@tstdl/base 0.93.77 → 0.93.80

package/authentication/client/http-client.middleware.js

@@ -1,4 +1,4 @@
-import { firstValueFrom } from 'rxjs';
+import { firstValueFrom, timeout } from 'rxjs';
 import { cacheValueOrAsyncProvider } from '../../utils/value-or-provider.js';
 import { dontWaitForValidToken } from '../authentication.api.js';
 /**
@@ -13,7 +13,7 @@ export function waitForAuthenticationCredentialsMiddleware(authenticationService
         if ((endpoint?.credentials == true) && (endpoint.data?.[dontWaitForValidToken] != true)) {
             const authenticationService = await getAuthenticationService();
             while (!authenticationService.hasValidToken) {
-                await firstValueFrom(authenticationService.validToken$);
+                await firstValueFrom(authenticationService.validToken$.pipe(timeout(30000)));
             }
         }
         await next();

package/authentication/models/authentication-credentials.model.d.ts

@@ -1,6 +1,6 @@
-import { Entity } from '../../orm/index.js';
+import { Entity, type Uuid } from '../../orm/index.js';
 export declare class AuthenticationCredentials extends Entity {
-    subject: string;
+    subject: Uuid;
     hashVersion: number;
     /**
      * The salt used to hash the secret.

package/authentication/models/authentication-credentials.model.js

@@ -7,8 +7,9 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-import { Entity, Table, Unique } from '../../orm/index.js';
-import { Integer, StringProperty, Uint8ArrayProperty } from '../../schema/index.js';
+import { Entity, Reference, Table, Unique, UuidProperty } from '../../orm/index.js';
+import { Integer, Uint8ArrayProperty } from '../../schema/index.js';
+import { Subject } from './subject.model.js';
 let AuthenticationCredentials = class AuthenticationCredentials extends Entity {
     subject;
     hashVersion;
@@ -22,8 +23,9 @@ let AuthenticationCredentials = class AuthenticationCredentials extends Entity {
     hash;
 };
 __decorate([
-    StringProperty(),
+    Reference(() => Subject),
     Unique(),
+    UuidProperty(),
     __metadata("design:type", String)
 ], AuthenticationCredentials.prototype, "subject", void 0);
 __decorate([

package/authentication/models/authentication-session.model.d.ts

@@ -1,7 +1,7 @@
-import type { Timestamp } from '../../orm/index.js';
+import type { Timestamp, Uuid } from '../../orm/index.js';
 import { Entity } from '../../orm/index.js';
 export declare class AuthenticationSession extends Entity {
-    subject: string;
+    subject: Uuid;
     begin: Timestamp;
     end: Timestamp;
     refreshTokenHashVersion: number;

package/authentication/models/authentication-session.model.js

@@ -7,8 +7,9 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-import { Entity, Table, TimestampProperty } from '../../orm/index.js';
-import { Integer, StringProperty, Uint8ArrayProperty } from '../../schema/index.js';
+import { Entity, Reference, Table, TimestampProperty, UuidProperty } from '../../orm/index.js';
+import { Integer, Uint8ArrayProperty } from '../../schema/index.js';
+import { Subject } from './subject.model.js';
 let AuthenticationSession = class AuthenticationSession extends Entity {
     subject;
     begin;
@@ -24,7 +25,8 @@ let AuthenticationSession = class AuthenticationSession extends Entity {
     refreshTokenHash;
 };
 __decorate([
-    StringProperty(),
+    Reference(() => Subject),
+    UuidProperty(),
     __metadata("design:type", String)
 ], AuthenticationSession.prototype, "subject", void 0);
 __decorate([

package/authentication/models/index.d.ts

@@ -2,5 +2,9 @@ export * from './authentication-credentials.model.js';
 export * from './authentication-session.model.js';
 export * from './init-secret-reset-data.model.js';
 export * from './secret-check-result.model.js';
+export * from './service-account.model.js';
+export * from './subject.model.js';
+export * from './system-account.model.js';
 export * from './token-payload-base.model.js';
 export * from './token.model.js';
+export * from './user.model.js';

package/authentication/models/index.js

@@ -2,5 +2,9 @@ export * from './authentication-credentials.model.js';
 export * from './authentication-session.model.js';
 export * from './init-secret-reset-data.model.js';
 export * from './secret-check-result.model.js';
+export * from './service-account.model.js';
+export * from './subject.model.js';
+export * from './system-account.model.js';
 export * from './token-payload-base.model.js';
 export * from './token.model.js';
+export * from './user.model.js';

package/authentication/models/service-account.model.d.ts

@@ -0,0 +1,7 @@
+import { TenantEntity } from '../../orm/entity.js';
+import { Subject } from './subject.model.js';
+export declare class ServiceAccount extends TenantEntity {
+    description: string;
+    /** Who owns this service account? If null, it is a tenant-wide service account. */
+    parent: Subject | null;
+}

package/authentication/models/service-account.model.js

@@ -0,0 +1,31 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { TenantEntity } from '../../orm/entity.js';
+import { Table, TenantReference, UuidProperty } from '../../orm/index.js';
+import { StringProperty } from '../../schema/index.js';
+import { Subject } from './subject.model.js';
+let ServiceAccount = class ServiceAccount extends TenantEntity {
+    description;
+    /** Who owns this service account? If null, it is a tenant-wide service account. */
+    parent;
+};
+__decorate([
+    StringProperty(),
+    __metadata("design:type", String)
+], ServiceAccount.prototype, "description", void 0);
+__decorate([
+    TenantReference(() => Subject),
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], ServiceAccount.prototype, "parent", void 0);
+ServiceAccount = __decorate([
+    Table('service_account', { schema: 'authentication' })
+], ServiceAccount);
+export { ServiceAccount };

package/authentication/models/subject.model.d.ts

@@ -0,0 +1,16 @@
+import { type EnumType } from '../../enumeration/enumeration.js';
+import { TenantEntity } from '../../orm/entity.js';
+import { type Uuid } from '../../orm/index.js';
+export declare const SubjectType: {
+    readonly System: "system";
+    readonly User: "user";
+    readonly ServiceAccount: "service-account";
+};
+export type SubjectType = EnumType<typeof SubjectType>;
+export declare class Subject extends TenantEntity {
+    type: SubjectType;
+    displayName: string;
+    systemAccountId: Uuid | null;
+    userId: Uuid | null;
+    serviceAccountId: Uuid | null;
+}

package/authentication/models/subject.model.js

@@ -0,0 +1,59 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { defineEnum } from '../../enumeration/enumeration.js';
+import { TenantEntity } from '../../orm/entity.js';
+import { Check, exclusiveNotNull, Table, TenantReference, Unique, UuidProperty } from '../../orm/index.js';
+import { Enumeration, StringProperty } from '../../schema/index.js';
+import { ServiceAccount } from './service-account.model.js';
+import { SystemAccount } from './system-account.model.js';
+import { User } from './user.model.js';
+export const SubjectType = defineEnum('SubjectType', {
+    System: 'system',
+    User: 'user',
+    ServiceAccount: 'service-account',
+});
+let Subject = class Subject extends TenantEntity {
+    type;
+    displayName;
+    systemAccountId;
+    userId;
+    serviceAccountId;
+};
+__decorate([
+    Enumeration(SubjectType),
+    __metadata("design:type", String)
+], Subject.prototype, "type", void 0);
+__decorate([
+    StringProperty(),
+    __metadata("design:type", String)
+], Subject.prototype, "displayName", void 0);
+__decorate([
+    Unique(),
+    TenantReference(() => SystemAccount),
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], Subject.prototype, "systemAccountId", void 0);
+__decorate([
+    Unique(),
+    TenantReference(() => User),
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], Subject.prototype, "userId", void 0);
+__decorate([
+    Unique(),
+    TenantReference(() => ServiceAccount),
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], Subject.prototype, "serviceAccountId", void 0);
+Subject = __decorate([
+    Table('subject', { schema: 'authentication' }),
+    Check('authentication_subject_reference_check', (table) => exclusiveNotNull(table.systemAccountId, table.userId, table.serviceAccountId))
+], Subject);
+export { Subject };

package/authentication/models/system-account.model.d.ts

@@ -0,0 +1,5 @@
+import { TenantEntity } from '../../orm/entity.js';
+export declare class SystemAccount extends TenantEntity {
+    /** Programmatic name: 'cleanup-task', 'ai-agent' */
+    identifier: string;
+}

package/authentication/models/system-account.model.js

@@ -0,0 +1,25 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { TenantEntity } from '../../orm/entity.js';
+import { Table, Unique } from '../../orm/index.js';
+import { StringProperty } from '../../schema/index.js';
+let SystemAccount = class SystemAccount extends TenantEntity {
+    /** Programmatic name: 'cleanup-task', 'ai-agent' */
+    identifier;
+};
+__decorate([
+    Unique(),
+    StringProperty(),
+    __metadata("design:type", String)
+], SystemAccount.prototype, "identifier", void 0);
+SystemAccount = __decorate([
+    Table('system_account', { schema: 'authentication' })
+], SystemAccount);
+export { SystemAccount };

package/authentication/models/user.model.d.ts

@@ -0,0 +1,15 @@
+import { type EnumType } from '../../enumeration/enumeration.js';
+import { TenantEntity } from '../../orm/entity.js';
+export declare const UserStatus: {
+    readonly Active: "active";
+    readonly Suspended: "suspended";
+    readonly PendingApproval: "pending-approval";
+    readonly Invited: "invited";
+};
+export type UserStatus = EnumType<typeof UserStatus>;
+export declare class User extends TenantEntity {
+    status: UserStatus;
+    email: string;
+    firstName: string;
+    lastName: string;
+}

package/authentication/models/user.model.js

@@ -0,0 +1,47 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { defineEnum } from '../../enumeration/enumeration.js';
+import { TenantEntity } from '../../orm/entity.js';
+import { Table, Unique } from '../../orm/index.js';
+import { Enumeration, StringProperty } from '../../schema/index.js';
+import { mailPattern } from '../../utils/patterns.js';
+export const UserStatus = defineEnum('UserStatus', {
+    Active: 'active',
+    Suspended: 'suspended',
+    PendingApproval: 'pending-approval',
+    Invited: 'invited',
+});
+let User = class User extends TenantEntity {
+    status;
+    email;
+    firstName;
+    lastName;
+};
+__decorate([
+    Enumeration(UserStatus),
+    __metadata("design:type", String)
+], User.prototype, "status", void 0);
+__decorate([
+    StringProperty({ pattern: mailPattern }),
+    __metadata("design:type", String)
+], User.prototype, "email", void 0);
+__decorate([
+    StringProperty(),
+    __metadata("design:type", String)
+], User.prototype, "firstName", void 0);
+__decorate([
+    StringProperty(),
+    __metadata("design:type", String)
+], User.prototype, "lastName", void 0);
+User = __decorate([
+    Table('user', { schema: 'authentication' }),
+    Unique(['tenantId', 'email'])
+], User);
+export { User };

package/authentication/server/drizzle/0000_violet_callisto.sql

@@ -0,0 +1,99 @@
+CREATE TYPE "authentication"."subject_type" AS ENUM('system', 'user', 'service-account');--> statement-breakpoint
+CREATE TYPE "authentication"."user_status" AS ENUM('active', 'suspended', 'pending-approval', 'invited');--> statement-breakpoint
+CREATE TABLE "authentication"."credentials" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"subject" uuid NOT NULL,
+	"hash_version" integer NOT NULL,
+	"salt" "bytea" NOT NULL,
+	"hash" "bytea" NOT NULL,
+	"revision" integer NOT NULL,
+	"revision_timestamp" timestamp with time zone NOT NULL,
+	"create_timestamp" timestamp with time zone NOT NULL,
+	"delete_timestamp" timestamp with time zone,
+	"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
+	CONSTRAINT "credentials_subject_unique" UNIQUE("subject")
+);
+--> statement-breakpoint
+CREATE TABLE "authentication"."session" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"subject" uuid NOT NULL,
+	"begin" timestamp with time zone NOT NULL,
+	"end" timestamp with time zone NOT NULL,
+	"refresh_token_hash_version" integer NOT NULL,
+	"refresh_token_salt" "bytea" NOT NULL,
+	"refresh_token_hash" "bytea" NOT NULL,
+	"revision" integer NOT NULL,
+	"revision_timestamp" timestamp with time zone NOT NULL,
+	"create_timestamp" timestamp with time zone NOT NULL,
+	"delete_timestamp" timestamp with time zone,
+	"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE "authentication"."service_account" (
+	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"tenant_id" uuid NOT NULL,
+	"description" text NOT NULL,
+	"parent" uuid,
+	"revision" integer NOT NULL,
+	"revision_timestamp" timestamp with time zone NOT NULL,
+	"create_timestamp" timestamp with time zone NOT NULL,
+	"delete_timestamp" timestamp with time zone,
+	"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
+	CONSTRAINT "service_account_tenant_id_id_pk" PRIMARY KEY("tenant_id","id")
+);
+--> statement-breakpoint
+CREATE TABLE "authentication"."subject" (
+	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"tenant_id" uuid NOT NULL,
+	"type" "authentication"."subject_type" NOT NULL,
+	"display_name" text NOT NULL,
+	"system_account_id" uuid,
+	"user_id" uuid,
+	"service_account_id" uuid,
+	"revision" integer NOT NULL,
+	"revision_timestamp" timestamp with time zone NOT NULL,
+	"create_timestamp" timestamp with time zone NOT NULL,
+	"delete_timestamp" timestamp with time zone,
+	"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
+	CONSTRAINT "subject_tenant_id_id_pk" PRIMARY KEY("tenant_id","id"),
+	CONSTRAINT "subject_system_account_id_unique" UNIQUE("system_account_id"),
+	CONSTRAINT "subject_user_id_unique" UNIQUE("user_id"),
+	CONSTRAINT "subject_service_account_id_unique" UNIQUE("service_account_id"),
+	CONSTRAINT "authentication_subject_reference_check" CHECK (num_nonnulls("authentication"."subject"."system_account_id", "authentication"."subject"."user_id", "authentication"."subject"."service_account_id") = 1)
+);
+--> statement-breakpoint
+CREATE TABLE "authentication"."system_account" (
+	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"tenant_id" uuid NOT NULL,
+	"identifier" text NOT NULL,
+	"revision" integer NOT NULL,
+	"revision_timestamp" timestamp with time zone NOT NULL,
+	"create_timestamp" timestamp with time zone NOT NULL,
+	"delete_timestamp" timestamp with time zone,
+	"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
+	CONSTRAINT "system_account_tenant_id_id_pk" PRIMARY KEY("tenant_id","id"),
+	CONSTRAINT "system_account_identifier_unique" UNIQUE("identifier")
+);
+--> statement-breakpoint
+CREATE TABLE "authentication"."user" (
+	"id" uuid DEFAULT gen_random_uuid() NOT NULL,
+	"tenant_id" uuid NOT NULL,
+	"status" "authentication"."user_status" NOT NULL,
+	"email" text NOT NULL,
+	"first_name" text NOT NULL,
+	"last_name" text NOT NULL,
+	"revision" integer NOT NULL,
+	"revision_timestamp" timestamp with time zone NOT NULL,
+	"create_timestamp" timestamp with time zone NOT NULL,
+	"delete_timestamp" timestamp with time zone,
+	"attributes" jsonb DEFAULT '{}'::jsonb NOT NULL,
+	CONSTRAINT "user_tenant_id_id_pk" PRIMARY KEY("tenant_id","id"),
+	CONSTRAINT "user_tenant_id_email_unique" UNIQUE("tenant_id","email")
+);
+--> statement-breakpoint
+ALTER TABLE "authentication"."credentials" ADD CONSTRAINT "credentials_subject_subject_id_fk" FOREIGN KEY ("subject") REFERENCES "authentication"."subject"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "authentication"."session" ADD CONSTRAINT "session_subject_subject_id_fk" FOREIGN KEY ("subject") REFERENCES "authentication"."subject"("id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "authentication"."service_account" ADD CONSTRAINT "service_account_id_subject_fkey" FOREIGN KEY ("tenant_id","parent") REFERENCES "authentication"."subject"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "authentication"."subject" ADD CONSTRAINT "subject_id_system_account_fkey" FOREIGN KEY ("tenant_id","system_account_id") REFERENCES "authentication"."system_account"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "authentication"."subject" ADD CONSTRAINT "subject_id_user_fkey" FOREIGN KEY ("tenant_id","user_id") REFERENCES "authentication"."user"("tenant_id","id") ON DELETE no action ON UPDATE no action;--> statement-breakpoint
+ALTER TABLE "authentication"."subject" ADD CONSTRAINT "subject_id_service_account_fkey" FOREIGN KEY ("tenant_id","service_account_id") REFERENCES "authentication"."service_account"("tenant_id","id") ON DELETE no action ON UPDATE no action;