@spfn/auth 0.1.0-alpha.0 → 0.1.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +70 -12
  3. package/dist/api-BcQM4WKb.d.ts +45 -0
  4. package/dist/client.d.ts +2 -0
  5. package/dist/client.js +1 -0
  6. package/dist/client.js.map +1 -0
  7. package/dist/index.d.ts +57 -0
  8. package/dist/index.js +8966 -0
  9. package/dist/index.js.map +1 -0
  10. package/dist/lib/contracts/auth.d.ts +262 -0
  11. package/dist/lib/contracts/auth.js +2923 -0
  12. package/dist/lib/contracts/auth.js.map +1 -0
  13. package/dist/lib/contracts/index.d.ts +3 -0
  14. package/dist/lib/contracts/index.js +3162 -0
  15. package/dist/lib/contracts/index.js.map +1 -0
  16. package/dist/lib/contracts/invitation.d.ts +243 -0
  17. package/dist/lib/contracts/invitation.js +2883 -0
  18. package/dist/lib/contracts/invitation.js.map +1 -0
  19. package/dist/plugin.d.ts +12 -0
  20. package/dist/plugin.js +8949 -0
  21. package/dist/plugin.js.map +1 -0
  22. package/dist/server/entities/index.d.ts +10 -0
  23. package/dist/server/entities/index.js +399 -0
  24. package/dist/server/entities/index.js.map +1 -0
  25. package/dist/server/entities/invitations.d.ts +241 -0
  26. package/dist/server/entities/invitations.js +181 -0
  27. package/dist/server/entities/invitations.js.map +1 -0
  28. package/dist/server/entities/permissions.d.ts +196 -0
  29. package/dist/server/entities/permissions.js +44 -0
  30. package/dist/server/entities/permissions.js.map +1 -0
  31. package/dist/server/entities/role-permissions.d.ts +107 -0
  32. package/dist/server/entities/role-permissions.js +112 -0
  33. package/dist/server/entities/role-permissions.js.map +1 -0
  34. package/dist/server/entities/roles.d.ts +196 -0
  35. package/dist/server/entities/roles.js +45 -0
  36. package/dist/server/entities/roles.js.map +1 -0
  37. package/dist/server/entities/user-permissions.d.ts +163 -0
  38. package/dist/server/entities/user-permissions.js +191 -0
  39. package/dist/server/entities/user-permissions.js.map +1 -0
  40. package/dist/server/entities/user-public-keys.d.ts +227 -0
  41. package/dist/server/entities/user-public-keys.js +153 -0
  42. package/dist/server/entities/user-public-keys.js.map +1 -0
  43. package/dist/server/entities/user-social-accounts.d.ts +189 -0
  44. package/dist/server/entities/user-social-accounts.js +146 -0
  45. package/dist/server/entities/user-social-accounts.js.map +1 -0
  46. package/dist/server/entities/users.d.ts +235 -0
  47. package/dist/server/entities/users.js +113 -0
  48. package/dist/server/entities/users.js.map +1 -0
  49. package/dist/server/entities/verification-codes.d.ts +191 -0
  50. package/dist/server/entities/verification-codes.js +44 -0
  51. package/dist/server/entities/verification-codes.js.map +1 -0
  52. package/dist/server/routes/auth/index.d.ts +10 -0
  53. package/dist/server/routes/auth/index.js +4475 -0
  54. package/dist/server/routes/auth/index.js.map +1 -0
  55. package/dist/server/routes/index.d.ts +6 -0
  56. package/dist/server/routes/index.js +6352 -0
  57. package/dist/server/routes/index.js.map +1 -0
  58. package/dist/server/routes/invitations/index.d.ts +10 -0
  59. package/dist/server/routes/invitations/index.js +4209 -0
  60. package/dist/server/routes/invitations/index.js.map +1 -0
  61. package/dist/server.d.ts +1243 -0
  62. package/dist/server.js +2281 -0
  63. package/dist/server.js.map +1 -0
  64. package/migrations/0000_tired_gambit.sql +165 -0
  65. package/migrations/meta/0000_snapshot.json +1395 -0
  66. package/migrations/meta/_journal.json +13 -0
  67. package/package.json +32 -24
package/dist/server/entities/permissions.js ADDED
@@ -0,0 +1,44 @@
1
+ // src/server/entities/permissions.ts
2
+ import { text, boolean, index } from "drizzle-orm/pg-core";
3
+ import { id, timestamps, createFunctionSchema } from "@spfn/core/db";
4
+ var schema = createFunctionSchema("@spfn/auth");
5
+ var permissions = schema.table(
6
+ "permissions",
7
+ {
8
+ // Primary key
9
+ id: id(),
10
+ // Permission identifier (e.g., 'user:delete', 'post:publish')
11
+ // Format: resource:action or namespace:resource:action
12
+ // Must be unique
13
+ name: text("name").notNull().unique(),
14
+ // Display name for UI
15
+ displayName: text("display_name").notNull(),
16
+ // Permission description
17
+ description: text("description"),
18
+ // Category for grouping (e.g., 'user', 'post', 'admin', 'system')
19
+ category: text("category"),
20
+ // Built-in permission flag
21
+ // true: Core package permissions - cannot be deleted
22
+ // false: Custom or preset permissions
23
+ isBuiltin: boolean("is_builtin").notNull().default(false),
24
+ // System permission flag
25
+ // true: Defined in code (builtin or preset)
26
+ // false: Runtime created custom permission
27
+ isSystem: boolean("is_system").notNull().default(false),
28
+ // Active status
29
+ // false: Deactivated permission (not enforced)
30
+ isActive: boolean("is_active").notNull().default(true),
31
+ ...timestamps()
32
+ },
33
+ (table) => [
34
+ index("permissions_name_idx").on(table.name),
35
+ index("permissions_category_idx").on(table.category),
36
+ index("permissions_is_system_idx").on(table.isSystem),
37
+ index("permissions_is_active_idx").on(table.isActive),
38
+ index("permissions_is_builtin_idx").on(table.isBuiltin)
39
+ ]
40
+ );
41
+ export {
42
+ permissions
43
+ };
44
+ //# sourceMappingURL=permissions.js.map
package/dist/server/entities/permissions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/server/entities/permissions.ts"],"sourcesContent":["/**\n * @spfn/auth - Permissions Entity\n *\n * Granular permissions for RBAC system\n *\n * Features:\n * - Built-in permissions (auth:*, user:*, rbac:*) - required for package\n * - System permissions (preset permissions) - optional\n * - Custom permissions (app-specific) - defined by developers\n * - Category grouping for organization\n */\n\nimport { text, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps, createFunctionSchema } from '@spfn/core/db';\n\nconst schema = createFunctionSchema('@spfn/auth');\n\nexport const permissions = schema.table('permissions',\n {\n // Primary key\n id: id(),\n\n // Permission identifier (e.g., 'user:delete', 'post:publish')\n // Format: resource:action or namespace:resource:action\n // Must be unique\n name: text('name').notNull().unique(),\n\n // Display name for UI\n displayName: text('display_name').notNull(),\n\n // Permission description\n description: text('description'),\n\n // Category for grouping (e.g., 'user', 'post', 'admin', 'system')\n category: text('category'),\n\n // Built-in permission flag\n // true: Core package permissions - cannot be deleted\n // false: Custom or preset permissions\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System permission flag\n // true: Defined in code (builtin or preset)\n // false: Runtime created custom permission\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated permission (not enforced)\n isActive: boolean('is_active').notNull().default(true),\n\n ...timestamps(),\n },\n (table) => [\n index('permissions_name_idx').on(table.name),\n index('permissions_category_idx').on(table.category),\n index('permissions_is_system_idx').on(table.isSystem),\n index('permissions_is_active_idx').on(table.isActive),\n index('permissions_is_builtin_idx').on(table.isBuiltin),\n ]\n);\n\n// Type exports\nexport type PermissionEntity = typeof permissions.$inferSelect;\nexport type NewPermissionEntity = typeof permissions.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Permission = PermissionEntity;\nexport type NewPermission = NewPermissionEntity;"],"mappings":";AAYA,SAAS,MAAM,SAAS,aAAa;AACrC,SAAS,IAAI,YAAY,4BAA4B;AAErD,IAAM,SAAS,qBAAqB,YAAY;AAEzC,IAAM,cAAc,OAAO;AAAA,EAAM;AAAA,EACpC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA;AAAA,IAKP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA,IAG/B,UAAU,KAAK,UAAU;AAAA;AAAA;AAAA;AAAA,IAKzB,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAErD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,sBAAsB,EAAE,GAAG,MAAM,IAAI;AAAA,IAC3C,MAAM,0BAA0B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACnD,MAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpD,MAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpD,MAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,EAC1D;AACJ;","names":[]}
package/dist/server/entities/role-permissions.d.ts ADDED
@@ -0,0 +1,107 @@
1
+ import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
2
+
3
+ /**
4
+ * @spfn/auth - Role-Permissions Mapping Entity
5
+ *
6
+ * Many-to-many relationship between roles and permissions
7
+ *
8
+ * Usage:
9
+ * - Defines which permissions each role has
10
+ * - Cascade delete when role or permission is deleted
11
+ */
12
+ declare const rolePermissions: drizzle_orm_pg_core.PgTableWithColumns<{
13
+ name: "role_permissions";
14
+ schema: string;
15
+ columns: {
16
+ createdAt: drizzle_orm_pg_core.PgColumn<{
17
+ name: "created_at";
18
+ tableName: "role_permissions";
19
+ dataType: "date";
20
+ columnType: "PgTimestamp";
21
+ data: Date;
22
+ driverParam: string;
23
+ notNull: true;
24
+ hasDefault: true;
25
+ isPrimaryKey: false;
26
+ isAutoincrement: false;
27
+ hasRuntimeDefault: false;
28
+ enumValues: undefined;
29
+ baseColumn: never;
30
+ identity: undefined;
31
+ generated: undefined;
32
+ }, {}, {}>;
33
+ updatedAt: drizzle_orm_pg_core.PgColumn<{
34
+ name: "updated_at";
35
+ tableName: "role_permissions";
36
+ dataType: "date";
37
+ columnType: "PgTimestamp";
38
+ data: Date;
39
+ driverParam: string;
40
+ notNull: true;
41
+ hasDefault: true;
42
+ isPrimaryKey: false;
43
+ isAutoincrement: false;
44
+ hasRuntimeDefault: false;
45
+ enumValues: undefined;
46
+ baseColumn: never;
47
+ identity: undefined;
48
+ generated: undefined;
49
+ }, {}, {}>;
50
+ id: drizzle_orm_pg_core.PgColumn<{
51
+ name: "id";
52
+ tableName: "role_permissions";
53
+ dataType: "number";
54
+ columnType: "PgBigSerial53";
55
+ data: number;
56
+ driverParam: number;
57
+ notNull: true;
58
+ hasDefault: true;
59
+ isPrimaryKey: true;
60
+ isAutoincrement: false;
61
+ hasRuntimeDefault: false;
62
+ enumValues: undefined;
63
+ baseColumn: never;
64
+ identity: undefined;
65
+ generated: undefined;
66
+ }, {}, {}>;
67
+ roleId: drizzle_orm_pg_core.PgColumn<{
68
+ name: "role_id";
69
+ tableName: "role_permissions";
70
+ dataType: "number";
71
+ columnType: "PgBigInt53";
72
+ data: number;
73
+ driverParam: string | number;
74
+ notNull: true;
75
+ hasDefault: false;
76
+ isPrimaryKey: false;
77
+ isAutoincrement: false;
78
+ hasRuntimeDefault: false;
79
+ enumValues: undefined;
80
+ baseColumn: never;
81
+ identity: undefined;
82
+ generated: undefined;
83
+ }, {}, {}>;
84
+ permissionId: drizzle_orm_pg_core.PgColumn<{
85
+ name: "permission_id";
86
+ tableName: "role_permissions";
87
+ dataType: "number";
88
+ columnType: "PgBigInt53";
89
+ data: number;
90
+ driverParam: string | number;
91
+ notNull: true;
92
+ hasDefault: false;
93
+ isPrimaryKey: false;
94
+ isAutoincrement: false;
95
+ hasRuntimeDefault: false;
96
+ enumValues: undefined;
97
+ baseColumn: never;
98
+ identity: undefined;
99
+ generated: undefined;
100
+ }, {}, {}>;
101
+ };
102
+ dialect: "pg";
103
+ }>;
104
+ type RolePermission = typeof rolePermissions.$inferSelect;
105
+ type NewRolePermission = typeof rolePermissions.$inferInsert;
106
+
107
+ export { type NewRolePermission, type RolePermission, rolePermissions };
package/dist/server/entities/role-permissions.js ADDED
@@ -0,0 +1,112 @@
1
+ // src/server/entities/role-permissions.ts
2
+ import { bigint, index as index3, unique } from "drizzle-orm/pg-core";
3
+ import { id as id3, timestamps as timestamps3, createFunctionSchema as createFunctionSchema3 } from "@spfn/core/db";
4
+
5
+ // src/server/entities/roles.ts
6
+ import { text, boolean, integer, index } from "drizzle-orm/pg-core";
7
+ import { id, timestamps, createFunctionSchema } from "@spfn/core/db";
8
+ var schema = createFunctionSchema("@spfn/auth");
9
+ var roles = schema.table(
10
+ "roles",
11
+ {
12
+ // Primary key
13
+ id: id(),
14
+ // Role identifier (used in code, e.g., 'admin', 'editor')
15
+ // Must be unique, lowercase, kebab-case recommended
16
+ name: text("name").notNull().unique(),
17
+ // Display name for UI (e.g., 'Administrator', 'Content Editor')
18
+ displayName: text("display_name").notNull(),
19
+ // Role description
20
+ description: text("description"),
21
+ // Built-in role flag
22
+ // true: Core package roles (user, admin, superadmin) - cannot be deleted
23
+ // false: Custom or preset roles - can be deleted
24
+ isBuiltin: boolean("is_builtin").notNull().default(false),
25
+ // System role flag
26
+ // true: Defined in code (builtin or preset) - deletion restricted
27
+ // false: Runtime created custom role - fully manageable
28
+ isSystem: boolean("is_system").notNull().default(false),
29
+ // Active status
30
+ // false: Deactivated role (users cannot be assigned)
31
+ isActive: boolean("is_active").notNull().default(true),
32
+ // Priority level (higher = more privileged)
33
+ // superadmin: 100, admin: 80, user: 10
34
+ // Used for role hierarchy and conflict resolution
35
+ priority: integer("priority").notNull().default(10),
36
+ ...timestamps()
37
+ },
38
+ (table) => [
39
+ index("roles_name_idx").on(table.name),
40
+ index("roles_is_system_idx").on(table.isSystem),
41
+ index("roles_is_active_idx").on(table.isActive),
42
+ index("roles_is_builtin_idx").on(table.isBuiltin),
43
+ index("roles_priority_idx").on(table.priority)
44
+ ]
45
+ );
46
+
47
+ // src/server/entities/permissions.ts
48
+ import { text as text2, boolean as boolean2, index as index2 } from "drizzle-orm/pg-core";
49
+ import { id as id2, timestamps as timestamps2, createFunctionSchema as createFunctionSchema2 } from "@spfn/core/db";
50
+ var schema2 = createFunctionSchema2("@spfn/auth");
51
+ var permissions = schema2.table(
52
+ "permissions",
53
+ {
54
+ // Primary key
55
+ id: id2(),
56
+ // Permission identifier (e.g., 'user:delete', 'post:publish')
57
+ // Format: resource:action or namespace:resource:action
58
+ // Must be unique
59
+ name: text2("name").notNull().unique(),
60
+ // Display name for UI
61
+ displayName: text2("display_name").notNull(),
62
+ // Permission description
63
+ description: text2("description"),
64
+ // Category for grouping (e.g., 'user', 'post', 'admin', 'system')
65
+ category: text2("category"),
66
+ // Built-in permission flag
67
+ // true: Core package permissions - cannot be deleted
68
+ // false: Custom or preset permissions
69
+ isBuiltin: boolean2("is_builtin").notNull().default(false),
70
+ // System permission flag
71
+ // true: Defined in code (builtin or preset)
72
+ // false: Runtime created custom permission
73
+ isSystem: boolean2("is_system").notNull().default(false),
74
+ // Active status
75
+ // false: Deactivated permission (not enforced)
76
+ isActive: boolean2("is_active").notNull().default(true),
77
+ ...timestamps2()
78
+ },
79
+ (table) => [
80
+ index2("permissions_name_idx").on(table.name),
81
+ index2("permissions_category_idx").on(table.category),
82
+ index2("permissions_is_system_idx").on(table.isSystem),
83
+ index2("permissions_is_active_idx").on(table.isActive),
84
+ index2("permissions_is_builtin_idx").on(table.isBuiltin)
85
+ ]
86
+ );
87
+
88
+ // src/server/entities/role-permissions.ts
89
+ var schema3 = createFunctionSchema3("@spfn/auth");
90
+ var rolePermissions = schema3.table(
91
+ "role_permissions",
92
+ {
93
+ // Primary key
94
+ id: id3(),
95
+ // Foreign key to roles table
96
+ roleId: bigint("role_id", { mode: "number" }).notNull().references(() => roles.id, { onDelete: "cascade" }),
97
+ // Foreign key to permissions table
98
+ permissionId: bigint("permission_id", { mode: "number" }).notNull().references(() => permissions.id, { onDelete: "cascade" }),
99
+ ...timestamps3()
100
+ },
101
+ (table) => [
102
+ // Indexes for query performance
103
+ index3("role_permissions_role_id_idx").on(table.roleId),
104
+ index3("role_permissions_permission_id_idx").on(table.permissionId),
105
+ // Unique constraint: one role-permission pair only
106
+ unique("role_permissions_unique").on(table.roleId, table.permissionId)
107
+ ]
108
+ );
109
+ export {
110
+ rolePermissions
111
+ };
112
+ //# sourceMappingURL=role-permissions.js.map
package/dist/server/entities/role-permissions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/server/entities/role-permissions.ts","../../../src/server/entities/roles.ts","../../../src/server/entities/permissions.ts"],"sourcesContent":["/**\n * @spfn/auth - Role-Permissions Mapping Entity\n *\n * Many-to-many relationship between roles and permissions\n *\n * Usage:\n * - Defines which permissions each role has\n * - Cascade delete when role or permission is deleted\n */\n\nimport { bigint, index, unique } from 'drizzle-orm/pg-core';\nimport { id, timestamps, createFunctionSchema } from '@spfn/core/db';\nimport { roles } from './roles';\nimport { permissions } from './permissions';\n\nconst schema = createFunctionSchema('@spfn/auth');\n\nexport const rolePermissions = schema.table('role_permissions',\n {\n // Primary key\n id: id(),\n\n // Foreign key to roles table\n roleId: bigint('role_id', { mode: 'number' })\n .notNull()\n .references(() => roles.id, { onDelete: 'cascade' }),\n\n // Foreign key to permissions table\n permissionId: bigint('permission_id', { mode: 'number' })\n .notNull()\n .references(() => permissions.id, { onDelete: 'cascade' }),\n\n ...timestamps(),\n },\n (table) => [\n // Indexes for query performance\n index('role_permissions_role_id_idx').on(table.roleId),\n index('role_permissions_permission_id_idx').on(table.permissionId),\n\n // Unique constraint: one role-permission pair only\n unique('role_permissions_unique').on(table.roleId, table.permissionId),\n ]\n);\n\n// Type exports\nexport type RolePermission = typeof rolePermissions.$inferSelect;\nexport type NewRolePermission = typeof rolePermissions.$inferInsert;","/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps, createFunctionSchema } from '@spfn/core/db';\n\nconst schema = createFunctionSchema('@spfn/auth');\n\nexport const roles = schema.table('roles',\n {\n // Primary key\n id: id(),\n\n // Role identifier (used in code, e.g., 'admin', 'editor')\n // Must be unique, lowercase, kebab-case recommended\n name: text('name').notNull().unique(),\n\n // Display name for UI (e.g., 'Administrator', 'Content Editor')\n displayName: text('display_name').notNull(),\n\n // Role description\n description: text('description'),\n\n // Built-in role flag\n // true: Core package roles (user, admin, superadmin) - cannot be deleted\n // false: Custom or preset roles - can be deleted\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System role flag\n // true: Defined in code (builtin or preset) - deletion restricted\n // false: Runtime created custom role - fully manageable\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated role (users cannot be assigned)\n isActive: boolean('is_active').notNull().default(true),\n\n // Priority level (higher = more privileged)\n // superadmin: 100, admin: 80, user: 10\n // Used for role hierarchy and conflict resolution\n priority: integer('priority').notNull().default(10),\n\n ...timestamps(),\n },\n (table) => [\n index('roles_name_idx').on(table.name),\n index('roles_is_system_idx').on(table.isSystem),\n index('roles_is_active_idx').on(table.isActive),\n index('roles_is_builtin_idx').on(table.isBuiltin),\n index('roles_priority_idx').on(table.priority),\n ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - Permissions Entity\n *\n * Granular permissions for RBAC system\n *\n * Features:\n * - Built-in permissions (auth:*, user:*, rbac:*) - required for package\n * - System permissions (preset permissions) - optional\n * - Custom permissions (app-specific) - defined by developers\n * - Category grouping for organization\n */\n\nimport { text, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps, createFunctionSchema } from '@spfn/core/db';\n\nconst schema = createFunctionSchema('@spfn/auth');\n\nexport const permissions = schema.table('permissions',\n {\n // Primary key\n id: id(),\n\n // Permission identifier (e.g., 'user:delete', 'post:publish')\n // Format: resource:action or namespace:resource:action\n // Must be unique\n name: text('name').notNull().unique(),\n\n // Display name for UI\n displayName: text('display_name').notNull(),\n\n // Permission description\n description: text('description'),\n\n // Category for grouping (e.g., 'user', 'post', 'admin', 'system')\n category: text('category'),\n\n // Built-in permission flag\n // true: Core package permissions - cannot be deleted\n // false: Custom or preset permissions\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System permission flag\n // true: Defined in code (builtin or preset)\n // false: Runtime created custom permission\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated permission (not enforced)\n isActive: boolean('is_active').notNull().default(true),\n\n ...timestamps(),\n },\n (table) => [\n index('permissions_name_idx').on(table.name),\n index('permissions_category_idx').on(table.category),\n index('permissions_is_system_idx').on(table.isSystem),\n index('permissions_is_active_idx').on(table.isActive),\n index('permissions_is_builtin_idx').on(table.isBuiltin),\n ]\n);\n\n// Type exports\nexport type PermissionEntity = typeof permissions.$inferSelect;\nexport type NewPermissionEntity = typeof permissions.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Permission = PermissionEntity;\nexport type NewPermission = NewPermissionEntity;"],"mappings":";AAUA,SAAS,QAAQ,SAAAA,QAAO,cAAc;AACtC,SAAS,MAAAC,KAAI,cAAAC,aAAY,wBAAAC,6BAA4B;;;ACCrD,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,YAAY,4BAA4B;AAErD,IAAM,SAAS,qBAAqB,YAAY;AAEzC,IAAM,QAAQ,OAAO;AAAA,EAAM;AAAA,EAC9B;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;;;AChDA,SAAS,QAAAC,OAAM,WAAAC,UAAS,SAAAC,cAAa;AACrC,SAAS,MAAAC,KAAI,cAAAC,aAAY,wBAAAC,6BAA4B;AAErD,IAAMC,UAASD,sBAAqB,YAAY;AAEzC,IAAM,cAAcC,QAAO;AAAA,EAAM;AAAA,EACpC;AAAA;AAAA,IAEI,IAAIH,IAAG;AAAA;AAAA;AAAA;AAAA,IAKP,MAAMH,MAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAaA,MAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAaA,MAAK,aAAa;AAAA;AAAA,IAG/B,UAAUA,MAAK,UAAU;AAAA;AAAA;AAAA;AAAA,IAKzB,WAAWC,SAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAUA,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAUA,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAErD,GAAGG,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACPF,OAAM,sBAAsB,EAAE,GAAG,MAAM,IAAI;AAAA,IAC3CA,OAAM,0BAA0B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACnDA,OAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpDA,OAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpDA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,EAC1D;AACJ;;;AF5CA,IAAMK,UAASC,sBAAqB,YAAY;AAEzC,IAAM,kBAAkBD,QAAO;AAAA,EAAM;AAAA,EACxC;AAAA;AAAA,IAEI,IAAIE,IAAG;AAAA;AAAA,IAGP,QAAQ,OAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,QAAQ,EACR,WAAW,MAAM,MAAM,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA;AAAA,IAGvD,cAAc,OAAO,iBAAiB,EAAE,MAAM,SAAS,CAAC,EACnD,QAAQ,EACR,WAAW,MAAM,YAAY,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IAE7D,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,8BAA8B,EAAE,GAAG,MAAM,MAAM;AAAA,IACrDA,OAAM,oCAAoC,EAAE,GAAG,MAAM,YAAY;AAAA;AAAA,IAGjE,OAAO,yBAAyB,EAAE,GAAG,MAAM,QAAQ,MAAM,YAAY;AAAA,EACzE;AACJ;","names":["index","id","timestamps","createFunctionSchema","text","boolean","index","id","timestamps","createFunctionSchema","schema","schema","createFunctionSchema","id","timestamps","index"]}
package/dist/server/entities/roles.d.ts ADDED
@@ -0,0 +1,196 @@
1
+ import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
2
+
3
+ /**
4
+ * @spfn/auth - Roles Entity
5
+ *
6
+ * Role-based access control (RBAC) roles table
7
+ *
8
+ * Features:
9
+ * - Built-in roles (user, admin, superadmin) - cannot be deleted
10
+ * - System roles (preset roles) - can be deactivated
11
+ * - Custom roles (runtime created) - fully manageable
12
+ * - Priority-based hierarchy
13
+ */
14
+ declare const roles: drizzle_orm_pg_core.PgTableWithColumns<{
15
+ name: "roles";
16
+ schema: string;
17
+ columns: {
18
+ createdAt: drizzle_orm_pg_core.PgColumn<{
19
+ name: "created_at";
20
+ tableName: "roles";
21
+ dataType: "date";
22
+ columnType: "PgTimestamp";
23
+ data: Date;
24
+ driverParam: string;
25
+ notNull: true;
26
+ hasDefault: true;
27
+ isPrimaryKey: false;
28
+ isAutoincrement: false;
29
+ hasRuntimeDefault: false;
30
+ enumValues: undefined;
31
+ baseColumn: never;
32
+ identity: undefined;
33
+ generated: undefined;
34
+ }, {}, {}>;
35
+ updatedAt: drizzle_orm_pg_core.PgColumn<{
36
+ name: "updated_at";
37
+ tableName: "roles";
38
+ dataType: "date";
39
+ columnType: "PgTimestamp";
40
+ data: Date;
41
+ driverParam: string;
42
+ notNull: true;
43
+ hasDefault: true;
44
+ isPrimaryKey: false;
45
+ isAutoincrement: false;
46
+ hasRuntimeDefault: false;
47
+ enumValues: undefined;
48
+ baseColumn: never;
49
+ identity: undefined;
50
+ generated: undefined;
51
+ }, {}, {}>;
52
+ id: drizzle_orm_pg_core.PgColumn<{
53
+ name: "id";
54
+ tableName: "roles";
55
+ dataType: "number";
56
+ columnType: "PgBigSerial53";
57
+ data: number;
58
+ driverParam: number;
59
+ notNull: true;
60
+ hasDefault: true;
61
+ isPrimaryKey: true;
62
+ isAutoincrement: false;
63
+ hasRuntimeDefault: false;
64
+ enumValues: undefined;
65
+ baseColumn: never;
66
+ identity: undefined;
67
+ generated: undefined;
68
+ }, {}, {}>;
69
+ name: drizzle_orm_pg_core.PgColumn<{
70
+ name: "name";
71
+ tableName: "roles";
72
+ dataType: "string";
73
+ columnType: "PgText";
74
+ data: string;
75
+ driverParam: string;
76
+ notNull: true;
77
+ hasDefault: false;
78
+ isPrimaryKey: false;
79
+ isAutoincrement: false;
80
+ hasRuntimeDefault: false;
81
+ enumValues: [string, ...string[]];
82
+ baseColumn: never;
83
+ identity: undefined;
84
+ generated: undefined;
85
+ }, {}, {}>;
86
+ displayName: drizzle_orm_pg_core.PgColumn<{
87
+ name: "display_name";
88
+ tableName: "roles";
89
+ dataType: "string";
90
+ columnType: "PgText";
91
+ data: string;
92
+ driverParam: string;
93
+ notNull: true;
94
+ hasDefault: false;
95
+ isPrimaryKey: false;
96
+ isAutoincrement: false;
97
+ hasRuntimeDefault: false;
98
+ enumValues: [string, ...string[]];
99
+ baseColumn: never;
100
+ identity: undefined;
101
+ generated: undefined;
102
+ }, {}, {}>;
103
+ description: drizzle_orm_pg_core.PgColumn<{
104
+ name: "description";
105
+ tableName: "roles";
106
+ dataType: "string";
107
+ columnType: "PgText";
108
+ data: string;
109
+ driverParam: string;
110
+ notNull: false;
111
+ hasDefault: false;
112
+ isPrimaryKey: false;
113
+ isAutoincrement: false;
114
+ hasRuntimeDefault: false;
115
+ enumValues: [string, ...string[]];
116
+ baseColumn: never;
117
+ identity: undefined;
118
+ generated: undefined;
119
+ }, {}, {}>;
120
+ isBuiltin: drizzle_orm_pg_core.PgColumn<{
121
+ name: "is_builtin";
122
+ tableName: "roles";
123
+ dataType: "boolean";
124
+ columnType: "PgBoolean";
125
+ data: boolean;
126
+ driverParam: boolean;
127
+ notNull: true;
128
+ hasDefault: true;
129
+ isPrimaryKey: false;
130
+ isAutoincrement: false;
131
+ hasRuntimeDefault: false;
132
+ enumValues: undefined;
133
+ baseColumn: never;
134
+ identity: undefined;
135
+ generated: undefined;
136
+ }, {}, {}>;
137
+ isSystem: drizzle_orm_pg_core.PgColumn<{
138
+ name: "is_system";
139
+ tableName: "roles";
140
+ dataType: "boolean";
141
+ columnType: "PgBoolean";
142
+ data: boolean;
143
+ driverParam: boolean;
144
+ notNull: true;
145
+ hasDefault: true;
146
+ isPrimaryKey: false;
147
+ isAutoincrement: false;
148
+ hasRuntimeDefault: false;
149
+ enumValues: undefined;
150
+ baseColumn: never;
151
+ identity: undefined;
152
+ generated: undefined;
153
+ }, {}, {}>;
154
+ isActive: drizzle_orm_pg_core.PgColumn<{
155
+ name: "is_active";
156
+ tableName: "roles";
157
+ dataType: "boolean";
158
+ columnType: "PgBoolean";
159
+ data: boolean;
160
+ driverParam: boolean;
161
+ notNull: true;
162
+ hasDefault: true;
163
+ isPrimaryKey: false;
164
+ isAutoincrement: false;
165
+ hasRuntimeDefault: false;
166
+ enumValues: undefined;
167
+ baseColumn: never;
168
+ identity: undefined;
169
+ generated: undefined;
170
+ }, {}, {}>;
171
+ priority: drizzle_orm_pg_core.PgColumn<{
172
+ name: "priority";
173
+ tableName: "roles";
174
+ dataType: "number";
175
+ columnType: "PgInteger";
176
+ data: number;
177
+ driverParam: string | number;
178
+ notNull: true;
179
+ hasDefault: true;
180
+ isPrimaryKey: false;
181
+ isAutoincrement: false;
182
+ hasRuntimeDefault: false;
183
+ enumValues: undefined;
184
+ baseColumn: never;
185
+ identity: undefined;
186
+ generated: undefined;
187
+ }, {}, {}>;
188
+ };
189
+ dialect: "pg";
190
+ }>;
191
+ type RoleEntity = typeof roles.$inferSelect;
192
+ type NewRoleEntity = typeof roles.$inferInsert;
193
+ type Role = RoleEntity;
194
+ type NewRole = NewRoleEntity;
195
+
196
+ export { type NewRole, type NewRoleEntity, type Role, type RoleEntity, roles };
package/dist/server/entities/roles.js ADDED
@@ -0,0 +1,45 @@
1
+ // src/server/entities/roles.ts
2
+ import { text, boolean, integer, index } from "drizzle-orm/pg-core";
3
+ import { id, timestamps, createFunctionSchema } from "@spfn/core/db";
4
+ var schema = createFunctionSchema("@spfn/auth");
5
+ var roles = schema.table(
6
+ "roles",
7
+ {
8
+ // Primary key
9
+ id: id(),
10
+ // Role identifier (used in code, e.g., 'admin', 'editor')
11
+ // Must be unique, lowercase, kebab-case recommended
12
+ name: text("name").notNull().unique(),
13
+ // Display name for UI (e.g., 'Administrator', 'Content Editor')
14
+ displayName: text("display_name").notNull(),
15
+ // Role description
16
+ description: text("description"),
17
+ // Built-in role flag
18
+ // true: Core package roles (user, admin, superadmin) - cannot be deleted
19
+ // false: Custom or preset roles - can be deleted
20
+ isBuiltin: boolean("is_builtin").notNull().default(false),
21
+ // System role flag
22
+ // true: Defined in code (builtin or preset) - deletion restricted
23
+ // false: Runtime created custom role - fully manageable
24
+ isSystem: boolean("is_system").notNull().default(false),
25
+ // Active status
26
+ // false: Deactivated role (users cannot be assigned)
27
+ isActive: boolean("is_active").notNull().default(true),
28
+ // Priority level (higher = more privileged)
29
+ // superadmin: 100, admin: 80, user: 10
30
+ // Used for role hierarchy and conflict resolution
31
+ priority: integer("priority").notNull().default(10),
32
+ ...timestamps()
33
+ },
34
+ (table) => [
35
+ index("roles_name_idx").on(table.name),
36
+ index("roles_is_system_idx").on(table.isSystem),
37
+ index("roles_is_active_idx").on(table.isActive),
38
+ index("roles_is_builtin_idx").on(table.isBuiltin),
39
+ index("roles_priority_idx").on(table.priority)
40
+ ]
41
+ );
42
+ export {
43
+ roles
44
+ };
45
+ //# sourceMappingURL=roles.js.map
package/dist/server/entities/roles.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../src/server/entities/roles.ts"],"sourcesContent":["/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps, createFunctionSchema } from '@spfn/core/db';\n\nconst schema = createFunctionSchema('@spfn/auth');\n\nexport const roles = schema.table('roles',\n {\n // Primary key\n id: id(),\n\n // Role identifier (used in code, e.g., 'admin', 'editor')\n // Must be unique, lowercase, kebab-case recommended\n name: text('name').notNull().unique(),\n\n // Display name for UI (e.g., 'Administrator', 'Content Editor')\n displayName: text('display_name').notNull(),\n\n // Role description\n description: text('description'),\n\n // Built-in role flag\n // true: Core package roles (user, admin, superadmin) - cannot be deleted\n // false: Custom or preset roles - can be deleted\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System role flag\n // true: Defined in code (builtin or preset) - deletion restricted\n // false: Runtime created custom role - fully manageable\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated role (users cannot be assigned)\n isActive: boolean('is_active').notNull().default(true),\n\n // Priority level (higher = more privileged)\n // superadmin: 100, admin: 80, user: 10\n // Used for role hierarchy and conflict resolution\n priority: integer('priority').notNull().default(10),\n\n ...timestamps(),\n },\n (table) => [\n index('roles_name_idx').on(table.name),\n index('roles_is_system_idx').on(table.isSystem),\n index('roles_is_active_idx').on(table.isActive),\n index('roles_is_builtin_idx').on(table.isBuiltin),\n index('roles_priority_idx').on(table.priority),\n ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;"],"mappings":";AAYA,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,YAAY,4BAA4B;AAErD,IAAM,SAAS,qBAAqB,YAAY;AAEzC,IAAM,QAAQ,OAAO;AAAA,EAAM;AAAA,EAC9B;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;","names":[]}