npm - @rebasepro/server-core - Versions diffs - 0.0.1-canary.f81da60 → 0.1.0 - Mend

@rebasepro/server-core 0.0.1-canary.f81da60 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

package/dist/index.umd.js CHANGED Viewed

@@ -1011,7 +1011,8 @@
       }, { buffer: 3, lYpoI2: 11 }] }, {}, [1])(1);
     });
   })(object_hash);
-  const snakeCaseRegex = /[A-Z]{2,}(?=[A-Z][a-z]+[0-9]*|\b)|[A-Z]?[a-z]+[0-9]*|[A-Z]|[0-9]+/g;
+  const tokenizeRegex = /[A-Z]{2,}(?=[A-Z][a-z]|\b)|[A-Z]?[a-z]+|[0-9]+(?:[a-z](?![a-z]))?|[A-Z]/g;
+  const snakeCaseRegex = tokenizeRegex;
   const toSnakeCase = (str) => {
     const regExpMatchArray = str.match(snakeCaseRegex);
     if (!regExpMatchArray) return "";
@@ -3465,8 +3466,7 @@
           const filePath = path__namespace.join(directory, file);
           try {
             const fileUrl = require$$0$2.pathToFileURL(filePath).href;
-            const dynamicImport = new Function("url", "return import(url)");
-            const module2 = await dynamicImport(fileUrl);
+            const module2 = await import(fileUrl);
             if (module2 && module2.default) {
               collections.push(module2.default);
             } else {
@@ -3624,7 +3624,8 @@
     console.error(`❌ [API] ${c.req.method} ${c.req.path} → ${statusCode} ${code2}: ${logMessage}`);
     const causePg = error2.cause && typeof error2.cause === "object" ? error2.cause : void 0;
     const pgErrorCode = causePg?.code || error2.code;
-    if (pgErrorCode !== "42703" && pgErrorCode !== "42P01") {
+    const suppressStack = pgErrorCode === "42703" || pgErrorCode === "42P01" || statusCode < 500 && code2 === "BAD_REQUEST";
+    if (!suppressStack) {
       console.error(error2.stack || error2);
     }
     let clientMessage = "An unexpected error occurred";
@@ -21623,15 +21624,19 @@ ${credentialScope}
   ZodPromise.create;
   ZodOptional.create;
   ZodNullable.create;
-  function createGoogleProvider(clientId) {
-    const googleClient = new src$4.OAuth2Client(clientId);
+  function createGoogleProvider(config) {
+    const clientId = typeof config === "string" ? config : config.clientId;
+    const clientSecret = typeof config === "string" ? void 0 : config.clientSecret;
+    const googleClient = new src$4.OAuth2Client(clientId, clientSecret);
     return {
       id: "google",
       schema: objectType({
         idToken: stringType().min(1).optional(),
-        accessToken: stringType().min(1).optional()
-      }).refine((data) => data.idToken || data.accessToken, {
-        message: "Either idToken or accessToken is required"
+        accessToken: stringType().min(1).optional(),
+        code: stringType().min(1).optional(),
+        redirectUri: stringType().min(1).optional()
+      }).refine((data) => data.idToken || data.accessToken || data.code && data.redirectUri, {
+        message: "One of idToken, accessToken, or code+redirectUri is required"
       }),
       verify: async (payload) => {
         try {
@@ -21642,7 +21647,7 @@ ${credentialScope}
             });
             const content = ticket.getPayload();
             if (!content) {
-              return null;
+              throw new Error("Google ID token payload was empty");
             }
             return {
               providerId: content.sub,
@@ -21658,12 +21663,11 @@ ${credentialScope}
               }
             });
             if (!res.ok) {
-              console.error("Google userinfo request failed:", res.status);
-              return null;
+              throw new Error(`Google userinfo request failed with status ${res.status}`);
             }
             const info = await res.json();
             if (!info.sub || !info.email) {
-              return null;
+              throw new Error("Google userinfo response missing sub or email");
             }
             return {
               providerId: info.sub,
@@ -21672,10 +21676,73 @@ ${credentialScope}
               photoUrl: info.picture || null
             };
           }
-          return null;
+          if (payload.code && payload.redirectUri) {
+            if (!clientSecret) {
+              throw new Error("Google authorization code flow requires clientSecret. Configure GOOGLE_CLIENT_SECRET in your environment.");
+            }
+            const tokenResponse = await fetch("https://oauth2.googleapis.com/token", {
+              method: "POST",
+              headers: {
+                "Content-Type": "application/x-www-form-urlencoded"
+              },
+              body: new URLSearchParams({
+                code: payload.code,
+                client_id: clientId,
+                client_secret: clientSecret,
+                redirect_uri: payload.redirectUri,
+                grant_type: "authorization_code"
+              })
+            });
+            if (!tokenResponse.ok) {
+              const errorBody = await tokenResponse.text();
+              throw new Error(`Google token exchange failed (${tokenResponse.status}): ${errorBody}`);
+            }
+            const tokenData = await tokenResponse.json();
+            if (tokenData.error) {
+              throw new Error(`Google token exchange error: ${tokenData.error} – ${tokenData.error_description || "no details"}`);
+            }
+            if (tokenData.id_token) {
+              const ticket = await googleClient.verifyIdToken({
+                idToken: tokenData.id_token,
+                audience: clientId
+              });
+              const content = ticket.getPayload();
+              if (!content) {
+                throw new Error("Google ID token payload was empty after code exchange");
+              }
+              return {
+                providerId: content.sub,
+                email: content.email || "",
+                displayName: content.name || null,
+                photoUrl: content.picture || null
+              };
+            }
+            if (tokenData.access_token) {
+              const userInfoRes = await fetch("https://www.googleapis.com/oauth2/v3/userinfo", {
+                headers: {
+                  Authorization: `Bearer ${tokenData.access_token}`
+                }
+              });
+              if (!userInfoRes.ok) {
+                throw new Error(`Google userinfo request failed after code exchange (${userInfoRes.status})`);
+              }
+              const info = await userInfoRes.json();
+              if (!info.sub || !info.email) {
+                return null;
+              }
+              return {
+                providerId: info.sub,
+                email: info.email,
+                displayName: info.name || null,
+                photoUrl: info.picture || null
+              };
+            }
+            throw new Error("Google token exchange returned neither id_token nor access_token");
+          }
+          throw new Error("No valid Google credential provided (expected idToken, accessToken, or code+redirectUri)");
         } catch (error2) {
-          console.error("Failed to verify Google token:", error2);
-          return null;
+          console.error("Google OAuth verification failed:", error2);
+          throw error2;
         }
       }
     };
@@ -22883,7 +22950,11 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
         passwordHash,
         displayName: displayName || void 0
       });
-      if (config.defaultRole) {
+      const existingUsers = await authRepo.listUsers();
+      const isFirstUser = existingUsers.length === 1 && existingUsers[0].id === user.id;
+      if (isFirstUser) {
+        await authRepo.setUserRoles(user.id, ["admin"]);
+      } else if (config.defaultRole) {
         await authRepo.assignDefaultRole(user.id, config.defaultRole);
       }
       const {
@@ -22924,7 +22995,13 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
       for (const provider of config.oauthProviders) {
         router.post(`/${provider.id}`, defaultAuthLimiter, async (c) => {
           const payload = parseBody2(provider.schema, await c.req.json());
-          const externalUser = await provider.verify(payload);
+          let externalUser;
+          try {
+            externalUser = await provider.verify(payload);
+          } catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            throw ApiError.unauthorized(`${provider.id} login failed: ${msg}`, "OAUTH_ERROR");
+          }
           if (!externalUser) {
             throw ApiError.unauthorized(`Invalid ${provider.id} credentials`, "INVALID_TOKEN");
           }
@@ -22948,7 +23025,11 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
               await authRepo.linkUserIdentity(user.id, provider.id, externalUser.providerId, {
                 email: externalUser.email
               });
-              if (config.defaultRole) {
+              const allUsers = await authRepo.listUsers();
+              const isFirstUser = allUsers.length === 1 && allUsers[0].id === user.id;
+              if (isFirstUser) {
+                await authRepo.setUserRoles(user.id, ["admin"]);
+              } else if (config.defaultRole) {
                 await authRepo.assignDefaultRole(user.id, config.defaultRole);
               }
               sendWelcomeEmail({
@@ -24976,20 +25057,21 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
         refreshToken: session.refreshToken
       };
     }
-    async function signInWithGoogle(idToken) {
+    async function signInWithGoogle(tokenOrPayload) {
       const fetchFn = getFetch();
+      const body = typeof tokenOrPayload === "string" ? {
+        idToken: tokenOrPayload
+      } : tokenOrPayload;
       const res = await fetchFn(authUrl("/google"), {
         method: "POST",
         headers: {
           "Content-Type": "application/json"
         },
-        body: JSON.stringify({
-          idToken
-        })
+        body: JSON.stringify(body)
       });
-      const body = await res.json().catch(() => ({}));
-      if (!res.ok) throwApiError(res.status, body, res.statusText);
-      const session = handleAuthResponse(body, "SIGNED_IN");
+      const responseBody = await res.json().catch(() => ({}));
+      if (!res.ok) throwApiError(res.status, responseBody, res.statusText);
+      const session = handleAuthResponse(responseBody, "SIGNED_IN");
       return {
         user: session.user,
         accessToken: session.accessToken,
@@ -25651,6 +25733,25 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
     };
     return client;
   }
+  function createFunctionsClient(transport) {
+    return {
+      async invoke(name2, payload, options2) {
+        const method = options2?.method ?? "POST";
+        const subPath = options2?.path ? `/${options2.path.replace(/^\//, "")}` : "";
+        const routePath = `/functions/${encodeURIComponent(name2)}${subPath}`;
+        const init = {
+          method
+        };
+        if (payload !== void 0 && method !== "GET") {
+          init.body = JSON.stringify(payload);
+        }
+        if (options2?.headers) {
+          init.headers = options2.headers;
+        }
+        return transport.request(routePath, init);
+      }
+    };
+  }
   function createStorage(transport) {
     const urlsCache = /* @__PURE__ */ new Map();
     async function putObject({
@@ -25784,6 +25885,7 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
     const admin = createAdmin(transport, options2.admin);
     const cron = createCron(transport, options2.cron);
     const storage = createStorage(transport);
+    const functions = createFunctionsClient(transport);
     let ws;
     if (!options2.onUnauthorized) {
       transport.setOnUnauthorized(async () => {
@@ -25822,6 +25924,7 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
       auth,
       admin,
       cron,
+      functions,
       storage,
       ws,
       setToken: transport.setToken,
@@ -37149,7 +37252,7 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
         const {
           createGoogleProvider: createGoogleProvider2
         } = await Promise.resolve().then(() => index);
-        oauthProviders.push(createGoogleProvider2(config.auth.google.clientId));
+        oauthProviders.push(createGoogleProvider2(config.auth.google));
       }
       if (config.auth.linkedin?.clientId && config.auth.linkedin?.clientSecret) {
         const {
@@ -37350,6 +37453,13 @@ Si tienes alguna pregunta, no dudes en contactarnos respondiendo a este correo.
     }
     _initRebase(serverClient);
     logger.info("Rebase singleton initialized");
+    if (defaultDriverResult.internals) {
+      const internals = defaultDriverResult.internals;
+      const driver = internals.driver;
+      if (driver && "client" in driver) {
+        driver.client = serverClient;
+      }
+    }
     if (config.functionsDir) {
       const {
         loadFunctionsFromDirectory: loadFunctionsFromDirectory2
@@ -48228,7 +48338,9 @@ export default ${safeId}Collection;
      * Setup Hono middleware
      */
     setupMiddleware() {
-      this.router.use("/*", secureHeaders.secureHeaders());
+      this.router.use("/*", secureHeaders.secureHeaders({
+        crossOriginOpenerPolicy: "same-origin-allow-popups"
+      }));
       if (this.config.cors) {
         const origin = this.config.cors.origin;
         this.router.use("/*", cors.cors({