@mostajs/auth 2.2.0 → 2.3.1

package/dist/components/PermissionGuard.js

@@ -2,7 +2,7 @@
 // Author: Dr Hamid MADANI drmdh@msn.com
 'use client';
 import { Fragment as _Fragment, jsx as _jsx } from "react/jsx-runtime";
-import { usePermissions } from '../hooks/usePermissions';
+import { usePermissions } from '../hooks/usePermissions.js';
 /**
  * Conditionally renders children based on user permissions.
  * Admin users bypass all permission checks.

package/dist/index.js

@@ -2,11 +2,11 @@
 // Author: Dr Hamid MADANI drmdh@msn.com
 // For server-side code (repos, seed, auth handlers), use '@mostajs/auth/server'
 // Permission helpers (pure utilities — no external dependency)
-export { hasPermission, hasAllPermissions, hasAnyPermission } from './helpers/permissions';
+export { hasPermission, hasAllPermissions, hasAnyPermission } from './helpers/permissions.js';
 // Schemas (re-export from rbac — pure data, no ORM)
 export { UserSchema, RoleSchema, PermissionSchema, PermissionCategorySchema } from '@mostajs/rbac';
 // Hooks
-export { usePermissions } from './hooks/usePermissions';
+export { usePermissions } from './hooks/usePermissions.js';
 // Components
-export { default as PermissionGuard } from './components/PermissionGuard';
-export { default as SessionProvider } from './components/SessionProvider';
+export { default as PermissionGuard } from './components/PermissionGuard.js';
+export { default as SessionProvider } from './components/SessionProvider.js';

package/dist/lib/auth-check.js

@@ -1,7 +1,7 @@
 // @mosta/auth — Server-side auth guards
 // Author: Dr Hamid MADANI drmdh@msn.com
 import { NextResponse } from 'next/server';
-import { hasPermission } from '../helpers/permissions';
+import { hasPermission } from '../helpers/permissions.js';
 import { getPermissionsForRoleFromDB } from '@mostajs/rbac/lib/permissions-server';
 /**
  * Create server-side guard functions bound to your auth() instance.

package/dist/lib/auth.js

@@ -5,7 +5,7 @@ import NextAuth from 'next-auth';
 import CredentialsProvider from 'next-auth/providers/credentials';
 import { getEnv } from '@mostajs/config';
 import { getRbacRepos } from '@mostajs/rbac/lib/repos-factory';
-import { comparePassword } from './password';
+import { comparePassword } from './password.js';
 /**
  * Create NextAuth handlers configured for MostaAuth RBAC.
  *

package/dist/lib/check-request.d.ts

@@ -0,0 +1,54 @@
+import type { IDialect } from '@mostajs/orm';
+export type AuthErrorCode = 'UNAUTHORIZED' | 'FORBIDDEN' | 'UNAVAILABLE' | 'AUTH_ERROR';
+export interface CheckRequestParams {
+    /** Dialect of the metadata DB (where api_keys / users / roles tables live). */
+    dialect: IDialect | null | undefined;
+    /** Normalized HTTP-style headers (lowercased keys preferred). */
+    headers?: Record<string, string | string[] | undefined>;
+    /** Query string params. */
+    query?: Record<string, string | string[] | undefined>;
+    /** Pre-resolved client IP (else derived from X-Forwarded-For). */
+    ip?: string;
+    /** Transport identifier — 'rest' | 'graphql' | 'mcp' | 'sse' | etc. */
+    transport: string;
+    /**
+     * (scope, value) checks the apikey must satisfy. The module is fully
+     * generic — it doesn't know what 'projects' or 'transports' mean.
+     * Common pattern :
+     *   [{scope:'projects',value:slug}, {scope:'transports',value:'rest'},
+     *    {scope:'operations',value:'read'|'write'|'admin'}]
+     */
+    checks?: Array<{
+        scope: string;
+        value: string;
+    }>;
+    /** Allow request through without apikey (legacy / public-mode). */
+    openMode?: boolean;
+}
+export interface CheckRequestResult {
+    ok: boolean;
+    /** HTTP status code suggested for the failure response (200 if ok). */
+    status: number;
+    /** Suggested JSON body for the failure response. */
+    body?: any;
+    /** Authorization context built from the resolved apikey (if ok). */
+    ctx?: {
+        transport: string;
+        apiKey?: string;
+        projectName?: string;
+        accountId?: string;
+        apikeyId?: string;
+        subscription?: string;
+        permissions?: Record<string, any>;
+        meta?: Record<string, any>;
+    };
+    /** Resolved apikey row (read-only — sensitive fields like hash are present). */
+    apikey?: any;
+}
+/**
+ * Single-call request authorization.
+ *
+ * Returns a verdict that the consumer maps onto its framework's response
+ * (e.g. `if (!result.ok) reply.code(result.status).send(result.body)`).
+ */
+export declare function checkRequest(params: CheckRequestParams): Promise<CheckRequestResult>;

package/dist/lib/check-request.js

@@ -0,0 +1,112 @@
+// @mostajs/auth — Framework-agnostic request authorization check.
+//
+// Orchestrateur unique pour valider une requête HTTP entrante (toutes
+// frameworks : Fastify, Express, Hono, Next.js route handlers, Cloudflare
+// Workers, Bun.serve, etc.).
+//
+// Combine :
+//   - apikey check (délégué à @mostajs/api-keys → checkApiKey)
+//   - (futur) session check NextAuth
+//   - (futur) RBAC permission check via @mostajs/rbac
+//
+// Le consommateur passe un objet `request` normalisé (headers/query/ip) +
+// les `checks` de scopes — le module retourne un verdict unifié.
+//
+// Author: Dr Hamid MADANI <drmdh@msn.com>
+function pickHeader(h, name) {
+    if (!h)
+        return undefined;
+    const v = h[name] ?? h[name.toLowerCase()];
+    if (v == null)
+        return undefined;
+    return Array.isArray(v) ? v[0] : String(v);
+}
+function pickQuery(q, name) {
+    if (!q)
+        return undefined;
+    const v = q[name];
+    if (v == null)
+        return undefined;
+    return Array.isArray(v) ? v[0] : String(v);
+}
+/**
+ * Single-call request authorization.
+ *
+ * Returns a verdict that the consumer maps onto its framework's response
+ * (e.g. `if (!result.ok) reply.code(result.status).send(result.body)`).
+ */
+export async function checkRequest(params) {
+    const { dialect, headers, query, ip, transport, checks = [], openMode = false } = params;
+    // Extract auth identifiers from the request
+    const apiKey = pickHeader(headers, 'x-api-key') ??
+        (pickHeader(headers, 'authorization')?.replace(/^Bearer\s+/i, '').trim() || undefined) ??
+        pickQuery(query, 'apikey') ??
+        pickQuery(query, 'api_key');
+    const projectName = pickHeader(headers, 'x-project') ??
+        pickQuery(query, 'project');
+    const resolvedIp = ip
+        ?? pickHeader(headers, 'x-forwarded-for')?.split(',')[0]?.trim()
+        ?? pickHeader(headers, 'x-real-ip');
+    const baseCtx = {
+        transport,
+        apiKey,
+        projectName,
+        meta: { ip: resolvedIp },
+    };
+    // No apikey → either openMode passes through, or 401
+    if (!apiKey) {
+        if (openMode)
+            return { ok: true, status: 200, ctx: baseCtx };
+        return {
+            ok: false, status: 401,
+            body: { status: 'error', error: { code: 'UNAUTHORIZED',
+                    message: 'API key required (X-API-Key header, Authorization: Bearer, or ?apikey=)' } },
+        };
+    }
+    // No metadata DB → can't verify
+    if (!dialect) {
+        if (openMode)
+            return { ok: true, status: 200, ctx: baseCtx };
+        return {
+            ok: false, status: 503,
+            body: { status: 'error', error: { code: 'UNAVAILABLE',
+                    message: 'API key validation unavailable (no metadata DB)' } },
+        };
+    }
+    // Delegate to @mostajs/api-keys for the actual cryptographic + scope check
+    try {
+        const { checkApiKey } = await import('@mostajs/api-keys/server');
+        const result = await checkApiKey(dialect, {
+            rawKey: apiKey,
+            checks,
+            ip: resolvedIp,
+        });
+        if (!result.ok) {
+            return {
+                ok: false,
+                status: result.code === 'UNAUTHORIZED' ? 401 : 403,
+                body: { status: 'error', error: { code: result.code, message: result.message } },
+            };
+        }
+        const apikey = result.apikey;
+        return {
+            ok: true,
+            status: 200,
+            apikey,
+            ctx: {
+                ...baseCtx,
+                subscription: apikey?.label || apikey?.id,
+                permissions: apikey?.permissions?.scopes ?? {},
+                accountId: apikey?.account || apikey?.accountId,
+                apikeyId: apikey?.id,
+            },
+        };
+    }
+    catch (e) {
+        return {
+            ok: false, status: 500,
+            body: { status: 'error', error: { code: 'AUTH_ERROR',
+                    message: e?.message || 'auth check failed' } },
+        };
+    }
+}

package/dist/server.d.ts

@@ -3,6 +3,8 @@ export { createAuthChecks } from './lib/auth-check';
 export { createAuthMiddleware } from './middleware/auth-middleware';
 export type { AuthMiddlewareOptions } from './middleware/auth-middleware';
 export { hashPassword, comparePassword } from './lib/password';
+export { checkRequest } from './lib/check-request';
+export type { CheckRequestParams, CheckRequestResult, AuthErrorCode } from './lib/check-request';
 export { getPermissionsForRoleFromDB } from '@mostajs/rbac/lib/permissions-server';
 export { seedRBAC } from '@mostajs/rbac/lib/rbac-seed';
 export type { SeedRBACOptions } from '@mostajs/rbac/lib/rbac-seed';

package/dist/server.js

@@ -2,11 +2,13 @@
 // Author: Dr Hamid MADANI drmdh@msn.com
 // Import from '@mostajs/auth/server' in API routes and server code
 // Auth handler factories (depend on ORM via rbac repos)
-export { createAuthHandlers } from './lib/auth';
-export { createAuthChecks } from './lib/auth-check';
-export { createAuthMiddleware } from './middleware/auth-middleware';
+export { createAuthHandlers } from './lib/auth.js';
+export { createAuthChecks } from './lib/auth-check.js';
+export { createAuthMiddleware } from './middleware/auth-middleware.js';
 // Password utils
-export { hashPassword, comparePassword } from './lib/password';
+export { hashPassword, comparePassword } from './lib/password.js';
+// Framework-agnostic request authorization (apikey + scope checks)
+export { checkRequest } from './lib/check-request.js';
 // Server-side permission DB lookup (re-export from rbac/server)
 export { getPermissionsForRoleFromDB } from '@mostajs/rbac/lib/permissions-server';
 // RBAC seed (re-export from rbac/server)
@@ -18,12 +20,12 @@ export { getSchemas, moduleInfo } from '@mostajs/rbac/lib/module-info';
 // Repositories (re-export from rbac/server)
 export { UserRepository, RoleRepository, PermissionRepository, PermissionCategoryRepository } from '@mostajs/rbac/server';
 // Registration
-export { createRegistrationHandler } from './lib/registration';
+export { createRegistrationHandler } from './lib/registration.js';
 // Email verification
-export { createVerificationHandlers, generateVerifyToken } from './lib/email-verification';
+export { createVerificationHandlers, generateVerifyToken } from './lib/email-verification.js';
 // Password reset
-export { createPasswordResetHandlers, generateResetToken } from './lib/password-reset';
+export { createPasswordResetHandlers, generateResetToken } from './lib/password-reset.js';
 // API key provider
-export { createApiKeyProvider } from './lib/apikey-provider';
+export { createApiKeyProvider } from './lib/apikey-provider.js';
 // Session enrichment
-export { enrichTokenWithPlan, enrichSessionWithPlan } from './lib/session-enrichment';
+export { enrichTokenWithPlan, enrichSessionWithPlan } from './lib/session-enrichment.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mostajs/auth",
-  "version": "2.2.0",
+  "version": "2.3.1",
   "description": "Authentication — NextAuth, password hashing, session management",
   "author": "Dr Hamid MADANI <drmdh@msn.com>",
   "license": "AGPL-3.0-or-later",
@@ -114,13 +114,13 @@
     "node": ">=18.0.0"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "tsc && npm run fix-esm",
+    "fix-esm": "find dist -name '*.js' -exec sed -i -E \"s|from '(\\\\.{1,2}/[^']+)'(;?)|from '\\\\1.js'\\\\2|g; s|from \\\"(\\\\.{1,2}/[^\\\"]+)\\\"(;?)|from \\\"\\\\1.js\\\"\\\\2|g\" {} \\; && find dist -name '*.js' -exec sed -i -E \"s|\\\\.js\\\\.js|.js|g\" {} \\;",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
     "@mostajs/config": "^1.0.0",
     "@mostajs/net": "^2.0.0",
-    "@mostajs/orm": "^1.7.0",
     "bcryptjs": "^2.4.3"
   },
   "peerDependencies": {
@@ -130,6 +130,8 @@
     "react": ">=18"
   },
   "devDependencies": {
+    "@mostajs/api-keys": "^0.2.0",
+    "@mostajs/orm": "^1.13.1",
     "@mostajs/rbac": "^2.0.3",
     "@types/bcryptjs": "^2.4.0",
     "@types/node": "^25.3.3",

package/dist/lib/permissions.d.ts

@@ -1,9 +0,0 @@
-/**
- * Check if a user has a specific permission.
- * Supports wildcard '*' for full access.
- */
-export declare function hasPermission(userPermissions: string[], requiredPermission: string): boolean;
-/**
- * Get permissions for a role from a static map.
- */
-export declare function getPermissionsForRole(rolePermissions: Record<string, string[]>, role: string): string[];

package/dist/lib/permissions.js

@@ -1,19 +0,0 @@
-// @mosta/auth — Permission helpers (client-safe)
-// Author: Dr Hamid MADANI drmdh@msn.com
-/**
- * Check if a user has a specific permission.
- * Supports wildcard '*' for full access.
- */
-export function hasPermission(userPermissions, requiredPermission) {
-    if (!userPermissions || userPermissions.length === 0)
-        return false;
-    if (userPermissions.includes('*'))
-        return true;
-    return userPermissions.includes(requiredPermission);
-}
-/**
- * Get permissions for a role from a static map.
- */
-export function getPermissionsForRole(rolePermissions, role) {
-    return rolePermissions[role] || [];
-}

package/dist/lib/rbac-seed.d.ts

@@ -1,15 +0,0 @@
-import type { CategoryDefinition, PermissionDefinition, RoleDefinition } from '../types/index';
-export interface SeedRBACOptions {
-    categories: CategoryDefinition[];
-    permissions: PermissionDefinition[];
-    roles: Record<string, RoleDefinition>;
-}
-/**
- * Idempotent seed of categories, permissions and roles.
- * Uses upsert — safe to call multiple times.
- */
-export declare function seedRBAC(options: SeedRBACOptions): Promise<{
-    categoryCount: number;
-    permissionCount: number;
-    roleCount: number;
-}>;

package/dist/lib/rbac-seed.js

@@ -1,38 +0,0 @@
-// @mosta/auth — RBAC Seed function
-// Author: Dr Hamid MADANI drmdh@msn.com
-import { getDialect } from '@mostajs/orm';
-import { PermissionCategoryRepository } from '../repositories/permission-category.repository';
-import { PermissionRepository } from '../repositories/permission.repository';
-import { RoleRepository } from '../repositories/role.repository';
-/**
- * Idempotent seed of categories, permissions and roles.
- * Uses upsert — safe to call multiple times.
- */
-export async function seedRBAC(options) {
-    const dialect = await getDialect();
-    const catRepo = new PermissionCategoryRepository(dialect);
-    const permRepo = new PermissionRepository(dialect);
-    const roleRepo = new RoleRepository(dialect);
-    // 1. Upsert categories
-    for (const cat of options.categories) {
-        await catRepo.upsert({ name: cat.name }, cat);
-    }
-    // 2. Upsert permissions — build code→id map
-    const permissionMap = {};
-    for (const pDef of options.permissions) {
-        const perm = await permRepo.upsert({ name: pDef.name }, { name: pDef.name, description: pDef.description, category: pDef.category });
-        permissionMap[pDef.code] = perm.id;
-    }
-    // 3. Upsert roles with permission IDs
-    for (const [, roleDef] of Object.entries(options.roles)) {
-        const permissionIds = roleDef.permissions
-            .map((code) => permissionMap[code])
-            .filter(Boolean);
-        await roleRepo.upsert({ name: roleDef.name }, { name: roleDef.name, description: roleDef.description, permissions: permissionIds });
-    }
-    return {
-        categoryCount: options.categories.length,
-        permissionCount: options.permissions.length,
-        roleCount: Object.keys(options.roles).length,
-    };
-}

package/dist/repositories/permission-category.repository.d.ts

@@ -1,10 +0,0 @@
-import { BaseRepository } from '@mostajs/orm';
-import type { IDialect } from '@mostajs/orm';
-import type { PermissionCategoryDTO } from '../types/index';
-export declare class PermissionCategoryRepository extends BaseRepository<PermissionCategoryDTO> {
-    constructor(dialect: IDialect);
-    /** Find all sorted by order then name */
-    findAllOrdered(): Promise<PermissionCategoryDTO[]>;
-    /** Find by name (unique) */
-    findByName(name: string): Promise<PermissionCategoryDTO | null>;
-}

package/dist/repositories/permission-category.repository.js

@@ -1,17 +0,0 @@
-// @mosta/auth — PermissionCategoryRepository
-// Author: Dr Hamid MADANI drmdh@msn.com
-import { BaseRepository } from '@mostajs/orm';
-import { PermissionCategorySchema } from '../schemas/permission-category.schema';
-export class PermissionCategoryRepository extends BaseRepository {
-    constructor(dialect) {
-        super(PermissionCategorySchema, dialect);
-    }
-    /** Find all sorted by order then name */
-    async findAllOrdered() {
-        return this.findAll({}, { sort: { order: 1, name: 1 } });
-    }
-    /** Find by name (unique) */
-    async findByName(name) {
-        return this.findOne({ name });
-    }
-}

package/dist/repositories/permission.repository.d.ts

@@ -1,12 +0,0 @@
-import { BaseRepository } from '@mostajs/orm';
-import type { IDialect } from '@mostajs/orm';
-import type { PermissionDTO } from '../types/index';
-export declare class PermissionRepository extends BaseRepository<PermissionDTO> {
-    constructor(dialect: IDialect);
-    /** Find all sorted by category then name */
-    findAllSorted(): Promise<PermissionDTO[]>;
-    /** Find by name (unique) */
-    findByName(name: string): Promise<PermissionDTO | null>;
-    /** Count permissions in a category */
-    countByCategory(category: string): Promise<number>;
-}

package/dist/repositories/permission.repository.js

@@ -1,21 +0,0 @@
-// @mosta/auth — PermissionRepository
-// Author: Dr Hamid MADANI drmdh@msn.com
-import { BaseRepository } from '@mostajs/orm';
-import { PermissionSchema } from '../schemas/permission.schema';
-export class PermissionRepository extends BaseRepository {
-    constructor(dialect) {
-        super(PermissionSchema, dialect);
-    }
-    /** Find all sorted by category then name */
-    async findAllSorted() {
-        return this.findAll({}, { sort: { category: 1, name: 1 } });
-    }
-    /** Find by name (unique) */
-    async findByName(name) {
-        return this.findOne({ name });
-    }
-    /** Count permissions in a category */
-    async countByCategory(category) {
-        return this.count({ category });
-    }
-}

package/dist/repositories/role.repository.d.ts

@@ -1,18 +0,0 @@
-import { BaseRepository } from '@mostajs/orm';
-import type { IDialect } from '@mostajs/orm';
-import type { RoleDTO } from '../types/index';
-export declare class RoleRepository extends BaseRepository<RoleDTO> {
-    constructor(dialect: IDialect);
-    /** Find all roles with permissions populated */
-    findAllWithPermissions(): Promise<RoleDTO[]>;
-    /** Find a role by name */
-    findByName(name: string): Promise<RoleDTO | null>;
-    /** Find role by ID with permissions populated */
-    findByIdWithPermissions(id: string): Promise<RoleDTO | null>;
-    /** Add a permission to a role */
-    addPermission(roleId: string, permissionId: string): Promise<RoleDTO | null>;
-    /** Remove a permission from a role */
-    removePermission(roleId: string, permissionId: string): Promise<RoleDTO | null>;
-    /** Remove a permission from ALL roles (cascade) */
-    removePermissionFromAll(permissionId: string): Promise<number>;
-}

package/dist/repositories/role.repository.js

@@ -1,33 +0,0 @@
-// @mosta/auth — RoleRepository
-// Author: Dr Hamid MADANI drmdh@msn.com
-import { BaseRepository } from '@mostajs/orm';
-import { RoleSchema } from '../schemas/role.schema';
-export class RoleRepository extends BaseRepository {
-    constructor(dialect) {
-        super(RoleSchema, dialect);
-    }
-    /** Find all roles with permissions populated */
-    async findAllWithPermissions() {
-        return this.findWithRelations({}, ['permissions']);
-    }
-    /** Find a role by name */
-    async findByName(name) {
-        return this.findOne({ name });
-    }
-    /** Find role by ID with permissions populated */
-    async findByIdWithPermissions(id) {
-        return this.findByIdWithRelations(id, ['permissions']);
-    }
-    /** Add a permission to a role */
-    async addPermission(roleId, permissionId) {
-        return this.addToSet(roleId, 'permissions', permissionId);
-    }
-    /** Remove a permission from a role */
-    async removePermission(roleId, permissionId) {
-        return this.pull(roleId, 'permissions', permissionId);
-    }
-    /** Remove a permission from ALL roles (cascade) */
-    async removePermissionFromAll(permissionId) {
-        return this.updateMany({ permissions: permissionId }, { $pull: { permissions: permissionId } });
-    }
-}

package/dist/repositories/user.repository.d.ts

@@ -1,24 +0,0 @@
-import { BaseRepository } from '@mostajs/orm';
-import type { IDialect, FilterQuery, QueryOptions } from '@mostajs/orm';
-import type { UserDTO } from '../types/index';
-export declare class UserRepository extends BaseRepository<UserDTO> {
-    constructor(dialect: IDialect);
-    /** List users without password field */
-    findAllSafe(filter?: FilterQuery, options?: QueryOptions): Promise<UserDTO[]>;
-    /** Find a single user by ID without password */
-    findByIdSafe(id: string): Promise<UserDTO | null>;
-    /** Find user by email (for authentication) */
-    findByEmail(email: string): Promise<UserDTO | null>;
-    /** Update lastLoginAt timestamp */
-    updateLastLogin(id: string): Promise<void>;
-    /** Find user by ID with roles populated */
-    findByIdWithRoles(id: string): Promise<UserDTO | null>;
-    /** Find all users with roles populated (no password) */
-    findAllWithRoles(filter?: FilterQuery, options?: QueryOptions): Promise<UserDTO[]>;
-    /** Count users having a specific role */
-    countByRole(roleId: string): Promise<number>;
-    /** Add a role to a user */
-    addRole(userId: string, roleId: string): Promise<UserDTO | null>;
-    /** Remove a role from a user */
-    removeRole(userId: string, roleId: string): Promise<UserDTO | null>;
-}

package/dist/repositories/user.repository.js

@@ -1,45 +0,0 @@
-// @mosta/auth — UserRepository
-// Author: Dr Hamid MADANI drmdh@msn.com
-import { BaseRepository } from '@mostajs/orm';
-import { UserSchema } from '../schemas/user.schema';
-export class UserRepository extends BaseRepository {
-    constructor(dialect) {
-        super(UserSchema, dialect);
-    }
-    /** List users without password field */
-    async findAllSafe(filter = {}, options) {
-        return this.findAll(filter, { ...options, exclude: ['password'] });
-    }
-    /** Find a single user by ID without password */
-    async findByIdSafe(id) {
-        return this.findById(id, { exclude: ['password'] });
-    }
-    /** Find user by email (for authentication) */
-    async findByEmail(email) {
-        return this.findOne({ email: email.toLowerCase() });
-    }
-    /** Update lastLoginAt timestamp */
-    async updateLastLogin(id) {
-        await this.update(id, { lastLoginAt: new Date() });
-    }
-    /** Find user by ID with roles populated */
-    async findByIdWithRoles(id) {
-        return this.findByIdWithRelations(id, ['roles']);
-    }
-    /** Find all users with roles populated (no password) */
-    async findAllWithRoles(filter = {}, options) {
-        return this.findWithRelations(filter, ['roles'], { ...options, exclude: ['password'] });
-    }
-    /** Count users having a specific role */
-    async countByRole(roleId) {
-        return this.count({ roles: roleId });
-    }
-    /** Add a role to a user */
-    async addRole(userId, roleId) {
-        return this.addToSet(userId, 'roles', roleId);
-    }
-    /** Remove a role from a user */
-    async removeRole(userId, roleId) {
-        return this.pull(userId, 'roles', roleId);
-    }
-}

package/dist/schemas/permission-category.schema.d.ts

@@ -1,2 +0,0 @@
-import type { EntitySchema } from '@mostajs/orm';
-export declare const PermissionCategorySchema: EntitySchema;

package/dist/schemas/permission-category.schema.js

@@ -1,17 +0,0 @@
-export const PermissionCategorySchema = {
-    name: 'PermissionCategory',
-    collection: 'permission_categories',
-    timestamps: true,
-    fields: {
-        name: { type: 'string', required: true, unique: true, lowercase: true, trim: true },
-        label: { type: 'string', required: true, trim: true },
-        description: { type: 'string' },
-        icon: { type: 'string' },
-        order: { type: 'number', default: 0 },
-        system: { type: 'boolean', default: false },
-    },
-    relations: {},
-    indexes: [
-        { fields: { order: 'asc', name: 'asc' } },
-    ],
-};

package/dist/schemas/permission.schema.d.ts

@@ -1,2 +0,0 @@
-import type { EntitySchema } from '@mostajs/orm';
-export declare const PermissionSchema: EntitySchema;

package/dist/schemas/permission.schema.js

@@ -1,12 +0,0 @@
-export const PermissionSchema = {
-    name: 'Permission',
-    collection: 'permissions',
-    timestamps: true,
-    fields: {
-        name: { type: 'string', required: true, unique: true },
-        description: { type: 'string' },
-        category: { type: 'string' },
-    },
-    relations: {},
-    indexes: [],
-};

package/dist/schemas/role.schema.d.ts

@@ -1,2 +0,0 @@
-import type { EntitySchema } from '@mostajs/orm';
-export declare const RoleSchema: EntitySchema;

package/dist/schemas/role.schema.js

@@ -1,13 +0,0 @@
-export const RoleSchema = {
-    name: 'Role',
-    collection: 'roles',
-    timestamps: true,
-    fields: {
-        name: { type: 'string', required: true, unique: true },
-        description: { type: 'string' },
-    },
-    relations: {
-        permissions: { target: 'Permission', type: 'many-to-many', through: 'role_permissions' },
-    },
-    indexes: [],
-};

package/dist/schemas/user.schema.d.ts

@@ -1,2 +0,0 @@
-import type { EntitySchema } from '@mostajs/orm';
-export declare const UserSchema: EntitySchema;

package/dist/schemas/user.schema.js

@@ -1,20 +0,0 @@
-export const UserSchema = {
-    name: 'User',
-    collection: 'users',
-    timestamps: true,
-    fields: {
-        email: { type: 'string', required: true, unique: true, lowercase: true, trim: true },
-        password: { type: 'string', required: true },
-        firstName: { type: 'string', required: true, trim: true },
-        lastName: { type: 'string', required: true, trim: true },
-        phone: { type: 'string', trim: true },
-        status: { type: 'string', enum: ['active', 'locked', 'disabled'], default: 'active' },
-        lastLoginAt: { type: 'date' },
-    },
-    relations: {
-        roles: { target: 'Role', type: 'many-to-many', through: 'user_roles' },
-    },
-    indexes: [
-        { fields: { status: 'asc' } },
-    ],
-};