@spfn/auth 0.2.0-beta.1 → 0.2.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/config.d.ts +4 -0
- package/dist/config.js +4 -0
- package/dist/config.js.map +1 -1
- package/dist/{dto-81uR9gzF.d.ts → dto-CRlgoCP5.d.ts} +25 -10
- package/dist/index.d.ts +26 -12
- package/dist/nextjs/api.js +1 -1
- package/dist/nextjs/api.js.map +1 -1
- package/dist/nextjs/server.js +0 -1
- package/dist/nextjs/server.js.map +1 -1
- package/dist/server.d.ts +180 -49
- package/dist/server.js +264 -91
- package/dist/server.js.map +1 -1
- package/migrations/0000_premium_famine.sql +292 -0
- package/migrations/meta/0000_snapshot.json +1 -1
- package/migrations/meta/_journal.json +2 -2
- package/package.json +11 -7
- package/migrations/0000_mysterious_colossus.sql +0 -197
package/dist/server.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, q as AuthContext } from './dto-
|
|
2
|
-
export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, X as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, Z as PasswordSchema, Y as PhoneSchema, x as RegisterParams, O as RegisterPublicKeyParams,
|
|
1
|
+
import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, q as AuthContext } from './dto-CRlgoCP5.js';
|
|
2
|
+
export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, X as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, Z as PasswordSchema, Y as PhoneSchema, x as RegisterParams, O as RegisterPublicKeyParams, b as RegisterResult, T as RevokeKeyParams, Q as RotateKeyParams, c as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, p as SocialProvider, _ as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, $ as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, W as authenticate, v as changePasswordService, r as checkAccountExistsService, t as loginService, u as logoutService, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './dto-CRlgoCP5.js';
|
|
3
3
|
import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
|
|
4
|
-
import { UserProfile as UserProfile$1 } from '@spfn/auth';
|
|
4
|
+
import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
|
|
5
5
|
import { BaseRepository } from '@spfn/core/db';
|
|
6
6
|
import { Context } from 'hono';
|
|
7
7
|
import * as _spfn_core_route from '@spfn/core/route';
|
|
@@ -406,6 +406,19 @@ declare function hasAnyPermission(userId: string | number | bigint, permissionNa
|
|
|
406
406
|
* ```
|
|
407
407
|
*/
|
|
408
408
|
declare function hasAllPermissions(userId: string | number | bigint, permissionNames: string[]): Promise<boolean>;
|
|
409
|
+
/**
|
|
410
|
+
* Get user's role name
|
|
411
|
+
*
|
|
412
|
+
* @param userId - User ID
|
|
413
|
+
* @returns Role name or null if user has no role
|
|
414
|
+
*
|
|
415
|
+
* @example
|
|
416
|
+
* ```typescript
|
|
417
|
+
* const role = await getUserRole('123');
|
|
418
|
+
* // 'admin' or null
|
|
419
|
+
* ```
|
|
420
|
+
*/
|
|
421
|
+
declare function getUserRole(userId: string | number | bigint): Promise<string | null>;
|
|
409
422
|
/**
|
|
410
423
|
* Check if user has a specific role
|
|
411
424
|
*
|
|
@@ -1242,7 +1255,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
|
|
|
1242
1255
|
id: number;
|
|
1243
1256
|
name: string;
|
|
1244
1257
|
displayName: string;
|
|
1245
|
-
category: "
|
|
1258
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
|
|
1246
1259
|
}[];
|
|
1247
1260
|
userId: number;
|
|
1248
1261
|
email: string | null;
|
|
@@ -1253,10 +1266,30 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
|
|
|
1253
1266
|
/**
|
|
1254
1267
|
* @spfn/auth - User Profile Service
|
|
1255
1268
|
*
|
|
1256
|
-
* Service for retrieving user profile information
|
|
1269
|
+
* Service for retrieving and updating user profile information
|
|
1257
1270
|
* Returns full user info with profile data
|
|
1258
1271
|
*/
|
|
1259
1272
|
|
|
1273
|
+
/**
|
|
1274
|
+
* Profile update parameters
|
|
1275
|
+
* All fields are optional, empty string will be converted to null
|
|
1276
|
+
*/
|
|
1277
|
+
interface UpdateProfileParams {
|
|
1278
|
+
displayName?: string;
|
|
1279
|
+
firstName?: string;
|
|
1280
|
+
lastName?: string;
|
|
1281
|
+
avatarUrl?: string;
|
|
1282
|
+
bio?: string;
|
|
1283
|
+
locale?: string;
|
|
1284
|
+
timezone?: string;
|
|
1285
|
+
dateOfBirth?: string;
|
|
1286
|
+
gender?: string;
|
|
1287
|
+
website?: string;
|
|
1288
|
+
location?: string;
|
|
1289
|
+
company?: string;
|
|
1290
|
+
jobTitle?: string;
|
|
1291
|
+
metadata?: Record<string, any>;
|
|
1292
|
+
}
|
|
1260
1293
|
/**
|
|
1261
1294
|
* Get user profile information
|
|
1262
1295
|
*
|
|
@@ -1272,6 +1305,26 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
|
|
|
1272
1305
|
* ```
|
|
1273
1306
|
*/
|
|
1274
1307
|
declare function getUserProfileService(userId: string | number | bigint): Promise<UserProfile$1>;
|
|
1308
|
+
/**
|
|
1309
|
+
* Update user profile (upsert)
|
|
1310
|
+
*
|
|
1311
|
+
* Creates profile if not exists, updates if exists
|
|
1312
|
+
* Empty strings are converted to null
|
|
1313
|
+
*
|
|
1314
|
+
* @param userId - User ID
|
|
1315
|
+
* @param params - Profile fields to update
|
|
1316
|
+
* @returns Updated profile info
|
|
1317
|
+
*
|
|
1318
|
+
* @example
|
|
1319
|
+
* ```typescript
|
|
1320
|
+
* const profile = await updateUserProfileService(123, {
|
|
1321
|
+
* displayName: 'John Doe',
|
|
1322
|
+
* bio: 'Software Engineer',
|
|
1323
|
+
* location: '', // will be saved as null
|
|
1324
|
+
* });
|
|
1325
|
+
* ```
|
|
1326
|
+
*/
|
|
1327
|
+
declare function updateUserProfileService(userId: string | number | bigint, params: UpdateProfileParams): Promise<ProfileInfo>;
|
|
1275
1328
|
|
|
1276
1329
|
/**
|
|
1277
1330
|
* @spfn/auth - Email Template Types
|
|
@@ -2694,7 +2747,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
|
2694
2747
|
tableName: "permissions";
|
|
2695
2748
|
dataType: "string";
|
|
2696
2749
|
columnType: "PgText";
|
|
2697
|
-
data: "
|
|
2750
|
+
data: "auth" | "custom" | "user" | "rbac" | "system";
|
|
2698
2751
|
driverParam: string;
|
|
2699
2752
|
notNull: false;
|
|
2700
2753
|
hasDefault: false;
|
|
@@ -3143,13 +3196,13 @@ declare class UsersRepository extends BaseRepository {
|
|
|
3143
3196
|
create(data: NewUser): Promise<{
|
|
3144
3197
|
email: string | null;
|
|
3145
3198
|
phone: string | null;
|
|
3146
|
-
status: "active" | "inactive" | "suspended";
|
|
3147
3199
|
id: number;
|
|
3148
|
-
createdAt: Date;
|
|
3149
|
-
updatedAt: Date;
|
|
3150
3200
|
passwordHash: string | null;
|
|
3151
3201
|
passwordChangeRequired: boolean;
|
|
3152
3202
|
roleId: number;
|
|
3203
|
+
createdAt: Date;
|
|
3204
|
+
updatedAt: Date;
|
|
3205
|
+
status: "active" | "inactive" | "suspended";
|
|
3153
3206
|
emailVerifiedAt: Date | null;
|
|
3154
3207
|
phoneVerifiedAt: Date | null;
|
|
3155
3208
|
lastLoginAt: Date | null;
|
|
@@ -3215,13 +3268,13 @@ declare class UsersRepository extends BaseRepository {
|
|
|
3215
3268
|
deleteById(id: number): Promise<{
|
|
3216
3269
|
email: string | null;
|
|
3217
3270
|
phone: string | null;
|
|
3218
|
-
status: "active" | "inactive" | "suspended";
|
|
3219
3271
|
id: number;
|
|
3220
|
-
createdAt: Date;
|
|
3221
|
-
updatedAt: Date;
|
|
3222
3272
|
passwordHash: string | null;
|
|
3223
3273
|
passwordChangeRequired: boolean;
|
|
3224
3274
|
roleId: number;
|
|
3275
|
+
createdAt: Date;
|
|
3276
|
+
updatedAt: Date;
|
|
3277
|
+
status: "active" | "inactive" | "suspended";
|
|
3225
3278
|
emailVerifiedAt: Date | null;
|
|
3226
3279
|
phoneVerifiedAt: Date | null;
|
|
3227
3280
|
lastLoginAt: Date | null;
|
|
@@ -3244,7 +3297,7 @@ declare class UsersRepository extends BaseRepository {
|
|
|
3244
3297
|
id: number;
|
|
3245
3298
|
name: string;
|
|
3246
3299
|
displayName: string;
|
|
3247
|
-
category: "
|
|
3300
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
|
|
3248
3301
|
}[];
|
|
3249
3302
|
}>;
|
|
3250
3303
|
/**
|
|
@@ -3354,16 +3407,16 @@ declare class KeysRepository extends BaseRepository {
|
|
|
3354
3407
|
* Write primary 사용
|
|
3355
3408
|
*/
|
|
3356
3409
|
create(data: NewUserPublicKey): Promise<{
|
|
3357
|
-
|
|
3410
|
+
publicKey: string;
|
|
3358
3411
|
keyId: string;
|
|
3412
|
+
fingerprint: string;
|
|
3413
|
+
algorithm: "ES256" | "RS256";
|
|
3414
|
+
userId: number;
|
|
3359
3415
|
id: number;
|
|
3360
3416
|
isActive: boolean;
|
|
3361
3417
|
createdAt: Date;
|
|
3362
|
-
publicKey: string;
|
|
3363
|
-
algorithm: "ES256" | "RS256";
|
|
3364
|
-
fingerprint: string;
|
|
3365
|
-
lastUsedAt: Date | null;
|
|
3366
3418
|
expiresAt: Date | null;
|
|
3419
|
+
lastUsedAt: Date | null;
|
|
3367
3420
|
revokedAt: Date | null;
|
|
3368
3421
|
revokedReason: string | null;
|
|
3369
3422
|
}>;
|
|
@@ -3390,16 +3443,16 @@ declare class KeysRepository extends BaseRepository {
|
|
|
3390
3443
|
* Write primary 사용
|
|
3391
3444
|
*/
|
|
3392
3445
|
deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
|
|
3393
|
-
|
|
3446
|
+
publicKey: string;
|
|
3394
3447
|
keyId: string;
|
|
3448
|
+
fingerprint: string;
|
|
3449
|
+
algorithm: "ES256" | "RS256";
|
|
3450
|
+
userId: number;
|
|
3395
3451
|
id: number;
|
|
3396
3452
|
isActive: boolean;
|
|
3397
3453
|
createdAt: Date;
|
|
3398
|
-
publicKey: string;
|
|
3399
|
-
algorithm: "ES256" | "RS256";
|
|
3400
|
-
fingerprint: string;
|
|
3401
|
-
lastUsedAt: Date | null;
|
|
3402
3454
|
expiresAt: Date | null;
|
|
3455
|
+
lastUsedAt: Date | null;
|
|
3403
3456
|
revokedAt: Date | null;
|
|
3404
3457
|
revokedReason: string | null;
|
|
3405
3458
|
}>;
|
|
@@ -3514,14 +3567,14 @@ declare class VerificationCodesRepository extends BaseRepository {
|
|
|
3514
3567
|
* Write primary 사용
|
|
3515
3568
|
*/
|
|
3516
3569
|
create(data: NewVerificationCode): Promise<{
|
|
3570
|
+
target: string;
|
|
3571
|
+
targetType: "email" | "phone";
|
|
3572
|
+
purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
|
|
3573
|
+
code: string;
|
|
3517
3574
|
id: number;
|
|
3518
3575
|
createdAt: Date;
|
|
3519
3576
|
updatedAt: Date;
|
|
3520
3577
|
expiresAt: Date;
|
|
3521
|
-
target: string;
|
|
3522
|
-
targetType: "email" | "phone";
|
|
3523
|
-
code: string;
|
|
3524
|
-
purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
|
|
3525
3578
|
usedAt: Date | null;
|
|
3526
3579
|
attempts: number;
|
|
3527
3580
|
}>;
|
|
@@ -3710,7 +3763,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3710
3763
|
name: string;
|
|
3711
3764
|
displayName: string;
|
|
3712
3765
|
description: string | null;
|
|
3713
|
-
category: "
|
|
3766
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3714
3767
|
isBuiltin: boolean;
|
|
3715
3768
|
isSystem: boolean;
|
|
3716
3769
|
isActive: boolean;
|
|
@@ -3726,7 +3779,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3726
3779
|
name: string;
|
|
3727
3780
|
displayName: string;
|
|
3728
3781
|
description: string | null;
|
|
3729
|
-
category: "
|
|
3782
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3730
3783
|
isBuiltin: boolean;
|
|
3731
3784
|
isSystem: boolean;
|
|
3732
3785
|
isActive: boolean;
|
|
@@ -3766,7 +3819,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3766
3819
|
name: string;
|
|
3767
3820
|
displayName: string;
|
|
3768
3821
|
description: string | null;
|
|
3769
|
-
category: "
|
|
3822
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3770
3823
|
isBuiltin: boolean;
|
|
3771
3824
|
isSystem: boolean;
|
|
3772
3825
|
isActive: boolean;
|
|
@@ -3785,8 +3838,8 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3785
3838
|
isActive: boolean;
|
|
3786
3839
|
createdAt: Date;
|
|
3787
3840
|
updatedAt: Date;
|
|
3841
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3788
3842
|
metadata: Record<string, any> | null;
|
|
3789
|
-
category: "custom" | "user" | "auth" | "rbac" | "system" | null;
|
|
3790
3843
|
}>;
|
|
3791
3844
|
}
|
|
3792
3845
|
declare const permissionsRepository: PermissionsRepository;
|
|
@@ -3831,9 +3884,9 @@ declare class RolePermissionsRepository extends BaseRepository {
|
|
|
3831
3884
|
*/
|
|
3832
3885
|
createMany(data: NewRolePermission[]): Promise<{
|
|
3833
3886
|
id: number;
|
|
3887
|
+
roleId: number;
|
|
3834
3888
|
createdAt: Date;
|
|
3835
3889
|
updatedAt: Date;
|
|
3836
|
-
roleId: number;
|
|
3837
3890
|
permissionId: number;
|
|
3838
3891
|
}[]>;
|
|
3839
3892
|
/**
|
|
@@ -3849,9 +3902,9 @@ declare class RolePermissionsRepository extends BaseRepository {
|
|
|
3849
3902
|
*/
|
|
3850
3903
|
setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
|
|
3851
3904
|
id: number;
|
|
3905
|
+
roleId: number;
|
|
3852
3906
|
createdAt: Date;
|
|
3853
3907
|
updatedAt: Date;
|
|
3854
|
-
roleId: number;
|
|
3855
3908
|
permissionId: number;
|
|
3856
3909
|
}[]>;
|
|
3857
3910
|
}
|
|
@@ -3916,10 +3969,10 @@ declare class UserPermissionsRepository extends BaseRepository {
|
|
|
3916
3969
|
id: number;
|
|
3917
3970
|
createdAt: Date;
|
|
3918
3971
|
updatedAt: Date;
|
|
3919
|
-
expiresAt: Date | null;
|
|
3920
3972
|
permissionId: number;
|
|
3921
|
-
|
|
3973
|
+
expiresAt: Date | null;
|
|
3922
3974
|
reason: string | null;
|
|
3975
|
+
granted: boolean;
|
|
3923
3976
|
}>;
|
|
3924
3977
|
/**
|
|
3925
3978
|
* 사용자 권한 오버라이드 업데이트
|
|
@@ -3942,10 +3995,10 @@ declare class UserPermissionsRepository extends BaseRepository {
|
|
|
3942
3995
|
id: number;
|
|
3943
3996
|
createdAt: Date;
|
|
3944
3997
|
updatedAt: Date;
|
|
3945
|
-
expiresAt: Date | null;
|
|
3946
3998
|
permissionId: number;
|
|
3947
|
-
|
|
3999
|
+
expiresAt: Date | null;
|
|
3948
4000
|
reason: string | null;
|
|
4001
|
+
granted: boolean;
|
|
3949
4002
|
}>;
|
|
3950
4003
|
/**
|
|
3951
4004
|
* 사용자의 모든 권한 오버라이드 삭제
|
|
@@ -4024,6 +4077,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4024
4077
|
displayName: string;
|
|
4025
4078
|
createdAt: Date;
|
|
4026
4079
|
updatedAt: Date;
|
|
4080
|
+
metadata: Record<string, any> | null;
|
|
4027
4081
|
firstName: string | null;
|
|
4028
4082
|
lastName: string | null;
|
|
4029
4083
|
avatarUrl: string | null;
|
|
@@ -4036,7 +4090,6 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4036
4090
|
location: string | null;
|
|
4037
4091
|
company: string | null;
|
|
4038
4092
|
jobTitle: string | null;
|
|
4039
|
-
metadata: Record<string, any> | null;
|
|
4040
4093
|
}>;
|
|
4041
4094
|
/**
|
|
4042
4095
|
* 프로필 업데이트 (by ID)
|
|
@@ -4093,6 +4146,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4093
4146
|
displayName: string;
|
|
4094
4147
|
createdAt: Date;
|
|
4095
4148
|
updatedAt: Date;
|
|
4149
|
+
metadata: Record<string, any> | null;
|
|
4096
4150
|
firstName: string | null;
|
|
4097
4151
|
lastName: string | null;
|
|
4098
4152
|
avatarUrl: string | null;
|
|
@@ -4105,7 +4159,6 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4105
4159
|
location: string | null;
|
|
4106
4160
|
company: string | null;
|
|
4107
4161
|
jobTitle: string | null;
|
|
4108
|
-
metadata: Record<string, any> | null;
|
|
4109
4162
|
}>;
|
|
4110
4163
|
/**
|
|
4111
4164
|
* 프로필 삭제 (by User ID)
|
|
@@ -4116,6 +4169,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4116
4169
|
displayName: string;
|
|
4117
4170
|
createdAt: Date;
|
|
4118
4171
|
updatedAt: Date;
|
|
4172
|
+
metadata: Record<string, any> | null;
|
|
4119
4173
|
firstName: string | null;
|
|
4120
4174
|
lastName: string | null;
|
|
4121
4175
|
avatarUrl: string | null;
|
|
@@ -4128,7 +4182,32 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4128
4182
|
location: string | null;
|
|
4129
4183
|
company: string | null;
|
|
4130
4184
|
jobTitle: string | null;
|
|
4185
|
+
}>;
|
|
4186
|
+
/**
|
|
4187
|
+
* 프로필 Upsert (by User ID)
|
|
4188
|
+
*
|
|
4189
|
+
* 프로필이 없으면 생성, 있으면 업데이트
|
|
4190
|
+
* 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
|
|
4191
|
+
*/
|
|
4192
|
+
upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
|
|
4193
|
+
userId: number;
|
|
4194
|
+
id: number;
|
|
4195
|
+
displayName: string;
|
|
4196
|
+
createdAt: Date;
|
|
4197
|
+
updatedAt: Date;
|
|
4131
4198
|
metadata: Record<string, any> | null;
|
|
4199
|
+
firstName: string | null;
|
|
4200
|
+
lastName: string | null;
|
|
4201
|
+
avatarUrl: string | null;
|
|
4202
|
+
bio: string | null;
|
|
4203
|
+
locale: string | null;
|
|
4204
|
+
timezone: string | null;
|
|
4205
|
+
dateOfBirth: string | null;
|
|
4206
|
+
gender: string | null;
|
|
4207
|
+
website: string | null;
|
|
4208
|
+
location: string | null;
|
|
4209
|
+
company: string | null;
|
|
4210
|
+
jobTitle: string | null;
|
|
4132
4211
|
}>;
|
|
4133
4212
|
/**
|
|
4134
4213
|
* User ID로 프로필 데이터 조회 (formatted)
|
|
@@ -4148,6 +4227,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4148
4227
|
location: string | null;
|
|
4149
4228
|
company: string | null;
|
|
4150
4229
|
jobTitle: string | null;
|
|
4230
|
+
metadata: Record<string, any> | null;
|
|
4151
4231
|
createdAt: Date;
|
|
4152
4232
|
updatedAt: Date;
|
|
4153
4233
|
} | null>;
|
|
@@ -4255,15 +4335,15 @@ declare class InvitationsRepository extends BaseRepository {
|
|
|
4255
4335
|
*/
|
|
4256
4336
|
create(data: NewInvitation): Promise<{
|
|
4257
4337
|
email: string;
|
|
4258
|
-
status: "pending" | "accepted" | "expired" | "cancelled";
|
|
4259
4338
|
id: number;
|
|
4339
|
+
roleId: number;
|
|
4260
4340
|
createdAt: Date;
|
|
4261
4341
|
updatedAt: Date;
|
|
4262
|
-
|
|
4342
|
+
status: "pending" | "accepted" | "expired" | "cancelled";
|
|
4263
4343
|
metadata: Record<string, any> | null;
|
|
4264
|
-
expiresAt: Date;
|
|
4265
4344
|
token: string;
|
|
4266
4345
|
invitedBy: number;
|
|
4346
|
+
expiresAt: Date;
|
|
4267
4347
|
acceptedAt: Date | null;
|
|
4268
4348
|
cancelledAt: Date | null;
|
|
4269
4349
|
}>;
|
|
@@ -4289,15 +4369,15 @@ declare class InvitationsRepository extends BaseRepository {
|
|
|
4289
4369
|
*/
|
|
4290
4370
|
deleteById(id: number): Promise<{
|
|
4291
4371
|
email: string;
|
|
4292
|
-
status: "pending" | "accepted" | "expired" | "cancelled";
|
|
4293
4372
|
id: number;
|
|
4373
|
+
roleId: number;
|
|
4294
4374
|
createdAt: Date;
|
|
4295
4375
|
updatedAt: Date;
|
|
4296
|
-
|
|
4376
|
+
status: "pending" | "accepted" | "expired" | "cancelled";
|
|
4297
4377
|
metadata: Record<string, any> | null;
|
|
4298
|
-
expiresAt: Date;
|
|
4299
4378
|
token: string;
|
|
4300
4379
|
invitedBy: number;
|
|
4380
|
+
expiresAt: Date;
|
|
4301
4381
|
acceptedAt: Date | null;
|
|
4302
4382
|
cancelledAt: Date | null;
|
|
4303
4383
|
}>;
|
|
@@ -4715,6 +4795,57 @@ declare const requireAnyPermission: _spfn_core_route.NamedMiddlewareFactory<"any
|
|
|
4715
4795
|
*/
|
|
4716
4796
|
declare const requireRole: _spfn_core_route.NamedMiddlewareFactory<"role", string[]>;
|
|
4717
4797
|
|
|
4798
|
+
/**
|
|
4799
|
+
* @spfn/auth - Role Guard Middleware
|
|
4800
|
+
*
|
|
4801
|
+
* Middleware for role-based access control with allow/deny options
|
|
4802
|
+
*/
|
|
4803
|
+
/**
|
|
4804
|
+
* Role guard options
|
|
4805
|
+
*/
|
|
4806
|
+
interface RoleGuardOptions {
|
|
4807
|
+
/**
|
|
4808
|
+
* Roles to allow (OR condition)
|
|
4809
|
+
* User must have at least one of these roles
|
|
4810
|
+
*/
|
|
4811
|
+
allow?: string[];
|
|
4812
|
+
/**
|
|
4813
|
+
* Roles to deny
|
|
4814
|
+
* User with any of these roles will be rejected
|
|
4815
|
+
*/
|
|
4816
|
+
deny?: string[];
|
|
4817
|
+
}
|
|
4818
|
+
/**
|
|
4819
|
+
* Role-based access control middleware
|
|
4820
|
+
*
|
|
4821
|
+
* Must be used after authenticate middleware
|
|
4822
|
+
*
|
|
4823
|
+
* @param options - Role guard options (allow/deny)
|
|
4824
|
+
* @returns Middleware function
|
|
4825
|
+
*
|
|
4826
|
+
* @example Allow specific roles
|
|
4827
|
+
* ```typescript
|
|
4828
|
+
* export const adminRoute = route.get('/admin')
|
|
4829
|
+
* .use([authenticate, roleGuard({ allow: ['admin', 'superadmin'] })])
|
|
4830
|
+
* .handler(async (c) => { ... });
|
|
4831
|
+
* ```
|
|
4832
|
+
*
|
|
4833
|
+
* @example Deny specific roles
|
|
4834
|
+
* ```typescript
|
|
4835
|
+
* export const publicRoute = route.get('/content')
|
|
4836
|
+
* .use([authenticate, roleGuard({ deny: ['banned', 'suspended'] })])
|
|
4837
|
+
* .handler(async (c) => { ... });
|
|
4838
|
+
* ```
|
|
4839
|
+
*
|
|
4840
|
+
* @example Combined allow and deny
|
|
4841
|
+
* ```typescript
|
|
4842
|
+
* export const managerRoute = route.get('/manage')
|
|
4843
|
+
* .use([authenticate, roleGuard({ allow: ['admin', 'manager'], deny: ['suspended'] })])
|
|
4844
|
+
* .handler(async (c) => { ... });
|
|
4845
|
+
* ```
|
|
4846
|
+
*/
|
|
4847
|
+
declare const roleGuard: _spfn_core_route.NamedMiddlewareFactory<"roleGuard", [options: RoleGuardOptions]>;
|
|
4848
|
+
|
|
4718
4849
|
/**
|
|
4719
4850
|
* Auth Context Helpers
|
|
4720
4851
|
*
|
|
@@ -4757,13 +4888,13 @@ declare function getUser(c: Context | {
|
|
|
4757
4888
|
}): {
|
|
4758
4889
|
email: string | null;
|
|
4759
4890
|
phone: string | null;
|
|
4760
|
-
status: "active" | "inactive" | "suspended";
|
|
4761
4891
|
id: number;
|
|
4762
|
-
createdAt: Date;
|
|
4763
|
-
updatedAt: Date;
|
|
4764
4892
|
passwordHash: string | null;
|
|
4765
4893
|
passwordChangeRequired: boolean;
|
|
4766
4894
|
roleId: number;
|
|
4895
|
+
createdAt: Date;
|
|
4896
|
+
updatedAt: Date;
|
|
4897
|
+
status: "active" | "inactive" | "suspended";
|
|
4767
4898
|
emailVerifiedAt: Date | null;
|
|
4768
4899
|
phoneVerifiedAt: Date | null;
|
|
4769
4900
|
lastLoginAt: Date | null;
|
|
@@ -5068,4 +5199,4 @@ interface AuthLifecycleConfig {
|
|
|
5068
5199
|
*/
|
|
5069
5200
|
declare function createAuthLifecycle(options?: AuthInitOptions): AuthLifecycleConfig;
|
|
5070
5201
|
|
|
5071
|
-
export { type AuthConfig, AuthContext, COOKIE_NAMES, type EmailProvider, type EmailTemplateProvider, type EmailTemplateResult, type Invitation, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RolePermission, RolePermissionsRepository, RolesRepository, type SMSProvider, type SendEmailParams, type SendEmailResult, type SendSMSParams, type SendSMSResult, type SessionData, type SessionPayload, type TokenPayload, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, type VerificationCodeParams, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authSchema, cancelInvitation, configureAuth, createAuthLifecycle, createInvitation, createRole, decodeToken, deleteInvitation, deleteRole, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getInvitationByToken, getInvitationTemplate, getInvitationWithDetails, getKeyId, getKeySize, getPasswordResetTemplate, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getVerificationCodeTemplate, getWelcomeTemplate, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationsRepository, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, registerEmailProvider, registerEmailTemplates, registerSMSProvider, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, sendEmail, sendSMS, setRolePermissions, shouldRefreshSession, shouldRotateKey, unsealSession, updateLastLoginService, updateRole, updateUserService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyPassword, verifyToken };
|
|
5202
|
+
export { type AuthConfig, AuthContext, COOKIE_NAMES, type EmailProvider, type EmailTemplateProvider, type EmailTemplateResult, type Invitation, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SMSProvider, type SendEmailParams, type SendEmailResult, type SendSMSParams, type SendSMSResult, type SessionData, type SessionPayload, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, type VerificationCodeParams, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authSchema, cancelInvitation, configureAuth, createAuthLifecycle, createInvitation, createRole, decodeToken, deleteInvitation, deleteRole, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getInvitationByToken, getInvitationTemplate, getInvitationWithDetails, getKeyId, getKeySize, getPasswordResetTemplate, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, getVerificationCodeTemplate, getWelcomeTemplate, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationsRepository, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, registerEmailProvider, registerEmailTemplates, registerSMSProvider, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, sendEmail, sendSMS, setRolePermissions, shouldRefreshSession, shouldRotateKey, unsealSession, updateLastLoginService, updateRole, updateUserProfileService, updateUserService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyPassword, verifyToken };
|