalid credentials"), { status: 401 });
|
|
61
61
|
}
|
|
62
|
+
if (user.deleted_at) {
|
|
63
|
+
throw Object.assign(new Error("Invalid credentials"), { status: 401 });
|
|
64
|
+
}
|
|
62
65
|
if (!user.is_active) {
|
|
63
66
|
throw Object.assign(new Error("Account deactivated"), { status: 403 });
|
|
64
67
|
}
|
|
@@ -104,6 +107,9 @@ var AuthModuleService = class extends MeridianService({}) {
|
|
|
104
107
|
}
|
|
105
108
|
}
|
|
106
109
|
if (user) {
|
|
110
|
+
if (user.deleted_at) {
|
|
111
|
+
throw Object.assign(new Error("Invalid credentials"), { status: 401 });
|
|
112
|
+
}
|
|
107
113
|
if (!user.is_active) {
|
|
108
114
|
throw Object.assign(new Error("Account deactivated"), { status: 403 });
|
|
109
115
|
}
|
|
@@ -161,6 +167,35 @@ var AuthModuleService = class extends MeridianService({}) {
|
|
|
161
167
|
token
|
|
162
168
|
};
|
|
163
169
|
}
|
|
170
|
+
/**
|
|
171
|
+
* Restore a soft-deleted user via an invite link.
|
|
172
|
+
* Updates their name, password, and role, then issues a fresh session token.
|
|
173
|
+
* The user's ID — and all history tied to it — is preserved.
|
|
174
|
+
*/
|
|
175
|
+
async restoreFromInvite(userId, input) {
|
|
176
|
+
const userService = this.container.resolve("userModuleService");
|
|
177
|
+
const config = this.container.resolve("config");
|
|
178
|
+
const password_hash = await bcrypt.hash(input.password, BCRYPT_ROUNDS);
|
|
179
|
+
const user = await userService.restoreUser(userId, {
|
|
180
|
+
password_hash,
|
|
181
|
+
first_name: input.first_name ?? null,
|
|
182
|
+
last_name: input.last_name ?? null,
|
|
183
|
+
role: input.role ?? "member"
|
|
184
|
+
});
|
|
185
|
+
const permissions = await this.resolvePermissions(user.app_role_id);
|
|
186
|
+
const { token, jti, expiresAt } = this.signToken(user.id, null, [user.role], permissions, config.projectConfig.jwtSecret);
|
|
187
|
+
await userService.createSession(jti, user.id, expiresAt).catch(() => {
|
|
188
|
+
});
|
|
189
|
+
return {
|
|
190
|
+
user: {
|
|
191
|
+
id: user.id,
|
|
192
|
+
email: user.email,
|
|
193
|
+
first_name: user.first_name ?? null,
|
|
194
|
+
last_name: user.last_name ?? null
|
|
195
|
+
},
|
|
196
|
+
token
|
|
197
|
+
};
|
|
198
|
+
}
|
|
164
199
|
/** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
|
|
165
200
|
verifyToken(token, secret) {
|
|
166
201
|
return jwt.verify(token, secret, { algorithms: ["HS256"] });
|