@valencets/cms 0.1.0

package/dist/api/local-api.js

@@ -0,0 +1,82 @@
+import { errAsync } from 'neverthrow';
+import { createQueryBuilder } from '../db/query-builder.js';
+import { CmsErrorCode } from '../schema/types.js';
+import { isValidIdentifier } from '../db/sql-sanitize.js';
+import { safeQuery } from '../db/safe-query.js';
+export function createLocalApi(pool, collections, globals) {
+    const qb = createQueryBuilder(pool, collections);
+    return {
+        find(args) {
+            let builder = qb.query(args.collection);
+            if (args.where) {
+                for (const [k, v] of Object.entries(args.where)) {
+                    builder = builder.where(k, v);
+                }
+            }
+            if (args.limit)
+                builder = builder.limit(args.limit);
+            return builder.all();
+        },
+        findByID(args) {
+            return qb.query(args.collection)
+                .where('id', args.id)
+                .first();
+        },
+        create(args) {
+            return qb.query(args.collection)
+                .insert(args.data);
+        },
+        update(args) {
+            return qb.query(args.collection)
+                .where('id', args.id)
+                .update(args.data);
+        },
+        delete(args) {
+            return qb.query(args.collection)
+                .where('id', args.id)
+                .delete();
+        },
+        count(args) {
+            let builder = qb.query(args.collection);
+            if (args.where) {
+                for (const [k, v] of Object.entries(args.where)) {
+                    builder = builder.where(k, v);
+                }
+            }
+            return builder.count();
+        },
+        findGlobal(args) {
+            const check = globals.get(args.slug);
+            if (check.isErr())
+                return errAsync(check.error);
+            if (!isValidIdentifier(args.slug)) {
+                return errAsync({ code: CmsErrorCode.INVALID_INPUT, message: `Invalid global slug: ${args.slug}` });
+            }
+            const table = `"global_${args.slug}"`;
+            return safeQuery(pool, `SELECT * FROM ${table} WHERE "deleted_at" IS NULL LIMIT 1`, [])
+                .map(rows => rows[0] ?? null);
+        },
+        updateGlobal(args) {
+            const check = globals.get(args.slug);
+            if (check.isErr())
+                return errAsync(check.error);
+            if (!isValidIdentifier(args.slug)) {
+                return errAsync({ code: CmsErrorCode.INVALID_INPUT, message: `Invalid global slug: ${args.slug}` });
+            }
+            const globalConfig = check.value;
+            const allowedNames = new Set(globalConfig.fields.map(f => f.name));
+            const keys = Object.keys(args.data);
+            for (const k of keys) {
+                if (!allowedNames.has(k) || !isValidIdentifier(k)) {
+                    return errAsync({ code: CmsErrorCode.INVALID_INPUT, message: `Invalid field: ${k}` });
+                }
+            }
+            const setClauses = keys.map((k, i) => `"${k}" = $${i + 1}`).join(', ');
+            const params = Object.values(args.data);
+            const table = `"global_${args.slug}"`;
+            return safeQuery(pool, `UPDATE ${table} SET ${setClauses} WHERE "deleted_at" IS NULL RETURNING *`, params)
+                .map(rows => rows[0]);
+        }
+    };
+}
+//# sourceMappingURL=local-api.js.map

package/dist/api/local-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-api.js","sourceRoot":"","sources":["../../src/api/local-api.ts"],"names":[],"mappings":"AAAA,OAAO,EAAe,QAAQ,EAAE,MAAM,YAAY,CAAA;AAMlD,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAA;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAA;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAsD/C,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,WAA+B,EAC/B,OAAuB;IAEvB,MAAM,EAAE,GAAG,kBAAkB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAA;IAEhD,OAAO;QACL,IAAI,CAAE,IAAI;YACR,IAAI,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACvC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBAChD,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/B,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,KAAK;gBAAE,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;YACnD,OAAO,OAAO,CAAC,GAAG,EAAE,CAAA;QACtB,CAAC;QAED,QAAQ,CAAE,IAAI;YACZ,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;iBAC7B,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;iBACpB,KAAK,EAAE,CAAA;QACZ,CAAC;QAED,MAAM,CAAE,IAAI;YACV,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;iBAC7B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtB,CAAC;QAED,MAAM,CAAE,IAAI;YACV,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;iBAC7B,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;iBACpB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACtB,CAAC;QAED,MAAM,CAAE,IAAI;YACV,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;iBAC7B,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;iBACpB,MAAM,EAAE,CAAA;QACb,CAAC;QAED,KAAK,CAAE,IAAI;YACT,IAAI,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;YACvC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;gBACf,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;oBAChD,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;gBAC/B,CAAC;YACH,CAAC;YACD,OAAO,OAAO,CAAC,KAAK,EAAE,CAAA;QACxB,CAAC;QAED,UAAU,CAAE,IAAI;YACd,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACpC,IAAI,KAAK,CAAC,KAAK,EAAE;gBAAE,OAAO,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YAC/C,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,QAAQ,CAAC,EAAE,IAAI,EAAE,YAAY,CAAC,aAAa,EAAE,OAAO,EAAE,wBAAwB,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;YACrG,CAAC;YACD,MAAM,KAAK,GAAG,WAAW,IAAI,CAAC,IAAI,GAAG,CAAA;YACrC,OAAO,SAAS,CAAgB,IAAI,EAAE,iBAAiB,KAAK,qCAAqC,EAAE,EAAE,CAAC;iBACnG,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAA;QACjC,CAAC;QAED,YAAY,CAAE,IAAI;YAChB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACpC,IAAI,KAAK,CAAC,KAAK,EAAE;gBAAE,OAAO,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YAC/C,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBAClC,OAAO,QAAQ,CAAC,EAAE,IAAI,EAAE,YAAY,CAAC,aAAa,EAAE,OAAO,EAAE,wBAAwB,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;YACrG,CAAC;YACD,MAAM,YAAY,GAAG,KAAK,CAAC,KAAK,CAAA;YAChC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;YAClE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACnC,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;gBACrB,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,CAAC;oBAClD,OAAO,QAAQ,CAAC,EAAE,IAAI,EAAE,YAAY,CAAC,aAAa,EAAE,OAAO,EAAE,kBAAkB,CAAC,EAAE,EAAE,CAAC,CAAA;gBACvF,CAAC;YACH,CAAC;YACD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACtE,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;YACvC,MAAM,KAAK,GAAG,WAAW,IAAI,CAAC,IAAI,GAAG,CAAA;YACrC,OAAO,SAAS,CAAgB,IAAI,EAAE,UAAU,KAAK,QAAQ,UAAU,yCAAyC,EAAE,MAAM,CAAC;iBACtH,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAgB,CAAC,CAAA;QACxC,CAAC;KACF,CAAA;AACH,CAAC"}

package/dist/api/read-body.d.ts

@@ -0,0 +1,6 @@
+import type { IncomingMessage } from 'node:http';
+import { ResultAsync } from 'neverthrow';
+import type { CmsError } from '../schema/types.js';
+export declare function readRawBody(req: IncomingMessage, maxBytes?: number): ResultAsync<Buffer, CmsError>;
+export declare function readStringBody(req: IncomingMessage, maxBytes?: number): ResultAsync<string, CmsError>;
+//# sourceMappingURL=read-body.d.ts.map

package/dist/api/read-body.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-body.d.ts","sourceRoot":"","sources":["../../src/api/read-body.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAExC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAIlD,wBAAgB,WAAW,CAAE,GAAG,EAAE,eAAe,EAAE,QAAQ,GAAE,MAAuB,GAAG,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAsBnH;AAED,wBAAgB,cAAc,CAAE,GAAG,EAAE,eAAe,EAAE,QAAQ,GAAE,MAAuB,GAAG,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAEtH"}

package/dist/api/read-body.js

@@ -0,0 +1,27 @@
+import { ResultAsync } from 'neverthrow';
+import { CmsErrorCode } from '../schema/types.js';
+const MAX_BODY_BYTES = 1_048_576;
+export function readRawBody(req, maxBytes = MAX_BODY_BYTES) {
+    return ResultAsync.fromPromise(new Promise((resolve, reject) => {
+        const chunks = [];
+        let received = 0;
+        req.on('data', (chunk) => {
+            received += chunk.length;
+            if (received > maxBytes) {
+                req.removeAllListeners('data');
+                reject(new Error(`Body exceeds ${maxBytes} bytes`));
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.on('end', () => resolve(Buffer.concat(chunks)));
+        req.on('error', (e) => reject(e));
+    }), (e) => ({
+        code: CmsErrorCode.INVALID_INPUT,
+        message: e instanceof Error ? e.message : 'Failed to read request body'
+    }));
+}
+export function readStringBody(req, maxBytes = MAX_BODY_BYTES) {
+    return readRawBody(req, maxBytes).map(buf => buf.toString('utf-8'));
+}
+//# sourceMappingURL=read-body.js.map

package/dist/api/read-body.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-body.js","sourceRoot":"","sources":["../../src/api/read-body.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAGjD,MAAM,cAAc,GAAG,SAAS,CAAA;AAEhC,MAAM,UAAU,WAAW,CAAE,GAAoB,EAAE,WAAmB,cAAc;IAClF,OAAO,WAAW,CAAC,WAAW,CAC5B,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACtC,MAAM,MAAM,GAAa,EAAE,CAAA;QAC3B,IAAI,QAAQ,GAAG,CAAC,CAAA;QAChB,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE;YAC/B,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAA;YACxB,IAAI,QAAQ,GAAG,QAAQ,EAAE,CAAC;gBACxB,GAAG,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;gBAC9B,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,QAAQ,QAAQ,CAAC,CAAC,CAAA;gBACnD,OAAM;YACR,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACpB,CAAC,CAAC,CAAA;QACF,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;QACnD,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAQ,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAA;IAC1C,CAAC,CAAC,EACF,CAAC,CAAU,EAAY,EAAE,CAAC,CAAC;QACzB,IAAI,EAAE,YAAY,CAAC,aAAa;QAChC,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,6BAA6B;KACxE,CAAC,CACH,CAAA;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAE,GAAoB,EAAE,WAAmB,cAAc;IACrF,OAAO,WAAW,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAA;AACrE,CAAC"}

package/dist/api/rest-api.d.ts

@@ -0,0 +1,12 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { DbPool } from '@valencets/db';
+import type { CollectionRegistry, GlobalRegistry } from '../schema/registry.js';
+export type RestRouteHandler = (req: IncomingMessage, res: ServerResponse, ctx: Record<string, string>) => Promise<void>;
+export interface RestRouteEntry {
+    readonly GET?: RestRouteHandler | undefined;
+    readonly POST?: RestRouteHandler | undefined;
+    readonly PATCH?: RestRouteHandler | undefined;
+    readonly DELETE?: RestRouteHandler | undefined;
+}
+export declare function createRestRoutes(pool: DbPool, collections: CollectionRegistry, globals: GlobalRegistry): Map<string, RestRouteEntry>;
+//# sourceMappingURL=rest-api.d.ts.map

package/dist/api/rest-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rest-api.d.ts","sourceRoot":"","sources":["../../src/api/rest-api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAC3C,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAM/E,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;AAExH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,GAAG,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAC3C,QAAQ,CAAC,IAAI,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAC5C,QAAQ,CAAC,KAAK,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;IAC7C,QAAQ,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,SAAS,CAAA;CAC/C;AAWD,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,kBAAkB,EAC/B,OAAO,EAAE,cAAc,GACtB,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CAmF7B"}

package/dist/api/rest-api.js

@@ -0,0 +1,100 @@
+import { createLocalApi } from './local-api.js';
+import { sendJson, sendErrorJson, safeReadBody, safeJsonParse } from './http-utils.js';
+import { generateZodSchema, generatePartialSchema } from '../validation/zod-generator.js';
+function requireJsonContentType(req, res) {
+    const ct = req.headers['content-type'] ?? '';
+    if (!ct.includes('application/json')) {
+        sendErrorJson(res, 'Content-Type must be application/json', 415);
+        return false;
+    }
+    return true;
+}
+export function createRestRoutes(pool, collections, globals) {
+    const api = createLocalApi(pool, collections, globals);
+    const routes = new Map();
+    for (const col of collections.getAll()) {
+        const slug = col.slug;
+        const zodSchema = generateZodSchema(col.fields);
+        routes.set(`/api/${slug}`, {
+            GET: async (_req, res) => {
+                const result = await api.find({ collection: slug });
+                result.match((docs) => sendJson(res, docs), (err) => sendErrorJson(res, err.message, 500));
+            },
+            POST: async (req, res) => {
+                if (!requireJsonContentType(req, res))
+                    return;
+                const bodyResult = await safeReadBody(req);
+                if (bodyResult.isErr()) {
+                    sendErrorJson(res, bodyResult.error.message, 400);
+                    return;
+                }
+                const parseResult = await safeJsonParse(bodyResult.value);
+                if (parseResult.isErr()) {
+                    sendErrorJson(res, parseResult.error.message, 400);
+                    return;
+                }
+                const validation = zodSchema.safeParse(parseResult.value);
+                if (!validation.success) {
+                    const issues = validation.error.issues.map(i => `${i.path.join('.')}: ${i.message}`).join('; ');
+                    sendErrorJson(res, `Validation failed: ${issues}`, 400);
+                    return;
+                }
+                const result = await api.create({ collection: slug, data: parseResult.value });
+                result.match((doc) => sendJson(res, doc, 201), (err) => sendErrorJson(res, err.message, 400));
+            }
+        });
+        routes.set(`/api/${slug}/:id`, {
+            GET: async (req, res) => {
+                const rawId = req.url?.split('/').pop() ?? '';
+                const id = rawId.split('?')[0] ?? '';
+                if (!id) {
+                    sendErrorJson(res, 'Missing document ID', 400);
+                    return;
+                }
+                const result = await api.findByID({ collection: slug, id });
+                result.match((doc) => doc ? sendJson(res, doc) : sendErrorJson(res, 'Not found', 404), (err) => sendErrorJson(res, err.message, 500));
+            },
+            PATCH: async (req, res) => {
+                if (!requireJsonContentType(req, res))
+                    return;
+                const rawId = req.url?.split('/').pop() ?? '';
+                const id = rawId.split('?')[0] ?? '';
+                if (!id) {
+                    sendErrorJson(res, 'Missing document ID', 400);
+                    return;
+                }
+                const bodyResult = await safeReadBody(req);
+                if (bodyResult.isErr()) {
+                    sendErrorJson(res, bodyResult.error.message, 400);
+                    return;
+                }
+                const parseResult = await safeJsonParse(bodyResult.value);
+                if (parseResult.isErr()) {
+                    sendErrorJson(res, parseResult.error.message, 400);
+                    return;
+                }
+                const partialSchema = generatePartialSchema(col.fields);
+                const validation = partialSchema.safeParse(parseResult.value);
+                if (!validation.success) {
+                    const issues = validation.error.issues.map(i => `${i.path.join('.')}: ${i.message}`).join('; ');
+                    sendErrorJson(res, `Validation failed: ${issues}`, 400);
+                    return;
+                }
+                const result = await api.update({ collection: slug, id, data: parseResult.value });
+                result.match((doc) => sendJson(res, doc), (err) => sendErrorJson(res, err.message, 400));
+            },
+            DELETE: async (req, res) => {
+                const rawId = req.url?.split('/').pop() ?? '';
+                const id = rawId.split('?')[0] ?? '';
+                if (!id) {
+                    sendErrorJson(res, 'Missing document ID', 400);
+                    return;
+                }
+                const result = await api.delete({ collection: slug, id });
+                result.match((doc) => sendJson(res, doc), (err) => sendErrorJson(res, err.message, 500));
+            }
+        });
+    }
+    return routes;
+}
+//# sourceMappingURL=rest-api.js.map

package/dist/api/rest-api.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rest-api.js","sourceRoot":"","sources":["../../src/api/rest-api.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAA;AAC/C,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAEtF,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,gCAAgC,CAAA;AAWzF,SAAS,sBAAsB,CAAE,GAAoB,EAAE,GAAmB;IACxE,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;IAC5C,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACrC,aAAa,CAAC,GAAG,EAAE,uCAAuC,EAAE,GAAG,CAAC,CAAA;QAChE,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,WAA+B,EAC/B,OAAuB;IAEvB,MAAM,GAAG,GAAG,cAAc,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAA;IACtD,MAAM,MAAM,GAAG,IAAI,GAAG,EAA0B,CAAA;IAEhD,KAAK,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;QACvC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAA;QACrB,MAAM,SAAS,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAE/C,MAAM,CAAC,GAAG,CAAC,QAAQ,IAAI,EAAE,EAAE;YACzB,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;gBACvB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;gBACnD,MAAM,CAAC,KAAK,CACV,CAAC,IAAI,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAsB,CAAC,EAC/C,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAC9C,CAAA;YACH,CAAC;YACD,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACvB,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;oBAAE,OAAM;gBAC7C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAA;gBAC1C,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACrF,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;gBACzD,IAAI,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACvF,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;gBACzD,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;oBACxB,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBAC/F,aAAa,CAAC,GAAG,EAAE,sBAAsB,MAAM,EAAE,EAAE,GAAG,CAAC,CAAA;oBACvD,OAAM;gBACR,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;gBAC9E,MAAM,CAAC,KAAK,CACV,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAmB,EAAE,GAAG,CAAC,EAChD,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAC9C,CAAA;YACH,CAAC;SACF,CAAC,CAAA;QAEF,MAAM,CAAC,GAAG,CAAC,QAAQ,IAAI,MAAM,EAAE;YAC7B,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACtB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAA;gBAC7C,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;gBACpC,IAAI,CAAC,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACnE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAA;gBAC3D,MAAM,CAAC,KAAK,CACV,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAmB,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,CAAC,EACxF,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAC9C,CAAA;YACH,CAAC;YACD,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACxB,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC;oBAAE,OAAM;gBAC7C,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAA;gBAC7C,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;gBACpC,IAAI,CAAC,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACnE,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAA;gBAC1C,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACrF,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;gBACzD,IAAI,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACvF,MAAM,aAAa,GAAG,qBAAqB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;gBACvD,MAAM,UAAU,GAAG,aAAa,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;gBAC7D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;oBACxB,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;oBAC/F,aAAa,CAAC,GAAG,EAAE,sBAAsB,MAAM,EAAE,EAAE,GAAG,CAAC,CAAA;oBACvD,OAAM;gBACR,CAAC;gBACD,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,WAAW,CAAC,KAAK,EAAE,CAAC,CAAA;gBAClF,MAAM,CAAC,KAAK,CACV,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAmB,CAAC,EAC3C,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAC9C,CAAA;YACH,CAAC;YACD,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBACzB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAA;gBAC7C,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;gBACpC,IAAI,CAAC,EAAE,EAAE,CAAC;oBAAC,aAAa,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBACnE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,MAAM,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAA;gBACzD,MAAM,CAAC,KAAK,CACV,CAAC,GAAG,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAmB,CAAC,EAC3C,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,CAC9C,CAAA;YACH,CAAC;SACF,CAAC,CAAA;IACJ,CAAC;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/auth/auth-config.d.ts

@@ -0,0 +1,12 @@
+import type { CollectionConfig } from '../schema/collection.js';
+import type { FieldConfig } from '../schema/field-types.js';
+export interface AuthConfig {
+    readonly tokenExpiration: number;
+    readonly maxLoginAttempts: number;
+    readonly lockTime: number;
+}
+export declare function isAuthEnabled(collection: CollectionConfig): boolean;
+export declare function getAuthConfig(overrides: Partial<AuthConfig>): AuthConfig;
+export declare function getAuthFields(): readonly FieldConfig[];
+export declare function injectAuthFields(collection: CollectionConfig): CollectionConfig;
+//# sourceMappingURL=auth-config.d.ts.map

package/dist/auth/auth-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-config.d.ts","sourceRoot":"","sources":["../../src/auth/auth-config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAA;AAC/D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AAE3D,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAA;IACjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;CAC1B;AAQD,wBAAgB,aAAa,CAAE,UAAU,EAAE,gBAAgB,GAAG,OAAO,CAEpE;AAED,wBAAgB,aAAa,CAAE,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,GAAG,UAAU,CAEzE;AAED,wBAAgB,aAAa,IAAK,SAAS,WAAW,EAAE,CAKvD;AAED,wBAAgB,gBAAgB,CAAE,UAAU,EAAE,gBAAgB,GAAG,gBAAgB,CAQhF"}

package/dist/auth/auth-config.js

@@ -0,0 +1,28 @@
+const AUTH_DEFAULTS = {
+    tokenExpiration: 7200,
+    maxLoginAttempts: 5,
+    lockTime: 600
+};
+export function isAuthEnabled(collection) {
+    return collection.auth === true;
+}
+export function getAuthConfig(overrides) {
+    return { ...AUTH_DEFAULTS, ...overrides };
+}
+export function getAuthFields() {
+    return [
+        { type: 'text', name: 'email', required: true, unique: true },
+        { type: 'text', name: 'password_hash', required: true, hidden: true }
+    ];
+}
+export function injectAuthFields(collection) {
+    if (!isAuthEnabled(collection))
+        return collection;
+    const existingNames = new Set(collection.fields.map(f => f.name));
+    const authFields = getAuthFields().filter(f => !existingNames.has(f.name));
+    return {
+        ...collection,
+        fields: [...collection.fields, ...authFields]
+    };
+}
+//# sourceMappingURL=auth-config.js.map

package/dist/auth/auth-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-config.js","sourceRoot":"","sources":["../../src/auth/auth-config.ts"],"names":[],"mappings":"AASA,MAAM,aAAa,GAAe;IAChC,eAAe,EAAE,IAAI;IACrB,gBAAgB,EAAE,CAAC;IACnB,QAAQ,EAAE,GAAG;CACd,CAAA;AAED,MAAM,UAAU,aAAa,CAAE,UAA4B;IACzD,OAAO,UAAU,CAAC,IAAI,KAAK,IAAI,CAAA;AACjC,CAAC;AAED,MAAM,UAAU,aAAa,CAAE,SAA8B;IAC3D,OAAO,EAAE,GAAG,aAAa,EAAE,GAAG,SAAS,EAAE,CAAA;AAC3C,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,OAAO;QACL,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;QAC7D,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE;KACtE,CAAA;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAE,UAA4B;IAC5D,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC;QAAE,OAAO,UAAU,CAAA;IACjD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IACjE,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IAC1E,OAAO;QACL,GAAG,UAAU;QACb,MAAM,EAAE,CAAC,GAAG,UAAU,CAAC,MAAM,EAAE,GAAG,UAAU,CAAC;KAC9C,CAAA;AACH,CAAC"}

package/dist/auth/auth-routes.d.ts

@@ -0,0 +1,5 @@
+import type { DbPool } from '@valencets/db';
+import type { CollectionRegistry } from '../schema/registry.js';
+import type { RestRouteEntry } from '../api/rest-api.js';
+export declare function createAuthRoutes(pool: DbPool, _collections: CollectionRegistry): Map<string, RestRouteEntry>;
+//# sourceMappingURL=auth-routes.d.ts.map

package/dist/auth/auth-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-routes.d.ts","sourceRoot":"","sources":["../../src/auth/auth-routes.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAC3C,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AAC/D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AA8BxD,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,kBAAkB,GAC/B,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,CA0F7B"}

package/dist/auth/auth-routes.js

@@ -0,0 +1,108 @@
+import { z } from 'zod';
+import { sendJson, sendErrorJson, safeReadBody, safeJsonParse } from '../api/http-utils.js';
+import { verifyPassword } from './password.js';
+import { createRateLimiter } from './rate-limit.js';
+import { parseCookie } from './cookie.js';
+import { safeQuery } from '../db/safe-query.js';
+import { createSession, validateSession, destroySession, buildSessionCookie, buildExpiredSessionCookie } from './session.js';
+const loginSchema = z.object({
+    email: z.string().min(1),
+    password: z.string().min(1)
+});
+function queryUser(pool, email) {
+    return safeQuery(pool, 'SELECT id, email, password_hash, name FROM users WHERE email = $1 AND deleted_at IS NULL LIMIT 1', [email]).map(rows => rows[0] ?? null);
+}
+export function createAuthRoutes(pool, _collections) {
+    const routes = new Map();
+    const loginLimiter = createRateLimiter({ maxAttempts: 5, windowMs: 900_000 });
+    routes.set('/api/users/login', {
+        POST: async (req, res) => {
+            const bodyResult = await safeReadBody(req);
+            if (bodyResult.isErr()) {
+                sendErrorJson(res, bodyResult.error.message, 400);
+                return;
+            }
+            const parseResult = await safeJsonParse(bodyResult.value);
+            if (parseResult.isErr()) {
+                sendErrorJson(res, parseResult.error.message, 400);
+                return;
+            }
+            const validation = loginSchema.safeParse(parseResult.value);
+            if (!validation.success) {
+                const issues = validation.error.issues.map(i => `${i.path.join('.')}: ${i.message}`).join('; ');
+                sendErrorJson(res, `Validation failed: ${issues}`, 400);
+                return;
+            }
+            const { email, password } = validation.data;
+            if (!loginLimiter.check(email)) {
+                sendErrorJson(res, 'Too many login attempts', 429);
+                return;
+            }
+            const userResult = await queryUser(pool, email);
+            if (userResult.isErr()) {
+                sendErrorJson(res, 'Login failed', 401);
+                return;
+            }
+            const user = userResult.value;
+            if (!user) {
+                sendErrorJson(res, 'Invalid credentials', 401);
+                return;
+            }
+            const verifyResult = await verifyPassword(password, user.password_hash);
+            if (verifyResult.isErr() || !verifyResult.value) {
+                sendErrorJson(res, 'Invalid credentials', 401);
+                return;
+            }
+            loginLimiter.reset(email);
+            const sessionResult = await createSession(user.id, pool);
+            if (sessionResult.isErr()) {
+                sendErrorJson(res, 'Login failed', 500);
+                return;
+            }
+            const cookie = buildSessionCookie(sessionResult.value);
+            res.writeHead(200, {
+                'Content-Type': 'application/json; charset=utf-8',
+                'Set-Cookie': cookie
+            });
+            res.end(JSON.stringify({ user: { id: user.id, email: user.email, name: user.name } }));
+        }
+    });
+    routes.set('/api/users/logout', {
+        POST: async (req, res) => {
+            const cookieHeader = req.headers.cookie ?? '';
+            const sessionId = parseCookie(cookieHeader, 'cms_session');
+            if (sessionId) {
+                await destroySession(sessionId, pool);
+            }
+            res.writeHead(200, {
+                'Content-Type': 'application/json; charset=utf-8',
+                'Set-Cookie': buildExpiredSessionCookie()
+            });
+            res.end(JSON.stringify({ message: 'Logged out' }));
+        }
+    });
+    routes.set('/api/users/me', {
+        GET: async (req, res) => {
+            const cookieHeader = req.headers.cookie ?? '';
+            const sessionId = parseCookie(cookieHeader, 'cms_session');
+            if (!sessionId) {
+                sendErrorJson(res, 'Unauthorized', 401);
+                return;
+            }
+            const sessionResult = await validateSession(sessionId, pool);
+            if (sessionResult.isErr()) {
+                sendErrorJson(res, 'Unauthorized', 401);
+                return;
+            }
+            const userId = sessionResult.value;
+            const userResult = await safeQuery(pool, 'SELECT id, email, name FROM users WHERE id = $1 AND deleted_at IS NULL', [userId]).map(rows => rows[0] ?? null);
+            if (userResult.isErr() || !userResult.value) {
+                sendErrorJson(res, 'User not found', 404);
+                return;
+            }
+            sendJson(res, userResult.value);
+        }
+    });
+    return routes;
+}
+//# sourceMappingURL=auth-routes.js.map

package/dist/auth/auth-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-routes.js","sourceRoot":"","sources":["../../src/auth/auth-routes.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAC3F,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAA;AAC/C,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AAS5H,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;CAC5B,CAAC,CAAA;AAEF,SAAS,SAAS,CAAE,IAAY,EAAE,KAAa;IAC7C,OAAO,SAAS,CACd,IAAI,EACJ,kGAAkG,EAClG,CAAC,KAAK,CAAC,CACR,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAA;AAChC,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,YAAgC;IAEhC,MAAM,MAAM,GAAG,IAAI,GAAG,EAA0B,CAAA;IAChD,MAAM,YAAY,GAAG,iBAAiB,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAA;IAE7E,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE;QAC7B,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACvB,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,CAAA;YAC1C,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YACrF,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;YACzD,IAAI,WAAW,CAAC,KAAK,EAAE,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAEvF,MAAM,UAAU,GAAG,WAAW,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;YAC3D,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,MAAM,GAAG,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;gBAC/F,aAAa,CAAC,GAAG,EAAE,sBAAsB,MAAM,EAAE,EAAE,GAAG,CAAC,CAAA;gBACvD,OAAM;YACR,CAAC;YAED,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC,IAAI,CAAA;YAE3C,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC/B,aAAa,CAAC,GAAG,EAAE,yBAAyB,EAAE,GAAG,CAAC,CAAA;gBAClD,OAAM;YACR,CAAC;YAED,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;YAC/C,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAC3E,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAA;YAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAErE,MAAM,YAAY,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAA;YACvE,IAAI,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBAChD,aAAa,CAAC,GAAG,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAA;gBAC9C,OAAM;YACR,CAAC;YAED,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;YACzB,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAA;YACxD,IAAI,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAE9E,MAAM,MAAM,GAAG,kBAAkB,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;YACtD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;gBACjB,cAAc,EAAE,iCAAiC;gBACjD,YAAY,EAAE,MAAM;aACrB,CAAC,CAAA;YACF,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAA;QACxF,CAAC;KACF,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE;QAC9B,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACvB,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAA;YAC7C,MAAM,SAAS,GAAG,WAAW,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;YAC1D,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;YACvC,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;gBACjB,cAAc,EAAE,iCAAiC;gBACjD,YAAY,EAAE,yBAAyB,EAAE;aAC1C,CAAC,CAAA;YACF,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC,CAAC,CAAA;QACpD,CAAC;KACF,CAAC,CAAA;IAEF,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE;QAC1B,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;YACtB,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAA;YAC7C,MAAM,SAAS,GAAG,WAAW,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;YAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAEnE,MAAM,aAAa,GAAG,MAAM,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;YAC5D,IAAI,aAAa,CAAC,KAAK,EAAE,EAAE,CAAC;gBAAC,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,GAAG,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAE9E,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAA;YAClC,MAAM,UAAU,GAAG,MAAM,SAAS,CAChC,IAAI,EACJ,wEAAwE,EACxE,CAAC,MAAM,CAAC,CACT,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,CAAA;YAE9B,IAAI,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBAC5C,aAAa,CAAC,GAAG,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAA;gBACzC,OAAM;YACR,CAAC;YAED,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC,KAAqB,CAAC,CAAA;QACjD,CAAC;KACF,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/auth/cookie.d.ts

@@ -0,0 +1,2 @@
+export declare function parseCookie(cookieHeader: string, name: string): string | null;
+//# sourceMappingURL=cookie.d.ts.map

package/dist/auth/cookie.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie.d.ts","sourceRoot":"","sources":["../../src/auth/cookie.ts"],"names":[],"mappings":"AAAA,wBAAgB,WAAW,CAAE,YAAY,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAM9E"}

package/dist/auth/cookie.js

@@ -0,0 +1,9 @@
+export function parseCookie(cookieHeader, name) {
+    const match = cookieHeader.split(';')
+        .map(c => c.trim())
+        .find(c => c.startsWith(`${name}=`));
+    if (!match)
+        return null;
+    return match.slice(name.length + 1);
+}
+//# sourceMappingURL=cookie.js.map

package/dist/auth/cookie.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cookie.js","sourceRoot":"","sources":["../../src/auth/cookie.ts"],"names":[],"mappings":"AAAA,MAAM,UAAU,WAAW,CAAE,YAAoB,EAAE,IAAY;IAC7D,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC;SAClC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SAClB,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,CAAA;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,CAAA;IACvB,OAAO,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AACrC,CAAC"}

package/dist/auth/csrf.d.ts

@@ -0,0 +1,3 @@
+export declare function generateCsrfToken(): string;
+export declare function validateCsrfToken(token: string, expected: string): boolean;
+//# sourceMappingURL=csrf.d.ts.map

package/dist/auth/csrf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.d.ts","sourceRoot":"","sources":["../../src/auth/csrf.ts"],"names":[],"mappings":"AAEA,wBAAgB,iBAAiB,IAAK,MAAM,CAE3C;AAED,wBAAgB,iBAAiB,CAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAO3E"}

package/dist/auth/csrf.js

@@ -0,0 +1,14 @@
+import { randomBytes } from 'node:crypto';
+export function generateCsrfToken() {
+    return randomBytes(32).toString('hex');
+}
+export function validateCsrfToken(token, expected) {
+    if (token.length !== expected.length)
+        return false;
+    let mismatch = 0;
+    for (let i = 0; i < token.length; i++) {
+        mismatch |= (token.charCodeAt(i) ^ expected.charCodeAt(i));
+    }
+    return mismatch === 0;
+}
+//# sourceMappingURL=csrf.js.map

package/dist/auth/csrf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrf.js","sourceRoot":"","sources":["../../src/auth/csrf.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEzC,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;AACxC,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAE,KAAa,EAAE,QAAgB;IAChE,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IAClD,IAAI,QAAQ,GAAG,CAAC,CAAA;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;IAC5D,CAAC;IACD,OAAO,QAAQ,KAAK,CAAC,CAAA;AACvB,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,12 @@
+export { isAuthEnabled, getAuthConfig, getAuthFields, injectAuthFields } from './auth-config.js';
+export type { AuthConfig } from './auth-config.js';
+export { hashPassword, verifyPassword } from './password.js';
+export { createSession, validateSession, destroySession, buildSessionCookie, buildExpiredSessionCookie } from './session.js';
+export { createAuthMiddleware } from './middleware.js';
+export type { AuthContext, AuthMiddleware } from './middleware.js';
+export { generateCsrfToken, validateCsrfToken } from './csrf.js';
+export { createAuthRoutes } from './auth-routes.js';
+export { parseCookie } from './cookie.js';
+export { createRateLimiter } from './rate-limit.js';
+export type { RateLimiter } from './rate-limit.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAChG,YAAY,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAElD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AAE5H,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAA;AACtD,YAAY,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAElE,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAA;AACnD,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA"}

package/dist/auth/index.js

@@ -0,0 +1,9 @@
+export { isAuthEnabled, getAuthConfig, getAuthFields, injectAuthFields } from './auth-config.js';
+export { hashPassword, verifyPassword } from './password.js';
+export { createSession, validateSession, destroySession, buildSessionCookie, buildExpiredSessionCookie } from './session.js';
+export { createAuthMiddleware } from './middleware.js';
+export { generateCsrfToken, validateCsrfToken } from './csrf.js';
+export { createAuthRoutes } from './auth-routes.js';
+export { parseCookie } from './cookie.js';
+export { createRateLimiter } from './rate-limit.js';
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AAGhG,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAA;AAE5D,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,cAAc,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,MAAM,cAAc,CAAA;AAE5H,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAA;AAGtD,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAA;AAEhE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AAEzC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAA"}

package/dist/auth/middleware.d.ts

@@ -0,0 +1,9 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+import type { DbPool } from '@valencets/db';
+export interface AuthContext {
+    readonly userId: string;
+    readonly sessionId: string;
+}
+export type AuthMiddleware = (req: IncomingMessage, res: ServerResponse, next: (ctx: AuthContext) => void) => Promise<void>;
+export declare function createAuthMiddleware(pool: DbPool): AuthMiddleware;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/auth/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAA;AAChE,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,eAAe,CAAA;AAI3C,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B;AAED,MAAM,MAAM,cAAc,GAAG,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,WAAW,KAAK,IAAI,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;AAE3H,wBAAgB,oBAAoB,CAAE,IAAI,EAAE,MAAM,GAAG,cAAc,CA6BlE"}

package/dist/auth/middleware.js

@@ -0,0 +1,26 @@
+import { validateSession } from './session.js';
+import { parseCookie } from './cookie.js';
+export function createAuthMiddleware(pool) {
+    return async (req, res, next) => {
+        const cookieHeader = req.headers.cookie;
+        if (!cookieHeader) {
+            res.writeHead(401, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Unauthorized' }));
+            return;
+        }
+        const sessionId = parseCookie(cookieHeader, 'cms_session');
+        if (!sessionId) {
+            res.writeHead(401, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Unauthorized' }));
+            return;
+        }
+        const result = await validateSession(sessionId, pool);
+        if (result.isErr()) {
+            res.writeHead(401, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Unauthorized' }));
+            return;
+        }
+        next({ userId: result.value, sessionId });
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/auth/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/auth/middleware.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAA;AASzC,MAAM,UAAU,oBAAoB,CAAE,IAAY;IAChD,OAAO,KAAK,EACV,GAAoB,EACpB,GAAmB,EACnB,IAAgC,EACjB,EAAE;QACjB,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAA;QACvC,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAC1D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;YAClD,OAAM;QACR,CAAC;QAED,MAAM,SAAS,GAAG,WAAW,CAAC,YAAY,EAAE,aAAa,CAAC,CAAA;QAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAC1D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;YAClD,OAAM;QACR,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;QACrD,IAAI,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;YACnB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAA;YAC1D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;YAClD,OAAM;QACR,CAAC;QAED,IAAI,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,CAAA;IAC3C,CAAC,CAAA;AACH,CAAC"}

package/dist/auth/password.d.ts

@@ -0,0 +1,5 @@
+import { ResultAsync } from 'neverthrow';
+import type { CmsError } from '../schema/types.js';
+export declare function hashPassword(plain: string): ResultAsync<string, CmsError>;
+export declare function verifyPassword(plain: string, hash: string): ResultAsync<boolean, CmsError>;
+//# sourceMappingURL=password.d.ts.map

package/dist/auth/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AAExC,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAA;AAElD,wBAAgB,YAAY,CAAE,KAAK,EAAE,MAAM,GAAG,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAQ1E;AAED,wBAAgB,cAAc,CAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,CAQ3F"}

package/dist/auth/password.js

@@ -0,0 +1,16 @@
+import argon2 from 'argon2';
+import { ResultAsync } from 'neverthrow';
+import { CmsErrorCode } from '../schema/types.js';
+export function hashPassword(plain) {
+    return ResultAsync.fromPromise(argon2.hash(plain, { type: argon2.argon2id }), (e) => ({
+        code: CmsErrorCode.INTERNAL,
+        message: e instanceof Error ? e.message : 'Password hashing failed'
+    }));
+}
+export function verifyPassword(plain, hash) {
+    return ResultAsync.fromPromise(argon2.verify(hash, plain), (e) => ({
+        code: CmsErrorCode.INTERNAL,
+        message: e instanceof Error ? e.message : 'Password verification failed'
+    }));
+}
+//# sourceMappingURL=password.js.map

package/dist/auth/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAC3B,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAA;AACxC,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAGjD,MAAM,UAAU,YAAY,CAAE,KAAa;IACzC,OAAO,WAAW,CAAC,WAAW,CAC5B,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,EAC7C,CAAC,CAAU,EAAY,EAAE,CAAC,CAAC;QACzB,IAAI,EAAE,YAAY,CAAC,QAAQ;QAC3B,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB;KACpE,CAAC,CACH,CAAA;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAAE,KAAa,EAAE,IAAY;IACzD,OAAO,WAAW,CAAC,WAAW,CAC5B,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,EAC1B,CAAC,CAAU,EAAY,EAAE,CAAC,CAAC;QACzB,IAAI,EAAE,YAAY,CAAC,QAAQ;QAC3B,OAAO,EAAE,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B;KACzE,CAAC,CACH,CAAA;AACH,CAAC"}