@spfn/auth 0.2.0-beta.41 → 0.2.0-beta.43

package/dist/server.d.ts

@@ -1,5 +1,5 @@
-import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-2953PCm8.js';
-export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-2953PCm8.js';
+import { k as AuthInitOptions, l as KeyAlgorithmType, n as InvitationStatus, f as VerificationPurpose, j as PermissionCategory, p as SocialProvider, q as AuthContext } from './authenticate-CAJr3A4H.js';
+export { B as ChangePasswordParams, w as CheckAccountExistsParams, C as CheckAccountExistsResult, a6 as EmailSchema, I as INVITATION_STATUSES, K as KEY_ALGORITHM, y as LoginParams, L as LoginResult, z as LogoutParams, a2 as OAuthCallbackParams, a3 as OAuthCallbackResult, a1 as OAuthStartParams, O as OAuthStartResult, a8 as PasswordSchema, a7 as PhoneSchema, x as RegisterParams, Q as RegisterPublicKeyParams, a as RegisterResult, W as RevokeKeyParams, T as RotateKeyParams, b as RotateKeyResult, e as SOCIAL_PROVIDERS, F as SendVerificationCodeParams, S as SendVerificationCodeResult, a9 as TargetTypeSchema, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, aa as VerificationPurposeSchema, V as VerificationTargetType, G as VerifyCodeParams, H as VerifyCodeResult, m as authRouter, a4 as authenticate, Z as buildOAuthErrorUrl, v as changePasswordService, r as checkAccountExistsService, $ as getEnabledOAuthProviders, a0 as getGoogleAccessToken, _ as isOAuthProviderEnabled, t as loginService, u as logoutService, Y as oauthCallbackService, X as oauthStartService, a5 as optionalAuth, J as registerPublicKeyService, s as registerService, N as revokeKeyService, M as rotateKeyService, D as sendVerificationCodeService, E as verifyCodeService } from './authenticate-CAJr3A4H.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
@@ -1082,6 +1082,7 @@ declare function createInvitation(params: {
     roleId: number;
     invitedBy: number;
     expiresInDays?: number;
+    expiresAt?: Date;
     metadata?: Record<string, any>;
 }): Promise<Invitation>;
 /**
@@ -1305,7 +1306,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
         id: number;
         name: string;
         displayName: string;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
     }[];
     userId: number;
     email: string | null;
@@ -1488,7 +1489,7 @@ declare const userProfiles: drizzle_orm_pg_core.PgTableWithColumns<{
             columnType: "PgText";
             data: string;
             driverParam: string;
-            notNull: true;
+            notNull: false;
             hasDefault: false;
             isPrimaryKey: false;
             isAutoincrement: false;
@@ -2444,7 +2445,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "permissions";
             dataType: "string";
             columnType: "PgText";
-            data: "custom" | "user" | "auth" | "rbac" | "system";
+            data: "auth" | "custom" | "user" | "rbac" | "system";
             driverParam: string;
             notNull: false;
             hasDefault: false;
@@ -2944,14 +2945,14 @@ declare class UsersRepository extends BaseRepository {
     create(data: NewUser): Promise<{
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
-        username: string | null;
         id: number;
-        createdAt: Date;
-        updatedAt: Date;
+        username: string | null;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
+        createdAt: Date;
+        updatedAt: Date;
+        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3020,14 +3021,14 @@ declare class UsersRepository extends BaseRepository {
     deleteById(id: number): Promise<{
         email: string | null;
         phone: string | null;
-        status: "active" | "inactive" | "suspended";
-        username: string | null;
         id: number;
-        createdAt: Date;
-        updatedAt: Date;
+        username: string | null;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
+        createdAt: Date;
+        updatedAt: Date;
+        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3050,7 +3051,7 @@ declare class UsersRepository extends BaseRepository {
             id: number;
             name: string;
             displayName: string;
-            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
+            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
         }[];
     }>;
     /**
@@ -3162,16 +3163,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUserPublicKey): Promise<{
-        userId: number;
+        publicKey: string;
         keyId: string;
+        fingerprint: string;
+        algorithm: "ES256" | "RS256";
+        userId: number;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        publicKey: string;
-        algorithm: "ES256" | "RS256";
-        fingerprint: string;
-        lastUsedAt: Date | null;
         expiresAt: Date | null;
+        lastUsedAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3198,16 +3199,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
-        userId: number;
+        publicKey: string;
         keyId: string;
+        fingerprint: string;
+        algorithm: "ES256" | "RS256";
+        userId: number;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        publicKey: string;
-        algorithm: "ES256" | "RS256";
-        fingerprint: string;
-        lastUsedAt: Date | null;
         expiresAt: Date | null;
+        lastUsedAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3322,14 +3323,14 @@ declare class VerificationCodesRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewVerificationCode): Promise<{
+        target: string;
+        targetType: "email" | "phone";
+        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
+        code: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
         expiresAt: Date;
-        target: string;
-        targetType: "email" | "phone";
-        code: string;
-        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
         usedAt: Date | null;
         attempts: number;
     }>;
@@ -3518,7 +3519,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3534,7 +3535,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3574,7 +3575,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3585,6 +3586,7 @@ declare class PermissionsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         description: string | null;
+        metadata: Record<string, any> | null;
         id: number;
         name: string;
         displayName: string;
@@ -3593,8 +3595,7 @@ declare class PermissionsRepository extends BaseRepository {
         isActive: boolean;
         createdAt: Date;
         updatedAt: Date;
-        metadata: Record<string, any> | null;
-        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
+        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3639,9 +3640,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     createMany(data: NewRolePermission[]): Promise<{
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
         permissionId: number;
     }[]>;
     /**
@@ -3657,9 +3658,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
         permissionId: number;
     }[]>;
 }
@@ -3724,10 +3725,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        expiresAt: Date | null;
         permissionId: number;
-        granted: boolean;
+        expiresAt: Date | null;
         reason: string | null;
+        granted: boolean;
     }>;
     /**
      * 사용자 권한 오버라이드 업데이트
@@ -3750,10 +3751,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        expiresAt: Date | null;
         permissionId: number;
-        granted: boolean;
+        expiresAt: Date | null;
         reason: string | null;
+        granted: boolean;
     }>;
     /**
      * 사용자의 모든 권한 오버라이드 삭제
@@ -3785,7 +3786,7 @@ declare class UserProfilesRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        displayName: string;
+        displayName: string | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3812,7 +3813,7 @@ declare class UserProfilesRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        displayName: string;
+        displayName: string | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3831,9 +3832,10 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 생성
      */
     create(data: NewUserProfile): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
-        displayName: string;
+        displayName: string | null;
         createdAt: Date;
         updatedAt: Date;
         firstName: string | null;
@@ -3848,7 +3850,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 업데이트 (by ID)
@@ -3858,7 +3859,7 @@ declare class UserProfilesRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        displayName: string;
+        displayName: string | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3881,7 +3882,7 @@ declare class UserProfilesRepository extends BaseRepository {
         updatedAt: Date;
         id: number;
         userId: number;
-        displayName: string;
+        displayName: string | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -3900,9 +3901,10 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 삭제 (by ID)
      */
     deleteById(id: number): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
-        displayName: string;
+        displayName: string | null;
         createdAt: Date;
         updatedAt: Date;
         firstName: string | null;
@@ -3917,15 +3919,15 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 삭제 (by User ID)
      */
     deleteByUserId(userId: number): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
-        displayName: string;
+        displayName: string | null;
         createdAt: Date;
         updatedAt: Date;
         firstName: string | null;
@@ -3940,7 +3942,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 Upsert (by User ID)
@@ -3949,9 +3950,10 @@ declare class UserProfilesRepository extends BaseRepository {
      * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
      */
     upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
+        metadata: Record<string, any> | null;
         userId: number;
         id: number;
-        displayName: string;
+        displayName: string | null;
         createdAt: Date;
         updatedAt: Date;
         firstName: string | null;
@@ -3966,7 +3968,6 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
-        metadata: Record<string, any> | null;
     }>;
     /**
      * User ID로 프로필 데이터 조회 (formatted)
@@ -3975,7 +3976,7 @@ declare class UserProfilesRepository extends BaseRepository {
      */
     fetchProfileData(userId: number): Promise<{
         profileId: number;
-        displayName: string;
+        displayName: string | null;
         firstName: string | null;
         lastName: string | null;
         avatarUrl: string | null;
@@ -4094,15 +4095,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     create(data: NewInvitation): Promise<{
         email: string;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        metadata: Record<string, any> | null;
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
-        metadata: Record<string, any> | null;
-        expiresAt: Date;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         token: string;
         invitedBy: number;
+        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4128,15 +4129,15 @@ declare class InvitationsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         email: string;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        metadata: Record<string, any> | null;
         id: number;
+        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        roleId: number;
-        metadata: Record<string, any> | null;
-        expiresAt: Date;
+        status: "pending" | "accepted" | "expired" | "cancelled";
         token: string;
         invitedBy: number;
+        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4803,14 +4804,14 @@ declare function getUser(c: Context | {
 }): {
     email: string | null;
     phone: string | null;
-    status: "active" | "inactive" | "suspended";
-    username: string | null;
     id: number;
-    createdAt: Date;
-    updatedAt: Date;
+    username: string | null;
     passwordHash: string | null;
     passwordChangeRequired: boolean;
     roleId: number;
+    createdAt: Date;
+    updatedAt: Date;
+    status: "active" | "inactive" | "suspended";
     emailVerifiedAt: Date | null;
     phoneVerifiedAt: Date | null;
     lastLoginAt: Date | null;
@@ -5314,10 +5315,67 @@ declare const authRegisterEvent: _spfn_core_event.EventDef<{
     userId: string;
     provider: "email" | "phone" | "google";
 }>;
+/**
+ * auth.invitation.created - 초대 생성 이벤트
+ *
+ * 발행 시점:
+ * - createInvitation() 성공 시
+ * - resendInvitation() 성공 시
+ *
+ * @example
+ * ```typescript
+ * invitationCreatedEvent.subscribe(async (payload) => {
+ *     const inviteUrl = `${APP_URL}/invite/${payload.token}`;
+ *     await notificationService.send({
+ *         channel: 'email',
+ *         to: payload.email,
+ *         subject: 'You are invited!',
+ *         html: renderInviteEmail({ inviteUrl, ...payload.metadata }),
+ *     });
+ * });
+ * ```
+ */
+declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
+    metadata?: {
+        [x: string]: unknown;
+    } | undefined;
+    email: string;
+    roleId: number;
+    token: string;
+    invitedBy: string;
+    expiresAt: string;
+    invitationId: string;
+    isResend: boolean;
+}>;
+/**
+ * auth.invitation.accepted - 초대 수락 이벤트
+ *
+ * 발행 시점:
+ * - acceptInvitation() 성공 시
+ *
+ * @example
+ * ```typescript
+ * invitationAcceptedEvent.subscribe(async (payload) => {
+ *     await onboardingService.start(payload.userId);
+ * });
+ * ```
+ */
+declare const invitationAcceptedEvent: _spfn_core_event.EventDef<{
+    metadata?: {
+        [x: string]: unknown;
+    } | undefined;
+    email: string;
+    userId: string;
+    roleId: number;
+    invitedBy: string;
+    invitationId: string;
+}>;
 /**
  * Auth event payload types
  */
 type AuthLoginPayload = typeof authLoginEvent._payload;
 type AuthRegisterPayload = typeof authRegisterEvent._payload;
+type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
+type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
 
-export { type AuthConfig, AuthContext, type AuthLoginPayload, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, socialAccountsRepository, unsealSession, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
+export { type AuthConfig, AuthContext, type AuthLoginPayload, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionData, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, acceptInvitation, addPermissionToRole, authLogger, authLoginEvent, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionInfo, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, sealSession, setRolePermissions, shouldRefreshSession, shouldRotateKey, socialAccountsRepository, unsealSession, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };

package/dist/server.js

@@ -4653,8 +4653,8 @@ var init_user_profiles = __esm({
         // Foreign key to users table
         userId: foreignKey2("user", () => users.id).unique(),
         // Display Information
-        // Display name shown in UI (required)
-        displayName: text3("display_name").notNull(),
+        // Display name shown in UI (optional)
+        displayName: text3("display_name"),
         // First name (optional)
         firstName: text3("first_name"),
         // Last name (optional)
@@ -7153,6 +7153,30 @@ var authRegisterEvent = defineEvent(
     metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
   })
 );
+var invitationCreatedEvent = defineEvent(
+  "auth.invitation.created",
+  Type.Object({
+    invitationId: Type.String(),
+    email: Type.String(),
+    token: Type.String(),
+    roleId: Type.Number(),
+    invitedBy: Type.String(),
+    expiresAt: Type.String(),
+    isResend: Type.Boolean(),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
+  })
+);
+var invitationAcceptedEvent = defineEvent(
+  "auth.invitation.accepted",
+  Type.Object({
+    invitationId: Type.String(),
+    email: Type.String(),
+    userId: Type.String(),
+    roleId: Type.Number(),
+    invitedBy: Type.String(),
+    metadata: Type.Optional(Type.Record(Type.String(), Type.Unknown()))
+  })
+);
 
 // src/server/services/auth.service.ts
 async function checkAccountExistsService(params) {
@@ -7566,7 +7590,7 @@ function calculateExpiresAt(days = 7) {
   return expiresAt;
 }
 async function createInvitation(params) {
-  const { email, roleId, invitedBy, expiresInDays = 7, metadata } = params;
+  const { email, roleId, invitedBy, expiresInDays = 7, expiresAt: expiresAtParam, metadata } = params;
   const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
   if (!emailRegex.test(email)) {
     throw new Error("Invalid email format");
@@ -7588,7 +7612,7 @@ async function createInvitation(params) {
     throw new Error(`User with id ${invitedBy} not found`);
   }
   const token = generateInvitationToken();
-  const expiresAt = calculateExpiresAt(expiresInDays);
+  const expiresAt = expiresAtParam ?? calculateExpiresAt(expiresInDays);
   const invitation = await invitationsRepository.create({
     email,
     token,
@@ -7598,7 +7622,16 @@ async function createInvitation(params) {
     expiresAt,
     metadata: metadata || null
   });
-  console.log(`[Auth] \u2705 Created invitation: ${email} as ${role.name} (expires: ${expiresAt.toISOString()})`);
+  await invitationCreatedEvent.emit({
+    invitationId: String(invitation.id),
+    email,
+    token,
+    roleId,
+    invitedBy: String(invitedBy),
+    expiresAt: expiresAt.toISOString(),
+    isResend: false,
+    metadata
+  });
   return invitation;
 }
 async function getInvitationByToken(token) {
@@ -7662,7 +7695,14 @@ async function acceptInvitation(params) {
     "accepted",
     /* @__PURE__ */ new Date()
   );
-  console.log(`[Auth] \u2705 Invitation accepted: ${invitation.email} as ${role.name}`);
+  await invitationAcceptedEvent.emit({
+    invitationId: String(invitation.id),
+    email: invitation.email,
+    userId: String(newUser.id),
+    roleId: Number(invitation.roleId),
+    invitedBy: String(invitation.invitedBy),
+    metadata: invitation.metadata
+  });
   return {
     userId: newUser.id,
     email: newUser.email,
@@ -7707,7 +7747,16 @@ async function resendInvitation(id11, expiresInDays = 7) {
   if (!updated) {
     throw new Error("Failed to update invitation");
   }
-  console.log(`[Auth] \u{1F4E7} Invitation resent: ${invitation.email} (new expiry: ${newExpiresAt.toISOString()})`);
+  await invitationCreatedEvent.emit({
+    invitationId: String(invitation.id),
+    email: invitation.email,
+    token: invitation.token,
+    roleId: Number(invitation.roleId),
+    invitedBy: String(invitation.invitedBy),
+    expiresAt: newExpiresAt.toISOString(),
+    isResend: true,
+    metadata: invitation.metadata
+  });
   return updated;
 }
 
@@ -7764,7 +7813,7 @@ async function updateUserProfileService(userId, params) {
   const userIdNum = typeof userId === "string" ? Number(userId) : Number(userId);
   const updateData = {};
   if (params.displayName !== void 0) {
-    updateData.displayName = emptyToNull(params.displayName) || "User";
+    updateData.displayName = emptyToNull(params.displayName);
   }
   if (params.firstName !== void 0) {
     updateData.firstName = emptyToNull(params.firstName);
@@ -7805,10 +7854,6 @@ async function updateUserProfileService(userId, params) {
   if (params.metadata !== void 0) {
     updateData.metadata = params.metadata;
   }
-  const existing = await userProfilesRepository.findByUserId(userIdNum);
-  if (!existing && !updateData.displayName) {
-    updateData.displayName = "User";
-  }
   await userProfilesRepository.upsertByUserId(userIdNum, updateData);
   const profile = await userProfilesRepository.fetchProfileData(userIdNum);
   return profile;
@@ -8675,6 +8720,10 @@ var createInvitation2 = route2.post("/_auth/invitations").input({
       maximum: 30,
       description: "Days until invitation expires (default: 7)"
     })),
+    expiresAt: Type.Optional(Type.String({
+      format: "date-time",
+      description: "Exact expiration timestamp (ISO 8601). Takes precedence over expiresInDays."
+    })),
     metadata: Type.Optional(Type.Any({
       description: "Custom metadata (welcome message, department, etc.)"
     }))
@@ -8687,6 +8736,7 @@ var createInvitation2 = route2.post("/_auth/invitations").input({
     roleId: body.roleId,
     invitedBy: Number(userId),
     expiresInDays: body.expiresInDays,
+    expiresAt: body.expiresAt ? new Date(body.expiresAt) : void 0,
     metadata: body.metadata
   });
   const baseUrl = process.env.SPFN_API_URL || "http://localhost:8790";
@@ -9507,6 +9557,8 @@ export {
   hasRole,
   hashPassword,
   initializeAuth,
+  invitationAcceptedEvent,
+  invitationCreatedEvent,
   invitationsRepository,
   isGoogleOAuthEnabled,
   isOAuthProviderEnabled,