modelence 0.9.0-dev.0 → 0.9.0

package/dist/auth/profile.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../../src/auth/profile.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAEjD,wBAAsB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO;;;;;;;GAYjE"}

package/dist/auth/profile.js

@@ -1,13 +0,0 @@
-import { usersCollection } from './db';
-export async function getOwnProfile(_args, { user }) {
-    if (!user) {
-        throw new Error('Not authenticated');
-    }
-    const profile = await usersCollection.requireById(user.id);
-    return {
-        handle: profile.handle,
-        emails: profile.emails,
-        authMethods: Object.keys(profile.authMethods || {}),
-    };
-}
-//# sourceMappingURL=profile.js.map

package/dist/auth/profile.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"profile.js","sourceRoot":"","sources":["../../src/auth/profile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAGvC,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAW,EAAE,EAAE,IAAI,EAAW;IAChE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAE3D,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;KACpD,CAAC;AACJ,CAAC"}

package/dist/auth/providers/github.d.ts

@@ -1,3 +0,0 @@
-declare function getRouter(): import("express-serve-static-core").Router;
-export default getRouter;
-//# sourceMappingURL=github.d.ts.map

package/dist/auth/providers/github.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/github.ts"],"names":[],"mappings":"AA6HA,iBAAS,SAAS,+CA2DjB;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/github.js

@@ -1,122 +0,0 @@
-import { getConfig } from '../../server';
-import { time } from '../../time';
-import { randomBytes } from 'crypto';
-import { Router } from 'express';
-import { getRedirectUri, handleOAuthUserAuthentication, validateOAuthCode, } from './oauth-common';
-async function exchangeCodeForToken(code, clientId, clientSecret, redirectUri) {
-    const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            Accept: 'application/json',
-        },
-        body: JSON.stringify({
-            client_id: clientId,
-            client_secret: clientSecret,
-            code,
-            redirect_uri: redirectUri,
-        }),
-    });
-    if (!tokenResponse.ok) {
-        throw new Error(`Failed to exchange code for token: ${tokenResponse.statusText}`);
-    }
-    return tokenResponse.json();
-}
-async function fetchGitHubUserInfo(accessToken) {
-    const userInfoResponse = await fetch('https://api.github.com/user', {
-        headers: {
-            Authorization: `Bearer ${accessToken}`,
-            Accept: 'application/vnd.github.v3+json',
-        },
-    });
-    if (!userInfoResponse.ok) {
-        throw new Error(`Failed to fetch user info: ${userInfoResponse.statusText}`);
-    }
-    return userInfoResponse.json();
-}
-async function handleGitHubAuthenticationCallback(req, res) {
-    const code = validateOAuthCode(req.query.code);
-    const state = req.query.state;
-    const storedState = req.cookies.authStateGithub;
-    if (!code) {
-        res.status(400).json({ error: 'Missing authorization code' });
-        return;
-    }
-    if (!state || !storedState || state !== storedState) {
-        res.status(400).json({ error: 'Invalid OAuth state - possible CSRF attack' });
-        return;
-    }
-    res.clearCookie('authStateGithub');
-    const githubClientId = String(getConfig('_system.user.auth.github.clientId'));
-    const githubClientSecret = String(getConfig('_system.user.auth.github.clientSecret'));
-    const redirectUri = getRedirectUri('github');
-    try {
-        // Exchange code for access token
-        const tokenData = await exchangeCodeForToken(code, githubClientId, githubClientSecret, redirectUri);
-        // Fetch user info
-        const githubUser = await fetchGitHubUserInfo(tokenData.access_token);
-        // Use the public email from user profile
-        const githubEmail = githubUser.email || '';
-        if (!githubEmail) {
-            res.status(400).json({
-                error: 'Unable to retrieve email from GitHub. Please ensure your email is public or grant email permissions.',
-            });
-            return;
-        }
-        const userData = {
-            id: String(githubUser.id),
-            email: githubEmail,
-            emailVerified: true, // Assume public email is verified
-            providerName: 'github',
-        };
-        await handleOAuthUserAuthentication(req, res, userData);
-    }
-    catch (error) {
-        console.error('GitHub OAuth error:', error);
-        res.status(500).json({ error: 'Authentication failed' });
-    }
-}
-function getRouter() {
-    const githubAuthRouter = Router();
-    // Middleware to check if GitHub auth is enabled and configured
-    const checkGitHubEnabled = (_req, res, next) => {
-        const githubEnabled = Boolean(getConfig('_system.user.auth.github.enabled'));
-        const githubClientId = String(getConfig('_system.user.auth.github.clientId'));
-        const githubClientSecret = String(getConfig('_system.user.auth.github.clientSecret'));
-        if (!githubEnabled || !githubClientId || !githubClientSecret) {
-            res.status(503).json({ error: 'GitHub authentication is not configured' });
-            return;
-        }
-        next();
-    };
-    // Initiate OAuth flow
-    githubAuthRouter.get('/api/_internal/auth/github', checkGitHubEnabled, (req, res) => {
-        const githubClientId = String(getConfig('_system.user.auth.github.clientId'));
-        const redirectUri = getRedirectUri('github');
-        const githubScopes = getConfig('_system.user.auth.github.scopes');
-        const scopes = githubScopes
-            ? String(githubScopes)
-                .split(',')
-                .map((s) => s.trim())
-                .join(' ')
-            : 'user:email';
-        const state = randomBytes(32).toString('hex');
-        res.cookie('authStateGithub', state, {
-            httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
-            sameSite: 'lax',
-            maxAge: time.minutes(10), // 10 minutes
-        });
-        const authUrl = new URL('https://github.com/login/oauth/authorize');
-        authUrl.searchParams.append('client_id', githubClientId);
-        authUrl.searchParams.append('redirect_uri', redirectUri);
-        authUrl.searchParams.append('scope', scopes);
-        authUrl.searchParams.append('state', state);
-        res.redirect(authUrl.toString());
-    });
-    // Handle OAuth callback
-    githubAuthRouter.get('/api/_internal/auth/github/callback', checkGitHubEnabled, handleGitHubAuthenticationCallback);
-    return githubAuthRouter;
-}
-export default getRouter;
-//# sourceMappingURL=github.js.map

package/dist/auth/providers/github.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../src/auth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAkD,MAAM,SAAS,CAAC;AACjF,OAAO,EACL,cAAc,EACd,6BAA6B,EAC7B,iBAAiB,GAElB,MAAM,gBAAgB,CAAC;AAgBxB,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,WAAmB;IAEnB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,6CAA6C,EAAE;QAC/E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,IAAI;YACJ,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,aAAa,CAAC,UAAU,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IACpD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,6BAA6B,EAAE;QAClE,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,MAAM,EAAE,gCAAgC;SACzC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,gBAAgB,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,kCAAkC,CAAC,GAAY,EAAE,GAAa;IAC3E,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAe,CAAC;IACxC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;IAEhD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC;QAC9E,OAAO;IACT,CAAC;IAED,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAEnC,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,iCAAiC;QACjC,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAC1C,IAAI,EACJ,cAAc,EACd,kBAAkB,EAClB,WAAW,CACZ,CAAC;QAEF,kBAAkB;QAClB,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAErE,yCAAyC;QACzC,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE,CAAC;QAE3C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EACH,sGAAsG;aACzG,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAkB;YAC9B,EAAE,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YACzB,KAAK,EAAE,WAAW;YAClB,aAAa,EAAE,IAAI,EAAE,kCAAkC;YACvD,YAAY,EAAE,QAAQ;SACvB,CAAC;QAEF,MAAM,6BAA6B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC;IAElC,+DAA+D;IAC/D,MAAM,kBAAkB,GAAG,CAAC,IAAa,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC9E,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC7E,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;QAEtF,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,sBAAsB;IACtB,gBAAgB,CAAC,GAAG,CAClB,4BAA4B,EAC5B,kBAAkB,EAClB,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,SAAS,CAAC,iCAAiC,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,YAAY;YACzB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;iBACjB,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,IAAI,CAAC,GAAG,CAAC;YACd,CAAC,CAAC,YAAY,CAAC;QAEjB,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,EAAE;YACnC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aAAa;SACxC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACpE,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE5C,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,gBAAgB,CAAC,GAAG,CAClB,qCAAqC,EACrC,kBAAkB,EAClB,kCAAkC,CACnC,CAAC;IAEF,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/google.d.ts

@@ -1,3 +0,0 @@
-declare function getRouter(): import("express-serve-static-core").Router;
-export default getRouter;
-//# sourceMappingURL=google.d.ts.map

package/dist/auth/providers/google.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/google.ts"],"names":[],"mappings":"AAmHA,iBAAS,SAAS,+CAsDjB;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/google.js

@@ -1,108 +0,0 @@
-import { getConfig } from '../../server';
-import { time } from '../../time';
-import { randomBytes } from 'crypto';
-import { Router } from 'express';
-import { getRedirectUri, handleOAuthUserAuthentication, validateOAuthCode, } from './oauth-common';
-async function exchangeCodeForToken(code, clientId, clientSecret, redirectUri) {
-    const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/x-www-form-urlencoded',
-        },
-        body: new URLSearchParams({
-            code,
-            client_id: clientId,
-            client_secret: clientSecret,
-            redirect_uri: redirectUri,
-            grant_type: 'authorization_code',
-        }),
-    });
-    if (!tokenResponse.ok) {
-        throw new Error(`Failed to exchange code for token: ${tokenResponse.statusText}`);
-    }
-    return tokenResponse.json();
-}
-async function fetchGoogleUserInfo(accessToken) {
-    const userInfoResponse = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
-        headers: {
-            Authorization: `Bearer ${accessToken}`,
-        },
-    });
-    if (!userInfoResponse.ok) {
-        throw new Error(`Failed to fetch user info: ${userInfoResponse.statusText}`);
-    }
-    return userInfoResponse.json();
-}
-async function handleGoogleAuthenticationCallback(req, res) {
-    const code = validateOAuthCode(req.query.code);
-    const state = req.query.state;
-    const storedState = req.cookies.authStateGoogle;
-    if (!code) {
-        res.status(400).json({ error: 'Missing authorization code' });
-        return;
-    }
-    if (!state || !storedState || state !== storedState) {
-        res.status(400).json({ error: 'Invalid OAuth state - possible CSRF attack' });
-        return;
-    }
-    res.clearCookie('authStateGoogle');
-    const googleClientId = String(getConfig('_system.user.auth.google.clientId'));
-    const googleClientSecret = String(getConfig('_system.user.auth.google.clientSecret'));
-    const redirectUri = getRedirectUri('google');
-    try {
-        // Exchange code for tokens
-        const tokenData = await exchangeCodeForToken(code, googleClientId, googleClientSecret, redirectUri);
-        // Fetch user info
-        const googleUser = await fetchGoogleUserInfo(tokenData.access_token);
-        const userData = {
-            id: googleUser.id,
-            email: googleUser.email,
-            emailVerified: googleUser.verified_email,
-            providerName: 'google',
-        };
-        await handleOAuthUserAuthentication(req, res, userData);
-    }
-    catch (error) {
-        console.error('Google OAuth error:', error);
-        res.status(500).json({ error: 'Authentication failed' });
-    }
-}
-function getRouter() {
-    const googleAuthRouter = Router();
-    // Middleware to check if Google auth is enabled and configured
-    const checkGoogleEnabled = (_req, res, next) => {
-        const googleEnabled = Boolean(getConfig('_system.user.auth.google.enabled'));
-        const googleClientId = String(getConfig('_system.user.auth.google.clientId'));
-        const googleClientSecret = String(getConfig('_system.user.auth.google.clientSecret'));
-        if (!googleEnabled || !googleClientId || !googleClientSecret) {
-            res.status(503).json({ error: 'Google authentication is not configured' });
-            return;
-        }
-        next();
-    };
-    // Initiate OAuth flow
-    googleAuthRouter.get('/api/_internal/auth/google', checkGoogleEnabled, (req, res) => {
-        const googleClientId = String(getConfig('_system.user.auth.google.clientId'));
-        const redirectUri = getRedirectUri('google');
-        const state = randomBytes(32).toString('hex');
-        res.cookie('authStateGoogle', state, {
-            httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
-            sameSite: 'lax',
-            maxAge: time.minutes(10), // 10 minutes
-        });
-        const authUrl = new URL('https://accounts.google.com/o/oauth2/v2/auth');
-        authUrl.searchParams.append('client_id', googleClientId);
-        authUrl.searchParams.append('redirect_uri', redirectUri);
-        authUrl.searchParams.append('response_type', 'code');
-        authUrl.searchParams.append('scope', 'profile email');
-        authUrl.searchParams.append('access_type', 'online');
-        authUrl.searchParams.append('state', state);
-        res.redirect(authUrl.toString());
-    });
-    // Handle OAuth callback
-    googleAuthRouter.get('/api/_internal/auth/google/callback', checkGoogleEnabled, handleGoogleAuthenticationCallback);
-    return googleAuthRouter;
-}
-export default getRouter;
-//# sourceMappingURL=google.js.map

package/dist/auth/providers/google.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"google.js","sourceRoot":"","sources":["../../../src/auth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAkD,MAAM,SAAS,CAAC;AACjF,OAAO,EACL,cAAc,EACd,6BAA6B,EAC7B,iBAAiB,GAElB,MAAM,gBAAgB,CAAC;AAkBxB,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,WAAmB;IAEnB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QACvE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,IAAI;YACJ,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,oBAAoB;SACjC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,aAAa,CAAC,UAAU,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IACpD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;QACpF,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;SACvC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,gBAAgB,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,kCAAkC,CAAC,GAAY,EAAE,GAAa;IAC3E,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAe,CAAC;IACxC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;IAEhD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC;QAC9E,OAAO;IACT,CAAC;IAED,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAEnC,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,2BAA2B;QAC3B,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAC1C,IAAI,EACJ,cAAc,EACd,kBAAkB,EAClB,WAAW,CACZ,CAAC;QAEF,kBAAkB;QAClB,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAErE,MAAM,QAAQ,GAAkB;YAC9B,EAAE,EAAE,UAAU,CAAC,EAAE;YACjB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,aAAa,EAAE,UAAU,CAAC,cAAc;YACxC,YAAY,EAAE,QAAQ;SACvB,CAAC;QAEF,MAAM,6BAA6B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC;IAElC,+DAA+D;IAC/D,MAAM,kBAAkB,GAAG,CAAC,IAAa,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC9E,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC7E,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;QAEtF,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,sBAAsB;IACtB,gBAAgB,CAAC,GAAG,CAClB,4BAA4B,EAC5B,kBAAkB,EAClB,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE7C,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,EAAE;YACnC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aAAa;SACxC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,8CAA8C,CAAC,CAAC;QACxE,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACrD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACrD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE5C,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,gBAAgB,CAAC,GAAG,CAClB,qCAAqC,EACrC,kBAAkB,EAClB,kCAAkC,CACnC,CAAC;IAEF,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/oauth-common.d.ts

@@ -1,13 +0,0 @@
-import { type Request, type Response } from 'express';
-import { ObjectId } from 'mongodb';
-export interface OAuthUserData {
-    id: string;
-    email: string;
-    emailVerified: boolean;
-    providerName: 'google' | 'github';
-}
-export declare function authenticateUser(res: Response, userId: ObjectId): Promise<void>;
-export declare function getRedirectUri(provider: string): string;
-export declare function handleOAuthUserAuthentication(req: Request, res: Response, userData: OAuthUserData): Promise<void>;
-export declare function validateOAuthCode(code: unknown): string | null;
-//# sourceMappingURL=oauth-common.d.ts.map

package/dist/auth/providers/oauth-common.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-common.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/oauth-common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAOnC,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,QAAQ,GAAG,QAAQ,CAAC;CACnC;AAED,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,iBAUrE;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED,wBAAsB,6BAA6B,CACjD,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,QAAQ,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC,CAqGf;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAK9D"}

package/dist/auth/providers/oauth-common.js

@@ -1,109 +0,0 @@
-import { usersCollection } from '../../auth/db';
-import { createSession } from '../../auth/session';
-import { getAuthConfig } from '../../app/authConfig';
-import { getCallContext } from '../../app/server';
-import { getConfig } from '../../config/server';
-export async function authenticateUser(res, userId) {
-    const { authToken } = await createSession(userId);
-    res.cookie('authToken', authToken, {
-        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        sameSite: 'strict',
-    });
-    res.status(301);
-    res.redirect('/');
-}
-export function getRedirectUri(provider) {
-    return `${getConfig('_system.site.url')}/api/_internal/auth/${provider}/callback`;
-}
-export async function handleOAuthUserAuthentication(req, res, userData) {
-    const existingUser = await usersCollection.findOne({
-        [`authMethods.${userData.providerName}.id`]: userData.id,
-    });
-    const { session, connectionInfo } = await getCallContext(req);
-    try {
-        if (existingUser) {
-            await authenticateUser(res, existingUser._id);
-            getAuthConfig().onAfterLogin?.({
-                user: existingUser,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().login?.onSuccess?.(existingUser);
-            return;
-        }
-    }
-    catch (error) {
-        if (error instanceof Error) {
-            getAuthConfig().login?.onError?.(error);
-            getAuthConfig().onLoginError?.({
-                error,
-                session,
-                connectionInfo,
-            });
-        }
-        throw error;
-    }
-    try {
-        if (!userData.email) {
-            res.status(400).json({
-                error: `Email address is required for ${userData.providerName} authentication.`,
-            });
-            return;
-        }
-        const existingUserByEmail = await usersCollection.findOne({ 'emails.address': userData.email }, { collation: { locale: 'en', strength: 2 } });
-        // TODO: check if the email is verified
-        if (existingUserByEmail) {
-            // TODO: handle case with an HTML page
-            res.status(400).json({
-                error: 'User with this email already exists. Please log in instead.',
-            });
-            return;
-        }
-        // If the user does not exist, create a new user
-        const newUser = await usersCollection.insertOne({
-            handle: userData.email,
-            status: 'active',
-            emails: [
-                {
-                    address: userData.email,
-                    verified: userData.emailVerified,
-                },
-            ],
-            createdAt: new Date(),
-            authMethods: {
-                [userData.providerName]: {
-                    id: userData.id,
-                },
-            },
-        });
-        await authenticateUser(res, newUser.insertedId);
-        const userDocument = await usersCollection.findOne({ _id: newUser.insertedId }, { readPreference: 'primary' });
-        if (userDocument) {
-            getAuthConfig().onAfterSignup?.({
-                user: userDocument,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().signup?.onSuccess?.(userDocument);
-        }
-    }
-    catch (error) {
-        if (error instanceof Error) {
-            getAuthConfig().onSignupError?.({
-                error,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().signup?.onError?.(error);
-        }
-        throw error;
-    }
-}
-export function validateOAuthCode(code) {
-    if (!code || typeof code !== 'string') {
-        return null;
-    }
-    return code;
-}
-//# sourceMappingURL=oauth-common.js.map

package/dist/auth/providers/oauth-common.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-common.js","sourceRoot":"","sources":["../../../src/auth/providers/oauth-common.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAS5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAa,EAAE,MAAgB;IACpE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;IAElD,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE;QACjC,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAC7C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,OAAO,GAAG,SAAS,CAAC,kBAAkB,CAAC,uBAAuB,QAAQ,WAAW,CAAC;AACpF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,GAAY,EACZ,GAAa,EACb,QAAuB;IAEvB,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC;QACjD,CAAC,eAAe,QAAQ,CAAC,YAAY,KAAK,CAAC,EAAE,QAAQ,CAAC,EAAE;KACzD,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAE9D,IAAI,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,gBAAgB,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC;YAE9C,aAAa,EAAE,CAAC,YAAY,EAAE,CAAC;gBAC7B,IAAI,EAAE,YAAY;gBAClB,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YACH,aAAa,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC;YAEjD,OAAO;QACT,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,aAAa,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YAExC,aAAa,EAAE,CAAC,YAAY,EAAE,CAAC;gBAC7B,KAAK;gBACL,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;QACL,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,iCAAiC,QAAQ,CAAC,YAAY,kBAAkB;aAChF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,mBAAmB,GAAG,MAAM,eAAe,CAAC,OAAO,CACvD,EAAE,gBAAgB,EAAE,QAAQ,CAAC,KAAK,EAAE,EACpC,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAC7C,CAAC;QAEF,uCAAuC;QACvC,IAAI,mBAAmB,EAAE,CAAC;YACxB,sCAAsC;YACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,6DAA6D;aACrE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,gDAAgD;QAChD,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC;YAC9C,MAAM,EAAE,QAAQ,CAAC,KAAK;YACtB,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE;gBACN;oBACE,OAAO,EAAE,QAAQ,CAAC,KAAK;oBACvB,QAAQ,EAAE,QAAQ,CAAC,aAAa;iBACjC;aACF;YACD,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,WAAW,EAAE;gBACX,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;oBACvB,EAAE,EAAE,QAAQ,CAAC,EAAE;iBAChB;aACF;SACF,CAAC,CAAC;QAEH,MAAM,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QAEhD,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,OAAO,CAChD,EAAE,GAAG,EAAE,OAAO,CAAC,UAAU,EAAE,EAC3B,EAAE,cAAc,EAAE,SAAS,EAAE,CAC9B,CAAC;QAEF,IAAI,YAAY,EAAE,CAAC;YACjB,aAAa,EAAE,CAAC,aAAa,EAAE,CAAC;gBAC9B,IAAI,EAAE,YAAY;gBAClB,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YAEH,aAAa,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,aAAa,EAAE,CAAC,aAAa,EAAE,CAAC;gBAC9B,KAAK;gBACL,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YAEH,aAAa,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/auth/resetPassword.d.ts

@@ -1,10 +0,0 @@
-import { Args, Context } from '../methods/types';
-export declare function handleSendResetPasswordToken(args: Args, { connectionInfo }: Context): Promise<{
-    success: boolean;
-    message: string;
-}>;
-export declare function handleResetPassword(args: Args, {}: Context): Promise<{
-    success: boolean;
-    message: string;
-}>;
-//# sourceMappingURL=resetPassword.d.ts.map

package/dist/auth/resetPassword.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"resetPassword.d.ts","sourceRoot":"","sources":["../../src/auth/resetPassword.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAqChD,wBAAsB,4BAA4B,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,cAAc,EAAE,EAAE,OAAO;;;GAyDzF;AAED,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO;;;GAuChE"}

package/dist/auth/resetPassword.js

@@ -1,108 +0,0 @@
-import { z } from 'zod';
-import { randomBytes } from 'crypto';
-import { usersCollection, resetPasswordTokensCollection } from './db';
-import { getEmailConfig } from '../app/emailConfig';
-import { time } from '../time';
-import { htmlToText } from '../utils';
-import { validateEmail, validatePassword } from './validators';
-import { hashPassword } from './password';
-function resolveUrl(baseUrl, configuredUrl) {
-    if (!configuredUrl) {
-        return baseUrl;
-    }
-    if (configuredUrl.startsWith('http://') || configuredUrl.startsWith('https://')) {
-        return configuredUrl;
-    }
-    // Handle relative URL
-    return `${baseUrl}${configuredUrl.startsWith('/') ? '' : '/'}${configuredUrl}`;
-}
-function defaultPasswordResetTemplate({ email, resetUrl }) {
-    return `
-    <p>Hi,</p>
-    <p>We received a request to reset your password for ${email}.</p>
-    <p>Click the link below to reset your password:</p>
-    <p><a href="${resetUrl}">${resetUrl}</a></p>
-    <p>This link will expire in 1 hour.</p>
-    <p>If you did not request this password reset, please ignore this email.</p>
-  `;
-}
-const passwordResetSent = {
-    success: true,
-    message: 'If an account with that email exists, a password reset link has been sent',
-};
-export async function handleSendResetPasswordToken(args, { connectionInfo }) {
-    const email = validateEmail(args.email);
-    // Find user by email
-    const userDoc = await usersCollection.findOne({ 'emails.address': email, status: { $nin: ['deleted', 'disabled'] } }, { collation: { locale: 'en', strength: 2 } });
-    if (!userDoc) {
-        // For security, don't reveal if email exists or not
-        return passwordResetSent;
-    }
-    // Check if user has password auth method
-    if (!userDoc.authMethods?.password) {
-        return passwordResetSent;
-    }
-    const emailProvider = getEmailConfig().provider;
-    if (!emailProvider) {
-        throw new Error('Email provider is not configured');
-    }
-    // Generate reset token
-    const resetToken = randomBytes(32).toString('hex');
-    const now = Date.now();
-    const createdAt = new Date(now);
-    const expiresAt = new Date(now + time.hours(1)); // 1 hour expiry
-    // Store reset token
-    await resetPasswordTokensCollection.insertOne({
-        userId: userDoc._id,
-        token: resetToken,
-        createdAt,
-        expiresAt,
-    });
-    // Build reset URL
-    const baseUrl = process.env.MODELENCE_SITE_URL || connectionInfo?.baseUrl;
-    const resetPasswordUrl = resolveUrl(baseUrl, getEmailConfig().passwordReset?.redirectUrl);
-    const resetUrl = `${resetPasswordUrl}?token=${resetToken}`;
-    // Send email
-    const template = getEmailConfig()?.passwordReset?.template || defaultPasswordResetTemplate;
-    const htmlTemplate = template({ email, resetUrl, name: '' });
-    const textContent = htmlToText(htmlTemplate);
-    await emailProvider.sendEmail({
-        to: email,
-        from: getEmailConfig()?.from || 'noreply@modelence.com',
-        subject: getEmailConfig()?.passwordReset?.subject || 'Reset your password',
-        text: textContent,
-        html: htmlTemplate,
-    });
-    return passwordResetSent;
-}
-export async function handleResetPassword(args, {}) {
-    const token = z.string().parse(args.token);
-    const password = validatePassword(args.password);
-    // Find the reset token
-    const resetTokenDoc = await resetPasswordTokensCollection.findOne({ token });
-    if (!resetTokenDoc) {
-        throw new Error('Invalid or expired reset token');
-    }
-    // Check if token is expired
-    if (resetTokenDoc.expiresAt < new Date()) {
-        await resetPasswordTokensCollection.deleteOne({ token });
-        throw new Error('Reset token has expired');
-    }
-    // Find the user
-    const userDoc = await usersCollection.findOne({ _id: resetTokenDoc.userId });
-    if (!userDoc) {
-        throw new Error('User not found');
-    }
-    // Hash the new password
-    const hash = await hashPassword(password);
-    // Update user's password
-    await usersCollection.updateOne({ _id: userDoc._id }, {
-        $set: {
-            'authMethods.password.hash': hash,
-        },
-    });
-    // Delete the used reset token
-    await resetPasswordTokensCollection.deleteOne({ token });
-    return { success: true, message: 'Password has been reset successfully' };
-}
-//# sourceMappingURL=resetPassword.js.map

package/dist/auth/resetPassword.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"resetPassword.js","sourceRoot":"","sources":["../../src/auth/resetPassword.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAGrC,OAAO,EAAE,eAAe,EAAE,6BAA6B,EAAE,MAAM,MAAM,CAAC;AACtE,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C,SAAS,UAAU,CAAC,OAAe,EAAE,aAAsB;IACzD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,IAAI,aAAa,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,aAAa,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAChF,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,sBAAsB;IACtB,OAAO,GAAG,OAAO,GAAG,aAAa,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,aAAa,EAAE,CAAC;AACjF,CAAC;AAED,SAAS,4BAA4B,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAuC;IAC5F,OAAO;;0DAEiD,KAAK;;kBAE7C,QAAQ,KAAK,QAAQ;;;GAGpC,CAAC;AACJ,CAAC;AAED,MAAM,iBAAiB,GAAG;IACxB,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,2EAA2E;CACrF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,IAAU,EAAE,EAAE,cAAc,EAAW;IACxF,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;IAElD,qBAAqB;IACrB,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,OAAO,CAC3C,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE,EACtE,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAC7C,CAAC;IAEF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,oDAAoD;QACpD,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,yCAAyC;IACzC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,QAAQ,EAAE,CAAC;QACnC,OAAO,iBAAiB,CAAC;IAC3B,CAAC;IAED,MAAM,aAAa,GAAG,cAAc,EAAE,CAAC,QAAQ,CAAC;IAChD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,uBAAuB;IACvB,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;IAEjE,oBAAoB;IACpB,MAAM,6BAA6B,CAAC,SAAS,CAAC;QAC5C,MAAM,EAAE,OAAO,CAAC,GAAG;QACnB,KAAK,EAAE,UAAU;QACjB,SAAS;QACT,SAAS;KACV,CAAC,CAAC;IAEH,kBAAkB;IAClB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,cAAc,EAAE,OAAO,CAAC;IAC1E,MAAM,gBAAgB,GAAG,UAAU,CAAC,OAAQ,EAAE,cAAc,EAAE,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IAC3F,MAAM,QAAQ,GAAG,GAAG,gBAAgB,UAAU,UAAU,EAAE,CAAC;IAE3D,aAAa;IACb,MAAM,QAAQ,GAAG,cAAc,EAAE,EAAE,aAAa,EAAE,QAAQ,IAAI,4BAA4B,CAAC;IAC3F,MAAM,YAAY,GAAG,QAAQ,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IAE7C,MAAM,aAAa,CAAC,SAAS,CAAC;QAC5B,EAAE,EAAE,KAAK;QACT,IAAI,EAAE,cAAc,EAAE,EAAE,IAAI,IAAI,uBAAuB;QACvD,OAAO,EAAE,cAAc,EAAE,EAAE,aAAa,EAAE,OAAO,IAAI,qBAAqB;QAC1E,IAAI,EAAE,WAAW;QACjB,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC;IAEH,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,IAAU,EAAE,EAAW;IAC/D,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,gBAAgB,CAAC,IAAI,CAAC,QAAkB,CAAC,CAAC;IAE3D,uBAAuB;IACvB,MAAM,aAAa,GAAG,MAAM,6BAA6B,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7E,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IACpD,CAAC;IAED,4BAA4B;IAC5B,IAAI,aAAa,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACzC,MAAM,6BAA6B,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,gBAAgB;IAChB,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACpC,CAAC;IAED,wBAAwB;IACxB,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;IAE1C,yBAAyB;IACzB,MAAM,eAAe,CAAC,SAAS,CAC7B,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,EAAE,EACpB;QACE,IAAI,EAAE;YACJ,2BAA2B,EAAE,IAAI;SAClC;KACF,CACF,CAAC;IAEF,8BAA8B;IAC9B,MAAM,6BAA6B,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAEzD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;AAC5E,CAAC"}

package/dist/auth/role.d.ts

@@ -1,8 +0,0 @@
-import { RoleDefinition, Role, Permission } from './types';
-export declare function initRoles(roles: Record<Role, RoleDefinition>, _defaultRoles: Record<string, Role>): void;
-export declare function getUnauthenticatedRoles(): string[];
-export declare function getDefaultAuthenticatedRoles(): string[];
-export declare function hasAccess(roles: Role[], requiredPermissions: Permission[]): boolean;
-export declare function requireAccess(roles: Role[], requiredPermissions: Permission[]): void;
-export declare function hasPermission(roles: Role[], permission: Permission): boolean;
-//# sourceMappingURL=role.d.ts.map

package/dist/auth/role.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"role.d.ts","sourceRoot":"","sources":["../../src/auth/role.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,IAAI,EAAgB,UAAU,EAAE,MAAM,SAAS,CAAC;AAQzE,wBAAgB,SAAS,CACvB,KAAK,EAAE,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,EACnC,aAAa,EAAE,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,QAQpC;AAED,wBAAgB,uBAAuB,aAEtC;AAED,wBAAgB,4BAA4B,aAE3C;AAED,wBAAgB,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,mBAAmB,EAAE,UAAU,EAAE,WAEzE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,mBAAmB,EAAE,UAAU,EAAE,QAQ7E;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,UAAU,WAUlE"}

package/dist/auth/role.js

@@ -1,37 +0,0 @@
-const roleMap = new Map();
-const defaultRoles = {
-    authenticated: null,
-    unauthenticated: null,
-};
-export function initRoles(roles, _defaultRoles) {
-    defaultRoles.authenticated = _defaultRoles.authenticated;
-    defaultRoles.unauthenticated = _defaultRoles.unauthenticated;
-    for (const [name, definition] of Object.entries(roles)) {
-        roleMap.set(name, definition);
-    }
-}
-export function getUnauthenticatedRoles() {
-    return defaultRoles.unauthenticated ? [defaultRoles.unauthenticated] : [];
-}
-export function getDefaultAuthenticatedRoles() {
-    return defaultRoles.authenticated ? [defaultRoles.authenticated] : [];
-}
-export function hasAccess(roles, requiredPermissions) {
-    return requiredPermissions.every((permission) => hasPermission(roles, permission));
-}
-export function requireAccess(roles, requiredPermissions) {
-    const missingPermission = requiredPermissions.find((permission) => !hasPermission(roles, permission));
-    if (missingPermission) {
-        throw new Error(`Access denied - missing permission: '${missingPermission}'`);
-    }
-}
-export function hasPermission(roles, permission) {
-    for (const role of roles) {
-        const definition = roleMap.get(role);
-        if (definition && definition.permissions.includes(permission)) {
-            return true;
-        }
-    }
-    return false;
-}
-//# sourceMappingURL=role.js.map

package/dist/auth/role.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"role.js","sourceRoot":"","sources":["../../src/auth/role.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,GAAG,IAAI,GAAG,EAAwB,CAAC;AAChD,MAAM,YAAY,GAAiB;IACjC,aAAa,EAAE,IAAI;IACnB,eAAe,EAAE,IAAI;CACtB,CAAC;AAEF,MAAM,UAAU,SAAS,CACvB,KAAmC,EACnC,aAAmC;IAEnC,YAAY,CAAC,aAAa,GAAG,aAAa,CAAC,aAAa,CAAC;IACzD,YAAY,CAAC,eAAe,GAAG,aAAa,CAAC,eAAe,CAAC;IAE7D,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;IAChC,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,4BAA4B;IAC1C,OAAO,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;AACxE,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,mBAAiC;IACxE,OAAO,mBAAmB,CAAC,KAAK,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC;AACrF,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,mBAAiC;IAC5E,MAAM,iBAAiB,GAAG,mBAAmB,CAAC,IAAI,CAChD,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,KAAK,EAAE,UAAU,CAAC,CAClD,CAAC;IAEF,IAAI,iBAAiB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,wCAAwC,iBAAiB,GAAG,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa,EAAE,UAAsB;IACjE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,UAAU,IAAI,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/auth/session.d.ts

@@ -1,24 +0,0 @@
-import { ObjectId } from 'mongodb';
-import { Module } from '../app/module';
-import { Store } from '../data/store';
-import { Session } from './types';
-export declare const sessionsCollection: Store<{
-    authToken: import("zod").ZodString;
-    createdAt: import("zod").ZodDate;
-    expiresAt: import("zod").ZodDate;
-    userId: import("zod").ZodNullable<import("zod").ZodType<ObjectId, import("zod").ZodTypeDef, ObjectId>>;
-}, Record<string, (this: Pick<import("../types").InferDocumentType<{
-    authToken: import("zod").ZodString;
-    createdAt: import("zod").ZodDate;
-    expiresAt: import("zod").ZodDate;
-    userId: import("zod").ZodNullable<import("zod").ZodType<ObjectId, import("zod").ZodTypeDef, ObjectId>>;
-}>, "authToken" | "createdAt" | "expiresAt" | "userId"> & {
-    _id: ObjectId;
-}, ...args: any[]) => any>>;
-export declare function obtainSession(authToken: string | null): Promise<Session>;
-export declare function setSessionUser(authToken: string, userId: ObjectId): Promise<void>;
-export declare function clearSessionUser(authToken: string): Promise<void>;
-export declare function createSession(userId?: ObjectId | null): Promise<Session>;
-declare const _default: Module;
-export default _default;
-//# sourceMappingURL=session.d.ts.map