@tachybase/auth 0.23.58 → 1.0.6

package/lib/auth-manager.d.ts

@@ -3,6 +3,7 @@ import { Registry } from '@tachybase/utils';
 import { Auth, AuthExtend } from './auth';
 import { JwtOptions, JwtService } from './base/jwt-service';
 import { ITokenBlacklistService } from './base/token-blacklist-service';
+import { ITokenControlService } from './base/token-control-service';
 export interface Authenticator {
     authType: string;
     options: Record<string, any>;
@@ -19,15 +20,18 @@ export type AuthManagerOptions = {
 type AuthConfig = {
     auth: AuthExtend<Auth>;
     title?: string;
+    getPublicOptions?: (options: Record<string, any>) => Record<string, any>;
 };
 export declare class AuthManager {
     jwt: JwtService;
+    tokenController: ITokenControlService;
     protected options: AuthManagerOptions;
     protected authTypes: Registry<AuthConfig>;
     protected storer: Storer;
     constructor(options: AuthManagerOptions);
     setStorer(storer: Storer): void;
     setTokenBlacklistService(service: ITokenBlacklistService): void;
+    setTokenControlService(service: ITokenControlService): void;
     /**
      * registerTypes
      * @description Add a new authenticate type and the corresponding authenticator.
@@ -51,7 +55,7 @@ export declare class AuthManager {
     get(name: string, ctx: Context): Promise<Auth>;
     /**
      * middleware
-     * @description Auth middleware, used to check the authentication status.
+     * @description Auth middleware, used to check the user status.
      */
     middleware(): (ctx: Context & {
         auth: Auth;

package/lib/auth-manager.js

@@ -35,6 +35,9 @@ const _AuthManager = class _AuthManager {
   setTokenBlacklistService(service) {
     this.jwt.blacklist = service;
   }
+  setTokenControlService(service) {
+    this.tokenController = service;
+  }
   /**
    * registerTypes
    * @description Add a new authenticate type and the corresponding authenticator.
@@ -77,16 +80,12 @@ const _AuthManager = class _AuthManager {
   }
   /**
    * middleware
-   * @description Auth middleware, used to check the authentication status.
+   * @description Auth middleware, used to check the user status.
    */
   middleware() {
-    return async (ctx, next) => {
-      var _a;
-      const token = ctx.getBearerToken();
-      if (token && await ((_a = ctx.app.authManager.jwt.blacklist) == null ? void 0 : _a.has(token))) {
-        return ctx.throw(403, ctx.t("token is not available"));
-      }
-      const name = ctx.get(this.options.authKey) || this.options.default;
+    const self = this;
+    return /* @__PURE__ */ __name(async function AuthManagerMiddleware(ctx, next) {
+      const name = ctx.get(self.options.authKey) || self.options.default;
       let authenticator;
       try {
         authenticator = await ctx.app.authManager.get(name, ctx);
@@ -96,14 +95,18 @@ const _AuthManager = class _AuthManager {
         ctx.logger.warn(err.message, { method: "check", authenticator: name });
         return next();
       }
-      if (authenticator) {
-        const user = await ctx.auth.check();
-        if (user) {
-          ctx.auth.user = user;
-        }
+      if (!authenticator) {
+        return next();
+      }
+      if (await ctx.auth.skipCheck()) {
+        return next();
+      }
+      const user = await ctx.auth.check();
+      if (user) {
+        ctx.auth.user = user;
       }
       await next();
-    };
+    }, "AuthManagerMiddleware");
   }
   async getOptions(name) {
     const authenticator = await this.storer.get(name);

package/lib/auth.d.ts

@@ -8,6 +8,24 @@ export type AuthConfig = {
     };
     ctx: Context;
 };
+export declare const AuthErrorCode: {
+    EMPTY_TOKEN: "EMPTY_TOKEN";
+    EXPIRED_TOKEN: "EXPIRED_TOKEN";
+    INVALID_TOKEN: "INVALID_TOKEN";
+    TOKEN_RENEW_FAILED: "TOKEN_RENEW_FAILED";
+    BLOCKED_TOKEN: "BLOCKED_TOKEN";
+    EXPIRED_SESSION: "EXPIRED_SESSION";
+    NOT_EXIST_USER: "NOT_EXIST_USER";
+    SKIP_TOKEN_RENEW: "SKIP_TOKEN_RENEW";
+};
+export type AuthErrorType = keyof typeof AuthErrorCode;
+export declare class AuthError extends Error {
+    code: AuthErrorType;
+    constructor(options: {
+        code: AuthErrorType;
+        message: string;
+    });
+}
 export type AuthExtend<T extends Auth> = new (config: AuthConfig) => T;
 interface IAuth {
     user: Model;
@@ -28,7 +46,16 @@ export declare abstract class Auth implements IAuth {
     };
     protected ctx: Context;
     constructor(config: AuthConfig);
+    skipCheck(): Promise<any>;
     abstract check(): Promise<Model>;
+    abstract checkToken(): Promise<{
+        tokenStatus: 'valid' | 'expired' | 'invalid';
+        user: Awaited<ReturnType<Auth['check']>>;
+        jti?: string;
+        temp: any;
+        roleName?: any;
+        signInTime?: number;
+    }>;
     signIn(): Promise<any>;
     signUp(): Promise<any>;
     signOut(): Promise<any>;

package/lib/auth.js

@@ -18,9 +18,29 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var auth_exports = {};
 __export(auth_exports, {
-  Auth: () => Auth
+  Auth: () => Auth,
+  AuthError: () => AuthError,
+  AuthErrorCode: () => AuthErrorCode
 });
 module.exports = __toCommonJS(auth_exports);
+const AuthErrorCode = {
+  EMPTY_TOKEN: "EMPTY_TOKEN",
+  EXPIRED_TOKEN: "EXPIRED_TOKEN",
+  INVALID_TOKEN: "INVALID_TOKEN",
+  TOKEN_RENEW_FAILED: "TOKEN_RENEW_FAILED",
+  BLOCKED_TOKEN: "BLOCKED_TOKEN",
+  EXPIRED_SESSION: "EXPIRED_SESSION",
+  NOT_EXIST_USER: "NOT_EXIST_USER",
+  SKIP_TOKEN_RENEW: "SKIP_TOKEN_RENEW"
+};
+const _AuthError = class _AuthError extends Error {
+  constructor(options) {
+    super(options.message);
+    this.code = options.code;
+  }
+};
+__name(_AuthError, "AuthError");
+let AuthError = _AuthError;
 const _Auth = class _Auth {
   constructor(config) {
     const { authenticator, options, ctx } = config;
@@ -28,6 +48,16 @@ const _Auth = class _Auth {
     this.options = options;
     this.ctx = ctx;
   }
+  async skipCheck() {
+    const token = this.ctx.getBearerToken();
+    if (!token && this.ctx.app.options.acl === false) {
+      return true;
+    }
+    const { resourceName, actionName } = this.ctx.action;
+    const acl = this.ctx.dataSource.acl;
+    const isPublic = await acl.allowManager.isAllowed(resourceName, actionName, this.ctx);
+    return isPublic;
+  }
   // The following methods are mainly designed for user authentications.
   async signIn() {
   }
@@ -40,5 +70,7 @@ __name(_Auth, "Auth");
 let Auth = _Auth;
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  Auth
+  Auth,
+  AuthError,
+  AuthErrorCode
 });

package/lib/base/auth.d.ts

@@ -1,6 +1,7 @@
 import { Collection, Model } from '@tachybase/database';
 import { Auth, AuthConfig } from '../auth';
 import { JwtService } from './jwt-service';
+import { ITokenControlService } from './token-control-service';
 /**
  * BaseAuth
  * @description A base class with jwt provide some common methods.
@@ -12,12 +13,22 @@ export declare class BaseAuth extends Auth {
     });
     get userRepository(): import("@tachybase/database").Repository<any, any>;
     get jwt(): JwtService;
+    get tokenController(): ITokenControlService;
     set user(user: Model);
     get user(): Model;
     getCacheKey(userId: number): string;
     validateUsername(username: string): boolean;
-    check(): Promise<any>;
+    checkToken(): Promise<{
+        tokenStatus: 'valid' | 'expired' | 'invalid';
+        user: Awaited<ReturnType<Auth['check']>>;
+        jti?: string;
+        temp: any;
+        roleName?: any;
+        signInTime?: number;
+    }>;
+    check(): ReturnType<Auth['check']>;
     validate(): Promise<Model>;
+    signNewToken(userId: number): Promise<string>;
     signIn(): Promise<{
         user: Model<any, any>;
         token: string;

package/lib/base/auth.js

@@ -1,6 +1,8 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
 var __export = (target, all) => {
@@ -15,13 +17,23 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var auth_exports = {};
 __export(auth_exports, {
   BaseAuth: () => BaseAuth
 });
 module.exports = __toCommonJS(auth_exports);
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
 var import_auth = require("../auth");
+const localeNamespace = "auth";
 const _BaseAuth = class _BaseAuth extends import_auth.Auth {
   constructor(config) {
     const { userCollection } = config;
@@ -34,6 +46,9 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
   get jwt() {
     return this.ctx.app.authManager.jwt;
   }
+  get tokenController() {
+    return this.ctx.app.authManager.tokenController;
+  }
   set user(user) {
     this.ctx.state.currentUser = user;
   }
@@ -46,47 +61,198 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
   validateUsername(username) {
     return /^[^@.<>"'/]{2,16}$/.test(username);
   }
-  async check() {
+  async checkToken() {
+    var _a, _b, _c;
     const token = this.ctx.getBearerToken();
     if (!token) {
-      return null;
+      this.ctx.throw(401, {
+        message: this.ctx.t("Unauthenticated. Please sign in to continue.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.EMPTY_TOKEN
+      });
     }
+    let tokenStatus;
+    let payload;
     try {
-      const { userId, roleName } = await this.jwt.decode(token);
-      if (roleName) {
-        this.ctx.headers["x-role"] = roleName;
-      }
-      const cache = this.ctx.cache;
-      return await cache.wrap(
-        this.getCacheKey(userId),
-        () => this.userRepository.findOne({
-          filter: {
-            id: userId
-          },
-          raw: true
-        })
-      );
+      payload = await this.jwt.decode(token);
+      tokenStatus = "valid";
     } catch (err) {
-      this.ctx.logger.error(err, { method: "check" });
-      return null;
+      if (err.name === "TokenExpiredError") {
+        tokenStatus = "expired";
+        payload = import_jsonwebtoken.default.decode(token);
+      } else {
+        this.ctx.logger.error(err, { method: "jwt.decode" });
+        this.ctx.throw(401, {
+          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.INVALID_TOKEN
+        });
+      }
+    }
+    const { userId, roleName, iat, temp, jti, exp, signInTime } = payload ?? {};
+    const user = userId ? await this.ctx.app.cache.wrap(
+      this.getCacheKey(userId),
+      () => this.userRepository.findOne({
+        filter: {
+          id: userId
+        },
+        raw: true
+      })
+    ) : null;
+    if (!user) {
+      this.ctx.throw(401, {
+        message: this.ctx.t("User not found. Please sign in again to continue.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.NOT_EXIST_USER
+      });
+    }
+    if (roleName) {
+      this.ctx.headers["x-role"] = roleName;
     }
+    const blocked = await this.jwt.blacklist.has(jti ?? token);
+    if (blocked) {
+      this.ctx.throw(401, {
+        message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.BLOCKED_TOKEN
+      });
+    }
+    if (!temp) {
+      if (tokenStatus === "valid") {
+        return { tokenStatus, user, temp };
+      } else {
+        this.ctx.throw(401, {
+          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.INVALID_TOKEN
+        });
+      }
+    }
+    const tokenPolicy = await this.tokenController.getConfig();
+    if (signInTime && Date.now() - signInTime > tokenPolicy.sessionExpirationTime) {
+      this.ctx.throw(401, {
+        message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.EXPIRED_SESSION
+      });
+    }
+    if (tokenStatus === "valid" && Date.now() - iat * 1e3 > tokenPolicy.tokenExpirationTime) {
+      tokenStatus = "expired";
+    }
+    if (tokenStatus === "valid" && user.passwordChangeTz && iat * 1e3 < user.passwordChangeTz) {
+      this.ctx.throw(401, {
+        message: this.ctx.t("User password changed, please signin again.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.INVALID_TOKEN
+      });
+    }
+    if (tokenStatus === "expired") {
+      if (tokenPolicy.expiredTokenRenewLimit > 0 && Date.now() - exp * 1e3 > tokenPolicy.expiredTokenRenewLimit) {
+        this.ctx.throw(401, {
+          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.EXPIRED_SESSION
+        });
+      }
+      this.ctx.logger.info("token renewing", {
+        method: "auth.check",
+        url: this.ctx.originalUrl,
+        currentJti: jti
+      });
+      const isStreamRequest = ((_c = (_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers) == null ? void 0 : _c.accept) === "text/event-stream";
+      if (isStreamRequest) {
+        this.ctx.throw(401, {
+          message: "Stream api not allow renew token.",
+          code: import_auth.AuthErrorCode.SKIP_TOKEN_RENEW
+        });
+      }
+      if (!jti) {
+        this.ctx.throw(401, {
+          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.INVALID_TOKEN
+        });
+      }
+      return { tokenStatus, user, jti, signInTime, temp };
+    }
+    return { tokenStatus, user, jti, signInTime, temp };
+  }
+  async check() {
+    var _a, _b, _c;
+    const { tokenStatus, user, jti, temp, signInTime, roleName } = await this.checkToken();
+    if (tokenStatus === "expired") {
+      const tokenPolicy = await this.tokenController.getConfig();
+      try {
+        this.ctx.logger.info("token renewing", {
+          method: "auth.check",
+          jti
+        });
+        const isStreamRequest = ((_c = (_b = (_a = this.ctx) == null ? void 0 : _a.req) == null ? void 0 : _b.headers) == null ? void 0 : _c.accept) === "text/event-stream";
+        if (isStreamRequest) {
+          this.ctx.throw(401, {
+            message: "Stream api not allow renew token.",
+            code: import_auth.AuthErrorCode.SKIP_TOKEN_RENEW
+          });
+        }
+        if (!jti) {
+          this.ctx.throw(401, {
+            message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+            code: import_auth.AuthErrorCode.INVALID_TOKEN
+          });
+        }
+        const renewedResult = await this.tokenController.renew(jti);
+        this.ctx.logger.info("token renewed", {
+          method: "auth.check",
+          oldJti: jti,
+          newJti: renewedResult.jti
+        });
+        const expiresIn = Math.floor(tokenPolicy.tokenExpirationTime / 1e3);
+        const newToken = this.jwt.sign(
+          { userId: user.id, roleName, temp, signInTime, iat: Math.floor(renewedResult.issuedTime / 1e3) },
+          { jwtid: renewedResult.jti, expiresIn }
+        );
+        this.ctx.res.setHeader("x-new-token", newToken);
+      } catch (err) {
+        this.ctx.logger.error("token renew failed", {
+          method: "auth.check",
+          jti
+        });
+        const options = err instanceof import_auth.AuthError ? { code: err.code, message: err.message } : { message: err.message, code: err.code ?? import_auth.AuthErrorCode.INVALID_TOKEN };
+        this.ctx.throw(401, {
+          message: this.ctx.t(options.message, { ns: localeNamespace }),
+          code: options.code
+        });
+      }
+    }
+    return user;
   }
   async validate() {
     return null;
   }
+  async signNewToken(userId) {
+    const tokenInfo = await this.tokenController.add({ userId });
+    const expiresIn = Math.floor((await this.tokenController.getConfig()).tokenExpirationTime / 1e3);
+    const token = this.jwt.sign(
+      {
+        userId,
+        temp: true,
+        iat: Math.floor(tokenInfo.issuedTime / 1e3),
+        signInTime: tokenInfo.signInTime
+      },
+      {
+        jwtid: tokenInfo.jti,
+        expiresIn
+      }
+    );
+    return token;
+  }
   async signIn() {
     let user;
     try {
       user = await this.validate();
     } catch (err) {
-      this.ctx.throw(401, err.message);
+      this.ctx.throw(err.status || 401, err.message, {
+        ...err
+      });
     }
     if (!user) {
-      this.ctx.throw(401, "Unauthorized");
+      this.ctx.throw(401, {
+        message: this.ctx.t("User not found. Please sign in again to continue.", { ns: localeNamespace }),
+        code: import_auth.AuthErrorCode.NOT_EXIST_USER
+      });
     }
-    const token = this.jwt.sign({
-      userId: user.id
-    });
+    const token = await this.signNewToken(user.id);
     return {
       user,
       token
@@ -97,8 +263,24 @@ const _BaseAuth = class _BaseAuth extends import_auth.Auth {
     if (!token) {
       return;
     }
-    const { userId } = await this.jwt.decode(token);
-    await this.ctx.app.emitAsync("beforeSignOut", { userId });
+    let userId;
+    try {
+      const result = await this.jwt.decode(token);
+      userId = result.userId;
+    } catch (err) {
+      if (err.name === "TokenExpiredError") {
+        this.ctx.throw(401, {
+          message: this.ctx.t("Your session has expired. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.INVALID_TOKEN
+        });
+      } else {
+        this.ctx.throw(401, {
+          message: this.ctx.t("Invalid token. Please sign in again.", { ns: localeNamespace }),
+          code: import_auth.AuthErrorCode.INVALID_TOKEN
+        });
+      }
+    }
+    await this.ctx.app.emitAsync("cache:del:roles", { userId });
     await this.ctx.cache.del(this.getCacheKey(userId));
     return await this.jwt.block(token);
   }

package/lib/base/jwt-service.d.ts

@@ -1,4 +1,4 @@
-import jwt, { SignOptions } from 'jsonwebtoken';
+import jwt, { JwtPayload, SignOptions } from 'jsonwebtoken';
 import { ITokenBlacklistService } from './token-blacklist-service';
 export interface JwtOptions {
     secret: string;
@@ -12,7 +12,7 @@ export declare class JwtService {
     private expiresIn;
     private secret;
     sign(payload: SignPayload, options?: SignOptions): string;
-    decode(token: string): Promise<any>;
+    decode(token: string): Promise<JwtPayload>;
     /**
      * @description Block a token so that this token can no longer be used
      */

package/lib/base/jwt-service.js

@@ -74,9 +74,9 @@ const _JwtService = class _JwtService {
       return null;
     }
     try {
-      const { exp } = await this.decode(token);
+      const { exp, jti } = await this.decode(token);
       return this.blacklist.add({
-        token,
+        token: jti ?? token,
         expiration: new Date(exp * 1e3).toString()
       });
     } catch {

package/lib/base/token-control-service.d.ts

@@ -0,0 +1,30 @@
+export interface TokenPolicyConfig {
+    tokenExpirationTime: string;
+    sessionExpirationTime: string;
+    expiredTokenRenewLimit: string;
+}
+type millisecond = number;
+export type NumericTokenPolicyConfig = {
+    [K in keyof TokenPolicyConfig]: millisecond;
+};
+export type TokenInfo = {
+    jti: string;
+    userId: number;
+    issuedTime: EpochTimeStamp;
+    signInTime: EpochTimeStamp;
+    renewed: boolean;
+};
+export type JTIStatus = 'valid' | 'inactive' | 'blocked' | 'missing' | 'renewed' | 'expired';
+export interface ITokenControlService {
+    getConfig(): Promise<NumericTokenPolicyConfig>;
+    setConfig(config: TokenPolicyConfig): Promise<any>;
+    renew(jti: string): Promise<{
+        jti: string;
+        issuedTime: EpochTimeStamp;
+    }>;
+    add({ userId }: {
+        userId: number;
+    }): Promise<TokenInfo>;
+    removeSessionExpiredTokens(userId: number): Promise<void>;
+}
+export {};

package/lib/base/token-control-service.js

@@ -0,0 +1,15 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var token_control_service_exports = {};
+module.exports = __toCommonJS(token_control_service_exports);

package/lib/index.d.ts

@@ -3,3 +3,4 @@ export * from './auth';
 export * from './auth-manager';
 export * from './base/auth';
 export * from './base/token-blacklist-service';
+export * from './base/token-control-service';

package/lib/index.js

@@ -19,11 +19,13 @@ __reExport(src_exports, require("./auth"), module.exports);
 __reExport(src_exports, require("./auth-manager"), module.exports);
 __reExport(src_exports, require("./base/auth"), module.exports);
 __reExport(src_exports, require("./base/token-blacklist-service"), module.exports);
+__reExport(src_exports, require("./base/token-control-service"), module.exports);
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ...require("./actions"),
   ...require("./auth"),
   ...require("./auth-manager"),
   ...require("./base/auth"),
-  ...require("./base/token-blacklist-service")
+  ...require("./base/token-blacklist-service"),
+  ...require("./base/token-control-service")
 });

package/package.json

@@ -1,17 +1,17 @@
 {
   "name": "@tachybase/auth",
-  "version": "0.23.58",
+  "version": "1.0.6",
   "description": "",
   "license": "Apache-2.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
     "jsonwebtoken": "^8.5.1",
-    "@tachybase/actions": "0.23.58",
-    "@tachybase/database": "0.23.58",
-    "@tachybase/cache": "0.23.58",
-    "@tachybase/resourcer": "0.23.58",
-    "@tachybase/utils": "0.23.58"
+    "@tachybase/actions": "1.0.6",
+    "@tachybase/database": "1.0.6",
+    "@tachybase/resourcer": "1.0.6",
+    "@tachybase/utils": "1.0.6",
+    "@tachybase/cache": "1.0.6"
   },
   "devDependencies": {
     "@types/jsonwebtoken": "^8.5.9",