@rpcbase/auth 0.118.0 → 0.120.0

package/dist/handler-DfEsSB4T.js

@@ -0,0 +1,74 @@
+import { models } from "@rpcbase/db";
+import { verifyPasswordFromStorage } from "@rpcbase/server";
+import { R as Route, r as requestSchema } from "./index-Bxz6YdiB.js";
+const signIn = async (payload, ctx) => {
+  const User = await models.getGlobal("RBUser", ctx);
+  const parsed = requestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return {
+      success: false,
+      error: "invalid_payload"
+    };
+  }
+  const {
+    email,
+    password
+  } = parsed.data;
+  const user = await User.findOne({
+    email
+  }, {
+    password: 1,
+    tenants: 1,
+    tenantRoles: 1
+  });
+  if (!user?.password) {
+    ctx.res.status(401);
+    return {
+      success: false,
+      error: "invalid_credentials"
+    };
+  }
+  const stored = String(user.password);
+  const passwordMatches = await verifyPasswordFromStorage(password, stored);
+  if (!passwordMatches) {
+    if (!stored.startsWith("$scrypt$")) {
+      console.warn("auth::sign-in invalid stored password format", user._id.toString());
+    }
+    ctx.res.status(401);
+    return {
+      success: false,
+      error: "invalid_credentials"
+    };
+  }
+  const tenantId = user.tenants?.[0]?.toString?.() || "00000000";
+  const signedInTenants = (user.tenants || []).map(String);
+  const tenantRolesMap = user.get("tenantRoles");
+  const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : void 0;
+  if (!ctx.req.session) {
+    ctx.res.status(500);
+    return {
+      success: false,
+      error: "session_unavailable"
+    };
+  }
+  ctx.req.session.user = {
+    id: user._id.toString(),
+    currentTenantId: tenantId,
+    signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],
+    isEntryGateAuthorized: true,
+    tenantRoles
+  };
+  return {
+    success: true,
+    userId: user._id.toString(),
+    tenantId
+  };
+};
+const handler = (api) => {
+  api.post(Route, signIn);
+};
+export {
+  handler as default
+};
+//# sourceMappingURL=handler-DfEsSB4T.js.map

package/dist/handler-DfEsSB4T.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler-DfEsSB4T.js","sources":["../src/api/sign-in/handler.ts"],"sourcesContent":["import { Api, ApiHandler, Ctx } from \"@rpcbase/api\"\nimport { models } from \"@rpcbase/db\"\nimport { verifyPasswordFromStorage } from \"@rpcbase/server\"\n\nimport type { AuthSessionUser } from \"../../types\"\n\nimport * as SignIn from \"./index\"\n\n\nconst signIn: ApiHandler<SignIn.RequestPayload, SignIn.ResponsePayload, AuthSessionUser> = async(\n  payload,\n  ctx: Ctx<AuthSessionUser>\n): Promise<SignIn.ResponsePayload> => {\n  const User = await models.getGlobal(\"RBUser\", ctx)\n\n  const parsed = SignIn.requestSchema.safeParse(payload)\n\n  if (!parsed.success) {\n    ctx.res.status(400)\n    return { success: false, error: \"invalid_payload\" }\n  }\n\n  const { email, password } = parsed.data\n\n  const user = await User.findOne({ email }, { password: 1, tenants: 1, tenantRoles: 1 })\n\n  if (!user?.password) {\n    ctx.res.status(401)\n    return { success: false, error: \"invalid_credentials\" }\n  }\n\n  const stored = String(user.password)\n  const passwordMatches = await verifyPasswordFromStorage(password, stored)\n\n  if (!passwordMatches) {\n    if (!stored.startsWith(\"$scrypt$\")) {\n      console.warn(\"auth::sign-in invalid stored password format\", user._id.toString())\n    }\n    ctx.res.status(401)\n    return { success: false, error: \"invalid_credentials\" }\n  }\n\n  const tenantId = user.tenants?.[0]?.toString?.() || \"00000000\"\n  const signedInTenants = (user.tenants || []).map(String)\n  const tenantRolesMap = user.get(\"tenantRoles\") as Map<string, string[]> | undefined\n  const tenantRoles = tenantRolesMap ? Object.fromEntries(tenantRolesMap.entries()) : undefined\n\n  if (!ctx.req.session) {\n    ctx.res.status(500)\n    return { success: false, error: \"session_unavailable\" }\n  }\n\n  ctx.req.session.user = {\n    id: user._id.toString(),\n    currentTenantId: tenantId,\n    signedInTenants: signedInTenants.length ? signedInTenants : [tenantId],\n    isEntryGateAuthorized: true,\n    tenantRoles,\n  }\n\n  return { success: true, userId: user._id.toString(), tenantId }\n}\n\nexport default (api: Api<AuthSessionUser>) => {\n  api.post(SignIn.Route, signIn)\n}\n"],"names":["signIn","payload","ctx","User","models","getGlobal","parsed","SignIn","safeParse","success","res","status","error","email","password","data","user","findOne","tenants","tenantRoles","stored","String","passwordMatches","verifyPasswordFromStorage","startsWith","console","warn","_id","toString","tenantId","signedInTenants","map","tenantRolesMap","get","Object","fromEntries","entries","undefined","req","session","id","currentTenantId","length","isEntryGateAuthorized","userId","api","post"],"mappings":";;;AASA,MAAMA,SAAqF,OACzFC,SACAC,QACoC;AACpC,QAAMC,OAAO,MAAMC,OAAOC,UAAU,UAAUH,GAAG;AAEjD,QAAMI,SAASC,cAAqBC,UAAUP,OAAO;AAErD,MAAI,CAACK,OAAOG,SAAS;AACnBP,QAAIQ,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEF,SAAS;AAAA,MAAOG,OAAO;AAAA,IAAA;AAAA,EAClC;AAEA,QAAM;AAAA,IAAEC;AAAAA,IAAOC;AAAAA,EAAAA,IAAaR,OAAOS;AAEnC,QAAMC,OAAO,MAAMb,KAAKc,QAAQ;AAAA,IAAEJ;AAAAA,EAAAA,GAAS;AAAA,IAAEC,UAAU;AAAA,IAAGI,SAAS;AAAA,IAAGC,aAAa;AAAA,EAAA,CAAG;AAEtF,MAAI,CAACH,MAAMF,UAAU;AACnBZ,QAAIQ,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEF,SAAS;AAAA,MAAOG,OAAO;AAAA,IAAA;AAAA,EAClC;AAEA,QAAMQ,SAASC,OAAOL,KAAKF,QAAQ;AACnC,QAAMQ,kBAAkB,MAAMC,0BAA0BT,UAAUM,MAAM;AAExE,MAAI,CAACE,iBAAiB;AACpB,QAAI,CAACF,OAAOI,WAAW,UAAU,GAAG;AAClCC,cAAQC,KAAK,gDAAgDV,KAAKW,IAAIC,UAAU;AAAA,IAClF;AACA1B,QAAIQ,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEF,SAAS;AAAA,MAAOG,OAAO;AAAA,IAAA;AAAA,EAClC;AAEA,QAAMiB,WAAWb,KAAKE,UAAU,CAAC,GAAGU,gBAAgB;AACpD,QAAME,mBAAmBd,KAAKE,WAAW,CAAA,GAAIa,IAAIV,MAAM;AACvD,QAAMW,iBAAiBhB,KAAKiB,IAAI,aAAa;AAC7C,QAAMd,cAAca,iBAAiBE,OAAOC,YAAYH,eAAeI,QAAAA,CAAS,IAAIC;AAEpF,MAAI,CAACnC,IAAIoC,IAAIC,SAAS;AACpBrC,QAAIQ,IAAIC,OAAO,GAAG;AAClB,WAAO;AAAA,MAAEF,SAAS;AAAA,MAAOG,OAAO;AAAA,IAAA;AAAA,EAClC;AAEAV,MAAIoC,IAAIC,QAAQvB,OAAO;AAAA,IACrBwB,IAAIxB,KAAKW,IAAIC,SAAAA;AAAAA,IACba,iBAAiBZ;AAAAA,IACjBC,iBAAiBA,gBAAgBY,SAASZ,kBAAkB,CAACD,QAAQ;AAAA,IACrEc,uBAAuB;AAAA,IACvBxB;AAAAA,EAAAA;AAGF,SAAO;AAAA,IAAEV,SAAS;AAAA,IAAMmC,QAAQ5B,KAAKW,IAAIC,SAAAA;AAAAA,IAAYC;AAAAA,EAAAA;AACvD;AAEA,MAAA,UAAe,CAACgB,QAA8B;AAC5CA,MAAIC,KAAKvC,OAAcP,MAAM;AAC/B;"}

package/dist/index-Bxz6YdiB.js

@@ -0,0 +1,20 @@
+import { o as object, b as boolean, s as string } from "./schemas-Dn3gHDGz.js";
+const Route = "/api/rb/auth/sign-in";
+const requestSchema = object({
+  email: string().nonempty("Email is required").email("Please enter a valid email address"),
+  password: string().min(1, {
+    message: "Password is required"
+  }),
+  rememberMe: boolean().default(true)
+});
+object({
+  success: boolean(),
+  error: string().optional(),
+  userId: string().optional(),
+  tenantId: string().optional()
+});
+export {
+  Route as R,
+  requestSchema as r
+};
+//# sourceMappingURL=index-Bxz6YdiB.js.map

package/dist/index-Bxz6YdiB.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-Bxz6YdiB.js","sources":["../src/api/sign-in/index.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/auth/sign-in\"\n\nexport const requestSchema = z.object({\n  email: z\n    .string()\n    .nonempty(\"Email is required\")\n    .email(\"Please enter a valid email address\"),\n  password: z.string().min(1, { message: \"Password is required\" }),\n  rememberMe: z.boolean().default(true),\n})\n\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n  success: z.boolean(),\n  error: z.string().optional(),\n  userId: z.string().optional(),\n  tenantId: z.string().optional(),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n"],"names":["Route","requestSchema","z","email","string","nonempty","password","min","message","rememberMe","default","success","boolean","error","optional","userId","tenantId"],"mappings":";AAGO,MAAMA,QAAQ;AAEd,MAAMC,gBAAgBC,OAAS;AAAA,EACpCC,OAAOD,OACJE,EACAC,SAAS,mBAAmB,EAC5BF,MAAM,oCAAoC;AAAA,EAC7CG,UAAUJ,OAAEE,EAASG,IAAI,GAAG;AAAA,IAAEC,SAAS;AAAA,EAAA,CAAwB;AAAA,EAC/DC,YAAYP,UAAYQ,QAAQ,IAAI;AACtC,CAAC;AAI6BR,OAAS;AAAA,EACrCS,SAAST,QAAEU;AAAAA,EACXC,OAAOX,OAAEE,EAASU,SAAAA;AAAAA,EAClBC,QAAQb,OAAEE,EAASU,SAAAA;AAAAA,EACnBE,UAAUd,OAAEE,EAASU,SAAAA;AACvB,CAAC;"}

package/dist/index-C_uBu_fP.js

@@ -0,0 +1,20 @@
+import { o as object, b as boolean, s as string } from "./schemas-Dn3gHDGz.js";
+const Route = "/api/rb/auth/sign-up";
+const requestSchema = object({
+  email: string().nonempty("Email is required").email("Please enter a valid email address"),
+  password: string().min(8, {
+    message: "Password must be at least 8 characters long."
+  }),
+  rememberMe: boolean().default(true)
+});
+object({
+  success: boolean(),
+  error: string().optional(),
+  userId: string().optional(),
+  tenantId: string().optional()
+});
+export {
+  Route as R,
+  requestSchema as r
+};
+//# sourceMappingURL=index-C_uBu_fP.js.map

package/dist/index-C_uBu_fP.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-C_uBu_fP.js","sources":["../src/api/sign-up/index.ts"],"sourcesContent":["import { z } from \"zod\"\n\n\nexport const Route = \"/api/rb/auth/sign-up\"\n\nexport const requestSchema = z\n  .object({\n    email: z\n      .string()\n      .nonempty(\"Email is required\")\n      .email(\"Please enter a valid email address\"),\n    password: z.string().min(8, { message: \"Password must be at least 8 characters long.\" }),\n    rememberMe: z.boolean().default(true),\n  })\n\nexport type RequestPayload = z.infer<typeof requestSchema>\n\nexport const responseSchema = z.object({\n  success: z.boolean(),\n  error: z.string().optional(),\n  userId: z.string().optional(),\n  tenantId: z.string().optional(),\n})\n\nexport type ResponsePayload = z.infer<typeof responseSchema>\n"],"names":["Route","requestSchema","z","email","string","nonempty","password","min","message","rememberMe","default","success","boolean","error","optional","userId","tenantId"],"mappings":";AAGO,MAAMA,QAAQ;AAEd,MAAMC,gBAAgBC,OACnB;AAAA,EACNC,OAAOD,OACJE,EACAC,SAAS,mBAAmB,EAC5BF,MAAM,oCAAoC;AAAA,EAC7CG,UAAUJ,OAAEE,EAASG,IAAI,GAAG;AAAA,IAAEC,SAAS;AAAA,EAAA,CAAgD;AAAA,EACvFC,YAAYP,UAAYQ,QAAQ,IAAI;AACtC,CAAC;AAI2BR,OAAS;AAAA,EACrCS,SAAST,QAAEU;AAAAA,EACXC,OAAOX,OAAEE,EAASU,SAAAA;AAAAA,EAClBC,QAAQb,OAAEE,EAASU,SAAAA;AAAAA,EACnBE,UAAUd,OAAEE,EAASU,SAAAA;AACvB,CAAC;"}