npm - alepha - Versions diffs - 0.15.3 → 0.15.5 - Mend

alepha 0.15.3 → 0.15.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (318) hide show

package/README.md +26 -11
package/dist/api/audits/index.d.ts +335 -335
package/dist/api/audits/index.d.ts.map +1 -1
package/dist/api/audits/index.js +11 -3
package/dist/api/audits/index.js.map +1 -1
package/dist/api/files/index.d.ts +3 -3
package/dist/api/files/index.js +4 -3
package/dist/api/files/index.js.map +1 -1
package/dist/api/jobs/index.d.ts +198 -155
package/dist/api/jobs/index.d.ts.map +1 -1
package/dist/api/jobs/index.js +103 -5
package/dist/api/jobs/index.js.map +1 -1
package/dist/api/keys/index.d.ts +198 -198
package/dist/api/keys/index.d.ts.map +1 -1
package/dist/api/keys/index.js +3 -3
package/dist/api/keys/index.js.map +1 -1
package/dist/api/notifications/index.browser.js +1 -0
package/dist/api/notifications/index.browser.js.map +1 -1
package/dist/api/notifications/index.d.ts +3 -3
package/dist/api/notifications/index.js +4 -3
package/dist/api/notifications/index.js.map +1 -1
package/dist/api/parameters/index.d.ts +263 -263
package/dist/api/parameters/index.d.ts.map +1 -1
package/dist/api/parameters/index.js +41 -30
package/dist/api/parameters/index.js.map +1 -1
package/dist/api/users/index.d.ts +383 -77
package/dist/api/users/index.d.ts.map +1 -1
package/dist/api/users/index.js +284 -72
package/dist/api/users/index.js.map +1 -1
package/dist/api/verifications/index.d.ts +131 -131
package/dist/api/verifications/index.d.ts.map +1 -1
package/dist/api/verifications/index.js +3 -3
package/dist/api/verifications/index.js.map +1 -1
package/dist/batch/index.d.ts +3 -3
package/dist/batch/index.js +3 -3
package/dist/batch/index.js.map +1 -1
package/dist/bucket/index.d.ts +3 -3
package/dist/bucket/index.js +6 -6
package/dist/bucket/index.js.map +1 -1
package/dist/cache/core/index.d.ts +3 -3
package/dist/cache/core/index.js +3 -3
package/dist/cache/core/index.js.map +1 -1
package/dist/cli/index.d.ts +5612 -20
package/dist/cli/index.d.ts.map +1 -1
package/dist/cli/index.js +122 -91
package/dist/cli/index.js.map +1 -1
package/dist/command/index.d.ts +11 -4
package/dist/command/index.d.ts.map +1 -1
package/dist/command/index.js +8 -6
package/dist/command/index.js.map +1 -1
package/dist/core/index.browser.js.map +1 -1
package/dist/core/index.d.ts +4 -8
package/dist/core/index.d.ts.map +1 -1
package/dist/core/index.js +3 -3
package/dist/core/index.js.map +1 -1
package/dist/core/index.native.js.map +1 -1
package/dist/datetime/index.d.ts +3 -3
package/dist/datetime/index.js +3 -3
package/dist/datetime/index.js.map +1 -1
package/dist/email/index.d.ts +16 -16
package/dist/email/index.d.ts.map +1 -1
package/dist/email/index.js +10562 -10
package/dist/email/index.js.map +1 -1
package/dist/fake/index.d.ts +3 -3
package/dist/fake/index.js +3 -3
package/dist/fake/index.js.map +1 -1
package/dist/lock/core/index.d.ts +9 -4
package/dist/lock/core/index.d.ts.map +1 -1
package/dist/lock/core/index.js +12 -4
package/dist/lock/core/index.js.map +1 -1
package/dist/logger/index.d.ts +3 -3
package/dist/logger/index.js +6 -3
package/dist/logger/index.js.map +1 -1
package/dist/mcp/index.d.ts +3 -3
package/dist/mcp/index.js +3 -3
package/dist/mcp/index.js.map +1 -1
package/dist/orm/index.d.ts +12 -12
package/dist/orm/index.js +4 -4
package/dist/orm/index.js.map +1 -1
package/dist/queue/core/index.d.ts +3 -3
package/dist/queue/core/index.js +3 -3
package/dist/queue/core/index.js.map +1 -1
package/dist/react/auth/index.browser.js +2 -1
package/dist/react/auth/index.browser.js.map +1 -1
package/dist/react/auth/index.d.ts +3 -3
package/dist/react/auth/index.js +5 -4
package/dist/react/auth/index.js.map +1 -1
package/dist/react/core/index.d.ts +6 -6
package/dist/react/core/index.js +3 -3
package/dist/react/core/index.js.map +1 -1
package/dist/react/form/index.d.ts +3 -3
package/dist/react/form/index.js +3 -3
package/dist/react/form/index.js.map +1 -1
package/dist/react/head/index.d.ts +3 -3
package/dist/react/head/index.js +3 -3
package/dist/react/head/index.js.map +1 -1
package/dist/react/i18n/index.d.ts +3 -3
package/dist/react/i18n/index.js +3 -3
package/dist/react/i18n/index.js.map +1 -1
package/dist/react/intro/index.css +337 -0
package/dist/react/intro/index.css.map +1 -0
package/dist/react/intro/index.d.ts +10 -0
package/dist/react/intro/index.d.ts.map +1 -0
package/dist/react/intro/index.js +222 -0
package/dist/react/intro/index.js.map +1 -0
package/dist/react/router/index.browser.js +2 -2
package/dist/react/router/index.browser.js.map +1 -1
package/dist/react/router/index.d.ts +11 -1
package/dist/react/router/index.d.ts.map +1 -1
package/dist/react/router/index.js +21 -11
package/dist/react/router/index.js.map +1 -1
package/dist/redis/index.d.ts +22 -22
package/dist/redis/index.js +3 -3
package/dist/redis/index.js.map +1 -1
package/dist/retry/index.d.ts +3 -3
package/dist/retry/index.js +3 -3
package/dist/retry/index.js.map +1 -1
package/dist/scheduler/index.d.ts +16 -4
package/dist/scheduler/index.d.ts.map +1 -1
package/dist/scheduler/index.js +45 -7
package/dist/scheduler/index.js.map +1 -1
package/dist/security/index.d.ts +3 -3
package/dist/security/index.js +5 -5
package/dist/security/index.js.map +1 -1
package/dist/server/auth/index.d.ts +3 -3
package/dist/server/auth/index.js +3 -3
package/dist/server/auth/index.js.map +1 -1
package/dist/server/cache/index.d.ts +3 -3
package/dist/server/cache/index.js +3 -3
package/dist/server/cache/index.js.map +1 -1
package/dist/server/compress/index.d.ts +3 -3
package/dist/server/compress/index.d.ts.map +1 -1
package/dist/server/compress/index.js +4 -3
package/dist/server/compress/index.js.map +1 -1
package/dist/server/cookies/index.d.ts +3 -3
package/dist/server/cookies/index.js +3 -3
package/dist/server/cookies/index.js.map +1 -1
package/dist/server/core/index.d.ts +14 -25
package/dist/server/core/index.d.ts.map +1 -1
package/dist/server/core/index.js +13 -29
package/dist/server/core/index.js.map +1 -1
package/dist/server/cors/index.d.ts +3 -3
package/dist/server/cors/index.js +3 -3
package/dist/server/cors/index.js.map +1 -1
package/dist/server/health/index.d.ts +20 -20
package/dist/server/health/index.js +3 -3
package/dist/server/health/index.js.map +1 -1
package/dist/server/helmet/index.d.ts +3 -3
package/dist/server/helmet/index.js +3 -3
package/dist/server/helmet/index.js.map +1 -1
package/dist/server/links/index.d.ts +42 -42
package/dist/server/links/index.d.ts.map +1 -1
package/dist/server/links/index.js +4 -4
package/dist/server/links/index.js.map +1 -1
package/dist/server/metrics/index.d.ts +3 -3
package/dist/server/metrics/index.js +3 -3
package/dist/server/metrics/index.js.map +1 -1
package/dist/server/multipart/index.d.ts +3 -3
package/dist/server/multipart/index.js +3 -3
package/dist/server/multipart/index.js.map +1 -1
package/dist/server/proxy/index.d.ts +3 -3
package/dist/server/proxy/index.js +3 -3
package/dist/server/proxy/index.js.map +1 -1
package/dist/server/rate-limit/index.d.ts +3 -3
package/dist/server/rate-limit/index.js +3 -3
package/dist/server/rate-limit/index.js.map +1 -1
package/dist/server/static/index.d.ts +3 -3
package/dist/server/static/index.js +6 -6
package/dist/server/static/index.js.map +1 -1
package/dist/server/swagger/index.d.ts +3 -3
package/dist/server/swagger/index.js +6 -6
package/dist/server/swagger/index.js.map +1 -1
package/dist/sms/index.d.ts +3 -3
package/dist/sms/index.js +6 -6
package/dist/sms/index.js.map +1 -1
package/dist/system/index.d.ts +3 -3
package/dist/system/index.js +3 -3
package/dist/system/index.js.map +1 -1
package/dist/thread/index.d.ts +3 -3
package/dist/thread/index.js +3 -3
package/dist/thread/index.js.map +1 -1
package/dist/topic/core/index.d.ts +3 -3
package/dist/topic/core/index.js +3 -3
package/dist/topic/core/index.js.map +1 -1
package/dist/vite/index.d.ts +6286 -4
package/dist/vite/index.d.ts.map +1 -1
package/dist/vite/index.js +28 -2
package/dist/vite/index.js.map +1 -1
package/dist/websocket/index.d.ts +37 -37
package/dist/websocket/index.d.ts.map +1 -1
package/dist/websocket/index.js +3 -3
package/dist/websocket/index.js.map +1 -1
package/package.json +12 -4
package/src/api/audits/controllers/AdminAuditController.ts +8 -0
package/src/api/audits/index.ts +3 -3
package/src/api/files/controllers/AdminFileStatsController.ts +1 -0
package/src/api/files/index.ts +3 -3
package/src/api/jobs/controllers/AdminJobController.ts +18 -2
package/src/api/jobs/index.ts +4 -3
package/src/api/jobs/services/JobAudits.spec.ts +89 -0
package/src/api/jobs/services/JobAudits.ts +101 -0
package/src/api/keys/index.ts +3 -3
package/src/api/notifications/controllers/AdminNotificationController.ts +1 -0
package/src/api/notifications/index.ts +3 -3
package/src/api/parameters/controllers/AdminConfigController.ts +10 -0
package/src/api/parameters/index.ts +5 -3
package/src/api/users/__tests__/ApiKeys-integration.spec.ts +1 -1
package/src/api/users/__tests__/ApiKeys.spec.ts +1 -1
package/src/api/users/__tests__/EmailVerification.spec.ts +16 -1
package/src/api/users/__tests__/PasswordReset.spec.ts +11 -0
package/src/api/users/atoms/realmAuthSettingsAtom.ts +10 -0
package/src/api/users/controllers/AdminIdentityController.ts +3 -0
package/src/api/users/controllers/AdminSessionController.ts +3 -0
package/src/api/users/controllers/AdminUserController.ts +5 -0
package/src/api/users/index.ts +8 -9
package/src/api/users/primitives/$realm.ts +117 -19
package/src/api/users/providers/RealmProvider.ts +15 -7
package/src/api/users/services/CredentialService.spec.ts +11 -0
package/src/api/users/services/CredentialService.ts +47 -24
package/src/api/users/services/IdentityService.ts +12 -4
package/src/api/users/services/RegistrationService.spec.ts +11 -0
package/src/api/users/services/RegistrationService.ts +33 -12
package/src/api/users/services/SessionService.ts +83 -12
package/src/api/users/services/UserAudits.ts +47 -0
package/src/api/users/services/UserFiles.ts +19 -0
package/src/api/users/services/UserJobs.spec.ts +107 -0
package/src/api/users/services/UserJobs.ts +62 -0
package/src/api/users/services/UserParameters.ts +23 -0
package/src/api/users/services/UserService.ts +34 -17
package/src/api/verifications/index.ts +3 -3
package/src/batch/index.ts +3 -3
package/src/bucket/index.ts +3 -3
package/src/cache/core/index.ts +3 -3
package/src/cli/commands/build.ts +1 -0
package/src/cli/commands/db.ts +9 -0
package/src/cli/commands/init.spec.ts +2 -17
package/src/cli/commands/init.ts +37 -1
package/src/cli/providers/ViteDevServerProvider.ts +36 -2
package/src/cli/services/AlephaCliUtils.ts +17 -0
package/src/cli/services/PackageManagerUtils.ts +15 -1
package/src/cli/services/ProjectScaffolder.ts +8 -13
package/src/cli/templates/agentMd.ts +2 -25
package/src/cli/templates/apiAppSecurityTs.ts +37 -2
package/src/cli/templates/mainCss.ts +2 -32
package/src/cli/templates/webAppRouterTs.ts +5 -5
package/src/cli/templates/webHomeComponentTsx.ts +10 -0
package/src/command/helpers/Runner.ts +14 -1
package/src/command/index.ts +3 -3
package/src/core/helpers/primitive.ts +0 -5
package/src/core/index.ts +3 -3
package/src/datetime/index.ts +3 -3
package/src/email/index.ts +3 -3
package/src/email/index.workerd.ts +36 -0
package/src/email/providers/LocalEmailProvider.ts +2 -2
package/src/email/providers/WorkermailerEmailProvider.ts +221 -0
package/src/fake/index.ts +3 -3
package/src/lock/core/index.ts +3 -3
package/src/lock/core/primitives/$lock.ts +13 -1
package/src/logger/index.ts +3 -3
package/src/logger/providers/PrettyFormatterProvider.ts +7 -0
package/src/mcp/index.ts +3 -3
package/src/orm/index.ts +3 -3
package/src/orm/providers/drivers/NodeSqliteProvider.ts +1 -1
package/src/queue/core/index.ts +3 -3
package/src/react/auth/index.ts +3 -3
package/src/react/auth/services/ReactAuth.ts +3 -1
package/src/react/core/index.ts +3 -3
package/src/react/form/index.ts +3 -3
package/src/react/head/index.ts +3 -3
package/src/react/i18n/index.ts +3 -3
package/src/react/intro/components/GettingStarted.css +334 -0
package/src/react/intro/components/GettingStarted.tsx +276 -0
package/src/react/intro/index.ts +1 -0
package/src/react/router/atoms/ssrManifestAtom.ts +7 -0
package/src/react/router/index.browser.ts +2 -0
package/src/react/router/index.ts +2 -0
package/src/react/router/providers/ReactServerProvider.ts +14 -4
package/src/react/router/providers/SSRManifestProvider.ts +7 -0
package/src/redis/index.ts +3 -3
package/src/retry/index.ts +3 -3
package/src/router/index.ts +3 -3
package/src/scheduler/index.ts +3 -3
package/src/scheduler/index.workerd.ts +43 -0
package/src/scheduler/providers/CronProvider.ts +53 -6
package/src/scheduler/providers/WorkerdCronProvider.ts +102 -0
package/src/security/index.ts +3 -3
package/src/security/providers/JwtProvider.ts +2 -2
package/src/server/auth/index.ts +3 -3
package/src/server/cache/index.ts +3 -3
package/src/server/compress/index.ts +3 -3
package/src/server/compress/providers/ServerCompressProvider.ts +6 -0
package/src/server/cookies/index.ts +3 -3
package/src/server/core/index.ts +3 -3
package/src/server/core/primitives/$action.spec.ts +3 -2
package/src/server/core/primitives/$action.ts +6 -2
package/src/server/core/providers/NodeHttpServerProvider.ts +2 -15
package/src/server/core/providers/ServerProvider.ts +4 -2
package/src/server/core/providers/ServerRouterProvider.ts +5 -27
package/src/server/cors/index.ts +3 -3
package/src/server/health/index.ts +3 -3
package/src/server/helmet/index.ts +3 -3
package/src/server/links/index.ts +3 -3
package/src/server/links/providers/ServerLinksProvider.spec.ts +332 -0
package/src/server/links/providers/ServerLinksProvider.ts +1 -1
package/src/server/metrics/index.ts +3 -3
package/src/server/multipart/index.ts +3 -3
package/src/server/proxy/index.ts +3 -3
package/src/server/rate-limit/index.ts +3 -3
package/src/server/static/index.ts +3 -3
package/src/server/swagger/index.ts +3 -3
package/src/sms/index.ts +3 -3
package/src/system/index.ts +3 -3
package/src/thread/index.ts +3 -3
package/src/topic/core/index.ts +3 -3
package/src/vite/tasks/generateCloudflare.ts +38 -2
package/src/websocket/index.ts +3 -3
package/src/cli/templates/webHelloComponentTsx.ts +0 -30
/package/src/api/users/{notifications → services}/UserNotifications.ts +0 -0

package/src/api/users/services/SessionService.ts CHANGED Viewed

@@ -1,6 +1,5 @@
 import { randomInt } from "node:crypto";
 import { $inject, Alepha } from "alepha";
-import { AuditService } from "alepha/api/audits";
 import type { FileController } from "alepha/api/files";
 import { DateTimeProvider } from "alepha/datetime";
 import { $logger } from "alepha/logger";
@@ -15,6 +14,7 @@ import { $client } from "alepha/server/links";
 import { FileSystemProvider } from "alepha/system";
 import type { UserEntity } from "../entities/users.ts";
 import { RealmProvider } from "../providers/RealmProvider.ts";
+import { UserAudits } from "./UserAudits.ts";
 export class SessionService {
   protected readonly alepha = $inject(Alepha);
@@ -24,7 +24,14 @@ export class SessionService {
   protected readonly log = $logger();
   protected readonly realmProvider = $inject(RealmProvider);
   protected readonly fileController = $client<FileController>();
-  protected readonly auditService = $inject(AuditService);
+  protected userAudits(realmName?: string) {
+    const realm = this.realmProvider.getRealm(realmName);
+    if (realm.features.audits) {
+      return this.alepha.inject(UserAudits);
+    }
+    return undefined;
+  }
   public users(userRealmName?: string) {
     return this.realmProvider.userRepository(userRealmName);
@@ -38,6 +45,55 @@ export class SessionService {
     return this.realmProvider.identityRepository(userRealmName);
   }
+  /**
+   * Check if user should be auto-promoted to admin based on adminEmails/adminUsernames settings.
+   * If user matches and doesn't have admin role, promote them.
+   */
+  protected async ensureAdminRole(
+    user: {
+      id: string;
+      email?: string | null;
+      username?: string | null;
+      roles: string[];
+    },
+    userRealmName?: string,
+  ): Promise<boolean> {
+    if (user.roles.includes("admin")) return false;
+    const { settings, name } = this.realmProvider.getRealm(userRealmName);
+    const adminEmails = settings.adminEmails ?? [];
+    const adminUsernames = settings.adminUsernames ?? [];
+    const isAdminByEmail = user.email && adminEmails.includes(user.email);
+    const isAdminByUsername =
+      user.username && adminUsernames.includes(user.username);
+    if (!isAdminByEmail && !isAdminByUsername) return false;
+    // Promote to admin
+    user.roles = [...user.roles.filter((r) => r !== "admin"), "admin"];
+    await this.users(userRealmName).updateById(user.id, { roles: user.roles });
+    const reason = isAdminByEmail ? "adminEmails" : "adminUsernames";
+    this.log.info(`User auto-promoted to admin via ${reason} setting`, {
+      userId: user.id,
+      email: user.email,
+      username: user.username,
+      realm: name,
+    });
+    await this.userAudits(userRealmName)?.recordUser("role_change", {
+      userId: user.id,
+      userEmail: user.email ?? undefined,
+      userRealm: name,
+      resourceId: user.id,
+      description: `User auto-promoted to admin via ${reason} setting`,
+      metadata: { addedRole: "admin", reason },
+    });
+    return true;
+  }
   /**
    * Random delay to prevent timing attacks (50-200ms)
    * Uses cryptographically secure random number generation
@@ -80,7 +136,7 @@ export class SessionService {
               realm: name,
             });
-            await this.auditService.recordAuth("login_failed", {
+            await this.userAudits(userRealmName)?.recordAuth("login_failed", {
               userRealm: name,
               description: "Username does not match required format",
               metadata: { provider, username },
@@ -101,7 +157,7 @@ export class SessionService {
           realm: name,
         });
-        await this.auditService.recordAuth("login_failed", {
+        await this.userAudits(userRealmName)?.recordAuth("login_failed", {
           userRealm: name,
           description: "Invalid login identifier format",
           metadata: { provider, username },
@@ -118,7 +174,7 @@ export class SessionService {
           realm: name,
         });
-        await this.auditService.recordAuth("login_failed", {
+        await this.userAudits(userRealmName)?.recordAuth("login_failed", {
           userRealm: name,
           description: "User not found",
           metadata: { provider, username },
@@ -157,7 +213,7 @@ export class SessionService {
           realm: name,
         });
-        await this.auditService.recordAuth("login_failed", {
+        await this.userAudits(userRealmName)?.recordAuth("login_failed", {
           userRealm: name,
           resourceId: user.id,
           description: "Invalid password",
@@ -167,7 +223,7 @@ export class SessionService {
         throw new InvalidCredentialsError();
       }
-      await this.auditService.recordAuth("login", {
+      await this.userAudits(userRealmName)?.recordAuth("login", {
         userId: user.id,
         userEmail: user.email ?? undefined,
         userRealm: name,
@@ -176,6 +232,9 @@ export class SessionService {
         metadata: { provider, username },
       });
+      // Auto-promote to admin if configured
+      await this.ensureAdminRole(user, userRealmName);
       return user;
     } catch (error) {
       if (error instanceof InvalidCredentialsError) {
@@ -251,6 +310,9 @@ export class SessionService {
       },
     });
+    // Auto-promote to admin if configured (handles "I promote you admin" case)
+    await this.ensureAdminRole(user, userRealmName);
     this.log.debug("Session refreshed", {
       sessionId: session.id,
       userId: session.userId,
@@ -281,7 +343,7 @@ export class SessionService {
     if (session) {
       const { name } = this.realmProvider.getRealm(userRealmName);
-      await this.auditService.recordAuth("logout", {
+      await this.userAudits(userRealmName)?.recordAuth("logout", {
         userId: session.userId,
         userRealm: name,
         sessionId: session.id,
@@ -324,7 +386,7 @@ export class SessionService {
       const user = await users.findById(identity.userId);
-      await this.auditService.recordAuth("login", {
+      await this.userAudits(userRealmName)?.recordAuth("login", {
         userId: user.id,
         userEmail: user.email ?? undefined,
         userRealm: realm.name,
@@ -333,6 +395,9 @@ export class SessionService {
         metadata: { provider, providerUserId: profile.sub },
       });
+      // Auto-promote to admin if configured
+      await this.ensureAdminRole(user, userRealmName);
       return user;
     }
@@ -368,7 +433,7 @@ export class SessionService {
         userId: existing.id,
       });
-      await this.auditService.recordAuth("login", {
+      await this.userAudits(userRealmName)?.recordAuth("login", {
         userId: existing.id,
         userEmail: existing.email ?? undefined,
         userRealm: realm.name,
@@ -377,6 +442,9 @@ export class SessionService {
         metadata: { provider, providerUserId: profile.sub, linked: true },
       });
+      // Auto-promote to admin if configured
+      await this.ensureAdminRole(existing, userRealmName);
       return existing;
     }
@@ -432,7 +500,7 @@ export class SessionService {
     });
     // Audit: user created via OAuth
-    await this.auditService.recordUser("create", {
+    await this.userAudits(userRealmName)?.recordUser("create", {
       userId: user.id,
       userEmail: user.email ?? undefined,
       userRealm: realm.name,
@@ -447,7 +515,7 @@ export class SessionService {
     });
     // Audit: login event
-    await this.auditService.recordAuth("login", {
+    await this.userAudits(userRealmName)?.recordAuth("login", {
       userId: user.id,
       userEmail: user.email ?? undefined,
       userRealm: realm.name,
@@ -456,6 +524,9 @@ export class SessionService {
       metadata: { provider, providerUserId: profile.sub, firstLogin: true },
     });
+    // Auto-promote to admin if configured
+    await this.ensureAdminRole(user, userRealmName);
     return user;
   }
 }

package/src/api/users/services/UserAudits.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { $inject } from "alepha";
+import { AuditService, type CreateAudit } from "alepha/api/audits";
+type AuditContext = Omit<CreateAudit, "type" | "action">;
+/**
+ * User-specific audit wrapper service.
+ *
+ * This service wraps the core AuditService to provide user-related audit logging.
+ * It is lazy-loaded when the `audits` feature is enabled in the realm.
+ */
+export class UserAudits {
+  protected readonly auditService = $inject(AuditService);
+  /**
+   * Record a user-related audit event.
+   */
+  public recordUser(
+    action:
+      | "create"
+      | "update"
+      | "delete"
+      | "role_change"
+      | "enable"
+      | "disable",
+    context: AuditContext,
+  ) {
+    return this.auditService.recordUser(action, context);
+  }
+  /**
+   * Record an authentication-related audit event.
+   */
+  public recordAuth(
+    action: "login" | "logout" | "login_failed" | "token_refresh",
+    context: AuditContext,
+  ) {
+    return this.auditService.recordAuth(action, context);
+  }
+  /**
+   * Record a generic audit event.
+   */
+  public record(category: string, action: string, context: AuditContext) {
+    return this.auditService.record(category, action, context);
+  }
+}

package/src/api/users/services/UserFiles.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { $bucket } from "alepha/bucket";
+/**
+ * User-specific file storage wrapper service.
+ *
+ * This service provides file storage for user-related files such as:
+ * - User avatars/profile pictures
+ *
+ * It is lazy-loaded when the `files` feature is enabled in the realm.
+ */
+export class UserFiles {
+  /**
+   * Bucket for user avatar storage.
+   */
+  public readonly avatars = $bucket({
+    maxSize: 5 * 1024 * 1024, // 5 MB
+    mimeTypes: ["image/jpeg", "image/png", "image/gif", "image/webp"],
+  });
+}

package/src/api/users/services/UserJobs.spec.ts ADDED Viewed

@@ -0,0 +1,107 @@
+import { Alepha } from "alepha";
+import { AlephaApiJobs } from "alepha/api/jobs";
+import { $repository, AlephaOrm } from "alepha/orm";
+import { describe, test } from "vitest";
+import { sessions } from "../entities/sessions.ts";
+import { users } from "../entities/users.ts";
+import { UserJobs } from "./UserJobs.ts";
+describe("UserJobs", () => {
+  describe("purgeExpiredSessions", () => {
+    test("should delete expired sessions", async ({ expect }) => {
+      const alepha = Alepha.create().with(AlephaOrm).with(AlephaApiJobs);
+      class TestRepositories {
+        userRepository = $repository(users);
+        sessionRepository = $repository(sessions);
+      }
+      const userJobs = alepha.inject(UserJobs);
+      const repos = alepha.inject(TestRepositories);
+      await alepha.start();
+      // Create a test user
+      const user = await repos.userRepository.create({
+        email: "test@example.com",
+      });
+      // Create expired sessions (expiresAt in the past)
+      const pastDate = new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString(); // 1 day ago
+      await repos.sessionRepository.create({
+        userId: user.id,
+        refreshToken: crypto.randomUUID(),
+        expiresAt: pastDate,
+      });
+      await repos.sessionRepository.create({
+        userId: user.id,
+        refreshToken: crypto.randomUUID(),
+        expiresAt: pastDate,
+      });
+      // Create a valid session (expiresAt in the future)
+      const futureDate = new Date(
+        Date.now() + 24 * 60 * 60 * 1000,
+      ).toISOString(); // 1 day from now
+      await repos.sessionRepository.create({
+        userId: user.id,
+        refreshToken: crypto.randomUUID(),
+        expiresAt: futureDate,
+      });
+      // Verify we have 3 sessions
+      const sessionsBefore = await repos.sessionRepository.findMany();
+      expect(sessionsBefore).toHaveLength(3);
+      // Trigger the job
+      await userJobs.purgeExpiredSessions.trigger();
+      // Verify only the valid session remains
+      const sessionsAfter = await repos.sessionRepository.findMany();
+      expect(sessionsAfter).toHaveLength(1);
+      expect(new Date(sessionsAfter[0].expiresAt).getTime()).toBeGreaterThan(
+        Date.now(),
+      );
+    });
+    test("should handle case when no expired sessions exist", async ({
+      expect,
+    }) => {
+      const alepha = Alepha.create().with(AlephaOrm).with(AlephaApiJobs);
+      class TestRepositories {
+        userRepository = $repository(users);
+        sessionRepository = $repository(sessions);
+      }
+      const userJobs = alepha.inject(UserJobs);
+      const repos = alepha.inject(TestRepositories);
+      await alepha.start();
+      // Create a test user
+      const user = await repos.userRepository.create({
+        email: "test2@example.com",
+      });
+      // Create only valid sessions
+      const futureDate = new Date(
+        Date.now() + 24 * 60 * 60 * 1000,
+      ).toISOString();
+      await repos.sessionRepository.create({
+        userId: user.id,
+        refreshToken: crypto.randomUUID(),
+        expiresAt: futureDate,
+      });
+      // Verify we have 1 session
+      const sessionsBefore = await repos.sessionRepository.findMany();
+      expect(sessionsBefore).toHaveLength(1);
+      // Trigger the job - should not throw
+      await userJobs.purgeExpiredSessions.trigger();
+      // Session should still exist
+      const sessionsAfter = await repos.sessionRepository.findMany();
+      expect(sessionsAfter).toHaveLength(1);
+    });
+  });
+});

package/src/api/users/services/UserJobs.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { $inject } from "alepha";
+import { $job } from "alepha/api/jobs";
+import { DateTimeProvider } from "alepha/datetime";
+import { $logger } from "alepha/logger";
+import { $repository } from "alepha/orm";
+import { sessions } from "../entities/sessions.ts";
+/**
+ * User-specific jobs wrapper service.
+ *
+ * This service handles user-related scheduled jobs such as:
+ * - Session purge (cleaning up expired sessions)
+ * - Verification code cleanup
+ * - Inactive user notifications
+ *
+ * It is lazy-loaded when the `jobs` feature is enabled in the realm.
+ */
+export class UserJobs {
+  protected readonly log = $logger();
+  protected readonly dateTimeProvider = $inject(DateTimeProvider);
+  protected readonly sessionRepository = $repository(sessions);
+  /**
+   * Purge expired sessions from the database.
+   *
+   * This job runs daily at 3:00 AM and removes all sessions
+   * where the `expiresAt` timestamp has passed.
+   */
+  public readonly purgeExpiredSessions = $job({
+    name: "users.purgeExpiredSessions",
+    description: "Remove expired user sessions from the database",
+    cron: "0 3 * * *", // Daily at 3:00 AM
+    handler: async () => {
+      const now = this.dateTimeProvider.nowISOString();
+      this.log.info("Starting expired sessions purge", { cutoffTime: now });
+      const expiredSessions = await this.sessionRepository.findMany({
+        where: {
+          expiresAt: { lt: now },
+        },
+      });
+      if (expiredSessions.length === 0) {
+        this.log.info("No expired sessions found");
+        return;
+      }
+      this.log.info("Found expired sessions", {
+        count: expiredSessions.length,
+      });
+      const deletedIds = await this.sessionRepository.deleteMany({
+        expiresAt: { lt: now },
+      });
+      this.log.info("Expired sessions purged successfully", {
+        deletedCount: deletedIds.length,
+      });
+    },
+  });
+}

package/src/api/users/services/UserParameters.ts ADDED Viewed

@@ -0,0 +1,23 @@
+import { $config } from "alepha/api/parameters";
+import { realmAuthSettingsAtom } from "../atoms/realmAuthSettingsAtom.ts";
+/**
+ * User-specific configuration service.
+ *
+ * This service wraps the core ConfigStore to provide realm settings management.
+ * It is lazy-loaded when the `parameters` feature is enabled in the realm.
+ */
+export class UserParameters {
+  /**
+   * Realm authentication settings configuration.
+   *
+   * Controls user registration, login methods, verification requirements,
+   * and password policies for the realm.
+   */
+  public readonly realmSettings = $config({
+    name: "alepha.api.users.realmSettings",
+    description: "Realm authentication and registration settings",
+    schema: realmAuthSettingsAtom.schema,
+    default: realmAuthSettingsAtom.options.default,
+  });
+}

package/src/api/users/services/UserService.ts CHANGED Viewed

@@ -1,23 +1,38 @@
-import { $inject } from "alepha";
-import { AuditService } from "alepha/api/audits";
+import { $inject, Alepha } from "alepha";
 import type { VerificationController } from "alepha/api/verifications";
 import { $logger } from "alepha/logger";
 import { type Page, parseQueryString } from "alepha/orm";
 import { BadRequestError } from "alepha/server";
 import { $client } from "alepha/server/links";
 import type { UserEntity } from "../entities/users.ts";
-import { UserNotifications } from "../notifications/UserNotifications.ts";
 import { RealmProvider } from "../providers/RealmProvider.ts";
 import type { CreateUser } from "../schemas/createUserSchema.ts";
 import type { UpdateUser } from "../schemas/updateUserSchema.ts";
 import type { UserQuery } from "../schemas/userQuerySchema.ts";
+import { UserAudits } from "./UserAudits.ts";
+import { UserNotifications } from "./UserNotifications.ts";
 export class UserService {
+  protected readonly alepha = $inject(Alepha);
   protected readonly log = $logger();
   protected readonly verificationController = $client<VerificationController>();
-  protected readonly userNotifications = $inject(UserNotifications);
   protected readonly realmProvider = $inject(RealmProvider);
-  protected readonly auditService = $inject(AuditService);
+  protected userAudits(realmName?: string) {
+    const realm = this.realmProvider.getRealm(realmName);
+    if (realm.features.audits) {
+      return this.alepha.inject(UserAudits);
+    }
+    return undefined;
+  }
+  protected userNotifications(realmName?: string) {
+    const realm = this.realmProvider.getRealm(realmName);
+    if (realm.features.notifications) {
+      return this.alepha.inject(UserNotifications);
+    }
+    return undefined;
+  }
   public users(userRealmName?: string) {
     return this.realmProvider.userRepository(userRealmName);
@@ -79,21 +94,23 @@ export class UserService {
           ? `${verifyUrl}${url.search}`
           : url.pathname + url.search;
-        await this.userNotifications.emailVerificationLink.push({
-          contact: email,
-          variables: {
-            email,
-            verifyUrl: fullVerifyUrl,
-            expiresInMinutes: Math.floor(verification.codeExpiration / 60),
+        await this.userNotifications(userRealmName)?.emailVerificationLink.push(
+          {
+            contact: email,
+            variables: {
+              email,
+              verifyUrl: fullVerifyUrl,
+              expiresInMinutes: Math.floor(verification.codeExpiration / 60),
+            },
           },
-        });
+        );
         this.log.debug("Email verification link sent", {
           email,
           userId: user.id,
         });
       } else {
-        await this.userNotifications.emailVerification.push({
+        await this.userNotifications(userRealmName)?.emailVerification.push({
           contact: email,
           variables: {
             email,
@@ -158,7 +175,7 @@ export class UserService {
     const realm = this.realmProvider.getRealm(userRealmName);
-    await this.auditService.recordUser("update", {
+    await this.userAudits(userRealmName)?.recordUser("update", {
       userId: user.id,
       userEmail: email,
       userRealm: realm.name,
@@ -314,7 +331,7 @@ export class UserService {
       email: user.email,
     });
-    await this.auditService.recordUser("create", {
+    await this.userAudits(userRealmName)?.recordUser("create", {
       userRealm: realm.name,
       resourceId: user.id,
       description: "User created",
@@ -357,7 +374,7 @@ export class UserService {
       data.roles !== undefined &&
       JSON.stringify(before.roles) !== JSON.stringify(data.roles);
-    await this.auditService.recordUser(
+    await this.userAudits(userRealmName)?.recordUser(
       isRoleChange ? "role_change" : "update",
       {
         userRealm: realm.name,
@@ -384,7 +401,7 @@ export class UserService {
     const realm = this.realmProvider.getRealm(userRealmName);
-    await this.auditService.recordUser("delete", {
+    await this.userAudits(userRealmName)?.recordUser("delete", {
       userRealm: realm.name,
       resourceId: id,
       severity: "warning",

package/src/api/verifications/index.ts CHANGED Viewed

@@ -18,9 +18,9 @@ export * from "./services/VerificationService.ts";
 // ---------------------------------------------------------------------------------------------------------------------
 /**
- * | type | quality | stability |
- * |------|---------|-----------|
- * | backend | standard | stable |
+ * | Stability | Since | Runtime |
+ * |-----------|-------|---------|
+ * | 3 - stable | 0.13.0 | node, bun, workerd|
  *
  * Email and phone verification workflows.
  *

package/src/batch/index.ts CHANGED Viewed

@@ -10,9 +10,9 @@ export * from "./providers/BatchProvider.ts";
 // ---------------------------------------------------------------------------------------------------------------------
 /**
- * | type | quality | stability |
- * |------|---------|-----------|
- * | backend | standard | stable |
+ * | Stability | Since | Runtime |
+ * |-----------|-------|---------|
+ * | 3 - stable | 0.8.0 | node, bun|
  *
  * Batch accumulation and processing.
  *

package/src/bucket/index.ts CHANGED Viewed

@@ -43,9 +43,9 @@ declare module "alepha" {
 // ---------------------------------------------------------------------------------------------------------------------
 /**
- * | type | quality | stability |
- * |------|---------|-----------|
- * | backend | rare | stable |
+ * | Stability | Since | Runtime |
+ * |-----------|-------|---------|
+ * | 3 - stable | 0.9.0 | node, bun, workerd|
  *
  * Unified file storage abstraction across multiple backends.
  *

package/src/cache/core/index.ts CHANGED Viewed

@@ -12,9 +12,9 @@ export * from "./providers/MemoryCacheProvider.ts";
 // ---------------------------------------------------------------------------------------------------------------------
 /**
- * | type | quality | stability |
- * |------|---------|-----------|
- * | backend | rare | stable |
+ * | Stability | Since | Runtime |
+ * |-----------|-------|---------|
+ * | 3 - stable | 0.9.0 | node, bun, workerd|
  *
  * Type-safe caching with TTL support.
  *

package/src/cli/commands/build.ts CHANGED Viewed

@@ -269,6 +269,7 @@ export class BuildCommand {
             generateCloudflare({
               distDir,
               config: options.cloudflare?.config,
+              alepha: alepha!,
             }),
         });
       }