@objectstack/service-settings 10.3.0 → 11.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -1128,7 +1128,15 @@ function registerSettingsRoutes(http, service, opts = {}) {
1128
1128
  }));
1129
1129
  http.put(`${base}/:namespace`, (async (req, res) => {
1130
1130
  const ns = req.params.namespace;
1131
- const body = req.body ?? {};
1131
+ let body = req.body ?? {};
1132
+ if (Object.keys(body).length === 1 && body.values && typeof body.values === "object" && !Array.isArray(body.values)) {
1133
+ const inner = body.values;
1134
+ body = Object.fromEntries(
1135
+ Object.entries(inner).map(
1136
+ ([k, v]) => v && typeof v === "object" && !Array.isArray(v) && "value" in v ? [k, v.value] : [k, v]
1137
+ )
1138
+ );
1139
+ }
1132
1140
  try {
1133
1141
  const ctx = ctxOf(req);
1134
1142
  const result = await service.setMany(ns, body, ctx);
@@ -1257,6 +1265,95 @@ var manifest = {
1257
1265
  description: "Upper bound guards against denial-of-service via very long password hashing.",
1258
1266
  visible: "${data.email_password_enabled !== false}"
1259
1267
  },
1268
+ {
1269
+ type: "toggle",
1270
+ key: "password_reject_breached",
1271
+ label: "Reject breached passwords",
1272
+ required: false,
1273
+ default: false,
1274
+ description: "Block passwords found in public breach corpora via Have I Been Pwned (k-anonymity range check; the password is never sent in full).",
1275
+ visible: "${data.email_password_enabled !== false}"
1276
+ },
1277
+ {
1278
+ type: "toggle",
1279
+ key: "password_require_complexity",
1280
+ label: "Require complex passwords",
1281
+ required: false,
1282
+ default: false,
1283
+ description: "Require passwords to mix character classes (uppercase, lowercase, digits, symbols) on sign-up and password change/reset.",
1284
+ visible: "${data.email_password_enabled !== false}"
1285
+ },
1286
+ {
1287
+ type: "number",
1288
+ key: "password_min_classes",
1289
+ label: "Minimum character classes",
1290
+ required: false,
1291
+ default: 3,
1292
+ min: 1,
1293
+ max: 4,
1294
+ description: "How many of the four classes (upper / lower / digit / symbol) a password must include.",
1295
+ visible: "${data.email_password_enabled !== false && data.password_require_complexity === true}"
1296
+ },
1297
+ {
1298
+ type: "number",
1299
+ key: "password_history_count",
1300
+ label: "Password history (no reuse)",
1301
+ required: false,
1302
+ default: 0,
1303
+ min: 0,
1304
+ max: 24,
1305
+ description: "Block reusing this many previous passwords on change/reset. 0 disables the check.",
1306
+ visible: "${data.email_password_enabled !== false}"
1307
+ },
1308
+ {
1309
+ type: "group",
1310
+ id: "anti_abuse",
1311
+ label: "Anti-abuse",
1312
+ required: false,
1313
+ description: "Brute-force protection: per-identity account lockout and per-IP rate limiting on auth endpoints."
1314
+ },
1315
+ {
1316
+ type: "number",
1317
+ key: "lockout_threshold",
1318
+ label: "Account lockout threshold",
1319
+ required: false,
1320
+ default: 0,
1321
+ min: 0,
1322
+ max: 20,
1323
+ description: "Lock an account after this many consecutive failed sign-ins. 0 disables lockout. While locked, sign-in is rejected even with the correct password.",
1324
+ visible: "${data.email_password_enabled !== false}"
1325
+ },
1326
+ {
1327
+ type: "number",
1328
+ key: "lockout_duration_minutes",
1329
+ label: "Lockout duration (minutes)",
1330
+ required: false,
1331
+ default: 15,
1332
+ min: 1,
1333
+ max: 1440,
1334
+ description: "How long an account stays locked once the threshold is crossed.",
1335
+ visible: "${data.email_password_enabled !== false && data.lockout_threshold > 0}"
1336
+ },
1337
+ {
1338
+ type: "number",
1339
+ key: "rate_limit_max",
1340
+ label: "Auth rate-limit: max requests",
1341
+ required: false,
1342
+ default: 10,
1343
+ min: 1,
1344
+ max: 1e3,
1345
+ description: "Maximum requests per IP, per window, to the sign-in / sign-up / password-reset endpoints."
1346
+ },
1347
+ {
1348
+ type: "number",
1349
+ key: "rate_limit_window_seconds",
1350
+ label: "Auth rate-limit: window (seconds)",
1351
+ required: false,
1352
+ default: 60,
1353
+ min: 1,
1354
+ max: 3600,
1355
+ description: "Sliding window over which the request cap above is counted."
1356
+ },
1260
1357
  {
1261
1358
  type: "group",
1262
1359
  id: "sessions",
@@ -3205,10 +3302,10 @@ var zhCN = {
3205
3302
  default_country: { label: "\u9ED8\u8BA4\u56FD\u5BB6/\u5730\u533A", help: "ISO 3166-1 \u4E8C\u4F4D\u4EE3\u7801(\u5982 US\u3001GB\u3001CN)\u3002" },
3206
3303
  date_format: { label: "\u65E5\u671F\u683C\u5F0F" },
3207
3304
  time_format: { label: "\u65F6\u95F4\u683C\u5F0F", options: { "24h": "24 \u5C0F\u65F6\u5236(14:30)", "12h": "12 \u5C0F\u65F6\u5236(2:30 PM)" } },
3208
- number_format: { label: "\u6570\u5B57\u683C\u5F0F" },
3209
- first_day_of_week: { label: "\u6BCF\u5468\u8D77\u59CB\u65E5", options: { monday: "\u5468\u4E00(ISO)", sunday: "\u5468\u65E5", saturday: "\u5468\u516D" } },
3210
- currency: { label: "\u9ED8\u8BA4\u8D27\u5E01" },
3211
- fiscal_year_start: { label: "\u8D22\u5E74\u8D77\u59CB\u6708" }
3305
+ number_format: { label: "\u6570\u5B57\u683C\u5F0F", help: "\u7528\u4E8E\u663E\u793A\u6570\u5B57\u7684\u5343\u5206\u4F4D\u4E0E\u5C0F\u6570\u5206\u9694\u7B26\u3002" },
3306
+ first_day_of_week: { label: "\u6BCF\u5468\u8D77\u59CB\u65E5", help: "\u7528\u4F5C\u5468\u5EA6\u5206\u6790\u5206\u6876\u4E0E\u65E5\u5386\u7F51\u683C\u7684\u8D77\u59CB\u57FA\u51C6\u3002", options: { monday: "\u5468\u4E00(ISO)", sunday: "\u5468\u65E5", saturday: "\u5468\u516D" } },
3307
+ currency: { label: "\u9ED8\u8BA4\u8D27\u5E01", help: "\u5F53\u8D27\u5E01\u5B57\u6BB5\u672A\u6307\u5B9A\u5E01\u79CD\u65F6\u5957\u7528\u7684 ISO 4217 \u4EE3\u7801\u3002" },
3308
+ fiscal_year_start: { label: "\u8D22\u5E74\u8D77\u59CB\u6708", help: '\u8D22\u5E74\u7684\u8D77\u59CB\u6708\u4EFD\u2014\u2014\u51B3\u5B9A\u62A5\u8868\u4E2D\u7684"\u672C\u5B63\u5EA6/\u672C\u8D22\u5E74"\u3002' }
3212
3309
  }
3213
3310
  },
3214
3311
  auth: {