@stratal/framework 0.0.18 → 0.0.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access-control/index.d.mts +180 -0
- package/dist/access-control/index.d.mts.map +1 -0
- package/dist/access-control/index.mjs +71 -0
- package/dist/access-control/index.mjs.map +1 -0
- package/dist/access.service-BjYVtUJw.mjs +145 -0
- package/dist/access.service-BjYVtUJw.mjs.map +1 -0
- package/dist/auth/index.d.mts +122 -4
- package/dist/auth/index.d.mts.map +1 -1
- package/dist/auth/index.mjs +237 -65
- package/dist/auth/index.mjs.map +1 -1
- package/dist/{auth-context-BD2ApWg1.d.mts → auth-context-BXSkiJ56.d.mts} +14 -1
- package/dist/auth-context-BXSkiJ56.d.mts.map +1 -0
- package/dist/{auth-context-BfekHvM9.mjs → auth-context-BberoPal.mjs} +25 -4
- package/dist/auth-context-BberoPal.mjs.map +1 -0
- package/dist/context/index.d.mts +1 -1
- package/dist/context/index.mjs +2 -2
- package/dist/database/index.d.mts +3 -3
- package/dist/database/index.mjs +49 -43
- package/dist/database/index.mjs.map +1 -1
- package/dist/{decorate-C12QolJF.mjs → decorate-CdfCRvAc.mjs} +1 -1
- package/dist/{decorateMetadata-rWbWGUuO.mjs → decorateMetadata-CqtSx3_1.mjs} +1 -1
- package/dist/decorateParam-Dc5DGEpb.mjs +18 -0
- package/dist/decorateParam-Dc5DGEpb.mjs.map +1 -0
- package/dist/{errors-C_KIIU1v.mjs → errors-B1vVXc1T.mjs} +1 -1
- package/dist/{errors-C_KIIU1v.mjs.map → errors-B1vVXc1T.mjs.map} +1 -1
- package/dist/factory/index.d.mts +1 -1
- package/dist/guards/index.d.mts +7 -6
- package/dist/guards/index.d.mts.map +1 -1
- package/dist/guards/index.mjs +38 -29
- package/dist/guards/index.mjs.map +1 -1
- package/dist/{index-B1iGBJcO.d.mts → index-CpFBG0Ws.d.mts} +23 -41
- package/dist/index-CpFBG0Ws.d.mts.map +1 -0
- package/dist/index.d.mts +2 -2
- package/dist/insufficient-permissions.error-CRnOHYvq.mjs +23 -0
- package/dist/insufficient-permissions.error-CRnOHYvq.mjs.map +1 -0
- package/dist/types-BLyu9dAd.d.mts +11 -0
- package/dist/types-BLyu9dAd.d.mts.map +1 -0
- package/dist/types-BZlcRR2M.d.mts +92 -0
- package/dist/types-BZlcRR2M.d.mts.map +1 -0
- package/package.json +22 -22
- package/dist/auth-context-BD2ApWg1.d.mts.map +0 -1
- package/dist/auth-context-BfekHvM9.mjs.map +0 -1
- package/dist/decorateParam-WGqsyT5s.mjs +0 -8
- package/dist/index-B1iGBJcO.d.mts.map +0 -1
- package/dist/rbac/index.d.mts +0 -206
- package/dist/rbac/index.d.mts.map +0 -1
- package/dist/rbac/index.mjs +0 -346
- package/dist/rbac/index.mjs.map +0 -1
- package/dist/tokens-Di1ofovy.mjs +0 -32
- package/dist/tokens-Di1ofovy.mjs.map +0 -1
- package/dist/types-Gjk0d2qB.d.mts +0 -47
- package/dist/types-Gjk0d2qB.d.mts.map +0 -1
package/dist/auth/index.mjs
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
|
-
import { t as
|
|
2
|
-
import { t as
|
|
3
|
-
import { t as __decorateMetadata } from "../decorateMetadata-
|
|
4
|
-
import { t as
|
|
1
|
+
import { n as createStratalAcPlugin, t as AccessService } from "../access.service-BjYVtUJw.mjs";
|
|
2
|
+
import { n as AC_TOKENS, t as __decorateParam } from "../decorateParam-Dc5DGEpb.mjs";
|
|
3
|
+
import { t as __decorateMetadata } from "../decorateMetadata-CqtSx3_1.mjs";
|
|
4
|
+
import { t as __decorate } from "../decorate-CdfCRvAc.mjs";
|
|
5
|
+
import { t as AuthContext } from "../auth-context-BberoPal.mjs";
|
|
6
|
+
import { I18nModule } from "stratal/i18n";
|
|
5
7
|
import { Module } from "stratal/module";
|
|
6
8
|
import { DI_TOKENS, Transient } from "stratal/di";
|
|
7
|
-
import { ApplicationError, ERROR_CODES
|
|
9
|
+
import { ApplicationError, ERROR_CODES } from "stratal/errors";
|
|
8
10
|
import { LOGGER_TOKENS } from "stratal/logger";
|
|
9
|
-
import { inject } from "tsyringe";
|
|
11
|
+
import { inject as inject$1 } from "tsyringe";
|
|
10
12
|
import { betterAuth } from "better-auth";
|
|
11
13
|
import { APIError } from "better-auth/api";
|
|
12
14
|
//#region src/auth/auth.tokens.ts
|
|
@@ -15,13 +17,63 @@ const AUTH_SERVICE = Symbol.for("stratal:auth:service");
|
|
|
15
17
|
/** Token for Better Auth options configuration */
|
|
16
18
|
const AUTH_OPTIONS = Symbol.for("stratal:auth:options");
|
|
17
19
|
//#endregion
|
|
20
|
+
//#region src/auth/i18n/en.ts
|
|
21
|
+
const authMessages = { en: { auth: {
|
|
22
|
+
errors: {
|
|
23
|
+
tokenRequired: "Verification token is required",
|
|
24
|
+
invalidToken: "Invalid or expired verification token",
|
|
25
|
+
verificationFailed: "Verification failed. Please try again.",
|
|
26
|
+
userNotFound: "User not found. Please check your credentials.",
|
|
27
|
+
invalidCredentials: "Invalid email or password",
|
|
28
|
+
invalidPassword: "Invalid password",
|
|
29
|
+
invalidEmail: "Invalid email address",
|
|
30
|
+
sessionExpired: "Your session has expired. Please sign in again.",
|
|
31
|
+
emailNotVerified: "Please verify your email address before signing in",
|
|
32
|
+
passwordTooShort: "Password must be at least {minLength} characters",
|
|
33
|
+
passwordTooLong: "Password must be at most {maxLength} characters",
|
|
34
|
+
accountAlreadyExists: "An account with this email already exists",
|
|
35
|
+
failedToCreateUser: "Failed to create user account. Please try again.",
|
|
36
|
+
failedToCreateSession: "Failed to create session. Please try again.",
|
|
37
|
+
failedToGetSession: "Failed to retrieve session. Please try again.",
|
|
38
|
+
failedToUpdateUser: "Failed to update user information. Please try again.",
|
|
39
|
+
failedToGetUserInfo: "Failed to retrieve user information. Please try again.",
|
|
40
|
+
socialAccountLinked: "This social account is already linked to another user",
|
|
41
|
+
providerNotFound: "Authentication provider not found",
|
|
42
|
+
userEmailNotFound: "User email address not found",
|
|
43
|
+
accountNotFound: "Account not found",
|
|
44
|
+
credentialAccountNotFound: "Credential account not found",
|
|
45
|
+
cannotUnlinkLastAccount: "Cannot unlink your last account",
|
|
46
|
+
userAlreadyHasPassword: "User already has a password set",
|
|
47
|
+
emailCannotBeUpdated: "Email address cannot be updated at this time",
|
|
48
|
+
tokenExpired: "The verification token has expired. Please request a new verification email.",
|
|
49
|
+
invalidCallbackUrl: "Invalid callback URL",
|
|
50
|
+
invalidOrigin: "Request origin is not allowed",
|
|
51
|
+
validationFailed: "Authentication validation failed",
|
|
52
|
+
emailAlreadyVerified: "Email address is already verified",
|
|
53
|
+
emailMismatch: "Email address does not match",
|
|
54
|
+
unknownError: "An authentication error occurred"
|
|
55
|
+
},
|
|
56
|
+
org: {
|
|
57
|
+
organizationNotFound: "Organization not found",
|
|
58
|
+
memberNotFound: "Member not found",
|
|
59
|
+
invitationNotFound: "Invitation not found",
|
|
60
|
+
permissionDenied: "You do not have permission to perform this action",
|
|
61
|
+
invitationRecipientMismatch: "You are not the recipient of this invitation",
|
|
62
|
+
conflict: "A resource with this identifier already exists",
|
|
63
|
+
limitReached: "The maximum limit has been reached",
|
|
64
|
+
membershipError: "This action cannot be performed due to membership constraints",
|
|
65
|
+
teamNotFound: "Team not found",
|
|
66
|
+
roleNotFound: "Role not found"
|
|
67
|
+
}
|
|
68
|
+
} } };
|
|
69
|
+
//#endregion
|
|
18
70
|
//#region src/auth/middleware/auth-context.middleware.ts
|
|
19
71
|
let AuthContextMiddleware = class AuthContextMiddleware {
|
|
20
72
|
async handle(ctx, next) {
|
|
21
73
|
const requestContainer = ctx.getContainer();
|
|
22
74
|
const authContext = new AuthContext();
|
|
23
75
|
requestContainer.registerValue(DI_TOKENS.AuthContext, authContext);
|
|
24
|
-
|
|
76
|
+
return next();
|
|
25
77
|
}
|
|
26
78
|
};
|
|
27
79
|
AuthContextMiddleware = __decorate([Transient()], AuthContextMiddleware);
|
|
@@ -35,161 +87,245 @@ let SessionVerificationMiddleware = class SessionVerificationMiddleware {
|
|
|
35
87
|
async handle(ctx, next) {
|
|
36
88
|
try {
|
|
37
89
|
const session = await this.authService.auth.api.getSession({ headers: ctx.c.req.raw.headers });
|
|
38
|
-
if (session) ctx.getContainer().resolve(DI_TOKENS.AuthContext).setAuthContext({
|
|
39
|
-
|
|
90
|
+
if (session) ctx.getContainer().resolve(DI_TOKENS.AuthContext).setAuthContext({
|
|
91
|
+
userId: session.user.id,
|
|
92
|
+
role: session.user.role
|
|
93
|
+
});
|
|
40
94
|
} catch (error) {
|
|
41
95
|
this.logger.debug("Session validation failed (e.g., invalidated in DB)", { error });
|
|
42
|
-
await next();
|
|
43
96
|
}
|
|
97
|
+
return next();
|
|
44
98
|
}
|
|
45
99
|
};
|
|
46
100
|
SessionVerificationMiddleware = __decorate([
|
|
47
101
|
Transient(),
|
|
48
|
-
__decorateParam(0, inject(AUTH_SERVICE)),
|
|
49
|
-
__decorateParam(1, inject(LOGGER_TOKENS.LoggerService)),
|
|
102
|
+
__decorateParam(0, inject$1(AUTH_SERVICE)),
|
|
103
|
+
__decorateParam(1, inject$1(LOGGER_TOKENS.LoggerService)),
|
|
50
104
|
__decorateMetadata("design:paramtypes", [Object, Object])
|
|
51
105
|
], SessionVerificationMiddleware);
|
|
52
106
|
//#endregion
|
|
53
107
|
//#region src/auth/errors/auth-errors.ts
|
|
54
108
|
var UserNotFoundError = class extends ApplicationError {
|
|
55
109
|
constructor(email) {
|
|
56
|
-
super("errors.
|
|
110
|
+
super("auth.errors.userNotFound", ERROR_CODES.RESOURCE.NOT_FOUND, email ? { email } : void 0);
|
|
57
111
|
}
|
|
58
112
|
};
|
|
59
113
|
var InvalidCredentialsError = class extends ApplicationError {
|
|
60
114
|
constructor() {
|
|
61
|
-
super("errors.
|
|
115
|
+
super("auth.errors.invalidCredentials", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
|
|
62
116
|
}
|
|
63
117
|
};
|
|
64
118
|
var InvalidPasswordError = class extends ApplicationError {
|
|
65
119
|
constructor() {
|
|
66
|
-
super("errors.
|
|
120
|
+
super("auth.errors.invalidPassword", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
|
|
67
121
|
}
|
|
68
122
|
};
|
|
69
123
|
var InvalidEmailError = class extends ApplicationError {
|
|
70
124
|
constructor(email) {
|
|
71
|
-
super("errors.
|
|
125
|
+
super("auth.errors.invalidEmail", ERROR_CODES.VALIDATION.INVALID_FORMAT, email ? { email } : void 0);
|
|
72
126
|
}
|
|
73
127
|
};
|
|
74
128
|
var SessionExpiredError = class extends ApplicationError {
|
|
75
129
|
constructor() {
|
|
76
|
-
super("errors.
|
|
130
|
+
super("auth.errors.sessionExpired", ERROR_CODES.AUTH.SESSION_EXPIRED);
|
|
77
131
|
}
|
|
78
132
|
};
|
|
79
133
|
var EmailNotVerifiedError = class extends ApplicationError {
|
|
80
134
|
constructor(email) {
|
|
81
|
-
super("errors.
|
|
135
|
+
super("auth.errors.emailNotVerified", ERROR_CODES.AUTH.EMAIL_NOT_VERIFIED, email ? { email } : void 0);
|
|
82
136
|
}
|
|
83
137
|
};
|
|
84
138
|
var PasswordTooShortError = class extends ApplicationError {
|
|
85
139
|
constructor(minLength) {
|
|
86
|
-
super("errors.
|
|
140
|
+
super("auth.errors.passwordTooShort", ERROR_CODES.AUTH.PASSWORD_TOO_SHORT, { minLength });
|
|
87
141
|
}
|
|
88
142
|
};
|
|
89
143
|
var PasswordTooLongError = class extends ApplicationError {
|
|
90
144
|
constructor(maxLength) {
|
|
91
|
-
super("errors.
|
|
145
|
+
super("auth.errors.passwordTooLong", ERROR_CODES.AUTH.PASSWORD_TOO_LONG, { maxLength });
|
|
92
146
|
}
|
|
93
147
|
};
|
|
94
148
|
var AccountAlreadyExistsError = class extends ApplicationError {
|
|
95
149
|
constructor(email) {
|
|
96
|
-
super("errors.
|
|
150
|
+
super("auth.errors.accountAlreadyExists", ERROR_CODES.AUTH.ACCOUNT_ALREADY_EXISTS, email ? { email } : void 0);
|
|
97
151
|
}
|
|
98
152
|
};
|
|
99
153
|
var FailedToCreateUserError = class extends ApplicationError {
|
|
100
154
|
constructor(reason) {
|
|
101
|
-
super("errors.
|
|
155
|
+
super("auth.errors.failedToCreateUser", ERROR_CODES.AUTH.FAILED_TO_CREATE_USER, reason ? { reason } : void 0);
|
|
102
156
|
}
|
|
103
157
|
};
|
|
104
158
|
var FailedToCreateSessionError = class extends ApplicationError {
|
|
105
159
|
constructor(reason) {
|
|
106
|
-
super("errors.
|
|
160
|
+
super("auth.errors.failedToCreateSession", ERROR_CODES.AUTH.FAILED_TO_CREATE_SESSION, reason ? { reason } : void 0);
|
|
107
161
|
}
|
|
108
162
|
};
|
|
109
163
|
var FailedToUpdateUserError = class extends ApplicationError {
|
|
110
164
|
constructor(reason) {
|
|
111
|
-
super("errors.
|
|
165
|
+
super("auth.errors.failedToUpdateUser", ERROR_CODES.AUTH.FAILED_TO_UPDATE_USER, reason ? { reason } : void 0);
|
|
112
166
|
}
|
|
113
167
|
};
|
|
114
168
|
var SocialAccountLinkedError = class extends ApplicationError {
|
|
115
169
|
constructor(provider) {
|
|
116
|
-
super("errors.
|
|
170
|
+
super("auth.errors.socialAccountLinked", ERROR_CODES.AUTH.SOCIAL_ACCOUNT_LINKED, provider ? { provider } : void 0);
|
|
117
171
|
}
|
|
118
172
|
};
|
|
119
173
|
var CannotUnlinkLastAccountError = class extends ApplicationError {
|
|
120
174
|
constructor() {
|
|
121
|
-
super("errors.
|
|
175
|
+
super("auth.errors.cannotUnlinkLastAccount", ERROR_CODES.AUTH.CANNOT_UNLINK_LAST_ACCOUNT);
|
|
122
176
|
}
|
|
123
177
|
};
|
|
124
178
|
var ProviderNotFoundError = class extends ApplicationError {
|
|
125
179
|
constructor(provider) {
|
|
126
|
-
super("errors.
|
|
180
|
+
super("auth.errors.providerNotFound", ERROR_CODES.RESOURCE.NOT_FOUND, provider ? { provider } : void 0);
|
|
127
181
|
}
|
|
128
182
|
};
|
|
129
183
|
var UserEmailNotFoundError = class extends ApplicationError {
|
|
130
184
|
constructor() {
|
|
131
|
-
super("errors.
|
|
185
|
+
super("auth.errors.userEmailNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
|
|
132
186
|
}
|
|
133
187
|
};
|
|
134
188
|
var AccountNotFoundError = class extends ApplicationError {
|
|
135
189
|
constructor() {
|
|
136
|
-
super("errors.
|
|
190
|
+
super("auth.errors.accountNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
|
|
137
191
|
}
|
|
138
192
|
};
|
|
139
193
|
var CredentialAccountNotFoundError = class extends ApplicationError {
|
|
140
194
|
constructor() {
|
|
141
|
-
super("errors.
|
|
195
|
+
super("auth.errors.credentialAccountNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
|
|
142
196
|
}
|
|
143
197
|
};
|
|
144
198
|
var UserAlreadyHasPasswordError = class extends ApplicationError {
|
|
145
199
|
constructor() {
|
|
146
|
-
super("errors.
|
|
200
|
+
super("auth.errors.userAlreadyHasPassword", ERROR_CODES.RESOURCE.CONFLICT);
|
|
147
201
|
}
|
|
148
202
|
};
|
|
149
203
|
var EmailCannotBeUpdatedError = class extends ApplicationError {
|
|
150
204
|
constructor(reason) {
|
|
151
|
-
super("errors.
|
|
205
|
+
super("auth.errors.emailCannotBeUpdated", ERROR_CODES.VALIDATION.GENERIC, reason ? { reason } : void 0);
|
|
152
206
|
}
|
|
153
207
|
};
|
|
154
208
|
var FailedToGetSessionError = class extends ApplicationError {
|
|
155
209
|
constructor(reason) {
|
|
156
|
-
super("errors.
|
|
210
|
+
super("auth.errors.failedToGetSession", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
|
|
157
211
|
}
|
|
158
212
|
};
|
|
159
213
|
var FailedToGetUserInfoError = class extends ApplicationError {
|
|
160
214
|
constructor(reason) {
|
|
161
|
-
super("errors.
|
|
215
|
+
super("auth.errors.failedToGetUserInfo", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
|
|
162
216
|
}
|
|
163
217
|
};
|
|
164
218
|
var IdTokenNotSupportedError = class extends ApplicationError {
|
|
165
219
|
constructor() {
|
|
166
|
-
super("errors.
|
|
220
|
+
super("auth.errors.invalidToken", ERROR_CODES.VALIDATION.GENERIC);
|
|
167
221
|
}
|
|
168
222
|
};
|
|
169
223
|
var TokenExpiredError = class extends ApplicationError {
|
|
170
224
|
constructor() {
|
|
171
|
-
super("errors.
|
|
225
|
+
super("auth.errors.tokenExpired", ERROR_CODES.VALIDATION.GENERIC);
|
|
226
|
+
}
|
|
227
|
+
};
|
|
228
|
+
var InvalidCallbackUrlError = class extends ApplicationError {
|
|
229
|
+
constructor() {
|
|
230
|
+
super("auth.errors.invalidCallbackUrl", ERROR_CODES.VALIDATION.INVALID_FORMAT);
|
|
231
|
+
}
|
|
232
|
+
};
|
|
233
|
+
var InvalidOriginError = class extends ApplicationError {
|
|
234
|
+
constructor() {
|
|
235
|
+
super("auth.errors.invalidOrigin", ERROR_CODES.AUTHZ.FORBIDDEN);
|
|
236
|
+
}
|
|
237
|
+
};
|
|
238
|
+
var AuthValidationFailedError = class extends ApplicationError {
|
|
239
|
+
constructor() {
|
|
240
|
+
super("auth.errors.validationFailed", ERROR_CODES.VALIDATION.GENERIC);
|
|
241
|
+
}
|
|
242
|
+
};
|
|
243
|
+
var EmailAlreadyVerifiedError = class extends ApplicationError {
|
|
244
|
+
constructor() {
|
|
245
|
+
super("auth.errors.emailAlreadyVerified", ERROR_CODES.RESOURCE.CONFLICT);
|
|
246
|
+
}
|
|
247
|
+
};
|
|
248
|
+
var EmailMismatchError = class extends ApplicationError {
|
|
249
|
+
constructor() {
|
|
250
|
+
super("auth.errors.emailMismatch", ERROR_CODES.VALIDATION.INVALID_FORMAT);
|
|
251
|
+
}
|
|
252
|
+
};
|
|
253
|
+
var BetterAuthUnknownError = class extends ApplicationError {
|
|
254
|
+
constructor(errorCode) {
|
|
255
|
+
super("auth.errors.unknownError", ERROR_CODES.SYSTEM.INTERNAL_ERROR, errorCode ? { errorCode } : void 0);
|
|
172
256
|
}
|
|
173
257
|
};
|
|
174
258
|
//#endregion
|
|
175
259
|
//#region src/auth/errors/invalid-token.error.ts
|
|
176
260
|
var InvalidTokenError = class extends ApplicationError {
|
|
177
261
|
constructor() {
|
|
178
|
-
super("errors.
|
|
262
|
+
super("auth.errors.invalidToken", ERROR_CODES.AUTH.INVALID_TOKEN);
|
|
263
|
+
}
|
|
264
|
+
};
|
|
265
|
+
//#endregion
|
|
266
|
+
//#region src/auth/errors/organization-errors.ts
|
|
267
|
+
var OrganizationNotFoundError = class extends ApplicationError {
|
|
268
|
+
constructor() {
|
|
269
|
+
super("auth.org.organizationNotFound", ERROR_CODES.AUTH.ORGANIZATION_NOT_FOUND);
|
|
270
|
+
}
|
|
271
|
+
};
|
|
272
|
+
var OrganizationMemberNotFoundError = class extends ApplicationError {
|
|
273
|
+
constructor() {
|
|
274
|
+
super("auth.org.memberNotFound", ERROR_CODES.AUTH.MEMBER_NOT_FOUND);
|
|
275
|
+
}
|
|
276
|
+
};
|
|
277
|
+
var OrganizationInvitationNotFoundError = class extends ApplicationError {
|
|
278
|
+
constructor() {
|
|
279
|
+
super("auth.org.invitationNotFound", ERROR_CODES.AUTH.INVITATION_NOT_FOUND);
|
|
280
|
+
}
|
|
281
|
+
};
|
|
282
|
+
var OrganizationPermissionDeniedError = class extends ApplicationError {
|
|
283
|
+
constructor() {
|
|
284
|
+
super("auth.org.permissionDenied", ERROR_CODES.AUTHZ.FORBIDDEN);
|
|
285
|
+
}
|
|
286
|
+
};
|
|
287
|
+
var OrganizationInvitationRecipientMismatchError = class extends ApplicationError {
|
|
288
|
+
constructor() {
|
|
289
|
+
super("auth.org.invitationRecipientMismatch", ERROR_CODES.AUTH.INVITATION_RECIPIENT_MISMATCH);
|
|
290
|
+
}
|
|
291
|
+
};
|
|
292
|
+
var OrganizationConflictError = class extends ApplicationError {
|
|
293
|
+
constructor() {
|
|
294
|
+
super("auth.org.conflict", ERROR_CODES.RESOURCE.CONFLICT);
|
|
295
|
+
}
|
|
296
|
+
};
|
|
297
|
+
var OrganizationLimitReachedError = class extends ApplicationError {
|
|
298
|
+
constructor() {
|
|
299
|
+
super("auth.org.limitReached", ERROR_CODES.AUTH.ORGANIZATION_LIMIT_REACHED);
|
|
300
|
+
}
|
|
301
|
+
};
|
|
302
|
+
var OrganizationMembershipError = class extends ApplicationError {
|
|
303
|
+
constructor() {
|
|
304
|
+
super("auth.org.membershipError", ERROR_CODES.AUTH.ORGANIZATION_MEMBERSHIP_REQUIRED);
|
|
305
|
+
}
|
|
306
|
+
};
|
|
307
|
+
var OrganizationTeamNotFoundError = class extends ApplicationError {
|
|
308
|
+
constructor() {
|
|
309
|
+
super("auth.org.teamNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
|
|
310
|
+
}
|
|
311
|
+
};
|
|
312
|
+
var OrganizationRoleNotFoundError = class extends ApplicationError {
|
|
313
|
+
constructor() {
|
|
314
|
+
super("auth.org.roleNotFound", ERROR_CODES.RESOURCE.NOT_FOUND);
|
|
179
315
|
}
|
|
180
316
|
};
|
|
181
317
|
//#endregion
|
|
182
318
|
//#region src/auth/errors/token-required.error.ts
|
|
183
319
|
var TokenRequiredError = class extends ApplicationError {
|
|
184
320
|
constructor() {
|
|
185
|
-
super("errors.
|
|
321
|
+
super("auth.errors.tokenRequired", ERROR_CODES.VALIDATION.REQUIRED_FIELD, { field: "token" });
|
|
186
322
|
}
|
|
187
323
|
};
|
|
188
324
|
//#endregion
|
|
189
325
|
//#region src/auth/errors/verification-failed.error.ts
|
|
190
326
|
var VerificationFailedError = class extends ApplicationError {
|
|
191
327
|
constructor() {
|
|
192
|
-
super("errors.
|
|
328
|
+
super("auth.errors.verificationFailed", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
|
|
193
329
|
}
|
|
194
330
|
};
|
|
195
331
|
//#endregion
|
|
@@ -208,20 +344,19 @@ function mapBetterAuthError(error) {
|
|
|
208
344
|
if (location.includes("failed_to_create_user")) return new FailedToCreateUserError();
|
|
209
345
|
if (location.includes("failed_to_create_session")) return new FailedToCreateSessionError();
|
|
210
346
|
}
|
|
211
|
-
if (!errorCode) return new
|
|
212
|
-
|
|
213
|
-
stack: error.stack
|
|
214
|
-
});
|
|
215
|
-
if (errorCode === "USER_NOT_FOUND") return new UserNotFoundError();
|
|
347
|
+
if (!errorCode) return new BetterAuthUnknownError();
|
|
348
|
+
if (errorCode === "USER_NOT_FOUND" || errorCode === "INVALID_USER") return new UserNotFoundError();
|
|
216
349
|
if (errorCode === "USER_EMAIL_NOT_FOUND") return new UserEmailNotFoundError();
|
|
217
350
|
if (errorCode === "INVALID_EMAIL_OR_PASSWORD") return new InvalidCredentialsError();
|
|
218
351
|
if (errorCode === "INVALID_PASSWORD") return new InvalidPasswordError();
|
|
219
352
|
if (errorCode === "INVALID_EMAIL") return new InvalidEmailError();
|
|
220
|
-
if (errorCode === "SESSION_EXPIRED") return new SessionExpiredError();
|
|
353
|
+
if (errorCode === "SESSION_EXPIRED" || errorCode === "SESSION_NOT_FRESH") return new SessionExpiredError();
|
|
221
354
|
if (errorCode === "FAILED_TO_CREATE_SESSION") return new FailedToCreateSessionError();
|
|
222
355
|
if (errorCode === "FAILED_TO_GET_SESSION") return new FailedToGetSessionError();
|
|
223
356
|
if (errorCode === "EMAIL_NOT_VERIFIED") return new EmailNotVerifiedError();
|
|
224
357
|
if (errorCode === "EMAIL_CAN_NOT_BE_UPDATED") return new EmailCannotBeUpdatedError();
|
|
358
|
+
if (errorCode === "EMAIL_ALREADY_VERIFIED") return new EmailAlreadyVerifiedError();
|
|
359
|
+
if (errorCode === "EMAIL_MISMATCH") return new EmailMismatchError();
|
|
225
360
|
if (errorCode === "PASSWORD_TOO_SHORT") return new PasswordTooShortError(8);
|
|
226
361
|
if (errorCode === "PASSWORD_TOO_LONG") return new PasswordTooLongError(128);
|
|
227
362
|
if (errorCode === "USER_ALREADY_EXISTS" || errorCode === "USER_ALREADY_EXISTS_USE_ANOTHER_EMAIL") return new AccountAlreadyExistsError();
|
|
@@ -231,16 +366,27 @@ function mapBetterAuthError(error) {
|
|
|
231
366
|
if (errorCode === "FAILED_TO_CREATE_USER") return new FailedToCreateUserError();
|
|
232
367
|
if (errorCode === "FAILED_TO_UPDATE_USER") return new FailedToUpdateUserError();
|
|
233
368
|
if (errorCode === "FAILED_TO_GET_USER_INFO") return new FailedToGetUserInfoError();
|
|
234
|
-
if (errorCode === "SOCIAL_ACCOUNT_ALREADY_LINKED") return new SocialAccountLinkedError();
|
|
369
|
+
if (errorCode === "SOCIAL_ACCOUNT_ALREADY_LINKED" || errorCode === "LINKED_ACCOUNT_ALREADY_EXISTS") return new SocialAccountLinkedError();
|
|
235
370
|
if (errorCode === "PROVIDER_NOT_FOUND") return new ProviderNotFoundError();
|
|
236
371
|
if (errorCode === "ID_TOKEN_NOT_SUPPORTED") return new IdTokenNotSupportedError();
|
|
237
|
-
if (errorCode === "INVALID_TOKEN") return new
|
|
372
|
+
if (errorCode === "INVALID_TOKEN") return new InvalidTokenError();
|
|
238
373
|
if (errorCode === "TOKEN_EXPIRED") return new TokenExpiredError();
|
|
239
|
-
if (errorCode === "USER_ALREADY_HAS_PASSWORD") return new UserAlreadyHasPasswordError();
|
|
240
|
-
return new
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
374
|
+
if (errorCode === "USER_ALREADY_HAS_PASSWORD" || errorCode === "PASSWORD_ALREADY_SET") return new UserAlreadyHasPasswordError();
|
|
375
|
+
if (errorCode === "INVALID_CALLBACK_URL" || errorCode === "INVALID_REDIRECT_URL" || errorCode === "INVALID_NEW_USER_CALLBACK_URL" || errorCode === "INVALID_ERROR_CALLBACK_URL" || errorCode === "CALLBACK_URL_REQUIRED") return new InvalidCallbackUrlError();
|
|
376
|
+
if (errorCode === "INVALID_ORIGIN" || errorCode === "MISSING_OR_NULL_ORIGIN" || errorCode === "CROSS_SITE_NAVIGATION_LOGIN_BLOCKED") return new InvalidOriginError();
|
|
377
|
+
if (errorCode === "VALIDATION_ERROR" || errorCode === "MISSING_FIELD" || errorCode === "FIELD_NOT_ALLOWED" || errorCode === "BODY_MUST_BE_AN_OBJECT" || errorCode === "ASYNC_VALIDATION_NOT_SUPPORTED" || errorCode === "METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED") return new AuthValidationFailedError();
|
|
378
|
+
if (errorCode === "FAILED_TO_CREATE_VERIFICATION" || errorCode === "VERIFICATION_EMAIL_NOT_ENABLED") return new FailedToCreateSessionError();
|
|
379
|
+
if (errorCode === "ORGANIZATION_NOT_FOUND" || errorCode === "NO_ACTIVE_ORGANIZATION") return new OrganizationNotFoundError();
|
|
380
|
+
if (errorCode === "MEMBER_NOT_FOUND" || errorCode === "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION" || errorCode === "USER_IS_NOT_A_MEMBER_OF_THE_TEAM") return new OrganizationMemberNotFoundError();
|
|
381
|
+
if (errorCode === "INVITATION_NOT_FOUND" || errorCode === "FAILED_TO_RETRIEVE_INVITATION") return new OrganizationInvitationNotFoundError();
|
|
382
|
+
if (errorCode === "YOU_ARE_NOT_THE_RECIPIENT_OF_THE_INVITATION" || errorCode === "EMAIL_VERIFICATION_REQUIRED_BEFORE_ACCEPTING_OR_REJECTING_INVITATION") return new OrganizationInvitationRecipientMismatchError();
|
|
383
|
+
if (errorCode === "TEAM_NOT_FOUND" || errorCode === "YOU_DO_NOT_HAVE_AN_ACTIVE_TEAM") return new OrganizationTeamNotFoundError();
|
|
384
|
+
if (errorCode === "ROLE_NOT_FOUND" || errorCode === "INVALID_RESOURCE") return new OrganizationRoleNotFoundError();
|
|
385
|
+
if (errorCode === "ORGANIZATION_ALREADY_EXISTS" || errorCode === "ORGANIZATION_SLUG_ALREADY_TAKEN" || errorCode === "USER_IS_ALREADY_A_MEMBER_OF_THIS_ORGANIZATION" || errorCode === "USER_IS_ALREADY_INVITED_TO_THIS_ORGANIZATION" || errorCode === "TEAM_ALREADY_EXISTS" || errorCode === "ROLE_NAME_IS_ALREADY_TAKEN") return new OrganizationConflictError();
|
|
386
|
+
if (errorCode === "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS" || errorCode === "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS" || errorCode === "ORGANIZATION_MEMBERSHIP_LIMIT_REACHED" || errorCode === "INVITATION_LIMIT_REACHED" || errorCode === "TEAM_MEMBER_LIMIT_REACHED" || errorCode === "TOO_MANY_ROLES") return new OrganizationLimitReachedError();
|
|
387
|
+
if (errorCode === "YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER" || errorCode === "YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER" || errorCode === "UNABLE_TO_REMOVE_LAST_TEAM" || errorCode === "CANNOT_DELETE_A_PRE_DEFINED_ROLE" || errorCode === "ROLE_IS_ASSIGNED_TO_MEMBERS" || errorCode === "YOU_CANNOT_IMPERSONATE_ADMINS" || errorCode === "YOU_CANNOT_BAN_YOURSELF" || errorCode === "YOU_CANNOT_REMOVE_YOURSELF" || errorCode === "INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION") return new OrganizationMembershipError();
|
|
388
|
+
if (errorCode.startsWith("YOU_ARE_NOT_ALLOWED_TO_") || errorCode === "YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION" || errorCode === "YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM" || errorCode === "YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE" || errorCode === "MISSING_AC_INSTANCE") return new OrganizationPermissionDeniedError();
|
|
389
|
+
return new BetterAuthUnknownError(errorCode);
|
|
244
390
|
}
|
|
245
391
|
/**
|
|
246
392
|
* Type guard to check if an error is a Better Auth APIError.
|
|
@@ -297,7 +443,7 @@ let AuthService = class AuthService {
|
|
|
297
443
|
};
|
|
298
444
|
AuthService = __decorate([
|
|
299
445
|
Transient(AUTH_SERVICE),
|
|
300
|
-
__decorateParam(0, inject(AUTH_OPTIONS)),
|
|
446
|
+
__decorateParam(0, inject$1(AUTH_OPTIONS)),
|
|
301
447
|
__decorateMetadata("design:paramtypes", [Object])
|
|
302
448
|
], AuthService);
|
|
303
449
|
//#endregion
|
|
@@ -309,30 +455,56 @@ let AuthModule = _AuthModule = class AuthModule {
|
|
|
309
455
|
*
|
|
310
456
|
* Registers middlewares in order:
|
|
311
457
|
* 1. AuthContextMiddleware - Creates and registers AuthContext in request container
|
|
312
|
-
* 2. SessionVerificationMiddleware - Verifies session and populates AuthContext with userId
|
|
458
|
+
* 2. SessionVerificationMiddleware - Verifies session and populates AuthContext with userId + role
|
|
313
459
|
*/
|
|
314
460
|
configureRoutes(router) {
|
|
315
461
|
router.use(AuthContextMiddleware, SessionVerificationMiddleware);
|
|
316
462
|
}
|
|
317
463
|
/**
|
|
318
|
-
* Configure AuthModule with async options factory
|
|
464
|
+
* Configure AuthModule with async options factory.
|
|
465
|
+
* Optionally provide `accessControl` to enable permission-based authorization.
|
|
319
466
|
*/
|
|
320
467
|
static forRootAsync(options) {
|
|
468
|
+
const { accessControl } = options;
|
|
469
|
+
const authOptionsProvider = accessControl ? {
|
|
470
|
+
provide: AUTH_OPTIONS,
|
|
471
|
+
useFactory: (...deps) => {
|
|
472
|
+
const raw = options.useFactory(...deps);
|
|
473
|
+
return {
|
|
474
|
+
...raw,
|
|
475
|
+
plugins: [createStratalAcPlugin(accessControl), ...raw.plugins ?? []]
|
|
476
|
+
};
|
|
477
|
+
},
|
|
478
|
+
inject: options.inject
|
|
479
|
+
} : {
|
|
480
|
+
provide: AUTH_OPTIONS,
|
|
481
|
+
useFactory: options.useFactory,
|
|
482
|
+
inject: options.inject
|
|
483
|
+
};
|
|
321
484
|
return {
|
|
322
485
|
module: _AuthModule,
|
|
323
|
-
providers: [
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
486
|
+
providers: [
|
|
487
|
+
authOptionsProvider,
|
|
488
|
+
{
|
|
489
|
+
provide: AUTH_SERVICE,
|
|
490
|
+
useClass: AuthService
|
|
491
|
+
},
|
|
492
|
+
...accessControl ? [{
|
|
493
|
+
provide: AC_TOKENS.Options,
|
|
494
|
+
useValue: accessControl
|
|
495
|
+
}, {
|
|
496
|
+
provide: AC_TOKENS.AccessService,
|
|
497
|
+
useClass: AccessService
|
|
498
|
+
}] : []
|
|
499
|
+
]
|
|
331
500
|
};
|
|
332
501
|
}
|
|
333
502
|
};
|
|
334
|
-
AuthModule = _AuthModule = __decorate([Module({
|
|
503
|
+
AuthModule = _AuthModule = __decorate([Module({
|
|
504
|
+
imports: [I18nModule.registerMessages(authMessages)],
|
|
505
|
+
providers: []
|
|
506
|
+
})], AuthModule);
|
|
335
507
|
//#endregion
|
|
336
|
-
export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthService, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailCannotBeUpdatedError, EmailNotVerifiedError, FailedToCreateSessionError, FailedToCreateUserError, FailedToGetSessionError, FailedToGetUserInfoError, FailedToUpdateUserError, IdTokenNotSupportedError, InvalidCredentialsError, InvalidEmailError, InvalidPasswordError, InvalidTokenError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, VerificationFailedError, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
|
|
508
|
+
export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthService, AuthValidationFailedError, BetterAuthUnknownError, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailAlreadyVerifiedError, EmailCannotBeUpdatedError, EmailMismatchError, EmailNotVerifiedError, FailedToCreateSessionError, FailedToCreateUserError, FailedToGetSessionError, FailedToGetUserInfoError, FailedToUpdateUserError, IdTokenNotSupportedError, InvalidCallbackUrlError, InvalidCredentialsError, InvalidEmailError, InvalidOriginError, InvalidPasswordError, InvalidTokenError, OrganizationConflictError, OrganizationInvitationNotFoundError, OrganizationInvitationRecipientMismatchError, OrganizationLimitReachedError, OrganizationMemberNotFoundError, OrganizationMembershipError, OrganizationNotFoundError, OrganizationPermissionDeniedError, OrganizationRoleNotFoundError, OrganizationTeamNotFoundError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, VerificationFailedError, authMessages, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
|
|
337
509
|
|
|
338
510
|
//# sourceMappingURL=index.mjs.map
|