@spfn/auth 0.2.0-beta.9 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/README.md +831 -198
  2. package/dist/{dto-CRlgoCP5.d.ts → authenticate-eucncHxN.d.ts} +452 -157
  3. package/dist/config.d.ts +176 -44
  4. package/dist/config.js +99 -35
  5. package/dist/config.js.map +1 -1
  6. package/dist/errors.d.ts +30 -2
  7. package/dist/errors.js +24 -0
  8. package/dist/errors.js.map +1 -1
  9. package/dist/index.d.ts +287 -109
  10. package/dist/index.js +59 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/nextjs/api.js +234 -12
  13. package/dist/nextjs/api.js.map +1 -1
  14. package/dist/nextjs/client.d.ts +28 -0
  15. package/dist/nextjs/client.js +80 -0
  16. package/dist/nextjs/client.js.map +1 -0
  17. package/dist/nextjs/server.d.ts +90 -2
  18. package/dist/nextjs/server.js +146 -21
  19. package/dist/nextjs/server.js.map +1 -1
  20. package/dist/server.d.ts +828 -416
  21. package/dist/server.js +1403 -597
  22. package/dist/server.js.map +1 -1
  23. package/migrations/0001_smooth_the_fury.sql +3 -0
  24. package/migrations/0002_deep_iceman.sql +11 -0
  25. package/migrations/0003_perfect_deathbird.sql +3 -0
  26. package/migrations/0004_concerned_rawhide_kid.sql +5 -0
  27. package/migrations/meta/0001_snapshot.json +1660 -0
  28. package/migrations/meta/0002_snapshot.json +1660 -0
  29. package/migrations/meta/0003_snapshot.json +1689 -0
  30. package/migrations/meta/0004_snapshot.json +1721 -0
  31. package/migrations/meta/_journal.json +28 -0
  32. package/package.json +13 -13
package/dist/index.d.ts CHANGED
@@ -1,10 +1,38 @@
1
1
  import * as _spfn_core_nextjs from '@spfn/core/nextjs';
2
- import { R as RoleConfig, P as PermissionConfig, U as UserProfile, a as ProfileInfo, C as CheckAccountExistsResult, S as SendVerificationCodeResult, b as RegisterResult, L as LoginResult, c as RotateKeyResult, m as mainAuthRouter } from './dto-CRlgoCP5.js';
3
- export { k as AuthInitOptions, A as AuthSession, I as INVITATION_STATUSES, n as InvitationStatus, K as KEY_ALGORITHM, l as KeyAlgorithmType, i as PERMISSION_CATEGORIES, j as PermissionCategory, e as SOCIAL_PROVIDERS, p as SocialProvider, d as USER_STATUSES, o as UserStatus, h as VERIFICATION_PURPOSES, g as VERIFICATION_TARGET_TYPES, f as VerificationPurpose, V as VerificationTargetType } from './dto-CRlgoCP5.js';
2
+ import { R as RoleConfig, P as PermissionConfig, C as CheckAccountExistsResult, S as SendVerificationCodeResult, a as RegisterResult, L as LoginResult, b as RotateKeyResult, I as IssueOneTimeTokenResult, O as OAuthStartResult, U as UserProfile, c as ProfileInfo, m as mainAuthRouter } from './authenticate-eucncHxN.js';
3
+ export { l as AuthInitOptions, A as AuthSession, d as INVITATION_STATUSES, o as InvitationStatus, K as KEY_ALGORITHM, n as KeyAlgorithmType, j as PERMISSION_CATEGORIES, k as PermissionCategory, f as SOCIAL_PROVIDERS, q as SocialProvider, e as USER_STATUSES, p as UserStatus, i as VERIFICATION_PURPOSES, h as VERIFICATION_TARGET_TYPES, g as VerificationPurpose, V as VerificationTargetType } from './authenticate-eucncHxN.js';
4
4
  import * as _spfn_core_route from '@spfn/core/route';
5
+ import { HttpMethod } from '@spfn/core/route';
5
6
  import * as _sinclair_typebox from '@sinclair/typebox';
6
7
  import '@spfn/auth/server';
7
8
 
9
+ /**
10
+ * Email regex pattern (RFC 5322 compliant)
11
+ * Validates: local-part@domain.tld
12
+ * - Local part: alphanumeric, dots, hyphens, underscores
13
+ * - Domain: alphanumeric, hyphens, dots
14
+ * - TLD: minimum 2 characters
15
+ */
16
+ declare const EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
17
+ /**
18
+ * Phone regex pattern (E.164 format)
19
+ * Format: +[country code][number] (1-15 digits total)
20
+ */
21
+ declare const PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
22
+ /**
23
+ * SHA-256 fingerprint pattern (64 hex characters)
24
+ */
25
+ declare const FINGERPRINT_PATTERN = "^[a-f0-9]{64}$";
26
+ /**
27
+ * UUID v4 pattern (8-4-4-4-12 format)
28
+ */
29
+ declare const UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
30
+ /**
31
+ * Base64 pattern (DER encoded keys)
32
+ * Matches standard Base64 with padding
33
+ */
34
+ declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
35
+
8
36
  /**
9
37
  * @spfn/auth - Built-in Roles and Permissions
10
38
  *
@@ -31,31 +59,16 @@ type BuiltinRoleName = keyof typeof BUILTIN_ROLE_PERMISSIONS;
31
59
  type BuiltinPermissionName = typeof BUILTIN_PERMISSIONS[keyof typeof BUILTIN_PERMISSIONS]['name'];
32
60
 
33
61
  /**
34
- * Email regex pattern (RFC 5322 compliant)
35
- * Validates: local-part@domain.tld
36
- * - Local part: alphanumeric, dots, hyphens, underscores
37
- * - Domain: alphanumeric, hyphens, dots
38
- * - TLD: minimum 2 characters
39
- */
40
- declare const EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
41
- /**
42
- * Phone regex pattern (E.164 format)
43
- * Format: +[country code][number] (1-15 digits total)
44
- */
45
- declare const PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
46
- /**
47
- * SHA-256 fingerprint pattern (64 hex characters)
48
- */
49
- declare const FINGERPRINT_PATTERN = "^[a-f0-9]{64}$";
50
- /**
51
- * UUID v4 pattern (8-4-4-4-12 format)
52
- */
53
- declare const UUID_PATTERN = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
54
- /**
55
- * Base64 pattern (DER encoded keys)
56
- * Matches standard Base64 with padding
62
+ * Route Map (Auto-generated)
63
+ *
64
+ * DO NOT EDIT - This file is generated by @spfn/core:route-map generator
57
65
  */
58
- declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
66
+
67
+ interface RouteInfo {
68
+ method: HttpMethod;
69
+ path: string;
70
+ }
71
+ declare const routeMap: Record<string, RouteInfo>;
59
72
 
60
73
  /**
61
74
  * Type-safe API client for auth routes
@@ -74,25 +87,144 @@ declare const BASE64_PATTERN = "^[A-Za-z0-9+/]+=*$";
74
87
  * ```
75
88
  */
76
89
  declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
77
- getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
78
- updateUserProfile: _spfn_core_route.RouteDef<{
90
+ checkAccountExists: _spfn_core_route.RouteDef<{
91
+ body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
92
+ email: _sinclair_typebox.TString;
93
+ }>, _sinclair_typebox.TObject<{
94
+ phone: _sinclair_typebox.TString;
95
+ }>]>;
96
+ }, {}, CheckAccountExistsResult>;
97
+ sendVerificationCode: _spfn_core_route.RouteDef<{
79
98
  body: _sinclair_typebox.TObject<{
80
- displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
81
- firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
82
- lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
83
- avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
84
- bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
85
- locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
86
- timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
87
- dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
88
- gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
89
- website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
90
- location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
91
- company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
92
- jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
93
- metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
99
+ target: _sinclair_typebox.TString;
100
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
101
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
94
102
  }>;
95
- }, {}, ProfileInfo>;
103
+ }, {}, SendVerificationCodeResult>;
104
+ verifyCode: _spfn_core_route.RouteDef<{
105
+ body: _sinclair_typebox.TObject<{
106
+ target: _sinclair_typebox.TString;
107
+ targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
108
+ code: _sinclair_typebox.TString;
109
+ purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
110
+ }>;
111
+ }, {}, {
112
+ valid: boolean;
113
+ verificationToken: string;
114
+ }>;
115
+ register: _spfn_core_route.RouteDef<{
116
+ body: _sinclair_typebox.TObject<{
117
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
118
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
119
+ verificationToken: _sinclair_typebox.TString;
120
+ password: _sinclair_typebox.TString;
121
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
122
+ }>;
123
+ }, {
124
+ body: _sinclair_typebox.TObject<{
125
+ publicKey: _sinclair_typebox.TString;
126
+ keyId: _sinclair_typebox.TString;
127
+ fingerprint: _sinclair_typebox.TString;
128
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
129
+ }>;
130
+ }, RegisterResult>;
131
+ login: _spfn_core_route.RouteDef<{
132
+ body: _sinclair_typebox.TObject<{
133
+ email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
134
+ phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
135
+ password: _sinclair_typebox.TString;
136
+ }>;
137
+ }, {
138
+ body: _sinclair_typebox.TObject<{
139
+ publicKey: _sinclair_typebox.TString;
140
+ keyId: _sinclair_typebox.TString;
141
+ fingerprint: _sinclair_typebox.TString;
142
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
143
+ oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
144
+ }>;
145
+ }, LoginResult>;
146
+ logout: _spfn_core_route.RouteDef<{}, {}, void>;
147
+ rotateKey: _spfn_core_route.RouteDef<{}, {
148
+ body: _sinclair_typebox.TObject<{
149
+ publicKey: _sinclair_typebox.TString;
150
+ keyId: _sinclair_typebox.TString;
151
+ fingerprint: _sinclair_typebox.TString;
152
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
153
+ }>;
154
+ }, RotateKeyResult>;
155
+ changePassword: _spfn_core_route.RouteDef<{
156
+ body: _sinclair_typebox.TObject<{
157
+ currentPassword: _sinclair_typebox.TString;
158
+ newPassword: _sinclair_typebox.TString;
159
+ }>;
160
+ }, {}, void>;
161
+ getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
162
+ role: {
163
+ id: number;
164
+ name: string;
165
+ displayName: string;
166
+ priority: number;
167
+ };
168
+ permissions: {
169
+ id: number;
170
+ name: string;
171
+ displayName: string;
172
+ category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
173
+ }[];
174
+ userId: number;
175
+ publicId: string;
176
+ email: string | null;
177
+ emailVerified: boolean;
178
+ phoneVerified: boolean;
179
+ }>;
180
+ issueOneTimeToken: _spfn_core_route.RouteDef<{}, {}, IssueOneTimeTokenResult>;
181
+ oauthGoogleStart: _spfn_core_route.RouteDef<{
182
+ query: _sinclair_typebox.TObject<{
183
+ state: _sinclair_typebox.TString;
184
+ }>;
185
+ }, {}, Response>;
186
+ oauthGoogleCallback: _spfn_core_route.RouteDef<{
187
+ query: _sinclair_typebox.TObject<{
188
+ code: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
189
+ state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
190
+ error: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
191
+ error_description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
192
+ }>;
193
+ }, {}, Response>;
194
+ oauthStart: _spfn_core_route.RouteDef<{
195
+ body: _sinclair_typebox.TObject<{
196
+ provider: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"google" | "github" | "kakao" | "naver">[]>;
197
+ returnUrl: _sinclair_typebox.TString;
198
+ publicKey: _sinclair_typebox.TString;
199
+ keyId: _sinclair_typebox.TString;
200
+ fingerprint: _sinclair_typebox.TString;
201
+ algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
202
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TUnknown>>;
203
+ }>;
204
+ }, {}, OAuthStartResult>;
205
+ oauthProviders: _spfn_core_route.RouteDef<{}, {}, {
206
+ providers: ("google" | "github" | "kakao" | "naver")[];
207
+ }>;
208
+ getGoogleOAuthUrl: _spfn_core_route.RouteDef<{
209
+ body: _sinclair_typebox.TObject<{
210
+ returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
211
+ state: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
212
+ }>;
213
+ }, {}, {
214
+ authUrl: string;
215
+ }>;
216
+ oauthFinalize: _spfn_core_route.RouteDef<{
217
+ body: _sinclair_typebox.TObject<{
218
+ userId: _sinclair_typebox.TString;
219
+ keyId: _sinclair_typebox.TString;
220
+ returnUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
221
+ }>;
222
+ }, {}, {
223
+ success: boolean;
224
+ userId: string;
225
+ keyId: string;
226
+ returnUrl: string;
227
+ }>;
96
228
  getInvitation: _spfn_core_route.RouteDef<{
97
229
  params: _sinclair_typebox.TObject<{
98
230
  token: _sinclair_typebox.TString;
@@ -127,6 +259,7 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
127
259
  email: _sinclair_typebox.TString;
128
260
  roleId: _sinclair_typebox.TNumber;
129
261
  expiresInDays: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
262
+ expiresAt: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
130
263
  metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TAny>;
131
264
  }>;
132
265
  }, {}, {
@@ -193,95 +326,140 @@ declare const authApi: _spfn_core_nextjs.Client<_spfn_core_route.Router<{
193
326
  id: _sinclair_typebox.TNumber;
194
327
  }>;
195
328
  }, {}, void>;
196
- checkAccountExists: _spfn_core_route.RouteDef<{
197
- body: _sinclair_typebox.TUnion<[_sinclair_typebox.TObject<{
198
- email: _sinclair_typebox.TString;
199
- }>, _sinclair_typebox.TObject<{
200
- phone: _sinclair_typebox.TString;
201
- }>]>;
202
- }, {}, CheckAccountExistsResult>;
203
- sendVerificationCode: _spfn_core_route.RouteDef<{
329
+ getUserProfile: _spfn_core_route.RouteDef<{}, {}, UserProfile>;
330
+ updateUserProfile: _spfn_core_route.RouteDef<{
204
331
  body: _sinclair_typebox.TObject<{
205
- target: _sinclair_typebox.TString;
206
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
207
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
332
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
333
+ firstName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
334
+ lastName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
335
+ avatarUrl: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
336
+ bio: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
337
+ locale: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
338
+ timezone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
339
+ dateOfBirth: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
340
+ gender: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
341
+ website: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
342
+ location: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
343
+ company: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
344
+ jobTitle: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
345
+ metadata: _sinclair_typebox.TOptional<_sinclair_typebox.TRecord<_sinclair_typebox.TString, _sinclair_typebox.TAny>>;
208
346
  }>;
209
- }, {}, SendVerificationCodeResult>;
210
- verifyCode: _spfn_core_route.RouteDef<{
211
- body: _sinclair_typebox.TObject<{
212
- target: _sinclair_typebox.TString;
213
- targetType: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"email">, _sinclair_typebox.TLiteral<"phone">]>;
214
- code: _sinclair_typebox.TString;
215
- purpose: _sinclair_typebox.TUnion<[_sinclair_typebox.TLiteral<"registration">, _sinclair_typebox.TLiteral<"login">, _sinclair_typebox.TLiteral<"password_reset">, _sinclair_typebox.TLiteral<"email_change">, _sinclair_typebox.TLiteral<"phone_change">]>;
347
+ }, {}, ProfileInfo>;
348
+ checkUsername: _spfn_core_route.RouteDef<{
349
+ query: _sinclair_typebox.TObject<{
350
+ username: _sinclair_typebox.TString;
216
351
  }>;
217
352
  }, {}, {
218
- valid: boolean;
219
- verificationToken: string;
353
+ available: boolean;
220
354
  }>;
221
- register: _spfn_core_route.RouteDef<{
222
- body: _sinclair_typebox.TObject<{
223
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
224
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
225
- verificationToken: _sinclair_typebox.TString;
226
- password: _sinclair_typebox.TString;
227
- }>;
228
- }, {
229
- body: _sinclair_typebox.TObject<{
230
- publicKey: _sinclair_typebox.TString;
231
- keyId: _sinclair_typebox.TString;
232
- fingerprint: _sinclair_typebox.TString;
233
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
234
- }>;
235
- }, RegisterResult>;
236
- login: _spfn_core_route.RouteDef<{
355
+ updateUsername: _spfn_core_route.RouteDef<{
237
356
  body: _sinclair_typebox.TObject<{
238
- email: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
239
- phone: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
240
- password: _sinclair_typebox.TString;
357
+ username: _sinclair_typebox.TUnion<[_sinclair_typebox.TString, _sinclair_typebox.TNull]>;
241
358
  }>;
242
- }, {
359
+ }, {}, {
360
+ createdAt: Date;
361
+ updatedAt: Date;
362
+ id: number;
363
+ publicId: string;
364
+ email: string | null;
365
+ phone: string | null;
366
+ username: string | null;
367
+ passwordHash: string | null;
368
+ passwordChangeRequired: boolean;
369
+ roleId: number;
370
+ status: "active" | "inactive" | "suspended";
371
+ emailVerifiedAt: Date | null;
372
+ phoneVerifiedAt: Date | null;
373
+ lastLoginAt: Date | null;
374
+ }>;
375
+ updateLocale: _spfn_core_route.RouteDef<{
243
376
  body: _sinclair_typebox.TObject<{
244
- publicKey: _sinclair_typebox.TString;
245
- keyId: _sinclair_typebox.TString;
246
- fingerprint: _sinclair_typebox.TString;
247
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
248
- oldKeyId: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
377
+ locale: _sinclair_typebox.TString;
249
378
  }>;
250
- }, LoginResult>;
251
- logout: _spfn_core_route.RouteDef<{}, {}, void>;
252
- rotateKey: _spfn_core_route.RouteDef<{}, {
253
- body: _sinclair_typebox.TObject<{
254
- publicKey: _sinclair_typebox.TString;
255
- keyId: _sinclair_typebox.TString;
256
- fingerprint: _sinclair_typebox.TString;
257
- algorithm: _sinclair_typebox.TUnion<_sinclair_typebox.TLiteral<"ES256" | "RS256">[]>;
379
+ }, {}, {
380
+ locale: string;
381
+ }>;
382
+ listRoles: _spfn_core_route.RouteDef<{
383
+ query: _sinclair_typebox.TObject<{
384
+ includeInactive: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
258
385
  }>;
259
- }, RotateKeyResult>;
260
- changePassword: _spfn_core_route.RouteDef<{
386
+ }, {}, {
387
+ roles: {
388
+ description: string | null;
389
+ id: number;
390
+ name: string;
391
+ displayName: string;
392
+ isBuiltin: boolean;
393
+ isSystem: boolean;
394
+ isActive: boolean;
395
+ priority: number;
396
+ createdAt: Date;
397
+ updatedAt: Date;
398
+ }[];
399
+ }>;
400
+ createAdminRole: _spfn_core_route.RouteDef<{
261
401
  body: _sinclair_typebox.TObject<{
262
- currentPassword: _sinclair_typebox.TString;
263
- newPassword: _sinclair_typebox.TString;
402
+ name: _sinclair_typebox.TString;
403
+ displayName: _sinclair_typebox.TString;
404
+ description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
405
+ priority: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
406
+ permissionIds: _sinclair_typebox.TOptional<_sinclair_typebox.TArray<_sinclair_typebox.TNumber>>;
264
407
  }>;
265
- }, {}, void>;
266
- getAuthSession: _spfn_core_route.RouteDef<{}, {}, {
408
+ }, {}, {
267
409
  role: {
410
+ description: string | null;
268
411
  id: number;
269
412
  name: string;
270
413
  displayName: string;
414
+ isBuiltin: boolean;
415
+ isSystem: boolean;
416
+ isActive: boolean;
271
417
  priority: number;
418
+ createdAt: Date;
419
+ updatedAt: Date;
272
420
  };
273
- permissions: {
421
+ }>;
422
+ updateAdminRole: _spfn_core_route.RouteDef<{
423
+ params: _sinclair_typebox.TObject<{
424
+ id: _sinclair_typebox.TNumber;
425
+ }>;
426
+ body: _sinclair_typebox.TObject<{
427
+ displayName: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
428
+ description: _sinclair_typebox.TOptional<_sinclair_typebox.TString>;
429
+ priority: _sinclair_typebox.TOptional<_sinclair_typebox.TNumber>;
430
+ isActive: _sinclair_typebox.TOptional<_sinclair_typebox.TBoolean>;
431
+ }>;
432
+ }, {}, {
433
+ role: {
434
+ description: string | null;
274
435
  id: number;
275
436
  name: string;
276
437
  displayName: string;
277
- category: "auth" | "custom" | "user" | "rbac" | "system" | undefined;
278
- }[];
438
+ isBuiltin: boolean;
439
+ isSystem: boolean;
440
+ isActive: boolean;
441
+ priority: number;
442
+ createdAt: Date;
443
+ updatedAt: Date;
444
+ };
445
+ }>;
446
+ deleteAdminRole: _spfn_core_route.RouteDef<{
447
+ params: _sinclair_typebox.TObject<{
448
+ id: _sinclair_typebox.TNumber;
449
+ }>;
450
+ }, {}, void>;
451
+ updateUserRole: _spfn_core_route.RouteDef<{
452
+ params: _sinclair_typebox.TObject<{
453
+ userId: _sinclair_typebox.TNumber;
454
+ }>;
455
+ body: _sinclair_typebox.TObject<{
456
+ roleId: _sinclair_typebox.TNumber;
457
+ }>;
458
+ }, {}, {
279
459
  userId: number;
280
- email: string | null;
281
- emailVerified: boolean;
282
- phoneVerified: boolean;
460
+ roleId: number;
283
461
  }>;
284
462
  }>>;
285
463
  type AuthRouter = typeof mainAuthRouter;
286
464
 
287
- export { type AuthRouter, BASE64_PATTERN, BUILTIN_PERMISSIONS, BUILTIN_ROLES, BUILTIN_ROLE_PERMISSIONS, type BuiltinPermissionName, type BuiltinRoleName, EMAIL_PATTERN, FINGERPRINT_PATTERN, PHONE_PATTERN, PermissionConfig, ProfileInfo, RoleConfig, UUID_PATTERN, UserProfile, authApi };
465
+ export { type AuthRouter, BASE64_PATTERN, BUILTIN_PERMISSIONS, BUILTIN_ROLES, BUILTIN_ROLE_PERMISSIONS, type BuiltinPermissionName, type BuiltinRoleName, EMAIL_PATTERN, FINGERPRINT_PATTERN, PHONE_PATTERN, PermissionConfig, ProfileInfo, RoleConfig, UUID_PATTERN, UserProfile, authApi, routeMap as authRouteMap };
package/dist/index.js CHANGED
@@ -102,6 +102,24 @@ var VerificationTokenTargetMismatchError = class extends ValidationError {
102
102
  this.name = "VerificationTokenTargetMismatchError";
103
103
  }
104
104
  };
105
+ var ReservedUsernameError = class extends ValidationError {
106
+ constructor(data = {}) {
107
+ super({
108
+ message: data.message || "This username is reserved",
109
+ details: { username: data.username, ...data.details }
110
+ });
111
+ this.name = "ReservedUsernameError";
112
+ }
113
+ };
114
+ var UsernameAlreadyTakenError = class extends ConflictError {
115
+ constructor(data = {}) {
116
+ super({
117
+ message: data.message || "Username is already taken",
118
+ details: { username: data.username, ...data.details }
119
+ });
120
+ this.name = "UsernameAlreadyTakenError";
121
+ }
122
+ };
105
123
  var InsufficientPermissionsError = class extends ForbiddenError {
106
124
  constructor(data = {}) {
107
125
  const requiredPermissions = data.requiredPermissions || [];
@@ -132,6 +150,8 @@ authErrorRegistry.append([
132
150
  KeyExpiredError,
133
151
  AccountDisabledError,
134
152
  AccountAlreadyExistsError,
153
+ ReservedUsernameError,
154
+ UsernameAlreadyTakenError,
135
155
  InvalidVerificationCodeError,
136
156
  InvalidVerificationTokenError,
137
157
  InvalidKeyFingerprintError,
@@ -141,6 +161,43 @@ authErrorRegistry.append([
141
161
  InsufficientRoleError
142
162
  ]);
143
163
 
164
+ // src/generated/route-map.ts
165
+ var routeMap = {
166
+ checkAccountExists: { method: "POST", path: "/_auth/exists" },
167
+ sendVerificationCode: { method: "POST", path: "/_auth/codes" },
168
+ verifyCode: { method: "POST", path: "/_auth/codes/verify" },
169
+ register: { method: "POST", path: "/_auth/register" },
170
+ login: { method: "POST", path: "/_auth/login" },
171
+ logout: { method: "POST", path: "/_auth/logout" },
172
+ rotateKey: { method: "POST", path: "/_auth/keys/rotate" },
173
+ changePassword: { method: "PUT", path: "/_auth/password" },
174
+ getAuthSession: { method: "GET", path: "/_auth/session" },
175
+ issueOneTimeToken: { method: "POST", path: "/_auth/tokens" },
176
+ getInvitation: { method: "GET", path: "/_auth/invitations/:token" },
177
+ acceptInvitation: { method: "POST", path: "/_auth/invitations/accept" },
178
+ createInvitation: { method: "POST", path: "/_auth/invitations" },
179
+ listInvitations: { method: "GET", path: "/_auth/invitations" },
180
+ cancelInvitation: { method: "POST", path: "/_auth/invitations/cancel" },
181
+ resendInvitation: { method: "POST", path: "/_auth/invitations/resend" },
182
+ deleteInvitation: { method: "POST", path: "/_auth/invitations/delete" },
183
+ getUserProfile: { method: "GET", path: "/_auth/users/profile" },
184
+ updateUserProfile: { method: "PATCH", path: "/_auth/users/profile" },
185
+ checkUsername: { method: "GET", path: "/_auth/users/username/check" },
186
+ updateUsername: { method: "PATCH", path: "/_auth/users/username" },
187
+ updateLocale: { method: "PATCH", path: "/_auth/users/locale" },
188
+ oauthGoogleStart: { method: "GET", path: "/_auth/oauth/google" },
189
+ oauthGoogleCallback: { method: "GET", path: "/_auth/oauth/google/callback" },
190
+ oauthStart: { method: "POST", path: "/_auth/oauth/start" },
191
+ oauthProviders: { method: "GET", path: "/_auth/oauth/providers" },
192
+ getGoogleOAuthUrl: { method: "POST", path: "/_auth/oauth/google/url" },
193
+ oauthFinalize: { method: "POST", path: "/_auth/oauth/finalize" },
194
+ listRoles: { method: "GET", path: "/_auth/admin/roles" },
195
+ createAdminRole: { method: "POST", path: "/_auth/admin/roles" },
196
+ updateAdminRole: { method: "PATCH", path: "/_auth/admin/roles/:id" },
197
+ deleteAdminRole: { method: "DELETE", path: "/_auth/admin/roles/:id" },
198
+ updateUserRole: { method: "PATCH", path: "/_auth/admin/users/:userId/role" }
199
+ };
200
+
144
201
  // src/lib/types.ts
145
202
  var EMAIL_PATTERN = "^[a-zA-Z0-9._-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$";
146
203
  var PHONE_PATTERN = "^\\+[1-9]\\d{1,14}$";
@@ -2941,6 +2998,7 @@ export {
2941
2998
  UUID_PATTERN,
2942
2999
  VERIFICATION_PURPOSES,
2943
3000
  VERIFICATION_TARGET_TYPES,
2944
- authApi
3001
+ authApi,
3002
+ routeMap as authRouteMap
2945
3003
  };
2946
3004
  //# sourceMappingURL=index.js.map