npm - @spfn/auth - Versions diffs - 0.2.0-beta.51 → 0.2.0-beta.53 - Mend

@spfn/auth 0.2.0-beta.51 → 0.2.0-beta.53

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/{authenticate-eucncHxN.d.ts → authenticate-CVLJS7C7.d.ts} +3 -3
package/dist/index.d.ts +4 -4
package/dist/server.d.ts +55 -55
package/dist/server.js +15 -9
package/dist/server.js.map +1 -1
package/package.json +4 -4

package/dist/{authenticate-eucncHxN.d.ts → authenticate-CVLJS7C7.d.ts} RENAMED Viewed

@@ -182,7 +182,7 @@ interface LogoutParams {
 }
 interface ChangePasswordParams {
     userId: number;
-    currentPassword: string;
+    currentPassword?: string;
     newPassword: string;
     passwordHash?: string;
 }
@@ -558,7 +558,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
     }, RotateKeyResult>;
     changePassword: _spfn_core_route.RouteDef<{
         body: _sinclair_typebox.TObject<{
-            currentPassword: _sinclair_typebox.TString;
+            currentPassword: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
             newPassword: _sinclair_typebox.TString;
         }>;
     }, {}, void>;
@@ -573,7 +573,7 @@ declare const mainAuthRouter: _spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         publicId: string;

package/dist/index.d.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import * as _spfn_core_nextjs from '@spfn/core/nextjs';
-import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, I as IssueOneTimeTokenResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-eucncHxN.js';
-export { l as AuthInitOptions, A as AuthSession, d as INVITATION_STATUSES, o as InvitationStatus, K as KEY_ALGORITHM, n as KeyAlgorithmType, j as PERMISSION_CATEGORIES, k as PermissionCategory, f as SOCIAL_PROVIDERS, q as SocialProvider, e as USER_STATUSES, p as UserStatus, i as VERIFICATION_PURPOSES, h as VERIFICATION_TARGET_TYPES, g as VerificationPurpose, V as VerificationTargetType } from './authenticate-eucncHxN.js';
+import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, I as IssueOneTimeTokenResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-CVLJS7C7.js';
+export { l as AuthInitOptions, A as AuthSession, d as INVITATION_STATUSES, o as InvitationStatus, K as KEY_ALGORITHM, n as KeyAlgorithmType, j as PERMISSION_CATEGORIES, k as PermissionCategory, f as SOCIAL_PROVIDERS, q as SocialProvider, e as USER_STATUSES, p as UserStatus, i as VERIFICATION_PURPOSES, h as VERIFICATION_TARGET_TYPES, g as VerificationPurpose, V as VerificationTargetType } from './authenticate-CVLJS7C7.js';
 import * as _spfn_core_route from '@spfn/core/route';
 import { HttpMethod } from '@spfn/core/route';
 import * as _sinclair_typebox from '@sinclair/typebox';
@@ -154,7 +154,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
     }, RotateKeyResult>;
     changePassword: _spfn_core_route.RouteDef<{
         body: _sinclair_typebox.TObject<{
-            currentPassword: _sinclair_typebox.TString;
+            currentPassword: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
             newPassword: _sinclair_typebox.TString;
         }>;
     }, {}, void>;
@@ -169,7 +169,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
         userId: number;
         publicId: string;

package/dist/server.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
-import { l as AuthInitOptions, n as KeyAlgorithmType, o as InvitationStatus, g as VerificationPurpose, k as PermissionCategory, q as SocialProvider, r as AuthContext } from './authenticate-eucncHxN.js';
-export { D as ChangePasswordParams, x as CheckAccountExistsParams, C as CheckAccountExistsResult, a9 as EmailSchema, d as INVITATION_STATUSES, I as IssueOneTimeTokenResult, K as KEY_ALGORITHM, z as LoginParams, L as LoginResult, B as LogoutParams, a5 as OAuthCallbackParams, a6 as OAuthCallbackResult, a4 as OAuthStartParams, O as OAuthStartResult, ab as PasswordSchema, aa as PhoneSchema, y as RegisterParams, T as RegisterPublicKeyParams, a as RegisterResult, X as RevokeKeyParams, W as RotateKeyParams, b as RotateKeyResult, f as SOCIAL_PROVIDERS, G as SendVerificationCodeParams, S as SendVerificationCodeResult, ac as TargetTypeSchema, e as USER_STATUSES, p as UserStatus, i as VERIFICATION_PURPOSES, h as VERIFICATION_TARGET_TYPES, ad as VerificationPurposeSchema, V as VerificationTargetType, H as VerifyCodeParams, J as VerifyCodeResult, m as authRouter, a7 as authenticate, a0 as buildOAuthErrorUrl, w as changePasswordService, s as checkAccountExistsService, a2 as getEnabledOAuthProviders, a3 as getGoogleAccessToken, a1 as isOAuthProviderEnabled, Y as issueOneTimeTokenService, u as loginService, v as logoutService, $ as oauthCallbackService, _ as oauthStartService, a8 as optionalAuth, M as registerPublicKeyService, t as registerService, Q as revokeKeyService, N as rotateKeyService, E as sendVerificationCodeService, F as verifyCodeService, Z as verifyOneTimeTokenService } from './authenticate-eucncHxN.js';
+import { l as AuthInitOptions, n as KeyAlgorithmType, o as InvitationStatus, g as VerificationPurpose, k as PermissionCategory, q as SocialProvider, r as AuthContext } from './authenticate-CVLJS7C7.js';
+export { D as ChangePasswordParams, x as CheckAccountExistsParams, C as CheckAccountExistsResult, a9 as EmailSchema, d as INVITATION_STATUSES, I as IssueOneTimeTokenResult, K as KEY_ALGORITHM, z as LoginParams, L as LoginResult, B as LogoutParams, a5 as OAuthCallbackParams, a6 as OAuthCallbackResult, a4 as OAuthStartParams, O as OAuthStartResult, ab as PasswordSchema, aa as PhoneSchema, y as RegisterParams, T as RegisterPublicKeyParams, a as RegisterResult, X as RevokeKeyParams, W as RotateKeyParams, b as RotateKeyResult, f as SOCIAL_PROVIDERS, G as SendVerificationCodeParams, S as SendVerificationCodeResult, ac as TargetTypeSchema, e as USER_STATUSES, p as UserStatus, i as VERIFICATION_PURPOSES, h as VERIFICATION_TARGET_TYPES, ad as VerificationPurposeSchema, V as VerificationTargetType, H as VerifyCodeParams, J as VerifyCodeResult, m as authRouter, a7 as authenticate, a0 as buildOAuthErrorUrl, w as changePasswordService, s as checkAccountExistsService, a2 as getEnabledOAuthProviders, a3 as getGoogleAccessToken, a1 as isOAuthProviderEnabled, Y as issueOneTimeTokenService, u as loginService, v as logoutService, $ as oauthCallbackService, _ as oauthStartService, a8 as optionalAuth, M as registerPublicKeyService, t as registerService, Q as revokeKeyService, N as rotateKeyService, E as sendVerificationCodeService, F as verifyCodeService, Z as verifyOneTimeTokenService } from './authenticate-CVLJS7C7.js';
 import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
 import { UserProfile as UserProfile$1, ProfileInfo } from '@spfn/auth';
 import { BaseRepository } from '@spfn/core/db';
@@ -1330,7 +1330,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
         id: number;
         name: string;
         displayName: string;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
     }[];
     userId: number;
     publicId: string;
@@ -2470,7 +2470,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
             tableName: "permissions";
             dataType: "string";
             columnType: "PgText";
-            data: "auth" | "custom" | "user" | "rbac" | "system";
+            data: "custom" | "user" | "auth" | "rbac" | "system";
             driverParam: string;
             notNull: false;
             hasDefault: false;
@@ -3061,17 +3061,17 @@ declare class UsersRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUser): Promise<{
+        username: string | null;
+        status: "active" | "inactive" | "suspended";
         email: string | null;
         phone: string | null;
         id: number;
+        createdAt: Date;
+        updatedAt: Date;
         publicId: string;
-        username: string | null;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
-        createdAt: Date;
-        updatedAt: Date;
-        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3141,17 +3141,17 @@ declare class UsersRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteById(id: number): Promise<{
+        username: string | null;
+        status: "active" | "inactive" | "suspended";
         email: string | null;
         phone: string | null;
         id: number;
+        createdAt: Date;
+        updatedAt: Date;
         publicId: string;
-        username: string | null;
         passwordHash: string | null;
         passwordChangeRequired: boolean;
         roleId: number;
-        createdAt: Date;
-        updatedAt: Date;
-        status: "active" | "inactive" | "suspended";
         emailVerifiedAt: Date | null;
         phoneVerifiedAt: Date | null;
         lastLoginAt: Date | null;
@@ -3174,7 +3174,7 @@ declare class UsersRepository extends BaseRepository {
             id: number;
             name: string;
             displayName: string;
-            category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
+            category: "custom" | "user" | "auth" | "rbac" | "system" | undefined;
         }[];
     }>;
     /**
@@ -3288,16 +3288,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewUserPublicKey): Promise<{
-        publicKey: string;
-        keyId: string;
-        fingerprint: string;
-        algorithm: "ES256" | "RS256";
         userId: number;
+        keyId: string;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        expiresAt: Date | null;
+        publicKey: string;
+        algorithm: "ES256" | "RS256";
+        fingerprint: string;
         lastUsedAt: Date | null;
+        expiresAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3324,16 +3324,16 @@ declare class KeysRepository extends BaseRepository {
      * Write primary 사용
      */
     deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
-        publicKey: string;
-        keyId: string;
-        fingerprint: string;
-        algorithm: "ES256" | "RS256";
         userId: number;
+        keyId: string;
         id: number;
         isActive: boolean;
         createdAt: Date;
-        expiresAt: Date | null;
+        publicKey: string;
+        algorithm: "ES256" | "RS256";
+        fingerprint: string;
         lastUsedAt: Date | null;
+        expiresAt: Date | null;
         revokedAt: Date | null;
         revokedReason: string | null;
     }>;
@@ -3448,14 +3448,14 @@ declare class VerificationCodesRepository extends BaseRepository {
      * Write primary 사용
      */
     create(data: NewVerificationCode): Promise<{
-        target: string;
-        targetType: "email" | "phone";
-        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
-        code: string;
         id: number;
         createdAt: Date;
         updatedAt: Date;
         expiresAt: Date;
+        target: string;
+        targetType: "email" | "phone";
+        code: string;
+        purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
         usedAt: Date | null;
         attempts: number;
     }>;
@@ -3644,7 +3644,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3660,7 +3660,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3700,7 +3700,7 @@ declare class PermissionsRepository extends BaseRepository {
         name: string;
         displayName: string;
         description: string | null;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
         isBuiltin: boolean;
         isSystem: boolean;
         isActive: boolean;
@@ -3711,7 +3711,6 @@ declare class PermissionsRepository extends BaseRepository {
      */
     deleteById(id: number): Promise<{
         description: string | null;
-        metadata: Record<string, any> | null;
         id: number;
         name: string;
         displayName: string;
@@ -3720,7 +3719,8 @@ declare class PermissionsRepository extends BaseRepository {
         isActive: boolean;
         createdAt: Date;
         updatedAt: Date;
-        category: "auth" | "custom" | "user" | "rbac" | "system" | null;
+        metadata: Record<string, any> | null;
+        category: "custom" | "user" | "auth" | "rbac" | "system" | null;
     }>;
 }
 declare const permissionsRepository: PermissionsRepository;
@@ -3765,9 +3765,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     createMany(data: NewRolePermission[]): Promise<{
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
+        roleId: number;
         permissionId: number;
     }[]>;
     /**
@@ -3783,9 +3783,9 @@ declare class RolePermissionsRepository extends BaseRepository {
      */
     setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
+        roleId: number;
         permissionId: number;
     }[]>;
 }
@@ -3850,10 +3850,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        permissionId: number;
         expiresAt: Date | null;
-        reason: string | null;
+        permissionId: number;
         granted: boolean;
+        reason: string | null;
     }>;
     /**
      * 사용자 권한 오버라이드 업데이트
@@ -3876,10 +3876,10 @@ declare class UserPermissionsRepository extends BaseRepository {
         id: number;
         createdAt: Date;
         updatedAt: Date;
-        permissionId: number;
         expiresAt: Date | null;
-        reason: string | null;
+        permissionId: number;
         granted: boolean;
+        reason: string | null;
     }>;
     /**
      * 사용자의 모든 권한 오버라이드 삭제
@@ -3957,7 +3957,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 생성
      */
     create(data: NewUserProfile): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -3975,6 +3974,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 업데이트 (by ID)
@@ -4026,7 +4026,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 프로필 삭제 (by ID)
      */
     deleteById(id: number): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -4044,12 +4043,12 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 삭제 (by User ID)
      */
     deleteByUserId(userId: number): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -4067,6 +4066,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * 프로필 Upsert (by User ID)
@@ -4075,7 +4075,6 @@ declare class UserProfilesRepository extends BaseRepository {
      * 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
      */
     upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
-        metadata: Record<string, any> | null;
         userId: number;
         id: number;
         displayName: string | null;
@@ -4093,6 +4092,7 @@ declare class UserProfilesRepository extends BaseRepository {
         location: string | null;
         company: string | null;
         jobTitle: string | null;
+        metadata: Record<string, any> | null;
     }>;
     /**
      * User ID로 프로필 데이터 조회 (formatted)
@@ -4219,16 +4219,16 @@ declare class InvitationsRepository extends BaseRepository {
      * 초대 생성
      */
     create(data: NewInvitation): Promise<{
+        status: "pending" | "accepted" | "expired" | "cancelled";
         email: string;
-        metadata: Record<string, any> | null;
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        roleId: number;
+        metadata: Record<string, any> | null;
+        expiresAt: Date;
         token: string;
         invitedBy: number;
-        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4253,16 +4253,16 @@ declare class InvitationsRepository extends BaseRepository {
      * 초대 삭제
      */
     deleteById(id: number): Promise<{
+        status: "pending" | "accepted" | "expired" | "cancelled";
         email: string;
-        metadata: Record<string, any> | null;
         id: number;
-        roleId: number;
         createdAt: Date;
         updatedAt: Date;
-        status: "pending" | "accepted" | "expired" | "cancelled";
+        roleId: number;
+        metadata: Record<string, any> | null;
+        expiresAt: Date;
         token: string;
         invitedBy: number;
-        expiresAt: Date;
         acceptedAt: Date | null;
         cancelledAt: Date | null;
     }>;
@@ -4969,17 +4969,17 @@ declare function getOptionalAuth(c: Context | {
 declare function getUser(c: Context | {
     raw: Context;
 }): {
+    username: string | null;
+    status: "active" | "inactive" | "suspended";
     email: string | null;
     phone: string | null;
     id: number;
+    createdAt: Date;
+    updatedAt: Date;
     publicId: string;
-    username: string | null;
     passwordHash: string | null;
     passwordChangeRequired: boolean;
     roleId: number;
-    createdAt: Date;
-    updatedAt: Date;
-    status: "active" | "inactive" | "suspended";
     emailVerifiedAt: Date | null;
     phoneVerifiedAt: Date | null;
     lastLoginAt: Date | null;
@@ -5577,9 +5577,9 @@ declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
     } | undefined;
     email: string;
     roleId: number;
+    expiresAt: string;
     token: string;
     invitedBy: string;
-    expiresAt: string;
     invitationId: string;
     isResend: boolean;
 }>;

package/dist/server.js CHANGED Viewed

@@ -7086,6 +7086,10 @@ function getKeyExpiryDate() {
 }
 async function registerPublicKeyService(params) {
   const { userId, keyId, publicKey, fingerprint, algorithm = "ES256" } = params;
+  const existing = await keysRepository.findActiveByKeyId(keyId);
+  if (existing) {
+    return;
+  }
   const isValidFingerprint = verifyKeyFingerprint(publicKey, fingerprint);
   if (!isValidFingerprint) {
     throw new InvalidKeyFingerprintError();
@@ -7402,12 +7406,14 @@ async function changePasswordService(params) {
     }
     passwordHash = user.passwordHash;
   }
-  if (!passwordHash) {
-    throw new ValidationError2({ message: "No password set for this account" });
-  }
-  const isValid = await verifyPassword(currentPassword, passwordHash);
-  if (!isValid) {
-    throw new InvalidCredentialsError({ message: "Current password is incorrect" });
+  if (passwordHash) {
+    if (!currentPassword) {
+      throw new ValidationError2({ message: "Current password is required" });
+    }
+    const isValid = await verifyPassword(currentPassword, passwordHash);
+    if (!isValid) {
+      throw new InvalidCredentialsError({ message: "Current password is incorrect" });
+    }
   }
   const newPasswordHash = await hashPassword(newPassword);
   await usersRepository.updatePassword(userId, newPasswordHash, true);
@@ -8479,10 +8485,10 @@ var rotateKey = route.post("/_auth/keys/rotate").interceptor({
 });
 var changePassword = route.put("/_auth/password").input({
   body: Type.Object({
-    currentPassword: Type.String({
+    currentPassword: Type.Optional(Type.String({
       minLength: 1,
-      description: "Current password for verification"
-    }),
+      description: "Current password for verification (required when changing existing password)"
+    })),
     newPassword: PasswordSchema
   })
 }).handler(async (c) => {