@technomoron/api-server-base 1.1.13 → 2.0.0-beta.2

package/dist/esm/user/sequelize.d.ts

@@ -0,0 +1,41 @@
+import { CreationOptional, Model, type InferAttributes, type InferCreationAttributes, type ModelStatic, type Sequelize } from 'sequelize';
+import { UserStore } from './base.js';
+import type { CreateUserInput, PublicUserMapper, UpdateUserInput } from './types.js';
+import type { AuthIdentifier } from '../auth-api/types.js';
+export declare class AuthUserModel extends Model<InferAttributes<AuthUserModel>, InferCreationAttributes<AuthUserModel>> implements InferAttributes<AuthUserModel> {
+    user_id: CreationOptional<number>;
+    login: string;
+    email: string;
+    password: string;
+}
+export type AuthUserAttributes = InferAttributes<AuthUserModel>;
+export type AuthUserCreationAttributes = InferCreationAttributes<AuthUserModel>;
+export declare function initAuthUserModel(sequelize: Sequelize): typeof AuthUserModel;
+export type GenericUserModel = Model<Record<string, unknown>, Record<string, unknown>>;
+export type GenericUserModelStatic = ModelStatic<GenericUserModel>;
+export interface SequelizeUserStoreOptions<UserAttributes extends AuthUserAttributes = AuthUserAttributes, PublicUserShape extends Omit<UserAttributes, 'password'> = Omit<UserAttributes, 'password'>> {
+    bcryptRounds?: number;
+    bcryptPepper?: string;
+    sequelize: Sequelize;
+    userModel?: GenericUserModelStatic;
+    userModelFactory?: (sequelize: Sequelize) => GenericUserModelStatic;
+    recordMapper?: (model: GenericUserModel) => UserAttributes;
+    toPublic?: PublicUserMapper<UserAttributes, PublicUserShape>;
+}
+export declare class SequelizeUserStore<UserAttributes extends AuthUserAttributes = AuthUserAttributes, PublicUserShape extends Omit<UserAttributes, 'password'> = Omit<UserAttributes, 'password'>> extends UserStore<UserAttributes, PublicUserShape> {
+    readonly Users: GenericUserModelStatic;
+    private readonly recordMapper;
+    constructor(options: SequelizeUserStoreOptions<UserAttributes, PublicUserShape>);
+    findUser(identifier: AuthIdentifier | string): Promise<UserAttributes | null>;
+    findById(id: AuthIdentifier): Promise<UserAttributes | null>;
+    findByLoginOrEmail(loginOrEmail: string): Promise<UserAttributes | null>;
+    createUser(input: CreateUserInput): Promise<UserAttributes>;
+    upsertUser(input: CreateUserInput): Promise<UserAttributes>;
+    updateUser(id: AuthIdentifier, patch: UpdateUserInput): Promise<UserAttributes>;
+    setPasswordHash(id: AuthIdentifier, hash: string): Promise<void>;
+    getPasswordHash(user: UserAttributes): string | null;
+    getUserId(user: UserAttributes): AuthIdentifier;
+    protected toUserRecord(model: GenericUserModel): UserAttributes;
+    private static mapModelToUser;
+    private normalizeUserId;
+}

package/dist/esm/user/sequelize.js

@@ -0,0 +1,176 @@
+import { DataTypes, Model, Op } from 'sequelize';
+import { UserStore } from './base.js';
+const DIALECTS_SUPPORTING_UNSIGNED = new Set(['mysql', 'mariadb']);
+function integerIdType(sequelize) {
+    return DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect()) ? DataTypes.INTEGER.UNSIGNED : DataTypes.INTEGER;
+}
+function userTableOptions(sequelize) {
+    const opts = {
+        sequelize,
+        tableName: 'users',
+        timestamps: false
+    };
+    if (DIALECTS_SUPPORTING_UNSIGNED.has(sequelize.getDialect())) {
+        opts.charset = 'utf8mb4';
+        opts.collate = 'utf8mb4_unicode_ci';
+    }
+    return opts;
+}
+export class AuthUserModel extends Model {
+}
+export function initAuthUserModel(sequelize) {
+    const idType = integerIdType(sequelize);
+    AuthUserModel.init({
+        user_id: {
+            type: idType,
+            autoIncrement: true,
+            allowNull: false,
+            primaryKey: true
+        },
+        login: {
+            type: DataTypes.STRING(64),
+            allowNull: false,
+            unique: true
+        },
+        email: {
+            type: DataTypes.STRING(100),
+            allowNull: false,
+            unique: true
+        },
+        password: {
+            type: DataTypes.STRING(255),
+            allowNull: false
+        }
+    }, {
+        ...userTableOptions(sequelize)
+    });
+    return AuthUserModel;
+}
+export class SequelizeUserStore extends UserStore {
+    constructor(options) {
+        super({
+            toPublic: options.toPublic,
+            bcryptRounds: options.bcryptRounds,
+            bcryptPepper: options.bcryptPepper
+        });
+        if (!options?.sequelize) {
+            throw new Error('SequelizeUserStore requires a configured Sequelize instance');
+        }
+        this.Users = options.userModel
+            ? options.userModel
+            : (options.userModelFactory ?? initAuthUserModel)(options.sequelize);
+        this.recordMapper =
+            options.recordMapper ??
+                ((model) => SequelizeUserStore.mapModelToUser(model));
+    }
+    async findUser(identifier) {
+        const where = [];
+        try {
+            where.push({ user_id: this.normalizeUserId(identifier) });
+        }
+        catch {
+            // ignore
+        }
+        if (typeof identifier === 'string') {
+            where.push({ login: identifier });
+            where.push({ email: identifier });
+        }
+        if (where.length === 0) {
+            return null;
+        }
+        const model = await this.Users.findOne({ where: { [Op.or]: where } });
+        return model ? this.toUserRecord(model) : null;
+    }
+    async findById(id) {
+        try {
+            const model = await this.Users.findByPk(this.normalizeUserId(id));
+            return model ? this.toUserRecord(model) : null;
+        }
+        catch {
+            return null;
+        }
+    }
+    async findByLoginOrEmail(loginOrEmail) {
+        const model = await this.Users.findOne({
+            where: { [Op.or]: [{ login: loginOrEmail }, { email: loginOrEmail }] }
+        });
+        return model ? this.toUserRecord(model) : null;
+    }
+    async createUser(input) {
+        const normalized = this.normalizeUserInput(input);
+        const { password, ...rest } = normalized;
+        const defaults = {
+            ...rest,
+            password: password ? await this.hashPassword(password) : ''
+        };
+        const providedId = input.user_id;
+        if (providedId !== undefined && providedId !== null && Number.isFinite(providedId)) {
+            defaults.user_id = Number(providedId);
+        }
+        const [model] = await this.Users.findOrCreate({
+            where: { login: rest.login },
+            defaults: defaults
+        });
+        return this.toUserRecord(model);
+    }
+    async upsertUser(input) {
+        const normalized = this.normalizeUserInput(input);
+        const providedId = input.user_id;
+        if (providedId !== undefined) {
+            const model = await this.Users.findByPk(Number(providedId));
+            if (!model) {
+                throw new Error(`User ${String(providedId)} not found`);
+            }
+            const next = { ...normalized };
+            if (normalized.password) {
+                next.password = await this.hashPassword(normalized.password);
+            }
+            await model.set(next);
+            await model.save();
+            return this.toUserRecord(model);
+        }
+        return this.createUser(input);
+    }
+    async updateUser(id, patch) {
+        const model = await this.Users.findByPk(this.normalizeUserId(id));
+        if (!model) {
+            throw new Error(`User ${String(id)} not found`);
+        }
+        const updates = { ...patch };
+        if (patch.password) {
+            updates.password = await this.hashPassword(patch.password);
+        }
+        await model.set(updates);
+        await model.save();
+        return this.toUserRecord(model);
+    }
+    async setPasswordHash(id, hash) {
+        await this.Users.update({ password: hash }, { where: { user_id: this.normalizeUserId(id) } });
+    }
+    getPasswordHash(user) {
+        return user.password;
+    }
+    getUserId(user) {
+        return user.user_id;
+    }
+    toUserRecord(model) {
+        return this.recordMapper(model);
+    }
+    static mapModelToUser(model) {
+        return {
+            user_id: model.get('user_id'),
+            login: model.get('login'),
+            email: model.get('email'),
+            password: model.get('password')
+        };
+    }
+    normalizeUserId(identifier) {
+        if (typeof identifier === 'number' && Number.isFinite(identifier)) {
+            return identifier;
+        }
+        if (typeof identifier === 'string' && /^\d+$/.test(identifier)) {
+            return Number(identifier);
+        }
+        throw new Error(`Unable to normalise user identifier: ${identifier}`);
+    }
+}

package/dist/esm/user/types.d.ts

@@ -0,0 +1,11 @@
+export interface BcryptHasherOptions {
+    rounds?: number;
+    pepper?: string;
+}
+export type CreateUserInput = Record<string, unknown> & {
+    login: string;
+    email: string;
+    password?: string;
+};
+export type UpdateUserInput = Partial<CreateUserInput>;
+export type PublicUserMapper<User, PublicUser> = (user: User) => PublicUser;

package/dist/esm/user/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@technomoron/api-server-base",
-	"version": "1.1.13",
+	"version": "2.0.0-beta.2",
 	"description": "Api Server Skeleton / Base Class",
 	"type": "module",
 	"main": "./dist/cjs/index.cjs",
@@ -39,18 +39,25 @@
 		"pretty": "prettier --write \"**/*.{js,jsx,ts,tsx,vue,json,css,scss,md}\""
 	},
 	"dependencies": {
+		"@simplewebauthn/server": "^13.2.2",
 		"@types/cookie-parser": "^1.4.9",
 		"@types/cors": "^2.8.19",
 		"@types/express": "^4.17.23",
 		"@types/jsonwebtoken": "^9.0.10",
 		"@types/multer": "^1.4.13",
+		"bcryptjs": "^2.4.3",
 		"cookie-parser": "^1.4.7",
 		"cors": "^2.8.5",
 		"express": "^4.21.2",
 		"jsonwebtoken": "^9.0.2",
-		"multer": "^2.0.2"
+		"multer": "^2.0.2",
+		"mysql2": "^3.15.3",
+		"pg": "^8.16.3",
+		"sequelize": "^6.37.7",
+		"sqlite3": "^5.1.7"
 	},
 	"devDependencies": {
+		"@types/bcryptjs": "^2.4.6",
 		"@types/express-serve-static-core": "^5.1.0",
 		"@types/supertest": "^6.0.3",
 		"@typescript-eslint/eslint-plugin": "^8.46.1",
@@ -67,7 +74,8 @@
 	},
 	"pnpm": {
 		"onlyBuiltDependencies": [
-			"esbuild"
+			"esbuild",
+			"sqlite3"
 		]
 	},
 	"files": [

package/dist/cjs/auth-storage.d.ts

@@ -1,133 +0,0 @@
-export type AuthIdentifier = string | number;
-export interface AuthTokenMetadata {
-    ruid?: AuthIdentifier;
-    clientId?: string;
-    domain?: string;
-    fingerprint?: string;
-    label?: string;
-    browser?: string;
-    device?: string;
-    ip?: string;
-    os?: string;
-    scope?: string | string[];
-    loginType?: string;
-    refreshTtlSeconds?: number;
-    sessionCookie?: boolean;
-    revokeSessions?: 'device' | 'domain' | 'client' | 'user';
-}
-export interface AuthTokenData extends AuthTokenMetadata {
-    access: string;
-    expires?: Date;
-    issuedAt?: Date;
-    lastSeenAt?: Date;
-    refresh: string;
-    userId: AuthIdentifier;
-}
-export interface AuthTokenQuery extends AuthTokenMetadata {
-    accessToken?: string;
-    refreshToken?: string;
-    userId?: AuthIdentifier;
-}
-export interface AuthTokenPair {
-    accessToken: string;
-    refreshToken: string;
-}
-export interface AuthTokenPayload extends AuthTokenMetadata {
-    exp?: number;
-    iat?: number;
-    uid: AuthIdentifier;
-}
-export interface PasskeyChallengeParams extends AuthTokenMetadata {
-    action: 'register' | 'authenticate';
-    login?: string;
-    userAgent?: string;
-    userId?: AuthIdentifier;
-}
-export interface PasskeyChallenge extends Record<string, unknown> {
-    challenge: string;
-    expiresAt?: string | number | Date;
-    userId?: AuthIdentifier;
-}
-export interface PasskeyVerificationParams extends AuthTokenMetadata {
-    expectedChallenge: string;
-    login?: string;
-    response: Record<string, unknown>;
-    userId?: AuthIdentifier;
-}
-export interface PasskeyVerificationResult extends Record<string, unknown> {
-    login?: string;
-    tokens?: AuthTokenPair;
-    userId?: AuthIdentifier;
-    verified: boolean;
-}
-export interface OAuthClient {
-    clientId: string;
-    clientSecret: string;
-    firstParty?: boolean;
-    metadata?: Record<string, unknown>;
-    name?: string;
-    redirectUris: string[];
-    scope?: string[];
-}
-export interface AuthCodeData {
-    code: string;
-    clientId: string;
-    codeChallenge?: string;
-    codeChallengeMethod?: 'plain' | 'S256';
-    expiresAt: Date;
-    metadata?: Record<string, unknown>;
-    redirectUri: string;
-    scope: string[];
-    userId: AuthIdentifier;
-}
-export type AuthCodeRequest = Omit<AuthCodeData, 'code' | 'expiresAt'> & {
-    code?: string;
-    expiresInSeconds?: number;
-};
-export interface AuthStorage<UserRow, SafeUser> {
-    getUser(identifier: AuthIdentifier): Promise<UserRow | null>;
-    getUserPasswordHash(user: UserRow): string;
-    getUserId(user: UserRow): AuthIdentifier;
-    filterUser(user: UserRow): SafeUser;
-    verifyPassword(password: string, hash: string): Promise<boolean>;
-    storeToken(data: AuthTokenData): Promise<void>;
-    getToken(query: AuthTokenQuery): Promise<AuthTokenData | null>;
-    deleteToken(query: AuthTokenQuery): Promise<number>;
-    updateToken?(updates: Partial<AuthTokenData> & {
-        refreshToken: string;
-    }): Promise<boolean>;
-    createPasskeyChallenge?(params: PasskeyChallengeParams): Promise<PasskeyChallenge>;
-    verifyPasskeyResponse?(params: PasskeyVerificationParams): Promise<PasskeyVerificationResult>;
-    getClient?(clientId: string): Promise<OAuthClient | null>;
-    verifyClientSecret?(client: OAuthClient, clientSecret: string | null): Promise<boolean>;
-    createAuthCode?(request: AuthCodeRequest): Promise<AuthCodeData>;
-    consumeAuthCode?(code: string, clientId: string): Promise<AuthCodeData | null>;
-    canImpersonate?(params: {
-        realUserId: AuthIdentifier;
-        effectiveUserId: AuthIdentifier;
-    }): Promise<boolean>;
-}
-export declare class BaseAuthStorage<UserRow = unknown, SafeUser = unknown> implements AuthStorage<UserRow, SafeUser> {
-    getUser(identifier: AuthIdentifier): Promise<UserRow | null>;
-    getUserPasswordHash(user: UserRow): string;
-    getUserId(user: UserRow): AuthIdentifier;
-    filterUser(user: UserRow): SafeUser;
-    verifyPassword(password: string, hash: string): Promise<boolean>;
-    storeToken(data: AuthTokenData): Promise<void>;
-    getToken(query: AuthTokenQuery): Promise<AuthTokenData | null>;
-    deleteToken(query: AuthTokenQuery): Promise<number>;
-    updateToken(updates: Partial<AuthTokenData> & {
-        refreshToken: string;
-    }): Promise<boolean>;
-    createPasskeyChallenge(params: PasskeyChallengeParams): Promise<PasskeyChallenge>;
-    verifyPasskeyResponse(params: PasskeyVerificationParams): Promise<PasskeyVerificationResult>;
-    getClient(clientId: string): Promise<OAuthClient | null>;
-    verifyClientSecret(client: OAuthClient, clientSecret: string | null): Promise<boolean>;
-    createAuthCode(request: AuthCodeRequest): Promise<AuthCodeData>;
-    consumeAuthCode(code: string, clientId: string): Promise<AuthCodeData | null>;
-    canImpersonate(params: {
-        realUserId: AuthIdentifier;
-        effectiveUserId: AuthIdentifier;
-    }): Promise<boolean>;
-}
-export declare const nullAuthStorage: AuthStorage<unknown, unknown>;

package/dist/esm/auth-storage.d.ts

@@ -1,133 +0,0 @@
-export type AuthIdentifier = string | number;
-export interface AuthTokenMetadata {
-    ruid?: AuthIdentifier;
-    clientId?: string;
-    domain?: string;
-    fingerprint?: string;
-    label?: string;
-    browser?: string;
-    device?: string;
-    ip?: string;
-    os?: string;
-    scope?: string | string[];
-    loginType?: string;
-    refreshTtlSeconds?: number;
-    sessionCookie?: boolean;
-    revokeSessions?: 'device' | 'domain' | 'client' | 'user';
-}
-export interface AuthTokenData extends AuthTokenMetadata {
-    access: string;
-    expires?: Date;
-    issuedAt?: Date;
-    lastSeenAt?: Date;
-    refresh: string;
-    userId: AuthIdentifier;
-}
-export interface AuthTokenQuery extends AuthTokenMetadata {
-    accessToken?: string;
-    refreshToken?: string;
-    userId?: AuthIdentifier;
-}
-export interface AuthTokenPair {
-    accessToken: string;
-    refreshToken: string;
-}
-export interface AuthTokenPayload extends AuthTokenMetadata {
-    exp?: number;
-    iat?: number;
-    uid: AuthIdentifier;
-}
-export interface PasskeyChallengeParams extends AuthTokenMetadata {
-    action: 'register' | 'authenticate';
-    login?: string;
-    userAgent?: string;
-    userId?: AuthIdentifier;
-}
-export interface PasskeyChallenge extends Record<string, unknown> {
-    challenge: string;
-    expiresAt?: string | number | Date;
-    userId?: AuthIdentifier;
-}
-export interface PasskeyVerificationParams extends AuthTokenMetadata {
-    expectedChallenge: string;
-    login?: string;
-    response: Record<string, unknown>;
-    userId?: AuthIdentifier;
-}
-export interface PasskeyVerificationResult extends Record<string, unknown> {
-    login?: string;
-    tokens?: AuthTokenPair;
-    userId?: AuthIdentifier;
-    verified: boolean;
-}
-export interface OAuthClient {
-    clientId: string;
-    clientSecret: string;
-    firstParty?: boolean;
-    metadata?: Record<string, unknown>;
-    name?: string;
-    redirectUris: string[];
-    scope?: string[];
-}
-export interface AuthCodeData {
-    code: string;
-    clientId: string;
-    codeChallenge?: string;
-    codeChallengeMethod?: 'plain' | 'S256';
-    expiresAt: Date;
-    metadata?: Record<string, unknown>;
-    redirectUri: string;
-    scope: string[];
-    userId: AuthIdentifier;
-}
-export type AuthCodeRequest = Omit<AuthCodeData, 'code' | 'expiresAt'> & {
-    code?: string;
-    expiresInSeconds?: number;
-};
-export interface AuthStorage<UserRow, SafeUser> {
-    getUser(identifier: AuthIdentifier): Promise<UserRow | null>;
-    getUserPasswordHash(user: UserRow): string;
-    getUserId(user: UserRow): AuthIdentifier;
-    filterUser(user: UserRow): SafeUser;
-    verifyPassword(password: string, hash: string): Promise<boolean>;
-    storeToken(data: AuthTokenData): Promise<void>;
-    getToken(query: AuthTokenQuery): Promise<AuthTokenData | null>;
-    deleteToken(query: AuthTokenQuery): Promise<number>;
-    updateToken?(updates: Partial<AuthTokenData> & {
-        refreshToken: string;
-    }): Promise<boolean>;
-    createPasskeyChallenge?(params: PasskeyChallengeParams): Promise<PasskeyChallenge>;
-    verifyPasskeyResponse?(params: PasskeyVerificationParams): Promise<PasskeyVerificationResult>;
-    getClient?(clientId: string): Promise<OAuthClient | null>;
-    verifyClientSecret?(client: OAuthClient, clientSecret: string | null): Promise<boolean>;
-    createAuthCode?(request: AuthCodeRequest): Promise<AuthCodeData>;
-    consumeAuthCode?(code: string, clientId: string): Promise<AuthCodeData | null>;
-    canImpersonate?(params: {
-        realUserId: AuthIdentifier;
-        effectiveUserId: AuthIdentifier;
-    }): Promise<boolean>;
-}
-export declare class BaseAuthStorage<UserRow = unknown, SafeUser = unknown> implements AuthStorage<UserRow, SafeUser> {
-    getUser(identifier: AuthIdentifier): Promise<UserRow | null>;
-    getUserPasswordHash(user: UserRow): string;
-    getUserId(user: UserRow): AuthIdentifier;
-    filterUser(user: UserRow): SafeUser;
-    verifyPassword(password: string, hash: string): Promise<boolean>;
-    storeToken(data: AuthTokenData): Promise<void>;
-    getToken(query: AuthTokenQuery): Promise<AuthTokenData | null>;
-    deleteToken(query: AuthTokenQuery): Promise<number>;
-    updateToken(updates: Partial<AuthTokenData> & {
-        refreshToken: string;
-    }): Promise<boolean>;
-    createPasskeyChallenge(params: PasskeyChallengeParams): Promise<PasskeyChallenge>;
-    verifyPasskeyResponse(params: PasskeyVerificationParams): Promise<PasskeyVerificationResult>;
-    getClient(clientId: string): Promise<OAuthClient | null>;
-    verifyClientSecret(client: OAuthClient, clientSecret: string | null): Promise<boolean>;
-    createAuthCode(request: AuthCodeRequest): Promise<AuthCodeData>;
-    consumeAuthCode(code: string, clientId: string): Promise<AuthCodeData | null>;
-    canImpersonate(params: {
-        realUserId: AuthIdentifier;
-        effectiveUserId: AuthIdentifier;
-    }): Promise<boolean>;
-}
-export declare const nullAuthStorage: AuthStorage<unknown, unknown>;