@sqrzro/server 2.0.0-bz.1 → 2.0.0-bz.10

package/dist/auth/SessionService.js

@@ -0,0 +1,127 @@
+import { DrizzlePostgreSQLAdapter } from '@lucia-auth/adapter-drizzle';
+import { Lucia, generateId } from 'lucia';
+import { cookies } from 'next/headers';
+import { NextResponse } from 'next/server';
+import { match } from 'path-to-regexp';
+import { getAllowedRoles } from './AuthService';
+import { db } from '../database/DatabaseService';
+import { authSessionTable, authUserTable } from '../database/schema';
+import { getFromCache, setToCache } from '../cache/CacheService';
+import { getOrigin } from '../url/URLService';
+import { getFromObject } from '@sqrzro/utility';
+const DEFAULT_REDIRECT = '/auth/login';
+const ID_LENGTH = 16;
+const DEFAULT_SCOPES = {
+    ANON: {
+        allowedRoute: '/auth/(login|password)',
+        redirectOnUnauth: DEFAULT_REDIRECT,
+    },
+    MFA: {
+        allowedRoute: '/auth/mfa',
+        redirectOnUnauth: '/auth/mfa',
+    },
+    AUTHED: {
+        allowedRoute: '*',
+        redirectOnAuth: '/',
+    },
+};
+const adapter = new DrizzlePostgreSQLAdapter(db, authSessionTable, authUserTable);
+export const lucia = new Lucia(adapter, {
+    sessionCookie: {
+        attributes: {
+            secure: process.env.NODE_ENV === 'production',
+        },
+        name: process.env.AUTH_COOKIE_NAME || 'auth_session',
+    },
+    getSessionAttributes: (attributes) => ({
+        scope: attributes.scope,
+    }),
+    getUserAttributes: (attributes) => ({
+        email: attributes.email,
+        role: attributes.role,
+    }),
+});
+export function generateID(length = ID_LENGTH) {
+    return generateId(length);
+}
+export async function invalidateSession(id) {
+    const cookie = lucia.createBlankSessionCookie();
+    cookies().set(cookie.name, cookie.value, cookie.attributes);
+    return lucia.invalidateSession(id);
+}
+export async function invalidateUserSessions(id) {
+    return lucia.invalidateUserSessions(id);
+}
+export async function createUserSession(id, scope = 'ANON') {
+    const session = await lucia.createSession(id, { scope });
+    const sessionCookie = lucia.createSessionCookie(session.id);
+    cookies().set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
+    return true;
+}
+export function getSessionID() {
+    return cookies().get(lucia.sessionCookieName)?.value ?? null;
+}
+export function checkSessionExists() {
+    return Boolean(getSessionID());
+}
+export async function getSessionUser() {
+    const sessionID = getSessionID();
+    if (!sessionID) {
+        return null;
+    }
+    const { user } = await lucia.validateSession(sessionID);
+    if (!user?.role || !getAllowedRoles().includes(user.role)) {
+        return null;
+    }
+    return getFromObject(user, ['id', 'email', 'role']);
+}
+export function checkRouteAllowed(pathname, route) {
+    if (!route) {
+        return false;
+    }
+    if (route === '*') {
+        return true;
+    }
+    return match(route)(pathname) !== false;
+}
+export async function getScopes() {
+    const scopes = await getFromCache(`${getOrigin()}:scopes`);
+    return scopes ? JSON.parse(scopes) : DEFAULT_SCOPES;
+}
+export async function getScopeByID(id) {
+    const scopes = await getScopes();
+    return scopes[id];
+}
+export async function setScopes(customScopes) {
+    const scopes = {
+        ANON: {
+            ...DEFAULT_SCOPES.ANON,
+            ...customScopes?.ANON,
+        },
+        MFA: {
+            ...DEFAULT_SCOPES.MFA,
+            ...customScopes?.MFA,
+        },
+        AUTHED: {
+            ...DEFAULT_SCOPES.AUTHED,
+            ...customScopes?.AUTHED,
+        },
+    };
+    return setToCache(`${getOrigin()}:scopes`, JSON.stringify(scopes));
+}
+async function validateSessionFromID(sessionID, pathname) {
+    const scopes = await getScopes();
+    const { session, user } = await lucia.validateSession(sessionID);
+    const scope = scopes[session && getAllowedRoles().includes(user?.role) ? session.scope : 'ANON'];
+    return checkRouteAllowed(pathname, scope.allowedRoute)
+        ? null
+        : scope.redirectOnUnauth || DEFAULT_REDIRECT;
+}
+export async function handleSession(request, customScopes) {
+    const sessionID = request.nextUrl.searchParams.get('id') || '';
+    const pathname = request.nextUrl.searchParams.get('pathname') || '/';
+    await setScopes(customScopes);
+    return NextResponse.json({
+        redirect: await validateSessionFromID(sessionID, pathname),
+    });
+}

package/dist/{index.d.ts → auth/index.d.ts}

@@ -1,7 +1,6 @@
-export * from './LoginRequest';
 export * from './AuthService';
-export * from './PasswordService';
-export * from './DataService';
-export * from './RequestService';
+export * from './ClientService';
+export * from './MFAService';
 export * from './SessionService';
+export * from './PasswordService';
 export * from './interfaces';

package/dist/auth/index.js

@@ -0,0 +1,6 @@
+export * from './AuthService';
+export * from './ClientService';
+export * from './MFAService';
+export * from './SessionService';
+export * from './PasswordService';
+export * from './interfaces';

package/dist/auth/interfaces.d.ts

@@ -0,0 +1,20 @@
+export interface LoginFormFields {
+    email: string;
+    password: string;
+}
+export interface MFAFormFields {
+    token: string;
+}
+export interface PasswordFormFields {
+    email: string;
+}
+export interface PasswordResetFormFields {
+    password: string;
+    token: string;
+}
+export interface UserObject {
+    id: string;
+    email: string;
+    password?: string | null;
+    role?: number;
+}

package/dist/auth/interfaces.js

@@ -0,0 +1 @@
+export {};

package/dist/cache/CacheService.d.ts

@@ -0,0 +1,2 @@
+export declare function getFromCache(key: string): Promise<string | null>;
+export declare function setToCache(key: string, value: string): Promise<void>;

package/dist/cache/CacheService.js

@@ -0,0 +1,14 @@
+import { createClient } from 'redis';
+async function getClient() {
+    const client = createClient();
+    await client.connect();
+    return client;
+}
+export async function getFromCache(key) {
+    const client = await getClient();
+    return client.get(key);
+}
+export async function setToCache(key, value) {
+    const client = await getClient();
+    await client.set(key, value);
+}

package/dist/cache/index.d.ts

@@ -0,0 +1 @@
+export * from './CacheService';

package/dist/cache/index.js

@@ -0,0 +1 @@
+export * from './CacheService';

package/dist/database/DatabaseService.d.ts

@@ -0,0 +1,7 @@
+import type { PostgresJsDatabase } from 'drizzle-orm/postgres-js';
+declare global {
+    var db: ReturnType<typeof createSingleton> | undefined;
+}
+declare function createSingleton(): PostgresJsDatabase;
+export declare const db: PostgresJsDatabase;
+export {};

package/dist/database/DatabaseService.js

@@ -0,0 +1,12 @@
+import { drizzle } from 'drizzle-orm/postgres-js';
+import postgres from 'postgres';
+function createSingleton() {
+    if (!process.env.DATABASE_URL) {
+        throw new Error('DATABASE_URL is not defined');
+    }
+    return drizzle(postgres(process.env.DATABASE_URL, { prepare: false }));
+}
+export const db = globalThis.db ?? createSingleton();
+if (!process.env.VERCEL_ENV) {
+    globalThis.db = db;
+}

package/dist/database/schema.d.ts

@@ -0,0 +1,284 @@
+export declare const mfaType: import("drizzle-orm/pg-core").PgEnum<["TOTP", "HARDWARE"]>;
+export declare const scope: import("drizzle-orm/pg-core").PgEnum<["ANON", "MFA", "AUTHED"]>;
+export type Scope = (typeof scope.enumValues)[number];
+export declare const authSchema: import("drizzle-orm/pg-core").PgSchema<"auth">;
+export declare const authUserTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "user_credentials";
+    schema: "auth";
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "user_credentials";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        email: import("drizzle-orm/pg-core").PgColumn<{
+            name: "email";
+            tableName: "user_credentials";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        password: import("drizzle-orm/pg-core").PgColumn<{
+            name: "password";
+            tableName: "user_credentials";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        role: import("drizzle-orm/pg-core").PgColumn<{
+            name: "role";
+            tableName: "user_credentials";
+            dataType: "number";
+            columnType: "PgInteger";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: true;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export type AuthUser = typeof authUserTable.$inferSelect;
+export declare const authSessionTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "sessions";
+    schema: "auth";
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        userId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "userId";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        scope: import("drizzle-orm/pg-core").PgColumn<{
+            name: "scope";
+            tableName: "sessions";
+            dataType: "string";
+            columnType: "PgEnumColumn";
+            data: "ANON" | "MFA" | "AUTHED";
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: ["ANON", "MFA", "AUTHED"];
+            baseColumn: never;
+        }, {}, {}>;
+        expiresAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "expiresAt";
+            tableName: "sessions";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export type AuthSession = typeof authSessionTable.$inferSelect;
+export declare const authResetTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "resets";
+    schema: "auth";
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "resets";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        userId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "userId";
+            tableName: "resets";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        expiresAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "expiresAt";
+            tableName: "resets";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export type AuthReset = typeof authResetTable.$inferSelect;
+export declare const authMFATable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "mfas";
+    schema: "auth";
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "mfas";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        name: import("drizzle-orm/pg-core").PgColumn<{
+            name: "name";
+            tableName: "mfas";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        userId: import("drizzle-orm/pg-core").PgColumn<{
+            name: "userId";
+            tableName: "mfas";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        type: import("drizzle-orm/pg-core").PgColumn<{
+            name: "type";
+            tableName: "mfas";
+            dataType: "string";
+            columnType: "PgEnumColumn";
+            data: "TOTP" | "HARDWARE";
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            enumValues: ["TOTP", "HARDWARE"];
+            baseColumn: never;
+        }, {}, {}>;
+        secret: import("drizzle-orm/pg-core").PgColumn<{
+            name: "secret";
+            tableName: "mfas";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        verifiedAt: import("drizzle-orm/pg-core").PgColumn<{
+            name: "verifiedAt";
+            tableName: "mfas";
+            dataType: "date";
+            columnType: "PgTimestamp";
+            data: Date;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export type AuthMFA = typeof authMFATable.$inferSelect;
+export declare const authClientTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "client_credentials";
+    schema: "auth";
+    columns: {
+        id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "id";
+            tableName: "client_credentials";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        alias: import("drizzle-orm/pg-core").PgColumn<{
+            name: "alias";
+            tableName: "client_credentials";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+        secret: import("drizzle-orm/pg-core").PgColumn<{
+            name: "secret";
+            tableName: "client_credentials";
+            dataType: "string";
+            columnType: "PgText";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+        }, {}, {}>;
+    };
+    dialect: "pg";
+}>;
+export type AuthClient = typeof authClientTable.$inferSelect;

package/dist/database/schema.js

@@ -0,0 +1,42 @@
+/* istanbul ignore file */
+import { integer, pgEnum, pgSchema, text, timestamp } from 'drizzle-orm/pg-core';
+const DEFAULT_ROLE = 10;
+export const mfaType = pgEnum('mfaType', ['TOTP', 'HARDWARE']);
+export const scope = pgEnum('scope', ['ANON', 'MFA', 'AUTHED']);
+export const authSchema = pgSchema('auth');
+export const authUserTable = authSchema.table('user_credentials', {
+    id: text('id').primaryKey(),
+    email: text('email').notNull().unique(),
+    password: text('password'),
+    role: integer('role').notNull().default(DEFAULT_ROLE),
+});
+export const authSessionTable = authSchema.table('sessions', {
+    id: text('id').primaryKey(),
+    userId: text('userId')
+        .notNull()
+        .references(() => authUserTable.id),
+    scope: scope('scope').notNull().default('ANON'),
+    expiresAt: timestamp('expiresAt').notNull(),
+});
+export const authResetTable = authSchema.table('resets', {
+    id: text('id').primaryKey(),
+    userId: text('userId')
+        .notNull()
+        .references(() => authUserTable.id),
+    expiresAt: timestamp('expiresAt').notNull(),
+});
+export const authMFATable = authSchema.table('mfas', {
+    id: text('id').primaryKey(),
+    name: text('name').notNull(),
+    userId: text('userId')
+        .notNull()
+        .references(() => authUserTable.id),
+    type: mfaType('type').notNull().default('TOTP'),
+    secret: text('secret').notNull(),
+    verifiedAt: timestamp('verifiedAt'),
+});
+export const authClientTable = authSchema.table('client_credentials', {
+    id: text('id').primaryKey(),
+    alias: text('alias').notNull().unique(),
+    secret: text('secret').notNull().unique(),
+});

package/dist/forms/FormService.d.ts

@@ -0,0 +1,16 @@
+import type { Errorable } from '@sqrzro/interfaces';
+import type Joi from 'joi';
+import ValidationError from './ValidationError';
+interface SubmitFormArgs<F extends object> {
+    formData: F;
+    onSuccess?: (model: F) => Promise<void> | void;
+    onValidationError?: (error: ValidationError) => void;
+    request?: Joi.ObjectSchema<F>;
+}
+interface SubmitFormArgsWithFn<F extends object, M> extends Omit<SubmitFormArgs<F>, 'onSuccess'> {
+    fn: (data: F) => Promise<M | null>;
+    onSuccess?: (model: M) => Promise<void> | void;
+}
+export declare function submitForm<F extends object>(args: SubmitFormArgs<F>): Promise<Errorable<F>>;
+export declare function submitForm<F extends object, M>(args: SubmitFormArgsWithFn<F, M>): Promise<Errorable<M>>;
+export {};

package/dist/forms/FormService.js

@@ -0,0 +1,78 @@
+/* eslint-disable max-statements */
+import ValidationError from './ValidationError';
+import { validateSchema } from './ValidationService';
+function serializeError(err) {
+    return {
+        cause: err.cause,
+        message: err.message,
+        name: err.name,
+        stack: err.stack,
+    };
+}
+function hasFn(args) {
+    return Boolean(Object.prototype.hasOwnProperty.call(args, 'fn'));
+}
+export async function submitForm(args) {
+    let data = { ...args.formData };
+    if (args.request) {
+        const [validated, validationError] = await validateSchema(args.formData, args.request);
+        if (validationError !== null) {
+            if (validationError instanceof ValidationError) {
+                args.onValidationError?.(validationError);
+            }
+            return [null, serializeError(validationError)];
+        }
+        data = validated;
+    }
+    if (!hasFn(args)) {
+        try {
+            await args.onSuccess?.(data);
+        }
+        catch (err) {
+            if (err instanceof Error) {
+                return [null, serializeError(err)];
+            }
+            return [
+                null,
+                serializeError(new Error('The submitForm onSuccess function encountered an unknown error')),
+            ];
+        }
+        return [data, null];
+    }
+    let model = null;
+    try {
+        model = await args.fn(data);
+    }
+    catch (err) {
+        if (err instanceof ValidationError) {
+            args.onValidationError?.(err);
+            return [null, serializeError(err)];
+        }
+        if (err instanceof Error) {
+            return [null, serializeError(err)];
+        }
+        return [
+            null,
+            serializeError(new Error('The function supplied to submitForm encountered an unknown error')),
+        ];
+    }
+    if (!model) {
+        return [
+            null,
+            serializeError(new Error('No model has been returned from the function supplied to submitForm')),
+        ];
+    }
+    try {
+        await args.onSuccess?.(model);
+    }
+    catch (err) {
+        if (err instanceof Error) {
+            return [null, serializeError(err)];
+        }
+        return [
+            null,
+            serializeError(new Error('The submitForm onSuccess function encountered an unknown error')),
+        ];
+    }
+    return [model, null];
+}

package/dist/forms/ImageService.d.ts

@@ -0,0 +1,7 @@
+import type { Errorable } from '@sqrzro/interfaces';
+interface ImageValidationConfig {
+    maxSize?: number;
+    types?: string[];
+}
+export declare function validateImage(image: File | null, config?: ImageValidationConfig): Promise<Errorable<File>>;
+export {};

package/dist/forms/ImageService.js

@@ -0,0 +1,19 @@
+'use server';
+const DEFAULT_TYPES = ['image/png', 'image/jpeg', 'image/jpg'];
+// 5MB
+const DEFAULT_MAX_SIZE = 5242880;
+export async function validateImage(image, config) {
+    if (!image) {
+        return Promise.resolve([null, new Error('IMAGE_UNDEFINED')]);
+    }
+    if (!(image instanceof File)) {
+        return Promise.resolve([null, new Error('IMAGE_NOT_VALID')]);
+    }
+    if (!(config?.types || DEFAULT_TYPES).includes(image.type)) {
+        return Promise.resolve([null, new Error('IMAGE_TYPE_NOT_VALID')]);
+    }
+    if (image.size > (config?.maxSize || DEFAULT_MAX_SIZE)) {
+        return Promise.resolve([null, new Error('IMAGE_TOO_HEAVY')]);
+    }
+    return Promise.resolve([image, null]);
+}

package/dist/forms/ValidationError.d.ts

@@ -0,0 +1,4 @@
+declare class ValidationError extends Error {
+    constructor(messages: Record<string, string>);
+}
+export default ValidationError;

package/dist/forms/ValidationError.js

@@ -0,0 +1,7 @@
+class ValidationError extends Error {
+    constructor(messages) {
+        super(JSON.stringify(messages));
+        this.name = 'ValidationError';
+    }
+}
+export default ValidationError;