modelence 0.9.0-dev.0 → 0.9.1

package/dist/auth/login.js

@@ -1,100 +0,0 @@
-import { z } from 'zod';
-import { usersCollection } from './db';
-import { clearSessionUser, setSessionUser } from './session';
-import { sendVerificationEmail } from './verification';
-import { getEmailConfig } from '../app/emailConfig';
-import { consumeRateLimit } from '../server';
-import { validateEmail } from './validators';
-import { getAuthConfig } from '../app/authConfig';
-import { comparePassword } from './password';
-export async function handleLoginWithPassword(args, { user, session, connectionInfo }) {
-    try {
-        if (!session) {
-            throw new Error('Session is not initialized');
-        }
-        const ip = connectionInfo?.ip;
-        if (ip) {
-            await consumeRateLimit({
-                bucket: 'signin',
-                type: 'ip',
-                value: ip,
-            });
-        }
-        const email = validateEmail(args.email);
-        // password is accepted just as a string, so users can still sign in if the password validation rules are changed
-        const password = z.string().parse(args.password);
-        // TODO: add rate limiting by email (and perhaps IP address overall)
-        if (user) {
-            // TODO: handle cases where a user is already logged in
-        }
-        const userDoc = await usersCollection.findOne({ 'emails.address': email, status: { $nin: ['deleted', 'disabled'] } }, { collation: { locale: 'en', strength: 2 } });
-        const passwordHash = userDoc?.authMethods?.password?.hash;
-        if (!passwordHash) {
-            throw incorrectCredentialsError();
-        }
-        const emailDoc = userDoc.emails?.find((e) => e.address === email);
-        if (!emailDoc?.verified && getEmailConfig()?.provider) {
-            if (ip) {
-                try {
-                    await consumeRateLimit({
-                        bucket: 'verification',
-                        type: 'user',
-                        value: userDoc._id.toString(),
-                    });
-                }
-                catch {
-                    throw new Error("Your email address hasn't been verified yet. Please use the verification email we've send earlier to your inbox.");
-                }
-            }
-            await sendVerificationEmail({
-                userId: userDoc?._id,
-                email,
-                baseUrl: connectionInfo?.baseUrl,
-            });
-            throw new Error("Your email address hasn't been verified yet. We've sent a new verification email to your inbox.");
-        }
-        const isValidPassword = await comparePassword(password, passwordHash);
-        if (!isValidPassword) {
-            throw incorrectCredentialsError();
-        }
-        await setSessionUser(session.authToken, userDoc._id);
-        getAuthConfig().onAfterLogin?.({
-            user: userDoc,
-            session,
-            connectionInfo,
-        });
-        getAuthConfig().login?.onSuccess?.(userDoc);
-        return {
-            user: {
-                id: userDoc._id,
-                handle: userDoc.handle,
-            },
-        };
-    }
-    catch (error) {
-        if (error instanceof Error) {
-            getAuthConfig().onLoginError?.({
-                error,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().login?.onError?.(error);
-        }
-        throw error;
-    }
-}
-export async function handleLogout(args, { session }) {
-    if (!session) {
-        throw new Error('Session is not initialized');
-    }
-    await clearSessionUser(session.authToken);
-}
-/*
-  It is important to return the same exact error both in case the email
-  or password is incorrect so that the client cannot tell the difference,
-  otherwise it would allow for an enumeration attack.
-*/
-function incorrectCredentialsError() {
-    return new Error('Incorrect email/password combination');
-}
-//# sourceMappingURL=login.js.map

package/dist/auth/login.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/auth/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AACvC,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC7D,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAE7C,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,IAAU,EACV,EAAE,IAAI,EAAE,OAAO,EAAE,cAAc,EAAW;IAE1C,IAAI,CAAC;QACH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,MAAM,EAAE,GAAG,cAAc,EAAE,EAAE,CAAC;QAC9B,IAAI,EAAE,EAAE,CAAC;YACP,MAAM,gBAAgB,CAAC;gBACrB,MAAM,EAAE,QAAQ;gBAChB,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,EAAE;aACV,CAAC,CAAC;QACL,CAAC;QAED,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC;QAClD,iHAAiH;QACjH,MAAM,QAAQ,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEjD,oEAAoE;QAEpE,IAAI,IAAI,EAAE,CAAC;YACT,uDAAuD;QACzD,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,OAAO,CAC3C,EAAE,gBAAgB,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,EAAE,EACtE,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAC7C,CAAC;QAEF,MAAM,YAAY,GAAG,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,CAAC;QAC1D,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,yBAAyB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,CAAC,CAAC;QAElE,IAAI,CAAC,QAAQ,EAAE,QAAQ,IAAI,cAAc,EAAE,EAAE,QAAQ,EAAE,CAAC;YACtD,IAAI,EAAE,EAAE,CAAC;gBACP,IAAI,CAAC;oBACH,MAAM,gBAAgB,CAAC;wBACrB,MAAM,EAAE,cAAc;wBACtB,IAAI,EAAE,MAAM;wBACZ,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE;qBAC9B,CAAC,CAAC;gBACL,CAAC;gBAAC,MAAM,CAAC;oBACP,MAAM,IAAI,KAAK,CACb,kHAAkH,CACnH,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,MAAM,qBAAqB,CAAC;gBAC1B,MAAM,EAAE,OAAO,EAAE,GAAG;gBACpB,KAAK;gBACL,OAAO,EAAE,cAAc,EAAE,OAAO;aACjC,CAAC,CAAC;YACH,MAAM,IAAI,KAAK,CACb,iGAAiG,CAClG,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,eAAe,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QACtE,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,MAAM,yBAAyB,EAAE,CAAC;QACpC,CAAC;QAED,MAAM,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAErD,aAAa,EAAE,CAAC,YAAY,EAAE,CAAC;YAC7B,IAAI,EAAE,OAAO;YACb,OAAO;YACP,cAAc;SACf,CAAC,CAAC;QACH,aAAa,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO;YACL,IAAI,EAAE;gBACJ,EAAE,EAAE,OAAO,CAAC,GAAG;gBACf,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB;SACF,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,aAAa,EAAE,CAAC,YAAY,EAAE,CAAC;gBAC7B,KAAK;gBACL,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YACH,aAAa,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,IAAU,EAAE,EAAE,OAAO,EAAW;IACjE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,MAAM,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAC5C,CAAC;AAED;;;;EAIE;AACF,SAAS,yBAAyB;IAChC,OAAO,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/auth/password.d.ts

@@ -1,14 +0,0 @@
-/**
- * Hash a password using Node.js native crypto scrypt algorithm
- * @param password - The password to hash
- * @returns A string containing the salt and hash separated by a colon
- */
-export declare function hashPassword(password: string): Promise<string>;
-/**
- * Compare a password with a hash
- * @param password - The password to check
- * @param hash - The hash to compare against (format: "salt:hash")
- * @returns True if the password matches the hash
- */
-export declare function comparePassword(password: string, hash: string): Promise<boolean>;
-//# sourceMappingURL=password.d.ts.map

package/dist/auth/password.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAKA;;;;GAIG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIpE;AAED;;;;;GAKG;AACH,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAKtF"}

package/dist/auth/password.js

@@ -1,26 +0,0 @@
-import { scrypt, randomBytes, timingSafeEqual } from 'crypto';
-import { promisify } from 'util';
-const scryptAsync = promisify(scrypt);
-/**
- * Hash a password using Node.js native crypto scrypt algorithm
- * @param password - The password to hash
- * @returns A string containing the salt and hash separated by a colon
- */
-export async function hashPassword(password) {
-    const salt = randomBytes(16).toString('hex');
-    const derivedKey = (await scryptAsync(password, salt, 64));
-    return `${salt}:${derivedKey.toString('hex')}`;
-}
-/**
- * Compare a password with a hash
- * @param password - The password to check
- * @param hash - The hash to compare against (format: "salt:hash")
- * @returns True if the password matches the hash
- */
-export async function comparePassword(password, hash) {
-    const [salt, key] = hash.split(':');
-    const keyBuffer = Buffer.from(key, 'hex');
-    const derivedKey = (await scryptAsync(password, salt, 64));
-    return timingSafeEqual(keyBuffer, derivedKey);
-}
-//# sourceMappingURL=password.js.map

package/dist/auth/password.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAEjC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAEtC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,CAAC,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAW,CAAC;IACrE,OAAO,GAAG,IAAI,IAAI,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AACjD,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,QAAgB,EAAE,IAAY;IAClE,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,CAAC,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAW,CAAC;IACrE,OAAO,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAChD,CAAC"}

package/dist/auth/profile.d.ts

@@ -1,10 +0,0 @@
-import { Args, Context } from '../methods/types';
-export declare function getOwnProfile(_args: Args, { user }: Context): Promise<{
-    handle: string;
-    emails: {
-        address: string;
-        verified: boolean;
-    }[] | undefined;
-    authMethods: string[];
-}>;
-//# sourceMappingURL=profile.d.ts.map

package/dist/auth/profile.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../../src/auth/profile.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAEjD,wBAAsB,aAAa,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO;;;;;;;GAYjE"}

package/dist/auth/profile.js

@@ -1,13 +0,0 @@
-import { usersCollection } from './db';
-export async function getOwnProfile(_args, { user }) {
-    if (!user) {
-        throw new Error('Not authenticated');
-    }
-    const profile = await usersCollection.requireById(user.id);
-    return {
-        handle: profile.handle,
-        emails: profile.emails,
-        authMethods: Object.keys(profile.authMethods || {}),
-    };
-}
-//# sourceMappingURL=profile.js.map

package/dist/auth/profile.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"profile.js","sourceRoot":"","sources":["../../src/auth/profile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,MAAM,CAAC;AAGvC,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,KAAW,EAAE,EAAE,IAAI,EAAW;IAChE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAE3D,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;KACpD,CAAC;AACJ,CAAC"}

package/dist/auth/providers/github.d.ts

@@ -1,3 +0,0 @@
-declare function getRouter(): import("express-serve-static-core").Router;
-export default getRouter;
-//# sourceMappingURL=github.d.ts.map

package/dist/auth/providers/github.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/github.ts"],"names":[],"mappings":"AA6HA,iBAAS,SAAS,+CA2DjB;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/github.js

@@ -1,122 +0,0 @@
-import { getConfig } from '../../server';
-import { time } from '../../time';
-import { randomBytes } from 'crypto';
-import { Router } from 'express';
-import { getRedirectUri, handleOAuthUserAuthentication, validateOAuthCode, } from './oauth-common';
-async function exchangeCodeForToken(code, clientId, clientSecret, redirectUri) {
-    const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            Accept: 'application/json',
-        },
-        body: JSON.stringify({
-            client_id: clientId,
-            client_secret: clientSecret,
-            code,
-            redirect_uri: redirectUri,
-        }),
-    });
-    if (!tokenResponse.ok) {
-        throw new Error(`Failed to exchange code for token: ${tokenResponse.statusText}`);
-    }
-    return tokenResponse.json();
-}
-async function fetchGitHubUserInfo(accessToken) {
-    const userInfoResponse = await fetch('https://api.github.com/user', {
-        headers: {
-            Authorization: `Bearer ${accessToken}`,
-            Accept: 'application/vnd.github.v3+json',
-        },
-    });
-    if (!userInfoResponse.ok) {
-        throw new Error(`Failed to fetch user info: ${userInfoResponse.statusText}`);
-    }
-    return userInfoResponse.json();
-}
-async function handleGitHubAuthenticationCallback(req, res) {
-    const code = validateOAuthCode(req.query.code);
-    const state = req.query.state;
-    const storedState = req.cookies.authStateGithub;
-    if (!code) {
-        res.status(400).json({ error: 'Missing authorization code' });
-        return;
-    }
-    if (!state || !storedState || state !== storedState) {
-        res.status(400).json({ error: 'Invalid OAuth state - possible CSRF attack' });
-        return;
-    }
-    res.clearCookie('authStateGithub');
-    const githubClientId = String(getConfig('_system.user.auth.github.clientId'));
-    const githubClientSecret = String(getConfig('_system.user.auth.github.clientSecret'));
-    const redirectUri = getRedirectUri('github');
-    try {
-        // Exchange code for access token
-        const tokenData = await exchangeCodeForToken(code, githubClientId, githubClientSecret, redirectUri);
-        // Fetch user info
-        const githubUser = await fetchGitHubUserInfo(tokenData.access_token);
-        // Use the public email from user profile
-        const githubEmail = githubUser.email || '';
-        if (!githubEmail) {
-            res.status(400).json({
-                error: 'Unable to retrieve email from GitHub. Please ensure your email is public or grant email permissions.',
-            });
-            return;
-        }
-        const userData = {
-            id: String(githubUser.id),
-            email: githubEmail,
-            emailVerified: true, // Assume public email is verified
-            providerName: 'github',
-        };
-        await handleOAuthUserAuthentication(req, res, userData);
-    }
-    catch (error) {
-        console.error('GitHub OAuth error:', error);
-        res.status(500).json({ error: 'Authentication failed' });
-    }
-}
-function getRouter() {
-    const githubAuthRouter = Router();
-    // Middleware to check if GitHub auth is enabled and configured
-    const checkGitHubEnabled = (_req, res, next) => {
-        const githubEnabled = Boolean(getConfig('_system.user.auth.github.enabled'));
-        const githubClientId = String(getConfig('_system.user.auth.github.clientId'));
-        const githubClientSecret = String(getConfig('_system.user.auth.github.clientSecret'));
-        if (!githubEnabled || !githubClientId || !githubClientSecret) {
-            res.status(503).json({ error: 'GitHub authentication is not configured' });
-            return;
-        }
-        next();
-    };
-    // Initiate OAuth flow
-    githubAuthRouter.get('/api/_internal/auth/github', checkGitHubEnabled, (req, res) => {
-        const githubClientId = String(getConfig('_system.user.auth.github.clientId'));
-        const redirectUri = getRedirectUri('github');
-        const githubScopes = getConfig('_system.user.auth.github.scopes');
-        const scopes = githubScopes
-            ? String(githubScopes)
-                .split(',')
-                .map((s) => s.trim())
-                .join(' ')
-            : 'user:email';
-        const state = randomBytes(32).toString('hex');
-        res.cookie('authStateGithub', state, {
-            httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
-            sameSite: 'lax',
-            maxAge: time.minutes(10), // 10 minutes
-        });
-        const authUrl = new URL('https://github.com/login/oauth/authorize');
-        authUrl.searchParams.append('client_id', githubClientId);
-        authUrl.searchParams.append('redirect_uri', redirectUri);
-        authUrl.searchParams.append('scope', scopes);
-        authUrl.searchParams.append('state', state);
-        res.redirect(authUrl.toString());
-    });
-    // Handle OAuth callback
-    githubAuthRouter.get('/api/_internal/auth/github/callback', checkGitHubEnabled, handleGitHubAuthenticationCallback);
-    return githubAuthRouter;
-}
-export default getRouter;
-//# sourceMappingURL=github.js.map

package/dist/auth/providers/github.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../src/auth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAkD,MAAM,SAAS,CAAC;AACjF,OAAO,EACL,cAAc,EACd,6BAA6B,EAC7B,iBAAiB,GAElB,MAAM,gBAAgB,CAAC;AAgBxB,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,WAAmB;IAEnB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,6CAA6C,EAAE;QAC/E,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,IAAI;YACJ,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,aAAa,CAAC,UAAU,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IACpD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,6BAA6B,EAAE;QAClE,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,MAAM,EAAE,gCAAgC;SACzC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,gBAAgB,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,kCAAkC,CAAC,GAAY,EAAE,GAAa;IAC3E,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAe,CAAC;IACxC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;IAEhD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC;QAC9E,OAAO;IACT,CAAC;IAED,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAEnC,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,iCAAiC;QACjC,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAC1C,IAAI,EACJ,cAAc,EACd,kBAAkB,EAClB,WAAW,CACZ,CAAC;QAEF,kBAAkB;QAClB,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAErE,yCAAyC;QACzC,MAAM,WAAW,GAAG,UAAU,CAAC,KAAK,IAAI,EAAE,CAAC;QAE3C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EACH,sGAAsG;aACzG,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,QAAQ,GAAkB;YAC9B,EAAE,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC;YACzB,KAAK,EAAE,WAAW;YAClB,aAAa,EAAE,IAAI,EAAE,kCAAkC;YACvD,YAAY,EAAE,QAAQ;SACvB,CAAC;QAEF,MAAM,6BAA6B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC;IAElC,+DAA+D;IAC/D,MAAM,kBAAkB,GAAG,CAAC,IAAa,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC9E,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC7E,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;QAEtF,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,sBAAsB;IACtB,gBAAgB,CAAC,GAAG,CAClB,4BAA4B,EAC5B,kBAAkB,EAClB,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAC7C,MAAM,YAAY,GAAG,SAAS,CAAC,iCAAiC,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,YAAY;YACzB,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC;iBACjB,KAAK,CAAC,GAAG,CAAC;iBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;iBACpB,IAAI,CAAC,GAAG,CAAC;YACd,CAAC,CAAC,YAAY,CAAC;QAEjB,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,EAAE;YACnC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aAAa;SACxC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,0CAA0C,CAAC,CAAC;QACpE,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC7C,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE5C,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,gBAAgB,CAAC,GAAG,CAClB,qCAAqC,EACrC,kBAAkB,EAClB,kCAAkC,CACnC,CAAC;IAEF,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/google.d.ts

@@ -1,3 +0,0 @@
-declare function getRouter(): import("express-serve-static-core").Router;
-export default getRouter;
-//# sourceMappingURL=google.d.ts.map

package/dist/auth/providers/google.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/google.ts"],"names":[],"mappings":"AAmHA,iBAAS,SAAS,+CAsDjB;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/google.js

@@ -1,108 +0,0 @@
-import { getConfig } from '../../server';
-import { time } from '../../time';
-import { randomBytes } from 'crypto';
-import { Router } from 'express';
-import { getRedirectUri, handleOAuthUserAuthentication, validateOAuthCode, } from './oauth-common';
-async function exchangeCodeForToken(code, clientId, clientSecret, redirectUri) {
-    const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/x-www-form-urlencoded',
-        },
-        body: new URLSearchParams({
-            code,
-            client_id: clientId,
-            client_secret: clientSecret,
-            redirect_uri: redirectUri,
-            grant_type: 'authorization_code',
-        }),
-    });
-    if (!tokenResponse.ok) {
-        throw new Error(`Failed to exchange code for token: ${tokenResponse.statusText}`);
-    }
-    return tokenResponse.json();
-}
-async function fetchGoogleUserInfo(accessToken) {
-    const userInfoResponse = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
-        headers: {
-            Authorization: `Bearer ${accessToken}`,
-        },
-    });
-    if (!userInfoResponse.ok) {
-        throw new Error(`Failed to fetch user info: ${userInfoResponse.statusText}`);
-    }
-    return userInfoResponse.json();
-}
-async function handleGoogleAuthenticationCallback(req, res) {
-    const code = validateOAuthCode(req.query.code);
-    const state = req.query.state;
-    const storedState = req.cookies.authStateGoogle;
-    if (!code) {
-        res.status(400).json({ error: 'Missing authorization code' });
-        return;
-    }
-    if (!state || !storedState || state !== storedState) {
-        res.status(400).json({ error: 'Invalid OAuth state - possible CSRF attack' });
-        return;
-    }
-    res.clearCookie('authStateGoogle');
-    const googleClientId = String(getConfig('_system.user.auth.google.clientId'));
-    const googleClientSecret = String(getConfig('_system.user.auth.google.clientSecret'));
-    const redirectUri = getRedirectUri('google');
-    try {
-        // Exchange code for tokens
-        const tokenData = await exchangeCodeForToken(code, googleClientId, googleClientSecret, redirectUri);
-        // Fetch user info
-        const googleUser = await fetchGoogleUserInfo(tokenData.access_token);
-        const userData = {
-            id: googleUser.id,
-            email: googleUser.email,
-            emailVerified: googleUser.verified_email,
-            providerName: 'google',
-        };
-        await handleOAuthUserAuthentication(req, res, userData);
-    }
-    catch (error) {
-        console.error('Google OAuth error:', error);
-        res.status(500).json({ error: 'Authentication failed' });
-    }
-}
-function getRouter() {
-    const googleAuthRouter = Router();
-    // Middleware to check if Google auth is enabled and configured
-    const checkGoogleEnabled = (_req, res, next) => {
-        const googleEnabled = Boolean(getConfig('_system.user.auth.google.enabled'));
-        const googleClientId = String(getConfig('_system.user.auth.google.clientId'));
-        const googleClientSecret = String(getConfig('_system.user.auth.google.clientSecret'));
-        if (!googleEnabled || !googleClientId || !googleClientSecret) {
-            res.status(503).json({ error: 'Google authentication is not configured' });
-            return;
-        }
-        next();
-    };
-    // Initiate OAuth flow
-    googleAuthRouter.get('/api/_internal/auth/google', checkGoogleEnabled, (req, res) => {
-        const googleClientId = String(getConfig('_system.user.auth.google.clientId'));
-        const redirectUri = getRedirectUri('google');
-        const state = randomBytes(32).toString('hex');
-        res.cookie('authStateGoogle', state, {
-            httpOnly: true,
-            secure: process.env.NODE_ENV === 'production',
-            sameSite: 'lax',
-            maxAge: time.minutes(10), // 10 minutes
-        });
-        const authUrl = new URL('https://accounts.google.com/o/oauth2/v2/auth');
-        authUrl.searchParams.append('client_id', googleClientId);
-        authUrl.searchParams.append('redirect_uri', redirectUri);
-        authUrl.searchParams.append('response_type', 'code');
-        authUrl.searchParams.append('scope', 'profile email');
-        authUrl.searchParams.append('access_type', 'online');
-        authUrl.searchParams.append('state', state);
-        res.redirect(authUrl.toString());
-    });
-    // Handle OAuth callback
-    googleAuthRouter.get('/api/_internal/auth/google/callback', checkGoogleEnabled, handleGoogleAuthenticationCallback);
-    return googleAuthRouter;
-}
-export default getRouter;
-//# sourceMappingURL=google.js.map

package/dist/auth/providers/google.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"google.js","sourceRoot":"","sources":["../../../src/auth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AACrC,OAAO,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAC9B,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,MAAM,EAAkD,MAAM,SAAS,CAAC;AACjF,OAAO,EACL,cAAc,EACd,6BAA6B,EAC7B,iBAAiB,GAElB,MAAM,gBAAgB,CAAC;AAkBxB,KAAK,UAAU,oBAAoB,CACjC,IAAY,EACZ,QAAgB,EAChB,YAAoB,EACpB,WAAmB;IAEnB,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,qCAAqC,EAAE;QACvE,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,IAAI;YACJ,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;YAC3B,YAAY,EAAE,WAAW;YACzB,UAAU,EAAE,oBAAoB;SACjC,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,aAAa,CAAC,UAAU,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,aAAa,CAAC,IAAI,EAAE,CAAC;AAC9B,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IACpD,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;QACpF,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;SACvC;KACF,CAAC,CAAC;IAEH,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,8BAA8B,gBAAgB,CAAC,UAAU,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED,OAAO,gBAAgB,CAAC,IAAI,EAAE,CAAC;AACjC,CAAC;AAED,KAAK,UAAU,kCAAkC,CAAC,GAAY,EAAE,GAAa;IAC3E,MAAM,IAAI,GAAG,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,KAAe,CAAC;IACxC,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC;IAEhD,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QAC9D,OAAO;IACT,CAAC;IAED,IAAI,CAAC,KAAK,IAAI,CAAC,WAAW,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4CAA4C,EAAE,CAAC,CAAC;QAC9E,OAAO;IACT,CAAC;IAED,GAAG,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;IAEnC,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;IACtF,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,2BAA2B;QAC3B,MAAM,SAAS,GAAG,MAAM,oBAAoB,CAC1C,IAAI,EACJ,cAAc,EACd,kBAAkB,EAClB,WAAW,CACZ,CAAC;QAEF,kBAAkB;QAClB,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAErE,MAAM,QAAQ,GAAkB;YAC9B,EAAE,EAAE,UAAU,CAAC,EAAE;YACjB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,aAAa,EAAE,UAAU,CAAC,cAAc;YACxC,YAAY,EAAE,QAAQ;SACvB,CAAC;QAEF,MAAM,6BAA6B,CAAC,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,qBAAqB,EAAE,KAAK,CAAC,CAAC;QAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3D,CAAC;AACH,CAAC;AAED,SAAS,SAAS;IAChB,MAAM,gBAAgB,GAAG,MAAM,EAAE,CAAC;IAElC,+DAA+D;IAC/D,MAAM,kBAAkB,GAAG,CAAC,IAAa,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QAC9E,MAAM,aAAa,GAAG,OAAO,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC,CAAC;QAC7E,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,uCAAuC,CAAC,CAAC,CAAC;QAEtF,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;IAEF,sBAAsB;IACtB,gBAAgB,CAAC,GAAG,CAClB,4BAA4B,EAC5B,kBAAkB,EAClB,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QAC9B,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;QAC9E,MAAM,WAAW,GAAG,cAAc,CAAC,QAAQ,CAAC,CAAC;QAE7C,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QAE9C,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,KAAK,EAAE;YACnC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;YAC7C,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,aAAa;SACxC,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,8CAA8C,CAAC,CAAC;QACxE,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;QACzD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACrD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACtD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,CAAC;QACrD,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAE5C,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IACnC,CAAC,CACF,CAAC;IAEF,wBAAwB;IACxB,gBAAgB,CAAC,GAAG,CAClB,qCAAqC,EACrC,kBAAkB,EAClB,kCAAkC,CACnC,CAAC;IAEF,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAED,eAAe,SAAS,CAAC"}

package/dist/auth/providers/oauth-common.d.ts

@@ -1,13 +0,0 @@
-import { type Request, type Response } from 'express';
-import { ObjectId } from 'mongodb';
-export interface OAuthUserData {
-    id: string;
-    email: string;
-    emailVerified: boolean;
-    providerName: 'google' | 'github';
-}
-export declare function authenticateUser(res: Response, userId: ObjectId): Promise<void>;
-export declare function getRedirectUri(provider: string): string;
-export declare function handleOAuthUserAuthentication(req: Request, res: Response, userData: OAuthUserData): Promise<void>;
-export declare function validateOAuthCode(code: unknown): string | null;
-//# sourceMappingURL=oauth-common.d.ts.map

package/dist/auth/providers/oauth-common.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-common.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/oauth-common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,SAAS,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAOnC,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,aAAa,EAAE,OAAO,CAAC;IACvB,YAAY,EAAE,QAAQ,GAAG,QAAQ,CAAC;CACnC;AAED,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,iBAUrE;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED,wBAAsB,6BAA6B,CACjD,GAAG,EAAE,OAAO,EACZ,GAAG,EAAE,QAAQ,EACb,QAAQ,EAAE,aAAa,GACtB,OAAO,CAAC,IAAI,CAAC,CAqGf;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAK9D"}

package/dist/auth/providers/oauth-common.js

@@ -1,109 +0,0 @@
-import { usersCollection } from '../../auth/db';
-import { createSession } from '../../auth/session';
-import { getAuthConfig } from '../../app/authConfig';
-import { getCallContext } from '../../app/server';
-import { getConfig } from '../../config/server';
-export async function authenticateUser(res, userId) {
-    const { authToken } = await createSession(userId);
-    res.cookie('authToken', authToken, {
-        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        sameSite: 'strict',
-    });
-    res.status(301);
-    res.redirect('/');
-}
-export function getRedirectUri(provider) {
-    return `${getConfig('_system.site.url')}/api/_internal/auth/${provider}/callback`;
-}
-export async function handleOAuthUserAuthentication(req, res, userData) {
-    const existingUser = await usersCollection.findOne({
-        [`authMethods.${userData.providerName}.id`]: userData.id,
-    });
-    const { session, connectionInfo } = await getCallContext(req);
-    try {
-        if (existingUser) {
-            await authenticateUser(res, existingUser._id);
-            getAuthConfig().onAfterLogin?.({
-                user: existingUser,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().login?.onSuccess?.(existingUser);
-            return;
-        }
-    }
-    catch (error) {
-        if (error instanceof Error) {
-            getAuthConfig().login?.onError?.(error);
-            getAuthConfig().onLoginError?.({
-                error,
-                session,
-                connectionInfo,
-            });
-        }
-        throw error;
-    }
-    try {
-        if (!userData.email) {
-            res.status(400).json({
-                error: `Email address is required for ${userData.providerName} authentication.`,
-            });
-            return;
-        }
-        const existingUserByEmail = await usersCollection.findOne({ 'emails.address': userData.email }, { collation: { locale: 'en', strength: 2 } });
-        // TODO: check if the email is verified
-        if (existingUserByEmail) {
-            // TODO: handle case with an HTML page
-            res.status(400).json({
-                error: 'User with this email already exists. Please log in instead.',
-            });
-            return;
-        }
-        // If the user does not exist, create a new user
-        const newUser = await usersCollection.insertOne({
-            handle: userData.email,
-            status: 'active',
-            emails: [
-                {
-                    address: userData.email,
-                    verified: userData.emailVerified,
-                },
-            ],
-            createdAt: new Date(),
-            authMethods: {
-                [userData.providerName]: {
-                    id: userData.id,
-                },
-            },
-        });
-        await authenticateUser(res, newUser.insertedId);
-        const userDocument = await usersCollection.findOne({ _id: newUser.insertedId }, { readPreference: 'primary' });
-        if (userDocument) {
-            getAuthConfig().onAfterSignup?.({
-                user: userDocument,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().signup?.onSuccess?.(userDocument);
-        }
-    }
-    catch (error) {
-        if (error instanceof Error) {
-            getAuthConfig().onSignupError?.({
-                error,
-                session,
-                connectionInfo,
-            });
-            getAuthConfig().signup?.onError?.(error);
-        }
-        throw error;
-    }
-}
-export function validateOAuthCode(code) {
-    if (!code || typeof code !== 'string') {
-        return null;
-    }
-    return code;
-}
-//# sourceMappingURL=oauth-common.js.map

package/dist/auth/providers/oauth-common.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-common.js","sourceRoot":"","sources":["../../../src/auth/providers/oauth-common.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAS5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAa,EAAE,MAAgB;IACpE,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;IAElD,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,SAAS,EAAE;QACjC,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY;QAC7C,QAAQ,EAAE,QAAQ;KACnB,CAAC,CAAC;IACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAChB,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,QAAgB;IAC7C,OAAO,GAAG,SAAS,CAAC,kBAAkB,CAAC,uBAAuB,QAAQ,WAAW,CAAC;AACpF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,6BAA6B,CACjD,GAAY,EACZ,GAAa,EACb,QAAuB;IAEvB,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC;QACjD,CAAC,eAAe,QAAQ,CAAC,YAAY,KAAK,CAAC,EAAE,QAAQ,CAAC,EAAE;KACzD,CAAC,CAAC;IAEH,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;IAE9D,IAAI,CAAC;QACH,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,gBAAgB,CAAC,GAAG,EAAE,YAAY,CAAC,GAAG,CAAC,CAAC;YAE9C,aAAa,EAAE,CAAC,YAAY,EAAE,CAAC;gBAC7B,IAAI,EAAE,YAAY;gBAClB,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YACH,aAAa,EAAE,CAAC,KAAK,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC;YAEjD,OAAO;QACT,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,aAAa,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;YAExC,aAAa,EAAE,CAAC,YAAY,EAAE,CAAC;gBAC7B,KAAK;gBACL,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;QACL,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;YACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,iCAAiC,QAAQ,CAAC,YAAY,kBAAkB;aAChF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,MAAM,mBAAmB,GAAG,MAAM,eAAe,CAAC,OAAO,CACvD,EAAE,gBAAgB,EAAE,QAAQ,CAAC,KAAK,EAAE,EACpC,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE,CAC7C,CAAC;QAEF,uCAAuC;QACvC,IAAI,mBAAmB,EAAE,CAAC;YACxB,sCAAsC;YACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,6DAA6D;aACrE,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,gDAAgD;QAChD,MAAM,OAAO,GAAG,MAAM,eAAe,CAAC,SAAS,CAAC;YAC9C,MAAM,EAAE,QAAQ,CAAC,KAAK;YACtB,MAAM,EAAE,QAAQ;YAChB,MAAM,EAAE;gBACN;oBACE,OAAO,EAAE,QAAQ,CAAC,KAAK;oBACvB,QAAQ,EAAE,QAAQ,CAAC,aAAa;iBACjC;aACF;YACD,SAAS,EAAE,IAAI,IAAI,EAAE;YACrB,WAAW,EAAE;gBACX,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE;oBACvB,EAAE,EAAE,QAAQ,CAAC,EAAE;iBAChB;aACF;SACF,CAAC,CAAC;QAEH,MAAM,gBAAgB,CAAC,GAAG,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;QAEhD,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,OAAO,CAChD,EAAE,GAAG,EAAE,OAAO,CAAC,UAAU,EAAE,EAC3B,EAAE,cAAc,EAAE,SAAS,EAAE,CAC9B,CAAC;QAEF,IAAI,YAAY,EAAE,CAAC;YACjB,aAAa,EAAE,CAAC,aAAa,EAAE,CAAC;gBAC9B,IAAI,EAAE,YAAY;gBAClB,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YAEH,aAAa,EAAE,CAAC,MAAM,EAAE,SAAS,EAAE,CAAC,YAAY,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,aAAa,EAAE,CAAC,aAAa,EAAE,CAAC;gBAC9B,KAAK;gBACL,OAAO;gBACP,cAAc;aACf,CAAC,CAAC;YAEH,aAAa,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC;QAC3C,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAa;IAC7C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/auth/resetPassword.d.ts

@@ -1,10 +0,0 @@
-import { Args, Context } from '../methods/types';
-export declare function handleSendResetPasswordToken(args: Args, { connectionInfo }: Context): Promise<{
-    success: boolean;
-    message: string;
-}>;
-export declare function handleResetPassword(args: Args, {}: Context): Promise<{
-    success: boolean;
-    message: string;
-}>;
-//# sourceMappingURL=resetPassword.d.ts.map

package/dist/auth/resetPassword.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"resetPassword.d.ts","sourceRoot":"","sources":["../../src/auth/resetPassword.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAqChD,wBAAsB,4BAA4B,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,cAAc,EAAE,EAAE,OAAO;;;GAyDzF;AAED,wBAAsB,mBAAmB,CAAC,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO;;;GAuChE"}