@stratal/framework 0.0.21 → 0.0.23
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/access-control/index.d.mts +8 -14
- package/dist/access-control/index.d.mts.map +1 -1
- package/dist/access-control/index.mjs +3 -3
- package/dist/access-control/index.mjs.map +1 -1
- package/dist/{access.service-Cb99esfz.mjs → access.service-BmDhE-re.mjs} +6 -12
- package/dist/access.service-BmDhE-re.mjs.map +1 -0
- package/dist/auth/index.d.mts +80 -151
- package/dist/auth/index.d.mts.map +1 -1
- package/dist/auth/index.mjs +137 -215
- package/dist/auth/index.mjs.map +1 -1
- package/dist/{auth-context-HLwuOl51.mjs → auth-context-C8NBfiMa.mjs} +7 -6
- package/dist/auth-context-C8NBfiMa.mjs.map +1 -0
- package/dist/{auth-context-DXSTlnQH.d.mts → auth-context-CGVbiSX3.d.mts} +1 -1
- package/dist/auth-context-CGVbiSX3.d.mts.map +1 -0
- package/dist/context/index.d.mts +5 -10
- package/dist/context/index.d.mts.map +1 -1
- package/dist/context/index.mjs +3 -3
- package/dist/database/index.d.mts +3 -3
- package/dist/database/index.mjs +78 -181
- package/dist/database/index.mjs.map +1 -1
- package/dist/{decorate-DViXs-0l.mjs → decorate-B7nr7eBl.mjs} +1 -1
- package/dist/{decorateParam-C_dJ_dIO.mjs → decorateParam-DwV9LSPl.mjs} +2 -2
- package/dist/{decorateParam-C_dJ_dIO.mjs.map → decorateParam-DwV9LSPl.mjs.map} +1 -1
- package/dist/errors-BvJSaUTW.mjs +18 -0
- package/dist/errors-BvJSaUTW.mjs.map +1 -0
- package/dist/factory/index.d.mts +1 -1
- package/dist/factory/index.d.mts.map +1 -1
- package/dist/factory/index.mjs.map +1 -1
- package/dist/guards/index.d.mts.map +1 -1
- package/dist/guards/index.mjs +9 -16
- package/dist/guards/index.mjs.map +1 -1
- package/dist/{index-CCDPF-1Y.d.mts → index-jILx9QXw.d.mts} +12 -94
- package/dist/index-jILx9QXw.d.mts.map +1 -0
- package/dist/index.d.mts +2 -2
- package/dist/insufficient-permissions.error-DeEyZRgy.mjs +16 -0
- package/dist/insufficient-permissions.error-DeEyZRgy.mjs.map +1 -0
- package/dist/{types-BZlcRR2M.d.mts → types-CWZ9q74G.d.mts} +1 -1
- package/dist/types-CWZ9q74G.d.mts.map +1 -0
- package/dist/{types-BLyu9dAd.d.mts → types-DabF8LGz.d.mts} +1 -1
- package/dist/{types-BLyu9dAd.d.mts.map → types-DabF8LGz.d.mts.map} +1 -1
- package/package.json +27 -24
- package/dist/access.service-Cb99esfz.mjs.map +0 -1
- package/dist/auth-context-DXSTlnQH.d.mts.map +0 -1
- package/dist/auth-context-HLwuOl51.mjs.map +0 -1
- package/dist/decorateMetadata-D5WUsc6Y.mjs +0 -6
- package/dist/errors-B1vVXc1T.mjs +0 -25
- package/dist/errors-B1vVXc1T.mjs.map +0 -1
- package/dist/index-CCDPF-1Y.d.mts.map +0 -1
- package/dist/insufficient-permissions.error-CRnOHYvq.mjs +0 -23
- package/dist/insufficient-permissions.error-CRnOHYvq.mjs.map +0 -1
- package/dist/types-BZlcRR2M.d.mts.map +0 -1
package/dist/auth/index.mjs
CHANGED
|
@@ -1,84 +1,34 @@
|
|
|
1
|
-
import { n as createStratalAcPlugin, t as AccessService } from "../access.service-
|
|
2
|
-
import { n as AC_TOKENS, t as __decorateParam } from "../decorateParam-
|
|
3
|
-
import { t as
|
|
4
|
-
import { t as
|
|
5
|
-
import {
|
|
6
|
-
import { CONTAINER_TOKEN, DI_TOKENS, Transient } from "stratal/di";
|
|
7
|
-
import { I18nModule } from "stratal/i18n";
|
|
1
|
+
import { n as createStratalAcPlugin, t as AccessService } from "../access.service-BmDhE-re.mjs";
|
|
2
|
+
import { n as AC_TOKENS, t as __decorateParam } from "../decorateParam-DwV9LSPl.mjs";
|
|
3
|
+
import { t as __decorate } from "../decorate-B7nr7eBl.mjs";
|
|
4
|
+
import { t as AuthContext } from "../auth-context-C8NBfiMa.mjs";
|
|
5
|
+
import { CONTAINER_TOKEN, DI_TOKENS, Request, Transient, inject } from "stratal/di";
|
|
8
6
|
import { Module } from "stratal/module";
|
|
9
7
|
import { RATE_LIMITER_TOKENS, RateLimiterRegistry } from "stratal/rate-limiter";
|
|
10
|
-
import {
|
|
8
|
+
import { AuthError, HttpException } from "stratal/errors";
|
|
9
|
+
import { RouterContext } from "stratal/router";
|
|
11
10
|
import { LOGGER_TOKENS } from "stratal/logger";
|
|
12
|
-
import {
|
|
13
|
-
import { betterAuth } from "better-auth";
|
|
11
|
+
import { betterAuth } from "better-auth/minimal";
|
|
14
12
|
import { APIError } from "better-auth/api";
|
|
13
|
+
//#region src/context/router-context.augment.ts
|
|
14
|
+
/**
|
|
15
|
+
* Augments Stratal's `RouterContext` with a `user()` accessor backed by the
|
|
16
|
+
* request-scoped {@link AuthContext}.
|
|
17
|
+
*
|
|
18
|
+
* Side-effect import: registers the `user` macro on `RouterContext` and the
|
|
19
|
+
* `declare module` augmentation that exposes it at the type level. Imported by
|
|
20
|
+
* {@link AuthModule} so it runs whenever auth is configured.
|
|
21
|
+
*/
|
|
22
|
+
RouterContext.macro("user", function() {
|
|
23
|
+
return this.getContainer().resolve(DI_TOKENS.AuthContext).requireUser();
|
|
24
|
+
});
|
|
25
|
+
//#endregion
|
|
15
26
|
//#region src/auth/auth.tokens.ts
|
|
16
27
|
/** Token for AuthService - core authentication service */
|
|
17
28
|
const AUTH_SERVICE = Symbol.for("stratal:auth:service");
|
|
18
29
|
/** Token for Better Auth options configuration */
|
|
19
30
|
const AUTH_OPTIONS = Symbol.for("stratal:auth:options");
|
|
20
31
|
//#endregion
|
|
21
|
-
//#region src/auth/i18n/en.ts
|
|
22
|
-
const authMessages = { en: { auth: {
|
|
23
|
-
errors: {
|
|
24
|
-
tokenRequired: "Verification token is required",
|
|
25
|
-
invalidToken: "Invalid or expired verification token",
|
|
26
|
-
verificationFailed: "Verification failed. Please try again.",
|
|
27
|
-
userNotFound: "User not found. Please check your credentials.",
|
|
28
|
-
invalidCredentials: "Invalid email or password",
|
|
29
|
-
invalidPassword: "Invalid password",
|
|
30
|
-
invalidEmail: "Invalid email address",
|
|
31
|
-
sessionExpired: "Your session has expired. Please sign in again.",
|
|
32
|
-
emailNotVerified: "Please verify your email address before signing in",
|
|
33
|
-
passwordTooShort: "Password must be at least {minLength} characters",
|
|
34
|
-
passwordTooLong: "Password must be at most {maxLength} characters",
|
|
35
|
-
accountAlreadyExists: "An account with this email already exists",
|
|
36
|
-
failedToCreateUser: "Failed to create user account. Please try again.",
|
|
37
|
-
failedToCreateSession: "Failed to create session. Please try again.",
|
|
38
|
-
failedToGetSession: "Failed to retrieve session. Please try again.",
|
|
39
|
-
failedToUpdateUser: "Failed to update user information. Please try again.",
|
|
40
|
-
failedToGetUserInfo: "Failed to retrieve user information. Please try again.",
|
|
41
|
-
socialAccountLinked: "This social account is already linked to another user",
|
|
42
|
-
providerNotFound: "Authentication provider not found",
|
|
43
|
-
userEmailNotFound: "User email address not found",
|
|
44
|
-
accountNotFound: "Account not found",
|
|
45
|
-
credentialAccountNotFound: "Credential account not found",
|
|
46
|
-
cannotUnlinkLastAccount: "Cannot unlink your last account",
|
|
47
|
-
userAlreadyHasPassword: "User already has a password set",
|
|
48
|
-
emailCannotBeUpdated: "Email address cannot be updated at this time",
|
|
49
|
-
tokenExpired: "The verification token has expired. Please request a new verification email.",
|
|
50
|
-
invalidCallbackUrl: "Invalid callback URL",
|
|
51
|
-
invalidOrigin: "Request origin is not allowed",
|
|
52
|
-
validationFailed: "Authentication validation failed",
|
|
53
|
-
emailAlreadyVerified: "Email address is already verified",
|
|
54
|
-
emailMismatch: "Email address does not match",
|
|
55
|
-
unknownError: "An authentication error occurred"
|
|
56
|
-
},
|
|
57
|
-
org: {
|
|
58
|
-
organizationNotFound: "Organization not found",
|
|
59
|
-
memberNotFound: "Member not found",
|
|
60
|
-
invitationNotFound: "Invitation not found",
|
|
61
|
-
permissionDenied: "You do not have permission to perform this action",
|
|
62
|
-
invitationRecipientMismatch: "You are not the recipient of this invitation",
|
|
63
|
-
conflict: "A resource with this identifier already exists",
|
|
64
|
-
limitReached: "The maximum limit has been reached",
|
|
65
|
-
membershipError: "This action cannot be performed due to membership constraints",
|
|
66
|
-
teamNotFound: "Team not found",
|
|
67
|
-
roleNotFound: "Role not found"
|
|
68
|
-
}
|
|
69
|
-
} } };
|
|
70
|
-
//#endregion
|
|
71
|
-
//#region src/auth/middleware/auth-context.middleware.ts
|
|
72
|
-
let AuthContextMiddleware = class AuthContextMiddleware {
|
|
73
|
-
async handle(ctx, next) {
|
|
74
|
-
const requestContainer = ctx.getContainer();
|
|
75
|
-
const authContext = new AuthContext();
|
|
76
|
-
requestContainer.registerValue(DI_TOKENS.AuthContext, authContext);
|
|
77
|
-
return next();
|
|
78
|
-
}
|
|
79
|
-
};
|
|
80
|
-
AuthContextMiddleware = __decorate([Transient()], AuthContextMiddleware);
|
|
81
|
-
//#endregion
|
|
82
32
|
//#region src/auth/middleware/session-verification.middleware.ts
|
|
83
33
|
let SessionVerificationMiddleware = class SessionVerificationMiddleware {
|
|
84
34
|
authService;
|
|
@@ -99,9 +49,8 @@ let SessionVerificationMiddleware = class SessionVerificationMiddleware {
|
|
|
99
49
|
};
|
|
100
50
|
SessionVerificationMiddleware = __decorate([
|
|
101
51
|
Transient(),
|
|
102
|
-
__decorateParam(0, inject
|
|
103
|
-
__decorateParam(1, inject
|
|
104
|
-
__decorateMetadata("design:paramtypes", [Object, Object])
|
|
52
|
+
__decorateParam(0, inject(AUTH_SERVICE)),
|
|
53
|
+
__decorateParam(1, inject(LOGGER_TOKENS.LoggerService))
|
|
105
54
|
], SessionVerificationMiddleware);
|
|
106
55
|
//#endregion
|
|
107
56
|
//#region src/auth/rate-limit-bridge.ts
|
|
@@ -188,227 +137,208 @@ function projectCustomRules(registry) {
|
|
|
188
137
|
}
|
|
189
138
|
//#endregion
|
|
190
139
|
//#region src/auth/errors/auth-errors.ts
|
|
191
|
-
var UserNotFoundError = class extends
|
|
140
|
+
var UserNotFoundError = class extends HttpException {
|
|
141
|
+
email;
|
|
192
142
|
constructor(email) {
|
|
193
|
-
super(
|
|
143
|
+
super(404, "User not found");
|
|
144
|
+
this.email = email;
|
|
194
145
|
}
|
|
195
146
|
};
|
|
196
|
-
var InvalidCredentialsError = class extends
|
|
147
|
+
var InvalidCredentialsError = class extends HttpException {
|
|
197
148
|
constructor() {
|
|
198
|
-
super("
|
|
149
|
+
super(401, "Invalid email or password");
|
|
199
150
|
}
|
|
200
151
|
};
|
|
201
|
-
var InvalidPasswordError = class extends
|
|
152
|
+
var InvalidPasswordError = class extends HttpException {
|
|
202
153
|
constructor() {
|
|
203
|
-
super("
|
|
154
|
+
super(401, "Invalid password");
|
|
204
155
|
}
|
|
205
156
|
};
|
|
206
|
-
var InvalidEmailError = class extends
|
|
157
|
+
var InvalidEmailError = class extends HttpException {
|
|
158
|
+
email;
|
|
207
159
|
constructor(email) {
|
|
208
|
-
super(
|
|
160
|
+
super(422, "Invalid email address");
|
|
161
|
+
this.email = email;
|
|
209
162
|
}
|
|
210
163
|
};
|
|
211
|
-
var SessionExpiredError = class extends
|
|
164
|
+
var SessionExpiredError = class extends HttpException {
|
|
212
165
|
constructor() {
|
|
213
|
-
super("
|
|
166
|
+
super(401, "Session expired");
|
|
214
167
|
}
|
|
215
168
|
};
|
|
216
|
-
var EmailNotVerifiedError = class extends
|
|
169
|
+
var EmailNotVerifiedError = class extends HttpException {
|
|
170
|
+
email;
|
|
217
171
|
constructor(email) {
|
|
218
|
-
super(
|
|
172
|
+
super(403, "Email not verified");
|
|
173
|
+
this.email = email;
|
|
219
174
|
}
|
|
220
175
|
};
|
|
221
|
-
var PasswordTooShortError = class extends
|
|
176
|
+
var PasswordTooShortError = class extends HttpException {
|
|
177
|
+
minLength;
|
|
222
178
|
constructor(minLength) {
|
|
223
|
-
super(
|
|
179
|
+
super(422, "Password too short");
|
|
180
|
+
this.minLength = minLength;
|
|
224
181
|
}
|
|
225
182
|
};
|
|
226
|
-
var PasswordTooLongError = class extends
|
|
183
|
+
var PasswordTooLongError = class extends HttpException {
|
|
184
|
+
maxLength;
|
|
227
185
|
constructor(maxLength) {
|
|
228
|
-
super(
|
|
186
|
+
super(422, "Password too long");
|
|
187
|
+
this.maxLength = maxLength;
|
|
229
188
|
}
|
|
230
189
|
};
|
|
231
|
-
var AccountAlreadyExistsError = class extends
|
|
190
|
+
var AccountAlreadyExistsError = class extends HttpException {
|
|
191
|
+
email;
|
|
232
192
|
constructor(email) {
|
|
233
|
-
super(
|
|
234
|
-
|
|
235
|
-
};
|
|
236
|
-
var FailedToCreateUserError = class extends ApplicationError {
|
|
237
|
-
constructor(reason) {
|
|
238
|
-
super("auth.errors.failedToCreateUser", ERROR_CODES.AUTH.FAILED_TO_CREATE_USER, reason ? { reason } : void 0);
|
|
239
|
-
}
|
|
240
|
-
};
|
|
241
|
-
var FailedToCreateSessionError = class extends ApplicationError {
|
|
242
|
-
constructor(reason) {
|
|
243
|
-
super("auth.errors.failedToCreateSession", ERROR_CODES.AUTH.FAILED_TO_CREATE_SESSION, reason ? { reason } : void 0);
|
|
244
|
-
}
|
|
245
|
-
};
|
|
246
|
-
var FailedToUpdateUserError = class extends ApplicationError {
|
|
247
|
-
constructor(reason) {
|
|
248
|
-
super("auth.errors.failedToUpdateUser", ERROR_CODES.AUTH.FAILED_TO_UPDATE_USER, reason ? { reason } : void 0);
|
|
193
|
+
super(409, "Account already exists");
|
|
194
|
+
this.email = email;
|
|
249
195
|
}
|
|
250
196
|
};
|
|
251
|
-
var SocialAccountLinkedError = class extends
|
|
197
|
+
var SocialAccountLinkedError = class extends HttpException {
|
|
198
|
+
provider;
|
|
252
199
|
constructor(provider) {
|
|
253
|
-
super(
|
|
200
|
+
super(409, "Social account already linked");
|
|
201
|
+
this.provider = provider;
|
|
254
202
|
}
|
|
255
203
|
};
|
|
256
|
-
var CannotUnlinkLastAccountError = class extends
|
|
204
|
+
var CannotUnlinkLastAccountError = class extends HttpException {
|
|
257
205
|
constructor() {
|
|
258
|
-
super("
|
|
206
|
+
super(409, "Cannot unlink last account");
|
|
259
207
|
}
|
|
260
208
|
};
|
|
261
|
-
var ProviderNotFoundError = class extends
|
|
209
|
+
var ProviderNotFoundError = class extends HttpException {
|
|
210
|
+
provider;
|
|
262
211
|
constructor(provider) {
|
|
263
|
-
super(
|
|
212
|
+
super(404, "Authentication provider not found");
|
|
213
|
+
this.provider = provider;
|
|
264
214
|
}
|
|
265
215
|
};
|
|
266
|
-
var UserEmailNotFoundError = class extends
|
|
216
|
+
var UserEmailNotFoundError = class extends HttpException {
|
|
267
217
|
constructor() {
|
|
268
|
-
super("
|
|
218
|
+
super(404, "User email not found");
|
|
269
219
|
}
|
|
270
220
|
};
|
|
271
|
-
var AccountNotFoundError = class extends
|
|
221
|
+
var AccountNotFoundError = class extends HttpException {
|
|
272
222
|
constructor() {
|
|
273
|
-
super("
|
|
223
|
+
super(404, "Account not found");
|
|
274
224
|
}
|
|
275
225
|
};
|
|
276
|
-
var CredentialAccountNotFoundError = class extends
|
|
226
|
+
var CredentialAccountNotFoundError = class extends HttpException {
|
|
277
227
|
constructor() {
|
|
278
|
-
super("
|
|
228
|
+
super(404, "Credential account not found");
|
|
279
229
|
}
|
|
280
230
|
};
|
|
281
|
-
var UserAlreadyHasPasswordError = class extends
|
|
231
|
+
var UserAlreadyHasPasswordError = class extends HttpException {
|
|
282
232
|
constructor() {
|
|
283
|
-
super("
|
|
284
|
-
}
|
|
285
|
-
};
|
|
286
|
-
var EmailCannotBeUpdatedError = class extends ApplicationError {
|
|
287
|
-
constructor(reason) {
|
|
288
|
-
super("auth.errors.emailCannotBeUpdated", ERROR_CODES.VALIDATION.GENERIC, reason ? { reason } : void 0);
|
|
289
|
-
}
|
|
290
|
-
};
|
|
291
|
-
var FailedToGetSessionError = class extends ApplicationError {
|
|
292
|
-
constructor(reason) {
|
|
293
|
-
super("auth.errors.failedToGetSession", ERROR_CODES.SYSTEM.INTERNAL_ERROR, reason ? { reason } : void 0);
|
|
233
|
+
super(409, "User already has a password");
|
|
294
234
|
}
|
|
295
235
|
};
|
|
296
|
-
var
|
|
236
|
+
var EmailCannotBeUpdatedError = class extends HttpException {
|
|
237
|
+
reason;
|
|
297
238
|
constructor(reason) {
|
|
298
|
-
super(
|
|
239
|
+
super(422, "Email cannot be updated");
|
|
240
|
+
this.reason = reason;
|
|
299
241
|
}
|
|
300
242
|
};
|
|
301
|
-
var IdTokenNotSupportedError = class extends
|
|
243
|
+
var IdTokenNotSupportedError = class extends HttpException {
|
|
302
244
|
constructor() {
|
|
303
|
-
super("
|
|
245
|
+
super(422, "ID token not supported");
|
|
304
246
|
}
|
|
305
247
|
};
|
|
306
|
-
var TokenExpiredError = class extends
|
|
248
|
+
var TokenExpiredError = class extends HttpException {
|
|
307
249
|
constructor() {
|
|
308
|
-
super("
|
|
250
|
+
super(401, "Token expired");
|
|
309
251
|
}
|
|
310
252
|
};
|
|
311
|
-
var InvalidCallbackUrlError = class extends
|
|
253
|
+
var InvalidCallbackUrlError = class extends HttpException {
|
|
312
254
|
constructor() {
|
|
313
|
-
super("
|
|
255
|
+
super(422, "Invalid callback URL");
|
|
314
256
|
}
|
|
315
257
|
};
|
|
316
|
-
var InvalidOriginError = class extends
|
|
258
|
+
var InvalidOriginError = class extends HttpException {
|
|
317
259
|
constructor() {
|
|
318
|
-
super("
|
|
260
|
+
super(403, "Invalid request origin");
|
|
319
261
|
}
|
|
320
262
|
};
|
|
321
|
-
var AuthValidationFailedError = class extends
|
|
263
|
+
var AuthValidationFailedError = class extends HttpException {
|
|
322
264
|
constructor() {
|
|
323
|
-
super("
|
|
265
|
+
super(422, "Authentication validation failed");
|
|
324
266
|
}
|
|
325
267
|
};
|
|
326
|
-
var EmailAlreadyVerifiedError = class extends
|
|
268
|
+
var EmailAlreadyVerifiedError = class extends HttpException {
|
|
327
269
|
constructor() {
|
|
328
|
-
super("
|
|
270
|
+
super(409, "Email already verified");
|
|
329
271
|
}
|
|
330
272
|
};
|
|
331
|
-
var EmailMismatchError = class extends
|
|
273
|
+
var EmailMismatchError = class extends HttpException {
|
|
332
274
|
constructor() {
|
|
333
|
-
super("
|
|
334
|
-
}
|
|
335
|
-
};
|
|
336
|
-
var BetterAuthUnknownError = class extends ApplicationError {
|
|
337
|
-
constructor(errorCode) {
|
|
338
|
-
super("auth.errors.unknownError", ERROR_CODES.SYSTEM.INTERNAL_ERROR, errorCode ? { errorCode } : void 0);
|
|
275
|
+
super(422, "Email mismatch");
|
|
339
276
|
}
|
|
340
277
|
};
|
|
341
278
|
//#endregion
|
|
342
279
|
//#region src/auth/errors/invalid-token.error.ts
|
|
343
|
-
var InvalidTokenError = class extends
|
|
280
|
+
var InvalidTokenError = class extends HttpException {
|
|
344
281
|
constructor() {
|
|
345
|
-
super("
|
|
282
|
+
super(401, "Invalid or expired token");
|
|
346
283
|
}
|
|
347
284
|
};
|
|
348
285
|
//#endregion
|
|
349
286
|
//#region src/auth/errors/organization-errors.ts
|
|
350
|
-
var OrganizationNotFoundError = class extends
|
|
287
|
+
var OrganizationNotFoundError = class extends HttpException {
|
|
351
288
|
constructor() {
|
|
352
|
-
super("
|
|
289
|
+
super(404, "Organization not found");
|
|
353
290
|
}
|
|
354
291
|
};
|
|
355
|
-
var OrganizationMemberNotFoundError = class extends
|
|
292
|
+
var OrganizationMemberNotFoundError = class extends HttpException {
|
|
356
293
|
constructor() {
|
|
357
|
-
super("
|
|
294
|
+
super(404, "Organization member not found");
|
|
358
295
|
}
|
|
359
296
|
};
|
|
360
|
-
var OrganizationInvitationNotFoundError = class extends
|
|
297
|
+
var OrganizationInvitationNotFoundError = class extends HttpException {
|
|
361
298
|
constructor() {
|
|
362
|
-
super("
|
|
299
|
+
super(404, "Invitation not found");
|
|
363
300
|
}
|
|
364
301
|
};
|
|
365
|
-
var OrganizationPermissionDeniedError = class extends
|
|
302
|
+
var OrganizationPermissionDeniedError = class extends HttpException {
|
|
366
303
|
constructor() {
|
|
367
|
-
super("
|
|
304
|
+
super(403, "Organization permission denied");
|
|
368
305
|
}
|
|
369
306
|
};
|
|
370
|
-
var OrganizationInvitationRecipientMismatchError = class extends
|
|
307
|
+
var OrganizationInvitationRecipientMismatchError = class extends HttpException {
|
|
371
308
|
constructor() {
|
|
372
|
-
super("
|
|
309
|
+
super(403, "Invitation recipient mismatch");
|
|
373
310
|
}
|
|
374
311
|
};
|
|
375
|
-
var OrganizationConflictError = class extends
|
|
312
|
+
var OrganizationConflictError = class extends HttpException {
|
|
376
313
|
constructor() {
|
|
377
|
-
super("
|
|
314
|
+
super(409, "Organization resource conflict");
|
|
378
315
|
}
|
|
379
316
|
};
|
|
380
|
-
var OrganizationLimitReachedError = class extends
|
|
317
|
+
var OrganizationLimitReachedError = class extends HttpException {
|
|
381
318
|
constructor() {
|
|
382
|
-
super("
|
|
319
|
+
super(422, "Organization limit reached");
|
|
383
320
|
}
|
|
384
321
|
};
|
|
385
|
-
var OrganizationMembershipError = class extends
|
|
322
|
+
var OrganizationMembershipError = class extends HttpException {
|
|
386
323
|
constructor() {
|
|
387
|
-
super("
|
|
324
|
+
super(422, "Organization membership constraint violated");
|
|
388
325
|
}
|
|
389
326
|
};
|
|
390
|
-
var OrganizationTeamNotFoundError = class extends
|
|
327
|
+
var OrganizationTeamNotFoundError = class extends HttpException {
|
|
391
328
|
constructor() {
|
|
392
|
-
super("
|
|
329
|
+
super(404, "Team not found");
|
|
393
330
|
}
|
|
394
331
|
};
|
|
395
|
-
var OrganizationRoleNotFoundError = class extends
|
|
332
|
+
var OrganizationRoleNotFoundError = class extends HttpException {
|
|
396
333
|
constructor() {
|
|
397
|
-
super("
|
|
334
|
+
super(404, "Role not found");
|
|
398
335
|
}
|
|
399
336
|
};
|
|
400
337
|
//#endregion
|
|
401
338
|
//#region src/auth/errors/token-required.error.ts
|
|
402
|
-
var TokenRequiredError = class extends
|
|
339
|
+
var TokenRequiredError = class extends HttpException {
|
|
403
340
|
constructor() {
|
|
404
|
-
super(
|
|
405
|
-
}
|
|
406
|
-
};
|
|
407
|
-
//#endregion
|
|
408
|
-
//#region src/auth/errors/verification-failed.error.ts
|
|
409
|
-
var VerificationFailedError = class extends ApplicationError {
|
|
410
|
-
constructor() {
|
|
411
|
-
super("auth.errors.verificationFailed", ERROR_CODES.AUTH.INVALID_CREDENTIALS);
|
|
341
|
+
super(401, "Verification token is required");
|
|
412
342
|
}
|
|
413
343
|
};
|
|
414
344
|
//#endregion
|
|
@@ -424,18 +354,18 @@ function mapBetterAuthError(error) {
|
|
|
424
354
|
if (location.includes("EXPIRED_TOKEN")) return new TokenExpiredError();
|
|
425
355
|
if (location.includes("ATTEMPTS_EXCEEDED")) return new InvalidTokenError();
|
|
426
356
|
if (location.includes("new_user_signup_disabled")) return new UserNotFoundError();
|
|
427
|
-
if (location.includes("failed_to_create_user")) return new
|
|
428
|
-
if (location.includes("failed_to_create_session")) return new
|
|
357
|
+
if (location.includes("failed_to_create_user")) return new AuthError("Failed to create user");
|
|
358
|
+
if (location.includes("failed_to_create_session")) return new AuthError("Failed to create session");
|
|
429
359
|
}
|
|
430
|
-
if (!errorCode) return new
|
|
360
|
+
if (!errorCode) return new AuthError("An authentication error occurred");
|
|
431
361
|
if (errorCode === "USER_NOT_FOUND" || errorCode === "INVALID_USER") return new UserNotFoundError();
|
|
432
362
|
if (errorCode === "USER_EMAIL_NOT_FOUND") return new UserEmailNotFoundError();
|
|
433
363
|
if (errorCode === "INVALID_EMAIL_OR_PASSWORD") return new InvalidCredentialsError();
|
|
434
364
|
if (errorCode === "INVALID_PASSWORD") return new InvalidPasswordError();
|
|
435
365
|
if (errorCode === "INVALID_EMAIL") return new InvalidEmailError();
|
|
436
366
|
if (errorCode === "SESSION_EXPIRED" || errorCode === "SESSION_NOT_FRESH") return new SessionExpiredError();
|
|
437
|
-
if (errorCode === "FAILED_TO_CREATE_SESSION") return new
|
|
438
|
-
if (errorCode === "FAILED_TO_GET_SESSION") return new
|
|
367
|
+
if (errorCode === "FAILED_TO_CREATE_SESSION") return new AuthError("Failed to create session");
|
|
368
|
+
if (errorCode === "FAILED_TO_GET_SESSION") return new AuthError("Failed to retrieve session");
|
|
439
369
|
if (errorCode === "EMAIL_NOT_VERIFIED") return new EmailNotVerifiedError();
|
|
440
370
|
if (errorCode === "EMAIL_CAN_NOT_BE_UPDATED") return new EmailCannotBeUpdatedError();
|
|
441
371
|
if (errorCode === "EMAIL_ALREADY_VERIFIED") return new EmailAlreadyVerifiedError();
|
|
@@ -446,9 +376,9 @@ function mapBetterAuthError(error) {
|
|
|
446
376
|
if (errorCode === "ACCOUNT_NOT_FOUND") return new AccountNotFoundError();
|
|
447
377
|
if (errorCode === "CREDENTIAL_ACCOUNT_NOT_FOUND") return new CredentialAccountNotFoundError();
|
|
448
378
|
if (errorCode === "FAILED_TO_UNLINK_LAST_ACCOUNT") return new CannotUnlinkLastAccountError();
|
|
449
|
-
if (errorCode === "FAILED_TO_CREATE_USER") return new
|
|
450
|
-
if (errorCode === "FAILED_TO_UPDATE_USER") return new
|
|
451
|
-
if (errorCode === "FAILED_TO_GET_USER_INFO") return new
|
|
379
|
+
if (errorCode === "FAILED_TO_CREATE_USER") return new AuthError("Failed to create user");
|
|
380
|
+
if (errorCode === "FAILED_TO_UPDATE_USER") return new AuthError("Failed to update user");
|
|
381
|
+
if (errorCode === "FAILED_TO_GET_USER_INFO") return new AuthError("Failed to retrieve user info");
|
|
452
382
|
if (errorCode === "SOCIAL_ACCOUNT_ALREADY_LINKED" || errorCode === "LINKED_ACCOUNT_ALREADY_EXISTS") return new SocialAccountLinkedError();
|
|
453
383
|
if (errorCode === "PROVIDER_NOT_FOUND") return new ProviderNotFoundError();
|
|
454
384
|
if (errorCode === "ID_TOKEN_NOT_SUPPORTED") return new IdTokenNotSupportedError();
|
|
@@ -458,7 +388,7 @@ function mapBetterAuthError(error) {
|
|
|
458
388
|
if (errorCode === "INVALID_CALLBACK_URL" || errorCode === "INVALID_REDIRECT_URL" || errorCode === "INVALID_NEW_USER_CALLBACK_URL" || errorCode === "INVALID_ERROR_CALLBACK_URL" || errorCode === "CALLBACK_URL_REQUIRED") return new InvalidCallbackUrlError();
|
|
459
389
|
if (errorCode === "INVALID_ORIGIN" || errorCode === "MISSING_OR_NULL_ORIGIN" || errorCode === "CROSS_SITE_NAVIGATION_LOGIN_BLOCKED") return new InvalidOriginError();
|
|
460
390
|
if (errorCode === "VALIDATION_ERROR" || errorCode === "MISSING_FIELD" || errorCode === "FIELD_NOT_ALLOWED" || errorCode === "BODY_MUST_BE_AN_OBJECT" || errorCode === "ASYNC_VALIDATION_NOT_SUPPORTED" || errorCode === "METHOD_NOT_ALLOWED_DEFER_SESSION_REQUIRED") return new AuthValidationFailedError();
|
|
461
|
-
if (errorCode === "FAILED_TO_CREATE_VERIFICATION" || errorCode === "VERIFICATION_EMAIL_NOT_ENABLED") return new
|
|
391
|
+
if (errorCode === "FAILED_TO_CREATE_VERIFICATION" || errorCode === "VERIFICATION_EMAIL_NOT_ENABLED") return new AuthError("Failed to create session");
|
|
462
392
|
if (errorCode === "ORGANIZATION_NOT_FOUND" || errorCode === "NO_ACTIVE_ORGANIZATION") return new OrganizationNotFoundError();
|
|
463
393
|
if (errorCode === "MEMBER_NOT_FOUND" || errorCode === "USER_IS_NOT_A_MEMBER_OF_THE_ORGANIZATION" || errorCode === "USER_IS_NOT_A_MEMBER_OF_THE_TEAM") return new OrganizationMemberNotFoundError();
|
|
464
394
|
if (errorCode === "INVITATION_NOT_FOUND" || errorCode === "FAILED_TO_RETRIEVE_INVITATION") return new OrganizationInvitationNotFoundError();
|
|
@@ -469,7 +399,7 @@ function mapBetterAuthError(error) {
|
|
|
469
399
|
if (errorCode === "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_ORGANIZATIONS" || errorCode === "YOU_HAVE_REACHED_THE_MAXIMUM_NUMBER_OF_TEAMS" || errorCode === "ORGANIZATION_MEMBERSHIP_LIMIT_REACHED" || errorCode === "INVITATION_LIMIT_REACHED" || errorCode === "TEAM_MEMBER_LIMIT_REACHED" || errorCode === "TOO_MANY_ROLES") return new OrganizationLimitReachedError();
|
|
470
400
|
if (errorCode === "YOU_CANNOT_LEAVE_THE_ORGANIZATION_AS_THE_ONLY_OWNER" || errorCode === "YOU_CANNOT_LEAVE_THE_ORGANIZATION_WITHOUT_AN_OWNER" || errorCode === "UNABLE_TO_REMOVE_LAST_TEAM" || errorCode === "CANNOT_DELETE_A_PRE_DEFINED_ROLE" || errorCode === "ROLE_IS_ASSIGNED_TO_MEMBERS" || errorCode === "YOU_CANNOT_IMPERSONATE_ADMINS" || errorCode === "YOU_CANNOT_BAN_YOURSELF" || errorCode === "YOU_CANNOT_REMOVE_YOURSELF" || errorCode === "INVITER_IS_NO_LONGER_A_MEMBER_OF_THE_ORGANIZATION") return new OrganizationMembershipError();
|
|
471
401
|
if (errorCode.startsWith("YOU_ARE_NOT_ALLOWED_TO_") || errorCode === "YOU_ARE_NOT_A_MEMBER_OF_THIS_ORGANIZATION" || errorCode === "YOU_CAN_NOT_ACCESS_THE_MEMBERS_OF_THIS_TEAM" || errorCode === "YOU_MUST_BE_IN_AN_ORGANIZATION_TO_CREATE_A_ROLE" || errorCode === "MISSING_AC_INSTANCE") return new OrganizationPermissionDeniedError();
|
|
472
|
-
return new
|
|
402
|
+
return new AuthError("An authentication error occurred");
|
|
473
403
|
}
|
|
474
404
|
/**
|
|
475
405
|
* Type guard to check if an error is a Better Auth APIError.
|
|
@@ -510,26 +440,22 @@ const wrapBetterAuth = async (fn) => {
|
|
|
510
440
|
//#region src/auth/services/auth.service.ts
|
|
511
441
|
let AuthService = class AuthService {
|
|
512
442
|
options;
|
|
513
|
-
|
|
443
|
+
_authInstance;
|
|
514
444
|
constructor(options) {
|
|
515
445
|
this.options = options;
|
|
516
|
-
this.authInstance = betterAuth({
|
|
517
|
-
...this.options,
|
|
518
|
-
onAPIError: getErrorHandlerConfig()
|
|
519
|
-
});
|
|
520
446
|
}
|
|
521
447
|
/**
|
|
522
|
-
* Get the Better Auth instance
|
|
448
|
+
* Get the Better Auth instance.
|
|
523
449
|
*/
|
|
524
450
|
get auth() {
|
|
525
|
-
|
|
451
|
+
this._authInstance ??= betterAuth({
|
|
452
|
+
...this.options,
|
|
453
|
+
onAPIError: getErrorHandlerConfig()
|
|
454
|
+
});
|
|
455
|
+
return this._authInstance;
|
|
526
456
|
}
|
|
527
457
|
};
|
|
528
|
-
AuthService = __decorate([
|
|
529
|
-
Transient(AUTH_SERVICE),
|
|
530
|
-
__decorateParam(0, inject$1(AUTH_OPTIONS)),
|
|
531
|
-
__decorateMetadata("design:paramtypes", [Object])
|
|
532
|
-
], AuthService);
|
|
458
|
+
AuthService = __decorate([Request(AUTH_SERVICE), __decorateParam(0, inject(AUTH_OPTIONS))], AuthService);
|
|
533
459
|
//#endregion
|
|
534
460
|
//#region src/auth/auth.module.ts
|
|
535
461
|
var _AuthModule;
|
|
@@ -537,12 +463,11 @@ let AuthModule = _AuthModule = class AuthModule {
|
|
|
537
463
|
/**
|
|
538
464
|
* Configure auth middleware globally.
|
|
539
465
|
*
|
|
540
|
-
*
|
|
541
|
-
*
|
|
542
|
-
* 2. SessionVerificationMiddleware - Verifies session and populates AuthContext with userId + role
|
|
466
|
+
* SessionVerificationMiddleware verifies the session and populates the
|
|
467
|
+
* request-scoped AuthContext with the authenticated user.
|
|
543
468
|
*/
|
|
544
469
|
configureRoutes(router) {
|
|
545
|
-
router.use(
|
|
470
|
+
router.use(SessionVerificationMiddleware);
|
|
546
471
|
}
|
|
547
472
|
/**
|
|
548
473
|
* Configure AuthModule with async options factory.
|
|
@@ -566,7 +491,7 @@ let AuthModule = _AuthModule = class AuthModule {
|
|
|
566
491
|
...raw,
|
|
567
492
|
plugins: [createStratalAcPlugin(accessControl), ...raw.plugins ?? []]
|
|
568
493
|
};
|
|
569
|
-
if (container.
|
|
494
|
+
if (container.isRegistered(RATE_LIMITER_TOKENS.ModuleMarker)) {
|
|
570
495
|
const store = container.resolve(RATE_LIMITER_TOKENS.Store);
|
|
571
496
|
const registry = container.resolve(RATE_LIMITER_TOKENS.Registry);
|
|
572
497
|
raw = {
|
|
@@ -605,11 +530,8 @@ let AuthModule = _AuthModule = class AuthModule {
|
|
|
605
530
|
};
|
|
606
531
|
}
|
|
607
532
|
};
|
|
608
|
-
AuthModule = _AuthModule = __decorate([Module({
|
|
609
|
-
imports: [I18nModule.registerMessages(authMessages)],
|
|
610
|
-
providers: []
|
|
611
|
-
})], AuthModule);
|
|
533
|
+
AuthModule = _AuthModule = __decorate([Module({ providers: [AuthContext] })], AuthModule);
|
|
612
534
|
//#endregion
|
|
613
|
-
export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError,
|
|
535
|
+
export { AUTH_OPTIONS, AUTH_SERVICE, AccountAlreadyExistsError, AccountNotFoundError, AuthModule, AuthService, AuthValidationFailedError, CannotUnlinkLastAccountError, CredentialAccountNotFoundError, EmailAlreadyVerifiedError, EmailCannotBeUpdatedError, EmailMismatchError, EmailNotVerifiedError, IdTokenNotSupportedError, InvalidCallbackUrlError, InvalidCredentialsError, InvalidEmailError, InvalidOriginError, InvalidPasswordError, InvalidTokenError, OrganizationConflictError, OrganizationInvitationNotFoundError, OrganizationInvitationRecipientMismatchError, OrganizationLimitReachedError, OrganizationMemberNotFoundError, OrganizationMembershipError, OrganizationNotFoundError, OrganizationPermissionDeniedError, OrganizationRoleNotFoundError, OrganizationTeamNotFoundError, PasswordTooLongError, PasswordTooShortError, ProviderNotFoundError, SessionExpiredError, SessionVerificationMiddleware, SocialAccountLinkedError, TokenExpiredError, TokenRequiredError, UserAlreadyHasPasswordError, UserEmailNotFoundError, UserNotFoundError, getErrorHandlerConfig, isAPIError, mapBetterAuthError, wrapBetterAuth };
|
|
614
536
|
|
|
615
537
|
//# sourceMappingURL=index.mjs.map
|