npm - @valentinkolb/cloud - Versions diffs - 0.1.0 - Mend

@valentinkolb/cloud 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (196) hide show

package/package.json +69 -0
package/public/logo.svg +1 -0
package/scripts/build.ts +113 -0
package/scripts/preload.ts +73 -0
package/src/_internal/define-app.ts +399 -0
package/src/_internal/heartbeat.ts +33 -0
package/src/_internal/registry.ts +100 -0
package/src/_internal/runtime-context.ts +38 -0
package/src/api/accounts-entities.ts +134 -0
package/src/api/admin-lifecycle.ts +210 -0
package/src/api/auth/schemas.ts +28 -0
package/src/api/auth.ts +230 -0
package/src/api/index.ts +66 -0
package/src/api/me.ts +206 -0
package/src/api/search/schemas.ts +43 -0
package/src/api/search.ts +130 -0
package/src/clients/core.ts +19 -0
package/src/config/env.ts +23 -0
package/src/config/index.ts +6 -0
package/src/config/ssr.ts +58 -0
package/src/contracts/app.ts +140 -0
package/src/contracts/index.ts +5 -0
package/src/contracts/profile.ts +67 -0
package/src/contracts/registry.ts +50 -0
package/src/contracts/settings-types.ts +84 -0
package/src/contracts/shared.ts +258 -0
package/src/contracts/widgets.ts +121 -0
package/src/index.ts +6 -0
package/src/server/api/index.ts +1 -0
package/src/server/api/respond.ts +55 -0
package/src/server/api-client.ts +54 -0
package/src/server/app-context.ts +39 -0
package/src/server/index.ts +62 -0
package/src/server/middleware/auth.ts +168 -0
package/src/server/middleware/index.ts +7 -0
package/src/server/middleware/middleware.ts +47 -0
package/src/server/middleware/openapi.ts +126 -0
package/src/server/middleware/rate-limit.ts +126 -0
package/src/server/middleware/request-logger.ts +41 -0
package/src/server/middleware/validator.ts +35 -0
package/src/server/services/access.ts +294 -0
package/src/server/services/freeipa/client.ts +100 -0
package/src/server/services/freeipa/index.ts +9 -0
package/src/server/services/freeipa/session.ts +78 -0
package/src/server/services/freeipa/tls.ts +48 -0
package/src/server/services/freeipa/util.ts +60 -0
package/src/server/services/geo.ts +154 -0
package/src/server/services/index.ts +28 -0
package/src/server/services/services.ts +13 -0
package/src/services/account-lifecycle/audit.ts +41 -0
package/src/services/account-lifecycle/index.ts +907 -0
package/src/services/account-lifecycle/scheduler.ts +347 -0
package/src/services/account-model.ts +21 -0
package/src/services/accounts/app.ts +966 -0
package/src/services/accounts/authz.ts +22 -0
package/src/services/accounts/base-group.ts +11 -0
package/src/services/accounts/base-user.ts +45 -0
package/src/services/accounts/entities.ts +529 -0
package/src/services/accounts/group-sql.ts +106 -0
package/src/services/accounts/groups.ts +246 -0
package/src/services/accounts/index.ts +14 -0
package/src/services/accounts/ipa-data.ts +64 -0
package/src/services/accounts/lifecycle.ts +2 -0
package/src/services/accounts/local-groups.ts +491 -0
package/src/services/accounts/model.ts +135 -0
package/src/services/accounts/switching.ts +117 -0
package/src/services/accounts/users.ts +714 -0
package/src/services/auth-flows/index.ts +6 -0
package/src/services/auth-flows/ipa.ts +128 -0
package/src/services/auth-flows/magic-link.ts +119 -0
package/src/services/freeipa-config.ts +89 -0
package/src/services/index.ts +46 -0
package/src/services/ipa/auth.ts +122 -0
package/src/services/ipa/groups.ts +684 -0
package/src/services/ipa/guard.ts +17 -0
package/src/services/ipa/index.ts +17 -0
package/src/services/ipa/profile.ts +90 -0
package/src/services/ipa/search.ts +154 -0
package/src/services/ipa/sync.ts +740 -0
package/src/services/ipa/users.ts +794 -0
package/src/services/logging/index.ts +294 -0
package/src/services/notifications/email.ts +123 -0
package/src/services/notifications/index.ts +413 -0
package/src/services/postgres.ts +51 -0
package/src/services/providers/index.ts +27 -0
package/src/services/providers/local/auth.ts +13 -0
package/src/services/providers/local/index.ts +4 -0
package/src/services/providers/local/users.ts +255 -0
package/src/services/session/index.ts +137 -0
package/src/services/settings/api.ts +61 -0
package/src/services/settings/app.ts +101 -0
package/src/services/settings/crypto.ts +69 -0
package/src/services/settings/defaults.ts +824 -0
package/src/services/settings/index.ts +203 -0
package/src/services/settings/namespace.ts +9 -0
package/src/services/settings/snapshot.ts +49 -0
package/src/services/settings/store.ts +179 -0
package/src/services/settings/templates.ts +10 -0
package/src/services/weather/forecast.ts +287 -0
package/src/services/weather/geo.ts +110 -0
package/src/services/weather/index.ts +99 -0
package/src/services/weather/location.ts +24 -0
package/src/services/weather/locations.ts +125 -0
package/src/services/weather/migrate.ts +22 -0
package/src/services/weather/types.ts +61 -0
package/src/services/weather/ui.ts +50 -0
package/src/shared/account-display.ts +17 -0
package/src/shared/account-session.ts +15 -0
package/src/shared/icons.ts +109 -0
package/src/shared/index.ts +10 -0
package/src/shared/markdown/client.ts +130 -0
package/src/shared/markdown/extensions/code.ts +58 -0
package/src/shared/markdown/extensions/images.ts +43 -0
package/src/shared/markdown/extensions/info-blocks.ts +93 -0
package/src/shared/markdown/extensions/katex.ts +120 -0
package/src/shared/markdown/extensions/links.ts +34 -0
package/src/shared/markdown/extensions/tables.ts +88 -0
package/src/shared/markdown/extensions/task-list.ts +53 -0
package/src/shared/markdown/index.ts +97 -0
package/src/shared/markdown/shared.ts +36 -0
package/src/ssr/AdminLayout.tsx +42 -0
package/src/ssr/AdminSidebar.tsx +95 -0
package/src/ssr/Footer.island.tsx +62 -0
package/src/ssr/GlobalSearchDialog.tsx +389 -0
package/src/ssr/GlobalSearchHelpDialog.tsx +106 -0
package/src/ssr/GlobalSearchTrigger.island.tsx +42 -0
package/src/ssr/HotkeysHelpRail.island.tsx +99 -0
package/src/ssr/Layout.tsx +326 -0
package/src/ssr/MoreAppsDropdown.island.tsx +61 -0
package/src/ssr/NavMenu.island.tsx +108 -0
package/src/ssr/ThemeToggleRail.island.tsx +27 -0
package/src/ssr/index.ts +5 -0
package/src/ssr/islands/SearchBar.island.tsx +77 -0
package/src/ssr/islands/index.ts +1 -0
package/src/ssr/runtime.ts +22 -0
package/src/styles/base-popover.css +28 -0
package/src/styles/effects.css +65 -0
package/src/styles/global.css +133 -0
package/src/styles/input.css +54 -0
package/src/styles/tokens.css +35 -0
package/src/styles/utilities-buttons.css +125 -0
package/src/styles/utilities-feedback.css +65 -0
package/src/styles/utilities-layout.css +122 -0
package/src/styles/utilities-navigation.css +196 -0
package/src/types/ambient.d.ts +8 -0
package/src/ui/admin-settings.tsx +148 -0
package/src/ui/dialog-core.ts +146 -0
package/src/ui/filter/FilterChip.tsx +196 -0
package/src/ui/filter/index.ts +2 -0
package/src/ui/index.ts +19 -0
package/src/ui/input/Checkbox.tsx +55 -0
package/src/ui/input/ColorInput.tsx +122 -0
package/src/ui/input/DateTimeInput.tsx +86 -0
package/src/ui/input/ImageInput.tsx +170 -0
package/src/ui/input/NumberInput.tsx +113 -0
package/src/ui/input/PinInput.tsx +169 -0
package/src/ui/input/SegmentedControl.tsx +99 -0
package/src/ui/input/Select.tsx +288 -0
package/src/ui/input/SelectChip.tsx +61 -0
package/src/ui/input/Slider.tsx +118 -0
package/src/ui/input/Switch.tsx +62 -0
package/src/ui/input/TagsInput.tsx +115 -0
package/src/ui/input/TextInput.tsx +160 -0
package/src/ui/input/index.ts +13 -0
package/src/ui/input/types.ts +42 -0
package/src/ui/input/util.tsx +105 -0
package/src/ui/ipa/Avatar.tsx +28 -0
package/src/ui/ipa/GroupView.tsx +36 -0
package/src/ui/ipa/LoginBtn.tsx +16 -0
package/src/ui/ipa/UserView.tsx +58 -0
package/src/ui/ipa/index.ts +4 -0
package/src/ui/misc/ContextMenu.tsx +211 -0
package/src/ui/misc/CopyButton.tsx +28 -0
package/src/ui/misc/Dropdown.tsx +194 -0
package/src/ui/misc/EntitySearch.tsx +213 -0
package/src/ui/misc/Lightbox.tsx +194 -0
package/src/ui/misc/LinkCard.tsx +34 -0
package/src/ui/misc/LogEntriesTable.tsx +61 -0
package/src/ui/misc/MarkdownView.tsx +65 -0
package/src/ui/misc/Pagination.tsx +51 -0
package/src/ui/misc/PermissionEditor.tsx +379 -0
package/src/ui/misc/ProgressBar.tsx +47 -0
package/src/ui/misc/RemoveBtn.tsx +27 -0
package/src/ui/misc/StatCell.tsx +90 -0
package/src/ui/misc/index.ts +18 -0
package/src/ui/navigation.ts +32 -0
package/src/ui/prompts.tsx +854 -0
package/src/ui/sidebar.tsx +468 -0
package/src/ui/widgets/Widget.tsx +62 -0
package/src/ui/widgets/WidgetCard.tsx +19 -0
package/src/ui/widgets/WidgetHero.tsx +39 -0
package/src/ui/widgets/WidgetList.tsx +84 -0
package/src/ui/widgets/WidgetPills.tsx +68 -0
package/src/ui/widgets/WidgetStat.tsx +67 -0
package/src/ui/widgets/WidgetStatus.tsx +62 -0
package/src/ui/widgets/index.ts +9 -0

package/src/services/ipa/index.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { providers } from "../providers";
+import { search } from "./search";
+export const ipa = {
+  auth: providers.ipa.auth,
+  users: {
+    ...providers.ipa.users,
+    addIpa: providers.ipa.users.create,
+    delete: providers.ipa.users.remove,
+  },
+  groups: {
+    ...providers.ipa.groups,
+    delete: providers.ipa.groups.remove,
+  },
+  search,
+  sync: providers.ipa.sync,
+};

package/src/services/ipa/profile.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * Centralized profile calculation for IPA-backed users.
+ *
+ * The calculation uses the local mirrored IPA group tree only and treats
+ * `auth.groups.id` as the canonical group identity.
+ */
+import { sql } from "bun";
+import { calculateIpaProfileFromGroupNames } from "../account-model";
+import { getFreeIpaConfig } from "../freeipa-config";
+type DbRow = Record<string, unknown>;
+/**
+ * Get all IPA group names a user belongs to (direct + inherited via parent groups).
+ */
+export const getAllUserGroups = async (userId: string): Promise<string[]> => {
+  const rows: DbRow[] = await sql`
+    WITH RECURSIVE all_groups AS (
+      SELECT ug.group_id
+      FROM auth.user_groups_v2 ug
+      JOIN auth.groups g ON g.id = ug.group_id
+      WHERE ug.user_id = ${userId} AND g.provider = 'ipa'
+      UNION
+      SELECT gg.parent_group_id
+      FROM auth.group_groups_v2 gg
+      JOIN auth.groups g ON g.id = gg.parent_group_id
+      JOIN all_groups ag ON gg.child_group_id = ag.group_id
+      WHERE g.provider = 'ipa'
+    )
+    SELECT DISTINCT g.name
+    FROM all_groups ag
+    JOIN auth.groups g ON g.id = ag.group_id
+    ORDER BY g.name
+  `;
+  return rows.map((row) => row.name as string);
+};
+/**
+ * Calculate canonical IPA profile from effective group names. Reads
+ * `freeipa.groups.base_ipa_realm` from settings (cache-aside).
+ */
+export const calculateIpaProfile = async (memberOfGroups: string[]): Promise<"user" | "guest"> => {
+  const config = await getFreeIpaConfig();
+  return calculateIpaProfileFromGroupNames(memberOfGroups, config.groupsBaseIpaRealm);
+};
+/**
+ * Calculate canonical IPA profile for a user from the local DB mirror.
+ */
+export const calculateIpaProfileFromLocalDb = async (userId: string): Promise<"user" | "guest"> => {
+  const groups = await getAllUserGroups(userId);
+  return calculateIpaProfile(groups);
+};
+/**
+ * Update one IPA-backed user's canonical profile projection.
+ */
+export const updateUserIpaProfile = async (userId: string): Promise<void> => {
+  const profile = await calculateIpaProfileFromLocalDb(userId);
+  await sql`
+    UPDATE auth.users
+    SET provider = 'ipa',
+        profile = ${profile}
+    WHERE id = ${userId} AND provider = 'ipa'
+  `;
+};
+/**
+ * Update all IPA-backed users affected by a group hierarchy change.
+ */
+export const updateProfileForAffectedUsers = async (groupId: string): Promise<void> => {
+  const affectedUsers: DbRow[] = await sql`
+    WITH RECURSIVE affected_groups AS (
+      SELECT ${groupId}::uuid AS group_id
+      UNION
+      SELECT gg.child_group_id
+      FROM auth.group_groups_v2 gg
+      JOIN affected_groups ag ON gg.parent_group_id = ag.group_id
+    )
+    SELECT DISTINCT ug.user_id
+    FROM auth.user_groups_v2 ug
+    JOIN affected_groups ag ON ug.group_id = ag.group_id
+  `;
+  for (const row of affectedUsers) {
+    await updateUserIpaProfile(row.user_id as string);
+  }
+};

package/src/services/ipa/search.ts ADDED Viewed

@@ -0,0 +1,154 @@
+import { sql } from "bun";
+import type { BaseUser, BaseGroup, UserProvider, UserProfile } from "../../contracts/shared";
+import { buildRoles } from "../account-model";
+import { freeipa } from "../../server/services";
+import { toPgTextArray, toPgUuidArray } from "../postgres";
+import { getFreeIpaConfig } from "../freeipa-config";
+// ==========================
+// Search Options
+// ==========================
+export type SearchOptions = {
+  /** Search users */
+  users?: boolean;
+  /** Search groups */
+  groups?: boolean;
+  /** User UUIDs to exclude from results */
+  excludeUserIds?: string[];
+  /** Group IDs to exclude from results */
+  excludeGroups?: string[];
+  /** Only return groups the user is a member of */
+  onlyUserGroups?: string[];
+  /** Only return POSIX groups (have gid_number) */
+  onlyPosixGroups?: boolean;
+  /** Only return users that are members of these groups */
+  usersInGroups?: string[];
+};
+// ==========================
+// Search (autocomplete for member/manager add dialogs)
+// Returns BaseUser/BaseGroup (no relations needed for autocomplete)
+// ==========================
+/**
+ * Executes a filtered lookup query and returns normalized matches.
+ */
+export const search = async (query: string, options: SearchOptions): Promise<{ users: BaseUser[]; groups: BaseGroup[] }> => {
+  const q = `%${freeipa.util.escapeLike(query.toLowerCase())}%`;
+  let users: BaseUser[] = [];
+  let groups: BaseGroup[] = [];
+  // ========== Search Users ==========
+  if (options.users) {
+    const excludeIds = options.excludeUserIds ?? [];
+    const inGroups = options.usersInGroups ?? [];
+    const groupsAdmin = (await getFreeIpaConfig()).groupsAdmin;
+    // Build optional WHERE fragments
+    const excludeFilter = excludeIds.length > 0 ? sql`AND u.id <> ALL(${toPgUuidArray(excludeIds)}::uuid[])` : sql``;
+    const groupFilter =
+      inGroups.length > 0
+        ? sql`AND EXISTS (
+            SELECT 1
+            FROM auth.user_groups_v2 ug
+            JOIN auth.groups g ON g.id = ug.group_id
+            WHERE ug.user_id = u.id
+              AND g.provider = 'ipa'
+              AND ug.group_id = ANY(${toPgUuidArray(inGroups)}::uuid[])
+          )`
+        : sql``;
+    const rows = await sql`
+      SELECT u.id, u.uid, u.provider, u.profile, u.given_name, u.sn, u.display_name, u.mail,
+        EXISTS(
+          SELECT 1
+          FROM auth.user_groups_v2 ug_admin
+          JOIN auth.groups g_admin ON g_admin.id = ug_admin.group_id
+          WHERE ug_admin.user_id = u.id
+            AND g_admin.provider = 'ipa'
+            AND g_admin.name = ANY(${toPgTextArray(groupsAdmin)}::text[])
+        ) AS effective_admin
+      FROM auth.users u
+      WHERE u.provider = 'ipa'
+        AND (
+          LOWER(u.uid) LIKE ${q} ESCAPE '\\' OR LOWER(u.display_name) LIKE ${q} ESCAPE '\\' OR
+          LOWER(u.given_name) LIKE ${q} ESCAPE '\\' OR LOWER(u.sn) LIKE ${q} ESCAPE '\\' OR LOWER(u.mail) LIKE ${q} ESCAPE '\\'
+        )
+        ${excludeFilter}
+        ${groupFilter}
+      ORDER BY u.uid
+      LIMIT 10
+    `;
+    type UserRow = {
+      id: string;
+      uid: string;
+      provider: UserProvider;
+      profile: UserProfile;
+      effective_admin: boolean | null;
+      given_name: string | null;
+      sn: string | null;
+      display_name: string | null;
+      mail: string | null;
+    };
+    users = (rows as UserRow[]).map((row) => ({
+      id: row.id,
+      uid: row.uid,
+      roles: buildRoles({
+        provider: row.provider,
+        profile: row.profile,
+        memberofGroup: [],
+        manages: [],
+        admin: Boolean(row.effective_admin),
+      }),
+      provider: row.provider,
+      profile: row.profile,
+      givenname: row.given_name ?? "",
+      sn: row.sn ?? "",
+      displayName: row.display_name ?? "",
+      mail: row.mail ?? null,
+    }));
+  }
+  // ========== Search Groups ==========
+  if (options.groups) {
+    const excludeIds = options.excludeGroups ?? [];
+    const onlyUserGroups = options.onlyUserGroups ?? [];
+    const onlyPosix = options.onlyPosixGroups ?? false;
+    // Build optional WHERE fragments
+    const excludeFilter = excludeIds.length > 0 ? sql`AND id <> ALL(${toPgUuidArray(excludeIds)}::uuid[])` : sql``;
+    const userGroupsFilter = onlyUserGroups.length > 0 ? sql`AND id = ANY(${toPgUuidArray(onlyUserGroups)}::uuid[])` : sql``;
+    const posixFilter = onlyPosix ? sql`AND gid_number IS NOT NULL` : sql``;
+    const rows = await sql`
+      SELECT id, provider, name, description, gid_number
+      FROM auth.groups
+      WHERE provider = 'ipa'
+        AND (LOWER(name) LIKE ${q} ESCAPE '\\' OR LOWER(description) LIKE ${q} ESCAPE '\\')
+        ${excludeFilter}
+        ${userGroupsFilter}
+        ${posixFilter}
+      ORDER BY name
+      LIMIT 10
+    `;
+    type GroupRow = {
+      id: string;
+      provider: UserProvider;
+      name: string;
+      description: string | null;
+      gid_number: number | null;
+    };
+    groups = (rows as GroupRow[]).map((row) => ({
+      id: row.id,
+      provider: row.provider,
+      name: row.name,
+      description: row.description ?? null,
+      gidnumber: row.gid_number ?? null,
+    }));
+  }
+  return { users, groups };
+};