@package-broker/core 0.7.1 → 0.8.0

package/dist/modules/tokens/tokens.routes.d.ts

@@ -0,0 +1,202 @@
+import { z } from '@hono/zod-openapi';
+export declare const listTokensRouteDef: {
+    method: "get";
+    path: "/";
+    summary: string;
+    description: string;
+    security: {
+        Bearer: never[];
+    }[];
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodArray<z.ZodObject<{
+                        id: z.ZodString;
+                        description: z.ZodString;
+                        permissions: z.ZodEnum<{
+                            readonly: "readonly";
+                            write: "write";
+                        }>;
+                        rate_limit_max: z.ZodNullable<z.ZodNumber>;
+                        created_at: z.ZodNumber;
+                        expires_at: z.ZodNullable<z.ZodNumber>;
+                        last_used_at: z.ZodNullable<z.ZodNumber>;
+                    }, z.core.$strip>>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/";
+};
+export declare const createTokenRouteDef: {
+    method: "post";
+    path: "/";
+    summary: string;
+    description: string;
+    security: {
+        Bearer: never[];
+    }[];
+    request: {
+        body: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        description: z.ZodString;
+                        permissions: z.ZodDefault<z.ZodEnum<{
+                            readonly: "readonly";
+                            write: "write";
+                        }>>;
+                        rate_limit_max: z.ZodDefault<z.ZodNullable<z.ZodNumber>>;
+                        expires_at: z.ZodOptional<z.ZodNumber>;
+                    }, z.core.$strip>;
+                };
+            };
+        };
+    };
+    responses: {
+        201: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        id: z.ZodString;
+                        description: z.ZodString;
+                        permissions: z.ZodEnum<{
+                            readonly: "readonly";
+                            write: "write";
+                        }>;
+                        rate_limit_max: z.ZodNullable<z.ZodNumber>;
+                        created_at: z.ZodNumber;
+                        expires_at: z.ZodNullable<z.ZodNumber>;
+                        last_used_at: z.ZodNullable<z.ZodNumber>;
+                        token: z.ZodString;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        400: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/";
+};
+export declare const updateTokenRouteDef: {
+    method: "patch";
+    path: "/{id}";
+    summary: string;
+    description: string;
+    security: {
+        Bearer: never[];
+    }[];
+    request: {
+        params: z.ZodObject<{
+            id: z.ZodString;
+        }, z.core.$strip>;
+        body: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        description: z.ZodOptional<z.ZodString>;
+                        rate_limit_max: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+                    }, z.core.$strip>;
+                };
+            };
+        };
+    };
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        id: z.ZodString;
+                        description: z.ZodString;
+                        permissions: z.ZodEnum<{
+                            readonly: "readonly";
+                            write: "write";
+                        }>;
+                        rate_limit_max: z.ZodNullable<z.ZodNumber>;
+                        created_at: z.ZodNumber;
+                        expires_at: z.ZodNullable<z.ZodNumber>;
+                        last_used_at: z.ZodNullable<z.ZodNumber>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        404: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/:id";
+};
+export declare const deleteTokenRouteDef: {
+    method: "delete";
+    path: "/{id}";
+    summary: string;
+    description: string;
+    security: {
+        Bearer: never[];
+    }[];
+    request: {
+        params: z.ZodObject<{
+            id: z.ZodString;
+        }, z.core.$strip>;
+    };
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        message: z.ZodString;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+        404: {
+            content: {
+                'application/json': {
+                    schema: z.ZodObject<{
+                        error: z.ZodString;
+                        message: z.ZodOptional<z.ZodString>;
+                        code: z.ZodOptional<z.ZodString>;
+                        requestId: z.ZodOptional<z.ZodString>;
+                    }, z.core.$strip>;
+                };
+            };
+            description: string;
+        };
+    };
+    tags: string[];
+} & {
+    getRoutingPath(): "/:id";
+};
+//# sourceMappingURL=tokens.routes.d.ts.map

package/dist/modules/tokens/tokens.routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.routes.d.ts","sourceRoot":"","sources":["../../../src/modules/tokens/tokens.routes.ts"],"names":[],"mappings":"AAMA,OAAO,EAAe,CAAC,EAAE,MAAM,mBAAmB,CAAC;AAUnD,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiB7B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkC9B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA0C9B,CAAC;AAEH,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAqC9B,CAAC"}

package/dist/modules/tokens/tokens.routes.js

@@ -0,0 +1,143 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { createRoute, z } from '@hono/zod-openapi';
+import { createTokenSchema, updateTokenSchema, tokenResponseSchema, tokenCreationResponseSchema, errorResponseSchema, } from '@package-broker/shared';
+// Route paths are relative to module mount at /api/tokens
+export const listTokensRouteDef = createRoute({
+    method: 'get',
+    path: '/',
+    summary: 'List tokens',
+    description: 'List all API tokens',
+    security: [{ Bearer: [] }],
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.array(tokenResponseSchema),
+                },
+            },
+            description: 'List of tokens',
+        },
+    },
+    tags: ['Tokens'],
+});
+export const createTokenRouteDef = createRoute({
+    method: 'post',
+    path: '/',
+    summary: 'Create token',
+    description: 'Create a new API token. The token is returned only once.',
+    security: [{ Bearer: [] }],
+    request: {
+        body: {
+            content: {
+                'application/json': {
+                    schema: createTokenSchema,
+                },
+            },
+        },
+    },
+    responses: {
+        201: {
+            content: {
+                'application/json': {
+                    schema: tokenCreationResponseSchema,
+                },
+            },
+            description: 'Token created',
+        },
+        400: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'Invalid request',
+        },
+    },
+    tags: ['Tokens'],
+});
+export const updateTokenRouteDef = createRoute({
+    method: 'patch',
+    path: '/{id}',
+    summary: 'Update token',
+    description: 'Update token description and rate limit',
+    security: [{ Bearer: [] }],
+    request: {
+        params: z.object({
+            id: z.string().openapi({
+                param: {
+                    name: 'id',
+                    in: 'path',
+                },
+            }),
+        }),
+        body: {
+            content: {
+                'application/json': {
+                    schema: updateTokenSchema,
+                },
+            },
+        },
+    },
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: tokenResponseSchema,
+                },
+            },
+            description: 'Token updated',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'Token not found',
+        },
+    },
+    tags: ['Tokens'],
+});
+export const deleteTokenRouteDef = createRoute({
+    method: 'delete',
+    path: '/{id}',
+    summary: 'Delete token',
+    description: 'Revoke an API token',
+    security: [{ Bearer: [] }],
+    request: {
+        params: z.object({
+            id: z.string().openapi({
+                param: {
+                    name: 'id',
+                    in: 'path',
+                },
+            }),
+        }),
+    },
+    responses: {
+        200: {
+            content: {
+                'application/json': {
+                    schema: z.object({
+                        message: z.string(),
+                    }),
+                },
+            },
+            description: 'Token revoked',
+        },
+        404: {
+            content: {
+                'application/json': {
+                    schema: errorResponseSchema,
+                },
+            },
+            description: 'Token not found',
+        },
+    },
+    tags: ['Tokens'],
+});
+//# sourceMappingURL=tokens.routes.js.map

package/dist/modules/tokens/tokens.routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tokens.routes.js","sourceRoot":"","sources":["../../../src/modules/tokens/tokens.routes.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,CAAC,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,2BAA2B,EAC3B,mBAAmB,GACpB,MAAM,wBAAwB,CAAC;AAEhC,0DAA0D;AAC1D,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC;IAC5C,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,aAAa;IACtB,WAAW,EAAE,qBAAqB;IAClC,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC1B,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC;iBACrC;aACF;YACD,WAAW,EAAE,gBAAgB;SAC9B;KACF;IACD,IAAI,EAAE,CAAC,QAAQ,CAAC;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,MAAM,EAAE,MAAM;IACd,IAAI,EAAE,GAAG;IACT,OAAO,EAAE,cAAc;IACvB,WAAW,EAAE,0DAA0D;IACvE,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,iBAAiB;iBAC1B;aACF;SACF;KACF;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,2BAA2B;iBACpC;aACF;YACD,WAAW,EAAE,eAAe;SAC7B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,mBAAmB;iBAC5B;aACF;YACD,WAAW,EAAE,iBAAiB;SAC/B;KACF;IACD,IAAI,EAAE,CAAC,QAAQ,CAAC;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,MAAM,EAAE,OAAO;IACf,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,cAAc;IACvB,WAAW,EAAE,yCAAyC;IACtD,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC;gBACrB,KAAK,EAAE;oBACL,IAAI,EAAE,IAAI;oBACV,EAAE,EAAE,MAAM;iBACX;aACF,CAAC;SACH,CAAC;QACF,IAAI,EAAE;YACJ,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,iBAAiB;iBAC1B;aACF;SACF;KACF;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,mBAAmB;iBAC5B;aACF;YACD,WAAW,EAAE,eAAe;SAC7B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,mBAAmB;iBAC5B;aACF;YACD,WAAW,EAAE,iBAAiB;SAC/B;KACF;IACD,IAAI,EAAE,CAAC,QAAQ,CAAC;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,MAAM,EAAE,QAAQ;IAChB,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,cAAc;IACvB,WAAW,EAAE,qBAAqB;IAClC,QAAQ,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IAC1B,OAAO,EAAE;QACP,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;YACf,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC;gBACrB,KAAK,EAAE;oBACL,IAAI,EAAE,IAAI;oBACV,EAAE,EAAE,MAAM;iBACX;aACF,CAAC;SACH,CAAC;KACH;IACD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;wBACf,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;qBACpB,CAAC;iBACH;aACF;YACD,WAAW,EAAE,eAAe;SAC7B;QACD,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE;oBAClB,MAAM,EAAE,mBAAmB;iBAC5B;aACF;YACD,WAAW,EAAE,iBAAiB;SAC/B;KACF;IACD,IAAI,EAAE,CAAC,QAAQ,CAAC;CACjB,CAAC,CAAC"}

package/dist/modules/users/index.d.ts

@@ -0,0 +1,8 @@
+import { OpenAPIHono } from '@hono/zod-openapi';
+import type { AppBindings, AppVariables } from '../../factory';
+declare const usersModule: OpenAPIHono<{
+    Bindings: AppBindings;
+    Variables: AppVariables;
+}, {}, "/">;
+export default usersModule;
+//# sourceMappingURL=index.d.ts.map

package/dist/modules/users/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/modules/users/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAI/D,QAAA,MAAM,WAAW;cAA+B,WAAW;eAAa,YAAY;WAAK,CAAC;AAO1F,eAAe,WAAW,CAAC"}

package/dist/modules/users/index.js

@@ -0,0 +1,15 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { OpenAPIHono } from '@hono/zod-openapi';
+import * as routes from './users.routes';
+import * as handlers from './users.handlers';
+const usersModule = new OpenAPIHono();
+// All routes are protected (session middleware applied in factory.ts via protectedRoutes)
+usersModule.openapi(routes.listUsersRouteDef, handlers.listUsers);
+usersModule.openapi(routes.createUserRouteDef, handlers.createUser);
+usersModule.openapi(routes.deleteUserRouteDef, handlers.deleteUser);
+export default usersModule;
+//# sourceMappingURL=index.js.map

package/dist/modules/users/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/users/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,KAAK,MAAM,MAAM,gBAAgB,CAAC;AACzC,OAAO,KAAK,QAAQ,MAAM,kBAAkB,CAAC;AAE7C,MAAM,WAAW,GAAG,IAAI,WAAW,EAAsD,CAAC;AAE1F,0FAA0F;AAC1F,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,QAAQ,CAAC,SAAgB,CAAC,CAAC;AACzE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,UAAiB,CAAC,CAAC;AAC3E,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,UAAiB,CAAC,CAAC;AAE3E,eAAe,WAAW,CAAC"}

package/dist/modules/users/users.handlers.d.ts

@@ -0,0 +1,6 @@
+import type { OpenAPIContext } from '../../routes/api/types';
+import { createUserRequestSchema } from '@package-broker/shared';
+export declare function listUsers(c: OpenAPIContext): Promise<Response>;
+export declare function createUser(c: OpenAPIContext<any, ReturnType<typeof createUserRequestSchema.parse>>): Promise<Response>;
+export declare function deleteUser(c: OpenAPIContext): Promise<Response>;
+//# sourceMappingURL=users.handlers.d.ts.map

package/dist/modules/users/users.handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.handlers.d.ts","sourceRoot":"","sources":["../../../src/modules/users/users.handlers.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAE7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,wBAAwB,CAAC;AAEjE,wBAAsB,SAAS,CAAC,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,CAYpE;AAED,wBAAsB,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,GAAG,EAAE,UAAU,CAAC,OAAO,uBAAuB,CAAC,KAAK,CAAC,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC,CA4F5H;AAED,wBAAsB,UAAU,CAAC,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,QAAQ,CAAC,CAkBrE"}

package/dist/modules/users/users.handlers.js

@@ -0,0 +1,120 @@
+/*
+ * PACKAGE.broker
+ * Copyright (C) 2025 Łukasz Bajsarowicz
+ * Licensed under AGPL-3.0
+ */
+import { UserService } from '../../services/UserService';
+export async function listUsers(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    // Check permissions (must be admin)
+    const session = c.get('session');
+    if (session.role !== 'admin') {
+        return c.json({ error: 'Forbidden' }, 403);
+    }
+    const users = await userService.list();
+    return c.json({ users });
+}
+export async function createUser(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    // Check permissions
+    const session = c.get('session');
+    if (session.role !== 'admin') {
+        return c.json({ error: 'Forbidden' }, 403);
+    }
+    const body = c.req.valid('json');
+    const { email, password, role } = body;
+    try {
+        const user = await userService.create({
+            email,
+            password,
+            role: role || 'viewer',
+        });
+        // Send invite email if SMTP is configured
+        if (c.env.SMTP_HOST && c.env.SMTP_USER && c.env.SMTP_PASS) {
+            try {
+                const { EmailService } = await import('../../services/EmailService');
+                const emailService = new EmailService({
+                    host: c.env.SMTP_HOST,
+                    port: parseInt(c.env.SMTP_PORT || '587'),
+                    user: c.env.SMTP_USER,
+                    pass: c.env.SMTP_PASS,
+                    from: c.env.SMTP_FROM || c.env.SMTP_USER,
+                });
+                let subject = 'Welcome to Composer Proxy';
+                let text = '';
+                let html = '';
+                if (user?.invite_token) {
+                    // Invite Flow
+                    const origin = c.req.header('origin') || new URL(c.req.url).origin;
+                    const inviteLink = `${origin}/invite/${user.invite_token}`;
+                    text = `You have been invited to the Composer Proxy.\n\nPlease accept the invitation and set your password here:\n${inviteLink}`;
+                    html = `
+                        <div style="font-family: sans-serif; max-width: 600px; margin: 0 auto; color: #334155;">
+                            <h2 style="color: #0f172a;">Welcome to Composer Proxy</h2>
+                            <p>You have been invited to join the Composer Proxy.</p>
+                            <p>Please click the button below to accept the invitation and set your password:</p>
+                            <p style="margin: 24px 0;">
+                                <a href="${inviteLink}" style="background-color: #f97316; color: white; padding: 12px 24px; text-decoration: none; border-radius: 6px; display: inline-block; font-weight: bold;">Accept Invitation</a>
+                            </p>
+                            <p style="font-size: 0.9em; color: #64748b;">Or copy this link to your browser: <br> ${inviteLink}</p>
+                            <p style="font-size: 0.8em; color: #94a3b8; margin-top: 40px; border-top: 1px solid #e2e8f0; padding-top: 20px;">
+                                This invite expires in 7 days.
+                            </p>
+                        </div>
+                    `;
+                }
+                else if (password) {
+                    // Legacy/Manual Password Flow (if admin provided password)
+                    text = `You have been invited to the Composer Proxy.\n\nYour temporary password is: ${password}\n\nPlease log in and change your password immediately.`;
+                    html = `
+                        <div style="font-family: sans-serif; max-width: 600px; margin: 0 auto; color: #334155;">
+                            <h2>Welcome to Composer Proxy</h2>
+                            <p>You have been invited to the Composer Proxy.</p>
+                            <p>Your temporary password is: <strong>${password}</strong></p>
+                            <p>Please log in and change your password immediately.</p>
+                        </div>
+                    `;
+                }
+                if (text && html) {
+                    await emailService.send({ to: email, subject, text, html });
+                }
+            }
+            catch (emailError) {
+                console.error('Failed to send invite email:', emailError);
+            }
+        }
+        return c.json({
+            message: 'User created',
+            user: {
+                id: user?.id,
+                email: user?.email,
+                role: user?.role
+            }
+        });
+    }
+    catch (error) {
+        if (error.message === 'User already exists') {
+            return c.json({ error: 'User already exists' }, 409);
+        }
+        return c.json({ error: 'Failed to create user' }, 500);
+    }
+}
+export async function deleteUser(c) {
+    const db = c.get('database');
+    const userService = new UserService(db);
+    const { id: userId } = c.req.valid('param');
+    // Check permissions
+    const session = c.get('session');
+    if (session.role !== 'admin') {
+        return c.json({ error: 'Forbidden' }, 403);
+    }
+    // Prevent self-deletion
+    if (session.userId === userId) {
+        return c.json({ error: 'Cannot delete own account' }, 400);
+    }
+    await userService.delete(userId);
+    return c.json({ message: 'User deleted' });
+}
+//# sourceMappingURL=users.handlers.js.map

package/dist/modules/users/users.handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"users.handlers.js","sourceRoot":"","sources":["../../../src/modules/users/users.handlers.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAGzD,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,CAAiB;IAC7C,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,oCAAoC;IACpC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;IACvC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,CAAwE;IACrG,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAExC,oBAAoB;IACpB,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAEvC,IAAI,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC;YAClC,KAAK;YACL,QAAQ;YACR,IAAI,EAAE,IAAI,IAAI,QAAQ;SACzB,CAAC,CAAC;QAEH,0CAA0C;QAC1C,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;YACxD,IAAI,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,6BAA6B,CAAC,CAAC;gBACrE,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;oBAClC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS;oBACrB,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,IAAI,KAAK,CAAC;oBACxC,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS;oBACrB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS;oBACrB,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,CAAC,GAAG,CAAC,SAAS;iBAC3C,CAAC,CAAC;gBAEH,IAAI,OAAO,GAAG,2BAA2B,CAAC;gBAC1C,IAAI,IAAI,GAAG,EAAE,CAAC;gBACd,IAAI,IAAI,GAAG,EAAE,CAAC;gBAEd,IAAI,IAAI,EAAE,YAAY,EAAE,CAAC;oBACrB,cAAc;oBACd,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;oBACnE,MAAM,UAAU,GAAG,GAAG,MAAM,WAAW,IAAI,CAAC,YAAY,EAAE,CAAC;oBAE3D,IAAI,GAAG,6GAA6G,UAAU,EAAE,CAAC;oBACjI,IAAI,GAAG;;;;;;2CAMgB,UAAU;;mHAE8D,UAAU;;;;;qBAKxG,CAAC;gBACN,CAAC;qBAAM,IAAI,QAAQ,EAAE,CAAC;oBAClB,2DAA2D;oBAC3D,IAAI,GAAG,+EAA+E,QAAQ,yDAAyD,CAAC;oBACxJ,IAAI,GAAG;;;;qEAI0C,QAAQ;;;qBAGxD,CAAC;gBACN,CAAC;gBAED,IAAI,IAAI,IAAI,IAAI,EAAE,CAAC;oBACf,MAAM,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;gBAChE,CAAC;YAEL,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBAClB,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,UAAU,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,cAAc;YACvB,IAAI,EAAE;gBACF,EAAE,EAAE,IAAI,EAAE,EAAE;gBACZ,KAAK,EAAE,IAAI,EAAE,KAAK;gBAClB,IAAI,EAAE,IAAI,EAAE,IAAI;aACnB;SACJ,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QAClB,IAAI,KAAK,CAAC,OAAO,KAAK,qBAAqB,EAAE,CAAC;YAC1C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;AACL,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,CAAiB;IAC9C,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7B,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAE5C,oBAAoB;IACpB,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACjC,IAAI,OAAO,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED,wBAAwB;IACxB,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QAC5B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,EAAE,GAAG,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;AAC/C,CAAC"}