@rebasepro/server-postgresql 0.5.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{server-postgresql/src/PostgresAdapter.d.ts → PostgresAdapter.d.ts} +1 -1
- package/dist/{server-postgresql/src/PostgresBackendDriver.d.ts → PostgresBackendDriver.d.ts} +2 -2
- package/dist/{server-postgresql/src/PostgresBootstrapper.d.ts → PostgresBootstrapper.d.ts} +11 -1
- package/dist/{server-postgresql/src/collections → collections}/PostgresCollectionRegistry.d.ts +4 -0
- package/dist/index.es.js +10207 -11145
- package/dist/index.es.js.map +1 -1
- package/dist/{server-postgresql/src/services → services}/EntityPersistService.d.ts +0 -14
- package/dist/utils/pg-array-null-patch.d.ts +16 -0
- package/dist/utils/pg-error-utils.d.ts +55 -0
- package/package.json +24 -21
- package/src/PostgresAdapter.ts +9 -10
- package/src/PostgresBackendDriver.ts +134 -121
- package/src/PostgresBootstrapper.ts +100 -30
- package/src/auth/ensure-tables.ts +28 -5
- package/src/auth/services.ts +28 -18
- package/src/cli.ts +99 -96
- package/src/collections/PostgresCollectionRegistry.ts +7 -0
- package/src/connection.ts +11 -6
- package/src/data-transformer.ts +25 -15
- package/src/databasePoolManager.ts +3 -2
- package/src/history/HistoryService.ts +3 -2
- package/src/history/ensure-history-table.ts +5 -4
- package/src/schema/auth-schema.ts +1 -2
- package/src/schema/doctor-cli.ts +2 -1
- package/src/schema/doctor.ts +40 -37
- package/src/schema/generate-drizzle-schema-logic.ts +56 -18
- package/src/schema/generate-drizzle-schema.ts +11 -11
- package/src/schema/introspect-db-inference.ts +25 -25
- package/src/schema/introspect-db-logic.ts +38 -38
- package/src/schema/introspect-db.ts +28 -27
- package/src/services/BranchService.ts +14 -0
- package/src/services/EntityFetchService.ts +28 -25
- package/src/services/EntityPersistService.ts +19 -149
- package/src/services/RelationService.ts +57 -37
- package/src/services/entity-helpers.ts +6 -2
- package/src/services/realtimeService.ts +45 -32
- package/src/utils/drizzle-conditions.ts +31 -15
- package/src/utils/pg-array-null-patch.ts +42 -0
- package/src/utils/pg-error-utils.ts +211 -0
- package/src/websocket.ts +15 -12
- package/test/array-null-safety.test.ts +335 -0
- package/test/auth-services.test.ts +36 -19
- package/test/batch-many-to-many-regression.test.ts +119 -39
- package/test/data-transformer-hardening.test.ts +67 -33
- package/test/data-transformer.test.ts +57 -4
- package/test/doctor.test.ts +10 -5
- package/test/drizzle-conditions.test.ts +59 -6
- package/test/generate-drizzle-schema.test.ts +65 -40
- package/test/introspect-db-generation.test.ts +179 -81
- package/test/introspect-db-utils.test.ts +92 -37
- package/test/mocks/chalk.cjs +7 -0
- package/test/pg-array-null-patch.test.ts +65 -0
- package/test/pg-error-utils.test.ts +221 -0
- package/test/postgresDataDriver.test.ts +14 -5
- package/test/property-ordering.test.ts +126 -79
- package/test/realtimeService.test.ts +6 -2
- package/test/relation-pipeline-gaps.test.ts +84 -36
- package/test/relations.test.ts +247 -0
- package/test/unmapped-tables-safety.test.ts +14 -6
- package/test/websocket.test.ts +1 -1
- package/tsconfig.json +5 -0
- package/tsconfig.prod.json +3 -0
- package/vite.config.ts +12 -10
- package/dist/common/src/collections/CollectionRegistry.d.ts +0 -56
- package/dist/common/src/collections/default-collections.d.ts +0 -9
- package/dist/common/src/collections/index.d.ts +0 -2
- package/dist/common/src/data/buildRebaseData.d.ts +0 -14
- package/dist/common/src/data/query_builder.d.ts +0 -55
- package/dist/common/src/index.d.ts +0 -4
- package/dist/common/src/util/builders.d.ts +0 -57
- package/dist/common/src/util/callbacks.d.ts +0 -6
- package/dist/common/src/util/collections.d.ts +0 -11
- package/dist/common/src/util/common.d.ts +0 -2
- package/dist/common/src/util/conditions.d.ts +0 -26
- package/dist/common/src/util/entities.d.ts +0 -58
- package/dist/common/src/util/enums.d.ts +0 -3
- package/dist/common/src/util/index.d.ts +0 -16
- package/dist/common/src/util/navigation_from_path.d.ts +0 -34
- package/dist/common/src/util/navigation_utils.d.ts +0 -20
- package/dist/common/src/util/parent_references_from_path.d.ts +0 -6
- package/dist/common/src/util/paths.d.ts +0 -14
- package/dist/common/src/util/permissions.d.ts +0 -14
- package/dist/common/src/util/references.d.ts +0 -2
- package/dist/common/src/util/relations.d.ts +0 -22
- package/dist/common/src/util/resolutions.d.ts +0 -72
- package/dist/common/src/util/storage.d.ts +0 -24
- package/dist/index.umd.js +0 -11749
- package/dist/index.umd.js.map +0 -1
- package/dist/types/src/controllers/analytics_controller.d.ts +0 -7
- package/dist/types/src/controllers/auth.d.ts +0 -104
- package/dist/types/src/controllers/client.d.ts +0 -168
- package/dist/types/src/controllers/collection_registry.d.ts +0 -46
- package/dist/types/src/controllers/customization_controller.d.ts +0 -60
- package/dist/types/src/controllers/data.d.ts +0 -207
- package/dist/types/src/controllers/data_driver.d.ts +0 -218
- package/dist/types/src/controllers/database_admin.d.ts +0 -11
- package/dist/types/src/controllers/dialogs_controller.d.ts +0 -36
- package/dist/types/src/controllers/effective_role.d.ts +0 -4
- package/dist/types/src/controllers/email.d.ts +0 -36
- package/dist/types/src/controllers/index.d.ts +0 -18
- package/dist/types/src/controllers/local_config_persistence.d.ts +0 -20
- package/dist/types/src/controllers/navigation.d.ts +0 -225
- package/dist/types/src/controllers/registry.d.ts +0 -63
- package/dist/types/src/controllers/side_dialogs_controller.d.ts +0 -67
- package/dist/types/src/controllers/side_entity_controller.d.ts +0 -97
- package/dist/types/src/controllers/snackbar.d.ts +0 -24
- package/dist/types/src/controllers/storage.d.ts +0 -171
- package/dist/types/src/index.d.ts +0 -4
- package/dist/types/src/rebase_context.d.ts +0 -122
- package/dist/types/src/types/auth_adapter.d.ts +0 -301
- package/dist/types/src/types/backend.d.ts +0 -571
- package/dist/types/src/types/backend_hooks.d.ts +0 -172
- package/dist/types/src/types/builders.d.ts +0 -15
- package/dist/types/src/types/chips.d.ts +0 -5
- package/dist/types/src/types/collections.d.ts +0 -961
- package/dist/types/src/types/component_ref.d.ts +0 -47
- package/dist/types/src/types/cron.d.ts +0 -102
- package/dist/types/src/types/data_source.d.ts +0 -64
- package/dist/types/src/types/database_adapter.d.ts +0 -94
- package/dist/types/src/types/entities.d.ts +0 -145
- package/dist/types/src/types/entity_actions.d.ts +0 -104
- package/dist/types/src/types/entity_callbacks.d.ts +0 -173
- package/dist/types/src/types/entity_link_builder.d.ts +0 -7
- package/dist/types/src/types/entity_overrides.d.ts +0 -10
- package/dist/types/src/types/entity_views.d.ts +0 -87
- package/dist/types/src/types/export_import.d.ts +0 -21
- package/dist/types/src/types/formex.d.ts +0 -40
- package/dist/types/src/types/index.d.ts +0 -28
- package/dist/types/src/types/locales.d.ts +0 -4
- package/dist/types/src/types/modify_collections.d.ts +0 -5
- package/dist/types/src/types/plugins.d.ts +0 -282
- package/dist/types/src/types/properties.d.ts +0 -1173
- package/dist/types/src/types/property_config.d.ts +0 -74
- package/dist/types/src/types/relations.d.ts +0 -336
- package/dist/types/src/types/slots.d.ts +0 -262
- package/dist/types/src/types/translations.d.ts +0 -900
- package/dist/types/src/types/user_management_delegate.d.ts +0 -86
- package/dist/types/src/types/websockets.d.ts +0 -78
- package/dist/types/src/users/index.d.ts +0 -1
- package/dist/types/src/users/user.d.ts +0 -50
- /package/dist/{server-postgresql/src/auth → auth}/ensure-tables.d.ts +0 -0
- /package/dist/{server-postgresql/src/auth → auth}/services.d.ts +0 -0
- /package/dist/{server-postgresql/src/cli.d.ts → cli.d.ts} +0 -0
- /package/dist/{server-postgresql/src/connection.d.ts → connection.d.ts} +0 -0
- /package/dist/{server-postgresql/src/data-transformer.d.ts → data-transformer.d.ts} +0 -0
- /package/dist/{server-postgresql/src/databasePoolManager.d.ts → databasePoolManager.d.ts} +0 -0
- /package/dist/{server-postgresql/src/history → history}/HistoryService.d.ts +0 -0
- /package/dist/{server-postgresql/src/history → history}/ensure-history-table.d.ts +0 -0
- /package/dist/{server-postgresql/src/index.d.ts → index.d.ts} +0 -0
- /package/dist/{server-postgresql/src/interfaces.d.ts → interfaces.d.ts} +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/auth-schema.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/doctor-cli.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/doctor.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/generate-drizzle-schema-logic.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/generate-drizzle-schema.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/introspect-db-inference.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/introspect-db-logic.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/introspect-db.d.ts +0 -0
- /package/dist/{server-postgresql/src/schema → schema}/test-schema.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/BranchService.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/EntityFetchService.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/RelationService.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/entity-helpers.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/entityService.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/index.d.ts +0 -0
- /package/dist/{server-postgresql/src/services → services}/realtimeService.d.ts +0 -0
- /package/dist/{server-postgresql/src/types.d.ts → types.d.ts} +0 -0
- /package/dist/{server-postgresql/src/utils → utils}/drizzle-conditions.d.ts +0 -0
- /package/dist/{server-postgresql/src/websocket.d.ts → websocket.d.ts} +0 -0
|
@@ -1,301 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @module AuthAdapter
|
|
3
|
-
*
|
|
4
|
-
* Pluggable authentication abstraction for Rebase.
|
|
5
|
-
*
|
|
6
|
-
* An `AuthAdapter` decouples authentication from the database layer,
|
|
7
|
-
* allowing users to bring their own auth system (Clerk, Auth0, Firebase Auth,
|
|
8
|
-
* custom JWT, etc.) while keeping the Rebase admin frontend fully functional.
|
|
9
|
-
*
|
|
10
|
-
* @example Built-in auth (default — zero config change)
|
|
11
|
-
* ```ts
|
|
12
|
-
* initializeRebaseBackend({
|
|
13
|
-
* auth: { jwtSecret: "...", google: { clientId: "..." } },
|
|
14
|
-
* database: createPostgresAdapter({ ... }),
|
|
15
|
-
* });
|
|
16
|
-
* ```
|
|
17
|
-
*
|
|
18
|
-
* @example Custom auth
|
|
19
|
-
* ```ts
|
|
20
|
-
* import { createCustomAuthAdapter } from "@rebasepro/server-core";
|
|
21
|
-
*
|
|
22
|
-
* initializeRebaseBackend({
|
|
23
|
-
* auth: createCustomAuthAdapter({
|
|
24
|
-
* verifyRequest: async (req) => { ... },
|
|
25
|
-
* }),
|
|
26
|
-
* database: createPostgresAdapter({ ... }),
|
|
27
|
-
* });
|
|
28
|
-
* ```
|
|
29
|
-
*
|
|
30
|
-
* @group Auth
|
|
31
|
-
*/
|
|
32
|
-
import type { Hono } from "hono";
|
|
33
|
-
/**
|
|
34
|
-
* The normalized user object returned by `AuthAdapter.verifyRequest()`.
|
|
35
|
-
*
|
|
36
|
-
* Regardless of the auth provider, every request is resolved to this shape
|
|
37
|
-
* so that downstream middleware (RLS scoping, route guards) can work uniformly.
|
|
38
|
-
*
|
|
39
|
-
* @group Auth
|
|
40
|
-
*/
|
|
41
|
-
export interface AuthenticatedUser {
|
|
42
|
-
/** Unique user identifier (provider-specific). */
|
|
43
|
-
uid: string;
|
|
44
|
-
/** Primary email address. */
|
|
45
|
-
email: string;
|
|
46
|
-
/** Human-readable display name. */
|
|
47
|
-
displayName?: string | null;
|
|
48
|
-
/** Avatar URL. */
|
|
49
|
-
photoUrl?: string | null;
|
|
50
|
-
/** Role identifiers the user holds. */
|
|
51
|
-
roles: string[];
|
|
52
|
-
/** Whether the user has admin privileges. */
|
|
53
|
-
isAdmin: boolean;
|
|
54
|
-
/** Raw bearer token from the request (for forwarding). */
|
|
55
|
-
rawToken?: string;
|
|
56
|
-
/** Extra claims/metadata from the auth provider. */
|
|
57
|
-
claims?: Record<string, unknown>;
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Feature flags advertised by an auth adapter.
|
|
61
|
-
*
|
|
62
|
-
* The frontend reads these from `GET /api/auth/config` to dynamically
|
|
63
|
-
* show/hide UI elements (login form, registration, password reset, etc.).
|
|
64
|
-
*
|
|
65
|
-
* @group Auth
|
|
66
|
-
*/
|
|
67
|
-
export interface AuthAdapterCapabilities {
|
|
68
|
-
/**
|
|
69
|
-
* Whether this adapter mounts its own `/auth/*` routes.
|
|
70
|
-
*
|
|
71
|
-
* - `true` for the built-in Rebase auth (login, register, refresh, etc.)
|
|
72
|
-
* - `false` for external providers like Clerk or Auth0 that handle
|
|
73
|
-
* auth flows outside of the Rebase backend.
|
|
74
|
-
*/
|
|
75
|
-
hasBuiltInAuthRoutes: boolean;
|
|
76
|
-
/** Supports email/password login. */
|
|
77
|
-
emailPasswordLogin: boolean;
|
|
78
|
-
/** Supports new user registration. */
|
|
79
|
-
registration: boolean;
|
|
80
|
-
/** Supports password reset flow. */
|
|
81
|
-
passwordReset: boolean;
|
|
82
|
-
/** Supports session listing/revocation. */
|
|
83
|
-
sessionManagement: boolean;
|
|
84
|
-
/** Supports profile updates (display name, photo). */
|
|
85
|
-
profileUpdate: boolean;
|
|
86
|
-
/** Supports email verification. */
|
|
87
|
-
emailVerification: boolean;
|
|
88
|
-
/** List of enabled OAuth provider IDs (e.g. `["google", "github"]`). */
|
|
89
|
-
enabledProviders: string[];
|
|
90
|
-
/**
|
|
91
|
-
* For external auth (Clerk, Auth0, etc.): the URL where the user should
|
|
92
|
-
* be redirected for login. The Rebase frontend will navigate here instead
|
|
93
|
-
* of showing its own login form.
|
|
94
|
-
*/
|
|
95
|
-
externalLoginUrl?: string;
|
|
96
|
-
/**
|
|
97
|
-
* True when no users exist yet — first-user bootstrap mode.
|
|
98
|
-
* Only applicable for built-in auth.
|
|
99
|
-
*/
|
|
100
|
-
needsSetup?: boolean;
|
|
101
|
-
/** Whether new user registration is enabled (may differ from `registration` capability at runtime). */
|
|
102
|
-
registrationEnabled?: boolean;
|
|
103
|
-
}
|
|
104
|
-
/**
|
|
105
|
-
* Options for paginated user listing.
|
|
106
|
-
* @group Auth
|
|
107
|
-
*/
|
|
108
|
-
export interface AuthUserListOptions {
|
|
109
|
-
limit?: number;
|
|
110
|
-
offset?: number;
|
|
111
|
-
search?: string;
|
|
112
|
-
orderBy?: string;
|
|
113
|
-
orderDir?: "asc" | "desc";
|
|
114
|
-
roleId?: string;
|
|
115
|
-
}
|
|
116
|
-
/**
|
|
117
|
-
* Paginated user listing result.
|
|
118
|
-
* @group Auth
|
|
119
|
-
*/
|
|
120
|
-
export interface AuthUserListResult {
|
|
121
|
-
users: AuthUserData[];
|
|
122
|
-
total: number;
|
|
123
|
-
limit: number;
|
|
124
|
-
offset: number;
|
|
125
|
-
}
|
|
126
|
-
/**
|
|
127
|
-
* User data exposed by the auth adapter.
|
|
128
|
-
* @group Auth
|
|
129
|
-
*/
|
|
130
|
-
export interface AuthUserData {
|
|
131
|
-
id: string;
|
|
132
|
-
email: string;
|
|
133
|
-
displayName?: string | null;
|
|
134
|
-
photoUrl?: string | null;
|
|
135
|
-
emailVerified?: boolean;
|
|
136
|
-
metadata?: Record<string, unknown>;
|
|
137
|
-
createdAt?: Date;
|
|
138
|
-
updatedAt?: Date;
|
|
139
|
-
}
|
|
140
|
-
/**
|
|
141
|
-
* Data for creating a user.
|
|
142
|
-
* @group Auth
|
|
143
|
-
*/
|
|
144
|
-
export interface AuthCreateUserData {
|
|
145
|
-
email: string;
|
|
146
|
-
password?: string;
|
|
147
|
-
displayName?: string;
|
|
148
|
-
photoUrl?: string;
|
|
149
|
-
metadata?: Record<string, unknown>;
|
|
150
|
-
}
|
|
151
|
-
/**
|
|
152
|
-
* User management operations for the admin panel.
|
|
153
|
-
*
|
|
154
|
-
* Optional — if not provided by the adapter, the user management UI is hidden.
|
|
155
|
-
*
|
|
156
|
-
* @group Auth
|
|
157
|
-
*/
|
|
158
|
-
export interface UserManagementAdapter {
|
|
159
|
-
listUsers(options?: AuthUserListOptions): Promise<AuthUserListResult>;
|
|
160
|
-
getUserById(id: string): Promise<AuthUserData | null>;
|
|
161
|
-
createUser(data: AuthCreateUserData): Promise<AuthUserData>;
|
|
162
|
-
updateUser(id: string, data: Partial<AuthCreateUserData>): Promise<AuthUserData | null>;
|
|
163
|
-
deleteUser(id: string): Promise<void>;
|
|
164
|
-
getUserRoles(userId: string): Promise<string[]>;
|
|
165
|
-
setUserRoles(userId: string, roleIds: string[]): Promise<void>;
|
|
166
|
-
}
|
|
167
|
-
/**
|
|
168
|
-
* Pluggable authentication adapter for Rebase.
|
|
169
|
-
*
|
|
170
|
-
* This is the **key interface** that decouples authentication from the
|
|
171
|
-
* database layer. Each auth adapter knows how to:
|
|
172
|
-
*
|
|
173
|
-
* 1. Verify incoming HTTP requests (`verifyRequest`)
|
|
174
|
-
* 2. Optionally manage users (for the admin panel)
|
|
175
|
-
* 3. Optionally mount auth-specific routes (login, register, etc.)
|
|
176
|
-
* 4. Advertise its capabilities so the frontend can adapt
|
|
177
|
-
*
|
|
178
|
-
* The built-in Rebase auth implements this interface internally.
|
|
179
|
-
* External providers (Clerk, Auth0, Firebase Auth) provide their own adapters.
|
|
180
|
-
* Users with custom auth can use `createCustomAuthAdapter()` for a minimal setup.
|
|
181
|
-
*
|
|
182
|
-
* @group Auth
|
|
183
|
-
*/
|
|
184
|
-
export interface AuthAdapter {
|
|
185
|
-
/**
|
|
186
|
-
* Unique identifier for this auth adapter.
|
|
187
|
-
*
|
|
188
|
-
* @example "rebase-builtin", "clerk", "auth0", "firebase", "custom"
|
|
189
|
-
*/
|
|
190
|
-
readonly id: string;
|
|
191
|
-
/**
|
|
192
|
-
* Verify an incoming request and extract the authenticated user.
|
|
193
|
-
*
|
|
194
|
-
* This replaces the hardcoded JWT verification in server-core's middleware.
|
|
195
|
-
* Each adapter implements its own token verification strategy:
|
|
196
|
-
* - Built-in: verify Rebase JWT
|
|
197
|
-
* - Clerk: call Clerk's `verifyToken()`
|
|
198
|
-
* - Auth0: validate Auth0 JWT with JWKS
|
|
199
|
-
* - Custom: whatever logic the user provides
|
|
200
|
-
*
|
|
201
|
-
* @param request - The raw `Request` object (portable across Hono, Express, Fastify)
|
|
202
|
-
* @returns The authenticated user, or `null` for unauthenticated requests.
|
|
203
|
-
* Throw an error to reject the request with 401.
|
|
204
|
-
*/
|
|
205
|
-
verifyRequest(request: Request): Promise<AuthenticatedUser | null>;
|
|
206
|
-
/**
|
|
207
|
-
* Verify a raw bearer token and extract the authenticated user.
|
|
208
|
-
*
|
|
209
|
-
* Used for **WebSocket authentication**, where there is no HTTP `Request`
|
|
210
|
-
* object — only a token string sent over the socket.
|
|
211
|
-
*
|
|
212
|
-
* If not implemented, the default behavior synthesizes a minimal `Request`
|
|
213
|
-
* with an `Authorization: Bearer <token>` header and delegates to
|
|
214
|
-
* `verifyRequest()`. Adapters should override this if their token
|
|
215
|
-
* verification logic doesn't depend on request headers/cookies.
|
|
216
|
-
*
|
|
217
|
-
* @param token - The raw bearer token string.
|
|
218
|
-
* @returns The authenticated user, or `null` if the token is invalid.
|
|
219
|
-
*/
|
|
220
|
-
verifyToken?(token: string): Promise<AuthenticatedUser | null>;
|
|
221
|
-
/**
|
|
222
|
-
* User CRUD for the admin panel's user management UI.
|
|
223
|
-
* Optional — if not provided, user management UI is hidden.
|
|
224
|
-
*/
|
|
225
|
-
userManagement?: UserManagementAdapter;
|
|
226
|
-
/**
|
|
227
|
-
* Mount adapter-specific auth routes (login, register, refresh, etc.).
|
|
228
|
-
*
|
|
229
|
-
* - Built-in adapter: mounts `/auth/login`, `/auth/register`, etc.
|
|
230
|
-
* - External adapter: typically returns `undefined` (auth is handled externally).
|
|
231
|
-
* - Custom adapter: user mounts their own routes.
|
|
232
|
-
*
|
|
233
|
-
* The return type uses `Hono<any, any, any>` because this sub-app will be
|
|
234
|
-
* mounted into a parent app via `.route()`, which accepts any Hono env type.
|
|
235
|
-
* Adapter implementations are free to use their own env (e.g. `Hono<HonoEnv>`).
|
|
236
|
-
*
|
|
237
|
-
* @returns A Hono sub-app with auth routes, or `undefined` to skip route mounting.
|
|
238
|
-
*/
|
|
239
|
-
createAuthRoutes?(): Hono<any, any, any> | undefined;
|
|
240
|
-
/**
|
|
241
|
-
* Mount admin routes for user management.
|
|
242
|
-
*
|
|
243
|
-
* Same typing rationale as `createAuthRoutes` — the sub-app env is
|
|
244
|
-
* unconstrained to support arbitrary adapter implementations.
|
|
245
|
-
*
|
|
246
|
-
* @returns A Hono sub-app with admin routes, or `undefined` to skip.
|
|
247
|
-
*/
|
|
248
|
-
createAdminRoutes?(): Hono<any, any, any> | undefined;
|
|
249
|
-
/**
|
|
250
|
-
* Advertise what this auth adapter supports.
|
|
251
|
-
*
|
|
252
|
-
* The frontend reads this from `GET /api/auth/config` to dynamically
|
|
253
|
-
* show/hide UI elements. This is the bridge between backend capabilities
|
|
254
|
-
* and the frontend's `AuthCapabilities` type.
|
|
255
|
-
*/
|
|
256
|
-
getCapabilities(): AuthAdapterCapabilities | Promise<AuthAdapterCapabilities>;
|
|
257
|
-
/**
|
|
258
|
-
* Called during backend initialization.
|
|
259
|
-
* Use for running migrations, creating tables, seeding initial data, etc.
|
|
260
|
-
*/
|
|
261
|
-
initialize?(): Promise<void>;
|
|
262
|
-
/**
|
|
263
|
-
* Called during graceful shutdown.
|
|
264
|
-
* Use for closing connections, flushing caches, etc.
|
|
265
|
-
*/
|
|
266
|
-
destroy?(): Promise<void>;
|
|
267
|
-
/**
|
|
268
|
-
* A static secret key for server-to-server / script authentication.
|
|
269
|
-
*
|
|
270
|
-
* When set, requests with `Authorization: Bearer <serviceKey>` bypass
|
|
271
|
-
* normal token verification and are granted admin-level access.
|
|
272
|
-
*/
|
|
273
|
-
serviceKey?: string;
|
|
274
|
-
}
|
|
275
|
-
/**
|
|
276
|
-
* Options for creating a minimal custom auth adapter via `createCustomAuthAdapter()`.
|
|
277
|
-
*
|
|
278
|
-
* This is the simplest way to plug an existing auth system into Rebase.
|
|
279
|
-
* Only `verifyRequest` is required — everything else is optional.
|
|
280
|
-
*
|
|
281
|
-
* @group Auth
|
|
282
|
-
*/
|
|
283
|
-
export interface CustomAuthAdapterOptions {
|
|
284
|
-
/**
|
|
285
|
-
* Verify an incoming request and return the authenticated user.
|
|
286
|
-
* This is the only required method.
|
|
287
|
-
*/
|
|
288
|
-
verifyRequest: (request: Request) => Promise<AuthenticatedUser | null>;
|
|
289
|
-
/**
|
|
290
|
-
* Verify a raw bearer token for WebSocket authentication.
|
|
291
|
-
* Optional — if omitted, a synthetic `Request` is constructed and passed
|
|
292
|
-
* to `verifyRequest`.
|
|
293
|
-
*/
|
|
294
|
-
verifyToken?: (token: string) => Promise<AuthenticatedUser | null>;
|
|
295
|
-
/** Optional user management for the admin panel. */
|
|
296
|
-
userManagement?: UserManagementAdapter;
|
|
297
|
-
/** Static service key for server-to-server auth. */
|
|
298
|
-
serviceKey?: string;
|
|
299
|
-
/** Override default capabilities. */
|
|
300
|
-
capabilities?: Partial<AuthAdapterCapabilities>;
|
|
301
|
-
}
|