npm - @spfn/auth - Versions diffs - 0.2.0-beta.1 → 0.2.0-beta.10 - Mend

@spfn/auth 0.2.0-beta.1 → 0.2.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/config.d.ts +4 -0
package/dist/config.js +4 -0
package/dist/config.js.map +1 -1
package/dist/{dto-81uR9gzF.d.ts → dto-CRlgoCP5.d.ts} +25 -10
package/dist/index.d.ts +26 -12
package/dist/nextjs/api.js +1 -1
package/dist/nextjs/api.js.map +1 -1
package/dist/nextjs/server.js +0 -1
package/dist/nextjs/server.js.map +1 -1
package/dist/server.d.ts +180 -49
package/dist/server.js +264 -91
package/dist/server.js.map +1 -1
package/migrations/0000_premium_famine.sql +292 -0
package/migrations/meta/0000_snapshot.json +1 -1
package/migrations/meta/_journal.json +2 -2
package/package.json +11 -7
package/migrations/0000_mysterious_colossus.sql +0 -197

package/dist/server.js CHANGED Viewed

@@ -6132,6 +6132,23 @@ var init_user_profiles_repository = __esm({
         const result = await this.db.delete(userProfiles).where(eq8(userProfiles.userId, userId)).returning();
         return result[0] ?? null;
       }
+      /**
+       * 프로필 Upsert (by User ID)
+       *
+       * 프로필이 없으면 생성, 있으면 업데이트
+       * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
+       */
+      async upsertByUserId(userId, data) {
+        const existing = await this.findByUserId(userId);
+        if (existing) {
+          return await this.updateByUserId(userId, data);
+        }
+        return await this.create({
+          userId,
+          displayName: data.displayName || "User",
+          ...data
+        });
+      }
       /**
        * User ID로 프로필 데이터 조회 (formatted)
        *
@@ -6151,6 +6168,7 @@ var init_user_profiles_repository = __esm({
           location: userProfiles.location,
           company: userProfiles.company,
           jobTitle: userProfiles.jobTitle,
+          metadata: userProfiles.metadata,
           createdAt: userProfiles.createdAt,
           updatedAt: userProfiles.updatedAt
         }).from(userProfiles).where(eq8(userProfiles.userId, userId)).limit(1).then((rows) => rows[0] ?? null);
@@ -6170,6 +6188,7 @@ var init_user_profiles_repository = __esm({
           location: profile.location,
           company: profile.company,
           jobTitle: profile.jobTitle,
+          metadata: profile.metadata,
           createdAt: profile.createdAt,
           updatedAt: profile.updatedAt
         };
@@ -6856,100 +6875,115 @@ function isValidEmail(email) {
   return emailRegex.test(email);
 }
 function createAWSSESProvider() {
-  try {
-    const { SESClient, SendEmailCommand } = __require("@aws-sdk/client-ses");
-    return {
-      name: "aws-ses",
-      sendEmail: async (params) => {
-        const { to, subject, text: text10, html, purpose } = params;
-        if (!isValidEmail(to)) {
-          return {
-            success: false,
-            error: "Invalid email address format"
+  return {
+    name: "aws-ses",
+    sendEmail: async (params) => {
+      const { to, subject, text: text10, html, purpose } = params;
+      if (!isValidEmail(to)) {
+        return {
+          success: false,
+          error: "Invalid email address format"
+        };
+      }
+      if (!env4.SPFN_AUTH_AWS_SES_ACCESS_KEY_ID) {
+        authLogger.email.warn("AWS SES credentials not configured", {
+          hint: "Set SPFN_AUTH_AWS_SES_ACCESS_KEY_ID environment variable"
+        });
+        return {
+          success: false,
+          error: "AWS SES credentials not configured. Set SPFN_AUTH_AWS_SES_ACCESS_KEY_ID environment variable."
+        };
+      }
+      if (!env4.SPFN_AUTH_AWS_SES_FROM_EMAIL) {
+        authLogger.email.warn("AWS SES sender email not configured", {
+          hint: "Set SPFN_AUTH_AWS_SES_FROM_EMAIL environment variable"
+        });
+        return {
+          success: false,
+          error: "AWS SES sender email not configured. Set SPFN_AUTH_AWS_SES_FROM_EMAIL environment variable."
+        };
+      }
+      let SESClient;
+      let SendEmailCommand;
+      try {
+        const ses = await import("@aws-sdk/client-ses");
+        SESClient = ses.SESClient;
+        SendEmailCommand = ses.SendEmailCommand;
+      } catch (error) {
+        authLogger.email.warn("@aws-sdk/client-ses not installed", {
+          error: error instanceof Error ? error.message : String(error),
+          hint: "Run: pnpm add @aws-sdk/client-ses"
+        });
+        return {
+          success: false,
+          error: "@aws-sdk/client-ses not installed. Run: pnpm add @aws-sdk/client-ses"
+        };
+      }
+      try {
+        const config = {
+          region: env4.SPFN_AUTH_AWS_REGION || "ap-northeast-2"
+        };
+        if (env4.SPFN_AUTH_AWS_SES_ACCESS_KEY_ID && env4.SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY) {
+          config.credentials = {
+            accessKeyId: env4.SPFN_AUTH_AWS_SES_ACCESS_KEY_ID,
+            secretAccessKey: env4.SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY
           };
         }
-        if (!env4.SPFN_AUTH_AWS_SES_ACCESS_KEY_ID) {
-          return {
-            success: false,
-            error: "AWS SES credentials not configured. Set SPFN_AUTH_AWS_SES_ACCESS_KEY_ID environment variable."
+        const client = new SESClient(config);
+        const body = {};
+        if (text10) {
+          body.Text = {
+            Charset: "UTF-8",
+            Data: text10
           };
         }
-        if (!env4.SPFN_AUTH_AWS_SES_FROM_EMAIL) {
-          return {
-            success: false,
-            error: "AWS SES sender email not configured. Set SPFN_AUTH_AWS_SES_FROM_EMAIL environment variable."
+        if (html) {
+          body.Html = {
+            Charset: "UTF-8",
+            Data: html
           };
         }
-        try {
-          const config = {
-            region: env4.SPFN_AUTH_AWS_REGION || "ap-northeast-2"
-          };
-          if (env4.SPFN_AUTH_AWS_SES_ACCESS_KEY_ID && env4.SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY) {
-            config.credentials = {
-              accessKeyId: env4.SPFN_AUTH_AWS_SES_ACCESS_KEY_ID,
-              secretAccessKey: env4.SPFN_AUTH_AWS_SES_SECRET_ACCESS_KEY
-            };
-          }
-          const client = new SESClient(config);
-          const body = {};
-          if (text10) {
-            body.Text = {
-              Charset: "UTF-8",
-              Data: text10
-            };
-          }
-          if (html) {
-            body.Html = {
+        const command = new SendEmailCommand({
+          Source: env4.SPFN_AUTH_AWS_SES_FROM_EMAIL,
+          Destination: {
+            ToAddresses: [to]
+          },
+          Message: {
+            Subject: {
               Charset: "UTF-8",
-              Data: html
-            };
-          }
-          const command = new SendEmailCommand({
-            Source: env4.SPFN_AUTH_AWS_SES_FROM_EMAIL,
-            Destination: {
-              ToAddresses: [to]
+              Data: subject
             },
-            Message: {
-              Subject: {
-                Charset: "UTF-8",
-                Data: subject
-              },
-              Body: body
-            }
-          });
-          const response = await client.send(command);
-          authLogger.email.info("Email sent via AWS SES", {
-            to,
-            messageId: response.MessageId,
-            purpose: purpose || "N/A"
-          });
-          return {
-            success: true,
-            messageId: response.MessageId
-          };
-        } catch (error) {
-          const err = error;
-          authLogger.email.error("Failed to send email via AWS SES", {
-            to,
-            error: err.message
-          });
-          return {
-            success: false,
-            error: err.message || "Failed to send email via AWS SES"
-          };
-        }
+            Body: body
+          }
+        });
+        const response = await client.send(command);
+        authLogger.email.info("Email sent via AWS SES", {
+          to,
+          messageId: response.MessageId,
+          purpose: purpose || "N/A"
+        });
+        return {
+          success: true,
+          messageId: response.MessageId
+        };
+      } catch (error) {
+        const err = error;
+        authLogger.email.error("Failed to send email via AWS SES", {
+          to,
+          error: err.message
+        });
+        return {
+          success: false,
+          error: err.message || "Failed to send email via AWS SES"
+        };
       }
-    };
-  } catch (error) {
-    return null;
-  }
+    }
+  };
 }
 var awsSESProvider = createAWSSESProvider();
 // src/server/services/email/index.ts
-if (awsSESProvider) {
-  registerEmailProvider(awsSESProvider);
-}
+registerEmailProvider(awsSESProvider);
 // src/server/services/email/templates/verification-code.ts
 function getSubject(purpose) {
@@ -7673,14 +7707,18 @@ async function hasAllPermissions(userId, permissionNames) {
   const perms = await getUserPermissions(userId);
   return permissionNames.every((p) => perms.includes(p));
 }
-async function hasRole(userId, roleName) {
+async function getUserRole(userId) {
   const userIdNum = typeof userId === "string" ? Number(userId) : Number(userId);
   const user = await usersRepository.findById(userIdNum);
   if (!user || !user.roleId) {
-    return false;
+    return null;
   }
   const role = await rolesRepository.findById(user.roleId);
-  return role?.name === roleName;
+  return role?.name || null;
+}
+async function hasRole(userId, roleName) {
+  const role = await getUserRole(userId);
+  return role === roleName;
 }
 async function hasAnyRole(userId, roleNames) {
   for (const roleName of roleNames) {
@@ -7887,6 +7925,65 @@ async function getUserProfileService(userId) {
     profile
   };
 }
+function emptyToNull(value) {
+  if (value === "") {
+    return null;
+  }
+  return value;
+}
+async function updateUserProfileService(userId, params) {
+  const userIdNum = typeof userId === "string" ? Number(userId) : Number(userId);
+  const updateData = {};
+  if (params.displayName !== void 0) {
+    updateData.displayName = emptyToNull(params.displayName) || "User";
+  }
+  if (params.firstName !== void 0) {
+    updateData.firstName = emptyToNull(params.firstName);
+  }
+  if (params.lastName !== void 0) {
+    updateData.lastName = emptyToNull(params.lastName);
+  }
+  if (params.avatarUrl !== void 0) {
+    updateData.avatarUrl = emptyToNull(params.avatarUrl);
+  }
+  if (params.bio !== void 0) {
+    updateData.bio = emptyToNull(params.bio);
+  }
+  if (params.locale !== void 0) {
+    updateData.locale = emptyToNull(params.locale) || "en";
+  }
+  if (params.timezone !== void 0) {
+    updateData.timezone = emptyToNull(params.timezone) || "UTC";
+  }
+  if (params.dateOfBirth !== void 0) {
+    updateData.dateOfBirth = emptyToNull(params.dateOfBirth);
+  }
+  if (params.gender !== void 0) {
+    updateData.gender = emptyToNull(params.gender);
+  }
+  if (params.website !== void 0) {
+    updateData.website = emptyToNull(params.website);
+  }
+  if (params.location !== void 0) {
+    updateData.location = emptyToNull(params.location);
+  }
+  if (params.company !== void 0) {
+    updateData.company = emptyToNull(params.company);
+  }
+  if (params.jobTitle !== void 0) {
+    updateData.jobTitle = emptyToNull(params.jobTitle);
+  }
+  if (params.metadata !== void 0) {
+    updateData.metadata = params.metadata;
+  }
+  const existing = await userProfilesRepository.findByUserId(userIdNum);
+  if (!existing && !updateData.displayName) {
+    updateData.displayName = "User";
+  }
+  await userProfilesRepository.upsertByUserId(userIdNum, updateData);
+  const profile = await userProfilesRepository.fetchProfileData(userIdNum);
+  return profile;
+}
 // src/server/routes/auth/index.ts
 init_esm();
@@ -7980,9 +8077,7 @@ var login = route.post("/_auth/login").input({
   const { body } = await c.data();
   return await loginService(body);
 });
-var logout = route.post("/_auth/logout").input({
-  body: Type.Object({})
-}).handler(async (c) => {
+var logout = route.post("/_auth/logout").handler(async (c) => {
   const auth = getAuth(c);
   if (!auth) {
     return c.noContent();
@@ -7991,9 +8086,7 @@ var logout = route.post("/_auth/logout").input({
   await logoutService({ userId: Number(userId), keyId });
   return c.noContent();
 });
-var rotateKey = route.post("/_auth/keys/rotate").input({
-  body: Type.Object({})
-}).interceptor({
+var rotateKey = route.post("/_auth/keys/rotate").interceptor({
   body: Type.Object({
     publicKey: Type.String({ description: "New public key" }),
     keyId: Type.String({ description: "New key identifier" }),
@@ -8223,6 +8316,59 @@ var requireRole = defineMiddleware3(
   }
 );
+// src/server/middleware/role-guard.ts
+import { defineMiddleware as defineMiddleware4 } from "@spfn/core/route";
+import { getAuth as getAuth4, getUserRole as getUserRole2, authLogger as authLogger5 } from "@spfn/auth/server";
+import { ForbiddenError as ForbiddenError3 } from "@spfn/core/errors";
+import { InsufficientRoleError as InsufficientRoleError2 } from "@spfn/auth/errors";
+var roleGuard = defineMiddleware4(
+  "roleGuard",
+  (options) => async (c, next) => {
+    const { allow, deny } = options;
+    if (!allow && !deny) {
+      throw new Error("roleGuard requires at least one of: allow, deny");
+    }
+    const auth = getAuth4(c);
+    if (!auth) {
+      authLogger5.middleware.warn("Role guard failed: not authenticated", {
+        path: c.req.path
+      });
+      throw new ForbiddenError3({ message: "Authentication required" });
+    }
+    const { userId } = auth;
+    const userRole = await getUserRole2(userId);
+    if (deny && deny.length > 0) {
+      if (userRole && deny.includes(userRole)) {
+        authLogger5.middleware.warn("Role guard denied", {
+          userId,
+          userRole,
+          deniedRoles: deny,
+          path: c.req.path
+        });
+        throw new InsufficientRoleError2({ requiredRoles: allow || [] });
+      }
+    }
+    if (allow && allow.length > 0) {
+      if (!userRole || !allow.includes(userRole)) {
+        authLogger5.middleware.warn("Role guard failed: role not allowed", {
+          userId,
+          userRole,
+          allowedRoles: allow,
+          path: c.req.path
+        });
+        throw new InsufficientRoleError2({ requiredRoles: allow });
+      }
+    }
+    authLogger5.middleware.debug("Role guard passed", {
+      userId,
+      userRole,
+      allow,
+      deny
+    });
+    await next();
+  }
+);
 // src/server/routes/invitations/index.ts
 init_types();
 init_esm();
@@ -8416,13 +8562,37 @@ var invitationRouter = defineRouter2({
 });
 // src/server/routes/users/index.ts
+init_esm();
 import { defineRouter as defineRouter3, route as route3 } from "@spfn/core/route";
 var getUserProfile = route3.get("/_auth/users/profile").handler(async (c) => {
   const { userId } = getAuth(c);
   return await getUserProfileService(userId);
 });
+var updateUserProfile = route3.patch("/_auth/users/profile").input({
+  body: Type.Object({
+    displayName: Type.Optional(Type.String({ description: "Display name shown in UI" })),
+    firstName: Type.Optional(Type.String({ description: "First name" })),
+    lastName: Type.Optional(Type.String({ description: "Last name" })),
+    avatarUrl: Type.Optional(Type.String({ description: "Avatar/profile picture URL" })),
+    bio: Type.Optional(Type.String({ description: "Short bio/description" })),
+    locale: Type.Optional(Type.String({ description: "Locale/language preference (e.g., en, ko)" })),
+    timezone: Type.Optional(Type.String({ description: "Timezone (e.g., Asia/Seoul)" })),
+    dateOfBirth: Type.Optional(Type.String({ description: "Date of birth (YYYY-MM-DD)" })),
+    gender: Type.Optional(Type.String({ description: "Gender" })),
+    website: Type.Optional(Type.String({ description: "Personal or professional website" })),
+    location: Type.Optional(Type.String({ description: "Location (city, country, etc.)" })),
+    company: Type.Optional(Type.String({ description: "Company name" })),
+    jobTitle: Type.Optional(Type.String({ description: "Job title" })),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Any(), { description: "Additional metadata" }))
+  })
+}).handler(async (c) => {
+  const { userId } = getAuth(c);
+  const { body } = await c.data();
+  return await updateUserProfileService(userId, body);
+});
 var userRouter = defineRouter3({
-  getUserProfile
+  getUserProfile,
+  updateUserProfile
 });
 // src/server/routes/index.ts
@@ -8805,6 +8975,7 @@ export {
   getUserId,
   getUserPermissions,
   getUserProfileService,
+  getUserRole,
   getVerificationCodeTemplate,
   getWelcomeTemplate,
   hasAllPermissions,
@@ -8833,6 +9004,7 @@ export {
   requireRole,
   resendInvitation,
   revokeKeyService,
+  roleGuard,
   rolePermissions,
   rolePermissionsRepository,
   roles,
@@ -8848,6 +9020,7 @@ export {
   unsealSession,
   updateLastLoginService,
   updateRole,
+  updateUserProfileService,
   updateUserService,
   userInvitations,
   userPermissions,