@spfn/auth 0.2.0-beta.6 → 0.2.0-beta.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/README.md +831 -198
  2. package/dist/{dto-Bb2qFUO6.d.ts → authenticate-B_HkYBzq.d.ts} +449 -199
  3. package/dist/config.d.ts +176 -44
  4. package/dist/config.js +99 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/errors.d.ts +30 -2
  7. package/dist/errors.js +24 -0
  8. package/dist/errors.js.map +1 -1
  9. package/dist/index.d.ts +289 -113
  10. package/dist/index.js +59 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/nextjs/api.js +547 -47
  13. package/dist/nextjs/api.js.map +1 -1
  14. package/dist/nextjs/client.d.ts +28 -0
  15. package/dist/nextjs/client.js +80 -0
  16. package/dist/nextjs/client.js.map +1 -0
  17. package/dist/nextjs/server.d.ts +92 -3
  18. package/dist/nextjs/server.js +282 -22
  19. package/dist/nextjs/server.js.map +1 -1
  20. package/dist/server.d.ts +860 -468
  21. package/dist/server.js +1454 -607
  22. package/dist/server.js.map +1 -1
  23. package/dist/session-Dbvz9Sdp.d.ts +53 -0
  24. package/dist/types-B1CzVZkU.d.ts +45 -0
  25. package/migrations/0001_smooth_the_fury.sql +3 -0
  26. package/migrations/0002_deep_iceman.sql +11 -0
  27. package/migrations/0003_perfect_deathbird.sql +3 -0
  28. package/migrations/0004_concerned_rawhide_kid.sql +5 -0
  29. package/migrations/meta/0001_snapshot.json +1660 -0
  30. package/migrations/meta/0002_snapshot.json +1660 -0
  31. package/migrations/meta/0003_snapshot.json +1689 -0
  32. package/migrations/meta/0004_snapshot.json +1721 -0
  33. package/migrations/meta/_journal.json +28 -0
  34. package/package.json +15 -11
package/dist/index.d.ts CHANGED
@@ -1,10 +1,39 @@
1
1
  import * as _spfn_core_nextjs from '@spfn/core/nextjs';
2
- import { R as RoleConfig, P as PermissionConfig, U as UserProfile, a as ProfileInfo, C as CheckAccountExistsResult, S as SendVerificationCodeResult, b as RegisterResult, L as LoginResult, c as RotateKeyResult, m as mainAuthRouter } from './dto-Bb2qFUO6.js';
3
- export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './dto-Bb2qFUO6.js';
2
+ import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, I as IssueOneTimeTokenResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-B_HkYBzq.js';
3
+ export { i as AuthInitOptions, A as AuthSession, g as PERMISSION_CATEGORIES, h as PermissionCategory, f as VERIFICATION_PURPOSES, e as VERIFICATION_TARGET_TYPES, d as VerificationPurpose, V as VerificationTargetType } from './authenticate-B_HkYBzq.js';
4
4
  import * as _spfn_core_route from '@spfn/core/route';
5
+ import { HttpMethod } from '@spfn/core/route';
6
+ export { I as INVITATION_STATUSES, b as InvitationStatus, a as KEY_ALGORITHM, K as KeyAlgorithmType, S as SOCIAL_PROVIDERS, d as SocialProvider, U as USER_STATUSES, c as UserStatus } from './types-B1CzVZkU.js';
5
7
  import * as _sinclair_typebox from '@sinclair/typebox';
6
8
  import '@spfn/auth/server';
7
9
 
10
+ /**
11
+ * Email regex pattern (RFC 5322 compliant)
12
+ * Validates: local-part@domain.tld
13
+ * - Local part: alphanumeric, dots, hyphens, underscores
14
+ * - Domain: alphanumeric, hyphens, dots
15
+ * - TLD: minimum 2 characters
16
+ */
17
+ declare const EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
18
+ /**
19
+ * Phone regex pattern (E.164 format)
20
+ * Format: +[country code][number] (1-15 digits total)
21
+ */
22
+ declare const PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
23
+ /**
24
+ * SHA-256 fingerprint pattern (64 hex characters)
25
+ */
26
+ declare const FINGERPRINT_PATTERN = "^[a-f0-9]{64}$";
27
+ /**
28
+ * UUID v4 pattern (8-4-4-4-12 format)
29
+ */
30
+ declare const UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
31
+ /**
32
+ * Base64 pattern (DER encoded keys)
33
+ * Matches standard Base64 with padding
34
+ */
35
+ declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
36
+
8
37
  /**
9
38
  * @spfn/auth - Built-in Roles and Permissions
10
39
  *
@@ -31,31 +60,16 @@ type BuiltinRoleName = keyof typeof BUILTIN_ROLE_PERMISSIONS;
31
60
  type BuiltinPermissionName = typeof BUILTIN_PERMISSIONS[keyof typeof BUILTIN_PERMISSIONS]['name'];
32
61
 
33
62
  /**
34
- * Email regex pattern (RFC 5322 compliant)
35
- * Validates: local-part@domain.tld
36
- * - Local part: alphanumeric, dots, hyphens, underscores
37
- * - Domain: alphanumeric, hyphens, dots
38
- * - TLD: minimum 2 characters
39
- */
40
- declare const EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
41
- /**
42
- * Phone regex pattern (E.164 format)
43
- * Format: +[country code][number] (1-15 digits total)
44
- */
45
- declare const PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
46
- /**
47
- * SHA-256 fingerprint pattern (64 hex characters)
48
- */
49
- declare const FINGERPRINT_PATTERN = "^[a-f0-9]{64}$";
50
- /**
51
- * UUID v4 pattern (8-4-4-4-12 format)
52
- */
53
- declare const UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
54
- /**
55
- * Base64 pattern (DER encoded keys)
56
- * Matches standard Base64 with padding
63
+ * Route Map (Auto-generated)
64
+ *
65
+ * DO NOT EDIT - This file is generated by @spfn/core:route-map generator
57
66
  */
58
- declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
67
+
68
+ interface RouteInfo {
69
+ method: HttpMethod;
70
+ path: string;
71
+ }
72
+ declare const routeMap: Record<string, RouteInfo>;
59
73
 
60
74
  /**
61
75
  * Type-safe API client for auth routes
@@ -74,25 +88,145 @@ declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
74
88
  * ```
75
89
  */
76
90
  declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
77
- getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
78
- updateUserProfile: _spfn_core_route.RouteDef<{
91
+ checkAccountExists: _spfn_core_route.RouteDef<{
92
+ body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
93
+ email: _sinclair_typebox.TString;
94
+ }>, _sinclair_typebox.TObject<{
95
+ phone: _sinclair_typebox.TString;
96
+ }>]>;
97
+ }, {}, CheckAccountExistsResult>;
98
+ sendVerificationCode: _spfn_core_route.RouteDef<{
79
99
  body: _sinclair_typebox.TObject<{
80
- displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
81
- firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
82
- lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
83
- avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
84
- bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
85
- locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
86
- timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
87
- dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
88
- gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
89
- website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
90
- location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
91
- company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
92
- jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
93
- metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
100
+ target: _sinclair_typebox.TString;
101
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
102
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
94
103
  }>;
95
- }, {}, ProfileInfo>;
104
+ }, {}, SendVerificationCodeResult>;
105
+ verifyCode: _spfn_core_route.RouteDef<{
106
+ body: _sinclair_typebox.TObject<{
107
+ target: _sinclair_typebox.TString;
108
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
109
+ code: _sinclair_typebox.TString;
110
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
111
+ }>;
112
+ }, {}, {
113
+ valid: boolean;
114
+ verificationToken: string;
115
+ }>;
116
+ register: _spfn_core_route.RouteDef<{
117
+ body: _sinclair_typebox.TObject<{
118
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
119
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
120
+ verificationToken: _sinclair_typebox.TString;
121
+ password: _sinclair_typebox.TString;
122
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
123
+ }>;
124
+ }, {
125
+ body: _sinclair_typebox.TObject<{
126
+ publicKey: _sinclair_typebox.TString;
127
+ keyId: _sinclair_typebox.TString;
128
+ fingerprint: _sinclair_typebox.TString;
129
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
130
+ }>;
131
+ }, RegisterResult>;
132
+ login: _spfn_core_route.RouteDef<{
133
+ body: _sinclair_typebox.TObject<{
134
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
135
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
136
+ password: _sinclair_typebox.TString;
137
+ }>;
138
+ }, {
139
+ body: _sinclair_typebox.TObject<{
140
+ publicKey: _sinclair_typebox.TString;
141
+ keyId: _sinclair_typebox.TString;
142
+ fingerprint: _sinclair_typebox.TString;
143
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
144
+ oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
145
+ }>;
146
+ }, LoginResult>;
147
+ logout: _spfn_core_route.RouteDef<{}, {}, void>;
148
+ rotateKey: _spfn_core_route.RouteDef<{}, {
149
+ body: _sinclair_typebox.TObject<{
150
+ publicKey: _sinclair_typebox.TString;
151
+ keyId: _sinclair_typebox.TString;
152
+ fingerprint: _sinclair_typebox.TString;
153
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
154
+ }>;
155
+ }, RotateKeyResult>;
156
+ changePassword: _spfn_core_route.RouteDef<{
157
+ body: _sinclair_typebox.TObject<{
158
+ currentPassword: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
159
+ newPassword: _sinclair_typebox.TString;
160
+ }>;
161
+ }, {}, void>;
162
+ getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
163
+ role: {
164
+ id: number;
165
+ name: string;
166
+ displayName: string;
167
+ priority: number;
168
+ };
169
+ permissions: {
170
+ id: number;
171
+ name: string;
172
+ displayName: string;
173
+ category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
174
+ }[];
175
+ userId: number;
176
+ publicId: string;
177
+ email: string | null;
178
+ emailVerified: boolean;
179
+ phoneVerified: boolean;
180
+ hasPassword: boolean;
181
+ }>;
182
+ issueOneTimeToken: _spfn_core_route.RouteDef<{}, {}, IssueOneTimeTokenResult>;
183
+ oauthGoogleStart: _spfn_core_route.RouteDef<{
184
+ query: _sinclair_typebox.TObject<{
185
+ state: _sinclair_typebox.TString;
186
+ }>;
187
+ }, {}, Response>;
188
+ oauthGoogleCallback: _spfn_core_route.RouteDef<{
189
+ query: _sinclair_typebox.TObject<{
190
+ code: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
191
+ state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
192
+ error: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
193
+ error_description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
194
+ }>;
195
+ }, {}, Response>;
196
+ oauthStart: _spfn_core_route.RouteDef<{
197
+ body: _sinclair_typebox.TObject<{
198
+ provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver">[]>;
199
+ returnUrl: _sinclair_typebox.TString;
200
+ publicKey: _sinclair_typebox.TString;
201
+ keyId: _sinclair_typebox.TString;
202
+ fingerprint: _sinclair_typebox.TString;
203
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
204
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
205
+ }>;
206
+ }, {}, OAuthStartResult>;
207
+ oauthProviders: _spfn_core_route.RouteDef<{}, {}, {
208
+ providers: ("google" | "github" | "kakao" | "naver")[];
209
+ }>;
210
+ getGoogleOAuthUrl: _spfn_core_route.RouteDef<{
211
+ body: _sinclair_typebox.TObject<{
212
+ returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
213
+ state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
214
+ }>;
215
+ }, {}, {
216
+ authUrl: string;
217
+ }>;
218
+ oauthFinalize: _spfn_core_route.RouteDef<{
219
+ body: _sinclair_typebox.TObject<{
220
+ userId: _sinclair_typebox.TString;
221
+ keyId: _sinclair_typebox.TString;
222
+ returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
223
+ }>;
224
+ }, {}, {
225
+ success: boolean;
226
+ userId: string;
227
+ keyId: string;
228
+ returnUrl: string;
229
+ }>;
96
230
  getInvitation: _spfn_core_route.RouteDef<{
97
231
  params: _sinclair_typebox.TObject<{
98
232
  token: _sinclair_typebox.TString;
@@ -127,6 +261,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
127
261
  email: _sinclair_typebox.TString;
128
262
  roleId: _sinclair_typebox.TNumber;
129
263
  expiresInDays: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
264
+ expiresAt: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
130
265
  metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
131
266
  }>;
132
267
  }, {}, {
@@ -193,99 +328,140 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
193
328
  id: _sinclair_typebox.TNumber;
194
329
  }>;
195
330
  }, {}, void>;
196
- checkAccountExists: _spfn_core_route.RouteDef<{
197
- body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
198
- email: _sinclair_typebox.TString;
199
- }>, _sinclair_typebox.TObject<{
200
- phone: _sinclair_typebox.TString;
201
- }>]>;
202
- }, {}, CheckAccountExistsResult>;
203
- sendVerificationCode: _spfn_core_route.RouteDef<{
331
+ getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
332
+ updateUserProfile: _spfn_core_route.RouteDef<{
204
333
  body: _sinclair_typebox.TObject<{
205
- target: _sinclair_typebox.TString;
206
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
207
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
334
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
335
+ firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
336
+ lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
337
+ avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
338
+ bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
339
+ locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
340
+ timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
341
+ dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
342
+ gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
343
+ website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
344
+ location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
345
+ company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
346
+ jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
347
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
208
348
  }>;
209
- }, {}, SendVerificationCodeResult>;
210
- verifyCode: _spfn_core_route.RouteDef<{
211
- body: _sinclair_typebox.TObject<{
212
- target: _sinclair_typebox.TString;
213
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
214
- code: _sinclair_typebox.TString;
215
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
349
+ }, {}, ProfileInfo>;
350
+ checkUsername: _spfn_core_route.RouteDef<{
351
+ query: _sinclair_typebox.TObject<{
352
+ username: _sinclair_typebox.TString;
216
353
  }>;
217
354
  }, {}, {
218
- valid: boolean;
219
- verificationToken: string;
355
+ available: boolean;
220
356
  }>;
221
- register: _spfn_core_route.RouteDef<{
222
- body: _sinclair_typebox.TObject<{
223
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
224
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
225
- verificationToken: _sinclair_typebox.TString;
226
- password: _sinclair_typebox.TString;
227
- }>;
228
- }, {
229
- body: _sinclair_typebox.TObject<{
230
- publicKey: _sinclair_typebox.TString;
231
- keyId: _sinclair_typebox.TString;
232
- fingerprint: _sinclair_typebox.TString;
233
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
234
- }>;
235
- }, RegisterResult>;
236
- login: _spfn_core_route.RouteDef<{
357
+ updateUsername: _spfn_core_route.RouteDef<{
237
358
  body: _sinclair_typebox.TObject<{
238
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
239
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
240
- password: _sinclair_typebox.TString;
359
+ username: _sinclair_typebox.TUnion<[_sinclair_typebox.TString, _sinclair_typebox.TNull]>;
241
360
  }>;
242
- }, {
361
+ }, {}, {
362
+ createdAt: Date;
363
+ updatedAt: Date;
364
+ id: number;
365
+ publicId: string;
366
+ email: string | null;
367
+ phone: string | null;
368
+ username: string | null;
369
+ passwordHash: string | null;
370
+ passwordChangeRequired: boolean;
371
+ roleId: number;
372
+ status: "active" | "inactive" | "suspended";
373
+ emailVerifiedAt: Date | null;
374
+ phoneVerifiedAt: Date | null;
375
+ lastLoginAt: Date | null;
376
+ }>;
377
+ updateLocale: _spfn_core_route.RouteDef<{
243
378
  body: _sinclair_typebox.TObject<{
244
- publicKey: _sinclair_typebox.TString;
245
- keyId: _sinclair_typebox.TString;
246
- fingerprint: _sinclair_typebox.TString;
247
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
248
- oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
379
+ locale: _sinclair_typebox.TString;
249
380
  }>;
250
- }, LoginResult>;
251
- logout: _spfn_core_route.RouteDef<{
252
- body: _sinclair_typebox.TObject<{}>;
253
- }, {}, void>;
254
- rotateKey: _spfn_core_route.RouteDef<{
255
- body: _sinclair_typebox.TObject<{}>;
256
- }, {
257
- body: _sinclair_typebox.TObject<{
258
- publicKey: _sinclair_typebox.TString;
259
- keyId: _sinclair_typebox.TString;
260
- fingerprint: _sinclair_typebox.TString;
261
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
381
+ }, {}, {
382
+ locale: string;
383
+ }>;
384
+ listRoles: _spfn_core_route.RouteDef<{
385
+ query: _sinclair_typebox.TObject<{
386
+ includeInactive: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
262
387
  }>;
263
- }, RotateKeyResult>;
264
- changePassword: _spfn_core_route.RouteDef<{
388
+ }, {}, {
389
+ roles: {
390
+ description: string | null;
391
+ id: number;
392
+ name: string;
393
+ displayName: string;
394
+ isBuiltin: boolean;
395
+ isSystem: boolean;
396
+ isActive: boolean;
397
+ priority: number;
398
+ createdAt: Date;
399
+ updatedAt: Date;
400
+ }[];
401
+ }>;
402
+ createAdminRole: _spfn_core_route.RouteDef<{
265
403
  body: _sinclair_typebox.TObject<{
266
- currentPassword: _sinclair_typebox.TString;
267
- newPassword: _sinclair_typebox.TString;
404
+ name: _sinclair_typebox.TString;
405
+ displayName: _sinclair_typebox.TString;
406
+ description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
407
+ priority: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
408
+ permissionIds: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TNumber>>;
268
409
  }>;
269
- }, {}, void>;
270
- getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
410
+ }, {}, {
271
411
  role: {
412
+ description: string | null;
272
413
  id: number;
273
414
  name: string;
274
415
  displayName: string;
416
+ isBuiltin: boolean;
417
+ isSystem: boolean;
418
+ isActive: boolean;
275
419
  priority: number;
420
+ createdAt: Date;
421
+ updatedAt: Date;
276
422
  };
277
- permissions: {
423
+ }>;
424
+ updateAdminRole: _spfn_core_route.RouteDef<{
425
+ params: _sinclair_typebox.TObject<{
426
+ id: _sinclair_typebox.TNumber;
427
+ }>;
428
+ body: _sinclair_typebox.TObject<{
429
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
430
+ description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
431
+ priority: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
432
+ isActive: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
433
+ }>;
434
+ }, {}, {
435
+ role: {
436
+ description: string | null;
278
437
  id: number;
279
438
  name: string;
280
439
  displayName: string;
281
- category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
282
- }[];
440
+ isBuiltin: boolean;
441
+ isSystem: boolean;
442
+ isActive: boolean;
443
+ priority: number;
444
+ createdAt: Date;
445
+ updatedAt: Date;
446
+ };
447
+ }>;
448
+ deleteAdminRole: _spfn_core_route.RouteDef<{
449
+ params: _sinclair_typebox.TObject<{
450
+ id: _sinclair_typebox.TNumber;
451
+ }>;
452
+ }, {}, void>;
453
+ updateUserRole: _spfn_core_route.RouteDef<{
454
+ params: _sinclair_typebox.TObject<{
455
+ userId: _sinclair_typebox.TNumber;
456
+ }>;
457
+ body: _sinclair_typebox.TObject<{
458
+ roleId: _sinclair_typebox.TNumber;
459
+ }>;
460
+ }, {}, {
283
461
  userId: number;
284
- email: string | null;
285
- emailVerified: boolean;
286
- phoneVerified: boolean;
462
+ roleId: number;
287
463
  }>;
288
464
  }>>;
289
465
  type AuthRouter = typeof mainAuthRouter;
290
466
 
291
- export { type AuthRouter, BASE64_PATTERN, BUILTIN_PERMISSIONS, BUILTIN_ROLES, BUILTIN_ROLE_PERMISSIONS, type BuiltinPermissionName, type BuiltinRoleName, EMAIL_PATTERN, FINGERPRINT_PATTERN, PHONE_PATTERN, PermissionConfig, ProfileInfo, RoleConfig, UUID_PATTERN, UserProfile, authApi };
467
+ export { type AuthRouter, BASE64_PATTERN, BUILTIN_PERMISSIONS, BUILTIN_ROLES, BUILTIN_ROLE_PERMISSIONS, type BuiltinPermissionName, type BuiltinRoleName, EMAIL_PATTERN, FINGERPRINT_PATTERN, PHONE_PATTERN, PermissionConfig, ProfileInfo, RoleConfig, UUID_PATTERN, UserProfile, authApi, routeMap as authRouteMap };
package/dist/index.js CHANGED
@@ -102,6 +102,24 @@ var VerificationTokenTargetMismatchError = class extends ValidationError {
102
102
  this.name = "VerificationTokenTargetMismatchError";
103
103
  }
104
104
  };
105
+ var ReservedUsernameError = class extends ValidationError {
106
+ constructor(data = {}) {
107
+ super({
108
+ message: data.message || "This username is reserved",
109
+ details: { username: data.username, ...data.details }
110
+ });
111
+ this.name = "ReservedUsernameError";
112
+ }
113
+ };
114
+ var UsernameAlreadyTakenError = class extends ConflictError {
115
+ constructor(data = {}) {
116
+ super({
117
+ message: data.message || "Username is already taken",
118
+ details: { username: data.username, ...data.details }
119
+ });
120
+ this.name = "UsernameAlreadyTakenError";
121
+ }
122
+ };
105
123
  var InsufficientPermissionsError = class extends ForbiddenError {
106
124
  constructor(data = {}) {
107
125
  const requiredPermissions = data.requiredPermissions || [];
@@ -132,6 +150,8 @@ authErrorRegistry.append([
132
150
  KeyExpiredError,
133
151
  AccountDisabledError,
134
152
  AccountAlreadyExistsError,
153
+ ReservedUsernameError,
154
+ UsernameAlreadyTakenError,
135
155
  InvalidVerificationCodeError,
136
156
  InvalidVerificationTokenError,
137
157
  InvalidKeyFingerprintError,
@@ -141,6 +161,43 @@ authErrorRegistry.append([
141
161
  InsufficientRoleError
142
162
  ]);
143
163
 
164
+ // src/generated/route-map.ts
165
+ var routeMap = {
166
+ checkAccountExists: { method: "POST", path: "/_auth/exists" },
167
+ sendVerificationCode: { method: "POST", path: "/_auth/codes" },
168
+ verifyCode: { method: "POST", path: "/_auth/codes/verify" },
169
+ register: { method: "POST", path: "/_auth/register" },
170
+ login: { method: "POST", path: "/_auth/login" },
171
+ logout: { method: "POST", path: "/_auth/logout" },
172
+ rotateKey: { method: "POST", path: "/_auth/keys/rotate" },
173
+ changePassword: { method: "PUT", path: "/_auth/password" },
174
+ getAuthSession: { method: "GET", path: "/_auth/session" },
175
+ issueOneTimeToken: { method: "POST", path: "/_auth/tokens" },
176
+ getInvitation: { method: "GET", path: "/_auth/invitations/:token" },
177
+ acceptInvitation: { method: "POST", path: "/_auth/invitations/accept" },
178
+ createInvitation: { method: "POST", path: "/_auth/invitations" },
179
+ listInvitations: { method: "GET", path: "/_auth/invitations" },
180
+ cancelInvitation: { method: "POST", path: "/_auth/invitations/cancel" },
181
+ resendInvitation: { method: "POST", path: "/_auth/invitations/resend" },
182
+ deleteInvitation: { method: "POST", path: "/_auth/invitations/delete" },
183
+ getUserProfile: { method: "GET", path: "/_auth/users/profile" },
184
+ updateUserProfile: { method: "PATCH", path: "/_auth/users/profile" },
185
+ checkUsername: { method: "GET", path: "/_auth/users/username/check" },
186
+ updateUsername: { method: "PATCH", path: "/_auth/users/username" },
187
+ updateLocale: { method: "PATCH", path: "/_auth/users/locale" },
188
+ oauthGoogleStart: { method: "GET", path: "/_auth/oauth/google" },
189
+ oauthGoogleCallback: { method: "GET", path: "/_auth/oauth/google/callback" },
190
+ oauthStart: { method: "POST", path: "/_auth/oauth/start" },
191
+ oauthProviders: { method: "GET", path: "/_auth/oauth/providers" },
192
+ getGoogleOAuthUrl: { method: "POST", path: "/_auth/oauth/google/url" },
193
+ oauthFinalize: { method: "POST", path: "/_auth/oauth/finalize" },
194
+ listRoles: { method: "GET", path: "/_auth/admin/roles" },
195
+ createAdminRole: { method: "POST", path: "/_auth/admin/roles" },
196
+ updateAdminRole: { method: "PATCH", path: "/_auth/admin/roles/:id" },
197
+ deleteAdminRole: { method: "DELETE", path: "/_auth/admin/roles/:id" },
198
+ updateUserRole: { method: "PATCH", path: "/_auth/admin/users/:userId/role" }
199
+ };
200
+
144
201
  // src/lib/types.ts
145
202
  var EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
146
203
  var PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
@@ -2941,6 +2998,7 @@ export {
2941
2998
  UUID_PATTERN,
2942
2999
  VERIFICATION_PURPOSES,
2943
3000
  VERIFICATION_TARGET_TYPES,
2944
- authApi
3001
+ authApi,
3002
+ routeMap as authRouteMap
2945
3003
  };
2946
3004
  //# sourceMappingURL=index.js.map