npm - @spfn/auth - Versions diffs - 0.1.0-alpha.88 → 0.2.0-beta.1 - Mend

@spfn/auth 0.1.0-alpha.88 → 0.2.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (151) hide show

package/README.md +1385 -1199
package/dist/config.d.ts +405 -0
package/dist/config.js +240 -0
package/dist/config.js.map +1 -0
package/dist/dto-81uR9gzF.d.ts +630 -0
package/dist/errors.d.ts +196 -0
package/dist/errors.js +173 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +273 -14
package/dist/index.js +511 -6665
package/dist/index.js.map +1 -1
package/dist/nextjs/api.js +345 -0
package/dist/nextjs/api.js.map +1 -0
package/dist/{adapters/nextjs → nextjs}/server.d.ts +47 -65
package/dist/nextjs/server.js +179 -0
package/dist/nextjs/server.js.map +1 -0
package/dist/server.d.ts +4328 -529
package/dist/server.js +7841 -1247
package/dist/server.js.map +1 -1
package/migrations/{0000_skinny_christian_walker.sql → 0000_mysterious_colossus.sql} +53 -23
package/migrations/meta/0000_snapshot.json +281 -46
package/migrations/meta/_journal.json +2 -2
package/package.json +31 -31
package/dist/adapters/nextjs/api.d.ts +0 -446
package/dist/adapters/nextjs/api.js +0 -3279
package/dist/adapters/nextjs/api.js.map +0 -1
package/dist/adapters/nextjs/server.js +0 -3645
package/dist/adapters/nextjs/server.js.map +0 -1
package/dist/lib/api/auth-codes-verify.d.ts +0 -37
package/dist/lib/api/auth-codes-verify.js +0 -2949
package/dist/lib/api/auth-codes-verify.js.map +0 -1
package/dist/lib/api/auth-codes.d.ts +0 -37
package/dist/lib/api/auth-codes.js +0 -2949
package/dist/lib/api/auth-codes.js.map +0 -1
package/dist/lib/api/auth-exists.d.ts +0 -38
package/dist/lib/api/auth-exists.js +0 -2949
package/dist/lib/api/auth-exists.js.map +0 -1
package/dist/lib/api/auth-invitations-accept.d.ts +0 -38
package/dist/lib/api/auth-invitations-accept.js +0 -2883
package/dist/lib/api/auth-invitations-accept.js.map +0 -1
package/dist/lib/api/auth-invitations-cancel.d.ts +0 -37
package/dist/lib/api/auth-invitations-cancel.js +0 -2883
package/dist/lib/api/auth-invitations-cancel.js.map +0 -1
package/dist/lib/api/auth-invitations-delete.d.ts +0 -36
package/dist/lib/api/auth-invitations-delete.js +0 -2883
package/dist/lib/api/auth-invitations-delete.js.map +0 -1
package/dist/lib/api/auth-invitations-resend.d.ts +0 -37
package/dist/lib/api/auth-invitations-resend.js +0 -2883
package/dist/lib/api/auth-invitations-resend.js.map +0 -1
package/dist/lib/api/auth-invitations.d.ts +0 -109
package/dist/lib/api/auth-invitations.js +0 -2887
package/dist/lib/api/auth-invitations.js.map +0 -1
package/dist/lib/api/auth-keys-rotate.d.ts +0 -37
package/dist/lib/api/auth-keys-rotate.js +0 -2949
package/dist/lib/api/auth-keys-rotate.js.map +0 -1
package/dist/lib/api/auth-login.d.ts +0 -39
package/dist/lib/api/auth-login.js +0 -2949
package/dist/lib/api/auth-login.js.map +0 -1
package/dist/lib/api/auth-logout.d.ts +0 -36
package/dist/lib/api/auth-logout.js +0 -2949
package/dist/lib/api/auth-logout.js.map +0 -1
package/dist/lib/api/auth-me.d.ts +0 -50
package/dist/lib/api/auth-me.js +0 -2949
package/dist/lib/api/auth-me.js.map +0 -1
package/dist/lib/api/auth-password.d.ts +0 -36
package/dist/lib/api/auth-password.js +0 -2949
package/dist/lib/api/auth-password.js.map +0 -1
package/dist/lib/api/auth-register.d.ts +0 -38
package/dist/lib/api/auth-register.js +0 -2949
package/dist/lib/api/auth-register.js.map +0 -1
package/dist/lib/api/index.d.ts +0 -356
package/dist/lib/api/index.js +0 -3261
package/dist/lib/api/index.js.map +0 -1
package/dist/lib/config.d.ts +0 -70
package/dist/lib/config.js +0 -64
package/dist/lib/config.js.map +0 -1
package/dist/lib/contracts/auth.d.ts +0 -302
package/dist/lib/contracts/auth.js +0 -2951
package/dist/lib/contracts/auth.js.map +0 -1
package/dist/lib/contracts/index.d.ts +0 -3
package/dist/lib/contracts/index.js +0 -3190
package/dist/lib/contracts/index.js.map +0 -1
package/dist/lib/contracts/invitation.d.ts +0 -243
package/dist/lib/contracts/invitation.js +0 -2883
package/dist/lib/contracts/invitation.js.map +0 -1
package/dist/lib/crypto.d.ts +0 -76
package/dist/lib/crypto.js +0 -127
package/dist/lib/crypto.js.map +0 -1
package/dist/lib/index.d.ts +0 -4
package/dist/lib/index.js +0 -313
package/dist/lib/index.js.map +0 -1
package/dist/lib/session.d.ts +0 -68
package/dist/lib/session.js +0 -126
package/dist/lib/session.js.map +0 -1
package/dist/lib/types/api.d.ts +0 -45
package/dist/lib/types/api.js +0 -1
package/dist/lib/types/api.js.map +0 -1
package/dist/lib/types/index.d.ts +0 -3
package/dist/lib/types/index.js +0 -2647
package/dist/lib/types/index.js.map +0 -1
package/dist/lib/types/schemas.d.ts +0 -45
package/dist/lib/types/schemas.js +0 -2647
package/dist/lib/types/schemas.js.map +0 -1
package/dist/lib.js +0 -1
package/dist/lib.js.map +0 -1
package/dist/plugin.d.ts +0 -12
package/dist/plugin.js +0 -9083
package/dist/plugin.js.map +0 -1
package/dist/server/entities/index.d.ts +0 -11
package/dist/server/entities/index.js +0 -395
package/dist/server/entities/index.js.map +0 -1
package/dist/server/entities/invitations.d.ts +0 -241
package/dist/server/entities/invitations.js +0 -184
package/dist/server/entities/invitations.js.map +0 -1
package/dist/server/entities/permissions.d.ts +0 -196
package/dist/server/entities/permissions.js +0 -49
package/dist/server/entities/permissions.js.map +0 -1
package/dist/server/entities/role-permissions.d.ts +0 -107
package/dist/server/entities/role-permissions.js +0 -115
package/dist/server/entities/role-permissions.js.map +0 -1
package/dist/server/entities/roles.d.ts +0 -196
package/dist/server/entities/roles.js +0 -50
package/dist/server/entities/roles.js.map +0 -1
package/dist/server/entities/schema.d.ts +0 -14
package/dist/server/entities/schema.js +0 -7
package/dist/server/entities/schema.js.map +0 -1
package/dist/server/entities/user-permissions.d.ts +0 -163
package/dist/server/entities/user-permissions.js +0 -193
package/dist/server/entities/user-permissions.js.map +0 -1
package/dist/server/entities/user-public-keys.d.ts +0 -227
package/dist/server/entities/user-public-keys.js +0 -156
package/dist/server/entities/user-public-keys.js.map +0 -1
package/dist/server/entities/user-social-accounts.d.ts +0 -189
package/dist/server/entities/user-social-accounts.js +0 -149
package/dist/server/entities/user-social-accounts.js.map +0 -1
package/dist/server/entities/users.d.ts +0 -235
package/dist/server/entities/users.js +0 -117
package/dist/server/entities/users.js.map +0 -1
package/dist/server/entities/verification-codes.d.ts +0 -191
package/dist/server/entities/verification-codes.js +0 -49
package/dist/server/entities/verification-codes.js.map +0 -1
package/dist/server/routes/auth/index.d.ts +0 -10
package/dist/server/routes/auth/index.js +0 -4460
package/dist/server/routes/auth/index.js.map +0 -1
package/dist/server/routes/index.d.ts +0 -6
package/dist/server/routes/index.js +0 -6584
package/dist/server/routes/index.js.map +0 -1
package/dist/server/routes/invitations/index.d.ts +0 -10
package/dist/server/routes/invitations/index.js +0 -4395
package/dist/server/routes/invitations/index.js.map +0 -1
/package/dist/{lib.d.ts → nextjs/api.d.ts} +0 -0

package/dist/server/entities/invitations.d.ts DELETED Viewed

@@ -1,241 +0,0 @@
-import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
-/**
- * @spfn/auth - User Invitations Entity
- *
- * Invitation system for invite-only user registration
- *
- * Features:
- * - Email-based invitations with unique tokens
- * - Role assignment at invitation time
- * - Expiration and status tracking
- * - Audit trail (who invited whom, when accepted)
- * - Metadata support for custom data
- */
-declare const invitations: drizzle_orm_pg_core.PgTableWithColumns<{
-    name: "user_invitations";
-    schema: string;
-    columns: {
-        createdAt: drizzle_orm_pg_core.PgColumn<{
-            name: "created_at";
-            tableName: "user_invitations";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        updatedAt: drizzle_orm_pg_core.PgColumn<{
-            name: "updated_at";
-            tableName: "user_invitations";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        id: drizzle_orm_pg_core.PgColumn<{
-            name: "id";
-            tableName: "user_invitations";
-            dataType: "number";
-            columnType: "PgBigSerial53";
-            data: number;
-            driverParam: number;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: true;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        email: drizzle_orm_pg_core.PgColumn<{
-            name: "email";
-            tableName: "user_invitations";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        token: drizzle_orm_pg_core.PgColumn<{
-            name: "token";
-            tableName: "user_invitations";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        roleId: drizzle_orm_pg_core.PgColumn<{
-            name: "role_id";
-            tableName: "user_invitations";
-            dataType: "number";
-            columnType: "PgBigInt53";
-            data: number;
-            driverParam: string | number;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        invitedBy: drizzle_orm_pg_core.PgColumn<{
-            name: "invited_by";
-            tableName: "user_invitations";
-            dataType: "number";
-            columnType: "PgBigInt53";
-            data: number;
-            driverParam: string | number;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        status: drizzle_orm_pg_core.PgColumn<{
-            name: "status";
-            tableName: "user_invitations";
-            dataType: "string";
-            columnType: "PgText";
-            data: "pending" | "accepted" | "expired" | "cancelled";
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: ["pending", "accepted", "expired", "cancelled"];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        expiresAt: drizzle_orm_pg_core.PgColumn<{
-            name: "expires_at";
-            tableName: "user_invitations";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        acceptedAt: drizzle_orm_pg_core.PgColumn<{
-            name: "accepted_at";
-            tableName: "user_invitations";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        cancelledAt: drizzle_orm_pg_core.PgColumn<{
-            name: "cancelled_at";
-            tableName: "user_invitations";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        metadata: drizzle_orm_pg_core.PgColumn<{
-            name: "metadata";
-            tableName: "user_invitations";
-            dataType: "json";
-            columnType: "PgJsonb";
-            data: unknown;
-            driverParam: unknown;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-    };
-    dialect: "pg";
-}>;
-type Invitation = typeof invitations.$inferSelect;
-type NewInvitation = typeof invitations.$inferInsert;
-type InvitationStatus = 'pending' | 'accepted' | 'expired' | 'cancelled';
-type InvitationWithDetails = Invitation & {
-    role: {
-        id: number;
-        name: string;
-        displayName: string;
-    };
-    inviter: {
-        id: number;
-        email: string | null;
-    };
-};
-export { type Invitation, type InvitationStatus, type InvitationWithDetails, type NewInvitation, invitations };

package/dist/server/entities/invitations.js DELETED Viewed

@@ -1,184 +0,0 @@
-// src/server/entities/invitations.ts
-import { text as text3, timestamp as timestamp2, bigint as bigint2, index as index3, jsonb } from "drizzle-orm/pg-core";
-import { id as id3, timestamps as timestamps3 } from "@spfn/core/db";
-// src/server/entities/roles.ts
-import { text, boolean, integer, index } from "drizzle-orm/pg-core";
-import { id, timestamps } from "@spfn/core/db";
-// src/server/entities/schema.ts
-import { createFunctionSchema } from "@spfn/core/db";
-var authSchema = createFunctionSchema("@spfn/auth");
-// src/server/entities/roles.ts
-var roles = authSchema.table(
-  "roles",
-  {
-    // Primary key
-    id: id(),
-    // Role identifier (used in code, e.g., 'admin', 'editor')
-    // Must be unique, lowercase, kebab-case recommended
-    name: text("name").notNull().unique(),
-    // Display name for UI (e.g., 'Administrator', 'Content Editor')
-    displayName: text("display_name").notNull(),
-    // Role description
-    description: text("description"),
-    // Built-in role flag
-    // true: Core package roles (user, admin, superadmin) - cannot be deleted
-    // false: Custom or preset roles - can be deleted
-    isBuiltin: boolean("is_builtin").notNull().default(false),
-    // System role flag
-    // true: Defined in code (builtin or preset) - deletion restricted
-    // false: Runtime created custom role - fully manageable
-    isSystem: boolean("is_system").notNull().default(false),
-    // Active status
-    // false: Deactivated role (users cannot be assigned)
-    isActive: boolean("is_active").notNull().default(true),
-    // Priority level (higher = more privileged)
-    // superadmin: 100, admin: 80, user: 10
-    // Used for role hierarchy and conflict resolution
-    priority: integer("priority").notNull().default(10),
-    ...timestamps()
-  },
-  (table) => [
-    index("roles_name_idx").on(table.name),
-    index("roles_is_system_idx").on(table.isSystem),
-    index("roles_is_active_idx").on(table.isActive),
-    index("roles_is_builtin_idx").on(table.isBuiltin),
-    index("roles_priority_idx").on(table.priority)
-  ]
-);
-// src/server/entities/users.ts
-import { text as text2, timestamp, check, boolean as boolean2, bigint, index as index2 } from "drizzle-orm/pg-core";
-import { id as id2, timestamps as timestamps2 } from "@spfn/core/db";
-import { sql } from "drizzle-orm";
-var users = authSchema.table(
-  "users",
-  {
-    // Identity
-    id: id2(),
-    // Email address (unique identifier)
-    // Used for: login, password reset, notifications
-    email: text2("email").unique(),
-    // Phone number in E.164 international format
-    // Format: +[country code][number] (e.g., +821012345678)
-    // Used for: SMS login, 2FA, notifications
-    phone: text2("phone").unique(),
-    // Authentication
-    // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)
-    // Nullable to support OAuth-only accounts
-    passwordHash: text2("password_hash"),
-    // Force password change on next login
-    // Use cases: initial setup, security breach, policy violation
-    passwordChangeRequired: boolean2("password_change_required").notNull().default(false),
-    // Authorization (Role-Based Access Control)
-    // Foreign key to roles table
-    // References built-in roles: user (default), admin, superadmin
-    // Can also reference custom roles created at runtime
-    roleId: bigint("role_id", { mode: "number" }).references(() => roles.id).notNull(),
-    // Account status
-    // - active: Normal operation (default)
-    // - inactive: Deactivated (user request, dormant)
-    // - suspended: Locked (security incident, ToS violation)
-    status: text2(
-      "status",
-      {
-        enum: ["active", "inactive", "suspended"]
-      }
-    ).notNull().default("active"),
-    // Verification timestamps
-    // null = unverified, timestamp = verified at this time
-    // Email verification (via verification code or magic link)
-    emailVerifiedAt: timestamp("email_verified_at", { withTimezone: true }),
-    // Phone verification (via SMS OTP)
-    phoneVerifiedAt: timestamp("phone_verified_at", { withTimezone: true }),
-    // Metadata
-    // Last successful login timestamp
-    // Used for: security auditing, dormant account detection
-    lastLoginAt: timestamp("last_login_at", { withTimezone: true }),
-    ...timestamps2()
-  },
-  (table) => [
-    // Database constraints
-    // Ensure at least one identifier exists (email OR phone)
-    check(
-      "email_or_phone_check",
-      sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`
-    ),
-    // Indexes for query optimization
-    index2("users_email_idx").on(table.email),
-    index2("users_phone_idx").on(table.phone),
-    index2("users_status_idx").on(table.status),
-    index2("users_role_id_idx").on(table.roleId)
-  ]
-);
-// src/server/entities/invitations.ts
-var invitations = authSchema.table(
-  "user_invitations",
-  {
-    // Primary key
-    id: id3(),
-    // Target email address for the invitation
-    // Will become the user's email upon acceptance
-    email: text3("email").notNull(),
-    // Unique invitation token (UUID v4)
-    // Used in invitation URL: /auth/invite/{token}
-    // Single-use token that expires after acceptance
-    token: text3("token").notNull().unique(),
-    // Role to be assigned when invitation is accepted
-    // Foreign key to roles table
-    roleId: bigint2("role_id", { mode: "number" }).references(() => roles.id).notNull(),
-    // User who created this invitation
-    // Foreign key to users table
-    // Used for: audit trail, permission checks
-    invitedBy: bigint2("invited_by", { mode: "number" }).references(() => users.id).notNull(),
-    // Invitation status
-    // - pending: Invitation sent, awaiting acceptance
-    // - accepted: User accepted and account created
-    // - expired: Invitation expired (automatic)
-    // - cancelled: Invitation cancelled by admin
-    status: text3(
-      "status",
-      {
-        enum: ["pending", "accepted", "expired", "cancelled"]
-      }
-    ).notNull().default("pending"),
-    // Expiration timestamp (default: 7 days from creation)
-    // Invitation cannot be accepted after this time
-    // Background job should update status to 'expired'
-    expiresAt: timestamp2("expires_at", { withTimezone: true }).notNull(),
-    // Timestamp when invitation was accepted
-    // null = not yet accepted
-    // Used for: audit trail, analytics
-    acceptedAt: timestamp2("accepted_at", { withTimezone: true }),
-    // Timestamp when invitation was cancelled
-    // null = not cancelled
-    // Used for: audit trail
-    cancelledAt: timestamp2("cancelled_at", { withTimezone: true }),
-    // Additional metadata (JSONB)
-    // Use cases:
-    // - Custom welcome message
-    // - Onboarding instructions
-    // - Team/department assignment
-    // - Custom fields for app-specific data
-    // Example: { message: "Welcome!", department: "Engineering" }
-    metadata: jsonb("metadata"),
-    ...timestamps3()
-  },
-  (table) => [
-    // Indexes for query optimization
-    index3("invitations_token_idx").on(table.token),
-    index3("invitations_email_idx").on(table.email),
-    index3("invitations_status_idx").on(table.status),
-    index3("invitations_invited_by_idx").on(table.invitedBy),
-    index3("invitations_expires_at_idx").on(table.expiresAt),
-    // For cleanup jobs
-    index3("invitations_role_id_idx").on(table.roleId)
-  ]
-);
-export {
-  invitations
-};
-//# sourceMappingURL=invitations.js.map

package/dist/server/entities/invitations.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"sources":["../../../src/server/entities/invitations.ts","../../../src/server/entities/roles.ts","../../../src/server/entities/schema.ts","../../../src/server/entities/users.ts"],"sourcesContent":["/**\n * @spfn/auth - User Invitations Entity\n *\n * Invitation system for invite-only user registration\n *\n * Features:\n * - Email-based invitations with unique tokens\n * - Role assignment at invitation time\n * - Expiration and status tracking\n * - Audit trail (who invited whom, when accepted)\n * - Metadata support for custom data\n */\n\nimport { text, timestamp, bigint, index, jsonb } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { roles } from './roles';\nimport { users } from './users';\nimport { authSchema } from './schema';\n\nexport const invitations = authSchema.table('user_invitations',\n {\n // Primary key\n id: id(),\n\n // Target email address for the invitation\n // Will become the user's email upon acceptance\n email: text('email').notNull(),\n\n // Unique invitation token (UUID v4)\n // Used in invitation URL: /auth/invite/{token}\n // Single-use token that expires after acceptance\n token: text('token').notNull().unique(),\n\n // Role to be assigned when invitation is accepted\n // Foreign key to roles table\n roleId: bigint('role_id', { mode: 'number' })\n .references(() => roles.id)\n .notNull(),\n\n // User who created this invitation\n // Foreign key to users table\n // Used for: audit trail, permission checks\n invitedBy: bigint('invited_by', { mode: 'number' })\n .references(() => users.id)\n .notNull(),\n\n // Invitation status\n // - pending: Invitation sent, awaiting acceptance\n // - accepted: User accepted and account created\n // - expired: Invitation expired (automatic)\n // - cancelled: Invitation cancelled by admin\n status: text(\n 'status',\n {\n enum: ['pending', 'accepted', 'expired', 'cancelled']\n }\n ).notNull().default('pending'),\n\n // Expiration timestamp (default: 7 days from creation)\n // Invitation cannot be accepted after this time\n // Background job should update status to 'expired'\n expiresAt: timestamp('expires_at', { withTimezone: true }).notNull(),\n\n // Timestamp when invitation was accepted\n // null = not yet accepted\n // Used for: audit trail, analytics\n acceptedAt: timestamp('accepted_at', { withTimezone: true }),\n\n // Timestamp when invitation was cancelled\n // null = not cancelled\n // Used for: audit trail\n cancelledAt: timestamp('cancelled_at', { withTimezone: true }),\n\n // Additional metadata (JSONB)\n // Use cases:\n // - Custom welcome message\n // - Onboarding instructions\n // - Team/department assignment\n // - Custom fields for app-specific data\n // Example: { message: \"Welcome!\", department: \"Engineering\" }\n metadata: jsonb('metadata'),\n\n ...timestamps(),\n },\n (table) => [\n // Indexes for query optimization\n index('invitations_token_idx').on(table.token),\n index('invitations_email_idx').on(table.email),\n index('invitations_status_idx').on(table.status),\n index('invitations_invited_by_idx').on(table.invitedBy),\n index('invitations_expires_at_idx').on(table.expiresAt), // For cleanup jobs\n index('invitations_role_id_idx').on(table.roleId),\n ]\n);\n\n// Type exports\nexport type Invitation = typeof invitations.$inferSelect;\nexport type NewInvitation = typeof invitations.$inferInsert;\nexport type InvitationStatus = 'pending' | 'accepted' | 'expired' | 'cancelled';\n\n// Helper type with joined data\nexport type InvitationWithDetails = Invitation &\n{\n role: {\n id: number;\n name: string;\n displayName: string;\n };\n inviter: {\n id: number;\n email: string | null;\n };\n};","/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const roles = authSchema.table('roles',\n {\n // Primary key\n id: id(),\n\n // Role identifier (used in code, e.g., 'admin', 'editor')\n // Must be unique, lowercase, kebab-case recommended\n name: text('name').notNull().unique(),\n\n // Display name for UI (e.g., 'Administrator', 'Content Editor')\n displayName: text('display_name').notNull(),\n\n // Role description\n description: text('description'),\n\n // Built-in role flag\n // true: Core package roles (user, admin, superadmin) - cannot be deleted\n // false: Custom or preset roles - can be deleted\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System role flag\n // true: Defined in code (builtin or preset) - deletion restricted\n // false: Runtime created custom role - fully manageable\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated role (users cannot be assigned)\n isActive: boolean('is_active').notNull().default(true),\n\n // Priority level (higher = more privileged)\n // superadmin: 100, admin: 80, user: 10\n // Used for role hierarchy and conflict resolution\n priority: integer('priority').notNull().default(10),\n\n ...timestamps(),\n },\n (table) => [\n index('roles_name_idx').on(table.name),\n index('roles_is_system_idx').on(table.isSystem),\n index('roles_is_active_idx').on(table.isActive),\n index('roles_is_builtin_idx').on(table.isBuiltin),\n index('roles_priority_idx').on(table.priority),\n ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');","/**\n * @spfn/auth - Users Entity\n *\n * Main user table supporting multiple authentication methods\n *\n * Features:\n * - Email or phone-based registration\n * - Password authentication (bcrypt)\n * - OAuth support (nullable passwordHash)\n * - Role-based access control (RBAC)\n * - Account status management\n * - Email/phone verification\n */\n\nimport { text, timestamp, check, boolean, bigint, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { sql } from 'drizzle-orm';\nimport { roles } from './roles';\nimport { authSchema } from './schema';\n\nexport const users = authSchema.table('users',\n {\n // Identity\n id: id(),\n\n // Email address (unique identifier)\n // Used for: login, password reset, notifications\n email: text('email').unique(),\n\n // Phone number in E.164 international format\n // Format: +[country code][number] (e.g., +821012345678)\n // Used for: SMS login, 2FA, notifications\n phone: text('phone').unique(),\n\n // Authentication\n // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)\n // Nullable to support OAuth-only accounts\n passwordHash: text('password_hash'),\n\n // Force password change on next login\n // Use cases: initial setup, security breach, policy violation\n passwordChangeRequired: boolean('password_change_required').notNull().default(false),\n\n // Authorization (Role-Based Access Control)\n // Foreign key to roles table\n // References built-in roles: user (default), admin, superadmin\n // Can also reference custom roles created at runtime\n roleId: bigint('role_id', { mode: 'number' })\n .references(() => roles.id)\n .notNull(),\n\n // Account status\n // - active: Normal operation (default)\n // - inactive: Deactivated (user request, dormant)\n // - suspended: Locked (security incident, ToS violation)\n status: text(\n 'status',\n {\n enum: ['active', 'inactive', 'suspended']\n }\n ).notNull().default('active'),\n\n // Verification timestamps\n // null = unverified, timestamp = verified at this time\n // Email verification (via verification code or magic link)\n emailVerifiedAt: timestamp('email_verified_at', { withTimezone: true }),\n\n // Phone verification (via SMS OTP)\n phoneVerifiedAt: timestamp('phone_verified_at', { withTimezone: true }),\n\n // Metadata\n // Last successful login timestamp\n // Used for: security auditing, dormant account detection\n lastLoginAt: timestamp('last_login_at', { withTimezone: true }),\n\n ...timestamps(),\n },\n (table) => [\n // Database constraints\n // Ensure at least one identifier exists (email OR phone)\n check(\n 'email_or_phone_check',\n sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`\n ),\n\n // Indexes for query optimization\n index('users_email_idx').on(table.email),\n index('users_phone_idx').on(table.phone),\n index('users_status_idx').on(table.status),\n index('users_role_id_idx').on(table.roleId),\n ]\n);\n\n// Type exports\nexport type User = typeof users.$inferSelect;\nexport type NewUser = typeof users.$inferInsert;\nexport type UserStatus = 'active' | 'inactive' | 'suspended';\n\n// Helper type with computed verification status\nexport type UserWithVerification = User &\n{\n isEmailVerified: boolean;\n isPhoneVerified: boolean;\n};"],"mappings":";AAaA,SAAS,QAAAA,OAAM,aAAAC,YAAW,UAAAC,SAAQ,SAAAC,QAAO,aAAa;AACtD,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;;;ACF/B,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,kBAAkB;;;ACP/B,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ADIpD,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;;;AE7CA,SAAS,QAAAC,OAAM,WAAW,OAAO,WAAAC,UAAS,QAAQ,SAAAC,cAAa;AAC/D,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAC/B,SAAS,WAAW;AAIb,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA,IAIP,OAAOC,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,OAAOA,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,cAAcA,MAAK,eAAe;AAAA;AAAA;AAAA,IAIlC,wBAAwBC,SAAQ,0BAA0B,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,IAMnF,QAAQ,OAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,IAMb,QAAQD;AAAA,MACJ;AAAA,MACA;AAAA,QACI,MAAM,CAAC,UAAU,YAAY,WAAW;AAAA,MAC5C;AAAA,IACJ,EAAE,QAAQ,EAAE,QAAQ,QAAQ;AAAA;AAAA;AAAA;AAAA,IAK5B,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA,IAGtE,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA,IAKtE,aAAa,UAAU,iBAAiB,EAAE,cAAc,KAAK,CAAC;AAAA,IAE9D,GAAGE,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA;AAAA,IAGP;AAAA,MACI;AAAA,MACA,MAAM,MAAM,KAAK,mBAAmB,MAAM,KAAK;AAAA,IACnD;AAAA;AAAA,IAGAC,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,kBAAkB,EAAE,GAAG,MAAM,MAAM;AAAA,IACzCA,OAAM,mBAAmB,EAAE,GAAG,MAAM,MAAM;AAAA,EAC9C;AACJ;;;AHxEO,IAAM,cAAc,WAAW;AAAA,EAAM;AAAA,EACxC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA,IAIP,OAAOC,MAAK,OAAO,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA,IAK7B,OAAOA,MAAK,OAAO,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA;AAAA,IAItC,QAAQC,QAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA,IAKb,WAAWA,QAAO,cAAc,EAAE,MAAM,SAAS,CAAC,EAC7C,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOb,QAAQD;AAAA,MACJ;AAAA,MACA;AAAA,QACI,MAAM,CAAC,WAAW,YAAY,WAAW,WAAW;AAAA,MACxD;AAAA,IACJ,EAAE,QAAQ,EAAE,QAAQ,SAAS;AAAA;AAAA;AAAA;AAAA,IAK7B,WAAWE,WAAU,cAAc,EAAE,cAAc,KAAK,CAAC,EAAE,QAAQ;AAAA;AAAA;AAAA;AAAA,IAKnE,YAAYA,WAAU,eAAe,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA,IAK3D,aAAaA,WAAU,gBAAgB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAS7D,UAAU,MAAM,UAAU;AAAA,IAE1B,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,uBAAuB,EAAE,GAAG,MAAM,KAAK;AAAA,IAC7CA,OAAM,uBAAuB,EAAE,GAAG,MAAM,KAAK;AAAA,IAC7CA,OAAM,wBAAwB,EAAE,GAAG,MAAM,MAAM;AAAA,IAC/CA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,IACtDA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA;AAAA,IACtDA,OAAM,yBAAyB,EAAE,GAAG,MAAM,MAAM;AAAA,EACpD;AACJ;","names":["text","timestamp","bigint","index","id","timestamps","text","boolean","index","id","timestamps","id","text","boolean","timestamps","index","id","text","bigint","timestamp","timestamps","index"]}

package/dist/server/entities/permissions.d.ts DELETED Viewed

@@ -1,196 +0,0 @@
-import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
-/**
- * @spfn/auth - Permissions Entity
- *
- * Granular permissions for RBAC system
- *
- * Features:
- * - Built-in permissions (auth:*, user:*, rbac:*) - required for package
- * - System permissions (preset permissions) - optional
- * - Custom permissions (app-specific) - defined by developers
- * - Category grouping for organization
- */
-declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
-    name: "permissions";
-    schema: string;
-    columns: {
-        createdAt: drizzle_orm_pg_core.PgColumn<{
-            name: "created_at";
-            tableName: "permissions";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        updatedAt: drizzle_orm_pg_core.PgColumn<{
-            name: "updated_at";
-            tableName: "permissions";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        id: drizzle_orm_pg_core.PgColumn<{
-            name: "id";
-            tableName: "permissions";
-            dataType: "number";
-            columnType: "PgBigSerial53";
-            data: number;
-            driverParam: number;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: true;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        name: drizzle_orm_pg_core.PgColumn<{
-            name: "name";
-            tableName: "permissions";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        displayName: drizzle_orm_pg_core.PgColumn<{
-            name: "display_name";
-            tableName: "permissions";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        description: drizzle_orm_pg_core.PgColumn<{
-            name: "description";
-            tableName: "permissions";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        category: drizzle_orm_pg_core.PgColumn<{
-            name: "category";
-            tableName: "permissions";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        isBuiltin: drizzle_orm_pg_core.PgColumn<{
-            name: "is_builtin";
-            tableName: "permissions";
-            dataType: "boolean";
-            columnType: "PgBoolean";
-            data: boolean;
-            driverParam: boolean;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        isSystem: drizzle_orm_pg_core.PgColumn<{
-            name: "is_system";
-            tableName: "permissions";
-            dataType: "boolean";
-            columnType: "PgBoolean";
-            data: boolean;
-            driverParam: boolean;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        isActive: drizzle_orm_pg_core.PgColumn<{
-            name: "is_active";
-            tableName: "permissions";
-            dataType: "boolean";
-            columnType: "PgBoolean";
-            data: boolean;
-            driverParam: boolean;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-    };
-    dialect: "pg";
-}>;
-type PermissionEntity = typeof permissions.$inferSelect;
-type NewPermissionEntity = typeof permissions.$inferInsert;
-type Permission = PermissionEntity;
-type NewPermission = NewPermissionEntity;
-export { type NewPermission, type NewPermissionEntity, type Permission, type PermissionEntity, permissions };