@tachybase/module-auth 0.23.58 → 1.0.6

package/dist/client/index.js

@@ -1,14 +1,14 @@
-(function(p,e){typeof exports=="object"&&typeof module!="undefined"?e(exports,require("@tachybase/client"),require("@tachybase/utils/client"),require("react/jsx-runtime"),require("react"),require("react-router-dom"),require("@tachybase/schema"),require("react-i18next"),require("antd"),require("@ant-design/icons")):typeof define=="function"&&define.amd?define(["exports","@tachybase/client","@tachybase/utils/client","react/jsx-runtime","react","react-router-dom","@tachybase/schema","react-i18next","antd","@ant-design/icons"],e):(p=typeof globalThis!="undefined"?globalThis:p||self,e(p["@tachybase/module-auth"]={},p["@tachybase/client"],p["@tachybase/utils"],p.jsxRuntime,p.react,p["react-router-dom"],p["@tachybase/schema"],p["react-i18next"],p.antd,p["@ant-design/icons"]))})(this,function(p,e,m,a,u,y,x,h,d,b){"use strict";var le=Object.defineProperty,me=Object.defineProperties;var de=Object.getOwnPropertyDescriptors;var B=Object.getOwnPropertySymbols;var ye=Object.prototype.hasOwnProperty,xe=Object.prototype.propertyIsEnumerable;var U=(p,e,m)=>e in p?le(p,e,{enumerable:!0,configurable:!0,writable:!0,value:m}):p[e]=m,v=(p,e)=>{for(var m in e||(e={}))ye.call(e,m)&&U(p,m,e[m]);if(B)for(var m of B(e))xe.call(e,m)&&U(p,m,e[m]);return p},S=(p,e)=>me(p,de(e));var T=(p,e,m)=>new Promise((a,u)=>{var y=d=>{try{h(m.next(d))}catch(b){u(b)}},x=d=>{try{h(m.throw(d))}catch(b){u(b)}},h=d=>d.done?a(d.value):Promise.resolve(d.value).then(y,x);h((m=m.apply(p,e)).next())});const D="Email/Password",$=t=>{const n=y.useLocation(),o=e.useAPIClient();return u.useEffect(()=>{const s=new URLSearchParams(n.search),r=s.get("authenticator"),i=s.get("token");i&&(o.auth.setToken(i),o.auth.setAuthenticator(r))}),a.jsx(a.Fragment,{children:t.children})},f="auth";function C(){return h.useTranslation([f,"core"],{nsMode:"fallback"})}const A=u.createContext([]);A.displayName="AuthenticatorsContext";const F=t=>u.useContext(A).find(o=>o.name===t);function E(t){var i;const{data:n}=e.useSystemSettings(),o=e.useAPIClient(),{data:s=[],error:r}=e.useRequest(()=>o.resource("authenticators").publicList().then(c=>{var l;return((l=c==null?void 0:c.data)==null?void 0:l.data)||[]}));if(r)throw r;return a.jsxs("div",{style:{maxWidth:320,margin:"0 auto",paddingTop:"20vh"},children:[a.jsx("h1",{children:(i=n==null?void 0:n.data)==null?void 0:i.title}),a.jsx(A.Provider,{value:s,children:a.jsx(y.Outlet,{})}),a.jsx("div",{className:e.css`
+(function(u,r){typeof exports=="object"&&typeof module!="undefined"?r(exports,require("@tachybase/client"),require("@tachybase/utils/client"),require("react/jsx-runtime"),require("react"),require("react-router-dom"),require("@tachybase/schema"),require("react-i18next"),require("antd"),require("@ant-design/icons")):typeof define=="function"&&define.amd?define(["exports","@tachybase/client","@tachybase/utils/client","react/jsx-runtime","react","react-router-dom","@tachybase/schema","react-i18next","antd","@ant-design/icons"],r):(u=typeof globalThis!="undefined"?globalThis:u||self,r(u["@tachybase/module-auth"]={},u["@tachybase/client"],u["@tachybase/utils"],u.jsxRuntime,u.react,u["react-router-dom"],u["@tachybase/schema"],u["react-i18next"],u.antd,u["@ant-design/icons"]))})(this,function(u,r,m,c,l,T,f,w,d,k){"use strict";var Tn=Object.defineProperty,vn=Object.defineProperties;var Sn=Object.getOwnPropertyDescriptors;var z=Object.getOwnPropertySymbols;var Se=Object.prototype.hasOwnProperty,Ce=Object.prototype.propertyIsEnumerable;var ve=(u,r,m)=>r in u?Tn(u,r,{enumerable:!0,configurable:!0,writable:!0,value:m}):u[r]=m,C=(u,r)=>{for(var m in r||(r={}))Se.call(r,m)&&ve(u,m,r[m]);if(z)for(var m of z(r))Ce.call(r,m)&&ve(u,m,r[m]);return u},Y=(u,r)=>vn(u,Sn(r));var Ae=(u,r)=>{var m={};for(var c in u)Se.call(u,c)&&r.indexOf(c)<0&&(m[c]=u[c]);if(u!=null&&z)for(var c of z(u))r.indexOf(c)<0&&Ce.call(u,c)&&(m[c]=u[c]);return m};var A=(u,r,m)=>new Promise((c,l)=>{var T=d=>{try{w(m.next(d))}catch(k){l(k)}},f=d=>{try{w(m.throw(d))}catch(k){l(k)}},w=d=>d.done?c(d.value):Promise.resolve(d.value).then(T,f);w((m=m.apply(u,r)).next())});const we="Email/Password",Ee=e=>{const t=T.useLocation(),n=r.useAPIClient();return l.useEffect(()=>{const o=new URLSearchParams(t.search),i=o.get("authenticator"),s=o.get("token");s&&(n.auth.setToken(s),n.auth.setAuthenticator(i))}),c.jsx(c.Fragment,{children:e.children})},E="auth";function v(){return w.useTranslation([E,"core"],{nsMode:"fallback"})}const j=e=>r.tval(e,{ns:E}),B=l.createContext([]);B.displayName="AuthenticatorsContext";const Z=e=>l.useContext(B).find(n=>n.name===e);function Fe(e){var s;const{data:t}=r.useSystemSettings(),n=r.useAPIClient(),{data:o=[],error:i}=r.useRequest(()=>n.resource("authenticators").publicList().then(a=>{var p;return((p=a==null?void 0:a.data)==null?void 0:p.data)||[]}));if(i)throw i;return c.jsxs("div",{style:{maxWidth:320,margin:"0 auto",paddingTop:"20vh"},children:[c.jsx("h1",{children:(s=t==null?void 0:t.data)==null?void 0:s.title}),c.jsx(B.Provider,{value:o,children:c.jsx(T.Outlet,{})}),c.jsx("div",{className:r.css`
           position: absolute;
           bottom: 24px;
           width: 100%;
           left: 0;
           text-align: center;
-        `,children:a.jsx(e.PoweredBy,{})})]})}const N=()=>{var s;const n=e.usePlugin(g).authTypes.getEntities(),o={};for(const[r,i]of n)(s=i.components)!=null&&s.SignInForm&&(o[r]=i.components.SignInForm);return o},q=(t=[])=>{var i;const o=e.usePlugin(g).authTypes.getEntities(),s={};for(const[c,l]of o)(i=l.components)!=null&&i.SignInButton&&(s[c]=l.components.SignInButton);const r=Object.keys(s);return t.filter(c=>r.includes(c.authType)).map((c,l)=>u.createElement(s[c.authType],{key:l,authenticator:c}))},L=()=>{const{t}=C();e.useCurrentDocumentTitle("Signin"),e.useViewport();const n=N(),o=u.useContext(A),s=q(o);if(!o.length)return a.jsx("div",{style:{color:"#ccc"},children:t("No authentication methods available.")});const r=o.map(i=>{const c=n[i.authType];if(!c)return;const l=`${t("Sign-in")} (${t(i.authTypeTitle||i.authType)})`;return v({component:u.createElement(c,{authenticator:i}),tabTitle:i.title||l},i)}).filter(i=>i);return a.jsxs(d.Space,{direction:"vertical",className:e.css`
+        `,children:c.jsx(r.PoweredBy,{})})]})}const Ie=()=>{var o;const t=r.usePlugin(I).authTypes.getEntities(),n={};for(const[i,s]of t)(o=s.components)!=null&&o.SignInForm&&(n[i]=s.components.SignInForm);return n},ke=(e=[])=>{var s;const n=r.usePlugin(I).authTypes.getEntities(),o={};for(const[a,p]of n)(s=p.components)!=null&&s.SignInButton&&(o[a]=p.components.SignInButton);const i=Object.keys(o);return e.filter(a=>i.includes(a.authType)).map((a,p)=>l.createElement(o[a.authType],{key:p,authenticator:a}))},Pe=()=>{const{t:e}=v();r.useCurrentDocumentTitle("Signin"),r.useViewport();const t=Ie(),n=l.useContext(B),o=ke(n);if(!n.length)return c.jsx("div",{style:{color:"#ccc"},children:e("No authentication methods available.")});const i=n.map(s=>{const a=t[s.authType];if(!a)return;const p=`${e("Sign-in")} (${e(s.authTypeTitle||s.authType)})`;return C({component:l.createElement(a,{authenticator:s}),tabTitle:s.title||s.name==="basic"?p:`${e(s.name)}`},s)}).filter(s=>s);return c.jsxs(d.Space,{direction:"vertical",className:r.css`
         display: flex;
-      `,children:[r.length>1?a.jsx(d.Tabs,{items:r.map(i=>({label:i.tabTitle,key:i.name,children:i.component}))}):r.length?a.jsx("div",{children:r[0].component}):a.jsx(a.Fragment,{}),a.jsx(d.Space,{direction:"vertical",className:e.css`
+      `,children:[i.length>1?c.jsx(d.Tabs,{items:i.map(s=>({label:s.tabTitle,key:s.name,children:s.component}))}):i.length?c.jsx("div",{children:i[0].component}):c.jsx(c.Fragment,{}),c.jsx(d.Space,{direction:"vertical",className:r.css`
           display: flex;
-        `,children:s})]})},O=u.createContext({});O.displayName="SignupPageContext";const I=()=>{var s;const n=e.usePlugin(g).authTypes.getEntities(),o={};for(const[r,i]of n)(s=i.components)!=null&&s.SignUpForm&&(o[r]=i.components.SignUpForm);return o},j=()=>{e.useViewport(),e.useCurrentDocumentTitle("Signup");const t=I(),[n]=y.useSearchParams(),o=n.get("name"),s=F(o),{authType:r}=s||{};return t[r]?u.createElement(t[r],{authenticatorName:o}):a.jsx(y.Navigate,{to:"/not-found",replace:!0})};function M(t="/admin"){const n=y.useNavigate(),[o]=y.useSearchParams();return u.useCallback(()=>{n(o.get("redirect")||"/admin",{replace:!0})},[n,o])}const k=t=>{const n=x.useForm(),o=e.useAPIClient(),s=M(),{refreshAsync:r}=e.useCurrentUserContext();return{run(){return T(this,null,function*(){yield n.submit(),yield o.auth.signIn(n.values,t),yield r(),s()})}}},_={type:"object",name:"passwordForm","x-component":"FormV2",properties:{account:{type:"string","x-component":"Input","x-validator":`{{(value) => {
+        `,children:o})]})},Oe=l.createContext({});Oe.displayName="SignupPageContext";const ne=()=>{var o;const t=r.usePlugin(I).authTypes.getEntities(),n={};for(const[i,s]of t)(o=s.components)!=null&&o.SignUpForm&&(n[i]=s.components.SignUpForm);return n},Ne=()=>{r.useViewport(),r.useCurrentDocumentTitle("Signup");const e=ne(),[t]=T.useSearchParams(),n=t.get("name"),o=Z(n),{authType:i}=o||{};return e[i]?l.createElement(e[i],{authenticatorName:n}):c.jsx(T.Navigate,{to:"/not-found",replace:!0})};function _e(e="/admin"){const t=T.useNavigate(),[n]=T.useSearchParams();return l.useCallback(()=>{t(n.get("redirect")||"/admin",{replace:!0})},[t,n])}const oe=e=>{const t=f.useForm(),n=r.useAPIClient(),o=_e(),{refreshAsync:i}=r.useCurrentUserContext();return{run(){return A(this,null,function*(){yield t.submit(),yield n.auth.signIn(t.values,e),yield i(),o()})}}},$e={type:"object",name:"passwordForm","x-component":"FormV2",properties:{account:{type:"string","x-component":"Input","x-validator":`{{(value) => {
         if (!value) {
           return t("Please enter your username or email");
         }
@@ -19,4 +19,4 @@
         } else {
           return /^[^@.<>"'/]{2,16}$/.test(value) || t("Please enter a valid username");
         }
-      }}}`,"x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Username/Email")}}',style:{}}},password:{type:"string","x-component":"Password",required:!0,"x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Password")}}',style:{}}},actions:{type:"void","x-component":"div",properties:{submit:{title:'{{t("Sign in")}}',type:"void","x-component":"Action","x-component-props":{htmlType:"submit",block:!0,type:"primary",useAction:"{{ useBasicSignIn }}",style:{width:"100%"}}}}},signUp:{type:"void","x-component":"Link","x-component-props":{to:"{{ signUpLink }}"},"x-content":'{{t("Create an account")}}',"x-visible":"{{ allowSignUp }}"}}},z=t=>{const{t:n}=C(),o=t.authenticator,{authType:s,name:r,options:i}=o,l=!!I()[s]&&(i==null?void 0:i.allowSignUp),ce=`/signup?name=${r}`,ue=()=>k(r);return a.jsx(e.SchemaComponent,{schema:_,scope:{useBasicSignIn:ue,allowSignUp:l,signUpLink:ce,t:n}})},K=t=>{const n=y.useNavigate(),o=x.useForm(),s=e.useAPIClient(),{t:r}=h.useTranslation();return{run(){return T(this,null,function*(){var c;yield o.submit(),yield s.auth.signUp(o.values,t==null?void 0:t.authenticator),d.message.success(((c=t==null?void 0:t.message)==null?void 0:c.success)||r("Sign up successfully, and automatically jump to the sign in page")),setTimeout(()=>{n("/signin")},2e3)})}}},Z={type:"object",name:x.uid(),"x-component":"FormV2",properties:{username:{type:"string",required:!0,"x-component":"Input","x-validator":{username:!0},"x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Username")}}',style:{}}},password:{type:"string",required:!0,"x-component":"Password","x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Password")}}',checkStrength:!0,style:{}},"x-reactions":[{dependencies:[".confirm_password"],fulfill:{state:{selfErrors:'{{$deps[0] && $self.value && $self.value !== $deps[0] ? t("Password mismatch") : ""}}'}}}]},confirm_password:{type:"string",required:!0,"x-component":"Password","x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Confirm password")}}',style:{}},"x-reactions":[{dependencies:[".password"],fulfill:{state:{selfErrors:'{{$deps[0] && $self.value && $self.value !== $deps[0] ? t("Password mismatch") : ""}}'}}}]},actions:{type:"void","x-component":"div",properties:{submit:{title:'{{t("Sign up")}}',type:"void","x-component":"Action","x-component-props":{block:!0,type:"primary",htmlType:"submit",useAction:"{{ useBasicSignUp }}",style:{width:"100%"}}}}},link:{type:"void","x-component":"div",properties:{link:{type:"void","x-component":"Link","x-component-props":{to:"/signin"},"x-content":'{{t("Log in with an existing account")}}'}}}}},W=({authenticatorName:t})=>{const{t:n}=C(),o=()=>K({authenticator:t}),s=F(t),{options:r}=s;return r!=null&&r.allowSignUp?a.jsx(e.SchemaComponent,{schema:Z,scope:{useBasicSignUp:o,t:n}}):a.jsx(y.Navigate,{to:"/not-found",replace:!0})},G=()=>{const{t}=C();return a.jsx(e.SchemaComponent,{scope:{t},components:{Alert:d.Alert},schema:{type:"object",properties:{public:{type:"object",properties:{allowSignUp:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Allow to sign up")}}',"x-component":"Checkbox","x-component-props":{defaultChecked:!0}}}},notice:{type:"void","x-component":"Alert","x-component-props":{showIcon:!0,message:'{{t("The authentication allows users to sign in via username or email.")}}'}}}}})},H=()=>{var s;const n=e.usePlugin(g).authTypes.getEntities(),o={};for(const[r,i]of n)(s=i.components)!=null&&s.BindForm&&(o[r]=i.components.BindForm);return o},J=()=>{const t=e.useRecord(),o=H()[t.authType];return u.createElement(o,{authenticator:t})},Q={type:"void",name:"authenticatorBind","x-decorator":"TableBlockProvider","x-decorator-props":{collection:{name:"authenticators",sortable:!1,fields:[{interface:"input",type:"string",name:"authType"},{interface:"input",type:"string",name:"title",uiSchema:{type:"string",title:'{{t("Title")}}',"x-component":"Input"}},{interface:"textarea",type:"string",name:"description",uiSchema:{type:"string",title:'{{t("Description")}}',"x-component":"Input"}},{type:"boolean",name:"bind",uiSchema:{type:"boolean",title:'{{t("Bind")}}',"x-component":"Checkbox"}},{type:"string",name:"nickname",uiSchema:{type:"string",title:'{{t("Nickname")}}',"x-component":"Input"}}]},resource:"authenticators",action:"bindTypes",params:{sort:["sort"]},rowKey:"name",showIndex:!0},"x-component":"div",properties:{table:{type:"array","x-component":"TableV2","x-use-component-props":"useTableBlockProps","x-component-props":{rowKey:"name"},properties:{authType:{title:'{{t("Auth Type")}}',type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{authType:{type:"string","x-component":"Select","x-read-pretty":!0}}},title:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{title:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},description:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{description:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},bind:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{bind:{type:"boolean","x-component":"CollectionField","x-read-pretty":!0}}},nickname:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{nickname:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},actions:{type:"void",title:'{{t("Actions")}}',"x-component":"TableV2.Column",properties:{actions:{type:"void","x-component":"Space","x-component-props":{split:"|"},properties:{unbind:{"x-visible":'{{ $self.query(".bind").value() }}',type:"void",title:'{{ t("Unbind") }}',"x-component":"Action.Link","x-component-props":{confirm:{title:"{{t('Unbind')}}",content:"{{t('Are you sure to unbind this authenticator?')}}"},useAction:"{{ useUnbindAction }}"}},bind:{"x-visible":'{{ !$self.query(".bind").value() }}',type:"void",title:"{{ t('Bind') }}","x-component":"Action.Link",properties:{modal:{type:"void","x-decorator":"Form",title:"{{ t('Bind') }}","x-component":"Action.Modal","x-component-props":{width:800},properties:{form:{type:"void","x-component":"BindForm"}}}}}}}}}}}}},X=()=>{const{refreshCM:t}=e.useCollectionManager_deprecated(),n=e.useAPIClient(),o=e.useRecord();return{run(){return T(this,null,function*(){yield n.resource("authenticators").unbind({authenticator:o.name}),t()})}}},Y=()=>{const{t}=C();return a.jsx(d.Card,{bordered:!1,children:a.jsx(e.SchemaComponent,{schema:Q,components:{BindForm:J},scope:{t,useUnbindAction:X}})})},w=u.createContext({type:""});w.displayName="AuthTypeContext";const P=u.createContext({types:[]});P.displayName="AuthTypesContext";const R=()=>{const{types:t}=u.useContext(P);return t},ee=t=>{const n=e.useRecord(),o=e.useRequest(()=>Promise.resolve({data:v({},n.options)}),S(v({},t),{manual:!0})),{run:s}=o,r=e.useActionContext();return u.useEffect(()=>{r.visible&&s()},[r.visible,s]),o},te=t=>{var s;const o=e.usePlugin(g).authTypes.get(t);return(s=o==null?void 0:o.components)==null?void 0:s.AdminSettingsForm},oe=x.observer(()=>{const t=x.useForm(),n=e.useRecord(),o=te(t.values.authType||n.authType);return o?a.jsx(o,{}):null},{displayName:"Options"}),V={name:"authenticators",sortable:!0,fields:[{name:"id",type:"string",interface:"id"},{interface:"input",type:"string",name:"name",uiSchema:{type:"string",title:'{{t("Auth UID")}}',"x-component":"Input","x-validator":t=>/^[a-zA-Z0-9_-]+$/.test(t)?"":e.i18n.t("a-z, A-Z, 0-9, _, -"),required:!0}},{interface:"input",type:"string",name:"authType",uiSchema:{type:"string",title:'{{t("Auth Type")}}',"x-component":"Select",dataSource:"{{ types }}",required:!0}},{interface:"input",type:"string",name:"title",uiSchema:{type:"string",title:'{{t("Title")}}',"x-component":"Input"}},{interface:"textarea",type:"string",name:"description",uiSchema:{type:"string",title:'{{t("Description")}}',"x-component":"Input"}},{type:"boolean",name:"enabled",uiSchema:{type:"boolean",title:'{{t("Enabled")}}',"x-component":"Checkbox"}}]},ne={type:"object",properties:{drawer:{type:"void","x-component":"Action.Drawer","x-decorator":"Form","x-decorator-props":{useValues(t){const n=e.useActionContext(),{type:o}=u.useContext(w);return e.useRequest(()=>Promise.resolve({data:{name:`s_${x.uid()}`,authType:o}}),S(v({},t),{refreshDeps:[n.visible]}))}},title:'{{t("Add new")}}',properties:{name:{"x-component":"CollectionField","x-decorator":"FormItem"},authType:{"x-component":"CollectionField","x-decorator":"FormItem","x-component-props":{options:"{{ types }}"}},title:{"x-component":"CollectionField","x-decorator":"FormItem"},description:{"x-component":"CollectionField","x-decorator":"FormItem"},enabled:{"x-component":"CollectionField","x-decorator":"FormItem"},options:{type:"object","x-component":"Options"},footer:{type:"void","x-component":"Action.Drawer.Footer",properties:{cancel:{title:'{{ t("Cancel") }}',"x-component":"Action","x-use-component-props":"useCancelActionProps"},create:{title:'{{ t("Submit") }}',"x-action":"submit","x-component":"Action","x-use-component-props":"useCreateDatabaseConnectionAction","x-component-props":{type:"primary"}}}}}}}},re={type:"void",name:"authenticators","x-decorator":"TableBlockProvider","x-decorator-props":{collection:V,dragSort:!0,action:"list",params:{pageSize:50,sort:"sort",appends:[]}},properties:{actions:{type:"void","x-component":"ActionBar","x-component-props":{style:{marginBottom:16}},properties:{delete:{type:"void",title:'{{t("Delete")}}',"x-action":"destroy","x-decorator":"ACLActionProvider","x-component":"Action","x-use-component-props":"useBulkDestroyActionProps","x-component-props":{icon:"DeleteOutlined",confirm:{title:"{{t('Delete')}}",content:"{{t('Are you sure you want to delete it?')}}"}}},create:{type:"void",title:'{{t("Add new")}}',"x-component":"AddNew","x-component-props":{type:"primary"}}}},table:{type:"array","x-uid":"input","x-component":"TableV2","x-use-component-props":"useTableBlockProps","x-component-props":{rowKey:"id",rowSelection:{type:"checkbox"}},properties:{id:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{id:{type:"number","x-component":"CollectionField","x-read-pretty":!0}}},name:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{name:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},authType:{title:'{{t("Auth Type")}}',type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{authType:{type:"string","x-component":"Select","x-read-pretty":!0,enum:"{{ types }}"}}},title:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{title:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},description:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{description:{type:"boolean","x-component":"CollectionField","x-read-pretty":!0}}},enabled:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{enabled:{type:"boolean","x-component":"CollectionField","x-read-pretty":!0}}},actions:{type:"void",title:'{{t("Actions")}}',"x-component":"TableV2.Column",properties:{actions:{type:"void","x-component":"Space","x-component-props":{split:"|"},properties:{updateAuthenticator:{type:"void",title:'{{ t("Edit") }}',"x-action":"update","x-component":"Action.Link","x-component-props":{openMode:"drawer",icon:"EditOutlined"},"x-decorator":"ACLActionProvider",properties:{drawer:{type:"void",title:'{{ t("Edit record") }}',"x-component":"Action.Container","x-component-props":{className:"tb-action-popup"},properties:{card:{type:"void","x-acl-action-props":{skipScopeCheck:!1},"x-acl-action":"authenticators:update","x-decorator":"FormBlockProvider","x-use-decorator-props":"useEditFormBlockDecoratorProps","x-decorator-props":{action:"get",dataSource:"main",collection:V},"x-component":"CardItem",properties:{form:{type:"void","x-component":"FormV2","x-use-component-props":"useEditFormBlockProps",properties:{actionBar:{type:"void","x-component":"ActionBar","x-component-props":{style:{marginBottom:24}},properties:{cancel:{title:'{{ t("Cancel") }}',"x-component":"Action","x-use-component-props":"useCancelActionProps"},submit:{title:'{{ t("Submit") }}',"x-component":"Action","x-use-component-props":"useUpdateActionProps","x-component-props":{type:"primary"}}}},name:{"x-component":"CollectionField","x-decorator":"FormItem"},authType:{"x-component":"CollectionField","x-decorator":"FormItem","x-component-props":{options:"{{ types }}"}},title:{"x-component":"CollectionField","x-decorator":"FormItem"},description:{"x-component":"CollectionField","x-decorator":"FormItem"},enabled:{"x-component":"CollectionField","x-decorator":"FormItem"},options:{type:"object","x-component":"Options"}}}}}}}}},delete:{type:"void",title:'{{ t("Delete") }}',"x-action":"destroy","x-component":"Action.Link","x-use-component-props":"useDestroyActionProps","x-component-props":{confirm:{title:"{{t('Delete record')}}",content:"{{t('Are you sure you want to delete it?')}}"}},"x-disabled":"{{ useCanNotDelete() }}"}}}}}}}}},se=()=>{const{setVisible:t}=e.useActionContext();return{run(){return T(this,null,function*(){t(!1)})}}},ie=()=>{const{t}=h.useTranslation(),[n,o]=u.useState(!1),[s,r]=u.useState(""),i=R(),c=i.map(l=>S(v({},l),{onClick:()=>{o(!0),r(l.value)}}));return a.jsx(e.ActionContextProvider,{value:{visible:n,setVisible:o},children:a.jsxs(w.Provider,{value:{type:s},children:[a.jsx(d.Dropdown,{menu:{items:c},children:a.jsxs(d.Button,{icon:a.jsx(b.PlusOutlined,{}),type:"primary",children:[t("Add new")," ",a.jsx(b.DownOutlined,{})]})}),a.jsx(e.SchemaComponent,{scope:{useCloseAction:se,types:i,setType:r},schema:ne})]})})},ae=()=>(e.useAsyncData(),!1),pe=()=>{const{t}=C(),[n,o]=u.useState([]),s=e.useAPIClient();return e.useRequest(()=>s.resource("authenticators").listTypes().then(r=>{var c;return(((c=r==null?void 0:r.data)==null?void 0:c.data)||[]).map(l=>({key:l.name,label:t(l.title||l.name),value:l.name}))}),{onSuccess:r=>{o(r)}}),a.jsx(d.Card,{bordered:!1,children:a.jsx(P.Provider,{value:{types:n},children:a.jsx(e.SchemaComponent,{schema:re,components:{AddNew:ie,Options:oe},scope:{types:n,useValuesFromOptions:ee,useCanNotDelete:ae,t}})})})};class g extends e.Plugin{constructor(){super(...arguments),this.authTypes=new m.Registry}registerType(n,o){this.authTypes.register(n,o)}load(){return T(this,null,function*(){this.app.systemSettingsManager.add("system-services."+f,{icon:"LoginOutlined",title:`{{t("Authentication", { ns: "${f}" })}}`,Component:pe,aclSnippet:"pm.auth.authenticators"}),this.app.userSettingsManager.add(f,{icon:"LoginOutlined",title:`{{t("Authentication login bind", { ns: "${f}" })}}`,Component:Y,aclSnippet:"pm.auth.authenticators"}),this.router.add("auth",{Component:"AuthLayout"}),this.router.add("auth.signin",{path:"/signin",Component:"SignInPage"}),this.router.add("auth.signup",{path:"/signup",Component:"SignUpPage"}),this.app.addComponents({AuthLayout:E,SignInPage:L,SignUpPage:j}),this.app.providers.unshift([$,{}]),this.registerType(D,{components:{SignInForm:z,SignUpForm:W,AdminSettingsForm:G}})})}}p.AuthenticatorsContext=A,p.PluginAuthClient=g,p.default=g,p.useAuthenticator=F,p.useSignIn=k,Object.defineProperties(p,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}})});
+      }}}`,"x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Username/Email")}}',style:{}}},password:{type:"string","x-component":"Password",required:!0,"x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Password")}}',style:{}}},actions:{type:"void","x-component":"div",properties:{submit:{title:'{{t("Sign in")}}',type:"void","x-component":"Action","x-component-props":{htmlType:"submit",block:!0,type:"primary",useAction:"{{ useBasicSignIn }}",style:{width:"100%"}}}}},signUp:{type:"void","x-component":"Link","x-component-props":{to:"{{ signUpLink }}"},"x-content":'{{t("Create an account")}}',"x-visible":"{{ allowSignUp }}"}}},je=e=>{const{t}=v(),n=e.authenticator,{authType:o,name:i,options:s}=n,p=!!ne()[o]&&(s==null?void 0:s.allowSignUp),y=`/signup?name=${i}`,x=()=>oe(i);return c.jsx(r.SchemaComponent,{schema:$e,scope:{useBasicSignIn:x,allowSignUp:p,signUpLink:y,t}})},Be=e=>{const t=T.useNavigate(),n=f.useForm(),o=r.useAPIClient(),{t:i}=w.useTranslation();return{run(){return A(this,null,function*(){var a;yield n.submit(),yield o.auth.signUp(n.values,e==null?void 0:e.authenticator),d.message.success(((a=e==null?void 0:e.message)==null?void 0:a.success)||i("Sign up successfully, and automatically jump to the sign in page")),setTimeout(()=>{t("/signin")},2e3)})}}},De={type:"object",name:f.uid(),"x-component":"FormV2",properties:{username:{type:"string",required:!0,"x-component":"Input","x-validator":{username:!0},"x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Username")}}',style:{}}},password:{type:"string",required:!0,"x-component":"Password","x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Password")}}',checkStrength:!0,style:{}},"x-reactions":[{dependencies:[".confirm_password"],fulfill:{state:{selfErrors:'{{$deps[0] && $self.value && $self.value !== $deps[0] ? t("Password mismatch") : ""}}'}}}]},confirm_password:{type:"string",required:!0,"x-component":"Password","x-decorator":"FormItem","x-component-props":{placeholder:'{{t("Confirm password")}}',style:{}},"x-reactions":[{dependencies:[".password"],fulfill:{state:{selfErrors:'{{$deps[0] && $self.value && $self.value !== $deps[0] ? t("Password mismatch") : ""}}'}}}]},actions:{type:"void","x-component":"div",properties:{submit:{title:'{{t("Sign up")}}',type:"void","x-component":"Action","x-component-props":{block:!0,type:"primary",htmlType:"submit",useAction:"{{ useBasicSignUp }}",style:{width:"100%"}}}}},link:{type:"void","x-component":"div",properties:{link:{type:"void","x-component":"Link","x-component-props":{to:"/signin"},"x-content":'{{t("Log in with an existing account")}}'}}}}},Ue=({authenticatorName:e})=>{const{t}=v(),n=()=>Be({authenticator:e}),o=Z(e),{options:i}=o;return i!=null&&i.allowSignUp?c.jsx(r.SchemaComponent,{schema:De,scope:{useBasicSignUp:n,t}}):c.jsx(T.Navigate,{to:"/not-found",replace:!0})},Ve=()=>{const{t:e}=v();return c.jsx(r.SchemaComponent,{scope:{t:e},components:{Alert:d.Alert},schema:{type:"object",properties:{public:{type:"object",properties:{allowSignUp:{"x-decorator":"FormItem",type:"boolean",title:'{{t("Allow to sign up")}}',"x-component":"Checkbox","x-component-props":{defaultChecked:!0}}}},notice:{type:"void","x-component":"Alert","x-component-props":{showIcon:!0,message:'{{t("The authentication allows users to sign in via username or email.")}}'}}}}})},Le=()=>{var o;const t=r.usePlugin(I).authTypes.getEntities(),n={};for(const[i,s]of t)(o=s.components)!=null&&o.BindForm&&(n[i]=s.components.BindForm);return n},Me=()=>{const e=r.useRecord(),n=Le()[e.authType];return l.createElement(n,{authenticator:e})},qe={type:"void",name:"authenticatorBind","x-decorator":"TableBlockProvider","x-decorator-props":{collection:{name:"authenticators",sortable:!1,fields:[{interface:"input",type:"string",name:"authType"},{interface:"input",type:"string",name:"title",uiSchema:{type:"string",title:'{{t("Title")}}',"x-component":"Input"}},{interface:"textarea",type:"string",name:"description",uiSchema:{type:"string",title:'{{t("Description")}}',"x-component":"Input"}},{type:"boolean",name:"bind",uiSchema:{type:"boolean",title:'{{t("Bind")}}',"x-component":"Checkbox"}},{type:"string",name:"nickname",uiSchema:{type:"string",title:'{{t("Nickname")}}',"x-component":"Input"}}]},resource:"authenticators",action:"bindTypes",params:{sort:["sort"]},rowKey:"name",showIndex:!0},"x-component":"div",properties:{table:{type:"array","x-component":"TableV2","x-use-component-props":"useTableBlockProps","x-component-props":{rowKey:"name"},properties:{authType:{title:'{{t("Auth Type")}}',type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{authType:{type:"string","x-component":"Select","x-read-pretty":!0}}},title:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{title:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},description:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{description:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},bind:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{bind:{type:"boolean","x-component":"CollectionField","x-read-pretty":!0}}},nickname:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{nickname:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},actions:{type:"void",title:'{{t("Actions")}}',"x-component":"TableV2.Column",properties:{actions:{type:"void","x-component":"Space","x-component-props":{split:"|"},properties:{unbind:{"x-visible":'{{ $self.query(".bind").value() }}',type:"void",title:'{{ t("Unbind") }}',"x-component":"Action.Link","x-component-props":{confirm:{title:"{{t('Unbind')}}",content:"{{t('Are you sure to unbind this authenticator?')}}"},useAction:"{{ useUnbindAction }}"}},bind:{"x-visible":'{{ !$self.query(".bind").value() }}',type:"void",title:"{{ t('Bind') }}","x-component":"Action.Link",properties:{modal:{type:"void","x-decorator":"Form",title:"{{ t('Bind') }}","x-component":"Action.Modal","x-component-props":{width:800},properties:{form:{type:"void","x-component":"BindForm"}}}}}}}}}}}}},Ke=()=>{const{refreshCM:e}=r.useCollectionManager_deprecated(),t=r.useAPIClient(),n=r.useRecord();return{run(){return A(this,null,function*(){yield t.resource("authenticators").unbind({authenticator:n.name}),e()})}}},We=()=>{const{t:e}=v();return c.jsx(d.Card,{bordered:!1,children:c.jsx(r.SchemaComponent,{schema:qe,components:{BindForm:Me},scope:{t:e,useUnbindAction:Ke}})})};var V=typeof globalThis!="undefined"?globalThis:typeof window!="undefined"?window:typeof global!="undefined"?global:typeof self!="undefined"?self:{};function re(e){return e&&e.__esModule&&Object.prototype.hasOwnProperty.call(e,"default")?e.default:e}function He(e){var t=typeof e;return e!=null&&(t=="object"||t=="function")}var ie=He,Ge=typeof V=="object"&&V&&V.Object===Object&&V,Xe=Ge,ze=Xe,Ye=typeof self=="object"&&self&&self.Object===Object&&self,Ze=ze||Ye||Function("return this")(),se=Ze,Je=se,Qe=function(){return Je.Date.now()},Re=Qe,et=/\s/;function tt(e){for(var t=e.length;t--&&et.test(e.charAt(t)););return t}var nt=tt,ot=nt,rt=/^\s+/;function it(e){return e&&e.slice(0,ot(e)+1).replace(rt,"")}var st=it,at=se,ct=at.Symbol,ae=ct,ce=ae,pe=Object.prototype,pt=pe.hasOwnProperty,ut=pe.toString,D=ce?ce.toStringTag:void 0;function lt(e){var t=pt.call(e,D),n=e[D];try{e[D]=void 0;var o=!0}catch(s){}var i=ut.call(e);return o&&(t?e[D]=n:delete e[D]),i}var dt=lt,mt=Object.prototype,yt=mt.toString;function ht(e){return yt.call(e)}var xt=ht,ue=ae,ft=dt,gt=xt,bt="[object Null]",Tt="[object Undefined]",le=ue?ue.toStringTag:void 0;function vt(e){return e==null?e===void 0?Tt:bt:le&&le in Object(e)?ft(e):gt(e)}var St=vt;function Ct(e){return e!=null&&typeof e=="object"}var At=Ct,wt=St,Et=At,Ft="[object Symbol]";function It(e){return typeof e=="symbol"||Et(e)&&wt(e)==Ft}var kt=It,Pt=st,de=ie,Ot=kt,me=NaN,Nt=/^[-+]0x[0-9a-f]+$/i,_t=/^0b[01]+$/i,$t=/^0o[0-7]+$/i,jt=parseInt;function Bt(e){if(typeof e=="number")return e;if(Ot(e))return me;if(de(e)){var t=typeof e.valueOf=="function"?e.valueOf():e;e=de(t)?t+"":t}if(typeof e!="string")return e===0?e:+e;e=Pt(e);var n=_t.test(e);return n||$t.test(e)?jt(e.slice(2),n?2:8):Nt.test(e)?me:+e}var Dt=Bt,Ut=ie,J=Re,ye=Dt,Vt="Expected a function",Lt=Math.max,Mt=Math.min;function qt(e,t,n){var o,i,s,a,p,y,x=0,_=!1,b=!1,g=!0;if(typeof e!="function")throw new TypeError(Vt);t=ye(t)||0,Ut(n)&&(_=!!n.leading,b="maxWait"in n,s=b?Lt(ye(n.maxWait)||0,t):s,g="trailing"in n?!!n.trailing:g);function $(h){var S=o,U=i;return o=i=void 0,x=h,a=e.apply(U,S),a}function W(h){return x=h,p=setTimeout(X,t),_?$(h):a}function H(h){var S=h-y,U=h-x,Te=t-S;return b?Mt(Te,s-U):Te}function G(h){var S=h-y,U=h-x;return y===void 0||S>=t||S<0||b&&U>=s}function X(){var h=J();if(G(h))return be(h);p=setTimeout(X,H(h))}function be(h){return p=void 0,g&&o?$(h):(o=i=void 0,a)}function gn(){p!==void 0&&clearTimeout(p),x=0,o=y=i=p=void 0}function bn(){return p===void 0?a:be(J())}function te(){var h=J(),S=G(h);if(o=arguments,i=this,y=h,S){if(p===void 0)return W(y);if(b)return clearTimeout(p),p=setTimeout(X,t),$(y)}return p===void 0&&(p=setTimeout(X,t)),a}return te.cancel=gn,te.flush=bn,te}var Kt=qt;const Wt=re(Kt),L={EMPTY_TOKEN:"EMPTY_TOKEN",EXPIRED_TOKEN:"EXPIRED_TOKEN",INVALID_TOKEN:"INVALID_TOKEN",TOKEN_RENEW_FAILED:"TOKEN_RENEW_FAILED",BLOCKED_TOKEN:"BLOCKED_TOKEN",EXPIRED_SESSION:"EXPIRED_SESSION",NOT_EXIST_USER:"NOT_EXIST_USER",SKIP_TOKEN_RENEW:"SKIP_TOKEN_RENEW",USER_HAS_NO_ROLES_ERR:"USER_HAS_NO_ROLES_ERR"};function Ht(e,t){const n=t.replace(/[.*+?^${}()|[\]\\]/g,"\\$&"),o=new RegExp(`^${n.replace(/\/?$/,"")}(\\/|$)`);return e.replace(o,"/")||e}const Gt=Wt(e=>{e()},3e3,{leading:!0,trailing:!1});function Xt({app:e}){return e.apiClient.axios,[o=>{var s;const i=(s=o==null?void 0:o.headers)==null?void 0:s["x-new-token"];return i&&e.apiClient.auth.setToken(i),o},o=>{var b,g,$,W,H;const i=(g=(b=o==null?void 0:o.response)==null?void 0:b.headers)==null?void 0:g["x-new-token"],s=(W=($=o==null?void 0:o.response)==null?void 0:$.data)==null?void 0:W.errors,a=Array.isArray(s)?s[0]:null,p=e.router.state,{pathname:y,search:x}=p.location,_=e.router.basename;if(i&&e.apiClient.auth.setToken(i),o.status===401&&(a!=null&&a.code)&&L[a.code]&&(e.apiClient.auth.setToken(""),y===e.getHref("signin")&&(a==null?void 0:a.code)!==L.EMPTY_TOKEN&&o.config&&(o.config.skipNotify=!1),(a==null?void 0:a.code)==="USER_HAS_NO_ROLES_ERR"&&(o.config.skipNotify=!0,e.error=a)),o.status===401&&!((H=o.config)!=null&&H.skipAuth)&&(a!=null&&a.code)&&L[a.code]){if(!a||(a==null?void 0:a.code)===L.SKIP_TOKEN_RENEW)throw o;if(y!==e.getHref("signin")){const G=Ht(y,_);Gt(()=>{e.apiClient.auth.setToken(null),e.router.navigate(`/signin?redirect=${G}${x}`,{replace:!0})})}}throw o}]}const Q=l.createContext({type:""});Q.displayName="AuthTypeContext";const R=l.createContext({types:[]});R.displayName="AuthTypesContext";const zt=()=>{const{types:e}=l.useContext(R);return e},Yt=e=>{const t=r.useRecord(),n=r.useRequest(()=>Promise.resolve({data:C({},t.options)}),Y(C({},e),{manual:!0})),{run:o}=n,i=r.useActionContext();return l.useEffect(()=>{i.visible&&o()},[i.visible,o]),n},Zt=e=>{var o;const n=r.usePlugin(I).authTypes.get(e);return(o=n==null?void 0:n.components)==null?void 0:o.AdminSettingsForm},Jt=f.observer(()=>{const e=f.useForm(),t=r.useRecord(),n=Zt(e.values.authType||t.authType);return n?c.jsx(n,{}):null},{displayName:"Options"}),he={name:"authenticators",sortable:!0,fields:[{name:"id",type:"string",interface:"id"},{interface:"input",type:"string",name:"name",uiSchema:{type:"string",title:'{{t("Auth UID")}}',"x-component":"Input","x-validator":e=>/^[a-zA-Z0-9_-]+$/.test(e)?"":r.i18n.t("a-z, A-Z, 0-9, _, -"),required:!0}},{interface:"input",type:"string",name:"authType",uiSchema:{type:"string",title:'{{t("Auth Type")}}',"x-component":"Select",dataSource:"{{ types }}",required:!0}},{interface:"input",type:"string",name:"title",uiSchema:{type:"string",title:'{{t("Title")}}',"x-component":"Input"}},{interface:"textarea",type:"string",name:"description",uiSchema:{type:"string",title:'{{t("Description")}}',"x-component":"Input"}},{type:"boolean",name:"enabled",uiSchema:{type:"boolean",title:'{{t("Enabled")}}',"x-component":"Checkbox"}}]},Qt={type:"object",properties:{drawer:{type:"void","x-component":"Action.Drawer","x-decorator":"Form","x-decorator-props":{useValues(e){const t=r.useActionContext(),{type:n}=l.useContext(Q);return r.useRequest(()=>Promise.resolve({data:{name:`s_${f.uid()}`,authType:n}}),Y(C({},e),{refreshDeps:[t.visible]}))}},title:'{{t("Add new")}}',properties:{name:{"x-component":"CollectionField","x-decorator":"FormItem"},authType:{"x-component":"CollectionField","x-decorator":"FormItem","x-component-props":{options:"{{ types }}"}},title:{"x-component":"CollectionField","x-decorator":"FormItem"},description:{"x-component":"CollectionField","x-decorator":"FormItem"},enabled:{"x-component":"CollectionField","x-decorator":"FormItem"},options:{type:"object","x-component":"Options"},footer:{type:"void","x-component":"Action.Drawer.Footer",properties:{cancel:{title:'{{ t("Cancel") }}',"x-component":"Action","x-use-component-props":"useCancelActionProps"},create:{title:'{{ t("Submit") }}',"x-action":"submit","x-component":"Action","x-use-component-props":"useCreateDatabaseConnectionAction","x-component-props":{type:"primary"}}}}}}}},Rt={type:"void",name:"authenticators","x-decorator":"TableBlockProvider","x-decorator-props":{collection:he,dragSort:!0,action:"list",params:{pageSize:50,sort:"sort",appends:[]}},properties:{actions:{type:"void","x-component":"ActionBar","x-component-props":{style:{marginBottom:16}},properties:{delete:{type:"void",title:'{{t("Delete")}}',"x-action":"destroy","x-decorator":"ACLActionProvider","x-component":"Action","x-use-component-props":"useBulkDestroyActionProps","x-component-props":{icon:"DeleteOutlined",confirm:{title:"{{t('Delete')}}",content:"{{t('Are you sure you want to delete it?')}}"}}},create:{type:"void",title:'{{t("Add new")}}',"x-component":"AddNew","x-component-props":{type:"primary"}}}},table:{type:"array","x-uid":"input","x-component":"TableV2","x-use-component-props":"useTableBlockProps","x-component-props":{rowKey:"id",rowSelection:{type:"checkbox"}},properties:{id:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{id:{type:"number","x-component":"CollectionField","x-read-pretty":!0}}},name:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{name:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},authType:{title:'{{t("Auth Type")}}',type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{authType:{type:"string","x-component":"Select","x-read-pretty":!0,enum:"{{ types }}"}}},title:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{title:{type:"string","x-component":"CollectionField","x-read-pretty":!0}}},description:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{description:{type:"boolean","x-component":"CollectionField","x-read-pretty":!0}}},enabled:{type:"void","x-decorator":"TableV2.Column.Decorator","x-component":"TableV2.Column",properties:{enabled:{type:"boolean","x-component":"CollectionField","x-read-pretty":!0}}},actions:{type:"void",title:'{{t("Actions")}}',"x-component":"TableV2.Column",properties:{actions:{type:"void","x-component":"Space","x-component-props":{split:"|"},properties:{updateAuthenticator:{type:"void",title:'{{ t("Edit") }}',"x-action":"update","x-component":"Action.Link","x-component-props":{openMode:"drawer",icon:"EditOutlined"},"x-decorator":"ACLActionProvider",properties:{drawer:{type:"void",title:'{{ t("Edit record") }}',"x-component":"Action.Container","x-component-props":{className:"tb-action-popup"},properties:{card:{type:"void","x-acl-action-props":{skipScopeCheck:!1},"x-acl-action":"authenticators:update","x-decorator":"FormBlockProvider","x-use-decorator-props":"useEditFormBlockDecoratorProps","x-decorator-props":{action:"get",dataSource:"main",collection:he},"x-component":"CardItem",properties:{form:{type:"void","x-component":"FormV2","x-use-component-props":"useEditFormBlockProps",properties:{actionBar:{type:"void","x-component":"ActionBar","x-component-props":{style:{marginBottom:24}},properties:{cancel:{title:'{{ t("Cancel") }}',"x-component":"Action","x-use-component-props":"useCancelActionProps"},submit:{title:'{{ t("Submit") }}',"x-component":"Action","x-use-component-props":"useUpdateActionProps","x-component-props":{type:"primary"}}}},name:{"x-component":"CollectionField","x-decorator":"FormItem"},authType:{"x-component":"CollectionField","x-decorator":"FormItem","x-component-props":{options:"{{ types }}"}},title:{"x-component":"CollectionField","x-decorator":"FormItem"},description:{"x-component":"CollectionField","x-decorator":"FormItem"},enabled:{"x-component":"CollectionField","x-decorator":"FormItem"},options:{type:"object","x-component":"Options"}}}}}}}}},delete:{type:"void",title:'{{ t("Delete") }}',"x-action":"destroy","x-component":"Action.Link","x-use-component-props":"useDestroyActionProps","x-component-props":{confirm:{title:"{{t('Delete record')}}",content:"{{t('Are you sure you want to delete it?')}}"}},"x-disabled":"{{ useCanNotDelete() }}"}}}}}}}}},en=()=>{const{setVisible:e}=r.useActionContext();return{run(){return A(this,null,function*(){e(!1)})}}},tn=()=>{const{t:e}=w.useTranslation(),[t,n]=l.useState(!1),[o,i]=l.useState(""),s=zt(),a=s.map(p=>Y(C({},p),{onClick:()=>{n(!0),i(p.value)}}));return c.jsx(r.ActionContextProvider,{value:{visible:t,setVisible:n},children:c.jsxs(Q.Provider,{value:{type:o},children:[c.jsx(d.Dropdown,{menu:{items:a},children:c.jsxs(d.Button,{icon:c.jsx(k.PlusOutlined,{}),type:"primary",children:[e("Add new")," ",c.jsx(k.DownOutlined,{})]})}),c.jsx(r.SchemaComponent,{scope:{useCloseAction:en,types:s,setType:i},schema:Qt})]})})},nn=()=>(r.useAsyncData(),!1),on=()=>{const{t:e}=v(),[t,n]=l.useState([]),o=r.useAPIClient();return r.useRequest(()=>o.resource("authenticators").listTypes().then(i=>{var a;return(((a=i==null?void 0:i.data)==null?void 0:a.data)||[]).map(p=>({key:p.name,label:e(p.title||p.name),value:p.name}))}),{onSuccess:i=>{n(i)}}),c.jsx(d.Card,{bordered:!1,children:c.jsx(R.Provider,{value:{types:t},children:c.jsx(r.SchemaComponent,{schema:Rt,components:{AddNew:tn,Options:Jt},scope:{types:t,useValuesFromOptions:Yt,useCanNotDelete:nn,t:e}})})})},{Option:ee}=d.Select,rn=f.connect(e=>{const{t}=v(),b=e,{value:n,onChange:o,minNum:i=1}=b,s=Ae(b,["value","onChange","minNum"]),a=/^(\d*)([a-zA-Z]*)$/,p=n?n.match(a):null;l.useEffect(()=>{p||o("10m")},[p,o]);const[y,x]=p?[parseInt(p[1]),p[2]]:[10,"m"],_=c.jsxs(d.Select,{value:x,onChange:g=>o(`${y}${g}`),style:{width:120},children:[c.jsx(ee,{value:"m",children:t("Minutes")}),c.jsx(ee,{value:"h",children:t("Hours")}),c.jsx(ee,{value:"d",children:t("Days")})]});return c.jsx(d.InputNumber,C({value:y,addonAfter:_,min:i,onChange:g=>o(`${g!=null?g:1}${x}`)},s))},f.mapProps({onInput:"onChange"})),M={InputTime:"InputTime"},sn={[M.InputTime]:rn};var P=1e3,O=P*60,N=O*60,F=N*24,an=F*7,cn=F*365.25,pn=function(e,t){t=t||{};var n=typeof e;if(n==="string"&&e.length>0)return un(e);if(n==="number"&&isFinite(e))return t.long?dn(e):ln(e);throw new Error("val is not a non-empty string or a valid number. val="+JSON.stringify(e))};function un(e){if(e=String(e),!(e.length>100)){var t=/^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(e);if(t){var n=parseFloat(t[1]),o=(t[2]||"ms").toLowerCase();switch(o){case"years":case"year":case"yrs":case"yr":case"y":return n*cn;case"weeks":case"week":case"w":return n*an;case"days":case"day":case"d":return n*F;case"hours":case"hour":case"hrs":case"hr":case"h":return n*N;case"minutes":case"minute":case"mins":case"min":case"m":return n*O;case"seconds":case"second":case"secs":case"sec":case"s":return n*P;case"milliseconds":case"millisecond":case"msecs":case"msec":case"ms":return n;default:return}}}}function ln(e){var t=Math.abs(e);return t>=F?Math.round(e/F)+"d":t>=N?Math.round(e/N)+"h":t>=O?Math.round(e/O)+"m":t>=P?Math.round(e/P)+"s":e+"ms"}function dn(e){var t=Math.abs(e);return t>=F?q(e,t,F,"day"):t>=N?q(e,t,N,"hour"):t>=O?q(e,t,O,"minute"):t>=P?q(e,t,P,"second"):e+" ms"}function q(e,t,n,o){var i=t>=n*1.5;return Math.round(e/n)+" "+o+(i?"s":"")}const xe=re(pn),fe="token-policy-config",ge="tokenControlConfig",mn=()=>{const e=r.useAPIClient(),t=l.useMemo(()=>f.createForm(),[]);return l.useEffect(()=>{A(this,null,function*(){var o;try{const{data:i}=yield e.resource(ge).get({filterByTk:fe});(o=i==null?void 0:i.data)!=null&&o.config&&t.setValues(i.data.config)}catch(i){console.error(i)}})},[t,e]),{form:t}},yn=()=>{const{message:e}=d.App.useApp(),t=r.useAPIClient(),n=f.useForm(),{t:o}=v();return{type:"primary",onClick(){return A(this,null,function*(){n.clearErrors("*");const{tokenExpirationTime:s,sessionExpirationTime:a,expiredTokenRenewLimit:p}=n.values;if(xe(s)>=xe(a)){n.setFieldState("tokenExpirationTime",x=>{x.feedbacks=[{type:"error",code:"ValidateError",messages:[o("Token validity period must be less than session validity period!")]}]});return}yield n.submit();const y=yield t.resource(ge).update({values:{config:n.values},filterByTk:fe});y&&y.status===200&&e.success(o("Saved successfully!"))})}}},K={useSubmitActionProps:"useSubmitActionProps",useEditForm:"useEditForm"},hn={[K.useEditForm]:mn,[K.useSubmitActionProps]:yn},xn={name:f.uid(),"x-component":"FormV2","x-use-component-props":K.useEditForm,type:"object",properties:{sessionExpirationTime:{type:"string",title:j("Session validity period"),"x-decorator":"FormItem","x-component":M.InputTime,required:!0,description:j("The maximum valid time for each user login. During the session validity, the Token will be automatically updated. After the timeout, the user is required to log in again.")},tokenExpirationTime:{type:"string",title:j("Token validity period"),"x-decorator":"FormItem","x-component":M.InputTime,required:!0,description:j("The validity period of each issued API Token. After the Token expires, if it is within the session validity period and has not exceeded the refresh limit, the server will automatically issue a new Token to maintain the user session, otherwise the user is required to log in again. (Each Token can only be refreshed once)")},expiredTokenRenewLimit:{type:"string",title:"{{t('Expired token refresh limit')}}","x-decorator":"FormItem","x-component":M.InputTime,"x-component-props":{minNum:0},required:!0,description:j("The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.")},footer:{type:"void","x-component":"ActionBar","x-component-props":{layout:"one-column"},properties:{submit:{title:'{{t("Submit")}}',"x-component":"Action","x-use-component-props":K.useSubmitActionProps}}}}},fn=()=>{const{t:e}=v();return c.jsx(d.Card,{bordered:!1,children:c.jsx(r.SchemaComponent,{schema:xn,scope:C({t:e},hn),components:sn})})};class I extends r.Plugin{constructor(){super(...arguments),this.authTypes=new m.Registry}registerType(t,n){this.authTypes.register(t,n)}load(){return A(this,null,function*(){this.app.systemSettingsManager.add("system-services."+E,{icon:"LoginOutlined",title:`{{t("Authentication", { ns: "${E}" })}}`,Component:on,aclSnippet:"pm.auth.authenticators"}),this.app.userSettingsManager.add(E,{icon:"LoginOutlined",title:`{{t("Authentication login bind", { ns: "${E}" })}}`,Component:We,aclSnippet:"pm.auth.authenticators"}),this.router.add("auth",{Component:"AuthLayout"}),this.router.add("auth.signin",{path:"/signin",Component:"SignInPage"}),this.router.add("auth.signup",{path:"/signup",Component:"SignUpPage"}),this.app.addComponents({AuthLayout:Fe,SignInPage:Pe,SignUpPage:Ne}),this.app.providers.unshift([Ee,{}]),this.registerType(we,{components:{SignInForm:je,SignUpForm:Ue,AdminSettingsForm:Ve}}),this.app.systemSettingsManager.add("security.token-policy",{title:`{{t("Token policy", { ns: "${E}" })}}`,Component:fn,aclSnippet:"pm.security.token-policy",icon:"ApiOutlined",sort:0});const[t,n]=Xt({app:this.app});this.app.apiClient.axios.interceptors.response.handlers.unshift({fulfilled:t,rejected:n,synchronous:!1,runWhen:null})})}}u.AuthenticatorsContext=B,u.PluginAuthClient=I,u.default=I,u.useAuthenticator=Z,u.useSignIn=oe,Object.defineProperties(u,{__esModule:{value:!0},[Symbol.toStringTag]:{value:"Module"}})});

package/dist/client/interceptors.d.ts

@@ -0,0 +1,5 @@
+import { Application } from '@tachybase/client';
+import type { AxiosResponse } from 'axios';
+export declare function authCheckMiddleware({ app }: {
+    app: Application;
+}): ((res: AxiosResponse) => AxiosResponse<any, any>)[];

package/dist/client/locale/index.d.ts

@@ -1,2 +1,3 @@
 export declare const NAMESPACE = "auth";
 export declare function useAuthTranslation(): import("react-i18next").UseTranslationResponse<[string, string], undefined>;
+export declare const tval: (key: string) => string;

package/dist/client/settings/token-policy/components.d.ts

@@ -0,0 +1,7 @@
+import React from 'react';
+export declare const componentsNameMap: {
+    InputTime: string;
+};
+export declare const componentsMap: {
+    [x: string]: React.ForwardRefExoticComponent<Omit<any, "ref"> & React.RefAttributes<unknown>>;
+};

package/dist/client/settings/token-policy/hooks.d.ts

@@ -0,0 +1,16 @@
+export declare const useSubmitActionProps: () => {
+    type: string;
+    onClick(): Promise<void>;
+};
+export declare const hooksNameMap: {
+    useSubmitActionProps: string;
+    useEditForm: string;
+};
+export declare const hooksMap: {
+    [x: string]: (() => {
+        form: import("@tachybase/schema").Form<any>;
+    }) | (() => {
+        type: string;
+        onClick(): Promise<void>;
+    });
+};

package/dist/client/settings/token-policy/index.d.ts

@@ -0,0 +1 @@
+export declare const TokenPolicySettings: () => import("react/jsx-runtime").JSX.Element;

package/dist/constants.d.ts

@@ -0,0 +1,5 @@
+export declare const tokenPolicyRecordKey = "token-policy-config";
+export declare const tokenPolicyCacheKey: string;
+export declare const tokenPolicyCollectionName = "tokenControlConfig";
+export declare const issuedTokensCollectionName = "issuedTokens";
+export declare const RENEWED_JTI_CACHE_MS = 10000;

package/dist/constants.js

@@ -0,0 +1,39 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var constants_exports = {};
+__export(constants_exports, {
+  RENEWED_JTI_CACHE_MS: () => RENEWED_JTI_CACHE_MS,
+  issuedTokensCollectionName: () => issuedTokensCollectionName,
+  tokenPolicyCacheKey: () => tokenPolicyCacheKey,
+  tokenPolicyCollectionName: () => tokenPolicyCollectionName,
+  tokenPolicyRecordKey: () => tokenPolicyRecordKey
+});
+module.exports = __toCommonJS(constants_exports);
+const tokenPolicyRecordKey = "token-policy-config";
+const tokenPolicyCacheKey = "auth:" + tokenPolicyRecordKey;
+const tokenPolicyCollectionName = "tokenControlConfig";
+const issuedTokensCollectionName = "issuedTokens";
+const RENEWED_JTI_CACHE_MS = 1e4;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RENEWED_JTI_CACHE_MS,
+  issuedTokensCollectionName,
+  tokenPolicyCacheKey,
+  tokenPolicyCollectionName,
+  tokenPolicyRecordKey
+});

package/dist/externalVersion.js

@@ -1,16 +1,19 @@
 module.exports = {
   "react": "18.3.1",
-  "@tachybase/client": "0.23.58",
+  "@tachybase/client": "1.0.6",
   "react-router-dom": "6.28.1",
-  "@tachybase/utils": "0.23.58",
-  "@tachybase/auth": "0.23.58",
-  "@tachybase/database": "0.23.58",
-  "@tachybase/cache": "0.23.58",
-  "@tachybase/server": "0.23.58",
-  "@tachybase/test": "0.23.58",
+  "@tachybase/utils": "1.0.6",
+  "axios": "1.7.7",
+  "lodash": "4.17.21",
+  "@tachybase/auth": "1.0.6",
+  "@tachybase/database": "1.0.6",
+  "@tachybase/cache": "1.0.6",
+  "@tachybase/server": "1.0.6",
+  "@tachybase/logger": "1.0.6",
+  "@tachybase/test": "1.0.6",
   "antd": "5.22.5",
-  "@tachybase/schema": "0.23.58",
+  "@tachybase/schema": "1.0.6",
   "react-i18next": "15.2.0",
   "@ant-design/icons": "5.3.7",
-  "@tachybase/actions": "0.23.58"
+  "@tachybase/actions": "1.0.6"
 };

package/dist/locale/en-US.json

@@ -8,24 +8,46 @@
   "Authentication login bind": "Authentication login bind",
   "Authenticators": "Authenticators",
   "Bind": "Bind",
+  "Days": "Days",
+  "Expired token refresh limit": "Expired token refresh limit",
+  "Hours": "Hours",
+  "In configuration mode, the entire column becomes transparent. In non-configuration mode, the entire column will be hidden. Even if the entire column is hidden, its configured default values and other settings will still take effect.": "In configuration mode, the entire column becomes transparent. In non-configuration mode, the entire column will be hidden. Even if the entire column is hidden, its configured default values and other settings will still take effect.",
+  "Minutes": "Minutes",
   "No authentication methods available.": "No authentication methods available.",
   "Not a valid cellphone number, please re-enter": "Not a valid cellphone number, please re-enter",
   "Not allowed to sign up": "Not allowed to sign up",
+  "Password is not allowed to be changed": "Password is not allowed to be changed",
   "Please enter a valid email": "Please enter a valid email",
   "Please enter a valid username": "Please enter a valid username",
   "Please enter your username or email": "Please enter your username or email",
   "Please keep and enable at least one authenticator": "Please keep and enable at least one authenticator",
   "SMS": "SMS",
+  "Saved successfully!": "Saved successfully!",
+  "Seconds": "Seconds",
+  "Session validity period": "Session validity period",
   "Sign in via email": "Sign in via email",
   "Sign in via password": "Sign in via password",
   "Sign-in": "Sign-in",
   "The authentication allows users to sign in via username or email.": "The authentication allows users to sign in via username or email.",
+  "The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.": "The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.",
+  "The maximum valid time for each user login. During the session validity, the Token will be automatically updated. After the timeout, the user is required to log in again.": "The maximum valid time for each user login. During the session validity, the Token will be automatically updated. After the timeout, the user is required to log in again.",
   "The password is inconsistent, please re-enter": "The password is inconsistent, please re-enter",
   "The password is incorrect, please re-enter": "The password is incorrect, please re-enter",
   "The phone number has been registered, please login directly": "The phone number has been registered, please login directly",
   "The phone number is not registered, please register first": "The phone number is not registered, please register first",
   "The username or email is incorrect, please re-enter": "The username or email is incorrect, please re-enter",
+  "The validity period of each issued API Token. After the Token expires, if it is within the session validity period and has not exceeded the refresh limit, the server will automatically issue a new Token to maintain the user session, otherwise the user is required to log in again. (Each Token can only be refreshed once)": "The validity period of each issued API Token. After the Token expires, if it is within the session validity period and has not exceeded the refresh limit, the server will automatically issue a new Token to maintain the user session, otherwise the user is required to log in again. (Each Token can only be refreshed once)",
+  "Token policy": "Token policy",
+  "Token validity period": "Token validity period",
+  "Token validity period must be less than session validity period!": "Token validity period must be less than session validity period!",
+  "Unauthenticated. Please sign in to continue.": "Unauthenticated. Please sign in to continue.",
   "Unbind": "Unbind",
   "User can bind or unbind the sign in type": "User can bind or unbind the sign in type",
-  "Username/Email": "Username/Email"
+  "User not found. Please sign in again to continue.": "User not found. Please sign in again to continue.",
+  "Username/Email": "Username/Email",
+  "Your session has expired. Please sign in again.": "Your session has expired. Please sign in again.",
+  "gitea": "Gitea",
+  "sms": "SMS",
+  "wechat": "WeChat",
+  "work-wechat": "WeCom"
 }

package/dist/locale/zh-CN.json

@@ -8,24 +8,45 @@
   "Authentication login bind": "认证登录绑定",
   "Authenticators": "认证器",
   "Bind": "绑定",
+  "Days": "天",
+  "Expired token refresh limit": "过期 Token 刷新时限",
+  "Hours": "小时",
+  "Minutes": "分钟",
   "No authentication methods available.": "没有可用的认证方式。",
   "Not a valid cellphone number, please re-enter": "不是有效的手机号，请重新输入",
   "Not allowed to sign up": "禁止注册",
+  "Password is not allowed to be changed": "密码不允许修改",
   "Please enter a valid email": "请输入有效的邮箱",
   "Please enter a valid username": "请输入有效的用户名",
   "Please enter your username or email": "请输入用户名或邮箱",
   "Please keep and enable at least one authenticator": "请至少保留并启用一个认证器",
   "SMS": "短信",
+  "Saved successfully!": "保存成功！",
+  "Seconds": "秒",
+  "Session validity period": "会话有效期",
   "Sign in via email": "邮箱登录",
   "Sign in via password": "密码登录",
   "Sign-in": "登录",
   "The authentication allows users to sign in via username or email.": "该认证方式支持用户通过用户名或邮箱登录。",
+  "The maximum time limit allowed for refreshing a Token after it expires. After this time limit, the token cannot be automatically renewed, and the user needs to log in again.": "Token 过期后允许刷新的最大时限，超过此时限后，Token 无法自动更新，用户需重新登录。",
+  "The maximum valid time for each user login. During the session validity, the Token will be automatically updated. After the timeout, the user is required to log in again.": "用户每次登录的最长有效时间，在会话有效期内，Token 会自动更新，超时后要求用户重新登录。",
   "The password is inconsistent, please re-enter": "密码不一致，请重新输入",
   "The password is incorrect, please re-enter": "密码有误，请重新输入",
   "The phone number has been registered, please login directly": "手机号已注册，请直接登录",
   "The phone number is not registered, please register first": "手机号未注册，请先注册",
   "The username or email is incorrect, please re-enter": "用户名或邮箱有误，请重新输入",
+  "The validity period of each issued API Token. After the Token expires, if it is within the session validity period and has not exceeded the refresh limit, the server will automatically issue a new Token to maintain the user session, otherwise the user is required to log in again. (Each Token can only be refreshed once)": "每次签发的 API Token 的有效期。Token 过期后，如果处于会话有效期内，并且没有超过刷新时限，服务端将自动签发新 Token 以保持用户会话，否则要求用户重新登录。（每个 Token 只能被刷新一次）",
+  "Token policy": "Token 策略",
+  "Token validity period": "Token 有效期",
+  "Token validity period must be less than session validity period!": "Token 有效期必须小于会话有效期！",
+  "Unauthenticated. Please sign in to continue.": "未认证。请登录以继续。",
   "Unbind": "解绑",
   "User can bind or unbind the sign in type": "用户可以绑定或解绑登录方式",
-  "Username/Email": "用户名/邮箱"
+  "User not found. Please sign in again to continue.": "用户不存在。请重新登录以继续。",
+  "Username/Email": "用户名/邮箱",
+  "Your session has expired. Please sign in again.": "您的会话已过期，请重新登录。",
+  "gitea": "Gitea 验证登录",
+  "sms": "短信验证",
+  "wechat": "微信登录",
+  "work-wechat": "企业微信登录"
 }

package/dist/node_modules/cron/package.json

@@ -1 +1 @@
-{"name":"cron","description":"Cron jobs for your node","version":"3.3.1","author":"Nick Campbell <nicholas.j.campbell@gmail.com> (https://github.com/ncb000gt)","bugs":{"url":"https://github.com/kelektiv/node-cron/issues"},"repository":{"type":"git","url":"https://github.com/kelektiv/node-cron.git"},"main":"dist/index.js","types":"dist/index.d.ts","scripts":{"build":"tsc -b tsconfig.build.json","lint:eslint":"eslint src/ tests/","lint:prettier":"prettier ./**/*.{json,md,yml} --check","lint":"npm run lint:eslint && npm run lint:prettier","lint:fix":"npm run lint:eslint -- --fix && npm run lint:prettier -- --write","test":"jest --coverage","test:watch":"jest --watch --coverage","test:fuzz":"jest  --testMatch='**/*.fuzz.ts' --coverage=false --testTimeout=120000","prepare":"husky"},"dependencies":{"@types/luxon":"~3.4.0","luxon":"~3.5.0"},"devDependencies":{"@commitlint/cli":"19.6.0","@eslint/js":"^9.14.0","@fast-check/jest":"2.0.3","@insurgent/commitlint-config":"20.0.0","@insurgent/conventional-changelog-preset":"10.0.0","@semantic-release/changelog":"6.0.3","@semantic-release/commit-analyzer":"13.0.0","@semantic-release/git":"10.0.1","@semantic-release/github":"11.0.1","@semantic-release/npm":"12.0.1","@semantic-release/release-notes-generator":"14.0.1","@types/jest":"29.5.14","@types/node":"20.17.9","@types/sinon":"17.0.3","chai":"4.5.0","eslint":"8.57.1","eslint-config-prettier":"9.1.0","eslint-plugin-jest":"27.9.0","eslint-plugin-prettier":"5.2.1","husky":"9.1.7","jest":"29.7.0","lint-staged":"15.2.10","prettier":"3.3.3","semantic-release":"24.2.0","sinon":"17.0.2","ts-jest":"29.2.5","typescript":"5.7.2","typescript-eslint":"^7.2.0"},"keywords":["cron","node cron","node-cron","schedule","scheduler","cronjob","cron job"],"license":"MIT","contributors":["Brandon der Blätter <https://interlucid.com/contact/> (https://github.com/intcreator)","Pierre Cavin <me@sherlox.io> (https://github.com/sheerlox)","Romain Beauxis <toots@rastageeks.org> (https://github.com/toots)","James Padolsey <> (https://github.com/jamespadolsey)","Finn Herpich <fh@three-heads.de> (https://github.com/ErrorProne)","Clifton Cunningham <clifton.cunningham@gmail.com> (https://github.com/cliftonc)","Eric Abouaf <eric.abouaf@gmail.com> (https://github.com/neyric)","humanchimp <morphcham@gmail.com> (https://github.com/humanchimp)","Craig Condon <craig@spiceapps.com> (https://github.com/spiceapps)","Dan Bear <daniel@hulu.com> (https://github.com/danhbear)","Vadim Baryshev <vadimbaryshev@gmail.com> (https://github.com/baryshev)","Leandro Ferrari <lfthomaz@gmail.com> (https://github.com/lfthomaz)","Gregg Zigler <greggzigler@gmail.com> (https://github.com/greggzigler)","Jordan Abderrachid <jabderrachid@gmail.com> (https://github.com/jordanabderrachid)","Masakazu Matsushita <matsukaz@gmail.com> (matsukaz)","Christopher Lunt <me@kirisu.co.uk> (https://github.com/kirisu)"],"files":["dist/**/*.js","dist/**/*.d.ts","CHANGELOG.md","LICENSE","README.md"],"lint-staged":{"*.ts":"eslint src/ tests/ --fix","*.{json,md,yml}":"prettier ./**/*.{json,md,yml} --check --write"},"_lastModified":"2025-03-06T09:57:23.111Z"}
+{"name":"cron","description":"Cron jobs for your node","version":"3.3.1","author":"Nick Campbell <nicholas.j.campbell@gmail.com> (https://github.com/ncb000gt)","bugs":{"url":"https://github.com/kelektiv/node-cron/issues"},"repository":{"type":"git","url":"https://github.com/kelektiv/node-cron.git"},"main":"dist/index.js","types":"dist/index.d.ts","scripts":{"build":"tsc -b tsconfig.build.json","lint:eslint":"eslint src/ tests/","lint:prettier":"prettier ./**/*.{json,md,yml} --check","lint":"npm run lint:eslint && npm run lint:prettier","lint:fix":"npm run lint:eslint -- --fix && npm run lint:prettier -- --write","test":"jest --coverage","test:watch":"jest --watch --coverage","test:fuzz":"jest  --testMatch='**/*.fuzz.ts' --coverage=false --testTimeout=120000","prepare":"husky"},"dependencies":{"@types/luxon":"~3.4.0","luxon":"~3.5.0"},"devDependencies":{"@commitlint/cli":"19.6.0","@eslint/js":"^9.14.0","@fast-check/jest":"2.0.3","@insurgent/commitlint-config":"20.0.0","@insurgent/conventional-changelog-preset":"10.0.0","@semantic-release/changelog":"6.0.3","@semantic-release/commit-analyzer":"13.0.0","@semantic-release/git":"10.0.1","@semantic-release/github":"11.0.1","@semantic-release/npm":"12.0.1","@semantic-release/release-notes-generator":"14.0.1","@types/jest":"29.5.14","@types/node":"20.17.9","@types/sinon":"17.0.3","chai":"4.5.0","eslint":"8.57.1","eslint-config-prettier":"9.1.0","eslint-plugin-jest":"27.9.0","eslint-plugin-prettier":"5.2.1","husky":"9.1.7","jest":"29.7.0","lint-staged":"15.2.10","prettier":"3.3.3","semantic-release":"24.2.0","sinon":"17.0.2","ts-jest":"29.2.5","typescript":"5.7.2","typescript-eslint":"^7.2.0"},"keywords":["cron","node cron","node-cron","schedule","scheduler","cronjob","cron job"],"license":"MIT","contributors":["Brandon der Blätter <https://interlucid.com/contact/> (https://github.com/intcreator)","Pierre Cavin <me@sherlox.io> (https://github.com/sheerlox)","Romain Beauxis <toots@rastageeks.org> (https://github.com/toots)","James Padolsey <> (https://github.com/jamespadolsey)","Finn Herpich <fh@three-heads.de> (https://github.com/ErrorProne)","Clifton Cunningham <clifton.cunningham@gmail.com> (https://github.com/cliftonc)","Eric Abouaf <eric.abouaf@gmail.com> (https://github.com/neyric)","humanchimp <morphcham@gmail.com> (https://github.com/humanchimp)","Craig Condon <craig@spiceapps.com> (https://github.com/spiceapps)","Dan Bear <daniel@hulu.com> (https://github.com/danhbear)","Vadim Baryshev <vadimbaryshev@gmail.com> (https://github.com/baryshev)","Leandro Ferrari <lfthomaz@gmail.com> (https://github.com/lfthomaz)","Gregg Zigler <greggzigler@gmail.com> (https://github.com/greggzigler)","Jordan Abderrachid <jabderrachid@gmail.com> (https://github.com/jordanabderrachid)","Masakazu Matsushita <matsukaz@gmail.com> (matsukaz)","Christopher Lunt <me@kirisu.co.uk> (https://github.com/kirisu)"],"files":["dist/**/*.js","dist/**/*.d.ts","CHANGELOG.md","LICENSE","README.md"],"lint-staged":{"*.ts":"eslint src/ tests/ --fix","*.{json,md,yml}":"prettier ./**/*.{json,md,yml} --check --write"},"_lastModified":"2025-04-02T02:55:46.942Z"}

package/dist/node_modules/ms/index.js

@@ -0,0 +1 @@
+(function(){var e={134:function(e){var r=1e3;var s=r*60;var a=s*60;var n=a*24;var t=n*7;var u=n*365.25;e.exports=function(e,r){r=r||{};var s=typeof e;if(s==="string"&&e.length>0){return parse(e)}else if(s==="number"&&isFinite(e)){return r.long?fmtLong(e):fmtShort(e)}throw new Error("val is not a non-empty string or a valid number. val="+JSON.stringify(e))};function parse(e){e=String(e);if(e.length>100){return}var c=/^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec(e);if(!c){return}var i=parseFloat(c[1]);var o=(c[2]||"ms").toLowerCase();switch(o){case"years":case"year":case"yrs":case"yr":case"y":return i*u;case"weeks":case"week":case"w":return i*t;case"days":case"day":case"d":return i*n;case"hours":case"hour":case"hrs":case"hr":case"h":return i*a;case"minutes":case"minute":case"mins":case"min":case"m":return i*s;case"seconds":case"second":case"secs":case"sec":case"s":return i*r;case"milliseconds":case"millisecond":case"msecs":case"msec":case"ms":return i;default:return undefined}}function fmtShort(e){var t=Math.abs(e);if(t>=n){return Math.round(e/n)+"d"}if(t>=a){return Math.round(e/a)+"h"}if(t>=s){return Math.round(e/s)+"m"}if(t>=r){return Math.round(e/r)+"s"}return e+"ms"}function fmtLong(e){var t=Math.abs(e);if(t>=n){return plural(e,t,n,"day")}if(t>=a){return plural(e,t,a,"hour")}if(t>=s){return plural(e,t,s,"minute")}if(t>=r){return plural(e,t,r,"second")}return e+" ms"}function plural(e,r,s,a){var n=r>=s*1.5;return Math.round(e/s)+" "+a+(n?"s":"")}}};var r={};function __nccwpck_require__(s){var a=r[s];if(a!==undefined){return a.exports}var n=r[s]={exports:{}};var t=true;try{e[s](n,n.exports,__nccwpck_require__);t=false}finally{if(t)delete r[s]}return n.exports}if(typeof __nccwpck_require__!=="undefined")__nccwpck_require__.ab=__dirname+"/";var s=__nccwpck_require__(134);module.exports=s})();

package/dist/node_modules/ms/package.json

@@ -0,0 +1 @@
+{"name":"ms","version":"2.1.3","description":"Tiny millisecond conversion utility","repository":"vercel/ms","main":"./index","files":["index.js"],"scripts":{"precommit":"lint-staged","lint":"eslint lib/* bin/*","test":"mocha tests.js"},"eslintConfig":{"extends":"eslint:recommended","env":{"node":true,"es6":true}},"lint-staged":{"*.js":["npm run lint","prettier --single-quote --write","git add"]},"license":"MIT","devDependencies":{"eslint":"4.18.2","expect.js":"0.3.1","husky":"0.14.3","lint-staged":"5.0.0","mocha":"4.0.1","prettier":"2.0.5"},"_lastModified":"2025-04-02T02:55:47.034Z"}

package/dist/server/basic-auth.js

@@ -59,12 +59,12 @@ class BasicAuth extends import_auth.BaseAuth {
       filter
     });
     if (!user) {
-      ctx.throw(401, ctx.t("The username or email is incorrect, please re-enter", { ns: import_preset.namespace }));
+      ctx.throw(401, ctx.t("The username, email or password is incorrect, please re-enter", { ns: import_preset.namespace }));
     }
     const field = this.userCollection.getField("password");
     const valid = await field.verify(password, user.password);
     if (!valid) {
-      ctx.throw(401, ctx.t("The password is incorrect, please re-enter", { ns: import_preset.namespace }));
+      ctx.throw(401, ctx.t("The username, email or password is incorrect, please re-enter", { ns: import_preset.namespace }));
     }
     return user;
   }
@@ -163,7 +163,7 @@ class BasicAuth extends import_auth.BaseAuth {
     const pwd = this.userCollection.getField("password");
     const isValid = await pwd.verify(oldPassword, user.password);
     if (!isValid) {
-      ctx.throw(401, ctx.t("The password is incorrect, please re-enter", { ns: import_preset.namespace }));
+      ctx.throw(401, ctx.t("The username, email or password is incorrect, please re-enter", { ns: import_preset.namespace }));
     }
     user.password = newPassword;
     await user.save();

package/dist/server/collections/authenticators.js

@@ -33,14 +33,6 @@ var authenticators_default = (0, import_database.defineCollection)({
   updatedBy: true,
   logging: true,
   fields: [
-    {
-      name: "id",
-      type: "bigInt",
-      autoIncrement: true,
-      primaryKey: true,
-      allowNull: false,
-      interface: "id"
-    },
     {
       interface: "input",
       type: "string",

package/dist/server/collections/issued-tokens.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("@tachybase/database").CollectionOptions;
+export default _default;

package/dist/server/collections/issued-tokens.js

@@ -0,0 +1,60 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var issued_tokens_exports = {};
+__export(issued_tokens_exports, {
+  default: () => issued_tokens_default
+});
+module.exports = __toCommonJS(issued_tokens_exports);
+var import_database = require("@tachybase/database");
+var import_constants = require("../../constants");
+var issued_tokens_default = (0, import_database.defineCollection)({
+  name: import_constants.issuedTokensCollectionName,
+  autoGenId: false,
+  createdAt: true,
+  updatedAt: true,
+  fields: [
+    {
+      name: "id",
+      type: "uuid",
+      primaryKey: true,
+      allowNull: false,
+      interface: "input"
+    },
+    {
+      type: "bigInt",
+      name: "signInTime",
+      allowNull: false
+    },
+    {
+      name: "jti",
+      type: "uuid",
+      allowNull: false,
+      index: true
+    },
+    {
+      type: "bigInt",
+      name: "issuedTime",
+      allowNull: false
+    },
+    {
+      type: "bigInt",
+      name: "userId",
+      allowNull: false
+    }
+  ]
+});

package/dist/server/collections/token-poilcy-config.d.ts

@@ -0,0 +1,2 @@
+declare const _default: import("@tachybase/database").CollectionOptions;
+export default _default;

package/dist/server/collections/token-poilcy-config.js

@@ -0,0 +1,47 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var token_poilcy_config_exports = {};
+__export(token_poilcy_config_exports, {
+  default: () => token_poilcy_config_default
+});
+module.exports = __toCommonJS(token_poilcy_config_exports);
+var import_database = require("@tachybase/database");
+var import_constants = require("../../constants");
+var token_poilcy_config_default = (0, import_database.defineCollection)({
+  name: import_constants.tokenPolicyCollectionName,
+  autoGenId: false,
+  createdAt: true,
+  createdBy: true,
+  updatedAt: true,
+  updatedBy: true,
+  fields: [
+    {
+      name: "key",
+      type: "string",
+      primaryKey: true,
+      allowNull: false,
+      interface: "input"
+    },
+    {
+      type: "json",
+      name: "config",
+      allowNull: false,
+      defaultValue: {}
+    }
+  ]
+});

package/dist/server/collections/users-authenticators.js

@@ -36,7 +36,6 @@ var users_authenticators_default = (0, import_database.defineCollection)({
       name: "id",
       type: "bigInt",
       autoIncrement: true,
-      primaryKey: true,
       allowNull: false
     },
     /**
@@ -87,6 +86,16 @@ var users_authenticators_default = (0, import_database.defineCollection)({
       type: "json",
       name: "meta",
       defaultValue: {}
+    },
+    {
+      type: "bigInt",
+      name: "userId",
+      primaryKey: true
+    },
+    {
+      type: "string",
+      name: "authenticator",
+      primaryKey: true
     }
   ]
 });

package/dist/server/locale/en-US.d.ts

@@ -5,5 +5,6 @@ declare const _default: {
     'Not a valid cellphone number, please re-enter': string;
     'The phone number has been registered, please login directly': string;
     'The phone number is not registered, please register first': string;
+    'The username, email or password is incorrect, please re-enter': string;
 };
 export default _default;

package/dist/server/locale/en-US.js

@@ -26,5 +26,6 @@ var en_US_default = {
   "The password is incorrect, please re-enter": "The password is incorrect, please re-enter",
   "Not a valid cellphone number, please re-enter": "Not a valid cellphone number, please re-enter",
   "The phone number has been registered, please login directly": "The phone number has been registered, please login directly",
-  "The phone number is not registered, please register first": "The phone number is not registered, please register first"
+  "The phone number is not registered, please register first": "The phone number is not registered, please register first",
+  "The username, email or password is incorrect, please re-enter": "The username, email or password is incorrect, please re-enter"
 };

package/dist/server/locale/zh-CN.d.ts

@@ -7,5 +7,6 @@ declare const _default: {
     'Please keep and enable at least one authenticator': string;
     'Please enter your username or email': string;
     'Please enter a valid username': string;
+    'The username, email or password is incorrect, please re-enter': string;
 };
 export default _default;

package/dist/server/locale/zh-CN.js

@@ -28,5 +28,6 @@ var zh_CN_default = {
   "The phone number is not registered, please register first": "\u624B\u673A\u53F7\u672A\u6CE8\u518C\uFF0C\u8BF7\u5148\u6CE8\u518C",
   "Please keep and enable at least one authenticator": "\u8BF7\u81F3\u5C11\u4FDD\u7559\u5E76\u542F\u7528\u4E00\u4E2A\u8BA4\u8BC1\u5668",
   "Please enter your username or email": "\u8BF7\u8F93\u5165\u7528\u6237\u540D\u6216\u90AE\u7BB1",
-  "Please enter a valid username": "\u8BF7\u8F93\u5165\u6709\u6548\u7684\u7528\u6237\u540D"
+  "Please enter a valid username": "\u8BF7\u8F93\u5165\u6709\u6548\u7684\u7528\u6237\u540D",
+  "The username, email or password is incorrect, please re-enter": "\u7528\u6237\u540D\u90AE\u7BB1\u6216\u8005\u5BC6\u7801\u6709\u8BEF,\u8BF7\u91CD\u65B0\u8F93\u5165"
 };

package/dist/server/migrations/20250318163707-create-token-policy.d.ts

@@ -0,0 +1,6 @@
+import { Migration } from '@tachybase/server';
+export default class extends Migration {
+    on: string;
+    appVersion: string;
+    up(): Promise<void>;
+}

package/dist/server/migrations/20250318163707-create-token-policy.js

@@ -0,0 +1,52 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var create_token_policy_exports = {};
+__export(create_token_policy_exports, {
+  default: () => create_token_policy_default
+});
+module.exports = __toCommonJS(create_token_policy_exports);
+var import_server = require("@tachybase/server");
+var import_constants = require("../../constants");
+class create_token_policy_default extends import_server.Migration {
+  constructor() {
+    super(...arguments);
+    this.on = "afterLoad";
+    // 'beforeLoad' or 'afterLoad'
+    this.appVersion = "<0.23.65";
+  }
+  async up() {
+    const tokenPolicyRepo = this.app.db.getRepository(import_constants.tokenPolicyCollectionName);
+    const tokenPolicy = await tokenPolicyRepo.findOne({ filterByTk: import_constants.tokenPolicyRecordKey });
+    if (tokenPolicy) {
+      this.app.authManager.tokenController.setConfig(tokenPolicy.config);
+    } else {
+      const config = {
+        tokenExpirationTime: "1d",
+        sessionExpirationTime: "7d",
+        expiredTokenRenewLimit: "1d"
+      };
+      await tokenPolicyRepo.create({
+        values: {
+          key: import_constants.tokenPolicyRecordKey,
+          config
+        }
+      });
+      this.app.authManager.tokenController.setConfig(config);
+    }
+  }
+}

package/dist/server/plugin.js

@@ -31,8 +31,8 @@ __export(plugin_exports, {
   default: () => plugin_default
 });
 module.exports = __toCommonJS(plugin_exports);
-var import_path = require("path");
 var import_server = require("@tachybase/server");
+var import_constants = require("../constants");
 var import_preset = require("../preset");
 var import_auth = __toESM(require("./actions/auth"));
 var import_authenticators = __toESM(require("./actions/authenticators"));
@@ -41,8 +41,29 @@ var import_locale = require("./locale");
 var import_authenticator = require("./model/authenticator");
 var import_storer = require("./storer");
 var import_token_blacklist = require("./token-blacklist");
+var import_token_controller = require("./token-controller");
 class PluginAuthServer extends import_server.Plugin {
   afterAdd() {
+    this.app.on("afterLoad", async () => {
+      if (this.app.authManager.tokenController) {
+        return;
+      }
+      const cache = await this.app.cacheManager.createCache({
+        name: "auth-token-controller",
+        prefix: "auth-token-controller"
+      });
+      const tokenController = new import_token_controller.TokenController({ cache, app: this.app, logger: this.app.log });
+      this.app.authManager.setTokenControlService(tokenController);
+      const tokenPolicyRepo = this.app.db.getRepository(import_constants.tokenPolicyCollectionName);
+      try {
+        const res = await tokenPolicyRepo.findOne({ filterByTk: import_constants.tokenPolicyRecordKey });
+        if (res) {
+          this.app.authManager.tokenController.setConfig(res.config);
+        }
+      } catch (error) {
+        this.app.logger.warn("access control config not exist, use default value");
+      }
+    });
   }
   async beforeLoad() {
     this.app.i18n.addResources("zh-CN", import_preset.namespace, import_locale.zhCN);
@@ -50,14 +71,6 @@ class PluginAuthServer extends import_server.Plugin {
     this.app.db.registerModels({ AuthModel: import_authenticator.AuthModel });
   }
   async load() {
-    await this.importCollections((0, import_path.resolve)(__dirname, "collections"));
-    this.db.addMigrations({
-      namespace: "auth",
-      directory: (0, import_path.resolve)(__dirname, "migrations"),
-      context: {
-        plugin: this
-      }
-    });
     this.cache = await this.app.cacheManager.createCache({
       name: "auth",
       prefix: "auth",
@@ -75,7 +88,33 @@ class PluginAuthServer extends import_server.Plugin {
     }
     this.app.authManager.registerTypes(import_preset.presetAuthType, {
       auth: import_basic_auth.BasicAuth,
-      title: "Password"
+      title: "Password",
+      getPublicOptions: (options) => {
+        var _a;
+        const usersCollection = this.db.getCollection("users");
+        let signupForm = ((_a = options == null ? void 0 : options.public) == null ? void 0 : _a.signupForm) || [];
+        signupForm = signupForm.filter((item) => item.show);
+        if (!(signupForm.length && signupForm.some(
+          (item) => ["username", "email"].includes(item.field) && item.show && item.required
+        ))) {
+          signupForm.unshift({ field: "username", show: true, required: true });
+        }
+        signupForm = signupForm.filter((field) => field.show).map((item) => {
+          var _a2;
+          const field = usersCollection.getField(item.field);
+          return {
+            ...item,
+            uiSchema: {
+              ...(_a2 = field.options) == null ? void 0 : _a2.uiSchema,
+              required: item.required
+            }
+          };
+        });
+        return {
+          ...options == null ? void 0 : options.public,
+          signupForm
+        };
+      }
     });
     Object.entries(import_auth.default).forEach(
       ([action, handler]) => {
@@ -86,10 +125,9 @@ class PluginAuthServer extends import_server.Plugin {
     Object.entries(import_authenticators.default).forEach(
       ([action, handler]) => this.app.resourcer.registerAction(`authenticators:${action}`, handler)
     );
-    ["check", "signIn", "signUp"].forEach((action) => this.app.acl.allow("auth", action));
-    ["signOut", "changePassword"].forEach((action) => this.app.acl.allow("auth", action, "loggedIn"));
+    ["signIn", "signUp"].forEach((action) => this.app.acl.allow("auth", action));
+    ["check", "signOut", "changePassword"].forEach((action) => this.app.acl.allow("auth", action, "loggedIn"));
     this.app.acl.allow("authenticators", "publicList");
-    this.app.acl.allow("authenticators", "bindTypes", "loggedIn");
     this.app.acl.registerSnippet({
       name: `pm.${this.name}.authenticators`,
       actions: ["authenticators:*"]
@@ -102,24 +140,93 @@ class PluginAuthServer extends import_server.Plugin {
       const cache = this.app.cache;
       await cache.del(`auth:${user.id}`);
     });
+    this.app.on("cache:del:auth", async ({ userId }) => {
+      await this.cache.del(`auth:${userId}`);
+    });
+    this.app.on("ws:message:auth:token", async ({ clientId, payload }) => {
+      if (!payload || !payload.token || !payload.authenticator) {
+        this.app.emit(`ws:removeTag`, {
+          clientId,
+          tagKey: "userId"
+        });
+        return;
+      }
+      const auth = await this.app.authManager.get(payload.authenticator, {
+        getBearerToken: () => payload.token,
+        app: this.app,
+        db: this.app.db,
+        cache: this.app.cache,
+        logger: this.app.logger,
+        log: this.app.log,
+        throw: (...args) => {
+          throw new Error(...args);
+        },
+        t: this.app.i18n.t
+      });
+      let user;
+      try {
+        user = (await auth.checkToken()).user;
+      } catch (error) {
+        if (!user) {
+          this.app.logger.error(error);
+          this.app.emit(`ws:removeTag`, {
+            clientId,
+            tagKey: "userId"
+          });
+          return;
+        }
+      }
+      this.app.emit(`ws:setTag`, {
+        clientId,
+        tagKey: "userId",
+        tagValue: user.id
+      });
+      this.app.emit(`ws:authorized`, {
+        clientId,
+        userId: user.id
+      });
+    });
+    this.app.acl.registerSnippet({
+      name: `pm.security.token-policy`,
+      actions: [`${import_constants.tokenPolicyCollectionName}:*`]
+    });
+    this.app.db.on(`${import_constants.tokenPolicyCollectionName}.afterSave`, async (model) => {
+      var _a;
+      (_a = this.app.authManager.tokenController) == null ? void 0 : _a.setConfig(model.config);
+    });
   }
   async install(options) {
-    const repository = this.db.getRepository("authenticators");
-    const exist = await repository.findOne({ filter: { name: import_preset.presetAuthenticator } });
-    if (exist) {
+    const authRepository = this.db.getRepository("authenticators");
+    const exist = await authRepository.findOne({ filter: { name: import_preset.presetAuthenticator } });
+    if (!exist) {
+      await authRepository.create({
+        values: {
+          name: import_preset.presetAuthenticator,
+          authType: import_preset.presetAuthType,
+          description: "Sign in with username/email.",
+          enabled: true,
+          options: {
+            public: {
+              allowSignUp: true
+            }
+          }
+        }
+      });
+    }
+    const tokenPolicyRepo = this.app.db.getRepository(import_constants.tokenPolicyCollectionName);
+    const res = await tokenPolicyRepo.findOne({ filterByTk: import_constants.tokenPolicyRecordKey });
+    if (res) {
       return;
     }
-    await repository.create({
+    const config = {
+      tokenExpirationTime: "1d",
+      sessionExpirationTime: "7d",
+      expiredTokenRenewLimit: "1d"
+    };
+    await tokenPolicyRepo.create({
       values: {
-        name: import_preset.presetAuthenticator,
-        authType: import_preset.presetAuthType,
-        description: "Sign in with username/email.",
-        enabled: true,
-        options: {
-          public: {
-            allowSignUp: true
-          }
-        }
+        key: import_constants.tokenPolicyRecordKey,
+        config
       }
     });
   }

package/dist/server/token-controller.d.ts

@@ -0,0 +1,32 @@
+import { ITokenControlService, NumericTokenPolicyConfig, TokenInfo, TokenPolicyConfig } from '@tachybase/auth';
+import { Cache } from '@tachybase/cache';
+import Database from '@tachybase/database';
+import type { SystemLogger } from '@tachybase/logger';
+import Application from '@tachybase/server';
+type TokenControlService = ITokenControlService;
+export declare class TokenController implements TokenControlService {
+    cache: Cache;
+    app: Application;
+    db: Database;
+    logger: SystemLogger;
+    constructor({ cache, app, logger }: {
+        cache: Cache;
+        app: Application;
+        logger: SystemLogger;
+    });
+    setTokenInfo(id: string, value: TokenInfo): Promise<void>;
+    getConfig(): Promise<NumericTokenPolicyConfig>;
+    setConfig(config: TokenPolicyConfig): Promise<void>;
+    removeSessionExpiredTokens(userId: number): Promise<any>;
+    add({ userId }: {
+        userId: number;
+    }): Promise<{
+        jti: `${string}-${string}-${string}-${string}-${string}`;
+        issuedTime: number;
+        signInTime: number;
+        renewed: boolean;
+        userId: number;
+    }>;
+    renew: TokenControlService['renew'];
+}
+export {};

package/dist/server/token-controller.js

@@ -0,0 +1,139 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var token_controller_exports = {};
+__export(token_controller_exports, {
+  TokenController: () => TokenController
+});
+module.exports = __toCommonJS(token_controller_exports);
+var import_crypto = require("crypto");
+var import_auth = require("@tachybase/auth");
+var import_ms = __toESM(require("ms"));
+var import_constants = require("../constants");
+const JTICACHEKEY = "token-jti";
+class TokenController {
+  constructor({ cache, app, logger }) {
+    this.renew = async (jti) => {
+      const repo = this.app.db.getRepository(import_constants.issuedTokensCollectionName);
+      const model = this.app.db.getModel(import_constants.issuedTokensCollectionName);
+      const newId = (0, import_crypto.randomUUID)();
+      const issuedTime = Date.now();
+      const [count] = await model.update(
+        { jti: newId, issuedTime },
+        { where: { jti } }
+      );
+      if (count === 1) {
+        await this.cache.set(`jti-renewed-cahce:${jti}`, { jti: newId, issuedTime }, import_constants.RENEWED_JTI_CACHE_MS);
+        this.logger.info("jti renewed", { oldJti: jti, newJti: newId, issuedTime });
+        return { jti: newId, issuedTime };
+      } else {
+        const cachedJtiData = await this.cache.get(`jti-renewed-cahce:${jti}`);
+        if (cachedJtiData) {
+          return cachedJtiData;
+        }
+        this.logger.error("jti renew failed", {
+          module: "auth",
+          submodule: "token-controller",
+          method: "renew",
+          jti,
+          code: import_auth.AuthErrorCode.TOKEN_RENEW_FAILED
+        });
+        throw new import_auth.AuthError({
+          message: "Your session has expired. Please sign in again.",
+          code: import_auth.AuthErrorCode.TOKEN_RENEW_FAILED
+        });
+      }
+    };
+    this.cache = cache;
+    this.app = app;
+    this.logger = logger;
+  }
+  async setTokenInfo(id, value) {
+    const repo = this.app.db.getRepository(import_constants.issuedTokensCollectionName);
+    await repo.updateOrCreate({ filterKeys: ["id"], values: value });
+    return;
+  }
+  getConfig() {
+    return this.cache.wrap("config", async () => {
+      const repo = this.app.db.getRepository(import_constants.tokenPolicyCollectionName);
+      const configRecord = await repo.findOne({ filterByTk: import_constants.tokenPolicyRecordKey });
+      if (!configRecord) return null;
+      const config = configRecord.config;
+      return {
+        tokenExpirationTime: (0, import_ms.default)(config.tokenExpirationTime),
+        sessionExpirationTime: (0, import_ms.default)(config.sessionExpirationTime),
+        expiredTokenRenewLimit: (0, import_ms.default)(config.expiredTokenRenewLimit)
+      };
+    });
+  }
+  setConfig(config) {
+    return this.cache.set("config", {
+      tokenExpirationTime: (0, import_ms.default)(config.tokenExpirationTime),
+      sessionExpirationTime: (0, import_ms.default)(config.sessionExpirationTime),
+      expiredTokenRenewLimit: (0, import_ms.default)(config.expiredTokenRenewLimit)
+    });
+  }
+  async removeSessionExpiredTokens(userId) {
+    const config = await this.getConfig();
+    const issuedTokenRepo = this.app.db.getRepository(import_constants.issuedTokensCollectionName);
+    const currTS = Date.now();
+    return issuedTokenRepo.destroy({
+      filter: {
+        userId,
+        signInTime: {
+          $lt: currTS - config.sessionExpirationTime
+        }
+      }
+    });
+  }
+  async add({ userId }) {
+    const jti = (0, import_crypto.randomUUID)();
+    const currTS = Date.now();
+    const data = {
+      jti,
+      issuedTime: currTS,
+      signInTime: currTS,
+      renewed: false,
+      userId
+    };
+    await this.setTokenInfo(jti, data);
+    try {
+      if (process.env.DB_DIALECT === "sqlite") {
+        await this.removeSessionExpiredTokens(userId);
+      } else {
+        this.removeSessionExpiredTokens(userId);
+      }
+    } catch (err) {
+      this.logger.error(err, { module: "auth", submodule: "token-controller", method: "removeSessionExpiredTokens" });
+    }
+    return data;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  TokenController
+});

package/dist/types.d.ts

@@ -0,0 +1 @@
+export type { TokenPolicyConfig as TokenPolicyConfig } from '@tachybase/auth';

package/dist/types.js

@@ -0,0 +1,15 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var types_exports = {};
+module.exports = __toCommonJS(types_exports);

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "@tachybase/module-auth",
   "displayName": "Authentication",
-  "version": "0.23.58",
+  "version": "1.0.6",
   "description": "User authentication management, including password, SMS, and support for Single Sign-On (SSO) protocols, with extensibility.",
   "keywords": [
-    "Authentication"
+    "Authentication",
+    "Security"
   ],
   "main": "./dist/server/index.js",
   "dependencies": {},
@@ -12,20 +13,23 @@
     "@ant-design/icons": "~5.3.7",
     "antd": "5.22.5",
     "cron": "^3.3.1",
+    "lodash": "^4.17.21",
+    "ms": "^2.1.3",
     "react": "^18.3.1",
     "react-i18next": "^15.2.0",
     "react-router-dom": "6.28.1",
-    "@tachybase/schema": "0.23.58"
+    "@tachybase/schema": "1.0.6"
   },
   "peerDependencies": {
-    "@tachybase/actions": "0.23.58",
-    "@tachybase/auth": "0.23.58",
-    "@tachybase/cache": "0.23.58",
-    "@tachybase/client": "0.23.58",
-    "@tachybase/database": "0.23.58",
-    "@tachybase/server": "0.23.58",
-    "@tachybase/test": "0.23.58",
-    "@tachybase/utils": "0.23.58"
+    "@tachybase/actions": "1.0.6",
+    "@tachybase/auth": "1.0.6",
+    "@tachybase/client": "1.0.6",
+    "@tachybase/server": "1.0.6",
+    "@tachybase/cache": "1.0.6",
+    "@tachybase/logger": "1.0.6",
+    "@tachybase/database": "1.0.6",
+    "@tachybase/test": "1.0.6",
+    "@tachybase/utils": "1.0.6"
   },
   "description.zh-CN": "用户认证管理，包括基础的密码认证、短信认证、SSO 协议的认证等，可扩展。",
   "displayName.zh-CN": "用户认证",