@spfn/auth 0.2.0-beta.70 → 0.2.0-beta.72
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{authenticate-tmmbh1ux.d.ts → authenticate-DXVtYh8X.d.ts} +10 -1
- package/dist/index.d.ts +3 -3
- package/dist/nextjs/api.js +25 -2
- package/dist/nextjs/api.js.map +1 -1
- package/dist/nextjs/server.js +5 -1
- package/dist/nextjs/server.js.map +1 -1
- package/dist/server.d.ts +89 -55
- package/dist/server.js +259 -13
- package/dist/server.js.map +1 -1
- package/package.json +4 -4
package/dist/server.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { j as AuthInitOptions, k as OAuthProvider, e as VerificationPurpose, i as PermissionCategory, l as AuthContext } from './authenticate-
|
|
2
|
-
export { C as ChangePasswordParams, a3 as EmailSchema, I as IssueOneTimeTokenResult, s as LoginParams, L as LoginResult, t as LogoutParams, aa as NativeVerifyOptions, a8 as NormalizedIdentity, Z as OAuthCallbackParams, _ as OAuthCallbackResult, a0 as OAuthNativeParams, c as OAuthNativeResult, Y as OAuthStartParams, O as OAuthStartResult, a9 as OAuthTokens, a5 as PasswordSchema, a4 as PhoneSchema, q as RegisterParams, E as RegisterPublicKeyParams, a as RegisterResult, G as RevokeKeyParams, F as RotateKeyParams, b as RotateKeyResult, w as SendVerificationCodeParams, S as SendVerificationCodeResult, a6 as TargetTypeSchema, g as VERIFICATION_PURPOSES, f as VERIFICATION_TARGET_TYPES, a7 as VerificationPurposeSchema, V as VerificationTargetType, x as VerifyCodeParams, y as VerifyCodeResult, m as authRouter, a1 as authenticate, N as buildOAuthErrorUrl, p as changePasswordService, W as getEnabledOAuthProviders, X as getGoogleAccessToken, ac as getOAuthProvider, ad as getRegisteredProviders, Q as isOAuthProviderEnabled, H as issueOneTimeTokenService, n as loginService, o as logoutService, M as oauthCallbackService, $ as oauthNativeService, K as oauthStartService, a2 as optionalAuth, ab as registerOAuthProvider, z as registerPublicKeyService, r as registerService, T as requireEnabledProvider, D as revokeKeyService, B as rotateKeyService, u as sendVerificationCodeService, v as verifyCodeService, J as verifyOneTimeTokenService } from './authenticate-
|
|
1
|
+
import { j as AuthInitOptions, k as OAuthProvider, e as VerificationPurpose, i as PermissionCategory, l as AuthContext } from './authenticate-DXVtYh8X.js';
|
|
2
|
+
export { C as ChangePasswordParams, a3 as EmailSchema, I as IssueOneTimeTokenResult, s as LoginParams, L as LoginResult, t as LogoutParams, aa as NativeVerifyOptions, a8 as NormalizedIdentity, Z as OAuthCallbackParams, _ as OAuthCallbackResult, a0 as OAuthNativeParams, c as OAuthNativeResult, Y as OAuthStartParams, O as OAuthStartResult, a9 as OAuthTokens, a5 as PasswordSchema, a4 as PhoneSchema, q as RegisterParams, E as RegisterPublicKeyParams, a as RegisterResult, G as RevokeKeyParams, F as RotateKeyParams, b as RotateKeyResult, w as SendVerificationCodeParams, S as SendVerificationCodeResult, a6 as TargetTypeSchema, g as VERIFICATION_PURPOSES, f as VERIFICATION_TARGET_TYPES, a7 as VerificationPurposeSchema, V as VerificationTargetType, x as VerifyCodeParams, y as VerifyCodeResult, m as authRouter, a1 as authenticate, N as buildOAuthErrorUrl, p as changePasswordService, W as getEnabledOAuthProviders, X as getGoogleAccessToken, ac as getOAuthProvider, ad as getRegisteredProviders, Q as isOAuthProviderEnabled, H as issueOneTimeTokenService, n as loginService, o as logoutService, M as oauthCallbackService, $ as oauthNativeService, K as oauthStartService, a2 as optionalAuth, ab as registerOAuthProvider, z as registerPublicKeyService, r as registerService, T as requireEnabledProvider, D as revokeKeyService, B as rotateKeyService, u as sendVerificationCodeService, v as verifyCodeService, J as verifyOneTimeTokenService } from './authenticate-DXVtYh8X.js';
|
|
3
3
|
import * as drizzle_orm_pg_core from 'drizzle-orm/pg-core';
|
|
4
4
|
import { K as KeyAlgorithmType, b as InvitationStatus, d as SocialProvider } from './types-BtksCI9X.js';
|
|
5
5
|
export { I as INVITATION_STATUSES, a as KEY_ALGORITHM, S as SOCIAL_PROVIDERS, U as USER_STATUSES, c as UserStatus } from './types-BtksCI9X.js';
|
|
@@ -1352,7 +1352,7 @@ declare function getAuthSessionService(userId: string | number | bigint): Promis
|
|
|
1352
1352
|
id: number;
|
|
1353
1353
|
name: string;
|
|
1354
1354
|
displayName: string;
|
|
1355
|
-
category: "
|
|
1355
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
|
|
1356
1356
|
}[];
|
|
1357
1357
|
userId: number;
|
|
1358
1358
|
publicId: string;
|
|
@@ -1520,6 +1520,12 @@ interface OAuthState {
|
|
|
1520
1520
|
algorithm: KeyAlgorithmType;
|
|
1521
1521
|
metadata?: Record<string, unknown>;
|
|
1522
1522
|
}
|
|
1523
|
+
/**
|
|
1524
|
+
* Generate a CSRF nonce for the OAuth flow. The caller passes it to
|
|
1525
|
+
* createOAuthState AND sets it as the oauth_csrf cookie, so the callback can
|
|
1526
|
+
* double-submit-verify the flow was initiated by this same browser.
|
|
1527
|
+
*/
|
|
1528
|
+
declare function generateOAuthNonce(): string;
|
|
1523
1529
|
interface CreateOAuthStateParams {
|
|
1524
1530
|
provider: string;
|
|
1525
1531
|
returnUrl: string;
|
|
@@ -1528,6 +1534,11 @@ interface CreateOAuthStateParams {
|
|
|
1528
1534
|
fingerprint: string;
|
|
1529
1535
|
algorithm: KeyAlgorithmType;
|
|
1530
1536
|
metadata?: Record<string, unknown>;
|
|
1537
|
+
/**
|
|
1538
|
+
* CSRF nonce bound into the state. Pass the same value as the oauth_csrf
|
|
1539
|
+
* cookie. Defaults to a fresh nonce (unbound — legacy/no-CSRF callers).
|
|
1540
|
+
*/
|
|
1541
|
+
nonce?: string;
|
|
1531
1542
|
}
|
|
1532
1543
|
/**
|
|
1533
1544
|
* OAuth state 생성 및 암호화
|
|
@@ -2653,7 +2664,7 @@ declare const permissions: drizzle_orm_pg_core.PgTableWithColumns<{
|
|
|
2653
2664
|
tableName: "permissions";
|
|
2654
2665
|
dataType: "string";
|
|
2655
2666
|
columnType: "PgText";
|
|
2656
|
-
data: "
|
|
2667
|
+
data: "auth" | "custom" | "user" | "rbac" | "system";
|
|
2657
2668
|
driverParam: string;
|
|
2658
2669
|
notNull: false;
|
|
2659
2670
|
hasDefault: false;
|
|
@@ -3246,15 +3257,15 @@ declare class UsersRepository extends BaseRepository {
|
|
|
3246
3257
|
create(data: NewUser): Promise<{
|
|
3247
3258
|
email: string | null;
|
|
3248
3259
|
phone: string | null;
|
|
3249
|
-
status: "active" | "inactive" | "suspended";
|
|
3250
|
-
username: string | null;
|
|
3251
3260
|
id: number;
|
|
3252
|
-
createdAt: Date;
|
|
3253
|
-
updatedAt: Date;
|
|
3254
3261
|
publicId: string;
|
|
3262
|
+
username: string | null;
|
|
3255
3263
|
passwordHash: string | null;
|
|
3256
3264
|
passwordChangeRequired: boolean;
|
|
3257
3265
|
roleId: number;
|
|
3266
|
+
createdAt: Date;
|
|
3267
|
+
updatedAt: Date;
|
|
3268
|
+
status: "active" | "inactive" | "suspended";
|
|
3258
3269
|
emailVerifiedAt: Date | null;
|
|
3259
3270
|
phoneVerifiedAt: Date | null;
|
|
3260
3271
|
lastLoginAt: Date | null;
|
|
@@ -3326,15 +3337,15 @@ declare class UsersRepository extends BaseRepository {
|
|
|
3326
3337
|
deleteById(id: number): Promise<{
|
|
3327
3338
|
email: string | null;
|
|
3328
3339
|
phone: string | null;
|
|
3329
|
-
status: "active" | "inactive" | "suspended";
|
|
3330
|
-
username: string | null;
|
|
3331
3340
|
id: number;
|
|
3332
|
-
createdAt: Date;
|
|
3333
|
-
updatedAt: Date;
|
|
3334
3341
|
publicId: string;
|
|
3342
|
+
username: string | null;
|
|
3335
3343
|
passwordHash: string | null;
|
|
3336
3344
|
passwordChangeRequired: boolean;
|
|
3337
3345
|
roleId: number;
|
|
3346
|
+
createdAt: Date;
|
|
3347
|
+
updatedAt: Date;
|
|
3348
|
+
status: "active" | "inactive" | "suspended";
|
|
3338
3349
|
emailVerifiedAt: Date | null;
|
|
3339
3350
|
phoneVerifiedAt: Date | null;
|
|
3340
3351
|
lastLoginAt: Date | null;
|
|
@@ -3357,7 +3368,7 @@ declare class UsersRepository extends BaseRepository {
|
|
|
3357
3368
|
id: number;
|
|
3358
3369
|
name: string;
|
|
3359
3370
|
displayName: string;
|
|
3360
|
-
category: "
|
|
3371
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
|
|
3361
3372
|
}[];
|
|
3362
3373
|
}>;
|
|
3363
3374
|
/**
|
|
@@ -3472,24 +3483,45 @@ declare class KeysRepository extends BaseRepository {
|
|
|
3472
3483
|
* Write primary 사용
|
|
3473
3484
|
*/
|
|
3474
3485
|
create(data: NewUserPublicKey): Promise<{
|
|
3475
|
-
|
|
3486
|
+
publicKey: string;
|
|
3476
3487
|
keyId: string;
|
|
3488
|
+
fingerprint: string;
|
|
3489
|
+
algorithm: "ES256" | "RS256";
|
|
3490
|
+
userId: number;
|
|
3477
3491
|
id: number;
|
|
3478
3492
|
isActive: boolean;
|
|
3479
3493
|
createdAt: Date;
|
|
3494
|
+
expiresAt: Date | null;
|
|
3495
|
+
lastUsedAt: Date | null;
|
|
3496
|
+
revokedAt: Date | null;
|
|
3497
|
+
revokedReason: string | null;
|
|
3498
|
+
}>;
|
|
3499
|
+
/**
|
|
3500
|
+
* 공개키 revoke (비활성화)
|
|
3501
|
+
* Write primary 사용
|
|
3502
|
+
*/
|
|
3503
|
+
revokeByKeyIdAndUserId(keyId: string, userId: number, reason: string): Promise<{
|
|
3504
|
+
id: number;
|
|
3505
|
+
userId: number;
|
|
3506
|
+
keyId: string;
|
|
3480
3507
|
publicKey: string;
|
|
3481
3508
|
algorithm: "ES256" | "RS256";
|
|
3482
3509
|
fingerprint: string;
|
|
3510
|
+
isActive: boolean;
|
|
3511
|
+
createdAt: Date;
|
|
3483
3512
|
lastUsedAt: Date | null;
|
|
3484
3513
|
expiresAt: Date | null;
|
|
3485
3514
|
revokedAt: Date | null;
|
|
3486
3515
|
revokedReason: string | null;
|
|
3487
3516
|
}>;
|
|
3488
3517
|
/**
|
|
3489
|
-
* 공개키 revoke (비활성화)
|
|
3518
|
+
* 사용자의 모든 활성 공개키 revoke (비활성화)
|
|
3519
|
+
*
|
|
3520
|
+
* 비번 변경 시 전체 세션 로그아웃에 사용. authenticate는 활성 키만 검증하므로,
|
|
3521
|
+
* revoke된 키로 서명한 기존 세션의 요청은 즉시 401이 된다.
|
|
3490
3522
|
* Write primary 사용
|
|
3491
3523
|
*/
|
|
3492
|
-
|
|
3524
|
+
revokeAllActiveByUserId(userId: number, reason: string): Promise<{
|
|
3493
3525
|
id: number;
|
|
3494
3526
|
userId: number;
|
|
3495
3527
|
keyId: string;
|
|
@@ -3502,22 +3534,22 @@ declare class KeysRepository extends BaseRepository {
|
|
|
3502
3534
|
expiresAt: Date | null;
|
|
3503
3535
|
revokedAt: Date | null;
|
|
3504
3536
|
revokedReason: string | null;
|
|
3505
|
-
}>;
|
|
3537
|
+
}[]>;
|
|
3506
3538
|
/**
|
|
3507
3539
|
* 공개키 삭제
|
|
3508
3540
|
* Write primary 사용
|
|
3509
3541
|
*/
|
|
3510
3542
|
deleteByKeyIdAndUserId(keyId: string, userId: number): Promise<{
|
|
3511
|
-
|
|
3543
|
+
publicKey: string;
|
|
3512
3544
|
keyId: string;
|
|
3545
|
+
fingerprint: string;
|
|
3546
|
+
algorithm: "ES256" | "RS256";
|
|
3547
|
+
userId: number;
|
|
3513
3548
|
id: number;
|
|
3514
3549
|
isActive: boolean;
|
|
3515
3550
|
createdAt: Date;
|
|
3516
|
-
publicKey: string;
|
|
3517
|
-
algorithm: "ES256" | "RS256";
|
|
3518
|
-
fingerprint: string;
|
|
3519
|
-
lastUsedAt: Date | null;
|
|
3520
3551
|
expiresAt: Date | null;
|
|
3552
|
+
lastUsedAt: Date | null;
|
|
3521
3553
|
revokedAt: Date | null;
|
|
3522
3554
|
revokedReason: string | null;
|
|
3523
3555
|
}>;
|
|
@@ -3624,14 +3656,14 @@ declare class VerificationCodesRepository extends BaseRepository {
|
|
|
3624
3656
|
* Write primary 사용
|
|
3625
3657
|
*/
|
|
3626
3658
|
create(data: NewVerificationCode): Promise<{
|
|
3659
|
+
target: string;
|
|
3660
|
+
targetType: "email" | "phone";
|
|
3661
|
+
purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
|
|
3662
|
+
code: string;
|
|
3627
3663
|
id: number;
|
|
3628
3664
|
createdAt: Date;
|
|
3629
3665
|
updatedAt: Date;
|
|
3630
3666
|
expiresAt: Date;
|
|
3631
|
-
target: string;
|
|
3632
|
-
targetType: "email" | "phone";
|
|
3633
|
-
code: string;
|
|
3634
|
-
purpose: "registration" | "login" | "password_reset" | "email_change" | "phone_change";
|
|
3635
3667
|
usedAt: Date | null;
|
|
3636
3668
|
attempts: number;
|
|
3637
3669
|
}>;
|
|
@@ -3820,7 +3852,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3820
3852
|
name: string;
|
|
3821
3853
|
displayName: string;
|
|
3822
3854
|
description: string | null;
|
|
3823
|
-
category: "
|
|
3855
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3824
3856
|
isBuiltin: boolean;
|
|
3825
3857
|
isSystem: boolean;
|
|
3826
3858
|
isActive: boolean;
|
|
@@ -3836,7 +3868,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3836
3868
|
name: string;
|
|
3837
3869
|
displayName: string;
|
|
3838
3870
|
description: string | null;
|
|
3839
|
-
category: "
|
|
3871
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3840
3872
|
isBuiltin: boolean;
|
|
3841
3873
|
isSystem: boolean;
|
|
3842
3874
|
isActive: boolean;
|
|
@@ -3876,7 +3908,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3876
3908
|
name: string;
|
|
3877
3909
|
displayName: string;
|
|
3878
3910
|
description: string | null;
|
|
3879
|
-
category: "
|
|
3911
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3880
3912
|
isBuiltin: boolean;
|
|
3881
3913
|
isSystem: boolean;
|
|
3882
3914
|
isActive: boolean;
|
|
@@ -3887,6 +3919,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3887
3919
|
*/
|
|
3888
3920
|
deleteById(id: number): Promise<{
|
|
3889
3921
|
description: string | null;
|
|
3922
|
+
metadata: Record<string, any> | null;
|
|
3890
3923
|
id: number;
|
|
3891
3924
|
name: string;
|
|
3892
3925
|
displayName: string;
|
|
@@ -3895,8 +3928,7 @@ declare class PermissionsRepository extends BaseRepository {
|
|
|
3895
3928
|
isActive: boolean;
|
|
3896
3929
|
createdAt: Date;
|
|
3897
3930
|
updatedAt: Date;
|
|
3898
|
-
|
|
3899
|
-
category: "custom" | "user" | "auth" | "rbac" | "system" | null;
|
|
3931
|
+
category: "auth" | "custom" | "user" | "rbac" | "system" | null;
|
|
3900
3932
|
}>;
|
|
3901
3933
|
}
|
|
3902
3934
|
declare const permissionsRepository: PermissionsRepository;
|
|
@@ -3941,9 +3973,9 @@ declare class RolePermissionsRepository extends BaseRepository {
|
|
|
3941
3973
|
*/
|
|
3942
3974
|
createMany(data: NewRolePermission[]): Promise<{
|
|
3943
3975
|
id: number;
|
|
3976
|
+
roleId: number;
|
|
3944
3977
|
createdAt: Date;
|
|
3945
3978
|
updatedAt: Date;
|
|
3946
|
-
roleId: number;
|
|
3947
3979
|
permissionId: number;
|
|
3948
3980
|
}[]>;
|
|
3949
3981
|
/**
|
|
@@ -3959,9 +3991,9 @@ declare class RolePermissionsRepository extends BaseRepository {
|
|
|
3959
3991
|
*/
|
|
3960
3992
|
setPermissionsForRole(roleId: number, permissionIds: number[]): Promise<{
|
|
3961
3993
|
id: number;
|
|
3994
|
+
roleId: number;
|
|
3962
3995
|
createdAt: Date;
|
|
3963
3996
|
updatedAt: Date;
|
|
3964
|
-
roleId: number;
|
|
3965
3997
|
permissionId: number;
|
|
3966
3998
|
}[]>;
|
|
3967
3999
|
}
|
|
@@ -4026,10 +4058,10 @@ declare class UserPermissionsRepository extends BaseRepository {
|
|
|
4026
4058
|
id: number;
|
|
4027
4059
|
createdAt: Date;
|
|
4028
4060
|
updatedAt: Date;
|
|
4029
|
-
expiresAt: Date | null;
|
|
4030
4061
|
permissionId: number;
|
|
4031
|
-
|
|
4062
|
+
expiresAt: Date | null;
|
|
4032
4063
|
reason: string | null;
|
|
4064
|
+
granted: boolean;
|
|
4033
4065
|
}>;
|
|
4034
4066
|
/**
|
|
4035
4067
|
* 사용자 권한 오버라이드 업데이트
|
|
@@ -4052,10 +4084,10 @@ declare class UserPermissionsRepository extends BaseRepository {
|
|
|
4052
4084
|
id: number;
|
|
4053
4085
|
createdAt: Date;
|
|
4054
4086
|
updatedAt: Date;
|
|
4055
|
-
expiresAt: Date | null;
|
|
4056
4087
|
permissionId: number;
|
|
4057
|
-
|
|
4088
|
+
expiresAt: Date | null;
|
|
4058
4089
|
reason: string | null;
|
|
4090
|
+
granted: boolean;
|
|
4059
4091
|
}>;
|
|
4060
4092
|
/**
|
|
4061
4093
|
* 사용자의 모든 권한 오버라이드 삭제
|
|
@@ -4133,6 +4165,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4133
4165
|
* 프로필 생성
|
|
4134
4166
|
*/
|
|
4135
4167
|
create(data: NewUserProfile): Promise<{
|
|
4168
|
+
metadata: Record<string, any> | null;
|
|
4136
4169
|
userId: number;
|
|
4137
4170
|
id: number;
|
|
4138
4171
|
displayName: string | null;
|
|
@@ -4150,7 +4183,6 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4150
4183
|
location: string | null;
|
|
4151
4184
|
company: string | null;
|
|
4152
4185
|
jobTitle: string | null;
|
|
4153
|
-
metadata: Record<string, any> | null;
|
|
4154
4186
|
}>;
|
|
4155
4187
|
/**
|
|
4156
4188
|
* 프로필 업데이트 (by ID)
|
|
@@ -4202,6 +4234,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4202
4234
|
* 프로필 삭제 (by ID)
|
|
4203
4235
|
*/
|
|
4204
4236
|
deleteById(id: number): Promise<{
|
|
4237
|
+
metadata: Record<string, any> | null;
|
|
4205
4238
|
userId: number;
|
|
4206
4239
|
id: number;
|
|
4207
4240
|
displayName: string | null;
|
|
@@ -4219,12 +4252,12 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4219
4252
|
location: string | null;
|
|
4220
4253
|
company: string | null;
|
|
4221
4254
|
jobTitle: string | null;
|
|
4222
|
-
metadata: Record<string, any> | null;
|
|
4223
4255
|
}>;
|
|
4224
4256
|
/**
|
|
4225
4257
|
* 프로필 삭제 (by User ID)
|
|
4226
4258
|
*/
|
|
4227
4259
|
deleteByUserId(userId: number): Promise<{
|
|
4260
|
+
metadata: Record<string, any> | null;
|
|
4228
4261
|
userId: number;
|
|
4229
4262
|
id: number;
|
|
4230
4263
|
displayName: string | null;
|
|
@@ -4242,7 +4275,6 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4242
4275
|
location: string | null;
|
|
4243
4276
|
company: string | null;
|
|
4244
4277
|
jobTitle: string | null;
|
|
4245
|
-
metadata: Record<string, any> | null;
|
|
4246
4278
|
}>;
|
|
4247
4279
|
/**
|
|
4248
4280
|
* 프로필 Upsert (by User ID)
|
|
@@ -4251,6 +4283,7 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4251
4283
|
* 새로 생성 시 displayName은 필수 (없으면 'User'로 설정)
|
|
4252
4284
|
*/
|
|
4253
4285
|
upsertByUserId(userId: number, data: Partial<Omit<NewUserProfile, 'userId'>>): Promise<{
|
|
4286
|
+
metadata: Record<string, any> | null;
|
|
4254
4287
|
userId: number;
|
|
4255
4288
|
id: number;
|
|
4256
4289
|
displayName: string | null;
|
|
@@ -4268,7 +4301,6 @@ declare class UserProfilesRepository extends BaseRepository {
|
|
|
4268
4301
|
location: string | null;
|
|
4269
4302
|
company: string | null;
|
|
4270
4303
|
jobTitle: string | null;
|
|
4271
|
-
metadata: Record<string, any> | null;
|
|
4272
4304
|
}>;
|
|
4273
4305
|
/**
|
|
4274
4306
|
* User ID로 프로필 데이터 조회 (formatted)
|
|
@@ -4396,15 +4428,15 @@ declare class InvitationsRepository extends BaseRepository {
|
|
|
4396
4428
|
*/
|
|
4397
4429
|
create(data: NewInvitation): Promise<{
|
|
4398
4430
|
email: string;
|
|
4399
|
-
|
|
4431
|
+
metadata: Record<string, any> | null;
|
|
4400
4432
|
id: number;
|
|
4433
|
+
roleId: number;
|
|
4401
4434
|
createdAt: Date;
|
|
4402
4435
|
updatedAt: Date;
|
|
4403
|
-
|
|
4404
|
-
metadata: Record<string, any> | null;
|
|
4405
|
-
expiresAt: Date;
|
|
4436
|
+
status: "pending" | "accepted" | "expired" | "cancelled";
|
|
4406
4437
|
token: string;
|
|
4407
4438
|
invitedBy: number;
|
|
4439
|
+
expiresAt: Date;
|
|
4408
4440
|
acceptedAt: Date | null;
|
|
4409
4441
|
cancelledAt: Date | null;
|
|
4410
4442
|
}>;
|
|
@@ -4430,15 +4462,15 @@ declare class InvitationsRepository extends BaseRepository {
|
|
|
4430
4462
|
*/
|
|
4431
4463
|
deleteById(id: number): Promise<{
|
|
4432
4464
|
email: string;
|
|
4433
|
-
|
|
4465
|
+
metadata: Record<string, any> | null;
|
|
4434
4466
|
id: number;
|
|
4467
|
+
roleId: number;
|
|
4435
4468
|
createdAt: Date;
|
|
4436
4469
|
updatedAt: Date;
|
|
4437
|
-
|
|
4438
|
-
metadata: Record<string, any> | null;
|
|
4439
|
-
expiresAt: Date;
|
|
4470
|
+
status: "pending" | "accepted" | "expired" | "cancelled";
|
|
4440
4471
|
token: string;
|
|
4441
4472
|
invitedBy: number;
|
|
4473
|
+
expiresAt: Date;
|
|
4442
4474
|
acceptedAt: Date | null;
|
|
4443
4475
|
cancelledAt: Date | null;
|
|
4444
4476
|
}>;
|
|
@@ -5162,15 +5194,15 @@ declare function getUser(c: Context | {
|
|
|
5162
5194
|
}): {
|
|
5163
5195
|
email: string | null;
|
|
5164
5196
|
phone: string | null;
|
|
5165
|
-
status: "active" | "inactive" | "suspended";
|
|
5166
|
-
username: string | null;
|
|
5167
5197
|
id: number;
|
|
5168
|
-
createdAt: Date;
|
|
5169
|
-
updatedAt: Date;
|
|
5170
5198
|
publicId: string;
|
|
5199
|
+
username: string | null;
|
|
5171
5200
|
passwordHash: string | null;
|
|
5172
5201
|
passwordChangeRequired: boolean;
|
|
5173
5202
|
roleId: number;
|
|
5203
|
+
createdAt: Date;
|
|
5204
|
+
updatedAt: Date;
|
|
5205
|
+
status: "active" | "inactive" | "suspended";
|
|
5174
5206
|
emailVerifiedAt: Date | null;
|
|
5175
5207
|
phoneVerifiedAt: Date | null;
|
|
5176
5208
|
lastLoginAt: Date | null;
|
|
@@ -5311,6 +5343,8 @@ declare const COOKIE_NAMES: {
|
|
|
5311
5343
|
readonly SESSION_KEY_ID: string;
|
|
5312
5344
|
/** Pending OAuth session (privateKey, keyId, algorithm) - temporary during OAuth flow */
|
|
5313
5345
|
readonly OAUTH_PENDING: string;
|
|
5346
|
+
/** OAuth CSRF nonce — double-submit against the (encrypted) state.nonce at callback */
|
|
5347
|
+
readonly OAUTH_CSRF: string;
|
|
5314
5348
|
};
|
|
5315
5349
|
/**
|
|
5316
5350
|
* Parse duration string to seconds
|
|
@@ -5632,9 +5666,9 @@ declare const invitationCreatedEvent: _spfn_core_event.EventDef<{
|
|
|
5632
5666
|
} | undefined;
|
|
5633
5667
|
email: string;
|
|
5634
5668
|
roleId: number;
|
|
5635
|
-
expiresAt: string;
|
|
5636
5669
|
token: string;
|
|
5637
5670
|
invitedBy: string;
|
|
5671
|
+
expiresAt: string;
|
|
5638
5672
|
invitationId: string;
|
|
5639
5673
|
isResend: boolean;
|
|
5640
5674
|
}>;
|
|
@@ -5669,4 +5703,4 @@ type AuthRegisterPayload = typeof authRegisterEvent._payload;
|
|
|
5669
5703
|
type InvitationCreatedPayload = typeof invitationCreatedEvent._payload;
|
|
5670
5704
|
type InvitationAcceptedPayload = typeof invitationAcceptedEvent._payload;
|
|
5671
5705
|
|
|
5672
|
-
export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, type VerifyIdTokenParams, acceptInvitation, addPermissionToRole, appleProvider, assertCanAssignRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyIdToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
|
|
5706
|
+
export { type AuthConfig, AuthContext, type AuthLifecycleConfig, type AuthLifecycleOptions, type AuthLoginPayload, type AuthMetadataEntity, AuthMetadataRepository, AuthProviderSchema, type AuthRegisterPayload, COOKIE_NAMES, type CreateOAuthStateParams, type GoogleTokenResponse, type GoogleUserInfo, type Invitation, type InvitationAcceptedPayload, type InvitationCreatedPayload, InvitationStatus, InvitationsRepository, KeyAlgorithmType, type KeyPair, KeysRepository, type NewAuthMetadataEntity, type NewInvitation, type NewPermission, type NewPermissionEntity, type NewRole, type NewRoleEntity, type NewRolePermission, type NewUser, type NewUserPermission, type NewUserProfile, type NewUserPublicKey, type NewUserSocialAccount, type NewVerificationCode, OAuthProvider, type OAuthState, type Permission, type PermissionEntity, PermissionsRepository, type Role, type RoleEntity, type RoleGuardOptions, type RolePermission, RolePermissionsRepository, RolesRepository, type SessionPayload, SocialAccountsRepository, SocialProvider, type TokenPayload, type UpdateProfileParams, type User, type UserPermission, UserPermissionsRepository, type UserProfile, UserProfilesRepository, type UserPublicKey, type UserSocialAccount, UsersRepository, type VerificationCode, VerificationCodesRepository, VerificationPurpose, type VerifyIdTokenParams, acceptInvitation, addPermissionToRole, appleProvider, assertCanAssignRole, authLogger, authLoginEvent, authMetadata, authMetadataRepository, authRegisterEvent, authSchema, cancelInvitation, checkUsernameAvailableService, configureAuth, createAuthLifecycle, createInvitation, createOAuthState, createRole, decodeToken, deleteInvitation, deleteRole, exchangeCodeForTokens, expireOldInvitations, generateClientToken, generateKeyPair, generateKeyPairES256, generateKeyPairRS256, generateOAuthNonce, generateToken, getAllRoles, getAuth, getAuthConfig, getAuthSessionService, getGoogleAuthUrl, getGoogleOAuthConfig, getGoogleUserInfo, getInvitationByToken, getInvitationWithDetails, getKeyId, getKeySize, getLocale, getOneTimeTokenManager, getOptionalAuth, getRole, getRoleByName, getRolePermissions, getSessionTtl, getUser, getUserByEmailService, getUserByIdService, getUserByPhoneService, getUserId, getUserPermissions, getUserProfileService, getUserRole, googleProvider, hasAllPermissions, hasAnyPermission, hasAnyRole, hasPermission, hasRole, hashPassword, initOneTimeTokenManager, initializeAuth, invitationAcceptedEvent, invitationCreatedEvent, invitationsRepository, isGoogleOAuthEnabled, keysRepository, listInvitations, oneTimeTokenAuth, parseDuration, permissions, permissionsRepository, refreshAccessToken, removePermissionFromRole, requireAnyPermission, requirePermissions, requireRole, resendInvitation, roleGuard, rolePermissions, rolePermissionsRepository, roles, rolesRepository, setRolePermissions, shouldRotateKey, socialAccountsRepository, updateLastLoginService, updateLocaleService, updateRole, updateUserProfileService, updateUserService, updateUsernameService, userInvitations, userPermissions, userPermissionsRepository, userProfiles, userProfilesRepository, userPublicKeys, userSocialAccounts, users, usersRepository, validateInvitation, validatePasswordStrength, verificationCodes, verificationCodesRepository, verifyClientToken, verifyIdToken, verifyKeyFingerprint, verifyOAuthState, verifyPassword, verifyToken };
|