@mesob/auth-hono 0.4.5 → 0.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{index-BNJj_z2x.d.ts → index-DssTTD4U.d.ts} +10 -1
- package/dist/index.d.ts +4 -11
- package/dist/index.js +124 -93
- package/dist/index.js.map +1 -1
- package/dist/lib/cookie.d.ts +1 -1
- package/dist/lib/has-role-permission.d.ts +1 -1
- package/dist/lib/iam-seed.d.ts +1 -1
- package/dist/lib/normalize-auth-response.d.ts +1 -1
- package/dist/lib/normalize-user.d.ts +1 -1
- package/dist/lib/openapi-config.d.ts +1 -1
- package/dist/lib/phone-validation.d.ts +1 -1
- package/dist/lib/session.d.ts +1 -1
- package/dist/lib/tenant.d.ts +1 -1
- package/package.json +2 -2
|
@@ -3,6 +3,13 @@ import { OpenAPIHono } from '@hono/zod-openapi';
|
|
|
3
3
|
import { PermissionTree } from '@mesob/common';
|
|
4
4
|
import { D as Database } from './index-Cb7JZobZ.js';
|
|
5
5
|
|
|
6
|
+
type Tenant = {
|
|
7
|
+
id: string;
|
|
8
|
+
name: unknown;
|
|
9
|
+
description: unknown;
|
|
10
|
+
isActive: boolean;
|
|
11
|
+
};
|
|
12
|
+
|
|
6
13
|
type SessionStatus = 'valid' | 'no_cookie' | 'invalid_session' | 'user_not_found' | 'error';
|
|
7
14
|
|
|
8
15
|
type AuthEnv = {
|
|
@@ -10,6 +17,8 @@ type AuthEnv = {
|
|
|
10
17
|
config: AuthConfig;
|
|
11
18
|
database: Database;
|
|
12
19
|
tenantId: string;
|
|
20
|
+
tenant?: Tenant | null;
|
|
21
|
+
host?: string | null;
|
|
13
22
|
userId?: string;
|
|
14
23
|
user?: User;
|
|
15
24
|
session?: Session;
|
|
@@ -156,4 +165,4 @@ type MesobAuth = {
|
|
|
156
165
|
sessionMiddleware: hono.MiddlewareHandler;
|
|
157
166
|
};
|
|
158
167
|
|
|
159
|
-
export type { AuthConfig as A, MesobAuth as M, SessionStatus as S, User as U, SendInvitationParams as a, SendVerificationOTPParams as b, Session as c, SeedRole as d, SessionConfig as e };
|
|
168
|
+
export type { AuthConfig as A, MesobAuth as M, SessionStatus as S, Tenant as T, User as U, SendInvitationParams as a, SendVerificationOTPParams as b, Session as c, SeedRole as d, SessionConfig as e };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { A as AuthConfig, M as MesobAuth } from './index-
|
|
2
|
-
export { a as SendInvitationParams, b as SendVerificationOTPParams, c as Session, S as SessionStatus, U as User } from './index-
|
|
1
|
+
import { A as AuthConfig, M as MesobAuth } from './index-DssTTD4U.js';
|
|
2
|
+
export { a as SendInvitationParams, b as SendVerificationOTPParams, c as Session, S as SessionStatus, T as Tenant, U as User } from './index-DssTTD4U.js';
|
|
3
3
|
import { D as Database } from './index-Cb7JZobZ.js';
|
|
4
4
|
export { c as createDatabase } from './index-Cb7JZobZ.js';
|
|
5
5
|
export { cleanupExpiredData, cleanupExpiredSessions, cleanupExpiredVerifications } from './lib/cleanup.js';
|
|
6
|
-
export { hasPermission, hasPermissionThrow
|
|
6
|
+
export { hasPermission, hasPermissionThrow } from './lib/has-role-permission.js';
|
|
7
7
|
import * as hono from 'hono';
|
|
8
8
|
import '@hono/zod-openapi';
|
|
9
9
|
import '@mesob/common';
|
|
@@ -12,17 +12,10 @@ import 'drizzle-orm/pg-core';
|
|
|
12
12
|
import 'drizzle-orm';
|
|
13
13
|
import 'pg';
|
|
14
14
|
|
|
15
|
-
type Tenant = {
|
|
16
|
-
id: string;
|
|
17
|
-
name: unknown;
|
|
18
|
-
description: unknown;
|
|
19
|
-
isActive: boolean;
|
|
20
|
-
};
|
|
21
|
-
|
|
22
15
|
declare const createSessionMiddleware: () => hono.MiddlewareHandler<any, string, {}, Response>;
|
|
23
16
|
|
|
24
17
|
declare const createTenantMiddleware: (database: Database, config: AuthConfig) => hono.MiddlewareHandler<any, string, {}, Response>;
|
|
25
18
|
|
|
26
19
|
declare const createMesobAuth: (authConfig: AuthConfig) => MesobAuth;
|
|
27
20
|
|
|
28
|
-
export { AuthConfig, Database, MesobAuth,
|
|
21
|
+
export { AuthConfig, Database, MesobAuth, createMesobAuth, createSessionMiddleware, createTenantMiddleware };
|
package/dist/index.js
CHANGED
|
@@ -612,6 +612,7 @@ var fetchUserWithRoles = async ({
|
|
|
612
612
|
emailVerified: usersInIam.emailVerified,
|
|
613
613
|
phoneVerified: usersInIam.phoneVerified,
|
|
614
614
|
lastSignInAt: usersInIam.lastSignInAt,
|
|
615
|
+
bannedUntil: usersInIam.bannedUntil,
|
|
615
616
|
...getUserAuthSelect(tenantId)
|
|
616
617
|
}).from(usersInIam).where(and4(eq4(usersInIam.id, userId), eq4(usersInIam.tenantId, tenantId))).limit(1);
|
|
617
618
|
return userResult || null;
|
|
@@ -862,6 +863,7 @@ var userSchema = z.object({
|
|
|
862
863
|
emailVerified: z.boolean(),
|
|
863
864
|
phoneVerified: z.boolean(),
|
|
864
865
|
lastSignInAt: z.string().datetime().nullable(),
|
|
866
|
+
bannedUntil: z.string().datetime().nullable().optional(),
|
|
865
867
|
createdAt: z.string().datetime().nullable().optional(),
|
|
866
868
|
userType: z.array(z.string()).optional(),
|
|
867
869
|
roles: z.array(z.string()).nullable().optional(),
|
|
@@ -2171,6 +2173,24 @@ var auth_route_default = authRoutes;
|
|
|
2171
2173
|
// src/routes/domains/domains.route.ts
|
|
2172
2174
|
import { createRoute as createRoute2, OpenAPIHono as OpenAPIHono2 } from "@hono/zod-openapi";
|
|
2173
2175
|
|
|
2176
|
+
// src/lib/has-role-permission.ts
|
|
2177
|
+
import { grant } from "@mesob/common";
|
|
2178
|
+
import { HTTPException as HTTPException3 } from "hono/http-exception";
|
|
2179
|
+
var toArray = (v) => {
|
|
2180
|
+
return Array.isArray(v) ? v : [v];
|
|
2181
|
+
};
|
|
2182
|
+
var hasPermission = (c, permission) => {
|
|
2183
|
+
const user = c.get("user");
|
|
2184
|
+
const perms = user?.permissions;
|
|
2185
|
+
const check2 = toArray(permission);
|
|
2186
|
+
return grant(check2, perms);
|
|
2187
|
+
};
|
|
2188
|
+
var hasPermissionThrow = (c, permission) => {
|
|
2189
|
+
if (!hasPermission(c, permission)) {
|
|
2190
|
+
throw new HTTPException3(401, { message: "Unauthorized" });
|
|
2191
|
+
}
|
|
2192
|
+
};
|
|
2193
|
+
|
|
2174
2194
|
// src/routes/domains/domains.schema.ts
|
|
2175
2195
|
import { z as z2 } from "zod";
|
|
2176
2196
|
var listDomainsQuerySchema = z2.object({
|
|
@@ -2230,10 +2250,11 @@ var createDomainHandler = async (c) => {
|
|
|
2230
2250
|
const database = c.get("database");
|
|
2231
2251
|
const tenantId = c.get("tenantId");
|
|
2232
2252
|
const resolvedTenantId = ensureTenantId(config, tenantId);
|
|
2253
|
+
const status = (body.status || "pending").toUpperCase();
|
|
2233
2254
|
const [domain] = await database.insert(domainsInIam).values({
|
|
2234
2255
|
tenantId: resolvedTenantId,
|
|
2235
2256
|
domain: body.domain,
|
|
2236
|
-
status
|
|
2257
|
+
status,
|
|
2237
2258
|
meta: body.meta || null,
|
|
2238
2259
|
isPrimary: body.isPrimary
|
|
2239
2260
|
}).returning();
|
|
@@ -2278,7 +2299,7 @@ var listDomainsHandler = async (c) => {
|
|
|
2278
2299
|
const offset = (page - 1) * limit;
|
|
2279
2300
|
const conditions = [eq13(domainsInIam.tenantId, tenantId)];
|
|
2280
2301
|
if (query.status) {
|
|
2281
|
-
conditions.push(eq13(domainsInIam.status, query.status));
|
|
2302
|
+
conditions.push(eq13(domainsInIam.status, query.status.toUpperCase()));
|
|
2282
2303
|
}
|
|
2283
2304
|
const [domains, totalResult] = await Promise.all([
|
|
2284
2305
|
database.select().from(domainsInIam).where(and13(...conditions)).limit(limit).offset(offset),
|
|
@@ -2304,7 +2325,7 @@ var updateDomainHandler = async (c) => {
|
|
|
2304
2325
|
updateData.domain = body.domain;
|
|
2305
2326
|
}
|
|
2306
2327
|
if (body.status !== void 0) {
|
|
2307
|
-
updateData.status = body.status;
|
|
2328
|
+
updateData.status = body.status.toUpperCase();
|
|
2308
2329
|
}
|
|
2309
2330
|
if (body.meta !== void 0) {
|
|
2310
2331
|
updateData.meta = body.meta;
|
|
@@ -2502,7 +2523,12 @@ var verifyDomainRoute = createRoute2({
|
|
|
2502
2523
|
}
|
|
2503
2524
|
}
|
|
2504
2525
|
});
|
|
2505
|
-
var
|
|
2526
|
+
var IAM_ALL = "iam:all:all";
|
|
2527
|
+
var domainRoutesBase = new OpenAPIHono2().use("*", (c, next) => {
|
|
2528
|
+
hasPermissionThrow(c, IAM_ALL);
|
|
2529
|
+
return next();
|
|
2530
|
+
});
|
|
2531
|
+
var domainRoutes = domainRoutesBase.openapi(listDomainsRoute, listDomainsHandler).openapi(getDomainRoute, getDomainHandler).openapi(createDomainRoute, createDomainHandler).openapi(updateDomainRoute, updateDomainHandler).openapi(deleteDomainRoute, deleteDomainHandler).openapi(verifyDomainRoute, verifyDomainHandler);
|
|
2506
2532
|
var domains_route_default = domainRoutes;
|
|
2507
2533
|
|
|
2508
2534
|
// src/routes/email/email.route.ts
|
|
@@ -3549,7 +3575,7 @@ import {
|
|
|
3549
3575
|
notInArray,
|
|
3550
3576
|
sql as sql12
|
|
3551
3577
|
} from "drizzle-orm";
|
|
3552
|
-
import { HTTPException as
|
|
3578
|
+
import { HTTPException as HTTPException4 } from "hono/http-exception";
|
|
3553
3579
|
function buildPermissionDescription(code) {
|
|
3554
3580
|
return {
|
|
3555
3581
|
en: toTitleCase(code.replaceAll(":", " ").replaceAll("_", " "))
|
|
@@ -3606,7 +3632,7 @@ async function assertPermissionsExist({
|
|
|
3606
3632
|
(id) => !existingIds.has(id)
|
|
3607
3633
|
);
|
|
3608
3634
|
if (missingPermissionIds.length) {
|
|
3609
|
-
throw new
|
|
3635
|
+
throw new HTTPException4(400, {
|
|
3610
3636
|
message: `Unknown permissions: ${missingPermissionIds.join(", ")}`
|
|
3611
3637
|
});
|
|
3612
3638
|
}
|
|
@@ -3856,7 +3882,12 @@ var seedPermissionsRoute = createRoute5({
|
|
|
3856
3882
|
}
|
|
3857
3883
|
}
|
|
3858
3884
|
});
|
|
3859
|
-
var
|
|
3885
|
+
var IAM_ALL2 = "iam:all:all";
|
|
3886
|
+
var permissionRoutesBase = new OpenAPIHono5().use("*", (c, next) => {
|
|
3887
|
+
hasPermissionThrow(c, IAM_ALL2);
|
|
3888
|
+
return next();
|
|
3889
|
+
});
|
|
3890
|
+
var permissionRoutes = permissionRoutesBase.openapi(listPermissionsRoute, listPermissionsHandler).openapi(seedPermissionsRoute, seedPermissionsHandler).openapi(getPermissionRoute, getPermissionHandler);
|
|
3860
3891
|
var permissions_route_default = permissionRoutes;
|
|
3861
3892
|
|
|
3862
3893
|
// src/routes/phone/phone.route.ts
|
|
@@ -4890,7 +4921,15 @@ var revokeRolePermissionRoute = createRoute8({
|
|
|
4890
4921
|
}
|
|
4891
4922
|
}
|
|
4892
4923
|
});
|
|
4893
|
-
var
|
|
4924
|
+
var IAM_ALL3 = "iam:all:all";
|
|
4925
|
+
var rolePermissionRoutesBase = new OpenAPIHono8().use(
|
|
4926
|
+
"*",
|
|
4927
|
+
(c, next) => {
|
|
4928
|
+
hasPermissionThrow(c, IAM_ALL3);
|
|
4929
|
+
return next();
|
|
4930
|
+
}
|
|
4931
|
+
);
|
|
4932
|
+
var rolePermissionRoutes = rolePermissionRoutesBase.openapi(listRolePermissionsRoute, listRolePermissionsHandler).openapi(assignRolePermissionRoute, assignRolePermissionHandler).openapi(revokeRolePermissionRoute, revokeRolePermissionHandler);
|
|
4894
4933
|
var role_permissions_route_default = rolePermissionRoutes;
|
|
4895
4934
|
|
|
4896
4935
|
// src/routes/roles/roles.route.ts
|
|
@@ -6050,7 +6089,12 @@ var seedRolesRoute = createRoute9({
|
|
|
6050
6089
|
}
|
|
6051
6090
|
}
|
|
6052
6091
|
});
|
|
6053
|
-
var
|
|
6092
|
+
var IAM_ALL4 = "iam:all:all";
|
|
6093
|
+
var roleRoutesBase = new OpenAPIHono9().use("*", (c, next) => {
|
|
6094
|
+
hasPermissionThrow(c, IAM_ALL4);
|
|
6095
|
+
return next();
|
|
6096
|
+
});
|
|
6097
|
+
var roleRoutes = roleRoutesBase.openapi(listRolesRoute, listRolesHandler).openapi(seedRolesRoute, seedRolesHandler).openapi(getRoleRoute, getRoleHandler).openapi(createRoleRoute, createRoleHandler).openapi(updateRoleRoute, updateRoleHandler).openapi(listRolePermissionsRoute2, listRolePermissionsHandler2).openapi(assignRolePermissionsRoute, assignRolePermissionsHandler).openapi(revokeRolePermissionRoute2, revokeRolePermissionHandler2).openapi(listRoleUsersRoute, listRoleUsersHandler).openapi(assignRoleUsersRoute, assignRoleUsersHandler).openapi(revokeRoleUserRoute, revokeRoleUserHandler).openapi(deleteRoleRoute, deleteRoleHandler);
|
|
6054
6098
|
var roles_route_default = roleRoutes;
|
|
6055
6099
|
|
|
6056
6100
|
// src/routes/sessions/sessions.route.ts
|
|
@@ -6253,7 +6297,12 @@ var revokeAllSessionsRoute = createRoute10({
|
|
|
6253
6297
|
}
|
|
6254
6298
|
}
|
|
6255
6299
|
});
|
|
6256
|
-
var
|
|
6300
|
+
var IAM_ALL5 = "iam:all:all";
|
|
6301
|
+
var sessionRoutesBase = new OpenAPIHono10().use("*", (c, next) => {
|
|
6302
|
+
hasPermissionThrow(c, IAM_ALL5);
|
|
6303
|
+
return next();
|
|
6304
|
+
});
|
|
6305
|
+
var sessionRoutes = sessionRoutesBase.openapi(listSessionsRoute, listSessionsHandler).openapi(getSessionRoute, getSessionHandler).openapi(revokeSessionRoute, revokeSessionHandler).openapi(revokeAllSessionsRoute, revokeAllSessionsHandler);
|
|
6257
6306
|
var sessions_route_default = sessionRoutes;
|
|
6258
6307
|
|
|
6259
6308
|
// src/routes/system/system.route.ts
|
|
@@ -6277,6 +6326,7 @@ var tenantHandler = (c) => {
|
|
|
6277
6326
|
};
|
|
6278
6327
|
|
|
6279
6328
|
// src/routes/system/system.route.ts
|
|
6329
|
+
var IAM_ALL6 = "iam:all:all";
|
|
6280
6330
|
var tenantRoute = createRoute11({
|
|
6281
6331
|
method: "get",
|
|
6282
6332
|
path: "/init",
|
|
@@ -6311,10 +6361,11 @@ var tenantRoute = createRoute11({
|
|
|
6311
6361
|
}
|
|
6312
6362
|
}
|
|
6313
6363
|
});
|
|
6314
|
-
var
|
|
6315
|
-
|
|
6316
|
-
|
|
6317
|
-
);
|
|
6364
|
+
var tenantRoutesBase = new OpenAPIHono11().use("*", (c, next) => {
|
|
6365
|
+
hasPermissionThrow(c, IAM_ALL6);
|
|
6366
|
+
return next();
|
|
6367
|
+
});
|
|
6368
|
+
var tenantRoutes = tenantRoutesBase.openapi(tenantRoute, tenantHandler);
|
|
6318
6369
|
var system_route_default = tenantRoutes;
|
|
6319
6370
|
|
|
6320
6371
|
// src/routes/tenants/tenants.route.ts
|
|
@@ -6322,42 +6373,7 @@ import { createRoute as createRoute12, OpenAPIHono as OpenAPIHono12 } from "@hon
|
|
|
6322
6373
|
|
|
6323
6374
|
// src/routes/tenants/handler/create-tenant.ts
|
|
6324
6375
|
import { eq as eq48 } from "drizzle-orm";
|
|
6325
|
-
|
|
6326
|
-
// src/lib/has-role-permission.ts
|
|
6327
|
-
import { grant } from "@mesob/common";
|
|
6328
|
-
import { HTTPException as HTTPException4 } from "hono/http-exception";
|
|
6329
|
-
var toArray = (v) => {
|
|
6330
|
-
return Array.isArray(v) ? v : [v];
|
|
6331
|
-
};
|
|
6332
|
-
var hasRole = (c, role) => {
|
|
6333
|
-
const user = c.get("user");
|
|
6334
|
-
const codes = user?.roleCodes;
|
|
6335
|
-
if (!codes?.length) {
|
|
6336
|
-
return false;
|
|
6337
|
-
}
|
|
6338
|
-
const check2 = toArray(role);
|
|
6339
|
-
return check2.some((r) => codes.includes(r));
|
|
6340
|
-
};
|
|
6341
|
-
var hasRoleThrow = (c, role) => {
|
|
6342
|
-
if (!hasRole(c, role)) {
|
|
6343
|
-
throw new HTTPException4(401, { message: "Unauthorized" });
|
|
6344
|
-
}
|
|
6345
|
-
};
|
|
6346
|
-
var hasPermission = (c, permission) => {
|
|
6347
|
-
const user = c.get("user");
|
|
6348
|
-
const perms = user?.permissions;
|
|
6349
|
-
const check2 = toArray(permission);
|
|
6350
|
-
return grant(check2, perms);
|
|
6351
|
-
};
|
|
6352
|
-
var hasPermissionThrow = (c, permission) => {
|
|
6353
|
-
if (!hasPermission(c, permission)) {
|
|
6354
|
-
throw new HTTPException4(401, { message: "Unauthorized" });
|
|
6355
|
-
}
|
|
6356
|
-
};
|
|
6357
|
-
|
|
6358
|
-
// src/routes/tenants/handler/create-tenant.ts
|
|
6359
6376
|
var createTenantHandler = async (c) => {
|
|
6360
|
-
hasRoleThrow(c, ["owner", "tenant-admin"]);
|
|
6361
6377
|
const body = c.req.valid("json");
|
|
6362
6378
|
const database = c.get("database");
|
|
6363
6379
|
const [existing] = await database.select().from(tenantsInIam).where(eq48(tenantsInIam.id, body.id)).limit(1);
|
|
@@ -6385,7 +6401,6 @@ var createTenantHandler = async (c) => {
|
|
|
6385
6401
|
// src/routes/tenants/handler/delete-tenant.ts
|
|
6386
6402
|
import { eq as eq49 } from "drizzle-orm";
|
|
6387
6403
|
var deleteTenantHandler = async (c) => {
|
|
6388
|
-
hasRoleThrow(c, ["owner", "tenant-admin"]);
|
|
6389
6404
|
const { id } = c.req.valid("param");
|
|
6390
6405
|
const database = c.get("database");
|
|
6391
6406
|
const [existing] = await database.select().from(tenantsInIam).where(eq49(tenantsInIam.id, id)).limit(1);
|
|
@@ -6399,7 +6414,6 @@ var deleteTenantHandler = async (c) => {
|
|
|
6399
6414
|
// src/routes/tenants/handler/get-tenant.ts
|
|
6400
6415
|
import { eq as eq50 } from "drizzle-orm";
|
|
6401
6416
|
var getTenantHandler = async (c) => {
|
|
6402
|
-
hasRoleThrow(c, ["owner", "tenant-admin"]);
|
|
6403
6417
|
const { id } = c.req.valid("param");
|
|
6404
6418
|
const database = c.get("database");
|
|
6405
6419
|
const [tenant] = await database.select().from(tenantsInIam).where(eq50(tenantsInIam.id, id)).limit(1);
|
|
@@ -6417,7 +6431,6 @@ var sortColumnMap3 = {
|
|
|
6417
6431
|
name: sql23`${tenantsInIam.name}::text`
|
|
6418
6432
|
};
|
|
6419
6433
|
var listTenantsHandler = async (c) => {
|
|
6420
|
-
hasRoleThrow(c, ["owner", "tenant-admin"]);
|
|
6421
6434
|
const query = c.req.valid("query");
|
|
6422
6435
|
const database = c.get("database");
|
|
6423
6436
|
const page = query.page || 1;
|
|
@@ -6456,7 +6469,6 @@ var listTenantsHandler = async (c) => {
|
|
|
6456
6469
|
// src/routes/tenants/handler/update-tenant.ts
|
|
6457
6470
|
import { eq as eq52, sql as sql24 } from "drizzle-orm";
|
|
6458
6471
|
var updateTenantHandler = async (c) => {
|
|
6459
|
-
hasRoleThrow(c, ["owner", "tenant-admin"]);
|
|
6460
6472
|
const { id } = c.req.valid("param");
|
|
6461
6473
|
const body = c.req.valid("json");
|
|
6462
6474
|
const database = c.get("database");
|
|
@@ -6730,7 +6742,12 @@ var deleteTenantRoute = createRoute12({
|
|
|
6730
6742
|
}
|
|
6731
6743
|
}
|
|
6732
6744
|
});
|
|
6733
|
-
var
|
|
6745
|
+
var IAM_ALL7 = "iam:all:all";
|
|
6746
|
+
var tenantRoutesBase2 = new OpenAPIHono12().use("*", (c, next) => {
|
|
6747
|
+
hasPermissionThrow(c, IAM_ALL7);
|
|
6748
|
+
return next();
|
|
6749
|
+
});
|
|
6750
|
+
var tenantRoutes2 = tenantRoutesBase2.openapi(listTenantsRoute, listTenantsHandler).openapi(getTenantRoute, getTenantHandler).openapi(createTenantRoute, createTenantHandler).openapi(updateTenantRoute, updateTenantHandler).openapi(deleteTenantRoute, deleteTenantHandler);
|
|
6734
6751
|
var tenants_route_default = tenantRoutes2;
|
|
6735
6752
|
|
|
6736
6753
|
// src/routes/user-roles/user-roles.route.ts
|
|
@@ -6905,7 +6922,12 @@ var revokeUserRoleRoute = createRoute13({
|
|
|
6905
6922
|
}
|
|
6906
6923
|
}
|
|
6907
6924
|
});
|
|
6908
|
-
var
|
|
6925
|
+
var IAM_ALL8 = "iam:all:all";
|
|
6926
|
+
var userRoleRoutesBase = new OpenAPIHono13().use("*", (c, next) => {
|
|
6927
|
+
hasPermissionThrow(c, IAM_ALL8);
|
|
6928
|
+
return next();
|
|
6929
|
+
});
|
|
6930
|
+
var userRoleRoutes = userRoleRoutesBase.openapi(listUserRolesRoute, listUserRolesHandler).openapi(assignUserRoleRoute, assignUserRoleHandler).openapi(revokeUserRoleRoute, revokeUserRoleHandler);
|
|
6909
6931
|
var user_roles_route_default = userRoleRoutes;
|
|
6910
6932
|
|
|
6911
6933
|
// src/routes/users/users.route.ts
|
|
@@ -6922,25 +6944,19 @@ var banUserHandler = async (c) => {
|
|
|
6922
6944
|
if (!existing) {
|
|
6923
6945
|
return c.json({ error: "User not found" }, 404);
|
|
6924
6946
|
}
|
|
6925
|
-
|
|
6926
|
-
bannedUntil: body.bannedUntil
|
|
6947
|
+
await database.update(usersInIam).set({
|
|
6948
|
+
bannedUntil: body.bannedUntil ?? null,
|
|
6927
6949
|
updatedAt: sql25`CURRENT_TIMESTAMP`
|
|
6928
|
-
}).where(and50(eq55(usersInIam.id, id), eq55(usersInIam.tenantId, tenantId)))
|
|
6929
|
-
|
|
6930
|
-
|
|
6931
|
-
|
|
6932
|
-
|
|
6933
|
-
phone: usersInIam.phone,
|
|
6934
|
-
handle: usersInIam.handle,
|
|
6935
|
-
image: usersInIam.image,
|
|
6936
|
-
emailVerified: usersInIam.emailVerified,
|
|
6937
|
-
phoneVerified: usersInIam.phoneVerified,
|
|
6938
|
-
lastSignInAt: usersInIam.lastSignInAt
|
|
6950
|
+
}).where(and50(eq55(usersInIam.id, id), eq55(usersInIam.tenantId, tenantId)));
|
|
6951
|
+
const userWithRoles = await fetchUserWithRoles({
|
|
6952
|
+
database,
|
|
6953
|
+
userId: id,
|
|
6954
|
+
tenantId
|
|
6939
6955
|
});
|
|
6940
|
-
if (!
|
|
6956
|
+
if (!userWithRoles) {
|
|
6941
6957
|
return c.json({ error: "User not found" }, 404);
|
|
6942
6958
|
}
|
|
6943
|
-
return c.json({ user: normalizeUser(
|
|
6959
|
+
return c.json({ user: normalizeUser(userWithRoles) }, 200);
|
|
6944
6960
|
};
|
|
6945
6961
|
|
|
6946
6962
|
// src/routes/users/helper/user.ts
|
|
@@ -7250,7 +7266,7 @@ var inviteUserHandler = async (c) => {
|
|
|
7250
7266
|
};
|
|
7251
7267
|
|
|
7252
7268
|
// src/routes/users/handler/list-users.ts
|
|
7253
|
-
import { and as and53, asc as asc5, desc as desc5, eq as eq58, ilike as ilike4, inArray as inArray6, or as or4, sql as sql27 } from "drizzle-orm";
|
|
7269
|
+
import { and as and53, asc as asc5, desc as desc5, eq as eq58, gt as gt8, ilike as ilike4, inArray as inArray6, or as or4, sql as sql27 } from "drizzle-orm";
|
|
7254
7270
|
var userSelect = {
|
|
7255
7271
|
id: usersInIam.id,
|
|
7256
7272
|
tenantId: usersInIam.tenantId,
|
|
@@ -7266,9 +7282,6 @@ var userSelect = {
|
|
|
7266
7282
|
userType: usersInIam.userType,
|
|
7267
7283
|
roleCount: sql27`(select count(*)::int from ${userRolesInIam} where ${userRolesInIam.userId} = ${usersInIam.id} and ${userRolesInIam.tenantId} = ${usersInIam.tenantId})`.as(
|
|
7268
7284
|
"roleCount"
|
|
7269
|
-
),
|
|
7270
|
-
activeSessionCount: sql27`(select count(*)::int from ${sessionsInIam} where ${sessionsInIam.userId} = ${usersInIam.id} and ${sessionsInIam.tenantId} = ${usersInIam.tenantId} and ${sessionsInIam.expiresAt} > now())`.as(
|
|
7271
|
-
"activeSessionCount"
|
|
7272
7285
|
)
|
|
7273
7286
|
};
|
|
7274
7287
|
var sortColumnMap4 = {
|
|
@@ -7301,11 +7314,11 @@ var listUsersHandler = async (c) => {
|
|
|
7301
7314
|
const query = c.req.valid("query");
|
|
7302
7315
|
const database = c.get("database");
|
|
7303
7316
|
const tenantId = c.get("tenantId");
|
|
7304
|
-
const
|
|
7317
|
+
const _config = c.get("config");
|
|
7305
7318
|
const page = query.page || 1;
|
|
7306
7319
|
const limit = query.limit || 20;
|
|
7307
7320
|
const offset = (page - 1) * limit;
|
|
7308
|
-
const userTypeFilter =
|
|
7321
|
+
const userTypeFilter = query.userType && query.userType !== "all" ? query.userType : null;
|
|
7309
7322
|
const conditions = [eq58(usersInIam.tenantId, tenantId)];
|
|
7310
7323
|
if (userTypeFilter) {
|
|
7311
7324
|
conditions.push(
|
|
@@ -7313,14 +7326,15 @@ var listUsersHandler = async (c) => {
|
|
|
7313
7326
|
);
|
|
7314
7327
|
}
|
|
7315
7328
|
if (query.search?.trim()) {
|
|
7316
|
-
const term = `%${query.search.trim().replace(/[%_\\]/g, (
|
|
7317
|
-
|
|
7318
|
-
|
|
7319
|
-
|
|
7320
|
-
|
|
7321
|
-
ilike4(usersInIam.phone, term)
|
|
7322
|
-
)
|
|
7329
|
+
const term = `%${query.search.trim().replace(/[%_\\]/g, (ch) => `\\${ch}`)}%`;
|
|
7330
|
+
const searchCond = or4(
|
|
7331
|
+
ilike4(usersInIam.fullName, term),
|
|
7332
|
+
ilike4(usersInIam.email, term),
|
|
7333
|
+
ilike4(usersInIam.phone, term)
|
|
7323
7334
|
);
|
|
7335
|
+
if (searchCond) {
|
|
7336
|
+
conditions.push(searchCond);
|
|
7337
|
+
}
|
|
7324
7338
|
}
|
|
7325
7339
|
if (query.email) {
|
|
7326
7340
|
conditions.push(ilike4(usersInIam.email, `%${query.email}%`));
|
|
@@ -7332,12 +7346,13 @@ var listUsersHandler = async (c) => {
|
|
|
7332
7346
|
conditions.push(ilike4(usersInIam.handle, `%${query.handle}%`));
|
|
7333
7347
|
}
|
|
7334
7348
|
if (query.filter === "verified") {
|
|
7335
|
-
|
|
7336
|
-
|
|
7337
|
-
|
|
7338
|
-
eq58(usersInIam.phoneVerified, true)
|
|
7339
|
-
)
|
|
7349
|
+
const verifiedCond = or4(
|
|
7350
|
+
eq58(usersInIam.emailVerified, true),
|
|
7351
|
+
eq58(usersInIam.phoneVerified, true)
|
|
7340
7352
|
);
|
|
7353
|
+
if (verifiedCond) {
|
|
7354
|
+
conditions.push(verifiedCond);
|
|
7355
|
+
}
|
|
7341
7356
|
} else if (query.filter === "unverified") {
|
|
7342
7357
|
conditions.push(eq58(usersInIam.emailVerified, false));
|
|
7343
7358
|
conditions.push(eq58(usersInIam.phoneVerified, false));
|
|
@@ -7351,6 +7366,19 @@ var listUsersHandler = async (c) => {
|
|
|
7351
7366
|
]);
|
|
7352
7367
|
const total = Number(totalResult[0]?.count || 0);
|
|
7353
7368
|
const userIds = users.map((u) => u.id);
|
|
7369
|
+
const sessionCountRows = userIds.length > 0 ? await database.select({
|
|
7370
|
+
userId: sessionsInIam.userId,
|
|
7371
|
+
count: sql27`count(*)::int`.as("count")
|
|
7372
|
+
}).from(sessionsInIam).where(
|
|
7373
|
+
and53(
|
|
7374
|
+
eq58(sessionsInIam.tenantId, tenantId),
|
|
7375
|
+
inArray6(sessionsInIam.userId, userIds),
|
|
7376
|
+
gt8(sessionsInIam.expiresAt, (/* @__PURE__ */ new Date()).toISOString())
|
|
7377
|
+
)
|
|
7378
|
+
).groupBy(sessionsInIam.userId) : [];
|
|
7379
|
+
const sessionCountByUser = new Map(
|
|
7380
|
+
sessionCountRows.map((r) => [r.userId, Number(r.count) ?? 0])
|
|
7381
|
+
);
|
|
7354
7382
|
const roleRows = userIds.length > 0 ? await database.select({
|
|
7355
7383
|
userId: userRolesInIam.userId,
|
|
7356
7384
|
code: rolesInIam.code,
|
|
@@ -7382,7 +7410,7 @@ var listUsersHandler = async (c) => {
|
|
|
7382
7410
|
...u,
|
|
7383
7411
|
roles: null,
|
|
7384
7412
|
userRoles: userRolesMap.get(u.id) ?? [],
|
|
7385
|
-
activeSessionCount:
|
|
7413
|
+
activeSessionCount: sessionCountByUser.get(u.id) ?? 0
|
|
7386
7414
|
})),
|
|
7387
7415
|
total,
|
|
7388
7416
|
page,
|
|
@@ -7917,7 +7945,12 @@ var bulkInviteUsersRoute = createRoute14({
|
|
|
7917
7945
|
}
|
|
7918
7946
|
}
|
|
7919
7947
|
});
|
|
7920
|
-
var
|
|
7948
|
+
var IAM_ALL9 = "iam:all:all";
|
|
7949
|
+
var userRoutesBase = new OpenAPIHono14().use("*", (c, next) => {
|
|
7950
|
+
hasPermissionThrow(c, IAM_ALL9);
|
|
7951
|
+
return next();
|
|
7952
|
+
});
|
|
7953
|
+
var userRoutes = userRoutesBase.openapi(listUsersRoute, listUsersHandler).openapi(getUserRoute, getUserHandler).openapi(createUserRoute, createUserHandler).openapi(updateUserRoute, updateUserHandler).openapi(deleteUserRoute, deleteUserHandler).openapi(banUserRoute, banUserHandler).openapi(searchUsersRoute, searchUsersHandler).openapi(inviteUserRoute, inviteUserHandler).openapi(bulkInviteUsersRoute, bulkInviteUsersHandler);
|
|
7921
7954
|
var users_route_default = userRoutes;
|
|
7922
7955
|
|
|
7923
7956
|
// src/routes/verifications/verifications.route.ts
|
|
@@ -8558,8 +8591,6 @@ export {
|
|
|
8558
8591
|
createSessionMiddleware,
|
|
8559
8592
|
createTenantMiddleware,
|
|
8560
8593
|
hasPermission,
|
|
8561
|
-
hasPermissionThrow
|
|
8562
|
-
hasRole,
|
|
8563
|
-
hasRoleThrow
|
|
8594
|
+
hasPermissionThrow
|
|
8564
8595
|
};
|
|
8565
8596
|
//# sourceMappingURL=index.js.map
|