@objectstack/plugin-auth 3.2.4 → 3.2.6

package/dist/index.mjs

@@ -216,14 +216,16 @@ var AUTH_VERIFICATION_CONFIG = {
   }
 };
 var AUTH_ORGANIZATION_SCHEMA = {
-  modelName: "sys_organization",
+  modelName: SystemObjectName2.ORGANIZATION,
+  // 'sys_organization'
   fields: {
     createdAt: "created_at",
     updatedAt: "updated_at"
   }
 };
 var AUTH_MEMBER_SCHEMA = {
-  modelName: "sys_member",
+  modelName: SystemObjectName2.MEMBER,
+  // 'sys_member'
   fields: {
     organizationId: "organization_id",
     userId: "user_id",
@@ -231,7 +233,8 @@ var AUTH_MEMBER_SCHEMA = {
   }
 };
 var AUTH_INVITATION_SCHEMA = {
-  modelName: "sys_invitation",
+  modelName: SystemObjectName2.INVITATION,
+  // 'sys_invitation'
   fields: {
     organizationId: "organization_id",
     inviterId: "inviter_id",
@@ -245,7 +248,8 @@ var AUTH_ORG_SESSION_FIELDS = {
   activeTeamId: "active_team_id"
 };
 var AUTH_TEAM_SCHEMA = {
-  modelName: "sys_team",
+  modelName: SystemObjectName2.TEAM,
+  // 'sys_team'
   fields: {
     organizationId: "organization_id",
     createdAt: "created_at",
@@ -253,7 +257,8 @@ var AUTH_TEAM_SCHEMA = {
   }
 };
 var AUTH_TEAM_MEMBER_SCHEMA = {
-  modelName: "sys_team_member",
+  modelName: SystemObjectName2.TEAM_MEMBER,
+  // 'sys_team_member'
   fields: {
     teamId: "team_id",
     userId: "user_id",
@@ -261,7 +266,8 @@ var AUTH_TEAM_MEMBER_SCHEMA = {
   }
 };
 var AUTH_TWO_FACTOR_SCHEMA = {
-  modelName: "sys_two_factor",
+  modelName: SystemObjectName2.TWO_FACTOR,
+  // 'sys_two_factor'
   fields: {
     backupCodes: "backup_codes",
     userId: "user_id"
@@ -317,8 +323,7 @@ var AuthManager = class {
       // Base configuration
       secret: this.config.secret || this.generateSecret(),
       baseURL: this.config.baseUrl || "http://localhost:3000",
-      basePath: "/",
-      // ← 关键修复！告诉 better-auth 路径已被剥离
+      basePath: this.config.basePath || "/api/v1/auth",
       // Database adapter configuration
       database: this.createDatabaseConfig(),
       // Model/field mapping: camelCase (better-auth) → snake_case (ObjectStack)
@@ -552,19 +557,7 @@ var AuthPlugin = class {
     const rawApp = httpServer.getRawApp();
     rawApp.all(`${basePath}/*`, async (c) => {
       try {
-        const request = c.req.raw;
-        const url = new URL(request.url);
-        const authPath = url.pathname.replace(basePath, "");
-        const rewrittenUrl = new URL(authPath || "/", url.origin);
-        rewrittenUrl.search = url.search;
-        const rewrittenRequest = new Request(rewrittenUrl, {
-          method: request.method,
-          headers: request.headers,
-          body: request.body,
-          duplex: "half"
-          // Required for Request with body
-        });
-        const response = await this.authManager.handleRequest(rewrittenRequest);
+        const response = await this.authManager.handleRequest(c.req.raw);
         if (response.status >= 500) {
           try {
             const body = await response.clone().text();
@@ -593,18 +586,19 @@ var AuthPlugin = class {
   }
 };
 
-// src/objects/auth-user.object.ts
+// src/objects/sys-user.object.ts
 import { ObjectSchema, Field } from "@objectstack/spec/data";
-var AuthUser = ObjectSchema.create({
-  name: "sys_user",
+var SysUser = ObjectSchema.create({
+  namespace: "sys",
+  name: "user",
   label: "User",
   pluralLabel: "Users",
   icon: "user",
+  isSystem: true,
   description: "User accounts for authentication",
   titleFormat: "{name} ({email})",
   compactLayout: ["name", "email", "email_verified"],
   fields: {
-    // ID is auto-generated by ObjectQL
     id: Field.text({
       label: "User ID",
       required: true,
@@ -640,12 +634,10 @@ var AuthUser = ObjectSchema.create({
       required: false
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["email"], unique: true },
     { fields: ["created_at"], unique: false }
   ],
-  // Enable features
   enable: {
     trackHistory: true,
     searchable: true,
@@ -654,7 +646,6 @@ var AuthUser = ObjectSchema.create({
     trash: true,
     mru: true
   },
-  // Validation Rules
   validations: [
     {
       name: "email_unique",
@@ -667,13 +658,15 @@ var AuthUser = ObjectSchema.create({
   ]
 });
 
-// src/objects/auth-session.object.ts
+// src/objects/sys-session.object.ts
 import { ObjectSchema as ObjectSchema2, Field as Field2 } from "@objectstack/spec/data";
-var AuthSession = ObjectSchema2.create({
-  name: "sys_session",
+var SysSession = ObjectSchema2.create({
+  namespace: "sys",
+  name: "session",
   label: "Session",
   pluralLabel: "Sessions",
   icon: "key",
+  isSystem: true,
   description: "Active user sessions",
   titleFormat: "Session {token}",
   compactLayout: ["user_id", "expires_at", "ip_address"],
@@ -716,33 +709,30 @@ var AuthSession = ObjectSchema2.create({
       required: false
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["token"], unique: true },
     { fields: ["user_id"], unique: false },
     { fields: ["expires_at"], unique: false }
   ],
-  // Enable features
   enable: {
     trackHistory: false,
-    // Sessions don't need history tracking
     searchable: false,
     apiEnabled: true,
     apiMethods: ["get", "list", "create", "delete"],
-    // No update for sessions
     trash: false,
-    // Sessions should be hard deleted
     mru: false
   }
 });
 
-// src/objects/auth-account.object.ts
+// src/objects/sys-account.object.ts
 import { ObjectSchema as ObjectSchema3, Field as Field3 } from "@objectstack/spec/data";
-var AuthAccount = ObjectSchema3.create({
-  name: "sys_account",
+var SysAccount = ObjectSchema3.create({
+  namespace: "sys",
+  name: "account",
   label: "Account",
   pluralLabel: "Accounts",
   icon: "link",
+  isSystem: true,
   description: "OAuth and authentication provider accounts",
   titleFormat: "{provider_id} - {account_id}",
   compactLayout: ["provider_id", "user_id", "account_id"],
@@ -807,12 +797,10 @@ var AuthAccount = ObjectSchema3.create({
       description: "Hashed password for email/password provider"
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["user_id"], unique: false },
     { fields: ["provider_id", "account_id"], unique: true }
   ],
-  // Enable features
   enable: {
     trackHistory: false,
     searchable: false,
@@ -823,13 +811,15 @@ var AuthAccount = ObjectSchema3.create({
   }
 });
 
-// src/objects/auth-verification.object.ts
+// src/objects/sys-verification.object.ts
 import { ObjectSchema as ObjectSchema4, Field as Field4 } from "@objectstack/spec/data";
-var AuthVerification = ObjectSchema4.create({
-  name: "sys_verification",
+var SysVerification = ObjectSchema4.create({
+  namespace: "sys",
+  name: "verification",
   label: "Verification",
   pluralLabel: "Verifications",
   icon: "shield-check",
+  isSystem: true,
   description: "Email and phone verification tokens",
   titleFormat: "Verification for {identifier}",
   compactLayout: ["identifier", "expires_at", "created_at"],
@@ -864,21 +854,444 @@ var AuthVerification = ObjectSchema4.create({
       description: "Email address or phone number"
     })
   },
-  // Database indexes for performance
   indexes: [
     { fields: ["value"], unique: true },
     { fields: ["identifier"], unique: false },
     { fields: ["expires_at"], unique: false }
   ],
-  // Enable features
   enable: {
     trackHistory: false,
     searchable: false,
     apiEnabled: true,
     apiMethods: ["get", "create", "delete"],
-    // No list or update
     trash: false,
-    // Hard delete expired tokens
+    mru: false
+  }
+});
+
+// src/objects/sys-organization.object.ts
+import { ObjectSchema as ObjectSchema5, Field as Field5 } from "@objectstack/spec/data";
+var SysOrganization = ObjectSchema5.create({
+  namespace: "sys",
+  name: "organization",
+  label: "Organization",
+  pluralLabel: "Organizations",
+  icon: "building-2",
+  isSystem: true,
+  description: "Organizations for multi-tenant grouping",
+  titleFormat: "{name}",
+  compactLayout: ["name", "slug", "created_at"],
+  fields: {
+    id: Field5.text({
+      label: "Organization ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field5.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field5.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    name: Field5.text({
+      label: "Name",
+      required: true,
+      searchable: true,
+      maxLength: 255
+    }),
+    slug: Field5.text({
+      label: "Slug",
+      required: false,
+      maxLength: 255,
+      description: "URL-friendly identifier"
+    }),
+    logo: Field5.url({
+      label: "Logo",
+      required: false
+    }),
+    metadata: Field5.textarea({
+      label: "Metadata",
+      required: false,
+      description: "JSON-serialized organization metadata"
+    })
+  },
+  indexes: [
+    { fields: ["slug"], unique: true },
+    { fields: ["name"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: true
+  }
+});
+
+// src/objects/sys-member.object.ts
+import { ObjectSchema as ObjectSchema6, Field as Field6 } from "@objectstack/spec/data";
+var SysMember = ObjectSchema6.create({
+  namespace: "sys",
+  name: "member",
+  label: "Member",
+  pluralLabel: "Members",
+  icon: "user-check",
+  isSystem: true,
+  description: "Organization membership records",
+  titleFormat: "{user_id} in {organization_id}",
+  compactLayout: ["user_id", "organization_id", "role"],
+  fields: {
+    id: Field6.text({
+      label: "Member ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field6.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    organization_id: Field6.text({
+      label: "Organization ID",
+      required: true
+    }),
+    user_id: Field6.text({
+      label: "User ID",
+      required: true
+    }),
+    role: Field6.text({
+      label: "Role",
+      required: false,
+      description: "Member role within the organization (e.g. admin, member)",
+      maxLength: 100
+    })
+  },
+  indexes: [
+    { fields: ["organization_id", "user_id"], unique: true },
+    { fields: ["user_id"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-invitation.object.ts
+import { ObjectSchema as ObjectSchema7, Field as Field7 } from "@objectstack/spec/data";
+var SysInvitation = ObjectSchema7.create({
+  namespace: "sys",
+  name: "invitation",
+  label: "Invitation",
+  pluralLabel: "Invitations",
+  icon: "mail",
+  isSystem: true,
+  description: "Organization invitations for user onboarding",
+  titleFormat: "Invitation to {organization_id}",
+  compactLayout: ["email", "organization_id", "status"],
+  fields: {
+    id: Field7.text({
+      label: "Invitation ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field7.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    organization_id: Field7.text({
+      label: "Organization ID",
+      required: true
+    }),
+    email: Field7.email({
+      label: "Email",
+      required: true,
+      description: "Email address of the invited user"
+    }),
+    role: Field7.text({
+      label: "Role",
+      required: false,
+      maxLength: 100,
+      description: "Role to assign upon acceptance"
+    }),
+    status: Field7.select(["pending", "accepted", "rejected", "expired", "canceled"], {
+      label: "Status",
+      required: true,
+      defaultValue: "pending"
+    }),
+    inviter_id: Field7.text({
+      label: "Inviter ID",
+      required: true,
+      description: "User ID of the person who sent the invitation"
+    }),
+    expires_at: Field7.datetime({
+      label: "Expires At",
+      required: true
+    }),
+    team_id: Field7.text({
+      label: "Team ID",
+      required: false,
+      description: "Optional team to assign upon acceptance"
+    })
+  },
+  indexes: [
+    { fields: ["organization_id"] },
+    { fields: ["email"] },
+    { fields: ["expires_at"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-team.object.ts
+import { ObjectSchema as ObjectSchema8, Field as Field8 } from "@objectstack/spec/data";
+var SysTeam = ObjectSchema8.create({
+  namespace: "sys",
+  name: "team",
+  label: "Team",
+  pluralLabel: "Teams",
+  icon: "users",
+  isSystem: true,
+  description: "Teams within organizations for fine-grained grouping",
+  titleFormat: "{name}",
+  compactLayout: ["name", "organization_id", "created_at"],
+  fields: {
+    id: Field8.text({
+      label: "Team ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field8.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field8.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    name: Field8.text({
+      label: "Name",
+      required: true,
+      searchable: true,
+      maxLength: 255
+    }),
+    organization_id: Field8.text({
+      label: "Organization ID",
+      required: true
+    })
+  },
+  indexes: [
+    { fields: ["organization_id"] },
+    { fields: ["name", "organization_id"], unique: true }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: true,
+    mru: false
+  }
+});
+
+// src/objects/sys-team-member.object.ts
+import { ObjectSchema as ObjectSchema9, Field as Field9 } from "@objectstack/spec/data";
+var SysTeamMember = ObjectSchema9.create({
+  namespace: "sys",
+  name: "team_member",
+  label: "Team Member",
+  pluralLabel: "Team Members",
+  icon: "user-plus",
+  isSystem: true,
+  description: "Team membership records linking users to teams",
+  titleFormat: "{user_id} in {team_id}",
+  compactLayout: ["user_id", "team_id", "created_at"],
+  fields: {
+    id: Field9.text({
+      label: "Team Member ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field9.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    team_id: Field9.text({
+      label: "Team ID",
+      required: true
+    }),
+    user_id: Field9.text({
+      label: "User ID",
+      required: true
+    })
+  },
+  indexes: [
+    { fields: ["team_id", "user_id"], unique: true },
+    { fields: ["user_id"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-api-key.object.ts
+import { ObjectSchema as ObjectSchema10, Field as Field10 } from "@objectstack/spec/data";
+var SysApiKey = ObjectSchema10.create({
+  namespace: "sys",
+  name: "api_key",
+  label: "API Key",
+  pluralLabel: "API Keys",
+  icon: "key-round",
+  isSystem: true,
+  description: "API keys for programmatic access",
+  titleFormat: "{name}",
+  compactLayout: ["name", "user_id", "expires_at"],
+  fields: {
+    id: Field10.text({
+      label: "API Key ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field10.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field10.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    name: Field10.text({
+      label: "Name",
+      required: true,
+      maxLength: 255,
+      description: "Human-readable label for the API key"
+    }),
+    key: Field10.text({
+      label: "Key",
+      required: true,
+      description: "Hashed API key value"
+    }),
+    prefix: Field10.text({
+      label: "Prefix",
+      required: false,
+      maxLength: 16,
+      description: 'Visible prefix for identifying the key (e.g., "osk_")'
+    }),
+    user_id: Field10.text({
+      label: "User ID",
+      required: true,
+      description: "Owner user of this API key"
+    }),
+    scopes: Field10.textarea({
+      label: "Scopes",
+      required: false,
+      description: "JSON array of permission scopes"
+    }),
+    expires_at: Field10.datetime({
+      label: "Expires At",
+      required: false
+    }),
+    last_used_at: Field10.datetime({
+      label: "Last Used At",
+      required: false
+    }),
+    revoked: Field10.boolean({
+      label: "Revoked",
+      defaultValue: false
+    })
+  },
+  indexes: [
+    { fields: ["key"], unique: true },
+    { fields: ["user_id"] },
+    { fields: ["prefix"] }
+  ],
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "list", "create", "update", "delete"],
+    trash: false,
+    mru: false
+  }
+});
+
+// src/objects/sys-two-factor.object.ts
+import { ObjectSchema as ObjectSchema11, Field as Field11 } from "@objectstack/spec/data";
+var SysTwoFactor = ObjectSchema11.create({
+  namespace: "sys",
+  name: "two_factor",
+  label: "Two Factor",
+  pluralLabel: "Two Factor Credentials",
+  icon: "smartphone",
+  isSystem: true,
+  description: "Two-factor authentication credentials",
+  titleFormat: "Two-factor for {user_id}",
+  compactLayout: ["user_id", "created_at"],
+  fields: {
+    id: Field11.text({
+      label: "Two Factor ID",
+      required: true,
+      readonly: true
+    }),
+    created_at: Field11.datetime({
+      label: "Created At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    updated_at: Field11.datetime({
+      label: "Updated At",
+      defaultValue: "NOW()",
+      readonly: true
+    }),
+    user_id: Field11.text({
+      label: "User ID",
+      required: true
+    }),
+    secret: Field11.text({
+      label: "Secret",
+      required: true,
+      description: "TOTP secret key"
+    }),
+    backup_codes: Field11.textarea({
+      label: "Backup Codes",
+      required: false,
+      description: "JSON-serialized backup recovery codes"
+    })
+  },
+  indexes: [
+    { fields: ["user_id"], unique: true }
+  ],
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ["get", "create", "update", "delete"],
+    trash: false,
     mru: false
   }
 });
@@ -896,12 +1309,23 @@ export {
   AUTH_TWO_FACTOR_USER_FIELDS,
   AUTH_USER_CONFIG,
   AUTH_VERIFICATION_CONFIG,
-  AuthAccount,
+  SysAccount as AuthAccount,
   AuthManager,
   AuthPlugin,
-  AuthSession,
-  AuthUser,
-  AuthVerification,
+  SysSession as AuthSession,
+  SysUser as AuthUser,
+  SysVerification as AuthVerification,
+  SysAccount,
+  SysApiKey,
+  SysInvitation,
+  SysMember,
+  SysOrganization,
+  SysSession,
+  SysTeam,
+  SysTeamMember,
+  SysTwoFactor,
+  SysUser,
+  SysVerification,
   buildOrganizationPluginSchema,
   buildTwoFactorPluginSchema,
   createObjectQLAdapter,