@stratal/framework 0.0.20 → 0.0.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access-control/index.d.mts +8 -14
- package/dist/access-control/index.d.mts.map +1 -1
- package/dist/access-control/index.mjs +3 -3
- package/dist/access-control/index.mjs.map +1 -1
- package/dist/{access.service-BjYVtUJw.mjs → access.service-DWRsDLJq.mjs} +9 -12
- package/dist/access.service-DWRsDLJq.mjs.map +1 -0
- package/dist/auth/index.d.mts +60 -133
- package/dist/auth/index.d.mts.map +1 -1
- package/dist/auth/index.mjs +123 -200
- package/dist/auth/index.mjs.map +1 -1
- package/dist/{auth-context-6Li1JkIq.mjs → auth-context-CObJcW0t.mjs} +7 -6
- package/dist/auth-context-CObJcW0t.mjs.map +1 -0
- package/dist/{auth-context-B44CDZCt.d.mts → auth-context-D70ktWUf.d.mts} +8 -9
- package/dist/auth-context-D70ktWUf.d.mts.map +1 -0
- package/dist/context/index.d.mts +5 -10
- package/dist/context/index.d.mts.map +1 -1
- package/dist/context/index.mjs +3 -3
- package/dist/database/index.d.mts +3 -3
- package/dist/database/index.mjs +45 -179
- package/dist/database/index.mjs.map +1 -1
- package/dist/{decorate-CdfCRvAc.mjs → decorate-7CAoTBu4.mjs} +1 -1
- package/dist/{decorateParam-Dc5DGEpb.mjs → decorateParam-C_dJ_dIO.mjs} +2 -2
- package/dist/{decorateParam-Dc5DGEpb.mjs.map → decorateParam-C_dJ_dIO.mjs.map} +1 -1
- package/dist/errors-MCyrn_V2.mjs +18 -0
- package/dist/errors-MCyrn_V2.mjs.map +1 -0
- package/dist/factory/index.d.mts +1 -1
- package/dist/factory/index.mjs +1 -0
- package/dist/factory/index.mjs.map +1 -1
- package/dist/guards/index.d.mts.map +1 -1
- package/dist/guards/index.mjs +12 -16
- package/dist/guards/index.mjs.map +1 -1
- package/dist/{index-CCDPF-1Y.d.mts → index-DJ_DCIul.d.mts} +11 -93
- package/dist/index-DJ_DCIul.d.mts.map +1 -0
- package/dist/index.d.mts +1 -1
- package/dist/insufficient-permissions.error-GwrkWnEM.mjs +16 -0
- package/dist/insufficient-permissions.error-GwrkWnEM.mjs.map +1 -0
- package/dist/{types-BZlcRR2M.d.mts → types-4uX3XKRM.d.mts} +1 -1
- package/dist/{types-BZlcRR2M.d.mts.map → types-4uX3XKRM.d.mts.map} +1 -1
- package/dist/{types-BLyu9dAd.d.mts → types-tu9pTehB.d.mts} +1 -1
- package/dist/{types-BLyu9dAd.d.mts.map → types-tu9pTehB.d.mts.map} +1 -1
- package/package.json +16 -14
- package/dist/access.service-BjYVtUJw.mjs.map +0 -1
- package/dist/auth-context-6Li1JkIq.mjs.map +0 -1
- package/dist/auth-context-B44CDZCt.d.mts.map +0 -1
- package/dist/decorateMetadata-CqtSx3_1.mjs +0 -6
- package/dist/errors-B1vVXc1T.mjs +0 -25
- package/dist/errors-B1vVXc1T.mjs.map +0 -1
- package/dist/index-CCDPF-1Y.d.mts.map +0 -1
- package/dist/insufficient-permissions.error-CRnOHYvq.mjs +0 -23
- package/dist/insufficient-permissions.error-CRnOHYvq.mjs.map +0 -1
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { n as RolePermissions, t as AccessControlOptions } from "../types-
|
|
2
|
-
import {
|
|
3
|
-
import { t as AuthContext } from "../auth-context-
|
|
4
|
-
import {
|
|
5
|
-
import { BetterAuthPlugin } from "better-auth";
|
|
1
|
+
import { n as RolePermissions, t as AccessControlOptions } from "../types-tu9pTehB.mjs";
|
|
2
|
+
import { O as DatabaseService } from "../index-DJ_DCIul.mjs";
|
|
3
|
+
import { t as AuthContext } from "../auth-context-D70ktWUf.mjs";
|
|
4
|
+
import { HttpException } from "stratal/errors";
|
|
6
5
|
import { AccessControl, Role, Statements } from "better-auth/plugins/access";
|
|
6
|
+
import { BetterAuthPlugin } from "better-auth";
|
|
7
7
|
|
|
8
8
|
//#region src/access-control/tokens.d.ts
|
|
9
9
|
declare const AC_TOKENS: {
|
|
@@ -164,15 +164,9 @@ declare class AccessService {
|
|
|
164
164
|
}
|
|
165
165
|
//#endregion
|
|
166
166
|
//#region src/access-control/errors/insufficient-permissions.error.d.ts
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
* Thrown when a user attempts to perform an action without the required permissions.
|
|
171
|
-
* Used by AuthGuard after an authorization check fails.
|
|
172
|
-
*
|
|
173
|
-
* HTTP Status: 403 Forbidden
|
|
174
|
-
*/
|
|
175
|
-
declare class InsufficientPermissionsError extends ApplicationError {
|
|
167
|
+
declare class InsufficientPermissionsError extends HttpException {
|
|
168
|
+
readonly requiredPermissions: string;
|
|
169
|
+
readonly userId?: string;
|
|
176
170
|
constructor(requiredPermissions: string | string[], userId?: string);
|
|
177
171
|
}
|
|
178
172
|
//#endregion
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/access-control/tokens.ts","../../src/access-control/create-access-control.ts","../../src/access-control/extend-role.ts","../../src/access-control/plugin.ts","../../src/access-control/services/access.service.ts","../../src/access-control/errors/insufficient-permissions.error.ts"],"mappings":";;;;;;;;cAAa,SAAA;+CAKH,aAAA;WAAA,OAAA;AAAA;;;;;;;;;AALV;;;;;;;;AC8BA;;;;;;;;;;;;iBAAgB,mBAAA,oBACK,UAAA,iBACJ,MAAA,SAAe,eAAA,CAAgB,UAAA,GAAA,CAC9C,MAAA;EACA,SAAA,EAAW,UAAA;EACX,KAAA,EAAO,MAAA;AAAA,IACL,oBAAA,CAAqB,UAAA,EAAY,MAAA;;;;;;;;;;ADpCrC;;;;KEaK,eAAA,WACO,UAAA,YACA,OAAA,CAAQ,MAAA,8CAEN,CAAA,SAAU,CAAA,GAAI,CAAA,eAAgB,CAAA,GACxC,CAAA,eAAgB,CAAA,aACN,CAAA,CAAE,CAAA,YAAa,WAAA,CAAY,CAAA,CAAE,CAAA,gBACvC,CAAA,CAAE,CAAA,IACF,CAAA,eAAgB,CAAA,GAChB,WAAA,CAAY,CAAA,CAAE,CAAA;;ADQlB;;;;;;;;;;;;;;;;iBCagB,UAAA,iBACE,UAAA,iBACD,OAAA,CAAQ,MAAA,6BAAA,CAEvB,EAAA,EAAI,aAAA,CAAc,OAAA,GAClB,MAAA,EAAQ,IAAA,CAAK,OAAA,GACb,KAAA,EAAO,MAAA,GACN,IAAA,CAAK,eAAA,CAAgB,OAAA,EAAS,MAAA;;;;;;;;;AFlDjC;;;iBGYgB,qBAAA,CAAsB,QAAA,EAAU,oBAAA,GAAuB,gBAAA;;;;;;;;AHZvE;;;;;;;;AC8BA;;;;;;;;;;;;;;cGSa,aAAA;EAAA,iBAGQ,WAAA;EAAA,iBAEA,EAAA;EAAA,iBAEA,OAAA;cAJA,WAAA,EAAa,WAAA,EAEb,EAAA,EAAI,eAAA,EAEJ,OAAA,EAAS,oBAAA;EHdkB;;;;;;EGuBxC,YAAA,CAAa,MAAA,WAAiB,OAAA;EHnBb;;;;;EGoCjB,WAAA,CAAY,MAAA,UAAgB,IAAA,sBAA0B,OAAA;;AFxEmB;;;;EEqFzE,aAAA,CAAc,MAAA,UAAgB,WAAA,EAAa,MAAA,qBAA2B,OAAA;EFtElE;;;;EE+EJ,qBAAA,CAAsB,MAAA,WAAiB,OAAA,CAAQ,MAAA;EF5EnD;;;;EEqFF,mBAAA,CAAA;EFpFyC;;;;EE4FzC,wBAAA,CAAyB,WAAA,EAAa,MAAA;EF1FpB;;;;EEoGlB,yBAAA,CAAA,GAA6B,MAAA;EAAA,QAKrB,gBAAA;EAAA,QAqBA,gBAAA;AAAA
|
|
1
|
+
{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/access-control/tokens.ts","../../src/access-control/create-access-control.ts","../../src/access-control/extend-role.ts","../../src/access-control/plugin.ts","../../src/access-control/services/access.service.ts","../../src/access-control/errors/insufficient-permissions.error.ts"],"mappings":";;;;;;;;cAAa,SAAA;+CAKH,aAAA;WAAA,OAAA;AAAA;;;;;;;;;AALV;;;;;;;;AC8BA;;;;;;;;;;;;iBAAgB,mBAAA,oBACK,UAAA,iBACJ,MAAA,SAAe,eAAA,CAAgB,UAAA,GAAA,CAC9C,MAAA;EACA,SAAA,EAAW,UAAA;EACX,KAAA,EAAO,MAAA;AAAA,IACL,oBAAA,CAAqB,UAAA,EAAY,MAAA;;;;;;;;;;ADpCrC;;;;KEaK,eAAA,WACO,UAAA,YACA,OAAA,CAAQ,MAAA,8CAEN,CAAA,SAAU,CAAA,GAAI,CAAA,eAAgB,CAAA,GACxC,CAAA,eAAgB,CAAA,aACN,CAAA,CAAE,CAAA,YAAa,WAAA,CAAY,CAAA,CAAE,CAAA,gBACvC,CAAA,CAAE,CAAA,IACF,CAAA,eAAgB,CAAA,GAChB,WAAA,CAAY,CAAA,CAAE,CAAA;;ADQlB;;;;;;;;;;;;;;;;iBCagB,UAAA,iBACE,UAAA,iBACD,OAAA,CAAQ,MAAA,6BAAA,CAEvB,EAAA,EAAI,aAAA,CAAc,OAAA,GAClB,MAAA,EAAQ,IAAA,CAAK,OAAA,GACb,KAAA,EAAO,MAAA,GACN,IAAA,CAAK,eAAA,CAAgB,OAAA,EAAS,MAAA;;;;;;;;;AFlDjC;;;iBGYgB,qBAAA,CAAsB,QAAA,EAAU,oBAAA,GAAuB,gBAAA;;;;;;;;AHZvE;;;;;;;;AC8BA;;;;;;;;;;;;;;cGSa,aAAA;EAAA,iBAGQ,WAAA;EAAA,iBAEA,EAAA;EAAA,iBAEA,OAAA;cAJA,WAAA,EAAa,WAAA,EAEb,EAAA,EAAI,eAAA,EAEJ,OAAA,EAAS,oBAAA;EHdkB;;;;;;EGuBxC,YAAA,CAAa,MAAA,WAAiB,OAAA;EHnBb;;;;;EGoCjB,WAAA,CAAY,MAAA,UAAgB,IAAA,sBAA0B,OAAA;;AFxEmB;;;;EEqFzE,aAAA,CAAc,MAAA,UAAgB,WAAA,EAAa,MAAA,qBAA2B,OAAA;EFtElE;;;;EE+EJ,qBAAA,CAAsB,MAAA,WAAiB,OAAA,CAAQ,MAAA;EF5EnD;;;;EEqFF,mBAAA,CAAA;EFpFyC;;;;EE4FzC,wBAAA,CAAyB,WAAA,EAAa,MAAA;EF1FpB;;;;EEoGlB,yBAAA,CAAA,GAA6B,MAAA;EAAA,QAKrB,gBAAA;EAAA,QAqBA,gBAAA;AAAA;;;cCjJG,4BAAA,SAAqC,aAAA;EAAA,SAChC,mBAAA;EAAA,SACA,MAAA;cAEJ,mBAAA,qBAAwC,MAAA;AAAA"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { n as createStratalAcPlugin, t as AccessService } from "../access.service-
|
|
2
|
-
import { n as AC_TOKENS } from "../decorateParam-
|
|
3
|
-
import { t as InsufficientPermissionsError } from "../insufficient-permissions.error-
|
|
1
|
+
import { n as createStratalAcPlugin, t as AccessService } from "../access.service-DWRsDLJq.mjs";
|
|
2
|
+
import { n as AC_TOKENS } from "../decorateParam-C_dJ_dIO.mjs";
|
|
3
|
+
import { t as InsufficientPermissionsError } from "../insufficient-permissions.error-GwrkWnEM.mjs";
|
|
4
4
|
import { createAccessControl as createAccessControl$1 } from "better-auth/plugins/access";
|
|
5
5
|
//#region src/access-control/create-access-control.ts
|
|
6
6
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.mjs","names":["baCreateAC"],"sources":["../../src/access-control/create-access-control.ts","../../src/access-control/extend-role.ts"],"sourcesContent":["import type { Role, Statements } from 'better-auth/plugins/access'\nimport { createAccessControl as baCreateAC } from 'better-auth/plugins/access'\nimport type { AccessControlOptions, RolePermissions } from './types'\n\n/**\n * Define access control resources and roles in one place.\n *\n * Returns `{ ac, roles }` — spread this directly into `accessControl`,\n * `admin({ ...permissions })`, or `organization({ ...permissions })`.\n *\n * @example\n * ```typescript\n * export const permissions = createAccessControl({\n * resources: {\n * posts: ['create', 'read', 'update', 'delete'],\n * admin: ['access'],\n * } as const,\n * roles: {\n * admin: { posts: ['create', 'read', 'update', 'delete'], admin: ['access'] },\n * user: { posts: ['create', 'read'] },\n * },\n * })\n *\n * // In AuthModule:\n * accessControl: permissions\n *\n * // With Better Auth admin plugin (same object):\n * plugins: [admin({ ...permissions })]\n * ```\n */\nexport function createAccessControl<\n TResources extends Statements,\n TRoles extends Record<string, RolePermissions<TResources>>,\n>(config: {\n resources: TResources\n roles: TRoles\n}): AccessControlOptions<TResources, TRoles> {\n const ac = baCreateAC(config.resources)\n const roles = Object.fromEntries(\n Object.entries(config.roles).map(([name, perms]) => [name, ac.newRole(perms as unknown as Statements)])\n ) as { [K in keyof TRoles]: Role<TResources> }\n return { ac, roles }\n}\n","import type { AccessControl, Role, Statements } from 'better-auth/plugins/access'\n\n/**\n * Merges two Statements types, unioning the action arrays for overlapping resource keys.\n *\n * @example\n * ```typescript\n * type A = { posts: readonly ['create', 'read'] }\n * type B = { posts: readonly ['update']; admin: readonly ['access'] }\n * type M = MergeStatements<A, B>\n * // → { posts: readonly ('create' | 'read' | 'update')[]; admin: readonly ['access'] }\n * ```\n */\ntype MergeStatements<\n A extends Statements,\n B extends Partial<Record<string, readonly string[]>>\n> = {\n [K in keyof A | keyof B]: K extends keyof A\n ? K extends keyof B\n ? readonly (A[K][number] | NonNullable<B[K]>[number])[]\n : A[K]\n : K extends keyof B\n ? NonNullable<B[K]>\n : never\n} & {}\n\n/**\n * Extend an existing role with additional permissions.\n *\n * Duplicate resource keys are merged (actions are unioned), not overwritten.\n * Better Auth has no built-in role inheritance — use this to compose roles.\n *\n * @example\n * ```typescript\n * const adminRole = ac.newRole({ posts: ['create', 'read', 'update', 'delete'] })\n * const superAdminRole = extendRole(ac, adminRole, { users: ['ban', 'delete'] })\n * // superAdminRole has both posts and users permissions\n *\n * // Duplicate keys are merged, not overwritten:\n * const editorRole = extendRole(ac, userRole, { posts: ['update'] })\n * // if userRole had posts: ['create', 'read'], editorRole has posts: ['create', 'read', 'update']\n * ```\n */\nexport function extendRole<\n TParent extends Statements,\n TExtra extends Partial<Record<string, readonly string[]>>\n>(\n ac: AccessControl<TParent>,\n parent: Role<TParent>,\n extra: TExtra\n): Role<MergeStatements<TParent, TExtra>> {\n const merged: Record<string, string[]> = {}\n\n for (const [key, actions] of Object.entries(parent.statements)) {\n merged[key] = [...(actions as string[])]\n }\n\n for (const [key, actions] of Object.entries(extra)) {\n if (!actions) continue\n if (key in merged) {\n merged[key] = [...new Set([...merged[key], ...actions])]\n } else {\n merged[key] = [...actions]\n }\n }\n\n return ac.newRole(merged) as Role<MergeStatements<TParent, TExtra>>\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,SAAgB,oBAGd,QAG2C;CAC3C,MAAM,KAAKA,sBAAW,OAAO,UAAU;
|
|
1
|
+
{"version":3,"file":"index.mjs","names":["baCreateAC"],"sources":["../../src/access-control/create-access-control.ts","../../src/access-control/extend-role.ts"],"sourcesContent":["import type { Role, Statements } from 'better-auth/plugins/access'\nimport { createAccessControl as baCreateAC } from 'better-auth/plugins/access'\nimport type { AccessControlOptions, RolePermissions } from './types'\n\n/**\n * Define access control resources and roles in one place.\n *\n * Returns `{ ac, roles }` — spread this directly into `accessControl`,\n * `admin({ ...permissions })`, or `organization({ ...permissions })`.\n *\n * @example\n * ```typescript\n * export const permissions = createAccessControl({\n * resources: {\n * posts: ['create', 'read', 'update', 'delete'],\n * admin: ['access'],\n * } as const,\n * roles: {\n * admin: { posts: ['create', 'read', 'update', 'delete'], admin: ['access'] },\n * user: { posts: ['create', 'read'] },\n * },\n * })\n *\n * // In AuthModule:\n * accessControl: permissions\n *\n * // With Better Auth admin plugin (same object):\n * plugins: [admin({ ...permissions })]\n * ```\n */\nexport function createAccessControl<\n TResources extends Statements,\n TRoles extends Record<string, RolePermissions<TResources>>,\n>(config: {\n resources: TResources\n roles: TRoles\n}): AccessControlOptions<TResources, TRoles> {\n const ac = baCreateAC(config.resources)\n const roles = Object.fromEntries(\n Object.entries(config.roles).map(([name, perms]) => [name, ac.newRole(perms as unknown as Statements)])\n ) as { [K in keyof TRoles]: Role<TResources> }\n return { ac, roles }\n}\n","import type { AccessControl, Role, Statements } from 'better-auth/plugins/access'\n\n/**\n * Merges two Statements types, unioning the action arrays for overlapping resource keys.\n *\n * @example\n * ```typescript\n * type A = { posts: readonly ['create', 'read'] }\n * type B = { posts: readonly ['update']; admin: readonly ['access'] }\n * type M = MergeStatements<A, B>\n * // → { posts: readonly ('create' | 'read' | 'update')[]; admin: readonly ['access'] }\n * ```\n */\ntype MergeStatements<\n A extends Statements,\n B extends Partial<Record<string, readonly string[]>>\n> = {\n [K in keyof A | keyof B]: K extends keyof A\n ? K extends keyof B\n ? readonly (A[K][number] | NonNullable<B[K]>[number])[]\n : A[K]\n : K extends keyof B\n ? NonNullable<B[K]>\n : never\n} & {}\n\n/**\n * Extend an existing role with additional permissions.\n *\n * Duplicate resource keys are merged (actions are unioned), not overwritten.\n * Better Auth has no built-in role inheritance — use this to compose roles.\n *\n * @example\n * ```typescript\n * const adminRole = ac.newRole({ posts: ['create', 'read', 'update', 'delete'] })\n * const superAdminRole = extendRole(ac, adminRole, { users: ['ban', 'delete'] })\n * // superAdminRole has both posts and users permissions\n *\n * // Duplicate keys are merged, not overwritten:\n * const editorRole = extendRole(ac, userRole, { posts: ['update'] })\n * // if userRole had posts: ['create', 'read'], editorRole has posts: ['create', 'read', 'update']\n * ```\n */\nexport function extendRole<\n TParent extends Statements,\n TExtra extends Partial<Record<string, readonly string[]>>\n>(\n ac: AccessControl<TParent>,\n parent: Role<TParent>,\n extra: TExtra\n): Role<MergeStatements<TParent, TExtra>> {\n const merged: Record<string, string[]> = {}\n\n for (const [key, actions] of Object.entries(parent.statements)) {\n merged[key] = [...(actions as string[])]\n }\n\n for (const [key, actions] of Object.entries(extra)) {\n if (!actions) continue\n if (key in merged) {\n merged[key] = [...new Set([...merged[key], ...actions])]\n } else {\n merged[key] = [...actions]\n }\n }\n\n return ac.newRole(merged) as Role<MergeStatements<TParent, TExtra>>\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8BA,SAAgB,oBAGd,QAG2C;CAC3C,MAAM,KAAKA,sBAAW,OAAO,UAAU;CAIvC,OAAO;EAAE;EAAI,OAHC,OAAO,YACnB,OAAO,QAAQ,OAAO,MAAM,CAAC,KAAK,CAAC,MAAM,WAAW,CAAC,MAAM,GAAG,QAAQ,MAA+B,CAAC,CAAC,CAEvF;EAAE;;;;;;;;;;;;;;;;;;;;;ACEtB,SAAgB,WAId,IACA,QACA,OACwC;CACxC,MAAM,SAAmC,EAAE;CAE3C,KAAK,MAAM,CAAC,KAAK,YAAY,OAAO,QAAQ,OAAO,WAAW,EAC5D,OAAO,OAAO,CAAC,GAAI,QAAqB;CAG1C,KAAK,MAAM,CAAC,KAAK,YAAY,OAAO,QAAQ,MAAM,EAAE;EAClD,IAAI,CAAC,SAAS;EACd,IAAI,OAAO,QACT,OAAO,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,OAAO,MAAM,GAAG,QAAQ,CAAC,CAAC;OAExD,OAAO,OAAO,CAAC,GAAG,QAAQ;;CAI9B,OAAO,GAAG,QAAQ,OAAO"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
|
-
import { n as AC_TOKENS, t as __decorateParam } from "./decorateParam-
|
|
2
|
-
import { t as
|
|
3
|
-
import {
|
|
4
|
-
import { DI_TOKENS, Transient, inject } from "stratal/di";
|
|
1
|
+
import { n as AC_TOKENS, t as __decorateParam } from "./decorateParam-C_dJ_dIO.mjs";
|
|
2
|
+
import { t as __decorate } from "./decorate-7CAoTBu4.mjs";
|
|
3
|
+
import { DI_TOKENS, Request, inject } from "stratal/di";
|
|
5
4
|
//#region src/access-control/plugin.ts
|
|
6
5
|
/**
|
|
7
6
|
* Creates the Stratal access control Better Auth plugin.
|
|
@@ -30,6 +29,9 @@ function parseRoles(role) {
|
|
|
30
29
|
return role.split(",").map((r) => r.trim()).filter(Boolean);
|
|
31
30
|
}
|
|
32
31
|
let AccessService = class AccessService {
|
|
32
|
+
authContext;
|
|
33
|
+
db;
|
|
34
|
+
options;
|
|
33
35
|
constructor(authContext, db, options) {
|
|
34
36
|
this.authContext = authContext;
|
|
35
37
|
this.db = db;
|
|
@@ -129,17 +131,12 @@ let AccessService = class AccessService {
|
|
|
129
131
|
}
|
|
130
132
|
};
|
|
131
133
|
AccessService = __decorate([
|
|
132
|
-
|
|
134
|
+
Request(AC_TOKENS.AccessService),
|
|
133
135
|
__decorateParam(0, inject(DI_TOKENS.AuthContext)),
|
|
134
136
|
__decorateParam(1, inject(DI_TOKENS.Database)),
|
|
135
|
-
__decorateParam(2, inject(AC_TOKENS.Options))
|
|
136
|
-
__decorateMetadata("design:paramtypes", [
|
|
137
|
-
Object,
|
|
138
|
-
Object,
|
|
139
|
-
Object
|
|
140
|
-
])
|
|
137
|
+
__decorateParam(2, inject(AC_TOKENS.Options))
|
|
141
138
|
], AccessService);
|
|
142
139
|
//#endregion
|
|
143
140
|
export { createStratalAcPlugin as n, AccessService as t };
|
|
144
141
|
|
|
145
|
-
//# sourceMappingURL=access.service-
|
|
142
|
+
//# sourceMappingURL=access.service-DWRsDLJq.mjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"access.service-DWRsDLJq.mjs","names":[],"sources":["../src/access-control/plugin.ts","../src/access-control/services/access.service.ts"],"sourcesContent":["import type { BetterAuthPlugin } from 'better-auth'\nimport type { AccessControlOptions } from './types'\n\n/**\n * Creates the Stratal access control Better Auth plugin.\n *\n * Ensures the `user.role` schema field exists.\n * No endpoints are added — all permission logic lives in AccessService.\n *\n * Auto-added to Better Auth options when `accessControl` is provided to\n * `AuthModule.forRootAsync()`. Users never call this directly.\n */\nexport function createStratalAcPlugin(_options: AccessControlOptions): BetterAuthPlugin {\n return {\n id: 'stratal-ac',\n schema: {\n user: {\n fields: {\n role: {\n type: 'string',\n required: false,\n input: false,\n defaultValue: 'user',\n },\n },\n },\n },\n }\n}\n","import type { DatabaseService } from '@stratal/framework/database'\nimport { DI_TOKENS, inject, Request } from 'stratal/di'\nimport type { AuthContext } from '../../context/auth-context'\nimport { AC_TOKENS } from '../tokens'\nimport type { AccessControlOptions } from '../types'\n\nfunction parseRoles(role: string | null | undefined): string[] {\n if (!role) return []\n return role.split(',').map(r => r.trim()).filter(Boolean)\n}\n\n/**\n * AccessService\n *\n * Request-scoped service for role and permission management.\n *\n * Roles for the current user are read from AuthContext (populated by\n * SessionVerificationMiddleware — no DB hit). Other users are resolved\n * from the database.\n *\n * Permission checks use Better Auth's `role.authorize()` locally with\n * OR logic — access is granted if any of the user's roles allows it.\n *\n * @example\n * ```typescript\n * // Check current user\n * await accessService.currentUserHasPermission({ posts: ['update'] })\n *\n * // Check arbitrary user (e.g. from an admin action)\n * await accessService.hasPermission(userId, { admin: ['access'] })\n *\n * // Assign a role\n * await accessService.setUserRole(userId, 'admin')\n *\n * // Assign multiple roles\n * await accessService.setUserRole(userId, ['editor', 'reviewer'])\n * ```\n */\n@Request(AC_TOKENS.AccessService)\nexport class AccessService {\n constructor(\n @inject(DI_TOKENS.AuthContext)\n private readonly authContext: AuthContext,\n @inject(DI_TOKENS.Database)\n private readonly db: DatabaseService,\n @inject(AC_TOKENS.Options)\n private readonly options: AccessControlOptions\n ) { }\n\n /**\n * Get all roles for a user.\n *\n * Uses AuthContext for the current user (no DB hit).\n * Falls back to DB for other users.\n */\n async getUserRoles(userId: string): Promise<string[]> {\n if (userId === this.authContext.getUserId()) {\n const roles = this.authContext.getRoles()\n if (roles.length > 0) return roles\n }\n const user = await (this.db).user.findUnique({\n where: { id: userId },\n select: { role: true },\n })\n return parseRoles(user?.role)\n }\n\n /**\n * Assign one or more roles to a user.\n *\n * Multiple roles are stored as a comma-separated string in `user.role`.\n */\n async setUserRole(userId: string, role: string | string[]): Promise<void> {\n const roleStr = Array.isArray(role) ? role.join(',') : role\n await this.db.user.update({\n where: { id: userId },\n data: { role: roleStr },\n })\n }\n\n /**\n * Check if a user has the required permissions.\n *\n * Returns true if any of the user's roles grants all of the requested permissions.\n */\n async hasPermission(userId: string, permissions: Record<string, string[]>): Promise<boolean> {\n const roles = await this.getUserRoles(userId)\n return this.checkPermissions(roles, permissions)\n }\n\n /**\n * Get the merged permission set for a user across all their roles.\n * Useful for sending to the frontend.\n */\n async getPermissionsForUser(userId: string): Promise<Record<string, string[]>> {\n const roles = await this.getUserRoles(userId)\n return this.mergePermissions(roles)\n }\n\n /**\n * Get all roles for the currently authenticated user.\n * Reads from AuthContext — no DB hit.\n */\n getCurrentUserRoles(): string[] {\n return this.authContext.getRoles()\n }\n\n /**\n * Check if the currently authenticated user has the required permissions.\n * Reads roles from AuthContext — no DB hit.\n */\n currentUserHasPermission(permissions: Record<string, string[]>): boolean {\n const roles = this.authContext.getRoles()\n if (roles.length === 0) return false\n return this.checkPermissions(roles, permissions)\n }\n\n /**\n * Get merged permissions for the currently authenticated user.\n * Reads roles from AuthContext — no DB hit.\n */\n getCurrentUserPermissions(): Record<string, string[]> {\n const roles = this.authContext.getRoles()\n return this.mergePermissions(roles)\n }\n\n private checkPermissions(roles: string[], permissions: Record<string, string[]>): boolean {\n return roles.some(roleName => {\n const roleObj = this.options.roles[roleName]\n if (!roleObj) return false\n\n const specific: Record<string, string[]> = {}\n\n for (const [resource, actions] of Object.entries(permissions)) {\n if (actions.includes('*')) {\n // Wildcard: role must have at least one action defined for this resource\n const roleActions = (roleObj.statements as Record<string, readonly string[]>)[resource]\n if (!roleActions?.length) return false\n } else {\n specific[resource] = actions\n }\n }\n\n return Object.keys(specific).length === 0 || roleObj.authorize(specific).success\n })\n }\n\n private mergePermissions(roles: string[]): Record<string, string[]> {\n const result: Record<string, string[]> = {}\n for (const roleName of roles) {\n const roleObj = this.options.roles[roleName]\n if (!roleObj) continue\n for (const [resource, actions] of Object.entries(roleObj.statements)) {\n result[resource] ??= []\n for (const action of actions as string[]) {\n if (!result[resource].includes(action)) {\n result[resource].push(action)\n }\n }\n }\n }\n return result\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAYA,SAAgB,sBAAsB,UAAkD;CACtF,OAAO;EACL,IAAI;EACJ,QAAQ,EACN,MAAM,EACJ,QAAQ,EACN,MAAM;GACJ,MAAM;GACN,UAAU;GACV,OAAO;GACP,cAAc;GACf,EACF,EACF,EACF;EACF;;;;ACrBH,SAAS,WAAW,MAA2C;CAC7D,IAAI,CAAC,MAAM,OAAO,EAAE;CACpB,OAAO,KAAK,MAAM,IAAI,CAAC,KAAI,MAAK,EAAE,MAAM,CAAC,CAAC,OAAO,QAAQ;;AA+BpD,IAAA,gBAAA,MAAM,cAAc;CAGN;CAEA;CAEA;CANnB,YACE,aAEA,IAEA,SAEA;EALiB,KAAA,cAAA;EAEA,KAAA,KAAA;EAEA,KAAA,UAAA;;;;;;;;CASnB,MAAM,aAAa,QAAmC;EACpD,IAAI,WAAW,KAAK,YAAY,WAAW,EAAE;GAC3C,MAAM,QAAQ,KAAK,YAAY,UAAU;GACzC,IAAI,MAAM,SAAS,GAAG,OAAO;;EAM/B,OAAO,YAAW,MAJE,KAAK,GAAI,KAAK,WAAW;GAC3C,OAAO,EAAE,IAAI,QAAQ;GACrB,QAAQ,EAAE,MAAM,MAAM;GACvB,CAAC,GACsB,KAAK;;;;;;;CAQ/B,MAAM,YAAY,QAAgB,MAAwC;EACxE,MAAM,UAAU,MAAM,QAAQ,KAAK,GAAG,KAAK,KAAK,IAAI,GAAG;EACvD,MAAM,KAAK,GAAG,KAAK,OAAO;GACxB,OAAO,EAAE,IAAI,QAAQ;GACrB,MAAM,EAAE,MAAM,SAAS;GACxB,CAAC;;;;;;;CAQJ,MAAM,cAAc,QAAgB,aAAyD;EAC3F,MAAM,QAAQ,MAAM,KAAK,aAAa,OAAO;EAC7C,OAAO,KAAK,iBAAiB,OAAO,YAAY;;;;;;CAOlD,MAAM,sBAAsB,QAAmD;EAC7E,MAAM,QAAQ,MAAM,KAAK,aAAa,OAAO;EAC7C,OAAO,KAAK,iBAAiB,MAAM;;;;;;CAOrC,sBAAgC;EAC9B,OAAO,KAAK,YAAY,UAAU;;;;;;CAOpC,yBAAyB,aAAgD;EACvE,MAAM,QAAQ,KAAK,YAAY,UAAU;EACzC,IAAI,MAAM,WAAW,GAAG,OAAO;EAC/B,OAAO,KAAK,iBAAiB,OAAO,YAAY;;;;;;CAOlD,4BAAsD;EACpD,MAAM,QAAQ,KAAK,YAAY,UAAU;EACzC,OAAO,KAAK,iBAAiB,MAAM;;CAGrC,iBAAyB,OAAiB,aAAgD;EACxF,OAAO,MAAM,MAAK,aAAY;GAC5B,MAAM,UAAU,KAAK,QAAQ,MAAM;GACnC,IAAI,CAAC,SAAS,OAAO;GAErB,MAAM,WAAqC,EAAE;GAE7C,KAAK,MAAM,CAAC,UAAU,YAAY,OAAO,QAAQ,YAAY,EAC3D,IAAI,QAAQ,SAAS,IAAI;QAGnB,CADiB,QAAQ,WAAiD,WAC5D,QAAQ,OAAO;UAEjC,SAAS,YAAY;GAIzB,OAAO,OAAO,KAAK,SAAS,CAAC,WAAW,KAAK,QAAQ,UAAU,SAAS,CAAC;IACzE;;CAGJ,iBAAyB,OAA2C;EAClE,MAAM,SAAmC,EAAE;EAC3C,KAAK,MAAM,YAAY,OAAO;GAC5B,MAAM,UAAU,KAAK,QAAQ,MAAM;GACnC,IAAI,CAAC,SAAS;GACd,KAAK,MAAM,CAAC,UAAU,YAAY,OAAO,QAAQ,QAAQ,WAAW,EAAE;IACpE,OAAO,cAAc,EAAE;IACvB,KAAK,MAAM,UAAU,SACnB,IAAI,CAAC,OAAO,UAAU,SAAS,OAAO,EACpC,OAAO,UAAU,KAAK,OAAO;;;EAKrC,OAAO;;;;CA3HV,QAAQ,UAAU,cAAc;oBAG5B,OAAO,UAAU,YAAY,CAAA;oBAE7B,OAAO,UAAU,SAAS,CAAA;oBAE1B,OAAO,UAAU,QAAQ,CAAA"}
|
package/dist/auth/index.d.mts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { t as AccessControlOptions } from "../types-
|
|
1
|
+
import { t as AccessControlOptions } from "../types-tu9pTehB.mjs";
|
|
2
2
|
import { AsyncModuleOptions, DynamicModule } from "stratal/module";
|
|
3
|
-
import { ApplicationError } from "stratal/errors";
|
|
3
|
+
import { ApplicationError, HttpException } from "stratal/errors";
|
|
4
4
|
import { LoggerService } from "stratal/logger";
|
|
5
|
-
import { Auth, BetterAuthOptions } from "better-auth";
|
|
6
5
|
import { APIError } from "better-auth/api";
|
|
6
|
+
import { Auth, BetterAuthOptions } from "better-auth";
|
|
7
7
|
import { Middleware, Next, RouteConfigurable, Router, RouterContext } from "stratal/router";
|
|
8
8
|
|
|
9
9
|
//#region src/auth/auth.module.d.ts
|
|
@@ -43,203 +43,130 @@ declare const AUTH_SERVICE: unique symbol;
|
|
|
43
43
|
declare const AUTH_OPTIONS: unique symbol;
|
|
44
44
|
//#endregion
|
|
45
45
|
//#region src/auth/errors/auth-errors.d.ts
|
|
46
|
-
declare class UserNotFoundError extends
|
|
47
|
-
|
|
46
|
+
declare class UserNotFoundError extends HttpException {
|
|
47
|
+
readonly email?: string | undefined;
|
|
48
|
+
constructor(email?: string | undefined);
|
|
48
49
|
}
|
|
49
|
-
declare class InvalidCredentialsError extends
|
|
50
|
+
declare class InvalidCredentialsError extends HttpException {
|
|
50
51
|
constructor();
|
|
51
52
|
}
|
|
52
|
-
declare class InvalidPasswordError extends
|
|
53
|
+
declare class InvalidPasswordError extends HttpException {
|
|
53
54
|
constructor();
|
|
54
55
|
}
|
|
55
|
-
declare class InvalidEmailError extends
|
|
56
|
-
|
|
56
|
+
declare class InvalidEmailError extends HttpException {
|
|
57
|
+
readonly email?: string | undefined;
|
|
58
|
+
constructor(email?: string | undefined);
|
|
57
59
|
}
|
|
58
|
-
declare class SessionExpiredError extends
|
|
60
|
+
declare class SessionExpiredError extends HttpException {
|
|
59
61
|
constructor();
|
|
60
62
|
}
|
|
61
|
-
declare class EmailNotVerifiedError extends
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
declare class PasswordTooShortError extends ApplicationError {
|
|
65
|
-
constructor(minLength: number);
|
|
63
|
+
declare class EmailNotVerifiedError extends HttpException {
|
|
64
|
+
readonly email?: string | undefined;
|
|
65
|
+
constructor(email?: string | undefined);
|
|
66
66
|
}
|
|
67
|
-
declare class
|
|
68
|
-
|
|
67
|
+
declare class PasswordTooShortError extends HttpException {
|
|
68
|
+
readonly minLength?: number | undefined;
|
|
69
|
+
constructor(minLength?: number | undefined);
|
|
69
70
|
}
|
|
70
|
-
declare class
|
|
71
|
-
|
|
71
|
+
declare class PasswordTooLongError extends HttpException {
|
|
72
|
+
readonly maxLength?: number | undefined;
|
|
73
|
+
constructor(maxLength?: number | undefined);
|
|
72
74
|
}
|
|
73
|
-
declare class
|
|
74
|
-
|
|
75
|
+
declare class AccountAlreadyExistsError extends HttpException {
|
|
76
|
+
readonly email?: string | undefined;
|
|
77
|
+
constructor(email?: string | undefined);
|
|
75
78
|
}
|
|
76
|
-
declare class
|
|
77
|
-
|
|
79
|
+
declare class SocialAccountLinkedError extends HttpException {
|
|
80
|
+
readonly provider?: string | undefined;
|
|
81
|
+
constructor(provider?: string | undefined);
|
|
78
82
|
}
|
|
79
|
-
declare class
|
|
80
|
-
constructor(reason?: string);
|
|
81
|
-
}
|
|
82
|
-
declare class SocialAccountLinkedError extends ApplicationError {
|
|
83
|
-
constructor(provider?: string);
|
|
84
|
-
}
|
|
85
|
-
declare class CannotUnlinkLastAccountError extends ApplicationError {
|
|
83
|
+
declare class CannotUnlinkLastAccountError extends HttpException {
|
|
86
84
|
constructor();
|
|
87
85
|
}
|
|
88
|
-
declare class ProviderNotFoundError extends
|
|
89
|
-
|
|
86
|
+
declare class ProviderNotFoundError extends HttpException {
|
|
87
|
+
readonly provider?: string | undefined;
|
|
88
|
+
constructor(provider?: string | undefined);
|
|
90
89
|
}
|
|
91
|
-
declare class UserEmailNotFoundError extends
|
|
90
|
+
declare class UserEmailNotFoundError extends HttpException {
|
|
92
91
|
constructor();
|
|
93
92
|
}
|
|
94
|
-
declare class AccountNotFoundError extends
|
|
93
|
+
declare class AccountNotFoundError extends HttpException {
|
|
95
94
|
constructor();
|
|
96
95
|
}
|
|
97
|
-
declare class CredentialAccountNotFoundError extends
|
|
96
|
+
declare class CredentialAccountNotFoundError extends HttpException {
|
|
98
97
|
constructor();
|
|
99
98
|
}
|
|
100
|
-
declare class UserAlreadyHasPasswordError extends
|
|
99
|
+
declare class UserAlreadyHasPasswordError extends HttpException {
|
|
101
100
|
constructor();
|
|
102
101
|
}
|
|
103
|
-
declare class EmailCannotBeUpdatedError extends
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
declare class FailedToGetSessionError extends ApplicationError {
|
|
107
|
-
constructor(reason?: string);
|
|
102
|
+
declare class EmailCannotBeUpdatedError extends HttpException {
|
|
103
|
+
readonly reason?: string | undefined;
|
|
104
|
+
constructor(reason?: string | undefined);
|
|
108
105
|
}
|
|
109
|
-
declare class
|
|
110
|
-
constructor(reason?: string);
|
|
111
|
-
}
|
|
112
|
-
declare class IdTokenNotSupportedError extends ApplicationError {
|
|
106
|
+
declare class IdTokenNotSupportedError extends HttpException {
|
|
113
107
|
constructor();
|
|
114
108
|
}
|
|
115
|
-
declare class TokenExpiredError extends
|
|
109
|
+
declare class TokenExpiredError extends HttpException {
|
|
116
110
|
constructor();
|
|
117
111
|
}
|
|
118
|
-
declare class InvalidCallbackUrlError extends
|
|
112
|
+
declare class InvalidCallbackUrlError extends HttpException {
|
|
119
113
|
constructor();
|
|
120
114
|
}
|
|
121
|
-
declare class InvalidOriginError extends
|
|
115
|
+
declare class InvalidOriginError extends HttpException {
|
|
122
116
|
constructor();
|
|
123
117
|
}
|
|
124
|
-
declare class AuthValidationFailedError extends
|
|
118
|
+
declare class AuthValidationFailedError extends HttpException {
|
|
125
119
|
constructor();
|
|
126
120
|
}
|
|
127
|
-
declare class EmailAlreadyVerifiedError extends
|
|
121
|
+
declare class EmailAlreadyVerifiedError extends HttpException {
|
|
128
122
|
constructor();
|
|
129
123
|
}
|
|
130
|
-
declare class EmailMismatchError extends
|
|
124
|
+
declare class EmailMismatchError extends HttpException {
|
|
131
125
|
constructor();
|
|
132
126
|
}
|
|
133
|
-
declare class BetterAuthUnknownError extends ApplicationError {
|
|
134
|
-
constructor(errorCode?: string);
|
|
135
|
-
}
|
|
136
127
|
//#endregion
|
|
137
128
|
//#region src/auth/errors/invalid-token.error.d.ts
|
|
138
|
-
declare class InvalidTokenError extends
|
|
129
|
+
declare class InvalidTokenError extends HttpException {
|
|
139
130
|
constructor();
|
|
140
131
|
}
|
|
141
132
|
//#endregion
|
|
142
133
|
//#region src/auth/errors/organization-errors.d.ts
|
|
143
|
-
declare class OrganizationNotFoundError extends
|
|
134
|
+
declare class OrganizationNotFoundError extends HttpException {
|
|
144
135
|
constructor();
|
|
145
136
|
}
|
|
146
|
-
declare class OrganizationMemberNotFoundError extends
|
|
137
|
+
declare class OrganizationMemberNotFoundError extends HttpException {
|
|
147
138
|
constructor();
|
|
148
139
|
}
|
|
149
|
-
declare class OrganizationInvitationNotFoundError extends
|
|
140
|
+
declare class OrganizationInvitationNotFoundError extends HttpException {
|
|
150
141
|
constructor();
|
|
151
142
|
}
|
|
152
|
-
declare class OrganizationPermissionDeniedError extends
|
|
143
|
+
declare class OrganizationPermissionDeniedError extends HttpException {
|
|
153
144
|
constructor();
|
|
154
145
|
}
|
|
155
|
-
declare class OrganizationInvitationRecipientMismatchError extends
|
|
146
|
+
declare class OrganizationInvitationRecipientMismatchError extends HttpException {
|
|
156
147
|
constructor();
|
|
157
148
|
}
|
|
158
|
-
declare class OrganizationConflictError extends
|
|
149
|
+
declare class OrganizationConflictError extends HttpException {
|
|
159
150
|
constructor();
|
|
160
151
|
}
|
|
161
|
-
declare class OrganizationLimitReachedError extends
|
|
152
|
+
declare class OrganizationLimitReachedError extends HttpException {
|
|
162
153
|
constructor();
|
|
163
154
|
}
|
|
164
|
-
declare class OrganizationMembershipError extends
|
|
155
|
+
declare class OrganizationMembershipError extends HttpException {
|
|
165
156
|
constructor();
|
|
166
157
|
}
|
|
167
|
-
declare class OrganizationTeamNotFoundError extends
|
|
158
|
+
declare class OrganizationTeamNotFoundError extends HttpException {
|
|
168
159
|
constructor();
|
|
169
160
|
}
|
|
170
|
-
declare class OrganizationRoleNotFoundError extends
|
|
161
|
+
declare class OrganizationRoleNotFoundError extends HttpException {
|
|
171
162
|
constructor();
|
|
172
163
|
}
|
|
173
164
|
//#endregion
|
|
174
165
|
//#region src/auth/errors/token-required.error.d.ts
|
|
175
|
-
declare class TokenRequiredError extends
|
|
176
|
-
constructor();
|
|
177
|
-
}
|
|
178
|
-
//#endregion
|
|
179
|
-
//#region src/auth/errors/verification-failed.error.d.ts
|
|
180
|
-
declare class VerificationFailedError extends ApplicationError {
|
|
166
|
+
declare class TokenRequiredError extends HttpException {
|
|
181
167
|
constructor();
|
|
182
168
|
}
|
|
183
169
|
//#endregion
|
|
184
|
-
//#region src/auth/i18n/en.d.ts
|
|
185
|
-
declare const authMessages: {
|
|
186
|
-
readonly en: {
|
|
187
|
-
readonly auth: {
|
|
188
|
-
readonly errors: {
|
|
189
|
-
readonly tokenRequired: "Verification token is required";
|
|
190
|
-
readonly invalidToken: "Invalid or expired verification token";
|
|
191
|
-
readonly verificationFailed: "Verification failed. Please try again.";
|
|
192
|
-
readonly userNotFound: "User not found. Please check your credentials.";
|
|
193
|
-
readonly invalidCredentials: "Invalid email or password";
|
|
194
|
-
readonly invalidPassword: "Invalid password";
|
|
195
|
-
readonly invalidEmail: "Invalid email address";
|
|
196
|
-
readonly sessionExpired: "Your session has expired. Please sign in again.";
|
|
197
|
-
readonly emailNotVerified: "Please verify your email address before signing in";
|
|
198
|
-
readonly passwordTooShort: "Password must be at least {minLength} characters";
|
|
199
|
-
readonly passwordTooLong: "Password must be at most {maxLength} characters";
|
|
200
|
-
readonly accountAlreadyExists: "An account with this email already exists";
|
|
201
|
-
readonly failedToCreateUser: "Failed to create user account. Please try again.";
|
|
202
|
-
readonly failedToCreateSession: "Failed to create session. Please try again.";
|
|
203
|
-
readonly failedToGetSession: "Failed to retrieve session. Please try again.";
|
|
204
|
-
readonly failedToUpdateUser: "Failed to update user information. Please try again.";
|
|
205
|
-
readonly failedToGetUserInfo: "Failed to retrieve user information. Please try again.";
|
|
206
|
-
readonly socialAccountLinked: "This social account is already linked to another user";
|
|
207
|
-
readonly providerNotFound: "Authentication provider not found";
|
|
208
|
-
readonly userEmailNotFound: "User email address not found";
|
|
209
|
-
readonly accountNotFound: "Account not found";
|
|
210
|
-
readonly credentialAccountNotFound: "Credential account not found";
|
|
211
|
-
readonly cannotUnlinkLastAccount: "Cannot unlink your last account";
|
|
212
|
-
readonly userAlreadyHasPassword: "User already has a password set";
|
|
213
|
-
readonly emailCannotBeUpdated: "Email address cannot be updated at this time";
|
|
214
|
-
readonly tokenExpired: "The verification token has expired. Please request a new verification email.";
|
|
215
|
-
readonly invalidCallbackUrl: "Invalid callback URL";
|
|
216
|
-
readonly invalidOrigin: "Request origin is not allowed";
|
|
217
|
-
readonly validationFailed: "Authentication validation failed";
|
|
218
|
-
readonly emailAlreadyVerified: "Email address is already verified";
|
|
219
|
-
readonly emailMismatch: "Email address does not match";
|
|
220
|
-
readonly unknownError: "An authentication error occurred";
|
|
221
|
-
};
|
|
222
|
-
readonly org: {
|
|
223
|
-
readonly organizationNotFound: "Organization not found";
|
|
224
|
-
readonly memberNotFound: "Member not found";
|
|
225
|
-
readonly invitationNotFound: "Invitation not found";
|
|
226
|
-
readonly permissionDenied: "You do not have permission to perform this action";
|
|
227
|
-
readonly invitationRecipientMismatch: "You are not the recipient of this invitation";
|
|
228
|
-
readonly conflict: "A resource with this identifier already exists";
|
|
229
|
-
readonly limitReached: "The maximum limit has been reached";
|
|
230
|
-
readonly membershipError: "This action cannot be performed due to membership constraints";
|
|
231
|
-
readonly teamNotFound: "Team not found";
|
|
232
|
-
readonly roleNotFound: "Role not found";
|
|
233
|
-
};
|
|
234
|
-
};
|
|
235
|
-
};
|
|
236
|
-
};
|
|
237
|
-
declare module 'stratal/i18n' {
|
|
238
|
-
interface AppMessageNamespaces {
|
|
239
|
-
auth: typeof authMessages['en']['auth'];
|
|
240
|
-
}
|
|
241
|
-
} //# sourceMappingURL=en.d.ts.map
|
|
242
|
-
//#endregion
|
|
243
170
|
//#region src/auth/middleware/auth-context.middleware.d.ts
|
|
244
171
|
/**
|
|
245
172
|
* Auth Context Middleware
|
|
@@ -276,10 +203,10 @@ declare class AuthContextMiddleware implements Middleware {
|
|
|
276
203
|
*/
|
|
277
204
|
declare class AuthService<TOptions extends BetterAuthOptions = BetterAuthOptions> {
|
|
278
205
|
protected readonly options: TOptions;
|
|
279
|
-
private
|
|
206
|
+
private _authInstance?;
|
|
280
207
|
constructor(options: TOptions);
|
|
281
208
|
/**
|
|
282
|
-
* Get the Better Auth instance
|
|
209
|
+
* Get the Better Auth instance.
|
|
283
210
|
*/
|
|
284
211
|
get auth(): Auth<TOptions>;
|
|
285
212
|
}
|
|
@@ -326,5 +253,5 @@ declare function mapBetterAuthError(error: APIError): ApplicationError;
|
|
|
326
253
|
*/
|
|
327
254
|
declare function isAPIError(error: unknown): error is APIError;
|
|
328
255
|
//#endregion
|
|
329
|
-
export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthModuleAsyncOptions, AuthService, AuthValidationFailedError,
|
|
256
|
+
export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthContextMiddleware, AuthModule, AuthModuleAsyncOptions, AuthService, AuthValidationFailedError, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailAlreadyVerifiedError, EmailCannotBeUpdatedError, EmailMismatchError, EmailNotVerifiedError, IdTokenNotSupportedError, InvalidCallbackUrlError, InvalidCredentialsError, InvalidEmailError, InvalidOriginError, InvalidPasswordError, InvalidTokenError, OrganizationConflictError, OrganizationInvitationNotFoundError, OrganizationInvitationRecipientMismatchError, OrganizationLimitReachedError, OrganizationMemberNotFoundError, OrganizationMembershipError, OrganizationNotFoundError, OrganizationPermissionDeniedError, OrganizationRoleNotFoundError, OrganizationTeamNotFoundError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
|
|
330
257
|
//# sourceMappingURL=index.d.mts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/auth/auth.module.ts","../../src/auth/auth.tokens.ts","../../src/auth/errors/auth-errors.ts","../../src/auth/errors/invalid-token.error.ts","../../src/auth/errors/organization-errors.ts","../../src/auth/errors/token-required.error.ts","../../src/auth/
|
|
1
|
+
{"version":3,"file":"index.d.mts","names":[],"sources":["../../src/auth/auth.module.ts","../../src/auth/auth.tokens.ts","../../src/auth/errors/auth-errors.ts","../../src/auth/errors/invalid-token.error.ts","../../src/auth/errors/organization-errors.ts","../../src/auth/errors/token-required.error.ts","../../src/auth/middleware/auth-context.middleware.ts","../../src/auth/services/auth.service.ts","../../src/auth/middleware/session-verification.middleware.ts","../../src/auth/utils/auth-helpers.ts","../../src/auth/utils/better-auth-error-handler.ts"],"mappings":";;;;;;;;;UAuEiB,sBAAA,kBAAwC,iBAAA,GAAoB,iBAAA,UACnE,kBAAA,CAAmB,QAAA;EAmCX;;;;EA9BhB,aAAA,GAAgB,oBAAA;AAAA;AAAA,cAML,UAAA,YAAsB,iBAAA;EClF2B;;AAG9D;;;;;EDuFE,eAAA,CAAgB,MAAA,EAAQ,MAAA;;;AEzF1B;;;;;;;;SFuGS,YAAA,kBAA8B,iBAAA,CAAA,CACnC,OAAA,EAAS,sBAAA,CAAuB,QAAA,IAC/B,aAAA;AAAA;;;;cC1GQ,YAAA;;cAGA,YAAA;;;cCFA,iBAAA,SAA0B,aAAA;EAAA,SACT,KAAA;cAAA,KAAA;AAAA;AAAA,cAKjB,uBAAA,SAAgC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIhC,oBAAA,SAA6B,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAI7B,iBAAA,SAA0B,aAAA;EAAA,SACT,KAAA;cAAA,KAAA;AAAA;AAAA,cAKjB,mBAAA,SAA4B,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAI5B,qBAAA,SAA8B,aAAA;EAAA,SACb,KAAA;cAAA,KAAA;AAAA;AAAA,cAKjB,qBAAA,SAA8B,aAAA;EAAA,SACb,SAAA;cAAA,SAAA;AAAA;AAAA,cAKjB,oBAAA,SAA6B,aAAA;EAAA,SACZ,SAAA;cAAA,SAAA;AAAA;AAAA,cAKjB,yBAAA,SAAkC,aAAA;EAAA,SACjB,KAAA;cAAA,KAAA;AAAA;AAAA,cAKjB,wBAAA,SAAiC,aAAA;EAAA,SAChB,QAAA;cAAA,QAAA;AAAA;AAAA,cAKjB,4BAAA,SAAqC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIrC,qBAAA,SAA8B,aAAA;EAAA,SACb,QAAA;cAAA,QAAA;AAAA;AAAA,cAKjB,sBAAA,SAA+B,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAI/B,oBAAA,SAA6B,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAI7B,8BAAA,SAAuC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIvC,2BAAA,SAAoC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIpC,yBAAA,SAAkC,aAAA;EAAA,SACjB,MAAA;cAAA,MAAA;AAAA;AAAA,cAKjB,wBAAA,SAAiC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIjC,iBAAA,SAA0B,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAI1B,uBAAA,SAAgC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIhC,kBAAA,SAA2B,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAI3B,yBAAA,SAAkC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIlC,yBAAA,SAAkC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAIlC,kBAAA,SAA2B,aAAA;EAAA,WAAA,CAAA;AAAA;;;cC9G3B,iBAAA,SAA0B,aAAA;EAAA,WAAA,CAAA;AAAA;;;cCA1B,yBAAA,SAAkC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGlC,+BAAA,SAAwC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGxC,mCAAA,SAA4C,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAG5C,iCAAA,SAA0C,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAG1C,4CAAA,SAAqD,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGrD,yBAAA,SAAkC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGlC,6BAAA,SAAsC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGtC,2BAAA,SAAoC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGpC,6BAAA,SAAsC,aAAA;EAAA,WAAA,CAAA;AAAA;AAAA,cAGtC,6BAAA,SAAsC,aAAA;EAAA,WAAA,CAAA;AAAA;;;cC3BtC,kBAAA,SAA2B,aAAA;EAAA,WAAA,CAAA;AAAA;;;;;;;;;;cCU3B,qBAAA,YAAiC,UAAA;EACtC,MAAA,CAAO,GAAA,EAAK,aAAA,EAAe,IAAA,EAAM,IAAA,GAAO,OAAA;AAAA;;;;;;;;;;;AN0DhD;;;;;;;;;;;;;cO3Ca,WAAA,kBAA6B,iBAAA,GAAoB,iBAAA;EAAA,mBAIjB,OAAA,EAAS,QAAA;EAAA,QAH5C,aAAA;cAGmC,OAAA,EAAS,QAAA;EP6ChB;;AAGtC;EAHsC,IOvChC,IAAA,CAAA,GAAQ,IAAA,CAAK,QAAA;AAAA;;;;;;;;;APiCnB;;;;;cQpDa,6BAAA,YAAyC,UAAA;EAAA,iBAGjC,WAAA;EAAA,QAC4B,MAAA;cAD5B,WAAA,EAAa,WAAA,EACe,MAAA,EAAQ,aAAA;EAGjD,MAAA,CAAO,GAAA,EAAK,aAAA,EAAe,IAAA,EAAM,IAAA,GAAO,OAAA;AAAA;;;;;;;iBCnBhC,qBAAA,CAAA,GAAyB,iBAAA;;;;cAe5B,cAAA,MAA2B,EAAA,QAAU,OAAA,CAAQ,CAAA,MAAK,OAAA,CAAQ,CAAA;;;;;;iBCsBvD,kBAAA,CAAmB,KAAA,EAAO,QAAA,GAAW,gBAAA;;;;AV2BrD;;iBUsLgB,UAAA,CAAW,KAAA,YAAiB,KAAA,IAAS,QAAA"}
|