npm - @spfn/auth - Versions diffs - 0.2.0-beta.40 → 0.2.0-beta.41 - Mend

@spfn/auth 0.2.0-beta.40 → 0.2.0-beta.41

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/{authenticate-BbugF32w.d.ts → authenticate-2953PCm8.d.ts} +1 -1
package/dist/index.d.ts +3 -3
package/dist/server.d.ts +54 -54
package/dist/server.js +9 -0
package/dist/server.js.map +1 -1
package/package.json +3 -3

package/dist/{authenticate-BbugF32w.d.ts → authenticate-2953PCm8.d.ts} RENAMED Viewed

@@ -545,7 +545,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         email: string | null;

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as _spfn_core_nextjs from '@spfn/core/nextjs';
-import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-BbugF32w.js';
-export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-BbugF32w.js';
+import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-2953PCm8.js';
+export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './authenticate-2953PCm8.js';
 import * as _spfn_core_route from '@spfn/core/route';
 import { HttpMethod } from '@spfn/core/route';
 import * as _sinclair_typebox from '@sinclair/typebox';
@@ -169,7 +169,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         email: string | null;

package/dist/server.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-BbugF32w.js';
-export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-BbugF32w.js';
+import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-2953PCm8.js';
+export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-2953PCm8.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
@@ -1305,7 +1305,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
         id: number;
         name: string;
         displayName: string;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
     }[];
     userId: number;
     email: string | null;
@@ -2444,7 +2444,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "permissions";
             dataType: "string";
             columnType: "PgText";
-            data: "auth" | "custom" | "user" | "rbac" | "system";
+            data: "custom" | "user" | "auth" | "rbac" | "system";
             driverParam: string;
             notNull: false;
             hasDefault: false;
@@ -2944,14 +2944,14 @@ declare class UsersRepository extends BaseRepository {
     create(data: NewUser): Promise<{
         email: string | null;
         phone: string | null;
-        id: number;
+        status: "active" | "inactive" | "suspended";
         username: string | null;
+        id: number;
+        createdAt: Date;
+        updatedAt: Date;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
-        createdAt: Date;
-        updatedAt: Date;
-        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3020,14 +3020,14 @@ declare class UsersRepository extends BaseRepository {
     deleteById(id: number): Promise<{
         email: string | null;
         phone: string | null;
-        id: number;
+        status: "active" | "inactive" | "suspended";
         username: string | null;
+        id: number;
+        createdAt: Date;
+        updatedAt: Date;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
-        createdAt: Date;
-        updatedAt: Date;
-        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3050,7 +3050,7 @@ declare class UsersRepository extends BaseRepository {
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
     }>;
     /**
@@ -3162,16 +3162,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUserPublicKey): Promise<{
-        publicKey: string;
-        keyId: string;
-        fingerprint: string;
-        algorithm: "ES256" | "RS256";
         userId: number;
+        keyId: string;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        expiresAt: Date | null;
+        publicKey: string;
+        algorithm: "ES256" | "RS256";
+        fingerprint: string;
         lastUsedAt: Date | null;
+        expiresAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3198,16 +3198,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
-        publicKey: string;
-        keyId: string;
-        fingerprint: string;
-        algorithm: "ES256" | "RS256";
         userId: number;
+        keyId: string;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        expiresAt: Date | null;
+        publicKey: string;
+        algorithm: "ES256" | "RS256";
+        fingerprint: string;
         lastUsedAt: Date | null;
+        expiresAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3322,14 +3322,14 @@ declare class VerificationCodesRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewVerificationCode): Promise<{
-        target: string;
-        targetType: "email" | "phone";
-        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
-        code: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
         expiresAt: Date;
+        target: string;
+        targetType: "email" | "phone";
+        code: string;
+        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
         usedAt: Date | null;
         attempts: number;
     }>;
@@ -3518,7 +3518,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3534,7 +3534,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3574,7 +3574,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3585,7 +3585,6 @@ declare class PermissionsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         description: string | null;
-        metadata: Record<string, any> | null;
         id: number;
         name: string;
         displayName: string;
@@ -3594,7 +3593,8 @@ declare class PermissionsRepository extends BaseRepository {
         isActive: boolean;
         createdAt: Date;
         updatedAt: Date;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        metadata: Record<string, any> | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3639,9 +3639,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     createMany(data: NewRolePermission[]): Promise<{
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
+        roleId: number;
         permissionId: number;
     }[]>;
     /**
@@ -3657,9 +3657,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
+        roleId: number;
         permissionId: number;
     }[]>;
 }
@@ -3724,10 +3724,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        permissionId: number;
         expiresAt: Date | null;
-        reason: string | null;
+        permissionId: number;
         granted: boolean;
+        reason: string | null;
     }>;
     /**
      * 사용자 권한 오버라이드 업데이트
@@ -3750,10 +3750,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        permissionId: number;
         expiresAt: Date | null;
-        reason: string | null;
+        permissionId: number;
         granted: boolean;
+        reason: string | null;
     }>;
     /**
      * 사용자의 모든 권한 오버라이드 삭제
@@ -3831,7 +3831,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 생성
      */
     create(data: NewUserProfile): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
@@ -3849,6 +3848,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 업데이트 (by ID)
@@ -3900,7 +3900,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 삭제 (by ID)
      */
     deleteById(id: number): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
@@ -3918,12 +3917,12 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 삭제 (by User ID)
      */
     deleteByUserId(userId: number): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
@@ -3941,6 +3940,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 Upsert (by User ID)
@@ -3949,7 +3949,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
      */
     upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string;
@@ -3967,6 +3966,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * User ID로 프로필 데이터 조회 (formatted)
@@ -4094,15 +4094,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     create(data: NewInvitation): Promise<{
         email: string;
-        metadata: Record<string, any> | null;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        roleId: number;
+        metadata: Record<string, any> | null;
+        expiresAt: Date;
         token: string;
         invitedBy: number;
-        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4128,15 +4128,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         email: string;
-        metadata: Record<string, any> | null;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        roleId: number;
+        metadata: Record<string, any> | null;
+        expiresAt: Date;
         token: string;
         invitedBy: number;
-        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4803,14 +4803,14 @@ declare function getUser(c: Context | {
 }): {
     email: string | null;
     phone: string | null;
-    id: number;
+    status: "active" | "inactive" | "suspended";
     username: string | null;
+    id: number;
+    createdAt: Date;
+    updatedAt: Date;
     passwordHash: string | null;
     passwordChangeRequired: boolean;
     roleId: number;
-    createdAt: Date;
-    updatedAt: Date;
-    status: "active" | "inactive" | "suspended";
     emailVerifiedAt: Date | null;
     phoneVerifiedAt: Date | null;
     lastLoginAt: Date | null;

package/dist/server.js CHANGED Viewed

@@ -8992,6 +8992,7 @@ var oauthRouter = defineRouter4({
 // src/server/routes/admin/index.ts
 init_esm();
+import { ForbiddenError as ForbiddenError4 } from "@spfn/core/errors";
 import { route as route5 } from "@spfn/core/route";
 var listRoles = route5.get("/_auth/admin/roles").input({
   query: Type.Object({
@@ -9059,6 +9060,14 @@ var updateUserRole = route5.patch("/_auth/admin/users/:userId/role").input({
   })
 }).use([authenticate, requireRole("superadmin")]).handler(async (c) => {
   const { params, body } = await c.data();
+  const auth = getAuth(c);
+  if (params.userId === Number(auth.userId)) {
+    throw new ForbiddenError4({ message: "Cannot change your own role" });
+  }
+  const targetRole = await getUserRole(params.userId);
+  if (targetRole === "superadmin") {
+    throw new ForbiddenError4({ message: "Cannot modify superadmin role" });
+  }
   await updateUserService(params.userId, { roleId: body.roleId });
   return { userId: params.userId, roleId: body.roleId };
 });