alepha 0.13.2 → 0.13.3

package/dist/api-users/index.d.ts

@@ -14,6 +14,7 @@ import { CryptoProvider, RealmPrimitive, RealmPrimitiveOptions, UserAccount } fr
 import * as alepha_server_links0 from "alepha/server/links";
 import { OAuth2Profile, ServerAuthProvider, WithLinkFn, WithLoginFn } from "alepha/server/auth";
 import { FileSystemProvider } from "alepha/file";
+import { FileController } from "alepha/api/files";
 import * as drizzle_orm0 from "drizzle-orm";
 import { BuildExtraConfigColumns, SQL, SQLWrapper } from "drizzle-orm";
 import * as drizzle_orm_pg_core0 from "drizzle-orm/pg-core";
@@ -25,7 +26,6 @@ import "alepha/lock";
 import "drizzle-orm/postgres-js";
 import "postgres";
 import "drizzle-orm/sqlite-core";
-import { FileController } from "alepha/api/files";
 
 //#region src/api-users/atoms/realmAuthSettingsAtom.d.ts
 declare const realmAuthSettingsAtom: alepha23.Atom<alepha23.TObject<{
@@ -161,7 +161,7 @@ declare class UserRealmProvider {
   protected realms: Map<string, UserRealm>;
   avatars: alepha_bucket0.BucketPrimitive;
   protected readonly onConfigure: alepha23.HookPrimitive<"configure">;
-  register(userRealmName: string, userRealmOptions?: UserRealmOptions$1): void;
+  register(userRealmName: string, userRealmOptions?: UserRealmOptions$1): UserRealm;
   /**
    * Gets a registered realm by name, auto-creating default if needed.
    */
@@ -2220,10 +2220,15 @@ declare class UserService {
   }>>;
   /**
    * Request email verification for a user.
+   * @param email - The email address to verify.
+   * @param userRealmName - Optional realm name.
+   * @param method - The verification method: "code" (default) or "link".
+   * @param verifyUrl - Base URL for verification link (required when method is "link").
    */
-  requestEmailVerification(email: string, userRealmName?: string): Promise<boolean>;
+  requestEmailVerification(email: string, userRealmName?: string, method?: "code" | "link", verifyUrl?: string): Promise<boolean>;
   /**
    * Verify a user's email using a valid verification token.
+   * Supports both code (6-digit) and link (UUID) verification tokens.
    */
   verifyEmail(email: string, token: string, userRealmName?: string): Promise<void>;
   /**
@@ -2544,10 +2549,14 @@ declare class UserController {
   /**
    * Request email verification.
    * Generates a verification token using verification service and sends an email to the user.
+   * @param method - The verification method: "code" (default) sends a 6-digit code, "link" sends a clickable verification link.
+   * @param verifyUrl - Required when method is "link". The base URL for the verification link. Token and email will be appended as query params.
    */
   requestEmailVerification: alepha_server0.ActionPrimitiveFn<{
     query: alepha23.TObject<{
       userRealmName: alepha23.TOptional<alepha23.TString>;
+      method: alepha23.TOptional<alepha23.TUnsafe<"link" | "code">>;
+      verifyUrl: alepha23.TOptional<alepha23.TString>;
     }>;
     body: alepha23.TObject<{
       email: alepha23.TString;
@@ -2691,6 +2700,10 @@ interface UserRealmOptions {
     google?: true;
     github?: true;
   };
+  modules?: {
+    files?: boolean;
+    audits?: boolean;
+  };
 }
 //#endregion
 //#region src/api-users/schemas/identityResourceSchema.d.ts

package/dist/api-users/index.js

@@ -14,6 +14,7 @@ import { $realm, CryptoProvider, InvalidCredentialsError, SecurityProvider } fro
 import { $client } from "alepha/server/links";
 import { $authCredentials, $authGithub, $authGoogle, ServerAuthProvider, authenticationProviderSchema } from "alepha/server/auth";
 import { FileSystemProvider } from "alepha/file";
+import { AlephaApiFiles } from "alepha/api/files";
 
 //#region src/api-users/schemas/identityQuerySchema.ts
 const identityQuerySchema = t.extend(pageQuerySchema, {
@@ -152,6 +153,7 @@ var UserRealmProvider = class {
 				}
 			}
 		});
+		return this.getRealm(userRealmName);
 	}
 	/**
 	* Gets a registered realm by name, auto-creating default if needed.
@@ -1136,11 +1138,16 @@ var UserService = class {
 	}
 	/**
 	* Request email verification for a user.
+	* @param email - The email address to verify.
+	* @param userRealmName - Optional realm name.
+	* @param method - The verification method: "code" (default) or "link".
+	* @param verifyUrl - Base URL for verification link (required when method is "link").
 	*/
-	async requestEmailVerification(email, userRealmName) {
+	async requestEmailVerification(email, userRealmName, method = "code", verifyUrl) {
 		this.log.trace("Requesting email verification", {
 			email,
-			userRealmName
+			userRealmName,
+			method
 		});
 		const user = await this.users(userRealmName).findOne({ where: { email: { eq: email } } }).catch(() => void 0);
 		if (!user) {
@@ -1156,21 +1163,40 @@ var UserService = class {
 		}
 		try {
 			const verification = await this.verificationController.requestVerificationCode({
-				params: { type: "code" },
+				params: { type: method },
 				body: { target: email }
 			});
-			await this.userNotifications.emailVerification.push({
-				contact: email,
-				variables: {
+			if (method === "link") {
+				const url = new URL(verifyUrl || "/verify-email", "http://localhost");
+				url.searchParams.set("email", email);
+				url.searchParams.set("token", verification.token);
+				const fullVerifyUrl = verifyUrl ? `${verifyUrl}${url.search}` : url.pathname + url.search;
+				await this.userNotifications.emailVerificationLink.push({
+					contact: email,
+					variables: {
+						email,
+						verifyUrl: fullVerifyUrl,
+						expiresInMinutes: Math.floor(verification.codeExpiration / 60)
+					}
+				});
+				this.log.debug("Email verification link sent", {
 					email,
-					code: verification.token,
-					expiresInMinutes: Math.floor(verification.codeExpiration / 60)
-				}
-			});
-			this.log.debug("Email verification code sent", {
-				email,
-				userId: user.id
-			});
+					userId: user.id
+				});
+			} else {
+				await this.userNotifications.emailVerification.push({
+					contact: email,
+					variables: {
+						email,
+						code: verification.token,
+						expiresInMinutes: Math.floor(verification.codeExpiration / 60)
+					}
+				});
+				this.log.debug("Email verification code sent", {
+					email,
+					userId: user.id
+				});
+			}
 		} catch (error) {
 			this.log.warn("Failed to send email verification", {
 				email,
@@ -1181,20 +1207,25 @@ var UserService = class {
 	}
 	/**
 	* Verify a user's email using a valid verification token.
+	* Supports both code (6-digit) and link (UUID) verification tokens.
 	*/
 	async verifyEmail(email, token, userRealmName) {
 		this.log.trace("Verifying email", {
 			email,
 			userRealmName
 		});
+		const type = /^\d{6}$/.test(token) ? "code" : "link";
 		if ((await this.verificationController.validateVerificationCode({
-			params: { type: "code" },
+			params: { type },
 			body: {
 				target: email,
 				token
 			}
 		}).catch(() => {
-			this.log.warn("Invalid email verification token", { email });
+			this.log.warn("Invalid email verification token", {
+				email,
+				type
+			});
 			throw new BadRequestError("Invalid or expired verification token");
 		})).alreadyVerified) {
 			this.log.warn("Email verification token already used", { email });
@@ -1204,7 +1235,8 @@ var UserService = class {
 		await this.users(userRealmName).updateById(user.id, { emailVerified: true });
 		this.log.info("Email verified", {
 			email,
-			userId: user.id
+			userId: user.id,
+			type
 		});
 	}
 	/**
@@ -1544,12 +1576,21 @@ var UserController = class {
 	/**
 	* Request email verification.
 	* Generates a verification token using verification service and sends an email to the user.
+	* @param method - The verification method: "code" (default) sends a 6-digit code, "link" sends a clickable verification link.
+	* @param verifyUrl - Required when method is "link". The base URL for the verification link. Token and email will be appended as query params.
 	*/
 	requestEmailVerification = $action({
 		path: "/users/email-verification/request",
 		group: this.group,
 		schema: {
-			query: t.object({ userRealmName: t.optional(t.string()) }),
+			query: t.object({
+				userRealmName: t.optional(t.string()),
+				method: t.optional(t.enum(["code", "link"], {
+					default: "code",
+					description: "Verification method: \"code\" sends a 6-digit code, \"link\" sends a clickable verification link."
+				})),
+				verifyUrl: t.optional(t.string({ description: "Base URL for verification link. Required when method is \"link\". Token and email will be appended as query params." }))
+			}),
 			body: t.object({ email: t.email() }),
 			response: t.object({
 				success: t.boolean(),
@@ -1557,10 +1598,11 @@ var UserController = class {
 			})
 		},
 		handler: async ({ body, query }) => {
-			await this.userService.requestEmailVerification(body.email, query.userRealmName);
+			const method = query.method ?? "code";
+			await this.userService.requestEmailVerification(body.email, query.userRealmName, method, query.verifyUrl);
 			return {
 				success: true,
-				message: "If an account exists with this email, a verification code has been sent."
+				message: method === "link" ? "If an account exists with this email, a verification link has been sent." : "If an account exists with this email, a verification code has been sent."
 			};
 		}
 	});
@@ -1642,7 +1684,7 @@ const realmAuthSettingsAtom = $atom({
 		registrationAllowed: true,
 		emailEnabled: true,
 		emailRequired: true,
-		usernameEnabled: true,
+		usernameEnabled: false,
 		usernameRequired: false,
 		phoneEnabled: false,
 		phoneRequired: false,
@@ -1909,6 +1951,7 @@ var SessionService = class {
 			realm: realm.name,
 			username: profile.email.split("@")[0],
 			email: profile.email,
+			emailVerified: true,
 			roles: ["user"]
 		});
 		if (profile.picture) {
@@ -1963,7 +2006,9 @@ const $userRealm = (options = {}) => {
 	const securityProvider = alepha.inject(SecurityProvider);
 	const userRealmProvider = alepha.inject(UserRealmProvider);
 	const name = options.realm?.name ?? DEFAULT_USER_REALM_NAME;
-	userRealmProvider.register(name, options);
+	const userRealm = userRealmProvider.register(name, options);
+	if (options.modules?.audits) {}
+	if (options.modules?.files) alepha.with(AlephaApiFiles);
 	const realm = $realm({
 		...options.realm,
 		name,
@@ -2000,12 +2045,14 @@ const $userRealm = (options = {}) => {
 	realm.login = (name$1) => {
 		return (credentials) => sessionService.login(name$1, credentials.username, credentials.password);
 	};
-	if (options.identities) {
-		const identities$1 = {};
-		if (options.identities?.credentials) identities$1.credentials = $authCredentials(realm);
-		if (options.identities?.google) identities$1.google = $authGoogle(realm);
-		if (options.identities?.github) identities$1.github = $authGithub(realm);
-		alepha.with(() => identities$1);
+	const identities$1 = options.identities ?? { credentials: true };
+	if (identities$1) {
+		const auth = {};
+		if (identities$1.credentials) auth.credentials = $authCredentials(realm);
+		else userRealm.settings.registrationAllowed = false;
+		if (identities$1.google) auth.google = $authGoogle(realm);
+		if (identities$1.github) auth.github = $authGithub(realm);
+		alepha.with(() => auth);
 	}
 	return realm;
 };