npm - dineway - Versions diffs - 0.1.9 → 0.1.11 - Mend

dineway 0.1.9 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (689) hide show

package/dist/astro/routes/api/auth/oauth/_provider_/callback.mjs ADDED Viewed

@@ -0,0 +1,114 @@
+import { n as getPublicOrigin } from "../../../../../../public-url-BB_umF5G.mjs";
+import { t as createOAuthStateStore } from "../../../../../../oauth-state-store-hSdzxsEe.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { OAuthError, Role, handleOAuthCallback } from "@dineway-ai/auth";
+//#region src/astro/routes/api/auth/oauth/[provider]/callback.ts
+const prerender = false;
+const VALID_PROVIDERS = new Set(["github", "google"]);
+function isValidProvider(provider) {
+	return VALID_PROVIDERS.has(provider);
+}
+/** Safely extract a string value from an env-like record */
+function envString(env, ...keys) {
+	for (const key of keys) {
+		const val = env[key];
+		if (typeof val === "string" && val) return val;
+	}
+}
+/**
+* Get OAuth config from environment variables
+*/
+function getOAuthConfig(env) {
+	const providers = {};
+	const githubClientId = envString(env, "DINEWAY_OAUTH_GITHUB_CLIENT_ID", "GITHUB_CLIENT_ID");
+	const githubClientSecret = envString(env, "DINEWAY_OAUTH_GITHUB_CLIENT_SECRET", "GITHUB_CLIENT_SECRET");
+	if (githubClientId && githubClientSecret) providers.github = {
+		clientId: githubClientId,
+		clientSecret: githubClientSecret
+	};
+	const googleClientId = envString(env, "DINEWAY_OAUTH_GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_ID");
+	const googleClientSecret = envString(env, "DINEWAY_OAUTH_GOOGLE_CLIENT_SECRET", "GOOGLE_CLIENT_SECRET");
+	if (googleClientId && googleClientSecret) providers.google = {
+		clientId: googleClientId,
+		clientSecret: googleClientSecret
+	};
+	return providers;
+}
+const GET = async ({ params, request, locals, session, redirect }) => {
+	const { dineway } = locals;
+	const provider = params.provider;
+	if (!provider || !isValidProvider(provider)) return redirect(`/_dineway/admin/login?error=invalid_provider&message=${encodeURIComponent("Invalid OAuth provider")}`);
+	if (!dineway?.db) return redirect(`/_dineway/admin/login?error=server_error&message=${encodeURIComponent("Database not configured")}`);
+	const url = new URL(request.url);
+	const code = url.searchParams.get("code");
+	const state = url.searchParams.get("state");
+	const error = url.searchParams.get("error");
+	const errorDescription = url.searchParams.get("error_description");
+	if (error) {
+		const message = errorDescription || error;
+		return redirect(`/_dineway/admin/login?error=oauth_denied&message=${encodeURIComponent(message)}`);
+	}
+	if (!code || !state) return redirect(`/_dineway/admin/login?error=invalid_callback&message=${encodeURIComponent("Missing code or state parameter")}`);
+	try {
+		const providers = getOAuthConfig(locals.runtime?.env ?? import.meta.env);
+		if (!providers[provider]) return redirect(`/_dineway/admin/login?error=provider_not_configured&message=${encodeURIComponent(`OAuth provider ${provider} is not configured`)}`);
+		const user = await handleOAuthCallback({
+			baseUrl: `${getPublicOrigin(url, dineway?.config)}/_dineway`,
+			providers,
+			canSelfSignup: async (email) => {
+				const domain = email.split("@")[1]?.toLowerCase();
+				if (!domain) return null;
+				const entry = await dineway.db.selectFrom("allowed_domains").selectAll().where("domain", "=", domain).where("enabled", "=", 1).executeTakeFirst();
+				if (!entry) return null;
+				const roleLevel = entry.default_role;
+				const roleMap = {
+					50: Role.ADMIN,
+					40: Role.EDITOR,
+					30: Role.AUTHOR,
+					20: Role.CONTRIBUTOR,
+					10: Role.SUBSCRIBER
+				};
+				const role = roleMap[roleLevel] ?? Role.CONTRIBUTOR;
+				if (!roleMap[roleLevel]) console.warn(`[oauth] Unknown role level ${roleLevel} for domain ${domain}, defaulting to CONTRIBUTOR`);
+				return {
+					allowed: true,
+					role
+				};
+			}
+		}, createKyselyAdapter(dineway.db), provider, code, state, createOAuthStateStore(dineway.db));
+		if (session) session.set("user", { id: user.id });
+		return redirect("/_dineway/admin");
+	} catch (callbackError) {
+		console.error("OAuth callback error:", callbackError);
+		let message = "Authentication failed";
+		let errorCode = "oauth_error";
+		if (callbackError instanceof OAuthError) {
+			errorCode = callbackError.code;
+			switch (callbackError.code) {
+				case "invalid_state":
+					message = "OAuth session expired or invalid. Please try again.";
+					break;
+				case "signup_not_allowed":
+					message = "Self-signup is not allowed for your email. Please contact an administrator.";
+					break;
+				case "user_not_found":
+					message = "Your account was not found. It may have been deleted.";
+					break;
+				case "token_exchange_failed":
+					message = "Failed to complete authentication. Please try again.";
+					break;
+				case "profile_fetch_failed":
+					message = "Failed to retrieve your profile. Please try again.";
+					break;
+				default:
+					message = "Authentication failed. Please try again.";
+					break;
+			}
+		}
+		return redirect(`/_dineway/admin/login?error=${errorCode}&message=${encodeURIComponent(message)}`);
+	}
+};
+//#endregion
+export { GET, prerender };

package/dist/astro/routes/api/auth/oauth/_provider_.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/oauth/[provider].d.ts
+declare const prerender = false;
+declare const GET: APIRoute;
+//#endregion
+export { GET, prerender };

package/dist/astro/routes/api/auth/oauth/_provider_.mjs ADDED Viewed

@@ -0,0 +1,58 @@
+import { n as getPublicOrigin } from "../../../../../public-url-BB_umF5G.mjs";
+import { t as createOAuthStateStore } from "../../../../../oauth-state-store-hSdzxsEe.mjs";
+import { createAuthorizationUrl } from "@dineway-ai/auth";
+//#region src/astro/routes/api/auth/oauth/[provider].ts
+const prerender = false;
+const VALID_PROVIDERS = new Set(["github", "google"]);
+function isValidProvider(provider) {
+	return VALID_PROVIDERS.has(provider);
+}
+/** Safely extract a string value from an env-like record */
+function envString(env, ...keys) {
+	for (const key of keys) {
+		const val = env[key];
+		if (typeof val === "string" && val) return val;
+	}
+}
+/**
+* Get OAuth config from environment variables
+*/
+function getOAuthConfig(env) {
+	const providers = {};
+	const githubClientId = envString(env, "DINEWAY_OAUTH_GITHUB_CLIENT_ID", "GITHUB_CLIENT_ID");
+	const githubClientSecret = envString(env, "DINEWAY_OAUTH_GITHUB_CLIENT_SECRET", "GITHUB_CLIENT_SECRET");
+	if (githubClientId && githubClientSecret) providers.github = {
+		clientId: githubClientId,
+		clientSecret: githubClientSecret
+	};
+	const googleClientId = envString(env, "DINEWAY_OAUTH_GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_ID");
+	const googleClientSecret = envString(env, "DINEWAY_OAUTH_GOOGLE_CLIENT_SECRET", "GOOGLE_CLIENT_SECRET");
+	if (googleClientId && googleClientSecret) providers.google = {
+		clientId: googleClientId,
+		clientSecret: googleClientSecret
+	};
+	return providers;
+}
+const GET = async ({ params, request, locals, redirect }) => {
+	const { dineway } = locals;
+	const provider = params.provider;
+	if (!provider || !isValidProvider(provider)) return redirect(`/_dineway/admin/login?error=invalid_provider&message=${encodeURIComponent("Invalid OAuth provider")}`);
+	if (!dineway?.db) return redirect(`/_dineway/admin/login?error=server_error&message=${encodeURIComponent("Database not configured")}`);
+	try {
+		const url = new URL(request.url);
+		const providers = getOAuthConfig(locals.runtime?.env ?? import.meta.env);
+		if (!providers[provider]) return redirect(`/_dineway/admin/login?error=provider_not_configured&message=${encodeURIComponent(`OAuth provider ${provider} is not configured`)}`);
+		const { url: authUrl } = await createAuthorizationUrl({
+			baseUrl: `${getPublicOrigin(url, dineway?.config)}/_dineway`,
+			providers
+		}, provider, createOAuthStateStore(dineway.db));
+		return redirect(authUrl);
+	} catch (error) {
+		console.error("OAuth initiation error:", error);
+		return redirect(`/_dineway/admin/login?error=oauth_error&message=${encodeURIComponent("Failed to start OAuth flow. Please try again.")}`);
+	}
+};
+//#endregion
+export { GET, prerender };

package/dist/astro/routes/api/auth/passkey/_id_.d.mts ADDED Viewed

@@ -0,0 +1,14 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/[id].d.ts
+declare const prerender = false;
+/**
+ * PATCH - Rename a passkey
+ */
+declare const PATCH: APIRoute;
+/**
+ * DELETE - Remove a passkey
+ */
+declare const DELETE: APIRoute;
+//#endregion
+export { DELETE, PATCH, prerender };

package/dist/astro/routes/api/auth/passkey/_id_.mjs ADDED Viewed

@@ -0,0 +1,62 @@
+import "../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-DEGjx2Xw.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../redirects-CqaxraTO.mjs";
+import { h as passkeyRenameBody } from "../../../../../import-DD3f2jkc.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+//#region src/astro/routes/api/auth/passkey/[id].ts
+const prerender = false;
+/**
+* PATCH - Rename a passkey
+*/
+const PATCH = async ({ params, request, locals }) => {
+	const { dineway, user } = locals;
+	const { id } = params;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	if (!user) return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	if (!id) return apiError("MISSING_PARAM", "Passkey ID is required", 400);
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		const credential = await adapter.getCredentialById(id);
+		if (!credential || credential.userId !== user.id) return apiError("NOT_FOUND", "Passkey not found", 404);
+		const body = await parseBody(request, passkeyRenameBody);
+		if (isParseError(body)) return body;
+		const trimmedName = body.name.trim() || null;
+		await adapter.updateCredentialName(id, trimmedName);
+		return apiSuccess({ passkey: {
+			id: credential.id,
+			name: trimmedName,
+			deviceType: credential.deviceType,
+			backedUp: credential.backedUp,
+			createdAt: credential.createdAt.toISOString(),
+			lastUsedAt: credential.lastUsedAt.toISOString()
+		} });
+	} catch (error) {
+		return handleError(error, "Failed to rename passkey", "PASSKEY_RENAME_ERROR");
+	}
+};
+/**
+* DELETE - Remove a passkey
+*/
+const DELETE = async ({ params, locals }) => {
+	const { dineway, user } = locals;
+	const { id } = params;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	if (!user) return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	if (!id) return apiError("MISSING_PARAM", "Passkey ID is required", 400);
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		const credential = await adapter.getCredentialById(id);
+		if (!credential || credential.userId !== user.id) return apiError("NOT_FOUND", "Passkey not found", 404);
+		if (await adapter.countCredentialsByUserId(user.id) <= 1) return apiError("LAST_PASSKEY", "Cannot remove your last passkey", 400);
+		await adapter.deleteCredential(id);
+		return apiSuccess({ success: true });
+	} catch (error) {
+		return handleError(error, "Failed to delete passkey", "PASSKEY_DELETE_ERROR");
+	}
+};
+//#endregion
+export { DELETE, PATCH, prerender };

package/dist/astro/routes/api/auth/passkey/index.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/index.d.ts
+declare const prerender = false;
+declare const GET: APIRoute;
+//#endregion
+export { GET, prerender };

package/dist/astro/routes/api/auth/passkey/index.mjs ADDED Viewed

@@ -0,0 +1,25 @@
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-DEGjx2Xw.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+//#region src/astro/routes/api/auth/passkey/index.ts
+const prerender = false;
+const GET = async ({ locals }) => {
+	const { dineway, user } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	if (!user) return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	try {
+		return apiSuccess({ items: (await createKyselyAdapter(dineway.db).getCredentialsByUserId(user.id)).map((cred) => ({
+			id: cred.id,
+			name: cred.name,
+			deviceType: cred.deviceType,
+			backedUp: cred.backedUp,
+			createdAt: cred.createdAt.toISOString(),
+			lastUsedAt: cred.lastUsedAt.toISOString()
+		})) });
+	} catch (error) {
+		return handleError(error, "Failed to list passkeys", "PASSKEY_LIST_ERROR");
+	}
+};
+//#endregion
+export { GET, prerender };

package/dist/astro/routes/api/auth/passkey/options.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/options.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/options.mjs ADDED Viewed

@@ -0,0 +1,46 @@
+import { t as OptionsRepository } from "../../../../../options-z8VVg1Ll.mjs";
+import "../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-DEGjx2Xw.mjs";
+import { r as parseOptionalBody, t as isParseError } from "../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../redirects-CqaxraTO.mjs";
+import { f as passkeyOptionsBody } from "../../../../../import-DD3f2jkc.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { t as getTrustedProxyHeaders } from "../../../../../trusted-proxy-Bi0Cuk5n.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-BB_umF5G.mjs";
+import { n as createChallengeStore, t as cleanupExpiredChallenges } from "../../../../../challenge-store-DHMgBGOq.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-Daqs5fjq.mjs";
+import { n as getClientIp, r as rateLimitResponse, t as checkRateLimit } from "../../../../../rate-limit-CbJoj_fT.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { generateAuthenticationOptions } from "@dineway-ai/auth/passkey";
+//#region src/astro/routes/api/auth/passkey/options.ts
+const prerender = false;
+const POST = async ({ request, locals }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	try {
+		cleanupExpiredChallenges(dineway.db).catch(() => {});
+		const body = await parseOptionalBody(request, passkeyOptionsBody, {});
+		if (isParseError(body)) return body;
+		const ip = getClientIp(request, getTrustedProxyHeaders(dineway.config));
+		if (!(await checkRateLimit(dineway.db, ip, "passkey/options", 10, 60)).allowed) return rateLimitResponse(60);
+		const adapter = createKyselyAdapter(dineway.db);
+		let credentials = [];
+		if (body.email) {
+			const user = await adapter.getUserByEmail(body.email);
+			if (user) credentials = await adapter.getCredentialsByUserId(user.id);
+		}
+		const url = new URL(request.url);
+		const passkeyConfig = getPasskeyConfig(url, await new OptionsRepository(dineway.db).get("dineway:site_title") ?? void 0, getPublicOrigin(url, dineway?.config));
+		const challengeStore = createChallengeStore(dineway.db);
+		return apiSuccess({
+			success: true,
+			options: await generateAuthenticationOptions(passkeyConfig, credentials, challengeStore)
+		});
+	} catch (error) {
+		return handleError(error, "Failed to generate passkey options", "PASSKEY_OPTIONS_ERROR");
+	}
+};
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/register/options.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/register/options.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/register/options.mjs ADDED Viewed

@@ -0,0 +1,44 @@
+import { t as OptionsRepository } from "../../../../../../options-z8VVg1Ll.mjs";
+import "../../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../../error-DEGjx2Xw.mjs";
+import { r as parseOptionalBody, t as isParseError } from "../../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../../redirects-CqaxraTO.mjs";
+import { p as passkeyRegisterOptionsBody } from "../../../../../../import-DD3f2jkc.mjs";
+import "../../../../../../api/schemas/index.mjs";
+import { n as getPublicOrigin } from "../../../../../../public-url-BB_umF5G.mjs";
+import { n as createChallengeStore } from "../../../../../../challenge-store-DHMgBGOq.mjs";
+import { t as getPasskeyConfig } from "../../../../../../passkey-config-Daqs5fjq.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { generateRegistrationOptions } from "@dineway-ai/auth/passkey";
+//#region src/astro/routes/api/auth/passkey/register/options.ts
+const prerender = false;
+const MAX_PASSKEYS = 10;
+const POST = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	if (!user) return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		if (await adapter.countCredentialsByUserId(user.id) >= MAX_PASSKEYS) return apiError("PASSKEY_LIMIT", `Maximum of ${MAX_PASSKEYS} passkeys allowed`, 400);
+		const body = await parseOptionalBody(request, passkeyRegisterOptionsBody, {});
+		if (isParseError(body)) return body;
+		const existingCredentials = await adapter.getCredentialsByUserId(user.id);
+		const url = new URL(request.url);
+		const optionsRepo = new OptionsRepository(dineway.db);
+		const passkeyConfig = getPasskeyConfig(url, await optionsRepo.get("dineway:site_title") ?? void 0, getPublicOrigin(url, dineway?.config));
+		const challengeStore = createChallengeStore(dineway.db);
+		const registrationOptions = await generateRegistrationOptions(passkeyConfig, {
+			id: user.id,
+			email: user.email,
+			name: user.name
+		}, existingCredentials, challengeStore);
+		if (body.name) await optionsRepo.set(`dineway:passkey_pending:${user.id}`, { name: body.name });
+		return apiSuccess({ options: registrationOptions });
+	} catch (error) {
+		return handleError(error, "Failed to generate registration options", "PASSKEY_REGISTER_OPTIONS_ERROR");
+	}
+};
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/register/verify.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/register/verify.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/register/verify.mjs ADDED Viewed

@@ -0,0 +1,59 @@
+import { t as OptionsRepository } from "../../../../../../options-z8VVg1Ll.mjs";
+import "../../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, t as apiError } from "../../../../../../error-DEGjx2Xw.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../../redirects-CqaxraTO.mjs";
+import { m as passkeyRegisterVerifyBody } from "../../../../../../import-DD3f2jkc.mjs";
+import "../../../../../../api/schemas/index.mjs";
+import { n as getPublicOrigin } from "../../../../../../public-url-BB_umF5G.mjs";
+import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../../allowed-origins-DG86sH8U.mjs";
+import { n as createChallengeStore } from "../../../../../../challenge-store-DHMgBGOq.mjs";
+import { t as getPasskeyConfig } from "../../../../../../passkey-config-Daqs5fjq.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { registerPasskey, verifyRegistrationResponse } from "@dineway-ai/auth/passkey";
+//#region src/astro/routes/api/auth/passkey/register/verify.ts
+const prerender = false;
+const MAX_PASSKEYS = 10;
+const POST = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	if (!user) return apiError("NOT_AUTHENTICATED", "Not authenticated", 401);
+	try {
+		const adapter = createKyselyAdapter(dineway.db);
+		if (await adapter.countCredentialsByUserId(user.id) >= MAX_PASSKEYS) return apiError("PASSKEY_LIMIT", `Maximum of ${MAX_PASSKEYS} passkeys allowed`, 400);
+		const body = await parseBody(request, passkeyRegisterVerifyBody);
+		if (isParseError(body)) return body;
+		const url = new URL(request.url);
+		const optionsRepo = new OptionsRepository(dineway.db);
+		const siteName = await optionsRepo.get("dineway:site_title") ?? void 0;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, validateAllowedOrigins(siteUrl, getConfiguredAllowedOrigins(dineway?.config)));
+		const challengeStore = createChallengeStore(dineway.db);
+		const verified = await verifyRegistrationResponse(passkeyConfig, body.credential, challengeStore);
+		let passKeyName = body.name ?? void 0;
+		if (!passKeyName) {
+			const pending = await optionsRepo.get(`dineway:passkey_pending:${user.id}`);
+			if (pending?.name) passKeyName = pending.name;
+		}
+		await optionsRepo.delete(`dineway:passkey_pending:${user.id}`);
+		const credential = await registerPasskey(adapter, user.id, verified, passKeyName);
+		return apiSuccess({ passkey: {
+			id: credential.id,
+			name: credential.name,
+			deviceType: credential.deviceType,
+			backedUp: credential.backedUp,
+			createdAt: credential.createdAt.toISOString(),
+			lastUsedAt: credential.lastUsedAt.toISOString()
+		} });
+	} catch (error) {
+		console.error("Passkey registration verify error:", error);
+		const message = error instanceof Error ? error.message : "";
+		if (message.includes("credential_exists") || message.includes("already")) return apiError("CREDENTIAL_EXISTS", "This passkey is already registered", 400);
+		if (message.includes("challenge") || message.includes("expired")) return apiError("CHALLENGE_EXPIRED", "Registration expired. Please try again.", 400);
+		return apiError("PASSKEY_REGISTER_ERROR", "Registration failed", 500);
+	}
+};
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/verify.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/passkey/verify.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/passkey/verify.mjs ADDED Viewed

@@ -0,0 +1,47 @@
+import { t as OptionsRepository } from "../../../../../options-z8VVg1Ll.mjs";
+import "../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-DEGjx2Xw.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../redirects-CqaxraTO.mjs";
+import { g as passkeyVerifyBody } from "../../../../../import-DD3f2jkc.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-BB_umF5G.mjs";
+import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../allowed-origins-DG86sH8U.mjs";
+import { n as createChallengeStore } from "../../../../../challenge-store-DHMgBGOq.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-Daqs5fjq.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { PasskeyAuthenticationError, authenticateWithPasskey } from "@dineway-ai/auth/passkey";
+//#region src/astro/routes/api/auth/passkey/verify.ts
+const prerender = false;
+const POST = async ({ request, locals, session }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	try {
+		const body = await parseBody(request, passkeyVerifyBody);
+		if (isParseError(body)) return body;
+		const url = new URL(request.url);
+		const siteName = await new OptionsRepository(dineway.db).get("dineway:site_title") ?? void 0;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, validateAllowedOrigins(siteUrl, getConfiguredAllowedOrigins(dineway?.config)));
+		const adapter = createKyselyAdapter(dineway.db);
+		const challengeStore = createChallengeStore(dineway.db);
+		const user = await authenticateWithPasskey(passkeyConfig, adapter, body.credential, challengeStore);
+		if (session) session.set("user", { id: user.id });
+		return apiSuccess({
+			success: true,
+			user: {
+				id: user.id,
+				email: user.email,
+				name: user.name,
+				role: user.role
+			}
+		});
+	} catch (error) {
+		if (error instanceof PasskeyAuthenticationError) return apiError("UNAUTHORIZED", "Authentication failed", 401);
+		return handleError(error, "Authentication failed", "PASSKEY_VERIFY_ERROR");
+	}
+};
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/signup/complete.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/signup/complete.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/signup/complete.mjs ADDED Viewed

@@ -0,0 +1,55 @@
+import { t as OptionsRepository } from "../../../../../options-z8VVg1Ll.mjs";
+import "../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, r as handleError, t as apiError } from "../../../../../error-DEGjx2Xw.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../redirects-CqaxraTO.mjs";
+import { _ as signupCompleteBody } from "../../../../../import-DD3f2jkc.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { n as getPublicOrigin } from "../../../../../public-url-BB_umF5G.mjs";
+import { n as validateAllowedOrigins, t as getConfiguredAllowedOrigins } from "../../../../../allowed-origins-DG86sH8U.mjs";
+import { n as createChallengeStore } from "../../../../../challenge-store-DHMgBGOq.mjs";
+import { t as getPasskeyConfig } from "../../../../../passkey-config-Daqs5fjq.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { SignupError, completeSignup } from "@dineway-ai/auth";
+import { registerPasskey, verifyRegistrationResponse } from "@dineway-ai/auth/passkey";
+//#region src/astro/routes/api/auth/signup/complete.ts
+const prerender = false;
+const POST = async ({ request, locals, session }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	try {
+		const body = await parseBody(request, signupCompleteBody);
+		if (isParseError(body)) return body;
+		const adapter = createKyselyAdapter(dineway.db);
+		const url = new URL(request.url);
+		const siteName = await new OptionsRepository(dineway.db).get("dineway:site_title") ?? void 0;
+		const siteUrl = getPublicOrigin(url, dineway?.config);
+		const passkeyConfig = getPasskeyConfig(url, siteName, siteUrl, validateAllowedOrigins(siteUrl, getConfiguredAllowedOrigins(dineway?.config)));
+		const challengeStore = createChallengeStore(dineway.db);
+		const verified = await verifyRegistrationResponse(passkeyConfig, body.credential, challengeStore);
+		const user = await completeSignup(adapter, body.token, { name: body.name });
+		await registerPasskey(adapter, user.id, verified, "Initial passkey");
+		if (session) session.set("user", { id: user.id });
+		return apiSuccess({
+			success: true,
+			user: {
+				id: user.id,
+				email: user.email,
+				name: user.name,
+				role: user.role
+			}
+		});
+	} catch (error) {
+		if (error instanceof SignupError) return apiError(error.code.toUpperCase(), error.message, {
+			invalid_token: 404,
+			token_expired: 410,
+			user_exists: 409,
+			domain_not_allowed: 403
+		}[error.code] ?? 400);
+		return handleError(error, "Failed to complete signup", "SIGNUP_COMPLETE_ERROR");
+	}
+};
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/signup/request.d.mts ADDED Viewed

@@ -0,0 +1,7 @@
+import { APIRoute } from "astro";
+//#region src/astro/routes/api/auth/signup/request.d.ts
+declare const prerender = false;
+declare const POST: APIRoute;
+//#endregion
+export { POST, prerender };

package/dist/astro/routes/api/auth/signup/request.mjs ADDED Viewed

@@ -0,0 +1,44 @@
+import { t as OptionsRepository } from "../../../../../options-z8VVg1Ll.mjs";
+import "../../../../../context-types-C-LwdAxx.mjs";
+import { n as apiSuccess, t as apiError } from "../../../../../error-DEGjx2Xw.mjs";
+import { n as parseBody, t as isParseError } from "../../../../../parse-BeQXIt1U.mjs";
+import "../../../../../redirects-CqaxraTO.mjs";
+import { v as signupRequestBody } from "../../../../../import-DD3f2jkc.mjs";
+import "../../../../../api/schemas/index.mjs";
+import { t as getTrustedProxyHeaders } from "../../../../../trusted-proxy-Bi0Cuk5n.mjs";
+import { t as getSiteBaseUrl } from "../../../../../site-url-CYIcO0Tj.mjs";
+import { n as getClientIp, t as checkRateLimit } from "../../../../../rate-limit-CbJoj_fT.mjs";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+import { requestSignup } from "@dineway-ai/auth";
+//#region src/astro/routes/api/auth/signup/request.ts
+const prerender = false;
+const GENERIC_SUCCESS = {
+	success: true,
+	message: "If your email domain is allowed, you'll receive a verification email."
+};
+const POST = async ({ request, locals }) => {
+	const { dineway } = locals;
+	if (!dineway?.db) return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	if (!dineway.email?.isAvailable()) return apiError("EMAIL_NOT_CONFIGURED", "Email not configured. Self-signup is unavailable.", 503);
+	try {
+		const body = await parseBody(request, signupRequestBody);
+		if (isParseError(body)) return body;
+		const ip = getClientIp(request, getTrustedProxyHeaders(dineway.config));
+		if (!(await checkRateLimit(dineway.db, ip, "signup/request", 3, 300)).allowed) return apiSuccess(GENERIC_SUCCESS);
+		const adapter = createKyselyAdapter(dineway.db);
+		const siteName = await new OptionsRepository(dineway.db).get("dineway:site_title") || "Dineway";
+		await requestSignup({
+			baseUrl: await getSiteBaseUrl(dineway.db, request),
+			siteName,
+			email: (message) => dineway.email.send(message, "system")
+		}, adapter, body.email.toLowerCase().trim());
+		return apiSuccess(GENERIC_SUCCESS);
+	} catch (error) {
+		console.error("Signup request error:", error);
+		return apiSuccess(GENERIC_SUCCESS);
+	}
+};
+//#endregion
+export { POST, prerender };