npm - @meridianjs/meridian - Versions diffs - 0.1.35 → 0.1.37 - Mend

@meridianjs/meridian 0.1.35 → 0.1.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/dist/api/admin/users/[id]/route.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../src/api/admin/users/[id]/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;~~AAGrD~~,eAAO,MAAM,KAAK,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,~~kBAkBtE~~,CAAA;AAED,eAAO,MAAM,MAAM,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,~~kBAYvE~~,CAAA"}
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../src/api/admin/users/[id]/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAqBrD,eAAO,MAAM,KAAK,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,kBAiCtE,CAAA;AAED,eAAO,MAAM,MAAM,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,kBAwBvE,CAAA"}

package/dist/api/admin/users/[id]/route.js CHANGED Viewed

@@ -1,14 +1,40 @@
 import { requireRoles } from "@meridianjs/auth";
+const ROLE_RANK = {
+    "super-admin": 3,
+    "admin": 2,
+    "moderator": 1,
+    "member": 0,
+};
+function actorRank(req) {
+    const roles = req.user?.roles ?? [];
+    return Math.max(...roles.map((r) => ROLE_RANK[r] ?? 0), 0);
+}
+async function targetRank(req) {
+    const userService = req.scope.resolve("userModuleService");
+    const target = await userService.retrieveUser(req.params.id);
+    return ROLE_RANK[target.role] ?? 0;
+}
 export const PATCH = async (req, res, next) => {
-    requireRoles("super-admin")(req, res, async () => {
+    requireRoles("super-admin", "admin")(req, res, async () => {
         try {
-            const userService = req.scope.resolve("userModuleService");
+            const actor = actorRank(req);
+            const target = await targetRank(req);
+            if (target >= actor) {
+                res.status(403).json({ error: { message: "You cannot change the role of a user at or above your level" } });
+                return;
+            }
             const { role } = req.body;
-            const allowed = ["super-admin", "admin", "member"];
+            const allowed = ["super-admin", "admin", "moderator", "member"];
             if (!allowed.includes(role)) {
                 res.status(400).json({ error: { message: `Invalid role. Must be one of: ${allowed.join(", ")}` } });
                 return;
             }
+            // Cannot promote someone to your level or above
+            if ((ROLE_RANK[role] ?? 0) >= actor) {
+                res.status(403).json({ error: { message: "You cannot assign a role equal to or above your own" } });
+                return;
+            }
+            const userService = req.scope.resolve("userModuleService");
             const user = await userService.updateUser(req.params.id, { role });
             await userService.revokeAllUserSessions(req.params.id).catch(() => { });
             const { password_hash: _, ...safe } = user;
@@ -20,11 +46,20 @@ export const PATCH = async (req, res, next) => {
     });
 };
 export const DELETE = async (req, res, next) => {
-    requireRoles("super-admin")(req, res, async () => {
+    requireRoles("super-admin", "admin")(req, res, async () => {
         try {
+            const actor = actorRank(req);
+            const target = await targetRank(req);
+            if (target >= actor) {
+                res.status(403).json({ error: { message: "You cannot delete a user at or above your level" } });
+                return;
+            }
+            if (req.params.id === req.user?.id) {
+                res.status(400).json({ error: { message: "You cannot delete yourself" } });
+                return;
+            }
             const userService = req.scope.resolve("userModuleService");
             await userService.softDeleteUser(req.params.id);
-            // Immediately invalidate all active sessions so the user is logged out
             await userService.revokeAllUserSessions(req.params.id).catch(() => { });
             res.json({ success: true });
         }

package/dist/api/admin/users/[id]/route.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../src/api/admin/users/[id]/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAE/C,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACzE,YAAY,CAAC,aAAa,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;~~QAC/C~~,IAAI,CAAC;YACH,MAAM,~~WAAW~~,GAAG,GAAG,CAAC,KAAK,CAAC,~~OAAO~~,CAAC,~~mBAAmB~~,~~CAAQ~~,CAAA;~~YACjE~~,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;YACzB,MAAM,OAAO,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAA;~~YAClD~~,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;gBACnG,OAAM;YACR,CAAC;~~YACD~~,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YAClE,MAAM,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;YACtE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,IAAW,CAAA;YACjD,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IAC1E,YAAY,CAAC,aAAa,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;~~QAC/C~~,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;YACjE,MAAM,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;YAC/C,~~uEAAuE;YACvE,~~MAAM,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;YACtE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;QAC7B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}
1	+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../src/api/admin/users/[id]/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAE/C,MAAM,SAAS,GAA2B;IACxC,aAAa,EAAE,CAAC;IAChB,OAAO,EAAE,CAAC;IACV,WAAW,EAAE,CAAC;IACd,QAAQ,EAAE,CAAC;CACZ,CAAA;AAED,SAAS,SAAS,CAAC,GAAQ;IACzB,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,GAAQ;IAChC,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;IACjE,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;IAC5D,OAAO,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACpC,CAAC;AAED,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACzE,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QACxD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAA;YAC5B,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAA;YAEpC,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,6DAA6D,EAAE,EAAE,CAAC,CAAA;gBAC3G,OAAM;YACR,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;YACzB,MAAM,OAAO,GAAG,CAAC,aAAa,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,CAAC,CAAA;YAC/D,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,iCAAiC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC,CAAA;gBACnG,OAAM;YACR,CAAC;YAED,gDAAgD;YAChD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,qDAAqD,EAAE,EAAE,CAAC,CAAA;gBACnG,OAAM;YACR,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;YACjE,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YAClE,MAAM,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;YACtE,MAAM,EAAE,aAAa,EAAE,CAAC,EAAE,GAAG,IAAI,EAAE,GAAG,IAAW,CAAA;YACjD,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAA;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IAC1E,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QACxD,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAA;YAC5B,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAA;YAEpC,IAAI,MAAM,IAAI,KAAK,EAAE,CAAC;gBACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,iDAAiD,EAAE,EAAE,CAAC,CAAA;gBAC/F,OAAM;YACR,CAAC;YAED,IAAI,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;gBACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,CAAC,CAAA;gBAC1E,OAAM;YACR,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;YACjE,MAAM,WAAW,CAAC,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;YAC/C,MAAM,WAAW,CAAC,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;YACtE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;QAC7B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}

package/dist/api/admin/users/me/password/_otp-store.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * In-memory OTP store for password create/change flow.
+ *
+ * One active OTP per user. 6-digit numeric code, 10-minute TTL.
+ * Rate-limited: rejects re-sends within 60 seconds.
+ *
+ * Uses globalThis to guarantee a single shared Map even when route files
+ * are loaded via separate dynamic import() calls by the route scanner.
+ */
+/** Generate and store a 6-digit OTP for a user. Throws if rate-limited. */
+export declare function generateAndStoreOtp(userId: string): string;
+/** Consume an OTP. Always deletes the entry (single-use). Returns true if valid. */
+export declare function consumeOtp(userId: string, otp: string): boolean;
+//# sourceMappingURL=_otp-store.d.ts.map

package/dist/api/admin/users/me/password/_otp-store.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"_otp-store.d.ts","sourceRoot":"","sources":["../../../../../../src/api/admin/users/me/password/_otp-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAqBH,2EAA2E;AAC3E,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAU1D;AAED,oFAAoF;AACpF,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAM/D"}

package/dist/api/admin/users/me/password/_otp-store.js ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * In-memory OTP store for password create/change flow.
+ *
+ * One active OTP per user. 6-digit numeric code, 10-minute TTL.
+ * Rate-limited: rejects re-sends within 60 seconds.
+ *
+ * Uses globalThis to guarantee a single shared Map even when route files
+ * are loaded via separate dynamic import() calls by the route scanner.
+ */
+import { randomInt } from "crypto";
+const STORE_KEY = "__meridian_password_otp_store__";
+const OTP_TTL_MS = 10 * 60 * 1000; // 10 minutes
+const RESEND_COOLDOWN_MS = 60 * 1000; // 60 seconds
+function getStore() {
+    if (!globalThis[STORE_KEY]) {
+        ;
+        globalThis[STORE_KEY] = new Map();
+    }
+    return globalThis[STORE_KEY];
+}
+/** Generate and store a 6-digit OTP for a user. Throws if rate-limited. */
+export function generateAndStoreOtp(userId) {
+    const store = getStore();
+    const existing = store.get(userId);
+    if (existing && Date.now() - existing.sentAt < RESEND_COOLDOWN_MS) {
+        throw Object.assign(new Error("Please wait before requesting a new code"), { status: 429 });
+    }
+    const otp = String(randomInt(100000, 999999));
+    store.set(userId, { otp, expiresAt: Date.now() + OTP_TTL_MS, sentAt: Date.now() });
+    return otp;
+}
+/** Consume an OTP. Always deletes the entry (single-use). Returns true if valid. */
+export function consumeOtp(userId, otp) {
+    const store = getStore();
+    const entry = store.get(userId);
+    store.delete(userId);
+    if (!entry || entry.expiresAt < Date.now())
+        return false;
+    return entry.otp === otp;
+}
+//# sourceMappingURL=_otp-store.js.map

package/dist/api/admin/users/me/password/_otp-store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"_otp-store.js","sourceRoot":"","sources":["../../../../../../src/api/admin/users/me/password/_otp-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AAQlC,MAAM,SAAS,GAAG,iCAAiC,CAAA;AACnD,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAE,aAAa;AAChD,MAAM,kBAAkB,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,aAAa;AAElD,SAAS,QAAQ;IACf,IAAI,CAAE,UAAkB,CAAC,SAAS,CAAC,EAAE,CAAC;QACpC,CAAC;QAAC,UAAkB,CAAC,SAAS,CAAC,GAAG,IAAI,GAAG,EAAoB,CAAA;IAC/D,CAAC;IACD,OAAQ,UAAkB,CAAC,SAAS,CAAC,CAAA;AACvC,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,mBAAmB,CAAC,MAAc;IAChD,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;IACxB,MAAM,QAAQ,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAClC,IAAI,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,MAAM,GAAG,kBAAkB,EAAE,CAAC;QAClE,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAC7F,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;IAC7C,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;IAClF,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,oFAAoF;AACpF,MAAM,UAAU,UAAU,CAAC,MAAc,EAAE,GAAW;IACpD,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAA;IACxB,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAC/B,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACpB,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE;QAAE,OAAO,KAAK,CAAA;IACxD,OAAO,KAAK,CAAC,GAAG,KAAK,GAAG,CAAA;AAC1B,CAAC"}

package/dist/api/admin/users/me/password/route.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Response } from "express";
+/**
+ * POST /admin/users/me/password
+ * Set or change the authenticated user's password after OTP verification.
+ */
+export declare const POST: (req: any, res: Response) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/admin/users/me/password/route.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../src/api/admin/users/me/password/route.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAQvC;;;GAGG;AACH,eAAO,MAAM,IAAI,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBAsBjD,CAAA"}

package/dist/api/admin/users/me/password/route.js ADDED Viewed

@@ -0,0 +1,31 @@
+import { z } from "zod";
+import { consumeOtp } from "./_otp-store.js";
+const setPasswordSchema = z.object({
+    otp: z.string().length(6, "Verification code must be 6 digits"),
+    new_password: z.string().min(8, "Password must be at least 8 characters"),
+});
+/**
+ * POST /admin/users/me/password
+ * Set or change the authenticated user's password after OTP verification.
+ */
+export const POST = async (req, res) => {
+    const userId = req.user?.id;
+    if (!userId) {
+        res.status(401).json({ error: { message: "Not authenticated" } });
+        return;
+    }
+    const result = setPasswordSchema.safeParse(req.body);
+    if (!result.success) {
+        res.status(400).json({ error: { message: "Validation error", details: result.error.flatten().fieldErrors } });
+        return;
+    }
+    const valid = consumeOtp(userId, result.data.otp);
+    if (!valid) {
+        res.status(400).json({ error: { message: "Invalid or expired verification code" } });
+        return;
+    }
+    const authService = req.scope.resolve("authModuleService");
+    await authService.setPassword(userId, result.data.new_password);
+    res.json({ ok: true });
+};
+//# sourceMappingURL=route.js.map

package/dist/api/admin/users/me/password/route.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../../src/api/admin/users/me/password/route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAA;AAE5C,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACjC,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,oCAAoC,CAAC;IAC/D,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wCAAwC,CAAC;CAC1E,CAAC,CAAA;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACpD,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,EAAY,CAAA;IACrC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAA;QACjE,OAAM;IACR,CAAC;IAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;QAC7G,OAAM;IACR,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,EAAE,CAAC,CAAA;QACpF,OAAM;IACR,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;IACjE,MAAM,WAAW,CAAC,WAAW,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;AACxB,CAAC,CAAA"}

package/dist/api/admin/users/me/password/send-otp/route.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Response } from "express";
+/**
+ * POST /admin/users/me/password/send-otp
+ * Send a 6-digit OTP to the authenticated user's email for password create/change.
+ */
+export declare const POST: (req: any, res: Response) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/admin/users/me/password/send-otp/route.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../src/api/admin/users/me/password/send-otp/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAGvC;;;GAGG;AACH,eAAO,MAAM,IAAI,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBA0BjD,CAAA"}

package/dist/api/admin/users/me/password/send-otp/route.js ADDED Viewed

@@ -0,0 +1,30 @@
+import { generateAndStoreOtp } from "../_otp-store.js";
+/**
+ * POST /admin/users/me/password/send-otp
+ * Send a 6-digit OTP to the authenticated user's email for password create/change.
+ */
+export const POST = async (req, res) => {
+    const userId = req.user?.id;
+    if (!userId) {
+        res.status(401).json({ error: { message: "Not authenticated" } });
+        return;
+    }
+    let otp;
+    try {
+        otp = generateAndStoreOtp(userId);
+    }
+    catch (err) {
+        // Rate-limited — still return 200 to avoid leaking timing info
+        res.json({ ok: true });
+        return;
+    }
+    const userService = req.scope.resolve("userModuleService");
+    const user = await userService.retrieveUser(userId);
+    const eventBus = req.scope.resolve("eventBus");
+    await eventBus.emit({
+        name: "password.otp_requested",
+        data: { user_id: userId, email: user.email, otp },
+    });
+    res.json({ ok: true });
+};
+//# sourceMappingURL=route.js.map

package/dist/api/admin/users/me/password/send-otp/route.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../../../src/api/admin/users/me/password/send-otp/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAA;AAEtD;;;GAGG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACpD,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,EAAY,CAAA;IACrC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAA;QACjE,OAAM;IACR,CAAC;IAED,IAAI,GAAW,CAAA;IACf,IAAI,CAAC;QACH,GAAG,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAA;IACnC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,+DAA+D;QAC/D,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;QACtB,OAAM;IACR,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;IACjE,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;IAEnD,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAQ,CAAA;IACrD,MAAM,QAAQ,CAAC,IAAI,CAAC;QAClB,IAAI,EAAE,wBAAwB;QAC9B,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE;KAClD,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;AACxB,CAAC,CAAA"}

package/dist/api/admin/workspaces/[id]/members/[userId]/route.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../src/api/admin/workspaces/[id]/members/[userId]/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;~~AAGrD~~,eAAO,MAAM,KAAK,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,~~kBAuBtE~~,CAAA;AAED,eAAO,MAAM,MAAM,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,~~kBA8BvE~~,CAAA"}
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../../../src/api/admin/workspaces/[id]/members/[userId]/route.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAerD,eAAO,MAAM,KAAK,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,kBAoCtE,CAAA;AAED,eAAO,MAAM,MAAM,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,kBA2CvE,CAAA"}

package/dist/api/admin/workspaces/[id]/members/[userId]/route.js CHANGED Viewed

@@ -1,4 +1,14 @@
 import { requirePermission } from "@meridianjs/auth";
+const ROLE_RANK = {
+    "super-admin": 3,
+    "admin": 2,
+    "moderator": 1,
+    "member": 0,
+};
+function actorRank(req) {
+    const roles = req.user?.roles ?? [];
+    return Math.max(...roles.map((r) => ROLE_RANK[r] ?? 0), 0);
+}
 export const PATCH = async (req, res, next) => {
     requirePermission("member:update_role")(req, res, async () => {
         try {
@@ -13,6 +23,16 @@ export const PATCH = async (req, res, next) => {
                 res.status(404).json({ error: { message: "Member not found" } });
                 return;
             }
+            const actor = actorRank(req);
+            const targetRank = ROLE_RANK[membership.role] ?? 0;
+            if (targetRank >= actor) {
+                res.status(403).json({ error: { message: "You cannot change the role of a member at or above your level" } });
+                return;
+            }
+            if ((ROLE_RANK[role] ?? 0) >= actor) {
+                res.status(403).json({ error: { message: "You cannot assign a role equal to or above your own" } });
+                return;
+            }
             const updated = await workspaceMemberService.updateWorkspaceMember(membership.id, { role });
             res.json({ member: updated });
         }
@@ -32,6 +52,16 @@ export const DELETE = async (req, res, next) => {
                 res.status(404).json({ error: { message: "Member not found" } });
                 return;
             }
+            const actor = actorRank(req);
+            const targetRank = ROLE_RANK[membership.role] ?? 0;
+            if (targetRank >= actor) {
+                res.status(403).json({ error: { message: "You cannot remove a member at or above your level" } });
+                return;
+            }
+            if (req.params.userId === req.user?.id) {
+                res.status(400).json({ error: { message: "You cannot remove yourself" } });
+                return;
+            }
             // Remove from all projects in this workspace
             const [projects] = await projectService.listAndCountProjects({ workspace_id: req.params.id }, { limit: 1000 });
             await Promise.all(projects.map((p) => projectMemberService.removeProjectMember(p.id, req.params.userId).catch(() => { })));

package/dist/api/admin/workspaces/[id]/members/[userId]/route.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../../../src/api/admin/workspaces/[id]/members/[userId]/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACzE,iBAAiB,CAAC,oBAAoB,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QAC3D,IAAI,CAAC;YACH,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;YACvF,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;YAEzB,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,EAAE,CAAC,CAAA;gBAChF,OAAM;YACR,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAA;gBAChE,OAAM;YACR,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YAC3F,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IAC1E,iBAAiB,CAAC,eAAe,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QACtD,IAAI,CAAC;YACH,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;YACvF,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAQ,CAAA;YACvE,MAAM,oBAAoB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,4BAA4B,CAAQ,CAAA;YAEnF,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAA;gBAChE,OAAM;YACR,CAAC;YAED,6CAA6C;YAC7C,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,cAAc,CAAC,oBAAoB,CAC1D,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,EAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB,CAAA;YACD,MAAM,OAAO,CAAC,GAAG,CACf,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CACtB,oBAAoB,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAClF,CACF,CAAA;YAED,MAAM,sBAAsB,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;YACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}
1	+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../../../src/api/admin/workspaces/[id]/members/[userId]/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,MAAM,SAAS,GAA2B;IACxC,aAAa,EAAE,CAAC;IAChB,OAAO,EAAE,CAAC;IACV,WAAW,EAAE,CAAC;IACd,QAAQ,EAAE,CAAC;CACZ,CAAA;AAED,SAAS,SAAS,CAAC,GAAQ;IACzB,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AAC5D,CAAC;AAED,MAAM,CAAC,MAAM,KAAK,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACzE,iBAAiB,CAAC,oBAAoB,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QAC3D,IAAI,CAAC;YACH,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;YACvF,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;YAEzB,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kCAAkC,EAAE,EAAE,CAAC,CAAA;gBAChF,OAAM;YACR,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAA;gBAChE,OAAM;YACR,CAAC;YAED,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAA;YAC5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAElD,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;gBACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,+DAA+D,EAAE,EAAE,CAAC,CAAA;gBAC7G,OAAM;YACR,CAAC;YAED,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,KAAK,EAAE,CAAC;gBACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,qDAAqD,EAAE,EAAE,CAAC,CAAA;gBACnG,OAAM;YACR,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,sBAAsB,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAA;YAC3F,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAA;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,MAAM,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IAC1E,iBAAiB,CAAC,eAAe,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QACtD,IAAI,CAAC;YACH,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;YACvF,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAQ,CAAA;YACvE,MAAM,oBAAoB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,4BAA4B,CAAQ,CAAA;YAEnF,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YAC/F,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAA;gBAChE,OAAM;YACR,CAAC;YAED,MAAM,KAAK,GAAG,SAAS,CAAC,GAAG,CAAC,CAAA;YAC5B,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YAElD,IAAI,UAAU,IAAI,KAAK,EAAE,CAAC;gBACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,mDAAmD,EAAE,EAAE,CAAC,CAAA;gBACjG,OAAM;YACR,CAAC;YAED,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;gBACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,4BAA4B,EAAE,EAAE,CAAC,CAAA;gBAC1E,OAAM;YACR,CAAC;YAED,6CAA6C;YAC7C,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,cAAc,CAAC,oBAAoB,CAC1D,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,EAC/B,EAAE,KAAK,EAAE,IAAI,EAAE,CAChB,CAAA;YACD,MAAM,OAAO,CAAC,GAAG,CACf,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CACtB,oBAAoB,CAAC,mBAAmB,CAAC,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAClF,CACF,CAAA;YAED,MAAM,sBAAsB,CAAC,qBAAqB,CAAC,UAAU,CAAC,EAAE,CAAC,CAAA;YACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAA;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}

package/dist/api/auth/forgot-password/route.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Response } from "express";
+/**
+ * POST /auth/forgot-password
+ * Request a password reset link. Always returns 200 to prevent email enumeration.
+ */
+export declare const POST: (req: any, res: Response) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/auth/forgot-password/route.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../src/api/auth/forgot-password/route.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAMvC;;;GAGG;AACH,eAAO,MAAM,IAAI,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBA4BjD,CAAA"}

package/dist/api/auth/forgot-password/route.js ADDED Viewed

@@ -0,0 +1,36 @@
+import { z } from "zod";
+const forgotPasswordSchema = z.object({
+    email: z.string().email(),
+});
+/**
+ * POST /auth/forgot-password
+ * Request a password reset link. Always returns 200 to prevent email enumeration.
+ */
+export const POST = async (req, res) => {
+    const result = forgotPasswordSchema.safeParse(req.body);
+    if (!result.success) {
+        res.status(400).json({ error: { message: "Validation error", details: result.error.flatten().fieldErrors } });
+        return;
+    }
+    const authService = req.scope.resolve("authModuleService");
+    const resetInfo = await authService.requestPasswordReset(result.data.email);
+    // Emit event for email subscriber — but always return 200
+    if (resetInfo) {
+        try {
+            const eventBus = req.scope.resolve("eventBus");
+            await eventBus.emit({
+                name: "password.reset_requested",
+                data: {
+                    user_id: resetInfo.userId,
+                    email: resetInfo.email,
+                    token: resetInfo.token,
+                },
+            });
+        }
+        catch {
+            // Non-fatal — reset was generated, email delivery is best-effort
+        }
+    }
+    res.json({ ok: true, message: "If an account exists with that email, a reset link has been sent." });
+};
+//# sourceMappingURL=route.js.map

package/dist/api/auth/forgot-password/route.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../src/api/auth/forgot-password/route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;CAC1B,CAAC,CAAA;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACpD,MAAM,MAAM,GAAG,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IACvD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;QAC7G,OAAM;IACR,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;IACjE,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,oBAAoB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAE3E,0DAA0D;IAC1D,IAAI,SAAS,EAAE,CAAC;QACd,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,UAAU,CAAQ,CAAA;YACrD,MAAM,QAAQ,CAAC,IAAI,CAAC;gBAClB,IAAI,EAAE,0BAA0B;gBAChC,IAAI,EAAE;oBACJ,OAAO,EAAE,SAAS,CAAC,MAAM;oBACzB,KAAK,EAAE,SAAS,CAAC,KAAK;oBACtB,KAAK,EAAE,SAAS,CAAC,KAAK;iBACvB;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;QACnE,CAAC;IACH,CAAC;IAED,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,mEAAmE,EAAE,CAAC,CAAA;AACtG,CAAC,CAAA"}

package/dist/api/auth/reset-password/route.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { Response } from "express";
+/**
+ * POST /auth/reset-password
+ * Reset password using a valid reset token.
+ */
+export declare const POST: (req: any, res: Response) => Promise<void>;
+//# sourceMappingURL=route.d.ts.map

package/dist/api/auth/reset-password/route.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../src/api/auth/reset-password/route.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAOvC;;;GAGG;AACH,eAAO,MAAM,IAAI,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBAUjD,CAAA"}

package/dist/api/auth/reset-password/route.js ADDED Viewed

@@ -0,0 +1,20 @@
+import { z } from "zod";
+const resetPasswordSchema = z.object({
+    token: z.string().min(1, "Reset token is required"),
+    password: z.string().min(8, "Password must be at least 8 characters"),
+});
+/**
+ * POST /auth/reset-password
+ * Reset password using a valid reset token.
+ */
+export const POST = async (req, res) => {
+    const result = resetPasswordSchema.safeParse(req.body);
+    if (!result.success) {
+        res.status(400).json({ error: { message: "Validation error", details: result.error.flatten().fieldErrors } });
+        return;
+    }
+    const authService = req.scope.resolve("authModuleService");
+    await authService.resetPassword(result.data.token, result.data.password);
+    res.json({ ok: true, message: "Password has been reset. You can now sign in." });
+};
+//# sourceMappingURL=route.js.map

package/dist/api/auth/reset-password/route.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../src/api/auth/reset-password/route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,yBAAyB,CAAC;IACnD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wCAAwC,CAAC;CACtE,CAAC,CAAA;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACpD,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IACtD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;QAC7G,OAAM;IACR,CAAC;IAED,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;IACjE,MAAM,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACxE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,+CAA+C,EAAE,CAAC,CAAA;AAClF,CAAC,CAAA"}

package/dist/subscribers/comment-created.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"comment-created.d.ts","sourceRoot":"","sources":["../../src/subscribers/comment-created.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAIzE,UAAU,kBAAkB;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED,wBAA8B,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,cAAc,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,~~CAkG7G~~;AAED,eAAO,MAAM,MAAM,EAAE,gBAA+C,CAAA"}
1	+ {"version":3,"file":"comment-created.d.ts","sourceRoot":"","sources":["../../src/subscribers/comment-created.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAIzE,UAAU,kBAAkB;IAC1B,UAAU,EAAE,MAAM,CAAA;IAClB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAA;CAC9B;AAED,wBAA8B,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,cAAc,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAoG7G;AAED,eAAO,MAAM,MAAM,EAAE,gBAA+C,CAAA"}

package/dist/subscribers/comment-created.js CHANGED Viewed

@@ -21,6 +21,7 @@ export default async function handler({ event, container }) {
         user_id: userId, entity_type: "issue", entity_id: data.issue_id,
         action: "commented", message: "Someone commented on an issue you're involved with",
         workspace_id: issue.workspace_id,
+        metadata: { project_id: issue.project_id },
     })));
     // Notify mentioned users (skip those already notified above)
     const mentionedIds = data.mentioned_user_ids ?? [];
@@ -29,6 +30,7 @@ export default async function handler({ event, container }) {
         user_id: userId, entity_type: "issue", entity_id: data.issue_id,
         action: "mentioned", message: `You were mentioned in a comment on [${issue.identifier}]: ${issue.title}`,
         workspace_id: issue.workspace_id,
+        metadata: { project_id: issue.project_id },
     })));
     sseManager.broadcast(issue.workspace_id, "comment.created", {
         comment_id: data.comment_id,

package/dist/subscribers/comment-created.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"comment-created.js","sourceRoot":"","sources":["../../src/subscribers/comment-created.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAS/D,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAsC;IAC5F,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;IACvB,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,oBAAoB,CAAQ,CAAA;IACnE,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,2BAA2B,CAAQ,CAAA;IAE1E,IAAI,KAAU,CAAA;IACd,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAM;IACR,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;IACpC,IAAI,KAAK,CAAC,YAAY;QAAE,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;IACtF,IAAI,KAAK,CAAC,WAAW;QAAE,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACxD,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAEjC,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAC7C,YAAY,CAAC,kBAAkB,CAAC;QAC9B,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ;QAC/D,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,oDAAoD;QAClF,YAAY,EAAE,KAAK,CAAC,YAAY;~~KACjC~~,CAAC,CACH,CAAC,CAAA;IAEF,6DAA6D;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;IAClD,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;IAE3F,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CACzC,YAAY,CAAC,kBAAkB,CAAC;QAC9B,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ;QAC/D,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,uCAAuC,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,EAAE;QACxG,YAAY,EAAE,KAAK,CAAC,YAAY;~~KACjC~~,CAAC,CACH,CAAC,CAAA;IAEF,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,EAAE,iBAAiB,EAAE;QAC1D,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAA;IAEF,8EAA8E;IAC9E,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,CAAQ,CAAA;QAC7D,MAAM,WAAW,GAAI,SAAS,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;QAClE,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAQ,CAAA;QACjD,MAAM,MAAM,GAAW,MAAM,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAuB,CAAA;QAEvF,MAAM,WAAW,GAAG,GAAG,MAAM,WAAW,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,UAAU,EAAE,CAAA;QAElF,6CAA6C;QAC7C,IAAI,WAAW,GAAG,EAAE,CAAA;QACpB,IAAI,eAAe,GAAG,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACnE,WAAW,GAAG,OAAO,EAAE,IAAI,IAAI,EAAE,CAAA;YACjC,yCAAyC;YACzC,eAAe,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;QAC9D,CAAC;QAAC,MAAM,CAAC,CAAC,gDAAgD,CAAC,CAAC;QAE5D,mDAAmD;QACnD,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YAC5D,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;YACnD,IAAI,CAAC,IAAI,EAAE,KAAK;gBAAE,OAAM;YACxB,MAAM,GAAG,GAAG,eAAe,CAAC,SAAS,EAAE,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;YAC1E,MAAM,YAAY,CAAC,IAAI,CAAC;gBACtB,EAAE,EAAE,IAAI,CAAC,KAAK;gBACd,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,mBAAmB,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,EAAE;gBAC/E,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,gCAAgC,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,mCAAmC,eAAe,EAAE;gBACxI,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,SAAS,CAC1B,wCAAwC,KAAK,CAAC,UAAU,eAAe,KAAK,CAAC,KAAK,8BAA8B;oBAChH,CAAC,WAAW,CAAC,CAAC,CAAC,qGAAqG,WAAW,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAC9I;aACF,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC,CAAA;QAEH,wBAAwB;QACxB,MAAM,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACxD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;YACnD,IAAI,CAAC,IAAI,EAAE,KAAK;gBAAE,OAAM;YACxB,MAAM,YAAY,CAAC,IAAI,CAAC;gBACtB,EAAE,EAAE,IAAI,CAAC,KAAK;gBACd,OAAO,EAAE,0BAA0B,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,EAAE;gBACtE,IAAI,EAAE,4CAA4C,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,SAAS,eAAe,qBAAqB,WAAW,EAAE;gBAC7I,IAAI,EAAE,SAAS,CACb,8CAA8C,KAAK,CAAC,UAAU,eAAe,KAAK,CAAC,KAAK,YAAY;oBACpG,CAAC,WAAW;wBACV,CAAC,CAAC,gHAAgH,WAAW,QAAQ;wBACrI,CAAC,CAAC,EAAE,CAAC;oBACP,YAAY,WAAW,4CAA4C,CACpE;aACF,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC,CAAA;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAQ,CAAA;QACjD,MAAM,CAAC,KAAK,CAAC,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC9F,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAqB,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAA"}
1	+ {"version":3,"file":"comment-created.js","sourceRoot":"","sources":["../../src/subscribers/comment-created.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAA;AAClD,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAS/D,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAsC;IAC5F,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;IACvB,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,oBAAoB,CAAQ,CAAA;IACnE,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,2BAA2B,CAAQ,CAAA;IAE1E,IAAI,KAAU,CAAA;IACd,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAM;IACR,CAAC;IAED,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAA;IACpC,IAAI,KAAK,CAAC,YAAY;QAAE,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAU,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;IACtF,IAAI,KAAK,CAAC,WAAW;QAAE,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAA;IACxD,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IAEjC,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAC7C,YAAY,CAAC,kBAAkB,CAAC;QAC9B,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ;QAC/D,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,oDAAoD;QAClF,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,QAAQ,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE;KAC3C,CAAC,CACH,CAAC,CAAA;IAEF,6DAA6D;IAC7D,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,IAAI,EAAE,CAAA;IAClD,MAAM,WAAW,GAAG,YAAY,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAA;IAE3F,MAAM,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CACzC,YAAY,CAAC,kBAAkB,CAAC;QAC9B,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ;QAC/D,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,uCAAuC,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,EAAE;QACxG,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,QAAQ,EAAE,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE;KAC3C,CAAC,CACH,CAAC,CAAA;IAEF,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,YAAY,EAAE,iBAAiB,EAAE;QAC1D,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAA;IAEF,8EAA8E;IAC9E,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,CAAQ,CAAA;QAC7D,MAAM,WAAW,GAAI,SAAS,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;QAClE,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAQ,CAAA;QACjD,MAAM,MAAM,GAAW,MAAM,EAAE,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAuB,CAAA;QAEvF,MAAM,WAAW,GAAG,GAAG,MAAM,WAAW,IAAI,CAAC,QAAQ,YAAY,IAAI,CAAC,UAAU,EAAE,CAAA;QAElF,6CAA6C;QAC7C,IAAI,WAAW,GAAG,EAAE,CAAA;QACpB,IAAI,eAAe,GAAG,EAAE,CAAA;QACxB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,eAAe,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACnE,WAAW,GAAG,OAAO,EAAE,IAAI,IAAI,EAAE,CAAA;YACjC,yCAAyC;YACzC,eAAe,GAAG,WAAW,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAA;QAC9D,CAAC;QAAC,MAAM,CAAC,CAAC,gDAAgD,CAAC,CAAC;QAE5D,mDAAmD;QACnD,MAAM,OAAO,CAAC,UAAU,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YAC5D,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;YACnD,IAAI,CAAC,IAAI,EAAE,KAAK;gBAAE,OAAM;YACxB,MAAM,GAAG,GAAG,eAAe,CAAC,SAAS,EAAE,iBAAiB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;YAC1E,MAAM,YAAY,CAAC,IAAI,CAAC;gBACtB,EAAE,EAAE,IAAI,CAAC,KAAK;gBACd,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,mBAAmB,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,EAAE;gBAC/E,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,gCAAgC,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,mCAAmC,eAAe,EAAE;gBACxI,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,SAAS,CAC1B,wCAAwC,KAAK,CAAC,UAAU,eAAe,KAAK,CAAC,KAAK,8BAA8B;oBAChH,CAAC,WAAW,CAAC,CAAC,CAAC,qGAAqG,WAAW,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAC9I;aACF,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC,CAAA;QAEH,wBAAwB;QACxB,MAAM,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;YACxD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,MAAM,CAAC,CAAA;YACnD,IAAI,CAAC,IAAI,EAAE,KAAK;gBAAE,OAAM;YACxB,MAAM,YAAY,CAAC,IAAI,CAAC;gBACtB,EAAE,EAAE,IAAI,CAAC,KAAK;gBACd,OAAO,EAAE,0BAA0B,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,EAAE;gBACtE,IAAI,EAAE,4CAA4C,KAAK,CAAC,UAAU,MAAM,KAAK,CAAC,KAAK,SAAS,eAAe,qBAAqB,WAAW,EAAE;gBAC7I,IAAI,EAAE,SAAS,CACb,8CAA8C,KAAK,CAAC,UAAU,eAAe,KAAK,CAAC,KAAK,YAAY;oBACpG,CAAC,WAAW;wBACV,CAAC,CAAC,gHAAgH,WAAW,QAAQ;wBACrI,CAAC,CAAC,EAAE,CAAC;oBACP,YAAY,WAAW,4CAA4C,CACpE;aACF,CAAC,CAAA;QACJ,CAAC,CAAC,CAAC,CAAA;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAQ,CAAA;QACjD,MAAM,CAAC,KAAK,CAAC,4BAA4B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IAC9F,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAqB,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAA"}

package/dist/subscribers/password-otp-requested.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { SubscriberArgs, SubscriberConfig } from "@meridianjs/types";
+interface PasswordOtpRequestedData {
+    user_id: string;
+    email: string;
+    otp: string;
+}
+export default function handler({ event, container }: SubscriberArgs<PasswordOtpRequestedData>): Promise<void>;
+export declare const config: SubscriberConfig;
+export {};
+//# sourceMappingURL=password-otp-requested.d.ts.map

package/dist/subscribers/password-otp-requested.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password-otp-requested.d.ts","sourceRoot":"","sources":["../../src/subscribers/password-otp-requested.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAGzE,UAAU,wBAAwB;IAChC,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,wBAA8B,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,cAAc,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAyBnH;AAED,eAAO,MAAM,MAAM,EAAE,gBAAsD,CAAA"}

package/dist/subscribers/password-otp-requested.js ADDED Viewed

@@ -0,0 +1,25 @@
+import { emailHtml, resolveTemplate } from "./_email-helper.js";
+export default async function handler({ event, container }) {
+    const data = event.data;
+    try {
+        const emailService = container.resolve("emailService");
+        const tpl = resolveTemplate(container, "password.otp_requested", {
+            user: { email: data.email },
+            otp: data.otp,
+        });
+        await emailService.send({
+            to: data.email,
+            subject: tpl?.subject ?? "Your Meridian verification code",
+            text: tpl?.text ?? `Your verification code is: ${data.otp}\n\nThis code expires in 10 minutes. If you didn't request this, you can safely ignore this email.`,
+            html: tpl?.html ?? emailHtml(`Your verification code is:<br/><br/>` +
+                `<div style="font-size:32px;font-weight:700;letter-spacing:8px;text-align:center;padding:16px 0;font-family:monospace;color:#4f46e5">${data.otp}</div><br/>` +
+                `This code expires in 10 minutes. If you didn't request this, you can safely ignore this email.`),
+        });
+    }
+    catch (err) {
+        const logger = container.resolve("logger");
+        logger.error(`[email] password.otp_requested: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+export const config = { event: "password.otp_requested" };
+//# sourceMappingURL=password-otp-requested.js.map

package/dist/subscribers/password-otp-requested.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password-otp-requested.js","sourceRoot":"","sources":["../../src/subscribers/password-otp-requested.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAQ/D,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAA4C;IAClG,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;IAEvB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,CAAQ,CAAA;QAE7D,MAAM,GAAG,GAAG,eAAe,CAAC,SAAS,EAAE,wBAAwB,EAAE;YAC/D,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;YAC3B,GAAG,EAAE,IAAI,CAAC,GAAG;SACd,CAAC,CAAA;QAEF,MAAM,YAAY,CAAC,IAAI,CAAC;YACtB,EAAE,EAAE,IAAI,CAAC,KAAK;YACd,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,iCAAiC;YAC1D,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,8BAA8B,IAAI,CAAC,GAAG,oGAAoG;YAC7J,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,SAAS,CAC1B,sCAAsC;gBACtC,uIAAuI,IAAI,CAAC,GAAG,aAAa;gBAC5J,gGAAgG,CACjG;SACF,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAQ,CAAA;QACjD,MAAM,CAAC,KAAK,CAAC,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACrG,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAqB,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAA"}

package/dist/subscribers/password-reset-requested.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { SubscriberArgs, SubscriberConfig } from "@meridianjs/types";
+interface PasswordResetRequestedData {
+    user_id: string;
+    email: string;
+    token: string;
+}
+export default function handler({ event, container }: SubscriberArgs<PasswordResetRequestedData>): Promise<void>;
+export declare const config: SubscriberConfig;
+export {};
+//# sourceMappingURL=password-reset-requested.d.ts.map

package/dist/subscribers/password-reset-requested.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password-reset-requested.d.ts","sourceRoot":"","sources":["../../src/subscribers/password-reset-requested.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAA;AAGzE,UAAU,0BAA0B;IAClC,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd;AAED,wBAA8B,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,EAAE,cAAc,CAAC,0BAA0B,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CA4BrH;AAED,eAAO,MAAM,MAAM,EAAE,gBAAwD,CAAA"}

package/dist/subscribers/password-reset-requested.js ADDED Viewed

@@ -0,0 +1,27 @@
+import { emailHtml, resolveTemplate } from "./_email-helper.js";
+export default async function handler({ event, container }) {
+    const data = event.data;
+    try {
+        const emailService = container.resolve("emailService");
+        const appUrl = process.env.APP_URL ?? "http://localhost:9000";
+        const resetLink = `${appUrl}/reset-password?token=${encodeURIComponent(data.token)}`;
+        const tpl = resolveTemplate(container, "password.reset_requested", {
+            user: { email: data.email },
+            reset: { link: resetLink, token: data.token },
+        });
+        await emailService.send({
+            to: data.email,
+            subject: tpl?.subject ?? "Reset your Meridian password",
+            text: tpl?.text ?? `You requested a password reset. Use this link to set a new password (valid for 30 minutes):\n\n${resetLink}\n\nIf you didn't request this, you can safely ignore this email.`,
+            html: tpl?.html ?? emailHtml(`You requested a password reset.<br/><br/>` +
+                `<a href="${resetLink}" style="display:inline-block;padding:10px 20px;background:#4f46e5;color:#fff;text-decoration:none;border-radius:6px;font-weight:600">Reset Password</a><br/><br/>` +
+                `This link is valid for 30 minutes. If you didn't request this, you can safely ignore this email.`),
+        });
+    }
+    catch (err) {
+        const logger = container.resolve("logger");
+        logger.error(`[email] password.reset_requested: ${err instanceof Error ? err.message : String(err)}`);
+    }
+}
+export const config = { event: "password.reset_requested" };
+//# sourceMappingURL=password-reset-requested.js.map

package/dist/subscribers/password-reset-requested.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"password-reset-requested.js","sourceRoot":"","sources":["../../src/subscribers/password-reset-requested.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAQ/D,MAAM,CAAC,OAAO,CAAC,KAAK,UAAU,OAAO,CAAC,EAAE,KAAK,EAAE,SAAS,EAA8C;IACpG,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAA;IAEvB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC,cAAc,CAAQ,CAAA;QAE7D,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAuB,CAAA;QAC7D,MAAM,SAAS,GAAG,GAAG,MAAM,yBAAyB,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAA;QAEpF,MAAM,GAAG,GAAG,eAAe,CAAC,SAAS,EAAE,0BAA0B,EAAE;YACjE,IAAI,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;YAC3B,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE;SAC9C,CAAC,CAAA;QAEF,MAAM,YAAY,CAAC,IAAI,CAAC;YACtB,EAAE,EAAE,IAAI,CAAC,KAAK;YACd,OAAO,EAAE,GAAG,EAAE,OAAO,IAAI,8BAA8B;YACvD,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,kGAAkG,SAAS,mEAAmE;YACjM,IAAI,EAAE,GAAG,EAAE,IAAI,IAAI,SAAS,CAC1B,2CAA2C;gBAC3C,YAAY,SAAS,oKAAoK;gBACzL,kGAAkG,CACnG;SACF,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAQ,CAAA;QACjD,MAAM,CAAC,KAAK,CAAC,qCAAqC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;IACvG,CAAC;AACH,CAAC;AAED,MAAM,CAAC,MAAM,MAAM,GAAqB,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@meridianjs/meridian",
-  "version": "0.1.35",
+  "version": "0.1.37",
   "description": "Default API routes, workflows, links, and subscribers for Meridian applications",
   "main": "./dist/index.js",
   "module": "./dist/index.js",