@rpcbase/auth 0.44.0 → 0.45.0

package/dist/api/me/handler.d.ts

@@ -0,0 +1,5 @@
+import { Api } from '../../../../api/src';
+import { AuthSessionUser } from '../../types';
+declare const _default: (api: Api<AuthSessionUser>) => void;
+export default _default;
+//# sourceMappingURL=handler.d.ts.map

package/dist/api/me/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/me/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAA8B,MAAM,cAAc,CAAA;AAE9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBAkDlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAGC"}

package/dist/api/me/index.d.ts

@@ -0,0 +1,16 @@
+import { z } from '../../../../vite/node_modules/zod';
+export declare const Route = "/api/rb/auth/me";
+export declare const requestSchema: z.ZodObject<{}, z.core.$strip>;
+export type RequestPayload = z.infer<typeof requestSchema>;
+export declare const responseSchema: z.ZodObject<{
+    id: z.ZodOptional<z.ZodString>;
+    email: z.ZodOptional<z.ZodString>;
+    phone: z.ZodOptional<z.ZodString>;
+    name: z.ZodOptional<z.ZodString>;
+    tenants: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    current_tenant_id: z.ZodOptional<z.ZodString>;
+    signed_in_tenants: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodString>>>;
+    error: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type ResponsePayload = z.infer<typeof responseSchema>;
+//# sourceMappingURL=index.d.ts.map

package/dist/api/me/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/me/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAGvB,eAAO,MAAM,KAAK,oBAAoB,CAAA;AAEtC,eAAO,MAAM,aAAa,gCAAe,CAAA;AACzC,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc;;;;;;;;;iBASzB,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA"}

package/dist/api/sign-in/handler.d.ts

@@ -1,4 +1,5 @@
 import { Api } from '../../../../api/src';
-declare const _default: (api: Api) => void;
+import { AuthSessionUser } from '../../types';
+declare const _default: (api: Api<AuthSessionUser>) => void;
 export default _default;
 //# sourceMappingURL=handler.d.ts.map

package/dist/api/sign-in/handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/handler.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,GAAG,EAAiC,MAAM,cAAc,CAAA;yBA+ChD,KAAK,GAAG;AAAxB,wBAEC"}
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/handler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAA8B,MAAM,cAAc,CAAA;AAG9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBAgElC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}

package/dist/api/sign-in/index.d.ts

@@ -2,11 +2,15 @@ import { z } from '../../../../vite/node_modules/zod';
 export declare const Route = "/api/rb/auth/sign-in";
 export declare const requestSchema: z.ZodObject<{
     email_or_phone: z.ZodDefault<z.ZodString>;
+    password: z.ZodString;
     remember_me: z.ZodDefault<z.ZodBoolean>;
 }, z.core.$strip>;
 export type RequestPayload = z.infer<typeof requestSchema>;
 export declare const responseSchema: z.ZodObject<{
     success: z.ZodBoolean;
+    error: z.ZodOptional<z.ZodString>;
+    user_id: z.ZodOptional<z.ZodString>;
+    tenant_id: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
 export type ResponsePayload = z.infer<typeof responseSchema>;
 //# sourceMappingURL=index.d.ts.map

package/dist/api/sign-in/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,KAAK,yBAAyB,CAAA;AAE3C,eAAO,MAAM,aAAa;;;iBAcxB,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc;;iBAEzB,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/sign-in/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,KAAK,yBAAyB,CAAA;AAE3C,eAAO,MAAM,aAAa;;;;iBAexB,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc;;;;;iBAKzB,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA"}

package/dist/api/sign-out/handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-out/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAmB,MAAM,cAAc,CAAA;yBAcnC,KAAK,GAAG;AAAxB,wBAEC"}
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-out/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAO,MAAM,cAAc,CAAA;yBAkBvB,KAAK,GAAG;AAAxB,wBAEC"}

package/dist/api/sign-up/handler.d.ts

@@ -1,4 +1,5 @@
 import { Api } from '../../../../api/src';
-declare const _default: (api: Api) => void;
+import { AuthSessionUser } from '../../types';
+declare const _default: (api: Api<AuthSessionUser>) => void;
 export default _default;
 //# sourceMappingURL=handler.d.ts.map

package/dist/api/sign-up/handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-up/handler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAC,GAAG,EAA6B,MAAM,cAAc,CAAA;yBA0C5C,KAAK,GAAG;AAAxB,wBAEC"}
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../../src/api/sign-up/handler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,GAAG,EAA8B,MAAM,cAAc,CAAA;AAG9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;yBAwFlC,KAAK,GAAG,CAAC,eAAe,CAAC;AAAzC,wBAEC"}

package/dist/api/sign-up/index.d.ts

@@ -4,10 +4,14 @@ export declare const requestSchema: z.ZodObject<{
     email_or_phone: z.ZodString;
     password: z.ZodString;
     password_confirmation: z.ZodString;
+    remember_me: z.ZodDefault<z.ZodBoolean>;
 }, z.core.$strip>;
 export type RequestPayload = z.infer<typeof requestSchema>;
 export declare const responseSchema: z.ZodObject<{
     success: z.ZodBoolean;
+    error: z.ZodOptional<z.ZodString>;
+    user_id: z.ZodOptional<z.ZodString>;
+    tenant_id: z.ZodOptional<z.ZodString>;
 }, z.core.$strip>;
 export type ResponsePayload = z.infer<typeof responseSchema>;
 //# sourceMappingURL=index.d.ts.map

package/dist/api/sign-up/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/sign-up/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,KAAK,yBAAyB,CAAA;AAE3C,eAAO,MAAM,aAAa;;;;iBAmBtB,CAAA;AAEJ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc;;iBAEzB,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/sign-up/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAIvB,eAAO,MAAM,KAAK,yBAAyB,CAAA;AAE3C,eAAO,MAAM,aAAa;;;;;iBAoBtB,CAAA;AAEJ,MAAM,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAA;AAE1D,eAAO,MAAM,cAAc;;;;;iBAKzB,CAAA;AAEF,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAA"}

package/dist/components/PasswordInput/index.d.ts

@@ -0,0 +1,10 @@
+type PasswordInputProps = {
+    id: string;
+    name?: string;
+    className?: string;
+    placeholder?: string;
+    autoComplete?: string;
+};
+export declare const PasswordInput: ({ id, name, className, placeholder, autoComplete, }: PasswordInputProps) => import("react/jsx-runtime").JSX.Element;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/components/PasswordInput/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/PasswordInput/index.tsx"],"names":[],"mappings":"AAGA,KAAK,kBAAkB,GAAG;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAED,eAAO,MAAM,aAAa,GAAI,qDAM3B,kBAAkB,4CA0BpB,CAAA"}

package/dist/components/SignInForm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignInForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAY,MAAM,OAAO,CAAA;AAW1C,eAAO,MAAM,UAAU,GAAI,yBAGxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,4CAyBA,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignInForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAY,MAAM,OAAO,CAAA;AAW1C,eAAO,MAAM,UAAU,GAAI,yBAGxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,4CA6CA,CAAA"}

package/dist/components/SignUpForm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignUpForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAY,MAAM,OAAO,CAAA;AAW1C,eAAO,MAAM,UAAU,GAAI,yBAGxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,4CA0BA,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/components/SignUpForm/index.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAC,SAAS,EAAsB,MAAM,OAAO,CAAA;AAWpD,eAAO,MAAM,UAAU,GAAI,yBAGxB;IACD,QAAQ,EAAE,SAAS,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,4CAyEA,CAAA"}

package/dist/components/index.d.ts

@@ -4,4 +4,5 @@ export * from './EmailOrPhoneInput';
 export * from './SignInForm';
 export * from './SignUpForm';
 export * from './RememberMeCheckbox';
+export * from './PasswordInput';
 //# sourceMappingURL=index.d.ts.map

package/dist/components/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/components/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA;AAC5B,cAAc,qBAAqB,CAAA;AACnC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA;AAC5B,cAAc,sBAAsB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/components/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA;AAC5B,cAAc,qBAAqB,CAAA;AACnC,cAAc,qBAAqB,CAAA;AACnC,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA;AAC5B,cAAc,sBAAsB,CAAA;AACpC,cAAc,iBAAiB,CAAA"}

package/dist/handler-BSoyBLZM.js

@@ -0,0 +1,50 @@
+import crypto from "crypto";
+import { i as isEmail } from "./isEmail-IG0hXiQk.js";
+import { loadModel } from "@rpcbase/api";
+import { hashPassword } from "@rpcbase/server";
+import { R as Route, r as requestSchema } from "./index-r56vqjph.js";
+const signIn = async (payload, ctx) => {
+  const User = await loadModel("User", ctx);
+  const parsed = requestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { success: false, error: "invalid_payload" };
+  }
+  const { email_or_phone, password } = parsed.data;
+  const query = isEmail(email_or_phone) ? { email: email_or_phone } : { phone: email_or_phone };
+  const user = await User.findOne(query, { password: 1, tenants: 1 });
+  if (!user?.password) {
+    ctx.res.status(401);
+    return { success: false, error: "invalid_credentials" };
+  }
+  const [salt, hashedPassword] = String(user.password).split(":");
+  if (!salt || !hashedPassword) {
+    ctx.res.status(500);
+    return { success: false, error: "invalid_password_format" };
+  }
+  const derivedKey = await hashPassword(password, salt);
+  const passwordMatches = crypto.timingSafeEqual(Buffer.from(hashedPassword, "hex"), derivedKey);
+  if (!passwordMatches) {
+    ctx.res.status(401);
+    return { success: false, error: "invalid_credentials" };
+  }
+  const tenantId = user.tenants?.[0]?.toString?.() || "00000000";
+  const signedInTenants = (user.tenants || []).map((t) => t.toString?.() || String(t)) || [tenantId];
+  if (!ctx.req.session) {
+    ctx.res.status(500);
+    return { success: false, error: "session_unavailable" };
+  }
+  ctx.req.session.user = {
+    id: user._id.toString(),
+    current_tenant_id: tenantId,
+    signed_in_tenants: signedInTenants.length ? signedInTenants : [tenantId],
+    is_entry_gate_authorized: true
+  };
+  return { success: true, user_id: user._id.toString(), tenant_id: tenantId };
+};
+const handler = (api) => {
+  api.post(Route, signIn);
+};
+export {
+  handler as default
+};

package/dist/handler-Ba3pgtfZ.js

@@ -0,0 +1,57 @@
+import { loadModel } from "@rpcbase/api";
+import { r as restrictSessionMiddleware } from "./middleware-BiMXO6Dq.js";
+import { o as object, s as string, a as array } from "./schemas-KL7REOdt.js";
+const Route = "/api/rb/auth/me";
+object({});
+object({
+  id: string().optional(),
+  email: string().email().optional(),
+  phone: string().optional(),
+  name: string().optional(),
+  tenants: array(string()).default([]),
+  current_tenant_id: string().optional(),
+  signed_in_tenants: array(string()).default([]).optional(),
+  error: string().optional()
+});
+const me = async (_payload, ctx) => {
+  const sessionUser = ctx.req.session?.user;
+  if (!sessionUser?.id) {
+    ctx.res.status(401);
+    return {
+      id: "",
+      current_tenant_id: "",
+      signed_in_tenants: [],
+      tenants: [],
+      error: "not_authenticated"
+    };
+  }
+  const User = await loadModel("User", ctx);
+  const user = await User.findById(sessionUser.id);
+  if (!user) {
+    ctx.res.status(404);
+    return {
+      id: "",
+      current_tenant_id: "",
+      signed_in_tenants: [],
+      tenants: [],
+      error: "user_not_found"
+    };
+  }
+  const tenantId = sessionUser.current_tenant_id || user.tenants?.[0]?.toString?.() || "00000000";
+  return {
+    id: user._id.toString(),
+    email: user.email,
+    phone: user.phone,
+    name: user.name,
+    tenants: (user.tenants || []).map((t) => t.toString?.() || String(t)),
+    current_tenant_id: tenantId,
+    signed_in_tenants: sessionUser.signed_in_tenants || []
+  };
+};
+const handler = (api) => {
+  api.use(Route, restrictSessionMiddleware);
+  api.get(Route, me);
+};
+export {
+  handler as default
+};

package/dist/{handler-42q87FS8.js → handler-CNHucHrj.js}

@@ -1,10 +1,13 @@
-import { o as object, b as boolean } from "./schemas-7XFc7XYG.js";
+import { o as object, b as boolean } from "./schemas-KL7REOdt.js";
 const Route = "/api/rb/auth/sign-out";
 object({});
 object({
   success: boolean()
 });
 const handleSignOut = async (_, ctx) => {
+  if (!ctx.req.session) {
+    return { success: true };
+  }
   await new Promise((resolve) => ctx.req.session.destroy(() => resolve()));
   return {
     success: true

package/dist/handler-rZR_dx7n.js

@@ -0,0 +1,71 @@
+import crypto from "crypto";
+import { i as isEmail } from "./isEmail-IG0hXiQk.js";
+import { loadModel } from "@rpcbase/api";
+import { hashPassword, sendEmail } from "@rpcbase/server";
+import { R as Route, r as requestSchema } from "./index-Cq04nmsE.js";
+const signUp = async (payload, ctx) => {
+  const User = await loadModel("User", ctx);
+  const Tenant = await loadModel("Tenant", ctx);
+  const parsed = requestSchema.safeParse(payload);
+  if (!parsed.success) {
+    ctx.res.status(400);
+    return { success: false, error: "invalid_payload" };
+  }
+  const { email_or_phone, password, remember_me: _remember_me } = parsed.data;
+  const is_email = isEmail(email_or_phone);
+  const query = is_email ? { email: email_or_phone } : { phone: email_or_phone };
+  const existingUser = await User.findOne(query);
+  if (existingUser) {
+    console.log("user with email or phone already exists", email_or_phone);
+    ctx.res.status(409);
+    return { success: false, error: "user_exists" };
+  }
+  const salt = crypto.randomBytes(16).toString("hex");
+  const derivedKey = await hashPassword(password, salt);
+  const hashedPassword = `${salt}:${derivedKey.toString("hex")}`;
+  const tenantId = crypto.randomUUID();
+  const user = new User({
+    ...query,
+    password: hashedPassword,
+    tenants: [tenantId]
+  });
+  await user.save();
+  if (is_email) {
+    try {
+      await sendEmail({
+        to: email_or_phone,
+        subject: "Verify your email",
+        html: "<p>Welcome to rpcbase!</p><p>We created your account. Use this email to sign in and finish verification.</p>",
+        text: "Welcome to rpcbase! We created your account. Use this email to sign in and finish verification."
+      });
+    } catch (err) {
+      console.warn("failed to send sign-up email", err);
+    }
+  }
+  try {
+    await Tenant.create({
+      tenant_id: tenantId,
+      name: query.email || query.phone
+    });
+  } catch (err) {
+    console.warn("failed to create tenant for user", err);
+  }
+  console.log("created new user", user._id.toString());
+  if (!ctx.req.session) {
+    ctx.res.status(500);
+    return { success: false, error: "session_unavailable" };
+  }
+  ctx.req.session.user = {
+    id: user._id.toString(),
+    current_tenant_id: tenantId,
+    signed_in_tenants: [tenantId],
+    is_entry_gate_authorized: true
+  };
+  return { success: true, user_id: user._id.toString(), tenant_id: tenantId };
+};
+const handler = (api) => {
+  api.post(Route, signUp);
+};
+export {
+  handler as default
+};

package/dist/{index-Nc4R1TKZ.js → index-Cq04nmsE.js}

@@ -1,5 +1,5 @@
 import { i as isValidNumber } from "./isValidNumber-6pMDGLRn.js";
-import { o as object, s as string, b as boolean } from "./schemas-7XFc7XYG.js";
+import { o as object, b as boolean, s as string } from "./schemas-KL7REOdt.js";
 const Route = "/api/rb/auth/sign-up";
 const requestSchema = object({
   email_or_phone: string().nonempty("Email or phone number is required").refine(
@@ -11,13 +11,17 @@ const requestSchema = object({
     "Please enter a valid email address or phone number"
   ),
   password: string().min(8, { message: "Password must be at least 8 characters long." }),
-  password_confirmation: string().nonempty({ message: "Please confirm your password." })
+  password_confirmation: string().nonempty({ message: "Please confirm your password." }),
+  remember_me: boolean().default(true)
 }).refine((data) => data.password === data.password_confirmation, {
   message: "Passwords do not match.",
   path: ["password_confirmation"]
 });
 object({
-  success: boolean()
+  success: boolean(),
+  error: string().optional(),
+  user_id: string().optional(),
+  tenant_id: string().optional()
 });
 export {
   Route as R,

package/dist/{index-oIC-DH2m.js → index-r56vqjph.js}

@@ -1,5 +1,5 @@
 import { i as isValidNumber } from "./isValidNumber-6pMDGLRn.js";
-import { o as object, b as boolean, s as string } from "./schemas-7XFc7XYG.js";
+import { o as object, b as boolean, s as string } from "./schemas-KL7REOdt.js";
 const Route = "/api/rb/auth/sign-in";
 const requestSchema = object({
   email_or_phone: string().nonempty("Email or phone number is required").default("").refine(
@@ -10,10 +10,14 @@ const requestSchema = object({
     },
     "Please enter a valid email address or phone number"
   ),
+  password: string().min(1, { message: "Password is required" }),
   remember_me: boolean().default(true)
 });
 object({
-  success: boolean()
+  success: boolean(),
+  error: string().optional(),
+  user_id: string().optional(),
+  tenant_id: string().optional()
 });
 export {
   Route as R,

package/dist/index.d.ts

@@ -1,2 +1,4 @@
 export * from './components';
+export * from './middleware';
+export * from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA;AAC5B,cAAc,cAAc,CAAA;AAC5B,cAAc,SAAS,CAAA"}

package/dist/index.js

@@ -2,9 +2,10 @@ import { jsxs, jsx, Fragment } from "react/jsx-runtime";
 import { useLocation, Link } from "@rpcbase/router";
 import clsx from "clsx";
 import { useFormContext, useForm, zodResolver, FormProvider } from "@rpcbase/form";
-import { useEffect } from "react";
-import { r as requestSchema } from "./index-oIC-DH2m.js";
-import { r as requestSchema$1 } from "./index-Nc4R1TKZ.js";
+import { useEffect, useState } from "react";
+import { r as requestSchema } from "./index-r56vqjph.js";
+import { r as requestSchema$1 } from "./index-Cq04nmsE.js";
+import { b, a, r } from "./middleware-BiMXO6Dq.js";
 const LINKS_REDIRECTION_MAP = {
   "/auth/sign-in": {
     "title": "Sign Up",
@@ -113,12 +114,29 @@ const SignInForm = ({
   const methods = useForm({
     defaultValues: {
       email_or_phone: "",
+      password: "",
       remember_me: true
     },
     resolver: zodResolver(requestSchema)
   });
   const onSubmit = async (data) => {
     console.log("SUBMIT SIGNIN", data);
+    try {
+      const res = await fetch("/api/rb/auth/sign-in", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(data)
+      });
+      const json = await res.json();
+      console.log("SIGN IN RESPONSE", json);
+      if (!res.ok) {
+        console.error("Sign-in failed", json);
+      }
+    } catch (err) {
+      console.error("Sign-in request error", err);
+    }
   };
   useEffect(() => {
     console.log(methods.formState.errors);
@@ -129,21 +147,55 @@ const SignUpForm = ({
   children,
   className
 }) => {
+  const [serverMessage, setServerMessage] = useState(null);
   const methods = useForm({
     defaultValues: {
       email_or_phone: "",
       password: "",
-      password_confirmation: ""
+      password_confirmation: "",
+      remember_me: true
     },
     resolver: zodResolver(requestSchema$1)
   });
   const onSubmit = async (data) => {
+    setServerMessage(null);
+    methods.clearErrors("root");
     console.log("SUBMIT SIGNUp", data);
+    try {
+      const res = await fetch("/api/rb/auth/sign-up", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(data)
+      });
+      const json = await res.json();
+      console.log("SIGN UP RESPONSE", json);
+      if (!res.ok) {
+        console.error("Sign-up failed", json);
+        const message = json.error === "user_exists" ? "An account already exists with this email or phone." : "Sign-up failed. Please try again.";
+        methods.setError("root", { type: "server", message });
+        return;
+      }
+      if (!json.success) {
+        methods.setError("root", { type: "server", message: "Sign-up failed. Please try again." });
+        return;
+      }
+      setServerMessage("Account created. Check your inbox to verify your email.");
+      methods.reset();
+    } catch (err) {
+      console.error("Sign-up request error", err);
+      methods.setError("root", { type: "server", message: "Network error. Please try again." });
+    }
   };
   useEffect(() => {
     console.log(methods.formState.errors);
   }, [methods.formState.errors]);
-  return /* @__PURE__ */ jsx(FormProvider, { ...methods, children: /* @__PURE__ */ jsx("form", { method: "post", noValidate: true, className, onSubmit: methods.handleSubmit(onSubmit), children }) });
+  return /* @__PURE__ */ jsx(FormProvider, { ...methods, children: /* @__PURE__ */ jsxs("form", { method: "post", noValidate: true, className, onSubmit: methods.handleSubmit(onSubmit), children: [
+    children,
+    methods.formState.errors.root?.message && /* @__PURE__ */ jsx("p", { className: "mt-2 text-sm text-red-600", role: "alert", children: methods.formState.errors.root.message }),
+    serverMessage && /* @__PURE__ */ jsx("p", { className: "mt-2 text-sm text-green-700", role: "status", children: serverMessage })
+  ] }) });
 };
 const RememberMeCheckbox = ({
   label,
@@ -168,11 +220,40 @@ const RememberMeCheckbox = ({
     )
   ] });
 };
+const PasswordInput = ({
+  id,
+  name = "password",
+  className,
+  placeholder,
+  autoComplete = "current-password"
+}) => {
+  const { register, formState } = useFormContext();
+  const fieldError = formState.errors[name];
+  const errorMessage = typeof fieldError === "string" ? fieldError : typeof fieldError?.message === "string" ? fieldError.message : void 0;
+  return /* @__PURE__ */ jsxs(Fragment, { children: [
+    /* @__PURE__ */ jsx(
+      "input",
+      {
+        id,
+        type: "password",
+        autoComplete,
+        className,
+        placeholder,
+        ...register(name)
+      }
+    ),
+    errorMessage ? /* @__PURE__ */ jsx("p", { className: "mt-1 -mb-2 text-sm/6 text-red-500", children: errorMessage }) : null
+  ] });
+};
 export {
   AppleSignInButton,
   AuthLayout,
   EmailOrPhoneInput,
+  PasswordInput,
   RememberMeCheckbox,
   SignInForm,
-  SignUpForm
+  SignUpForm,
+  b as redirectAuthMiddleware,
+  a as requireSession,
+  r as restrictSessionMiddleware
 };

package/dist/middleware-BiMXO6Dq.js

@@ -0,0 +1,21 @@
+const isAuthenticated = (req) => {
+  return Boolean(req.session?.user?.id);
+};
+const restrictSessionMiddleware = (req, res, next) => {
+  if (isAuthenticated(req)) {
+    return next();
+  }
+  res.status(401).json({ error: "unauthorized" });
+};
+const requireSession = restrictSessionMiddleware;
+const redirectAuthMiddleware = (req, res, next) => {
+  if (req.path.startsWith("/app") && !isAuthenticated(req)) {
+    return res.redirect("/auth/sign-in");
+  }
+  next();
+};
+export {
+  requireSession as a,
+  redirectAuthMiddleware as b,
+  restrictSessionMiddleware as r
+};

package/dist/middleware.d.ts

@@ -0,0 +1,6 @@
+import { Middleware } from '../../api/src';
+import { AuthSessionUser } from './types';
+export declare const restrictSessionMiddleware: Middleware<AuthSessionUser>;
+export declare const requireSession: Middleware<AuthSessionUser>;
+export declare const redirectAuthMiddleware: Middleware<AuthSessionUser>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAE9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAA;AAO9C,eAAO,MAAM,yBAAyB,EAAE,UAAU,CAAC,eAAe,CAMjE,CAAA;AAED,eAAO,MAAM,cAAc,6BAA4B,CAAA;AAEvD,eAAO,MAAM,sBAAsB,EAAE,UAAU,CAAC,eAAe,CAM9D,CAAA"}

package/dist/routes.js

@@ -1,5 +1,5 @@
 const routes = Object.entries({
-  .../* @__PURE__ */ Object.assign({ "./api/sign-in/handler.ts": () => import("./handler-BD2C82Z3.js"), "./api/sign-out/handler.ts": () => import("./handler-42q87FS8.js"), "./api/sign-up/handler.ts": () => import("./handler-C7htSfmB.js") })
+  .../* @__PURE__ */ Object.assign({ "./api/me/handler.ts": () => import("./handler-Ba3pgtfZ.js"), "./api/sign-in/handler.ts": () => import("./handler-BSoyBLZM.js"), "./api/sign-out/handler.ts": () => import("./handler-CNHucHrj.js"), "./api/sign-up/handler.ts": () => import("./handler-rZR_dx7n.js") })
 }).reduce((acc, [path, mod]) => {
   acc[path.replace("./api/", "@rpcbase/auth/api/")] = mod;
   return acc;

package/dist/{schemas-7XFc7XYG.js → schemas-KL7REOdt.js}

@@ -2975,6 +2975,7 @@ function superRefine(fn) {
   return _superRefine(fn);
 }
 export {
+  array as a,
   boolean as b,
   object as o,
   string as s

package/dist/types.d.ts

@@ -0,0 +1,7 @@
+export type AuthSessionUser = {
+    id: string;
+    current_tenant_id: string;
+    signed_in_tenants: string[];
+    is_entry_gate_authorized: boolean;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,iBAAiB,EAAE,MAAM,CAAA;IACzB,iBAAiB,EAAE,MAAM,EAAE,CAAA;IAC3B,wBAAwB,EAAE,OAAO,CAAA;CAClC,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rpcbase/auth",
-  "version": "0.44.0",
+  "version": "0.45.0",
   "type": "module",
   "files": [
     "dist"

package/dist/handler-BD2C82Z3.js

@@ -1,17 +0,0 @@
-import { i as isEmail } from "./isEmail-IG0hXiQk.js";
-import { R as Route, r as requestSchema } from "./index-oIC-DH2m.js";
-const signIn = async (payload, ctx) => {
-  const { email_or_phone } = requestSchema.parse(payload);
-  if (isEmail(email_or_phone)) {
-    console.log("is valid email");
-  } else {
-    console.log("is not valid email");
-  }
-  return { success: true };
-};
-const handler = (api) => {
-  api.post(Route, signIn);
-};
-export {
-  handler as default
-};

package/dist/handler-C7htSfmB.js

@@ -1,32 +0,0 @@
-import crypto from "crypto";
-import { i as isEmail } from "./isEmail-IG0hXiQk.js";
-import { loadModel } from "@rpcbase/api";
-import { hashPassword } from "@rpcbase/server";
-import { R as Route, r as requestSchema } from "./index-Nc4R1TKZ.js";
-const signUp = async (payload, ctx) => {
-  const User = await loadModel("User", ctx);
-  const { email_or_phone, password } = requestSchema.parse(payload);
-  const is_email = isEmail(email_or_phone);
-  const query = is_email ? { email: email_or_phone } : { phone: email_or_phone };
-  const existingUser = await User.findOne(query);
-  if (existingUser) {
-    console.log("user with email or phone already exists", email_or_phone);
-    return { success: false };
-  }
-  const salt = crypto.randomBytes(16).toString("hex");
-  const derivedKey = await hashPassword(password, salt);
-  const hashedPassword = `${salt}:${derivedKey.toString("hex")}`;
-  const user = new User({
-    ...query,
-    password: hashedPassword
-  });
-  await user.save();
-  console.log("created new user", user._id.toString());
-  return { success: true };
-};
-const handler = (api) => {
-  api.post(Route, signUp);
-};
-export {
-  handler as default
-};