@tinyrack/tinyauth-server 0.5.0 → 0.6.0

package/dist/routes/api/admin/users/index.js

@@ -0,0 +1,166 @@
+import { Hono } from 'hono';
+import { describeRoute, resolver, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { OPENAPI_SECURITY } from "../../../../lib/openapi.js";
+import { TAGS } from "../../../../lib/swagger-tags.js";
+import { requireAdmin } from "../../../../middleware/auth.js";
+import { e } from "../../../../schemas/error.js";
+import { f } from "../../../../schemas/field.js";
+import { r } from "../../../../schemas/response.js";
+const QueryBoolean = z.preprocess((value) => {
+    if (value === undefined)
+        return undefined;
+    if (value === true || value === 'true')
+        return true;
+    if (value === false || value === 'false')
+        return false;
+    return value;
+}, z.boolean());
+const AdminUsersQuery = z.object({
+    query: z.string().trim().optional(),
+    page: z.coerce.number().int().min(1).default(1),
+    page_size: z.coerce.number().int().min(1).max(100).default(20),
+    include_deleted: QueryBoolean.default(false),
+    managed_by: z.enum(['database', 'config']).optional(),
+    role: z.enum(['user', 'admin']).optional(),
+});
+const AdminCreateUserBody = z.object({
+    email: f.userEmail,
+    password: f.userPassword,
+    role: z.enum(['user', 'admin']).default('user'),
+    email_verified: z.boolean().default(false),
+});
+const AdminUpdateUserBody = z
+    .object({
+    email: f.userEmail.optional(),
+    role: z.enum(['user', 'admin']).optional(),
+    email_verified: z.boolean().optional(),
+})
+    .refine((value) => Object.keys(value).length > 0, {
+    message: 'At least one field is required',
+});
+const adminUserResponses = {
+    200: {
+        content: {
+            'application/json': { schema: resolver(r.AdminUserResponse) },
+        },
+        description: 'Success',
+    },
+    401: {
+        content: {
+            'application/json': { schema: resolver(e.Unauthorized.Schema) },
+        },
+        description: 'Unauthorized',
+    },
+    403: {
+        content: {
+            'application/json': {
+                schema: resolver(z.union([e.Forbidden.Schema, e.UserNotEditable.Schema])),
+            },
+        },
+        description: 'Forbidden or not editable',
+    },
+    404: {
+        content: {
+            'application/json': { schema: resolver(e.UserNotFound.Schema) },
+        },
+        description: 'User not found',
+    },
+    409: {
+        content: {
+            'application/json': { schema: resolver(e.EmailAlreadyExists.Schema) },
+        },
+        description: 'Email already exists',
+    },
+};
+export const adminUsersRoutes = new Hono()
+    .get('/admin/users', describeRoute({
+    tags: [TAGS.ADMIN],
+    security: OPENAPI_SECURITY.cookieSession,
+    summary: 'List admin users',
+    description: 'List users for the admin console.',
+    responses: {
+        200: {
+            content: {
+                'application/json': { schema: resolver(r.AdminUserListResponse) },
+            },
+            description: 'Success',
+        },
+    },
+}), requireAdmin(), validator('query', AdminUsersQuery), async (c) => {
+    const query = c.req.valid('query');
+    const result = await c.var.services.userService.listAdminUsers({
+        query: query.query,
+        page: query.page,
+        pageSize: query.page_size,
+        includeDeleted: query.include_deleted,
+        managedBy: query.managed_by,
+        role: query.role,
+    });
+    return c.json(result, 200);
+})
+    .post('/admin/users', describeRoute({
+    tags: [TAGS.ADMIN],
+    security: OPENAPI_SECURITY.cookieSession,
+    summary: 'Create admin-managed user',
+    description: 'Create a database-managed user from the admin console.',
+    responses: {
+        201: {
+            content: {
+                'application/json': { schema: resolver(r.AdminUserResponse) },
+            },
+            description: 'Created',
+        },
+        ...adminUserResponses,
+    },
+}), requireAdmin(), validator('json', AdminCreateUserBody), async (c) => {
+    const body = c.req.valid('json');
+    const user = await c.var.services.userService.createAdminUser({
+        email: body.email,
+        password: body.password,
+        role: body.role,
+        emailVerified: body.email_verified,
+    });
+    return c.json({ user }, 201);
+})
+    .get('/admin/users/:sub', describeRoute({
+    tags: [TAGS.ADMIN],
+    security: OPENAPI_SECURITY.cookieSession,
+    summary: 'Get admin user',
+    description: 'Get a user for the admin console.',
+    responses: adminUserResponses,
+}), requireAdmin(), async (c) => {
+    const user = await c.var.services.userService.getAdminUser(c.req.param('sub'));
+    return c.json({ user }, 200);
+})
+    .patch('/admin/users/:sub', describeRoute({
+    tags: [TAGS.ADMIN],
+    security: OPENAPI_SECURITY.cookieSession,
+    summary: 'Update admin-managed user',
+    description: 'Update a database-managed user from the admin console.',
+    responses: adminUserResponses,
+}), requireAdmin(), validator('json', AdminUpdateUserBody), async (c) => {
+    const body = c.req.valid('json');
+    const user = await c.var.services.userService.updateAdminUser({
+        sub: c.req.param('sub'),
+        actorSub: c.var.verifiedUser.user.sub,
+        email: body.email,
+        role: body.role,
+        emailVerified: body.email_verified,
+    });
+    return c.json({ user }, 200);
+})
+    .delete('/admin/users/:sub', describeRoute({
+    tags: [TAGS.ADMIN],
+    security: OPENAPI_SECURITY.cookieSession,
+    summary: 'Delete admin-managed user',
+    description: 'Soft-delete a database-managed user from the admin console.',
+    responses: adminUserResponses,
+}), requireAdmin(), async (c) => {
+    const user = await c.var.services.userService.deleteAdminUser({
+        sub: c.req.param('sub'),
+        actorSub: c.var.verifiedUser.user.sub,
+    });
+    return c.json({ user }, 200);
+});
+//# sourceMappingURL=index.js.map

package/dist/routes/api/admin/users/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/routes/api/admin/users/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,gBAAgB,EAAE,MAAM,4BAA4B,CAAC;AAC9D,OAAO,EAAE,IAAI,EAAE,MAAM,iCAAiC,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAC9D,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EAAE,CAAC,EAAE,MAAM,8BAA8B,CAAC;AACjD,OAAO,EAAE,CAAC,EAAE,MAAM,iCAAiC,CAAC;AAEpD,MAAM,YAAY,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,KAAK,EAAE,EAAE;IAC1C,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,SAAS,CAAC;IAC1C,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpD,IAAI,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IACvD,OAAO,KAAK,CAAC;AACf,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;AAEhB,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IAC/B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,EAAE;IACnC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IAC/C,SAAS,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC9D,eAAe,EAAE,YAAY,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,UAAU,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE;IACrD,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,KAAK,EAAE,CAAC,CAAC,SAAS;IAClB,QAAQ,EAAE,CAAC,CAAC,YAAY;IACxB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IAC/C,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CAC3C,CAAC,CAAC;AAEH,MAAM,mBAAmB,GAAG,CAAC;KAC1B,MAAM,CAAC;IACN,KAAK,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE;IAC7B,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC1C,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACvC,CAAC;KACD,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;IAChD,OAAO,EAAE,gCAAgC;CAC1C,CAAC,CAAC;AAEL,MAAM,kBAAkB,GAAG;IACzB,GAAG,EAAE;QACH,OAAO,EAAE;YACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE;SAC9D;QACD,WAAW,EAAE,SAAS;KACvB;IACD,GAAG,EAAE;QACH,OAAO,EAAE;YACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE;SAChE;QACD,WAAW,EAAE,cAAc;KAC5B;IACD,GAAG,EAAE;QACH,OAAO,EAAE;YACP,kBAAkB,EAAE;gBAClB,MAAM,EAAE,QAAQ,CACd,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CACxD;aACF;SACF;QACD,WAAW,EAAE,2BAA2B;KACzC;IACD,GAAG,EAAE;QACH,OAAO,EAAE;YACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE;SAChE;QACD,WAAW,EAAE,gBAAgB;KAC9B;IACD,GAAG,EAAE;QACH,OAAO,EAAE;YACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE;SACtE;QACD,WAAW,EAAE,sBAAsB;KACpC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,IAAI,EAAU;KAC/C,GAAG,CACF,cAAc,EACd,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAClB,QAAQ,EAAE,gBAAgB,CAAC,aAAa;IACxC,OAAO,EAAE,kBAAkB;IAC3B,WAAW,EAAE,mCAAmC;IAChD,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,qBAAqB,CAAC,EAAE;aAClE;YACD,WAAW,EAAE,SAAS;SACvB;KACF;CACF,CAAC,EACF,YAAY,EAAE,EACd,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC,EACnC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,MAAM,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,cAAc,CAAC;QAC7D,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,QAAQ,EAAE,KAAK,CAAC,SAAS;QACzB,cAAc,EAAE,KAAK,CAAC,eAAe;QACrC,SAAS,EAAE,KAAK,CAAC,UAAU;QAC3B,IAAI,EAAE,KAAK,CAAC,IAAI;KACjB,CAAC,CAAC;IACH,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;AAC7B,CAAC,CACF;KACA,IAAI,CACH,cAAc,EACd,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAClB,QAAQ,EAAE,gBAAgB,CAAC,aAAa;IACxC,OAAO,EAAE,2BAA2B;IACpC,WAAW,EAAE,wDAAwD;IACrE,SAAS,EAAE;QACT,GAAG,EAAE;YACH,OAAO,EAAE;gBACP,kBAAkB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE;aAC9D;YACD,WAAW,EAAE,SAAS;SACvB;QACD,GAAG,kBAAkB;KACtB;CACF,CAAC,EACF,YAAY,EAAE,EACd,SAAS,CAAC,MAAM,EAAE,mBAAmB,CAAC,EACtC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,eAAe,CAAC;QAC5D,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,aAAa,EAAE,IAAI,CAAC,cAAc;KACnC,CAAC,CAAC;IACH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CACF;KACA,GAAG,CACF,mBAAmB,EACnB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAClB,QAAQ,EAAE,gBAAgB,CAAC,aAAa;IACxC,OAAO,EAAE,gBAAgB;IACzB,WAAW,EAAE,mCAAmC;IAChD,SAAS,EAAE,kBAAkB;CAC9B,CAAC,EACF,YAAY,EAAE,EACd,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,YAAY,CACxD,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CACnB,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CACF;KACA,KAAK,CACJ,mBAAmB,EACnB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAClB,QAAQ,EAAE,gBAAgB,CAAC,aAAa;IACxC,OAAO,EAAE,2BAA2B;IACpC,WAAW,EAAE,wDAAwD;IACrE,SAAS,EAAE,kBAAkB;CAC9B,CAAC,EACF,YAAY,EAAE,EACd,SAAS,CAAC,MAAM,EAAE,mBAAmB,CAAC,EACtC,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,eAAe,CAAC;QAC5D,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC;QACvB,QAAQ,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;QACrC,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,aAAa,EAAE,IAAI,CAAC,cAAc;KACnC,CAAC,CAAC;IACH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CACF;KACA,MAAM,CACL,mBAAmB,EACnB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;IAClB,QAAQ,EAAE,gBAAgB,CAAC,aAAa;IACxC,OAAO,EAAE,2BAA2B;IACpC,WAAW,EACT,6DAA6D;IAC/D,SAAS,EAAE,kBAAkB;CAC9B,CAAC,EACF,YAAY,EAAE,EACd,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,eAAe,CAAC;QAC5D,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC;QACvB,QAAQ,EAAE,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG;KACtC,CAAC,CAAC;IACH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC;AAC/B,CAAC,CACF,CAAC"}

package/dist/routes/api/auth/accounts/get.d.ts

@@ -0,0 +1,28 @@
+import type { AppEnv } from '../../../../lib/app-env.ts';
+export declare const authAccountsGet: import("hono/hono-base").HonoBase<AppEnv, {
+    "/auth/accounts": {
+        $get: {
+            input: {
+                query: {
+                    client_id?: string | string[];
+                };
+            };
+            output: {
+                active_sub: string | null;
+                accounts: {
+                    sub: import("@mikro-orm/core").Opt<string>;
+                    email: string;
+                    role: import("@mikro-orm/core").Opt<NonNullable<"user" | "admin">>;
+                    current: boolean;
+                    authenticated_at: number;
+                    last_used_at: number;
+                }[];
+                allow_add_account: boolean;
+                allow_remove_account: boolean;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/auth/accounts">;
+//# sourceMappingURL=get.d.ts.map

package/dist/routes/api/auth/accounts/get.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.d.ts","sourceRoot":"","sources":["../../../../../src/routes/api/auth/accounts/get.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAGzD,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;yBAsD3B,CAAC"}

package/dist/routes/api/auth/accounts/get.js

@@ -0,0 +1,47 @@
+import { Hono } from 'hono';
+import { describeRoute, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../../lib/swagger-tags.js";
+export const authAccountsGet = new Hono().get('/auth/accounts', describeRoute({
+    tags: [TAGS.AUTH],
+    summary: 'List remembered accounts',
+    description: 'Lists browser-session remembered accounts available for OIDC account selection.',
+    responses: {
+        200: { description: 'Success' },
+    },
+}), validator('query', z.object({ client_id: z.string().optional() })), async (c) => {
+    const { config, mikro } = c.var.services;
+    const { client_id } = c.req.valid('query');
+    const clientAccountSelection = client_id
+        ? config.clients.find((client) => client.client_id === client_id)
+            ?.account_selection
+        : undefined;
+    const activeSub = c.var.session.get('user')?.sub ?? null;
+    const rememberedAccounts = c.var.session.get('accounts') ?? [];
+    const accounts = [];
+    for (const account of rememberedAccounts) {
+        const user = await mikro.user.findOne({
+            sub: account.sub,
+            deleted_at: null,
+        });
+        if (!user) {
+            continue;
+        }
+        accounts.push({
+            sub: user.sub,
+            email: user.email,
+            role: user.role,
+            current: user.sub === activeSub,
+            authenticated_at: account.authenticated_at,
+            last_used_at: account.last_used_at,
+        });
+    }
+    return c.json({
+        active_sub: activeSub,
+        accounts,
+        allow_add_account: clientAccountSelection?.allow_add_account ??
+            config.auth.account_selection.allow_add_account,
+        allow_remove_account: config.auth.account_selection.allow_remove_account,
+    }, 200);
+});
+//# sourceMappingURL=get.js.map

package/dist/routes/api/auth/accounts/get.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get.js","sourceRoot":"","sources":["../../../../../src/routes/api/auth/accounts/get.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,iCAAiC,CAAC;AAEvD,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,IAAI,EAAU,CAAC,GAAG,CACnD,gBAAgB,EAChB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;IACjB,OAAO,EAAE,0BAA0B;IACnC,WAAW,EACT,iFAAiF;IACnF,SAAS,EAAE;QACT,GAAG,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE;KAChC;CACF,CAAC,EACF,SAAS,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,EAClE,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC;IACzC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC3C,MAAM,sBAAsB,GAAG,SAAS;QACtC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC;YAC7D,EAAE,iBAAiB;QACvB,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,IAAI,CAAC;IACzD,MAAM,kBAAkB,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;IAC/D,MAAM,QAAQ,GAAG,EAAE,CAAC;IAEpB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC;YACpC,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,SAAS;QACX,CAAC;QACD,QAAQ,CAAC,IAAI,CAAC;YACZ,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,GAAG,KAAK,SAAS;YAC/B,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,YAAY,EAAE,OAAO,CAAC,YAAY;SACnC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,CAAC,CAAC,IAAI,CACX;QACE,UAAU,EAAE,SAAS;QACrB,QAAQ;QACR,iBAAiB,EACf,sBAAsB,EAAE,iBAAiB;YACzC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,iBAAiB;QACjD,oBAAoB,EAClB,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,oBAAoB;KACrD,EACD,GAAG,CACJ,CAAC;AACJ,CAAC,CACF,CAAC"}

package/dist/routes/api/auth/accounts/remove.post.d.ts

@@ -0,0 +1,30 @@
+import type { AppEnv } from '../../../../lib/app-env.ts';
+export declare const authAccountsRemovePost: import("hono/hono-base").HonoBase<AppEnv, {
+    "/auth/accounts/remove": {
+        $post: {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                code: string;
+                message: string;
+            };
+            outputFormat: "json";
+            status: 400;
+        } | {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                ok: true;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/auth/accounts/remove">;
+//# sourceMappingURL=remove.post.d.ts.map

package/dist/routes/api/auth/accounts/remove.post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove.post.d.ts","sourceRoot":"","sources":["../../../../../src/routes/api/auth/accounts/remove.post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAGzD,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;gCAqClC,CAAC"}

package/dist/routes/api/auth/accounts/remove.post.js

@@ -0,0 +1,30 @@
+import { Hono } from 'hono';
+import { describeRoute, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../../lib/swagger-tags.js";
+export const authAccountsRemovePost = new Hono().post('/auth/accounts/remove', describeRoute({
+    tags: [TAGS.AUTH],
+    summary: 'Remove remembered account',
+    description: 'Removes a non-active remembered account from this browser session.',
+    responses: {
+        200: { description: 'Success' },
+        400: { description: 'The account is active or not remembered.' },
+    },
+}), validator('json', z.object({ sub: z.string().min(1) })), async (c) => {
+    if (!c.var.services.config.auth.account_selection.allow_remove_account) {
+        return c.json({
+            code: 'ACCOUNT_REMOVAL_DISABLED',
+            message: 'Removing remembered accounts is disabled.',
+        }, 400);
+    }
+    const { sub } = c.req.valid('json');
+    const removed = c.var.session.removeRememberedUserSession(sub);
+    if (!removed) {
+        return c.json({
+            code: 'ACCOUNT_NOT_REMOVABLE',
+            message: 'The requested account is active or not remembered.',
+        }, 400);
+    }
+    return c.json({ ok: true }, 200);
+});
+//# sourceMappingURL=remove.post.js.map

package/dist/routes/api/auth/accounts/remove.post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"remove.post.js","sourceRoot":"","sources":["../../../../../src/routes/api/auth/accounts/remove.post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,iCAAiC,CAAC;AAEvD,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC3D,uBAAuB,EACvB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;IACjB,OAAO,EAAE,2BAA2B;IACpC,WAAW,EACT,oEAAoE;IACtE,SAAS,EAAE;QACT,GAAG,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE;QAC/B,GAAG,EAAE,EAAE,WAAW,EAAE,0CAA0C,EAAE;KACjE;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EACvD,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,oBAAoB,EAAE,CAAC;QACvE,OAAO,CAAC,CAAC,IAAI,CACX;YACE,IAAI,EAAE,0BAA0B;YAChC,OAAO,EAAE,2CAA2C;SACrD,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,2BAA2B,CAAC,GAAG,CAAC,CAAC;IAC/D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,CAAC,IAAI,CACX;YACE,IAAI,EAAE,uBAAuB;YAC7B,OAAO,EAAE,oDAAoD;SAC9D,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAa,EAAE,EAAE,GAAG,CAAC,CAAC;AAC5C,CAAC,CACF,CAAC"}

package/dist/routes/api/auth/accounts/select.post.d.ts

@@ -0,0 +1,31 @@
+import type { AppEnv } from '../../../../lib/app-env.ts';
+export declare const authAccountsSelectPost: import("hono/hono-base").HonoBase<AppEnv, {
+    "/auth/accounts/select": {
+        $post: {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                code: string;
+                message: string;
+            };
+            outputFormat: "json";
+            status: 400;
+        } | {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                ok: true;
+                active_sub: string;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/", "/auth/accounts/select">;
+//# sourceMappingURL=select.post.d.ts.map

package/dist/routes/api/auth/accounts/select.post.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"select.post.d.ts","sourceRoot":"","sources":["../../../../../src/routes/api/auth/accounts/select.post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAGzD,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;gCA4BlC,CAAC"}

package/dist/routes/api/auth/accounts/select.post.js

@@ -0,0 +1,26 @@
+import { Hono } from 'hono';
+import { describeRoute, validator } from 'hono-openapi';
+import { z } from 'zod';
+import { TAGS } from "../../../../lib/swagger-tags.js";
+export const authAccountsSelectPost = new Hono().post('/auth/accounts/select', describeRoute({
+    tags: [TAGS.AUTH],
+    summary: 'Select remembered account',
+    description: 'Promotes a remembered account to the active session user.',
+    responses: {
+        200: { description: 'Success' },
+        400: {
+            description: 'The account is not remembered in this browser session.',
+        },
+    },
+}), validator('json', z.object({ sub: z.string().min(1) })), async (c) => {
+    const { sub } = c.req.valid('json');
+    const selected = c.var.session.selectUserSession(sub);
+    if (!selected) {
+        return c.json({
+            code: 'ACCOUNT_NOT_REMEMBERED',
+            message: 'The requested account is not remembered in this session.',
+        }, 400);
+    }
+    return c.json({ ok: true, active_sub: sub }, 200);
+});
+//# sourceMappingURL=select.post.js.map

package/dist/routes/api/auth/accounts/select.post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"select.post.js","sourceRoot":"","sources":["../../../../../src/routes/api/auth/accounts/select.post.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACxD,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,iCAAiC,CAAC;AAEvD,MAAM,CAAC,MAAM,sBAAsB,GAAG,IAAI,IAAI,EAAU,CAAC,IAAI,CAC3D,uBAAuB,EACvB,aAAa,CAAC;IACZ,IAAI,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;IACjB,OAAO,EAAE,2BAA2B;IACpC,WAAW,EAAE,2DAA2D;IACxE,SAAS,EAAE;QACT,GAAG,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE;QAC/B,GAAG,EAAE;YACH,WAAW,EAAE,wDAAwD;SACtE;KACF;CACF,CAAC,EACF,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EACvD,KAAK,EAAE,CAAC,EAAE,EAAE;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;IACtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,CAAC,IAAI,CACX;YACE,IAAI,EAAE,wBAAwB;YAC9B,OAAO,EAAE,0DAA0D;SACpE,EACD,GAAG,CACJ,CAAC;IACJ,CAAC;IACD,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAa,EAAE,UAAU,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;AAC7D,CAAC,CACF,CAAC"}

package/dist/routes/api/auth/email/verify/post.d.ts

@@ -12,6 +12,7 @@ export declare const authEmailVerifyPost: import("hono/hono-base").HonoBase<AppE
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;

package/dist/routes/api/auth/email/verify/post.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../../../src/routes/api/auth/email/verify/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAM5D,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;6BA8D/B,CAAC"}
+{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../../../src/routes/api/auth/email/verify/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,+BAA+B,CAAC;AAM5D,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;6BA8D/B,CAAC"}

package/dist/routes/api/auth/index.d.ts

@@ -1,5 +1,85 @@
 import type { AppEnv } from '../../../lib/app-env.ts';
 export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, import("hono/types").BlankSchema | import("hono/types").MergeSchemaPath<{
+    "/auth/accounts": {
+        $get: {
+            input: {
+                query: {
+                    client_id?: string | string[];
+                };
+            };
+            output: {
+                active_sub: string | null;
+                accounts: {
+                    sub: import("@mikro-orm/core").Opt<string>;
+                    email: string;
+                    role: import("@mikro-orm/core").Opt<NonNullable<"user" | "admin">>;
+                    current: boolean;
+                    authenticated_at: number;
+                    last_used_at: number;
+                }[];
+                allow_add_account: boolean;
+                allow_remove_account: boolean;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/"> | import("hono/types").MergeSchemaPath<{
+    "/auth/accounts/select": {
+        $post: {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                code: string;
+                message: string;
+            };
+            outputFormat: "json";
+            status: 400;
+        } | {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                ok: true;
+                active_sub: string;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/"> | import("hono/types").MergeSchemaPath<{
+    "/auth/accounts/remove": {
+        $post: {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                code: string;
+                message: string;
+            };
+            outputFormat: "json";
+            status: 400;
+        } | {
+            input: {
+                json: {
+                    sub: string;
+                };
+            };
+            output: {
+                ok: true;
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
+}, "/"> | import("hono/types").MergeSchemaPath<{
     "/auth/login": {
         $post: {
             input: {
@@ -13,6 +93,7 @@ export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, impor
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;
@@ -60,6 +141,7 @@ export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, impor
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;
@@ -121,6 +203,7 @@ export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, impor
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;
@@ -166,6 +249,7 @@ export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, impor
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;
@@ -192,6 +276,7 @@ export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, impor
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;
@@ -258,6 +343,7 @@ export declare const authRoutes: import("hono/hono-base").HonoBase<AppEnv, impor
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;

package/dist/routes/api/auth/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/routes/api/auth/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAatD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAWa,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/routes/api/auth/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AAgBtD,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAca,CAAC"}

package/dist/routes/api/auth/index.js

@@ -1,4 +1,7 @@
 import { Hono } from 'hono';
+import { authAccountsGet } from "./accounts/get.js";
+import { authAccountsRemovePost } from "./accounts/remove.post.js";
+import { authAccountsSelectPost } from "./accounts/select.post.js";
 import { authEmailResendPost } from "./email/resend/post.js";
 import { authEmailVerifyPost } from "./email/verify/post.js";
 import { authLoginPost } from "./login/post.js";
@@ -11,6 +14,9 @@ import { authRegisterPost } from "./register/post.js";
 import { authTotpRecoveryVerifyPost } from "./totp/recovery/verify/post.js";
 import { authTotpVerifyPost } from "./totp/verify/post.js";
 export const authRoutes = new Hono()
+    .route('/', authAccountsGet)
+    .route('/', authAccountsSelectPost)
+    .route('/', authAccountsRemovePost)
     .route('/', authLoginPost)
     .route('/', authLogoutPost)
     .route('/', authRegisterPost)

package/dist/routes/api/auth/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/routes/api/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAC5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,IAAI,EAAU;KACzC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC;KACzB,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC;KAC1B,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC;KAC5B,KAAK,CAAC,GAAG,EAAE,sBAAsB,CAAC;KAClC,KAAK,CAAC,GAAG,EAAE,qBAAqB,CAAC;KACjC,KAAK,CAAC,GAAG,EAAE,mBAAmB,CAAC;KAC/B,KAAK,CAAC,GAAG,EAAE,mBAAmB,CAAC;KAC/B,KAAK,CAAC,GAAG,EAAE,kBAAkB,CAAC;KAC9B,KAAK,CAAC,GAAG,EAAE,0BAA0B,CAAC;KACtC,KAAK,CAAC,GAAG,EAAE,sBAAsB,CAAC;KAClC,KAAK,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/routes/api/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAC5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAE3D,MAAM,CAAC,MAAM,UAAU,GAAG,IAAI,IAAI,EAAU;KACzC,KAAK,CAAC,GAAG,EAAE,eAAe,CAAC;KAC3B,KAAK,CAAC,GAAG,EAAE,sBAAsB,CAAC;KAClC,KAAK,CAAC,GAAG,EAAE,sBAAsB,CAAC;KAClC,KAAK,CAAC,GAAG,EAAE,aAAa,CAAC;KACzB,KAAK,CAAC,GAAG,EAAE,cAAc,CAAC;KAC1B,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC;KAC5B,KAAK,CAAC,GAAG,EAAE,sBAAsB,CAAC;KAClC,KAAK,CAAC,GAAG,EAAE,qBAAqB,CAAC;KACjC,KAAK,CAAC,GAAG,EAAE,mBAAmB,CAAC;KAC/B,KAAK,CAAC,GAAG,EAAE,mBAAmB,CAAC;KAC/B,KAAK,CAAC,GAAG,EAAE,kBAAkB,CAAC;KAC9B,KAAK,CAAC,GAAG,EAAE,0BAA0B,CAAC;KACtC,KAAK,CAAC,GAAG,EAAE,sBAAsB,CAAC;KAClC,KAAK,CAAC,GAAG,EAAE,qBAAqB,CAAC,CAAC"}

package/dist/routes/api/auth/login/post.d.ts

@@ -13,6 +13,7 @@ export declare const authLoginPost: import("hono/hono-base").HonoBase<AppEnv, {
                     managed_by: "database" | "config";
                     sub: string;
                     email: string;
+                    role: "user" | "admin";
                     email_verified: boolean;
                     email_verification_required: boolean;
                     has_password: boolean;

package/dist/routes/api/auth/login/post.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../../src/routes/api/auth/login/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAMzD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAsFzB,CAAC"}
+{"version":3,"file":"post.d.ts","sourceRoot":"","sources":["../../../../../src/routes/api/auth/login/post.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAMzD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;sBAgFzB,CAAC"}

package/dist/routes/api/auth/login/post.js

@@ -45,32 +45,31 @@ export const authLoginPost = new Hono().post('/auth/login', describeRoute({
     email: f.userEmail,
     password: f.userPassword,
 })), async (c) => {
-    const config = c.var.services.config;
+    const body = c.req.valid('json');
+    const { services, session } = c.var;
+    const config = services.config;
     if (!config.auth.password.enabled) {
         throw new e.ValidationError.Error('Password authentication is disabled');
     }
-    const body = c.req.valid('json');
-    const { passwordAuthService, userService } = c.var.services;
-    const session = c.var.session;
-    const userEntity = await passwordAuthService.authenticateByEmailAndPassword({
+    const userEntity = await services.passwordAuthService.authenticateByEmailAndPassword({
         email: body.email,
         password: body.password,
     });
-    const userSession = await userService.userEntityToSessionUser(userEntity);
-    if (userService.userEmailVerificationRequired(userSession) &&
-        !userSession.email_verified) {
-        return c.json({ user: userSession }, 200);
+    const user = await services.userService.userEntityToSessionUser(userEntity);
+    if (services.userService.userEmailVerificationRequired(user) &&
+        !user.email_verified) {
+        return c.json({ user }, 200);
     }
-    const userRegistered2FAMethods = await userService.userRegistered2FAMethods(userSession.sub);
-    if (userRegistered2FAMethods.length > 0) {
-        session.setPending2FASession(userSession.sub);
+    const registered2FAMethods = await services.userService.userRegistered2FAMethods(user.sub);
+    if (registered2FAMethods.length > 0) {
+        session.setPending2FASession(user.sub);
     }
-    else if (userSession.second_factor_required) {
-        session.setPending2FASetupSession(userSession.sub);
+    else if (user.second_factor_required) {
+        session.setPending2FASetupSession(user.sub);
     }
     else {
-        session.setUserSession(userSession.sub);
+        session.setUserSession(user.sub);
     }
-    return c.json({ user: userSession }, 200);
+    return c.json({ user }, 200);
 });
 //# sourceMappingURL=post.js.map