@tachybase/module-auth 1.3.25 → 1.5.0

package/dist/client/interceptors.d.ts

@@ -2,4 +2,4 @@ import { Application } from '@tachybase/client';
 import type { AxiosResponse } from 'axios';
 export declare function authCheckMiddleware({ app }: {
     app: Application;
-}): ((res: AxiosResponse) => AxiosResponse<any, any>)[];
+}): ((res: AxiosResponse) => AxiosResponse<any, any, {}>)[];

package/dist/client/locale/index.d.ts

@@ -1,3 +1,3 @@
 export declare const NAMESPACE = "auth";
-export declare function useAuthTranslation(): import("react-i18next").UseTranslationResponse<[string, string], undefined>;
+export declare function useAuthTranslation(): import("react-i18next").UseTranslationResponse<readonly ["auth", "core"], undefined>;
 export declare const tval: (key: string) => string;

package/dist/externalVersion.js

@@ -1,14 +1,14 @@
 module.exports = {
   "react": "18.3.1",
-  "@tachybase/client": "1.3.25",
+  "@tachybase/client": "1.5.0",
   "react-router-dom": "6.28.1",
   "@tego/client": "1.3.52",
-  "axios": "1.7.7",
+  "axios": "1.13.0",
   "lodash": "4.17.21",
   "@tego/server": "1.3.52",
   "@tachybase/test": "1.3.52",
   "antd": "5.22.5",
   "@tachybase/schema": "1.3.52",
-  "react-i18next": "15.2.0",
+  "react-i18next": "16.2.1",
   "@ant-design/icons": "5.6.1"
 };

package/dist/locale/en-US.json

@@ -45,6 +45,9 @@
   "User can bind or unbind the sign in type": "User can bind or unbind the sign in type",
   "User not found. Please sign in again to continue.": "User not found. Please sign in again to continue.",
   "Username/Email": "Username/Email",
+  "Your account has been disabled, please contact administrator if you have any questions": "Your account has been disabled, please contact administrator if you have any questions",
+  "Your account has been locked due to multiple failed login attempts. Please try again later.": "Your account has been locked due to multiple failed login attempts. Please try again later.",
+  "Your account is under review, please wait for administrator approval": "Your account is under review, please wait for administrator approval",
   "Your session has expired. Please sign in again.": "Your session has expired. Please sign in again.",
   "gitea": "Gitea",
   "sms": "SMS",

package/dist/locale/ko_KR.json

@@ -22,5 +22,8 @@
   "The phone number has been registered, please login directly": "전화번호가 이미 등록되어 있습니다. 직접 로그인하세요.",
   "The phone number is not registered, please register first": "전화번호가 등록되어 있지 않습니다. 먼저 등록하세요.",
   "The username or email is incorrect, please re-enter": "사용자 이름 또는 이메일이 잘못되었습니다. 다시 입력하세요.",
-  "Username/Email": "사용자 이름/이메일"
+  "Username/Email": "사용자 이름/이메일",
+  "Your account has been disabled, please contact administrator if you have any questions": "Your account has been disabled, please contact administrator if you have any questions",
+  "Your account has been locked due to multiple failed login attempts. Please try again later.": "Your account has been locked due to multiple failed login attempts. Please try again later.",
+  "Your account is under review, please wait for administrator approval": "Your account is under review, please wait for administrator approval"
 }

package/dist/locale/zh-CN.json

@@ -45,6 +45,9 @@
   "User not found. Please sign in again to continue.": "用户不存在。请重新登录以继续。",
   "Username/Email": "用户名/邮箱",
   "WeChat": "微信",
+  "Your account has been disabled, please contact administrator if you have any questions": "您的账户已被停用，如有疑问请联系管理员",
+  "Your account has been locked due to multiple failed login attempts. Please try again later.": "您的账户因多次登录失败已被锁定，请稍后再试",
+  "Your account is under review, please wait for administrator approval": "您的账户正在审核中，请等待管理员审核通过",
   "Your session has expired. Please sign in again.": "您的会话已过期，请重新登录。",
   "gitea": "Gitea 验证登录",
   "sms": "短信验证",

package/dist/node_modules/cron/package.json

@@ -1 +1 @@
-{"name":"cron","description":"Cron jobs for your node","version":"3.3.1","author":"Nick Campbell <nicholas.j.campbell@gmail.com> (https://github.com/ncb000gt)","bugs":{"url":"https://github.com/kelektiv/node-cron/issues"},"repository":{"type":"git","url":"https://github.com/kelektiv/node-cron.git"},"main":"dist/index.js","types":"dist/index.d.ts","scripts":{"build":"tsc -b tsconfig.build.json","lint:eslint":"eslint src/ tests/","lint:prettier":"prettier ./**/*.{json,md,yml} --check","lint":"npm run lint:eslint && npm run lint:prettier","lint:fix":"npm run lint:eslint -- --fix && npm run lint:prettier -- --write","test":"jest --coverage","test:watch":"jest --watch --coverage","test:fuzz":"jest  --testMatch='**/*.fuzz.ts' --coverage=false --testTimeout=120000","prepare":"husky"},"dependencies":{"@types/luxon":"~3.4.0","luxon":"~3.5.0"},"devDependencies":{"@commitlint/cli":"19.6.0","@eslint/js":"^9.14.0","@fast-check/jest":"2.0.3","@insurgent/commitlint-config":"20.0.0","@insurgent/conventional-changelog-preset":"10.0.0","@semantic-release/changelog":"6.0.3","@semantic-release/commit-analyzer":"13.0.0","@semantic-release/git":"10.0.1","@semantic-release/github":"11.0.1","@semantic-release/npm":"12.0.1","@semantic-release/release-notes-generator":"14.0.1","@types/jest":"29.5.14","@types/node":"20.17.9","@types/sinon":"17.0.3","chai":"4.5.0","eslint":"8.57.1","eslint-config-prettier":"9.1.0","eslint-plugin-jest":"27.9.0","eslint-plugin-prettier":"5.2.1","husky":"9.1.7","jest":"29.7.0","lint-staged":"15.2.10","prettier":"3.3.3","semantic-release":"24.2.0","sinon":"17.0.2","ts-jest":"29.2.5","typescript":"5.7.2","typescript-eslint":"^7.2.0"},"keywords":["cron","node cron","node-cron","schedule","scheduler","cronjob","cron job"],"license":"MIT","contributors":["Brandon der Blätter <https://interlucid.com/contact/> (https://github.com/intcreator)","Pierre Cavin <me@sherlox.io> (https://github.com/sheerlox)","Romain Beauxis <toots@rastageeks.org> (https://github.com/toots)","James Padolsey <> (https://github.com/jamespadolsey)","Finn Herpich <fh@three-heads.de> (https://github.com/ErrorProne)","Clifton Cunningham <clifton.cunningham@gmail.com> (https://github.com/cliftonc)","Eric Abouaf <eric.abouaf@gmail.com> (https://github.com/neyric)","humanchimp <morphcham@gmail.com> (https://github.com/humanchimp)","Craig Condon <craig@spiceapps.com> (https://github.com/spiceapps)","Dan Bear <daniel@hulu.com> (https://github.com/danhbear)","Vadim Baryshev <vadimbaryshev@gmail.com> (https://github.com/baryshev)","Leandro Ferrari <lfthomaz@gmail.com> (https://github.com/lfthomaz)","Gregg Zigler <greggzigler@gmail.com> (https://github.com/greggzigler)","Jordan Abderrachid <jabderrachid@gmail.com> (https://github.com/jordanabderrachid)","Masakazu Matsushita <matsukaz@gmail.com> (matsukaz)","Christopher Lunt <me@kirisu.co.uk> (https://github.com/kirisu)"],"files":["dist/**/*.js","dist/**/*.d.ts","CHANGELOG.md","LICENSE","README.md"],"lint-staged":{"*.ts":"eslint src/ tests/ --fix","*.{json,md,yml}":"prettier ./**/*.{json,md,yml} --check --write"},"_lastModified":"2025-09-02T09:50:19.880Z"}
+{"name":"cron","description":"Cron jobs for your node","version":"3.3.1","author":"Nick Campbell <nicholas.j.campbell@gmail.com> (https://github.com/ncb000gt)","bugs":{"url":"https://github.com/kelektiv/node-cron/issues"},"repository":{"type":"git","url":"https://github.com/kelektiv/node-cron.git"},"main":"dist/index.js","types":"dist/index.d.ts","scripts":{"build":"tsc -b tsconfig.build.json","lint:eslint":"eslint src/ tests/","lint:prettier":"prettier ./**/*.{json,md,yml} --check","lint":"npm run lint:eslint && npm run lint:prettier","lint:fix":"npm run lint:eslint -- --fix && npm run lint:prettier -- --write","test":"jest --coverage","test:watch":"jest --watch --coverage","test:fuzz":"jest  --testMatch='**/*.fuzz.ts' --coverage=false --testTimeout=120000","prepare":"husky"},"dependencies":{"@types/luxon":"~3.4.0","luxon":"~3.5.0"},"devDependencies":{"@commitlint/cli":"19.6.0","@eslint/js":"^9.14.0","@fast-check/jest":"2.0.3","@insurgent/commitlint-config":"20.0.0","@insurgent/conventional-changelog-preset":"10.0.0","@semantic-release/changelog":"6.0.3","@semantic-release/commit-analyzer":"13.0.0","@semantic-release/git":"10.0.1","@semantic-release/github":"11.0.1","@semantic-release/npm":"12.0.1","@semantic-release/release-notes-generator":"14.0.1","@types/jest":"29.5.14","@types/node":"20.17.9","@types/sinon":"17.0.3","chai":"4.5.0","eslint":"8.57.1","eslint-config-prettier":"9.1.0","eslint-plugin-jest":"27.9.0","eslint-plugin-prettier":"5.2.1","husky":"9.1.7","jest":"29.7.0","lint-staged":"15.2.10","prettier":"3.3.3","semantic-release":"24.2.0","sinon":"17.0.2","ts-jest":"29.2.5","typescript":"5.7.2","typescript-eslint":"^7.2.0"},"keywords":["cron","node cron","node-cron","schedule","scheduler","cronjob","cron job"],"license":"MIT","contributors":["Brandon der Blätter <https://interlucid.com/contact/> (https://github.com/intcreator)","Pierre Cavin <me@sherlox.io> (https://github.com/sheerlox)","Romain Beauxis <toots@rastageeks.org> (https://github.com/toots)","James Padolsey <> (https://github.com/jamespadolsey)","Finn Herpich <fh@three-heads.de> (https://github.com/ErrorProne)","Clifton Cunningham <clifton.cunningham@gmail.com> (https://github.com/cliftonc)","Eric Abouaf <eric.abouaf@gmail.com> (https://github.com/neyric)","humanchimp <morphcham@gmail.com> (https://github.com/humanchimp)","Craig Condon <craig@spiceapps.com> (https://github.com/spiceapps)","Dan Bear <daniel@hulu.com> (https://github.com/danhbear)","Vadim Baryshev <vadimbaryshev@gmail.com> (https://github.com/baryshev)","Leandro Ferrari <lfthomaz@gmail.com> (https://github.com/lfthomaz)","Gregg Zigler <greggzigler@gmail.com> (https://github.com/greggzigler)","Jordan Abderrachid <jabderrachid@gmail.com> (https://github.com/jordanabderrachid)","Masakazu Matsushita <matsukaz@gmail.com> (matsukaz)","Christopher Lunt <me@kirisu.co.uk> (https://github.com/kirisu)"],"files":["dist/**/*.js","dist/**/*.d.ts","CHANGELOG.md","LICENSE","README.md"],"lint-staged":{"*.ts":"eslint src/ tests/ --fix","*.{json,md,yml}":"prettier ./**/*.{json,md,yml} --check --write"},"_lastModified":"2025-11-11T06:38:16.568Z"}

package/dist/node_modules/ms/package.json

@@ -1 +1 @@
-{"name":"ms","version":"2.1.3","description":"Tiny millisecond conversion utility","repository":"vercel/ms","main":"./index","files":["index.js"],"scripts":{"precommit":"lint-staged","lint":"eslint lib/* bin/*","test":"mocha tests.js"},"eslintConfig":{"extends":"eslint:recommended","env":{"node":true,"es6":true}},"lint-staged":{"*.js":["npm run lint","prettier --single-quote --write","git add"]},"license":"MIT","devDependencies":{"eslint":"4.18.2","expect.js":"0.3.1","husky":"0.14.3","lint-staged":"5.0.0","mocha":"4.0.1","prettier":"2.0.5"},"_lastModified":"2025-09-02T09:50:19.983Z"}
+{"name":"ms","version":"2.1.3","description":"Tiny millisecond conversion utility","repository":"vercel/ms","main":"./index","files":["index.js"],"scripts":{"precommit":"lint-staged","lint":"eslint lib/* bin/*","test":"mocha tests.js"},"eslintConfig":{"extends":"eslint:recommended","env":{"node":true,"es6":true}},"lint-staged":{"*.js":["npm run lint","prettier --single-quote --write","git add"]},"license":"MIT","devDependencies":{"eslint":"4.18.2","expect.js":"0.3.1","husky":"0.14.3","lint-staged":"5.0.0","mocha":"4.0.1","prettier":"2.0.5"},"_lastModified":"2025-11-11T06:38:16.668Z"}

package/dist/server/collections/issued-tokens.js

@@ -23,6 +23,9 @@ module.exports = __toCommonJS(issued_tokens_exports);
 var import_server = require("@tego/server");
 var import_constants = require("../../constants");
 var issued_tokens_default = (0, import_server.defineCollection)({
+  dumpRules: {
+    group: "required"
+  },
   name: import_constants.issuedTokensCollectionName,
   autoGenId: false,
   createdAt: true,

package/dist/server/collections/token-blacklist.js

@@ -23,7 +23,7 @@ module.exports = __toCommonJS(token_blacklist_exports);
 var import_server = require("@tego/server");
 var token_blacklist_default = (0, import_server.defineCollection)({
   dumpRules: {
-    group: "log"
+    group: "user"
   },
   shared: true,
   name: "tokenBlacklist",

package/dist/server/collections/token-poilcy-config.js

@@ -23,6 +23,9 @@ module.exports = __toCommonJS(token_poilcy_config_exports);
 var import_server = require("@tego/server");
 var import_constants = require("../../constants");
 var token_poilcy_config_default = (0, import_server.defineCollection)({
+  dumpRules: {
+    group: "required"
+  },
   name: import_constants.tokenPolicyCollectionName,
   autoGenId: false,
   createdAt: true,

package/dist/server/locale/en-US.d.ts

@@ -6,5 +6,13 @@ declare const _default: {
     'The phone number has been registered, please login directly': string;
     'The phone number is not registered, please register first': string;
     'The username, email or password is incorrect, please re-enter': string;
+    'Invalid status': string;
+    'User status is invalid, please contact administrator': string;
+    'User status does not allow login': string;
+    'Your account is under review, please wait for administrator approval': string;
+    'Your account has been disabled, please contact administrator if you have any questions': string;
+    'Unknown status': string;
+    'System error, please contact administrator': string;
+    'Your account status has changed. Please sign in again.': string;
 };
 export default _default;

package/dist/server/locale/en-US.js

@@ -27,5 +27,13 @@ var en_US_default = {
   "Not a valid cellphone number, please re-enter": "Not a valid cellphone number, please re-enter",
   "The phone number has been registered, please login directly": "The phone number has been registered, please login directly",
   "The phone number is not registered, please register first": "The phone number is not registered, please register first",
-  "The username, email or password is incorrect, please re-enter": "The username, email or password is incorrect, please re-enter"
+  "The username, email or password is incorrect, please re-enter": "The username, email or password is incorrect, please re-enter",
+  "Invalid status": "Invalid status",
+  "User status is invalid, please contact administrator": "User status is invalid, please contact administrator",
+  "User status does not allow login": "User status does not allow login",
+  "Your account is under review, please wait for administrator approval": "Your account is under review, please wait for administrator approval",
+  "Your account has been disabled, please contact administrator if you have any questions": "Your account has been disabled, please contact administrator if you have any questions",
+  "Unknown status": "Unknown status",
+  "System error, please contact administrator": "System error, please contact administrator",
+  "Your account status has changed. Please sign in again.": "Your account status has changed. Please sign in again."
 };

package/dist/server/locale/zh-CN.d.ts

@@ -8,5 +8,13 @@ declare const _default: {
     'Please enter your username or email': string;
     'Please enter a valid username': string;
     'The username, email or password is incorrect, please re-enter': string;
+    'Invalid status': string;
+    'User status is invalid, please contact administrator': string;
+    'User status does not allow login': string;
+    'Your account is under review, please wait for administrator approval': string;
+    'Your account has been disabled, please contact administrator if you have any questions': string;
+    'Unknown status': string;
+    'System error, please contact administrator': string;
+    'Your account status has changed. Please sign in again.': string;
 };
 export default _default;

package/dist/server/locale/zh-CN.js

@@ -29,5 +29,13 @@ var zh_CN_default = {
   "Please keep and enable at least one authenticator": "\u8BF7\u81F3\u5C11\u4FDD\u7559\u5E76\u542F\u7528\u4E00\u4E2A\u8BA4\u8BC1\u5668",
   "Please enter your username or email": "\u8BF7\u8F93\u5165\u7528\u6237\u540D\u6216\u90AE\u7BB1",
   "Please enter a valid username": "\u8BF7\u8F93\u5165\u6709\u6548\u7684\u7528\u6237\u540D",
-  "The username, email or password is incorrect, please re-enter": "\u7528\u6237\u540D\u90AE\u7BB1\u6216\u8005\u5BC6\u7801\u6709\u8BEF,\u8BF7\u91CD\u65B0\u8F93\u5165"
+  "The username, email or password is incorrect, please re-enter": "\u7528\u6237\u540D\u90AE\u7BB1\u6216\u8005\u5BC6\u7801\u6709\u8BEF,\u8BF7\u91CD\u65B0\u8F93\u5165",
+  "Invalid status": "\u72B6\u6001\u5F02\u5E38",
+  "User status is invalid, please contact administrator": "\u7528\u6237\u72B6\u6001\u5F02\u5E38\uFF0C\u8BF7\u8054\u7CFB\u7BA1\u7406\u5458",
+  "User status does not allow login": "\u7528\u6237\u72B6\u6001\u4E0D\u5141\u8BB8\u767B\u5F55",
+  "Your account is under review, please wait for administrator approval": "\u60A8\u7684\u8D26\u53F7\u6B63\u5728\u5BA1\u6838\u4E2D\uFF0C\u8BF7\u7B49\u5F85\u7BA1\u7406\u5458\u6279\u51C6",
+  "Your account has been disabled, please contact administrator if you have any questions": "\u60A8\u7684\u8D26\u53F7\u5DF2\u88AB\u7981\u7528\uFF0C\u5982\u6709\u7591\u95EE\u8BF7\u8054\u7CFB\u7BA1\u7406\u5458",
+  "Unknown status": "\u672A\u77E5\u72B6\u6001",
+  "System error, please contact administrator": "\u7CFB\u7EDF\u9519\u8BEF\uFF0C\u8BF7\u8054\u7CFB\u7BA1\u7406\u5458",
+  "Your account status has changed. Please sign in again.": "\u60A8\u7684\u8D26\u53F7\u72B6\u6001\u5DF2\u53D8\u66F4\uFF0C\u8BF7\u91CD\u65B0\u767B\u5F55"
 };

package/dist/server/plugin.d.ts

@@ -1,6 +1,8 @@
 import { Cache, InstallOptions, Plugin } from '@tego/server';
+import { UserStatusService } from './user-status';
 export declare class PluginAuthServer extends Plugin {
     cache: Cache;
+    userStatusService: UserStatusService;
     afterAdd(): void;
     beforeLoad(): Promise<void>;
     load(): Promise<void>;

package/dist/server/plugin.js

@@ -42,6 +42,7 @@ var import_authenticator = require("./model/authenticator");
 var import_storer = require("./storer");
 var import_token_blacklist = require("./token-blacklist");
 var import_token_controller = require("./token-controller");
+var import_user_status = require("./user-status");
 class PluginAuthServer extends import_server.Plugin {
   afterAdd() {
     this.app.on("afterLoad", async () => {
@@ -71,6 +72,10 @@ class PluginAuthServer extends import_server.Plugin {
     this.app.db.registerModels({ AuthModel: import_authenticator.AuthModel });
   }
   async load() {
+    this.userStatusService = new import_user_status.UserStatusService(this.app);
+    this.app.userStatusService = this.userStatusService;
+    this.userStatusService.injectLoginCheck();
+    this.userStatusService.registerStatusChangeInterceptor();
     this.cache = await this.app.cacheManager.createCache({
       name: "auth",
       prefix: "auth",

package/dist/server/user-status.d.ts

@@ -0,0 +1,106 @@
+import { Application } from '@tego/server';
+/**
+ * 用户状态检查结果
+ */
+export interface UserStatusCheckResult {
+    allowed: boolean;
+    status: string;
+    statusInfo?: {
+        title: string;
+        color: string;
+        allowLogin: boolean;
+        loginErrorMessage?: string;
+    };
+    errorMessage?: string;
+    isExpired?: boolean;
+}
+/**
+ * 修改用户状态的选项
+ */
+export interface ChangeUserStatusOptions {
+    expireAt?: Date;
+    reason?: string;
+    operationType: 'manual' | 'auto' | 'system';
+    operatorId?: number;
+}
+/**
+ * 状态注册配置
+ */
+export interface StatusConfig {
+    key: string;
+    title: string;
+    color?: string;
+    allowLogin: boolean;
+    loginErrorMessage?: string;
+    packageName: string;
+    description?: string;
+    sort?: number;
+    config?: Record<string, any>;
+}
+declare module '@tego/server' {
+    interface BaseAuth {
+        checkUserStatusInContext?(userId: number): Promise<UserStatusCheckResult>;
+    }
+}
+/**
+ * 用户状态管理服务
+ * 负责用户状态的检查、变更、恢复等核心业务逻辑
+ */
+export declare class UserStatusService {
+    private db;
+    private app;
+    private cache;
+    private logger;
+    constructor(app: Application);
+    /**
+     * 获取用户状态缓存键
+     */
+    private getUserStatusCacheKey;
+    /**
+     * 从缓存获取用户状态
+     */
+    private getUserStatusFromCache;
+    /**
+     * 设置用户状态缓存
+     */
+    private setUserStatusCache;
+    /**
+     * 清除用户状态缓存
+     */
+    private clearUserStatusCache;
+    /**
+     * 检查用户状态是否允许登录
+     * @param userId 用户ID
+     * @returns 检查结果
+     */
+    checkUserStatus(userId: number): Promise<UserStatusCheckResult>;
+    /**
+     * 记录状态变更历史（如果不存在相同记录）
+     * @param params 状态变更参数
+     */
+    private recordStatusHistoryIfNotExists;
+    /**
+     * 恢复过期的用户状态
+     * @param userId 用户ID
+     */
+    restoreUserStatus(userId: number): Promise<void>;
+    /**
+     * 注册新的用户状态(供插件使用)
+     * @param config 状态配置
+     */
+    registerStatus(config: StatusConfig): Promise<void>;
+    /**
+     * 获取每个状态的用户数量统计
+     */
+    getStatusStatistics(): Promise<Record<string, number>>;
+    /**
+     * 注入登录检查
+     */
+    injectLoginCheck(): void;
+    /**
+     * 注册用户状态变更拦截器
+     * 拦截 users:update 请求,自动记录状态变更历史
+     */
+    registerStatusChangeInterceptor(): void;
+}
+export default UserStatusService;

package/dist/server/user-status.js

@@ -0,0 +1,654 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var user_status_exports = {};
+__export(user_status_exports, {
+  UserStatusService: () => UserStatusService,
+  default: () => user_status_default
+});
+module.exports = __toCommonJS(user_status_exports);
+var import_server = require("@tego/server");
+var import_preset = require("../preset");
+class UserStatusService {
+  constructor(app) {
+    this.app = app;
+    this.db = app.db;
+    this.cache = app.cache;
+    this.logger = app.logger;
+  }
+  /**
+   * 获取用户状态缓存键
+   */
+  getUserStatusCacheKey(userId) {
+    return `userStatus:${userId}`;
+  }
+  /**
+   * 从缓存获取用户状态
+   */
+  async getUserStatusFromCache(userId) {
+    try {
+      const cacheKey = this.getUserStatusCacheKey(userId);
+      const cached = await this.cache.get(cacheKey);
+      return cached ? JSON.parse(cached) : null;
+    } catch (error) {
+      this.logger.error("Error getting user status from cache:", error);
+      return null;
+    }
+  }
+  /**
+   * 设置用户状态缓存
+   */
+  async setUserStatusCache(userId, data) {
+    try {
+      const cacheKey = this.getUserStatusCacheKey(userId);
+      await this.cache.set(cacheKey, JSON.stringify(data), 300 * 1e3);
+    } catch (error) {
+      this.logger.error("Error setting user status cache:", error);
+    }
+  }
+  /**
+   * 清除用户状态缓存
+   */
+  async clearUserStatusCache(userId) {
+    try {
+      const cacheKey = this.getUserStatusCacheKey(userId);
+      await this.cache.del(cacheKey);
+    } catch (error) {
+      this.logger.error("Error clearing user status cache:", error);
+    }
+  }
+  /**
+   * 检查用户状态是否允许登录
+   * @param userId 用户ID
+   * @returns 检查结果
+   */
+  async checkUserStatus(userId) {
+    try {
+      let cached = await this.getUserStatusFromCache(userId);
+      if (!cached) {
+        const userRepo = this.db.getRepository("users");
+        const user = await userRepo.findOne({
+          filterByTk: userId,
+          fields: ["id", "status", "statusExpireAt", "previousStatus"]
+        });
+        if (!user) {
+          return {
+            allowed: false,
+            status: "unknown",
+            errorMessage: this.app.i18n.t("User not found")
+          };
+        }
+        cached = {
+          userId: user.id,
+          status: user.status || "active",
+          expireAt: user.statusExpireAt,
+          previousStatus: user.previousStatus,
+          lastChecked: /* @__PURE__ */ new Date()
+        };
+        await this.setUserStatusCache(userId, cached);
+      }
+      if (cached.expireAt && new Date(cached.expireAt) <= /* @__PURE__ */ new Date()) {
+        await this.restoreUserStatus(userId);
+        const userRepo = this.db.getRepository("users");
+        const user = await userRepo.findOne({
+          filterByTk: userId,
+          fields: ["status"]
+        });
+        cached.status = user.status || "active";
+        cached.expireAt = null;
+        cached.previousStatus = null;
+        await this.setUserStatusCache(userId, cached);
+      }
+      const statusRepo = this.db.getRepository("userStatuses");
+      const statusInfo = await statusRepo.findOne({
+        filterByTk: cached.status
+      });
+      if (!statusInfo) {
+        this.logger.warn(`Status definition not found: ${cached.status}`);
+        return {
+          allowed: false,
+          status: cached.status,
+          statusInfo: {
+            title: this.app.i18n.t("Invalid status", { ns: import_preset.namespace }),
+            color: "red",
+            allowLogin: false,
+            loginErrorMessage: this.app.i18n.t("User status is invalid, please contact administrator", {
+              ns: import_preset.namespace
+            })
+          },
+          errorMessage: this.app.i18n.t("User status is invalid, please contact administrator", { ns: import_preset.namespace })
+        };
+      }
+      const translateMessage = (message) => {
+        if (!message) return "";
+        const match = message.match(/\{\{t\("([^"]+)"\)\}\}/);
+        if (match && match[1]) {
+          return this.app.i18n.t(match[1], { ns: import_preset.namespace });
+        }
+        return message;
+      };
+      const translatedTitle = translateMessage(statusInfo.title);
+      const translatedLoginErrorMessage = translateMessage(statusInfo.loginErrorMessage);
+      return {
+        allowed: statusInfo.allowLogin,
+        status: cached.status,
+        statusInfo: {
+          title: translatedTitle,
+          color: statusInfo.color,
+          allowLogin: statusInfo.allowLogin,
+          loginErrorMessage: translatedLoginErrorMessage
+        },
+        errorMessage: !statusInfo.allowLogin ? translatedLoginErrorMessage || this.app.i18n.t("User status does not allow login", { ns: import_preset.namespace }) : void 0
+      };
+    } catch (error) {
+      this.logger.error(`Error checking user status for userId=${userId}: ${error}`);
+      return {
+        allowed: false,
+        status: "unknown",
+        statusInfo: {
+          title: this.app.i18n.t("Unknown status", { ns: import_preset.namespace }),
+          color: "red",
+          allowLogin: false,
+          loginErrorMessage: this.app.i18n.t("System error, please contact administrator", { ns: import_preset.namespace })
+        },
+        errorMessage: this.app.i18n.t("System error, please contact administrator", { ns: import_preset.namespace })
+      };
+    }
+  }
+  /**
+   * 记录状态变更历史（如果不存在相同记录）
+   * @param params 状态变更参数
+   */
+  async recordStatusHistoryIfNotExists(params) {
+    const { userId, fromStatus, toStatus, reason, expireAt, operationType, createdBy, transaction } = params;
+    try {
+      const historyRepo = this.db.getRepository("userStatusHistories");
+      const fiveSecondsAgo = new Date(Date.now() - 5e3);
+      const existing = await historyRepo.findOne({
+        filter: {
+          userId,
+          fromStatus,
+          toStatus,
+          createdAt: {
+            $gte: fiveSecondsAgo
+          }
+        },
+        sort: ["-createdAt"],
+        transaction
+      });
+      if (existing) {
+        this.logger.warn(
+          `Skipping duplicate history record: userId=${userId}, ${fromStatus} \u2192 ${toStatus}, operationType=${operationType}`
+        );
+        return;
+      }
+      await historyRepo.create({
+        values: {
+          userId,
+          fromStatus,
+          toStatus,
+          reason,
+          expireAt,
+          operationType,
+          createdBy
+        },
+        transaction
+      });
+      this.logger.debug(
+        `History recorded: userId=${userId}, ${fromStatus} \u2192 ${toStatus}, operationType=${operationType}`
+      );
+      await this.clearUserStatusCache(userId);
+      this.logger.debug(`Cache cleared for userId=${userId}`);
+    } catch (error) {
+      this.logger.error("Failed to record status history:", error);
+      throw error;
+    }
+  }
+  /**
+   * 恢复过期的用户状态
+   * @param userId 用户ID
+   */
+  async restoreUserStatus(userId) {
+    try {
+      const userRepo = this.db.getRepository("users");
+      const user = await userRepo.findOne({
+        filterByTk: userId,
+        fields: ["id", "status", "statusExpireAt", "previousStatus"]
+      });
+      if (!user) {
+        throw new Error(this.app.i18n.t("User not found"));
+      }
+      if (!user.statusExpireAt || new Date(user.statusExpireAt) > /* @__PURE__ */ new Date()) {
+        return;
+      }
+      const oldStatus = user.status;
+      const restoreToStatus = user.previousStatus || "active";
+      await this.db.sequelize.transaction(async (transaction) => {
+        await this.recordStatusHistoryIfNotExists({
+          userId,
+          fromStatus: oldStatus,
+          toStatus: restoreToStatus,
+          reason: this.app.i18n.t("Status expired, auto restored"),
+          operationType: "auto",
+          createdBy: null,
+          expireAt: null,
+          transaction
+        });
+        await userRepo.update({
+          filterByTk: userId,
+          values: {
+            status: restoreToStatus,
+            statusExpireAt: null,
+            previousStatus: null,
+            statusReason: this.app.i18n.t("Status expired, auto restored")
+          },
+          transaction
+        });
+      });
+      this.app.emitAsync("user:statusRestored", {
+        userId,
+        fromStatus: oldStatus,
+        toStatus: restoreToStatus
+      });
+      this.logger.info(`User status auto restored: userId=${userId}, ${oldStatus} \u2192 ${restoreToStatus}`);
+    } catch (error) {
+      this.logger.error("Error restoring user status:", error);
+      throw error;
+    }
+  }
+  /**
+   * 注册新的用户状态(供插件使用)
+   * @param config 状态配置
+   */
+  async registerStatus(config) {
+    try {
+      const statusRepo = this.db.getRepository("userStatuses");
+      const existing = await statusRepo.findOne({
+        filterByTk: config.key
+      });
+      if (existing) {
+        if (existing.packageName === config.packageName) {
+          await statusRepo.update({
+            filterByTk: config.key,
+            values: {
+              title: config.title,
+              color: config.color || "default",
+              allowLogin: config.allowLogin,
+              loginErrorMessage: config.loginErrorMessage || null,
+              description: config.description || null,
+              sort: config.sort || 0,
+              config: config.config || {}
+            }
+          });
+          this.logger.info(`Updated status: ${config.key} by ${config.packageName}`);
+        } else {
+          this.logger.warn(`Status ${config.key} already registered by ${existing.packageName}, skipping`);
+        }
+        return;
+      }
+      await statusRepo.create({
+        values: {
+          key: config.key,
+          title: config.title,
+          color: config.color || "default",
+          allowLogin: config.allowLogin,
+          loginErrorMessage: config.loginErrorMessage || null,
+          isSystemDefined: false,
+          // 插件注册的状态不是系统内置
+          packageName: config.packageName,
+          description: config.description || null,
+          sort: config.sort || 0,
+          config: config.config || {}
+        }
+      });
+      this.logger.info(`Registered new status: ${config.key} by ${config.packageName}`);
+    } catch (error) {
+      this.logger.error("Error registering status:", error);
+      throw error;
+    }
+  }
+  /**
+   * 获取每个状态的用户数量统计
+   */
+  async getStatusStatistics() {
+    try {
+      const userRepo = this.db.getRepository("users");
+      const result = await userRepo.find({
+        attributes: ["status", [this.db.sequelize.fn("COUNT", "id"), "count"]],
+        group: ["status"],
+        raw: true
+      });
+      const statistics = {};
+      for (const row of result) {
+        statistics[row.status] = parseInt(row.count, 10);
+      }
+      return statistics;
+    } catch (error) {
+      this.logger.error("Error getting status statistics:", error);
+      return {};
+    }
+  }
+  /**
+   * 注入登录检查
+   */
+  injectLoginCheck() {
+    const userStatusService = this;
+    import_server.BaseAuth.prototype.signNewToken = async function(userId, options) {
+      const user = await this.userRepository.findOne({
+        filter: { id: userId },
+        fields: ["id", "status"]
+      });
+      const userStatus = (user == null ? void 0 : user.status) || "active";
+      const tokenInfo = await this.tokenController.add({ userId });
+      const expiresIn = Math.floor((await this.tokenController.getConfig()).tokenExpirationTime / 1e3);
+      const token = this.jwt.sign(
+        {
+          userId,
+          userStatus,
+          // 将用户状态写入 JWT payload
+          temp: true,
+          iat: Math.floor(tokenInfo.issuedTime / 1e3),
+          signInTime: tokenInfo.signInTime
+        },
+        {
+          jwtid: tokenInfo.jti,
+          expiresIn
+        }
+      );
+      userStatusService.logger.debug(`[signNewToken] userId=${userId}, userStatus=${userStatus}, jti=${tokenInfo.jti}`);
+      return token;
+    };
+    import_server.BaseAuth.prototype.signIn = async function() {
+      let user;
+      try {
+        user = await this.validate();
+      } catch (err) {
+        this.ctx.throw(err.status || 401, err.message, {
+          ...err
+        });
+      }
+      if (!user) {
+        this.ctx.throw(401, {
+          message: this.ctx.t("User not found. Please sign in again to continue.", { ns: import_preset.namespace }),
+          code: import_server.AuthErrorCode.NOT_EXIST_USER
+        });
+      }
+      const statusCheckResult = await userStatusService.checkUserStatus(user.id);
+      if (!statusCheckResult.allowed) {
+        this.ctx.throw(403, {
+          message: this.ctx.t(statusCheckResult.statusInfo.loginErrorMessage, { ns: import_preset.namespace }),
+          code: import_server.AuthErrorCode.INVALID_TOKEN
+        });
+      }
+      const token = await this.signNewToken(user.id);
+      return {
+        user,
+        token
+      };
+    };
+    const originalCheck = import_server.BaseAuth.prototype.check;
+    import_server.BaseAuth.prototype.check = async function() {
+      const user = await originalCheck.call(this);
+      if (!user) {
+        return null;
+      }
+      const token = this.ctx.getBearerToken();
+      if (!token) {
+        return user;
+      }
+      try {
+        const decoded = await this.jwt.decode(token);
+        const tokenUserStatus = decoded.userStatus;
+        const currentUserStatus = user.status || "active";
+        if (!tokenUserStatus) {
+          userStatusService.logger.warn(`[check] Token missing userStatus, userId=${user.id}, forcing re-login`);
+          this.ctx.throw(401, {
+            message: this.ctx.t("Your account status has changed. Please sign in again.", { ns: import_preset.namespace }),
+            code: import_server.AuthErrorCode.INVALID_TOKEN
+          });
+        }
+        if (tokenUserStatus !== currentUserStatus) {
+          userStatusService.logger.warn(
+            `[check] Status mismatch, userId=${user.id}, token=${tokenUserStatus}, current=${currentUserStatus}`
+          );
+          this.ctx.throw(401, {
+            message: this.ctx.t("Your account status has changed. Please sign in again.", { ns: import_preset.namespace }),
+            code: import_server.AuthErrorCode.INVALID_TOKEN
+          });
+        }
+        const statusCheckResult = await this.checkUserStatusInContext(user.id);
+        if (!statusCheckResult.allowed) {
+          userStatusService.logger.warn(`[check] Status not allowed, userId=${user.id}, status=${currentUserStatus}`);
+          this.ctx.throw(403, {
+            message: this.ctx.t(statusCheckResult.statusInfo.loginErrorMessage, { ns: import_preset.namespace }),
+            code: import_server.AuthErrorCode.INVALID_TOKEN
+          });
+        }
+        userStatusService.logger.debug(`[check] Passed, userId=${user.id}, status=${currentUserStatus}`);
+      } catch (err) {
+        if (err.status) {
+          throw err;
+        }
+        userStatusService.logger.error("[check] Token validation error:", err);
+        throw err;
+      }
+      return user;
+    };
+    import_server.BaseAuth.prototype.checkUserStatusInContext = async function(userId) {
+      try {
+        if (!userStatusService) {
+          throw new Error("userStatusService is undefined");
+        }
+        if (!userStatusService.app) {
+          throw new Error("userStatusService.app is undefined");
+        }
+        if (!userStatusService.app.db) {
+          throw new Error("userStatusService.app.db is undefined");
+        }
+        if (!userStatusService.app.cache) {
+          throw new Error("userStatusService.app.cache is undefined");
+        }
+        const contextDb = userStatusService.app.db;
+        const contextCache = userStatusService.app.cache;
+        let cached = null;
+        try {
+          const cacheKey = `userStatus:${userId}`;
+          const cachedData = await contextCache.get(cacheKey);
+          cached = cachedData ? JSON.parse(cachedData) : null;
+        } catch (error) {
+          userStatusService.logger.error("Error getting user status from cache:", error);
+          cached = null;
+        }
+        if (!cached) {
+          const userRepo = contextDb.getRepository("users");
+          const user = await userRepo.findOne({
+            filterByTk: userId,
+            fields: ["id", "status", "statusExpireAt", "previousStatus"]
+          });
+          if (!user) {
+            return {
+              allowed: false,
+              status: "unknown",
+              errorMessage: userStatusService.app.i18n.t("User not found")
+            };
+          }
+          cached = {
+            userId: user.id,
+            status: user.status || "active",
+            expireAt: user.statusExpireAt,
+            previousStatus: user.previousStatus,
+            lastChecked: /* @__PURE__ */ new Date()
+          };
+          try {
+            const cacheKey = `userStatus:${userId}`;
+            await contextCache.set(cacheKey, JSON.stringify(cached), 300 * 1e3);
+          } catch (error) {
+            userStatusService.logger.error("Error setting user status cache:", error);
+          }
+        }
+        if (cached.expireAt && new Date(cached.expireAt) <= /* @__PURE__ */ new Date()) {
+          const userRepo = contextDb.getRepository("users");
+          const user = await userRepo.findOne({
+            filterByTk: userId,
+            fields: ["id", "status", "statusExpireAt", "previousStatus"]
+          });
+          if (!user) {
+            return {
+              allowed: false,
+              status: "unknown",
+              errorMessage: userStatusService.app.i18n.t("User not found")
+            };
+          }
+          if (!user.statusExpireAt || new Date(user.statusExpireAt) > /* @__PURE__ */ new Date()) {
+            return userStatusService.checkUserStatus(userId);
+          }
+          await userStatusService.restoreUserStatus(userId);
+          const restoredUser = await userRepo.findOne({
+            filterByTk: userId,
+            fields: ["status"]
+          });
+          cached.status = restoredUser.status || "active";
+          cached.expireAt = null;
+          cached.previousStatus = null;
+          try {
+            const cacheKey = `userStatus:${userId}`;
+            await contextCache.set(cacheKey, JSON.stringify(cached), 300 * 1e3);
+          } catch (error) {
+            userStatusService.logger.error("Error setting user status cache:", error);
+          }
+        }
+        const statusRepo = contextDb.getRepository("userStatuses");
+        const statusInfo = await statusRepo.findOne({
+          filterByTk: cached.status
+        });
+        if (!statusInfo) {
+          userStatusService.logger.warn(`Status definition not found: ${cached.status}`);
+          return {
+            allowed: false,
+            status: cached.status,
+            statusInfo: {
+              title: userStatusService.app.i18n.t("Invalid status", { ns: import_preset.namespace }),
+              color: "red",
+              allowLogin: false,
+              loginErrorMessage: userStatusService.app.i18n.t("User status is invalid, please contact administrator", {
+                ns: import_preset.namespace
+              })
+            },
+            errorMessage: userStatusService.app.i18n.t("User status is invalid, please contact administrator", {
+              ns: import_preset.namespace
+            })
+          };
+        }
+        const translateMessage = (message) => {
+          if (!message) return "";
+          const match = message.match(/\{\{t\("([^"]+)"\)\}\}/);
+          if (match && match[1]) {
+            return userStatusService.app.i18n.t(match[1], { ns: import_preset.namespace });
+          }
+          return message;
+        };
+        const translatedTitle = translateMessage(statusInfo.title);
+        const translatedLoginErrorMessage = translateMessage(statusInfo.loginErrorMessage);
+        return {
+          allowed: statusInfo.allowLogin,
+          status: cached.status,
+          statusInfo: {
+            title: translatedTitle,
+            color: statusInfo.color,
+            allowLogin: statusInfo.allowLogin,
+            loginErrorMessage: translatedLoginErrorMessage
+          },
+          errorMessage: !statusInfo.allowLogin ? translatedLoginErrorMessage || userStatusService.app.i18n.t("User status does not allow login", { ns: import_preset.namespace }) : void 0
+        };
+      } catch (error) {
+        userStatusService.logger.error(`Error checking user status for userId=${userId}: ${error}`);
+        return {
+          allowed: false,
+          status: "unknown",
+          statusInfo: {
+            title: userStatusService.app.i18n.t("Unknown status", { ns: import_preset.namespace }),
+            color: "red",
+            allowLogin: false,
+            loginErrorMessage: userStatusService.app.i18n.t("System error, please contact administrator", {
+              ns: import_preset.namespace
+            })
+          },
+          errorMessage: userStatusService.app.i18n.t("System error, please contact administrator", { ns: import_preset.namespace })
+        };
+      }
+    };
+    this.logger.info("signIn, signNewToken and check methods injected with UserStatusService integration");
+  }
+  /**
+   * 注册用户状态变更拦截器
+   * 拦截 users:update 请求,自动记录状态变更历史
+   */
+  registerStatusChangeInterceptor() {
+    const userStatusService = this;
+    this.db.on("users.beforeUpdate", async (model, options) => {
+      if (model.changed("status")) {
+        const oldStatus = model._previousDataValues.status || "active";
+        const newStatus = model.status;
+        if (oldStatus !== newStatus) {
+          model.set("previousStatus", oldStatus);
+          if (!options.transaction) {
+            options.transaction = {};
+          }
+          if (!options.transaction.__statusChange) {
+            options.transaction.__statusChange = {};
+          }
+          options.transaction.__statusChange[model.id] = {
+            userId: model.id,
+            fromStatus: oldStatus,
+            toStatus: newStatus,
+            reason: model.statusReason || null,
+            expireAt: model.statusExpireAt || null
+          };
+          userStatusService.logger.debug(`Status change: userId=${model.id}, ${oldStatus} \u2192 ${newStatus}`);
+        }
+      }
+    });
+    this.db.on("users.afterUpdate", async (model, options) => {
+      var _a, _b, _c, _d, _e;
+      const statusChange = (_b = (_a = options == null ? void 0 : options.transaction) == null ? void 0 : _a.__statusChange) == null ? void 0 : _b[model.id];
+      if (statusChange) {
+        try {
+          const currentUserId = (_e = (_d = (_c = options == null ? void 0 : options.context) == null ? void 0 : _c.state) == null ? void 0 : _d.currentUser) == null ? void 0 : _e.id;
+          await userStatusService.recordStatusHistoryIfNotExists({
+            userId: statusChange.userId,
+            fromStatus: statusChange.fromStatus,
+            toStatus: statusChange.toStatus,
+            reason: statusChange.reason,
+            expireAt: statusChange.expireAt,
+            operationType: "manual",
+            // 通过 API 修改的都是手动操作
+            createdBy: currentUserId,
+            transaction: options.transaction
+          });
+        } catch (error) {
+          userStatusService.logger.error("Failed to record status history:", error);
+        }
+      }
+    });
+    this.logger.info("User status change interceptor registered");
+  }
+}
+var user_status_default = UserStatusService;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  UserStatusService
+});

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@tachybase/module-auth",
   "displayName": "Authentication",
-  "version": "1.3.25",
+  "version": "1.5.0",
   "description": "User authentication management, including password, SMS, and support for Single Sign-On (SSO) protocols, with extensibility.",
   "keywords": [
     "Authentication",
@@ -16,14 +16,14 @@
     "@tego/client": "*",
     "@tego/server": "*",
     "antd": "5.22.5",
-    "axios": "1.7.7",
+    "axios": "1.13.0",
     "cron": "^3.3.1",
     "lodash": "4.17.21",
     "ms": "^2.1.3",
     "react": "18.3.1",
-    "react-i18next": "15.2.0",
+    "react-i18next": "16.2.1",
     "react-router-dom": "6.28.1",
-    "@tachybase/client": "1.3.25"
+    "@tachybase/client": "1.5.0"
   },
   "description.zh-CN": "用户认证管理，包括基础的密码认证、短信认证、SSO 协议的认证等，可扩展。",
   "displayName.zh-CN": "用户认证",