@objectstack/plugin-auth 3.2.4 → 3.2.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +65 -9
- package/CHANGELOG.md +15 -0
- package/dist/index.d.mts +9994 -51
- package/dist/index.d.ts +9994 -51
- package/dist/index.js +487 -52
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +476 -52
- package/dist/index.mjs.map +1 -1
- package/package.json +12 -4
- package/src/auth-manager.test.ts +39 -0
- package/src/auth-manager.ts +9 -1
- package/src/auth-plugin.ts +5 -22
- package/src/auth-schema-config.ts +6 -6
- package/src/objects/auth-account.object.ts +3 -117
- package/src/objects/auth-session.object.ts +3 -85
- package/src/objects/auth-user.object.ts +3 -93
- package/src/objects/auth-verification.object.ts +3 -74
- package/src/objects/index.ts +30 -4
- package/src/objects/sys-account.object.ts +111 -0
- package/src/objects/sys-api-key.object.ts +104 -0
- package/src/objects/sys-invitation.object.ts +93 -0
- package/src/objects/sys-member.object.ts +68 -0
- package/src/objects/sys-organization.object.ts +82 -0
- package/src/objects/sys-session.object.ts +84 -0
- package/src/objects/sys-team-member.object.ts +61 -0
- package/src/objects/sys-team.object.ts +69 -0
- package/src/objects/sys-two-factor.object.ts +73 -0
- package/src/objects/sys-user.object.ts +91 -0
- package/src/objects/sys-verification.object.ts +75 -0
package/dist/index.js
CHANGED
|
@@ -33,12 +33,23 @@ __export(index_exports, {
|
|
|
33
33
|
AUTH_TWO_FACTOR_USER_FIELDS: () => AUTH_TWO_FACTOR_USER_FIELDS,
|
|
34
34
|
AUTH_USER_CONFIG: () => AUTH_USER_CONFIG,
|
|
35
35
|
AUTH_VERIFICATION_CONFIG: () => AUTH_VERIFICATION_CONFIG,
|
|
36
|
-
AuthAccount: () =>
|
|
36
|
+
AuthAccount: () => SysAccount,
|
|
37
37
|
AuthManager: () => AuthManager,
|
|
38
38
|
AuthPlugin: () => AuthPlugin,
|
|
39
|
-
AuthSession: () =>
|
|
40
|
-
AuthUser: () =>
|
|
41
|
-
AuthVerification: () =>
|
|
39
|
+
AuthSession: () => SysSession,
|
|
40
|
+
AuthUser: () => SysUser,
|
|
41
|
+
AuthVerification: () => SysVerification,
|
|
42
|
+
SysAccount: () => SysAccount,
|
|
43
|
+
SysApiKey: () => SysApiKey,
|
|
44
|
+
SysInvitation: () => SysInvitation,
|
|
45
|
+
SysMember: () => SysMember,
|
|
46
|
+
SysOrganization: () => SysOrganization,
|
|
47
|
+
SysSession: () => SysSession,
|
|
48
|
+
SysTeam: () => SysTeam,
|
|
49
|
+
SysTeamMember: () => SysTeamMember,
|
|
50
|
+
SysTwoFactor: () => SysTwoFactor,
|
|
51
|
+
SysUser: () => SysUser,
|
|
52
|
+
SysVerification: () => SysVerification,
|
|
42
53
|
buildOrganizationPluginSchema: () => buildOrganizationPluginSchema,
|
|
43
54
|
buildTwoFactorPluginSchema: () => buildTwoFactorPluginSchema,
|
|
44
55
|
createObjectQLAdapter: () => createObjectQLAdapter,
|
|
@@ -265,14 +276,16 @@ var AUTH_VERIFICATION_CONFIG = {
|
|
|
265
276
|
}
|
|
266
277
|
};
|
|
267
278
|
var AUTH_ORGANIZATION_SCHEMA = {
|
|
268
|
-
modelName:
|
|
279
|
+
modelName: import_system2.SystemObjectName.ORGANIZATION,
|
|
280
|
+
// 'sys_organization'
|
|
269
281
|
fields: {
|
|
270
282
|
createdAt: "created_at",
|
|
271
283
|
updatedAt: "updated_at"
|
|
272
284
|
}
|
|
273
285
|
};
|
|
274
286
|
var AUTH_MEMBER_SCHEMA = {
|
|
275
|
-
modelName:
|
|
287
|
+
modelName: import_system2.SystemObjectName.MEMBER,
|
|
288
|
+
// 'sys_member'
|
|
276
289
|
fields: {
|
|
277
290
|
organizationId: "organization_id",
|
|
278
291
|
userId: "user_id",
|
|
@@ -280,7 +293,8 @@ var AUTH_MEMBER_SCHEMA = {
|
|
|
280
293
|
}
|
|
281
294
|
};
|
|
282
295
|
var AUTH_INVITATION_SCHEMA = {
|
|
283
|
-
modelName:
|
|
296
|
+
modelName: import_system2.SystemObjectName.INVITATION,
|
|
297
|
+
// 'sys_invitation'
|
|
284
298
|
fields: {
|
|
285
299
|
organizationId: "organization_id",
|
|
286
300
|
inviterId: "inviter_id",
|
|
@@ -294,7 +308,8 @@ var AUTH_ORG_SESSION_FIELDS = {
|
|
|
294
308
|
activeTeamId: "active_team_id"
|
|
295
309
|
};
|
|
296
310
|
var AUTH_TEAM_SCHEMA = {
|
|
297
|
-
modelName:
|
|
311
|
+
modelName: import_system2.SystemObjectName.TEAM,
|
|
312
|
+
// 'sys_team'
|
|
298
313
|
fields: {
|
|
299
314
|
organizationId: "organization_id",
|
|
300
315
|
createdAt: "created_at",
|
|
@@ -302,7 +317,8 @@ var AUTH_TEAM_SCHEMA = {
|
|
|
302
317
|
}
|
|
303
318
|
};
|
|
304
319
|
var AUTH_TEAM_MEMBER_SCHEMA = {
|
|
305
|
-
modelName:
|
|
320
|
+
modelName: import_system2.SystemObjectName.TEAM_MEMBER,
|
|
321
|
+
// 'sys_team_member'
|
|
306
322
|
fields: {
|
|
307
323
|
teamId: "team_id",
|
|
308
324
|
userId: "user_id",
|
|
@@ -310,7 +326,8 @@ var AUTH_TEAM_MEMBER_SCHEMA = {
|
|
|
310
326
|
}
|
|
311
327
|
};
|
|
312
328
|
var AUTH_TWO_FACTOR_SCHEMA = {
|
|
313
|
-
modelName:
|
|
329
|
+
modelName: import_system2.SystemObjectName.TWO_FACTOR,
|
|
330
|
+
// 'sys_two_factor'
|
|
314
331
|
fields: {
|
|
315
332
|
backupCodes: "backup_codes",
|
|
316
333
|
userId: "user_id"
|
|
@@ -366,8 +383,7 @@ var AuthManager = class {
|
|
|
366
383
|
// Base configuration
|
|
367
384
|
secret: this.config.secret || this.generateSecret(),
|
|
368
385
|
baseURL: this.config.baseUrl || "http://localhost:3000",
|
|
369
|
-
basePath: "/",
|
|
370
|
-
// ← 关键修复!告诉 better-auth 路径已被剥离
|
|
386
|
+
basePath: this.config.basePath || "/api/v1/auth",
|
|
371
387
|
// Database adapter configuration
|
|
372
388
|
database: this.createDatabaseConfig(),
|
|
373
389
|
// Model/field mapping: camelCase (better-auth) → snake_case (ObjectStack)
|
|
@@ -601,19 +617,7 @@ var AuthPlugin = class {
|
|
|
601
617
|
const rawApp = httpServer.getRawApp();
|
|
602
618
|
rawApp.all(`${basePath}/*`, async (c) => {
|
|
603
619
|
try {
|
|
604
|
-
const
|
|
605
|
-
const url = new URL(request.url);
|
|
606
|
-
const authPath = url.pathname.replace(basePath, "");
|
|
607
|
-
const rewrittenUrl = new URL(authPath || "/", url.origin);
|
|
608
|
-
rewrittenUrl.search = url.search;
|
|
609
|
-
const rewrittenRequest = new Request(rewrittenUrl, {
|
|
610
|
-
method: request.method,
|
|
611
|
-
headers: request.headers,
|
|
612
|
-
body: request.body,
|
|
613
|
-
duplex: "half"
|
|
614
|
-
// Required for Request with body
|
|
615
|
-
});
|
|
616
|
-
const response = await this.authManager.handleRequest(rewrittenRequest);
|
|
620
|
+
const response = await this.authManager.handleRequest(c.req.raw);
|
|
617
621
|
if (response.status >= 500) {
|
|
618
622
|
try {
|
|
619
623
|
const body = await response.clone().text();
|
|
@@ -642,18 +646,19 @@ var AuthPlugin = class {
|
|
|
642
646
|
}
|
|
643
647
|
};
|
|
644
648
|
|
|
645
|
-
// src/objects/
|
|
649
|
+
// src/objects/sys-user.object.ts
|
|
646
650
|
var import_data = require("@objectstack/spec/data");
|
|
647
|
-
var
|
|
648
|
-
|
|
651
|
+
var SysUser = import_data.ObjectSchema.create({
|
|
652
|
+
namespace: "sys",
|
|
653
|
+
name: "user",
|
|
649
654
|
label: "User",
|
|
650
655
|
pluralLabel: "Users",
|
|
651
656
|
icon: "user",
|
|
657
|
+
isSystem: true,
|
|
652
658
|
description: "User accounts for authentication",
|
|
653
659
|
titleFormat: "{name} ({email})",
|
|
654
660
|
compactLayout: ["name", "email", "email_verified"],
|
|
655
661
|
fields: {
|
|
656
|
-
// ID is auto-generated by ObjectQL
|
|
657
662
|
id: import_data.Field.text({
|
|
658
663
|
label: "User ID",
|
|
659
664
|
required: true,
|
|
@@ -689,12 +694,10 @@ var AuthUser = import_data.ObjectSchema.create({
|
|
|
689
694
|
required: false
|
|
690
695
|
})
|
|
691
696
|
},
|
|
692
|
-
// Database indexes for performance
|
|
693
697
|
indexes: [
|
|
694
698
|
{ fields: ["email"], unique: true },
|
|
695
699
|
{ fields: ["created_at"], unique: false }
|
|
696
700
|
],
|
|
697
|
-
// Enable features
|
|
698
701
|
enable: {
|
|
699
702
|
trackHistory: true,
|
|
700
703
|
searchable: true,
|
|
@@ -703,7 +706,6 @@ var AuthUser = import_data.ObjectSchema.create({
|
|
|
703
706
|
trash: true,
|
|
704
707
|
mru: true
|
|
705
708
|
},
|
|
706
|
-
// Validation Rules
|
|
707
709
|
validations: [
|
|
708
710
|
{
|
|
709
711
|
name: "email_unique",
|
|
@@ -716,13 +718,15 @@ var AuthUser = import_data.ObjectSchema.create({
|
|
|
716
718
|
]
|
|
717
719
|
});
|
|
718
720
|
|
|
719
|
-
// src/objects/
|
|
721
|
+
// src/objects/sys-session.object.ts
|
|
720
722
|
var import_data2 = require("@objectstack/spec/data");
|
|
721
|
-
var
|
|
722
|
-
|
|
723
|
+
var SysSession = import_data2.ObjectSchema.create({
|
|
724
|
+
namespace: "sys",
|
|
725
|
+
name: "session",
|
|
723
726
|
label: "Session",
|
|
724
727
|
pluralLabel: "Sessions",
|
|
725
728
|
icon: "key",
|
|
729
|
+
isSystem: true,
|
|
726
730
|
description: "Active user sessions",
|
|
727
731
|
titleFormat: "Session {token}",
|
|
728
732
|
compactLayout: ["user_id", "expires_at", "ip_address"],
|
|
@@ -765,33 +769,30 @@ var AuthSession = import_data2.ObjectSchema.create({
|
|
|
765
769
|
required: false
|
|
766
770
|
})
|
|
767
771
|
},
|
|
768
|
-
// Database indexes for performance
|
|
769
772
|
indexes: [
|
|
770
773
|
{ fields: ["token"], unique: true },
|
|
771
774
|
{ fields: ["user_id"], unique: false },
|
|
772
775
|
{ fields: ["expires_at"], unique: false }
|
|
773
776
|
],
|
|
774
|
-
// Enable features
|
|
775
777
|
enable: {
|
|
776
778
|
trackHistory: false,
|
|
777
|
-
// Sessions don't need history tracking
|
|
778
779
|
searchable: false,
|
|
779
780
|
apiEnabled: true,
|
|
780
781
|
apiMethods: ["get", "list", "create", "delete"],
|
|
781
|
-
// No update for sessions
|
|
782
782
|
trash: false,
|
|
783
|
-
// Sessions should be hard deleted
|
|
784
783
|
mru: false
|
|
785
784
|
}
|
|
786
785
|
});
|
|
787
786
|
|
|
788
|
-
// src/objects/
|
|
787
|
+
// src/objects/sys-account.object.ts
|
|
789
788
|
var import_data3 = require("@objectstack/spec/data");
|
|
790
|
-
var
|
|
791
|
-
|
|
789
|
+
var SysAccount = import_data3.ObjectSchema.create({
|
|
790
|
+
namespace: "sys",
|
|
791
|
+
name: "account",
|
|
792
792
|
label: "Account",
|
|
793
793
|
pluralLabel: "Accounts",
|
|
794
794
|
icon: "link",
|
|
795
|
+
isSystem: true,
|
|
795
796
|
description: "OAuth and authentication provider accounts",
|
|
796
797
|
titleFormat: "{provider_id} - {account_id}",
|
|
797
798
|
compactLayout: ["provider_id", "user_id", "account_id"],
|
|
@@ -856,12 +857,10 @@ var AuthAccount = import_data3.ObjectSchema.create({
|
|
|
856
857
|
description: "Hashed password for email/password provider"
|
|
857
858
|
})
|
|
858
859
|
},
|
|
859
|
-
// Database indexes for performance
|
|
860
860
|
indexes: [
|
|
861
861
|
{ fields: ["user_id"], unique: false },
|
|
862
862
|
{ fields: ["provider_id", "account_id"], unique: true }
|
|
863
863
|
],
|
|
864
|
-
// Enable features
|
|
865
864
|
enable: {
|
|
866
865
|
trackHistory: false,
|
|
867
866
|
searchable: false,
|
|
@@ -872,13 +871,15 @@ var AuthAccount = import_data3.ObjectSchema.create({
|
|
|
872
871
|
}
|
|
873
872
|
});
|
|
874
873
|
|
|
875
|
-
// src/objects/
|
|
874
|
+
// src/objects/sys-verification.object.ts
|
|
876
875
|
var import_data4 = require("@objectstack/spec/data");
|
|
877
|
-
var
|
|
878
|
-
|
|
876
|
+
var SysVerification = import_data4.ObjectSchema.create({
|
|
877
|
+
namespace: "sys",
|
|
878
|
+
name: "verification",
|
|
879
879
|
label: "Verification",
|
|
880
880
|
pluralLabel: "Verifications",
|
|
881
881
|
icon: "shield-check",
|
|
882
|
+
isSystem: true,
|
|
882
883
|
description: "Email and phone verification tokens",
|
|
883
884
|
titleFormat: "Verification for {identifier}",
|
|
884
885
|
compactLayout: ["identifier", "expires_at", "created_at"],
|
|
@@ -913,21 +914,444 @@ var AuthVerification = import_data4.ObjectSchema.create({
|
|
|
913
914
|
description: "Email address or phone number"
|
|
914
915
|
})
|
|
915
916
|
},
|
|
916
|
-
// Database indexes for performance
|
|
917
917
|
indexes: [
|
|
918
918
|
{ fields: ["value"], unique: true },
|
|
919
919
|
{ fields: ["identifier"], unique: false },
|
|
920
920
|
{ fields: ["expires_at"], unique: false }
|
|
921
921
|
],
|
|
922
|
-
// Enable features
|
|
923
922
|
enable: {
|
|
924
923
|
trackHistory: false,
|
|
925
924
|
searchable: false,
|
|
926
925
|
apiEnabled: true,
|
|
927
926
|
apiMethods: ["get", "create", "delete"],
|
|
928
|
-
// No list or update
|
|
929
927
|
trash: false,
|
|
930
|
-
|
|
928
|
+
mru: false
|
|
929
|
+
}
|
|
930
|
+
});
|
|
931
|
+
|
|
932
|
+
// src/objects/sys-organization.object.ts
|
|
933
|
+
var import_data5 = require("@objectstack/spec/data");
|
|
934
|
+
var SysOrganization = import_data5.ObjectSchema.create({
|
|
935
|
+
namespace: "sys",
|
|
936
|
+
name: "organization",
|
|
937
|
+
label: "Organization",
|
|
938
|
+
pluralLabel: "Organizations",
|
|
939
|
+
icon: "building-2",
|
|
940
|
+
isSystem: true,
|
|
941
|
+
description: "Organizations for multi-tenant grouping",
|
|
942
|
+
titleFormat: "{name}",
|
|
943
|
+
compactLayout: ["name", "slug", "created_at"],
|
|
944
|
+
fields: {
|
|
945
|
+
id: import_data5.Field.text({
|
|
946
|
+
label: "Organization ID",
|
|
947
|
+
required: true,
|
|
948
|
+
readonly: true
|
|
949
|
+
}),
|
|
950
|
+
created_at: import_data5.Field.datetime({
|
|
951
|
+
label: "Created At",
|
|
952
|
+
defaultValue: "NOW()",
|
|
953
|
+
readonly: true
|
|
954
|
+
}),
|
|
955
|
+
updated_at: import_data5.Field.datetime({
|
|
956
|
+
label: "Updated At",
|
|
957
|
+
defaultValue: "NOW()",
|
|
958
|
+
readonly: true
|
|
959
|
+
}),
|
|
960
|
+
name: import_data5.Field.text({
|
|
961
|
+
label: "Name",
|
|
962
|
+
required: true,
|
|
963
|
+
searchable: true,
|
|
964
|
+
maxLength: 255
|
|
965
|
+
}),
|
|
966
|
+
slug: import_data5.Field.text({
|
|
967
|
+
label: "Slug",
|
|
968
|
+
required: false,
|
|
969
|
+
maxLength: 255,
|
|
970
|
+
description: "URL-friendly identifier"
|
|
971
|
+
}),
|
|
972
|
+
logo: import_data5.Field.url({
|
|
973
|
+
label: "Logo",
|
|
974
|
+
required: false
|
|
975
|
+
}),
|
|
976
|
+
metadata: import_data5.Field.textarea({
|
|
977
|
+
label: "Metadata",
|
|
978
|
+
required: false,
|
|
979
|
+
description: "JSON-serialized organization metadata"
|
|
980
|
+
})
|
|
981
|
+
},
|
|
982
|
+
indexes: [
|
|
983
|
+
{ fields: ["slug"], unique: true },
|
|
984
|
+
{ fields: ["name"] }
|
|
985
|
+
],
|
|
986
|
+
enable: {
|
|
987
|
+
trackHistory: true,
|
|
988
|
+
searchable: true,
|
|
989
|
+
apiEnabled: true,
|
|
990
|
+
apiMethods: ["get", "list", "create", "update", "delete"],
|
|
991
|
+
trash: true,
|
|
992
|
+
mru: true
|
|
993
|
+
}
|
|
994
|
+
});
|
|
995
|
+
|
|
996
|
+
// src/objects/sys-member.object.ts
|
|
997
|
+
var import_data6 = require("@objectstack/spec/data");
|
|
998
|
+
var SysMember = import_data6.ObjectSchema.create({
|
|
999
|
+
namespace: "sys",
|
|
1000
|
+
name: "member",
|
|
1001
|
+
label: "Member",
|
|
1002
|
+
pluralLabel: "Members",
|
|
1003
|
+
icon: "user-check",
|
|
1004
|
+
isSystem: true,
|
|
1005
|
+
description: "Organization membership records",
|
|
1006
|
+
titleFormat: "{user_id} in {organization_id}",
|
|
1007
|
+
compactLayout: ["user_id", "organization_id", "role"],
|
|
1008
|
+
fields: {
|
|
1009
|
+
id: import_data6.Field.text({
|
|
1010
|
+
label: "Member ID",
|
|
1011
|
+
required: true,
|
|
1012
|
+
readonly: true
|
|
1013
|
+
}),
|
|
1014
|
+
created_at: import_data6.Field.datetime({
|
|
1015
|
+
label: "Created At",
|
|
1016
|
+
defaultValue: "NOW()",
|
|
1017
|
+
readonly: true
|
|
1018
|
+
}),
|
|
1019
|
+
organization_id: import_data6.Field.text({
|
|
1020
|
+
label: "Organization ID",
|
|
1021
|
+
required: true
|
|
1022
|
+
}),
|
|
1023
|
+
user_id: import_data6.Field.text({
|
|
1024
|
+
label: "User ID",
|
|
1025
|
+
required: true
|
|
1026
|
+
}),
|
|
1027
|
+
role: import_data6.Field.text({
|
|
1028
|
+
label: "Role",
|
|
1029
|
+
required: false,
|
|
1030
|
+
description: "Member role within the organization (e.g. admin, member)",
|
|
1031
|
+
maxLength: 100
|
|
1032
|
+
})
|
|
1033
|
+
},
|
|
1034
|
+
indexes: [
|
|
1035
|
+
{ fields: ["organization_id", "user_id"], unique: true },
|
|
1036
|
+
{ fields: ["user_id"] }
|
|
1037
|
+
],
|
|
1038
|
+
enable: {
|
|
1039
|
+
trackHistory: true,
|
|
1040
|
+
searchable: false,
|
|
1041
|
+
apiEnabled: true,
|
|
1042
|
+
apiMethods: ["get", "list", "create", "update", "delete"],
|
|
1043
|
+
trash: false,
|
|
1044
|
+
mru: false
|
|
1045
|
+
}
|
|
1046
|
+
});
|
|
1047
|
+
|
|
1048
|
+
// src/objects/sys-invitation.object.ts
|
|
1049
|
+
var import_data7 = require("@objectstack/spec/data");
|
|
1050
|
+
var SysInvitation = import_data7.ObjectSchema.create({
|
|
1051
|
+
namespace: "sys",
|
|
1052
|
+
name: "invitation",
|
|
1053
|
+
label: "Invitation",
|
|
1054
|
+
pluralLabel: "Invitations",
|
|
1055
|
+
icon: "mail",
|
|
1056
|
+
isSystem: true,
|
|
1057
|
+
description: "Organization invitations for user onboarding",
|
|
1058
|
+
titleFormat: "Invitation to {organization_id}",
|
|
1059
|
+
compactLayout: ["email", "organization_id", "status"],
|
|
1060
|
+
fields: {
|
|
1061
|
+
id: import_data7.Field.text({
|
|
1062
|
+
label: "Invitation ID",
|
|
1063
|
+
required: true,
|
|
1064
|
+
readonly: true
|
|
1065
|
+
}),
|
|
1066
|
+
created_at: import_data7.Field.datetime({
|
|
1067
|
+
label: "Created At",
|
|
1068
|
+
defaultValue: "NOW()",
|
|
1069
|
+
readonly: true
|
|
1070
|
+
}),
|
|
1071
|
+
organization_id: import_data7.Field.text({
|
|
1072
|
+
label: "Organization ID",
|
|
1073
|
+
required: true
|
|
1074
|
+
}),
|
|
1075
|
+
email: import_data7.Field.email({
|
|
1076
|
+
label: "Email",
|
|
1077
|
+
required: true,
|
|
1078
|
+
description: "Email address of the invited user"
|
|
1079
|
+
}),
|
|
1080
|
+
role: import_data7.Field.text({
|
|
1081
|
+
label: "Role",
|
|
1082
|
+
required: false,
|
|
1083
|
+
maxLength: 100,
|
|
1084
|
+
description: "Role to assign upon acceptance"
|
|
1085
|
+
}),
|
|
1086
|
+
status: import_data7.Field.select(["pending", "accepted", "rejected", "expired", "canceled"], {
|
|
1087
|
+
label: "Status",
|
|
1088
|
+
required: true,
|
|
1089
|
+
defaultValue: "pending"
|
|
1090
|
+
}),
|
|
1091
|
+
inviter_id: import_data7.Field.text({
|
|
1092
|
+
label: "Inviter ID",
|
|
1093
|
+
required: true,
|
|
1094
|
+
description: "User ID of the person who sent the invitation"
|
|
1095
|
+
}),
|
|
1096
|
+
expires_at: import_data7.Field.datetime({
|
|
1097
|
+
label: "Expires At",
|
|
1098
|
+
required: true
|
|
1099
|
+
}),
|
|
1100
|
+
team_id: import_data7.Field.text({
|
|
1101
|
+
label: "Team ID",
|
|
1102
|
+
required: false,
|
|
1103
|
+
description: "Optional team to assign upon acceptance"
|
|
1104
|
+
})
|
|
1105
|
+
},
|
|
1106
|
+
indexes: [
|
|
1107
|
+
{ fields: ["organization_id"] },
|
|
1108
|
+
{ fields: ["email"] },
|
|
1109
|
+
{ fields: ["expires_at"] }
|
|
1110
|
+
],
|
|
1111
|
+
enable: {
|
|
1112
|
+
trackHistory: true,
|
|
1113
|
+
searchable: false,
|
|
1114
|
+
apiEnabled: true,
|
|
1115
|
+
apiMethods: ["get", "list", "create", "update", "delete"],
|
|
1116
|
+
trash: false,
|
|
1117
|
+
mru: false
|
|
1118
|
+
}
|
|
1119
|
+
});
|
|
1120
|
+
|
|
1121
|
+
// src/objects/sys-team.object.ts
|
|
1122
|
+
var import_data8 = require("@objectstack/spec/data");
|
|
1123
|
+
var SysTeam = import_data8.ObjectSchema.create({
|
|
1124
|
+
namespace: "sys",
|
|
1125
|
+
name: "team",
|
|
1126
|
+
label: "Team",
|
|
1127
|
+
pluralLabel: "Teams",
|
|
1128
|
+
icon: "users",
|
|
1129
|
+
isSystem: true,
|
|
1130
|
+
description: "Teams within organizations for fine-grained grouping",
|
|
1131
|
+
titleFormat: "{name}",
|
|
1132
|
+
compactLayout: ["name", "organization_id", "created_at"],
|
|
1133
|
+
fields: {
|
|
1134
|
+
id: import_data8.Field.text({
|
|
1135
|
+
label: "Team ID",
|
|
1136
|
+
required: true,
|
|
1137
|
+
readonly: true
|
|
1138
|
+
}),
|
|
1139
|
+
created_at: import_data8.Field.datetime({
|
|
1140
|
+
label: "Created At",
|
|
1141
|
+
defaultValue: "NOW()",
|
|
1142
|
+
readonly: true
|
|
1143
|
+
}),
|
|
1144
|
+
updated_at: import_data8.Field.datetime({
|
|
1145
|
+
label: "Updated At",
|
|
1146
|
+
defaultValue: "NOW()",
|
|
1147
|
+
readonly: true
|
|
1148
|
+
}),
|
|
1149
|
+
name: import_data8.Field.text({
|
|
1150
|
+
label: "Name",
|
|
1151
|
+
required: true,
|
|
1152
|
+
searchable: true,
|
|
1153
|
+
maxLength: 255
|
|
1154
|
+
}),
|
|
1155
|
+
organization_id: import_data8.Field.text({
|
|
1156
|
+
label: "Organization ID",
|
|
1157
|
+
required: true
|
|
1158
|
+
})
|
|
1159
|
+
},
|
|
1160
|
+
indexes: [
|
|
1161
|
+
{ fields: ["organization_id"] },
|
|
1162
|
+
{ fields: ["name", "organization_id"], unique: true }
|
|
1163
|
+
],
|
|
1164
|
+
enable: {
|
|
1165
|
+
trackHistory: true,
|
|
1166
|
+
searchable: true,
|
|
1167
|
+
apiEnabled: true,
|
|
1168
|
+
apiMethods: ["get", "list", "create", "update", "delete"],
|
|
1169
|
+
trash: true,
|
|
1170
|
+
mru: false
|
|
1171
|
+
}
|
|
1172
|
+
});
|
|
1173
|
+
|
|
1174
|
+
// src/objects/sys-team-member.object.ts
|
|
1175
|
+
var import_data9 = require("@objectstack/spec/data");
|
|
1176
|
+
var SysTeamMember = import_data9.ObjectSchema.create({
|
|
1177
|
+
namespace: "sys",
|
|
1178
|
+
name: "team_member",
|
|
1179
|
+
label: "Team Member",
|
|
1180
|
+
pluralLabel: "Team Members",
|
|
1181
|
+
icon: "user-plus",
|
|
1182
|
+
isSystem: true,
|
|
1183
|
+
description: "Team membership records linking users to teams",
|
|
1184
|
+
titleFormat: "{user_id} in {team_id}",
|
|
1185
|
+
compactLayout: ["user_id", "team_id", "created_at"],
|
|
1186
|
+
fields: {
|
|
1187
|
+
id: import_data9.Field.text({
|
|
1188
|
+
label: "Team Member ID",
|
|
1189
|
+
required: true,
|
|
1190
|
+
readonly: true
|
|
1191
|
+
}),
|
|
1192
|
+
created_at: import_data9.Field.datetime({
|
|
1193
|
+
label: "Created At",
|
|
1194
|
+
defaultValue: "NOW()",
|
|
1195
|
+
readonly: true
|
|
1196
|
+
}),
|
|
1197
|
+
team_id: import_data9.Field.text({
|
|
1198
|
+
label: "Team ID",
|
|
1199
|
+
required: true
|
|
1200
|
+
}),
|
|
1201
|
+
user_id: import_data9.Field.text({
|
|
1202
|
+
label: "User ID",
|
|
1203
|
+
required: true
|
|
1204
|
+
})
|
|
1205
|
+
},
|
|
1206
|
+
indexes: [
|
|
1207
|
+
{ fields: ["team_id", "user_id"], unique: true },
|
|
1208
|
+
{ fields: ["user_id"] }
|
|
1209
|
+
],
|
|
1210
|
+
enable: {
|
|
1211
|
+
trackHistory: true,
|
|
1212
|
+
searchable: false,
|
|
1213
|
+
apiEnabled: true,
|
|
1214
|
+
apiMethods: ["get", "list", "create", "delete"],
|
|
1215
|
+
trash: false,
|
|
1216
|
+
mru: false
|
|
1217
|
+
}
|
|
1218
|
+
});
|
|
1219
|
+
|
|
1220
|
+
// src/objects/sys-api-key.object.ts
|
|
1221
|
+
var import_data10 = require("@objectstack/spec/data");
|
|
1222
|
+
var SysApiKey = import_data10.ObjectSchema.create({
|
|
1223
|
+
namespace: "sys",
|
|
1224
|
+
name: "api_key",
|
|
1225
|
+
label: "API Key",
|
|
1226
|
+
pluralLabel: "API Keys",
|
|
1227
|
+
icon: "key-round",
|
|
1228
|
+
isSystem: true,
|
|
1229
|
+
description: "API keys for programmatic access",
|
|
1230
|
+
titleFormat: "{name}",
|
|
1231
|
+
compactLayout: ["name", "user_id", "expires_at"],
|
|
1232
|
+
fields: {
|
|
1233
|
+
id: import_data10.Field.text({
|
|
1234
|
+
label: "API Key ID",
|
|
1235
|
+
required: true,
|
|
1236
|
+
readonly: true
|
|
1237
|
+
}),
|
|
1238
|
+
created_at: import_data10.Field.datetime({
|
|
1239
|
+
label: "Created At",
|
|
1240
|
+
defaultValue: "NOW()",
|
|
1241
|
+
readonly: true
|
|
1242
|
+
}),
|
|
1243
|
+
updated_at: import_data10.Field.datetime({
|
|
1244
|
+
label: "Updated At",
|
|
1245
|
+
defaultValue: "NOW()",
|
|
1246
|
+
readonly: true
|
|
1247
|
+
}),
|
|
1248
|
+
name: import_data10.Field.text({
|
|
1249
|
+
label: "Name",
|
|
1250
|
+
required: true,
|
|
1251
|
+
maxLength: 255,
|
|
1252
|
+
description: "Human-readable label for the API key"
|
|
1253
|
+
}),
|
|
1254
|
+
key: import_data10.Field.text({
|
|
1255
|
+
label: "Key",
|
|
1256
|
+
required: true,
|
|
1257
|
+
description: "Hashed API key value"
|
|
1258
|
+
}),
|
|
1259
|
+
prefix: import_data10.Field.text({
|
|
1260
|
+
label: "Prefix",
|
|
1261
|
+
required: false,
|
|
1262
|
+
maxLength: 16,
|
|
1263
|
+
description: 'Visible prefix for identifying the key (e.g., "osk_")'
|
|
1264
|
+
}),
|
|
1265
|
+
user_id: import_data10.Field.text({
|
|
1266
|
+
label: "User ID",
|
|
1267
|
+
required: true,
|
|
1268
|
+
description: "Owner user of this API key"
|
|
1269
|
+
}),
|
|
1270
|
+
scopes: import_data10.Field.textarea({
|
|
1271
|
+
label: "Scopes",
|
|
1272
|
+
required: false,
|
|
1273
|
+
description: "JSON array of permission scopes"
|
|
1274
|
+
}),
|
|
1275
|
+
expires_at: import_data10.Field.datetime({
|
|
1276
|
+
label: "Expires At",
|
|
1277
|
+
required: false
|
|
1278
|
+
}),
|
|
1279
|
+
last_used_at: import_data10.Field.datetime({
|
|
1280
|
+
label: "Last Used At",
|
|
1281
|
+
required: false
|
|
1282
|
+
}),
|
|
1283
|
+
revoked: import_data10.Field.boolean({
|
|
1284
|
+
label: "Revoked",
|
|
1285
|
+
defaultValue: false
|
|
1286
|
+
})
|
|
1287
|
+
},
|
|
1288
|
+
indexes: [
|
|
1289
|
+
{ fields: ["key"], unique: true },
|
|
1290
|
+
{ fields: ["user_id"] },
|
|
1291
|
+
{ fields: ["prefix"] }
|
|
1292
|
+
],
|
|
1293
|
+
enable: {
|
|
1294
|
+
trackHistory: true,
|
|
1295
|
+
searchable: false,
|
|
1296
|
+
apiEnabled: true,
|
|
1297
|
+
apiMethods: ["get", "list", "create", "update", "delete"],
|
|
1298
|
+
trash: false,
|
|
1299
|
+
mru: false
|
|
1300
|
+
}
|
|
1301
|
+
});
|
|
1302
|
+
|
|
1303
|
+
// src/objects/sys-two-factor.object.ts
|
|
1304
|
+
var import_data11 = require("@objectstack/spec/data");
|
|
1305
|
+
var SysTwoFactor = import_data11.ObjectSchema.create({
|
|
1306
|
+
namespace: "sys",
|
|
1307
|
+
name: "two_factor",
|
|
1308
|
+
label: "Two Factor",
|
|
1309
|
+
pluralLabel: "Two Factor Credentials",
|
|
1310
|
+
icon: "smartphone",
|
|
1311
|
+
isSystem: true,
|
|
1312
|
+
description: "Two-factor authentication credentials",
|
|
1313
|
+
titleFormat: "Two-factor for {user_id}",
|
|
1314
|
+
compactLayout: ["user_id", "created_at"],
|
|
1315
|
+
fields: {
|
|
1316
|
+
id: import_data11.Field.text({
|
|
1317
|
+
label: "Two Factor ID",
|
|
1318
|
+
required: true,
|
|
1319
|
+
readonly: true
|
|
1320
|
+
}),
|
|
1321
|
+
created_at: import_data11.Field.datetime({
|
|
1322
|
+
label: "Created At",
|
|
1323
|
+
defaultValue: "NOW()",
|
|
1324
|
+
readonly: true
|
|
1325
|
+
}),
|
|
1326
|
+
updated_at: import_data11.Field.datetime({
|
|
1327
|
+
label: "Updated At",
|
|
1328
|
+
defaultValue: "NOW()",
|
|
1329
|
+
readonly: true
|
|
1330
|
+
}),
|
|
1331
|
+
user_id: import_data11.Field.text({
|
|
1332
|
+
label: "User ID",
|
|
1333
|
+
required: true
|
|
1334
|
+
}),
|
|
1335
|
+
secret: import_data11.Field.text({
|
|
1336
|
+
label: "Secret",
|
|
1337
|
+
required: true,
|
|
1338
|
+
description: "TOTP secret key"
|
|
1339
|
+
}),
|
|
1340
|
+
backup_codes: import_data11.Field.textarea({
|
|
1341
|
+
label: "Backup Codes",
|
|
1342
|
+
required: false,
|
|
1343
|
+
description: "JSON-serialized backup recovery codes"
|
|
1344
|
+
})
|
|
1345
|
+
},
|
|
1346
|
+
indexes: [
|
|
1347
|
+
{ fields: ["user_id"], unique: true }
|
|
1348
|
+
],
|
|
1349
|
+
enable: {
|
|
1350
|
+
trackHistory: false,
|
|
1351
|
+
searchable: false,
|
|
1352
|
+
apiEnabled: true,
|
|
1353
|
+
apiMethods: ["get", "create", "update", "delete"],
|
|
1354
|
+
trash: false,
|
|
931
1355
|
mru: false
|
|
932
1356
|
}
|
|
933
1357
|
});
|
|
@@ -952,6 +1376,17 @@ var AuthVerification = import_data4.ObjectSchema.create({
|
|
|
952
1376
|
AuthSession,
|
|
953
1377
|
AuthUser,
|
|
954
1378
|
AuthVerification,
|
|
1379
|
+
SysAccount,
|
|
1380
|
+
SysApiKey,
|
|
1381
|
+
SysInvitation,
|
|
1382
|
+
SysMember,
|
|
1383
|
+
SysOrganization,
|
|
1384
|
+
SysSession,
|
|
1385
|
+
SysTeam,
|
|
1386
|
+
SysTeamMember,
|
|
1387
|
+
SysTwoFactor,
|
|
1388
|
+
SysUser,
|
|
1389
|
+
SysVerification,
|
|
955
1390
|
buildOrganizationPluginSchema,
|
|
956
1391
|
buildTwoFactorPluginSchema,
|
|
957
1392
|
createObjectQLAdapter,
|