@rebasepro/server-core 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (116) hide show
  1. package/dist/common/src/collections/default-collections.d.ts +9 -0
  2. package/dist/common/src/collections/index.d.ts +1 -0
  3. package/dist/common/src/util/permissions.d.ts +1 -0
  4. package/dist/{index-BZoAtuqi.js → index-Cr1D21av.js} +11 -3
  5. package/dist/index-Cr1D21av.js.map +1 -0
  6. package/dist/index.es.js +2309 -370
  7. package/dist/index.es.js.map +1 -1
  8. package/dist/index.umd.js +2298 -355
  9. package/dist/index.umd.js.map +1 -1
  10. package/dist/server-core/src/api/logs-routes.d.ts +37 -0
  11. package/dist/server-core/src/api/rest/api-generator.d.ts +6 -0
  12. package/dist/server-core/src/api/types.d.ts +6 -1
  13. package/dist/server-core/src/auth/adapter-middleware.d.ts +7 -3
  14. package/dist/server-core/src/auth/admin-routes.d.ts +3 -3
  15. package/dist/server-core/src/auth/api-keys/api-key-middleware.d.ts +39 -0
  16. package/dist/server-core/src/auth/api-keys/api-key-permission-guard.d.ts +32 -0
  17. package/dist/server-core/src/auth/api-keys/api-key-routes.d.ts +20 -0
  18. package/dist/server-core/src/auth/api-keys/api-key-store.d.ts +35 -0
  19. package/dist/server-core/src/auth/api-keys/api-key-types.d.ts +88 -0
  20. package/dist/server-core/src/auth/api-keys/index.d.ts +17 -0
  21. package/dist/server-core/src/auth/{auth-overrides.d.ts → auth-hooks.d.ts} +69 -11
  22. package/dist/server-core/src/auth/builtin-auth-adapter.d.ts +3 -3
  23. package/dist/server-core/src/auth/index.d.ts +5 -3
  24. package/dist/server-core/src/auth/interfaces.d.ts +93 -3
  25. package/dist/server-core/src/auth/jwt.d.ts +3 -1
  26. package/dist/server-core/src/auth/mfa.d.ts +49 -0
  27. package/dist/server-core/src/auth/middleware.d.ts +7 -0
  28. package/dist/server-core/src/auth/rate-limiter.d.ts +19 -0
  29. package/dist/server-core/src/auth/routes.d.ts +3 -3
  30. package/dist/server-core/src/env.d.ts +6 -0
  31. package/dist/server-core/src/index.d.ts +1 -0
  32. package/dist/server-core/src/init.d.ts +3 -3
  33. package/dist/server-core/src/services/webhook-service.d.ts +29 -0
  34. package/dist/server-core/src/storage/image-transform.d.ts +48 -0
  35. package/dist/server-core/src/storage/index.d.ts +3 -0
  36. package/dist/server-core/src/storage/tus-handler.d.ts +51 -0
  37. package/dist/types/src/controllers/auth.d.ts +4 -26
  38. package/dist/types/src/controllers/client.d.ts +25 -43
  39. package/dist/types/src/controllers/collection_registry.d.ts +1 -1
  40. package/dist/types/src/controllers/data.d.ts +4 -0
  41. package/dist/types/src/controllers/data_driver.d.ts +23 -0
  42. package/dist/types/src/controllers/registry.d.ts +5 -4
  43. package/dist/types/src/rebase_context.d.ts +1 -1
  44. package/dist/types/src/types/auth_adapter.d.ts +5 -60
  45. package/dist/types/src/types/backend.d.ts +2 -2
  46. package/dist/types/src/types/backend_hooks.d.ts +2 -17
  47. package/dist/types/src/types/collections.d.ts +0 -4
  48. package/dist/types/src/types/component_ref.d.ts +1 -1
  49. package/dist/types/src/types/cron.d.ts +1 -1
  50. package/dist/types/src/types/entity_views.d.ts +1 -0
  51. package/dist/types/src/types/export_import.d.ts +1 -1
  52. package/dist/types/src/types/formex.d.ts +2 -2
  53. package/dist/types/src/types/properties.d.ts +9 -7
  54. package/dist/types/src/types/translations.d.ts +28 -12
  55. package/dist/types/src/types/user_management_delegate.d.ts +22 -57
  56. package/dist/types/src/users/index.d.ts +0 -1
  57. package/dist/types/src/users/user.d.ts +0 -1
  58. package/package.json +8 -6
  59. package/src/api/ast-schema-editor.ts +4 -4
  60. package/src/api/errors.ts +16 -7
  61. package/src/api/logs-routes.ts +129 -0
  62. package/src/api/rest/api-generator.ts +42 -2
  63. package/src/api/rest/query-parser.ts +37 -1
  64. package/src/api/types.ts +6 -1
  65. package/src/auth/adapter-middleware.ts +20 -4
  66. package/src/auth/admin-routes.ts +36 -100
  67. package/src/auth/api-keys/api-key-middleware.ts +126 -0
  68. package/src/auth/api-keys/api-key-permission-guard.ts +64 -0
  69. package/src/auth/api-keys/api-key-routes.ts +183 -0
  70. package/src/auth/api-keys/api-key-store.ts +317 -0
  71. package/src/auth/api-keys/api-key-types.ts +94 -0
  72. package/src/auth/api-keys/index.ts +37 -0
  73. package/src/auth/{auth-overrides.ts → auth-hooks.ts} +81 -14
  74. package/src/auth/builtin-auth-adapter.ts +35 -73
  75. package/src/auth/custom-auth-adapter.ts +1 -1
  76. package/src/auth/index.ts +7 -3
  77. package/src/auth/interfaces.ts +111 -3
  78. package/src/auth/jwt.ts +19 -5
  79. package/src/auth/mfa.ts +160 -0
  80. package/src/auth/middleware.ts +20 -1
  81. package/src/auth/rate-limiter.ts +92 -0
  82. package/src/auth/routes.ts +455 -24
  83. package/src/cron/cron-loader.ts +5 -10
  84. package/src/cron/cron-scheduler.ts +11 -12
  85. package/src/cron/cron-store.ts +8 -7
  86. package/src/env.ts +2 -0
  87. package/src/functions/function-loader.ts +6 -9
  88. package/src/index.ts +1 -2
  89. package/src/init.ts +56 -8
  90. package/src/serve-spa.ts +5 -4
  91. package/src/services/webhook-service.ts +155 -0
  92. package/src/storage/image-transform.ts +202 -0
  93. package/src/storage/index.ts +3 -0
  94. package/src/storage/routes.ts +56 -3
  95. package/src/storage/tus-handler.ts +315 -0
  96. package/src/utils/dev-port.ts +14 -0
  97. package/src/utils/logging.ts +9 -7
  98. package/test/admin-routes.test.ts +62 -164
  99. package/test/api-generator.test.ts +0 -1
  100. package/test/api-key-permission-guard.test.ts +132 -0
  101. package/test/ast-schema-editor.test.ts +26 -0
  102. package/test/auth-routes.test.ts +1 -2
  103. package/test/backend-hooks-admin.test.ts +3 -29
  104. package/test/custom-auth-adapter.test.ts +2 -10
  105. package/test/email-templates.test.ts +169 -0
  106. package/test/function-loader.test.ts +124 -0
  107. package/test/jwt.test.ts +4 -2
  108. package/test/mfa.test.ts +197 -0
  109. package/test/middleware.test.ts +10 -5
  110. package/test/webhook-service.test.ts +249 -0
  111. package/vite.config.ts +3 -2
  112. package/dist/index-BZoAtuqi.js.map +0 -1
  113. package/dist/server-core/src/bootstrappers/index.d.ts +0 -0
  114. package/dist/types/src/users/roles.d.ts +0 -22
  115. package/src/bootstrappers/index.ts +0 -1
  116. package/src/singleton.test.ts +0 -28
@@ -7,6 +7,8 @@ export interface AccessTokenPayload {
7
7
  userId: string;
8
8
  roles: string[];
9
9
  uid?: string;
10
+ /** Authentication Assurance Level: aal1 = password/oauth, aal2 = MFA verified */
11
+ aal?: "aal1" | "aal2";
10
12
  }
11
13
  /**
12
14
  * Configure JWT settings - call this during initialization.
@@ -16,7 +18,7 @@ export declare function configureJwt(config: JwtConfig): void;
16
18
  /**
17
19
  * Generate an access token (short-lived, 1 hour by default)
18
20
  */
19
- export declare function generateAccessToken(userId: string, roles: string[]): string;
21
+ export declare function generateAccessToken(userId: string, roles: string[], aal?: "aal1" | "aal2", customClaims?: Record<string, unknown>): string;
20
22
  /**
21
23
  * Get the expiration time of an access token in milliseconds from now
22
24
  */
@@ -0,0 +1,49 @@
1
+ /**
2
+ * TOTP (Time-based One-Time Password) implementation.
3
+ *
4
+ * Pure Node.js crypto implementation — no external dependencies required.
5
+ * Implements RFC 6238 (TOTP) and RFC 4226 (HOTP).
6
+ */
7
+ /**
8
+ * Encode a Buffer to Base32 string (RFC 4648)
9
+ */
10
+ export declare function base32Encode(buffer: Buffer): string;
11
+ /**
12
+ * Decode a Base32 string to Buffer
13
+ */
14
+ export declare function base32Decode(encoded: string): Buffer;
15
+ /**
16
+ * Generate a TOTP value for the current time step
17
+ */
18
+ export declare function generateTotp(secret: Buffer, timeStep?: number): string;
19
+ /**
20
+ * Verify a TOTP token with a configurable time window
21
+ *
22
+ * @param secret - The shared secret as a Buffer
23
+ * @param token - The 6-digit TOTP code to verify
24
+ * @param window - Number of time steps to check on each side (default: 1)
25
+ * @returns true if the token is valid within the window
26
+ */
27
+ export declare function verifyTotp(secret: Buffer, token: string, window?: number): boolean;
28
+ /**
29
+ * Generate a new TOTP secret and return the setup information
30
+ *
31
+ * @param issuer - The issuer name (app name) for the QR code
32
+ * @param accountName - The account identifier (usually email)
33
+ * @returns Object with base32 secret and otpauth URI
34
+ */
35
+ export declare function generateTotpSecret(issuer: string, accountName: string): {
36
+ secret: string;
37
+ uri: string;
38
+ };
39
+ /**
40
+ * Generate a set of one-time recovery codes
41
+ *
42
+ * @param count - Number of recovery codes to generate (default: 10)
43
+ * @returns Array of formatted recovery code strings (e.g. "A1B2C-D3E4F")
44
+ */
45
+ export declare function generateRecoveryCodes(count?: number): string[];
46
+ /**
47
+ * Hash a recovery code for storage
48
+ */
49
+ export declare function hashRecoveryCode(code: string): string;
@@ -2,6 +2,7 @@ import { MiddlewareHandler, Context } from "hono";
2
2
  import { DataDriver } from "@rebasepro/types";
3
3
  import { AccessTokenPayload } from "./jwt";
4
4
  import { HonoEnv } from "../api/types";
5
+ import type { ApiKeyStore } from "./api-keys/api-key-store";
5
6
  /**
6
7
  * Result from a custom auth validator.
7
8
  * - `false`/`null`/`undefined` = not authenticated
@@ -45,6 +46,12 @@ export interface AuthMiddlewareOptions {
45
46
  * timing attacks. The key must be at least 32 characters.
46
47
  */
47
48
  serviceKey?: string;
49
+ /**
50
+ * API key store for authenticating `rk_` prefixed tokens.
51
+ * When set, tokens starting with `rk_` are validated against the
52
+ * database instead of being treated as JWTs.
53
+ */
54
+ apiKeyStore?: ApiKeyStore;
48
55
  }
49
56
  /**
50
57
  * Hono middleware that requires a valid JWT token
@@ -28,4 +28,23 @@ export declare const defaultAuthLimiter: MiddlewareHandler<HonoEnv>;
28
28
  * 50 requests per 15 minutes per IP.
29
29
  */
30
30
  export declare const strictAuthLimiter: MiddlewareHandler<HonoEnv>;
31
+ /**
32
+ * Key generator for API-key-based rate limiting.
33
+ *
34
+ * Uses the API key ID (from `c.get("apiKey")`) as the rate limit key.
35
+ * Falls back to IP-based keying when the request is not authenticated
36
+ * via an API key.
37
+ */
38
+ export declare function apiKeyKeyGenerator(c: Parameters<MiddlewareHandler<HonoEnv>>[0]): string;
39
+ /**
40
+ * Create a rate limiter specifically for API key requests.
41
+ *
42
+ * When a request is authenticated via an API key that has a `rate_limit`
43
+ * configured, this limiter enforces per-key limits using the key's ID
44
+ * as the rate limit bucket.
45
+ *
46
+ * @param defaultLimit - Fallback limit when the key has no `rate_limit` set.
47
+ * @param windowMs - Time window in milliseconds (default: 15 minutes).
48
+ */
49
+ export declare function createApiKeyRateLimiter(defaultLimit?: number, windowMs?: number): MiddlewareHandler<HonoEnv>;
31
50
  export {};
@@ -1,6 +1,6 @@
1
1
  import { Hono } from "hono";
2
2
  import type { AuthRepository, OAuthProvider } from "./interfaces";
3
- import type { AuthOverrides } from "./auth-overrides";
3
+ import type { AuthHooks } from "./auth-hooks";
4
4
  import { EmailService, EmailConfig } from "../email";
5
5
  import { HonoEnv } from "../api/types";
6
6
  /**
@@ -19,10 +19,10 @@ export interface AuthModuleConfig {
19
19
  /** When true, blocks all self-registration regardless of `allowRegistration`. */
20
20
  disableSelfRegistration?: boolean;
21
21
  /**
22
- * Auth overrides for customizing password hashing, credential
22
+ * Auth hooks for customizing password hashing, credential
23
23
  * verification, lifecycle hooks, etc.
24
24
  */
25
- overrides?: AuthOverrides;
25
+ authHooks?: AuthHooks;
26
26
  /**
27
27
  * Callback that checks if bootstrap has already been completed.
28
28
  * Used by GET /auth/config to report `needsSetup` status.
@@ -20,6 +20,8 @@ declare const rebaseEnvSchema: z.ZodObject<{
20
20
  DB_POOL_MAX: z.ZodEffects<z.ZodDefault<z.ZodString>, number, string | undefined>;
21
21
  DB_POOL_IDLE_TIMEOUT: z.ZodEffects<z.ZodDefault<z.ZodString>, number, string | undefined>;
22
22
  DB_POOL_CONNECT_TIMEOUT: z.ZodEffects<z.ZodDefault<z.ZodString>, number, string | undefined>;
23
+ DATABASE_DIRECT_URL: z.ZodOptional<z.ZodString>;
24
+ DATABASE_READ_URL: z.ZodOptional<z.ZodString>;
23
25
  FORCE_LOCAL_STORAGE: z.ZodEffects<z.ZodOptional<z.ZodEnum<["true", "false", ""]>>, boolean, "" | "true" | "false" | undefined>;
24
26
  STORAGE_TYPE: z.ZodDefault<z.ZodEnum<["local", "s3"]>>;
25
27
  STORAGE_PATH: z.ZodOptional<z.ZodString>;
@@ -50,6 +52,8 @@ declare const rebaseEnvSchema: z.ZodObject<{
50
52
  REBASE_SERVICE_KEY?: string | undefined;
51
53
  CORS_ORIGINS?: string | undefined;
52
54
  FRONTEND_URL?: string | undefined;
55
+ DATABASE_DIRECT_URL?: string | undefined;
56
+ DATABASE_READ_URL?: string | undefined;
53
57
  STORAGE_PATH?: string | undefined;
54
58
  S3_BUCKET?: string | undefined;
55
59
  S3_REGION?: string | undefined;
@@ -74,6 +78,8 @@ declare const rebaseEnvSchema: z.ZodObject<{
74
78
  DB_POOL_MAX?: string | undefined;
75
79
  DB_POOL_IDLE_TIMEOUT?: string | undefined;
76
80
  DB_POOL_CONNECT_TIMEOUT?: string | undefined;
81
+ DATABASE_DIRECT_URL?: string | undefined;
82
+ DATABASE_READ_URL?: string | undefined;
77
83
  FORCE_LOCAL_STORAGE?: "" | "true" | "false" | undefined;
78
84
  STORAGE_TYPE?: "local" | "s3" | undefined;
79
85
  STORAGE_PATH?: string | undefined;
@@ -29,3 +29,4 @@ export * from "./serve-spa";
29
29
  export * from "./utils/dev-port";
30
30
  export { loadEnv } from "./env";
31
31
  export type { RebaseEnv } from "./env";
32
+ export { z } from "zod";
@@ -7,7 +7,7 @@ import { HonoEnv } from "./api/types";
7
7
  import { BackendStorageConfig, StorageController, StorageRegistry } from "./storage";
8
8
  import { EmailConfig } from "./email";
9
9
  import type { OAuthProvider } from "./auth/interfaces";
10
- import type { AuthOverrides } from "./auth/auth-overrides";
10
+ import type { AuthHooks } from "./auth/auth-hooks";
11
11
  export interface RebaseAuthConfig {
12
12
  jwtSecret?: string;
13
13
  accessExpiresIn?: string;
@@ -93,13 +93,13 @@ export interface RebaseAuthConfig {
93
93
  * ```ts
94
94
  * import bcrypt from "bcrypt";
95
95
  *
96
- * overrides: {
96
+ * hooks: {
97
97
  * hashPassword: (pw) => bcrypt.hash(pw, 12),
98
98
  * verifyPassword: (pw, hash) => bcrypt.compare(pw, hash),
99
99
  * }
100
100
  * ```
101
101
  */
102
- overrides?: AuthOverrides;
102
+ hooks?: AuthHooks;
103
103
  [key: string]: unknown;
104
104
  }
105
105
  export interface RebaseBackendConfig {
@@ -0,0 +1,29 @@
1
+ export interface WebhookConfig {
2
+ id: string;
3
+ url: string;
4
+ secret?: string;
5
+ headers?: Record<string, string>;
6
+ events: string[];
7
+ table: string;
8
+ enabled: boolean;
9
+ }
10
+ export interface WebhookDeliveryResult {
11
+ webhookId: string;
12
+ event: string;
13
+ payload: Record<string, unknown>;
14
+ statusCode: number;
15
+ responseBody: string;
16
+ success: boolean;
17
+ attemptNumber: number;
18
+ }
19
+ export declare class WebhookDispatcher {
20
+ private webhooks;
21
+ private maxRetries;
22
+ private retryDelays;
23
+ /** Register webhooks to watch */
24
+ setWebhooks(webhooks: WebhookConfig[]): void;
25
+ /** Called when an entity changes — checks if any webhook matches */
26
+ onEntityChange(table: string, event: "INSERT" | "UPDATE" | "DELETE", entityId: string, entity: Record<string, unknown> | null, previousEntity?: Record<string, unknown> | null): Promise<WebhookDeliveryResult[]>;
27
+ private deliverWithRetry;
28
+ private deliver;
29
+ }
@@ -0,0 +1,48 @@
1
+ /**
2
+ * Image Transformation Service
3
+ *
4
+ * Provides on-the-fly image resize, crop, format conversion, and quality
5
+ * adjustment using the `sharp` library. Results are cached in an LRU
6
+ * in-memory cache to avoid redundant processing.
7
+ */
8
+ /** Options that can be specified via query parameters. */
9
+ export interface ImageTransformOptions {
10
+ width?: number;
11
+ height?: number;
12
+ quality?: number;
13
+ format?: "webp" | "avif" | "jpeg" | "png";
14
+ fit?: "cover" | "contain" | "fill" | "inside" | "outside";
15
+ }
16
+ /**
17
+ * Parse transform options from URL query parameters.
18
+ * Returns `null` when no transformation is requested.
19
+ */
20
+ export declare function parseTransformOptions(query: Record<string, string>): ImageTransformOptions | null;
21
+ /** Check whether a content type is a transformable image. */
22
+ export declare function isTransformableImage(contentType: string): boolean;
23
+ /**
24
+ * Apply image transformations and return the result buffer + content type.
25
+ */
26
+ export declare function transformImage(buffer: Buffer | Uint8Array, options: ImageTransformOptions): Promise<{
27
+ data: Buffer;
28
+ contentType: string;
29
+ }>;
30
+ /**
31
+ * Simple LRU cache for transformed images.
32
+ *
33
+ * Entries expire after `maxAgeMs` (default: 1 hour) and the cache
34
+ * evicts the oldest entry when `maxEntries` is exceeded.
35
+ */
36
+ export declare class TransformCache {
37
+ private cache;
38
+ private readonly maxEntries;
39
+ private readonly maxAgeMs;
40
+ constructor(maxEntries?: number, maxAgeMs?: number);
41
+ /** Build a deterministic cache key from file key + transform options. */
42
+ buildKey(fileKey: string, options: ImageTransformOptions): string;
43
+ get(cacheKey: string): {
44
+ data: Buffer;
45
+ contentType: string;
46
+ } | null;
47
+ set(cacheKey: string, data: Buffer, contentType: string): void;
48
+ }
@@ -15,6 +15,9 @@ export { S3StorageController } from "./S3StorageController";
15
15
  export { createStorageRoutes } from "./routes";
16
16
  export type { StorageRoutesConfig } from "./routes";
17
17
  export * from "./storage-registry";
18
+ export { parseTransformOptions, transformImage, isTransformableImage, TransformCache } from "./image-transform";
19
+ export type { ImageTransformOptions } from "./image-transform";
20
+ export { TusHandler } from "./tus-handler";
18
21
  import { BackendStorageConfig, StorageController } from "./types";
19
22
  /**
20
23
  * Create a storage controller from a config object.
@@ -0,0 +1,51 @@
1
+ /**
2
+ * TUS Protocol Handler
3
+ *
4
+ * Implements the TUS v1.0.0 resumable upload protocol with the
5
+ * Creation and Termination extensions. Uploads are stored in a
6
+ * temporary directory and moved to final storage on completion.
7
+ *
8
+ * @see https://tus.io/protocols/resumable-upload
9
+ */
10
+ import type { Context } from "hono";
11
+ import type { StorageController } from "./types";
12
+ /**
13
+ * TUS resumable upload handler.
14
+ *
15
+ * Each instance manages uploads for a single storage root. The
16
+ * `storageController` is used to finalize completed uploads by
17
+ * calling `putObject`.
18
+ */
19
+ export declare class TusHandler {
20
+ private storageController?;
21
+ private uploads;
22
+ private tusDir;
23
+ private cleanupTimer?;
24
+ constructor(storageBaseDir: string, storageController?: StorageController | undefined);
25
+ /** Ensure the temp directory exists. */
26
+ private ensureDir;
27
+ /** Start periodic cleanup of stale uploads. */
28
+ startCleanup(): void;
29
+ /** Remove uploads that have been idle for longer than UPLOAD_EXPIRY_MS. */
30
+ private cleanupStale;
31
+ /**
32
+ * Parse the `Upload-Metadata` header.
33
+ *
34
+ * Format: `key base64value,key2 base64value2`
35
+ */
36
+ private parseMetadata;
37
+ /** `OPTIONS /tus` — TUS capability discovery. */
38
+ options(): Response;
39
+ /** `POST /tus` — Create a new upload. */
40
+ create(c: Context): Promise<Response>;
41
+ /** `HEAD /tus/:id` — Query upload progress. */
42
+ head(c: Context, id: string): Response;
43
+ /** `PATCH /tus/:id` — Append data to an upload. */
44
+ patch(c: Context, id: string): Promise<Response>;
45
+ /** `DELETE /tus/:id` — Cancel and remove an upload. */
46
+ delete(c: Context, id: string): Promise<Response>;
47
+ /**
48
+ * Move a completed upload into the storage controller.
49
+ */
50
+ private finalize;
51
+ }
@@ -1,6 +1,4 @@
1
- import { StorageSource } from "./storage";
2
- import { Role, User } from "../users";
3
- import { RebaseData } from "./data";
1
+ import type { User } from "../users";
4
2
  /**
5
3
  * Capabilities advertised by an auth provider.
6
4
  * UI components use this to show/hide features dynamically
@@ -64,7 +62,7 @@ export type AuthController<USER extends User = User, ExtraData = unknown> = {
64
62
  extra: ExtraData;
65
63
  setExtra: (extra: ExtraData) => void;
66
64
  setUser?(user: USER | null): void;
67
- setUserRoles?(roles: Role[]): void;
65
+ setUserRoles?(roles: string[]): void;
68
66
  /**
69
67
  * Capabilities advertised by the auth provider.
70
68
  * UI components use this to feature-detect what the backend supports.
@@ -89,6 +87,8 @@ export interface AuthControllerExtended<USER extends User = User, ExtraData = un
89
87
  code: string;
90
88
  redirectUri: string;
91
89
  }) => Promise<void>;
90
+ /** Generic OAuth login — works with any provider. Posts payload to /auth/{providerId}. */
91
+ oauthLogin?: (providerId: string, payload: Record<string, unknown>) => Promise<void>;
92
92
  /** Register a new user */
93
93
  register?(email: string, password: string, displayName?: string): Promise<void>;
94
94
  /** Skip login (for anonymous access if enabled) */
@@ -102,25 +102,3 @@ export interface AuthControllerExtended<USER extends User = User, ExtraData = un
102
102
  /** Update user profile */
103
103
  updateProfile?(displayName?: string, photoURL?: string): Promise<USER>;
104
104
  }
105
- /**
106
- * Implement this function to allow access to specific users.
107
- * @group Hooks and utilities
108
- */
109
- export type Authenticator<USER extends User = User> = (props: {
110
- /**
111
- * Logged-in user or null
112
- */
113
- user: USER | null;
114
- /**
115
- * AuthController
116
- */
117
- authController: AuthController<USER>;
118
- /**
119
- * Unified data access API
120
- */
121
- data: RebaseData;
122
- /**
123
- * Used storage implementation
124
- */
125
- storageSource: StorageSource;
126
- }) => boolean | Promise<boolean>;
@@ -1,6 +1,6 @@
1
- import { User } from "../users";
2
- import { RebaseData } from "./data";
3
- import { EmailService } from "./email";
1
+ import type { User } from "../users";
2
+ import type { RebaseData } from "./data";
3
+ import type { EmailService } from "./email";
4
4
  /**
5
5
  * Event type for authentication state changes
6
6
  */
@@ -14,7 +14,7 @@ export interface RebaseSession {
14
14
  expiresAt: number;
15
15
  user: User;
16
16
  }
17
- import { StorageSource } from "./storage";
17
+ import type { StorageSource } from "./storage";
18
18
  /**
19
19
  * Unified Authentication Client Interface
20
20
  * Pure functional SDK interface, decoupled from UI and React hooks
@@ -56,20 +56,9 @@ export interface AdminUser {
56
56
  createdAt: string;
57
57
  updatedAt: string;
58
58
  }
59
- /**
60
- * Role record as returned by the Admin API.
61
- * @group Admin
62
- */
63
- export interface AdminRole {
64
- id: string;
65
- name: string;
66
- isAdmin: boolean;
67
- defaultPermissions: Record<string, unknown> | null;
68
- config: Record<string, unknown> | null;
69
- }
70
59
  /**
71
60
  * Client-side Admin API interface.
72
- * Provides user and role management operations.
61
+ * Provides user management operations.
73
62
  * @group Admin
74
63
  */
75
64
  export interface AdminAPI {
@@ -112,32 +101,6 @@ export interface AdminAPI {
112
101
  deleteUser(userId: string): Promise<{
113
102
  success: boolean;
114
103
  }>;
115
- listRoles(): Promise<{
116
- roles: AdminRole[];
117
- }>;
118
- getRole(roleId: string): Promise<{
119
- role: AdminRole;
120
- }>;
121
- createRole(data: {
122
- id: string;
123
- name: string;
124
- isAdmin?: boolean;
125
- defaultPermissions?: Record<string, unknown>;
126
- config?: Record<string, unknown>;
127
- }): Promise<{
128
- role: AdminRole;
129
- }>;
130
- updateRole(roleId: string, data: {
131
- name?: string;
132
- isAdmin?: boolean;
133
- defaultPermissions?: Record<string, unknown>;
134
- config?: Record<string, unknown>;
135
- }): Promise<{
136
- role: AdminRole;
137
- }>;
138
- deleteRole(roleId: string): Promise<{
139
- success: boolean;
140
- }>;
141
104
  bootstrap(): Promise<{
142
105
  success: boolean;
143
106
  message: string;
@@ -168,7 +131,7 @@ export interface RebaseClient<DB = unknown> {
168
131
  * > The client-side SDK does not include an email service.
169
132
  */
170
133
  email?: EmailService;
171
- /** Admin API for user and role management */
134
+ /** Admin API for user management */
172
135
  admin?: AdminAPI;
173
136
  /**
174
137
  * The base HTTP URL of the backend server.
@@ -183,4 +146,23 @@ export interface RebaseClient<DB = unknown> {
183
146
  * detection (e.g. `typeof ws.executeSql === "function"`).
184
147
  */
185
148
  ws?: unknown;
149
+ /**
150
+ * Execute raw SQL against the database.
151
+ *
152
+ * Only available server-side when the backend uses a SQL database
153
+ * (PostgreSQL, MySQL, etc.). `undefined` for document databases
154
+ * (MongoDB, Firestore) and on the client-side SDK.
155
+ *
156
+ * @example
157
+ * ```typescript
158
+ * // In a cron job or custom function:
159
+ * if (ctx.client.sql) {
160
+ * const rows = await ctx.client.sql("SELECT count(*) FROM orders");
161
+ * }
162
+ * ```
163
+ */
164
+ sql?(query: string, options?: {
165
+ database?: string;
166
+ role?: string;
167
+ }): Promise<Record<string, unknown>[]>;
186
168
  }
@@ -4,7 +4,7 @@ import type { EntityReference } from "../types/entities";
4
4
  * Controller that provides access to the registered entity collections.
5
5
  * @group Models
6
6
  */
7
- export type CollectionRegistryController<DB = Record<string, unknown>, EC extends EntityCollection = EntityCollection<any>> = {
7
+ export type CollectionRegistryController<DB = Record<string, unknown>, EC extends EntityCollection = EntityCollection> = {
8
8
  /**
9
9
  * List of the mapped collections in the CMS.
10
10
  * Each entry relates to a collection in the root database.
@@ -125,6 +125,10 @@ export interface CollectionAccessor<M extends Record<string, unknown> = Record<s
125
125
  * Delete a record by ID.
126
126
  */
127
127
  delete(id: string | number): Promise<void>;
128
+ /**
129
+ * Delete all records in this collection.
130
+ */
131
+ deleteAll?(): Promise<void>;
128
132
  /**
129
133
  * Subscribe to a collection for real-time updates.
130
134
  * Optional method, may not be supported by all implementations (like stateless HTTP clients).
@@ -17,6 +17,21 @@ export type ListenEntityProps<M extends Record<string, unknown> = Record<string,
17
17
  onUpdate: (entity: Entity<M> | null) => void;
18
18
  onError?: (error: Error) => void;
19
19
  };
20
+ /**
21
+ * Configuration for vector similarity search queries.
22
+ * Vector search applies an ORDER BY distance expression and optionally
23
+ * filters results by a distance threshold.
24
+ */
25
+ export interface VectorSearchParams {
26
+ /** Property name containing the vector column */
27
+ property: string;
28
+ /** Query vector to compare against */
29
+ vector: number[];
30
+ /** Distance function (default: "cosine") */
31
+ distance?: "cosine" | "l2" | "inner_product";
32
+ /** Only return results within this distance threshold */
33
+ threshold?: number;
34
+ }
20
35
  /**
21
36
  * @internal
22
37
  */
@@ -30,6 +45,8 @@ export interface FetchCollectionProps<M extends Record<string, unknown> = Record
30
45
  orderBy?: string;
31
46
  searchString?: string;
32
47
  order?: "desc" | "asc";
48
+ /** Vector similarity search configuration */
49
+ vectorSearch?: VectorSearchParams;
33
50
  }
34
51
  /**
35
52
  * @internal
@@ -112,6 +129,11 @@ export interface DataDriver {
112
129
  * @return was the whole deletion flow successful
113
130
  */
114
131
  deleteEntity<M extends Record<string, unknown> = Record<string, unknown>>(props: DeleteEntityProps<M>): Promise<void>;
132
+ /**
133
+ * Delete all entities from a collection.
134
+ * @param path Collection path
135
+ */
136
+ deleteAll?(path: string): Promise<void>;
115
137
  /**
116
138
  * Check if the given property is unique in the given collection
117
139
  * @param path Collection path
@@ -187,6 +209,7 @@ export interface RestFetchService {
187
209
  startAfter?: Record<string, unknown>;
188
210
  searchString?: string;
189
211
  databaseId?: string;
212
+ vectorSearch?: VectorSearchParams;
190
213
  }, include?: string[]): Promise<Record<string, unknown>[]>;
191
214
  /**
192
215
  * Fetch a single flattened entity with optional relation includes.
@@ -4,6 +4,7 @@ import type { EntityCollectionsBuilder } from "../types/builders";
4
4
  import type { EntityCustomView } from "../types/entity_views";
5
5
  import type { EntityAction } from "../types/entity_actions";
6
6
  import type { AppView, NavigationGroupMapping } from "./navigation";
7
+ import type { RebasePlugin } from "../types/plugins";
7
8
  /**
8
9
  * Options to enable the built-in collection editor.
9
10
  * When provided to `<RebaseCMS>`, the editor is auto-wired as a native feature.
@@ -19,12 +20,12 @@ export interface CollectionEditorOptions {
19
20
  /** Suggested base paths shown when creating new collections. */
20
21
  pathSuggestions?: string[];
21
22
  }
22
- export interface RebaseCMSConfig<EC extends EntityCollection = any> {
23
+ export interface RebaseCMSConfig<EC extends EntityCollection = EntityCollection> {
23
24
  collections?: EC[] | EntityCollectionsBuilder<EC>;
24
25
  homePage?: ReactNode;
25
- entityViews?: EntityCustomView<any>[];
26
+ entityViews?: EntityCustomView[];
26
27
  entityActions?: EntityAction[];
27
- plugins?: any[];
28
+ plugins?: RebasePlugin[];
28
29
  /**
29
30
  * Centralized configuration for how collections and views are grouped
30
31
  * in the navigation sidebar and home page.
@@ -42,7 +43,7 @@ export interface RebaseCMSConfig<EC extends EntityCollection = any> {
42
43
  collectionEditor?: boolean | CollectionEditorOptions;
43
44
  }
44
45
  export interface RebaseStudioConfig {
45
- tools?: ("sql" | "js" | "rls" | "schema" | "storage" | "cron" | "schema-visualizer" | "branches" | "api")[];
46
+ tools?: ("sql" | "js" | "rls" | "schema" | "storage" | "cron" | "schema-visualizer" | "branches" | "api" | "logs")[];
46
47
  homePage?: ReactNode;
47
48
  devViews?: AppView[];
48
49
  }
@@ -28,7 +28,7 @@ export type RebaseCallContext<USER extends User = User> = {
28
28
  * const { client } = props.context;
29
29
  * const result = await client.functions.invoke('extract-job', { url });
30
30
  */
31
- client: RebaseClient<any>;
31
+ client: RebaseClient;
32
32
  /**
33
33
  * Unified data access — `context.data.products.create(...)`.
34
34
  * Access any collection as a dynamic property.