@sena-ai/platform-core 1.4.0

package/dist/app.d.ts

@@ -0,0 +1,9 @@
+import { Hono } from 'hono';
+import type { Platform, AppConfig } from './types/platform.js';
+import { type Provisioner } from './slack/provisioner.js';
+export interface CreateAppResult {
+    app: Hono;
+    provisioner: Provisioner;
+}
+export declare function createApp(platform: Platform, config: AppConfig): CreateAppResult;
+//# sourceMappingURL=app.d.ts.map

package/dist/app.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAE3B,OAAO,KAAK,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAI9D,OAAO,EAAqB,KAAK,WAAW,EAAE,MAAM,wBAAwB,CAAA;AAM5E,MAAM,WAAW,eAAe;IAC9B,GAAG,EAAE,IAAI,CAAA;IACT,WAAW,EAAE,WAAW,CAAA;CACzB;AAgFD,wBAAgB,SAAS,CACvB,QAAQ,EAAE,QAAQ,EAClB,MAAM,EAAE,SAAS,GAChB,eAAe,CA0HjB"}

package/dist/app.js

@@ -0,0 +1,147 @@
+import { Hono } from 'hono';
+import { logger } from 'hono/logger';
+import { createApiProxy } from './relay/api-proxy.js';
+import { createSlackEventsHandler } from './slack/events.js';
+import { createOAuthHandler } from './slack/oauth.js';
+import { createProvisioner } from './slack/provisioner.js';
+import { createAuthHandler, createAuthMiddleware } from './auth/handler.js';
+import { createWebApi } from './web/api.js';
+import { createPages } from './web/pages.js';
+import { createSetupPage } from './web/setup.js';
+/**
+ * Create the main Hono application with all routes wired up.
+ * Works in both Node.js and CF Workers environments.
+ */
+function generateInstallScript() {
+    return `#!/bin/sh
+set -e
+
+# sena-ai bot bootstrap script
+# Usage: curl -fsSL <platform-url>/install.sh | sh -s -- --name "봇이름" --bot-username "lily-bot" --connect-key "cpk_..." --platform-url "https://..."
+
+BOT_NAME=""
+BOT_USERNAME=""
+CONNECT_KEY=""
+PLATFORM_URL=""
+
+while [ \$# -gt 0 ]; do
+  case "\$1" in
+    --name) BOT_NAME="\$2"; shift 2;;
+    --bot-username) BOT_USERNAME="\$2"; shift 2;;
+    --connect-key) CONNECT_KEY="\$2"; shift 2;;
+    --platform-url) PLATFORM_URL="\$2"; shift 2;;
+    *) echo "Unknown option: \$1"; exit 1;;
+  esac
+done
+
+if [ -z "\$BOT_NAME" ] || [ -z "\$BOT_USERNAME" ] || [ -z "\$CONNECT_KEY" ] || [ -z "\$PLATFORM_URL" ]; then
+  echo "Error: --name, --bot-username, --connect-key, --platform-url are all required."
+  exit 1
+fi
+
+DIR_NAME="\$BOT_USERNAME"
+
+echo "🤖 Setting up bot: \$BOT_NAME"
+echo "   Directory: ./\$DIR_NAME"
+echo ""
+
+# Download template from GitHub
+echo "📦 Downloading bot template..."
+TMPDIR_DL=\$(mktemp -d)
+curl -fsSL https://github.com/unlimiting-studio/sena-ai/archive/refs/heads/main.tar.gz -o "\$TMPDIR_DL/repo.tar.gz"
+tar xzf "\$TMPDIR_DL/repo.tar.gz" -C "\$TMPDIR_DL"
+
+# Copy template directory
+cp -r "\$TMPDIR_DL/sena-ai-main/templates/bot-starter" "\$DIR_NAME"
+rm -rf "\$TMPDIR_DL"
+
+cd "\$DIR_NAME"
+
+# Escape special characters for sed replacement
+escape_sed() {
+  printf '%s' "\$1" | sed 's/[&/\\]/\\&/g'
+}
+
+# Customize package.json name
+ESCAPED_DIR=\$(escape_sed "\$DIR_NAME")
+sed -i.bak "s/\\"sena-bot\\"/\\"\$ESCAPED_DIR\\"/" package.json && rm -f package.json.bak
+
+# Replace bot name placeholder in sena.config.ts
+ESCAPED_NAME=\$(escape_sed "\$BOT_NAME")
+sed -i.bak "s/%%BOT_NAME%%/\$ESCAPED_NAME/" sena.config.ts && rm -f sena.config.ts.bak
+
+# Create .env from template
+ESCAPED_KEY=\$(escape_sed "\$CONNECT_KEY")
+sed -e "s/%%CONNECT_KEY%%/\$ESCAPED_KEY/" -e "s|%%PLATFORM_URL%%|\$PLATFORM_URL|" .env.template > .env
+rm -f .env.template
+
+echo ""
+echo "✅ Bot scaffolding complete!"
+echo ""
+echo "Next steps:"
+echo "  cd \$DIR_NAME"
+echo "  pnpm install"
+echo "  npx sena start"
+echo ""
+`;
+}
+export function createApp(platform, config) {
+    const app = new Hono();
+    app.use('*', logger());
+    const provisioner = createProvisioner(platform.bots, platform.configTokens, platform.vault, config.platformBaseUrl);
+    const authMiddleware = createAuthMiddleware(platform.workspaceAdminConfig, platform.vault);
+    // Serve bootstrap script at /install.sh
+    app.get('/install.sh', (c) => {
+        c.header('Content-Type', 'text/plain; charset=utf-8');
+        return c.body(generateInstallScript());
+    });
+    // Health check
+    app.get('/health', (c) => c.json({
+        ok: true,
+        connectedBots: platform.relay.connectedBots().length,
+        ts: new Date().toISOString(),
+    }));
+    // SSE/WebSocket relay stream endpoint
+    app.get('/relay/stream', async (c) => {
+        const connectKey = c.req.header('x-connect-key') || c.req.query('connect_key');
+        if (!connectKey) {
+            return c.json({ error: 'missing connect_key' }, 401);
+        }
+        const bot = await platform.bots.findByConnectKeyAndStatus(connectKey, 'active');
+        if (!bot) {
+            return c.json({ error: 'invalid connect_key or bot not active' }, 401);
+        }
+        return platform.relay.handleStream(c, bot.id, connectKey);
+    });
+    // Slack API proxy
+    app.route('/', createApiProxy(platform.bots, platform.vault));
+    // Slack events
+    app.route('/', createSlackEventsHandler(platform.bots, platform.vault, platform.relay, platform.crypto));
+    // Bot installation OAuth
+    app.route('/', createOAuthHandler(platform.bots, platform.vault, platform.crypto, platform.oauthStates));
+    // Slack login setup + auth
+    app.route('/', createSetupPage(platform.workspaceAdminConfig, platform.vault));
+    app.route('/', createAuthHandler(platform.workspaceAdminConfig, platform.oauthStates, platform.crypto, platform.vault, { platformBaseUrl: config.platformBaseUrl }));
+    // Protect all subsequent web/API/admin routes.
+    app.use('/', authMiddleware.requireAuth);
+    app.use('/bots/*', authMiddleware.requireAuth);
+    app.use('/api/*', authMiddleware.requireAuth);
+    app.use('/admin/*', authMiddleware.requireAuth);
+    // Web API
+    app.route('/', createWebApi(platform.bots, provisioner, platform.crypto, config.workspaceId));
+    // Web UI pages
+    app.route('/', createPages(platform.bots, config.platformBaseUrl));
+    // Admin endpoints
+    app.get('/admin/bots', async (c) => {
+        const allBots = await platform.bots.findAllSummary();
+        return c.json({ bots: allBots });
+    });
+    app.get('/admin/connections', (c) => {
+        return c.json({
+            connected: platform.relay.connectedBots(),
+            count: platform.relay.connectedBots().length,
+        });
+    });
+    return { app, provisioner };
+}
+//# sourceMappingURL=app.js.map

package/dist/app.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../src/app.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAEpC,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AACrD,OAAO,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAA;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAA;AACrD,OAAO,EAAE,iBAAiB,EAAoB,MAAM,wBAAwB,CAAA;AAC5E,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,mBAAmB,CAAA;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAA;AAOhD;;;GAGG;AACH,SAAS,qBAAqB;IAC5B,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAsER,CAAA;AACD,CAAC;AAED,MAAM,UAAU,SAAS,CACvB,QAAkB,EAClB,MAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IACtB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,CAAA;IAEtB,MAAM,WAAW,GAAG,iBAAiB,CACnC,QAAQ,CAAC,IAAI,EACb,QAAQ,CAAC,YAAY,EACrB,QAAQ,CAAC,KAAK,EACd,MAAM,CAAC,eAAe,CACvB,CAAA;IAED,MAAM,cAAc,GAAG,oBAAoB,CACzC,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,KAAK,CACf,CAAA;IAED,wCAAwC;IACxC,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE;QAC3B,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,2BAA2B,CAAC,CAAA;QACrD,OAAO,CAAC,CAAC,IAAI,CAAC,qBAAqB,EAAE,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,eAAe;IACf,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CACvB,CAAC,CAAC,IAAI,CAAC;QACL,EAAE,EAAE,IAAI;QACR,aAAa,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC,MAAM;QACpD,EAAE,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KAC7B,CAAC,CACH,CAAA;IAED,sCAAsC;IACtC,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,UAAU,GACd,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;QAC7D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,EAAE,GAAG,CAAC,CAAA;QACtD,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,yBAAyB,CACvD,UAAU,EACV,QAAQ,CACT,CAAA;QACD,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,EAAE,GAAG,CAAC,CAAA;QACxE,CAAC;QAED,OAAO,QAAQ,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;IAEF,kBAAkB;IAClB,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;IAE7D,eAAe;IACf,GAAG,CAAC,KAAK,CACP,GAAG,EACH,wBAAwB,CACtB,QAAQ,CAAC,IAAI,EACb,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,MAAM,CAChB,CACF,CAAA;IAED,yBAAyB;IACzB,GAAG,CAAC,KAAK,CACP,GAAG,EACH,kBAAkB,CAChB,QAAQ,CAAC,IAAI,EACb,QAAQ,CAAC,KAAK,EACd,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,WAAW,CACrB,CACF,CAAA;IAED,2BAA2B;IAC3B,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,eAAe,CAAC,QAAQ,CAAC,oBAAoB,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;IAC9E,GAAG,CAAC,KAAK,CACP,GAAG,EACH,iBAAiB,CACf,QAAQ,CAAC,oBAAoB,EAC7B,QAAQ,CAAC,WAAW,EACpB,QAAQ,CAAC,MAAM,EACf,QAAQ,CAAC,KAAK,EACd,EAAE,eAAe,EAAE,MAAM,CAAC,eAAe,EAAE,CAC5C,CACF,CAAA;IAED,+CAA+C;IAC/C,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,cAAc,CAAC,WAAW,CAAC,CAAA;IACxC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,CAAC,WAAW,CAAC,CAAA;IAC9C,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,CAAC,WAAW,CAAC,CAAA;IAC7C,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,cAAc,CAAC,WAAW,CAAC,CAAA;IAE/C,UAAU;IACV,GAAG,CAAC,KAAK,CACP,GAAG,EACH,YAAY,CACV,QAAQ,CAAC,IAAI,EACb,WAAW,EACX,QAAQ,CAAC,MAAM,EACf,MAAM,CAAC,WAAW,CACnB,CACF,CAAA;IAED,eAAe;IACf,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC,CAAA;IAElE,kBAAkB;IAClB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,cAAc,EAAE,CAAA;QACpD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,CAAC,EAAE,EAAE;QAClC,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,SAAS,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,EAAE;YACzC,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC,MAAM;SAC7C,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,EAAE,GAAG,EAAE,WAAW,EAAE,CAAA;AAC7B,CAAC"}

package/dist/auth/handler.d.ts

@@ -0,0 +1,19 @@
+import { Hono } from 'hono';
+import type { Context, Next } from 'hono';
+import type { OAuthStateRepository, WorkspaceAdminConfigRepository } from '../types/repository.js';
+import type { CryptoProvider } from '../types/crypto.js';
+import type { Vault } from '../types/vault.js';
+import { type AuthSession, type AuthSessionUser } from './session.js';
+export interface AuthEnv {
+    Variables: {
+        user: AuthSessionUser;
+        session: AuthSession;
+    };
+}
+export declare function createAuthHandler(workspaceAdminConfig: WorkspaceAdminConfigRepository, oauthStates: OAuthStateRepository, crypto: CryptoProvider, vault: Vault, config: {
+    platformBaseUrl: string;
+}): Hono<AuthEnv, import("hono/types").BlankSchema, "/">;
+export declare function createAuthMiddleware(workspaceAdminConfig: WorkspaceAdminConfigRepository, vault: Vault): {
+    requireAuth: (c: Context, next: Next) => Promise<Response | undefined>;
+};
+//# sourceMappingURL=handler.d.ts.map

package/dist/auth/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../../src/auth/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAGzC,OAAO,KAAK,EAAE,oBAAoB,EAAE,8BAA8B,EAAE,MAAM,wBAAwB,CAAA;AAClG,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACxD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC9C,OAAO,EAIL,KAAK,WAAW,EAChB,KAAK,eAAe,EACrB,MAAM,cAAc,CAAA;AAqBrB,MAAM,WAAW,OAAO;IACtB,SAAS,EAAE;QACT,IAAI,EAAE,eAAe,CAAA;QACrB,OAAO,EAAE,WAAW,CAAA;KACrB,CAAA;CACF;AAED,wBAAgB,iBAAiB,CAC/B,oBAAoB,EAAE,8BAA8B,EACpD,WAAW,EAAE,oBAAoB,EACjC,MAAM,EAAE,cAAc,EACtB,KAAK,EAAE,KAAK,EACZ,MAAM,EAAE;IACN,eAAe,EAAE,MAAM,CAAA;CACxB,wDA+JF;AAED,wBAAgB,oBAAoB,CAClC,oBAAoB,EAAE,8BAA8B,EACpD,KAAK,EAAE,KAAK;qBAEkB,OAAO,QAAQ,IAAI;EAgClD"}

package/dist/auth/handler.js

@@ -0,0 +1,213 @@
+import { Hono } from 'hono';
+import { deleteCookie, getCookie, setCookie } from 'hono/cookie';
+import { AUTH_SESSION_MAX_AGE_SECONDS, createSessionCookieValue, parseSessionCookieValue, } from './session.js';
+const DEFAULT_WORKSPACE_ADMIN_CONFIG_ID = 'default';
+const LOGIN_STATE_PREFIX = 'login:';
+export function createAuthHandler(workspaceAdminConfig, oauthStates, crypto, vault, config) {
+    const app = new Hono();
+    app.get('/auth/login', async (c) => {
+        const creds = await getSlackLoginCredentials(workspaceAdminConfig, vault);
+        if (!creds) {
+            return c.redirect('/setup');
+        }
+        const state = await crypto.randomHex(16);
+        const nonce = await crypto.randomHex(8);
+        await oauthStates.deleteExpired();
+        await oauthStates.create({
+            state,
+            botId: `${LOGIN_STATE_PREFIX}${nonce}`,
+            expiresAt: new Date(Date.now() + 10 * 60 * 1000),
+        });
+        const params = new URLSearchParams({
+            response_type: 'code',
+            client_id: creds.clientId,
+            scope: 'openid profile email',
+            redirect_uri: `${config.platformBaseUrl}/auth/callback`,
+            state,
+            nonce,
+        });
+        return c.redirect(`https://slack.com/openid/connect/authorize?${params.toString()}`);
+    });
+    app.get('/auth/callback', async (c) => {
+        const error = c.req.query('error');
+        if (error) {
+            return renderErrorPage(c, 'Slack 로그인 오류', error, 400);
+        }
+        const code = c.req.query('code');
+        const state = c.req.query('state');
+        if (!code || !state) {
+            return renderErrorPage(c, '잘못된 요청', 'code/state가 누락됐어요.', 400);
+        }
+        await oauthStates.deleteExpired();
+        const storedState = await oauthStates.consume(state);
+        if (!storedState || !storedState.botId.startsWith(LOGIN_STATE_PREFIX)) {
+            return renderErrorPage(c, '잘못된 상태', '로그인 상태가 만료됐거나 유효하지 않아요.', 400);
+        }
+        const creds = await getSlackLoginCredentials(workspaceAdminConfig, vault);
+        if (!creds) {
+            return c.redirect('/setup');
+        }
+        const redirectUri = `${config.platformBaseUrl}/auth/callback`;
+        const tokenRes = await fetch('https://slack.com/api/openid.connect.token', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+            body: new URLSearchParams({
+                client_id: creds.clientId,
+                client_secret: creds.clientSecret,
+                code,
+                redirect_uri: redirectUri,
+                grant_type: 'authorization_code',
+            }),
+        });
+        const tokenData = (await tokenRes.json());
+        if (!tokenData.ok || !tokenData.access_token) {
+            return renderErrorPage(c, 'Slack 토큰 교환 실패', tokenData.error ?? 'unknown_error', 400);
+        }
+        const userInfoRes = await fetch('https://slack.com/api/openid.connect.userInfo', {
+            headers: { Authorization: `Bearer ${tokenData.access_token}` },
+        });
+        const userInfo = (await userInfoRes.json());
+        if (!userInfo.ok || !userInfo.sub) {
+            return renderErrorPage(c, 'Slack 사용자 정보 조회 실패', userInfo.error ?? 'unknown_error', 400);
+        }
+        const slackTeamId = userInfo['https://slack.com/team_id'] ?? '';
+        if (!slackTeamId) {
+            return renderErrorPage(c, 'Slack 팀 정보 누락', 'team_id를 확인할 수 없어요.', 400);
+        }
+        const configs = await listConfiguredSlackLoginConfigs(workspaceAdminConfig);
+        const configuredTeamIds = getConfiguredTeamIds(configs);
+        if (configuredTeamIds.length > 0 &&
+            !configuredTeamIds.includes(slackTeamId)) {
+            return renderErrorPage(c, '허용되지 않은 워크스페이스', `${slackTeamId} 워크스페이스는 이 플랫폼에 접근할 수 없어요.`, 403);
+        }
+        const defaultConfig = configs.find((cfg) => cfg.workspaceId === DEFAULT_WORKSPACE_ADMIN_CONFIG_ID);
+        const teamConfig = configs.find((cfg) => cfg.workspaceId === slackTeamId);
+        if (!teamConfig && defaultConfig) {
+            await workspaceAdminConfig.upsert({
+                workspaceId: slackTeamId,
+                slackClientId: defaultConfig.slackClientId,
+                slackClientSecretEnc: defaultConfig.slackClientSecretEnc,
+                dCookieEnc: defaultConfig.dCookieEnc,
+                xoxcTokenEnc: defaultConfig.xoxcTokenEnc,
+                workspaceDomain: defaultConfig.workspaceDomain,
+                updatedByUserId: defaultConfig.updatedByUserId,
+            });
+        }
+        const user = {
+            slackUserId: userInfo.sub,
+            slackTeamId,
+            name: userInfo.name ?? 'Slack User',
+            email: userInfo.email ?? null,
+            avatarUrl: userInfo.picture ?? null,
+        };
+        const expiresAt = new Date(Date.now() + AUTH_SESSION_MAX_AGE_SECONDS * 1000);
+        const sessionCookie = await createSessionCookieValue(vault, user, expiresAt);
+        setCookie(c, 'sena_session', sessionCookie, {
+            httpOnly: true,
+            secure: true,
+            sameSite: 'Lax',
+            path: '/',
+            maxAge: AUTH_SESSION_MAX_AGE_SECONDS,
+        });
+        return c.redirect('/');
+    });
+    app.post('/auth/logout', (c) => {
+        deleteCookie(c, 'sena_session', { path: '/' });
+        return c.redirect('/auth/login');
+    });
+    return app;
+}
+export function createAuthMiddleware(workspaceAdminConfig, vault) {
+    const requireAuth = async (c, next) => {
+        const configs = await listConfiguredSlackLoginConfigs(workspaceAdminConfig);
+        if (configs.length === 0) {
+            return unauthenticated(c, '/setup', 'slack_login_not_configured', 503);
+        }
+        const rawSession = getCookie(c, 'sena_session');
+        if (!rawSession) {
+            return unauthenticated(c, '/auth/login', 'unauthorized', 401);
+        }
+        const session = await parseSessionCookieValue(vault, rawSession);
+        if (!session) {
+            deleteCookie(c, 'sena_session', { path: '/' });
+            return unauthenticated(c, '/auth/login', 'unauthorized', 401);
+        }
+        const configuredTeamIds = getConfiguredTeamIds(configs);
+        if (configuredTeamIds.length > 0 &&
+            !configuredTeamIds.includes(session.user.slackTeamId)) {
+            deleteCookie(c, 'sena_session', { path: '/' });
+            return unauthenticated(c, '/auth/login', 'workspace_forbidden', 403);
+        }
+        c.set('user', session.user);
+        c.set('session', session);
+        await next();
+    };
+    return { requireAuth };
+}
+async function getSlackLoginCredentials(workspaceAdminConfig, vault) {
+    const configs = await listConfiguredSlackLoginConfigs(workspaceAdminConfig);
+    const preferredConfig = configs.find((cfg) => cfg.workspaceId !== DEFAULT_WORKSPACE_ADMIN_CONFIG_ID) ??
+        configs[0];
+    if (!preferredConfig?.slackClientId || !preferredConfig.slackClientSecretEnc) {
+        return null;
+    }
+    return {
+        clientId: preferredConfig.slackClientId,
+        clientSecret: await vault.decrypt(preferredConfig.slackClientSecretEnc),
+    };
+}
+async function listConfiguredSlackLoginConfigs(workspaceAdminConfig) {
+    const configs = await workspaceAdminConfig.findAll();
+    return configs.filter((config) => typeof config.slackClientId === 'string' &&
+        config.slackClientId.trim().length > 0 &&
+        typeof config.slackClientSecretEnc === 'string' &&
+        config.slackClientSecretEnc.length > 0);
+}
+function getConfiguredTeamIds(configs) {
+    return configs
+        .map((config) => config.workspaceId)
+        .filter((workspaceId) => workspaceId !== DEFAULT_WORKSPACE_ADMIN_CONFIG_ID);
+}
+function unauthenticated(c, redirectPath, error, status) {
+    if (c.req.path.startsWith('/api/')) {
+        return c.json({ error, redirectTo: redirectPath }, { status });
+    }
+    return c.redirect(redirectPath);
+}
+function renderErrorPage(c, title, message, status) {
+    return c.html(`<!DOCTYPE html>
+<html lang="ko">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>${escapeHtml(title)} - Sena Platform</title>
+  <script src="https://cdn.tailwindcss.com"></script>
+</head>
+<body class="bg-gray-50 min-h-screen flex items-center justify-center px-4">
+  <main class="w-full max-w-md bg-white rounded-xl shadow-sm border border-gray-200 p-8 text-center">
+    <h1 class="text-xl font-bold text-gray-900 mb-2">${escapeHtml(title)}</h1>
+    <p class="text-sm text-gray-600 mb-6">${escapeHtml(message)}</p>
+    <a href="/auth/login" class="inline-flex items-center px-4 py-2 bg-indigo-600 text-white font-medium rounded-lg hover:bg-indigo-700 transition-colors">다시 로그인</a>
+  </main>
+</body>
+</html>`, { status });
+}
+function escapeHtml(value) {
+    return value.replace(/[&<>"']/g, (char) => {
+        switch (char) {
+            case '&':
+                return '&amp;';
+            case '<':
+                return '&lt;';
+            case '>':
+                return '&gt;';
+            case '"':
+                return '&quot;';
+            case "'":
+                return '&#39;';
+            default:
+                return char;
+        }
+    });
+}
+//# sourceMappingURL=handler.js.map

package/dist/auth/handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.js","sourceRoot":"","sources":["../../src/auth/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AAIhE,OAAO,EACL,4BAA4B,EAC5B,wBAAwB,EACxB,uBAAuB,GAGxB,MAAM,cAAc,CAAA;AAErB,MAAM,iCAAiC,GAAG,SAAS,CAAA;AACnD,MAAM,kBAAkB,GAAG,QAAQ,CAAA;AAyBnC,MAAM,UAAU,iBAAiB,CAC/B,oBAAoD,EACpD,WAAiC,EACjC,MAAsB,EACtB,KAAY,EACZ,MAEC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAW,CAAA;IAE/B,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,MAAM,wBAAwB,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;QACzE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC7B,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;QACxC,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;QAEvC,MAAM,WAAW,CAAC,aAAa,EAAE,CAAA;QACjC,MAAM,WAAW,CAAC,MAAM,CAAC;YACvB,KAAK;YACL,KAAK,EAAE,GAAG,kBAAkB,GAAG,KAAK,EAAE;YACtC,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;SACjD,CAAC,CAAA;QAEF,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,aAAa,EAAE,MAAM;YACrB,SAAS,EAAE,KAAK,CAAC,QAAQ;YACzB,KAAK,EAAE,sBAAsB;YAC7B,YAAY,EAAE,GAAG,MAAM,CAAC,eAAe,gBAAgB;YACvD,KAAK;YACL,KAAK;SACN,CAAC,CAAA;QAEF,OAAO,CAAC,CAAC,QAAQ,CAAC,8CAA8C,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;IACtF,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACpC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,eAAe,CAAC,CAAC,EAAE,cAAc,EAAE,KAAK,EAAE,GAAG,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QAChC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAClC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO,eAAe,CAAC,CAAC,EAAE,QAAQ,EAAE,oBAAoB,EAAE,GAAG,CAAC,CAAA;QAChE,CAAC;QAED,MAAM,WAAW,CAAC,aAAa,EAAE,CAAA;QACjC,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QACpD,IAAI,CAAC,WAAW,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACtE,OAAO,eAAe,CAAC,CAAC,EAAE,QAAQ,EAAE,yBAAyB,EAAE,GAAG,CAAC,CAAA;QACrE,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,wBAAwB,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAA;QACzE,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC7B,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,MAAM,CAAC,eAAe,gBAAgB,CAAA;QAC7D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,4CAA4C,EAAE;YACzE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,KAAK,CAAC,QAAQ;gBACzB,aAAa,EAAE,KAAK,CAAC,YAAY;gBACjC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,UAAU,EAAE,oBAAoB;aACjC,CAAC;SACH,CAAC,CAAA;QACF,MAAM,SAAS,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAuB,CAAA;QAE/D,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,CAAC;YAC7C,OAAO,eAAe,CACpB,CAAC,EACD,gBAAgB,EAChB,SAAS,CAAC,KAAK,IAAI,eAAe,EAClC,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,KAAK,CAC7B,+CAA+C,EAC/C;YACE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,SAAS,CAAC,YAAY,EAAE,EAAE;SAC/D,CACF,CAAA;QACD,MAAM,QAAQ,GAAG,CAAC,MAAM,WAAW,CAAC,IAAI,EAAE,CAA0B,CAAA;QAEpE,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,CAAC;YAClC,OAAO,eAAe,CACpB,CAAC,EACD,oBAAoB,EACpB,QAAQ,CAAC,KAAK,IAAI,eAAe,EACjC,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ,CAAC,2BAA2B,CAAC,IAAI,EAAE,CAAA;QAC/D,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,eAAe,CAAC,CAAC,EAAE,eAAe,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,+BAA+B,CAAC,oBAAoB,CAAC,CAAA;QAC3E,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QACvD,IACE,iBAAiB,CAAC,MAAM,GAAG,CAAC;YAC5B,CAAC,iBAAiB,CAAC,QAAQ,CAAC,WAAW,CAAC,EACxC,CAAC;YACD,OAAO,eAAe,CACpB,CAAC,EACD,gBAAgB,EAChB,GAAG,WAAW,4BAA4B,EAC1C,GAAG,CACJ,CAAA;QACH,CAAC;QAED,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,CAChC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,KAAK,iCAAiC,CAC/D,CAAA;QACD,MAAM,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,KAAK,WAAW,CAAC,CAAA;QACzE,IAAI,CAAC,UAAU,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,oBAAoB,CAAC,MAAM,CAAC;gBAChC,WAAW,EAAE,WAAW;gBACxB,aAAa,EAAE,aAAa,CAAC,aAAa;gBAC1C,oBAAoB,EAAE,aAAa,CAAC,oBAAoB;gBACxD,UAAU,EAAE,aAAa,CAAC,UAAU;gBACpC,YAAY,EAAE,aAAa,CAAC,YAAY;gBACxC,eAAe,EAAE,aAAa,CAAC,eAAe;gBAC9C,eAAe,EAAE,aAAa,CAAC,eAAe;aAC/C,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,IAAI,GAAoB;YAC5B,WAAW,EAAE,QAAQ,CAAC,GAAG;YACzB,WAAW;YACX,IAAI,EAAE,QAAQ,CAAC,IAAI,IAAI,YAAY;YACnC,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,IAAI;YAC7B,SAAS,EAAE,QAAQ,CAAC,OAAO,IAAI,IAAI;SACpC,CAAA;QACD,MAAM,SAAS,GAAG,IAAI,IAAI,CACxB,IAAI,CAAC,GAAG,EAAE,GAAG,4BAA4B,GAAG,IAAI,CACjD,CAAA;QACD,MAAM,aAAa,GAAG,MAAM,wBAAwB,CAAC,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,CAAA;QAE5E,SAAS,CAAC,CAAC,EAAE,cAAc,EAAE,aAAa,EAAE;YAC1C,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,IAAI;YACZ,QAAQ,EAAE,KAAK;YACf,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,4BAA4B;SACrC,CAAC,CAAA;QAEF,OAAO,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAA;IACxB,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7B,YAAY,CAAC,CAAC,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;QAC9C,OAAO,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAA;IAClC,CAAC,CAAC,CAAA;IAEF,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,oBAAoD,EACpD,KAAY;IAEZ,MAAM,WAAW,GAAG,KAAK,EAAE,CAAU,EAAE,IAAU,EAAE,EAAE;QACnD,MAAM,OAAO,GAAG,MAAM,+BAA+B,CAAC,oBAAoB,CAAC,CAAA;QAC3E,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,eAAe,CAAC,CAAC,EAAE,QAAQ,EAAE,4BAA4B,EAAE,GAAG,CAAC,CAAA;QACxE,CAAC;QAED,MAAM,UAAU,GAAG,SAAS,CAAC,CAAC,EAAE,cAAc,CAAC,CAAA;QAC/C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,OAAO,eAAe,CAAC,CAAC,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,CAAC,CAAA;QAC/D,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,uBAAuB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;QAChE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,YAAY,CAAC,CAAC,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC9C,OAAO,eAAe,CAAC,CAAC,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,CAAC,CAAA;QAC/D,CAAC;QAED,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAA;QACvD,IACE,iBAAiB,CAAC,MAAM,GAAG,CAAC;YAC5B,CAAC,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,EACrD,CAAC;YACD,YAAY,CAAC,CAAC,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAA;YAC9C,OAAO,eAAe,CAAC,CAAC,EAAE,aAAa,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAA;QACtE,CAAC;QAED,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,CAAA;QAC3B,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACzB,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;IAED,OAAO,EAAE,WAAW,EAAE,CAAA;AACxB,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,oBAAoD,EACpD,KAAY;IAEZ,MAAM,OAAO,GAAG,MAAM,+BAA+B,CAAC,oBAAoB,CAAC,CAAA;IAC3E,MAAM,eAAe,GACnB,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,KAAK,iCAAiC,CAAC;QAC5E,OAAO,CAAC,CAAC,CAAC,CAAA;IAEZ,IAAI,CAAC,eAAe,EAAE,aAAa,IAAI,CAAC,eAAe,CAAC,oBAAoB,EAAE,CAAC;QAC7E,OAAO,IAAI,CAAA;IACb,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAe,CAAC,aAAa;QACvC,YAAY,EAAE,MAAM,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,oBAAoB,CAAC;KACxE,CAAA;AACH,CAAC;AAED,KAAK,UAAU,+BAA+B,CAC5C,oBAAoD;IAEpD,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,OAAO,EAAE,CAAA;IACpD,OAAO,OAAO,CAAC,MAAM,CACnB,CAAC,MAAM,EAAE,EAAE,CACT,OAAO,MAAM,CAAC,aAAa,KAAK,QAAQ;QACxC,MAAM,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QACtC,OAAO,MAAM,CAAC,oBAAoB,KAAK,QAAQ;QAC/C,MAAM,CAAC,oBAAoB,CAAC,MAAM,GAAG,CAAC,CACzC,CAAA;AACH,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAuC;IACnE,OAAO,OAAO;SACX,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC;SACnC,MAAM,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,WAAW,KAAK,iCAAiC,CAAC,CAAA;AAC/E,CAAC;AAED,SAAS,eAAe,CACtB,CAAU,EACV,YAAoB,EACpB,KAAa,EACb,MAA4B;IAE5B,IAAI,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,EAAE,YAAY,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,CAAA;IAChE,CAAC;IAED,OAAO,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAA;AACjC,CAAC;AAED,SAAS,eAAe,CACtB,CAAU,EACV,KAAa,EACb,OAAe,EACf,MAA4B;IAE5B,OAAO,CAAC,CAAC,IAAI,CACX;;;;;WAKO,UAAU,CAAC,KAAK,CAAC;;;;;uDAK2B,UAAU,CAAC,KAAK,CAAC;4CAC5B,UAAU,CAAC,OAAO,CAAC;;;;QAIvD,EACJ,EAAE,MAAM,EAAE,CACX,CAAA;AACH,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,OAAO,KAAK,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,EAAE;QACxC,QAAQ,IAAI,EAAE,CAAC;YACb,KAAK,GAAG;gBACN,OAAO,OAAO,CAAA;YAChB,KAAK,GAAG;gBACN,OAAO,MAAM,CAAA;YACf,KAAK,GAAG;gBACN,OAAO,MAAM,CAAA;YACf,KAAK,GAAG;gBACN,OAAO,QAAQ,CAAA;YACjB,KAAK,GAAG;gBACN,OAAO,OAAO,CAAA;YAChB;gBACE,OAAO,IAAI,CAAA;QACf,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/auth/session.d.ts

@@ -0,0 +1,16 @@
+import type { Vault } from '../types/vault.js';
+export interface AuthSessionUser {
+    slackUserId: string;
+    slackTeamId: string;
+    name: string;
+    email: string | null;
+    avatarUrl: string | null;
+}
+export interface AuthSession {
+    user: AuthSessionUser;
+    expiresAt: string;
+}
+export declare const AUTH_SESSION_MAX_AGE_SECONDS: number;
+export declare function createSessionCookieValue(vault: Vault, user: AuthSessionUser, expiresAt: Date): Promise<string>;
+export declare function parseSessionCookieValue(vault: Vault, rawCookieValue: string): Promise<AuthSession | null>;
+//# sourceMappingURL=session.d.ts.map

package/dist/auth/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/auth/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAE9C,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,MAAM,CAAA;IACnB,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CACzB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,eAAe,CAAA;IACrB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,4BAA4B,QAAoB,CAAA;AAE7D,wBAAsB,wBAAwB,CAC5C,KAAK,EAAE,KAAK,EACZ,IAAI,EAAE,eAAe,EACrB,SAAS,EAAE,IAAI,GACd,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,wBAAsB,uBAAuB,CAC3C,KAAK,EAAE,KAAK,EACZ,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAqB7B"}

package/dist/auth/session.js

@@ -0,0 +1,54 @@
+export const AUTH_SESSION_MAX_AGE_SECONDS = 30 * 24 * 60 * 60;
+export async function createSessionCookieValue(vault, user, expiresAt) {
+    const encrypted = await vault.encrypt(JSON.stringify({
+        user,
+        expiresAt: expiresAt.toISOString(),
+    }));
+    return toBase64Url(encrypted);
+}
+export async function parseSessionCookieValue(vault, rawCookieValue) {
+    try {
+        const decrypted = await vault.decrypt(fromBase64Url(rawCookieValue));
+        const parsed = JSON.parse(decrypted);
+        if (!isAuthSession(parsed)) {
+            return null;
+        }
+        const expiresAt = new Date(parsed.expiresAt);
+        if (Number.isNaN(expiresAt.getTime()) || expiresAt <= new Date()) {
+            return null;
+        }
+        return {
+            user: parsed.user,
+            expiresAt: expiresAt.toISOString(),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+function isRecord(value) {
+    return typeof value === 'object' && value !== null;
+}
+function isAuthSessionUser(value) {
+    if (!isRecord(value))
+        return false;
+    return (typeof value.slackUserId === 'string' &&
+        typeof value.slackTeamId === 'string' &&
+        typeof value.name === 'string' &&
+        (value.email === null || typeof value.email === 'string') &&
+        (value.avatarUrl === null || typeof value.avatarUrl === 'string'));
+}
+function isAuthSession(value) {
+    if (!isRecord(value))
+        return false;
+    return typeof value.expiresAt === 'string' && isAuthSessionUser(value.user);
+}
+function toBase64Url(base64) {
+    return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/u, '');
+}
+function fromBase64Url(base64Url) {
+    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+    const paddingLength = (4 - (base64.length % 4 || 4)) % 4;
+    return base64 + '='.repeat(paddingLength);
+}
+//# sourceMappingURL=session.js.map

package/dist/auth/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/auth/session.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,MAAM,4BAA4B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AAE7D,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,KAAY,EACZ,IAAqB,EACrB,SAAe;IAEf,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,OAAO,CACnC,IAAI,CAAC,SAAS,CAAC;QACb,IAAI;QACJ,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;KACb,CAAC,CACzB,CAAA;IAED,OAAO,WAAW,CAAC,SAAS,CAAC,CAAA;AAC/B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,KAAY,EACZ,cAAsB;IAEtB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAA;QACpE,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAA;QAE7C,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC5C,IAAI,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC,IAAI,SAAS,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;YACjE,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO;YACL,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,SAAS,CAAC,WAAW,EAAE;SACnC,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAA;AACpD,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAElC,OAAO,CACL,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ;QACrC,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ;QACrC,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ;QAC9B,CAAC,KAAK,CAAC,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC;QACzD,CAAC,KAAK,CAAC,SAAS,KAAK,IAAI,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAClE,CAAA;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAElC,OAAO,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,iBAAiB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;AAC7E,CAAC;AAED,SAAS,WAAW,CAAC,MAAc;IACjC,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAA;AAC3E,CAAC;AAED,SAAS,aAAa,CAAC,SAAiB;IACtC,MAAM,MAAM,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAA;IAC9D,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;IACxD,OAAO,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,aAAa,CAAC,CAAA;AAC3C,CAAC"}

package/dist/db/d1/index.d.ts

@@ -0,0 +1,14 @@
+import { type DrizzleD1Database } from 'drizzle-orm/d1';
+import type { BotRepository, ConfigTokenRepository, OAuthStateRepository, WorkspaceAdminConfigRepository } from '../../types/repository.js';
+import * as schema from './schema.js';
+export type D1Db = DrizzleD1Database<typeof schema>;
+export declare function initD1(d1: D1Database): D1Db;
+export interface D1Repositories {
+    bots: BotRepository;
+    configTokens: ConfigTokenRepository;
+    oauthStates: OAuthStateRepository;
+    workspaceAdminConfig: WorkspaceAdminConfigRepository;
+}
+export declare function createD1Repositories(db: D1Db): D1Repositories;
+export { bots, configTokens, oauthStates, workspaceAdminConfig } from './schema.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/db/d1/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/db/d1/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAEhE,OAAO,KAAK,EAIV,aAAa,EACb,qBAAqB,EACrB,oBAAoB,EACpB,8BAA8B,EAC/B,MAAM,2BAA2B,CAAA;AAClC,OAAO,KAAK,MAAM,MAAM,aAAa,CAAA;AAErC,MAAM,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,MAAM,CAAC,CAAA;AAEnD,wBAAgB,MAAM,CAAC,EAAE,EAAE,UAAU,GAAG,IAAI,CAE3C;AAqCD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,aAAa,CAAA;IACnB,YAAY,EAAE,qBAAqB,CAAA;IACnC,WAAW,EAAE,oBAAoB,CAAA;IACjC,oBAAoB,EAAE,8BAA8B,CAAA;CACrD;AAED,wBAAgB,oBAAoB,CAAC,EAAE,EAAE,IAAI,GAAG,cAAc,CAO7D;AA2OD,OAAO,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,aAAa,CAAA"}