@tstdl/base 0.93.87 → 0.93.90

package/authentication/server/drizzle/meta/0000_snapshot.json

@@ -1,5 +1,5 @@
 {
-  "id": "685f89da-0f2a-4523-9cbc-c9daea5f70c2",
+  "id": "f52c7376-609d-4fca-a0c2-ee14442d3399",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "version": "7",
   "dialect": "postgresql",
@@ -254,52 +254,52 @@
           "primaryKey": false,
           "notNull": true
         },
-        "description": {
-          "name": "description",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true
-        },
-        "parent": {
-          "name": "parent",
-          "type": "uuid",
-          "primaryKey": false,
-          "notNull": false
-        },
-        "revision": {
-          "name": "revision",
-          "type": "integer",
+        "type": {
+          "name": "type",
+          "type": "subject_type",
+          "typeSchema": "authentication",
           "primaryKey": false,
           "notNull": true
         },
-        "revision_timestamp": {
-          "name": "revision_timestamp",
-          "type": "timestamp with time zone",
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
           "primaryKey": false,
           "notNull": true
         },
-        "create_timestamp": {
-          "name": "create_timestamp",
-          "type": "timestamp with time zone",
+        "description": {
+          "name": "description",
+          "type": "text",
           "primaryKey": false,
           "notNull": true
         },
-        "delete_timestamp": {
-          "name": "delete_timestamp",
-          "type": "timestamp with time zone",
+        "parent": {
+          "name": "parent",
+          "type": "uuid",
           "primaryKey": false,
           "notNull": false
-        },
-        "attributes": {
-          "name": "attributes",
-          "type": "jsonb",
-          "primaryKey": false,
-          "notNull": true,
-          "default": "'{}'::jsonb"
         }
       },
       "indexes": {},
       "foreignKeys": {
+        "service_account_tenantId_type_id_subject_fkey": {
+          "name": "service_account_tenantId_type_id_subject_fkey",
+          "tableFrom": "service_account",
+          "tableTo": "subject",
+          "schemaTo": "authentication",
+          "columnsFrom": [
+            "tenant_id",
+            "type",
+            "id"
+          ],
+          "columnsTo": [
+            "tenant_id",
+            "type",
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
         "service_account_id_subject_fkey": {
           "name": "service_account_id_subject_fkey",
           "tableFrom": "service_account",
@@ -326,9 +326,31 @@
           ]
         }
       },
-      "uniqueConstraints": {},
+      "uniqueConstraints": {
+        "service_account_tenant_id_type_id_unique": {
+          "name": "service_account_tenant_id_type_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "tenant_id",
+            "type",
+            "id"
+          ]
+        },
+        "service_account_id_unique": {
+          "name": "service_account_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "id"
+          ]
+        }
+      },
       "policies": {},
-      "checkConstraints": {},
+      "checkConstraints": {
+        "service_account_type_check": {
+          "name": "service_account_type_check",
+          "value": "\"authentication\".\"service_account\".\"type\" = 'service-account'"
+        }
+      },
       "isRLSEnabled": false
     },
     "authentication.subject": {
@@ -355,27 +377,16 @@
           "primaryKey": false,
           "notNull": true
         },
-        "display_name": {
-          "name": "display_name",
-          "type": "text",
+        "status": {
+          "name": "status",
+          "type": "subject_status",
+          "typeSchema": "authentication",
           "primaryKey": false,
           "notNull": true
         },
-        "system_account_id": {
-          "name": "system_account_id",
-          "type": "uuid",
-          "primaryKey": false,
-          "notNull": false
-        },
-        "user_id": {
-          "name": "user_id",
-          "type": "uuid",
-          "primaryKey": false,
-          "notNull": false
-        },
-        "service_account_id": {
-          "name": "service_account_id",
-          "type": "uuid",
+        "last_activity_timestamp": {
+          "name": "last_activity_timestamp",
+          "type": "timestamp with time zone",
           "primaryKey": false,
           "notNull": false
         },
@@ -412,56 +423,7 @@
         }
       },
       "indexes": {},
-      "foreignKeys": {
-        "subject_id_system_account_fkey": {
-          "name": "subject_id_system_account_fkey",
-          "tableFrom": "subject",
-          "tableTo": "system_account",
-          "schemaTo": "authentication",
-          "columnsFrom": [
-            "tenant_id",
-            "system_account_id"
-          ],
-          "columnsTo": [
-            "tenant_id",
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "subject_id_user_fkey": {
-          "name": "subject_id_user_fkey",
-          "tableFrom": "subject",
-          "tableTo": "user",
-          "schemaTo": "authentication",
-          "columnsFrom": [
-            "tenant_id",
-            "user_id"
-          ],
-          "columnsTo": [
-            "tenant_id",
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "subject_id_service_account_fkey": {
-          "name": "subject_id_service_account_fkey",
-          "tableFrom": "subject",
-          "tableTo": "service_account",
-          "schemaTo": "authentication",
-          "columnsFrom": [
-            "tenant_id",
-            "service_account_id"
-          ],
-          "columnsTo": [
-            "tenant_id",
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
+      "foreignKeys": {},
       "compositePrimaryKeys": {
         "subject_tenant_id_id_pk": {
           "name": "subject_tenant_id_id_pk",
@@ -472,28 +434,13 @@
         }
       },
       "uniqueConstraints": {
-        "subject_tenant_id_service_account_id_unique": {
-          "name": "subject_tenant_id_service_account_id_unique",
-          "nullsNotDistinct": false,
-          "columns": [
-            "tenant_id",
-            "service_account_id"
-          ]
-        },
-        "subject_tenant_id_user_id_unique": {
-          "name": "subject_tenant_id_user_id_unique",
+        "subject_tenant_id_type_id_unique": {
+          "name": "subject_tenant_id_type_id_unique",
           "nullsNotDistinct": false,
           "columns": [
             "tenant_id",
-            "user_id"
-          ]
-        },
-        "subject_tenant_id_system_account_id_unique": {
-          "name": "subject_tenant_id_system_account_id_unique",
-          "nullsNotDistinct": false,
-          "columns": [
-            "tenant_id",
-            "system_account_id"
+            "type",
+            "id"
           ]
         },
         "subject_id_unique": {
@@ -505,12 +452,7 @@
         }
       },
       "policies": {},
-      "checkConstraints": {
-        "authentication_subject_reference_check": {
-          "name": "authentication_subject_reference_check",
-          "value": "num_nonnulls(\"authentication\".\"subject\".\"system_account_id\", \"authentication\".\"subject\".\"user_id\", \"authentication\".\"subject\".\"service_account_id\") = 1"
-        }
-      },
+      "checkConstraints": {},
       "isRLSEnabled": false
     },
     "authentication.system_account": {
@@ -530,46 +472,47 @@
           "primaryKey": false,
           "notNull": true
         },
-        "identifier": {
-          "name": "identifier",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true
-        },
-        "revision": {
-          "name": "revision",
-          "type": "integer",
+        "type": {
+          "name": "type",
+          "type": "subject_type",
+          "typeSchema": "authentication",
           "primaryKey": false,
           "notNull": true
         },
-        "revision_timestamp": {
-          "name": "revision_timestamp",
-          "type": "timestamp with time zone",
+        "identifier": {
+          "name": "identifier",
+          "type": "text",
           "primaryKey": false,
           "notNull": true
         },
-        "create_timestamp": {
-          "name": "create_timestamp",
-          "type": "timestamp with time zone",
+        "display_name": {
+          "name": "display_name",
+          "type": "text",
           "primaryKey": false,
           "notNull": true
-        },
-        "delete_timestamp": {
-          "name": "delete_timestamp",
-          "type": "timestamp with time zone",
-          "primaryKey": false,
-          "notNull": false
-        },
-        "attributes": {
-          "name": "attributes",
-          "type": "jsonb",
-          "primaryKey": false,
-          "notNull": true,
-          "default": "'{}'::jsonb"
         }
       },
       "indexes": {},
-      "foreignKeys": {},
+      "foreignKeys": {
+        "system_account_tenantId_type_id_subject_fkey": {
+          "name": "system_account_tenantId_type_id_subject_fkey",
+          "tableFrom": "system_account",
+          "tableTo": "subject",
+          "schemaTo": "authentication",
+          "columnsFrom": [
+            "tenant_id",
+            "type",
+            "id"
+          ],
+          "columnsTo": [
+            "tenant_id",
+            "type",
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
       "compositePrimaryKeys": {
         "system_account_tenant_id_id_pk": {
           "name": "system_account_tenant_id_id_pk",
@@ -580,16 +523,38 @@
         }
       },
       "uniqueConstraints": {
-        "system_account_identifier_unique": {
-          "name": "system_account_identifier_unique",
+        "system_account_tenant_id_type_id_unique": {
+          "name": "system_account_tenant_id_type_id_unique",
           "nullsNotDistinct": false,
           "columns": [
+            "tenant_id",
+            "type",
+            "id"
+          ]
+        },
+        "system_account_tenant_id_identifier_unique": {
+          "name": "system_account_tenant_id_identifier_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "tenant_id",
             "identifier"
           ]
+        },
+        "system_account_id_unique": {
+          "name": "system_account_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "id"
+          ]
         }
       },
       "policies": {},
-      "checkConstraints": {},
+      "checkConstraints": {
+        "system_account_type_check": {
+          "name": "system_account_type_check",
+          "value": "\"authentication\".\"system_account\".\"type\" = 'system'"
+        }
+      },
       "isRLSEnabled": false
     },
     "authentication.user": {
@@ -609,9 +574,9 @@
           "primaryKey": false,
           "notNull": true
         },
-        "status": {
-          "name": "status",
-          "type": "user_status",
+        "type": {
+          "name": "type",
+          "type": "subject_type",
           "typeSchema": "authentication",
           "primaryKey": false,
           "notNull": true
@@ -633,41 +598,29 @@
           "type": "text",
           "primaryKey": false,
           "notNull": true
-        },
-        "revision": {
-          "name": "revision",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": true
-        },
-        "revision_timestamp": {
-          "name": "revision_timestamp",
-          "type": "timestamp with time zone",
-          "primaryKey": false,
-          "notNull": true
-        },
-        "create_timestamp": {
-          "name": "create_timestamp",
-          "type": "timestamp with time zone",
-          "primaryKey": false,
-          "notNull": true
-        },
-        "delete_timestamp": {
-          "name": "delete_timestamp",
-          "type": "timestamp with time zone",
-          "primaryKey": false,
-          "notNull": false
-        },
-        "attributes": {
-          "name": "attributes",
-          "type": "jsonb",
-          "primaryKey": false,
-          "notNull": true,
-          "default": "'{}'::jsonb"
         }
       },
       "indexes": {},
-      "foreignKeys": {},
+      "foreignKeys": {
+        "user_tenantId_type_id_subject_fkey": {
+          "name": "user_tenantId_type_id_subject_fkey",
+          "tableFrom": "user",
+          "tableTo": "subject",
+          "schemaTo": "authentication",
+          "columnsFrom": [
+            "tenant_id",
+            "type",
+            "id"
+          ],
+          "columnsTo": [
+            "tenant_id",
+            "type",
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
       "compositePrimaryKeys": {
         "user_tenant_id_id_pk": {
           "name": "user_tenant_id_id_pk",
@@ -678,6 +631,15 @@
         }
       },
       "uniqueConstraints": {
+        "user_tenant_id_type_id_unique": {
+          "name": "user_tenant_id_type_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "tenant_id",
+            "type",
+            "id"
+          ]
+        },
         "user_tenant_id_email_unique": {
           "name": "user_tenant_id_email_unique",
           "nullsNotDistinct": false,
@@ -685,14 +647,37 @@
             "tenant_id",
             "email"
           ]
+        },
+        "user_id_unique": {
+          "name": "user_id_unique",
+          "nullsNotDistinct": false,
+          "columns": [
+            "id"
+          ]
         }
       },
       "policies": {},
-      "checkConstraints": {},
+      "checkConstraints": {
+        "user_type_check": {
+          "name": "user_type_check",
+          "value": "\"authentication\".\"user\".\"type\" = 'user'"
+        }
+      },
       "isRLSEnabled": false
     }
   },
   "enums": {
+    "authentication.subject_status": {
+      "name": "subject_status",
+      "schema": "authentication",
+      "values": [
+        "active",
+        "inactive",
+        "suspended",
+        "pending-approval",
+        "invited"
+      ]
+    },
     "authentication.subject_type": {
       "name": "subject_type",
       "schema": "authentication",
@@ -701,16 +686,6 @@
         "user",
         "service-account"
       ]
-    },
-    "authentication.user_status": {
-      "name": "user_status",
-      "schema": "authentication",
-      "values": [
-        "active",
-        "suspended",
-        "pending-approval",
-        "invited"
-      ]
     }
   },
   "schemas": {},

package/authentication/server/drizzle/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "7",
-      "when": 1767839299143,
-      "tag": "0000_normal_paper_doll",
+      "when": 1768668305913,
+      "tag": "0000_soft_tag",
       "breakpoints": true
     }
   ]

package/authentication/server/helper.js

@@ -11,8 +11,15 @@ import { isArray, isDefined, isUndefined } from '../../utils/type-guards.js';
  * @returns The token string or undefined if not found.
  */
 export function tryGetAuthorizationTokenStringFromRequest(request, cookieName = 'authorization', fromCookieOnly = false) {
-    const authorizationHeaders = (fromCookieOnly || (cookieName.toLocaleLowerCase() != 'authorization')) ? undefined : request.headers.tryGet('Authorization');
-    const authorizationString = (isArray(authorizationHeaders) ? authorizationHeaders[0] : authorizationHeaders)
+    const headerName = (cookieName.toLocaleLowerCase() == 'authorization')
+        ? 'Authorization'
+        : (cookieName.toLocaleLowerCase() == 'refreshtoken')
+            ? 'X-Refresh-Token'
+            : (cookieName.toLocaleLowerCase() == 'impersonatorrefreshtoken')
+                ? 'X-Impersonator-Refresh-Token'
+                : undefined;
+    const headerValue = (fromCookieOnly || isUndefined(headerName)) ? undefined : request.headers.tryGet(headerName);
+    const authorizationString = (isArray(headerValue) ? headerValue[0] : headerValue)
         ?? request.cookies.tryGet(cookieName);
     if (isDefined(authorizationString)) {
         const authorizationSchemeEnd = authorizationString.indexOf(' ');

package/authentication/server/module.d.ts

@@ -1,3 +1,4 @@
+import { Injector } from '../../injector/injector.js';
 import type { Provider } from '../../injector/provider.js';
 import type { InjectionToken } from '../../injector/token.js';
 import { type DatabaseConfig } from '../../orm/server/index.js';
@@ -29,7 +30,9 @@ export declare class AuthenticationModuleConfig {
  * Configures authentication server services.
  * @param config Configuration.
  */
-export declare function configureAuthenticationServer(config: AuthenticationModuleConfig): void;
+export declare function configureAuthenticationServer({ injector, ...config }: AuthenticationModuleConfig & {
+    injector?: Injector;
+}): void;
 /**
  * Migrates the authentication schema.
  */

package/authentication/server/module.js

@@ -1,9 +1,11 @@
+import { ApiRequestTokenProvider } from '../../api/server/api-request-token.provider.js';
 import { inject } from '../../injector/index.js';
 import { Injector } from '../../injector/injector.js';
 import { isProvider } from '../../injector/provider.js';
 import { Database, migrate } from '../../orm/server/index.js';
 import { isDefined } from '../../utils/type-guards.js';
 import { AuthenticationAncillaryService } from './authentication-ancillary.service.js';
+import { AuthenticationApiRequestTokenProvider } from './authentication-api-request-token.provider.js';
 import { AuthenticationService, AuthenticationServiceOptions } from './authentication.service.js';
 /**
  * Configuration for {@link configureAuthenticationServer}.
@@ -31,14 +33,16 @@ export class AuthenticationModuleConfig {
  * Configures authentication server services.
  * @param config Configuration.
  */
-export function configureAuthenticationServer(config) {
-    Injector.register(AuthenticationModuleConfig, { useValue: config });
-    Injector.register(AuthenticationServiceOptions, isProvider(config.serviceOptions) ? config.serviceOptions : { useValue: config.serviceOptions });
+export function configureAuthenticationServer({ injector, ...config }) {
+    const targetInjector = injector ?? Injector;
+    targetInjector.register(AuthenticationModuleConfig, { useValue: config });
+    targetInjector.register(AuthenticationServiceOptions, isProvider(config.serviceOptions) ? config.serviceOptions : { useValue: config.serviceOptions });
+    targetInjector.register(ApiRequestTokenProvider, { useToken: AuthenticationApiRequestTokenProvider });
     if (isDefined(config.authenticationService)) {
-        Injector.registerSingleton(AuthenticationService, { useToken: config.authenticationService });
+        targetInjector.registerSingleton(AuthenticationService, { useToken: config.authenticationService });
     }
     if (isDefined(config.authenticationAncillaryService)) {
-        Injector.registerSingleton(AuthenticationAncillaryService, { useToken: config.authenticationAncillaryService });
+        targetInjector.registerSingleton(AuthenticationAncillaryService, { useToken: config.authenticationAncillaryService });
     }
 }
 /**

package/authentication/server/schemas.d.ts

@@ -5,8 +5,9 @@ export declare const subjectType: import("../../orm/enums.js").PgEnumFromEnumera
     readonly User: "user";
     readonly ServiceAccount: "service-account";
 }>;
-export declare const userStatus: import("../../orm/enums.js").PgEnumFromEnumeration<{
+export declare const subjectStatus: import("../../orm/enums.js").PgEnumFromEnumeration<{
     readonly Active: "active";
+    readonly Inactive: "inactive";
     readonly Suspended: "suspended";
     readonly PendingApproval: "pending-approval";
     readonly Invited: "invited";

package/authentication/server/schemas.js

@@ -1,8 +1,8 @@
 import { databaseSchema } from '../../orm/server/index.js';
-import { AuthenticationCredentials, AuthenticationSession, ServiceAccount, Subject, SubjectType, SystemAccount, User, UserStatus } from '../models/index.js';
+import { AuthenticationCredentials, AuthenticationSession, ServiceAccount, Subject, SubjectStatus, SubjectType, SystemAccount, User } from '../models/index.js';
 export const authenticationSchema = databaseSchema('authentication');
 export const subjectType = authenticationSchema.getEnum(SubjectType);
-export const userStatus = authenticationSchema.getEnum(UserStatus);
+export const subjectStatus = authenticationSchema.getEnum(SubjectStatus);
 export const authenticationCredentials = authenticationSchema.getTable(AuthenticationCredentials);
 export const authenticationSession = authenticationSchema.getTable(AuthenticationSession);
 export const serviceAccount = authenticationSchema.getTable(ServiceAccount);

package/authentication/server/subject.service.d.ts

@@ -1,22 +1,28 @@
-import { ServiceAccount, Subject, User } from '../models/index.js';
-export type CreateUser = Pick<User, 'tenantId' | 'email' | 'firstName' | 'lastName'> & Partial<Pick<User, 'status'>>;
-export type CreateServiceAccount = Pick<ServiceAccount, 'tenantId' | 'description' | 'parent'>;
+import type { LoadOptions } from '../../orm/repository.types.js';
+import { ServiceAccount, Subject, SystemAccount, User } from '../models/index.js';
+export type CreateUserData = Pick<User, 'tenantId' | 'email' | 'firstName' | 'lastName'> & Partial<Pick<User, 'status'>>;
+export type CreateServiceAccountData = Pick<ServiceAccount, 'tenantId' | 'displayName' | 'description' | 'parent'> & Partial<Pick<ServiceAccount, 'status'>>;
 export declare class SubjectService {
     #private;
-    getSubject(id: string): Promise<Subject>;
-    tryGetSubject(id: string): Promise<Subject | undefined>;
-    getSystemAccountSubject(tenantId: string, identifier: string): Promise<Subject>;
-    createUser(data: CreateUser): Promise<User>;
+    getSubject(id: string, options?: LoadOptions<Subject>): Promise<Subject>;
+    tryGetSubject(id: string, options?: LoadOptions<Subject>): Promise<Subject | undefined>;
+    getSystemAccount(tenantId: string, identifier: string): Promise<SystemAccount>;
+    createUser(data: CreateUserData): Promise<User>;
     updateUser(tenantId: string, userId: string, data: Partial<Pick<User, 'firstName' | 'lastName' | 'status'>>): Promise<void>;
     updateUserEmail(tenantId: string, userId: string, email: string): Promise<void>;
-    getUserSubject(tenantId: string, userId: string): Promise<Subject>;
+    getUser(tenantId: string, userId: string): Promise<User>;
     getUserByEmail(tenantId: string, email: string): Promise<User>;
     tryGetUserByEmail(tenantId: string, email: string): Promise<User | undefined>;
     hasUserByEmail(tenantId: string, email: string): Promise<boolean>;
     getUserBySubject(subject: Subject): Promise<User>;
     loadManyUsersByEmails(tenantId: string, emails: string[]): Promise<User[]>;
-    createServiceAccount(data: CreateServiceAccount): Promise<ServiceAccount>;
-    updateServiceAccount(tenantId: string, serviceAccountId: string, data: Partial<Pick<ServiceAccount, 'description'>> & Partial<Pick<Subject, 'displayName'>>): Promise<void>;
-    getServiceAccountSubject(tenantId: string, serviceAccountId: string): Promise<Subject>;
+    createServiceAccount(data: CreateServiceAccountData): Promise<ServiceAccount>;
+    updateServiceAccount(tenantId: string, serviceAccountId: string, data: Partial<Pick<ServiceAccount, 'description' | 'displayName' | 'status'>>): Promise<void>;
+    getServiceAccount(tenantId: string, serviceAccountId: string): Promise<ServiceAccount>;
     getServiceAccountBySubject(subject: Subject): Promise<ServiceAccount>;
+    exists(tenantId: string, id: string): Promise<boolean>;
+    deleteUser(tenantId: string, userId: string): Promise<void>;
+    deleteServiceAccount(tenantId: string, serviceAccountId: string): Promise<void>;
+    listUsers(tenantId: string): Promise<User[]>;
+    listServiceAccounts(tenantId: string): Promise<ServiceAccount[]>;
 }