npm - alepha - Versions diffs - 0.13.6 → 0.13.8 - Mend

alepha 0.13.6 → 0.13.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (487) hide show

package/dist/{api-users → api/users}/index.js RENAMED Viewed

@@ -5,7 +5,6 @@ import { AlephaEmail } from "alepha/email";
 import { $entity, $repository, pageQuerySchema, parseQueryString, pg } from "alepha/orm";
 import { $action, BadRequestError, ConflictError, HttpError, UnauthorizedError, okSchema } from "alepha/server";
 import { $logger } from "alepha/logger";
-import { DEFAULT_USER_REALM_NAME as DEFAULT_USER_REALM_NAME$1, realmAuthSettingsAtom as realmAuthSettingsAtom$1 } from "alepha/api/users";
 import { $bucket } from "alepha/bucket";
 import { randomInt, randomUUID } from "node:crypto";
 import { $cache } from "alepha/cache";
@@ -14,16 +13,18 @@ import { $realm, CryptoProvider, InvalidCredentialsError, SecurityProvider } fro
 import { $client } from "alepha/server/links";
 import { $authCredentials, $authGithub, $authGoogle, ServerAuthProvider, authenticationProviderSchema } from "alepha/server/auth";
 import { FileSystemProvider } from "alepha/file";
+import { AlephaApiAudits } from "alepha/api/audits";
 import { AlephaApiFiles } from "alepha/api/files";
+import { AlephaApiJobs } from "alepha/api/jobs";
-//#region ../../src/api-users/schemas/identityQuerySchema.ts
+//#region ../../src/api/users/schemas/identityQuerySchema.ts
 const identityQuerySchema = t.extend(pageQuerySchema, {
 	userId: t.optional(t.uuid()),
 	provider: t.optional(t.string())
 });
 //#endregion
-//#region ../../src/api-users/entities/users.ts
+//#region ../../src/api/users/entities/users.ts
 const DEFAULT_USER_REALM_NAME = "default";
 const users = $entity({
 	name: "users",
@@ -64,7 +65,7 @@ const users = $entity({
 });
 //#endregion
-//#region ../../src/api-users/entities/identities.ts
+//#region ../../src/api/users/entities/identities.ts
 const identities = $entity({
 	name: "identities",
 	schema: t.object({
@@ -81,11 +82,66 @@ const identities = $entity({
 });
 //#endregion
-//#region ../../src/api-users/schemas/identityResourceSchema.ts
+//#region ../../src/api/users/schemas/identityResourceSchema.ts
 const identityResourceSchema = t.omit(identities.schema, ["password"]);
 //#endregion
-//#region ../../src/api-users/entities/sessions.ts
+//#region ../../src/api/users/atoms/realmAuthSettingsAtom.ts
+const realmAuthSettingsAtom = $atom({
+	name: "alepha.api.users.realmAuthSettings",
+	schema: t.object({
+		displayName: t.optional(t.string({ description: "Display name shown on auth pages (e.g., 'Customer Portal')" })),
+		description: t.optional(t.string({ description: "Description shown on auth pages" })),
+		logoUrl: t.optional(t.string({ description: "Logo URL for auth pages" })),
+		registrationAllowed: t.boolean({ description: "Enable user self-registration" }),
+		emailEnabled: t.boolean({ description: "Enable email address as a login/registration credential" }),
+		emailRequired: t.boolean({ description: "Require email address for user accounts" }),
+		usernameEnabled: t.boolean({ description: "Enable username as a login/registration credential" }),
+		usernameRequired: t.boolean({ description: "Require username for user accounts" }),
+		phoneEnabled: t.boolean({ description: "Enable phone number as a login/registration credential" }),
+		phoneRequired: t.boolean({ description: "Require phone number for user accounts" }),
+		verifyEmailRequired: t.boolean({ description: "Require email verification for user accounts" }),
+		verifyPhoneRequired: t.boolean({ description: "Require phone verification for user accounts" }),
+		firstNameLastNameEnabled: t.boolean({ description: "Enable first and last name for user accounts" }),
+		firstNameLastNameRequired: t.boolean({ description: "Require first and last name for user accounts" }),
+		resetPasswordAllowed: t.boolean({ description: "Enable forgot password functionality" }),
+		passwordPolicy: t.object({
+			minLength: t.integer({
+				description: "Minimum password length",
+				default: 8,
+				minimum: 1
+			}),
+			requireUppercase: t.boolean({ description: "Require at least one uppercase letter" }),
+			requireLowercase: t.boolean({ description: "Require at least one lowercase letter" }),
+			requireNumbers: t.boolean({ description: "Require at least one number" }),
+			requireSpecialCharacters: t.boolean({ description: "Require at least one special character" })
+		})
+	}),
+	default: {
+		registrationAllowed: true,
+		emailEnabled: true,
+		emailRequired: true,
+		usernameEnabled: false,
+		usernameRequired: false,
+		phoneEnabled: false,
+		phoneRequired: false,
+		verifyEmailRequired: false,
+		verifyPhoneRequired: false,
+		resetPasswordAllowed: false,
+		firstNameLastNameEnabled: false,
+		firstNameLastNameRequired: false,
+		passwordPolicy: {
+			minLength: 8,
+			requireUppercase: true,
+			requireLowercase: true,
+			requireNumbers: true,
+			requireSpecialCharacters: false
+		}
+	}
+});
+//#endregion
+//#region ../../src/api/users/entities/sessions.ts
 const sessions = $entity({
 	name: "sessions",
 	schema: t.object({
@@ -110,7 +166,7 @@ const sessions = $entity({
 });
 //#endregion
-//#region ../../src/api-users/providers/UserRealmProvider.ts
+//#region ../../src/api/users/providers/UserRealmProvider.ts
 var UserRealmProvider = class {
 	alepha = $inject(Alepha);
 	defaultIdentities = $repository(identities);
@@ -145,10 +201,10 @@ var UserRealmProvider = class {
 				users: userRealmOptions.entities?.users ?? this.defaultUsers
 			},
 			settings: {
-				...realmAuthSettingsAtom$1.options.default,
+				...realmAuthSettingsAtom.options.default,
 				...userRealmOptions.settings,
 				passwordPolicy: {
-					...realmAuthSettingsAtom$1.options.default.passwordPolicy,
+					...realmAuthSettingsAtom.options.default.passwordPolicy,
 					...userRealmOptions.settings?.passwordPolicy
 				}
 			}
@@ -158,27 +214,29 @@ var UserRealmProvider = class {
 	/**
 	* Gets a registered realm by name, auto-creating default if needed.
 	*/
-	getRealm(userRealmName = DEFAULT_USER_REALM_NAME$1) {
+	getRealm(userRealmName = DEFAULT_USER_REALM_NAME) {
 		let realm = this.realms.get(userRealmName);
-		if (!realm) if (userRealmName === DEFAULT_USER_REALM_NAME$1) {
-			this.register(userRealmName);
-			realm = this.realms.get(userRealmName);
-		} else throw new AlephaError(`Missing user realm '${userRealmName}', please declare $userRealm in your application.`);
+		if (!realm) {
+			const firstRealm = Array.from(this.realms.values())[0];
+			if (userRealmName === DEFAULT_USER_REALM_NAME && firstRealm) realm = firstRealm;
+			else if (this.alepha.isTest()) realm = this.register(userRealmName);
+			else throw new AlephaError(`Missing user realm '${userRealmName}', please declare $userRealm in your application.`);
+		}
 		return realm;
 	}
-	identityRepository(userRealmName = DEFAULT_USER_REALM_NAME$1) {
+	identityRepository(userRealmName = DEFAULT_USER_REALM_NAME) {
 		return this.getRealm(userRealmName).repositories.identities;
 	}
-	sessionRepository(userRealmName = DEFAULT_USER_REALM_NAME$1) {
+	sessionRepository(userRealmName = DEFAULT_USER_REALM_NAME) {
 		return this.getRealm(userRealmName).repositories.sessions;
 	}
-	userRepository(userRealmName = DEFAULT_USER_REALM_NAME$1) {
+	userRepository(userRealmName = DEFAULT_USER_REALM_NAME) {
 		return this.getRealm(userRealmName).repositories.users;
 	}
 };
 //#endregion
-//#region ../../src/api-users/services/IdentityService.ts
+//#region ../../src/api/users/services/IdentityService.ts
 var IdentityService = class {
 	log = $logger();
 	userRealmProvider = $inject(UserRealmProvider);
@@ -239,7 +297,7 @@ var IdentityService = class {
 };
 //#endregion
-//#region ../../src/api-users/controllers/IdentityController.ts
+//#region ../../src/api/users/controllers/IdentityController.ts
 var IdentityController = class {
 	url = "/identities";
 	group = "identities";
@@ -298,11 +356,11 @@ var IdentityController = class {
 };
 //#endregion
-//#region ../../src/api-users/schemas/sessionQuerySchema.ts
+//#region ../../src/api/users/schemas/sessionQuerySchema.ts
 const sessionQuerySchema = t.extend(pageQuerySchema, { userId: t.optional(t.uuid()) });
 //#endregion
-//#region ../../src/api-users/schemas/sessionResourceSchema.ts
+//#region ../../src/api/users/schemas/sessionResourceSchema.ts
 const sessionResourceSchema = t.object({
 	id: t.uuid(),
 	version: t.number(),
@@ -324,7 +382,7 @@ const sessionResourceSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/services/SessionCrudService.ts
+//#region ../../src/api/users/services/SessionCrudService.ts
 var SessionCrudService = class {
 	log = $logger();
 	userRealmProvider = $inject(UserRealmProvider);
@@ -379,7 +437,7 @@ var SessionCrudService = class {
 };
 //#endregion
-//#region ../../src/api-users/controllers/SessionController.ts
+//#region ../../src/api/users/controllers/SessionController.ts
 var SessionController = class {
 	url = "/sessions";
 	group = "sessions";
@@ -438,7 +496,7 @@ var SessionController = class {
 };
 //#endregion
-//#region ../../src/api-users/schemas/completePasswordResetRequestSchema.ts
+//#region ../../src/api/users/schemas/completePasswordResetRequestSchema.ts
 /**
 * Request schema for completing a password reset.
 *
@@ -455,7 +513,7 @@ const completePasswordResetRequestSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/completeRegistrationRequestSchema.ts
+//#region ../../src/api/users/schemas/completeRegistrationRequestSchema.ts
 const completeRegistrationRequestSchema = t.object({
 	intentId: t.uuid({ description: "The registration intent ID from the first phase" }),
 	emailCode: t.optional(t.string({ description: "Email verification code (if email verification required)" })),
@@ -464,11 +522,11 @@ const completeRegistrationRequestSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/createUserSchema.ts
+//#region ../../src/api/users/schemas/createUserSchema.ts
 const createUserSchema = t.omit(users.insertSchema, ["realm"]);
 //#endregion
-//#region ../../src/api-users/schemas/passwordResetIntentResponseSchema.ts
+//#region ../../src/api/users/schemas/passwordResetIntentResponseSchema.ts
 /**
 * Response schema for password reset intent creation.
 *
@@ -481,7 +539,7 @@ const passwordResetIntentResponseSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/registerQuerySchema.ts
+//#region ../../src/api/users/schemas/registerQuerySchema.ts
 /**
 * Schema for user registration query parameters.
 * Allows specifying a custom user realm.
@@ -489,7 +547,7 @@ const passwordResetIntentResponseSchema = t.object({
 const registerQuerySchema = t.object({ userRealmName: t.optional(t.text({ description: "The user realm to register the user in (defaults to 'default')" })) });
 //#endregion
-//#region ../../src/api-users/schemas/registerRequestSchema.ts
+//#region ../../src/api/users/schemas/registerRequestSchema.ts
 /**
 * Schema for user registration request body.
 * Password is always required, other fields depend on realm settings.
@@ -514,7 +572,7 @@ const registerRequestSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/registrationIntentResponseSchema.ts
+//#region ../../src/api/users/schemas/registrationIntentResponseSchema.ts
 const registrationIntentResponseSchema = t.object({
 	intentId: t.uuid({ description: "Unique identifier for the registration intent" }),
 	expectCaptcha: t.boolean({ description: "Whether captcha verification is required" }),
@@ -524,7 +582,7 @@ const registrationIntentResponseSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/updateUserSchema.ts
+//#region ../../src/api/users/schemas/updateUserSchema.ts
 const updateUserSchema = t.partial(t.omit(users.insertSchema, [
 	"id",
 	"version",
@@ -535,7 +593,7 @@ const updateUserSchema = t.partial(t.omit(users.insertSchema, [
 ]));
 //#endregion
-//#region ../../src/api-users/schemas/userQuerySchema.ts
+//#region ../../src/api/users/schemas/userQuerySchema.ts
 const userQuerySchema = t.extend(pageQuerySchema, {
 	email: t.optional(t.string()),
 	enabled: t.optional(t.boolean()),
@@ -545,11 +603,11 @@ const userQuerySchema = t.extend(pageQuerySchema, {
 });
 //#endregion
-//#region ../../src/api-users/schemas/userResourceSchema.ts
+//#region ../../src/api/users/schemas/userResourceSchema.ts
 const userResourceSchema = users.schema;
 //#endregion
-//#region ../../src/api-users/notifications/UserNotifications.ts
+//#region ../../src/api/users/notifications/UserNotifications.ts
 var UserNotifications = class {
 	passwordReset = $notification({
 		category: "security",
@@ -678,7 +736,7 @@ var UserNotifications = class {
 };
 //#endregion
-//#region ../../src/api-users/services/CredentialService.ts
+//#region ../../src/api/users/services/CredentialService.ts
 const INTENT_TTL_MINUTES$1 = 10;
 var CredentialService = class {
 	log = $logger();
@@ -861,7 +919,7 @@ var CredentialService = class {
 };
 //#endregion
-//#region ../../src/api-users/services/RegistrationService.ts
+//#region ../../src/api/users/services/RegistrationService.ts
 const INTENT_TTL_MINUTES = 10;
 var RegistrationService = class {
 	log = $logger();
@@ -990,6 +1048,7 @@ var RegistrationService = class {
 		}, userRealmName);
 		await this.intentCache.invalidate(body.intentId);
 		const user = await userRepository.create({
+			realm: userRealmName,
 			username: intent.data.username,
 			email: intent.data.email,
 			phoneNumber: intent.data.phoneNumber,
@@ -1056,10 +1115,7 @@ var RegistrationService = class {
 			});
 			this.log.debug("Email verification code sent", { email });
 		} catch (error) {
-			this.log.warn("Failed to send email verification code", {
-				email,
-				error
-			});
+			this.log.warn("Failed to send email verification code", error);
 		}
 	}
 	/**
@@ -1127,7 +1183,7 @@ var RegistrationService = class {
 };
 //#endregion
-//#region ../../src/api-users/services/UserService.ts
+//#region ../../src/api/users/services/UserService.ts
 var UserService = class {
 	log = $logger();
 	verificationController = $client();
@@ -1290,6 +1346,7 @@ var UserService = class {
 			email: data.email,
 			userRealmName
 		});
+		const realm = this.userRealmProvider.getRealm(userRealmName);
 		if (data.username) {
 			if (await this.users(userRealmName).findOne({ where: { username: { eq: data.username } } }).catch(() => void 0)) {
 				this.log.debug("Username already taken", { username: data.username });
@@ -1310,7 +1367,8 @@ var UserService = class {
 		}
 		const user = await this.users(userRealmName).create({
 			...data,
-			roles: data.roles ?? ["user"]
+			roles: data.roles ?? ["user"],
+			realm: realm.name
 		});
 		this.log.info("User created", {
 			userId: user.id,
@@ -1347,7 +1405,7 @@ var UserService = class {
 };
 //#endregion
-//#region ../../src/api-users/controllers/UserController.ts
+//#region ../../src/api/users/controllers/UserController.ts
 var UserController = class {
 	url = "/users";
 	group = "users";
@@ -1652,59 +1710,7 @@ var UserController = class {
 };
 //#endregion
-//#region ../../src/api-users/atoms/realmAuthSettingsAtom.ts
-const realmAuthSettingsAtom = $atom({
-	name: "alepha.api.users.realmAuthSettings",
-	schema: t.object({
-		registrationAllowed: t.boolean({ description: "Enable user self-registration" }),
-		emailEnabled: t.boolean({ description: "Enable email address as a login/registration credential" }),
-		emailRequired: t.boolean({ description: "Require email address for user accounts" }),
-		usernameEnabled: t.boolean({ description: "Enable username as a login/registration credential" }),
-		usernameRequired: t.boolean({ description: "Require username for user accounts" }),
-		phoneEnabled: t.boolean({ description: "Enable phone number as a login/registration credential" }),
-		phoneRequired: t.boolean({ description: "Require phone number for user accounts" }),
-		verifyEmailRequired: t.boolean({ description: "Require email verification for user accounts" }),
-		verifyPhoneRequired: t.boolean({ description: "Require phone verification for user accounts" }),
-		firstNameLastNameEnabled: t.boolean({ description: "Enable first and last name for user accounts" }),
-		firstNameLastNameRequired: t.boolean({ description: "Require first and last name for user accounts" }),
-		resetPasswordAllowed: t.boolean({ description: "Enable forgot password functionality" }),
-		passwordPolicy: t.object({
-			minLength: t.integer({
-				description: "Minimum password length",
-				default: 8,
-				minimum: 1
-			}),
-			requireUppercase: t.boolean({ description: "Require at least one uppercase letter" }),
-			requireLowercase: t.boolean({ description: "Require at least one lowercase letter" }),
-			requireNumbers: t.boolean({ description: "Require at least one number" }),
-			requireSpecialCharacters: t.boolean({ description: "Require at least one special character" })
-		})
-	}),
-	default: {
-		registrationAllowed: true,
-		emailEnabled: true,
-		emailRequired: true,
-		usernameEnabled: false,
-		usernameRequired: false,
-		phoneEnabled: false,
-		phoneRequired: false,
-		verifyEmailRequired: false,
-		verifyPhoneRequired: false,
-		resetPasswordAllowed: false,
-		firstNameLastNameEnabled: false,
-		firstNameLastNameRequired: false,
-		passwordPolicy: {
-			minLength: 8,
-			requireUppercase: true,
-			requireLowercase: true,
-			requireNumbers: true,
-			requireSpecialCharacters: false
-		}
-	}
-});
-//#endregion
-//#region ../../src/api-users/schemas/userRealmConfigSchema.ts
+//#region ../../src/api/users/schemas/userRealmConfigSchema.ts
 const userRealmConfigSchema = t.object({
 	settings: realmAuthSettingsAtom.schema,
 	realmName: t.string(),
@@ -1712,7 +1718,7 @@ const userRealmConfigSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/controllers/UserRealmController.ts
+//#region ../../src/api/users/controllers/UserRealmController.ts
 /**
 * Controller for exposing realm configuration.
 * Uses $route instead of $action to keep endpoints hidden from API documentation.
@@ -1721,7 +1727,6 @@ var UserRealmController = class {
 	url = "/realms";
 	userRealmProvider = $inject(UserRealmProvider);
 	serverAuthProvider = $inject(ServerAuthProvider);
-	cryptoProvider = $inject(CryptoProvider);
 	/**
 	* Get realm configuration settings.
 	* This endpoint is not exposed in the API documentation.
@@ -1763,7 +1768,7 @@ var UserRealmController = class {
 };
 //#endregion
-//#region ../../src/api-users/services/SessionService.ts
+//#region ../../src/api/users/services/SessionService.ts
 var SessionService = class {
 	alepha = $inject(Alepha);
 	fsp = $inject(FileSystemProvider);
@@ -1808,7 +1813,8 @@ var SessionService = class {
 			else {
 				this.log.warn("Invalid login identifier format", {
 					provider,
-					username
+					username,
+					realm: name
 				});
 				throw new InvalidCredentialsError();
 			}
@@ -1816,7 +1822,8 @@ var SessionService = class {
 			if (!user) {
 				this.log.warn("User not found during login attempt", {
 					provider,
-					username
+					username,
+					realm: name
 				});
 				throw new InvalidCredentialsError();
 			}
@@ -1829,14 +1836,16 @@ var SessionService = class {
 				this.log.error("Identity has no password configured", {
 					provider,
 					username,
-					identityId: identity.id
+					identityId: identity.id,
+					realm: name
 				});
 				throw new InvalidCredentialsError();
 			}
 			if (!await this.cryptoProvider.verifyPassword(password, storedPassword)) {
 				this.log.warn("Invalid password during login attempt", {
 					provider,
-					username
+					username,
+					realm: name
 				});
 				throw new InvalidCredentialsError();
 			}
@@ -1986,7 +1995,7 @@ var SessionService = class {
 };
 //#endregion
-//#region ../../src/api-users/primitives/$userRealm.ts
+//#region ../../src/api/users/primitives/$userRealm.ts
 /**
 * Already configured realm for user management.
 *
@@ -2007,8 +2016,9 @@ const $userRealm = (options = {}) => {
 	const userRealmProvider = alepha.inject(UserRealmProvider);
 	const name = options.realm?.name ?? DEFAULT_USER_REALM_NAME;
 	const userRealm = userRealmProvider.register(name, options);
-	if (options.modules?.audits) {}
+	if (options.modules?.audits) alepha.with(AlephaApiAudits);
 	if (options.modules?.files) alepha.with(AlephaApiFiles);
+	if (options.modules?.jobs) alepha.with(AlephaApiJobs);
 	const realm = $realm({
 		...options.realm,
 		name,
@@ -2040,10 +2050,12 @@ const $userRealm = (options = {}) => {
 		}
 	});
 	realm.link = (name$1) => {
-		return (ctx) => sessionService.link(name$1, ctx.user);
+		return (ctx) => sessionService.link(name$1, ctx.user, realm.name);
 	};
 	realm.login = (name$1) => {
-		return (credentials) => sessionService.login(name$1, credentials.username, credentials.password);
+		return (credentials) => {
+			return sessionService.login(name$1, credentials.username, credentials.password, realm.name);
+		};
 	};
 	const identities$1 = options.identities ?? { credentials: true };
 	if (identities$1) {
@@ -2058,7 +2070,7 @@ const $userRealm = (options = {}) => {
 };
 //#endregion
-//#region ../../src/api-users/schemas/loginSchema.ts
+//#region ../../src/api/users/schemas/loginSchema.ts
 const loginSchema = t.object({
 	username: t.text({
 		minLength: 3,
@@ -2072,7 +2084,7 @@ const loginSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/registerSchema.ts
+//#region ../../src/api/users/schemas/registerSchema.ts
 const registerSchema = t.object({
 	username: t.string({
 		minLength: 3,
@@ -2100,7 +2112,7 @@ const registerSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/schemas/resetPasswordSchema.ts
+//#region ../../src/api/users/schemas/resetPasswordSchema.ts
 const resetPasswordRequestSchema = t.object({ email: t.email({ description: "Email address to send password reset link" }) });
 const resetPasswordSchema = t.object({
 	token: t.string({ description: "Password reset token from email" }),
@@ -2115,7 +2127,7 @@ const resetPasswordSchema = t.object({
 });
 //#endregion
-//#region ../../src/api-users/index.ts
+//#region ../../src/api/users/index.ts
 /**
 * Provides user management API endpoints for Alepha applications.
 *
@@ -2140,7 +2152,8 @@ const AlephaApiUsers = $module({
 		UserController,
 		SessionController,
 		IdentityController,
-		UserRealmController
+		UserRealmController,
+		UserNotifications
 	]
 });