appos 0.3.2-0 → 0.3.3-0

package/dist/exports/api/web/auth.mjs

@@ -1 +1,17 @@
-import"@better-auth/passkey/client";import"@better-auth/sso/client";import"better-auth/client/plugins";import"better-auth/react";const e=`/auth`,t=``;export{e as AUTH_BASE_PATH,t as AUTH_BASE_URL};
+import "@better-auth/passkey/client";
+import "@better-auth/sso/client";
+import "better-auth/client/plugins";
+import "better-auth/react";
+
+//#region src/web/auth.ts
+/**
+* Default base path for auth routes.
+*/
+const AUTH_BASE_PATH = "/auth";
+/**
+* Default base URL (empty - same origin).
+*/
+const AUTH_BASE_URL = "";
+
+//#endregion
+export { AUTH_BASE_PATH, AUTH_BASE_URL };

package/dist/exports/api/workflow.mjs

@@ -1 +1,196 @@
-import{APPOS_DIR as e,FILE_EXT as t,WORKFLOWS_DIR as n}from"./constants.mjs";import{basename as r,join as i}from"node:path";import{glob as a}from"node:fs/promises";import{camelCase as o}from"es-toolkit";function s(e){let t=null,n=null,r=null,i=null,a=async i=>{if(!t||!r)throw Error(`Workflow "${n}" not registered`);let a=r,o=a.workflowID;if(!o)throw Error(`DBOS.workflowID is not available in this context`);let s={container:t,workflowId:o,input:i,step:(e,t)=>a.runStep(t,{name:e})};return e.run(s)};return{inputSchema:e.input,get name(){return n},register(o,s,c){t=o,n=s,r=c,i=c.registerWorkflow(a,{name:s,...e.config})},async start(t){if(!i||!n||!r)throw Error(`Workflow not registered. Ensure the worker is started before triggering workflows.`);let a=e.input.parse(t),o=await r.startWorkflow(i)(a);return{workflowId:o.workflowID,getStatus:()=>o.getStatus(),getResult:()=>o.getResult()}}}}function c(e){let t=null,n=null,r=null,i=async(i,a)=>{if(!t||!r)throw Error(`Workflow "${n}" not registered`);let o=r,s=o.workflowID;if(!s)throw Error(`DBOS.workflowID is not available in this context`);let c={container:t,workflowId:s,scheduledTime:i,step:(e,t)=>o.runStep(t,{name:e})};return e.run(c)};return{crontab:e.crontab,get name(){return n},register(a,o,s){t=a,n=o,r=s,s.registerScheduled(s.registerWorkflow(i,{name:o}),{crontab:e.crontab})}}}function l(e){return o(r(e,`.ts`))}async function u(r){let{container:o,dbos:s}=r,c=r.workflowsDir??i(process.cwd(),e,n),u=(e,t)=>{try{e.register(o,t,s)}catch(e){if(!(e instanceof Error)||!e.message.includes(`already registered`))throw e}},{extractBlobMetadata:d}=await import(`./workflows/extract-blob-metadata.mjs`),{generateImageVariant:f}=await import(`./workflows/generate-image-variant.mjs`),{generatePreview:p}=await import(`./workflows/generate-preview.mjs`),{purgeAttachment:m}=await import(`./workflows/purge-attachment.mjs`),{trackDbChanges:h}=await import(`./workflows/track-db-changes.mjs`),{definePurgeAuditLogs:g}=await import(`./workflows/purge-audit-logs.mjs`),{definePurgeUnattachedBlobs:_}=await import(`./workflows/purge-unattached-blobs.mjs`);u(d,`extractBlobMetadata`),u(f,`generateImageVariant`),u(p,`generatePreview`),u(m,`purgeAttachment`),u(h,`trackDbChanges`),u(g(o.auth.auditLog?.purgeCron),`purgeAuditLogs`),u(_(o.storage.primary.purgeCron),`purgeUnattachedBlobs`);let v=await Array.fromAsync(a(`${c}/**/*.${t}`,{exclude:[`**/*.test.ts`,`**/*.spec.ts`,`**/*.test.js`,`**/*.spec.js`]}));for(let e of v){let t=await import(e);if(t.default&&typeof t.default==`object`&&`register`in t.default){let n=l(e);u(t.default,n)}}}export{c as defineScheduledWorkflow,s as defineWorkflow,u as loadWorkflows};
+import { APPOS_DIR, FILE_EXT, WORKFLOWS_DIR } from "./constants.mjs";
+import { basename, join } from "node:path";
+import { glob } from "node:fs/promises";
+import { camelCase } from "es-toolkit";
+
+//#region src/api/workflow.ts
+/**
+* Defines a durable workflow that can be triggered with type-safe input.
+*
+* Workflows are:
+* - Durable: Automatically resume after crashes or restarts
+* - Type-safe: Input and output types are inferred from the schema
+* - Container-aware: Access to db, mailer, logger via ctx.container
+*
+* @example
+* ```typescript
+* // api/workflows/send-welcome-email.ts
+* export default defineWorkflow({
+*   input: z.object({
+*     userId: z.string(),
+*     email: z.string().email(),
+*   }),
+*   async run(ctx) {
+*     const user = await ctx.container.db.primary.query.users.findFirst({
+*       where: eq(users.id, ctx.input.userId),
+*     });
+*
+*     await ctx.container.mailer.send({
+*       to: ctx.input.email,
+*       subject: "Welcome!",
+*     });
+*
+*     return { sent: true };
+*   },
+* });
+*
+* // Triggering from a route:
+* import sendWelcomeEmail from "#api/workflows/send-welcome-email.ts";
+* const handle = await sendWelcomeEmail.start({ userId: "123", email: "..." });
+* ```
+*/
+function defineWorkflow(options) {
+	let container = null;
+	let workflowName = null;
+	let dbosInstance = null;
+	let registeredFn = null;
+	const workflowFn = async (input) => {
+		if (!container || !dbosInstance) throw new Error(`Workflow "${workflowName}" not registered`);
+		const dbos = dbosInstance;
+		const workflowId = dbos.workflowID;
+		if (!workflowId) throw new Error("DBOS.workflowID is not available in this context");
+		const ctx = {
+			container,
+			workflowId,
+			input,
+			step: (name, fn) => dbos.runStep(fn, { name })
+		};
+		return options.run(ctx);
+	};
+	return {
+		inputSchema: options.input,
+		get name() {
+			return workflowName;
+		},
+		register(c, name, dbos) {
+			container = c;
+			workflowName = name;
+			dbosInstance = dbos;
+			registeredFn = dbos.registerWorkflow(workflowFn, {
+				name,
+				...options.config
+			});
+		},
+		async start(input) {
+			if (!registeredFn || !workflowName || !dbosInstance) throw new Error("Workflow not registered. Ensure the worker is started before triggering workflows.");
+			const validated = options.input.parse(input);
+			const handle = await dbosInstance.startWorkflow(registeredFn)(validated);
+			return {
+				workflowId: handle.workflowID,
+				getStatus: () => handle.getStatus(),
+				getResult: () => handle.getResult()
+			};
+		}
+	};
+}
+/**
+* Defines a scheduled workflow that runs on a cron schedule.
+*
+* @example
+* ```typescript
+* // api/workflows/daily-report.ts
+* export default defineScheduledWorkflow({
+*   crontab: "0 9 * * *", // 9am daily
+*   async run(ctx) {
+*     const stats = await ctx.container.db.primary.query.stats.findMany();
+*     await ctx.container.mailer.send({
+*       to: "team@company.com",
+*       subject: `Daily Report - ${ctx.scheduledTime.toDateString()}`,
+*     });
+*   },
+* });
+* ```
+*/
+function defineScheduledWorkflow(options) {
+	let container = null;
+	let workflowName = null;
+	let dbosInstance = null;
+	const workflowFn = async (scheduledTime, _startTime) => {
+		if (!container || !dbosInstance) throw new Error(`Workflow "${workflowName}" not registered`);
+		const dbos = dbosInstance;
+		const workflowId = dbos.workflowID;
+		if (!workflowId) throw new Error("DBOS.workflowID is not available in this context");
+		const ctx = {
+			container,
+			workflowId,
+			scheduledTime,
+			step: (name, fn) => dbos.runStep(fn, { name })
+		};
+		return options.run(ctx);
+	};
+	return {
+		crontab: options.crontab,
+		get name() {
+			return workflowName;
+		},
+		register(c, name, dbos) {
+			container = c;
+			workflowName = name;
+			dbosInstance = dbos;
+			dbos.registerScheduled(dbos.registerWorkflow(workflowFn, { name }), { crontab: options.crontab });
+		}
+	};
+}
+/**
+* Extracts workflow name from filepath as camelCase.
+*/
+function getWorkflowName(filepath) {
+	return camelCase(basename(filepath, ".ts"));
+}
+/**
+* Auto-discovers and registers all workflows.
+*
+* Algorithm:
+* 1. Register built-in workflows (extractBlobMetadata, generateImageVariant, etc.)
+* 2. Register scheduled workflows (purgeAuditLogs, purgeUnattachedBlobs)
+* 3. Glob all .ts files in the directory (excluding test files)
+* 4. Import each module's default export
+* 5. If it has a register method, call register(container, name, dbos)
+*
+* @param opts - Load workflows options
+*/
+async function loadWorkflows(opts) {
+	const { container, dbos } = opts;
+	const workflowsDir = opts.workflowsDir ?? join(process.cwd(), APPOS_DIR, WORKFLOWS_DIR);
+	/**
+	* Helper to safely register a workflow, ignoring "already registered" errors.
+	* This allows tests to call defineCli() multiple times without errors.
+	*/
+	const safeRegister = (workflow, name) => {
+		try {
+			workflow.register(container, name, dbos);
+		} catch (error) {
+			if (!(error instanceof Error) || !error.message.includes("already registered")) throw error;
+		}
+	};
+	const { extractBlobMetadata } = await import("./workflows/extract-blob-metadata.mjs");
+	const { generateImageVariant } = await import("./workflows/generate-image-variant.mjs");
+	const { generatePreview } = await import("./workflows/generate-preview.mjs");
+	const { purgeAttachment } = await import("./workflows/purge-attachment.mjs");
+	const { trackDbChanges } = await import("./workflows/track-db-changes.mjs");
+	const { definePurgeAuditLogs } = await import("./workflows/purge-audit-logs.mjs");
+	const { definePurgeUnattachedBlobs } = await import("./workflows/purge-unattached-blobs.mjs");
+	safeRegister(extractBlobMetadata, "extractBlobMetadata");
+	safeRegister(generateImageVariant, "generateImageVariant");
+	safeRegister(generatePreview, "generatePreview");
+	safeRegister(purgeAttachment, "purgeAttachment");
+	safeRegister(trackDbChanges, "trackDbChanges");
+	safeRegister(definePurgeAuditLogs(container.auth.auditLog?.purgeCron), "purgeAuditLogs");
+	safeRegister(definePurgeUnattachedBlobs(container.storage.primary.purgeCron), "purgeUnattachedBlobs");
+	const files = await Array.fromAsync(glob(`${workflowsDir}/**/*.${FILE_EXT}`, { exclude: [
+		"**/*.test.ts",
+		"**/*.spec.ts",
+		"**/*.test.js",
+		"**/*.spec.js"
+	] }));
+	for (const file of files) {
+		const mod = await import(file);
+		if (mod.default && typeof mod.default === "object" && "register" in mod.default) {
+			const name = getWorkflowName(file);
+			safeRegister(mod.default, name);
+		}
+	}
+}
+
+//#endregion
+export { defineScheduledWorkflow, defineWorkflow, loadWorkflows };

package/dist/exports/api/workflows/_virtual/rolldown_runtime.mjs

@@ -1 +1,36 @@
-var e=Object.defineProperty,t=Object.getOwnPropertyDescriptor,n=Object.getOwnPropertyNames,r=Object.prototype.hasOwnProperty,i=(t,n)=>{let r={};for(var i in t)e(r,i,{get:t[i],enumerable:!0});return n&&e(r,Symbol.toStringTag,{value:`Module`}),r},a=(i,a,o,s)=>{if(a&&typeof a==`object`||typeof a==`function`)for(var c=n(a),l=0,u=c.length,d;l<u;l++)d=c[l],!r.call(i,d)&&d!==o&&e(i,d,{get:(e=>a[e]).bind(null,d),enumerable:!(s=t(a,d))||s.enumerable});return i},o=(e,t,n)=>(a(e,t,`default`),n&&a(n,t,`default`));export{i as __export,o as __reExport};
+//#region rolldown:runtime
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (all, symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+var __copyProps = (to, from, except, desc) => {
+	if (from && typeof from === "object" || typeof from === "function") {
+		for (var keys = __getOwnPropNames(from), i = 0, n = keys.length, key; i < n; i++) {
+			key = keys[i];
+			if (!__hasOwnProp.call(to, key) && key !== except) {
+				__defProp(to, key, {
+					get: ((k) => from[k]).bind(null, key),
+					enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
+				});
+			}
+		}
+	}
+	return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+
+//#endregion
+export { __export, __reExport };

package/dist/exports/api/workflows/api/auth-schema.mjs

@@ -1 +1,373 @@
-import{sql as e}from"drizzle-orm";import{pgTable as t}from"drizzle-orm/pg-core";function n(){let n=t(`accounts`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),accessToken:t.text(`access_token`),accessTokenExpiresAt:t.timestamp(`access_token_expires_at`,{mode:`string`,withTimezone:!0}),accountId:t.text(`account_id`).notNull(),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),idToken:t.text(`id_token`),providerId:t.text(`provider_id`).notNull(),password:t.text(`password`),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),refreshToken:t.text(`refresh_token`),refreshTokenExpiresAt:t.timestamp(`refresh_token_expires_at`,{mode:`string`,withTimezone:!0}),scope:t.text(`scope`),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),r=t(`api_keys`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),name:t.text(`name`),enabled:t.boolean(`enabled`).default(!0),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}),key:t.text(`key`).notNull(),lastRefillAt:t.timestamp(`last_refill_at`,{mode:`string`,withTimezone:!0}),lastRequest:t.timestamp(`last_request`,{mode:`string`,withTimezone:!0}),lastUsedAt:t.timestamp(`last_used_at`,{mode:`string`,withTimezone:!0}),metadata:t.text(`metadata`),permissions:t.text(`permissions`),prefix:t.text(`prefix`),rateLimitEnabled:t.boolean(`rate_limit_enabled`).default(!0),rateLimitTimeWindow:t.integer(`rate_limit_time_window`).default(864e5),rateLimitMax:t.integer(`rate_limit_max`).default(10),refillInterval:t.integer(`refill_interval`),refillAmount:t.integer(`refill_amount`),requestCount:t.integer(`request_count`),remaining:t.integer(`remaining`),start:t.text(`start`),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),i=t(`invitations`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),email:t.text(`email`).notNull(),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}).notNull(),inviterId:t.text(`inviter_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),organizationId:t.text(`organization_id`).notNull().references(()=>o.id,{onDelete:`cascade`}),role:t.text(`role`),status:t.text(`status`).default(`pending`).notNull(),teamId:t.text(`team_id`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),a=t(`members`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),organizationId:t.text(`organization_id`).notNull().references(()=>o.id,{onDelete:`cascade`}),role:t.text(`role`).default(`member`).notNull(),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),o=t(`organizations`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),name:t.text(`name`).notNull(),slug:t.text(`slug`).unique(),logo:t.text(`logo`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),metadata:t.text(`metadata`)}),e=>[]),s=t(`sessions`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),activeOrganizationId:t.text(`active_organization_id`).references(()=>o.id,{onDelete:`set null`}),activeTeamId:t.text(`active_team_id`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}).notNull(),impersonatedBy:t.text(`impersonated_by`).references(()=>l.id,{onDelete:`set null`}),ipAddress:t.text(`ip_address`),token:t.text(`token`).notNull().unique(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),userAgent:t.text(`user_agent`),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`})}),e=>[]),c=t(`sso_providers`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),domain:t.text(`domain`).notNull(),issuer:t.text(`issuer`).notNull(),oidcConfig:t.text(`oidc_config`),organizationId:t.text(`organization_id`).references(()=>o.id,{onDelete:`cascade`}),providerId:t.text(`provider_id`).notNull().unique(),samlConfig:t.text(`saml_config`),userId:t.text(`user_id`).references(()=>l.id,{onDelete:`cascade`})}),e=>[]),l=t(`users`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),banExpires:t.timestamp(`ban_expires`,{mode:`string`,withTimezone:!0}),banReason:t.text(`ban_reason`),banned:t.boolean(`banned`).default(!1),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),displayUsername:t.text(`display_username`),email:t.text(`email`).notNull().unique(),emailVerified:t.boolean(`email_verified`).default(!1).notNull(),image:t.text(`image`),isAnonymous:t.boolean(`is_anonymous`),lastLoginMethod:t.text(`last_login_method`),name:t.text(`name`).notNull(),phoneNumber:t.text(`phone_number`).unique(),phoneNumberVerified:t.boolean(`phone_number_verified`),role:t.text(`role`),twoFactorEnabled:t.boolean(`two_factor_enabled`).default(!1),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),username:t.text(`username`).unique()}),e=>[]),u=t(`teams`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),name:t.text(`name`).notNull(),organizationId:t.text(`organization_id`).notNull().references(()=>o.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),d=t(`team_members`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),teamId:t.text(`team_id`).notNull().references(()=>u.id,{onDelete:`cascade`}),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`}),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),f=t(`two_factors`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),secret:t.text(`secret`).notNull(),backupCodes:t.text(`backup_codes`).notNull(),userId:t.text(`user_id`).notNull().references(()=>l.id,{onDelete:`cascade`})}),e=>[]),p=t(`verifications`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),expiresAt:t.timestamp(`expires_at`,{mode:`string`,withTimezone:!0}).notNull(),identifier:t.text(`identifier`).notNull(),updatedAt:t.timestamp(`updated_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull(),value:t.text(`value`).notNull()}),e=>[]);return{tables:{accounts:n,apiKeys:r,auditLogs:t(`audit_logs`,t=>({id:t.text(`id`).primaryKey().default(e`uuidv7()`),tableName:t.text(`table_name`),action:t.text(`action`).notNull(),customAction:t.text(`custom_action`),oldData:t.jsonb(`old_data`),newData:t.jsonb(`new_data`),metadata:t.jsonb(`metadata`),organizationId:t.text(`organization_id`).references(()=>o.id,{onDelete:`set null`}),userId:t.text(`user_id`).references(()=>l.id,{onDelete:`set null`}),sessionId:t.text(`session_id`).references(()=>s.id,{onDelete:`set null`}),requestId:t.text(`request_id`),createdAt:t.timestamp(`created_at`,{mode:`string`,withTimezone:!0}).default(e`NOW()`).notNull()}),e=>[]),invitations:i,members:a,organizations:o,sessions:s,ssoProviders:c,teams:u,teamMembers:d,twoFactors:f,users:l,verifications:p},relations:e=>({users:{sessions:e.many.sessions({from:e.users.id,to:e.sessions.userId}),accounts:e.many.accounts({from:e.users.id,to:e.accounts.userId}),apiKeys:e.many.apiKeys({from:e.users.id,to:e.apiKeys.userId}),memberships:e.many.members({from:e.users.id,to:e.members.userId}),invitations:e.many.invitations({from:e.users.id,to:e.invitations.inviterId}),ssoProvider:e.one.ssoProviders({from:e.users.id,to:e.ssoProviders.userId}),twoFactor:e.one.twoFactors({from:e.users.id,to:e.twoFactors.userId})},sessions:{user:e.one.users({from:e.sessions.userId,to:e.users.id})},accounts:{user:e.one.users({from:e.accounts.userId,to:e.users.id})},apiKeys:{user:e.one.users({from:e.apiKeys.userId,to:e.users.id})},organizations:{members:e.many.members({from:e.organizations.id,to:e.members.organizationId}),invitations:e.many.invitations({from:e.organizations.id,to:e.invitations.organizationId}),teams:e.many.teams({from:e.organizations.id,to:e.teams.organizationId})},members:{organization:e.one.organizations({from:e.members.organizationId,to:e.organizations.id}),user:e.one.users({from:e.members.userId,to:e.users.id})},invitations:{organization:e.one.organizations({from:e.invitations.organizationId,to:e.organizations.id}),inviter:e.one.users({from:e.invitations.inviterId,to:e.users.id})},teams:{organization:e.one.organizations({from:e.teams.organizationId,to:e.organizations.id})},ssoProviders:{user:e.one.users({from:e.ssoProviders.userId,to:e.users.id})},verifications:{},twoFactors:{user:e.one.users({from:e.twoFactors.userId,to:e.users.id})},auditLogs:{organization:e.one.organizations({from:e.auditLogs.organizationId,to:e.organizations.id}),user:e.one.users({from:e.auditLogs.userId,to:e.users.id}),session:e.one.sessions({from:e.auditLogs.sessionId,to:e.sessions.id})}})}}export{n as defineAuthSchema};
+import { sql } from "drizzle-orm";
+import { pgTable } from "drizzle-orm/pg-core";
+
+//#region src/api/auth-schema.ts
+/**
+* Defines the authentication schema for the application.
+*
+* @returns An object containing the schema and relations for the authentication tables.
+*/
+function defineAuthSchema() {
+	const accounts = pgTable("accounts", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		accessToken: t.text("access_token"),
+		accessTokenExpiresAt: t.timestamp("access_token_expires_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		accountId: t.text("account_id").notNull(),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		idToken: t.text("id_token"),
+		providerId: t.text("provider_id").notNull(),
+		password: t.text("password"),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		refreshToken: t.text("refresh_token"),
+		refreshTokenExpiresAt: t.timestamp("refresh_token_expires_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		scope: t.text("scope"),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const apiKeys = pgTable("api_keys", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		name: t.text("name"),
+		enabled: t.boolean("enabled").default(true),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		key: t.text("key").notNull(),
+		lastRefillAt: t.timestamp("last_refill_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		lastRequest: t.timestamp("last_request", {
+			mode: "string",
+			withTimezone: true
+		}),
+		lastUsedAt: t.timestamp("last_used_at", {
+			mode: "string",
+			withTimezone: true
+		}),
+		metadata: t.text("metadata"),
+		permissions: t.text("permissions"),
+		prefix: t.text("prefix"),
+		rateLimitEnabled: t.boolean("rate_limit_enabled").default(true),
+		rateLimitTimeWindow: t.integer("rate_limit_time_window").default(864e5),
+		rateLimitMax: t.integer("rate_limit_max").default(10),
+		refillInterval: t.integer("refill_interval"),
+		refillAmount: t.integer("refill_amount"),
+		requestCount: t.integer("request_count"),
+		remaining: t.integer("remaining"),
+		start: t.text("start"),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const invitations = pgTable("invitations", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		email: t.text("email").notNull(),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}).notNull(),
+		inviterId: t.text("inviter_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		organizationId: t.text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+		role: t.text("role"),
+		status: t.text("status").default("pending").notNull(),
+		teamId: t.text("team_id"),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const members = pgTable("members", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		organizationId: t.text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+		role: t.text("role").default("member").notNull(),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const organizations = pgTable("organizations", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		name: t.text("name").notNull(),
+		slug: t.text("slug").unique(),
+		logo: t.text("logo"),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		metadata: t.text("metadata")
+	}), (t) => []);
+	const sessions = pgTable("sessions", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		activeOrganizationId: t.text("active_organization_id").references(() => organizations.id, { onDelete: "set null" }),
+		activeTeamId: t.text("active_team_id"),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}).notNull(),
+		impersonatedBy: t.text("impersonated_by").references(() => users.id, { onDelete: "set null" }),
+		ipAddress: t.text("ip_address"),
+		token: t.text("token").notNull().unique(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		userAgent: t.text("user_agent"),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" })
+	}), (t) => []);
+	const ssoProviders = pgTable("sso_providers", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		domain: t.text("domain").notNull(),
+		issuer: t.text("issuer").notNull(),
+		oidcConfig: t.text("oidc_config"),
+		organizationId: t.text("organization_id").references(() => organizations.id, { onDelete: "cascade" }),
+		providerId: t.text("provider_id").notNull().unique(),
+		samlConfig: t.text("saml_config"),
+		userId: t.text("user_id").references(() => users.id, { onDelete: "cascade" })
+	}), (t) => []);
+	const users = pgTable("users", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		banExpires: t.timestamp("ban_expires", {
+			mode: "string",
+			withTimezone: true
+		}),
+		banReason: t.text("ban_reason"),
+		banned: t.boolean("banned").default(false),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		displayUsername: t.text("display_username"),
+		email: t.text("email").notNull().unique(),
+		emailVerified: t.boolean("email_verified").default(false).notNull(),
+		image: t.text("image"),
+		isAnonymous: t.boolean("is_anonymous"),
+		lastLoginMethod: t.text("last_login_method"),
+		name: t.text("name").notNull(),
+		phoneNumber: t.text("phone_number").unique(),
+		phoneNumberVerified: t.boolean("phone_number_verified"),
+		role: t.text("role"),
+		twoFactorEnabled: t.boolean("two_factor_enabled").default(false),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		username: t.text("username").unique()
+	}), (t) => []);
+	const teams = pgTable("teams", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		name: t.text("name").notNull(),
+		organizationId: t.text("organization_id").notNull().references(() => organizations.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const teamMembers = pgTable("team_members", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		teamId: t.text("team_id").notNull().references(() => teams.id, { onDelete: "cascade" }),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull()
+	}), (t) => []);
+	const twoFactors = pgTable("two_factors", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		secret: t.text("secret").notNull(),
+		backupCodes: t.text("backup_codes").notNull(),
+		userId: t.text("user_id").notNull().references(() => users.id, { onDelete: "cascade" })
+	}), (t) => []);
+	const verifications = pgTable("verifications", (t) => ({
+		id: t.text("id").primaryKey().default(sql`uuidv7()`),
+		createdAt: t.timestamp("created_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		expiresAt: t.timestamp("expires_at", {
+			mode: "string",
+			withTimezone: true
+		}).notNull(),
+		identifier: t.text("identifier").notNull(),
+		updatedAt: t.timestamp("updated_at", {
+			mode: "string",
+			withTimezone: true
+		}).default(sql`NOW()`).notNull(),
+		value: t.text("value").notNull()
+	}), (t) => []);
+	return {
+		tables: {
+			accounts,
+			apiKeys,
+			auditLogs: pgTable("audit_logs", (t) => ({
+				id: t.text("id").primaryKey().default(sql`uuidv7()`),
+				tableName: t.text("table_name"),
+				action: t.text("action").notNull(),
+				customAction: t.text("custom_action"),
+				oldData: t.jsonb("old_data"),
+				newData: t.jsonb("new_data"),
+				metadata: t.jsonb("metadata"),
+				organizationId: t.text("organization_id").references(() => organizations.id, { onDelete: "set null" }),
+				userId: t.text("user_id").references(() => users.id, { onDelete: "set null" }),
+				sessionId: t.text("session_id").references(() => sessions.id, { onDelete: "set null" }),
+				requestId: t.text("request_id"),
+				createdAt: t.timestamp("created_at", {
+					mode: "string",
+					withTimezone: true
+				}).default(sql`NOW()`).notNull()
+			}), (t) => []),
+			invitations,
+			members,
+			organizations,
+			sessions,
+			ssoProviders,
+			teams,
+			teamMembers,
+			twoFactors,
+			users,
+			verifications
+		},
+		relations: (r) => ({
+			users: {
+				sessions: r.many.sessions({
+					from: r.users.id,
+					to: r.sessions.userId
+				}),
+				accounts: r.many.accounts({
+					from: r.users.id,
+					to: r.accounts.userId
+				}),
+				apiKeys: r.many.apiKeys({
+					from: r.users.id,
+					to: r.apiKeys.userId
+				}),
+				memberships: r.many.members({
+					from: r.users.id,
+					to: r.members.userId
+				}),
+				invitations: r.many.invitations({
+					from: r.users.id,
+					to: r.invitations.inviterId
+				}),
+				ssoProvider: r.one.ssoProviders({
+					from: r.users.id,
+					to: r.ssoProviders.userId
+				}),
+				twoFactor: r.one.twoFactors({
+					from: r.users.id,
+					to: r.twoFactors.userId
+				})
+			},
+			sessions: { user: r.one.users({
+				from: r.sessions.userId,
+				to: r.users.id
+			}) },
+			accounts: { user: r.one.users({
+				from: r.accounts.userId,
+				to: r.users.id
+			}) },
+			apiKeys: { user: r.one.users({
+				from: r.apiKeys.userId,
+				to: r.users.id
+			}) },
+			organizations: {
+				members: r.many.members({
+					from: r.organizations.id,
+					to: r.members.organizationId
+				}),
+				invitations: r.many.invitations({
+					from: r.organizations.id,
+					to: r.invitations.organizationId
+				}),
+				teams: r.many.teams({
+					from: r.organizations.id,
+					to: r.teams.organizationId
+				})
+			},
+			members: {
+				organization: r.one.organizations({
+					from: r.members.organizationId,
+					to: r.organizations.id
+				}),
+				user: r.one.users({
+					from: r.members.userId,
+					to: r.users.id
+				})
+			},
+			invitations: {
+				organization: r.one.organizations({
+					from: r.invitations.organizationId,
+					to: r.organizations.id
+				}),
+				inviter: r.one.users({
+					from: r.invitations.inviterId,
+					to: r.users.id
+				})
+			},
+			teams: { organization: r.one.organizations({
+				from: r.teams.organizationId,
+				to: r.organizations.id
+			}) },
+			ssoProviders: { user: r.one.users({
+				from: r.ssoProviders.userId,
+				to: r.users.id
+			}) },
+			verifications: {},
+			twoFactors: { user: r.one.users({
+				from: r.twoFactors.userId,
+				to: r.users.id
+			}) },
+			auditLogs: {
+				organization: r.one.organizations({
+					from: r.auditLogs.organizationId,
+					to: r.organizations.id
+				}),
+				user: r.one.users({
+					from: r.auditLogs.userId,
+					to: r.users.id
+				}),
+				session: r.one.sessions({
+					from: r.auditLogs.sessionId,
+					to: r.sessions.id
+				})
+			}
+		})
+	};
+}
+
+//#endregion
+export { defineAuthSchema };

package/dist/exports/api/workflows/api/auth.d.mts

@@ -347,6 +347,10 @@ type DefineAuthOptions<T extends AuthConfig, TDb = unknown> = {
    * Hooks for email sending and OTP delivery.
    */
   hooks: RequiredHooks<T>;
+  /**
+   * Secret key for signing tokens and cookies.
+   */
+  secret: string;
   /**
    * Session configuration.
    */

package/dist/exports/api/workflows/api/cache.d.mts

@@ -1,5 +1,5 @@
 import { Logger } from "./logger.mjs";
-import * as keyv0 from "keyv";
+import * as _keyv_redis0 from "@keyv/redis";
 import { KeyvRedisOptions } from "@keyv/redis";
 
 //#region src/api/cache.d.ts
@@ -39,6 +39,6 @@ declare function defineCache({
   url,
   logger,
   options
-}: DefineCacheOptions): keyv0.Keyv<any>;
+}: DefineCacheOptions): _keyv_redis0.Keyv<any>;
 //#endregion
 export { Cache };