npm - @spfn/auth - Versions diffs - 0.1.0-alpha.87 → 0.2.0-beta.1 - Mend

@spfn/auth 0.1.0-alpha.87 → 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/README.md +1385 -1199
package/dist/config.d.ts +405 -0
package/dist/config.js +240 -0
package/dist/config.js.map +1 -0
package/dist/dto-81uR9gzF.d.ts +630 -0
package/dist/errors.d.ts +196 -0
package/dist/errors.js +173 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +273 -14
package/dist/index.js +511 -6665
package/dist/index.js.map +1 -1
package/dist/nextjs/api.js +345 -0
package/dist/nextjs/api.js.map +1 -0
package/dist/{adapters/nextjs → nextjs}/server.d.ts +47 -65
package/dist/nextjs/server.js +179 -0
package/dist/nextjs/server.js.map +1 -0
package/dist/server.d.ts +4328 -529
package/dist/server.js +7841 -1247
package/dist/server.js.map +1 -1
package/migrations/{0000_familiar_firebrand.sql → 0000_mysterious_colossus.sql} +53 -23
package/migrations/meta/0000_snapshot.json +281 -46
package/migrations/meta/_journal.json +2 -2
package/package.json +33 -33
package/dist/adapters/nextjs/api.d.ts +0 -446
package/dist/adapters/nextjs/api.js +0 -3279
package/dist/adapters/nextjs/api.js.map +0 -1
package/dist/adapters/nextjs/server.js +0 -3645
package/dist/adapters/nextjs/server.js.map +0 -1
package/dist/lib/api/auth-codes-verify.d.ts +0 -37
package/dist/lib/api/auth-codes-verify.js +0 -2949
package/dist/lib/api/auth-codes-verify.js.map +0 -1
package/dist/lib/api/auth-codes.d.ts +0 -37
package/dist/lib/api/auth-codes.js +0 -2949
package/dist/lib/api/auth-codes.js.map +0 -1
package/dist/lib/api/auth-exists.d.ts +0 -38
package/dist/lib/api/auth-exists.js +0 -2949
package/dist/lib/api/auth-exists.js.map +0 -1
package/dist/lib/api/auth-invitations-accept.d.ts +0 -38
package/dist/lib/api/auth-invitations-accept.js +0 -2883
package/dist/lib/api/auth-invitations-accept.js.map +0 -1
package/dist/lib/api/auth-invitations-cancel.d.ts +0 -37
package/dist/lib/api/auth-invitations-cancel.js +0 -2883
package/dist/lib/api/auth-invitations-cancel.js.map +0 -1
package/dist/lib/api/auth-invitations-delete.d.ts +0 -36
package/dist/lib/api/auth-invitations-delete.js +0 -2883
package/dist/lib/api/auth-invitations-delete.js.map +0 -1
package/dist/lib/api/auth-invitations-resend.d.ts +0 -37
package/dist/lib/api/auth-invitations-resend.js +0 -2883
package/dist/lib/api/auth-invitations-resend.js.map +0 -1
package/dist/lib/api/auth-invitations.d.ts +0 -109
package/dist/lib/api/auth-invitations.js +0 -2887
package/dist/lib/api/auth-invitations.js.map +0 -1
package/dist/lib/api/auth-keys-rotate.d.ts +0 -37
package/dist/lib/api/auth-keys-rotate.js +0 -2949
package/dist/lib/api/auth-keys-rotate.js.map +0 -1
package/dist/lib/api/auth-login.d.ts +0 -39
package/dist/lib/api/auth-login.js +0 -2949
package/dist/lib/api/auth-login.js.map +0 -1
package/dist/lib/api/auth-logout.d.ts +0 -36
package/dist/lib/api/auth-logout.js +0 -2949
package/dist/lib/api/auth-logout.js.map +0 -1
package/dist/lib/api/auth-me.d.ts +0 -50
package/dist/lib/api/auth-me.js +0 -2949
package/dist/lib/api/auth-me.js.map +0 -1
package/dist/lib/api/auth-password.d.ts +0 -36
package/dist/lib/api/auth-password.js +0 -2949
package/dist/lib/api/auth-password.js.map +0 -1
package/dist/lib/api/auth-register.d.ts +0 -38
package/dist/lib/api/auth-register.js +0 -2949
package/dist/lib/api/auth-register.js.map +0 -1
package/dist/lib/api/index.d.ts +0 -356
package/dist/lib/api/index.js +0 -3261
package/dist/lib/api/index.js.map +0 -1
package/dist/lib/config.d.ts +0 -70
package/dist/lib/config.js +0 -64
package/dist/lib/config.js.map +0 -1
package/dist/lib/contracts/auth.d.ts +0 -302
package/dist/lib/contracts/auth.js +0 -2951
package/dist/lib/contracts/auth.js.map +0 -1
package/dist/lib/contracts/index.d.ts +0 -3
package/dist/lib/contracts/index.js +0 -3190
package/dist/lib/contracts/index.js.map +0 -1
package/dist/lib/contracts/invitation.d.ts +0 -243
package/dist/lib/contracts/invitation.js +0 -2883
package/dist/lib/contracts/invitation.js.map +0 -1
package/dist/lib/crypto.d.ts +0 -76
package/dist/lib/crypto.js +0 -127
package/dist/lib/crypto.js.map +0 -1
package/dist/lib/index.d.ts +0 -4
package/dist/lib/index.js +0 -313
package/dist/lib/index.js.map +0 -1
package/dist/lib/session.d.ts +0 -68
package/dist/lib/session.js +0 -126
package/dist/lib/session.js.map +0 -1
package/dist/lib/types/api.d.ts +0 -45
package/dist/lib/types/api.js +0 -1
package/dist/lib/types/api.js.map +0 -1
package/dist/lib/types/index.d.ts +0 -3
package/dist/lib/types/index.js +0 -2647
package/dist/lib/types/index.js.map +0 -1
package/dist/lib/types/schemas.d.ts +0 -45
package/dist/lib/types/schemas.js +0 -2647
package/dist/lib/types/schemas.js.map +0 -1
package/dist/lib.js +0 -1
package/dist/lib.js.map +0 -1
package/dist/plugin.d.ts +0 -12
package/dist/plugin.js +0 -9083
package/dist/plugin.js.map +0 -1
package/dist/server/entities/index.d.ts +0 -11
package/dist/server/entities/index.js +0 -395
package/dist/server/entities/index.js.map +0 -1
package/dist/server/entities/invitations.d.ts +0 -241
package/dist/server/entities/invitations.js +0 -184
package/dist/server/entities/invitations.js.map +0 -1
package/dist/server/entities/permissions.d.ts +0 -196
package/dist/server/entities/permissions.js +0 -49
package/dist/server/entities/permissions.js.map +0 -1
package/dist/server/entities/role-permissions.d.ts +0 -107
package/dist/server/entities/role-permissions.js +0 -115
package/dist/server/entities/role-permissions.js.map +0 -1
package/dist/server/entities/roles.d.ts +0 -196
package/dist/server/entities/roles.js +0 -50
package/dist/server/entities/roles.js.map +0 -1
package/dist/server/entities/schema.d.ts +0 -14
package/dist/server/entities/schema.js +0 -7
package/dist/server/entities/schema.js.map +0 -1
package/dist/server/entities/user-permissions.d.ts +0 -163
package/dist/server/entities/user-permissions.js +0 -193
package/dist/server/entities/user-permissions.js.map +0 -1
package/dist/server/entities/user-public-keys.d.ts +0 -227
package/dist/server/entities/user-public-keys.js +0 -156
package/dist/server/entities/user-public-keys.js.map +0 -1
package/dist/server/entities/user-social-accounts.d.ts +0 -189
package/dist/server/entities/user-social-accounts.js +0 -149
package/dist/server/entities/user-social-accounts.js.map +0 -1
package/dist/server/entities/users.d.ts +0 -235
package/dist/server/entities/users.js +0 -117
package/dist/server/entities/users.js.map +0 -1
package/dist/server/entities/verification-codes.d.ts +0 -191
package/dist/server/entities/verification-codes.js +0 -49
package/dist/server/entities/verification-codes.js.map +0 -1
package/dist/server/routes/auth/index.d.ts +0 -10
package/dist/server/routes/auth/index.js +0 -4460
package/dist/server/routes/auth/index.js.map +0 -1
package/dist/server/routes/index.d.ts +0 -6
package/dist/server/routes/index.js +0 -6584
package/dist/server/routes/index.js.map +0 -1
package/dist/server/routes/invitations/index.d.ts +0 -10
package/dist/server/routes/invitations/index.js +0 -4395
package/dist/server/routes/invitations/index.js.map +0 -1
/package/dist/{lib.d.ts → nextjs/api.d.ts} +0 -0

package/dist/server/entities/index.d.ts DELETED Viewed

@@ -1,11 +0,0 @@
-export { authSchema } from './schema.js';
-export { NewUser, User, UserStatus, UserWithVerification, users } from './users.js';
-export { NewUserSocialAccount, SocialProvider, UserSocialAccount, userSocialAccounts } from './user-social-accounts.js';
-export { NewUserPublicKey, UserPublicKey, userPublicKeys } from './user-public-keys.js';
-export { NewVerificationCode, VerificationCode, VerificationPurpose, VerificationTargetType, verificationCodes } from './verification-codes.js';
-export { Invitation, InvitationStatus, InvitationWithDetails, NewInvitation, invitations } from './invitations.js';
-export { NewRole, NewRoleEntity, Role, RoleEntity, roles } from './roles.js';
-export { NewPermission, NewPermissionEntity, Permission, PermissionEntity, permissions } from './permissions.js';
-export { NewRolePermission, RolePermission, rolePermissions } from './role-permissions.js';
-export { NewUserPermission, UserPermission, userPermissions } from './user-permissions.js';
-import 'drizzle-orm/pg-core';

package/dist/server/entities/index.js DELETED Viewed

@@ -1,395 +0,0 @@
-// src/server/entities/schema.ts
-import { createFunctionSchema } from "@spfn/core/db";
-var authSchema = createFunctionSchema("@spfn/auth");
-// src/server/entities/users.ts
-import { text as text2, timestamp, check, boolean as boolean2, bigint, index as index2 } from "drizzle-orm/pg-core";
-import { id as id2, timestamps as timestamps2 } from "@spfn/core/db";
-import { sql } from "drizzle-orm";
-// src/server/entities/roles.ts
-import { text, boolean, integer, index } from "drizzle-orm/pg-core";
-import { id, timestamps } from "@spfn/core/db";
-var roles = authSchema.table(
-  "roles",
-  {
-    // Primary key
-    id: id(),
-    // Role identifier (used in code, e.g., 'admin', 'editor')
-    // Must be unique, lowercase, kebab-case recommended
-    name: text("name").notNull().unique(),
-    // Display name for UI (e.g., 'Administrator', 'Content Editor')
-    displayName: text("display_name").notNull(),
-    // Role description
-    description: text("description"),
-    // Built-in role flag
-    // true: Core package roles (user, admin, superadmin) - cannot be deleted
-    // false: Custom or preset roles - can be deleted
-    isBuiltin: boolean("is_builtin").notNull().default(false),
-    // System role flag
-    // true: Defined in code (builtin or preset) - deletion restricted
-    // false: Runtime created custom role - fully manageable
-    isSystem: boolean("is_system").notNull().default(false),
-    // Active status
-    // false: Deactivated role (users cannot be assigned)
-    isActive: boolean("is_active").notNull().default(true),
-    // Priority level (higher = more privileged)
-    // superadmin: 100, admin: 80, user: 10
-    // Used for role hierarchy and conflict resolution
-    priority: integer("priority").notNull().default(10),
-    ...timestamps()
-  },
-  (table) => [
-    index("roles_name_idx").on(table.name),
-    index("roles_is_system_idx").on(table.isSystem),
-    index("roles_is_active_idx").on(table.isActive),
-    index("roles_is_builtin_idx").on(table.isBuiltin),
-    index("roles_priority_idx").on(table.priority)
-  ]
-);
-// src/server/entities/users.ts
-var users = authSchema.table(
-  "users",
-  {
-    // Identity
-    id: id2(),
-    // Email address (unique identifier)
-    // Used for: login, password reset, notifications
-    email: text2("email").unique(),
-    // Phone number in E.164 international format
-    // Format: +[country code][number] (e.g., +821012345678)
-    // Used for: SMS login, 2FA, notifications
-    phone: text2("phone").unique(),
-    // Authentication
-    // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)
-    // Nullable to support OAuth-only accounts
-    passwordHash: text2("password_hash"),
-    // Force password change on next login
-    // Use cases: initial setup, security breach, policy violation
-    passwordChangeRequired: boolean2("password_change_required").notNull().default(false),
-    // Authorization (Role-Based Access Control)
-    // Foreign key to roles table
-    // References built-in roles: user (default), admin, superadmin
-    // Can also reference custom roles created at runtime
-    roleId: bigint("role_id", { mode: "number" }).references(() => roles.id).notNull(),
-    // Account status
-    // - active: Normal operation (default)
-    // - inactive: Deactivated (user request, dormant)
-    // - suspended: Locked (security incident, ToS violation)
-    status: text2(
-      "status",
-      {
-        enum: ["active", "inactive", "suspended"]
-      }
-    ).notNull().default("active"),
-    // Verification timestamps
-    // null = unverified, timestamp = verified at this time
-    // Email verification (via verification code or magic link)
-    emailVerifiedAt: timestamp("email_verified_at", { withTimezone: true }),
-    // Phone verification (via SMS OTP)
-    phoneVerifiedAt: timestamp("phone_verified_at", { withTimezone: true }),
-    // Metadata
-    // Last successful login timestamp
-    // Used for: security auditing, dormant account detection
-    lastLoginAt: timestamp("last_login_at", { withTimezone: true }),
-    ...timestamps2()
-  },
-  (table) => [
-    // Database constraints
-    // Ensure at least one identifier exists (email OR phone)
-    check(
-      "email_or_phone_check",
-      sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`
-    ),
-    // Indexes for query optimization
-    index2("users_email_idx").on(table.email),
-    index2("users_phone_idx").on(table.phone),
-    index2("users_status_idx").on(table.status),
-    index2("users_role_id_idx").on(table.roleId)
-  ]
-);
-// src/server/entities/user-social-accounts.ts
-import { text as text3, timestamp as timestamp2, uniqueIndex } from "drizzle-orm/pg-core";
-import { id as id3, timestamps as timestamps3, foreignKey } from "@spfn/core/db";
-var userSocialAccounts = authSchema.table(
-  "user_social_accounts",
-  {
-    id: id3(),
-    // Foreign key to users
-    userId: foreignKey("user", () => users.id),
-    // Provider info
-    provider: text3(
-      "provider",
-      {
-        enum: ["google", "github", "kakao", "naver"]
-      }
-    ).notNull(),
-    providerUserId: text3("provider_user_id").notNull(),
-    providerEmail: text3("provider_email"),
-    // OAuth tokens (encrypted in production)
-    accessToken: text3("access_token"),
-    refreshToken: text3("refresh_token"),
-    tokenExpiresAt: timestamp2("token_expires_at", { withTimezone: true }),
-    ...timestamps3()
-  },
-  (table) => [
-    // Unique constraint: one provider account per provider
-    uniqueIndex("provider_user_unique_idx").on(table.provider, table.providerUserId)
-  ]
-);
-// src/server/entities/user-public-keys.ts
-import { text as text4, timestamp as timestamp3, boolean as boolean3, index as index3 } from "drizzle-orm/pg-core";
-import { id as id4, foreignKey as foreignKey2 } from "@spfn/core/db";
-var userPublicKeys = authSchema.table(
-  "user_public_keys",
-  {
-    id: id4(),
-    // User reference
-    userId: foreignKey2("user", () => users.id),
-    // Key identification (client-generated UUID)
-    keyId: text4("key_id").notNull().unique(),
-    // Public key in Base64-encoded DER format (SPKI)
-    publicKey: text4("public_key").notNull(),
-    // Algorithm used (ES256 recommended, RS256 fallback)
-    algorithm: text4("algorithm", {
-      enum: ["ES256", "RS256"]
-    }).notNull().default("ES256"),
-    // Key fingerprint (SHA-256 hash for quick identification)
-    fingerprint: text4("fingerprint").notNull(),
-    // Key status
-    isActive: boolean3("is_active").notNull().default(true),
-    // Timestamps
-    createdAt: timestamp3("created_at", { mode: "date", withTimezone: true }).notNull().defaultNow(),
-    lastUsedAt: timestamp3("last_used_at", { mode: "date", withTimezone: true }),
-    expiresAt: timestamp3("expires_at", { mode: "date", withTimezone: true }),
-    // Revocation
-    revokedAt: timestamp3("revoked_at", { mode: "date", withTimezone: true }),
-    revokedReason: text4("revoked_reason")
-  },
-  (table) => [
-    index3("user_public_keys_user_id_idx").on(table.userId),
-    index3("user_public_keys_key_id_idx").on(table.keyId),
-    index3("user_public_keys_active_idx").on(table.isActive),
-    index3("user_public_keys_fingerprint_idx").on(table.fingerprint)
-  ]
-);
-// src/server/entities/verification-codes.ts
-import { text as text5, timestamp as timestamp4, index as index4 } from "drizzle-orm/pg-core";
-import { id as id5, timestamps as timestamps4 } from "@spfn/core/db";
-var verificationCodes = authSchema.table(
-  "verification_codes",
-  {
-    id: id5(),
-    // Target (email or phone)
-    target: text5("target").notNull(),
-    // Email address or E.164 phone number
-    targetType: text5(
-      "target_type",
-      {
-        enum: ["email", "phone"]
-      }
-    ).notNull(),
-    // Code
-    code: text5("code").notNull(),
-    // 6-digit code by default (configurable)
-    // Purpose
-    purpose: text5(
-      "purpose",
-      {
-        enum: ["registration", "login", "password_reset", "email_change", "phone_change"]
-      }
-    ).notNull(),
-    // Expiry
-    expiresAt: timestamp4("expires_at", { withTimezone: true }).notNull(),
-    // Usage tracking
-    usedAt: timestamp4("used_at", { withTimezone: true }),
-    attempts: text5("attempts").notNull().default("0"),
-    // Track failed verification attempts
-    ...timestamps4()
-  },
-  (table) => [
-    // Index for quick lookup by target and purpose
-    index4("target_purpose_idx").on(table.target, table.purpose, table.expiresAt)
-  ]
-);
-// src/server/entities/invitations.ts
-import { text as text6, timestamp as timestamp5, bigint as bigint2, index as index5, jsonb } from "drizzle-orm/pg-core";
-import { id as id6, timestamps as timestamps5 } from "@spfn/core/db";
-var invitations = authSchema.table(
-  "user_invitations",
-  {
-    // Primary key
-    id: id6(),
-    // Target email address for the invitation
-    // Will become the user's email upon acceptance
-    email: text6("email").notNull(),
-    // Unique invitation token (UUID v4)
-    // Used in invitation URL: /auth/invite/{token}
-    // Single-use token that expires after acceptance
-    token: text6("token").notNull().unique(),
-    // Role to be assigned when invitation is accepted
-    // Foreign key to roles table
-    roleId: bigint2("role_id", { mode: "number" }).references(() => roles.id).notNull(),
-    // User who created this invitation
-    // Foreign key to users table
-    // Used for: audit trail, permission checks
-    invitedBy: bigint2("invited_by", { mode: "number" }).references(() => users.id).notNull(),
-    // Invitation status
-    // - pending: Invitation sent, awaiting acceptance
-    // - accepted: User accepted and account created
-    // - expired: Invitation expired (automatic)
-    // - cancelled: Invitation cancelled by admin
-    status: text6(
-      "status",
-      {
-        enum: ["pending", "accepted", "expired", "cancelled"]
-      }
-    ).notNull().default("pending"),
-    // Expiration timestamp (default: 7 days from creation)
-    // Invitation cannot be accepted after this time
-    // Background job should update status to 'expired'
-    expiresAt: timestamp5("expires_at", { withTimezone: true }).notNull(),
-    // Timestamp when invitation was accepted
-    // null = not yet accepted
-    // Used for: audit trail, analytics
-    acceptedAt: timestamp5("accepted_at", { withTimezone: true }),
-    // Timestamp when invitation was cancelled
-    // null = not cancelled
-    // Used for: audit trail
-    cancelledAt: timestamp5("cancelled_at", { withTimezone: true }),
-    // Additional metadata (JSONB)
-    // Use cases:
-    // - Custom welcome message
-    // - Onboarding instructions
-    // - Team/department assignment
-    // - Custom fields for app-specific data
-    // Example: { message: "Welcome!", department: "Engineering" }
-    metadata: jsonb("metadata"),
-    ...timestamps5()
-  },
-  (table) => [
-    // Indexes for query optimization
-    index5("invitations_token_idx").on(table.token),
-    index5("invitations_email_idx").on(table.email),
-    index5("invitations_status_idx").on(table.status),
-    index5("invitations_invited_by_idx").on(table.invitedBy),
-    index5("invitations_expires_at_idx").on(table.expiresAt),
-    // For cleanup jobs
-    index5("invitations_role_id_idx").on(table.roleId)
-  ]
-);
-// src/server/entities/permissions.ts
-import { text as text7, boolean as boolean4, index as index6 } from "drizzle-orm/pg-core";
-import { id as id7, timestamps as timestamps6 } from "@spfn/core/db";
-var permissions = authSchema.table(
-  "permissions",
-  {
-    // Primary key
-    id: id7(),
-    // Permission identifier (e.g., 'user:delete', 'post:publish')
-    // Format: resource:action or namespace:resource:action
-    // Must be unique
-    name: text7("name").notNull().unique(),
-    // Display name for UI
-    displayName: text7("display_name").notNull(),
-    // Permission description
-    description: text7("description"),
-    // Category for grouping (e.g., 'user', 'post', 'admin', 'system')
-    category: text7("category"),
-    // Built-in permission flag
-    // true: Core package permissions - cannot be deleted
-    // false: Custom or preset permissions
-    isBuiltin: boolean4("is_builtin").notNull().default(false),
-    // System permission flag
-    // true: Defined in code (builtin or preset)
-    // false: Runtime created custom permission
-    isSystem: boolean4("is_system").notNull().default(false),
-    // Active status
-    // false: Deactivated permission (not enforced)
-    isActive: boolean4("is_active").notNull().default(true),
-    ...timestamps6()
-  },
-  (table) => [
-    index6("permissions_name_idx").on(table.name),
-    index6("permissions_category_idx").on(table.category),
-    index6("permissions_is_system_idx").on(table.isSystem),
-    index6("permissions_is_active_idx").on(table.isActive),
-    index6("permissions_is_builtin_idx").on(table.isBuiltin)
-  ]
-);
-// src/server/entities/role-permissions.ts
-import { bigint as bigint3, index as index7, unique } from "drizzle-orm/pg-core";
-import { id as id8, timestamps as timestamps7 } from "@spfn/core/db";
-var rolePermissions = authSchema.table(
-  "role_permissions",
-  {
-    // Primary key
-    id: id8(),
-    // Foreign key to roles table
-    roleId: bigint3("role_id", { mode: "number" }).notNull().references(() => roles.id, { onDelete: "cascade" }),
-    // Foreign key to permissions table
-    permissionId: bigint3("permission_id", { mode: "number" }).notNull().references(() => permissions.id, { onDelete: "cascade" }),
-    ...timestamps7()
-  },
-  (table) => [
-    // Indexes for query performance
-    index7("role_permissions_role_id_idx").on(table.roleId),
-    index7("role_permissions_permission_id_idx").on(table.permissionId),
-    // Unique constraint: one role-permission pair only
-    unique("role_permissions_unique").on(table.roleId, table.permissionId)
-  ]
-);
-// src/server/entities/user-permissions.ts
-import { bigint as bigint4, boolean as boolean5, text as text8, timestamp as timestamp6, index as index8, unique as unique2 } from "drizzle-orm/pg-core";
-import { id as id9, timestamps as timestamps8 } from "@spfn/core/db";
-var userPermissions = authSchema.table(
-  "user_permissions",
-  {
-    // Primary key
-    id: id9(),
-    // Foreign key to users table
-    userId: bigint4("user_id", { mode: "number" }).notNull().references(() => users.id, { onDelete: "cascade" }),
-    // Foreign key to permissions table
-    permissionId: bigint4("permission_id", { mode: "number" }).notNull().references(() => permissions.id, { onDelete: "cascade" }),
-    // Grant or revoke
-    // true: Grant this permission (even if role doesn't have it)
-    // false: Revoke this permission (even if role has it)
-    granted: boolean5("granted").notNull().default(true),
-    // Reason for grant/revocation (audit trail)
-    reason: text8("reason"),
-    // Expiration timestamp (optional)
-    // null: Permanent override
-    // timestamp: Permission expires at this time
-    expiresAt: timestamp6("expires_at", { withTimezone: true }),
-    ...timestamps8()
-  },
-  (table) => [
-    // Indexes for query performance
-    index8("user_permissions_user_id_idx").on(table.userId),
-    index8("user_permissions_permission_id_idx").on(table.permissionId),
-    index8("user_permissions_expires_at_idx").on(table.expiresAt),
-    // Unique constraint: one user-permission pair only
-    unique2("user_permissions_unique").on(table.userId, table.permissionId)
-  ]
-);
-export {
-  authSchema,
-  invitations,
-  permissions,
-  rolePermissions,
-  roles,
-  userPermissions,
-  userPublicKeys,
-  userSocialAccounts,
-  users,
-  verificationCodes
-};
-//# sourceMappingURL=index.js.map

package/dist/server/entities/index.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../src/server/entities/schema.ts","../../../src/server/entities/users.ts","../../../src/server/entities/roles.ts","../../../src/server/entities/user-social-accounts.ts","../../../src/server/entities/user-public-keys.ts","../../../src/server/entities/verification-codes.ts","../../../src/server/entities/invitations.ts","../../../src/server/entities/permissions.ts","../../../src/server/entities/role-permissions.ts","../../../src/server/entities/user-permissions.ts"],"sourcesContent":["/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');","/**\n * @spfn/auth - Users Entity\n *\n * Main user table supporting multiple authentication methods\n *\n * Features:\n * - Email or phone-based registration\n * - Password authentication (bcrypt)\n * - OAuth support (nullable passwordHash)\n * - Role-based access control (RBAC)\n * - Account status management\n * - Email/phone verification\n */\n\nimport { text, timestamp, check, boolean, bigint, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { sql } from 'drizzle-orm';\nimport { roles } from './roles';\nimport { authSchema } from './schema';\n\nexport const users = authSchema.table('users',\n {\n // Identity\n id: id(),\n\n // Email address (unique identifier)\n // Used for: login, password reset, notifications\n email: text('email').unique(),\n\n // Phone number in E.164 international format\n // Format: +[country code][number] (e.g., +821012345678)\n // Used for: SMS login, 2FA, notifications\n phone: text('phone').unique(),\n\n // Authentication\n // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)\n // Nullable to support OAuth-only accounts\n passwordHash: text('password_hash'),\n\n // Force password change on next login\n // Use cases: initial setup, security breach, policy violation\n passwordChangeRequired: boolean('password_change_required').notNull().default(false),\n\n // Authorization (Role-Based Access Control)\n // Foreign key to roles table\n // References built-in roles: user (default), admin, superadmin\n // Can also reference custom roles created at runtime\n roleId: bigint('role_id', { mode: 'number' })\n .references(() => roles.id)\n .notNull(),\n\n // Account status\n // - active: Normal operation (default)\n // - inactive: Deactivated (user request, dormant)\n // - suspended: Locked (security incident, ToS violation)\n status: text(\n 'status',\n {\n enum: ['active', 'inactive', 'suspended']\n }\n ).notNull().default('active'),\n\n // Verification timestamps\n // null = unverified, timestamp = verified at this time\n // Email verification (via verification code or magic link)\n emailVerifiedAt: timestamp('email_verified_at', { withTimezone: true }),\n\n // Phone verification (via SMS OTP)\n phoneVerifiedAt: timestamp('phone_verified_at', { withTimezone: true }),\n\n // Metadata\n // Last successful login timestamp\n // Used for: security auditing, dormant account detection\n lastLoginAt: timestamp('last_login_at', { withTimezone: true }),\n\n ...timestamps(),\n },\n (table) => [\n // Database constraints\n // Ensure at least one identifier exists (email OR phone)\n check(\n 'email_or_phone_check',\n sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`\n ),\n\n // Indexes for query optimization\n index('users_email_idx').on(table.email),\n index('users_phone_idx').on(table.phone),\n index('users_status_idx').on(table.status),\n index('users_role_id_idx').on(table.roleId),\n ]\n);\n\n// Type exports\nexport type User = typeof users.$inferSelect;\nexport type NewUser = typeof users.$inferInsert;\nexport type UserStatus = 'active' | 'inactive' | 'suspended';\n\n// Helper type with computed verification status\nexport type UserWithVerification = User &\n{\n isEmailVerified: boolean;\n isPhoneVerified: boolean;\n};","/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const roles = authSchema.table('roles',\n {\n // Primary key\n id: id(),\n\n // Role identifier (used in code, e.g., 'admin', 'editor')\n // Must be unique, lowercase, kebab-case recommended\n name: text('name').notNull().unique(),\n\n // Display name for UI (e.g., 'Administrator', 'Content Editor')\n displayName: text('display_name').notNull(),\n\n // Role description\n description: text('description'),\n\n // Built-in role flag\n // true: Core package roles (user, admin, superadmin) - cannot be deleted\n // false: Custom or preset roles - can be deleted\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System role flag\n // true: Defined in code (builtin or preset) - deletion restricted\n // false: Runtime created custom role - fully manageable\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated role (users cannot be assigned)\n isActive: boolean('is_active').notNull().default(true),\n\n // Priority level (higher = more privileged)\n // superadmin: 100, admin: 80, user: 10\n // Used for role hierarchy and conflict resolution\n priority: integer('priority').notNull().default(10),\n\n ...timestamps(),\n },\n (table) => [\n index('roles_name_idx').on(table.name),\n index('roles_is_system_idx').on(table.isSystem),\n index('roles_is_active_idx').on(table.isActive),\n index('roles_is_builtin_idx').on(table.isBuiltin),\n index('roles_priority_idx').on(table.priority),\n ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - User Social Accounts Entity\n *\n * Stores OAuth connections for social login providers\n */\n\nimport { text, timestamp, uniqueIndex } from 'drizzle-orm/pg-core';\nimport { id, timestamps, foreignKey } from '@spfn/core/db';\nimport { users } from './users';\nimport { authSchema } from './schema';\n\nexport const userSocialAccounts = authSchema.table('user_social_accounts',\n {\n id: id(),\n\n // Foreign key to users\n userId: foreignKey('user', () => users.id),\n\n // Provider info\n provider: text(\n 'provider',\n {\n enum: ['google', 'github', 'kakao', 'naver']\n }\n ).notNull(),\n\n providerUserId: text('provider_user_id').notNull(),\n providerEmail: text('provider_email'),\n\n // OAuth tokens (encrypted in production)\n accessToken: text('access_token'),\n refreshToken: text('refresh_token'),\n tokenExpiresAt: timestamp('token_expires_at', { withTimezone: true }),\n\n ...timestamps(),\n },\n (table) => [\n // Unique constraint: one provider account per provider\n uniqueIndex('provider_user_unique_idx')\n .on(table.provider, table.providerUserId),\n ]\n);\n\n// Type exports\nexport type UserSocialAccount = typeof userSocialAccounts.$inferSelect;\nexport type NewUserSocialAccount = typeof userSocialAccounts.$inferInsert;\nexport type SocialProvider = 'google' | 'github' | 'kakao' | 'naver';","/**\n * @spfn/auth - User Public Keys Entity\n *\n * Stores client-generated public keys for JWT verification\n * Supports key rotation and multi-key management per user\n */\n\nimport { text, timestamp, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, foreignKey } from '@spfn/core/db';\nimport { users } from './users';\nimport { authSchema } from './schema';\n\n/**\n * User Public Keys Table\n * Each user can have multiple public keys (for rotation)\n */\nexport const userPublicKeys = authSchema.table(\n 'user_public_keys',\n {\n id: id(),\n\n // User reference\n userId: foreignKey('user', () => users.id),\n\n // Key identification (client-generated UUID)\n keyId: text('key_id').notNull().unique(),\n\n // Public key in Base64-encoded DER format (SPKI)\n publicKey: text('public_key').notNull(),\n\n // Algorithm used (ES256 recommended, RS256 fallback)\n algorithm: text('algorithm', {\n enum: ['ES256', 'RS256']\n }).notNull().default('ES256'),\n\n // Key fingerprint (SHA-256 hash for quick identification)\n fingerprint: text('fingerprint').notNull(),\n\n // Key status\n isActive: boolean('is_active').notNull().default(true),\n\n // Timestamps\n createdAt: timestamp('created_at', { mode: 'date', withTimezone: true })\n .notNull()\n .defaultNow(),\n\n lastUsedAt: timestamp('last_used_at', { mode: 'date', withTimezone: true }),\n\n expiresAt: timestamp('expires_at', { mode: 'date', withTimezone: true }),\n\n // Revocation\n revokedAt: timestamp('revoked_at', { mode: 'date', withTimezone: true }),\n revokedReason: text('revoked_reason'),\n },\n (table) => [\n index('user_public_keys_user_id_idx').on(table.userId),\n index('user_public_keys_key_id_idx').on(table.keyId),\n index('user_public_keys_active_idx').on(table.isActive),\n index('user_public_keys_fingerprint_idx').on(table.fingerprint),\n ]\n);\n\nexport type UserPublicKey = typeof userPublicKeys.$inferSelect;\nexport type NewUserPublicKey = typeof userPublicKeys.$inferInsert;","/**\n * @spfn/auth - Verification Codes Entity\n *\n * Stores verification codes for email and phone verification\n * Codes expire after a configurable time period\n */\n\nimport { text, timestamp, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const verificationCodes = authSchema.table('verification_codes',\n {\n id: id(),\n\n // Target (email or phone)\n target: text('target').notNull(), // Email address or E.164 phone number\n targetType: text(\n 'target_type',\n {\n enum: ['email', 'phone']\n }\n ).notNull(),\n\n // Code\n code: text('code').notNull(), // 6-digit code by default (configurable)\n\n // Purpose\n purpose: text(\n 'purpose',\n {\n enum: ['registration', 'login', 'password_reset', 'email_change', 'phone_change']\n }\n ).notNull(),\n\n // Expiry\n expiresAt: timestamp('expires_at', { withTimezone: true }).notNull(),\n\n // Usage tracking\n usedAt: timestamp('used_at', { withTimezone: true }),\n attempts: text('attempts').notNull().default('0'), // Track failed verification attempts\n\n ...timestamps(),\n },\n (table) => [\n // Index for quick lookup by target and purpose\n index('target_purpose_idx')\n .on(table.target, table.purpose, table.expiresAt),\n ]\n);\n\n// Type exports\nexport type VerificationCode = typeof verificationCodes.$inferSelect;\nexport type NewVerificationCode = typeof verificationCodes.$inferInsert;\nexport type VerificationTargetType = 'email' | 'phone';\nexport type VerificationPurpose = 'registration' | 'login' | 'password_reset' | 'email_change' | 'phone_change';","/**\n * @spfn/auth - User Invitations Entity\n *\n * Invitation system for invite-only user registration\n *\n * Features:\n * - Email-based invitations with unique tokens\n * - Role assignment at invitation time\n * - Expiration and status tracking\n * - Audit trail (who invited whom, when accepted)\n * - Metadata support for custom data\n */\n\nimport { text, timestamp, bigint, index, jsonb } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { roles } from './roles';\nimport { users } from './users';\nimport { authSchema } from './schema';\n\nexport const invitations = authSchema.table('user_invitations',\n {\n // Primary key\n id: id(),\n\n // Target email address for the invitation\n // Will become the user's email upon acceptance\n email: text('email').notNull(),\n\n // Unique invitation token (UUID v4)\n // Used in invitation URL: /auth/invite/{token}\n // Single-use token that expires after acceptance\n token: text('token').notNull().unique(),\n\n // Role to be assigned when invitation is accepted\n // Foreign key to roles table\n roleId: bigint('role_id', { mode: 'number' })\n .references(() => roles.id)\n .notNull(),\n\n // User who created this invitation\n // Foreign key to users table\n // Used for: audit trail, permission checks\n invitedBy: bigint('invited_by', { mode: 'number' })\n .references(() => users.id)\n .notNull(),\n\n // Invitation status\n // - pending: Invitation sent, awaiting acceptance\n // - accepted: User accepted and account created\n // - expired: Invitation expired (automatic)\n // - cancelled: Invitation cancelled by admin\n status: text(\n 'status',\n {\n enum: ['pending', 'accepted', 'expired', 'cancelled']\n }\n ).notNull().default('pending'),\n\n // Expiration timestamp (default: 7 days from creation)\n // Invitation cannot be accepted after this time\n // Background job should update status to 'expired'\n expiresAt: timestamp('expires_at', { withTimezone: true }).notNull(),\n\n // Timestamp when invitation was accepted\n // null = not yet accepted\n // Used for: audit trail, analytics\n acceptedAt: timestamp('accepted_at', { withTimezone: true }),\n\n // Timestamp when invitation was cancelled\n // null = not cancelled\n // Used for: audit trail\n cancelledAt: timestamp('cancelled_at', { withTimezone: true }),\n\n // Additional metadata (JSONB)\n // Use cases:\n // - Custom welcome message\n // - Onboarding instructions\n // - Team/department assignment\n // - Custom fields for app-specific data\n // Example: { message: \"Welcome!\", department: \"Engineering\" }\n metadata: jsonb('metadata'),\n\n ...timestamps(),\n },\n (table) => [\n // Indexes for query optimization\n index('invitations_token_idx').on(table.token),\n index('invitations_email_idx').on(table.email),\n index('invitations_status_idx').on(table.status),\n index('invitations_invited_by_idx').on(table.invitedBy),\n index('invitations_expires_at_idx').on(table.expiresAt), // For cleanup jobs\n index('invitations_role_id_idx').on(table.roleId),\n ]\n);\n\n// Type exports\nexport type Invitation = typeof invitations.$inferSelect;\nexport type NewInvitation = typeof invitations.$inferInsert;\nexport type InvitationStatus = 'pending' | 'accepted' | 'expired' | 'cancelled';\n\n// Helper type with joined data\nexport type InvitationWithDetails = Invitation &\n{\n role: {\n id: number;\n name: string;\n displayName: string;\n };\n inviter: {\n id: number;\n email: string | null;\n };\n};","/**\n * @spfn/auth - Permissions Entity\n *\n * Granular permissions for RBAC system\n *\n * Features:\n * - Built-in permissions (auth:*, user:*, rbac:*) - required for package\n * - System permissions (preset permissions) - optional\n * - Custom permissions (app-specific) - defined by developers\n * - Category grouping for organization\n */\n\nimport { text, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const permissions = authSchema.table('permissions',\n {\n // Primary key\n id: id(),\n\n // Permission identifier (e.g., 'user:delete', 'post:publish')\n // Format: resource:action or namespace:resource:action\n // Must be unique\n name: text('name').notNull().unique(),\n\n // Display name for UI\n displayName: text('display_name').notNull(),\n\n // Permission description\n description: text('description'),\n\n // Category for grouping (e.g., 'user', 'post', 'admin', 'system')\n category: text('category'),\n\n // Built-in permission flag\n // true: Core package permissions - cannot be deleted\n // false: Custom or preset permissions\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System permission flag\n // true: Defined in code (builtin or preset)\n // false: Runtime created custom permission\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated permission (not enforced)\n isActive: boolean('is_active').notNull().default(true),\n\n ...timestamps(),\n },\n (table) => [\n index('permissions_name_idx').on(table.name),\n index('permissions_category_idx').on(table.category),\n index('permissions_is_system_idx').on(table.isSystem),\n index('permissions_is_active_idx').on(table.isActive),\n index('permissions_is_builtin_idx').on(table.isBuiltin),\n ]\n);\n\n// Type exports\nexport type PermissionEntity = typeof permissions.$inferSelect;\nexport type NewPermissionEntity = typeof permissions.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Permission = PermissionEntity;\nexport type NewPermission = NewPermissionEntity;","/**\n * @spfn/auth - Role-Permissions Mapping Entity\n *\n * Many-to-many relationship between roles and permissions\n *\n * Usage:\n * - Defines which permissions each role has\n * - Cascade delete when role or permission is deleted\n */\n\nimport { bigint, index, unique } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { roles } from './roles';\nimport { permissions } from './permissions';\nimport { authSchema } from './schema';\n\nexport const rolePermissions = authSchema.table('role_permissions',\n {\n // Primary key\n id: id(),\n\n // Foreign key to roles table\n roleId: bigint('role_id', { mode: 'number' })\n .notNull()\n .references(() => roles.id, { onDelete: 'cascade' }),\n\n // Foreign key to permissions table\n permissionId: bigint('permission_id', { mode: 'number' })\n .notNull()\n .references(() => permissions.id, { onDelete: 'cascade' }),\n\n ...timestamps(),\n },\n (table) => [\n // Indexes for query performance\n index('role_permissions_role_id_idx').on(table.roleId),\n index('role_permissions_permission_id_idx').on(table.permissionId),\n\n // Unique constraint: one role-permission pair only\n unique('role_permissions_unique').on(table.roleId, table.permissionId),\n ]\n);\n\n// Type exports\nexport type RolePermission = typeof rolePermissions.$inferSelect;\nexport type NewRolePermission = typeof rolePermissions.$inferInsert;","/**\n * @spfn/auth - User-Permissions Override Entity\n *\n * Per-user permission grants/revocations\n *\n * Features:\n * - Grant additional permissions to specific users\n * - Revoke role-inherited permissions from specific users\n * - Temporary permissions with expiration\n * - Audit trail with reason field\n *\n * Priority:\n * User permissions override role permissions\n */\n\nimport { bigint, boolean, text, timestamp, index, unique } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { users } from './users';\nimport { permissions } from './permissions';\nimport { authSchema } from './schema';\n\nexport const userPermissions = authSchema.table('user_permissions',\n {\n // Primary key\n id: id(),\n\n // Foreign key to users table\n userId: bigint('user_id', { mode: 'number' })\n .notNull()\n .references(() => users.id, { onDelete: 'cascade' }),\n\n // Foreign key to permissions table\n permissionId: bigint('permission_id', { mode: 'number' })\n .notNull()\n .references(() => permissions.id, { onDelete: 'cascade' }),\n\n // Grant or revoke\n // true: Grant this permission (even if role doesn't have it)\n // false: Revoke this permission (even if role has it)\n granted: boolean('granted').notNull().default(true),\n\n // Reason for grant/revocation (audit trail)\n reason: text('reason'),\n\n // Expiration timestamp (optional)\n // null: Permanent override\n // timestamp: Permission expires at this time\n expiresAt: timestamp('expires_at', { withTimezone: true }),\n\n ...timestamps(),\n },\n (table) => [\n // Indexes for query performance\n index('user_permissions_user_id_idx').on(table.userId),\n index('user_permissions_permission_id_idx').on(table.permissionId),\n index('user_permissions_expires_at_idx').on(table.expiresAt),\n\n // Unique constraint: one user-permission pair only\n unique('user_permissions_unique').on(table.userId, table.permissionId),\n ]\n);\n\n// Type exports\nexport type UserPermission = typeof userPermissions.$inferSelect;\nexport type NewUserPermission = typeof userPermissions.$inferInsert;"],"mappings":";AAMA,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ACE3D,SAAS,QAAAA,OAAM,WAAW,OAAO,WAAAC,UAAS,QAAQ,SAAAC,cAAa;AAC/D,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAC/B,SAAS,WAAW;;;ACJpB,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,kBAAkB;AAGxB,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;;;ADvCO,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA,IAIP,OAAOC,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,OAAOA,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,cAAcA,MAAK,eAAe;AAAA;AAAA;AAAA,IAIlC,wBAAwBC,SAAQ,0BAA0B,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,IAMnF,QAAQ,OAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,IAMb,QAAQD;AAAA,MACJ;AAAA,MACA;AAAA,QACI,MAAM,CAAC,UAAU,YAAY,WAAW;AAAA,MAC5C;AAAA,IACJ,EAAE,QAAQ,EAAE,QAAQ,QAAQ;AAAA;AAAA;AAAA;AAAA,IAK5B,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA,IAGtE,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA,IAKtE,aAAa,UAAU,iBAAiB,EAAE,cAAc,KAAK,CAAC;AAAA,IAE9D,GAAGE,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA;AAAA,IAGP;AAAA,MACI;AAAA,MACA,MAAM,MAAM,KAAK,mBAAmB,MAAM,KAAK;AAAA,IACnD;AAAA;AAAA,IAGAC,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,kBAAkB,EAAE,GAAG,MAAM,MAAM;AAAA,IACzCA,OAAM,mBAAmB,EAAE,GAAG,MAAM,MAAM;AAAA,EAC9C;AACJ;;;AErFA,SAAS,QAAAC,OAAM,aAAAC,YAAW,mBAAmB;AAC7C,SAAS,MAAAC,KAAI,cAAAC,aAAY,kBAAkB;AAIpC,IAAM,qBAAqB,WAAW;AAAA,EAAM;AAAA,EAC/C;AAAA,IACI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQ,WAAW,QAAQ,MAAM,MAAM,EAAE;AAAA;AAAA,IAGzC,UAAUC;AAAA,MACN;AAAA,MACA;AAAA,QACI,MAAM,CAAC,UAAU,UAAU,SAAS,OAAO;AAAA,MAC/C;AAAA,IACJ,EAAE,QAAQ;AAAA,IAEV,gBAAgBA,MAAK,kBAAkB,EAAE,QAAQ;AAAA,IACjD,eAAeA,MAAK,gBAAgB;AAAA;AAAA,IAGpC,aAAaA,MAAK,cAAc;AAAA,IAChC,cAAcA,MAAK,eAAe;AAAA,IAClC,gBAAgBC,WAAU,oBAAoB,EAAE,cAAc,KAAK,CAAC;AAAA,IAEpE,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEP,YAAY,0BAA0B,EACjC,GAAG,MAAM,UAAU,MAAM,cAAc;AAAA,EAChD;AACJ;;;AClCA,SAAS,QAAAC,OAAM,aAAAC,YAAW,WAAAC,UAAS,SAAAC,cAAa;AAChD,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAQxB,IAAM,iBAAiB,WAAW;AAAA,EACrC;AAAA,EACA;AAAA,IACI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQC,YAAW,QAAQ,MAAM,MAAM,EAAE;AAAA;AAAA,IAGzC,OAAOC,MAAK,QAAQ,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGvC,WAAWA,MAAK,YAAY,EAAE,QAAQ;AAAA;AAAA,IAGtC,WAAWA,MAAK,aAAa;AAAA,MACzB,MAAM,CAAC,SAAS,OAAO;AAAA,IAC3B,CAAC,EAAE,QAAQ,EAAE,QAAQ,OAAO;AAAA;AAAA,IAG5B,aAAaA,MAAK,aAAa,EAAE,QAAQ;AAAA;AAAA,IAGzC,UAAUC,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA,IAGrD,WAAWC,WAAU,cAAc,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC,EAClE,QAAQ,EACR,WAAW;AAAA,IAEhB,YAAYA,WAAU,gBAAgB,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC;AAAA,IAE1E,WAAWA,WAAU,cAAc,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC;AAAA;AAAA,IAGvE,WAAWA,WAAU,cAAc,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC;AAAA,IACvE,eAAeF,MAAK,gBAAgB;AAAA,EACxC;AAAA,EACA,CAAC,UAAU;AAAA,IACPG,OAAM,8BAA8B,EAAE,GAAG,MAAM,MAAM;AAAA,IACrDA,OAAM,6BAA6B,EAAE,GAAG,MAAM,KAAK;AAAA,IACnDA,OAAM,6BAA6B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACtDA,OAAM,kCAAkC,EAAE,GAAG,MAAM,WAAW;AAAA,EAClE;AACJ;;;ACrDA,SAAS,QAAAC,OAAM,aAAAC,YAAW,SAAAC,cAAa;AACvC,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAGxB,IAAM,oBAAoB,WAAW;AAAA,EAAM;AAAA,EAC9C;AAAA,IACI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQC,MAAK,QAAQ,EAAE,QAAQ;AAAA;AAAA,IAC/B,YAAYA;AAAA,MACR;AAAA,MACA;AAAA,QACI,MAAM,CAAC,SAAS,OAAO;AAAA,MAC3B;AAAA,IACJ,EAAE,QAAQ;AAAA;AAAA,IAGV,MAAMA,MAAK,MAAM,EAAE,QAAQ;AAAA;AAAA;AAAA,IAG3B,SAASA;AAAA,MACL;AAAA,MACA;AAAA,QACI,MAAM,CAAC,gBAAgB,SAAS,kBAAkB,gBAAgB,cAAc;AAAA,MACpF;AAAA,IACJ,EAAE,QAAQ;AAAA;AAAA,IAGV,WAAWC,WAAU,cAAc,EAAE,cAAc,KAAK,CAAC,EAAE,QAAQ;AAAA;AAAA,IAGnE,QAAQA,WAAU,WAAW,EAAE,cAAc,KAAK,CAAC;AAAA,IACnD,UAAUD,MAAK,UAAU,EAAE,QAAQ,EAAE,QAAQ,GAAG;AAAA;AAAA,IAEhD,GAAGE,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,oBAAoB,EACrB,GAAG,MAAM,QAAQ,MAAM,SAAS,MAAM,SAAS;AAAA,EACxD;AACJ;;;ACpCA,SAAS,QAAAC,OAAM,aAAAC,YAAW,UAAAC,SAAQ,SAAAC,QAAO,aAAa;AACtD,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAKxB,IAAM,cAAc,WAAW;AAAA,EAAM;AAAA,EACxC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA,IAIP,OAAOC,MAAK,OAAO,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA,IAK7B,OAAOA,MAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA;AAAA,IAItC,QAAQC,QAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA,IAKb,WAAWA,QAAO,cAAc,EAAE,MAAM,SAAS,CAAC,EAC7C,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOb,QAAQD;AAAA,MACJ;AAAA,MACA;AAAA,QACI,MAAM,CAAC,WAAW,YAAY,WAAW,WAAW;AAAA,MACxD;AAAA,IACJ,EAAE,QAAQ,EAAE,QAAQ,SAAS;AAAA;AAAA;AAAA;AAAA,IAK7B,WAAWE,WAAU,cAAc,EAAE,cAAc,KAAK,CAAC,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA,IAKnE,YAAYA,WAAU,eAAe,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA,IAK3D,aAAaA,WAAU,gBAAgB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAS7D,UAAU,MAAM,UAAU;AAAA,IAE1B,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,uBAAuB,EAAE,GAAG,MAAM,KAAK;AAAA,IAC7CA,OAAM,uBAAuB,EAAE,GAAG,MAAM,KAAK;AAAA,IAC7CA,OAAM,wBAAwB,EAAE,GAAG,MAAM,MAAM;AAAA,IAC/CA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,IACtDA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA;AAAA,IACtDA,OAAM,yBAAyB,EAAE,GAAG,MAAM,MAAM;AAAA,EACpD;AACJ;;;ACjFA,SAAS,QAAAC,OAAM,WAAAC,UAAS,SAAAC,cAAa;AACrC,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAGxB,IAAM,cAAc,WAAW;AAAA,EAAM;AAAA,EACxC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA;AAAA,IAKP,MAAMC,MAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAaA,MAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAaA,MAAK,aAAa;AAAA;AAAA,IAG/B,UAAUA,MAAK,UAAU;AAAA;AAAA;AAAA;AAAA,IAKzB,WAAWC,SAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAUA,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAUA,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAErD,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACPC,OAAM,sBAAsB,EAAE,GAAG,MAAM,IAAI;AAAA,IAC3CA,OAAM,0BAA0B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACnDA,OAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpDA,OAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpDA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,EAC1D;AACJ;;;AChDA,SAAS,UAAAC,SAAQ,SAAAC,QAAO,cAAc;AACtC,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAKxB,IAAM,kBAAkB,WAAW;AAAA,EAAM;AAAA,EAC5C;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQC,QAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,QAAQ,EACR,WAAW,MAAM,MAAM,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA;AAAA,IAGvD,cAAcA,QAAO,iBAAiB,EAAE,MAAM,SAAS,CAAC,EACnD,QAAQ,EACR,WAAW,MAAM,YAAY,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IAE7D,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,8BAA8B,EAAE,GAAG,MAAM,MAAM;AAAA,IACrDA,OAAM,oCAAoC,EAAE,GAAG,MAAM,YAAY;AAAA;AAAA,IAGjE,OAAO,yBAAyB,EAAE,GAAG,MAAM,QAAQ,MAAM,YAAY;AAAA,EACzE;AACJ;;;AC1BA,SAAS,UAAAC,SAAQ,WAAAC,UAAS,QAAAC,OAAM,aAAAC,YAAW,SAAAC,QAAO,UAAAC,eAAc;AAChE,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAKxB,IAAM,kBAAkB,WAAW;AAAA,EAAM;AAAA,EAC5C;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQC,QAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,QAAQ,EACR,WAAW,MAAM,MAAM,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA;AAAA,IAGvD,cAAcA,QAAO,iBAAiB,EAAE,MAAM,SAAS,CAAC,EACnD,QAAQ,EACR,WAAW,MAAM,YAAY,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA;AAAA;AAAA;AAAA,IAK7D,SAASC,SAAQ,SAAS,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA,IAGlD,QAAQC,MAAK,QAAQ;AAAA;AAAA;AAAA;AAAA,IAKrB,WAAWC,WAAU,cAAc,EAAE,cAAc,KAAK,CAAC;AAAA,IAEzD,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,8BAA8B,EAAE,GAAG,MAAM,MAAM;AAAA,IACrDA,OAAM,oCAAoC,EAAE,GAAG,MAAM,YAAY;AAAA,IACjEA,OAAM,iCAAiC,EAAE,GAAG,MAAM,SAAS;AAAA;AAAA,IAG3DC,QAAO,yBAAyB,EAAE,GAAG,MAAM,QAAQ,MAAM,YAAY;AAAA,EACzE;AACJ;","names":["text","boolean","index","id","timestamps","id","text","boolean","timestamps","index","text","timestamp","id","timestamps","id","text","timestamp","timestamps","text","timestamp","boolean","index","id","foreignKey","id","foreignKey","text","boolean","timestamp","index","text","timestamp","index","id","timestamps","id","text","timestamp","timestamps","index","text","timestamp","bigint","index","id","timestamps","id","text","bigint","timestamp","timestamps","index","text","boolean","index","id","timestamps","id","text","boolean","timestamps","index","bigint","index","id","timestamps","id","bigint","timestamps","index","bigint","boolean","text","timestamp","index","unique","id","timestamps","id","bigint","boolean","text","timestamp","timestamps","index","unique"]}