@spfn/auth 0.1.0-alpha.88 → 0.2.0-beta.2

package/dist/server/entities/user-public-keys.js

@@ -1,156 +0,0 @@
-// src/server/entities/user-public-keys.ts
-import { text as text3, timestamp as timestamp2, boolean as boolean3, index as index3 } from "drizzle-orm/pg-core";
-import { id as id3, foreignKey } from "@spfn/core/db";
-
-// src/server/entities/users.ts
-import { text as text2, timestamp, check, boolean as boolean2, bigint, index as index2 } from "drizzle-orm/pg-core";
-import { id as id2, timestamps as timestamps2 } from "@spfn/core/db";
-import { sql } from "drizzle-orm";
-
-// src/server/entities/roles.ts
-import { text, boolean, integer, index } from "drizzle-orm/pg-core";
-import { id, timestamps } from "@spfn/core/db";
-
-// src/server/entities/schema.ts
-import { createFunctionSchema } from "@spfn/core/db";
-var authSchema = createFunctionSchema("@spfn/auth");
-
-// src/server/entities/roles.ts
-var roles = authSchema.table(
-  "roles",
-  {
-    // Primary key
-    id: id(),
-    // Role identifier (used in code, e.g., 'admin', 'editor')
-    // Must be unique, lowercase, kebab-case recommended
-    name: text("name").notNull().unique(),
-    // Display name for UI (e.g., 'Administrator', 'Content Editor')
-    displayName: text("display_name").notNull(),
-    // Role description
-    description: text("description"),
-    // Built-in role flag
-    // true: Core package roles (user, admin, superadmin) - cannot be deleted
-    // false: Custom or preset roles - can be deleted
-    isBuiltin: boolean("is_builtin").notNull().default(false),
-    // System role flag
-    // true: Defined in code (builtin or preset) - deletion restricted
-    // false: Runtime created custom role - fully manageable
-    isSystem: boolean("is_system").notNull().default(false),
-    // Active status
-    // false: Deactivated role (users cannot be assigned)
-    isActive: boolean("is_active").notNull().default(true),
-    // Priority level (higher = more privileged)
-    // superadmin: 100, admin: 80, user: 10
-    // Used for role hierarchy and conflict resolution
-    priority: integer("priority").notNull().default(10),
-    ...timestamps()
-  },
-  (table) => [
-    index("roles_name_idx").on(table.name),
-    index("roles_is_system_idx").on(table.isSystem),
-    index("roles_is_active_idx").on(table.isActive),
-    index("roles_is_builtin_idx").on(table.isBuiltin),
-    index("roles_priority_idx").on(table.priority)
-  ]
-);
-
-// src/server/entities/users.ts
-var users = authSchema.table(
-  "users",
-  {
-    // Identity
-    id: id2(),
-    // Email address (unique identifier)
-    // Used for: login, password reset, notifications
-    email: text2("email").unique(),
-    // Phone number in E.164 international format
-    // Format: +[country code][number] (e.g., +821012345678)
-    // Used for: SMS login, 2FA, notifications
-    phone: text2("phone").unique(),
-    // Authentication
-    // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)
-    // Nullable to support OAuth-only accounts
-    passwordHash: text2("password_hash"),
-    // Force password change on next login
-    // Use cases: initial setup, security breach, policy violation
-    passwordChangeRequired: boolean2("password_change_required").notNull().default(false),
-    // Authorization (Role-Based Access Control)
-    // Foreign key to roles table
-    // References built-in roles: user (default), admin, superadmin
-    // Can also reference custom roles created at runtime
-    roleId: bigint("role_id", { mode: "number" }).references(() => roles.id).notNull(),
-    // Account status
-    // - active: Normal operation (default)
-    // - inactive: Deactivated (user request, dormant)
-    // - suspended: Locked (security incident, ToS violation)
-    status: text2(
-      "status",
-      {
-        enum: ["active", "inactive", "suspended"]
-      }
-    ).notNull().default("active"),
-    // Verification timestamps
-    // null = unverified, timestamp = verified at this time
-    // Email verification (via verification code or magic link)
-    emailVerifiedAt: timestamp("email_verified_at", { withTimezone: true }),
-    // Phone verification (via SMS OTP)
-    phoneVerifiedAt: timestamp("phone_verified_at", { withTimezone: true }),
-    // Metadata
-    // Last successful login timestamp
-    // Used for: security auditing, dormant account detection
-    lastLoginAt: timestamp("last_login_at", { withTimezone: true }),
-    ...timestamps2()
-  },
-  (table) => [
-    // Database constraints
-    // Ensure at least one identifier exists (email OR phone)
-    check(
-      "email_or_phone_check",
-      sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`
-    ),
-    // Indexes for query optimization
-    index2("users_email_idx").on(table.email),
-    index2("users_phone_idx").on(table.phone),
-    index2("users_status_idx").on(table.status),
-    index2("users_role_id_idx").on(table.roleId)
-  ]
-);
-
-// src/server/entities/user-public-keys.ts
-var userPublicKeys = authSchema.table(
-  "user_public_keys",
-  {
-    id: id3(),
-    // User reference
-    userId: foreignKey("user", () => users.id),
-    // Key identification (client-generated UUID)
-    keyId: text3("key_id").notNull().unique(),
-    // Public key in Base64-encoded DER format (SPKI)
-    publicKey: text3("public_key").notNull(),
-    // Algorithm used (ES256 recommended, RS256 fallback)
-    algorithm: text3("algorithm", {
-      enum: ["ES256", "RS256"]
-    }).notNull().default("ES256"),
-    // Key fingerprint (SHA-256 hash for quick identification)
-    fingerprint: text3("fingerprint").notNull(),
-    // Key status
-    isActive: boolean3("is_active").notNull().default(true),
-    // Timestamps
-    createdAt: timestamp2("created_at", { mode: "date", withTimezone: true }).notNull().defaultNow(),
-    lastUsedAt: timestamp2("last_used_at", { mode: "date", withTimezone: true }),
-    expiresAt: timestamp2("expires_at", { mode: "date", withTimezone: true }),
-    // Revocation
-    revokedAt: timestamp2("revoked_at", { mode: "date", withTimezone: true }),
-    revokedReason: text3("revoked_reason")
-  },
-  (table) => [
-    index3("user_public_keys_user_id_idx").on(table.userId),
-    index3("user_public_keys_key_id_idx").on(table.keyId),
-    index3("user_public_keys_active_idx").on(table.isActive),
-    index3("user_public_keys_fingerprint_idx").on(table.fingerprint)
-  ]
-);
-export {
-  userPublicKeys
-};
-//# sourceMappingURL=user-public-keys.js.map

package/dist/server/entities/user-public-keys.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/entities/user-public-keys.ts","../../../src/server/entities/users.ts","../../../src/server/entities/roles.ts","../../../src/server/entities/schema.ts"],"sourcesContent":["/**\n * @spfn/auth - User Public Keys Entity\n *\n * Stores client-generated public keys for JWT verification\n * Supports key rotation and multi-key management per user\n */\n\nimport { text, timestamp, boolean, index } from 'drizzle-orm/pg-core';\nimport { id, foreignKey } from '@spfn/core/db';\nimport { users } from './users';\nimport { authSchema } from './schema';\n\n/**\n * User Public Keys Table\n * Each user can have multiple public keys (for rotation)\n */\nexport const userPublicKeys = authSchema.table(\n    'user_public_keys',\n    {\n        id: id(),\n\n        // User reference\n        userId: foreignKey('user', () => users.id),\n\n        // Key identification (client-generated UUID)\n        keyId: text('key_id').notNull().unique(),\n\n        // Public key in Base64-encoded DER format (SPKI)\n        publicKey: text('public_key').notNull(),\n\n        // Algorithm used (ES256 recommended, RS256 fallback)\n        algorithm: text('algorithm', {\n            enum: ['ES256', 'RS256']\n        }).notNull().default('ES256'),\n\n        // Key fingerprint (SHA-256 hash for quick identification)\n        fingerprint: text('fingerprint').notNull(),\n\n        // Key status\n        isActive: boolean('is_active').notNull().default(true),\n\n        // Timestamps\n        createdAt: timestamp('created_at', { mode: 'date', withTimezone: true })\n            .notNull()\n            .defaultNow(),\n\n        lastUsedAt: timestamp('last_used_at', { mode: 'date', withTimezone: true }),\n\n        expiresAt: timestamp('expires_at', { mode: 'date', withTimezone: true }),\n\n        // Revocation\n        revokedAt: timestamp('revoked_at', { mode: 'date', withTimezone: true }),\n        revokedReason: text('revoked_reason'),\n    },\n    (table) => [\n        index('user_public_keys_user_id_idx').on(table.userId),\n        index('user_public_keys_key_id_idx').on(table.keyId),\n        index('user_public_keys_active_idx').on(table.isActive),\n        index('user_public_keys_fingerprint_idx').on(table.fingerprint),\n    ]\n);\n\nexport type UserPublicKey = typeof userPublicKeys.$inferSelect;\nexport type NewUserPublicKey = typeof userPublicKeys.$inferInsert;","/**\n * @spfn/auth - Users Entity\n *\n * Main user table supporting multiple authentication methods\n *\n * Features:\n * - Email or phone-based registration\n * - Password authentication (bcrypt)\n * - OAuth support (nullable passwordHash)\n * - Role-based access control (RBAC)\n * - Account status management\n * - Email/phone verification\n */\n\nimport { text, timestamp, check, boolean, bigint, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { sql } from 'drizzle-orm';\nimport { roles } from './roles';\nimport { authSchema } from './schema';\n\nexport const users = authSchema.table('users',\n    {\n        // Identity\n        id: id(),\n\n        // Email address (unique identifier)\n        // Used for: login, password reset, notifications\n        email: text('email').unique(),\n\n        // Phone number in E.164 international format\n        // Format: +[country code][number] (e.g., +821012345678)\n        // Used for: SMS login, 2FA, notifications\n        phone: text('phone').unique(),\n\n        // Authentication\n        // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)\n        // Nullable to support OAuth-only accounts\n        passwordHash: text('password_hash'),\n\n        // Force password change on next login\n        // Use cases: initial setup, security breach, policy violation\n        passwordChangeRequired: boolean('password_change_required').notNull().default(false),\n\n        // Authorization (Role-Based Access Control)\n        // Foreign key to roles table\n        // References built-in roles: user (default), admin, superadmin\n        // Can also reference custom roles created at runtime\n        roleId: bigint('role_id', { mode: 'number' })\n            .references(() => roles.id)\n            .notNull(),\n\n        // Account status\n        // - active: Normal operation (default)\n        // - inactive: Deactivated (user request, dormant)\n        // - suspended: Locked (security incident, ToS violation)\n        status: text(\n            'status',\n            {\n                enum: ['active', 'inactive', 'suspended']\n            }\n        ).notNull().default('active'),\n\n        // Verification timestamps\n        // null = unverified, timestamp = verified at this time\n        // Email verification (via verification code or magic link)\n        emailVerifiedAt: timestamp('email_verified_at', { withTimezone: true }),\n\n        // Phone verification (via SMS OTP)\n        phoneVerifiedAt: timestamp('phone_verified_at', { withTimezone: true }),\n\n        // Metadata\n        // Last successful login timestamp\n        // Used for: security auditing, dormant account detection\n        lastLoginAt: timestamp('last_login_at', { withTimezone: true }),\n\n        ...timestamps(),\n    },\n    (table) => [\n        // Database constraints\n        // Ensure at least one identifier exists (email OR phone)\n        check(\n            'email_or_phone_check',\n            sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`\n        ),\n\n        // Indexes for query optimization\n        index('users_email_idx').on(table.email),\n        index('users_phone_idx').on(table.phone),\n        index('users_status_idx').on(table.status),\n        index('users_role_id_idx').on(table.roleId),\n    ]\n);\n\n// Type exports\nexport type User = typeof users.$inferSelect;\nexport type NewUser = typeof users.$inferInsert;\nexport type UserStatus = 'active' | 'inactive' | 'suspended';\n\n// Helper type with computed verification status\nexport type UserWithVerification = User &\n{\n    isEmailVerified: boolean;\n    isPhoneVerified: boolean;\n};","/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const roles = authSchema.table('roles',\n    {\n        // Primary key\n        id: id(),\n\n        // Role identifier (used in code, e.g., 'admin', 'editor')\n        // Must be unique, lowercase, kebab-case recommended\n        name: text('name').notNull().unique(),\n\n        // Display name for UI (e.g., 'Administrator', 'Content Editor')\n        displayName: text('display_name').notNull(),\n\n        // Role description\n        description: text('description'),\n\n        // Built-in role flag\n        // true: Core package roles (user, admin, superadmin) - cannot be deleted\n        // false: Custom or preset roles - can be deleted\n        isBuiltin: boolean('is_builtin').notNull().default(false),\n\n        // System role flag\n        // true: Defined in code (builtin or preset) - deletion restricted\n        // false: Runtime created custom role - fully manageable\n        isSystem: boolean('is_system').notNull().default(false),\n\n        // Active status\n        // false: Deactivated role (users cannot be assigned)\n        isActive: boolean('is_active').notNull().default(true),\n\n        // Priority level (higher = more privileged)\n        // superadmin: 100, admin: 80, user: 10\n        // Used for role hierarchy and conflict resolution\n        priority: integer('priority').notNull().default(10),\n\n        ...timestamps(),\n    },\n    (table) => [\n        index('roles_name_idx').on(table.name),\n        index('roles_is_system_idx').on(table.isSystem),\n        index('roles_is_active_idx').on(table.isActive),\n        index('roles_is_builtin_idx').on(table.isBuiltin),\n        index('roles_priority_idx').on(table.priority),\n    ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');"],"mappings":";AAOA,SAAS,QAAAA,OAAM,aAAAC,YAAW,WAAAC,UAAS,SAAAC,cAAa;AAChD,SAAS,MAAAC,KAAI,kBAAkB;;;ACM/B,SAAS,QAAAC,OAAM,WAAW,OAAO,WAAAC,UAAS,QAAQ,SAAAC,cAAa;AAC/D,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAC/B,SAAS,WAAW;;;ACJpB,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,kBAAkB;;;ACP/B,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ADIpD,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;;;ADvCO,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA,IAIP,OAAOC,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,OAAOA,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,cAAcA,MAAK,eAAe;AAAA;AAAA;AAAA,IAIlC,wBAAwBC,SAAQ,0BAA0B,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,IAMnF,QAAQ,OAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,IAMb,QAAQD;AAAA,MACJ;AAAA,MACA;AAAA,QACI,MAAM,CAAC,UAAU,YAAY,WAAW;AAAA,MAC5C;AAAA,IACJ,EAAE,QAAQ,EAAE,QAAQ,QAAQ;AAAA;AAAA;AAAA;AAAA,IAK5B,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA,IAGtE,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA,IAKtE,aAAa,UAAU,iBAAiB,EAAE,cAAc,KAAK,CAAC;AAAA,IAE9D,GAAGE,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA;AAAA,IAGP;AAAA,MACI;AAAA,MACA,MAAM,MAAM,KAAK,mBAAmB,MAAM,KAAK;AAAA,IACnD;AAAA;AAAA,IAGAC,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,kBAAkB,EAAE,GAAG,MAAM,MAAM;AAAA,IACzCA,OAAM,mBAAmB,EAAE,GAAG,MAAM,MAAM;AAAA,EAC9C;AACJ;;;AD3EO,IAAM,iBAAiB,WAAW;AAAA,EACrC;AAAA,EACA;AAAA,IACI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQ,WAAW,QAAQ,MAAM,MAAM,EAAE;AAAA;AAAA,IAGzC,OAAOC,MAAK,QAAQ,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGvC,WAAWA,MAAK,YAAY,EAAE,QAAQ;AAAA;AAAA,IAGtC,WAAWA,MAAK,aAAa;AAAA,MACzB,MAAM,CAAC,SAAS,OAAO;AAAA,IAC3B,CAAC,EAAE,QAAQ,EAAE,QAAQ,OAAO;AAAA;AAAA,IAG5B,aAAaA,MAAK,aAAa,EAAE,QAAQ;AAAA;AAAA,IAGzC,UAAUC,SAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA,IAGrD,WAAWC,WAAU,cAAc,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC,EAClE,QAAQ,EACR,WAAW;AAAA,IAEhB,YAAYA,WAAU,gBAAgB,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC;AAAA,IAE1E,WAAWA,WAAU,cAAc,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC;AAAA;AAAA,IAGvE,WAAWA,WAAU,cAAc,EAAE,MAAM,QAAQ,cAAc,KAAK,CAAC;AAAA,IACvE,eAAeF,MAAK,gBAAgB;AAAA,EACxC;AAAA,EACA,CAAC,UAAU;AAAA,IACPG,OAAM,8BAA8B,EAAE,GAAG,MAAM,MAAM;AAAA,IACrDA,OAAM,6BAA6B,EAAE,GAAG,MAAM,KAAK;AAAA,IACnDA,OAAM,6BAA6B,EAAE,GAAG,MAAM,QAAQ;AAAA,IACtDA,OAAM,kCAAkC,EAAE,GAAG,MAAM,WAAW;AAAA,EAClE;AACJ;","names":["text","timestamp","boolean","index","id","text","boolean","index","id","timestamps","id","text","boolean","timestamps","index","id","text","boolean","timestamp","index"]}

package/dist/server/entities/user-social-accounts.d.ts

@@ -1,189 +0,0 @@
-import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
-
-/**
- * @spfn/auth - User Social Accounts Entity
- *
- * Stores OAuth connections for social login providers
- */
-declare const userSocialAccounts: drizzle_orm_pg_core.PgTableWithColumns<{
-    name: "user_social_accounts";
-    schema: string;
-    columns: {
-        createdAt: drizzle_orm_pg_core.PgColumn<{
-            name: "created_at";
-            tableName: "user_social_accounts";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        updatedAt: drizzle_orm_pg_core.PgColumn<{
-            name: "updated_at";
-            tableName: "user_social_accounts";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        id: drizzle_orm_pg_core.PgColumn<{
-            name: "id";
-            tableName: "user_social_accounts";
-            dataType: "number";
-            columnType: "PgBigSerial53";
-            data: number;
-            driverParam: number;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: true;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        userId: drizzle_orm_pg_core.PgColumn<{
-            name: `${string}_id`;
-            tableName: "user_social_accounts";
-            dataType: "number";
-            columnType: "PgBigSerial53";
-            data: number;
-            driverParam: number;
-            notNull: true;
-            hasDefault: true;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        provider: drizzle_orm_pg_core.PgColumn<{
-            name: "provider";
-            tableName: "user_social_accounts";
-            dataType: "string";
-            columnType: "PgText";
-            data: "google" | "github" | "kakao" | "naver";
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: ["google", "github", "kakao", "naver"];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        providerUserId: drizzle_orm_pg_core.PgColumn<{
-            name: "provider_user_id";
-            tableName: "user_social_accounts";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: true;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        providerEmail: drizzle_orm_pg_core.PgColumn<{
-            name: "provider_email";
-            tableName: "user_social_accounts";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        accessToken: drizzle_orm_pg_core.PgColumn<{
-            name: "access_token";
-            tableName: "user_social_accounts";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        refreshToken: drizzle_orm_pg_core.PgColumn<{
-            name: "refresh_token";
-            tableName: "user_social_accounts";
-            dataType: "string";
-            columnType: "PgText";
-            data: string;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: [string, ...string[]];
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-        tokenExpiresAt: drizzle_orm_pg_core.PgColumn<{
-            name: "token_expires_at";
-            tableName: "user_social_accounts";
-            dataType: "date";
-            columnType: "PgTimestamp";
-            data: Date;
-            driverParam: string;
-            notNull: false;
-            hasDefault: false;
-            isPrimaryKey: false;
-            isAutoincrement: false;
-            hasRuntimeDefault: false;
-            enumValues: undefined;
-            baseColumn: never;
-            identity: undefined;
-            generated: undefined;
-        }, {}, {}>;
-    };
-    dialect: "pg";
-}>;
-type UserSocialAccount = typeof userSocialAccounts.$inferSelect;
-type NewUserSocialAccount = typeof userSocialAccounts.$inferInsert;
-type SocialProvider = 'google' | 'github' | 'kakao' | 'naver';
-
-export { type NewUserSocialAccount, type SocialProvider, type UserSocialAccount, userSocialAccounts };

package/dist/server/entities/user-social-accounts.js

@@ -1,149 +0,0 @@
-// src/server/entities/user-social-accounts.ts
-import { text as text3, timestamp as timestamp2, uniqueIndex } from "drizzle-orm/pg-core";
-import { id as id3, timestamps as timestamps3, foreignKey } from "@spfn/core/db";
-
-// src/server/entities/users.ts
-import { text as text2, timestamp, check, boolean as boolean2, bigint, index as index2 } from "drizzle-orm/pg-core";
-import { id as id2, timestamps as timestamps2 } from "@spfn/core/db";
-import { sql } from "drizzle-orm";
-
-// src/server/entities/roles.ts
-import { text, boolean, integer, index } from "drizzle-orm/pg-core";
-import { id, timestamps } from "@spfn/core/db";
-
-// src/server/entities/schema.ts
-import { createFunctionSchema } from "@spfn/core/db";
-var authSchema = createFunctionSchema("@spfn/auth");
-
-// src/server/entities/roles.ts
-var roles = authSchema.table(
-  "roles",
-  {
-    // Primary key
-    id: id(),
-    // Role identifier (used in code, e.g., 'admin', 'editor')
-    // Must be unique, lowercase, kebab-case recommended
-    name: text("name").notNull().unique(),
-    // Display name for UI (e.g., 'Administrator', 'Content Editor')
-    displayName: text("display_name").notNull(),
-    // Role description
-    description: text("description"),
-    // Built-in role flag
-    // true: Core package roles (user, admin, superadmin) - cannot be deleted
-    // false: Custom or preset roles - can be deleted
-    isBuiltin: boolean("is_builtin").notNull().default(false),
-    // System role flag
-    // true: Defined in code (builtin or preset) - deletion restricted
-    // false: Runtime created custom role - fully manageable
-    isSystem: boolean("is_system").notNull().default(false),
-    // Active status
-    // false: Deactivated role (users cannot be assigned)
-    isActive: boolean("is_active").notNull().default(true),
-    // Priority level (higher = more privileged)
-    // superadmin: 100, admin: 80, user: 10
-    // Used for role hierarchy and conflict resolution
-    priority: integer("priority").notNull().default(10),
-    ...timestamps()
-  },
-  (table) => [
-    index("roles_name_idx").on(table.name),
-    index("roles_is_system_idx").on(table.isSystem),
-    index("roles_is_active_idx").on(table.isActive),
-    index("roles_is_builtin_idx").on(table.isBuiltin),
-    index("roles_priority_idx").on(table.priority)
-  ]
-);
-
-// src/server/entities/users.ts
-var users = authSchema.table(
-  "users",
-  {
-    // Identity
-    id: id2(),
-    // Email address (unique identifier)
-    // Used for: login, password reset, notifications
-    email: text2("email").unique(),
-    // Phone number in E.164 international format
-    // Format: +[country code][number] (e.g., +821012345678)
-    // Used for: SMS login, 2FA, notifications
-    phone: text2("phone").unique(),
-    // Authentication
-    // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)
-    // Nullable to support OAuth-only accounts
-    passwordHash: text2("password_hash"),
-    // Force password change on next login
-    // Use cases: initial setup, security breach, policy violation
-    passwordChangeRequired: boolean2("password_change_required").notNull().default(false),
-    // Authorization (Role-Based Access Control)
-    // Foreign key to roles table
-    // References built-in roles: user (default), admin, superadmin
-    // Can also reference custom roles created at runtime
-    roleId: bigint("role_id", { mode: "number" }).references(() => roles.id).notNull(),
-    // Account status
-    // - active: Normal operation (default)
-    // - inactive: Deactivated (user request, dormant)
-    // - suspended: Locked (security incident, ToS violation)
-    status: text2(
-      "status",
-      {
-        enum: ["active", "inactive", "suspended"]
-      }
-    ).notNull().default("active"),
-    // Verification timestamps
-    // null = unverified, timestamp = verified at this time
-    // Email verification (via verification code or magic link)
-    emailVerifiedAt: timestamp("email_verified_at", { withTimezone: true }),
-    // Phone verification (via SMS OTP)
-    phoneVerifiedAt: timestamp("phone_verified_at", { withTimezone: true }),
-    // Metadata
-    // Last successful login timestamp
-    // Used for: security auditing, dormant account detection
-    lastLoginAt: timestamp("last_login_at", { withTimezone: true }),
-    ...timestamps2()
-  },
-  (table) => [
-    // Database constraints
-    // Ensure at least one identifier exists (email OR phone)
-    check(
-      "email_or_phone_check",
-      sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`
-    ),
-    // Indexes for query optimization
-    index2("users_email_idx").on(table.email),
-    index2("users_phone_idx").on(table.phone),
-    index2("users_status_idx").on(table.status),
-    index2("users_role_id_idx").on(table.roleId)
-  ]
-);
-
-// src/server/entities/user-social-accounts.ts
-var userSocialAccounts = authSchema.table(
-  "user_social_accounts",
-  {
-    id: id3(),
-    // Foreign key to users
-    userId: foreignKey("user", () => users.id),
-    // Provider info
-    provider: text3(
-      "provider",
-      {
-        enum: ["google", "github", "kakao", "naver"]
-      }
-    ).notNull(),
-    providerUserId: text3("provider_user_id").notNull(),
-    providerEmail: text3("provider_email"),
-    // OAuth tokens (encrypted in production)
-    accessToken: text3("access_token"),
-    refreshToken: text3("refresh_token"),
-    tokenExpiresAt: timestamp2("token_expires_at", { withTimezone: true }),
-    ...timestamps3()
-  },
-  (table) => [
-    // Unique constraint: one provider account per provider
-    uniqueIndex("provider_user_unique_idx").on(table.provider, table.providerUserId)
-  ]
-);
-export {
-  userSocialAccounts
-};
-//# sourceMappingURL=user-social-accounts.js.map

package/dist/server/entities/user-social-accounts.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../../../src/server/entities/user-social-accounts.ts","../../../src/server/entities/users.ts","../../../src/server/entities/roles.ts","../../../src/server/entities/schema.ts"],"sourcesContent":["/**\n * @spfn/auth - User Social Accounts Entity\n *\n * Stores OAuth connections for social login providers\n */\n\nimport { text, timestamp, uniqueIndex } from 'drizzle-orm/pg-core';\nimport { id, timestamps, foreignKey } from '@spfn/core/db';\nimport { users } from './users';\nimport { authSchema } from './schema';\n\nexport const userSocialAccounts = authSchema.table('user_social_accounts',\n    {\n        id: id(),\n\n        // Foreign key to users\n        userId: foreignKey('user', () => users.id),\n\n        // Provider info\n        provider: text(\n            'provider',\n            {\n                enum: ['google', 'github', 'kakao', 'naver']\n            }\n        ).notNull(),\n\n        providerUserId: text('provider_user_id').notNull(),\n        providerEmail: text('provider_email'),\n\n        // OAuth tokens (encrypted in production)\n        accessToken: text('access_token'),\n        refreshToken: text('refresh_token'),\n        tokenExpiresAt: timestamp('token_expires_at', { withTimezone: true }),\n\n        ...timestamps(),\n    },\n    (table) => [\n        // Unique constraint: one provider account per provider\n        uniqueIndex('provider_user_unique_idx')\n            .on(table.provider, table.providerUserId),\n    ]\n);\n\n// Type exports\nexport type UserSocialAccount = typeof userSocialAccounts.$inferSelect;\nexport type NewUserSocialAccount = typeof userSocialAccounts.$inferInsert;\nexport type SocialProvider = 'google' | 'github' | 'kakao' | 'naver';","/**\n * @spfn/auth - Users Entity\n *\n * Main user table supporting multiple authentication methods\n *\n * Features:\n * - Email or phone-based registration\n * - Password authentication (bcrypt)\n * - OAuth support (nullable passwordHash)\n * - Role-based access control (RBAC)\n * - Account status management\n * - Email/phone verification\n */\n\nimport { text, timestamp, check, boolean, bigint, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { sql } from 'drizzle-orm';\nimport { roles } from './roles';\nimport { authSchema } from './schema';\n\nexport const users = authSchema.table('users',\n    {\n        // Identity\n        id: id(),\n\n        // Email address (unique identifier)\n        // Used for: login, password reset, notifications\n        email: text('email').unique(),\n\n        // Phone number in E.164 international format\n        // Format: +[country code][number] (e.g., +821012345678)\n        // Used for: SMS login, 2FA, notifications\n        phone: text('phone').unique(),\n\n        // Authentication\n        // Bcrypt password hash ($2b$10$[salt][hash], 60 chars)\n        // Nullable to support OAuth-only accounts\n        passwordHash: text('password_hash'),\n\n        // Force password change on next login\n        // Use cases: initial setup, security breach, policy violation\n        passwordChangeRequired: boolean('password_change_required').notNull().default(false),\n\n        // Authorization (Role-Based Access Control)\n        // Foreign key to roles table\n        // References built-in roles: user (default), admin, superadmin\n        // Can also reference custom roles created at runtime\n        roleId: bigint('role_id', { mode: 'number' })\n            .references(() => roles.id)\n            .notNull(),\n\n        // Account status\n        // - active: Normal operation (default)\n        // - inactive: Deactivated (user request, dormant)\n        // - suspended: Locked (security incident, ToS violation)\n        status: text(\n            'status',\n            {\n                enum: ['active', 'inactive', 'suspended']\n            }\n        ).notNull().default('active'),\n\n        // Verification timestamps\n        // null = unverified, timestamp = verified at this time\n        // Email verification (via verification code or magic link)\n        emailVerifiedAt: timestamp('email_verified_at', { withTimezone: true }),\n\n        // Phone verification (via SMS OTP)\n        phoneVerifiedAt: timestamp('phone_verified_at', { withTimezone: true }),\n\n        // Metadata\n        // Last successful login timestamp\n        // Used for: security auditing, dormant account detection\n        lastLoginAt: timestamp('last_login_at', { withTimezone: true }),\n\n        ...timestamps(),\n    },\n    (table) => [\n        // Database constraints\n        // Ensure at least one identifier exists (email OR phone)\n        check(\n            'email_or_phone_check',\n            sql`${table.email} IS NOT NULL OR ${table.phone} IS NOT NULL`\n        ),\n\n        // Indexes for query optimization\n        index('users_email_idx').on(table.email),\n        index('users_phone_idx').on(table.phone),\n        index('users_status_idx').on(table.status),\n        index('users_role_id_idx').on(table.roleId),\n    ]\n);\n\n// Type exports\nexport type User = typeof users.$inferSelect;\nexport type NewUser = typeof users.$inferInsert;\nexport type UserStatus = 'active' | 'inactive' | 'suspended';\n\n// Helper type with computed verification status\nexport type UserWithVerification = User &\n{\n    isEmailVerified: boolean;\n    isPhoneVerified: boolean;\n};","/**\n * @spfn/auth - Roles Entity\n *\n * Role-based access control (RBAC) roles table\n *\n * Features:\n * - Built-in roles (user, admin, superadmin) - cannot be deleted\n * - System roles (preset roles) - can be deactivated\n * - Custom roles (runtime created) - fully manageable\n * - Priority-based hierarchy\n */\n\nimport { text, boolean, integer, index } from 'drizzle-orm/pg-core';\nimport { id, timestamps } from '@spfn/core/db';\nimport { authSchema } from './schema';\n\nexport const roles = authSchema.table('roles',\n    {\n        // Primary key\n        id: id(),\n\n        // Role identifier (used in code, e.g., 'admin', 'editor')\n        // Must be unique, lowercase, kebab-case recommended\n        name: text('name').notNull().unique(),\n\n        // Display name for UI (e.g., 'Administrator', 'Content Editor')\n        displayName: text('display_name').notNull(),\n\n        // Role description\n        description: text('description'),\n\n        // Built-in role flag\n        // true: Core package roles (user, admin, superadmin) - cannot be deleted\n        // false: Custom or preset roles - can be deleted\n        isBuiltin: boolean('is_builtin').notNull().default(false),\n\n        // System role flag\n        // true: Defined in code (builtin or preset) - deletion restricted\n        // false: Runtime created custom role - fully manageable\n        isSystem: boolean('is_system').notNull().default(false),\n\n        // Active status\n        // false: Deactivated role (users cannot be assigned)\n        isActive: boolean('is_active').notNull().default(true),\n\n        // Priority level (higher = more privileged)\n        // superadmin: 100, admin: 80, user: 10\n        // Used for role hierarchy and conflict resolution\n        priority: integer('priority').notNull().default(10),\n\n        ...timestamps(),\n    },\n    (table) => [\n        index('roles_name_idx').on(table.name),\n        index('roles_is_system_idx').on(table.isSystem),\n        index('roles_is_active_idx').on(table.isActive),\n        index('roles_is_builtin_idx').on(table.isBuiltin),\n        index('roles_priority_idx').on(table.priority),\n    ]\n);\n\n// Type exports\nexport type RoleEntity = typeof roles.$inferSelect;\nexport type NewRoleEntity = typeof roles.$inferInsert;\n\n// Legacy alias for backward compatibility\nexport type Role = RoleEntity;\nexport type NewRole = NewRoleEntity;","/**\n * @spfn/auth - Database Schema Definition\n *\n * Defines the 'spfn_auth' PostgreSQL schema for all auth-related tables\n */\n\nimport { createFunctionSchema } from '@spfn/core/db';\n\n/**\n * Auth schema for all authentication and authorization tables\n * Tables: users, roles, permissions, user_invitations, etc.\n */\nexport const authSchema = createFunctionSchema('@spfn/auth');"],"mappings":";AAMA,SAAS,QAAAA,OAAM,aAAAC,YAAW,mBAAmB;AAC7C,SAAS,MAAAC,KAAI,cAAAC,aAAY,kBAAkB;;;ACO3C,SAAS,QAAAC,OAAM,WAAW,OAAO,WAAAC,UAAS,QAAQ,SAAAC,cAAa;AAC/D,SAAS,MAAAC,KAAI,cAAAC,mBAAkB;AAC/B,SAAS,WAAW;;;ACJpB,SAAS,MAAM,SAAS,SAAS,aAAa;AAC9C,SAAS,IAAI,kBAAkB;;;ACP/B,SAAS,4BAA4B;AAM9B,IAAM,aAAa,qBAAqB,YAAY;;;ADIpD,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAI,GAAG;AAAA;AAAA;AAAA,IAIP,MAAM,KAAK,MAAM,EAAE,QAAQ,EAAE,OAAO;AAAA;AAAA,IAGpC,aAAa,KAAK,cAAc,EAAE,QAAQ;AAAA;AAAA,IAG1C,aAAa,KAAK,aAAa;AAAA;AAAA;AAAA;AAAA,IAK/B,WAAW,QAAQ,YAAY,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA,IAKxD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA,IAItD,UAAU,QAAQ,WAAW,EAAE,QAAQ,EAAE,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA,IAKrD,UAAU,QAAQ,UAAU,EAAE,QAAQ,EAAE,QAAQ,EAAE;AAAA,IAElD,GAAG,WAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA,IACP,MAAM,gBAAgB,EAAE,GAAG,MAAM,IAAI;AAAA,IACrC,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,qBAAqB,EAAE,GAAG,MAAM,QAAQ;AAAA,IAC9C,MAAM,sBAAsB,EAAE,GAAG,MAAM,SAAS;AAAA,IAChD,MAAM,oBAAoB,EAAE,GAAG,MAAM,QAAQ;AAAA,EACjD;AACJ;;;ADvCO,IAAM,QAAQ,WAAW;AAAA,EAAM;AAAA,EAClC;AAAA;AAAA,IAEI,IAAIC,IAAG;AAAA;AAAA;AAAA,IAIP,OAAOC,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,OAAOA,MAAK,OAAO,EAAE,OAAO;AAAA;AAAA;AAAA;AAAA,IAK5B,cAAcA,MAAK,eAAe;AAAA;AAAA;AAAA,IAIlC,wBAAwBC,SAAQ,0BAA0B,EAAE,QAAQ,EAAE,QAAQ,KAAK;AAAA;AAAA;AAAA;AAAA;AAAA,IAMnF,QAAQ,OAAO,WAAW,EAAE,MAAM,SAAS,CAAC,EACvC,WAAW,MAAM,MAAM,EAAE,EACzB,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,IAMb,QAAQD;AAAA,MACJ;AAAA,MACA;AAAA,QACI,MAAM,CAAC,UAAU,YAAY,WAAW;AAAA,MAC5C;AAAA,IACJ,EAAE,QAAQ,EAAE,QAAQ,QAAQ;AAAA;AAAA;AAAA;AAAA,IAK5B,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA,IAGtE,iBAAiB,UAAU,qBAAqB,EAAE,cAAc,KAAK,CAAC;AAAA;AAAA;AAAA;AAAA,IAKtE,aAAa,UAAU,iBAAiB,EAAE,cAAc,KAAK,CAAC;AAAA,IAE9D,GAAGE,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA;AAAA,IAGP;AAAA,MACI;AAAA,MACA,MAAM,MAAM,KAAK,mBAAmB,MAAM,KAAK;AAAA,IACnD;AAAA;AAAA,IAGAC,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,iBAAiB,EAAE,GAAG,MAAM,KAAK;AAAA,IACvCA,OAAM,kBAAkB,EAAE,GAAG,MAAM,MAAM;AAAA,IACzCA,OAAM,mBAAmB,EAAE,GAAG,MAAM,MAAM;AAAA,EAC9C;AACJ;;;ADhFO,IAAM,qBAAqB,WAAW;AAAA,EAAM;AAAA,EAC/C;AAAA,IACI,IAAIC,IAAG;AAAA;AAAA,IAGP,QAAQ,WAAW,QAAQ,MAAM,MAAM,EAAE;AAAA;AAAA,IAGzC,UAAUC;AAAA,MACN;AAAA,MACA;AAAA,QACI,MAAM,CAAC,UAAU,UAAU,SAAS,OAAO;AAAA,MAC/C;AAAA,IACJ,EAAE,QAAQ;AAAA,IAEV,gBAAgBA,MAAK,kBAAkB,EAAE,QAAQ;AAAA,IACjD,eAAeA,MAAK,gBAAgB;AAAA;AAAA,IAGpC,aAAaA,MAAK,cAAc;AAAA,IAChC,cAAcA,MAAK,eAAe;AAAA,IAClC,gBAAgBC,WAAU,oBAAoB,EAAE,cAAc,KAAK,CAAC;AAAA,IAEpE,GAAGC,YAAW;AAAA,EAClB;AAAA,EACA,CAAC,UAAU;AAAA;AAAA,IAEP,YAAY,0BAA0B,EACjC,GAAG,MAAM,UAAU,MAAM,cAAc;AAAA,EAChD;AACJ;","names":["text","timestamp","id","timestamps","text","boolean","index","id","timestamps","id","text","boolean","timestamps","index","id","text","timestamp","timestamps"]}