npm - @spfn/auth - Versions diffs - 0.2.0-beta.3 → 0.2.0-beta.5 - Mend

@spfn/auth 0.2.0-beta.3 → 0.2.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/config.d.ts +4 -0
package/dist/config.js +4 -0
package/dist/config.js.map +1 -1
package/dist/{dto-CLYtuAom.d.ts → dto-Bb2qFUO6.d.ts} +23 -4
package/dist/index.d.ts +24 -6
package/dist/nextjs/server.js +0 -1
package/dist/nextjs/server.js.map +1 -1
package/dist/server.d.ts +136 -5
package/dist/server.js +166 -4
package/dist/server.js.map +1 -1
package/package.json +5 -5

package/dist/server.js CHANGED Viewed

@@ -6132,6 +6132,23 @@ var init_user_profiles_repository = __esm({
         const result = await this.db.delete(userProfiles).where(eq8(userProfiles.userId, userId)).returning();
         return result[0] ?? null;
       }
+      /**
+       * 프로필 Upsert (by User ID)
+       *
+       * 프로필이 없으면 생성, 있으면 업데이트
+       * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
+       */
+      async upsertByUserId(userId, data) {
+        const existing = await this.findByUserId(userId);
+        if (existing) {
+          return await this.updateByUserId(userId, data);
+        }
+        return await this.create({
+          userId,
+          displayName: data.displayName || "User",
+          ...data
+        });
+      }
       /**
        * User ID로 프로필 데이터 조회 (formatted)
        *
@@ -6151,6 +6168,7 @@ var init_user_profiles_repository = __esm({
           location: userProfiles.location,
           company: userProfiles.company,
           jobTitle: userProfiles.jobTitle,
+          metadata: userProfiles.metadata,
           createdAt: userProfiles.createdAt,
           updatedAt: userProfiles.updatedAt
         }).from(userProfiles).where(eq8(userProfiles.userId, userId)).limit(1).then((rows) => rows[0] ?? null);
@@ -6170,6 +6188,7 @@ var init_user_profiles_repository = __esm({
           location: profile.location,
           company: profile.company,
           jobTitle: profile.jobTitle,
+          metadata: profile.metadata,
           createdAt: profile.createdAt,
           updatedAt: profile.updatedAt
         };
@@ -7673,14 +7692,18 @@ async function hasAllPermissions(userId, permissionNames) {
   const perms = await getUserPermissions(userId);
   return permissionNames.every((p) => perms.includes(p));
 }
-async function hasRole(userId, roleName) {
+async function getUserRole(userId) {
   const userIdNum = typeof userId === "string" ? Number(userId) : Number(userId);
   const user = await usersRepository.findById(userIdNum);
   if (!user || !user.roleId) {
-    return false;
+    return null;
   }
   const role = await rolesRepository.findById(user.roleId);
-  return role?.name === roleName;
+  return role?.name || null;
+}
+async function hasRole(userId, roleName) {
+  const role = await getUserRole(userId);
+  return role === roleName;
 }
 async function hasAnyRole(userId, roleNames) {
   for (const roleName of roleNames) {
@@ -7887,6 +7910,65 @@ async function getUserProfileService(userId) {
     profile
   };
 }
+function emptyToNull(value) {
+  if (value === "") {
+    return null;
+  }
+  return value;
+}
+async function updateUserProfileService(userId, params) {
+  const userIdNum = typeof userId === "string" ? Number(userId) : Number(userId);
+  const updateData = {};
+  if (params.displayName !== void 0) {
+    updateData.displayName = emptyToNull(params.displayName) || "User";
+  }
+  if (params.firstName !== void 0) {
+    updateData.firstName = emptyToNull(params.firstName);
+  }
+  if (params.lastName !== void 0) {
+    updateData.lastName = emptyToNull(params.lastName);
+  }
+  if (params.avatarUrl !== void 0) {
+    updateData.avatarUrl = emptyToNull(params.avatarUrl);
+  }
+  if (params.bio !== void 0) {
+    updateData.bio = emptyToNull(params.bio);
+  }
+  if (params.locale !== void 0) {
+    updateData.locale = emptyToNull(params.locale) || "en";
+  }
+  if (params.timezone !== void 0) {
+    updateData.timezone = emptyToNull(params.timezone) || "UTC";
+  }
+  if (params.dateOfBirth !== void 0) {
+    updateData.dateOfBirth = emptyToNull(params.dateOfBirth);
+  }
+  if (params.gender !== void 0) {
+    updateData.gender = emptyToNull(params.gender);
+  }
+  if (params.website !== void 0) {
+    updateData.website = emptyToNull(params.website);
+  }
+  if (params.location !== void 0) {
+    updateData.location = emptyToNull(params.location);
+  }
+  if (params.company !== void 0) {
+    updateData.company = emptyToNull(params.company);
+  }
+  if (params.jobTitle !== void 0) {
+    updateData.jobTitle = emptyToNull(params.jobTitle);
+  }
+  if (params.metadata !== void 0) {
+    updateData.metadata = params.metadata;
+  }
+  const existing = await userProfilesRepository.findByUserId(userIdNum);
+  if (!existing && !updateData.displayName) {
+    updateData.displayName = "User";
+  }
+  await userProfilesRepository.upsertByUserId(userIdNum, updateData);
+  const profile = await userProfilesRepository.fetchProfileData(userIdNum);
+  return profile;
+}
 // src/server/routes/auth/index.ts
 init_esm();
@@ -8223,6 +8305,59 @@ var requireRole = defineMiddleware3(
   }
 );
+// src/server/middleware/role-guard.ts
+import { defineMiddleware as defineMiddleware4 } from "@spfn/core/route";
+import { getAuth as getAuth4, getUserRole as getUserRole2, authLogger as authLogger5 } from "@spfn/auth/server";
+import { ForbiddenError as ForbiddenError3 } from "@spfn/core/errors";
+import { InsufficientRoleError as InsufficientRoleError2 } from "@spfn/auth/errors";
+var roleGuard = defineMiddleware4(
+  "roleGuard",
+  (options) => async (c, next) => {
+    const { allow, deny } = options;
+    if (!allow && !deny) {
+      throw new Error("roleGuard requires at least one of: allow, deny");
+    }
+    const auth = getAuth4(c);
+    if (!auth) {
+      authLogger5.middleware.warn("Role guard failed: not authenticated", {
+        path: c.req.path
+      });
+      throw new ForbiddenError3({ message: "Authentication required" });
+    }
+    const { userId } = auth;
+    const userRole = await getUserRole2(userId);
+    if (deny && deny.length > 0) {
+      if (userRole && deny.includes(userRole)) {
+        authLogger5.middleware.warn("Role guard denied", {
+          userId,
+          userRole,
+          deniedRoles: deny,
+          path: c.req.path
+        });
+        throw new InsufficientRoleError2({ requiredRoles: allow || [] });
+      }
+    }
+    if (allow && allow.length > 0) {
+      if (!userRole || !allow.includes(userRole)) {
+        authLogger5.middleware.warn("Role guard failed: role not allowed", {
+          userId,
+          userRole,
+          allowedRoles: allow,
+          path: c.req.path
+        });
+        throw new InsufficientRoleError2({ requiredRoles: allow });
+      }
+    }
+    authLogger5.middleware.debug("Role guard passed", {
+      userId,
+      userRole,
+      allow,
+      deny
+    });
+    await next();
+  }
+);
 // src/server/routes/invitations/index.ts
 init_types();
 init_esm();
@@ -8416,13 +8551,37 @@ var invitationRouter = defineRouter2({
 });
 // src/server/routes/users/index.ts
+init_esm();
 import { defineRouter as defineRouter3, route as route3 } from "@spfn/core/route";
 var getUserProfile = route3.get("/_auth/users/profile").handler(async (c) => {
   const { userId } = getAuth(c);
   return await getUserProfileService(userId);
 });
+var updateUserProfile = route3.patch("/_auth/users/profile").input({
+  body: Type.Object({
+    displayName: Type.Optional(Type.String({ description: "Display name shown in UI" })),
+    firstName: Type.Optional(Type.String({ description: "First name" })),
+    lastName: Type.Optional(Type.String({ description: "Last name" })),
+    avatarUrl: Type.Optional(Type.String({ description: "Avatar/profile picture URL" })),
+    bio: Type.Optional(Type.String({ description: "Short bio/description" })),
+    locale: Type.Optional(Type.String({ description: "Locale/language preference (e.g., en, ko)" })),
+    timezone: Type.Optional(Type.String({ description: "Timezone (e.g., Asia/Seoul)" })),
+    dateOfBirth: Type.Optional(Type.String({ description: "Date of birth (YYYY-MM-DD)" })),
+    gender: Type.Optional(Type.String({ description: "Gender" })),
+    website: Type.Optional(Type.String({ description: "Personal or professional website" })),
+    location: Type.Optional(Type.String({ description: "Location (city, country, etc.)" })),
+    company: Type.Optional(Type.String({ description: "Company name" })),
+    jobTitle: Type.Optional(Type.String({ description: "Job title" })),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Any(), { description: "Additional metadata" }))
+  })
+}).handler(async (c) => {
+  const { userId } = getAuth(c);
+  const { body } = await c.data();
+  return await updateUserProfileService(userId, body);
+});
 var userRouter = defineRouter3({
-  getUserProfile
+  getUserProfile,
+  updateUserProfile
 });
 // src/server/routes/index.ts
@@ -8805,6 +8964,7 @@ export {
   getUserId,
   getUserPermissions,
   getUserProfileService,
+  getUserRole,
   getVerificationCodeTemplate,
   getWelcomeTemplate,
   hasAllPermissions,
@@ -8833,6 +8993,7 @@ export {
   requireRole,
   resendInvitation,
   revokeKeyService,
+  roleGuard,
   rolePermissions,
   rolePermissionsRepository,
   roles,
@@ -8848,6 +9009,7 @@ export {
   unsealSession,
   updateLastLoginService,
   updateRole,
+  updateUserProfileService,
   updateUserService,
   userInvitations,
   userPermissions,