@objectstack/plugin-auth 3.2.4 → 3.2.6

package/src/objects/sys-invitation.object.ts

@@ -0,0 +1,93 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_invitation — System Invitation Object
+ *
+ * Organization invitation tokens for inviting users.
+ * Backed by better-auth's organization plugin.
+ *
+ * @namespace sys
+ */
+export const SysInvitation = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'invitation',
+  label: 'Invitation',
+  pluralLabel: 'Invitations',
+  icon: 'mail',
+  isSystem: true,
+  description: 'Organization invitations for user onboarding',
+  titleFormat: 'Invitation to {organization_id}',
+  compactLayout: ['email', 'organization_id', 'status'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Invitation ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    organization_id: Field.text({
+      label: 'Organization ID',
+      required: true,
+    }),
+    
+    email: Field.email({
+      label: 'Email',
+      required: true,
+      description: 'Email address of the invited user',
+    }),
+    
+    role: Field.text({
+      label: 'Role',
+      required: false,
+      maxLength: 100,
+      description: 'Role to assign upon acceptance',
+    }),
+    
+    status: Field.select(['pending', 'accepted', 'rejected', 'expired', 'canceled'], {
+      label: 'Status',
+      required: true,
+      defaultValue: 'pending',
+    }),
+    
+    inviter_id: Field.text({
+      label: 'Inviter ID',
+      required: true,
+      description: 'User ID of the person who sent the invitation',
+    }),
+    
+    expires_at: Field.datetime({
+      label: 'Expires At',
+      required: true,
+    }),
+    
+    team_id: Field.text({
+      label: 'Team ID',
+      required: false,
+      description: 'Optional team to assign upon acceptance',
+    }),
+  },
+  
+  indexes: [
+    { fields: ['organization_id'] },
+    { fields: ['email'] },
+    { fields: ['expires_at'] },
+  ],
+  
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'update', 'delete'],
+    trash: false,
+    mru: false,
+  },
+});

package/src/objects/sys-member.object.ts

@@ -0,0 +1,68 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_member — System Member Object
+ *
+ * Organization membership linking users to organizations with roles.
+ * Backed by better-auth's organization plugin.
+ *
+ * @namespace sys
+ */
+export const SysMember = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'member',
+  label: 'Member',
+  pluralLabel: 'Members',
+  icon: 'user-check',
+  isSystem: true,
+  description: 'Organization membership records',
+  titleFormat: '{user_id} in {organization_id}',
+  compactLayout: ['user_id', 'organization_id', 'role'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Member ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    organization_id: Field.text({
+      label: 'Organization ID',
+      required: true,
+    }),
+    
+    user_id: Field.text({
+      label: 'User ID',
+      required: true,
+    }),
+    
+    role: Field.text({
+      label: 'Role',
+      required: false,
+      description: 'Member role within the organization (e.g. admin, member)',
+      maxLength: 100,
+    }),
+  },
+  
+  indexes: [
+    { fields: ['organization_id', 'user_id'], unique: true },
+    { fields: ['user_id'] },
+  ],
+  
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'update', 'delete'],
+    trash: false,
+    mru: false,
+  },
+});

package/src/objects/sys-organization.object.ts

@@ -0,0 +1,82 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_organization — System Organization Object
+ *
+ * Multi-organization support for the ObjectStack platform.
+ * Backed by better-auth's organization plugin.
+ *
+ * @namespace sys
+ */
+export const SysOrganization = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'organization',
+  label: 'Organization',
+  pluralLabel: 'Organizations',
+  icon: 'building-2',
+  isSystem: true,
+  description: 'Organizations for multi-tenant grouping',
+  titleFormat: '{name}',
+  compactLayout: ['name', 'slug', 'created_at'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Organization ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    updated_at: Field.datetime({
+      label: 'Updated At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    name: Field.text({
+      label: 'Name',
+      required: true,
+      searchable: true,
+      maxLength: 255,
+    }),
+    
+    slug: Field.text({
+      label: 'Slug',
+      required: false,
+      maxLength: 255,
+      description: 'URL-friendly identifier',
+    }),
+    
+    logo: Field.url({
+      label: 'Logo',
+      required: false,
+    }),
+    
+    metadata: Field.textarea({
+      label: 'Metadata',
+      required: false,
+      description: 'JSON-serialized organization metadata',
+    }),
+  },
+  
+  indexes: [
+    { fields: ['slug'], unique: true },
+    { fields: ['name'] },
+  ],
+  
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'update', 'delete'],
+    trash: true,
+    mru: true,
+  },
+});

package/src/objects/sys-session.object.ts

@@ -0,0 +1,84 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_session — System Session Object
+ *
+ * Active user session record for the ObjectStack platform.
+ * Backed by better-auth's `session` model with ObjectStack field conventions.
+ *
+ * @namespace sys
+ */
+export const SysSession = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'session',
+  label: 'Session',
+  pluralLabel: 'Sessions',
+  icon: 'key',
+  isSystem: true,
+  description: 'Active user sessions',
+  titleFormat: 'Session {token}',
+  compactLayout: ['user_id', 'expires_at', 'ip_address'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Session ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    updated_at: Field.datetime({
+      label: 'Updated At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    user_id: Field.text({
+      label: 'User ID',
+      required: true,
+    }),
+    
+    expires_at: Field.datetime({
+      label: 'Expires At',
+      required: true,
+    }),
+    
+    token: Field.text({
+      label: 'Session Token',
+      required: true,
+    }),
+    
+    ip_address: Field.text({
+      label: 'IP Address',
+      required: false,
+      maxLength: 45, // Support IPv6
+    }),
+    
+    user_agent: Field.textarea({
+      label: 'User Agent',
+      required: false,
+    }),
+  },
+  
+  indexes: [
+    { fields: ['token'], unique: true },
+    { fields: ['user_id'], unique: false },
+    { fields: ['expires_at'], unique: false },
+  ],
+  
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'delete'],
+    trash: false,
+    mru: false,
+  },
+});

package/src/objects/sys-team-member.object.ts

@@ -0,0 +1,61 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_team_member — System Team Member Object
+ *
+ * Links users to teams within organizations.
+ * Backed by better-auth's organization plugin (teams feature).
+ *
+ * @namespace sys
+ */
+export const SysTeamMember = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'team_member',
+  label: 'Team Member',
+  pluralLabel: 'Team Members',
+  icon: 'user-plus',
+  isSystem: true,
+  description: 'Team membership records linking users to teams',
+  titleFormat: '{user_id} in {team_id}',
+  compactLayout: ['user_id', 'team_id', 'created_at'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Team Member ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    team_id: Field.text({
+      label: 'Team ID',
+      required: true,
+    }),
+    
+    user_id: Field.text({
+      label: 'User ID',
+      required: true,
+    }),
+  },
+  
+  indexes: [
+    { fields: ['team_id', 'user_id'], unique: true },
+    { fields: ['user_id'] },
+  ],
+  
+  enable: {
+    trackHistory: true,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'delete'],
+    trash: false,
+    mru: false,
+  },
+});

package/src/objects/sys-team.object.ts

@@ -0,0 +1,69 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_team — System Team Object
+ *
+ * Teams within an organization for fine-grained grouping.
+ * Backed by better-auth's organization plugin (teams feature).
+ *
+ * @namespace sys
+ */
+export const SysTeam = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'team',
+  label: 'Team',
+  pluralLabel: 'Teams',
+  icon: 'users',
+  isSystem: true,
+  description: 'Teams within organizations for fine-grained grouping',
+  titleFormat: '{name}',
+  compactLayout: ['name', 'organization_id', 'created_at'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Team ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    updated_at: Field.datetime({
+      label: 'Updated At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    name: Field.text({
+      label: 'Name',
+      required: true,
+      searchable: true,
+      maxLength: 255,
+    }),
+    
+    organization_id: Field.text({
+      label: 'Organization ID',
+      required: true,
+    }),
+  },
+  
+  indexes: [
+    { fields: ['organization_id'] },
+    { fields: ['name', 'organization_id'], unique: true },
+  ],
+  
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'update', 'delete'],
+    trash: true,
+    mru: false,
+  },
+});

package/src/objects/sys-two-factor.object.ts

@@ -0,0 +1,73 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_two_factor — System Two-Factor Object
+ *
+ * Two-factor authentication credentials (TOTP, backup codes).
+ * Backed by better-auth's two-factor plugin.
+ *
+ * @namespace sys
+ */
+export const SysTwoFactor = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'two_factor',
+  label: 'Two Factor',
+  pluralLabel: 'Two Factor Credentials',
+  icon: 'smartphone',
+  isSystem: true,
+  description: 'Two-factor authentication credentials',
+  titleFormat: 'Two-factor for {user_id}',
+  compactLayout: ['user_id', 'created_at'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Two Factor ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    updated_at: Field.datetime({
+      label: 'Updated At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    user_id: Field.text({
+      label: 'User ID',
+      required: true,
+    }),
+    
+    secret: Field.text({
+      label: 'Secret',
+      required: true,
+      description: 'TOTP secret key',
+    }),
+    
+    backup_codes: Field.textarea({
+      label: 'Backup Codes',
+      required: false,
+      description: 'JSON-serialized backup recovery codes',
+    }),
+  },
+  
+  indexes: [
+    { fields: ['user_id'], unique: true },
+  ],
+  
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ['get', 'create', 'update', 'delete'],
+    trash: false,
+    mru: false,
+  },
+});

package/src/objects/sys-user.object.ts

@@ -0,0 +1,91 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_user — System User Object
+ *
+ * Canonical user identity record for the ObjectStack platform.
+ * Backed by better-auth's `user` model with ObjectStack field conventions.
+ *
+ * @namespace sys
+ */
+export const SysUser = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'user',
+  label: 'User',
+  pluralLabel: 'Users',
+  icon: 'user',
+  isSystem: true,
+  description: 'User accounts for authentication',
+  titleFormat: '{name} ({email})',
+  compactLayout: ['name', 'email', 'email_verified'],
+  
+  fields: {
+    id: Field.text({
+      label: 'User ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    updated_at: Field.datetime({
+      label: 'Updated At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    email: Field.email({
+      label: 'Email',
+      required: true,
+      searchable: true,
+    }),
+    
+    email_verified: Field.boolean({
+      label: 'Email Verified',
+      defaultValue: false,
+    }),
+    
+    name: Field.text({
+      label: 'Name',
+      required: true,
+      searchable: true,
+      maxLength: 255,
+    }),
+    
+    image: Field.url({
+      label: 'Profile Image',
+      required: false,
+    }),
+  },
+  
+  indexes: [
+    { fields: ['email'], unique: true },
+    { fields: ['created_at'], unique: false },
+  ],
+  
+  enable: {
+    trackHistory: true,
+    searchable: true,
+    apiEnabled: true,
+    apiMethods: ['get', 'list', 'create', 'update', 'delete'],
+    trash: true,
+    mru: true,
+  },
+  
+  validations: [
+    {
+      name: 'email_unique',
+      type: 'unique',
+      severity: 'error',
+      message: 'Email must be unique',
+      fields: ['email'],
+      caseSensitive: false,
+    },
+  ],
+});

package/src/objects/sys-verification.object.ts

@@ -0,0 +1,75 @@
+// Copyright (c) 2025 ObjectStack. Licensed under the Apache-2.0 license.
+
+import { ObjectSchema, Field } from '@objectstack/spec/data';
+
+/**
+ * sys_verification — System Verification Object
+ *
+ * Email and phone verification token record.
+ * Backed by better-auth's `verification` model with ObjectStack field conventions.
+ *
+ * @namespace sys
+ */
+export const SysVerification = ObjectSchema.create({
+  namespace: 'sys',
+  name: 'verification',
+  label: 'Verification',
+  pluralLabel: 'Verifications',
+  icon: 'shield-check',
+  isSystem: true,
+  description: 'Email and phone verification tokens',
+  titleFormat: 'Verification for {identifier}',
+  compactLayout: ['identifier', 'expires_at', 'created_at'],
+  
+  fields: {
+    id: Field.text({
+      label: 'Verification ID',
+      required: true,
+      readonly: true,
+    }),
+    
+    created_at: Field.datetime({
+      label: 'Created At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    updated_at: Field.datetime({
+      label: 'Updated At',
+      defaultValue: 'NOW()',
+      readonly: true,
+    }),
+    
+    value: Field.text({
+      label: 'Verification Token',
+      required: true,
+      description: 'Token or code for verification',
+    }),
+    
+    expires_at: Field.datetime({
+      label: 'Expires At',
+      required: true,
+    }),
+    
+    identifier: Field.text({
+      label: 'Identifier',
+      required: true,
+      description: 'Email address or phone number',
+    }),
+  },
+  
+  indexes: [
+    { fields: ['value'], unique: true },
+    { fields: ['identifier'], unique: false },
+    { fields: ['expires_at'], unique: false },
+  ],
+  
+  enable: {
+    trackHistory: false,
+    searchable: false,
+    apiEnabled: true,
+    apiMethods: ['get', 'create', 'delete'],
+    trash: false,
+    mru: false,
+  },
+});