authhero 8.8.1 → 8.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/assets/u/widget/index.esm.js +1 -1
- package/dist/authhero.cjs +109 -107
- package/dist/authhero.d.ts +271 -228
- package/dist/authhero.mjs +11289 -10645
- package/dist/stats.html +1 -1
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authentication-flows/password.d.ts +10 -1
- package/dist/types/authentication-flows/passwordless.d.ts +4 -4
- package/dist/types/helpers/dcr/metadata-mapping.d.ts +1 -1
- package/dist/types/helpers/tenant-export-import/export.d.ts +21 -0
- package/dist/types/helpers/tenant-export-import/import.d.ts +12 -0
- package/dist/types/helpers/tenant-export-import/index.d.ts +4 -0
- package/dist/types/helpers/tenant-export-import/manifest.d.ts +12 -0
- package/dist/types/helpers/tenant-export-import/row-access.d.ts +20 -0
- package/dist/types/helpers/tenant-export-import/types.d.ts +53 -0
- package/dist/types/index.d.ts +270 -227
- package/dist/types/routes/auth-api/index.d.ts +28 -28
- package/dist/types/routes/auth-api/passwordless.d.ts +10 -10
- package/dist/types/routes/auth-api/register/index.d.ts +2 -2
- package/dist/types/routes/auth-api/revoke.d.ts +6 -6
- package/dist/types/routes/auth-api/token.d.ts +10 -10
- package/dist/types/routes/management-api/action-executions.d.ts +1 -1
- package/dist/types/routes/management-api/branding.d.ts +12 -12
- package/dist/types/routes/management-api/clients.d.ts +9 -9
- package/dist/types/routes/management-api/connections.d.ts +6 -6
- package/dist/types/routes/management-api/email-templates.d.ts +18 -18
- package/dist/types/routes/management-api/failed-events.d.ts +1 -1
- package/dist/types/routes/management-api/forms.d.ts +126 -126
- package/dist/types/routes/management-api/guardian.d.ts +5 -5
- package/dist/types/routes/management-api/index.d.ts +237 -194
- package/dist/types/routes/management-api/logs.d.ts +3 -3
- package/dist/types/routes/management-api/migration-sources.d.ts +6 -6
- package/dist/types/routes/management-api/organizations.d.ts +1 -1
- package/dist/types/routes/management-api/prompts.d.ts +4 -4
- package/dist/types/routes/management-api/tenant-export-import.d.ts +49 -0
- package/dist/types/routes/management-api/tenants.d.ts +1 -1
- package/dist/types/routes/management-api/themes.d.ts +6 -6
- package/dist/types/routes/management-api/users.d.ts +2 -2
- package/dist/types/routes/universal-login/common.d.ts +10 -10
- package/dist/types/routes/universal-login/flow-api.d.ts +12 -12
- package/dist/types/routes/universal-login/u2-index.d.ts +5 -5
- package/dist/types/routes/universal-login/u2-routes.d.ts +5 -5
- package/dist/types/types/IdToken.d.ts +2 -2
- package/package.json +5 -5
|
@@ -1,7 +1,16 @@
|
|
|
1
1
|
import { Context } from "hono";
|
|
2
|
-
import { AuthParams, LoginSession } from "@authhero/adapter-interfaces";
|
|
2
|
+
import { AuthParams, LoginSession, User } from "@authhero/adapter-interfaces";
|
|
3
3
|
import { EnrichedClient } from "../helpers/client";
|
|
4
4
|
import { Bindings, GrantFlowUserResult, Variables } from "../types";
|
|
5
|
+
/**
|
|
6
|
+
* Clear the failed-login counter for a user. Failed logins are always
|
|
7
|
+
* recorded on the primary account (see {@link recordFailedLogin}), so this
|
|
8
|
+
* resolves the linked primary before clearing. Called on a successful
|
|
9
|
+
* password login and after a successful password reset — both are strong
|
|
10
|
+
* evidence the legitimate account owner is back in control, so a stale
|
|
11
|
+
* lockout shouldn't block them.
|
|
12
|
+
*/
|
|
13
|
+
export declare function clearFailedLogins(data: Bindings["data"], tenantId: string, user: User): Promise<void>;
|
|
5
14
|
export declare function passwordGrant(ctx: Context<{
|
|
6
15
|
Bindings: Bindings;
|
|
7
16
|
Variables: Variables;
|
|
@@ -414,7 +414,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
|
|
|
414
414
|
} | undefined;
|
|
415
415
|
} | undefined;
|
|
416
416
|
passkey_options?: {
|
|
417
|
-
challenge_ui?: "
|
|
417
|
+
challenge_ui?: "button" | "both" | "autofill" | undefined;
|
|
418
418
|
local_enrollment_enabled?: boolean | undefined;
|
|
419
419
|
progressive_enrollment_enabled?: boolean | undefined;
|
|
420
420
|
} | undefined;
|
|
@@ -458,7 +458,7 @@ export declare function passwordlessGrantUser(ctx: Context<{
|
|
|
458
458
|
custom_login_page_preview?: string | undefined;
|
|
459
459
|
form_template?: string | undefined;
|
|
460
460
|
addons?: Record<string, any> | undefined;
|
|
461
|
-
token_endpoint_auth_method?: "none" | "
|
|
461
|
+
token_endpoint_auth_method?: "none" | "client_secret_post" | "client_secret_basic" | "client_secret_jwt" | "private_key_jwt" | undefined;
|
|
462
462
|
client_metadata?: Record<string, string> | undefined;
|
|
463
463
|
hide_sign_up_disabled_error?: boolean | undefined;
|
|
464
464
|
mobile?: Record<string, any> | undefined;
|
|
@@ -541,8 +541,8 @@ export declare function passwordlessGrantUser(ctx: Context<{
|
|
|
541
541
|
} | undefined;
|
|
542
542
|
authenticated_at?: string | undefined;
|
|
543
543
|
};
|
|
544
|
-
connectionType: "username" | "
|
|
545
|
-
authConnection: "username" | "
|
|
544
|
+
connectionType: "username" | "email" | "sms";
|
|
545
|
+
authConnection: "username" | "email" | "sms";
|
|
546
546
|
session_id: string | undefined;
|
|
547
547
|
authParams: {
|
|
548
548
|
client_id: string;
|
|
@@ -24,10 +24,10 @@ export declare const dcrRequestSchema: z.ZodObject<{
|
|
|
24
24
|
response_types: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
25
25
|
token_endpoint_auth_method: z.ZodOptional<z.ZodEnum<{
|
|
26
26
|
none: "none";
|
|
27
|
-
private_key_jwt: "private_key_jwt";
|
|
28
27
|
client_secret_post: "client_secret_post";
|
|
29
28
|
client_secret_basic: "client_secret_basic";
|
|
30
29
|
client_secret_jwt: "client_secret_jwt";
|
|
30
|
+
private_key_jwt: "private_key_jwt";
|
|
31
31
|
}>>;
|
|
32
32
|
jwks_uri: z.ZodOptional<z.ZodString>;
|
|
33
33
|
jwks: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { DataAdapters } from "@authhero/adapter-interfaces";
|
|
2
|
+
import { ExportLine, ExportOptions } from "./types";
|
|
3
|
+
/**
|
|
4
|
+
* Lazily yield an ordered stream of `{ entity, data }` lines covering all
|
|
5
|
+
* durable data for `tenant_id`. The order matches {@link EXPORT_ORDER} so a
|
|
6
|
+
* sequential importer satisfies foreign keys (parents before children).
|
|
7
|
+
*
|
|
8
|
+
* This is a generator so the HTTP layer can serialize each line straight to the
|
|
9
|
+
* response (and into gzip) without ever materializing the whole export in
|
|
10
|
+
* memory. Only bounded per-entity working sets (id lists, the hook buffer) are
|
|
11
|
+
* held at a time.
|
|
12
|
+
*
|
|
13
|
+
* Ephemeral/audit entities and the global key pool are never emitted.
|
|
14
|
+
*/
|
|
15
|
+
export declare function exportTenantLines(data: DataAdapters, tenant_id: string, opts: ExportOptions): AsyncGenerator<ExportLine>;
|
|
16
|
+
/**
|
|
17
|
+
* Collect {@link exportTenantLines} into an array. Convenience for callers
|
|
18
|
+
* (e.g. tests) that want the whole export in memory; the HTTP layer streams the
|
|
19
|
+
* generator directly instead.
|
|
20
|
+
*/
|
|
21
|
+
export declare function exportTenant(data: DataAdapters, tenant_id: string, opts: ExportOptions): Promise<ExportLine[]>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { DataAdapters } from "@authhero/adapter-interfaces";
|
|
2
|
+
import { ExportLine, ImportOptions, ImportResult } from "./types";
|
|
3
|
+
/**
|
|
4
|
+
* Recreate every row from an export stream under `tenant_id`, in the stream's
|
|
5
|
+
* FK-safe order, preserving ids/timestamps via `importMetadata`. Per-row
|
|
6
|
+
* failures are collected rather than aborting the whole run.
|
|
7
|
+
*
|
|
8
|
+
* The target tenant is created from the `tenants` line only when it does not
|
|
9
|
+
* already exist, and always under `tenant_id` (the source id is overridden) so
|
|
10
|
+
* an export can be loaded into a freshly-provisioned tenant.
|
|
11
|
+
*/
|
|
12
|
+
export declare function importTenant(data: DataAdapters, tenant_id: string, lines: ExportLine[], opts: ImportOptions): Promise<ImportResult>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FK-safe import order: parents are listed before their children so a
|
|
3
|
+
* sequential importer can always satisfy foreign keys. The exporter emits
|
|
4
|
+
* lines in this same order.
|
|
5
|
+
*
|
|
6
|
+
* Excluded entirely (never exported or imported):
|
|
7
|
+
* - keys — global signing-key pool; the target generates its own.
|
|
8
|
+
* - ephemeral / audit: sessions, refresh_tokens, codes, login_sessions,
|
|
9
|
+
* logs, action_executions, outbox_events, grants.
|
|
10
|
+
*/
|
|
11
|
+
export declare const EXPORT_ORDER: readonly ["tenants", "clients", "connections", "resource_servers", "roles", "organizations", "users", "passwords", "authentication_methods", "user_roles", "user_permissions", "role_permissions", "organization_connections", "user_organizations", "client_grants", "invites", "actions", "action_versions", "hook_code", "hooks", "flows", "forms", "themes", "branding", "prompt_settings", "universal_login_templates", "custom_text", "email_providers", "email_templates", "custom_domains", "log_streams", "migration_sources", "proxy_routes"];
|
|
12
|
+
export type ExportEntity = (typeof EXPORT_ORDER)[number];
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Minimal, `as`-free helpers for reading fields off the `unknown` rows carried
|
|
3
|
+
* in an export stream. Import code only needs to pluck a handful of string
|
|
4
|
+
* fields (id columns + timestamps) to reconstruct `importMetadata`; the full
|
|
5
|
+
* row is forwarded to the adapter as the typed insert payload after a single
|
|
6
|
+
* narrowing step.
|
|
7
|
+
*/
|
|
8
|
+
/** Narrow an unknown value to a plain record, or `undefined` if it isn't one. */
|
|
9
|
+
export declare function asRecord(value: unknown): Record<string, unknown> | undefined;
|
|
10
|
+
/** Read a string field off an unknown row, or `undefined` when absent. */
|
|
11
|
+
export declare function getString(value: unknown, key: string): string | undefined;
|
|
12
|
+
/**
|
|
13
|
+
* Return a shallow copy of an unknown row with `null`/`undefined` top-level
|
|
14
|
+
* fields removed. Export rows are full entities whose optional enum/object
|
|
15
|
+
* columns are often serialized as `null`; the matching *Insert* zod schemas
|
|
16
|
+
* mark those fields optional (not nullable), so they reject a present-but-null
|
|
17
|
+
* value. Dropping nullish keys lets a faithful row parse cleanly while keeping
|
|
18
|
+
* every real value intact.
|
|
19
|
+
*/
|
|
20
|
+
export declare function withoutNullish(value: unknown): Record<string, unknown>;
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
import { DataAdapters, ImportMetadata } from "@authhero/adapter-interfaces";
|
|
2
|
+
/**
|
|
3
|
+
* A single JSON-lines record in a tenant export stream.
|
|
4
|
+
*
|
|
5
|
+
* `entity` is the durable entity name (see {@link EXPORT_ORDER}); `data` is the
|
|
6
|
+
* raw row as returned by the source adapter's read methods. The stream is
|
|
7
|
+
* ordered so that a sequential importer can recreate FK parents before their
|
|
8
|
+
* children.
|
|
9
|
+
*/
|
|
10
|
+
export interface ExportLine {
|
|
11
|
+
entity: string;
|
|
12
|
+
data: unknown;
|
|
13
|
+
}
|
|
14
|
+
export interface ExportOptions {
|
|
15
|
+
/**
|
|
16
|
+
* When false, the `passwords` entity is skipped entirely on export so the
|
|
17
|
+
* stream never carries password hashes. Defaults to false at the call sites
|
|
18
|
+
* that want a redacted export.
|
|
19
|
+
*/
|
|
20
|
+
includePasswordHashes: boolean;
|
|
21
|
+
}
|
|
22
|
+
export interface ImportOptions {
|
|
23
|
+
/**
|
|
24
|
+
* When false, any `passwords` lines present in the stream are ignored on
|
|
25
|
+
* import (defence in depth — a redacted export shouldn't contain them, but
|
|
26
|
+
* the importer refuses to write them regardless).
|
|
27
|
+
*/
|
|
28
|
+
includePasswordHashes: boolean;
|
|
29
|
+
}
|
|
30
|
+
/** One failed row during import, surfaced rather than aborting the whole run. */
|
|
31
|
+
export interface ImportError {
|
|
32
|
+
entity: string;
|
|
33
|
+
error: string;
|
|
34
|
+
}
|
|
35
|
+
export interface ImportResult {
|
|
36
|
+
/** Number of rows successfully written, keyed by entity name. */
|
|
37
|
+
counts: Record<string, number>;
|
|
38
|
+
/** Non-fatal per-row failures collected during the run. */
|
|
39
|
+
errors: ImportError[];
|
|
40
|
+
}
|
|
41
|
+
/**
|
|
42
|
+
* Build the `importMetadata` argument from a row, preserving id/timestamps.
|
|
43
|
+
* Returns `undefined` when none of the fields are present so callers can spread
|
|
44
|
+
* it without sending an empty object.
|
|
45
|
+
*/
|
|
46
|
+
export declare function buildImportMetadata(params: {
|
|
47
|
+
id?: string;
|
|
48
|
+
created_at?: string;
|
|
49
|
+
updated_at?: string;
|
|
50
|
+
}): {
|
|
51
|
+
importMetadata: ImportMetadata;
|
|
52
|
+
} | undefined;
|
|
53
|
+
export type { DataAdapters };
|