@sqrzro/server 2.0.0-bz.12 → 2.0.0-bz.13

package/dist/auth.js

@@ -1,427 +1,59 @@
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/auth/index.ts
-var auth_exports = {};
-__export(auth_exports, {
-  checkMFAEnabled: () => checkMFAEnabled,
-  checkPasswordComplexity: () => checkPasswordComplexity,
-  checkRouteAllowed: () => checkRouteAllowed,
-  checkSessionExists: () => checkSessionExists,
-  checkUserHasMFA: () => checkUserHasMFA,
-  createUserSession: () => createUserSession,
-  generateID: () => generateID,
-  generateMFA: () => generateMFA,
-  getAllowedRoles: () => getAllowedRoles,
-  getClientByID: () => getClientByID,
-  getPasswordComplexity: () => getPasswordComplexity,
-  getScopeByID: () => getScopeByID,
-  getScopes: () => getScopes,
-  getSessionID: () => getSessionID,
-  getSessionUser: () => getSessionUser,
-  handleClientAuth: () => handleClientAuth,
-  handleLoginForm: () => handleLoginForm,
-  handleLogout: () => handleLogout,
-  handleMFAForm: () => handleMFAForm,
-  handlePasswordForm: () => handlePasswordForm,
-  handlePasswordResetForm: () => handlePasswordResetForm,
-  handleSession: () => handleSession,
-  hashPassword: () => hashPassword,
-  invalidateSession: () => invalidateSession,
-  invalidateUserSessions: () => invalidateUserSessions,
-  lucia: () => lucia,
-  registerClient: () => registerClient,
-  registerUser: () => registerUser,
-  setScopes: () => setScopes,
-  verifyPassword: () => verifyPassword
-});
-module.exports = __toCommonJS(auth_exports);
+import {
+  getFromCache,
+  setToCache
+} from "./chunk-GOSRKBZX.js";
+import {
+  ValidationError_default,
+  createSchema,
+  submitForm
+} from "./chunk-7XG6NQUS.js";
+import {
+  authClientTable,
+  authMFATable,
+  authResetTable,
+  authSessionTable,
+  authUserTable
+} from "./chunk-G4EG2ECB.js";
+import {
+  getOrigin
+} from "./chunk-ALBKLI2J.js";
 
 // src/auth/AuthService.ts
-var import_drizzle_orm2 = require("drizzle-orm");
+import { and as and2, eq as eq2, inArray } from "drizzle-orm";
 
 // src/database/DatabaseService.ts
-var import_postgres_js = require("drizzle-orm/postgres-js");
-var import_postgres = __toESM(require("postgres"));
+import { drizzle } from "drizzle-orm/postgres-js";
+import postgres from "postgres";
 function createSingleton() {
   if (!process.env.DATABASE_URL) {
     throw new Error("DATABASE_URL is not defined");
   }
-  return (0, import_postgres_js.drizzle)((0, import_postgres.default)(process.env.DATABASE_URL, { prepare: false }));
+  return drizzle(postgres(process.env.DATABASE_URL, { prepare: false }));
 }
 var db = globalThis.db ?? createSingleton();
 if (!process.env.VERCEL_ENV) {
   globalThis.db = db;
 }
 
-// src/database/schema.ts
-var import_pg_core = require("drizzle-orm/pg-core");
-var DEFAULT_ROLE = 10;
-var mfaType = (0, import_pg_core.pgEnum)("mfaType", ["TOTP", "HARDWARE"]);
-var scope = (0, import_pg_core.pgEnum)("scope", ["ANON", "MFA", "AUTHED"]);
-var authSchema = (0, import_pg_core.pgSchema)("auth");
-var authUserTable = authSchema.table("user_credentials", {
-  id: (0, import_pg_core.text)("id").primaryKey(),
-  email: (0, import_pg_core.text)("email").notNull().unique(),
-  password: (0, import_pg_core.text)("password"),
-  role: (0, import_pg_core.integer)("role").notNull().default(DEFAULT_ROLE)
-});
-var authSessionTable = authSchema.table("sessions", {
-  id: (0, import_pg_core.text)("id").primaryKey(),
-  userId: (0, import_pg_core.text)("userId").notNull().references(() => authUserTable.id),
-  scope: scope("scope").notNull().default("ANON"),
-  expiresAt: (0, import_pg_core.timestamp)("expiresAt").notNull()
-});
-var authResetTable = authSchema.table("resets", {
-  id: (0, import_pg_core.text)("id").primaryKey(),
-  userId: (0, import_pg_core.text)("userId").notNull().references(() => authUserTable.id),
-  expiresAt: (0, import_pg_core.timestamp)("expiresAt").notNull()
-});
-var authMFATable = authSchema.table("mfas", {
-  id: (0, import_pg_core.text)("id").primaryKey(),
-  name: (0, import_pg_core.text)("name").notNull(),
-  userId: (0, import_pg_core.text)("userId").notNull().references(() => authUserTable.id),
-  type: mfaType("type").notNull().default("TOTP"),
-  secret: (0, import_pg_core.text)("secret").notNull(),
-  verifiedAt: (0, import_pg_core.timestamp)("verifiedAt")
-});
-var authClientTable = authSchema.table("client_credentials", {
-  id: (0, import_pg_core.text)("id").primaryKey(),
-  alias: (0, import_pg_core.text)("alias").notNull().unique(),
-  secret: (0, import_pg_core.text)("secret").notNull().unique()
-});
-
-// src/forms/ValidationError.ts
-var ValidationError = class extends Error {
-  constructor(messages2) {
-    super(JSON.stringify(messages2));
-    this.name = "ValidationError";
-  }
-};
-var ValidationError_default = ValidationError;
-
-// src/forms/ValidationService.ts
-var import_joi = __toESM(require("joi"));
-
-// src/forms/lang.ts
-var messages = {
-  "alternatives.all": "",
-  "alternatives.any": "",
-  "alternatives.match": "",
-  "alternatives.one": "",
-  "alternatives.types": "",
-  "any.custom": "",
-  "any.default": "",
-  "any.failover": "",
-  "any.invalid": "",
-  "any.only": "",
-  "any.ref": "",
-  "any.required": "{{#label}} is required",
-  "any.unknown": "",
-  "array.base": "",
-  "array.excludes": "",
-  "array.includesRequiredBoth": "",
-  "array.includesRequiredKnowns": "",
-  "array.includesRequiredUnknowns": "",
-  "array.includes": "",
-  "array.length": "",
-  "array.max": "",
-  "array.min": "",
-  "array.orderedLength": "",
-  "array.sort": "",
-  "array.sort.mismatching": "",
-  "array.sort.unsupported": "",
-  "array.sparse": "",
-  "array.unique": "",
-  "array.hasKnown": "",
-  "array.hasUnknown": "",
-  "binary.base": "",
-  "binary.length": "",
-  "binary.max": "",
-  "binary.min": "",
-  "boolean.base": "",
-  "date.base": "",
-  "date.format": "",
-  "date.greater": "",
-  "date.less": "",
-  "date.max": "",
-  "date.min": "",
-  "date.strict": "",
-  "function.arity": "",
-  "function.class": "",
-  "function.maxArity": "",
-  "function.minArity": "",
-  "number.base": "{{#label}} should be a number",
-  "number.greater": "",
-  "number.infinity": "",
-  "number.integer": "",
-  "number.less": "",
-  "number.max": "",
-  "number.min": "{{#label}} should be greater than or equal to {{#limit}}",
-  "number.multiple": "",
-  "number.negative": "",
-  "number.port": "",
-  "number.positive": "",
-  "number.precision": "",
-  "number.unsafe": "",
-  "object.unknown": "",
-  "object.and": "",
-  "object.assert": "",
-  "object.base": "",
-  "object.length": "",
-  "object.max": "",
-  "object.min": "",
-  "object.missing": "",
-  "object.nand": "",
-  "object.pattern.match": "",
-  "object.refType": "",
-  "object.regex": "",
-  "object.rename.multiple": "",
-  "object.rename.override": "",
-  "object.schema": "",
-  "object.instance": "",
-  "object.with": "",
-  "object.without": "",
-  "object.xor": "",
-  "object.oxor": "",
-  "string.alphanum": "",
-  "string.base64": "",
-  "string.base": "",
-  "string.creditCard": "",
-  "string.dataUri": "",
-  "string.domain": "",
-  "string.email": "",
-  "string.empty": "{{#label}} is required",
-  "string.guid": "",
-  "string.hexAlign": "",
-  "string.hex": "",
-  "string.hostname": "",
-  "string.ipVersion": "",
-  "string.ip": "",
-  "string.isoDate": "",
-  "string.isoDuration": "",
-  "string.length": "",
-  "string.lowercase": "",
-  "string.max": "",
-  "string.min": "",
-  "string.normalize": "",
-  "string.pattern.base": "",
-  "string.pattern.name": "",
-  "string.pattern.invert.base": "",
-  "string.pattern.invert.name": "",
-  "string.token": "",
-  "string.trim": "",
-  "string.uppercase": "",
-  "string.uri": "",
-  "string.uriCustomScheme": "",
-  "string.uriRelativeOnly": "",
-  "symbol.base": "",
-  "symbol.map": ""
-};
-var lang_default = messages;
-
-// src/forms/ValidationService.ts
-function getErrorMessages() {
-  return Object.entries(lang_default).reduce((acc, [key, value]) => {
-    if (!value) {
-      return acc;
-    }
-    return {
-      ...acc,
-      [key]: value
-    };
-  }, {});
-}
-function transformErrors(error) {
-  const messages2 = error.details.reduce(
-    (acc, cur) => ({
-      ...acc,
-      [cur.path.join(".")]: cur.message.replace(/"/gu, "")
-    }),
-    {}
-  );
-  return new ValidationError_default(messages2);
-}
-async function validateSchema(formData, validation) {
-  try {
-    const validated = await validation.validateAsync(formData, {
-      abortEarly: false,
-      messages: getErrorMessages()
-    });
-    return [validated, null];
-  } catch (err) {
-    if (err instanceof import_joi.default.ValidationError) {
-      return [null, transformErrors(err)];
-    }
-    if (err instanceof Error) {
-      return [null, err];
-    }
-    return [null, new Error("Unknown validation error occured")];
-  }
-}
-function createSchema(schema) {
-  return import_joi.default.object(schema);
-}
-
-// src/forms/FormService.ts
-function serializeError(err) {
-  return {
-    cause: err.cause,
-    message: err.message,
-    name: err.name,
-    stack: err.stack
-  };
-}
-function hasFn(args) {
-  return Boolean(Object.prototype.hasOwnProperty.call(args, "fn"));
-}
-async function submitForm(args) {
-  let data = { ...args.formData };
-  if (args.request) {
-    const [validated, validationError] = await validateSchema(args.formData, args.request);
-    if (validationError !== null) {
-      if (validationError instanceof ValidationError_default) {
-        args.onValidationError?.(validationError);
-      }
-      return [null, serializeError(validationError)];
-    }
-    data = validated;
-  }
-  if (!hasFn(args)) {
-    try {
-      await args.onSuccess?.(data);
-    } catch (err) {
-      if (err instanceof Error) {
-        return [null, serializeError(err)];
-      }
-      return [
-        null,
-        serializeError(
-          new Error("The submitForm onSuccess function encountered an unknown error")
-        )
-      ];
-    }
-    return [data, null];
-  }
-  let model = null;
-  try {
-    model = await args.fn(data);
-  } catch (err) {
-    if (err instanceof ValidationError_default) {
-      args.onValidationError?.(err);
-      return [null, serializeError(err)];
-    }
-    if (err instanceof Error) {
-      return [null, serializeError(err)];
-    }
-    return [
-      null,
-      serializeError(
-        new Error("The function supplied to submitForm encountered an unknown error")
-      )
-    ];
-  }
-  if (!model) {
-    return [
-      null,
-      serializeError(
-        new Error("No model has been returned from the function supplied to submitForm")
-      )
-    ];
-  }
-  try {
-    await args.onSuccess?.(model);
-  } catch (err) {
-    if (err instanceof Error) {
-      return [null, serializeError(err)];
-    }
-    return [
-      null,
-      serializeError(
-        new Error("The submitForm onSuccess function encountered an unknown error")
-      )
-    ];
-  }
-  return [model, null];
-}
-
 // src/auth/MFAService.ts
-var import_drizzle_orm = require("drizzle-orm");
-var import_qrcode = __toESM(require("qrcode"));
-var import_otplib = require("otplib");
+import { and, eq, isNotNull, isNull } from "drizzle-orm";
+import qrcode from "qrcode";
+import { authenticator } from "otplib";
 
 // src/auth/MFARequest.ts
-var import_joi2 = __toESM(require("joi"));
+import Joi from "joi";
 var MFARequest = createSchema({
-  token: import_joi2.default.string().pattern(/^[0-9]{6}$/u).required()
+  token: Joi.string().pattern(/^[0-9]{6}$/u).required()
 });
 var MFARequest_default = MFARequest;
 
 // src/auth/SessionService.ts
-var import_adapter_drizzle = require("@lucia-auth/adapter-drizzle");
-var import_lucia = require("lucia");
-var import_headers2 = require("next/headers");
-var import_server = require("next/server");
-var import_path_to_regexp = require("path-to-regexp");
-
-// src/cache/CacheService.ts
-var import_redis = require("redis");
-async function getClient() {
-  const client = (0, import_redis.createClient)();
-  await client.connect();
-  return client;
-}
-async function getFromCache(key) {
-  const client = await getClient();
-  return client.get(key);
-}
-async function setToCache(key, value) {
-  const client = await getClient();
-  await client.set(key, value);
-}
-
-// src/url/URLService.ts
-var import_headers = require("next/headers");
-function getOrigin() {
-  const origin = (0, import_headers.headers)().get("x-origin");
-  if (origin) {
-    return origin;
-  }
-  const proto = (0, import_headers.headers)().get("x-forwarded-proto");
-  const host = (0, import_headers.headers)().get("x-forwarded-host");
-  if (proto && host) {
-    return `${proto}://${host}`;
-  }
-  throw new Error("No origin could be determined");
-}
-
-// src/auth/SessionService.ts
-var import_utility = require("@sqrzro/utility");
+import { DrizzlePostgreSQLAdapter } from "@lucia-auth/adapter-drizzle";
+import { Lucia, generateId } from "lucia";
+import { cookies } from "next/headers";
+import { NextResponse } from "next/server";
+import { match } from "path-to-regexp";
+import { getFromObject } from "@sqrzro/utility";
 var DEFAULT_REDIRECT = "/auth/login";
 var ID_LENGTH = 16;
 var DEFAULT_SCOPES = {
@@ -438,8 +70,8 @@ var DEFAULT_SCOPES = {
     redirectOnAuth: "/"
   }
 };
-var adapter = new import_adapter_drizzle.DrizzlePostgreSQLAdapter(db, authSessionTable, authUserTable);
-var lucia = new import_lucia.Lucia(adapter, {
+var adapter = new DrizzlePostgreSQLAdapter(db, authSessionTable, authUserTable);
+var lucia = new Lucia(adapter, {
   sessionCookie: {
     attributes: {
       secure: process.env.NODE_ENV === "production"
@@ -455,24 +87,24 @@ var lucia = new import_lucia.Lucia(adapter, {
   })
 });
 function generateID(length = ID_LENGTH) {
-  return (0, import_lucia.generateId)(length);
+  return generateId(length);
 }
 async function invalidateSession(id) {
   const cookie = lucia.createBlankSessionCookie();
-  (0, import_headers2.cookies)().set(cookie.name, cookie.value, cookie.attributes);
+  cookies().set(cookie.name, cookie.value, cookie.attributes);
   return lucia.invalidateSession(id);
 }
 async function invalidateUserSessions(id) {
   return lucia.invalidateUserSessions(id);
 }
-async function createUserSession(id, scope2 = "ANON") {
-  const session = await lucia.createSession(id, { scope: scope2 });
+async function createUserSession(id, scope = "ANON") {
+  const session = await lucia.createSession(id, { scope });
   const sessionCookie = lucia.createSessionCookie(session.id);
-  (0, import_headers2.cookies)().set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
+  cookies().set(sessionCookie.name, sessionCookie.value, sessionCookie.attributes);
   return true;
 }
 function getSessionID() {
-  return (0, import_headers2.cookies)().get(lucia.sessionCookieName)?.value ?? null;
+  return cookies().get(lucia.sessionCookieName)?.value ?? null;
 }
 function checkSessionExists() {
   return Boolean(getSessionID());
@@ -486,7 +118,7 @@ async function getSessionUser() {
   if (!user?.role || !getAllowedRoles().includes(user.role)) {
     return null;
   }
-  return (0, import_utility.getFromObject)(user, ["id", "email", "role"]);
+  return getFromObject(user, ["id", "email", "role"]);
 }
 function checkRouteAllowed(pathname, route) {
   if (!route) {
@@ -495,7 +127,7 @@ function checkRouteAllowed(pathname, route) {
   if (route === "*") {
     return true;
   }
-  return (0, import_path_to_regexp.match)(route)(pathname) !== false;
+  return match(route)(pathname) !== false;
 }
 async function getScopes() {
   const scopes = await getFromCache(`${getOrigin()}:scopes`);
@@ -525,14 +157,14 @@ async function setScopes(customScopes) {
 async function validateSessionFromID(sessionID, pathname) {
   const scopes = await getScopes();
   const { session, user } = await lucia.validateSession(sessionID);
-  const scope2 = scopes[session && getAllowedRoles().includes(user?.role) ? session.scope : "ANON"];
-  return checkRouteAllowed(pathname, scope2.allowedRoute) ? null : scope2.redirectOnUnauth || DEFAULT_REDIRECT;
+  const scope = scopes[session && getAllowedRoles().includes(user?.role) ? session.scope : "ANON"];
+  return checkRouteAllowed(pathname, scope.allowedRoute) ? null : scope.redirectOnUnauth || DEFAULT_REDIRECT;
 }
 async function handleSession(request, customScopes) {
   const sessionID = request.nextUrl.searchParams.get("id") || "";
   const pathname = request.nextUrl.searchParams.get("pathname") || "/";
   await setScopes(customScopes);
-  return import_server.NextResponse.json({
+  return NextResponse.json({
     redirect: await validateSessionFromID(sessionID, pathname)
   });
 }
@@ -545,13 +177,13 @@ async function generateMFA(name, email) {
   if (!checkMFAEnabled() || !email) {
     return null;
   }
-  const [user] = await db.select().from(authUserTable).where((0, import_drizzle_orm.eq)(authUserTable.email, email)).limit(1);
+  const [user] = await db.select().from(authUserTable).where(eq(authUserTable.email, email)).limit(1);
   if (!user) {
     return null;
   }
-  const secret = import_otplib.authenticator.generateSecret();
-  const otpauth = import_otplib.authenticator.keyuri(email, name, secret);
-  await db.delete(authMFATable).where((0, import_drizzle_orm.and)((0, import_drizzle_orm.eq)(authMFATable.userId, user.id), (0, import_drizzle_orm.isNull)(authMFATable.verifiedAt)));
+  const secret = authenticator.generateSecret();
+  const otpauth = authenticator.keyuri(email, name, secret);
+  await db.delete(authMFATable).where(and(eq(authMFATable.userId, user.id), isNull(authMFATable.verifiedAt)));
   await db.insert(authMFATable).values({
     id: generateID(),
     name: "Default",
@@ -559,7 +191,7 @@ async function generateMFA(name, email) {
     userId: user.id
   });
   return new Promise((resolve, reject) => {
-    import_qrcode.default.toDataURL(
+    qrcode.toDataURL(
       otpauth,
       { rendererOpts: { quality: 1 }, margin: 0, scale: 2 },
       (err, data) => {
@@ -575,24 +207,24 @@ async function checkUserHasMFA(user) {
   if (!checkMFAEnabled()) {
     return false;
   }
-  const [mfa] = await db.select().from(authMFATable).where((0, import_drizzle_orm.and)((0, import_drizzle_orm.eq)(authMFATable.userId, user.id), (0, import_drizzle_orm.isNotNull)(authMFATable.verifiedAt))).limit(1);
+  const [mfa] = await db.select().from(authMFATable).where(and(eq(authMFATable.userId, user.id), isNotNull(authMFATable.verifiedAt))).limit(1);
   return Boolean(mfa);
 }
 async function markAsVerified(userID) {
   if (!checkMFAEnabled()) {
     return;
   }
-  await db.update(authMFATable).set({ verifiedAt: /* @__PURE__ */ new Date() }).where((0, import_drizzle_orm.eq)(authMFATable.userId, userID));
+  await db.update(authMFATable).set({ verifiedAt: /* @__PURE__ */ new Date() }).where(eq(authMFATable.userId, userID));
 }
 async function validateUserToken(userID, token) {
   if (!checkMFAEnabled()) {
     return false;
   }
-  const [mfa] = await db.select().from(authMFATable).where((0, import_drizzle_orm.eq)(authMFATable.userId, userID)).limit(1);
+  const [mfa] = await db.select().from(authMFATable).where(eq(authMFATable.userId, userID)).limit(1);
   if (!mfa) {
     return false;
   }
-  return import_otplib.authenticator.check(token, mfa.secret);
+  return authenticator.check(token, mfa.secret);
 }
 async function handleMFA(formData) {
   if (!checkMFAEnabled()) {
@@ -622,7 +254,7 @@ async function handleMFAForm(formData) {
 }
 
 // src/auth/PasswordService.ts
-var import_bcryptjs = __toESM(require("bcryptjs"));
+import bcrypt from "bcryptjs";
 var PW_SALT_ROUNDS = 12;
 var PASSWORD_RULES = {
   min: 8,
@@ -654,14 +286,14 @@ var PASSWORD_FUNCTIONS = {
   symbol: checkPasswordSymbol
 };
 async function hashPassword(password) {
-  const hash = await import_bcryptjs.default.hash(password, PW_SALT_ROUNDS);
+  const hash = await bcrypt.hash(password, PW_SALT_ROUNDS);
   return hash;
 }
 async function verifyPassword(data, encrypted) {
   if (!data || !encrypted) {
     return false;
   }
-  const verified = await import_bcryptjs.default.compare(data, encrypted);
+  const verified = await bcrypt.compare(data, encrypted);
   return verified;
 }
 async function getPasswordComplexity(password, rules = PASSWORD_RULES) {
@@ -678,17 +310,17 @@ async function checkPasswordComplexity(password, rules = PASSWORD_RULES) {
 }
 
 // src/auth/LoginRequest.ts
-var import_joi3 = __toESM(require("joi"));
+import Joi2 from "joi";
 var LoginRequest = createSchema({
-  email: import_joi3.default.string().email({ minDomainSegments: 2, tlds: false }).required(),
-  password: import_joi3.default.string().min(8).required()
+  email: Joi2.string().email({ minDomainSegments: 2, tlds: false }).required(),
+  password: Joi2.string().min(8).required()
 });
 var LoginRequest_default = LoginRequest;
 
 // src/auth/PasswordRequest.ts
-var import_joi4 = __toESM(require("joi"));
+import Joi3 from "joi";
 var PasswordRequest = createSchema({
-  email: import_joi4.default.string().max(60).email({ minDomainSegments: 2, tlds: false }).required().messages({
+  email: Joi3.string().max(60).email({ minDomainSegments: 2, tlds: false }).required().messages({
     "any.required": "Please provide your email address, so we can send you a reset link",
     "string.empty": "Please provide your email address, so we can send you a reset link",
     "string.email": "Please make sure your email address is valid",
@@ -698,10 +330,10 @@ var PasswordRequest = createSchema({
 var PasswordRequest_default = PasswordRequest;
 
 // src/auth/PasswordResetRequest.ts
-var import_joi5 = __toESM(require("joi"));
+import Joi4 from "joi";
 var PasswordResetRequest = createSchema({
-  token: import_joi5.default.string().pattern(/[a-z0-9]{40}/u).required(),
-  password: import_joi5.default.string().required().messages({
+  token: Joi4.string().pattern(/[a-z0-9]{40}/u).required(),
+  password: Joi4.string().required().messages({
     "any.required": "Please provide your new password",
     "string.empty": "Please provide your new password"
   })
@@ -726,11 +358,11 @@ function getAllowedRoles() {
 }
 async function handleUserSession(userID) {
   await createUserSession(userID, checkMFAEnabled() ? "MFA" : "AUTHED");
-  const scope2 = await getScopeByID("AUTHED");
-  return scope2?.redirectOnAuth || null;
+  const scope = await getScopeByID("AUTHED");
+  return scope?.redirectOnAuth || null;
 }
 async function getUserByEmail(email) {
-  const [user] = await db.select().from(authUserTable).where((0, import_drizzle_orm2.and)((0, import_drizzle_orm2.eq)(authUserTable.email, email), (0, import_drizzle_orm2.inArray)(authUserTable.role, getAllowedRoles()))).limit(1);
+  const [user] = await db.select().from(authUserTable).where(and2(eq2(authUserTable.email, email), inArray(authUserTable.role, getAllowedRoles()))).limit(1);
   return user;
 }
 async function loginUser({ email, password }) {
@@ -766,7 +398,7 @@ async function createPasswordResetToken(email) {
   if (!user) {
     return null;
   }
-  await db.delete(authResetTable).where((0, import_drizzle_orm2.eq)(authResetTable.userId, user.id));
+  await db.delete(authResetTable).where(eq2(authResetTable.userId, user.id));
   const id = generateID(RESET_TOKEN_LENGTH);
   await db.insert(authResetTable).values({
     id,
@@ -791,17 +423,17 @@ async function handlePasswordForm(formData, mailFn) {
   return response;
 }
 async function validatePasswordResetToken(password, token) {
-  const [result] = await db.select().from(authResetTable).where((0, import_drizzle_orm2.eq)(authResetTable.id, token)).limit(1);
+  const [result] = await db.select().from(authResetTable).where(eq2(authResetTable.id, token)).limit(1);
   if (!result) {
     return null;
   }
-  await db.delete(authResetTable).where((0, import_drizzle_orm2.eq)(authResetTable.id, token));
+  await db.delete(authResetTable).where(eq2(authResetTable.id, token));
   if (!result || result.expiresAt < /* @__PURE__ */ new Date()) {
     return null;
   }
   await invalidateUserSessions(result.userId);
   await db.update(authUserTable).set({ password: await hashPassword(password) }).where(
-    (0, import_drizzle_orm2.and)((0, import_drizzle_orm2.eq)(authUserTable.id, result.userId), (0, import_drizzle_orm2.inArray)(authUserTable.role, getAllowedRoles()))
+    and2(eq2(authUserTable.id, result.userId), inArray(authUserTable.role, getAllowedRoles()))
   );
   return result.userId;
 }
@@ -822,11 +454,11 @@ async function handlePasswordResetForm(formData) {
 }
 
 // src/auth/ClientService.ts
-var import_drizzle_orm3 = require("drizzle-orm");
+import { eq as eq3 } from "drizzle-orm";
 var ID_LENGTH2 = 16;
 var SECRET_LENGTH = 64;
 async function getClientByID(id) {
-  const [client] = await db.select().from(authClientTable).where((0, import_drizzle_orm3.eq)(authClientTable.id, id)).limit(1);
+  const [client] = await db.select().from(authClientTable).where(eq3(authClientTable.id, id)).limit(1);
   return client;
 }
 async function registerClient({
@@ -842,22 +474,21 @@ async function registerClient({
   return client;
 }
 async function handleClientAuth(request) {
-  const { headers: headers2 } = request;
-  const header = headers2.get("authorization");
+  const { headers } = request;
+  const header = headers.get("authorization");
   if (!header) {
     return null;
   }
   const auth = Buffer.from(header.replace("Basic ", ""), "base64").toString("utf-8").replace(/:$/u, "");
   const [id, ...secret] = auth.split("-");
-  const [client] = await db.select().from(authClientTable).where((0, import_drizzle_orm3.eq)(authClientTable.id, id)).limit(1);
+  const [client] = await db.select().from(authClientTable).where(eq3(authClientTable.id, id)).limit(1);
   if (!client) {
     return null;
   }
   const isVerified = await verifyPassword(secret.join(""), client.secret);
   return isVerified ? client : null;
 }
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
+export {
   checkMFAEnabled,
   checkPasswordComplexity,
   checkRouteAllowed,
@@ -888,4 +519,4 @@ async function handleClientAuth(request) {
   registerUser,
   setScopes,
   verifyPassword
-});
+};