@rnaga/wp-node 1.2.13 → 1.3.2

package/common/index.d.ts

@@ -8,4 +8,6 @@ export * from "./validating";
 export * from "./config";
 export * as hierarchy from "./hierarchy";
 export * from "./define-hooks";
+export * from "./uuid";
+export * from "./sodium";
 //# sourceMappingURL=index.d.ts.map

package/common/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,QAAQ,CAAC;AACvB,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,cAAc,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/common/index.ts"],"names":[],"mappings":"AAAA,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,iBAAiB,CAAC;AAChC,cAAc,QAAQ,CAAC;AACvB,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,UAAU,CAAC;AACzB,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,QAAQ,CAAC;AACvB,cAAc,UAAU,CAAC"}

package/common/index.js

@@ -47,3 +47,5 @@ __exportStar(require("./validating"), exports);
 __exportStar(require("./config"), exports);
 exports.hierarchy = __importStar(require("./hierarchy"));
 __exportStar(require("./define-hooks"), exports);
+__exportStar(require("./uuid"), exports);
+__exportStar(require("./sodium"), exports);

package/common/password.d.ts

@@ -1,4 +1,7 @@
 export declare const hashPassword: (plainText: string) => string;
 export declare const checkPassword: (plainText: string, storedHash: string) => boolean;
+export declare const cleanupPasswordHash: (hash: string) => string;
+export declare const fastHash: (message: string) => string;
+export declare const verifyFastHash: (message: string, hash: string) => boolean;
 export declare const generatePassword: (length?: number, specialChars?: boolean, extraSpecialChars?: boolean) => string;
 //# sourceMappingURL=password.d.ts.map

package/common/password.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/common/password.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,YAAY,GAAI,WAAW,MAAM,WAG7C,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,WAAW,MAAM,EAAE,YAAY,MAAM,YAGlE,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAC3B,SAAQ,MAAW,EACnB,eAAc,OAAc,EAC5B,oBAAmB,OAAe,KACjC,MAmBF,CAAC"}
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/common/password.ts"],"names":[],"mappings":"AAQA,eAAO,MAAM,YAAY,GAAI,WAAW,MAAM,WAG7C,CAAC;AAEF,eAAO,MAAM,aAAa,GAAI,WAAW,MAAM,EAAE,YAAY,MAAM,YAGlE,CAAC;AAEF,eAAO,MAAM,mBAAmB,GAAI,MAAM,MAAM,WAG/C,CAAC;AAGF,eAAO,MAAM,QAAQ,GAAI,SAAS,MAAM,KAAG,MAM1C,CAAC;AAGF,eAAO,MAAM,cAAc,GAAI,SAAS,MAAM,EAAE,MAAM,MAAM,KAAG,OAQ9D,CAAC;AAEF,eAAO,MAAM,gBAAgB,GAC3B,SAAQ,MAAW,EACnB,eAAc,OAAc,EAC5B,oBAAmB,OAAe,KACjC,MAmBF,CAAC"}

package/common/password.js

@@ -36,9 +36,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generatePassword = exports.checkPassword = exports.hashPassword = void 0;
+exports.generatePassword = exports.verifyFastHash = exports.fastHash = exports.cleanupPasswordHash = exports.checkPassword = exports.hashPassword = void 0;
 const crypto = __importStar(require("crypto"));
 const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const sodium_1 = require("./sodium");
 const hashPassword = (plainText) => {
     const passwordHash = new PasswordHash(8, true);
     return passwordHash.hashPassword(plainText);
@@ -49,6 +50,27 @@ const checkPassword = (plainText, storedHash) => {
     return passwordHash.checkPassword(plainText, storedHash);
 };
 exports.checkPassword = checkPassword;
+const cleanupPasswordHash = (hash) => {
+    // Execute preg_replace( '/[^[a-z\d]i/', '', $hash );
+    return hash.replace(/[^a-z\d]/gi, "");
+};
+exports.cleanupPasswordHash = cleanupPasswordHash;
+// wp_fast_hash
+const fastHash = (message) => {
+    const hashed = (0, sodium_1.sodiumCryptoGenerichash)(message, "wp_fast_hash_6.8+", 30);
+    return ("$generic$" +
+        (0, sodium_1.sodiumBin2Base64)(hashed, sodium_1.SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING));
+};
+exports.fastHash = fastHash;
+// wp_verify_fast_hash
+const verifyFastHash = (message, hash) => {
+    if (!hash.startsWith("$generic$")) {
+        return new PasswordHash(8, true).checkPassword(message, hash);
+    }
+    const generatedHash = (0, exports.fastHash)(message);
+    return hash === generatedHash;
+};
+exports.verifyFastHash = verifyFastHash;
 const generatePassword = (length = 12, specialChars = true, extraSpecialChars = false) => {
     let chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
     if (specialChars) {

package/common/sodium.d.ts

@@ -0,0 +1,40 @@
+declare const SODIUM_BASE64_VARIANT_ORIGINAL = 1;
+declare const SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING = 3;
+declare const SODIUM_BASE64_VARIANT_URLSAFE = 5;
+declare const SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING = 7;
+export { SODIUM_BASE64_VARIANT_ORIGINAL, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, SODIUM_BASE64_VARIANT_URLSAFE, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING, };
+/**
+ * TypeScript equivalent of PHP's sodium_crypto_generichash()
+ *
+ * @param message - The message to hash
+ * @param key - Optional key for keyed hashing
+ * @param length - Output length in bytes (default: 32, min: 16, max: 64)
+ * @returns Buffer containing the hash
+ */
+export declare const sodiumCryptoGenerichash: (message: string | Buffer, key?: string | Buffer | null, length?: number) => Buffer;
+/**
+ * TypeScript equivalent of PHP's sodium_bin2base64()
+ * Encodes binary data to base64
+ *
+ * @param data - Binary data to encode
+ * @param variant - Base64 variant (SODIUM_BASE64_VARIANT_ORIGINAL, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, SODIUM_BASE64_VARIANT_URLSAFE, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING)
+ * @returns Base64 encoded string
+ */
+export declare const sodiumBin2Base64: (data: string | Buffer, variant?: number) => string;
+/**
+ * Convert base64 string back to binary data
+ * @param base64 - Base64 encoded string
+ * @param variant - Base64 variant that was used for encoding
+ * @returns Buffer containing the decoded binary data
+ */
+export declare const sodiumBase642bin: (base64: string, variant?: number) => Buffer;
+/**
+ * TypeScript equivalent of PHP's hash_equals()
+ * Timing-safe string comparison to prevent timing attacks
+ *
+ * @param known - Known string (expected value)
+ * @param user - User-provided string to compare
+ * @returns true if strings are equal, false otherwise
+ */
+export declare const hashEquals: (known: string, user: string) => boolean;
+//# sourceMappingURL=sodium.d.ts.map

package/common/sodium.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sodium.d.ts","sourceRoot":"","sources":["../../src/common/sodium.ts"],"names":[],"mappings":"AAIA,QAAA,MAAM,8BAA8B,IAAI,CAAC;AACzC,QAAA,MAAM,yCAAyC,IAAI,CAAC;AACpD,QAAA,MAAM,6BAA6B,IAAI,CAAC;AACxC,QAAA,MAAM,wCAAwC,IAAI,CAAC;AAEnD,OAAO,EACL,8BAA8B,EAC9B,yCAAyC,EACzC,6BAA6B,EAC7B,wCAAwC,GACzC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,GAClC,SAAS,MAAM,GAAG,MAAM,EACxB,MAAM,MAAM,GAAG,MAAM,GAAG,IAAI,EAC5B,SAAQ,MAAW,KAClB,MA2BF,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,gBAAgB,GAC3B,MAAM,MAAM,GAAG,MAAM,EACrB,UAAS,MAAuC,KAC/C,MA0BF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAC3B,QAAQ,MAAM,EACd,UAAS,MAAuC,KAC/C,MAqCF,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,UAAU,GAAI,OAAO,MAAM,EAAE,MAAM,MAAM,KAAG,OAYxD,CAAC"}

package/common/sodium.js

@@ -0,0 +1,172 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashEquals = exports.sodiumBase642bin = exports.sodiumBin2Base64 = exports.sodiumCryptoGenerichash = exports.SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING = exports.SODIUM_BASE64_VARIANT_URLSAFE = exports.SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING = exports.SODIUM_BASE64_VARIANT_ORIGINAL = void 0;
+const crypto = __importStar(require("crypto"));
+const sodium = __importStar(require("sodium-native"));
+// Constants for base64 variants (matching PHP sodium constants)
+const SODIUM_BASE64_VARIANT_ORIGINAL = 1;
+exports.SODIUM_BASE64_VARIANT_ORIGINAL = SODIUM_BASE64_VARIANT_ORIGINAL;
+const SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING = 3;
+exports.SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING = SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING;
+const SODIUM_BASE64_VARIANT_URLSAFE = 5;
+exports.SODIUM_BASE64_VARIANT_URLSAFE = SODIUM_BASE64_VARIANT_URLSAFE;
+const SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING = 7;
+exports.SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING = SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING;
+/**
+ * TypeScript equivalent of PHP's sodium_crypto_generichash()
+ *
+ * @param message - The message to hash
+ * @param key - Optional key for keyed hashing
+ * @param length - Output length in bytes (default: 32, min: 16, max: 64)
+ * @returns Buffer containing the hash
+ */
+const sodiumCryptoGenerichash = (message, key, length = 32) => {
+    // Convert string inputs to Buffer
+    const messageBuffer = Buffer.isBuffer(message)
+        ? message
+        : Buffer.from(message, "utf8");
+    const keyBuffer = key
+        ? Buffer.isBuffer(key)
+            ? key
+            : Buffer.from(key, "utf8")
+        : null;
+    // Validate length parameter
+    if (length < 16 || length > 64) {
+        throw new Error("Hash length must be between 16 and 64 bytes");
+    }
+    // Create output buffer
+    const output = Buffer.alloc(length);
+    // Compute hash using sodium-native
+    if (keyBuffer) {
+        sodium.crypto_generichash(output, messageBuffer, keyBuffer);
+    }
+    else {
+        sodium.crypto_generichash(output, messageBuffer);
+    }
+    return output;
+};
+exports.sodiumCryptoGenerichash = sodiumCryptoGenerichash;
+/**
+ * TypeScript equivalent of PHP's sodium_bin2base64()
+ * Encodes binary data to base64
+ *
+ * @param data - Binary data to encode
+ * @param variant - Base64 variant (SODIUM_BASE64_VARIANT_ORIGINAL, SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING, SODIUM_BASE64_VARIANT_URLSAFE, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING)
+ * @returns Base64 encoded string
+ */
+const sodiumBin2Base64 = (data, variant = SODIUM_BASE64_VARIANT_ORIGINAL) => {
+    const dataBuffer = Buffer.isBuffer(data) ? data : Buffer.from(data, "binary");
+    switch (variant) {
+        case SODIUM_BASE64_VARIANT_ORIGINAL:
+            return dataBuffer.toString("base64");
+        case SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING:
+            return dataBuffer.toString("base64").replace(/=/g, "");
+        case SODIUM_BASE64_VARIANT_URLSAFE:
+            return dataBuffer
+                .toString("base64")
+                .replace(/\+/g, "-")
+                .replace(/\//g, "_");
+        case SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING:
+            return dataBuffer
+                .toString("base64")
+                .replace(/\+/g, "-")
+                .replace(/\//g, "_")
+                .replace(/=/g, "");
+        default:
+            throw new Error("Invalid base64 variant");
+    }
+};
+exports.sodiumBin2Base64 = sodiumBin2Base64;
+/**
+ * Convert base64 string back to binary data
+ * @param base64 - Base64 encoded string
+ * @param variant - Base64 variant that was used for encoding
+ * @returns Buffer containing the decoded binary data
+ */
+const sodiumBase642bin = (base64, variant = SODIUM_BASE64_VARIANT_ORIGINAL) => {
+    let normalizedBase64 = base64;
+    switch (variant) {
+        case SODIUM_BASE64_VARIANT_ORIGINAL:
+            // Standard base64 with padding (default)
+            break;
+        case SODIUM_BASE64_VARIANT_ORIGINAL_NO_PADDING:
+            // Standard base64 without padding - add padding back
+            while (normalizedBase64.length % 4 !== 0) {
+                normalizedBase64 += "=";
+            }
+            break;
+        case SODIUM_BASE64_VARIANT_URLSAFE:
+            // URL-safe base64 with padding - convert back to standard
+            normalizedBase64 = normalizedBase64.replace(/-/g, "+").replace(/_/g, "/");
+            break;
+        case SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING:
+            // URL-safe base64 without padding - convert and add padding
+            normalizedBase64 = normalizedBase64.replace(/-/g, "+").replace(/_/g, "/");
+            while (normalizedBase64.length % 4 !== 0) {
+                normalizedBase64 += "=";
+            }
+            break;
+        default:
+            throw new Error(`Invalid base64 variant: ${variant}`);
+    }
+    try {
+        return Buffer.from(normalizedBase64, "base64");
+    }
+    catch (error) {
+        throw new Error("Invalid base64 string");
+    }
+};
+exports.sodiumBase642bin = sodiumBase642bin;
+/**
+ * TypeScript equivalent of PHP's hash_equals()
+ * Timing-safe string comparison to prevent timing attacks
+ *
+ * @param known - Known string (expected value)
+ * @param user - User-provided string to compare
+ * @returns true if strings are equal, false otherwise
+ */
+const hashEquals = (known, user) => {
+    // Convert to buffers for consistent comparison
+    const knownBuffer = Buffer.from(known, "utf8");
+    const userBuffer = Buffer.from(user, "utf8");
+    // Use Node.js crypto.timingSafeEqual for constant-time comparison
+    // First check if lengths are equal (this itself is constant time for same-length inputs)
+    if (knownBuffer.length !== userBuffer.length) {
+        return false;
+    }
+    return crypto.timingSafeEqual(knownBuffer, userBuffer);
+};
+exports.hashEquals = hashEquals;

package/common/uuid.d.ts

@@ -0,0 +1,2 @@
+export declare const uuid4: () => string;
+//# sourceMappingURL=uuid.d.ts.map

package/common/uuid.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"uuid.d.ts","sourceRoot":"","sources":["../../src/common/uuid.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,KAAK,cAMjB,CAAC"}

package/common/uuid.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.uuid4 = void 0;
+const uuid4 = () => {
+    return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, (c) => {
+        const r = (Math.random() * 16) | 0;
+        const v = c === "x" ? r : (r & 0x3) | 0x8;
+        return v.toString(16);
+    });
+};
+exports.uuid4 = uuid4;

package/config.d.ts

@@ -21,6 +21,7 @@ export declare class Config {
             WP_POST_REVISIONS: number;
             WP_LOG_LEVEL: "debug" | "info" | "warn" | "error";
         };
+        useApplicationPasswords: boolean;
         extensions: {
             misc: string[];
             audio: string[];

package/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,KAAK,KAAK,MAAM,SAAS,CAAC;AAGtC,qBACa,MAAM;;gBAGL,MAAM,EAAE,KAAK,CAAC,MAAM;IAIhC,WAAW;IAIX,KAAK;IAKL,kBAAkB;IAOlB,IAAI,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAET;IAED,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC;CAG5C"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,KAAK,KAAK,MAAM,SAAS,CAAC;AAGtC,qBACa,MAAM;;gBAGL,MAAM,EAAE,KAAK,CAAC,MAAM;IAIhC,WAAW;IAIX,KAAK;IAKL,kBAAkB;IAOlB,IAAI,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAET;IAED,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC;CAG5C"}

package/core/utils/application-passwords.util.d.ts

@@ -0,0 +1,53 @@
+import { Config } from "../../config";
+import { applicationPassword } from "../../validators/application-password";
+import { Components } from "../components";
+import { z } from "zod";
+type ApplicationPassword = z.infer<typeof applicationPassword>;
+export declare class ApplicationPasswordsUtil {
+    private config;
+    private components;
+    constructor(config: Config, components: Components);
+    getMetaKey(): string;
+    getOptionsKey(): string;
+    isAvailable(checkSsl?: boolean): boolean;
+    isInUse(): Promise<boolean>;
+    createNewPassword(userId: number, options: {
+        name: string;
+        app_id?: string;
+    }): Promise<{
+        password: string;
+        item: {
+            uuid: string;
+            app_id: string;
+            name: string;
+            password: string;
+            created: number;
+            last_used: number | null;
+            last_ip: string | null;
+        };
+    }>;
+    recordPasswordUsage(userId: number, uuid: string, options: {
+        ip?: string | null;
+    }): Promise<boolean>;
+    updatePasswordName(userId: number, uuid: string, newName: string): Promise<boolean>;
+    deletePassword(userId: number, uuid: string): Promise<boolean>;
+    deleteAllPasswords(userId: number): Promise<boolean>;
+    private parsePasswords;
+    getUserPasswords(userId: number): Promise<{
+        uuid: string;
+        app_id: string;
+        name: string;
+        password: string;
+        created: number;
+        last_used: number | null;
+        last_ip: string | null;
+    }[]>;
+    getUserPasswordByUuid(userId: number, uuid: string): Promise<ApplicationPassword | null>;
+    setUserPasswords(userId: number, passwords: ApplicationPassword[]): Promise<boolean>;
+    chunkPassword(password: string): string;
+    authenticate(userIdOrName: number | string, rawPassword: string, options?: {
+        ip?: string;
+    }): Promise<import("../user").User | undefined>;
+}
+export {};
+//# sourceMappingURL=application-passwords.util.d.ts.map

package/core/utils/application-passwords.util.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"application-passwords.util.d.ts","sourceRoot":"","sources":["../../../src/core/utils/application-passwords.util.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAGtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uCAAuC,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAI3C,OAAO,EAAS,CAAC,EAAE,MAAM,KAAK,CAAC;AAO/B,KAAK,mBAAmB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAE/D,qBACa,wBAAwB;IACvB,OAAO,CAAC,MAAM;IAAU,OAAO,CAAC,UAAU;gBAAlC,MAAM,EAAE,MAAM,EAAU,UAAU,EAAE,UAAU;IAElE,UAAU;IAIV,aAAa;IAIb,WAAW,CAAC,QAAQ,GAAE,OAAc;IAO9B,OAAO;IAiBP,iBAAiB,CACrB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;;;;;;;;;;;;IA0CG,mBAAmB,CACvB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE;QAAE,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE;IA2B3B,kBAAkB,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAoBhE,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM;IAQ3C,kBAAkB,CAAC,MAAM,EAAE,MAAM;IAIvC,OAAO,CAAC,cAAc;IAKhB,gBAAgB,CAAC,MAAM,EAAE,MAAM;;;;;;;;;IAe/B,qBAAqB,CACzB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAUhC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,mBAAmB,EAAE;IASvE,aAAa,CAAC,QAAQ,EAAE,MAAM;IAcxB,YAAY,CAChB,YAAY,EAAE,MAAM,GAAG,MAAM,EAC7B,WAAW,EAAE,MAAM,EACnB,OAAO,CAAC,EAAE;QACR,EAAE,CAAC,EAAE,MAAM,CAAC;KACb;CAmCJ"}

package/core/utils/application-passwords.util.js

@@ -0,0 +1,206 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApplicationPasswordsUtil = void 0;
+const common_1 = require("../../common");
+const config_1 = require("../../config");
+const component_1 = require("../../decorators/component");
+const transactions_1 = require("../../transactions");
+const application_password_1 = require("../../validators/application-password");
+const components_1 = require("../components");
+const options_1 = require("../options");
+const meta_util_1 = require("./meta.util");
+const site_util_1 = require("./site.util");
+const zod_1 = require("zod");
+const user_util_1 = require("./user.util");
+// Application Passwords should be 24 characters long.
+// https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/#application-passwords
+const PW_LENGTH = 24;
+let ApplicationPasswordsUtil = class ApplicationPasswordsUtil {
+    config;
+    components;
+    constructor(config, components) {
+        this.config = config;
+        this.components = components;
+    }
+    getMetaKey() {
+        return "_application_passwords";
+    }
+    getOptionsKey() {
+        return "using_application_passwords";
+    }
+    isAvailable(checkSsl = true) {
+        return (this.config.config.useApplicationPasswords === true &&
+            (checkSsl === false || this.config.isSsl() === true));
+    }
+    async isInUse() {
+        const options = this.components.get(options_1.Options);
+        const siteUtil = this.components.get(site_util_1.SiteUtil);
+        const mainSiteId = await siteUtil.getMainSiteId();
+        const using = !this.config.isMultiSite()
+            ? await options.get(this.getOptionsKey())
+            : await options.get(this.getOptionsKey(), { siteId: mainSiteId });
+        return (using === "1" ||
+            parseInt(`${using}`) === 1 ||
+            Boolean(`${using}`) === true);
+    }
+    // create_new_application_password
+    async createNewPassword(userId, options) {
+        const name = zod_1.z.string().min(2).max(100).parse(options.name);
+        const newPassword = (0, common_1.generatePassword)(PW_LENGTH, false);
+        const hashedPassword = (0, common_1.fastHash)(newPassword);
+        const newItem = {
+            uuid: (0, common_1.uuid4)(),
+            app_id: options.app_id || "",
+            name,
+            password: hashedPassword,
+            created: Math.floor(Date.now() / 1000),
+            last_used: null,
+            last_ip: null,
+        };
+        // Set Option Key
+        if (this.config.isMultiSite()) {
+            const siteId = await this.components.get(site_util_1.SiteUtil).getMainSiteId();
+            const metaTrx = this.components.get(transactions_1.MetaTrx);
+            await metaTrx.upsert("site", siteId, this.getOptionsKey(), "1");
+        }
+        else {
+            const optionsTrx = this.components.get(transactions_1.OptionsTrx);
+            await optionsTrx.insert(this.getOptionsKey(), "1", { upsert: true });
+        }
+        const passwords = await this.getUserPasswords(userId);
+        passwords.push(newItem);
+        const result = await this.setUserPasswords(userId, passwords);
+        if (!result) {
+            throw new Error("Failed to set user passwords");
+        }
+        return {
+            password: newPassword,
+            item: newItem,
+        };
+    }
+    // record_application_password_usage
+    async recordPasswordUsage(userId, uuid, options) {
+        const passwords = await this.getUserPasswords(userId);
+        for (const password of passwords) {
+            if (password.uuid !== uuid) {
+                continue;
+            }
+            const lastUsed = password.last_used || 0;
+            // Only record activity once a day.
+            if (lastUsed > 0 && lastUsed + 86400 > Math.floor(Date.now() / 1000)) {
+                return true;
+            }
+            // Update the password object in the array
+            password.last_used = Math.floor(Date.now() / 1000);
+            password.last_ip = options.ip || null;
+            // Save the updated passwords array
+            return await this.setUserPasswords(userId, passwords);
+        }
+        return false;
+    }
+    // update_application_password
+    async updatePasswordName(userId, uuid, newName) {
+        const name = zod_1.z.string().min(2).max(100).parse(newName);
+        const passwords = await this.getUserPasswords(userId);
+        for (const password of passwords) {
+            if (password.uuid !== uuid) {
+                continue;
+            }
+            // Update the password object in the array
+            password.name = name;
+            // Save the updated passwords array
+            return await this.setUserPasswords(userId, passwords);
+        }
+        return false;
+    }
+    // delete_application_password
+    async deletePassword(userId, uuid) {
+        const passwords = await this.getUserPasswords(userId);
+        const filtered = passwords.filter((password) => password.uuid !== uuid);
+        return await this.setUserPasswords(userId, filtered);
+    }
+    // delete_all_application_passwords
+    async deleteAllPasswords(userId) {
+        return await this.setUserPasswords(userId, []);
+    }
+    parsePasswords(passwords) {
+        return zod_1.z.array(application_password_1.applicationPassword).parse(passwords || []);
+    }
+    // get_user_application_password
+    async getUserPasswords(userId) {
+        const metaUtil = this.components.get(meta_util_1.MetaUtil);
+        const passwords = await metaUtil.getValue("user", userId, this.getMetaKey());
+        // Unserialize
+        const serialized = (0, common_1.phpUnserialize)(passwords) || [];
+        return this.parsePasswords(serialized);
+    }
+    // get_user_application_password
+    async getUserPasswordByUuid(userId, uuid) {
+        if (uuid.length !== 36) {
+            return null;
+        }
+        const passwords = await this.getUserPasswords(userId);
+        return passwords.find((password) => password.uuid === uuid) || null;
+    }
+    // set_user_application_passwords
+    async setUserPasswords(userId, passwords) {
+        const parsed = this.parsePasswords(passwords);
+        const metaTrx = this.components.get(transactions_1.MetaTrx);
+        return await metaTrx.upsert("user", userId, this.getMetaKey(), parsed, {
+            serialize: true,
+        });
+    }
+    chunkPassword(password) {
+        // Clean up first with cleanupPasswordHash
+        const cleanedUp = (0, common_1.cleanupPasswordHash)(password);
+        // trim( chunk_split( $raw_password, 4, ' ' ) );
+        return (cleanedUp
+            .match(/.{1,4}/g)
+            ?.join(" ")
+            .trim() || "");
+    }
+    // wp_authenticate_application_password
+    async authenticate(userIdOrName, rawPassword, options) {
+        if ((await this.isInUse()) === false) {
+            return undefined;
+        }
+        // Get user
+        const userUtil = this.components.get(user_util_1.UserUtil);
+        const user = await userUtil.get(userIdOrName);
+        if (!user.props) {
+            return undefined;
+        }
+        const userId = user.props.ID;
+        const password = (0, common_1.cleanupPasswordHash)(rawPassword);
+        if (password.length !== PW_LENGTH) {
+            return undefined;
+        }
+        // Get all password objects
+        const passwords = await this.getUserPasswords(userId);
+        for (const item of passwords) {
+            if (item.password && (0, common_1.verifyFastHash)(password, item.password)) {
+                // Record usage
+                await this.recordPasswordUsage(userId, item.uuid, {
+                    ip: options?.ip || null,
+                });
+                // Return user object
+                return user;
+            }
+        }
+        return undefined;
+    }
+};
+exports.ApplicationPasswordsUtil = ApplicationPasswordsUtil;
+exports.ApplicationPasswordsUtil = ApplicationPasswordsUtil = __decorate([
+    (0, component_1.component)(),
+    __metadata("design:paramtypes", [config_1.Config, components_1.Components])
+], ApplicationPasswordsUtil);

package/core/utils/crud.util.d.ts

@@ -13,6 +13,7 @@ import { TermCrud } from "../../crud/term.crud";
 import { UserSelfRegistrationCrud } from "../../crud/user-self-registration.crud";
 import { UserCrud } from "../../crud/user.crud";
 import { Components } from "../components";
+import { ApplicationPasswordsCrud } from "../../crud/application-passwords.crud";
 export declare class CrudUtil {
     private components;
     constructor(components: Components);
@@ -36,5 +37,6 @@ export declare class CrudUtil {
     get term(): TermCrud;
     get user(): UserCrud;
     get userSelfRegistration(): UserSelfRegistrationCrud;
+    get applicationPasswords(): ApplicationPasswordsCrud;
 }
 //# sourceMappingURL=crud.util.d.ts.map

package/core/utils/crud.util.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"crud.util.d.ts","sourceRoot":"","sources":["../../../src/core/utils/crud.util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAoB,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAEhD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,qBACa,QAAQ;IACP,OAAO,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAE1C,UAAU,CAAC,CAAC,SAAS,KAAK,GAAG,SAAS,EAAE,CAAC,EAAE,CAAC;;;;;;;IAqB5C,IAAI,IAAI,aAEP;IAED,IAAI,OAAO,gBAEV;IAED,IAAI,IAAI,aAEP;IAED,IAAI,OAAO,gBAEV;IAED,IAAI,IAAI,aAEP;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,KAAK,cAER;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,oBAAoB,6BAEvB;CACF"}
+{"version":3,"file":"crud.util.d.ts","sourceRoot":"","sources":["../../../src/core/utils/crud.util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,SAAS,EAAoB,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAC9E,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,wCAAwC,CAAC;AAClF,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAEhD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AAEjF,qBACa,QAAQ;IACP,OAAO,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAE1C,UAAU,CAAC,CAAC,SAAS,KAAK,GAAG,SAAS,EAAE,CAAC,EAAE,CAAC;;;;;;;IAqB5C,IAAI,IAAI,aAEP;IAED,IAAI,OAAO,gBAEV;IAED,IAAI,IAAI,aAEP;IAED,IAAI,OAAO,gBAEV;IAED,IAAI,IAAI,aAEP;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,KAAK,cAER;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,oBAAoB,6BAEvB;IAED,IAAI,oBAAoB,6BAEvB;CACF"}

package/core/utils/crud.util.js

@@ -26,6 +26,7 @@ const user_self_registration_crud_1 = require("../../crud/user-self-registration
 const user_crud_1 = require("../../crud/user.crud");
 const component_1 = require("../../decorators/component");
 const components_1 = require("../components");
+const application_passwords_crud_1 = require("../../crud/application-passwords.crud");
 let CrudUtil = class CrudUtil {
     components;
     constructor(components) {
@@ -89,6 +90,9 @@ let CrudUtil = class CrudUtil {
     get userSelfRegistration() {
         return this.components.get(user_self_registration_crud_1.UserSelfRegistrationCrud);
     }
+    get applicationPasswords() {
+        return this.components.get(application_passwords_crud_1.ApplicationPasswordsCrud);
+    }
 };
 exports.CrudUtil = CrudUtil;
 exports.CrudUtil = CrudUtil = __decorate([

package/core/utils/site.util.d.ts

@@ -9,6 +9,7 @@ export declare class SiteUtil {
     constructor(components: Components, config: Config);
     get(siteRef: string | number): Promise<Site>;
     toSites(sites: types.Tables["site"][], blogId: number): Promise<Site[]>;
+    getMainSiteId(): Promise<number>;
     getBlogs(siteId: number): Promise<Blog[]>;
     getReservedNames(siteId?: number): Promise<string[]>;
     private getSiteOptions;

package/core/utils/site.util.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"site.util.d.ts","sourceRoot":"","sources":["../../../src/core/utils/site.util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,OAAO,KAAK,KAAK,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAG3C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAI/B,qBACa,QAAQ;IACP,OAAO,CAAC,UAAU;IAAc,OAAO,CAAC,MAAM;gBAAtC,UAAU,EAAE,UAAU,EAAU,MAAM,EAAE,MAAM;IAE5D,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAI5B,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM;IA+BrD,QAAQ,CAAC,MAAM,EAAE,MAAM;IAiBvB,gBAAgB,CAAC,MAAM,CAAC,EAAE,MAAM;YAmBxB,cAAc;IAgBtB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IA2B1D,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE;CAsBxE"}
+{"version":3,"file":"site.util.d.ts","sourceRoot":"","sources":["../../../src/core/utils/site.util.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAEtC,OAAO,KAAK,KAAK,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAG3C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAI/B,qBACa,QAAQ;IACP,OAAO,CAAC,UAAU;IAAc,OAAO,CAAC,MAAM;gBAAtC,UAAU,EAAE,UAAU,EAAU,MAAM,EAAE,MAAM;IAE5D,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM;IAI5B,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM;IAUrD,aAAa;IAyCb,QAAQ,CAAC,MAAM,EAAE,MAAM;IAiBvB,gBAAgB,CAAC,MAAM,CAAC,EAAE,MAAM;YAmBxB,cAAc;IAgBtB,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;IA2B1D,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE;CAsBxE"}

package/core/utils/site.util.js

@@ -35,6 +35,22 @@ let SiteUtil = class SiteUtil {
         }
         return arr;
     }
+    // get_main_network_id
+    async getMainSiteId() {
+        if (!this.config.isMultiSite()) {
+            return 1;
+        }
+        const current = this.components.get(current_1.Current);
+        const siteId = current.siteId;
+        if (siteId === 1) {
+            return 1;
+        }
+        const queryUtil = this.components.get(query_util_1.QueryUtil);
+        const sites = await queryUtil.sites((query) => {
+            query.builder.limit(1);
+        });
+        return sites?.[0]?.id ?? 1;
+    }
     // async getList() {
     //   const queryUtil = this.components.get(QueryUtil);
     //   const metaUtil = this.components.get(MetaUtil);

package/core/utils/utils.d.ts

@@ -14,6 +14,7 @@ import { TaxonomyUtil } from "./taxonomy.util";
 import { TermUtil } from "./term.util";
 import { TrxUtil } from "./trx.util";
 import { UserUtil } from "./user.util";
+import { ApplicationPasswordsUtil } from "./application-passwords.util";
 export declare class Utils {
     private components;
     constructor(components: Components);
@@ -32,5 +33,6 @@ export declare class Utils {
     get site(): SiteUtil;
     get term(): TermUtil;
     get crud(): CrudUtil;
+    get applicationPasswords(): ApplicationPasswordsUtil;
 }
 //# sourceMappingURL=utils.d.ts.map

package/core/utils/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/core/utils/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEvC,qBACa,KAAK;IACJ,OAAO,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAE1C,IAAI,IAAI,aAEP;IAED,IAAI,OAAO,gBAEV;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,QAAQ,gBAEX;IAED,IAAI,KAAK,cAER;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,GAAG,YAEN;IAED,IAAI,KAAK,cAER;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;CACF"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../src/core/utils/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AAExE,qBACa,KAAK;IACJ,OAAO,CAAC,UAAU;gBAAV,UAAU,EAAE,UAAU;IAE1C,IAAI,IAAI,aAEP;IAED,IAAI,OAAO,gBAEV;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,QAAQ,gBAEX;IAED,IAAI,KAAK,cAER;IAED,IAAI,QAAQ,iBAEX;IAED,IAAI,IAAI,aAEP;IAED,IAAI,GAAG,YAEN;IAED,IAAI,KAAK,cAER;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,IAAI,aAEP;IAED,IAAI,oBAAoB,6BAEvB;CACF"}

package/core/utils/utils.js

@@ -27,6 +27,7 @@ const taxonomy_util_1 = require("./taxonomy.util");
 const term_util_1 = require("./term.util");
 const trx_util_1 = require("./trx.util");
 const user_util_1 = require("./user.util");
+const application_passwords_util_1 = require("./application-passwords.util");
 let Utils = class Utils {
     components;
     constructor(components) {
@@ -77,6 +78,9 @@ let Utils = class Utils {
     get crud() {
         return this.components.get(crud_util_1.CrudUtil);
     }
+    get applicationPasswords() {
+        return this.components.get(application_passwords_util_1.ApplicationPasswordsUtil);
+    }
 };
 exports.Utils = Utils;
 exports.Utils = Utils = __decorate([

package/crud/application-passwords.crud.d.ts

@@ -0,0 +1,64 @@
+import { Components } from "../core/components";
+import { ApplicationPasswordsUtil } from "../core/utils/application-passwords.util";
+import { Crud } from "./crud";
+export declare class ApplicationPasswordsCrud extends Crud {
+    private applicationPasswordsUtil;
+    constructor(components: Components, applicationPasswordsUtil: ApplicationPasswordsUtil);
+    get(uuid: string): Promise<{
+        data: {
+            uuid: string;
+            app_id: string;
+            name: string;
+            password: string;
+            created: number;
+            last_used: number | null;
+            last_ip: string | null;
+        };
+        info: undefined;
+    }>;
+    list(): Promise<{
+        data: {
+            uuid: string;
+            app_id: string;
+            name: string;
+            password: string;
+            created: number;
+            last_used: number | null;
+            last_ip: string | null;
+        }[];
+        info: undefined;
+    }>;
+    create(data: {
+        name: string;
+        app_id?: string;
+    }): Promise<{
+        data: {
+            password: string;
+            item: {
+                uuid: string;
+                app_id: string;
+                name: string;
+                password: string;
+                created: number;
+                last_used: number | null;
+                last_ip: string | null;
+            };
+        };
+        info: undefined;
+    }>;
+    update(uuid: string, data: {
+        name: string;
+    }): Promise<{
+        data: boolean;
+        info: undefined;
+    }>;
+    delete(uuid: string): Promise<{
+        data: boolean;
+        info: undefined;
+    }>;
+    deleteAll(): Promise<{
+        data: boolean;
+        info: undefined;
+    }>;
+}
+//# sourceMappingURL=application-passwords.crud.d.ts.map

package/crud/application-passwords.crud.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"application-passwords.crud.d.ts","sourceRoot":"","sources":["../../src/crud/application-passwords.crud.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,wBAAwB,EAAE,MAAM,0CAA0C,CAAC;AAEpF,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAG9B,qBACa,wBAAyB,SAAQ,IAAI;IAG9C,OAAO,CAAC,wBAAwB;gBADhC,UAAU,EAAE,UAAU,EACd,wBAAwB,EAAE,wBAAwB;IAKtD,GAAG,CAAC,IAAI,EAAE,MAAM;;;;;;;;;;;;IAkBhB,IAAI;;;;;;;;;;;;IAcJ,MAAM,CAAC,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE;;;;;;;;;;;;;;;IAe9C,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE;;;;IAuB3C,MAAM,CAAC,IAAI,EAAE,MAAM;;;;IAsBnB,SAAS;;;;CAgBhB"}

package/crud/application-passwords.crud.js

@@ -0,0 +1,90 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApplicationPasswordsCrud = void 0;
+const components_1 = require("../core/components");
+const application_passwords_util_1 = require("../core/utils/application-passwords.util");
+const component_1 = require("../decorators/component");
+const crud_1 = require("./crud");
+const error_1 = require("./error");
+let ApplicationPasswordsCrud = class ApplicationPasswordsCrud extends crud_1.Crud {
+    applicationPasswordsUtil;
+    constructor(components, applicationPasswordsUtil) {
+        super(components);
+        this.applicationPasswordsUtil = applicationPasswordsUtil;
+    }
+    async get(uuid) {
+        const { user: currentUser } = await this.getUser();
+        if (!(await currentUser?.can("read_app_password"))) {
+            throw new error_1.CrudError(error_1.StatusMessage.UNAUTHORIZED, "Not permitted");
+        }
+        const password = await this.applicationPasswordsUtil.getUserPasswordByUuid(currentUser.props.ID, uuid);
+        if (!password) {
+            throw new error_1.CrudError(error_1.StatusMessage.NOT_FOUND, "Password not found");
+        }
+        return this.returnValue(password);
+    }
+    async list() {
+        const { user: currentUser } = await this.getUser();
+        if (!(await currentUser?.can("list_app_passwords"))) {
+            throw new error_1.CrudError(error_1.StatusMessage.UNAUTHORIZED, "Not permitted");
+        }
+        const passwords = await this.applicationPasswordsUtil.getUserPasswords(currentUser.props.ID);
+        return this.returnValue(passwords);
+    }
+    async create(data) {
+        const { user: currentUser } = await this.getUser();
+        if (!(await currentUser?.can("create_app_password"))) {
+            throw new error_1.CrudError(error_1.StatusMessage.UNAUTHORIZED, "Not permitted");
+        }
+        const password = await this.applicationPasswordsUtil.createNewPassword(currentUser.props.ID, data);
+        return this.returnValue(password);
+    }
+    async update(uuid, data) {
+        const { user: currentUser } = await this.getUser();
+        if (!(await currentUser?.can("edit_app_password"))) {
+            throw new error_1.CrudError(error_1.StatusMessage.UNAUTHORIZED, "Not permitted");
+        }
+        const success = await this.applicationPasswordsUtil.updatePasswordName(currentUser.props.ID, uuid, data.name);
+        if (!success) {
+            throw new error_1.CrudError(error_1.StatusMessage.BAD_REQUEST, "Failed to update password");
+        }
+        return this.returnValue(success);
+    }
+    async delete(uuid) {
+        const { user: currentUser } = await this.getUser();
+        if (!(await currentUser?.can("delete_app_password"))) {
+            throw new error_1.CrudError(error_1.StatusMessage.UNAUTHORIZED, "Not permitted");
+        }
+        const success = await this.applicationPasswordsUtil.deletePassword(currentUser.props.ID, uuid);
+        if (!success) {
+            throw new error_1.CrudError(error_1.StatusMessage.BAD_REQUEST, "Failed to delete password");
+        }
+        return this.returnValue(success);
+    }
+    async deleteAll() {
+        const { user: currentUser } = await this.getUser();
+        if (!(await currentUser?.can("delete_app_passwords"))) {
+            throw new error_1.CrudError(error_1.StatusMessage.UNAUTHORIZED, "Not permitted");
+        }
+        const success = await this.applicationPasswordsUtil.deleteAllPasswords(currentUser.props.ID);
+        if (!success) {
+            throw new error_1.CrudError(error_1.StatusMessage.BAD_REQUEST, "Failed to delete passwords");
+        }
+        return this.returnValue(success);
+    }
+};
+exports.ApplicationPasswordsCrud = ApplicationPasswordsCrud;
+exports.ApplicationPasswordsCrud = ApplicationPasswordsCrud = __decorate([
+    (0, component_1.component)(),
+    __metadata("design:paramtypes", [components_1.Components,
+        application_passwords_util_1.ApplicationPasswordsUtil])
+], ApplicationPasswordsCrud);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rnaga/wp-node",
-  "version": "1.2.13",
+  "version": "1.3.2",
   "description": "",
   "scripts": {
     "build": "rm -rf ./dist && tsc --project tsconfig.build.json && npm run copyfiles && cp package.json ./dist/",
@@ -22,6 +22,7 @@
   "license": "MIT",
   "devDependencies": {
     "@types/node": "^22",
+    "@types/sodium-native": "^2.3.9",
     "copyfiles": "^2.4.1",
     "ts-node": "^10.9.1",
     "typescript": "^5.9",
@@ -36,6 +37,7 @@
     "mysql2": "^3.14.0",
     "php-serialize": "^5",
     "reflect-metadata": "^0.1.13",
+    "sodium-native": "^5.0.8",
     "zod": "^4.0.5"
   },
   "repository": {

package/types/crud.d.ts

@@ -1,17 +1,18 @@
+import { CrudUtil } from "../core/utils/crud.util";
+import { ApplicationPasswordsCrud } from "../crud/application-passwords.crud";
 import { BlogCrud } from "../crud/blog.crud";
 import { CommentCrud } from "../crud/comment.crud";
+import { Crud } from "../crud/crud";
 import { MetaCrud } from "../crud/meta.crud";
 import { OptionsCrud } from "../crud/options.crud";
 import { PostCrud } from "../crud/post.crud";
-import { SiteCrud } from "../crud/site.crud";
-import { SettingsCrud } from "../crud/settings.crud";
-import { TermCrud } from "../crud/term.crud";
-import { UserCrud } from "../crud/user.crud";
-import { CrudUtil } from "../core/utils/crud.util";
-import { Crud } from "../crud/crud";
 import { RevisionCrud } from "../crud/revision.crud";
 import { RolesCrud } from "../crud/roles.crud";
+import { SettingsCrud } from "../crud/settings.crud";
+import { SiteCrud } from "../crud/site.crud";
+import { TermCrud } from "../crud/term.crud";
 import { UserSelfRegistrationCrud } from "../crud/user-self-registration.crud";
+import { UserCrud } from "../crud/user.crud";
 
 export type ParseError = ReturnType<CrudUtil["parseError"]>;
 
@@ -39,6 +40,7 @@ export type CrudKeys =
 type Context = "view" | "edit" | "embed";
 
 interface CrudComponents {
+  applicationPasswords: ApplicationPasswordsCrud;
   blog: BlogCrud;
   comment: CommentCrud;
   meta: MetaCrud;
@@ -97,6 +99,26 @@ export type BlogParams<T extends BlogOperations> = {
   delete: Parameters<BlogCrud["delete"]>;
 }[T];
 
+export type ApplicationPasswordsOperations = Extract<
+  Operation,
+  "get" | "list" | "update" | "create" | "delete"
+>;
+
+export type ApplicationPasswordsParams<
+  T extends ApplicationPasswordsOperations
+> = {
+  get: Parameters<ApplicationPasswordsCrud["get"]>;
+  update: Parameters<ApplicationPasswordsCrud["update"]>;
+  list: Parameters<ApplicationPasswordsCrud["list"]>;
+  create: Parameters<ApplicationPasswordsCrud["create"]>;
+  delete: Parameters<ApplicationPasswordsCrud["delete"]>;
+}[T];
+
+export type SettingsParams<T extends SettingsOperations> = {
+  get: Parameters<SettingsCrud["get"]>;
+  update: Parameters<SettingsCrud["update"]>;
+}[T];
+
 export type CommentOperations = Operation;
 
 export type CommentParams<T extends CommentOperations> = {

package/validators/application-password.d.ts

@@ -0,0 +1,11 @@
+import { z } from "zod";
+export declare const applicationPassword: z.ZodObject<{
+    uuid: z.ZodString;
+    app_id: z.ZodString;
+    name: z.ZodString;
+    password: z.ZodString;
+    created: z.ZodNumber;
+    last_used: z.ZodNullable<z.ZodNumber>;
+    last_ip: z.ZodNullable<z.ZodString>;
+}, z.core.$strip>;
+//# sourceMappingURL=application-password.d.ts.map

package/validators/application-password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"application-password.d.ts","sourceRoot":"","sources":["../../src/validators/application-password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAiBxB,eAAO,MAAM,mBAAmB;;;;;;;;iBAc9B,CAAC"}

package/validators/application-password.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.applicationPassword = void 0;
+const zod_1 = require("zod");
+/*
+ * @param array $passwords {
+ *     The list of application passwords.
+ *
+ *     @type array ...$0 {
+ *         @type string      $uuid      The unique identifier for the application password.
+ *         @type string      $app_id    A UUID provided by the application to uniquely identify it.
+ *         @type string      $name      The name of the application password.
+ *         @type string      $password  A one-way hash of the password.
+ *         @type int         $created   Unix timestamp of when the password was created.
+ *         @type int|null    $last_used The Unix timestamp of the GMT date the application password was last used.
+ *         @type string|null $last_ip   The IP address the application password was last used by.
+ *     }
+ * }
+ *
+ */
+exports.applicationPassword = zod_1.z.object({
+    uuid: zod_1.z.string(),
+    app_id: zod_1.z.string(),
+    name: zod_1.z.string().min(2).max(100),
+    password: zod_1.z.string().min(8).max(100),
+    created: zod_1.z.number().min(0),
+    last_used: zod_1.z.number().min(0).nullable(),
+    last_ip: zod_1.z
+        .string()
+        // .regex(
+        //   /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/,
+        //   { message: "Invalid IPv4 address" }
+        // )
+        .nullable(),
+});

package/validators/config.d.ts

@@ -20,6 +20,7 @@ export declare const config: z.ZodObject<{
             error: "error";
         }>>>;
     }, z.core.$strip>;
+    useApplicationPasswords: z.ZodDefault<z.ZodBoolean>;
     extensions: z.ZodObject<{
         misc: z.ZodArray<z.ZodString>;
         audio: z.ZodArray<z.ZodString>;
@@ -168,6 +169,7 @@ export declare const configs: z.ZodRecord<z.ZodString, z.ZodObject<{
             error: "error";
         }>>>;
     }, z.core.$strip>;
+    useApplicationPasswords: z.ZodDefault<z.ZodBoolean>;
     extensions: z.ZodObject<{
         misc: z.ZodArray<z.ZodString>;
         audio: z.ZodArray<z.ZodString>;

package/validators/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/validators/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAuHjB,CAAC;AAEH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAA+B,CAAC"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/validators/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,eAAO,MAAM,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAwHjB,CAAC;AAEH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAA+B,CAAC"}

package/validators/config.js

@@ -57,6 +57,7 @@ exports.config = zod_1.z.object({
             .optional()
             .default("info"),
     }),
+    useApplicationPasswords: zod_1.z.boolean().default(true),
     extensions: zod_1.z.object({
         misc: zod_1.z.array(zod_1.z.string()),
         audio: zod_1.z.array(zod_1.z.string()),

package/validators/index.d.ts

@@ -7,4 +7,5 @@ export * as crud from "./crud";
 export * from "./options";
 export * from "./sitemeta";
 export * as helpers from "./helpers";
+export * from "./application-password";
 //# sourceMappingURL=index.d.ts.map

package/validators/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/validators/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AACtC,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,IAAI,MAAM,QAAQ,CAAC;AAC/B,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAE3B,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/validators/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAEnC,OAAO,KAAK,GAAG,MAAM,gBAAgB,CAAC;AACtC,OAAO,KAAK,KAAK,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,IAAI,MAAM,QAAQ,CAAC;AAC/B,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAE3B,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,cAAc,wBAAwB,CAAC"}

package/validators/index.js

@@ -46,3 +46,4 @@ exports.crud = __importStar(require("./crud"));
 __exportStar(require("./options"), exports);
 __exportStar(require("./sitemeta"), exports);
 exports.helpers = __importStar(require("./helpers"));
+__exportStar(require("./application-password"), exports);