@spfn/auth 0.2.0-beta.1 → 0.2.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (20) hide show
  1. package/README.md +169 -168
  2. package/dist/{dto-81uR9gzF.d.ts → authenticate-CU6_zQaa.d.ts} +184 -169
  3. package/dist/config.d.ts +4 -0
  4. package/dist/config.js +4 -0
  5. package/dist/config.js.map +1 -1
  6. package/dist/index.d.ts +146 -119
  7. package/dist/index.js +24 -1
  8. package/dist/index.js.map +1 -1
  9. package/dist/nextjs/api.js +1 -1
  10. package/dist/nextjs/api.js.map +1 -1
  11. package/dist/nextjs/server.js +0 -2
  12. package/dist/nextjs/server.js.map +1 -1
  13. package/dist/server.d.ts +171 -403
  14. package/dist/server.js +217 -461
  15. package/dist/server.js.map +1 -1
  16. package/migrations/0000_premium_famine.sql +292 -0
  17. package/migrations/meta/0000_snapshot.json +1 -1
  18. package/migrations/meta/_journal.json +2 -2
  19. package/package.json +8 -11
  20. package/migrations/0000_mysterious_colossus.sql +0 -197
package/dist/index.d.ts CHANGED
@@ -1,10 +1,38 @@
1
1
  import * as _spfn_core_nextjs from '@spfn/core/nextjs';
2
- import { R as RoleConfig, P as PermissionConfig, U as UserProfile, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, m as mainAuthRouter } from './dto-81uR9gzF.js';
3
- export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, c as ProfileInfo, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './dto-81uR9gzF.js';
2
+ import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-CU6_zQaa.js';
3
+ export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-CU6_zQaa.js';
4
4
  import * as _spfn_core_route from '@spfn/core/route';
5
+ import { HttpMethod } from '@spfn/core/route';
5
6
  import * as _sinclair_typebox from '@sinclair/typebox';
6
7
  import '@spfn/auth/server';
7
8
 
9
+ /**
10
+ * Email regex pattern (RFC 5322 compliant)
11
+ * Validates: local-part@domain.tld
12
+ * - Local part: alphanumeric, dots, hyphens, underscores
13
+ * - Domain: alphanumeric, hyphens, dots
14
+ * - TLD: minimum 2 characters
15
+ */
16
+ declare const EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
17
+ /**
18
+ * Phone regex pattern (E.164 format)
19
+ * Format: +[country code][number] (1-15 digits total)
20
+ */
21
+ declare const PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
22
+ /**
23
+ * SHA-256 fingerprint pattern (64 hex characters)
24
+ */
25
+ declare const FINGERPRINT_PATTERN = "^[a-f0-9]{64}$";
26
+ /**
27
+ * UUID v4 pattern (8-4-4-4-12 format)
28
+ */
29
+ declare const UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
30
+ /**
31
+ * Base64 pattern (DER encoded keys)
32
+ * Matches standard Base64 with padding
33
+ */
34
+ declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
35
+
8
36
  /**
9
37
  * @spfn/auth - Built-in Roles and Permissions
10
38
  *
@@ -31,31 +59,16 @@ type BuiltinRoleName = keyof typeof BUILTIN_ROLE_PERMISSIONS;
31
59
  type BuiltinPermissionName = typeof BUILTIN_PERMISSIONS[keyof typeof BUILTIN_PERMISSIONS]['name'];
32
60
 
33
61
  /**
34
- * Email regex pattern (RFC 5322 compliant)
35
- * Validates: local-part@domain.tld
36
- * - Local part: alphanumeric, dots, hyphens, underscores
37
- * - Domain: alphanumeric, hyphens, dots
38
- * - TLD: minimum 2 characters
39
- */
40
- declare const EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
41
- /**
42
- * Phone regex pattern (E.164 format)
43
- * Format: +[country code][number] (1-15 digits total)
44
- */
45
- declare const PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
46
- /**
47
- * SHA-256 fingerprint pattern (64 hex characters)
48
- */
49
- declare const FINGERPRINT_PATTERN = "^[a-f0-9]{64}$";
50
- /**
51
- * UUID v4 pattern (8-4-4-4-12 format)
52
- */
53
- declare const UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
54
- /**
55
- * Base64 pattern (DER encoded keys)
56
- * Matches standard Base64 with padding
62
+ * Route Map (Auto-generated)
63
+ *
64
+ * DO NOT EDIT - This file is generated by @spfn/core:route-map generator
57
65
  */
58
- declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
66
+
67
+ interface RouteInfo {
68
+ method: HttpMethod;
69
+ path: string;
70
+ }
71
+ declare const routeMap: Record<string, RouteInfo>;
59
72
 
60
73
  /**
61
74
  * Type-safe API client for auth routes
@@ -74,7 +87,94 @@ declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
74
87
  * ```
75
88
  */
76
89
  declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
77
- getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
90
+ checkAccountExists: _spfn_core_route.RouteDef<{
91
+ body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
92
+ email: _sinclair_typebox.TString;
93
+ }>, _sinclair_typebox.TObject<{
94
+ phone: _sinclair_typebox.TString;
95
+ }>]>;
96
+ }, {}, CheckAccountExistsResult>;
97
+ sendVerificationCode: _spfn_core_route.RouteDef<{
98
+ body: _sinclair_typebox.TObject<{
99
+ target: _sinclair_typebox.TString;
100
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
101
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
102
+ }>;
103
+ }, {}, SendVerificationCodeResult>;
104
+ verifyCode: _spfn_core_route.RouteDef<{
105
+ body: _sinclair_typebox.TObject<{
106
+ target: _sinclair_typebox.TString;
107
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
108
+ code: _sinclair_typebox.TString;
109
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
110
+ }>;
111
+ }, {}, {
112
+ valid: boolean;
113
+ verificationToken: string;
114
+ }>;
115
+ register: _spfn_core_route.RouteDef<{
116
+ body: _sinclair_typebox.TObject<{
117
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
118
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
119
+ verificationToken: _sinclair_typebox.TString;
120
+ password: _sinclair_typebox.TString;
121
+ }>;
122
+ }, {
123
+ body: _sinclair_typebox.TObject<{
124
+ publicKey: _sinclair_typebox.TString;
125
+ keyId: _sinclair_typebox.TString;
126
+ fingerprint: _sinclair_typebox.TString;
127
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
128
+ }>;
129
+ }, RegisterResult>;
130
+ login: _spfn_core_route.RouteDef<{
131
+ body: _sinclair_typebox.TObject<{
132
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
133
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
134
+ password: _sinclair_typebox.TString;
135
+ }>;
136
+ }, {
137
+ body: _sinclair_typebox.TObject<{
138
+ publicKey: _sinclair_typebox.TString;
139
+ keyId: _sinclair_typebox.TString;
140
+ fingerprint: _sinclair_typebox.TString;
141
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
142
+ oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
143
+ }>;
144
+ }, LoginResult>;
145
+ logout: _spfn_core_route.RouteDef<{}, {}, void>;
146
+ rotateKey: _spfn_core_route.RouteDef<{}, {
147
+ body: _sinclair_typebox.TObject<{
148
+ publicKey: _sinclair_typebox.TString;
149
+ keyId: _sinclair_typebox.TString;
150
+ fingerprint: _sinclair_typebox.TString;
151
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
152
+ }>;
153
+ }, RotateKeyResult>;
154
+ changePassword: _spfn_core_route.RouteDef<{
155
+ body: _sinclair_typebox.TObject<{
156
+ currentPassword: _sinclair_typebox.TString;
157
+ newPassword: _sinclair_typebox.TString;
158
+ }>;
159
+ }, {}, void>;
160
+ getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
161
+ role: {
162
+ id: number;
163
+ name: string;
164
+ displayName: string;
165
+ priority: number;
166
+ };
167
+ permissions: {
168
+ id: number;
169
+ name: string;
170
+ displayName: string;
171
+ category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
172
+ }[];
173
+ userId: number;
174
+ email: string | null;
175
+ emailVerified: boolean;
176
+ phoneVerified: boolean;
177
+ }>;
78
178
  getInvitation: _spfn_core_route.RouteDef<{
79
179
  params: _sinclair_typebox.TObject<{
80
180
  token: _sinclair_typebox.TString;
@@ -174,100 +274,27 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
174
274
  body: _sinclair_typebox.TObject<{
175
275
  id: _sinclair_typebox.TNumber;
176
276
  }>;
177
- }, {}, Response>;
178
- checkAccountExists: _spfn_core_route.RouteDef<{
179
- body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
180
- email: _sinclair_typebox.TString;
181
- }>, _sinclair_typebox.TObject<{
182
- phone: _sinclair_typebox.TString;
183
- }>]>;
184
- }, {}, CheckAccountExistsResult>;
185
- sendVerificationCode: _spfn_core_route.RouteDef<{
186
- body: _sinclair_typebox.TObject<{
187
- target: _sinclair_typebox.TString;
188
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
189
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
190
- }>;
191
- }, {}, SendVerificationCodeResult>;
192
- verifyCode: _spfn_core_route.RouteDef<{
193
- body: _sinclair_typebox.TObject<{
194
- target: _sinclair_typebox.TString;
195
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
196
- code: _sinclair_typebox.TString;
197
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
198
- }>;
199
- }, {}, {
200
- valid: boolean;
201
- verificationToken: string;
202
- }>;
203
- register: _spfn_core_route.RouteDef<{
204
- body: _sinclair_typebox.TObject<{
205
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
206
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
207
- verificationToken: _sinclair_typebox.TString;
208
- password: _sinclair_typebox.TString;
209
- }>;
210
- }, {
211
- body: _sinclair_typebox.TObject<{
212
- publicKey: _sinclair_typebox.TString;
213
- keyId: _sinclair_typebox.TString;
214
- fingerprint: _sinclair_typebox.TString;
215
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
216
- }>;
217
- }, RegisterResult>;
218
- login: _spfn_core_route.RouteDef<{
219
- body: _sinclair_typebox.TObject<{
220
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
221
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
222
- password: _sinclair_typebox.TString;
223
- }>;
224
- }, {
225
- body: _sinclair_typebox.TObject<{
226
- publicKey: _sinclair_typebox.TString;
227
- keyId: _sinclair_typebox.TString;
228
- fingerprint: _sinclair_typebox.TString;
229
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
230
- oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
231
- }>;
232
- }, LoginResult>;
233
- logout: _spfn_core_route.RouteDef<{
234
- body: _sinclair_typebox.TObject<{}>;
235
- }, {}, Response>;
236
- rotateKey: _spfn_core_route.RouteDef<{
237
- body: _sinclair_typebox.TObject<{}>;
238
- }, {
239
- body: _sinclair_typebox.TObject<{
240
- publicKey: _sinclair_typebox.TString;
241
- keyId: _sinclair_typebox.TString;
242
- fingerprint: _sinclair_typebox.TString;
243
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
244
- }>;
245
- }, RotateKeyResult>;
246
- changePassword: _spfn_core_route.RouteDef<{
277
+ }, {}, void>;
278
+ getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
279
+ updateUserProfile: _spfn_core_route.RouteDef<{
247
280
  body: _sinclair_typebox.TObject<{
248
- currentPassword: _sinclair_typebox.TString;
249
- newPassword: _sinclair_typebox.TString;
281
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
282
+ firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
283
+ lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
284
+ avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
285
+ bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
286
+ locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
287
+ timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
288
+ dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
289
+ gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
290
+ website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
291
+ location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
292
+ company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
293
+ jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
294
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
250
295
  }>;
251
- }, {}, Response>;
252
- getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
253
- role: {
254
- id: number;
255
- name: string;
256
- displayName: string;
257
- priority: number;
258
- };
259
- permissions: {
260
- id: number;
261
- name: string;
262
- displayName: string;
263
- category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
264
- }[];
265
- userId: number;
266
- email: string | null;
267
- emailVerified: boolean;
268
- phoneVerified: boolean;
269
- }>;
296
+ }, {}, ProfileInfo>;
270
297
  }>>;
271
298
  type AuthRouter = typeof mainAuthRouter;
272
299
 
273
- export { type AuthRouter, BASE64_PATTERN, BUILTIN_PERMISSIONS, BUILTIN_ROLES, BUILTIN_ROLE_PERMISSIONS, type BuiltinPermissionName, type BuiltinRoleName, EMAIL_PATTERN, FINGERPRINT_PATTERN, PHONE_PATTERN, PermissionConfig, RoleConfig, UUID_PATTERN, UserProfile, authApi };
300
+ export { type AuthRouter, BASE64_PATTERN, BUILTIN_PERMISSIONS, BUILTIN_ROLES, BUILTIN_ROLE_PERMISSIONS, type BuiltinPermissionName, type BuiltinRoleName, EMAIL_PATTERN, FINGERPRINT_PATTERN, PHONE_PATTERN, PermissionConfig, ProfileInfo, RoleConfig, UUID_PATTERN, UserProfile, authApi, routeMap as authRouteMap };
package/dist/index.js CHANGED
@@ -141,6 +141,28 @@ authErrorRegistry.append([
141
141
  InsufficientRoleError
142
142
  ]);
143
143
 
144
+ // src/generated/route-map.ts
145
+ var routeMap = {
146
+ checkAccountExists: { method: "POST", path: "/_auth/exists" },
147
+ sendVerificationCode: { method: "POST", path: "/_auth/codes" },
148
+ verifyCode: { method: "POST", path: "/_auth/codes/verify" },
149
+ register: { method: "POST", path: "/_auth/register" },
150
+ login: { method: "POST", path: "/_auth/login" },
151
+ logout: { method: "POST", path: "/_auth/logout" },
152
+ rotateKey: { method: "POST", path: "/_auth/keys/rotate" },
153
+ changePassword: { method: "PUT", path: "/_auth/password" },
154
+ getAuthSession: { method: "GET", path: "/_auth/session" },
155
+ getInvitation: { method: "GET", path: "/_auth/invitations/:token" },
156
+ acceptInvitation: { method: "POST", path: "/_auth/invitations/accept" },
157
+ createInvitation: { method: "POST", path: "/_auth/invitations" },
158
+ listInvitations: { method: "GET", path: "/_auth/invitations" },
159
+ cancelInvitation: { method: "POST", path: "/_auth/invitations/cancel" },
160
+ resendInvitation: { method: "POST", path: "/_auth/invitations/resend" },
161
+ deleteInvitation: { method: "POST", path: "/_auth/invitations/delete" },
162
+ getUserProfile: { method: "GET", path: "/_auth/users/profile" },
163
+ updateUserProfile: { method: "PATCH", path: "/_auth/users/profile" }
164
+ };
165
+
144
166
  // src/lib/types.ts
145
167
  var EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
146
168
  var PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
@@ -2941,6 +2963,7 @@ export {
2941
2963
  UUID_PATTERN,
2942
2964
  VERIFICATION_PURPOSES,
2943
2965
  VERIFICATION_TARGET_TYPES,
2944
- authApi
2966
+ authApi,
2967
+ routeMap as authRouteMap
2945
2968
  };
2946
2969
  //# sourceMappingURL=index.js.map