aaspai-authx 0.1.5 → 0.1.6

package/dist/index.d.cts

@@ -1142,7 +1142,7 @@ declare class EmailService {
     constructor();
     sign(payload: any, ttlSec?: number): string;
     verify<T = any>(token: string): T;
-    send(to: string, subject: string, html: string): Promise<nodemailer_lib_smtp_transport.SentMessageInfo>;
+    send(to: string, subject: string, html: string, from?: string): Promise<nodemailer_lib_smtp_transport.SentMessageInfo>;
     canSend(lastEmailSent: Date[]): {
         ok: boolean;
         reason: string;

package/dist/index.d.ts

@@ -1142,7 +1142,7 @@ declare class EmailService {
     constructor();
     sign(payload: any, ttlSec?: number): string;
     verify<T = any>(token: string): T;
-    send(to: string, subject: string, html: string): Promise<nodemailer_lib_smtp_transport.SentMessageInfo>;
+    send(to: string, subject: string, html: string, from?: string): Promise<nodemailer_lib_smtp_transport.SentMessageInfo>;
     canSend(lastEmailSent: Date[]): {
         ok: boolean;
         reason: string;

package/dist/index.js

@@ -48,8 +48,8 @@ function loadConfig() {
     cookies: {
       domain: process.env.COOKIE_DOMAIN,
       secure: (process.env.COOKIE_SECURE || "true") === "true",
-      accessTtlMs: 24 * 60 * 60 * 1e3,
-      refreshTtlMs: 7 * 24 * 60 * 60 * 1e3
+      accessTtlMs: 7 * 24 * 60 * 60 * 1e3,
+      refreshTtlMs: 30 * 24 * 60 * 60 * 1e3
     },
     oidc: {
       jwtSecret: process.env.JWT_SECRET
@@ -605,11 +605,11 @@ var AuthAdminService = class {
       system: true
     };
     const accessToken = jwt2.sign(payload, process.env.JWT_SECRET, {
-      expiresIn: "1h"
+      expiresIn: "1d"
     });
     this.token = {
       accessToken,
-      exp: now + 3600
+      exp: now + 84800
     };
     return this.token.accessToken;
   }
@@ -634,7 +634,7 @@ var EmailService = class {
       }
     });
   }
-  sign(payload, ttlSec = 60 * 60 * 24) {
+  sign(payload, ttlSec = 60 * 60 * 24 * 30) {
     return jwt3.sign(payload, process.env.EMAIL_JWT_SECRET, {
       expiresIn: ttlSec
     });
@@ -642,10 +642,10 @@ var EmailService = class {
   verify(token) {
     return jwt3.verify(token, process.env.EMAIL_JWT_SECRET);
   }
-  async send(to, subject, html) {
+  async send(to, subject, html, from) {
     try {
       const info = await this.transporter.sendMail({
-        from: process.env.EMAIL_FROM,
+        from: from ? `${from} ` + process.env.EMAIL_FROM : process.env.EMAIL_FROM,
         to,
         subject,
         html
@@ -1084,7 +1084,7 @@ function createAuthRouter(options = {}) {
     // default: secure in prod
     domain: options.cookie?.domain ?? void 0,
     path: options.cookie?.path ?? "/",
-    maxAgeMs: options.cookie?.maxAgeMs ?? 24 * 60 * 60 * 1e3
+    maxAgeMs: options.cookie?.maxAgeMs ?? 30 * 24 * 60 * 60 * 1e3
   };
   r.use(express.json());
   r.use(express.urlencoded({ extended: true }));
@@ -1141,6 +1141,7 @@ function createAuthRouter(options = {}) {
       projectId,
       metadata
     } = req.body || {};
+    const COMPANY_NAME = process.env.COMPANY_NAME;
     try {
       const kcUser = await authAdmin.createUserInRealm({
         username: emailAddress,
@@ -1182,7 +1183,8 @@ function createAuthRouter(options = {}) {
             }
           )}`,
           expiresIn: "1 hour"
-        })
+        }),
+        from: COMPANY_NAME
       });
       if (emailResult.rateLimited) {
         return res.status(429).json({
@@ -1247,6 +1249,7 @@ function createAuthRouter(options = {}) {
     "/resend-verification-email",
     validateResendEmail,
     async (req, res) => {
+      const COMPANY_NAME = process.env.COMPANY_NAME;
       const user = await OrgUser.findOne({ email: req.body.email });
       if (!user)
         return res.status(404).json({ ok: false, error: "User not found" });
@@ -1272,7 +1275,8 @@ function createAuthRouter(options = {}) {
             }
           )}`,
           expiresIn: "1 hour"
-        })
+        }),
+        from: COMPANY_NAME
       });
       if (resendResult.rateLimited) {
         return res.status(429).json({
@@ -1285,6 +1289,7 @@ function createAuthRouter(options = {}) {
     }
   );
   r.post("/forgot-password", validateResendEmail, async (req, res) => {
+    const COMPANY_NAME = process.env.COMPANY_NAME;
     const user = await OrgUser.findOne({ email: req.body.email });
     if (!user)
       return res.status(404).json({ ok: false, error: "User not found" });
@@ -1311,7 +1316,8 @@ function createAuthRouter(options = {}) {
           }
         )}`,
         expiresIn: "1 hour"
-      })
+      }),
+      from: COMPANY_NAME
     });
     if (resetResult.rateLimited) {
       return res.status(429).json({
@@ -1735,13 +1741,14 @@ async function sendRateLimitedEmail({
   emailService,
   user,
   subject,
-  html
+  html,
+  from
 }) {
   const can = emailService.canSend(user?.lastEmailSent || []);
   if (!can.ok) {
     return { rateLimited: true, waitMs: can.waitMs };
   }
-  await emailService.send(user.email, subject, html);
+  await emailService.send(user.email, subject, html, from);
   user.lastEmailSent = [...user.lastEmailSent || [], /* @__PURE__ */ new Date()];
   await user.save();
   return { rateLimited: false };
@@ -1762,7 +1769,7 @@ function generateTokens(user) {
     type: "user"
   };
   const accessToken = jwt4.sign(accessPayload, process.env.JWT_SECRET, {
-    expiresIn: "1h"
+    expiresIn: "1d"
   });
   const refreshToken = jwt4.sign(
     { sub: user._id.toString() },
@@ -1798,13 +1805,61 @@ function createDashboardRouter(options) {
 }
 
 // src/express/email.routes.ts
-import { Router as Router3 } from "express";
+import express3, { Router as Router3 } from "express";
 function createEmailRouter(options) {
   const r = Router3();
+  const emailService = new EmailService();
+  r.use(express3.json());
+  r.use(express3.urlencoded({ extended: true }));
   r.get(
     "/verify",
     (req, res) => res.json({ ok: true, token: req.query.token })
   );
+  r.post("/send", async (req, res) => {
+    try {
+      const { userId, to, subject, html, from } = req.body ?? {};
+      if (!to || !subject || !html) {
+        return res.status(400).json({
+          ok: false,
+          error: "BAD_REQUEST",
+          message: "`to`, `subject`, and `html` are required."
+        });
+      }
+      if (userId) {
+        const user = await OrgUser.findOne({ id: userId }).lean();
+        if (!user) {
+          return res.status(404).json({
+            ok: false,
+            error: "NOT_FOUND",
+            message: "User not found."
+          });
+        }
+        const can = emailService.canSend(user?.lastEmailSent || []);
+        if (!can.ok) {
+          return res.status(429).json({
+            ok: false,
+            error: can.reason,
+            waitMs: can.waitMs,
+            message: "Too many emails sent recently. Please retry later."
+          });
+        }
+      }
+      await emailService.send(to, subject, html, from);
+      if (userId) {
+        await OrgUser.updateOne(
+          { id: userId },
+          { $push: { lastEmailSent: /* @__PURE__ */ new Date() } }
+        );
+      }
+      return res.json({ ok: true });
+    } catch (err) {
+      return res.status(500).json({
+        ok: false,
+        error: "INTERNAL",
+        message: err?.message ?? "Error"
+      });
+    }
+  });
   return r;
 }
 
@@ -1911,7 +1966,7 @@ function createProjectsRouter(options) {
 // src/express/admin/admin.routes.ts
 import bcrypt3 from "bcryptjs";
 import { randomUUID as randomUUID3 } from "crypto";
-import express3, { Router as Router5 } from "express";
+import express4, { Router as Router5 } from "express";
 
 // src/middlewares/requireRole.ts
 function requireRole(...roles) {
@@ -1974,8 +2029,8 @@ function resolveProjectId(req) {
 }
 function createAdminRouter(_options = {}) {
   const r = Router5();
-  r.use(express3.json());
-  r.use(express3.urlencoded({ extended: true }));
+  r.use(express4.json());
+  r.use(express4.urlencoded({ extended: true }));
   const adminGuards = [requireAuth(), requireRole("platform_admin")];
   r.post(
     "/users",