npm - @wecode-team/cms-supabase-api - Versions diffs - 0.1.48 → 0.1.49 - Mend

@wecode-team/cms-supabase-api 0.1.48 → 0.1.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/handlers/auth.d.ts +30 -0
package/dist/index.esm.js +361 -213
package/dist/index.esm.js.map +1 -1
package/dist/index.js +361 -213
package/dist/index.js.map +1 -1
package/dist/utils/admin-registry.d.ts +5 -0
package/package.json +2 -1

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 'use strict';
 var supabaseJs = require('@supabase/supabase-js');
+var emailVerify = require('@wecode-team/email-verify');
 var jwt = require('jsonwebtoken');
 var bcrypt = require('bcryptjs');
@@ -1033,8 +1034,8 @@ function _defineProperty(e, r, t) {
   }) : e[r] = t, e;
 }
-function ownKeys$4(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$4(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$4(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$4(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys$3(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread$3(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$3(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$3(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function _createForOfIteratorHelper$2(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray$3(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n = 0, F = function F() {}; return { s: F, n: function n() { return _n >= r.length ? { done: !0 } : { done: !1, value: r[_n++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
 function _unsupportedIterableToArray$3(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray$3(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray$3(r, a) : void 0; } }
 function _arrayLikeToArray$3(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
@@ -2090,7 +2091,7 @@ var DynamicTableService = /*#__PURE__*/function () {
               throw error;
             case 2:
               return _context14.abrupt("return", (data || []).map(function (item) {
-                return _objectSpread$4({
+                return _objectSpread$3({
                   id: item.id,
                   label: item[displayField] || "ID: ".concat(item.id)
                 }, item);
@@ -2203,8 +2204,8 @@ function getDynamicTableService() {
   return defaultService$1;
 }
-function ownKeys$3(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$3(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$3(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$3(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys$2(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread$2(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$2(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$2(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 var AuthService = /*#__PURE__*/function () {
   function AuthService() {
     _classCallCheck(this, AuthService);
@@ -2381,7 +2382,7 @@ var AuthService = /*#__PURE__*/function () {
         return _regeneratorRuntime.wrap(function (_context4) {
           while (1) switch (_context4.prev = _context4.next) {
             case 0:
-              finalUserData = _objectSpread$3({
+              finalUserData = _objectSpread$2({
                 tableName: this.defaultTableName
               }, userData);
               _context4.prev = 1;
@@ -2439,7 +2440,7 @@ var AuthService = /*#__PURE__*/function () {
             case 0:
               updateData = _args5.length > 1 && _args5[1] !== undefined ? _args5[1] : {};
               // 设置默认值
-              finalUpdateData = _objectSpread$3({
+              finalUpdateData = _objectSpread$2({
                 tableName: this.defaultTableName
               }, updateData);
               _context5.prev = 1;
@@ -2847,8 +2848,8 @@ function _toConsumableArray(r) {
   return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray$2(r) || _nonIterableSpread();
 }
-function ownKeys$2(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$2(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$2(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$2(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys$1(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread$1(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$1(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$1(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function _callSuper$1(t, o, e) { return o = _getPrototypeOf(o), _possibleConstructorReturn(t, _isNativeReflectConstruct$1() ? Reflect.construct(o, e || [], _getPrototypeOf(t).constructor) : o.apply(t, e)); }
 function _isNativeReflectConstruct$1() { try { var t = !Boolean.prototype.valueOf.call(Reflect.construct(Boolean, [], function () {})); } catch (t) {} return (_isNativeReflectConstruct$1 = function _isNativeReflectConstruct() { return !!t; })(); }
 // src/error.ts
@@ -3376,7 +3377,7 @@ var DEFAULT_LIMITS = {
   other: 10 * 1024 * 1024
 };
 function getSizeLimit(fileName, limits) {
-  var merged = _objectSpread$2(_objectSpread$2({}, DEFAULT_LIMITS), limits);
+  var merged = _objectSpread$1(_objectSpread$1({}, DEFAULT_LIMITS), limits);
   if (isImage(fileName)) return merged.image;
   if (isVideo(fileName)) return merged.video;
   return merged.other;
@@ -3404,7 +3405,7 @@ function _compressImageBlob() {
     return _regeneratorRuntime.wrap(function (_context10) {
       while (1) switch (_context10.prev = _context10.next) {
         case 0:
-          opts = _objectSpread$2(_objectSpread$2({}, DEFAULT_COMPRESS), options);
+          opts = _objectSpread$1(_objectSpread$1({}, DEFAULT_COMPRESS), options);
           if (!(typeof createImageBitmap === "undefined" || typeof OffscreenCanvas === "undefined")) {
             _context10.next = 1;
             break;
@@ -3470,7 +3471,7 @@ function _processFile() {
     return _regeneratorRuntime.wrap(function (_context11) {
       while (1) switch (_context11.prev = _context11.next) {
         case 0:
-          opts = _objectSpread$2(_objectSpread$2({}, DEFAULT_COMPRESS), compress);
+          opts = _objectSpread$1(_objectSpread$1({}, DEFAULT_COMPRESS), compress);
           if (!(opts.enabled && isImage(fileName))) {
             _context11.next = 2;
             break;
@@ -3534,7 +3535,7 @@ function createOssClient() {
   var allowedExtensions = options.allowedExtensions;
   function mergeRetry(override) {
     if (!defaultRetry && !override) return void 0;
-    return _objectSpread$2(_objectSpread$2({}, defaultRetry), override);
+    return _objectSpread$1(_objectSpread$1({}, defaultRetry), override);
   }
   function resolveCompress(override) {
     if (override === false) return {
@@ -3544,7 +3545,7 @@ function createOssClient() {
       enabled: false
     };
     var base = _typeof$1(defaultCompress) === "object" ? defaultCompress : {};
-    return override ? _objectSpread$2(_objectSpread$2({}, base), override) : Object.keys(base).length ? base : void 0;
+    return override ? _objectSpread$1(_objectSpread$1({}, base), override) : Object.keys(base).length ? base : void 0;
   }
   function uploadOne(_x25, _x26, _x27, _x28) {
     return _uploadOne.apply(this, arguments);
@@ -3630,7 +3631,7 @@ function createOssClient() {
                     var i = index++;
                     var item = files[i];
                     running++;
-                    var fileOpts = _objectSpread$2({
+                    var fileOpts = _objectSpread$1({
                       retry: opts === null || opts === void 0 ? void 0 : opts.retry,
                       compress: opts === null || opts === void 0 ? void 0 : opts.compress
                     }, item.options);
@@ -4046,12 +4047,12 @@ function _getSessionAdminRow() {
   }));
   return _getSessionAdminRow.apply(this, arguments);
 }
-function isUserSessionAdmin(_x4, _x5, _x6) {
-  return _isUserSessionAdmin.apply(this, arguments);
+function getSessionAdminRowByEmail(_x4, _x5, _x6) {
+  return _getSessionAdminRowByEmail.apply(this, arguments);
 }
-function _isUserSessionAdmin() {
-  _isUserSessionAdmin = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(supabase, sessionId, userId) {
-    var row;
+function _getSessionAdminRowByEmail() {
+  _getSessionAdminRowByEmail = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(supabase, sessionId, email) {
+    var row, normalizedEmail, rowEmail;
     return _regeneratorRuntime.wrap(function (_context3) {
       while (1) switch (_context3.prev = _context3.next) {
         case 0:
@@ -4063,15 +4064,51 @@ function _isUserSessionAdmin() {
             _context3.next = 2;
             break;
           }
-          return _context3.abrupt("return", false);
+          return _context3.abrupt("return", null);
         case 2:
-          return _context3.abrupt("return", row.user_id === userId);
+          normalizedEmail = (email || "").trim().toLowerCase();
+          rowEmail = (row.email || "").trim().toLowerCase();
+          if (!(!normalizedEmail || rowEmail !== normalizedEmail)) {
+            _context3.next = 3;
+            break;
+          }
+          return _context3.abrupt("return", null);
         case 3:
+          return _context3.abrupt("return", row);
+        case 4:
         case "end":
           return _context3.stop();
       }
     }, _callee3);
   }));
+  return _getSessionAdminRowByEmail.apply(this, arguments);
+}
+function isUserSessionAdmin(_x7, _x8, _x9) {
+  return _isUserSessionAdmin.apply(this, arguments);
+}
+function _isUserSessionAdmin() {
+  _isUserSessionAdmin = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee4(supabase, sessionId, userId) {
+    var row;
+    return _regeneratorRuntime.wrap(function (_context4) {
+      while (1) switch (_context4.prev = _context4.next) {
+        case 0:
+          _context4.next = 1;
+          return getSessionAdminRow(supabase, sessionId);
+        case 1:
+          row = _context4.sent;
+          if (row) {
+            _context4.next = 2;
+            break;
+          }
+          return _context4.abrupt("return", false);
+        case 2:
+          return _context4.abrupt("return", row.user_id === userId);
+        case 3:
+        case "end":
+          return _context4.stop();
+      }
+    }, _callee4);
+  }));
   return _isUserSessionAdmin.apply(this, arguments);
 }
@@ -4759,8 +4796,8 @@ var _excluded = ["id", "created_at", "updated_at"],
 function _createForOfIteratorHelper(r, e) { var t = "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (!t) { if (Array.isArray(r) || (t = _unsupportedIterableToArray(r)) || e && r && "number" == typeof r.length) { t && (r = t); var _n2 = 0, F = function F() {}; return { s: F, n: function n() { return _n2 >= r.length ? { done: !0 } : { done: !1, value: r[_n2++] }; }, e: function e(r) { throw r; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var o, a = !0, u = !1; return { s: function s() { t = t.call(r); }, n: function n() { var r = t.next(); return a = r.done, r; }, e: function e(r) { u = !0, o = r; }, f: function f() { try { a || null == t["return"] || t["return"](); } finally { if (u) throw o; } } }; }
 function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
 function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
-function ownKeys$1(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread$1(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys$1(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys$1(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function normalizeJsonLikeFields(schemaFields, payload) {
   if (!schemaFields || schemaFields.length === 0) return payload;
   var jsonLikeFieldNames = new Set(schemaFields.filter(function (f) {
@@ -4769,7 +4806,7 @@ function normalizeJsonLikeFields(schemaFields, payload) {
     return f.name;
   }));
   if (jsonLikeFieldNames.size === 0) return payload;
-  var normalized = _objectSpread$1({}, payload);
+  var normalized = _objectSpread({}, payload);
   for (var _i = 0, _Object$entries = Object.entries(payload); _i < _Object$entries.length; _i++) {
     var _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2),
       key = _Object$entries$_i[0],
@@ -5889,8 +5926,6 @@ var AuthUtils = /*#__PURE__*/function () {
   }]);
 }();
-function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
-function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
 function getRoleFromSupabaseUser$2(user) {
   var _user$app_metadata, _user$user_metadata;
   var appRole = user === null || user === void 0 || (_user$app_metadata = user.app_metadata) === null || _user$app_metadata === void 0 ? void 0 : _user$app_metadata.role;
@@ -5900,10 +5935,46 @@ function getRoleFromSupabaseUser$2(user) {
 function getAdminRegistrySetupSQL() {
   return "-- Create admin registry table (run in Supabase SQL editor)\nCREATE TABLE IF NOT EXISTS \"_cms_admin_registry\" (\n  session_id TEXT PRIMARY KEY,\n  user_id UUID NOT NULL,\n  email TEXT,\n  created_at TIMESTAMPTZ DEFAULT NOW()\n);\n\nALTER TABLE \"_cms_admin_registry\" ENABLE ROW LEVEL SECURITY;\nDROP POLICY IF EXISTS \"Allow all operations\" ON \"_cms_admin_registry\";\nCREATE POLICY \"Allow all operations\" ON \"_cms_admin_registry\"\n  FOR ALL USING (true) WITH CHECK (true);";
 }
-function isSupabaseUserAlreadyExistsError(error) {
-  var msg = String((error === null || error === void 0 ? void 0 : error.message) || "").toLowerCase();
-  // 兼容不同 Supabase 文案
-  return msg.includes("already registered") || msg.includes("already exists") || msg.includes("user already") || msg.includes("email address") && msg.includes("already");
+function isEmailLike(value) {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value.trim());
+}
+var PASSWORD_RESET_MESSAGES = {
+  "zh-CN": {
+    emailRequired: "邮箱不能为空",
+    emailInvalid: "请输入邮箱格式的用户名",
+    codeRequired: "验证码不能为空",
+    passwordTooShort: "新密码至少需要 6 位",
+    codeSent: "如果账号存在，验证码已发送",
+    codeSendFailed: "发送重置密码验证码失败",
+    codeSendRetry: "验证码发送失败，请稍后重试",
+    userNotFound: "验证码无效或账号不存在",
+    codeInvalidOrExpired: "验证码无效或已过期",
+    resetSuccess: "密码已重置，请重新登录",
+    resetFailed: "重置密码失败"
+  },
+  "en-US": {
+    emailRequired: "Email is required",
+    emailInvalid: "Please enter a valid email address",
+    codeRequired: "Verification code is required",
+    passwordTooShort: "New password must be at least 6 characters",
+    codeSent: "If the account exists, a verification code has been sent",
+    codeSendFailed: "Failed to send password reset code",
+    codeSendRetry: "Failed to send verification code. Please try again later",
+    userNotFound: "Invalid code or account not found",
+    codeInvalidOrExpired: "Invalid or expired verification code",
+    resetSuccess: "Password has been reset. Please log in again",
+    resetFailed: "Failed to reset password"
+  }
+};
+function getLocaleFromRequest(c) {
+  var raw = (c.req.header("accept-language") || c.req.header("Accept-Language") || "").toLowerCase();
+  if (raw.includes("en")) {
+    return "en-US";
+  }
+  return "zh-CN";
+}
+function getPasswordResetMessages(c) {
+  return PASSWORD_RESET_MESSAGES[getLocaleFromRequest(c)];
 }
 function toSupabaseEmail(account, sessionId) {
   // 简单规则：`{session_id}_{邮箱前缀}@{邮箱后缀}`
@@ -5915,168 +5986,235 @@ function toSupabaseEmail(account, sessionId) {
   var sid = normalizeSessionId(sessionId);
   return "".concat(sid, "_").concat(localPart, "@").concat(domain);
 }
-function buildAdminMetadata(existingMetadata, sessionId, account) {
-  return _objectSpread(_objectSpread({}, existingMetadata || {}), {}, {
-    role: "admin",
-    session_id: normalizeSessionId(sessionId),
-    original_username: account
-  });
+function isEmailVerifyError(error) {
+  var name = String((error === null || error === void 0 ? void 0 : error.name) || "");
+  return name === "EmailVerifyError";
 }
-function findAuthUserByEmail(_x, _x2) {
-  return _findAuthUserByEmail.apply(this, arguments);
+// POST - 发送重置密码验证码
+function forgotPassword(_x, _x2) {
+  return _forgotPassword.apply(this, arguments);
 }
-function _findAuthUserByEmail() {
-  _findAuthUserByEmail = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee2(supabase, email) {
-    var normalizedEmail, page, _yield$supabase$auth$2, data, error, users, matchedUser;
+// POST - 通过邮箱验证码重置密码
+function _forgotPassword() {
+  _forgotPassword = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee2(c, tableName) {
+    var _body$username, i18n, body, account, supabase, sessionId, adminRow, _i18n, _t3;
     return _regeneratorRuntime.wrap(function (_context2) {
       while (1) switch (_context2.prev = _context2.next) {
         case 0:
-          normalizedEmail = email.trim().toLowerCase();
-          page = 1;
+          _context2.prev = 0;
+          i18n = getPasswordResetMessages(c);
+          _context2.next = 1;
+          return c.req.json();
         case 1:
-          if (!(page <= 10)) {
-            _context2.next = 6;
+          body = _context2.sent;
+          account = (_body$username = body.username) === null || _body$username === void 0 ? void 0 : _body$username.trim();
+          if (account) {
+            _context2.next = 2;
             break;
           }
-          _context2.next = 2;
-          return supabase.auth.admin.listUsers({
-            page: page,
-            perPage: 200
-          });
+          return _context2.abrupt("return", c.json({
+            success: false,
+            message: i18n.emailRequired
+          }, 200));
         case 2:
-          _yield$supabase$auth$2 = _context2.sent;
-          data = _yield$supabase$auth$2.data;
-          error = _yield$supabase$auth$2.error;
-          if (!error) {
+          if (isEmailLike(account)) {
             _context2.next = 3;
             break;
           }
-          throw error;
+          return _context2.abrupt("return", c.json({
+            success: false,
+            message: i18n.emailInvalid
+          }, 200));
         case 3:
-          users = (data === null || data === void 0 ? void 0 : data.users) || [];
-          matchedUser = users.find(function (user) {
-            var _user$email;
-            return ((_user$email = user.email) === null || _user$email === void 0 ? void 0 : _user$email.trim().toLowerCase()) === normalizedEmail;
-          });
-          if (!matchedUser) {
-            _context2.next = 4;
-            break;
-          }
-          return _context2.abrupt("return", matchedUser);
+          supabase = getSupabase();
+          sessionId = extractSessionIdFromAuthTableName(tableName);
+          _context2.next = 4;
+          return getSessionAdminRowByEmail(supabase, sessionId, account);
         case 4:
-          if (!(users.length < 200)) {
+          adminRow = _context2.sent;
+          if (adminRow !== null && adminRow !== void 0 && adminRow.user_id) {
             _context2.next = 5;
             break;
           }
-          return _context2.abrupt("return", null);
+          return _context2.abrupt("return", c.json({
+            success: true,
+            message: i18n.codeSent
+          }, 200));
         case 5:
-          page += 1;
-          _context2.next = 1;
-          break;
+          _context2.next = 6;
+          return emailVerify.sendCode(account);
         case 6:
-          return _context2.abrupt("return", null);
+          return _context2.abrupt("return", c.json({
+            success: true,
+            message: i18n.codeSent
+          }, 200));
         case 7:
+          _context2.prev = 7;
+          _t3 = _context2["catch"](0);
+          console.error("发送重置密码验证码失败:", _t3);
+          _i18n = getPasswordResetMessages(c);
+          return _context2.abrupt("return", c.json({
+            success: false,
+            message: isEmailVerifyError(_t3) ? _i18n.codeSendRetry : _i18n.codeSendFailed,
+            error: _t3.message
+          }, 500));
+        case 8:
         case "end":
           return _context2.stop();
       }
-    }, _callee2);
+    }, _callee2, null, [[0, 7]]);
   }));
-  return _findAuthUserByEmail.apply(this, arguments);
+  return _forgotPassword.apply(this, arguments);
 }
-function insertAdminRegistryRow(_x3, _x4, _x5, _x6) {
-  return _insertAdminRegistryRow.apply(this, arguments);
+function resetPassword(_x3, _x4) {
+  return _resetPassword.apply(this, arguments);
 }
-function _insertAdminRegistryRow() {
-  _insertAdminRegistryRow = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(supabase, sessionId, userId, account) {
+function _resetPassword() {
+  _resetPassword = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee3(c, tableName) {
+    var _body$username2, _body$code, i18n, body, account, code, password, supabase, sessionId, adminRow, verifyResult, _yield$supabase$auth$2, updateError, _i18n2, _t4;
     return _regeneratorRuntime.wrap(function (_context3) {
       while (1) switch (_context3.prev = _context3.next) {
         case 0:
+          _context3.prev = 0;
+          i18n = getPasswordResetMessages(c);
           _context3.next = 1;
-          return supabase.from("_cms_admin_registry").insert({
-            session_id: normalizeSessionId(sessionId),
-            user_id: userId,
-            email: account
-          });
-        case 1:
-          return _context3.abrupt("return", _context3.sent);
-        case 2:
-        case "end":
-          return _context3.stop();
-      }
-    }, _callee3);
-  }));
-  return _insertAdminRegistryRow.apply(this, arguments);
-}
-function promoteExistingUserToSessionAdmin(_x7, _x8, _x9, _x0) {
-  return _promoteExistingUserToSessionAdmin.apply(this, arguments);
-}
-function _promoteExistingUserToSessionAdmin() {
-  _promoteExistingUserToSessionAdmin = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee4(supabase, email, sessionId, account) {
-    var existingUser, _yield$supabase$auth$3, updatedData, updateError, insertRes;
-    return _regeneratorRuntime.wrap(function (_context4) {
-      while (1) switch (_context4.prev = _context4.next) {
-        case 0:
-          _context4.next = 1;
-          return findAuthUserByEmail(supabase, email);
+          return c.req.json();
         case 1:
-          existingUser = _context4.sent;
-          if (existingUser) {
-            _context4.next = 2;
+          body = _context3.sent;
+          account = (_body$username2 = body.username) === null || _body$username2 === void 0 ? void 0 : _body$username2.trim();
+          code = (_body$code = body.code) === null || _body$code === void 0 ? void 0 : _body$code.trim();
+          password = body.password;
+          if (account) {
+            _context3.next = 2;
             break;
           }
-          return _context4.abrupt("return", {
+          return _context3.abrupt("return", c.json({
             success: false,
-            message: "用户名已存在，但未能找到对应用户"
-          });
+            message: i18n.emailRequired
+          }, 200));
         case 2:
-          _context4.next = 3;
-          return supabase.auth.admin.updateUserById(existingUser.id, {
-            app_metadata: buildAdminMetadata(existingUser.app_metadata, sessionId, account),
-            user_metadata: buildAdminMetadata(existingUser.user_metadata, sessionId, account)
-          });
+          if (isEmailLike(account)) {
+            _context3.next = 3;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: i18n.emailInvalid
+          }, 200));
         case 3:
-          _yield$supabase$auth$3 = _context4.sent;
-          updatedData = _yield$supabase$auth$3.data;
-          updateError = _yield$supabase$auth$3.error;
-          if (!(updateError || !(updatedData !== null && updatedData !== void 0 && updatedData.user))) {
-            _context4.next = 4;
+          if (code) {
+            _context3.next = 4;
             break;
           }
-          return _context4.abrupt("return", {
+          return _context3.abrupt("return", c.json({
             success: false,
-            message: (updateError === null || updateError === void 0 ? void 0 : updateError.message) || "管理员账号升级失败"
-          });
+            message: i18n.codeRequired
+          }, 200));
         case 4:
-          _context4.next = 5;
-          return insertAdminRegistryRow(supabase, sessionId, updatedData.user.id, account);
+          if (!(!password || password.length < 6)) {
+            _context3.next = 5;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: i18n.passwordTooShort
+          }, 200));
         case 5:
-          insertRes = _context4.sent;
-          if (!insertRes.error) {
-            _context4.next = 6;
+          supabase = getSupabase();
+          sessionId = extractSessionIdFromAuthTableName(tableName);
+          _context3.next = 6;
+          return getSessionAdminRowByEmail(supabase, sessionId, account);
+        case 6:
+          adminRow = _context3.sent;
+          if (adminRow !== null && adminRow !== void 0 && adminRow.user_id) {
+            _context3.next = 7;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: i18n.userNotFound
+          }, 200));
+        case 7:
+          _context3.next = 8;
+          return emailVerify.verifyCode(account, code);
+        case 8:
+          verifyResult = _context3.sent;
+          if (verifyResult !== null && verifyResult !== void 0 && verifyResult.verified) {
+            _context3.next = 9;
             break;
           }
-          return _context4.abrupt("return", {
+          return _context3.abrupt("return", c.json({
             success: false,
-            message: "管理员已被创建，请使用已有账号登录"
+            message: i18n.codeInvalidOrExpired
+          }, 200));
+        case 9:
+          _context3.next = 10;
+          return supabase.auth.admin.updateUserById(adminRow.user_id, {
+            password: password
           });
-        case 6:
-          return _context4.abrupt("return", {
+        case 10:
+          _yield$supabase$auth$2 = _context3.sent;
+          updateError = _yield$supabase$auth$2.error;
+          if (!updateError) {
+            _context3.next = 11;
+            break;
+          }
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: updateError.message || i18n.resetFailed
+          }, 200));
+        case 11:
+          return _context3.abrupt("return", c.json({
             success: true,
-            user: updatedData.user
+            message: i18n.resetSuccess
+          }, 200));
+        case 12:
+          _context3.prev = 12;
+          _t4 = _context3["catch"](0);
+          console.error("重置密码失败:", _t4);
+          _i18n2 = getPasswordResetMessages(c);
+          return _context3.abrupt("return", c.json({
+            success: false,
+            message: _i18n2.resetFailed,
+            error: _t4.message
+          }, 500));
+        case 13:
+        case "end":
+          return _context3.stop();
+      }
+    }, _callee3, null, [[0, 12]]);
+  }));
+  return _resetPassword.apply(this, arguments);
+}
+function insertAdminRegistryRow(_x5, _x6, _x7, _x8) {
+  return _insertAdminRegistryRow.apply(this, arguments);
+}
+function _insertAdminRegistryRow() {
+  _insertAdminRegistryRow = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee4(supabase, sessionId, userId, account) {
+    return _regeneratorRuntime.wrap(function (_context4) {
+      while (1) switch (_context4.prev = _context4.next) {
+        case 0:
+          _context4.next = 1;
+          return supabase.from("_cms_admin_registry").insert({
+            session_id: normalizeSessionId(sessionId),
+            user_id: userId,
+            email: account
           });
-        case 7:
+        case 1:
+          return _context4.abrupt("return", _context4.sent);
+        case 2:
         case "end":
           return _context4.stop();
       }
     }, _callee4);
   }));
-  return _promoteExistingUserToSessionAdmin.apply(this, arguments);
+  return _insertAdminRegistryRow.apply(this, arguments);
 }
 function getUserSessionId(user) {
   var _user$user_metadata2;
   return normalizeSessionId(user === null || user === void 0 || (_user$user_metadata2 = user.user_metadata) === null || _user$user_metadata2 === void 0 ? void 0 : _user$user_metadata2.session_id);
 }
-function getEffectiveRoleForSession(_x1, _x10) {
+function getEffectiveRoleForSession(_x9, _x0) {
   return _getEffectiveRoleForSession.apply(this, arguments);
 } // POST - 用户登录
 function _getEffectiveRoleForSession() {
@@ -6113,13 +6251,13 @@ function _getEffectiveRoleForSession() {
   }));
   return _getEffectiveRoleForSession.apply(this, arguments);
 }
-function login(_x11, _x12) {
+function login(_x1, _x10) {
   return _login.apply(this, arguments);
 }
 // GET - 是否允许注册（首次进入需要创建管理员账号）
 function _login() {
   _login = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee6(c, tableName) {
-    var _data$session, body, username, password, supabase, sessionId, email, _yield$supabase$auth$4, data, error, token, user, role, _t3;
+    var _data$session, body, username, password, supabase, sessionId, email, _yield$supabase$auth$3, data, error, token, user, role, _t5;
     return _regeneratorRuntime.wrap(function (_context6) {
       while (1) switch (_context6.prev = _context6.next) {
         case 0:
@@ -6157,9 +6295,9 @@ function _login() {
             password: password
           });
         case 4:
-          _yield$supabase$auth$4 = _context6.sent;
-          data = _yield$supabase$auth$4.data;
-          error = _yield$supabase$auth$4.error;
+          _yield$supabase$auth$3 = _context6.sent;
+          data = _yield$supabase$auth$3.data;
+          error = _yield$supabase$auth$3.error;
           if (!(error || !(data !== null && data !== void 0 && (_data$session = data.session) !== null && _data$session !== void 0 && _data$session.access_token) || !(data !== null && data !== void 0 && data.user))) {
             _context6.next = 5;
             break;
@@ -6193,12 +6331,12 @@ function _login() {
           }, 200));
         case 8:
           _context6.prev = 8;
-          _t3 = _context6["catch"](0);
-          console.error("登录失败:", _t3);
+          _t5 = _context6["catch"](0);
+          console.error("登录失败:", _t5);
           return _context6.abrupt("return", c.json({
             success: false,
             message: "登录失败",
-            error: _t3.message
+            error: _t5.message
           }, 500));
         case 9:
         case "end":
@@ -6208,13 +6346,13 @@ function _login() {
   }));
   return _login.apply(this, arguments);
 }
-function signupStatus(_x13, _x14) {
+function signupStatus(_x11, _x12) {
   return _signupStatus.apply(this, arguments);
 }
 // POST - 首次注册管理员（每个 session_id 只允许一个）
 function _signupStatus() {
   _signupStatus = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee7(c, tableName) {
-    var supabase, sessionId, ok, row, data, _t4;
+    var supabase, sessionId, ok, row, data, _t6;
     return _regeneratorRuntime.wrap(function (_context7) {
       while (1) switch (_context7.prev = _context7.next) {
         case 0:
@@ -6252,12 +6390,12 @@ function _signupStatus() {
           }, 200));
         case 4:
           _context7.prev = 4;
-          _t4 = _context7["catch"](0);
-          console.error("获取注册状态失败:", _t4);
+          _t6 = _context7["catch"](0);
+          console.error("获取注册状态失败:", _t6);
           return _context7.abrupt("return", c.json({
             success: false,
             message: "获取注册状态失败",
-            error: _t4.message
+            error: _t6.message
           }, 500));
         case 5:
         case "end":
@@ -6267,13 +6405,13 @@ function _signupStatus() {
   }));
   return _signupStatus.apply(this, arguments);
 }
-function signup(_x15, _x16) {
+function signup(_x13, _x14) {
   return _signup.apply(this, arguments);
 }
 // POST - 验证token
 function _signup() {
   _signup = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee8(c, tableName) {
-    var _body$username, _data$session2, body, account, password, supabase, sessionId, email, ok, existing, _yield$supabase$auth$5, data, error, promoted, insertRes, token, user, role, _t5;
+    var _body$username3, _data$session2, body, account, password, supabase, sessionId, email, ok, existing, _yield$supabase$auth$4, data, error, insertRes, token, user, role, _t7;
     return _regeneratorRuntime.wrap(function (_context8) {
       while (1) switch (_context8.prev = _context8.next) {
         case 0:
@@ -6282,7 +6420,7 @@ function _signup() {
           return c.req.json();
         case 1:
           body = _context8.sent;
-          account = (_body$username = body.username) === null || _body$username === void 0 ? void 0 : _body$username.trim();
+          account = (_body$username3 = body.username) === null || _body$username3 === void 0 ? void 0 : _body$username3.trim();
           password = body.password;
           if (!(!account || !password)) {
             _context8.next = 2;
@@ -6348,67 +6486,61 @@ function _signup() {
             }
           });
         case 8:
-          _yield$supabase$auth$5 = _context8.sent;
-          data = _yield$supabase$auth$5.data;
-          error = _yield$supabase$auth$5.error;
+          _yield$supabase$auth$4 = _context8.sent;
+          data = _yield$supabase$auth$4.data;
+          error = _yield$supabase$auth$4.error;
           if (!(error || !(data !== null && data !== void 0 && data.user))) {
-            _context8.next = 12;
+            _context8.next = 9;
             break;
           }
-          if (!isSupabaseUserAlreadyExistsError(error)) {
-            _context8.next = 11;
-            break;
-          }
-          _context8.next = 9;
-          return promoteExistingUserToSessionAdmin(supabase, email, sessionId, account);
-        case 9:
-          promoted = _context8.sent;
-          if (promoted.success) {
-            _context8.next = 10;
-            break;
-          }
-          return _context8.abrupt("return", c.json({
-            success: false,
-            message: promoted.message
-          }, 200));
-        case 10:
-          return _context8.abrupt("return", c.json({
-            success: true,
-            message: "管理员账号已启用，请登录"
-          }, 200));
-        case 11:
+          console.log("注册失败:", error);
+          // if (isSupabaseUserAlreadyExistsError(error)) {
+          //   const promoted = await promoteExistingUserToSessionAdmin(
+          //     supabase,
+          //     email,
+          //     sessionId,
+          //     account,
+          //   )
+          //   if (!promoted.success) {
+          //     return c.json({ success: false, message: promoted.message } as ApiResponse, 200)
+          //   }
+          //   return c.json(
+          //     { success: true, message: "管理员账号已启用，请登录" } as ApiResponse,
+          //     200
+          //   )
+          // }
           return _context8.abrupt("return", c.json({
             success: false,
             message: (error === null || error === void 0 ? void 0 : error.message) || "注册失败"
           }, 200));
-        case 12:
+        case 9:
           if ((_data$session2 = data.session) !== null && _data$session2 !== void 0 && _data$session2.access_token) {
-            _context8.next = 13;
+            _context8.next = 10;
             break;
           }
           return _context8.abrupt("return", c.json({
             success: true,
             message: "注册成功，请完成邮箱验证后登录"
           }, 200));
-        case 13:
-          _context8.next = 14;
+        case 10:
+          _context8.next = 11;
           return insertAdminRegistryRow(supabase, sessionId, data.user.id, account);
-        case 14:
+        case 11:
           insertRes = _context8.sent;
           if (!insertRes.error) {
-            _context8.next = 15;
+            _context8.next = 12;
             break;
           }
           return _context8.abrupt("return", c.json({
             success: false,
             message: "管理员已被创建，请使用已有账号登录"
           }, 200));
-        case 15:
+        case 12:
           token = data.session.access_token;
           user = data.user;
-          _context8.next = 16;
+          _context8.next = 13;
           return getEffectiveRoleForSession(user, sessionId);
-        case 16:
+        case 13:
           role = _context8.sent;
           return _context8.abrupt("return", c.json({
             success: true,
@@ -6423,30 +6555,30 @@ function _signup() {
               }
             }
           }, 200));
-        case 17:
-          _context8.prev = 17;
-          _t5 = _context8["catch"](0);
-          console.error("注册失败:", _t5);
+        case 14:
+          _context8.prev = 14;
+          _t7 = _context8["catch"](0);
+          console.error("注册失败:", _t7);
           return _context8.abrupt("return", c.json({
             success: false,
             message: "注册失败",
-            error: _t5.message
+            error: _t7.message
           }, 500));
-        case 18:
+        case 15:
         case "end":
           return _context8.stop();
       }
-    }, _callee8, null, [[0, 17]]);
+    }, _callee8, null, [[0, 14]]);
   }));
   return _signup.apply(this, arguments);
 }
-function verifyAuth(_x17, _x18) {
+function verifyAuth(_x15, _x16) {
   return _verifyAuth.apply(this, arguments);
 }
 // GET - 获取当前用户信息
 function _verifyAuth() {
   _verifyAuth = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee9(c, tableName) {
-    var authHeader, token, supabase, _yield$supabase$auth$6, data, error, sessionId, role, decoded, message, responseMessage, _t6, _t7;
+    var authHeader, token, supabase, _yield$supabase$auth$5, data, error, sessionId, role, decoded, message, responseMessage, _t8, _t9;
     return _regeneratorRuntime.wrap(function (_context9) {
       while (1) switch (_context9.prev = _context9.next) {
         case 0:
@@ -6467,9 +6599,9 @@ function _verifyAuth() {
           _context9.next = 2;
           return supabase.auth.getUser(token);
         case 2:
-          _yield$supabase$auth$6 = _context9.sent;
-          data = _yield$supabase$auth$6.data;
-          error = _yield$supabase$auth$6.error;
+          _yield$supabase$auth$5 = _context9.sent;
+          data = _yield$supabase$auth$5.data;
+          error = _yield$supabase$auth$5.error;
           if (!(error || !(data !== null && data !== void 0 && data.user))) {
             _context9.next = 3;
             break;
@@ -6496,8 +6628,8 @@ function _verifyAuth() {
           }));
         case 6:
           _context9.prev = 6;
-          _t6 = _context9["catch"](1);
-          message = _t6.message;
+          _t8 = _context9["catch"](1);
+          message = _t8.message;
           responseMessage = message === 'TOKEN_EXPIRED' ? "登录已过期，请重新登录" : "认证信息无效";
           return _context9.abrupt("return", c.json({
             success: false,
@@ -6505,12 +6637,12 @@ function _verifyAuth() {
           }, 200));
         case 7:
           _context9.prev = 7;
-          _t7 = _context9["catch"](0);
-          console.error("验证认证失败:", _t7);
+          _t9 = _context9["catch"](0);
+          console.error("验证认证失败:", _t9);
           return _context9.abrupt("return", c.json({
             success: false,
             message: "验证认证失败",
-            error: _t7.message
+            error: _t9.message
           }, 500));
         case 8:
         case "end":
@@ -6520,13 +6652,13 @@ function _verifyAuth() {
   }));
   return _verifyAuth.apply(this, arguments);
 }
-function getCurrentUser(_x19, _x20) {
+function getCurrentUser(_x17, _x18) {
   return _getCurrentUser.apply(this, arguments);
 }
 // 中间件：验证 Supabase JWT token
 function _getCurrentUser() {
   _getCurrentUser = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime.mark(function _callee0(c, tableName) {
-    var authHeader, token, supabase, _yield$supabase$auth$7, data, error, user, sessionId, role, _t8;
+    var authHeader, token, supabase, _yield$supabase$auth$6, data, error, user, sessionId, role, _t0;
     return _regeneratorRuntime.wrap(function (_context0) {
       while (1) switch (_context0.prev = _context0.next) {
         case 0:
@@ -6546,9 +6678,9 @@ function _getCurrentUser() {
           _context0.next = 2;
           return supabase.auth.getUser(token);
         case 2:
-          _yield$supabase$auth$7 = _context0.sent;
-          data = _yield$supabase$auth$7.data;
-          error = _yield$supabase$auth$7.error;
+          _yield$supabase$auth$6 = _context0.sent;
+          data = _yield$supabase$auth$6.data;
+          error = _yield$supabase$auth$6.error;
           if (!(error || !(data !== null && data !== void 0 && data.user))) {
             _context0.next = 3;
             break;
@@ -6581,12 +6713,12 @@ function _getCurrentUser() {
           }, 200));
         case 6:
           _context0.prev = 6;
-          _t8 = _context0["catch"](0);
-          console.error("获取用户信息失败:", _t8);
+          _t0 = _context0["catch"](0);
+          console.error("获取用户信息失败:", _t0);
           return _context0.abrupt("return", c.json({
             success: false,
             message: "获取用户信息失败",
-            error: _t8.message
+            error: _t0.message
           }, 500));
         case 7:
         case "end":
@@ -6666,7 +6798,7 @@ function requireAuth(handler) {
         }
       }, _callee, null, [[0, 5], [1, 4]]);
     }));
-    return function (_x21) {
+    return function (_x19) {
       return _ref.apply(this, arguments);
     };
   }();
@@ -7237,10 +7369,26 @@ function createDynamicAuthRoute(app) {
     var tableName = c.req.param("tableName");
     return signup(c, tableName);
   });
+  app.post("/auth/password/forgot/:tableName", function (c) {
+    var tableName = c.req.param("tableName");
+    return forgotPassword(c, tableName);
+  });
+  app.post("/auth/password/reset/:tableName", function (c) {
+    var tableName = c.req.param("tableName");
+    return resetPassword(c, tableName);
+  });
   app.post("/auth/:tableName/login", function (c) {
     var tableName = c.req.param("tableName");
     return login(c, tableName);
   });
+  app.post("/auth/:tableName/password/forgot", function (c) {
+    var tableName = c.req.param("tableName");
+    return forgotPassword(c, tableName);
+  });
+  app.post("/auth/:tableName/password/reset", function (c) {
+    var tableName = c.req.param("tableName");
+    return resetPassword(c, tableName);
+  });
   app.get("/auth/:tableName/current", function (c) {
     var tableName = c.req.param("tableName");
     return getCurrentUser(c, tableName);