firstly 0.0.16-next.2 → 0.1.0-next.4

package/CHANGELOG.md

@@ -1,5 +1,47 @@
 # firstly
 
+## 0.1.0-next.4
+
+### Minor Changes
+
+- [#153](https://github.com/jycouet/firstly/pull/153)
+  [`f8ca698`](https://github.com/jycouet/firstly/commit/f8ca698aa2b4ec7cfe77f6e63486c0bf9a124946)
+  Thanks [@jycouet](https://github.com/jycouet)! - all root import ... from `firstly` moved to
+  `firstly/internals` (we will gradually add them back when needed
+
+## 0.1.0-next.3
+
+### Minor Changes
+
+- [#140](https://github.com/jycouet/firstly/pull/140)
+  [`94b2188`](https://github.com/jycouet/firstly/commit/94b2188c78772f94e7835ab933fcebbe2a37703c)
+  Thanks [@jycouet](https://github.com/jycouet)! - [BREAKING] - deprecate firstly module in favor of
+  remult module
+
+  ```diff
+  remultApi({
+  --	modules: [],   // firstly modules
+  ++	modulesFF: [], // firstly modules
+  })
+
+  Then, you can use `modules` level of `remult`
+  ```
+
+### Patch Changes
+
+- [#117](https://github.com/jycouet/firstly/pull/117)
+  [`407ed4d`](https://github.com/jycouet/firstly/commit/407ed4db8f4b99f234932965b870d51f6a9c07ca)
+  Thanks [@jycouet](https://github.com/jycouet)! - need to pass `redirect` to handleAuth manually
+
+- [#117](https://github.com/jycouet/firstly/pull/117)
+  [`f30c737`](https://github.com/jycouet/firstly/commit/f30c73781d8f50da08fcdc25f1f7611133ea8b0c)
+  Thanks [@jycouet](https://github.com/jycouet)! - switch mail engine to sailkit
+
+- [#117](https://github.com/jycouet/firstly/pull/117)
+  [`5e1d67e`](https://github.com/jycouet/firstly/commit/5e1d67eb8f75127c3d729945e20b22c40184ee20)
+  Thanks [@jycouet](https://github.com/jycouet)! - [BREAKING] - Auth Identifier got removed in favor
+  of name in User table.
+
 ## 0.0.16-next.2
 
 ### Patch Changes

package/esm/SqlDatabase/FF_LogToConsole.d.ts

@@ -1,5 +1,19 @@
+type TypeQuery = 'INSERT' | 'SELECT' | 'SELECT_COUNT' | 'UPDATE' | 'DELETE' | 'CREATE' | 'ALTER' | 'DROP' | 'TRUNCATE' | 'GRANT' | 'REVOKE';
+/**
+ * @example
+ * SqlDatabase.LogToConsole = (...a) => FF_LogToConsole(...a, {
+ *   type: {
+ *     exclude: ['SELECT', 'SELECT_COUNT']
+ *   }
+ * })
+ */
 export declare const FF_LogToConsole: (duration: number, query: string, args: Record<string, any>, options?: {
+    type?: {
+        include?: TypeQuery[];
+        exclude?: TypeQuery[];
+    };
     withDetails?: boolean;
     tablesToHide?: string[][];
     ending?: (duration: number, query: string, args: Record<string, any>, tables: string[]) => void;
 }) => string | undefined;
+export {};

package/esm/SqlDatabase/FF_LogToConsole.js

@@ -4,7 +4,7 @@ const typeQuery = new Map([
     // CRUD
     ['INSERT', '⚪'], // Used to insert new data into a database.
     ['SELECT', '🔵'], // Used to select data from a database and retrieve it.
-    ['COUNT ', '🟦'], // Used to count data from a database and retrieve it.
+    ['SELECT_COUNT', '🟦'], // Used to count data from a database and retrieve it.
     ['UPDATE', '🟣'], // Used to update existing data within a database.
     ['DELETE', '🟤'], // Used to delete existing data from a database.
     // Additional
@@ -18,17 +18,36 @@ const typeQuery = new Map([
 const keys = ['FROM', 'WHERE', 'LIMIT', 'OFFSET'];
 const typeQueryKey = Array.from(typeQuery.keys());
 const log = new Log('');
+/**
+ * @example
+ * SqlDatabase.LogToConsole = (...a) => FF_LogToConsole(...a, {
+ *   type: {
+ *     exclude: ['SELECT', 'SELECT_COUNT']
+ *   }
+ * })
+ */
 export const FF_LogToConsole = (duration, query, args, options) => {
     if (duration < SqlDatabase.durationThreshold)
         return;
     const rawSql = query
+        .replace(/--.*?(?=\r\n|\n|$)/g, '') // Remove SQL comments
         .replace(/(\r\n|\n|\r|\t)/gm, ' ')
         .replace(/  +/g, ' ')
         .trim();
     const s = rawSql.split(' ');
     let first = s[0].toUpperCase();
-    if (s.includes('count(*)')) {
-        first = 'COUNT ';
+    if (s.length > 1 && s[1].toLowerCase() === 'count(*)') {
+        first = 'SELECT_COUNT';
+    }
+    if (options?.type?.include) {
+        if (!options.type.include.includes(first)) {
+            return;
+        }
+    }
+    if (options?.type?.exclude) {
+        if (options.type.exclude.includes(first)) {
+            return;
+        }
     }
     const tables = [];
     const listArgs = [];
@@ -75,8 +94,8 @@ export const FF_LogToConsole = (duration, query, args, options) => {
         ['information_Schema.tables'],
         ['information_schema.columns'],
         // ['__remult_migrations_version'],
-        ['ff_auth.accounts'],
-        ['ff_auth.users'],
+        // ['ff_auth.accounts'],
+        // ['ff_auth.users'],
         ['ff_auth.users_sessions'],
         ['_ff_change_logs'],
     ];

package/esm/auth/Entities.d.ts

@@ -1,6 +1,6 @@
 import type { OAuth2Tokens } from 'arctic';
-import { BaseEnum } from '..';
-import type { BaseEnumOptions } from '..';
+import { BaseEnum } from '../internals';
+import type { BaseEnumOptions } from '../internals';
 import type { OAuth2UserInfo } from './types';
 export declare const FF_Role_Auth: {
     readonly FF_Role_Auth_Admin: "FF_Role_Auth.Admin";
@@ -10,7 +10,7 @@ export declare class FFAuthUser {
     id: string;
     createdAt: Date;
     updatedAt?: Date;
-    identifier: string;
+    name: string;
     roles: string[];
     accounts: FFAuthAccount[];
     sessions: FFAuthUserSession[];
@@ -23,6 +23,7 @@ export declare class FFAuthAccount {
     user: FFAuthUser;
     provider: string;
     providerUserId: string;
+    email?: string | null;
     hashPassword?: string;
     token?: string;
     expiresAt?: Date;

package/esm/auth/Entities.js

@@ -6,7 +6,7 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 };
 var FFAuthProvider_1;
 import { Fields, Relations, Validators, ValueListFieldType } from 'remult';
-import { BaseEnum, FF_Entity, FF_Role } from '..';
+import { BaseEnum, FF_Entity, FF_Role } from '../internals';
 export const FF_Role_Auth = {
     FF_Role_Auth_Admin: 'FF_Role_Auth.Admin',
     FF_Role_Auth_Invite: 'FF_Role_Auth.Invite',
@@ -15,7 +15,7 @@ let FFAuthUser = class FFAuthUser {
     id;
     createdAt;
     updatedAt;
-    identifier;
+    name;
     roles = [];
     accounts;
     sessions;
@@ -24,29 +24,29 @@ __decorate([
     Fields.cuid()
 ], FFAuthUser.prototype, "id", void 0);
 __decorate([
-    Fields.createdAt()
+    Fields.createdAt({ includeInApi: [FF_Role_Auth.FF_Role_Auth_Admin, FF_Role.FF_Role_Admin] })
 ], FFAuthUser.prototype, "createdAt", void 0);
 __decorate([
-    Fields.updatedAt()
+    Fields.updatedAt({ includeInApi: [FF_Role_Auth.FF_Role_Auth_Admin, FF_Role.FF_Role_Admin] })
 ], FFAuthUser.prototype, "updatedAt", void 0);
 __decorate([
     Fields.string({
-        allowApiUpdate: false,
-        validate: [
-            Validators.unique(),
-            Validators.required(),
-            (e) => {
-                if (e.identifier?.length < 2)
-                    throw 'Must be at least 2 characters long';
-            },
-        ],
+        required: true,
+        validate: [Validators.unique(), Validators.required()],
     })
-], FFAuthUser.prototype, "identifier", void 0);
+], FFAuthUser.prototype, "name", void 0);
 __decorate([
     Fields.json(() => [], {
+        includeInApi: [FF_Role_Auth.FF_Role_Auth_Admin, FF_Role.FF_Role_Admin],
         inputType: 'selectEnum',
         valueConverter: {
-            toDb: (x) => (x ? x.join(',') : []),
+            toDb: (x) => {
+                if (x === null)
+                    return null;
+                if (Array.isArray(x))
+                    return x.join(',');
+                return x;
+            },
             //FIXME: refacto this + remove "permissions" & add a disable user!
             fromDb: (x) => {
                 return x
@@ -80,6 +80,7 @@ let FFAuthAccount = class FFAuthAccount {
     user;
     provider = FFAuthProvider.PASSWORD.id;
     providerUserId = '';
+    email = null;
     hashPassword;
     token;
     expiresAt;
@@ -107,6 +108,9 @@ __decorate([
 __decorate([
     Fields.string()
 ], FFAuthAccount.prototype, "providerUserId", void 0);
+__decorate([
+    Fields.string({ allowNull: true })
+], FFAuthAccount.prototype, "email", void 0);
 __decorate([
     Fields.string({ includeInApi: false, allowNull: true })
 ], FFAuthAccount.prototype, "hashPassword", void 0);

package/esm/auth/server/AuthController.server.js

@@ -2,6 +2,7 @@ import { decodeHex, encodeHexLowerCase } from '@oslojs/encoding';
 import { createTOTPKeyURI, generateTOTP, verifyTOTPWithGracePeriod } from '@oslojs/otp';
 import { generateState } from 'arctic';
 import { EntityError, remult, repo } from 'remult';
+import { nameify } from '../../formats/strings.js';
 import { gray, green, magenta, red, yellow } from '@kitql/helpers';
 import { FFAuthProvider } from '../Entities.js';
 import { invalidateSession } from './helperDb.js';
@@ -15,7 +16,7 @@ const getSendMail = () => {
         authModuleRaw.log.error(`Missing ${green(`remult.context`)}.${red(`sendMail`)}`);
         authModuleRaw.log.error('');
         authModuleRaw.log.error(gray('Add this to your modules:'));
-        authModuleRaw.log.error('import { mail } from "firstly/mail/server"');
+        authModuleRaw.log.error('import { mail } from "../../mail/server"');
         authModuleRaw.log.error('');
         authModuleRaw.log.error('{');
         authModuleRaw.log.error(`  modules: [`);
@@ -52,19 +53,24 @@ export class AuthControllerServer {
         if (accounts.length === 0) {
             throw new EntityError({ message: `Demo accounts are not enabled!` });
         }
-        const account = accounts.find((a) => a.name === name);
-        if (!account) {
+        const accountConf = accounts.find((a) => a.name === name);
+        if (!accountConf) {
             throw new EntityError({ message: `${name} not found as demo account!` });
         }
         const oSafe = getSafeOptions();
-        let user = await repo(oSafe.User).findFirst({ identifier: name });
-        if (!user) {
-            user = repo(oSafe.User).create();
+        const user = await repo(oSafe.User).upsert({ where: { name } });
+        await repo(oSafe.Account).upsert({
+            where: {
+                provider: FFAuthProvider.DEMO.id,
+                providerUserId: name,
+                userId: user.id,
+            },
+        });
+        const r = mergeRoles(user.roles, accountConf.roles);
+        if (r.changed) {
+            user.roles = r.roles;
+            await repo(oSafe.User).save(user);
         }
-        user.identifier = name;
-        const r = mergeRoles(user.roles, account.roles);
-        user.roles = r.roles;
-        await repo(oSafe.User).save(user);
         const session = await ff_createSession(user.id);
         return {
             message: `You're in with demo account!`,
@@ -75,7 +81,7 @@ export class AuthControllerServer {
      * This is for login / password authentication invite
      */
     static async invite(emailParam) {
-        const email = emailParam.toLowerCase();
+        const email = emailParam?.toLowerCase();
         const oSafe = getSafeOptions();
         const existingAccount = await repo(oSafe.Account).findOne({
             where: {
@@ -88,17 +94,11 @@ export class AuthControllerServer {
         }
         else {
             const token = generateAndEncodeToken();
-            // TODO: Do we create the user or just the account ?!
-            // TODO 2: Invite is by mail... But the invitee can log with another provider... So what do we do?! maybe not checking the provider... and updating?
-            // const user = await repo(oSafe.User).insert({
-            //   identifier: email,
-            // })
             await repo(oSafe.Account).insert({
                 provider: FFAuthProvider.PASSWORD.id,
                 providerUserId: email,
-                // userId: user.id,
-                // hashPassword: await passwordHash(password),
-                token: token,
+                email,
+                token,
                 expiresAt: createDate(AUTH_OPTIONS.providers?.password?.mail?.verify?.expiresIn ?? 5 * 60),
                 lastVerifiedAt: undefined,
             });
@@ -116,23 +116,19 @@ export class AuthControllerServer {
                 await sendMail('invitationSend', {
                     to: email,
                     subject: 'Invitation',
-                    templateProps: {
-                        title: 'Invitation 👋',
-                        previewText: 'This is the mail you were waiting for',
-                        sections: [
-                            {
-                                text: 'Today is your lucky day !',
-                                highlighted: true,
+                    title: 'Invitation 👋',
+                    sections: [
+                        {
+                            html: 'Today is your lucky day !',
+                        },
+                        {
+                            html: 'You were invited to join the team',
+                            cta: {
+                                html: 'JOIN',
+                                link: url,
                             },
-                            {
-                                text: 'You were invited to join the team',
-                                cta: {
-                                    text: 'JOIN',
-                                    link: url,
-                                },
-                            },
-                        ],
-                    },
+                        },
+                    ],
                 });
                 authModuleRaw.log.success(`${magenta('[invitationSend]')} (${yellow(url)})`);
                 return {
@@ -158,7 +154,7 @@ export class AuthControllerServer {
         if (!oSafe.password.enabled) {
             throw new EntityError({ message: 'Password is not enabled!' });
         }
-        const email = emailParam.toLowerCase();
+        const email = emailParam?.toLowerCase();
         oSafe.password.validateInput({ identifier: email, password });
         const existingAccount = await repo(oSafe.Account).findOne({
             where: {
@@ -173,11 +169,12 @@ export class AuthControllerServer {
         // REMULT: Do not put it in a transaction, as it will be called from a backendmethod that is already in a transaction! And nested transactions not allowed.
         // await remult.dataProvider.transaction(async () => {
         const user = await repo(oSafe.User).insert({
-            identifier: email,
+            name: nameify(email),
         });
         await repo(oSafe.Account).insert({
             provider: FFAuthProvider.PASSWORD.id,
             providerUserId: email,
+            email,
             userId: user.id,
             hashPassword: await oSafe.password.hash(password),
             token: oSafe.verifiedMethod === 'auto' ? undefined : token,
@@ -188,9 +185,6 @@ export class AuthControllerServer {
         });
         // })
         if (oSafe.verifiedMethod === 'auto') {
-            const user = await repo(oSafe.User).findFirst({
-                identifier: email,
-            });
             if (user) {
                 const session = await ff_createSession(user.id);
                 return {
@@ -210,19 +204,16 @@ export class AuthControllerServer {
                 await sendMail('verifyMailSend', {
                     to: email,
                     subject: 'Wecome',
-                    templateProps: {
-                        title: 'Wecome 👋',
-                        previewText: 'This is the mail you were waiting for',
-                        sections: [
-                            {
-                                text: 'You can validate your account',
-                                cta: {
-                                    text: 'HERE',
-                                    link: url,
-                                },
+                    title: 'Wecome 👋',
+                    sections: [
+                        {
+                            html: 'You can validate your account',
+                            cta: {
+                                html: 'HERE',
+                                link: url,
                             },
-                        ],
-                    },
+                        },
+                    ],
                 });
                 authModuleRaw.log.success(`${magenta('[verifyMailSend]')} (${yellow(url)})`);
             }
@@ -241,7 +232,7 @@ export class AuthControllerServer {
      * _(The first param `email` can be "anything")_
      */
     static async signInPassword(emailParam, password) {
-        const email = emailParam.toLowerCase();
+        const email = emailParam?.toLowerCase();
         const oSafe = getSafeOptions();
         oSafe.password.validateInput({ identifier: email, password });
         if (!oSafe.password.enabled) {
@@ -258,22 +249,26 @@ export class AuthControllerServer {
             if (validPassword) {
                 const session = await ff_createSession(existingAccount.userId);
                 const user = await repo(oSafe.User).findId(existingAccount.userId);
+                if (!user) {
+                    authModuleRaw.log.error('User not found for this arround:', existingAccount);
+                    throw new EntityError({ message: 'User not found, please contact support.' });
+                }
                 return {
-                    message: 'ok',
+                    message: 'Signing in progress...',
                     user: oSafe.transformDbUserToClientUser(session, user),
                 };
             }
-            authModuleRaw.log.error({ email, passwordLength: password.length });
+            authModuleRaw.log.error({ email, passwordLengthInfo: password.length });
             throw new EntityError({ message: 'Incorrect username or password' });
         }
-        authModuleRaw.log.error({ email, passwordLength: password.length });
+        authModuleRaw.log.error({ email, passwordLengthInfo: password.length });
         throw new EntityError({ message: 'Incorrect username or password.' });
     }
     /**
      * Forgot your password ? Send a mail to reset it.
      */
     static async forgotPassword(emailParam) {
-        const email = emailParam.toLowerCase();
+        const email = emailParam?.toLowerCase();
         const oSafe = getSafeOptions();
         if (!oSafe.password.enabled) {
             throw new EntityError({ message: 'Password is not enabled!' });
@@ -303,32 +298,30 @@ export class AuthControllerServer {
                 await sendMail('resetPasswordSend', {
                     to: email,
                     subject: 'Reset your password',
-                    templateProps: {
-                        title: 'Reset your password 👋',
-                        previewText: 'This is the mail you were waiting for',
-                        sections: [
-                            {
-                                text: 'Did you forgot something ?',
-                                highlighted: true,
-                            },
-                            {
-                                text: 'No worries, you can reset your password',
-                                cta: {
-                                    text: 'HERE',
-                                    link: url,
-                                },
+                    sections: [
+                        {
+                            html: 'Did you forgot something ?',
+                        },
+                        {
+                            html: 'No worries, you can reset your password',
+                            cta: {
+                                html: 'HERE',
+                                link: url,
                             },
-                        ],
-                    },
+                        },
+                    ],
                 });
                 authModuleRaw.log.success(`${magenta('[resetPasswordSend]')} (${yellow(url)})`);
                 return {
-                    message: `Demo | ${oSafe.strings.resetPasswordSend}`,
+                    message: `${oSafe.strings.resetPasswordSend} (DEMO)`,
                     user: remult.user,
                 };
             }
         }
-        throw new EntityError({ message: oSafe.strings.anErrorOccurred });
+        return {
+            message: oSafe.strings.resetPasswordUnknownUser,
+            user: remult.user,
+        };
     }
     /**
      * Reset your password with a token
@@ -349,7 +342,7 @@ export class AuthControllerServer {
             throw new EntityError({ message: 'token expired' });
         }
         if (account.userId === undefined) {
-            const user = await repo(oSafe.User).insert({ identifier: account.providerUserId });
+            const user = await repo(oSafe.User).insert({ name: nameify(account.providerUserId) });
             account.userId = user.id;
         }
         await invalidateSession(account.userId);
@@ -367,7 +360,7 @@ export class AuthControllerServer {
     }
     /** OTP */
     static async signInOTP(emailParam) {
-        const email = emailParam.toLowerCase();
+        const email = emailParam?.toLowerCase();
         const oSafe = getSafeOptions();
         if (!oSafe.otp.enabled) {
             throw new EntityError({ message: `OPT is not enabled!` });
@@ -381,20 +374,16 @@ export class AuthControllerServer {
             const issuer = AUTH_OPTIONS.providers.otp.issuer ?? 'firstly';
             const uri = createTOTPKeyURI(issuer, email, key, intervalInSeconds, digits);
             const oSafe = getSafeOptions();
-            let user = await repo(oSafe.User).findFirst({ identifier: email });
-            if (!user) {
-                user = repo(oSafe.User).create();
-            }
-            user.identifier = email;
-            user = await repo(oSafe.User).save(user);
-            let account = await remult
-                .repo(oSafe.Account)
-                .findFirst({ userId: user.id, provider: FFAuthProvider.OTP.id });
-            if (!account) {
-                account = repo(oSafe.Account).create();
+            const account = await repo(oSafe.Account).upsert({
+                where: {
+                    provider: FFAuthProvider.OTP.id,
+                    providerUserId: email,
+                },
+            });
+            if (account.userId === '' || account.userId === undefined) {
+                const user = await repo(oSafe.User).insert({ name: nameify(email) });
+                account.userId = user.id;
             }
-            account.userId = user.id;
-            account.provider = FFAuthProvider.OTP.id;
             account.token = otp;
             account.hashPassword = keyEncoded;
             await repo(oSafe.Account).save(account);
@@ -417,7 +406,7 @@ export class AuthControllerServer {
      * Verify the OTP code
      */
     static async verifyOtp(emailParam, otp) {
-        const email = emailParam.toLowerCase();
+        const email = emailParam?.toLowerCase();
         const oSafe = getSafeOptions();
         if (!oSafe.otp.enabled) {
             throw new EntityError({ message: `OPT is not enabled!` });
@@ -429,8 +418,7 @@ export class AuthControllerServer {
             throw new EntityError({ message: 'Invalid otp' });
         }
         const account = accounts[0];
-        const user = await repo(oSafe.User).findId(account.userId);
-        if (user?.identifier !== email) {
+        if (account?.providerUserId !== email) {
             throw new EntityError({ message: 'Invalid otp.' });
         }
         const intervalInSeconds = oSafe.providers?.otp?.expiresIn ?? 30;
@@ -447,6 +435,11 @@ export class AuthControllerServer {
         account.expiresAt = undefined;
         await repo(oSafe.Account).save(account);
         const session = await ff_createSession(account.userId);
+        const user = await repo(oSafe.User).findId(account.userId);
+        if (!user) {
+            authModuleRaw.log.error('User not found for this arround:', account);
+            throw new EntityError({ message: 'User not found, please contact support.' });
+        }
         return {
             message: 'verified',
             user: oSafe.transformDbUserToClientUser(session, user),

package/esm/auth/server/handleAuth.d.ts

@@ -1,2 +1,4 @@
-import { type Handle } from '@sveltejs/kit';
-export declare const handleAuth: Handle;
+import { redirect as redirectKit, type Handle } from '@sveltejs/kit';
+export declare const handleAuth: ({ redirect }: {
+    redirect: typeof redirectKit;
+}) => Handle;

package/esm/auth/server/handleAuth.js

@@ -1,10 +1,10 @@
-import { redirect } from '@sveltejs/kit';
+import { redirect as redirectKit } from '@sveltejs/kit';
 import { repo } from 'remult';
 import { read } from '@kitql/internals';
 import { FFAuthProvider } from '../Entities';
 import { ff_createSession } from './helperFirstly';
 import { getSafeOptions } from './module';
-export const handleAuth = async ({ event, resolve }) => {
+export const handleAuth = ({ redirect }) => async ({ event, resolve }) => {
     const oSafe = getSafeOptions();
     if (event.url.pathname === oSafe.firstlyData.props.ui?.paths?.verify_email) {
         const token = event.url.searchParams.get('token') ?? '';
@@ -71,6 +71,8 @@ export const handleAuth = async ({ event, resolve }) => {
         const redirectUrl = redirectUrlCookie ?? oSafe.redirectUrl;
         if (!code || !state || !storedState || state !== storedState || !keyState) {
             redirect(302, redirectUrl);
+            // We have to do this because "lib redirect" is not working, so I pass the handle... :(
+            throw 'we cannot arrive here!';
         }
         const selectedOAuth = oSafe.providers?.oAuths?.find((c) => c.name === keyState);
         if (selectedOAuth && code) {
@@ -84,6 +86,7 @@ export const handleAuth = async ({ event, resolve }) => {
             catch (error) {
                 console.error(error);
                 redirect(302, redirectUrl);
+                throw 'we cannot arrive here!';
             }
             if (!info.providerUserId) {
                 redirect(302, redirectUrl);
@@ -103,7 +106,7 @@ export const handleAuth = async ({ event, resolve }) => {
                 let nameToUse = '';
                 for (let i = 0; i < info.nameOptions.length; i++) {
                     const existingUser = await repo(oSafe.User).findOne({
-                        where: { identifier: info.nameOptions[i] },
+                        where: { name: info.nameOptions[i] },
                     });
                     if (existingUser) {
                         // Don't do anything
@@ -117,7 +120,7 @@ export const handleAuth = async ({ event, resolve }) => {
                     nameToUse = `${info.nameOptions[0]}-${info.providerUserId}`;
                 }
                 const user = repo(oSafe.User).create();
-                user.identifier = nameToUse;
+                user.name = nameToUse;
                 await repo(oSafe.User).save(user);
                 account = repo(oSafe.Account).create();
                 account.provider = keyState;
@@ -127,6 +130,7 @@ export const handleAuth = async ({ event, resolve }) => {
             account.lastVerifiedAt = new Date();
             account.token = tokens.accessToken();
             account.metadata = { ...info, tokens_data: tokens.data };
+            account.email = info.emailOptions.length > 0 ? info.emailOptions[0] : undefined;
             await repo(oSafe.Account).save(account);
             await ff_createSession(account.userId);
             event.cookies.delete(`${keyState}_oauth_state`, { path: '/' });

package/esm/auth/server/helperRole.d.ts

@@ -1,6 +1,6 @@
-import type { ClassType } from 'remult';
-import { Log } from '@kitql/helpers';
-import { FFAuthUser } from '../Entities';
+import { type ClassType } from 'remult';
+import type { Log } from '@kitql/helpers';
+import { type FFAuthAccount, type FFAuthUser } from '../Entities';
 /**
  * will merge the roles and remove duplicates
  * will return a new array & a status if the array was changed
@@ -9,4 +9,11 @@ export declare const mergeRoles: (existing: string[], newOnes: string[] | undefi
     roles: string[];
     changed: boolean;
 };
-export declare const initRoleFromEnv: (log: Log, userEntity: ClassType<FFAuthUser>, envKey: string, role: string) => Promise<void>;
+export declare const linkRoleToUsersFromEnv: (o: {
+    log: Log;
+    accountEntity: ClassType<FFAuthAccount>;
+    userEntity: ClassType<FFAuthUser>;
+    envKey: string;
+    envValue: string;
+    roles: string[];
+}) => Promise<void>;