@rebasepro/server-core 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (168) hide show
  1. package/package.json +14 -14
  2. package/src/api/errors.ts +16 -2
  3. package/src/api/graphql/graphql-schema-generator.ts +45 -10
  4. package/src/api/rest/api-generator.ts +19 -2
  5. package/src/api/server.ts +10 -2
  6. package/src/api/types.ts +6 -0
  7. package/src/auth/adapter-middleware.ts +10 -2
  8. package/src/auth/admin-roles-route.ts +36 -0
  9. package/src/auth/admin-users-route.ts +302 -0
  10. package/src/auth/api-keys/api-key-middleware.ts +4 -3
  11. package/src/auth/api-keys/api-key-routes.ts +12 -2
  12. package/src/auth/api-keys/api-key-store.ts +83 -66
  13. package/src/auth/api-keys/api-key-types.ts +8 -0
  14. package/src/auth/apple-oauth.ts +2 -1
  15. package/src/auth/auth-hooks.ts +21 -0
  16. package/src/auth/bitbucket-oauth.ts +2 -1
  17. package/src/auth/builtin-auth-adapter.ts +28 -4
  18. package/src/auth/custom-auth-adapter.ts +2 -0
  19. package/src/auth/discord-oauth.ts +2 -1
  20. package/src/auth/facebook-oauth.ts +2 -1
  21. package/src/auth/github-oauth.ts +2 -1
  22. package/src/auth/gitlab-oauth.ts +2 -1
  23. package/src/auth/google-oauth.ts +8 -4
  24. package/src/auth/index.ts +2 -0
  25. package/src/auth/interfaces.ts +27 -0
  26. package/src/auth/linkedin-oauth.ts +2 -1
  27. package/src/auth/magic-link-routes.ts +167 -0
  28. package/src/auth/mfa-crypto.ts +91 -0
  29. package/src/auth/mfa-routes.ts +34 -10
  30. package/src/auth/microsoft-oauth.ts +2 -1
  31. package/src/auth/middleware.ts +10 -1
  32. package/src/auth/reset-password-admin.ts +17 -1
  33. package/src/auth/routes.ts +77 -8
  34. package/src/auth/session-routes.ts +15 -3
  35. package/src/auth/slack-oauth.ts +2 -1
  36. package/src/auth/spotify-oauth.ts +2 -1
  37. package/src/auth/twitter-oauth.ts +8 -1
  38. package/src/cron/cron-store.ts +25 -23
  39. package/src/email/index.ts +3 -2
  40. package/src/email/templates.ts +82 -0
  41. package/src/email/types.ts +16 -0
  42. package/src/init.ts +137 -5
  43. package/src/services/routed-realtime-service.ts +113 -0
  44. package/src/storage/routes.ts +4 -0
  45. package/src/utils/dev-port.ts +13 -7
  46. package/test/auth-routes.test.ts +54 -4
  47. package/test/custom-auth-adapter.test.ts +20 -1
  48. package/test/env.test.ts +9 -19
  49. package/test/multi-datasource-routing.test.ts +113 -0
  50. package/test/routed-realtime-service.test.ts +86 -0
  51. package/test/transform-auth-response.test.ts +305 -0
  52. package/vite.config.ts +5 -0
  53. package/build-errors.txt +0 -52
  54. package/dist/api/ast-schema-editor.d.ts +0 -21
  55. package/dist/api/collections_for_test/callbacks_test_collection.d.ts +0 -2
  56. package/dist/api/errors.d.ts +0 -53
  57. package/dist/api/graphql/graphql-schema-generator.d.ts +0 -35
  58. package/dist/api/graphql/index.d.ts +0 -1
  59. package/dist/api/index.d.ts +0 -9
  60. package/dist/api/logs-routes.d.ts +0 -37
  61. package/dist/api/openapi-generator.d.ts +0 -16
  62. package/dist/api/rest/api-generator.d.ts +0 -88
  63. package/dist/api/rest/index.d.ts +0 -1
  64. package/dist/api/rest/query-parser.d.ts +0 -11
  65. package/dist/api/schema-editor-routes.d.ts +0 -3
  66. package/dist/api/server.d.ts +0 -40
  67. package/dist/api/types.d.ts +0 -98
  68. package/dist/auth/adapter-middleware.d.ts +0 -37
  69. package/dist/auth/admin-user-ops.d.ts +0 -79
  70. package/dist/auth/api-keys/api-key-middleware.d.ts +0 -39
  71. package/dist/auth/api-keys/api-key-permission-guard.d.ts +0 -32
  72. package/dist/auth/api-keys/api-key-routes.d.ts +0 -20
  73. package/dist/auth/api-keys/api-key-store.d.ts +0 -35
  74. package/dist/auth/api-keys/api-key-types.d.ts +0 -88
  75. package/dist/auth/api-keys/index.d.ts +0 -17
  76. package/dist/auth/apple-oauth.d.ts +0 -30
  77. package/dist/auth/auth-hooks.d.ts +0 -225
  78. package/dist/auth/bitbucket-oauth.d.ts +0 -11
  79. package/dist/auth/builtin-auth-adapter.d.ts +0 -49
  80. package/dist/auth/crypto-utils.d.ts +0 -16
  81. package/dist/auth/custom-auth-adapter.d.ts +0 -39
  82. package/dist/auth/discord-oauth.d.ts +0 -14
  83. package/dist/auth/facebook-oauth.d.ts +0 -14
  84. package/dist/auth/github-oauth.d.ts +0 -15
  85. package/dist/auth/gitlab-oauth.d.ts +0 -13
  86. package/dist/auth/google-oauth.d.ts +0 -47
  87. package/dist/auth/index.d.ts +0 -36
  88. package/dist/auth/interfaces.d.ts +0 -401
  89. package/dist/auth/jwt.d.ts +0 -55
  90. package/dist/auth/linkedin-oauth.d.ts +0 -18
  91. package/dist/auth/mfa-routes.d.ts +0 -6
  92. package/dist/auth/mfa.d.ts +0 -49
  93. package/dist/auth/microsoft-oauth.d.ts +0 -16
  94. package/dist/auth/middleware.d.ts +0 -106
  95. package/dist/auth/password.d.ts +0 -22
  96. package/dist/auth/rate-limiter.d.ts +0 -50
  97. package/dist/auth/reset-password-admin.d.ts +0 -29
  98. package/dist/auth/rls-scope.d.ts +0 -31
  99. package/dist/auth/routes.d.ts +0 -33
  100. package/dist/auth/session-routes.d.ts +0 -25
  101. package/dist/auth/slack-oauth.d.ts +0 -12
  102. package/dist/auth/spotify-oauth.d.ts +0 -12
  103. package/dist/auth/twitter-oauth.d.ts +0 -18
  104. package/dist/backend-CIxN4FVm.js +0 -15
  105. package/dist/backend-CIxN4FVm.js.map +0 -1
  106. package/dist/chunk-Dze3rakg.js +0 -42
  107. package/dist/collections/BackendCollectionRegistry.d.ts +0 -13
  108. package/dist/collections/loader.d.ts +0 -5
  109. package/dist/cron/cron-loader.d.ts +0 -17
  110. package/dist/cron/cron-routes.d.ts +0 -14
  111. package/dist/cron/cron-scheduler.d.ts +0 -106
  112. package/dist/cron/cron-store.d.ts +0 -32
  113. package/dist/cron/index.d.ts +0 -6
  114. package/dist/db/interfaces.d.ts +0 -18
  115. package/dist/dist-CZKP-Xz4.js +0 -832
  116. package/dist/dist-CZKP-Xz4.js.map +0 -1
  117. package/dist/email/index.d.ts +0 -6
  118. package/dist/email/smtp-email-service.d.ts +0 -25
  119. package/dist/email/templates.d.ts +0 -42
  120. package/dist/email/types.d.ts +0 -108
  121. package/dist/env.d.ts +0 -102
  122. package/dist/from-VbwD7xRf.js +0 -3849
  123. package/dist/from-VbwD7xRf.js.map +0 -1
  124. package/dist/functions/function-loader.d.ts +0 -17
  125. package/dist/functions/function-routes.d.ts +0 -10
  126. package/dist/functions/index.d.ts +0 -3
  127. package/dist/history/history-routes.d.ts +0 -23
  128. package/dist/history/index.d.ts +0 -1
  129. package/dist/index.d.ts +0 -33
  130. package/dist/index.es.js +0 -61726
  131. package/dist/index.es.js.map +0 -1
  132. package/dist/index.umd.js +0 -73216
  133. package/dist/index.umd.js.map +0 -1
  134. package/dist/init/docs.d.ts +0 -4
  135. package/dist/init/health.d.ts +0 -2
  136. package/dist/init/middlewares.d.ts +0 -10
  137. package/dist/init/shutdown.d.ts +0 -11
  138. package/dist/init/storage.d.ts +0 -5
  139. package/dist/init.d.ts +0 -258
  140. package/dist/jwt-DHcQRGC3.js +0 -4168
  141. package/dist/jwt-DHcQRGC3.js.map +0 -1
  142. package/dist/logger-BYU66ENZ.js +0 -94
  143. package/dist/logger-BYU66ENZ.js.map +0 -1
  144. package/dist/ms-BeBSuOXN.js +0 -125
  145. package/dist/ms-BeBSuOXN.js.map +0 -1
  146. package/dist/multipart-parser-CedBDOeC.js +0 -299
  147. package/dist/multipart-parser-CedBDOeC.js.map +0 -1
  148. package/dist/serve-spa.d.ts +0 -30
  149. package/dist/services/driver-registry.d.ts +0 -78
  150. package/dist/services/webhook-service.d.ts +0 -29
  151. package/dist/singleton.d.ts +0 -35
  152. package/dist/src-COaj0G3P.js +0 -1182
  153. package/dist/src-COaj0G3P.js.map +0 -1
  154. package/dist/storage/LocalStorageController.d.ts +0 -46
  155. package/dist/storage/S3StorageController.d.ts +0 -36
  156. package/dist/storage/image-transform.d.ts +0 -50
  157. package/dist/storage/index.d.ts +0 -28
  158. package/dist/storage/routes.d.ts +0 -38
  159. package/dist/storage/storage-registry.d.ts +0 -78
  160. package/dist/storage/tus-handler.d.ts +0 -51
  161. package/dist/storage/types.d.ts +0 -103
  162. package/dist/types/index.d.ts +0 -11
  163. package/dist/utils/dev-port.d.ts +0 -35
  164. package/dist/utils/logger.d.ts +0 -31
  165. package/dist/utils/logging.d.ts +0 -9
  166. package/dist/utils/request-id.d.ts +0 -4
  167. package/dist/utils/request-logger.d.ts +0 -19
  168. package/dist/utils/sql.d.ts +0 -27
@@ -1,4 +0,0 @@
1
- import { Hono } from "hono";
2
- import { EntityCollection } from "@rebasepro/types";
3
- import { HonoEnv } from "../api/types";
4
- export declare function mountOpenApiDocs(app: Hono<HonoEnv>, basePath: string, enableSwagger: boolean | undefined, activeCollections: EntityCollection[], requireAuth: boolean): Promise<void>;
@@ -1,2 +0,0 @@
1
- import { DataDriver, HealthCheckResult } from "@rebasepro/types";
2
- export declare function createHealthCheck(defaultDriver: DataDriver): () => Promise<HealthCheckResult>;
@@ -1,10 +0,0 @@
1
- import { Hono } from "hono";
2
- import { HonoEnv } from "../api/types";
3
- interface MiddlewareConfig {
4
- maxBodySize?: number;
5
- csrf?: {
6
- origin: string | string[] | ((origin: string) => boolean);
7
- };
8
- }
9
- export declare function configureMiddlewares(app: Hono<HonoEnv>, basePath: string, isProduction: boolean, config: MiddlewareConfig): void;
10
- export {};
@@ -1,11 +0,0 @@
1
- import { Server } from "http";
2
- import { RealtimeProvider } from "@rebasepro/types";
3
- interface ShutdownConfig {
4
- server: Server;
5
- cronScheduler?: {
6
- stop(): void;
7
- };
8
- realtimeServices: Record<string, RealtimeProvider>;
9
- }
10
- export declare function createShutdown(config: ShutdownConfig): (timeoutMs?: number) => Promise<void>;
11
- export {};
@@ -1,5 +0,0 @@
1
- import { BackendStorageConfig, StorageController, StorageRegistry } from "../storage";
2
- export declare function initializeStorage(storageConfig: BackendStorageConfig | StorageController | Record<string, BackendStorageConfig | StorageController> | undefined, isProduction: boolean): {
3
- storageRegistry?: StorageRegistry;
4
- storageController?: StorageController;
5
- };
package/dist/init.d.ts DELETED
@@ -1,258 +0,0 @@
1
- import { AuthAdapter, BackendBootstrapper, BackendHooks, BootstrappedAuth, DatabaseAdapter, DataDriver, EntityCollection, HealthCheckResult, RealtimeProvider, SecurityRule } from "@rebasepro/types";
2
- import { BackendCollectionRegistry } from "./collections/BackendCollectionRegistry";
3
- import { DriverRegistry } from "./services/driver-registry";
4
- import { Server } from "http";
5
- import { Hono } from "hono";
6
- import { HonoEnv } from "./api/types";
7
- import { BackendStorageConfig, StorageController, StorageRegistry } from "./storage";
8
- import { EmailConfig } from "./email";
9
- import type { OAuthProvider } from "./auth/interfaces";
10
- import type { AuthHooks } from "./auth/auth-hooks";
11
- export interface RebaseAuthConfig {
12
- /**
13
- * The collection that represents auth users.
14
- *
15
- * When provided, this collection's underlying database table is used
16
- * for all auth operations (login, registration, password reset, etc.).
17
- *
18
- * Import the built-in default:
19
- * ```ts
20
- * import { defaultUsersCollection } from "@rebasepro/common";
21
- * auth: { collection: defaultUsersCollection, jwtSecret: "..." }
22
- * ```
23
- *
24
- * Or pass your own collection with the required auth fields
25
- * (email, passwordHash, displayName, etc.).
26
- */
27
- collection?: EntityCollection;
28
- jwtSecret?: string;
29
- accessExpiresIn?: string;
30
- refreshExpiresIn?: string;
31
- requireAuth?: boolean;
32
- allowRegistration?: boolean;
33
- /**
34
- * A static secret key for server-to-server / script authentication.
35
- *
36
- * When a request includes `Authorization: Bearer <serviceKey>`, it is
37
- * granted admin-level access without JWT verification. This is the
38
- * Rebase equivalent of a Firebase Service Account key.
39
- *
40
- * Generate with: `node -e "logger.info(require('crypto').randomBytes(48).toString('base64'))"`
41
- *
42
- * Set via `REBASE_SERVICE_KEY` in your `.env`.
43
- * Must be at least 32 characters.
44
- */
45
- serviceKey?: string;
46
- email?: EmailConfig;
47
- google?: {
48
- clientId: string;
49
- clientSecret?: string;
50
- };
51
- linkedin?: {
52
- clientId: string;
53
- clientSecret: string;
54
- };
55
- github?: {
56
- clientId: string;
57
- clientSecret: string;
58
- };
59
- microsoft?: {
60
- clientId: string;
61
- clientSecret: string;
62
- tenantId?: string;
63
- };
64
- apple?: {
65
- clientId: string;
66
- teamId: string;
67
- keyId: string;
68
- privateKey: string;
69
- };
70
- facebook?: {
71
- clientId: string;
72
- clientSecret: string;
73
- };
74
- twitter?: {
75
- clientId: string;
76
- clientSecret: string;
77
- };
78
- discord?: {
79
- clientId: string;
80
- clientSecret: string;
81
- };
82
- gitlab?: {
83
- clientId: string;
84
- clientSecret: string;
85
- baseUrl?: string;
86
- };
87
- bitbucket?: {
88
- clientId: string;
89
- clientSecret: string;
90
- };
91
- slack?: {
92
- clientId: string;
93
- clientSecret: string;
94
- };
95
- spotify?: {
96
- clientId: string;
97
- clientSecret: string;
98
- };
99
- defaultRole?: string;
100
- providers?: OAuthProvider<any>[];
101
- /**
102
- * Override specific parts of the built-in auth implementation.
103
- *
104
- * Each override replaces one piece of the default behavior while
105
- * keeping everything else intact. Unset overrides fall through
106
- * to the built-in defaults (scrypt passwords, standard validation, etc.).
107
- *
108
- * @example bcrypt passwords with a custom hash
109
- * ```ts
110
- * import bcrypt from "bcrypt";
111
- *
112
- * hooks: {
113
- * hashPassword: (pw) => bcrypt.hash(pw, 12),
114
- * verifyPassword: (pw, hash) => bcrypt.compare(pw, hash),
115
- * }
116
- * ```
117
- */
118
- hooks?: AuthHooks;
119
- [key: string]: unknown;
120
- }
121
- export interface RebaseBackendConfig {
122
- collections?: EntityCollection[];
123
- collectionsDir?: string;
124
- server: Server;
125
- app: Hono<HonoEnv>;
126
- basePath?: string;
127
- /**
128
- * Database bootstrappers.
129
- */
130
- bootstrappers?: BackendBootstrapper[];
131
- /**
132
- * Database adapter.
133
- *
134
- * When set, this takes precedence over `bootstrappers`.
135
- *
136
- * @example
137
- * ```ts
138
- * import { createPostgresAdapter } from "@rebasepro/server-postgresql";
139
- * database: createPostgresAdapter({ connection: db, schema }),
140
- * ```
141
- */
142
- database?: DatabaseAdapter;
143
- logging?: {
144
- level?: "error" | "warn" | "info" | "debug";
145
- };
146
- /**
147
- * Authentication configuration.
148
- *
149
- * Accepts **either**:
150
- * - `RebaseAuthConfig` — built-in configuration
151
- * - `AuthAdapter` — pluggable adapter for external auth (Clerk, Auth0, etc.)
152
- *
153
- * When a plain config object is provided, the built-in adapter is created
154
- * automatically from the bootstrapper's `initializeAuth()` result.
155
- */
156
- auth?: RebaseAuthConfig | AuthAdapter;
157
- /**
158
- * Storage configuration. Accepts:
159
- *
160
- * - A `BackendStorageConfig` object (`{ type: 'local' | 's3', ... }`)
161
- * - A `StorageController` instance (for custom providers like GCS, Azure, etc.)
162
- * - A `Record<string, ...>` of either, for multi-backend setups
163
- */
164
- storage?: BackendStorageConfig | StorageController | Record<string, BackendStorageConfig | StorageController>;
165
- history?: unknown;
166
- /**
167
- * Default security rules applied to any collection that does not define
168
- * its own `securityRules`. Opt-in — if not set, collections without
169
- * explicit rules remain unrestricted (beyond `requireAuth`).
170
- *
171
- * @example
172
- * ```ts
173
- * defaultSecurityRules: [
174
- * { operation: "select", access: "public" },
175
- * { operations: ["insert", "update", "delete"], roles: ["admin"] }
176
- * ]
177
- * ```
178
- */
179
- defaultSecurityRules?: SecurityRule[];
180
- enableSwagger?: boolean;
181
- functionsDir?: string;
182
- cronsDir?: string;
183
- /**
184
- * Enable/disable database persistence for cron job execution logs.
185
- * When set to false, cron jobs will run but logs will not be persisted to the database.
186
- * Default: true.
187
- */
188
- cronPersistence?: boolean;
189
- /**
190
- * Maximum request body size in bytes for API routes (default: 10MB).
191
- * Set to 0 to disable the global limit entirely.
192
- *
193
- * Note: Storage upload routes use their own limit from the storage config's
194
- * `maxFileSize` property (default: 50MB), which takes precedence over this.
195
- */
196
- maxBodySize?: number;
197
- /**
198
- * CSRF protection configuration. **Opt-in** — disabled by default.
199
- *
200
- * BaaS APIs are consumed by mobile apps, SPAs on different domains,
201
- * and CLI tools, so CSRF is intentionally not enabled unless you
202
- * explicitly configure it with allowed origins.
203
- *
204
- * @example
205
- * ```ts
206
- * csrf: { origin: ["https://myapp.com", "https://admin.myapp.com"] }
207
- * ```
208
- */
209
- csrf?: {
210
- /** Allowed origins for CSRF validation. */
211
- origin: string | string[] | ((origin: string) => boolean);
212
- };
213
- /**
214
- * Backend-level hooks for intercepting collection entity data
215
- * at the REST API boundary. These run server-side after database
216
- * operations and before API responses are sent.
217
- *
218
- * Complement the per-collection `EntityCallbacks` system which
219
- * handles collection CRUD operations.
220
- */
221
- hooks?: BackendHooks;
222
- }
223
- /**
224
- * Type guard to detect whether the `auth` config is an `AuthAdapter`
225
- * (has a `verifyRequest` method) vs a plain `RebaseAuthConfig` (plain object).
226
- */
227
- export declare function isAuthAdapter(auth: RebaseAuthConfig | AuthAdapter): auth is AuthAdapter;
228
- /**
229
- * Type guard to detect whether `database` is a `DatabaseAdapter`.
230
- */
231
- export declare function isDatabaseAdapter(db: unknown): db is DatabaseAdapter;
232
- export interface RebaseBackendInstance {
233
- driverRegistry: DriverRegistry;
234
- driver: DataDriver;
235
- realtimeServices: Record<string, RealtimeProvider>;
236
- realtimeService: RealtimeProvider;
237
- auth?: BootstrappedAuth;
238
- history?: unknown;
239
- storageRegistry?: StorageRegistry;
240
- storageController?: StorageController;
241
- collectionRegistry: BackendCollectionRegistry;
242
- cronScheduler?: import("./cron").CronScheduler;
243
- /**
244
- * Deep health check that verifies database connectivity.
245
- * Returns latency and component status.
246
- */
247
- healthCheck(): Promise<HealthCheckResult>;
248
- /**
249
- * Graceful shutdown helper for the BaaS instance.
250
- * Stops the cron scheduler and closes the HTTP server, allowing
251
- * in-flight requests to drain within the given timeout.
252
- *
253
- * @param timeoutMs - Maximum time (ms) to wait for drain before force-exit (default: 15000).
254
- * Pass 0 to skip the force-exit timer (useful in tests).
255
- */
256
- shutdown(timeoutMs?: number): Promise<void>;
257
- }
258
- export declare function initializeRebaseBackend(config: RebaseBackendConfig): Promise<RebaseBackendInstance>;