@spfn/auth 0.1.0-alpha.88 → 0.2.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1385 -1199
- package/dist/config.d.ts +405 -0
- package/dist/config.js +240 -0
- package/dist/config.js.map +1 -0
- package/dist/dto-81uR9gzF.d.ts +630 -0
- package/dist/errors.d.ts +196 -0
- package/dist/errors.js +173 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +273 -14
- package/dist/index.js +511 -6665
- package/dist/index.js.map +1 -1
- package/dist/nextjs/api.js +345 -0
- package/dist/nextjs/api.js.map +1 -0
- package/dist/{adapters/nextjs → nextjs}/server.d.ts +47 -65
- package/dist/nextjs/server.js +179 -0
- package/dist/nextjs/server.js.map +1 -0
- package/dist/server.d.ts +4328 -529
- package/dist/server.js +7841 -1247
- package/dist/server.js.map +1 -1
- package/migrations/{0000_skinny_christian_walker.sql → 0000_mysterious_colossus.sql} +53 -23
- package/migrations/meta/0000_snapshot.json +281 -46
- package/migrations/meta/_journal.json +2 -2
- package/package.json +31 -31
- package/dist/adapters/nextjs/api.d.ts +0 -446
- package/dist/adapters/nextjs/api.js +0 -3279
- package/dist/adapters/nextjs/api.js.map +0 -1
- package/dist/adapters/nextjs/server.js +0 -3645
- package/dist/adapters/nextjs/server.js.map +0 -1
- package/dist/lib/api/auth-codes-verify.d.ts +0 -37
- package/dist/lib/api/auth-codes-verify.js +0 -2949
- package/dist/lib/api/auth-codes-verify.js.map +0 -1
- package/dist/lib/api/auth-codes.d.ts +0 -37
- package/dist/lib/api/auth-codes.js +0 -2949
- package/dist/lib/api/auth-codes.js.map +0 -1
- package/dist/lib/api/auth-exists.d.ts +0 -38
- package/dist/lib/api/auth-exists.js +0 -2949
- package/dist/lib/api/auth-exists.js.map +0 -1
- package/dist/lib/api/auth-invitations-accept.d.ts +0 -38
- package/dist/lib/api/auth-invitations-accept.js +0 -2883
- package/dist/lib/api/auth-invitations-accept.js.map +0 -1
- package/dist/lib/api/auth-invitations-cancel.d.ts +0 -37
- package/dist/lib/api/auth-invitations-cancel.js +0 -2883
- package/dist/lib/api/auth-invitations-cancel.js.map +0 -1
- package/dist/lib/api/auth-invitations-delete.d.ts +0 -36
- package/dist/lib/api/auth-invitations-delete.js +0 -2883
- package/dist/lib/api/auth-invitations-delete.js.map +0 -1
- package/dist/lib/api/auth-invitations-resend.d.ts +0 -37
- package/dist/lib/api/auth-invitations-resend.js +0 -2883
- package/dist/lib/api/auth-invitations-resend.js.map +0 -1
- package/dist/lib/api/auth-invitations.d.ts +0 -109
- package/dist/lib/api/auth-invitations.js +0 -2887
- package/dist/lib/api/auth-invitations.js.map +0 -1
- package/dist/lib/api/auth-keys-rotate.d.ts +0 -37
- package/dist/lib/api/auth-keys-rotate.js +0 -2949
- package/dist/lib/api/auth-keys-rotate.js.map +0 -1
- package/dist/lib/api/auth-login.d.ts +0 -39
- package/dist/lib/api/auth-login.js +0 -2949
- package/dist/lib/api/auth-login.js.map +0 -1
- package/dist/lib/api/auth-logout.d.ts +0 -36
- package/dist/lib/api/auth-logout.js +0 -2949
- package/dist/lib/api/auth-logout.js.map +0 -1
- package/dist/lib/api/auth-me.d.ts +0 -50
- package/dist/lib/api/auth-me.js +0 -2949
- package/dist/lib/api/auth-me.js.map +0 -1
- package/dist/lib/api/auth-password.d.ts +0 -36
- package/dist/lib/api/auth-password.js +0 -2949
- package/dist/lib/api/auth-password.js.map +0 -1
- package/dist/lib/api/auth-register.d.ts +0 -38
- package/dist/lib/api/auth-register.js +0 -2949
- package/dist/lib/api/auth-register.js.map +0 -1
- package/dist/lib/api/index.d.ts +0 -356
- package/dist/lib/api/index.js +0 -3261
- package/dist/lib/api/index.js.map +0 -1
- package/dist/lib/config.d.ts +0 -70
- package/dist/lib/config.js +0 -64
- package/dist/lib/config.js.map +0 -1
- package/dist/lib/contracts/auth.d.ts +0 -302
- package/dist/lib/contracts/auth.js +0 -2951
- package/dist/lib/contracts/auth.js.map +0 -1
- package/dist/lib/contracts/index.d.ts +0 -3
- package/dist/lib/contracts/index.js +0 -3190
- package/dist/lib/contracts/index.js.map +0 -1
- package/dist/lib/contracts/invitation.d.ts +0 -243
- package/dist/lib/contracts/invitation.js +0 -2883
- package/dist/lib/contracts/invitation.js.map +0 -1
- package/dist/lib/crypto.d.ts +0 -76
- package/dist/lib/crypto.js +0 -127
- package/dist/lib/crypto.js.map +0 -1
- package/dist/lib/index.d.ts +0 -4
- package/dist/lib/index.js +0 -313
- package/dist/lib/index.js.map +0 -1
- package/dist/lib/session.d.ts +0 -68
- package/dist/lib/session.js +0 -126
- package/dist/lib/session.js.map +0 -1
- package/dist/lib/types/api.d.ts +0 -45
- package/dist/lib/types/api.js +0 -1
- package/dist/lib/types/api.js.map +0 -1
- package/dist/lib/types/index.d.ts +0 -3
- package/dist/lib/types/index.js +0 -2647
- package/dist/lib/types/index.js.map +0 -1
- package/dist/lib/types/schemas.d.ts +0 -45
- package/dist/lib/types/schemas.js +0 -2647
- package/dist/lib/types/schemas.js.map +0 -1
- package/dist/lib.js +0 -1
- package/dist/lib.js.map +0 -1
- package/dist/plugin.d.ts +0 -12
- package/dist/plugin.js +0 -9083
- package/dist/plugin.js.map +0 -1
- package/dist/server/entities/index.d.ts +0 -11
- package/dist/server/entities/index.js +0 -395
- package/dist/server/entities/index.js.map +0 -1
- package/dist/server/entities/invitations.d.ts +0 -241
- package/dist/server/entities/invitations.js +0 -184
- package/dist/server/entities/invitations.js.map +0 -1
- package/dist/server/entities/permissions.d.ts +0 -196
- package/dist/server/entities/permissions.js +0 -49
- package/dist/server/entities/permissions.js.map +0 -1
- package/dist/server/entities/role-permissions.d.ts +0 -107
- package/dist/server/entities/role-permissions.js +0 -115
- package/dist/server/entities/role-permissions.js.map +0 -1
- package/dist/server/entities/roles.d.ts +0 -196
- package/dist/server/entities/roles.js +0 -50
- package/dist/server/entities/roles.js.map +0 -1
- package/dist/server/entities/schema.d.ts +0 -14
- package/dist/server/entities/schema.js +0 -7
- package/dist/server/entities/schema.js.map +0 -1
- package/dist/server/entities/user-permissions.d.ts +0 -163
- package/dist/server/entities/user-permissions.js +0 -193
- package/dist/server/entities/user-permissions.js.map +0 -1
- package/dist/server/entities/user-public-keys.d.ts +0 -227
- package/dist/server/entities/user-public-keys.js +0 -156
- package/dist/server/entities/user-public-keys.js.map +0 -1
- package/dist/server/entities/user-social-accounts.d.ts +0 -189
- package/dist/server/entities/user-social-accounts.js +0 -149
- package/dist/server/entities/user-social-accounts.js.map +0 -1
- package/dist/server/entities/users.d.ts +0 -235
- package/dist/server/entities/users.js +0 -117
- package/dist/server/entities/users.js.map +0 -1
- package/dist/server/entities/verification-codes.d.ts +0 -191
- package/dist/server/entities/verification-codes.js +0 -49
- package/dist/server/entities/verification-codes.js.map +0 -1
- package/dist/server/routes/auth/index.d.ts +0 -10
- package/dist/server/routes/auth/index.js +0 -4460
- package/dist/server/routes/auth/index.js.map +0 -1
- package/dist/server/routes/index.d.ts +0 -6
- package/dist/server/routes/index.js +0 -6584
- package/dist/server/routes/index.js.map +0 -1
- package/dist/server/routes/invitations/index.d.ts +0 -10
- package/dist/server/routes/invitations/index.js +0 -4395
- package/dist/server/routes/invitations/index.js.map +0 -1
- /package/dist/{lib.d.ts → nextjs/api.d.ts} +0 -0
|
@@ -1,49 +0,0 @@
|
|
|
1
|
-
// src/server/entities/permissions.ts
|
|
2
|
-
import { text, boolean, index } from "drizzle-orm/pg-core";
|
|
3
|
-
import { id, timestamps } from "@spfn/core/db";
|
|
4
|
-
|
|
5
|
-
// src/server/entities/schema.ts
|
|
6
|
-
import { createFunctionSchema } from "@spfn/core/db";
|
|
7
|
-
var authSchema = createFunctionSchema("@spfn/auth");
|
|
8
|
-
|
|
9
|
-
// src/server/entities/permissions.ts
|
|
10
|
-
var permissions = authSchema.table(
|
|
11
|
-
"permissions",
|
|
12
|
-
{
|
|
13
|
-
// Primary key
|
|
14
|
-
id: id(),
|
|
15
|
-
// Permission identifier (e.g., 'user:delete', 'post:publish')
|
|
16
|
-
// Format: resource:action or namespace:resource:action
|
|
17
|
-
// Must be unique
|
|
18
|
-
name: text("name").notNull().unique(),
|
|
19
|
-
// Display name for UI
|
|
20
|
-
displayName: text("display_name").notNull(),
|
|
21
|
-
// Permission description
|
|
22
|
-
description: text("description"),
|
|
23
|
-
// Category for grouping (e.g., 'user', 'post', 'admin', 'system')
|
|
24
|
-
category: text("category"),
|
|
25
|
-
// Built-in permission flag
|
|
26
|
-
// true: Core package permissions - cannot be deleted
|
|
27
|
-
// false: Custom or preset permissions
|
|
28
|
-
isBuiltin: boolean("is_builtin").notNull().default(false),
|
|
29
|
-
// System permission flag
|
|
30
|
-
// true: Defined in code (builtin or preset)
|
|
31
|
-
// false: Runtime created custom permission
|
|
32
|
-
isSystem: boolean("is_system").notNull().default(false),
|
|
33
|
-
// Active status
|
|
34
|
-
// false: Deactivated permission (not enforced)
|
|
35
|
-
isActive: boolean("is_active").notNull().default(true),
|
|
36
|
-
...timestamps()
|
|
37
|
-
},
|
|
38
|
-
(table) => [
|
|
39
|
-
index("permissions_name_idx").on(table.name),
|
|
40
|
-
index("permissions_category_idx").on(table.category),
|
|
41
|
-
index("permissions_is_system_idx").on(table.isSystem),
|
|
42
|
-
index("permissions_is_active_idx").on(table.isActive),
|
|
43
|
-
index("permissions_is_builtin_idx").on(table.isBuiltin)
|
|
44
|
-
]
|
|
45
|
-
);
|
|
46
|
-
export {
|
|
47
|
-
permissions
|
|
48
|
-
};
|
|
49
|
-
//# sourceMappingURL=permissions.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/entities/permissions.ts","../../../src/server/entities/schema.ts"],"sourcesContent":["/**\n * @spfn/auth - Permissions Entity\n *\n * Granular permissions for RBAC system\n *\n * Features:\n * - Built-in permissions (auth:*, user:*, rbac:*) - required for package\n * - System permissions (preset permissions) - optional\n * - Custom permissions (app-specific) - defined by developers\n * - Category grouping for organization\n */\n\nimport { text, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const permissions = authSchema.table('permissions',\n {\n // Primary key\n id: id(),\n\n // Permission identifier (e.g., 'user:delete', 'post:publish')\n // Format: resource:action or namespace:resource:action\n // Must be unique\n name: text('name').notNull().unique(),\n\n // Display name for UI\n displayName: text('display_name').notNull(),\n\n // Permission description\n description: text('description'),\n\n // Category for grouping (e.g., 'user', 'post', 'admin', 'system')\n category: text('category'),\n\n // Built-in permission flag\n // true: Core package permissions - cannot be deleted\n // false: Custom or preset permissions\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System permission flag\n // true: Defined in code (builtin or preset)\n // false: Runtime created custom permission\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated permission (not enforced)\n isActive: boolean('is_active').notNull().default(true),\n\n ...timestamps(),\n },\n (table) => [\n index('permissions_name_idx').on(table.name),\n index('permissions_category_idx').on(table.category),\n index('permissions_is_system_idx').on(table.isSystem),\n index('permissions_is_active_idx').on(table.isActive),\n index('permissions_is_builtin_idx').on(table.isBuiltin),\n ]\n);\n\n// Type exports\nexport type PermissionEntity = typeof permissions.$inferSelect;\nexport type NewPermissionEntity = typeof permissions.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Permission = PermissionEntity;\nexport type NewPermission = NewPermissionEntity;","/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');"],"mappings":";AAYA,SAAS,MAAM,SAAS,aAAa;AACrC,SAAS,IAAI,kBAAkB;;;ACP/B,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ADIpD,IAAM,cAAc,WAAW;AAAA,EAAM;AAAA,EACxC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA;AAAA,IAKP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA,IAG/B,UAAU,KAAK,UAAU;AAAA;AAAA;AAAA;AAAA,IAKzB,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAErD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,sBAAsB,EAAE,GAAG,MAAM,IAAI;AAAA,IAC3C,MAAM,0BAA0B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACnD,MAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpD,MAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpD,MAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,EAC1D;AACJ;","names":[]}
|
|
@@ -1,107 +0,0 @@
|
|
|
1
|
-
import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* @spfn/auth - Role-Permissions Mapping Entity
|
|
5
|
-
*
|
|
6
|
-
* Many-to-many relationship between roles and permissions
|
|
7
|
-
*
|
|
8
|
-
* Usage:
|
|
9
|
-
* - Defines which permissions each role has
|
|
10
|
-
* - Cascade delete when role or permission is deleted
|
|
11
|
-
*/
|
|
12
|
-
declare const rolePermissions: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
13
|
-
name: "role_permissions";
|
|
14
|
-
schema: string;
|
|
15
|
-
columns: {
|
|
16
|
-
createdAt: drizzle_orm_pg_core.PgColumn<{
|
|
17
|
-
name: "created_at";
|
|
18
|
-
tableName: "role_permissions";
|
|
19
|
-
dataType: "date";
|
|
20
|
-
columnType: "PgTimestamp";
|
|
21
|
-
data: Date;
|
|
22
|
-
driverParam: string;
|
|
23
|
-
notNull: true;
|
|
24
|
-
hasDefault: true;
|
|
25
|
-
isPrimaryKey: false;
|
|
26
|
-
isAutoincrement: false;
|
|
27
|
-
hasRuntimeDefault: false;
|
|
28
|
-
enumValues: undefined;
|
|
29
|
-
baseColumn: never;
|
|
30
|
-
identity: undefined;
|
|
31
|
-
generated: undefined;
|
|
32
|
-
}, {}, {}>;
|
|
33
|
-
updatedAt: drizzle_orm_pg_core.PgColumn<{
|
|
34
|
-
name: "updated_at";
|
|
35
|
-
tableName: "role_permissions";
|
|
36
|
-
dataType: "date";
|
|
37
|
-
columnType: "PgTimestamp";
|
|
38
|
-
data: Date;
|
|
39
|
-
driverParam: string;
|
|
40
|
-
notNull: true;
|
|
41
|
-
hasDefault: true;
|
|
42
|
-
isPrimaryKey: false;
|
|
43
|
-
isAutoincrement: false;
|
|
44
|
-
hasRuntimeDefault: false;
|
|
45
|
-
enumValues: undefined;
|
|
46
|
-
baseColumn: never;
|
|
47
|
-
identity: undefined;
|
|
48
|
-
generated: undefined;
|
|
49
|
-
}, {}, {}>;
|
|
50
|
-
id: drizzle_orm_pg_core.PgColumn<{
|
|
51
|
-
name: "id";
|
|
52
|
-
tableName: "role_permissions";
|
|
53
|
-
dataType: "number";
|
|
54
|
-
columnType: "PgBigSerial53";
|
|
55
|
-
data: number;
|
|
56
|
-
driverParam: number;
|
|
57
|
-
notNull: true;
|
|
58
|
-
hasDefault: true;
|
|
59
|
-
isPrimaryKey: true;
|
|
60
|
-
isAutoincrement: false;
|
|
61
|
-
hasRuntimeDefault: false;
|
|
62
|
-
enumValues: undefined;
|
|
63
|
-
baseColumn: never;
|
|
64
|
-
identity: undefined;
|
|
65
|
-
generated: undefined;
|
|
66
|
-
}, {}, {}>;
|
|
67
|
-
roleId: drizzle_orm_pg_core.PgColumn<{
|
|
68
|
-
name: "role_id";
|
|
69
|
-
tableName: "role_permissions";
|
|
70
|
-
dataType: "number";
|
|
71
|
-
columnType: "PgBigInt53";
|
|
72
|
-
data: number;
|
|
73
|
-
driverParam: string | number;
|
|
74
|
-
notNull: true;
|
|
75
|
-
hasDefault: false;
|
|
76
|
-
isPrimaryKey: false;
|
|
77
|
-
isAutoincrement: false;
|
|
78
|
-
hasRuntimeDefault: false;
|
|
79
|
-
enumValues: undefined;
|
|
80
|
-
baseColumn: never;
|
|
81
|
-
identity: undefined;
|
|
82
|
-
generated: undefined;
|
|
83
|
-
}, {}, {}>;
|
|
84
|
-
permissionId: drizzle_orm_pg_core.PgColumn<{
|
|
85
|
-
name: "permission_id";
|
|
86
|
-
tableName: "role_permissions";
|
|
87
|
-
dataType: "number";
|
|
88
|
-
columnType: "PgBigInt53";
|
|
89
|
-
data: number;
|
|
90
|
-
driverParam: string | number;
|
|
91
|
-
notNull: true;
|
|
92
|
-
hasDefault: false;
|
|
93
|
-
isPrimaryKey: false;
|
|
94
|
-
isAutoincrement: false;
|
|
95
|
-
hasRuntimeDefault: false;
|
|
96
|
-
enumValues: undefined;
|
|
97
|
-
baseColumn: never;
|
|
98
|
-
identity: undefined;
|
|
99
|
-
generated: undefined;
|
|
100
|
-
}, {}, {}>;
|
|
101
|
-
};
|
|
102
|
-
dialect: "pg";
|
|
103
|
-
}>;
|
|
104
|
-
type RolePermission = typeof rolePermissions.$inferSelect;
|
|
105
|
-
type NewRolePermission = typeof rolePermissions.$inferInsert;
|
|
106
|
-
|
|
107
|
-
export { type NewRolePermission, type RolePermission, rolePermissions };
|
|
@@ -1,115 +0,0 @@
|
|
|
1
|
-
// src/server/entities/role-permissions.ts
|
|
2
|
-
import { bigint, index as index3, unique } from "drizzle-orm/pg-core";
|
|
3
|
-
import { id as id3, timestamps as timestamps3 } from "@spfn/core/db";
|
|
4
|
-
|
|
5
|
-
// src/server/entities/roles.ts
|
|
6
|
-
import { text, boolean, integer, index } from "drizzle-orm/pg-core";
|
|
7
|
-
import { id, timestamps } from "@spfn/core/db";
|
|
8
|
-
|
|
9
|
-
// src/server/entities/schema.ts
|
|
10
|
-
import { createFunctionSchema } from "@spfn/core/db";
|
|
11
|
-
var authSchema = createFunctionSchema("@spfn/auth");
|
|
12
|
-
|
|
13
|
-
// src/server/entities/roles.ts
|
|
14
|
-
var roles = authSchema.table(
|
|
15
|
-
"roles",
|
|
16
|
-
{
|
|
17
|
-
// Primary key
|
|
18
|
-
id: id(),
|
|
19
|
-
// Role identifier (used in code, e.g., 'admin', 'editor')
|
|
20
|
-
// Must be unique, lowercase, kebab-case recommended
|
|
21
|
-
name: text("name").notNull().unique(),
|
|
22
|
-
// Display name for UI (e.g., 'Administrator', 'Content Editor')
|
|
23
|
-
displayName: text("display_name").notNull(),
|
|
24
|
-
// Role description
|
|
25
|
-
description: text("description"),
|
|
26
|
-
// Built-in role flag
|
|
27
|
-
// true: Core package roles (user, admin, superadmin) - cannot be deleted
|
|
28
|
-
// false: Custom or preset roles - can be deleted
|
|
29
|
-
isBuiltin: boolean("is_builtin").notNull().default(false),
|
|
30
|
-
// System role flag
|
|
31
|
-
// true: Defined in code (builtin or preset) - deletion restricted
|
|
32
|
-
// false: Runtime created custom role - fully manageable
|
|
33
|
-
isSystem: boolean("is_system").notNull().default(false),
|
|
34
|
-
// Active status
|
|
35
|
-
// false: Deactivated role (users cannot be assigned)
|
|
36
|
-
isActive: boolean("is_active").notNull().default(true),
|
|
37
|
-
// Priority level (higher = more privileged)
|
|
38
|
-
// superadmin: 100, admin: 80, user: 10
|
|
39
|
-
// Used for role hierarchy and conflict resolution
|
|
40
|
-
priority: integer("priority").notNull().default(10),
|
|
41
|
-
...timestamps()
|
|
42
|
-
},
|
|
43
|
-
(table) => [
|
|
44
|
-
index("roles_name_idx").on(table.name),
|
|
45
|
-
index("roles_is_system_idx").on(table.isSystem),
|
|
46
|
-
index("roles_is_active_idx").on(table.isActive),
|
|
47
|
-
index("roles_is_builtin_idx").on(table.isBuiltin),
|
|
48
|
-
index("roles_priority_idx").on(table.priority)
|
|
49
|
-
]
|
|
50
|
-
);
|
|
51
|
-
|
|
52
|
-
// src/server/entities/permissions.ts
|
|
53
|
-
import { text as text2, boolean as boolean2, index as index2 } from "drizzle-orm/pg-core";
|
|
54
|
-
import { id as id2, timestamps as timestamps2 } from "@spfn/core/db";
|
|
55
|
-
var permissions = authSchema.table(
|
|
56
|
-
"permissions",
|
|
57
|
-
{
|
|
58
|
-
// Primary key
|
|
59
|
-
id: id2(),
|
|
60
|
-
// Permission identifier (e.g., 'user:delete', 'post:publish')
|
|
61
|
-
// Format: resource:action or namespace:resource:action
|
|
62
|
-
// Must be unique
|
|
63
|
-
name: text2("name").notNull().unique(),
|
|
64
|
-
// Display name for UI
|
|
65
|
-
displayName: text2("display_name").notNull(),
|
|
66
|
-
// Permission description
|
|
67
|
-
description: text2("description"),
|
|
68
|
-
// Category for grouping (e.g., 'user', 'post', 'admin', 'system')
|
|
69
|
-
category: text2("category"),
|
|
70
|
-
// Built-in permission flag
|
|
71
|
-
// true: Core package permissions - cannot be deleted
|
|
72
|
-
// false: Custom or preset permissions
|
|
73
|
-
isBuiltin: boolean2("is_builtin").notNull().default(false),
|
|
74
|
-
// System permission flag
|
|
75
|
-
// true: Defined in code (builtin or preset)
|
|
76
|
-
// false: Runtime created custom permission
|
|
77
|
-
isSystem: boolean2("is_system").notNull().default(false),
|
|
78
|
-
// Active status
|
|
79
|
-
// false: Deactivated permission (not enforced)
|
|
80
|
-
isActive: boolean2("is_active").notNull().default(true),
|
|
81
|
-
...timestamps2()
|
|
82
|
-
},
|
|
83
|
-
(table) => [
|
|
84
|
-
index2("permissions_name_idx").on(table.name),
|
|
85
|
-
index2("permissions_category_idx").on(table.category),
|
|
86
|
-
index2("permissions_is_system_idx").on(table.isSystem),
|
|
87
|
-
index2("permissions_is_active_idx").on(table.isActive),
|
|
88
|
-
index2("permissions_is_builtin_idx").on(table.isBuiltin)
|
|
89
|
-
]
|
|
90
|
-
);
|
|
91
|
-
|
|
92
|
-
// src/server/entities/role-permissions.ts
|
|
93
|
-
var rolePermissions = authSchema.table(
|
|
94
|
-
"role_permissions",
|
|
95
|
-
{
|
|
96
|
-
// Primary key
|
|
97
|
-
id: id3(),
|
|
98
|
-
// Foreign key to roles table
|
|
99
|
-
roleId: bigint("role_id", { mode: "number" }).notNull().references(() => roles.id, { onDelete: "cascade" }),
|
|
100
|
-
// Foreign key to permissions table
|
|
101
|
-
permissionId: bigint("permission_id", { mode: "number" }).notNull().references(() => permissions.id, { onDelete: "cascade" }),
|
|
102
|
-
...timestamps3()
|
|
103
|
-
},
|
|
104
|
-
(table) => [
|
|
105
|
-
// Indexes for query performance
|
|
106
|
-
index3("role_permissions_role_id_idx").on(table.roleId),
|
|
107
|
-
index3("role_permissions_permission_id_idx").on(table.permissionId),
|
|
108
|
-
// Unique constraint: one role-permission pair only
|
|
109
|
-
unique("role_permissions_unique").on(table.roleId, table.permissionId)
|
|
110
|
-
]
|
|
111
|
-
);
|
|
112
|
-
export {
|
|
113
|
-
rolePermissions
|
|
114
|
-
};
|
|
115
|
-
//# sourceMappingURL=role-permissions.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/entities/role-permissions.ts","../../../src/server/entities/roles.ts","../../../src/server/entities/schema.ts","../../../src/server/entities/permissions.ts"],"sourcesContent":["/**\n * @spfn/auth - Role-Permissions Mapping Entity\n *\n * Many-to-many relationship between roles and permissions\n *\n * Usage:\n * - Defines which permissions each role has\n * - Cascade delete when role or permission is deleted\n */\n\nimport { bigint, index, unique } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { roles } from './roles';\nimport { permissions } from './permissions';\nimport { authSchema } from './schema';\n\nexport const rolePermissions = authSchema.table('role_permissions',\n {\n // Primary key\n id: id(),\n\n // Foreign key to roles table\n roleId: bigint('role_id', { mode: 'number' })\n .notNull()\n .references(() => roles.id, { onDelete: 'cascade' }),\n\n // Foreign key to permissions table\n permissionId: bigint('permission_id', { mode: 'number' })\n .notNull()\n .references(() => permissions.id, { onDelete: 'cascade' }),\n\n ...timestamps(),\n },\n (table) => [\n // Indexes for query performance\n index('role_permissions_role_id_idx').on(table.roleId),\n index('role_permissions_permission_id_idx').on(table.permissionId),\n\n // Unique constraint: one role-permission pair only\n unique('role_permissions_unique').on(table.roleId, table.permissionId),\n ]\n);\n\n// Type exports\nexport type RolePermission = typeof rolePermissions.$inferSelect;\nexport type NewRolePermission = typeof rolePermissions.$inferInsert;","/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const roles = authSchema.table('roles',\n {\n // Primary key\n id: id(),\n\n // Role identifier (used in code, e.g., 'admin', 'editor')\n // Must be unique, lowercase, kebab-case recommended\n name: text('name').notNull().unique(),\n\n // Display name for UI (e.g., 'Administrator', 'Content Editor')\n displayName: text('display_name').notNull(),\n\n // Role description\n description: text('description'),\n\n // Built-in role flag\n // true: Core package roles (user, admin, superadmin) - cannot be deleted\n // false: Custom or preset roles - can be deleted\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System role flag\n // true: Defined in code (builtin or preset) - deletion restricted\n // false: Runtime created custom role - fully manageable\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated role (users cannot be assigned)\n isActive: boolean('is_active').notNull().default(true),\n\n // Priority level (higher = more privileged)\n // superadmin: 100, admin: 80, user: 10\n // Used for role hierarchy and conflict resolution\n priority: integer('priority').notNull().default(10),\n\n ...timestamps(),\n },\n (table) => [\n index('roles_name_idx').on(table.name),\n index('roles_is_system_idx').on(table.isSystem),\n index('roles_is_active_idx').on(table.isActive),\n index('roles_is_builtin_idx').on(table.isBuiltin),\n index('roles_priority_idx').on(table.priority),\n ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');","/**\n * @spfn/auth - Permissions Entity\n *\n * Granular permissions for RBAC system\n *\n * Features:\n * - Built-in permissions (auth:*, user:*, rbac:*) - required for package\n * - System permissions (preset permissions) - optional\n * - Custom permissions (app-specific) - defined by developers\n * - Category grouping for organization\n */\n\nimport { text, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const permissions = authSchema.table('permissions',\n {\n // Primary key\n id: id(),\n\n // Permission identifier (e.g., 'user:delete', 'post:publish')\n // Format: resource:action or namespace:resource:action\n // Must be unique\n name: text('name').notNull().unique(),\n\n // Display name for UI\n displayName: text('display_name').notNull(),\n\n // Permission description\n description: text('description'),\n\n // Category for grouping (e.g., 'user', 'post', 'admin', 'system')\n category: text('category'),\n\n // Built-in permission flag\n // true: Core package permissions - cannot be deleted\n // false: Custom or preset permissions\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System permission flag\n // true: Defined in code (builtin or preset)\n // false: Runtime created custom permission\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated permission (not enforced)\n isActive: boolean('is_active').notNull().default(true),\n\n ...timestamps(),\n },\n (table) => [\n index('permissions_name_idx').on(table.name),\n index('permissions_category_idx').on(table.category),\n index('permissions_is_system_idx').on(table.isSystem),\n index('permissions_is_active_idx').on(table.isActive),\n index('permissions_is_builtin_idx').on(table.isBuiltin),\n ]\n);\n\n// Type exports\nexport type PermissionEntity = typeof permissions.$inferSelect;\nexport type NewPermissionEntity = typeof permissions.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Permission = PermissionEntity;\nexport type NewPermission = NewPermissionEntity;"],"mappings":";AAUA,SAAS,QAAQ,SAAAA,QAAO,cAAc;AACtC,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;;;ACC/B,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,kBAAkB;;;ACP/B,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ADIpD,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;;;AE/CA,SAAS,QAAAC,OAAM,WAAAC,UAAS,SAAAC,cAAa;AACrC,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAGxB,IAAM,cAAc,WAAW;AAAA,EAAM;AAAA,EACxC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA;AAAA,IAKP,MAAMC,MAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAaA,MAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAaA,MAAK,aAAa;AAAA;AAAA,IAG/B,UAAUA,MAAK,UAAU;AAAA;AAAA;AAAA;AAAA,IAKzB,WAAWC,SAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAUA,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAUA,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA,IAErD,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACPC,OAAM,sBAAsB,EAAE,GAAG,MAAM,IAAI;AAAA,IAC3CA,OAAM,0BAA0B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACnDA,OAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpDA,OAAM,2BAA2B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACpDA,OAAM,4BAA4B,EAAE,GAAG,MAAM,SAAS;AAAA,EAC1D;AACJ;;;AH1CO,IAAM,kBAAkB,WAAW;AAAA,EAAM;AAAA,EAC5C;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQ,OAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,QAAQ,EACR,WAAW,MAAM,MAAM,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA;AAAA,IAGvD,cAAc,OAAO,iBAAiB,EAAE,MAAM,SAAS,CAAC,EACnD,QAAQ,EACR,WAAW,MAAM,YAAY,IAAI,EAAE,UAAU,UAAU,CAAC;AAAA,IAE7D,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEPC,OAAM,8BAA8B,EAAE,GAAG,MAAM,MAAM;AAAA,IACrDA,OAAM,oCAAoC,EAAE,GAAG,MAAM,YAAY;AAAA;AAAA,IAGjE,OAAO,yBAAyB,EAAE,GAAG,MAAM,QAAQ,MAAM,YAAY;AAAA,EACzE;AACJ;","names":["index","id","timestamps","text","boolean","index","id","timestamps","id","text","boolean","timestamps","index","id","timestamps","index"]}
|
|
@@ -1,196 +0,0 @@
|
|
|
1
|
-
import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* @spfn/auth - Roles Entity
|
|
5
|
-
*
|
|
6
|
-
* Role-based access control (RBAC) roles table
|
|
7
|
-
*
|
|
8
|
-
* Features:
|
|
9
|
-
* - Built-in roles (user, admin, superadmin) - cannot be deleted
|
|
10
|
-
* - System roles (preset roles) - can be deactivated
|
|
11
|
-
* - Custom roles (runtime created) - fully manageable
|
|
12
|
-
* - Priority-based hierarchy
|
|
13
|
-
*/
|
|
14
|
-
declare const roles: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
15
|
-
name: "roles";
|
|
16
|
-
schema: string;
|
|
17
|
-
columns: {
|
|
18
|
-
createdAt: drizzle_orm_pg_core.PgColumn<{
|
|
19
|
-
name: "created_at";
|
|
20
|
-
tableName: "roles";
|
|
21
|
-
dataType: "date";
|
|
22
|
-
columnType: "PgTimestamp";
|
|
23
|
-
data: Date;
|
|
24
|
-
driverParam: string;
|
|
25
|
-
notNull: true;
|
|
26
|
-
hasDefault: true;
|
|
27
|
-
isPrimaryKey: false;
|
|
28
|
-
isAutoincrement: false;
|
|
29
|
-
hasRuntimeDefault: false;
|
|
30
|
-
enumValues: undefined;
|
|
31
|
-
baseColumn: never;
|
|
32
|
-
identity: undefined;
|
|
33
|
-
generated: undefined;
|
|
34
|
-
}, {}, {}>;
|
|
35
|
-
updatedAt: drizzle_orm_pg_core.PgColumn<{
|
|
36
|
-
name: "updated_at";
|
|
37
|
-
tableName: "roles";
|
|
38
|
-
dataType: "date";
|
|
39
|
-
columnType: "PgTimestamp";
|
|
40
|
-
data: Date;
|
|
41
|
-
driverParam: string;
|
|
42
|
-
notNull: true;
|
|
43
|
-
hasDefault: true;
|
|
44
|
-
isPrimaryKey: false;
|
|
45
|
-
isAutoincrement: false;
|
|
46
|
-
hasRuntimeDefault: false;
|
|
47
|
-
enumValues: undefined;
|
|
48
|
-
baseColumn: never;
|
|
49
|
-
identity: undefined;
|
|
50
|
-
generated: undefined;
|
|
51
|
-
}, {}, {}>;
|
|
52
|
-
id: drizzle_orm_pg_core.PgColumn<{
|
|
53
|
-
name: "id";
|
|
54
|
-
tableName: "roles";
|
|
55
|
-
dataType: "number";
|
|
56
|
-
columnType: "PgBigSerial53";
|
|
57
|
-
data: number;
|
|
58
|
-
driverParam: number;
|
|
59
|
-
notNull: true;
|
|
60
|
-
hasDefault: true;
|
|
61
|
-
isPrimaryKey: true;
|
|
62
|
-
isAutoincrement: false;
|
|
63
|
-
hasRuntimeDefault: false;
|
|
64
|
-
enumValues: undefined;
|
|
65
|
-
baseColumn: never;
|
|
66
|
-
identity: undefined;
|
|
67
|
-
generated: undefined;
|
|
68
|
-
}, {}, {}>;
|
|
69
|
-
name: drizzle_orm_pg_core.PgColumn<{
|
|
70
|
-
name: "name";
|
|
71
|
-
tableName: "roles";
|
|
72
|
-
dataType: "string";
|
|
73
|
-
columnType: "PgText";
|
|
74
|
-
data: string;
|
|
75
|
-
driverParam: string;
|
|
76
|
-
notNull: true;
|
|
77
|
-
hasDefault: false;
|
|
78
|
-
isPrimaryKey: false;
|
|
79
|
-
isAutoincrement: false;
|
|
80
|
-
hasRuntimeDefault: false;
|
|
81
|
-
enumValues: [string, ...string[]];
|
|
82
|
-
baseColumn: never;
|
|
83
|
-
identity: undefined;
|
|
84
|
-
generated: undefined;
|
|
85
|
-
}, {}, {}>;
|
|
86
|
-
displayName: drizzle_orm_pg_core.PgColumn<{
|
|
87
|
-
name: "display_name";
|
|
88
|
-
tableName: "roles";
|
|
89
|
-
dataType: "string";
|
|
90
|
-
columnType: "PgText";
|
|
91
|
-
data: string;
|
|
92
|
-
driverParam: string;
|
|
93
|
-
notNull: true;
|
|
94
|
-
hasDefault: false;
|
|
95
|
-
isPrimaryKey: false;
|
|
96
|
-
isAutoincrement: false;
|
|
97
|
-
hasRuntimeDefault: false;
|
|
98
|
-
enumValues: [string, ...string[]];
|
|
99
|
-
baseColumn: never;
|
|
100
|
-
identity: undefined;
|
|
101
|
-
generated: undefined;
|
|
102
|
-
}, {}, {}>;
|
|
103
|
-
description: drizzle_orm_pg_core.PgColumn<{
|
|
104
|
-
name: "description";
|
|
105
|
-
tableName: "roles";
|
|
106
|
-
dataType: "string";
|
|
107
|
-
columnType: "PgText";
|
|
108
|
-
data: string;
|
|
109
|
-
driverParam: string;
|
|
110
|
-
notNull: false;
|
|
111
|
-
hasDefault: false;
|
|
112
|
-
isPrimaryKey: false;
|
|
113
|
-
isAutoincrement: false;
|
|
114
|
-
hasRuntimeDefault: false;
|
|
115
|
-
enumValues: [string, ...string[]];
|
|
116
|
-
baseColumn: never;
|
|
117
|
-
identity: undefined;
|
|
118
|
-
generated: undefined;
|
|
119
|
-
}, {}, {}>;
|
|
120
|
-
isBuiltin: drizzle_orm_pg_core.PgColumn<{
|
|
121
|
-
name: "is_builtin";
|
|
122
|
-
tableName: "roles";
|
|
123
|
-
dataType: "boolean";
|
|
124
|
-
columnType: "PgBoolean";
|
|
125
|
-
data: boolean;
|
|
126
|
-
driverParam: boolean;
|
|
127
|
-
notNull: true;
|
|
128
|
-
hasDefault: true;
|
|
129
|
-
isPrimaryKey: false;
|
|
130
|
-
isAutoincrement: false;
|
|
131
|
-
hasRuntimeDefault: false;
|
|
132
|
-
enumValues: undefined;
|
|
133
|
-
baseColumn: never;
|
|
134
|
-
identity: undefined;
|
|
135
|
-
generated: undefined;
|
|
136
|
-
}, {}, {}>;
|
|
137
|
-
isSystem: drizzle_orm_pg_core.PgColumn<{
|
|
138
|
-
name: "is_system";
|
|
139
|
-
tableName: "roles";
|
|
140
|
-
dataType: "boolean";
|
|
141
|
-
columnType: "PgBoolean";
|
|
142
|
-
data: boolean;
|
|
143
|
-
driverParam: boolean;
|
|
144
|
-
notNull: true;
|
|
145
|
-
hasDefault: true;
|
|
146
|
-
isPrimaryKey: false;
|
|
147
|
-
isAutoincrement: false;
|
|
148
|
-
hasRuntimeDefault: false;
|
|
149
|
-
enumValues: undefined;
|
|
150
|
-
baseColumn: never;
|
|
151
|
-
identity: undefined;
|
|
152
|
-
generated: undefined;
|
|
153
|
-
}, {}, {}>;
|
|
154
|
-
isActive: drizzle_orm_pg_core.PgColumn<{
|
|
155
|
-
name: "is_active";
|
|
156
|
-
tableName: "roles";
|
|
157
|
-
dataType: "boolean";
|
|
158
|
-
columnType: "PgBoolean";
|
|
159
|
-
data: boolean;
|
|
160
|
-
driverParam: boolean;
|
|
161
|
-
notNull: true;
|
|
162
|
-
hasDefault: true;
|
|
163
|
-
isPrimaryKey: false;
|
|
164
|
-
isAutoincrement: false;
|
|
165
|
-
hasRuntimeDefault: false;
|
|
166
|
-
enumValues: undefined;
|
|
167
|
-
baseColumn: never;
|
|
168
|
-
identity: undefined;
|
|
169
|
-
generated: undefined;
|
|
170
|
-
}, {}, {}>;
|
|
171
|
-
priority: drizzle_orm_pg_core.PgColumn<{
|
|
172
|
-
name: "priority";
|
|
173
|
-
tableName: "roles";
|
|
174
|
-
dataType: "number";
|
|
175
|
-
columnType: "PgInteger";
|
|
176
|
-
data: number;
|
|
177
|
-
driverParam: string | number;
|
|
178
|
-
notNull: true;
|
|
179
|
-
hasDefault: true;
|
|
180
|
-
isPrimaryKey: false;
|
|
181
|
-
isAutoincrement: false;
|
|
182
|
-
hasRuntimeDefault: false;
|
|
183
|
-
enumValues: undefined;
|
|
184
|
-
baseColumn: never;
|
|
185
|
-
identity: undefined;
|
|
186
|
-
generated: undefined;
|
|
187
|
-
}, {}, {}>;
|
|
188
|
-
};
|
|
189
|
-
dialect: "pg";
|
|
190
|
-
}>;
|
|
191
|
-
type RoleEntity = typeof roles.$inferSelect;
|
|
192
|
-
type NewRoleEntity = typeof roles.$inferInsert;
|
|
193
|
-
type Role = RoleEntity;
|
|
194
|
-
type NewRole = NewRoleEntity;
|
|
195
|
-
|
|
196
|
-
export { type NewRole, type NewRoleEntity, type Role, type RoleEntity, roles };
|
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
// src/server/entities/roles.ts
|
|
2
|
-
import { text, boolean, integer, index } from "drizzle-orm/pg-core";
|
|
3
|
-
import { id, timestamps } from "@spfn/core/db";
|
|
4
|
-
|
|
5
|
-
// src/server/entities/schema.ts
|
|
6
|
-
import { createFunctionSchema } from "@spfn/core/db";
|
|
7
|
-
var authSchema = createFunctionSchema("@spfn/auth");
|
|
8
|
-
|
|
9
|
-
// src/server/entities/roles.ts
|
|
10
|
-
var roles = authSchema.table(
|
|
11
|
-
"roles",
|
|
12
|
-
{
|
|
13
|
-
// Primary key
|
|
14
|
-
id: id(),
|
|
15
|
-
// Role identifier (used in code, e.g., 'admin', 'editor')
|
|
16
|
-
// Must be unique, lowercase, kebab-case recommended
|
|
17
|
-
name: text("name").notNull().unique(),
|
|
18
|
-
// Display name for UI (e.g., 'Administrator', 'Content Editor')
|
|
19
|
-
displayName: text("display_name").notNull(),
|
|
20
|
-
// Role description
|
|
21
|
-
description: text("description"),
|
|
22
|
-
// Built-in role flag
|
|
23
|
-
// true: Core package roles (user, admin, superadmin) - cannot be deleted
|
|
24
|
-
// false: Custom or preset roles - can be deleted
|
|
25
|
-
isBuiltin: boolean("is_builtin").notNull().default(false),
|
|
26
|
-
// System role flag
|
|
27
|
-
// true: Defined in code (builtin or preset) - deletion restricted
|
|
28
|
-
// false: Runtime created custom role - fully manageable
|
|
29
|
-
isSystem: boolean("is_system").notNull().default(false),
|
|
30
|
-
// Active status
|
|
31
|
-
// false: Deactivated role (users cannot be assigned)
|
|
32
|
-
isActive: boolean("is_active").notNull().default(true),
|
|
33
|
-
// Priority level (higher = more privileged)
|
|
34
|
-
// superadmin: 100, admin: 80, user: 10
|
|
35
|
-
// Used for role hierarchy and conflict resolution
|
|
36
|
-
priority: integer("priority").notNull().default(10),
|
|
37
|
-
...timestamps()
|
|
38
|
-
},
|
|
39
|
-
(table) => [
|
|
40
|
-
index("roles_name_idx").on(table.name),
|
|
41
|
-
index("roles_is_system_idx").on(table.isSystem),
|
|
42
|
-
index("roles_is_active_idx").on(table.isActive),
|
|
43
|
-
index("roles_is_builtin_idx").on(table.isBuiltin),
|
|
44
|
-
index("roles_priority_idx").on(table.priority)
|
|
45
|
-
]
|
|
46
|
-
);
|
|
47
|
-
export {
|
|
48
|
-
roles
|
|
49
|
-
};
|
|
50
|
-
//# sourceMappingURL=roles.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/entities/roles.ts","../../../src/server/entities/schema.ts"],"sourcesContent":["/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const roles = authSchema.table('roles',\n {\n // Primary key\n id: id(),\n\n // Role identifier (used in code, e.g., 'admin', 'editor')\n // Must be unique, lowercase, kebab-case recommended\n name: text('name').notNull().unique(),\n\n // Display name for UI (e.g., 'Administrator', 'Content Editor')\n displayName: text('display_name').notNull(),\n\n // Role description\n description: text('description'),\n\n // Built-in role flag\n // true: Core package roles (user, admin, superadmin) - cannot be deleted\n // false: Custom or preset roles - can be deleted\n isBuiltin: boolean('is_builtin').notNull().default(false),\n\n // System role flag\n // true: Defined in code (builtin or preset) - deletion restricted\n // false: Runtime created custom role - fully manageable\n isSystem: boolean('is_system').notNull().default(false),\n\n // Active status\n // false: Deactivated role (users cannot be assigned)\n isActive: boolean('is_active').notNull().default(true),\n\n // Priority level (higher = more privileged)\n // superadmin: 100, admin: 80, user: 10\n // Used for role hierarchy and conflict resolution\n priority: integer('priority').notNull().default(10),\n\n ...timestamps(),\n },\n (table) => [\n index('roles_name_idx').on(table.name),\n index('roles_is_system_idx').on(table.isSystem),\n index('roles_is_active_idx').on(table.isActive),\n index('roles_is_builtin_idx').on(table.isBuiltin),\n index('roles_priority_idx').on(table.priority),\n ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');"],"mappings":";AAYA,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,kBAAkB;;;ACP/B,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ADIpD,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;","names":[]}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* @spfn/auth - Database Schema Definition
|
|
5
|
-
*
|
|
6
|
-
* Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables
|
|
7
|
-
*/
|
|
8
|
-
/**
|
|
9
|
-
* Auth schema for all authentication and authorization tables
|
|
10
|
-
* Tables: users, roles, permissions, user_invitations, etc.
|
|
11
|
-
*/
|
|
12
|
-
declare const authSchema: drizzle_orm_pg_core.PgSchema<string>;
|
|
13
|
-
|
|
14
|
-
export { authSchema };
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../src/server/entities/schema.ts"],"sourcesContent":["/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');"],"mappings":";AAMA,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;","names":[]}
|