npm - @open-mercato/core - Versions diffs - 0.6.6-develop.5412.1.e2a52b14f0 → 0.6.6-develop.5459.1.170077434e - Mend

@open-mercato/core 0.6.6-develop.5412.1.e2a52b14f0 → 0.6.6-develop.5459.1.170077434e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/modules/auth/lib/consentIntegrity.js CHANGED Viewed

@@ -2,17 +2,17 @@ import { createHmac, timingSafeEqual } from "node:crypto";
 const DEV_ONLY_SECRET = "om-consent-integrity-dev-only-secret";
 let missingSecretWarned = false;
 function getSecret() {
-  const secret = process.env.CONSENT_INTEGRITY_SECRET || process.env.NEXTAUTH_SECRET;
+  const secret = process.env.CONSENT_INTEGRITY_SECRET || process.env.AUTH_SECRET || process.env.NEXTAUTH_SECRET || process.env.JWT_SECRET;
   if (!secret) {
     if (process.env.NODE_ENV === "production") {
       throw new Error(
-        "[consentIntegrity] No CONSENT_INTEGRITY_SECRET/NEXTAUTH_SECRET set. Refusing to compute or verify consent integrity hashes in production without a real secret."
+        "[consentIntegrity] No CONSENT_INTEGRITY_SECRET/AUTH_SECRET/NEXTAUTH_SECRET/JWT_SECRET set. Refusing to compute or verify consent integrity hashes in production without a real secret."
       );
     }
     if (!missingSecretWarned) {
       missingSecretWarned = true;
       console.warn(
-        "[consentIntegrity] No CONSENT_INTEGRITY_SECRET/NEXTAUTH_SECRET set \u2014 using insecure dev-only default. Set a secret before deploying to production."
+        "[consentIntegrity] No CONSENT_INTEGRITY_SECRET/AUTH_SECRET/NEXTAUTH_SECRET/JWT_SECRET set \u2014 using insecure dev-only default. Set a secret before deploying to production."
       );
     }
     return DEV_ONLY_SECRET;

package/dist/modules/auth/lib/consentIntegrity.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/lib/consentIntegrity.ts"],
-  "sourcesContent": ["import { createHmac, timingSafeEqual } from 'node:crypto'\n\ntype ConsentHashInput = {\n  userId: string\n  consentType: string\n  isGranted: boolean\n  grantedAt: Date | string | null | undefined\n  withdrawnAt?: Date | string | null | undefined\n  ipAddress: string | null | undefined\n  source: string | null | undefined\n}\n\nconst DEV_ONLY_SECRET = 'om-consent-integrity-dev-only-secret'\nlet missingSecretWarned = false\n\nfunction getSecret(): string {\n  const secret = process.env.CONSENT_INTEGRITY_SECRET || process.env.NEXTAUTH_SECRET\n  if (!secret) {\n    if (process.env.NODE_ENV === 'production') {\n      throw new Error(\n        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/NEXTAUTH_SECRET set. ' +\n        'Refusing to compute or verify consent integrity hashes in production without a real secret.',\n      )\n    }\n    if (!missingSecretWarned) {\n      missingSecretWarned = true\n      console.warn(\n        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/NEXTAUTH_SECRET set \u2014 ' +\n        'using insecure dev-only default. Set a secret before deploying to production.',\n      )\n    }\n    return DEV_ONLY_SECRET\n  }\n  return secret\n}\n\nfunction normalizeDate(date: Date | string | null | undefined): string {\n  if (!date) return ''\n  const d = typeof date === 'string' ? new Date(date) : date\n  return d.toISOString()\n}\n\nexport function computeConsentIntegrityHash(input: ConsentHashInput): string {\n  const payload = [\n    input.userId,\n    input.consentType,\n    String(input.isGranted),\n    normalizeDate(input.grantedAt),\n    normalizeDate(input.withdrawnAt),\n    input.ipAddress ?? '',\n    input.source ?? '',\n  ].join('|')\n\n  return createHmac('sha256', getSecret()).update(payload).digest('hex')\n}\n\nexport function verifyConsentIntegrityHash(input: ConsentHashInput, hash: string | null | undefined): boolean {\n  if (!hash) return false\n  const expected = computeConsentIntegrityHash(input)\n  if (expected.length !== hash.length) return false\n  return timingSafeEqual(Buffer.from(expected), Buffer.from(hash))\n}\n"],
-  "mappings": "AAAA,SAAS,YAAY,uBAAuB;AAY5C,MAAM,kBAAkB;AACxB,IAAI,sBAAsB;AAE1B,SAAS,YAAoB;AAC3B,QAAM,SAAS,QAAQ,IAAI,4BAA4B,QAAQ,IAAI;AACnE,MAAI,CAAC,QAAQ;AACX,QAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AACA,QAAI,CAAC,qBAAqB;AACxB,4BAAsB;AACtB,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,cAAc,MAAgD;AACrE,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,IAAI,OAAO,SAAS,WAAW,IAAI,KAAK,IAAI,IAAI;AACtD,SAAO,EAAE,YAAY;AACvB;AAEO,SAAS,4BAA4B,OAAiC;AAC3E,QAAM,UAAU;AAAA,IACd,MAAM;AAAA,IACN,MAAM;AAAA,IACN,OAAO,MAAM,SAAS;AAAA,IACtB,cAAc,MAAM,SAAS;AAAA,IAC7B,cAAc,MAAM,WAAW;AAAA,IAC/B,MAAM,aAAa;AAAA,IACnB,MAAM,UAAU;AAAA,EAClB,EAAE,KAAK,GAAG;AAEV,SAAO,WAAW,UAAU,UAAU,CAAC,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AACvE;AAEO,SAAS,2BAA2B,OAAyB,MAA0C;AAC5G,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,WAAW,4BAA4B,KAAK;AAClD,MAAI,SAAS,WAAW,KAAK,OAAQ,QAAO;AAC5C,SAAO,gBAAgB,OAAO,KAAK,QAAQ,GAAG,OAAO,KAAK,IAAI,CAAC;AACjE;",
+  "sourcesContent": ["import { createHmac, timingSafeEqual } from 'node:crypto'\n\ntype ConsentHashInput = {\n  userId: string\n  consentType: string\n  isGranted: boolean\n  grantedAt: Date | string | null | undefined\n  withdrawnAt?: Date | string | null | undefined\n  ipAddress: string | null | undefined\n  source: string | null | undefined\n}\n\nconst DEV_ONLY_SECRET = 'om-consent-integrity-dev-only-secret'\nlet missingSecretWarned = false\n\nfunction getSecret(): string {\n  const secret = process.env.CONSENT_INTEGRITY_SECRET\n    || process.env.AUTH_SECRET\n    || process.env.NEXTAUTH_SECRET\n    || process.env.JWT_SECRET\n  if (!secret) {\n    if (process.env.NODE_ENV === 'production') {\n      throw new Error(\n        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/AUTH_SECRET/NEXTAUTH_SECRET/JWT_SECRET set. ' +\n        'Refusing to compute or verify consent integrity hashes in production without a real secret.',\n      )\n    }\n    if (!missingSecretWarned) {\n      missingSecretWarned = true\n      console.warn(\n        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/AUTH_SECRET/NEXTAUTH_SECRET/JWT_SECRET set \u2014 ' +\n        'using insecure dev-only default. Set a secret before deploying to production.',\n      )\n    }\n    return DEV_ONLY_SECRET\n  }\n  return secret\n}\n\nfunction normalizeDate(date: Date | string | null | undefined): string {\n  if (!date) return ''\n  const d = typeof date === 'string' ? new Date(date) : date\n  return d.toISOString()\n}\n\nexport function computeConsentIntegrityHash(input: ConsentHashInput): string {\n  const payload = [\n    input.userId,\n    input.consentType,\n    String(input.isGranted),\n    normalizeDate(input.grantedAt),\n    normalizeDate(input.withdrawnAt),\n    input.ipAddress ?? '',\n    input.source ?? '',\n  ].join('|')\n\n  return createHmac('sha256', getSecret()).update(payload).digest('hex')\n}\n\nexport function verifyConsentIntegrityHash(input: ConsentHashInput, hash: string | null | undefined): boolean {\n  if (!hash) return false\n  const expected = computeConsentIntegrityHash(input)\n  if (expected.length !== hash.length) return false\n  return timingSafeEqual(Buffer.from(expected), Buffer.from(hash))\n}\n"],
+  "mappings": "AAAA,SAAS,YAAY,uBAAuB;AAY5C,MAAM,kBAAkB;AACxB,IAAI,sBAAsB;AAE1B,SAAS,YAAoB;AAC3B,QAAM,SAAS,QAAQ,IAAI,4BACtB,QAAQ,IAAI,eACZ,QAAQ,IAAI,mBACZ,QAAQ,IAAI;AACjB,MAAI,CAAC,QAAQ;AACX,QAAI,QAAQ,IAAI,aAAa,cAAc;AACzC,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AACA,QAAI,CAAC,qBAAqB;AACxB,4BAAsB;AACtB,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,cAAc,MAAgD;AACrE,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,IAAI,OAAO,SAAS,WAAW,IAAI,KAAK,IAAI,IAAI;AACtD,SAAO,EAAE,YAAY;AACvB;AAEO,SAAS,4BAA4B,OAAiC;AAC3E,QAAM,UAAU;AAAA,IACd,MAAM;AAAA,IACN,MAAM;AAAA,IACN,OAAO,MAAM,SAAS;AAAA,IACtB,cAAc,MAAM,SAAS;AAAA,IAC7B,cAAc,MAAM,WAAW;AAAA,IAC/B,MAAM,aAAa;AAAA,IACnB,MAAM,UAAU;AAAA,EAClB,EAAE,KAAK,GAAG;AAEV,SAAO,WAAW,UAAU,UAAU,CAAC,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK;AACvE;AAEO,SAAS,2BAA2B,OAAyB,MAA0C;AAC5G,MAAI,CAAC,KAAM,QAAO;AAClB,QAAM,WAAW,4BAA4B,KAAK;AAClD,MAAI,SAAS,WAAW,KAAK,OAAQ,QAAO;AAC5C,SAAO,gBAAgB,OAAO,KAAK,QAAQ,GAAG,OAAO,KAAK,IAAI,CAAC;AACjE;",
   "names": []
 }

package/dist/modules/auth/services/authService.js CHANGED Viewed

@@ -63,7 +63,7 @@ class AuthService {
       { populate: ["role"] },
       { tenantId: resolvedTenantId, organizationId: user.organizationId ?? null }
     );
-    return links.map((l) => l.role.name);
+    return links.map((l) => l.role).filter((role) => !!role).map((role) => role.name).filter((name) => typeof name === "string" && name.trim().length > 0);
   }
   async createSession(user, expiresAt) {
     const rawToken = generateAuthToken();

package/dist/modules/auth/services/authService.js.map CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "version": 3,
   "sources": ["../../../../src/modules/auth/services/authService.ts"],
-  "sourcesContent": ["import { EntityManager } from '@mikro-orm/postgresql'\nimport { compare, hash } from 'bcryptjs'\nimport { User, Role, UserRole, Session, PasswordReset } from '@open-mercato/core/modules/auth/data/entities'\nimport { emailHashLookupValues } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport { generateAuthToken, hashAuthToken } from '@open-mercato/core/modules/auth/lib/tokenHash'\nimport { findWithDecryption, findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport class AuthService {\n  constructor(private em: EntityManager) {}\n\n  async findUserByEmail(email: string) {\n    const emailHashes = emailHashLookupValues(email)\n    return findOneWithDecryption(this.em, User, {\n      deletedAt: null,\n      $or: [\n        { email },\n        { emailHash: { $in: emailHashes } },\n      ],\n    } as any)\n  }\n\n  async findUsersByEmail(email: string) {\n    const emailHashes = emailHashLookupValues(email)\n    return findWithDecryption(this.em, User, {\n      deletedAt: null,\n      $or: [\n        { email },\n        { emailHash: { $in: emailHashes } },\n      ],\n    } as any)\n  }\n\n  async findUserByEmailAndTenant(email: string, tenantId: string) {\n    const emailHashes = emailHashLookupValues(email)\n    return findOneWithDecryption(\n      this.em,\n      User,\n      {\n        tenantId,\n        deletedAt: null,\n        $or: [\n          { email },\n          { emailHash: { $in: emailHashes } },\n        ],\n      } as any,\n      undefined,\n      { tenantId },\n    )\n  }\n\n  async verifyPassword(user: User, password: string) {\n    if (!user.passwordHash) return false\n    return compare(password, user.passwordHash)\n  }\n\n  async updateLastLoginAt(user: User) {\n    const now = new Date()\n    // Use native update to avoid flushing unrelated entities that might be pending in this EM\n    await this.em.nativeUpdate(User, { id: user.id }, { lastLoginAt: now })\n    user.lastLoginAt = now\n  }\n\n  async getUserRoles(user: User, tenantId?: string | null): Promise<string[]> {\n    const resolvedTenantId = tenantId ?? user.tenantId ?? null\n    if (!resolvedTenantId) return []\n    const links = await findWithDecryption(\n      this.em,\n      UserRole,\n      { user, deletedAt: null, role: { tenantId: resolvedTenantId, deletedAt: null } as any },\n      { populate: ['role'] },\n      { tenantId: resolvedTenantId, organizationId: user.organizationId ?? null },\n    )\n    return links.map((l) => l.role.name)\n  }\n\n\n  async createSession(user: User, expiresAt: Date): Promise<{ session: Session; token: string }> {\n    const rawToken = generateAuthToken()\n    const tokenHash = hashAuthToken(rawToken)\n    const sess = this.em.create(Session as any, { user, token: tokenHash, expiresAt, createdAt: new Date() } as any)\n    await this.em.persist(sess).flush()\n    return { session: sess as Session, token: rawToken }\n  }\n\n  async deleteSessionByToken(token: string) {\n    const hashedToken = hashAuthToken(token)\n    await this.em.nativeDelete(Session, { token: hashedToken })\n  }\n\n  async deleteSessionById(sessionId: string) {\n    await this.em.nativeDelete(Session, { id: sessionId })\n  }\n\n  async findActiveSessionById(sessionId: string): Promise<Session | null> {\n    const session = await this.em.findOne(Session, { id: sessionId, deletedAt: null })\n    if (!session) return null\n    if (session.expiresAt.getTime() < Date.now()) return null\n    return session\n  }\n\n  async deleteAllUserSessions(userId: string) {\n    await this.em.nativeDelete(Session, { user: userId })\n  }\n\n  async refreshFromSessionToken(token: string) {\n    const now = new Date()\n    const hashedToken = hashAuthToken(token)\n    const sess = await this.em.findOne(Session, { token: hashedToken })\n    if (!sess || sess.expiresAt <= now) return null\n    const user = await findOneWithDecryption(this.em, User, { id: sess.user.id, deletedAt: null })\n    if (!user) return null\n    const roles = await this.getUserRoles(user, user.tenantId ?? null)\n    return { user, roles, session: sess }\n  }\n\n  async requestPasswordReset(email: string) {\n    const user = await this.findUserByEmail(email)\n    if (!user) return null\n    const rawToken = generateAuthToken()\n    const tokenHash = hashAuthToken(rawToken)\n    const expiresAt = new Date(Date.now() + 60 * 60 * 1000)\n    const row = this.em.create(PasswordReset as any, { user, token: tokenHash, expiresAt, createdAt: new Date() } as any)\n    await this.em.persist(row).flush()\n    return { user, token: rawToken }\n  }\n\n  async confirmPasswordReset(token: string, newPassword: string): Promise<User | null> {\n    const now = new Date()\n    const hashedToken = hashAuthToken(token)\n    const row = await this.em.findOne(PasswordReset, { token: hashedToken })\n    if (!row || (row.usedAt && row.usedAt <= now) || row.expiresAt <= now) return null\n\n    // Atomic compare-and-set: only mark used if still unused \u2014 prevents token replay under concurrency\n    const affected = await this.em.nativeUpdate(\n      PasswordReset,\n      { id: row.id, usedAt: null },\n      { usedAt: now },\n    )\n    if (affected === 0) return null\n\n    const user = await findOneWithDecryption(this.em, User, { id: row.user.id, deletedAt: null })\n    if (!user) return null\n    user.passwordHash = await hash(newPassword, 10)\n    await this.em.flush()\n    await this.deleteAllUserSessions(String(user.id))\n    return user\n  }\n}\n"],
-  "mappings": "AACA,SAAS,SAAS,YAAY;AAC9B,SAAS,MAAY,UAAU,SAAS,qBAAqB;AAC7D,SAAS,6BAA6B;AACtC,SAAS,mBAAmB,qBAAqB;AACjD,SAAS,oBAAoB,6BAA6B;AAEnD,MAAM,YAAY;AAAA,EACvB,YAAoB,IAAmB;AAAnB;AAAA,EAAoB;AAAA,EAExC,MAAM,gBAAgB,OAAe;AACnC,UAAM,cAAc,sBAAsB,KAAK;AAC/C,WAAO,sBAAsB,KAAK,IAAI,MAAM;AAAA,MAC1C,WAAW;AAAA,MACX,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE;AAAA,MACpC;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,iBAAiB,OAAe;AACpC,UAAM,cAAc,sBAAsB,KAAK;AAC/C,WAAO,mBAAmB,KAAK,IAAI,MAAM;AAAA,MACvC,WAAW;AAAA,MACX,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE;AAAA,MACpC;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,yBAAyB,OAAe,UAAkB;AAC9D,UAAM,cAAc,sBAAsB,KAAK;AAC/C,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA;AAAA,QACE;AAAA,QACA,WAAW;AAAA,QACX,KAAK;AAAA,UACH,EAAE,MAAM;AAAA,UACR,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE;AAAA,QACpC;AAAA,MACF;AAAA,MACA;AAAA,MACA,EAAE,SAAS;AAAA,IACb;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,MAAY,UAAkB;AACjD,QAAI,CAAC,KAAK,aAAc,QAAO;AAC/B,WAAO,QAAQ,UAAU,KAAK,YAAY;AAAA,EAC5C;AAAA,EAEA,MAAM,kBAAkB,MAAY;AAClC,UAAM,MAAM,oBAAI,KAAK;AAErB,UAAM,KAAK,GAAG,aAAa,MAAM,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,aAAa,IAAI,CAAC;AACtE,SAAK,cAAc;AAAA,EACrB;AAAA,EAEA,MAAM,aAAa,MAAY,UAA6C;AAC1E,UAAM,mBAAmB,YAAY,KAAK,YAAY;AACtD,QAAI,CAAC,iBAAkB,QAAO,CAAC;AAC/B,UAAM,QAAQ,MAAM;AAAA,MAClB,KAAK;AAAA,MACL;AAAA,MACA,EAAE,MAAM,WAAW,MAAM,MAAM,EAAE,UAAU,kBAAkB,WAAW,KAAK,EAAS;AAAA,MACtF,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,kBAAkB,gBAAgB,KAAK,kBAAkB,KAAK;AAAA,IAC5E;AACA,WAAO,MAAM,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI;AAAA,EACrC;AAAA,EAGA,MAAM,cAAc,MAAY,WAA+D;AAC7F,UAAM,WAAW,kBAAkB;AACnC,UAAM,YAAY,cAAc,QAAQ;AACxC,UAAM,OAAO,KAAK,GAAG,OAAO,SAAgB,EAAE,MAAM,OAAO,WAAW,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AAC/G,UAAM,KAAK,GAAG,QAAQ,IAAI,EAAE,MAAM;AAClC,WAAO,EAAE,SAAS,MAAiB,OAAO,SAAS;AAAA,EACrD;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,cAAc,cAAc,KAAK;AACvC,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,OAAO,YAAY,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,kBAAkB,WAAmB;AACzC,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,IAAI,UAAU,CAAC;AAAA,EACvD;AAAA,EAEA,MAAM,sBAAsB,WAA4C;AACtE,UAAM,UAAU,MAAM,KAAK,GAAG,QAAQ,SAAS,EAAE,IAAI,WAAW,WAAW,KAAK,CAAC;AACjF,QAAI,CAAC,QAAS,QAAO;AACrB,QAAI,QAAQ,UAAU,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AACrD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,sBAAsB,QAAgB;AAC1C,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,MAAM,OAAO,CAAC;AAAA,EACtD;AAAA,EAEA,MAAM,wBAAwB,OAAe;AAC3C,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,cAAc,cAAc,KAAK;AACvC,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,SAAS,EAAE,OAAO,YAAY,CAAC;AAClE,QAAI,CAAC,QAAQ,KAAK,aAAa,IAAK,QAAO;AAC3C,UAAM,OAAO,MAAM,sBAAsB,KAAK,IAAI,MAAM,EAAE,IAAI,KAAK,KAAK,IAAI,WAAW,KAAK,CAAC;AAC7F,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,QAAQ,MAAM,KAAK,aAAa,MAAM,KAAK,YAAY,IAAI;AACjE,WAAO,EAAE,MAAM,OAAO,SAAS,KAAK;AAAA,EACtC;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAC7C,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,WAAW,kBAAkB;AACnC,UAAM,YAAY,cAAc,QAAQ;AACxC,UAAM,YAAY,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,GAAI;AACtD,UAAM,MAAM,KAAK,GAAG,OAAO,eAAsB,EAAE,MAAM,OAAO,WAAW,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AACpH,UAAM,KAAK,GAAG,QAAQ,GAAG,EAAE,MAAM;AACjC,WAAO,EAAE,MAAM,OAAO,SAAS;AAAA,EACjC;AAAA,EAEA,MAAM,qBAAqB,OAAe,aAA2C;AACnF,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,cAAc,cAAc,KAAK;AACvC,UAAM,MAAM,MAAM,KAAK,GAAG,QAAQ,eAAe,EAAE,OAAO,YAAY,CAAC;AACvE,QAAI,CAAC,OAAQ,IAAI,UAAU,IAAI,UAAU,OAAQ,IAAI,aAAa,IAAK,QAAO;AAG9E,UAAM,WAAW,MAAM,KAAK,GAAG;AAAA,MAC7B;AAAA,MACA,EAAE,IAAI,IAAI,IAAI,QAAQ,KAAK;AAAA,MAC3B,EAAE,QAAQ,IAAI;AAAA,IAChB;AACA,QAAI,aAAa,EAAG,QAAO;AAE3B,UAAM,OAAO,MAAM,sBAAsB,KAAK,IAAI,MAAM,EAAE,IAAI,IAAI,KAAK,IAAI,WAAW,KAAK,CAAC;AAC5F,QAAI,CAAC,KAAM,QAAO;AAClB,SAAK,eAAe,MAAM,KAAK,aAAa,EAAE;AAC9C,UAAM,KAAK,GAAG,MAAM;AACpB,UAAM,KAAK,sBAAsB,OAAO,KAAK,EAAE,CAAC;AAChD,WAAO;AAAA,EACT;AACF;",
+  "sourcesContent": ["import { EntityManager } from '@mikro-orm/postgresql'\nimport { compare, hash } from 'bcryptjs'\nimport { User, Role, UserRole, Session, PasswordReset } from '@open-mercato/core/modules/auth/data/entities'\nimport { emailHashLookupValues } from '@open-mercato/core/modules/auth/lib/emailHash'\nimport { generateAuthToken, hashAuthToken } from '@open-mercato/core/modules/auth/lib/tokenHash'\nimport { findWithDecryption, findOneWithDecryption } from '@open-mercato/shared/lib/encryption/find'\n\nexport class AuthService {\n  constructor(private em: EntityManager) {}\n\n  async findUserByEmail(email: string) {\n    const emailHashes = emailHashLookupValues(email)\n    return findOneWithDecryption(this.em, User, {\n      deletedAt: null,\n      $or: [\n        { email },\n        { emailHash: { $in: emailHashes } },\n      ],\n    } as any)\n  }\n\n  async findUsersByEmail(email: string) {\n    const emailHashes = emailHashLookupValues(email)\n    return findWithDecryption(this.em, User, {\n      deletedAt: null,\n      $or: [\n        { email },\n        { emailHash: { $in: emailHashes } },\n      ],\n    } as any)\n  }\n\n  async findUserByEmailAndTenant(email: string, tenantId: string) {\n    const emailHashes = emailHashLookupValues(email)\n    return findOneWithDecryption(\n      this.em,\n      User,\n      {\n        tenantId,\n        deletedAt: null,\n        $or: [\n          { email },\n          { emailHash: { $in: emailHashes } },\n        ],\n      } as any,\n      undefined,\n      { tenantId },\n    )\n  }\n\n  async verifyPassword(user: User, password: string) {\n    if (!user.passwordHash) return false\n    return compare(password, user.passwordHash)\n  }\n\n  async updateLastLoginAt(user: User) {\n    const now = new Date()\n    // Use native update to avoid flushing unrelated entities that might be pending in this EM\n    await this.em.nativeUpdate(User, { id: user.id }, { lastLoginAt: now })\n    user.lastLoginAt = now\n  }\n\n  async getUserRoles(user: User, tenantId?: string | null): Promise<string[]> {\n    const resolvedTenantId = tenantId ?? user.tenantId ?? null\n    if (!resolvedTenantId) return []\n    const links = await findWithDecryption(\n      this.em,\n      UserRole,\n      { user, deletedAt: null, role: { tenantId: resolvedTenantId, deletedAt: null } as any },\n      { populate: ['role'] },\n      { tenantId: resolvedTenantId, organizationId: user.organizationId ?? null },\n    )\n    // A populated `role` can still be null when the link points at a soft-deleted\n    // role (the Role soft-delete filter suppresses hydration), e.g. an admin link\n    // orphaned by a re-seed during interrupted-provisioning recovery. Dropping such\n    // links keeps role resolution from throwing on the login / session-refresh hot\n    // path, mirroring resolveCanonicalStaffAuthContext in lib/sessionIntegrity.ts.\n    return links\n      .map((l) => l.role)\n      .filter((role): role is Role => !!role)\n      .map((role) => role.name)\n      .filter((name): name is string => typeof name === 'string' && name.trim().length > 0)\n  }\n\n\n  async createSession(user: User, expiresAt: Date): Promise<{ session: Session; token: string }> {\n    const rawToken = generateAuthToken()\n    const tokenHash = hashAuthToken(rawToken)\n    const sess = this.em.create(Session as any, { user, token: tokenHash, expiresAt, createdAt: new Date() } as any)\n    await this.em.persist(sess).flush()\n    return { session: sess as Session, token: rawToken }\n  }\n\n  async deleteSessionByToken(token: string) {\n    const hashedToken = hashAuthToken(token)\n    await this.em.nativeDelete(Session, { token: hashedToken })\n  }\n\n  async deleteSessionById(sessionId: string) {\n    await this.em.nativeDelete(Session, { id: sessionId })\n  }\n\n  async findActiveSessionById(sessionId: string): Promise<Session | null> {\n    const session = await this.em.findOne(Session, { id: sessionId, deletedAt: null })\n    if (!session) return null\n    if (session.expiresAt.getTime() < Date.now()) return null\n    return session\n  }\n\n  async deleteAllUserSessions(userId: string) {\n    await this.em.nativeDelete(Session, { user: userId })\n  }\n\n  async refreshFromSessionToken(token: string) {\n    const now = new Date()\n    const hashedToken = hashAuthToken(token)\n    const sess = await this.em.findOne(Session, { token: hashedToken })\n    if (!sess || sess.expiresAt <= now) return null\n    const user = await findOneWithDecryption(this.em, User, { id: sess.user.id, deletedAt: null })\n    if (!user) return null\n    const roles = await this.getUserRoles(user, user.tenantId ?? null)\n    return { user, roles, session: sess }\n  }\n\n  async requestPasswordReset(email: string) {\n    const user = await this.findUserByEmail(email)\n    if (!user) return null\n    const rawToken = generateAuthToken()\n    const tokenHash = hashAuthToken(rawToken)\n    const expiresAt = new Date(Date.now() + 60 * 60 * 1000)\n    const row = this.em.create(PasswordReset as any, { user, token: tokenHash, expiresAt, createdAt: new Date() } as any)\n    await this.em.persist(row).flush()\n    return { user, token: rawToken }\n  }\n\n  async confirmPasswordReset(token: string, newPassword: string): Promise<User | null> {\n    const now = new Date()\n    const hashedToken = hashAuthToken(token)\n    const row = await this.em.findOne(PasswordReset, { token: hashedToken })\n    if (!row || (row.usedAt && row.usedAt <= now) || row.expiresAt <= now) return null\n\n    // Atomic compare-and-set: only mark used if still unused \u2014 prevents token replay under concurrency\n    const affected = await this.em.nativeUpdate(\n      PasswordReset,\n      { id: row.id, usedAt: null },\n      { usedAt: now },\n    )\n    if (affected === 0) return null\n\n    const user = await findOneWithDecryption(this.em, User, { id: row.user.id, deletedAt: null })\n    if (!user) return null\n    user.passwordHash = await hash(newPassword, 10)\n    await this.em.flush()\n    await this.deleteAllUserSessions(String(user.id))\n    return user\n  }\n}\n"],
+  "mappings": "AACA,SAAS,SAAS,YAAY;AAC9B,SAAS,MAAY,UAAU,SAAS,qBAAqB;AAC7D,SAAS,6BAA6B;AACtC,SAAS,mBAAmB,qBAAqB;AACjD,SAAS,oBAAoB,6BAA6B;AAEnD,MAAM,YAAY;AAAA,EACvB,YAAoB,IAAmB;AAAnB;AAAA,EAAoB;AAAA,EAExC,MAAM,gBAAgB,OAAe;AACnC,UAAM,cAAc,sBAAsB,KAAK;AAC/C,WAAO,sBAAsB,KAAK,IAAI,MAAM;AAAA,MAC1C,WAAW;AAAA,MACX,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE;AAAA,MACpC;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,iBAAiB,OAAe;AACpC,UAAM,cAAc,sBAAsB,KAAK;AAC/C,WAAO,mBAAmB,KAAK,IAAI,MAAM;AAAA,MACvC,WAAW;AAAA,MACX,KAAK;AAAA,QACH,EAAE,MAAM;AAAA,QACR,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE;AAAA,MACpC;AAAA,IACF,CAAQ;AAAA,EACV;AAAA,EAEA,MAAM,yBAAyB,OAAe,UAAkB;AAC9D,UAAM,cAAc,sBAAsB,KAAK;AAC/C,WAAO;AAAA,MACL,KAAK;AAAA,MACL;AAAA,MACA;AAAA,QACE;AAAA,QACA,WAAW;AAAA,QACX,KAAK;AAAA,UACH,EAAE,MAAM;AAAA,UACR,EAAE,WAAW,EAAE,KAAK,YAAY,EAAE;AAAA,QACpC;AAAA,MACF;AAAA,MACA;AAAA,MACA,EAAE,SAAS;AAAA,IACb;AAAA,EACF;AAAA,EAEA,MAAM,eAAe,MAAY,UAAkB;AACjD,QAAI,CAAC,KAAK,aAAc,QAAO;AAC/B,WAAO,QAAQ,UAAU,KAAK,YAAY;AAAA,EAC5C;AAAA,EAEA,MAAM,kBAAkB,MAAY;AAClC,UAAM,MAAM,oBAAI,KAAK;AAErB,UAAM,KAAK,GAAG,aAAa,MAAM,EAAE,IAAI,KAAK,GAAG,GAAG,EAAE,aAAa,IAAI,CAAC;AACtE,SAAK,cAAc;AAAA,EACrB;AAAA,EAEA,MAAM,aAAa,MAAY,UAA6C;AAC1E,UAAM,mBAAmB,YAAY,KAAK,YAAY;AACtD,QAAI,CAAC,iBAAkB,QAAO,CAAC;AAC/B,UAAM,QAAQ,MAAM;AAAA,MAClB,KAAK;AAAA,MACL;AAAA,MACA,EAAE,MAAM,WAAW,MAAM,MAAM,EAAE,UAAU,kBAAkB,WAAW,KAAK,EAAS;AAAA,MACtF,EAAE,UAAU,CAAC,MAAM,EAAE;AAAA,MACrB,EAAE,UAAU,kBAAkB,gBAAgB,KAAK,kBAAkB,KAAK;AAAA,IAC5E;AAMA,WAAO,MACJ,IAAI,CAAC,MAAM,EAAE,IAAI,EACjB,OAAO,CAAC,SAAuB,CAAC,CAAC,IAAI,EACrC,IAAI,CAAC,SAAS,KAAK,IAAI,EACvB,OAAO,CAAC,SAAyB,OAAO,SAAS,YAAY,KAAK,KAAK,EAAE,SAAS,CAAC;AAAA,EACxF;AAAA,EAGA,MAAM,cAAc,MAAY,WAA+D;AAC7F,UAAM,WAAW,kBAAkB;AACnC,UAAM,YAAY,cAAc,QAAQ;AACxC,UAAM,OAAO,KAAK,GAAG,OAAO,SAAgB,EAAE,MAAM,OAAO,WAAW,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AAC/G,UAAM,KAAK,GAAG,QAAQ,IAAI,EAAE,MAAM;AAClC,WAAO,EAAE,SAAS,MAAiB,OAAO,SAAS;AAAA,EACrD;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,cAAc,cAAc,KAAK;AACvC,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,OAAO,YAAY,CAAC;AAAA,EAC5D;AAAA,EAEA,MAAM,kBAAkB,WAAmB;AACzC,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,IAAI,UAAU,CAAC;AAAA,EACvD;AAAA,EAEA,MAAM,sBAAsB,WAA4C;AACtE,UAAM,UAAU,MAAM,KAAK,GAAG,QAAQ,SAAS,EAAE,IAAI,WAAW,WAAW,KAAK,CAAC;AACjF,QAAI,CAAC,QAAS,QAAO;AACrB,QAAI,QAAQ,UAAU,QAAQ,IAAI,KAAK,IAAI,EAAG,QAAO;AACrD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,sBAAsB,QAAgB;AAC1C,UAAM,KAAK,GAAG,aAAa,SAAS,EAAE,MAAM,OAAO,CAAC;AAAA,EACtD;AAAA,EAEA,MAAM,wBAAwB,OAAe;AAC3C,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,cAAc,cAAc,KAAK;AACvC,UAAM,OAAO,MAAM,KAAK,GAAG,QAAQ,SAAS,EAAE,OAAO,YAAY,CAAC;AAClE,QAAI,CAAC,QAAQ,KAAK,aAAa,IAAK,QAAO;AAC3C,UAAM,OAAO,MAAM,sBAAsB,KAAK,IAAI,MAAM,EAAE,IAAI,KAAK,KAAK,IAAI,WAAW,KAAK,CAAC;AAC7F,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,QAAQ,MAAM,KAAK,aAAa,MAAM,KAAK,YAAY,IAAI;AACjE,WAAO,EAAE,MAAM,OAAO,SAAS,KAAK;AAAA,EACtC;AAAA,EAEA,MAAM,qBAAqB,OAAe;AACxC,UAAM,OAAO,MAAM,KAAK,gBAAgB,KAAK;AAC7C,QAAI,CAAC,KAAM,QAAO;AAClB,UAAM,WAAW,kBAAkB;AACnC,UAAM,YAAY,cAAc,QAAQ;AACxC,UAAM,YAAY,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,GAAI;AACtD,UAAM,MAAM,KAAK,GAAG,OAAO,eAAsB,EAAE,MAAM,OAAO,WAAW,WAAW,WAAW,oBAAI,KAAK,EAAE,CAAQ;AACpH,UAAM,KAAK,GAAG,QAAQ,GAAG,EAAE,MAAM;AACjC,WAAO,EAAE,MAAM,OAAO,SAAS;AAAA,EACjC;AAAA,EAEA,MAAM,qBAAqB,OAAe,aAA2C;AACnF,UAAM,MAAM,oBAAI,KAAK;AACrB,UAAM,cAAc,cAAc,KAAK;AACvC,UAAM,MAAM,MAAM,KAAK,GAAG,QAAQ,eAAe,EAAE,OAAO,YAAY,CAAC;AACvE,QAAI,CAAC,OAAQ,IAAI,UAAU,IAAI,UAAU,OAAQ,IAAI,aAAa,IAAK,QAAO;AAG9E,UAAM,WAAW,MAAM,KAAK,GAAG;AAAA,MAC7B;AAAA,MACA,EAAE,IAAI,IAAI,IAAI,QAAQ,KAAK;AAAA,MAC3B,EAAE,QAAQ,IAAI;AAAA,IAChB;AACA,QAAI,aAAa,EAAG,QAAO;AAE3B,UAAM,OAAO,MAAM,sBAAsB,KAAK,IAAI,MAAM,EAAE,IAAI,IAAI,KAAK,IAAI,WAAW,KAAK,CAAC;AAC5F,QAAI,CAAC,KAAM,QAAO;AAClB,SAAK,eAAe,MAAM,KAAK,aAAa,EAAE;AAC9C,UAAM,KAAK,GAAG,MAAM;AACpB,UAAM,KAAK,sBAAsB,OAAO,KAAK,EAAE,CAAC;AAChD,WAAO;AAAA,EACT;AACF;",
   "names": []
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@open-mercato/core",
-  "version": "0.6.6-develop.5412.1.e2a52b14f0",
+  "version": "0.6.6-develop.5459.1.170077434e",
   "type": "module",
   "main": "./dist/index.js",
   "scripts": {
@@ -245,16 +245,16 @@
     "zod": "^4.4.3"
   },
   "peerDependencies": {
-    "@open-mercato/ai-assistant": "0.6.6-develop.5412.1.e2a52b14f0",
-    "@open-mercato/shared": "0.6.6-develop.5412.1.e2a52b14f0",
-    "@open-mercato/ui": "0.6.6-develop.5412.1.e2a52b14f0",
+    "@open-mercato/ai-assistant": "0.6.6-develop.5459.1.170077434e",
+    "@open-mercato/shared": "0.6.6-develop.5459.1.170077434e",
+    "@open-mercato/ui": "0.6.6-develop.5459.1.170077434e",
     "react": "^19.0.0",
     "react-dom": "^19.0.0"
   },
   "devDependencies": {
-    "@open-mercato/ai-assistant": "0.6.6-develop.5412.1.e2a52b14f0",
-    "@open-mercato/shared": "0.6.6-develop.5412.1.e2a52b14f0",
-    "@open-mercato/ui": "0.6.6-develop.5412.1.e2a52b14f0",
+    "@open-mercato/ai-assistant": "0.6.6-develop.5459.1.170077434e",
+    "@open-mercato/shared": "0.6.6-develop.5459.1.170077434e",
+    "@open-mercato/ui": "0.6.6-develop.5459.1.170077434e",
     "@testing-library/dom": "^10.4.1",
     "@testing-library/jest-dom": "^6.9.1",
     "@testing-library/react": "^16.3.1",

package/src/modules/auth/lib/consentIntegrity.ts CHANGED Viewed

@@ -14,18 +14,21 @@ const DEV_ONLY_SECRET = 'om-consent-integrity-dev-only-secret'
 let missingSecretWarned = false
 function getSecret(): string {
-  const secret = process.env.CONSENT_INTEGRITY_SECRET || process.env.NEXTAUTH_SECRET
+  const secret = process.env.CONSENT_INTEGRITY_SECRET
+    || process.env.AUTH_SECRET
+    || process.env.NEXTAUTH_SECRET
+    || process.env.JWT_SECRET
   if (!secret) {
     if (process.env.NODE_ENV === 'production') {
       throw new Error(
-        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/NEXTAUTH_SECRET set. ' +
+        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/AUTH_SECRET/NEXTAUTH_SECRET/JWT_SECRET set. ' +
         'Refusing to compute or verify consent integrity hashes in production without a real secret.',
       )
     }
     if (!missingSecretWarned) {
       missingSecretWarned = true
       console.warn(
-        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/NEXTAUTH_SECRET set — ' +
+        '[consentIntegrity] No CONSENT_INTEGRITY_SECRET/AUTH_SECRET/NEXTAUTH_SECRET/JWT_SECRET set — ' +
         'using insecure dev-only default. Set a secret before deploying to production.',
       )
     }

package/src/modules/auth/services/authService.ts CHANGED Viewed

@@ -70,7 +70,16 @@ export class AuthService {
       { populate: ['role'] },
       { tenantId: resolvedTenantId, organizationId: user.organizationId ?? null },
     )
-    return links.map((l) => l.role.name)
+    // A populated `role` can still be null when the link points at a soft-deleted
+    // role (the Role soft-delete filter suppresses hydration), e.g. an admin link
+    // orphaned by a re-seed during interrupted-provisioning recovery. Dropping such
+    // links keeps role resolution from throwing on the login / session-refresh hot
+    // path, mirroring resolveCanonicalStaffAuthContext in lib/sessionIntegrity.ts.
+    return links
+      .map((l) => l.role)
+      .filter((role): role is Role => !!role)
+      .map((role) => role.name)
+      .filter((name): name is string => typeof name === 'string' && name.trim().length > 0)
   }