npm - alepha - Versions diffs - 0.14.4 → 0.15.1 - Mend

alepha 0.14.4 → 0.15.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (322) hide show

package/README.md +44 -102
package/dist/api/audits/index.d.ts +331 -443
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +2 -2
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.d.ts +0 -113
package/dist/api/files/index.d.ts.map +1 -1
package/dist/api/files/index.js +2 -3
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +151 -262
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/notifications/index.browser.js +4 -4
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +164 -276
package/dist/api/notifications/index.d.ts.map +1 -1
package/dist/api/notifications/index.js +4 -4
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.d.ts +265 -377
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/users/index.browser.js +1 -2
package/dist/api/users/index.browser.js.map +1 -1
package/dist/api/users/index.d.ts +195 -301
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +203 -184
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/batch/index.d.ts.map +1 -1
package/dist/batch/index.js +1 -2
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts.map +1 -1
package/dist/cache/core/index.d.ts.map +1 -1
package/dist/cache/redis/index.d.ts.map +1 -1
package/dist/cache/redis/index.js +2 -2
package/dist/cache/redis/index.js.map +1 -1
package/dist/cli/index.d.ts +5900 -165
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +1481 -639
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +8 -4
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +29 -25
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js +563 -54
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +175 -8
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +564 -54
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js +563 -54
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts.map +1 -1
package/dist/datetime/index.js +4 -4
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +89 -42
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +129 -33
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +7969 -2
package/dist/fake/index.d.ts.map +1 -1
package/dist/fake/index.js +22 -22
package/dist/fake/index.js.map +1 -1
package/dist/file/index.d.ts +134 -1
package/dist/file/index.d.ts.map +1 -1
package/dist/file/index.js +253 -1
package/dist/file/index.js.map +1 -1
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/redis/index.d.ts.map +1 -1
package/dist/logger/index.d.ts +1 -2
package/dist/logger/index.d.ts.map +1 -1
package/dist/logger/index.js +1 -5
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +19 -1
package/dist/mcp/index.d.ts.map +1 -1
package/dist/mcp/index.js +28 -4
package/dist/mcp/index.js.map +1 -1
package/dist/orm/chunk-DH6iiROE.js +38 -0
package/dist/orm/index.browser.js +9 -9
package/dist/orm/index.browser.js.map +1 -1
package/dist/orm/index.bun.js +2821 -0
package/dist/orm/index.bun.js.map +1 -0
package/dist/orm/index.d.ts +318 -169
package/dist/orm/index.d.ts.map +1 -1
package/dist/orm/index.js +2086 -1776
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +4 -4
package/dist/queue/core/index.d.ts.map +1 -1
package/dist/queue/redis/index.d.ts.map +1 -1
package/dist/redis/index.bun.js +285 -0
package/dist/redis/index.bun.js.map +1 -0
package/dist/redis/index.d.ts +13 -31
package/dist/redis/index.d.ts.map +1 -1
package/dist/redis/index.js +18 -38
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts.map +1 -1
package/dist/router/index.d.ts.map +1 -1
package/dist/scheduler/index.d.ts +83 -1
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/scheduler/index.js +393 -1
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.browser.js +5 -1
package/dist/security/index.browser.js.map +1 -1
package/dist/security/index.d.ts +598 -112
package/dist/security/index.d.ts.map +1 -1
package/dist/security/index.js +1808 -97
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +1200 -175
package/dist/server/auth/index.d.ts.map +1 -1
package/dist/server/auth/index.js +1268 -37
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +6 -3
package/dist/server/cache/index.d.ts.map +1 -1
package/dist/server/cache/index.js +1 -1
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/cookies/index.d.ts.map +1 -1
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.d.ts +115 -13
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +321 -139
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +0 -1
package/dist/server/cors/index.d.ts.map +1 -1
package/dist/server/health/index.d.ts +0 -1
package/dist/server/health/index.d.ts.map +1 -1
package/dist/server/helmet/index.d.ts.map +1 -1
package/dist/server/links/index.browser.js +9 -1
package/dist/server/links/index.browser.js.map +1 -1
package/dist/server/links/index.d.ts +1 -2
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +14 -7
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts +514 -1
package/dist/server/metrics/index.d.ts.map +1 -1
package/dist/server/metrics/index.js +4462 -4
package/dist/server/metrics/index.js.map +1 -1
package/dist/server/multipart/index.d.ts.map +1 -1
package/dist/server/proxy/index.d.ts +0 -1
package/dist/server/proxy/index.d.ts.map +1 -1
package/dist/server/rate-limit/index.d.ts.map +1 -1
package/dist/server/static/index.d.ts.map +1 -1
package/dist/server/swagger/index.d.ts +1 -2
package/dist/server/swagger/index.d.ts.map +1 -1
package/dist/server/swagger/index.js +1 -2
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +3 -1
package/dist/sms/index.d.ts.map +1 -1
package/dist/sms/index.js +10 -10
package/dist/sms/index.js.map +1 -1
package/dist/thread/index.d.ts +0 -1
package/dist/thread/index.d.ts.map +1 -1
package/dist/thread/index.js +2 -2
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.d.ts.map +1 -1
package/dist/topic/redis/index.d.ts.map +1 -1
package/dist/vite/index.d.ts +6315 -149
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +140 -469
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.browser.js +9 -9
package/dist/websocket/index.browser.js.map +1 -1
package/dist/websocket/index.d.ts +28 -28
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +9 -9
package/dist/websocket/index.js.map +1 -1
package/package.json +13 -18
package/src/api/files/controllers/AdminFileStatsController.ts +0 -1
package/src/api/users/atoms/realmAuthSettingsAtom.ts +5 -0
package/src/api/users/controllers/{UserRealmController.ts → RealmController.ts} +11 -11
package/src/api/users/entities/users.ts +1 -1
package/src/api/users/index.ts +8 -8
package/src/api/users/primitives/{$userRealm.ts → $realm.ts} +17 -19
package/src/api/users/providers/{UserRealmProvider.ts → RealmProvider.ts} +26 -30
package/src/api/users/schemas/{userRealmConfigSchema.ts → realmConfigSchema.ts} +2 -2
package/src/api/users/services/CredentialService.ts +7 -7
package/src/api/users/services/IdentityService.ts +4 -4
package/src/api/users/services/RegistrationService.spec.ts +25 -27
package/src/api/users/services/RegistrationService.ts +38 -27
package/src/api/users/services/SessionCrudService.ts +3 -3
package/src/api/users/services/SessionService.spec.ts +3 -3
package/src/api/users/services/SessionService.ts +27 -18
package/src/api/users/services/UserService.ts +7 -7
package/src/batch/providers/BatchProvider.ts +1 -2
package/src/cli/apps/AlephaCli.ts +2 -2
package/src/cli/apps/AlephaPackageBuilderCli.ts +47 -20
package/src/cli/assets/apiHelloControllerTs.ts +19 -0
package/src/cli/assets/apiIndexTs.ts +16 -0
package/src/cli/assets/biomeJson.ts +2 -1
package/src/cli/assets/claudeMd.ts +308 -0
package/src/cli/assets/dummySpecTs.ts +2 -1
package/src/cli/assets/editorconfig.ts +2 -1
package/src/cli/assets/mainBrowserTs.ts +4 -3
package/src/cli/assets/mainCss.ts +24 -0
package/src/cli/assets/mainServerTs.ts +24 -0
package/src/cli/assets/tsconfigJson.ts +2 -1
package/src/cli/assets/webAppRouterTs.ts +16 -0
package/src/cli/assets/webHelloComponentTsx.ts +20 -0
package/src/cli/assets/webIndexTs.ts +16 -0
package/src/cli/atoms/appEntryOptions.ts +13 -0
package/src/cli/atoms/buildOptions.ts +1 -1
package/src/cli/atoms/changelogOptions.ts +1 -1
package/src/cli/commands/build.ts +97 -61
package/src/cli/commands/db.ts +21 -18
package/src/cli/commands/deploy.ts +17 -5
package/src/cli/commands/dev.ts +26 -47
package/src/cli/commands/gen/env.ts +1 -1
package/src/cli/commands/init.ts +79 -25
package/src/cli/commands/lint.ts +9 -3
package/src/cli/commands/test.ts +8 -2
package/src/cli/commands/typecheck.ts +5 -1
package/src/cli/commands/verify.ts +4 -2
package/src/cli/defineConfig.ts +9 -0
package/src/cli/index.ts +2 -1
package/src/cli/providers/AppEntryProvider.ts +131 -0
package/src/cli/providers/ViteBuildProvider.ts +82 -0
package/src/cli/providers/ViteDevServerProvider.ts +350 -0
package/src/cli/providers/ViteTemplateProvider.ts +27 -0
package/src/cli/services/AlephaCliUtils.ts +72 -602
package/src/cli/services/PackageManagerUtils.ts +308 -0
package/src/cli/services/ProjectScaffolder.ts +329 -0
package/src/command/helpers/Runner.ts +15 -3
package/src/core/Alepha.ts +2 -8
package/src/core/__tests__/Alepha-graph.spec.ts +4 -0
package/src/core/index.shared.ts +1 -0
package/src/core/index.ts +2 -0
package/src/core/primitives/$hook.ts +6 -2
package/src/core/primitives/$module.spec.ts +4 -0
package/src/core/primitives/$module.ts +12 -0
package/src/core/providers/AlsProvider.ts +1 -1
package/src/core/providers/CodecManager.spec.ts +12 -6
package/src/core/providers/CodecManager.ts +26 -6
package/src/core/providers/EventManager.ts +169 -13
package/src/core/providers/KeylessJsonSchemaCodec.spec.ts +878 -0
package/src/core/providers/KeylessJsonSchemaCodec.ts +789 -0
package/src/core/providers/SchemaValidator.spec.ts +236 -0
package/src/core/providers/StateManager.spec.ts +27 -16
package/src/email/providers/LocalEmailProvider.spec.ts +111 -87
package/src/email/providers/LocalEmailProvider.ts +52 -15
package/src/email/providers/NodemailerEmailProvider.ts +167 -56
package/src/file/errors/FileError.ts +7 -0
package/src/file/index.ts +9 -1
package/src/file/providers/MemoryFileSystemProvider.ts +393 -0
package/src/logger/providers/PrettyFormatterProvider.ts +0 -9
package/src/mcp/errors/McpError.ts +30 -0
package/src/mcp/index.ts +3 -0
package/src/mcp/transports/SseMcpTransport.ts +16 -6
package/src/orm/index.browser.ts +1 -19
package/src/orm/index.bun.ts +77 -0
package/src/orm/index.shared-server.ts +22 -0
package/src/orm/index.shared.ts +15 -0
package/src/orm/index.ts +19 -39
package/src/orm/providers/DrizzleKitProvider.ts +3 -5
package/src/orm/providers/drivers/BunPostgresProvider.ts +3 -5
package/src/orm/providers/drivers/BunSqliteProvider.ts +1 -1
package/src/orm/providers/drivers/CloudflareD1Provider.ts +4 -0
package/src/orm/providers/drivers/DatabaseProvider.ts +4 -0
package/src/orm/providers/drivers/PglitePostgresProvider.ts +4 -0
package/src/orm/services/Repository.ts +19 -0
package/src/redis/index.bun.ts +35 -0
package/src/redis/providers/BunRedisProvider.ts +12 -43
package/src/redis/providers/BunRedisSubscriberProvider.ts +2 -3
package/src/redis/providers/NodeRedisProvider.ts +16 -34
package/src/{server/security → security}/__tests__/BasicAuth.spec.ts +11 -11
package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts +21 -16
package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts +5 -5
package/src/security/index.browser.ts +5 -0
package/src/security/index.ts +90 -7
package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} +11 -11
package/src/security/primitives/{$realm.ts → $issuer.ts} +20 -17
package/src/security/primitives/$role.ts +5 -5
package/src/security/primitives/$serviceAccount.spec.ts +5 -5
package/src/security/primitives/$serviceAccount.ts +3 -3
package/src/{server/security → security}/providers/ServerSecurityProvider.ts +5 -7
package/src/server/auth/primitives/$auth.ts +10 -10
package/src/server/auth/primitives/$authCredentials.ts +3 -3
package/src/server/auth/primitives/$authGithub.ts +3 -3
package/src/server/auth/primitives/$authGoogle.ts +3 -3
package/src/server/auth/providers/ServerAuthProvider.ts +13 -13
package/src/server/cache/providers/ServerCacheProvider.ts +1 -1
package/src/server/cookies/providers/ServerCookiesProvider.ts +3 -3
package/src/server/core/index.ts +1 -1
package/src/server/core/providers/BunHttpServerProvider.ts +1 -1
package/src/server/core/providers/NodeHttpServerProvider.spec.ts +125 -0
package/src/server/core/providers/NodeHttpServerProvider.ts +92 -24
package/src/server/core/providers/ServerBodyParserProvider.ts +19 -23
package/src/server/core/providers/ServerLoggerProvider.ts +23 -19
package/src/server/core/providers/ServerProvider.ts +144 -24
package/src/server/core/providers/ServerRouterProvider.ts +259 -115
package/src/server/core/providers/ServerTimingProvider.ts +2 -2
package/src/server/links/atoms/apiLinksAtom.ts +7 -0
package/src/server/links/index.browser.ts +2 -0
package/src/server/links/index.ts +3 -1
package/src/server/links/providers/LinkProvider.ts +1 -1
package/src/server/swagger/index.ts +1 -1
package/src/sms/providers/LocalSmsProvider.spec.ts +153 -111
package/src/sms/providers/LocalSmsProvider.ts +8 -7
package/src/vite/index.ts +3 -2
package/src/vite/tasks/buildClient.ts +0 -1
package/src/vite/tasks/buildServer.ts +80 -22
package/src/vite/tasks/copyAssets.ts +5 -4
package/src/vite/tasks/generateCloudflare.ts +7 -0
package/src/vite/tasks/generateSitemap.ts +64 -23
package/src/vite/tasks/index.ts +0 -2
package/src/vite/tasks/prerenderPages.ts +49 -24
package/dist/server/security/index.browser.js +0 -13
package/dist/server/security/index.browser.js.map +0 -1
package/dist/server/security/index.d.ts +0 -173
package/dist/server/security/index.d.ts.map +0 -1
package/dist/server/security/index.js +0 -311
package/dist/server/security/index.js.map +0 -1
package/src/cli/assets/appRouterTs.ts +0 -9
package/src/cli/assets/indexHtml.ts +0 -15
package/src/cli/assets/mainTs.ts +0 -13
package/src/cli/commands/format.ts +0 -17
package/src/server/security/index.browser.ts +0 -10
package/src/server/security/index.ts +0 -94
package/src/vite/helpers/boot.ts +0 -106
package/src/vite/plugins/viteAlephaDev.ts +0 -177
package/src/vite/tasks/devServer.ts +0 -69
package/src/vite/tasks/runAlepha.ts +0 -270
/package/src/{server/security → security}/primitives/$basicAuth.ts +0 -0
/package/src/{server/security → security}/providers/ServerBasicAuthProvider.ts +0 -0

package/src/{server/security → security}/__tests__/ServerSecurityProvider-realm.spec.ts RENAMED Viewed

@@ -1,14 +1,19 @@
 import { randomUUID } from "node:crypto";
 import { Alepha } from "alepha";
-import { $realm } from "alepha/security";
-import { $action, $route, ForbiddenError, ServerProvider } from "alepha/server";
+import {
+  $action,
+  $route,
+  AlephaServer,
+  ForbiddenError,
+  ServerProvider,
+} from "alepha/server";
 import { describe, expect, it } from "vitest";
-import { AlephaServerSecurity } from "../index.ts";
+import { $issuer, AlephaSecurity } from "../index.ts";
 describe("ServerSecurityProvider - Realm Protection", () => {
   it("should allow access when user belongs to the required realm", async () => {
     class TestApp {
-      realmA = $realm({
+      realmA = $issuer({
         secret: "test-realm-a",
         roles: [
           {
@@ -18,7 +23,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
         ],
       });
-      realmB = $realm({
+      realmB = $issuer({
         secret: "test-realm-b",
         roles: [
           {
@@ -43,7 +48,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();
@@ -85,7 +90,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
   it("should deny access when user does not belong to the required realm", async () => {
     class TestApp {
-      realmA = $realm({
+      realmA = $issuer({
         secret: "test-realm-a",
         roles: [
           {
@@ -95,7 +100,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
         ],
       });
-      realmB = $realm({
+      realmB = $issuer({
         secret: "test-realm-b",
         roles: [
           {
@@ -120,7 +125,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();
@@ -172,7 +177,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
   it("should work with actions when user has no realm attribute", async () => {
     class TestApp {
-      realmA = $realm({
+      realmA = $issuer({
         secret: "test-realm-a",
         roles: [
           {
@@ -188,7 +193,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();
@@ -215,7 +220,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
   it("should combine realm and permission checks", async () => {
     class TestApp {
-      realmA = $realm({
+      realmA = $issuer({
         secret: "test-realm-a",
         roles: [
           {
@@ -229,7 +234,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
         ],
       });
-      realmB = $realm({
+      realmB = $issuer({
         secret: "test-realm-b",
       });
@@ -248,7 +253,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();
@@ -336,7 +341,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
   it("should work with fetch requests when realm is valid", async () => {
     class TestApp {
-      realmA = $realm({
+      realmA = $issuer({
         secret: "test-realm-a",
         roles: [
           {
@@ -352,7 +357,7 @@ describe("ServerSecurityProvider - Realm Protection", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();

package/src/{server/security/providers → security/__tests__}/ServerSecurityProvider.spec.ts RENAMED Viewed

@@ -1,15 +1,15 @@
 import { randomUUID } from "node:crypto";
 import { Alepha } from "alepha";
-import { $realm } from "alepha/security";
 import {
   $action,
+  AlephaServer,
   ForbiddenError,
   HttpError,
   ServerProvider,
   UnauthorizedError,
 } from "alepha/server";
 import { describe, expect, it } from "vitest";
-import { AlephaServerSecurity } from "../index.ts";
+import { $issuer, AlephaSecurity } from "../index.ts";
 describe("ServerSecurityProvider", () => {
   it("should protect action from unauthorized users", async () => {
@@ -19,7 +19,7 @@ describe("ServerSecurityProvider", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();
@@ -62,7 +62,7 @@ describe("ServerSecurityProvider", () => {
         group: "read",
         handler: () => "USER",
       });
-      realm = $realm({
+      issuer = $issuer({
         secret: "test",
         roles: [
           {
@@ -77,7 +77,7 @@ describe("ServerSecurityProvider", () => {
       });
     }
-    const alepha = Alepha.create().with(AlephaServerSecurity);
+    const alepha = Alepha.create().with(AlephaServer).with(AlephaSecurity);
     const app = alepha.inject(TestApp);
     await alepha.start();

package/src/security/index.browser.ts CHANGED Viewed

@@ -11,3 +11,8 @@ export * from "./schemas/userAccountInfoSchema.ts";
 export const AlephaSecurity = $module({
   name: "alepha.security",
 });
+/**
+ * @deprecated Use `AlephaSecurity` instead. Server security providers are automatically registered when `AlephaServer` is available.
+ */
+export const AlephaServerSecurity = AlephaSecurity;

package/src/security/index.ts CHANGED Viewed

@@ -1,27 +1,37 @@
-import { $module } from "alepha";
+import { $module, type Alepha } from "alepha";
+import { AlephaServer, type FetchOptions } from "alepha/server";
+import type { UserAccountToken } from "./interfaces/UserAccountToken.ts";
+import { $basicAuth } from "./primitives/$basicAuth.ts";
+import { $issuer } from "./primitives/$issuer.ts";
 import { $permission } from "./primitives/$permission.ts";
-import { $realm } from "./primitives/$realm.ts";
 import { $role } from "./primitives/$role.ts";
 import { CryptoProvider } from "./providers/CryptoProvider.ts";
 import { JwtProvider } from "./providers/JwtProvider.ts";
 import { SecurityProvider } from "./providers/SecurityProvider.ts";
+import { ServerBasicAuthProvider } from "./providers/ServerBasicAuthProvider.ts";
+import { ServerSecurityProvider } from "./providers/ServerSecurityProvider.ts";
 import type { UserAccount } from "./schemas/userAccountInfoSchema.ts";
 export * from "./errors/InvalidCredentialsError.ts";
 export * from "./errors/InvalidPermissionError.ts";
 export * from "./errors/SecurityError.ts";
 export * from "./interfaces/UserAccountToken.ts";
+export * from "./primitives/$basicAuth.ts";
+export * from "./primitives/$issuer.ts";
 export * from "./primitives/$permission.ts";
-export * from "./primitives/$realm.ts";
 export * from "./primitives/$role.ts";
 export * from "./primitives/$serviceAccount.ts";
 export * from "./providers/CryptoProvider.ts";
 export * from "./providers/JwtProvider.ts";
 export * from "./providers/SecurityProvider.ts";
+export * from "./providers/ServerBasicAuthProvider.ts";
+export * from "./providers/ServerSecurityProvider.ts";
 export * from "./schemas/permissionSchema.ts";
 export * from "./schemas/roleSchema.ts";
 export * from "./schemas/userAccountInfoSchema.ts";
+import type { ServerRouteSecure } from "./providers/ServerSecurityProvider.ts";
 declare module "alepha" {
   interface Hooks {
     "security:user:created": {
@@ -29,22 +39,95 @@ declare module "alepha" {
       user: UserAccount;
     };
   }
+  interface State {
+    /**
+     * Real (or fake) user account, used for internal actions.
+     *
+     * If you define this, you assume that all actions are executed by this user by default.
+     * > To force a different user, you need to pass it explicitly in the options.
+     */
+    "alepha.server.security.system.user"?: UserAccountToken;
+    /**
+     * The authenticated user account attached to the server request state.
+     *
+     * @internal
+     */
+    "alepha.server.request.user"?: UserAccount;
+  }
+}
+declare module "alepha/server" {
+  interface ServerRequest<TConfig> {
+    user?: UserAccountToken; // for all routes, user is maybe present
+  }
+  interface ServerActionRequest<TConfig> {
+    user: UserAccountToken; // for actions, user is always present
+  }
+  interface ServerRoute {
+    /**
+     * If true, the route will be protected by the security provider.
+     * All actions are secure by default, but you can disable it for specific actions.
+     */
+    secure?: boolean | ServerRouteSecure;
+  }
+  interface ClientRequestOptions extends FetchOptions {
+    /**
+     * Forward user from the previous request.
+     * If "system", use system user. @see {ServerSecurityProvider.localSystemUser}
+     * If "context", use the user from the current context (e.g. request).
+     *
+     * @default "system" if provided, else "context" if available.
+     */
+    user?: UserAccountToken | "system" | "context";
+  }
 }
 /**
  * Provides comprehensive authentication and authorization capabilities with JWT tokens, role-based access control, and user management.
  *
- * The security module enables building secure applications using primitives like `$realm`, `$role`, and `$permission`
+ * The security module enables building secure applications using primitives like `$issuer`, `$role`, and `$permission`
  * on class properties. It offers JWT-based authentication, fine-grained permissions, service accounts, and seamless
  * integration with various authentication providers and user management systems.
  *
- * @see {@link $realm}
+ * When used with `AlephaServer`, this module automatically registers `ServerSecurityProvider` and `ServerBasicAuthProvider`
+ * to protect HTTP routes and actions with JWT and Basic Auth.
+ *
+ * @see {@link $issuer}
  * @see {@link $role}
  * @see {@link $permission}
+ * @see {@link $basicAuth}
  * @module alepha.security
  */
 export const AlephaSecurity = $module({
   name: "alepha.security",
-  primitives: [$realm, $role, $permission],
-  services: [SecurityProvider, JwtProvider, CryptoProvider],
+  primitives: [$issuer, $role, $permission, $basicAuth],
+  services: [
+    SecurityProvider,
+    JwtProvider,
+    CryptoProvider,
+    ServerSecurityProvider,
+    ServerBasicAuthProvider,
+  ],
+  register: (alepha: Alepha) => {
+    // Always register core security providers
+    alepha.with(SecurityProvider);
+    alepha.with(JwtProvider);
+    alepha.with(CryptoProvider);
+    // Register server security providers only if AlephaServer is available
+    if (alepha.has(AlephaServer)) {
+      alepha.with(ServerSecurityProvider);
+      alepha.with(ServerBasicAuthProvider);
+    }
+  },
 });
+/**
+ * @deprecated Use `AlephaSecurity` instead. Server security providers are automatically registered when `AlephaServer` is available.
+ */
+export const AlephaServerSecurity = AlephaSecurity;

package/src/security/primitives/{$realm.spec.ts → $issuer.spec.ts} RENAMED Viewed

@@ -2,9 +2,9 @@ import { randomUUID } from "node:crypto";
 import { Alepha } from "alepha";
 import { DateTimeProvider } from "alepha/datetime";
 import { describe, test } from "vitest";
-import { $realm } from "../index.ts";
+import { $issuer } from "../index.ts";
-describe("$realm", () => {
+describe("$issuer", () => {
   const roles = [
     {
       name: "admin",
@@ -18,7 +18,7 @@ describe("$realm", () => {
   test("should create token (access & refresh)", async ({ expect }) => {
     class App {
-      realm = $realm({
+      issuer = $issuer({
         secret: "test",
         roles,
       });
@@ -37,15 +37,15 @@ describe("$realm", () => {
     const now = dt.pause();
-    const token = await app.realm.createToken(user);
+    const token = await app.issuer.createToken(user);
     expect(token).toEqual({
       access_token: expect.any(String),
-      expires_in: app.realm.accessTokenExpiration.asSeconds(),
+      expires_in: app.issuer.accessTokenExpiration.asSeconds(),
       refresh_token: expect.any(String),
       token_type: "Bearer",
       issued_at: now.unix(),
-      refresh_token_expires_in: app.realm.refreshTokenExpiration.asSeconds(),
+      refresh_token_expires_in: app.issuer.refreshTokenExpiration.asSeconds(),
     });
     expect(
@@ -54,9 +54,9 @@ describe("$realm", () => {
       ),
     ).toEqual({
       sub: user.id,
-      aud: app.realm.name,
+      aud: app.issuer.name,
       iat: now.unix(),
-      exp: now.unix() + app.realm.accessTokenExpiration.asSeconds(),
+      exp: now.unix() + app.issuer.accessTokenExpiration.asSeconds(),
       name: user.name,
       roles: ["admin", "user"],
       sid: expect.any(String),
@@ -71,9 +71,9 @@ describe("$realm", () => {
       ),
     ).toEqual({
       sub: user.id,
-      aud: app.realm.name,
+      aud: app.issuer.name,
       iat: now.unix(),
-      exp: now.unix() + app.realm.refreshTokenExpiration.asSeconds(),
+      exp: now.unix() + app.issuer.refreshTokenExpiration.asSeconds(),
     });
     expect(
@@ -88,7 +88,7 @@ describe("$realm", () => {
       typ: "refresh",
     });
-    const newToken = await app.realm.createToken(user, token);
+    const newToken = await app.issuer.createToken(user, token);
     expect(newToken).toEqual({
       access_token: expect.any(String),
       issued_at: now.unix(),

package/src/security/primitives/{$realm.ts → $issuer.ts} RENAMED Viewed

@@ -13,43 +13,46 @@ import type { Role } from "../schemas/roleSchema.ts";
 import type { UserAccount } from "../schemas/userAccountInfoSchema.ts";
 /**
- * Create a new realm.
+ * Create a new issuer.
+ *
+ * An issuer is responsible for creating and verifying JWT tokens.
+ * It can be internal (with a secret) or external (with a JWKS).
  */
-export const $realm = (options: RealmPrimitiveOptions): RealmPrimitive => {
-  return createPrimitive(RealmPrimitive, options);
+export const $issuer = (options: IssuerPrimitiveOptions): IssuerPrimitive => {
+  return createPrimitive(IssuerPrimitive, options);
 };
 // ---------------------------------------------------------------------------------------------------------------------
-export type RealmPrimitiveOptions = {
+export type IssuerPrimitiveOptions = {
   /**
-   * Define the realm name.
+   * Define the issuer name.
    * If not provided, it will use the property key.
    */
   name?: string;
   /**
-   * Short description about the realm.
+   * Short description about the issuer.
    */
   description?: string;
   /**
-   * All roles available in the realm. Role is a string (role name) or a Role object (embedded role).
+   * All roles available in the issuer. Role is a string (role name) or a Role object (embedded role).
    */
   roles?: Array<string | Role>;
   /**
-   * Realm settings.
+   * Issuer settings.
    */
-  settings?: RealmSettings;
+  settings?: IssuerSettings;
   /**
    * Parse the JWT payload to create a user account info.
    */
   profile?: (jwtPayload: Record<string, any>) => UserAccount;
-} & (RealmInternal | RealmExternal);
+} & (IssuerInternal | IssuerExternal);
-export interface RealmSettings {
+export interface IssuerSettings {
   accessToken?: {
     /**
      * Lifetime of the access token.
@@ -87,14 +90,14 @@ export interface RealmSettings {
   onDeleteSession?: (refreshToken: string) => Promise<void>;
 }
-export type RealmInternal = {
+export type IssuerInternal = {
   /**
    * Internal secret to sign JWT tokens and verify them.
    */
   secret: string;
 };
-export interface RealmExternal {
+export interface IssuerExternal {
   /**
    * URL to the JWKS (JSON Web Key Set) to verify JWT tokens from external providers.
    */
@@ -103,7 +106,7 @@ export interface RealmExternal {
 // ---------------------------------------------------------------------------------------------------------------------
-export class RealmPrimitive extends Primitive<RealmPrimitiveOptions> {
+export class IssuerPrimitive extends Primitive<IssuerPrimitiveOptions> {
   protected readonly securityProvider = $inject(SecurityProvider);
   protected readonly dateTimeProvider = $inject(DateTimeProvider);
   protected readonly jwt = $inject(JwtProvider);
@@ -148,14 +151,14 @@ export class RealmPrimitive extends Primitive<RealmPrimitiveOptions> {
   }
   /**
-   * Get all roles in the realm.
+   * Get all roles in the issuer.
    */
   public getRoles(): Role[] {
     return this.securityProvider.getRoles(this.name);
   }
   /**
-   * Set all roles in the realm.
+   * Set all roles in the issuer.
    */
   public async setRoles(roles: Role[]): Promise<void> {
     await this.securityProvider.updateRealm(this.name, roles);
@@ -336,7 +339,7 @@ export class RealmPrimitive extends Primitive<RealmPrimitiveOptions> {
   }
 }
-$realm[KIND] = RealmPrimitive;
+$issuer[KIND] = IssuerPrimitive;
 // ---------------------------------------------------------------------------------------------------------------------

package/src/security/primitives/$role.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { $inject, createPrimitive, KIND, Primitive } from "alepha";
 import { SecurityProvider } from "../providers/SecurityProvider.ts";
+import type { IssuerPrimitive } from "./$issuer.ts";
 import type { PermissionPrimitive } from "./$permission.ts";
-import type { RealmPrimitive } from "./$realm.ts";
 /**
  * Create a new role.
@@ -23,7 +23,7 @@ export interface RolePrimitiveOptions {
    */
   description?: string;
-  realm?: string | RealmPrimitive;
+  issuer?: string | IssuerPrimitive;
   permissions?: Array<
     | string
@@ -60,10 +60,10 @@ export class RolePrimitive extends Primitive<RolePrimitiveOptions> {
   }
   /**
-   * Get the realm of the role.
+   * Get the issuer of the role.
    */
-  public get realm(): string | RealmPrimitive | undefined {
-    return this.options.realm;
+  public get issuer(): string | IssuerPrimitive | undefined {
+    return this.options.issuer;
   }
   public can(permission: string | PermissionPrimitive): boolean {

package/src/security/primitives/$serviceAccount.spec.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Alepha } from "alepha";
 import { DateTimeProvider } from "alepha/datetime";
 import { describe, expect, it } from "vitest";
-import { $realm, $serviceAccount } from "../index.ts";
+import { $issuer, $serviceAccount } from "../index.ts";
 class App {
   oauth2 = $serviceAccount({
@@ -16,12 +16,12 @@ class App {
     expiresIn: 300, // 5 minutes
   };
-  realm = $realm({
-    secret: "your-realm-secret",
+  issuer = $issuer({
+    secret: "your-issuer-secret",
   });
   jwt = $serviceAccount({
-    realm: this.realm,
+    issuer: this.issuer,
     user: {
       id: "service-account",
     },
@@ -42,7 +42,7 @@ describe("$serviceAccount", () => {
     );
     expect(payload).toEqual({
       sub: expect.any(String),
-      aud: "realm",
+      aud: "issuer",
       iat: expect.any(Number),
       exp: expect.any(Number),
       sid: expect.any(String),

package/src/security/primitives/$serviceAccount.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { $context } from "alepha";
 import { DateTimeProvider } from "alepha/datetime";
 import type { UserAccount } from "../schemas/userAccountInfoSchema.ts";
-import type { AccessTokenResponse, RealmPrimitive } from "./$realm.ts";
+import type { AccessTokenResponse, IssuerPrimitive } from "./$issuer.ts";
 /**
  * Allow to get an access token for a service account.
@@ -138,7 +138,7 @@ export const $serviceAccount = (
         return tokenFromCache;
       }
-      const token = await options.realm.createToken(options.user);
+      const token = await options.issuer.createToken(options.user);
       cacheToken({
         ...token,
@@ -157,7 +157,7 @@ export type ServiceAccountPrimitiveOptions = {
       oauth2: Oauth2ServiceAccountPrimitiveOptions;
     }
   | {
-      realm: RealmPrimitive;
+      issuer: IssuerPrimitive;
       user: UserAccount;
     }
 );

package/src/{server/security → security}/providers/ServerSecurityProvider.ts RENAMED Viewed

@@ -1,19 +1,17 @@
 import { randomUUID } from "node:crypto";
 import { $hook, $inject, Alepha } from "alepha";
 import { $logger } from "alepha/logger";
-import {
-  JwtProvider,
-  type Permission,
-  SecurityProvider,
-  type UserAccountToken,
-  userAccountInfoSchema,
-} from "alepha/security";
 import {
   $action,
   ForbiddenError,
   type ServerRequest,
   UnauthorizedError,
 } from "alepha/server";
+import type { UserAccountToken } from "../interfaces/UserAccountToken.ts";
+import type { Permission } from "../schemas/permissionSchema.ts";
+import { userAccountInfoSchema } from "../schemas/userAccountInfoSchema.ts";
+import { JwtProvider } from "./JwtProvider.ts";
+import { SecurityProvider } from "./SecurityProvider.ts";
 import {
   type BasicAuthOptions,
   isBasicAuth,

package/src/server/auth/primitives/$auth.ts CHANGED Viewed

@@ -9,7 +9,7 @@ import {
 import { DateTimeProvider } from "alepha/datetime";
 import {
   type AccessTokenResponse,
-  type RealmPrimitive,
+  type IssuerPrimitive,
   SecurityError,
   SecurityProvider,
   type UserAccount,
@@ -105,10 +105,10 @@ export type AuthExternal = {
  * When using your own authentication system, e.g. using a database to store user accounts.
  * This is usually used with a custom login form.
  *
- * This relies on the `realm`, which is used to create/verify the access token.
+ * This relies on the `issuer`, which is used to create/verify the access token.
  */
 export type AuthInternal = {
-  realm: RealmPrimitive;
+  issuer: IssuerPrimitive;
 } & (
   | {
       /**
@@ -261,9 +261,9 @@ export class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
     return this.options.name ?? this.config.propertyKey;
   }
-  public get realm(): RealmPrimitive | undefined {
-    if ("realm" in this.options) {
-      return this.options.realm;
+  public get issuer(): IssuerPrimitive | undefined {
+    if ("issuer" in this.options) {
+      return this.options.issuer;
     }
     return undefined;
   }
@@ -308,13 +308,13 @@ export class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
     refreshToken: string,
     accessToken?: string,
   ): Promise<AccessTokenResponse> {
-    if ("realm" in this.options) {
-      return this.options.realm
+    if ("issuer" in this.options) {
+      return this.options.issuer
         .refreshToken(refreshToken, accessToken)
         .then((it) => it.tokens)
         .catch((error) => {
           throw new SecurityError(
-            "Failed to refresh access token using the refresh token (realm)",
+            "Failed to refresh access token using the refresh token (issuer)",
             {
               cause: error,
             },
@@ -337,7 +337,7 @@ export class AuthPrimitive extends Primitive<AuthPrimitiveOptions> {
     }
     throw new AlephaError(
-      "No realm or OAuth2 configuration available for refreshing the access token",
+      "No issuer or OAuth2 configuration available for refreshing the access token",
     );
   }