@unifiedcommerce/core 0.2.5 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/middleware.d.ts.map +1 -1
- package/dist/auth/middleware.js +28 -23
- package/dist/auth/setup.d.ts.map +1 -1
- package/dist/auth/setup.js +19 -1
- package/dist/config/types.d.ts +28 -4
- package/dist/config/types.d.ts.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/interfaces/mcp/tools/catalog.d.ts +1 -1
- package/dist/interfaces/mcp/tools/promotions.d.ts +1 -1
- package/dist/runtime/server.d.ts.map +1 -1
- package/dist/runtime/server.js +8 -6
- package/dist/test-utils/create-test-config.d.ts.map +1 -1
- package/dist/test-utils/create-test-config.js +0 -2
- package/package.json +1 -1
- package/src/auth/middleware.ts +34 -26
- package/src/auth/setup.ts +18 -1
- package/src/config/types.ts +29 -4
- package/src/index.ts +1 -0
- package/src/runtime/server.ts +9 -7
- package/src/test-utils/create-test-config.ts +0 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,KAAK,EAAmB,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA0B/C,wBAAgB,cAAc,CAC5B,IAAI,EAAE,YAAY,EAClB,MAAM,EAAE,cAAc,GACrB,iBAAiB,CAwInB"}
|
package/dist/auth/middleware.js
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { timingSafeEqual } from "node:crypto";
|
|
2
1
|
import { DEFAULT_ORG_ID } from "./org.js";
|
|
3
2
|
function resolvePermissions(session, config) {
|
|
4
3
|
const role = session.session.activeOrganizationRole;
|
|
@@ -23,10 +22,34 @@ export function authMiddleware(auth, config) {
|
|
|
23
22
|
headers: c.req.raw.headers,
|
|
24
23
|
}));
|
|
25
24
|
if (session) {
|
|
26
|
-
// Better Auth's session
|
|
27
|
-
//
|
|
25
|
+
// Better Auth's session stores activeOrganizationId, but often not the role.
|
|
26
|
+
// For single-store apps (org_default), users may never call set-active,
|
|
27
|
+
// so activeOrganizationId can be null even for valid org members.
|
|
28
28
|
let role = session.session.activeOrganizationRole;
|
|
29
|
-
|
|
29
|
+
let orgId = session.session.activeOrganizationId;
|
|
30
|
+
// If no active org, try to resolve the user's membership in org_default.
|
|
31
|
+
// This handles the common case where the user is a member but hasn't
|
|
32
|
+
// called organization/set-active (single-store apps, seed scripts, tests).
|
|
33
|
+
const getFullOrg = auth.api.getFullOrganization;
|
|
34
|
+
if (!role && getFullOrg) {
|
|
35
|
+
try {
|
|
36
|
+
const org = await getFullOrg({
|
|
37
|
+
query: { organizationId: orgId ?? DEFAULT_ORG_ID },
|
|
38
|
+
});
|
|
39
|
+
if (org?.members) {
|
|
40
|
+
const membership = org.members.find((m) => m.userId === session.user.id);
|
|
41
|
+
if (membership) {
|
|
42
|
+
role = membership.role;
|
|
43
|
+
orgId = orgId ?? DEFAULT_ORG_ID;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
catch {
|
|
48
|
+
// fall through — treat as customer
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
// Also try getActiveMemberRole if active org is set
|
|
52
|
+
if (!role && orgId && auth.api.getActiveMemberRole) {
|
|
30
53
|
try {
|
|
31
54
|
const roleResult = await auth.api.getActiveMemberRole({
|
|
32
55
|
headers: c.req.raw.headers,
|
|
@@ -47,7 +70,7 @@ export function authMiddleware(auth, config) {
|
|
|
47
70
|
email: session.user.email ?? null,
|
|
48
71
|
name: session.user.name ?? "User",
|
|
49
72
|
vendorId: session.user.vendorId ?? null,
|
|
50
|
-
organizationId:
|
|
73
|
+
organizationId: orgId ?? DEFAULT_ORG_ID,
|
|
51
74
|
role: role ?? "customer",
|
|
52
75
|
permissions: resolvePermissions(enrichedSession, config),
|
|
53
76
|
});
|
|
@@ -110,24 +133,6 @@ export function authMiddleware(auth, config) {
|
|
|
110
133
|
// invalid, expired, or rate-limited key — fall through
|
|
111
134
|
}
|
|
112
135
|
}
|
|
113
|
-
// Config-driven dev key (OFF by default, must be explicitly enabled)
|
|
114
|
-
if (!c.get("actor") &&
|
|
115
|
-
apiKeyHeader &&
|
|
116
|
-
config.auth?.enableDevKey &&
|
|
117
|
-
config.auth.devKey &&
|
|
118
|
-
apiKeyHeader.length === config.auth.devKey.length &&
|
|
119
|
-
timingSafeEqual(Buffer.from(apiKeyHeader), Buffer.from(config.auth.devKey))) {
|
|
120
|
-
c.set("actor", {
|
|
121
|
-
type: "api_key",
|
|
122
|
-
userId: "dev-staff",
|
|
123
|
-
email: "dev@local",
|
|
124
|
-
name: "Dev Admin (dev key)",
|
|
125
|
-
vendorId: null,
|
|
126
|
-
organizationId: DEFAULT_ORG_ID,
|
|
127
|
-
role: "owner",
|
|
128
|
-
permissions: ["*:*"],
|
|
129
|
-
});
|
|
130
|
-
}
|
|
131
136
|
if (!c.get("actor")) {
|
|
132
137
|
c.set("actor", null);
|
|
133
138
|
}
|
package/dist/auth/setup.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/auth/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAgCrE,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,EAAE;QACH,UAAU,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;QACxE,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;aAAE,CAAC;SAC/D,KAAK,OAAO,CAAC;YACZ,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,GAAG,IAAI,CAAC;YAChD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;SACrC,CAAC,CAAC;QACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBACJ,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACvC,MAAM,CAAC,EAAE,MAAM,CAAC;aACjB,CAAC;YACF,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,KAAK,OAAO,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC3C,qEAAqE;QACrE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B;AAED,wBAAgB,UAAU,CACxB,EAAE,EAAE,eAAe,EACnB,MAAM,EAAE,cAAc,GACrB,YAAY,
|
|
1
|
+
{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/auth/setup.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAgCrE,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,EAAE;QACH,UAAU,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QAC1D,mBAAmB,CAAC,EAAE,CAAC,KAAK,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;QACxE,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAC;gBAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;aAAE,CAAC;SAC/D,KAAK,OAAO,CAAC;YACZ,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,GAAG,IAAI,CAAC;YAChD,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;SACrC,CAAC,CAAC;QACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE;YACrB,IAAI,EAAE;gBACJ,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;gBACvC,MAAM,CAAC,EAAE,MAAM,CAAC;aACjB,CAAC;YACF,OAAO,CAAC,EAAE,OAAO,CAAC;SACnB,KAAK,OAAO,CAAC;YAAE,GAAG,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAC3C,qEAAqE;QACrE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;KACxB,CAAC;IACF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;CAC7B;AAED,wBAAgB,UAAU,CACxB,EAAE,EAAE,eAAe,EACnB,MAAM,EAAE,cAAc,GACrB,YAAY,CAuHd"}
|
package/dist/auth/setup.js
CHANGED
|
@@ -30,7 +30,25 @@ export function createAuth(db, config) {
|
|
|
30
30
|
if (config.auth?.twoFactor?.enabled) {
|
|
31
31
|
plugins.push(twoFactor({ issuer: config.storeName ?? "UnifiedCommerce" }));
|
|
32
32
|
}
|
|
33
|
-
|
|
33
|
+
// Configure API key plugin — one config per defined scope, or a single default config.
|
|
34
|
+
const scopes = config.auth?.apiKeyScopes;
|
|
35
|
+
if (scopes && Object.keys(scopes).length > 0) {
|
|
36
|
+
const apiKeyConfigs = Object.entries(scopes).map(([scopeId, scope]) => ({
|
|
37
|
+
configId: scopeId,
|
|
38
|
+
defaultPrefix: scope.prefix,
|
|
39
|
+
...(scope.rateLimit
|
|
40
|
+
? {
|
|
41
|
+
rateLimit: {
|
|
42
|
+
enabled: true,
|
|
43
|
+
maxRequests: scope.rateLimit.maxRequests,
|
|
44
|
+
timeWindow: scope.rateLimit.timeWindow,
|
|
45
|
+
},
|
|
46
|
+
}
|
|
47
|
+
: {}),
|
|
48
|
+
}));
|
|
49
|
+
plugins.push(apiKey(apiKeyConfigs));
|
|
50
|
+
}
|
|
51
|
+
else if (config.auth?.apiKeys?.enabled) {
|
|
34
52
|
plugins.push(apiKey());
|
|
35
53
|
}
|
|
36
54
|
if (config.auth?.phoneAuth) {
|
package/dist/config/types.d.ts
CHANGED
|
@@ -42,6 +42,27 @@ export interface EntityConfig {
|
|
|
42
42
|
fulfillment: string;
|
|
43
43
|
hooks?: EntityHooks;
|
|
44
44
|
}
|
|
45
|
+
/**
|
|
46
|
+
* A predefined API key scope — a named set of permissions, prefix, and rate limit.
|
|
47
|
+
* Used with `bunx @unifiedcommerce/cli api-key create --scope <name>`.
|
|
48
|
+
*
|
|
49
|
+
* Permissions use Better Auth's native format: Record<string, string[]>
|
|
50
|
+
* where keys are resource types and values are arrays of allowed actions.
|
|
51
|
+
*/
|
|
52
|
+
export interface ApiKeyScopeDefinition {
|
|
53
|
+
/** Prefix for generated keys (e.g., "uc_pub_", "uc_adm_"). */
|
|
54
|
+
prefix: string;
|
|
55
|
+
/** Human description shown in CLI output. */
|
|
56
|
+
description: string;
|
|
57
|
+
/** Permissions in Better Auth format: { catalog: ["read"], orders: ["create", "read"] } */
|
|
58
|
+
permissions: Record<string, string[]>;
|
|
59
|
+
/** Rate limiting for keys created with this scope. */
|
|
60
|
+
rateLimit?: {
|
|
61
|
+
maxRequests: number;
|
|
62
|
+
/** Time window in milliseconds. */
|
|
63
|
+
timeWindow: number;
|
|
64
|
+
};
|
|
65
|
+
}
|
|
45
66
|
export interface AuthConfig {
|
|
46
67
|
requireEmailVerification?: boolean;
|
|
47
68
|
sessionDuration?: number;
|
|
@@ -65,10 +86,13 @@ export interface AuthConfig {
|
|
|
65
86
|
customerPermissions?: string[];
|
|
66
87
|
/** Origins allowed for CSRF protection (Better Auth `trustedOrigins`). */
|
|
67
88
|
trustedOrigins?: string[];
|
|
68
|
-
/**
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
89
|
+
/**
|
|
90
|
+
* Predefined API key scopes. Each scope defines a named permission set
|
|
91
|
+
* that can be used with `bunx @unifiedcommerce/cli api-key create --scope <name>`.
|
|
92
|
+
*
|
|
93
|
+
* Better Auth's API key plugin is configured with one config per scope.
|
|
94
|
+
*/
|
|
95
|
+
apiKeyScopes?: Record<string, ApiKeyScopeDefinition>;
|
|
72
96
|
/**
|
|
73
97
|
* Phone number OTP authentication via Better Auth's phoneNumber plugin.
|
|
74
98
|
* When configured, users can sign in/up with phone + OTP instead of email/password.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AACpD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEhG,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,SAAS,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,SAAS,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAChC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,UAAU;IACzB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7E,SAAS,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC9D,OAAO,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;QACjB,qEAAqE;QACrE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;IACF,MAAM,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACvC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,0EAA0E;IAC1E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/config/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,IAAI,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AACpD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACtE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAE9D,MAAM,WAAW,cAAc;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,MAAM,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,UAAU,GAAG,QAAQ,CAAC;AAEhG,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,UAAU,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,SAAS,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;IACjC,UAAU,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;IACnC,SAAS,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAChC,QAAQ,EAAE,mBAAmB,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,qBAAqB;IACpC,8DAA8D;IAC9D,MAAM,EAAE,MAAM,CAAC;IACf,6CAA6C;IAC7C,WAAW,EAAE,MAAM,CAAC;IACpB,2FAA2F;IAC3F,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;IACtC,sDAAsD;IACtD,SAAS,CAAC,EAAE;QACV,WAAW,EAAE,MAAM,CAAC;QACpB,mCAAmC;QACnC,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7E,SAAS,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAA;KAAE,CAAC;IAC9D,OAAO,CAAC,EAAE;QACR,OAAO,EAAE,OAAO,CAAC;QACjB,qEAAqE;QACrE,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC/B,CAAC;IACF,MAAM,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IACvC,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,0EAA0E;IAC1E,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAC1B;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;IACrD;;;;;OAKG;IACH,SAAS,CAAC,EAAE;QACV,wFAAwF;QACxF,OAAO,EAAE,CAAC,MAAM,EAAE;YAAE,WAAW,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,EAAE,GAAG,EAAE,OAAO,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/F,wFAAwF;QACxF,SAAS,CAAC,EAAE,CAAC,MAAM,EAAE;YAAE,WAAW,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,EAAE,GAAG,EAAE,OAAO,KAAK,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QACxG,8BAA8B;QAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,uDAAuD;QACvD,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,4FAA4F;QAC5F,oBAAoB,CAAC,EAAE;YACrB,YAAY,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,MAAM,CAAC;YAC9C,WAAW,CAAC,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,MAAM,CAAC;SAC/C,CAAC;KACH,CAAC;CACH;AAED,MAAM,WAAW,UAAU;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE;QACN,aAAa,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,YAAY,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACpC,gBAAgB,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,eAAe,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,oBAAoB,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7C,mBAAmB,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;KAC5C,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,KAAK,CAAC,EAAE;QACN,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;KACpC,CAAC;CACH;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,CAAC,EAAE;QACN,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACnC,kBAAkB,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3C,iBAAiB,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,QAAQ,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,YAAY,CAAC,EAAE,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;KACtC,CAAC;IACF;;;;;OAKG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,eAAe;IAC9B,KAAK,CAAC,EAAE;QACN,WAAW,CAAC,EAAE,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC;KACpC,CAAC;CACH;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,GAAG,cAAc,CAAC;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACrD,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB,kBAAkB,CAAC,EAAE;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,MAAM,CAAC,EAAE,OAAO,EAAE,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,CAAC,EAAE,aAAa,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACtC,OAAO,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;CAChD;AAED,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,OAAO,CAAC;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;CAC5E;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GAAG,CAC3B,MAAM,EAAE,cAAc,KACnB,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;AAE9C,MAAM,WAAW,cAAc;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE;QACR,QAAQ,EAAE,YAAY,CAAC;QACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACnC,CAAC;IACF,eAAe,CAAC,EAAE,eAAe,CAAC;IAClC,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IACxC,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,QAAQ,CAAC,EAAE,cAAc,EAAE,CAAC;IAC5B,OAAO,CAAC,EAAE,cAAc,CAAC;IACzB,KAAK,CAAC,EAAE;QACN,IAAI,CAAC,KAAK,EAAE;YACV,QAAQ,EAAE,MAAM,CAAC;YACjB,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;SAChC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;KACnB,CAAC;IACF,GAAG,CAAC,EAAE,SAAS,CAAC;IAChB,SAAS,CAAC,EAAE,eAAe,CAAC;IAC5B,MAAM,CAAC,EAAE,YAAY,CAAC;IACtB,GAAG,CAAC,EAAE;QACJ,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;QACxB,yDAAyD;QACzD,oBAAoB,CAAC,EAAE,MAAM,EAAE,CAAC;KACjC,CAAC;IACF,IAAI,CAAC,EAAE;QACL,OAAO,CAAC,EAAE,WAAW,CAAC;QACtB,KAAK,CAAC,EAAE,cAAc,EAAE,CAAC;QACzB,OAAO,CAAC,EAAE;YACR,OAAO,EAAE,OAAO,CAAC;YACjB,UAAU,CAAC,EAAE,MAAM,CAAC;SACrB,CAAC;KACH,CAAC;IACF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,MAAM,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IACxC,6EAA6E;IAC7E,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC/C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC;IAC/D,OAAO,CAAC,EAAE,cAAc,EAAE,CAAC;IAC3B,UAAU,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACjC,MAAM,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,OAAO,KAAK,IAAI,CAAC;IACnD,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,OAAO,EAAE,CAAC;IAC1C,yDAAyD;IACzD,QAAQ,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,OAAO,CAAC;IACnE;;;OAGG;IACH,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,+BAA+B;IAC/B,UAAU,CAAC,EAAE;QACX,yDAAyD;QACzD,GAAG,CAAC,EAAE,MAAM,CAAC;QACb,2DAA2D;QAC3D,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,oDAAoD;QACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACH;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;CAAG;AAE5D,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KAC1B,CAAC;IACF,OAAO,EAAE;QACP,oBAAoB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACrC,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KACxC,CAAC;CACH;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,cAAc,CAAC;IACvB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;CACrB"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { defineConfig } from "./config/define-config.js";
|
|
2
|
-
export type { CommerceConfig, CommercePlugin, MCPResource, MCPTool, } from "./config/types.js";
|
|
2
|
+
export type { CommerceConfig, CommercePlugin, MCPResource, MCPTool, ApiKeyScopeDefinition, } from "./config/types.js";
|
|
3
3
|
export { defineCommercePlugin } from "./kernel/plugin/manifest.js";
|
|
4
4
|
export type { CommercePluginManifest, PluginContext, PluginHookRegistration, PluginLogger, PluginPermission, PluginRouteRegistration, } from "./kernel/plugin/manifest.js";
|
|
5
5
|
export { router } from "./interfaces/rest/router.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,YAAY,EACV,cAAc,EACd,cAAc,EACd,WAAW,EACX,OAAO,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,YAAY,EACV,cAAc,EACd,cAAc,EACd,WAAW,EACX,OAAO,EACP,qBAAqB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,YAAY,EACV,sBAAsB,EACtB,aAAa,EACb,sBAAsB,EACtB,YAAY,EACZ,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,6BAA6B,CAAC;AAErC,OAAO,EAAE,MAAM,EAAE,MAAM,6BAA6B,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,KAAK,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAC9F,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,YAAY,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,YAAY,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAKlD,YAAY,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAC1E,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,EACL,QAAQ,EACR,SAAS,EACT,WAAW,EACX,OAAO,EACP,eAAe,EACf,eAAe,EACf,YAAY,EACZ,OAAO,GACR,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,YAAY,EACV,UAAU,EACV,SAAS,EACT,WAAW,EACX,aAAa,EACb,UAAU,EACV,MAAM,EACN,gBAAgB,GACjB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3E,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,YAAY,EAAE,qBAAqB,EAAE,MAAM,kCAAkC,CAAC;AAC9E,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC5E,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,YAAY,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAClE,YAAY,EACV,cAAc,EACd,WAAW,EACX,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjE,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAC/E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,YAAY,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACxF,YAAY,EACV,YAAY,EACZ,UAAU,EACV,UAAU,EACV,iBAAiB,GAClB,MAAM,4BAA4B,CAAC;AAEpC,YAAY,EAAE,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAChF,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACxD,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AAC9E,YAAY,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,KAAK,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAC7E,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,OAAO,EACL,qBAAqB,EACrB,uBAAuB,EACvB,sBAAsB,EACtB,qBAAqB,EACrB,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAE5D,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,mCAAmC,CAAC;AAE3C,YAAY,EACV,cAAc,EACd,cAAc,EACd,aAAa,EACb,aAAa,EACb,mBAAmB,GACpB,MAAM,+BAA+B,CAAC;AACvC,YAAY,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACjE,YAAY,EACV,aAAa,EACb,cAAc,EACd,aAAa,EACb,SAAS,EACT,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,6BAA6B,CAAC;AACrC,YAAY,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,eAAe,GAChB,MAAM,iCAAiC,CAAC;AACzC,YAAY,EACV,SAAS,EACT,sBAAsB,GACvB,MAAM,iCAAiC,CAAC;AACzC,YAAY,EACV,UAAU,EACV,UAAU,EACV,oBAAoB,EACpB,oBAAoB,EACpB,WAAW,EACX,eAAe,EACf,aAAa,GACd,MAAM,0BAA0B,CAAC;AAElC,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAElE,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AACzE,YAAY,EACV,mBAAmB,EACnB,IAAI,GACL,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,gBAAgB,EAAE,MAAM,wCAAwC,CAAC;AAC1E,YAAY,EACV,cAAc,EACd,uBAAuB,EACvB,aAAa,EACb,OAAO,EACP,WAAW,GACZ,MAAM,wCAAwC,CAAC;AAEhD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAC;AAE3E,YAAY,EAAE,eAAe,EAAE,MAAM,2BAA2B,CAAC;AACjE,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,YAAY,EACV,kBAAkB,EAClB,gBAAgB,GACjB,MAAM,4BAA4B,CAAC;AACpC,YAAY,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AAE1E,YAAY,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAErE,OAAO,EAAE,qBAAqB,EAAE,MAAM,yCAAyC,CAAC;AAChF,OAAO,EACL,4BAA4B,EAC5B,oCAAoC,GACrC,MAAM,kCAAkC,CAAC;AAE1C,OAAO,EAAE,uBAAuB,EAAE,MAAM,wCAAwC,CAAC;AACjF,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AACzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,YAAY,EACV,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACb,wBAAwB,EACxB,cAAc,EACd,cAAc,EACd,kBAAkB,EAClB,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EAEb,aAAa,EACb,cAAc,EACd,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,GACf,MAAM,8BAA8B,CAAC"}
|
|
@@ -23,8 +23,8 @@ export declare const catalogGet: ToolDefinition<z.ZodObject<{
|
|
|
23
23
|
}, z.core.$strip>>;
|
|
24
24
|
export declare const catalogManage: ToolDefinition<z.ZodObject<{
|
|
25
25
|
action: z.ZodEnum<{
|
|
26
|
-
delete: "delete";
|
|
27
26
|
update: "update";
|
|
27
|
+
delete: "delete";
|
|
28
28
|
publish: "publish";
|
|
29
29
|
archive: "archive";
|
|
30
30
|
discontinue: "discontinue";
|
|
@@ -2,10 +2,10 @@ import { z } from "zod";
|
|
|
2
2
|
import type { ToolDefinition } from "./registry.js";
|
|
3
3
|
export declare const promotionsManage: ToolDefinition<z.ZodObject<{
|
|
4
4
|
action: z.ZodEnum<{
|
|
5
|
-
deactivate: "deactivate";
|
|
6
5
|
create: "create";
|
|
7
6
|
list: "list";
|
|
8
7
|
validate: "validate";
|
|
8
|
+
deactivate: "deactivate";
|
|
9
9
|
}>;
|
|
10
10
|
name: z.ZodOptional<z.ZodString>;
|
|
11
11
|
type: z.ZodOptional<z.ZodEnum<{
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/runtime/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAKhD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAOzD,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAAkB,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEtE,KAAK,SAAS,GAAG;IACf,SAAS,EAAE;QACT,IAAI,EAAE,YAAY,CAAC;QACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,cAAc;;;;;
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/runtime/server.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAKhD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAC9C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAOzD,OAAO,EAAgB,KAAK,MAAM,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAAkB,KAAK,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAEtE,KAAK,SAAS,GAAG;IACf,SAAS,EAAE;QACT,IAAI,EAAE,YAAY,CAAC;QACnB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAC;QACpB,SAAS,EAAE,MAAM,CAAC;QAClB,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;CACH,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,YAAY,CAAC,MAAM,EAAE,cAAc;;;;;GA8TxD"}
|
package/dist/runtime/server.js
CHANGED
|
@@ -35,13 +35,15 @@ export async function createServer(config) {
|
|
|
35
35
|
},
|
|
36
36
|
});
|
|
37
37
|
// ─── Security Guards ──────────────────────────────────────────────
|
|
38
|
-
if (config.auth?.enableDevKey
|
|
39
|
-
throw new Error("FATAL:
|
|
40
|
-
"
|
|
38
|
+
if (config.auth?.enableDevKey !== undefined) {
|
|
39
|
+
throw new Error("FATAL: auth.enableDevKey has been removed. " +
|
|
40
|
+
"Use 'bunx @unifiedcommerce/cli api-key create --scope admin' to generate a real API key. " +
|
|
41
|
+
"See RFC-050: https://github.com/octalpixel/unified-commerce/blob/main/RFC-050-AUTH-KEY-SCOPING.md");
|
|
41
42
|
}
|
|
42
|
-
if (config.auth?.
|
|
43
|
-
|
|
44
|
-
"
|
|
43
|
+
if (config.auth?.devKey !== undefined) {
|
|
44
|
+
throw new Error("FATAL: auth.devKey has been removed. " +
|
|
45
|
+
"Use 'bunx @unifiedcommerce/cli api-key create --scope admin' to generate a real API key. " +
|
|
46
|
+
"See RFC-050: https://github.com/octalpixel/unified-commerce/blob/main/RFC-050-AUTH-KEY-SCOPING.md");
|
|
45
47
|
}
|
|
46
48
|
// ─── Process Crash Handlers (F4) ─────────────────────────────────────
|
|
47
49
|
process.on("unhandledRejection", (reason) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-test-config.d.ts","sourceRoot":"","sources":["../../src/test-utils/create-test-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAgDzD,wBAAsB,gBAAgB,CACpC,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC,cAAc,CAAC,
|
|
1
|
+
{"version":3,"file":"create-test-config.d.ts","sourceRoot":"","sources":["../../src/test-utils/create-test-config.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAgDzD,wBAAsB,gBAAgB,CACpC,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC,cAAc,CAAC,CA+GzB;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,sBAAsB,CAC1C,SAAS,GAAE,OAAO,CAAC,cAAc,CAAM,GACtC,OAAO,CAAC;IAAE,MAAM,EAAE,cAAc,CAAC;IAAC,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAAE,CAAC,CAUnE"}
|
|
@@ -55,8 +55,6 @@ export async function createTestConfig(overrides = {}) {
|
|
|
55
55
|
auth: {
|
|
56
56
|
requireEmailVerification: false,
|
|
57
57
|
apiKeys: { enabled: true, defaultPermissions: ["catalog:read"] },
|
|
58
|
-
enableDevKey: true,
|
|
59
|
-
devKey: "dev-staff-key",
|
|
60
58
|
posPin: { enabled: true },
|
|
61
59
|
roles: {
|
|
62
60
|
owner: { permissions: ["*:*"] },
|
package/package.json
CHANGED
package/src/auth/middleware.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { timingSafeEqual } from "node:crypto";
|
|
2
1
|
import type { MiddlewareHandler } from "hono";
|
|
3
2
|
import type { AuthSessionLike, CommerceConfig } from "../config/types.js";
|
|
4
3
|
import type { Actor } from "./types.js";
|
|
@@ -38,10 +37,39 @@ export function authMiddleware(
|
|
|
38
37
|
})) as AuthSessionLike | null;
|
|
39
38
|
|
|
40
39
|
if (session) {
|
|
41
|
-
// Better Auth's session
|
|
42
|
-
//
|
|
40
|
+
// Better Auth's session stores activeOrganizationId, but often not the role.
|
|
41
|
+
// For single-store apps (org_default), users may never call set-active,
|
|
42
|
+
// so activeOrganizationId can be null even for valid org members.
|
|
43
43
|
let role = session.session.activeOrganizationRole as string | undefined;
|
|
44
|
-
|
|
44
|
+
let orgId = session.session.activeOrganizationId as string | null;
|
|
45
|
+
|
|
46
|
+
// If no active org, try to resolve the user's membership in org_default.
|
|
47
|
+
// This handles the common case where the user is a member but hasn't
|
|
48
|
+
// called organization/set-active (single-store apps, seed scripts, tests).
|
|
49
|
+
const getFullOrg = auth.api.getFullOrganization as
|
|
50
|
+
| ((input: { query: { organizationId: string } }) => Promise<unknown>)
|
|
51
|
+
| undefined;
|
|
52
|
+
if (!role && getFullOrg) {
|
|
53
|
+
try {
|
|
54
|
+
const org = await getFullOrg({
|
|
55
|
+
query: { organizationId: orgId ?? DEFAULT_ORG_ID },
|
|
56
|
+
}) as { members?: Array<{ userId: string; role: string }> } | null;
|
|
57
|
+
if (org?.members) {
|
|
58
|
+
const membership = org.members.find(
|
|
59
|
+
(m: { userId: string }) => m.userId === session.user.id,
|
|
60
|
+
);
|
|
61
|
+
if (membership) {
|
|
62
|
+
role = membership.role;
|
|
63
|
+
orgId = orgId ?? DEFAULT_ORG_ID;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
} catch {
|
|
67
|
+
// fall through — treat as customer
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
// Also try getActiveMemberRole if active org is set
|
|
72
|
+
if (!role && orgId && auth.api.getActiveMemberRole) {
|
|
45
73
|
try {
|
|
46
74
|
const roleResult = await auth.api.getActiveMemberRole({
|
|
47
75
|
headers: c.req.raw.headers,
|
|
@@ -51,6 +79,7 @@ export function authMiddleware(
|
|
|
51
79
|
// fall through — treat as customer
|
|
52
80
|
}
|
|
53
81
|
}
|
|
82
|
+
|
|
54
83
|
const enrichedSession = {
|
|
55
84
|
...session,
|
|
56
85
|
session: { ...session.session, activeOrganizationRole: role ?? null },
|
|
@@ -61,7 +90,7 @@ export function authMiddleware(
|
|
|
61
90
|
email: session.user.email ?? null,
|
|
62
91
|
name: session.user.name ?? "User",
|
|
63
92
|
vendorId: session.user.vendorId ?? null,
|
|
64
|
-
organizationId:
|
|
93
|
+
organizationId: orgId ?? DEFAULT_ORG_ID,
|
|
65
94
|
role: role ?? "customer",
|
|
66
95
|
permissions: resolvePermissions(enrichedSession, config),
|
|
67
96
|
} satisfies Actor);
|
|
@@ -132,27 +161,6 @@ export function authMiddleware(
|
|
|
132
161
|
}
|
|
133
162
|
}
|
|
134
163
|
|
|
135
|
-
// Config-driven dev key (OFF by default, must be explicitly enabled)
|
|
136
|
-
if (
|
|
137
|
-
!c.get("actor") &&
|
|
138
|
-
apiKeyHeader &&
|
|
139
|
-
config.auth?.enableDevKey &&
|
|
140
|
-
config.auth.devKey &&
|
|
141
|
-
apiKeyHeader.length === config.auth.devKey.length &&
|
|
142
|
-
timingSafeEqual(Buffer.from(apiKeyHeader), Buffer.from(config.auth.devKey))
|
|
143
|
-
) {
|
|
144
|
-
c.set("actor", {
|
|
145
|
-
type: "api_key",
|
|
146
|
-
userId: "dev-staff",
|
|
147
|
-
email: "dev@local",
|
|
148
|
-
name: "Dev Admin (dev key)",
|
|
149
|
-
vendorId: null,
|
|
150
|
-
organizationId: DEFAULT_ORG_ID,
|
|
151
|
-
role: "owner",
|
|
152
|
-
permissions: ["*:*"],
|
|
153
|
-
} satisfies Actor);
|
|
154
|
-
}
|
|
155
|
-
|
|
156
164
|
if (!c.get("actor")) {
|
|
157
165
|
c.set("actor", null);
|
|
158
166
|
}
|
package/src/auth/setup.ts
CHANGED
|
@@ -88,7 +88,24 @@ export function createAuth(
|
|
|
88
88
|
plugins.push(twoFactor({ issuer: config.storeName ?? "UnifiedCommerce" }));
|
|
89
89
|
}
|
|
90
90
|
|
|
91
|
-
|
|
91
|
+
// Configure API key plugin — one config per defined scope, or a single default config.
|
|
92
|
+
const scopes = config.auth?.apiKeyScopes;
|
|
93
|
+
if (scopes && Object.keys(scopes).length > 0) {
|
|
94
|
+
const apiKeyConfigs = Object.entries(scopes).map(([scopeId, scope]) => ({
|
|
95
|
+
configId: scopeId,
|
|
96
|
+
defaultPrefix: scope.prefix,
|
|
97
|
+
...(scope.rateLimit
|
|
98
|
+
? {
|
|
99
|
+
rateLimit: {
|
|
100
|
+
enabled: true,
|
|
101
|
+
maxRequests: scope.rateLimit.maxRequests,
|
|
102
|
+
timeWindow: scope.rateLimit.timeWindow,
|
|
103
|
+
},
|
|
104
|
+
}
|
|
105
|
+
: {}),
|
|
106
|
+
}));
|
|
107
|
+
plugins.push(apiKey(apiKeyConfigs));
|
|
108
|
+
} else if (config.auth?.apiKeys?.enabled) {
|
|
92
109
|
plugins.push(apiKey());
|
|
93
110
|
}
|
|
94
111
|
|
package/src/config/types.ts
CHANGED
|
@@ -49,6 +49,28 @@ export interface EntityConfig {
|
|
|
49
49
|
hooks?: EntityHooks;
|
|
50
50
|
}
|
|
51
51
|
|
|
52
|
+
/**
|
|
53
|
+
* A predefined API key scope — a named set of permissions, prefix, and rate limit.
|
|
54
|
+
* Used with `bunx @unifiedcommerce/cli api-key create --scope <name>`.
|
|
55
|
+
*
|
|
56
|
+
* Permissions use Better Auth's native format: Record<string, string[]>
|
|
57
|
+
* where keys are resource types and values are arrays of allowed actions.
|
|
58
|
+
*/
|
|
59
|
+
export interface ApiKeyScopeDefinition {
|
|
60
|
+
/** Prefix for generated keys (e.g., "uc_pub_", "uc_adm_"). */
|
|
61
|
+
prefix: string;
|
|
62
|
+
/** Human description shown in CLI output. */
|
|
63
|
+
description: string;
|
|
64
|
+
/** Permissions in Better Auth format: { catalog: ["read"], orders: ["create", "read"] } */
|
|
65
|
+
permissions: Record<string, string[]>;
|
|
66
|
+
/** Rate limiting for keys created with this scope. */
|
|
67
|
+
rateLimit?: {
|
|
68
|
+
maxRequests: number;
|
|
69
|
+
/** Time window in milliseconds. */
|
|
70
|
+
timeWindow: number;
|
|
71
|
+
};
|
|
72
|
+
}
|
|
73
|
+
|
|
52
74
|
export interface AuthConfig {
|
|
53
75
|
requireEmailVerification?: boolean;
|
|
54
76
|
sessionDuration?: number;
|
|
@@ -64,10 +86,13 @@ export interface AuthConfig {
|
|
|
64
86
|
customerPermissions?: string[];
|
|
65
87
|
/** Origins allowed for CSRF protection (Better Auth `trustedOrigins`). */
|
|
66
88
|
trustedOrigins?: string[];
|
|
67
|
-
/**
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
89
|
+
/**
|
|
90
|
+
* Predefined API key scopes. Each scope defines a named permission set
|
|
91
|
+
* that can be used with `bunx @unifiedcommerce/cli api-key create --scope <name>`.
|
|
92
|
+
*
|
|
93
|
+
* Better Auth's API key plugin is configured with one config per scope.
|
|
94
|
+
*/
|
|
95
|
+
apiKeyScopes?: Record<string, ApiKeyScopeDefinition>;
|
|
71
96
|
/**
|
|
72
97
|
* Phone number OTP authentication via Better Auth's phoneNumber plugin.
|
|
73
98
|
* When configured, users can sign in/up with phone + OTP instead of email/password.
|
package/src/index.ts
CHANGED
package/src/runtime/server.ts
CHANGED
|
@@ -55,16 +55,18 @@ export async function createServer(config: CommerceConfig) {
|
|
|
55
55
|
});
|
|
56
56
|
|
|
57
57
|
// ─── Security Guards ──────────────────────────────────────────────
|
|
58
|
-
if (config.auth?.enableDevKey
|
|
58
|
+
if ((config.auth as Record<string, unknown>)?.enableDevKey !== undefined) {
|
|
59
59
|
throw new Error(
|
|
60
|
-
"FATAL:
|
|
61
|
-
"
|
|
60
|
+
"FATAL: auth.enableDevKey has been removed. " +
|
|
61
|
+
"Use 'bunx @unifiedcommerce/cli api-key create --scope admin' to generate a real API key. " +
|
|
62
|
+
"See RFC-050: https://github.com/octalpixel/unified-commerce/blob/main/RFC-050-AUTH-KEY-SCOPING.md",
|
|
62
63
|
);
|
|
63
64
|
}
|
|
64
|
-
if (config.auth
|
|
65
|
-
|
|
66
|
-
"
|
|
67
|
-
"
|
|
65
|
+
if ((config.auth as Record<string, unknown>)?.devKey !== undefined) {
|
|
66
|
+
throw new Error(
|
|
67
|
+
"FATAL: auth.devKey has been removed. " +
|
|
68
|
+
"Use 'bunx @unifiedcommerce/cli api-key create --scope admin' to generate a real API key. " +
|
|
69
|
+
"See RFC-050: https://github.com/octalpixel/unified-commerce/blob/main/RFC-050-AUTH-KEY-SCOPING.md",
|
|
68
70
|
);
|
|
69
71
|
}
|
|
70
72
|
|
|
@@ -66,8 +66,6 @@ export async function createTestConfig(
|
|
|
66
66
|
auth: {
|
|
67
67
|
requireEmailVerification: false,
|
|
68
68
|
apiKeys: { enabled: true, defaultPermissions: ["catalog:read"] },
|
|
69
|
-
enableDevKey: true,
|
|
70
|
-
devKey: "dev-staff-key",
|
|
71
69
|
posPin: { enabled: true },
|
|
72
70
|
roles: {
|
|
73
71
|
owner: { permissions: ["*:*"] },
|