nitro-web 0.0.166 → 0.0.168

package/client/store.ts

@@ -39,9 +39,9 @@ function beforeUpdate<T extends Store>(newStore: T) {
     delete newStore.jwt
   }
 
-  // E.g. Cookie matching handy for rare issues, e.g. signout > signin (to a different user on another tab)
+  // Send the requesting user id in the headers for the server to check (see, ./server/router.js:isValidUser() for more details)
   if (newStore?.user?._id) {
-    axios().defaults.headers.authid = newStore?.user?._id
+    axios().defaults.headers.requestingUserId = newStore?.user?._id
   }
   return newStore
 }

package/components/auth/auth.api.js

@@ -19,11 +19,17 @@ export const routes = {
   'post    /api/signin': [signin],
   'post    /api/signup': [signup],
   'post    /api/reset-instructions': [resetInstructions],
-  'post    /api/reset-password': [resetPassword],
+  'post    /api/reset-password': [resetConfirm],
   'post    /api/invite-instructions': [inviteInstructions],
-  'post    /api/invite-accept': [resetPassword],
+  'post    /api/invite-accept': [inviteConfirm],
   'delete  /api/account/:uid': [remove],
 
+  // todo: 
+  //   We dont need all of these overridable, just signinAndGetStore, findUserFromProvider, 
+  //   and getStore. So we will allow just these two to be passed around.
+  //   userCreate not needed, they can just create their own signup function.
+  ///  Maybe we can pass these into setup?
+
   // Overridable helpers
   setup: setup,
   findUserFromProvider: findUserFromProvider,
@@ -33,14 +39,16 @@ export const routes = {
   tokenParse: tokenParse,
   userCreate: userCreate,
   validatePassword: validatePassword,
+  sendToken: sendToken,
+  inviteOrResetConfirm: inviteOrResetConfirm,
 }
 
 function setup(middleware, _config) {
   // routes.setup is called automatically when express starts
   // Set config values
-  const configKeys = ['clientUrl', 'emailFrom', 'env', 'name', 'mailgunDomain', 'mailgunKey', 'masterPassword', 'isNotMultiTenant']
+  const configKeys = ['baseUrl', 'emailFrom', 'env', 'name', 'mailgunDomain', 'mailgunKey', 'masterPassword', 'isNotMultiTenant']
   authConfig = pick(_config, configKeys)
-  for (const key of ['clientUrl', 'emailFrom', 'env', 'name']) {
+  for (const key of ['baseUrl', 'emailFrom', 'env', 'name']) {
     if (!authConfig[key]) throw new Error(`Missing config value for: config.${key}`)
   }
 
@@ -140,95 +148,6 @@ function signout(req, res) {
   res.json('{}')
 }
 
-async function resetInstructions(req, res) {
-  try {
-    let email = (req.body.email || '').trim().toLowerCase()
-    if (!email) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-
-    let user = await db.user.findOne({ query: { email }, _privateData: true })
-    if (!user) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-
-    let resetToken = await tokenCreate(user._id)
-    await db.user.update({ query: { email }, $set: { resetToken }})
-
-    res.json({})
-    sendEmail({
-      config: authConfig,
-      template: 'reset-password',
-      to: `${ucFirst(user.firstName)}<${email}>`,
-      data: {
-        token: resetToken + (req.query.hasOwnProperty('desktop') ? '?desktop' : ''),
-      },
-    }).catch(err => console.error('sendEmail(..) mailgun error', err))
-  } catch (err) {
-    res.error(err)
-  }
-}
-
-async function resetPassword(req, res) {
-  try {
-    const { token, password, password2 } = req.body
-    const name = req.path.includes('invite') ? 'inviteToken' : 'resetToken'
-    const desktop = req.query.desktop
-    const id = tokenParse(token)
-    await validatePassword(password, password2)
-
-    let user = await db.user.findOne({ query: id, blacklist: ['-' + name], _privateData: true })
-    if (!user || user[name] !== token) throw new Error('Sorry your token is invalid or has already been used.')
-
-    await db.user.update({
-      query: user._id,
-      data: {
-        password: await bcrypt.hash(password, 10),
-        resetToken: '',
-      },
-      blacklist: ['-' + name, '-password'],
-    })
-    res.send(await this.signinAndGetStore({ ...user, [name]: undefined }, desktop, this.getStore))
-  } catch (err) {
-    res.error(err)
-  }
-}
-
-async function inviteInstructions(req, res) {
-  try {
-    // Check if user is admin here rather than in middleware (which may not exist yet)
-    if (req.user.type != 'admin' && !req.user.isAdmin) {
-      throw new Error('You are not authorized to invite users.')
-    }
-    const inviteToken = await tokenCreate()
-    const userData = await db.user.validate({
-      ...pick(req.body, ['email', 'firstName', 'lastName']),
-      status: 'invited',
-      inviteToken: inviteToken,
-    })
-
-    // Check if user already exists
-    if (await db.user.findOne({ query: { email: userData.email } })) {
-      throw { title: 'email', detail: 'User already exists.' }
-    }
-
-    // Create user
-    const user = await db.user.insert({
-      data: userData,
-    })
-
-    // Send email
-    res.send(user)
-    sendEmail({
-      config: authConfig,
-      template: 'invite-user',
-      to: `${ucFirst(userData.firstName)}<${userData.email}>`,
-      data: {
-        token: inviteToken + (req.query.hasOwnProperty('desktop') ? '?desktop' : ''),
-      },
-    }).catch(err => console.error('sendEmail(..) mailgun error', err))
-
-  } catch (err) {
-    return res.error(err)
-  }
-}
-
 async function remove(req, res) {
   try {
     const uid = db.id(req.params.uid || 'badid')
@@ -409,4 +328,120 @@ export async function validatePassword(password='', password2) {
   } else if (typeof password2 != 'undefined' && password !== password2) {
     throw [{ title: 'password2', detail: 'Your passwords need to match.' }]
   }
+}
+
+
+
+
+/* ---- Controllers -------------------------- */
+
+export async function resetInstructions(req, res) {
+  try {
+    // const desktop = req.query.hasOwnProperty('desktop') ? '?desktop' : '' // see sendToken for future usage
+    let email = (req.body.email || '').trim().toLowerCase()
+    if (!email) throw { title: 'email', detail: 'The email you entered is incorrect.' }
+
+    let user = await db.user.findOne({ query: { email }, _privateData: true })
+    if (!user) throw { title: 'email', detail: 'The email you entered is incorrect.' }
+
+    // Send reset password email
+    await sendToken({ type: 'reset', user: user })
+    res.json({})
+  } catch (err) {
+    res.error(err)
+  }
+}
+
+export async function inviteInstructions(req, res) {
+  try {
+    // const desktop = req.query.hasOwnProperty('desktop') ? '?desktop' : '' // see sendToken for future usage
+    let user = await db.user.findOne({ query: { _id: req.params._id }, _privateData: true })
+    if (!user) throw new Error('Invalid user id')
+    // Send invite instructions email
+    await sendToken({ type: 'invite', user: user })
+    res.json({})
+  } catch (err) {
+    res.error(err)
+  }
+}
+
+export async function inviteConfirm(req, res) {
+  try {
+    res.send(await this.inviteOrResetConfirm('invite', req))
+  } catch (err) {
+    res.error(err)
+  }
+}
+
+export async function resetConfirm(req, res) {
+  try {
+    res.send(await this.inviteOrResetConfirm('reset', req))
+  } catch (err) {
+    res.error(err)
+  }
+}
+
+/* ---- Helpers ------------------------------ */
+
+export async function inviteOrResetConfirm(type, req) {
+  const { token, password, password2 } = req.body
+  const name = type === 'invite' ? 'inviteToken' : 'resetToken'
+  const desktop = req.query.desktop
+  const id = tokenParse(token)
+  await validatePassword(password, password2)
+
+  let user = await db.user.findOne({ query: id, blacklist: ['-' + name], _privateData: true })
+  if (!user || user[name] !== token) throw new Error('Sorry your token is invalid or has already been used.')
+
+  await db.user.update({
+    query: user._id,
+    data: {
+      password: await bcrypt.hash(password, 10),
+      [name]: '', // remove token
+    },
+    blacklist: ['-' + name, '-password'],
+  })
+  const store = await this.signinAndGetStore({ ...user, [name]: undefined }, desktop, this.getStore)
+  return store
+}
+
+/**
+ * Checks if the user exists, updates the user with the invite token and sends the invite email
+ * @param {object} options
+ * @param {'reset' | 'invite'} options.type -  The type of token to send (default: 'reset')
+ * @param {{_id: string, email: string, firstName: string}} options.user -  The user to send the invite email to
+ * @param {function} [options.beforeUpdate] - callback hook to run before updating the user
+ * @param {function} [options.beforeSendEmail] -  callback hook to run before sending the email
+ * @returns {Promise<{token: string, mailgunPromise: Promise<unknown>}>}
+ */
+export async function sendToken({ type = 'reset', user, beforeUpdate, beforeSendEmail }) {
+  if (!user?._id) throw new Error('user is required')
+  if (!user?.email) throw new Error('user.email is required')
+  if (!user?.firstName) throw new Error('user.firstName is required')
+  const token = await tokenCreate(user._id)
+
+  // Update the user with the token
+  const result = await db.user.update({
+    query: { _id: user._id },
+    data: beforeUpdate ? beforeUpdate({ [type + 'Token']: token }) : { [type + 'Token']: token },
+    blacklist: ['-' + type + 'Token'],
+  })
+
+  if (!result._output.matchedCount) {
+    throw new Error('Invalid user id to send the token to')
+  }
+
+  // Send email
+  const options = {
+    config: authConfig,
+    template: type === 'reset' ? 'reset-password' : 'invite-user',
+    to: `${ucFirst(user.firstName)}<${user.email}>`,
+    data: { token: token }, // + (req.query.hasOwnProperty('desktop') ? '?desktop' : '')
+  }
+  const mailgunPromise = sendEmail(beforeSendEmail ? beforeSendEmail(options, token) : options).catch(err => {
+    console.error('sendEmail(..) mailgun error', err)
+  })
+
+  // Return the token and mailgun promise
+  return { token, mailgunPromise }
 }

package/components/auth/reset.tsx

@@ -69,7 +69,7 @@ export function ResetPassword({ className, elements, redirectTo }: resetInstruct
     try {
       const data = await request('post /api/reset-password', state, event, isLoading, setState)
       setStore((s) => ({ ...s, ...data }))
-      navigate(redirectTo || '/')
+      setTimeout(() => navigate(redirectTo || '/'), 10) // wait for setStore
     } catch (e) {
       return setState({ ...state, errors: e as Errors })
     }

package/components/auth/signin.tsx

@@ -51,7 +51,7 @@ export function Signin({ className, elements, redirectTo }: signinProps) {
       setTimeout(() => { // wait for setStore
         if (location.search.includes('redirect')) navigate(location.search.replace('?redirect=', ''))
         else navigate(redirectTo || '/')
-      }, 100) 
+      }, 10) 
     } catch (e) {
       return setState({ ...state, errors: e as Errors})
     }

package/components/auth/signup.tsx

@@ -28,7 +28,7 @@ export function Signup({ className, elements, redirectTo }: signupProps) {
     try {
       const data = await request('post /api/signup', state, e, isLoading, setState)
       setStore((prev) => ({ ...prev, ...data }))
-      setTimeout(() => navigate(redirectTo || '/'), 0) // wait for setStore
+      setTimeout(() => navigate(redirectTo || '/'), 10) // wait for setStore
     } catch (e) {
       setState((prev) => ({ ...prev, errors: e as Errors }))
     }

package/components/billing/stripe.api.js

@@ -21,7 +21,7 @@ function setup(middleware, _config) {
   // Set config values
   config = {
     env: _config.env,
-    clientUrl: _config.clientUrl,
+    baseUrl: _config.baseUrl,
     stripeSecretKey: _config.stripeSecretKey,
     stripeWebhookSecret: _config.stripeWebhookSecret,
   }
@@ -81,7 +81,7 @@ async function billingPortalSessionCreate(req, res) {
     }
     const session = await stripe.billingPortal.sessions.create({
       customer: req.user.stripeCustomer.id,
-      return_url: config.clientUrl + '/subscriptions',
+      return_url: config.baseUrl + '/subscriptions',
     })
     res.json(session.url)
   } catch (err) {

package/components/partials/not-found.tsx

@@ -1,7 +1,11 @@
 export function NotFound() {
   return (
-    <div class="pt-14 text-center" style={{'minHeight': '300px'}}>
-      Sorry, nothing found.
+    <div style={{'minHeight': '300px'}}>
+      <span class="h1">Page Not Found</span><br />
+      <br />
+      The page you&apos;re looking for doesn&apos;t exist or has moved.<br />
+      <br />
+      <Link to="/">Go back home</Link> or check the URL and try again.
     </div>
   )
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nitro-web",
-  "version": "0.0.166",
+  "version": "0.0.168",
   "repository": "github:boycce/nitro-web",
   "homepage": "https://boycce.github.io/nitro-web/",
   "description": "Nitro is a battle-tested, modular base project to turbocharge your projects, styled using Tailwind 🚀",

package/server/email/index.js

@@ -15,7 +15,7 @@ const _dirname = dirname(fileURLToPath(import.meta.url)) + '/'
 
 /**
  * Sends an email using a predefined template, with optional data/or recipientVariables
- * @typedef {{ clientUrl?: string, emailFrom?: string, mailgunDomain?: string, mailgunKey?: string, name?: string }} Config
+ * @typedef {{ baseUrl?: string, emailFrom?: string, mailgunDomain?: string, mailgunKey?: string, name?: string }} Config
  *
  * @param {object} opts
  * @param {string} opts.template - Template name or raw HTML, e.g., 'reset-password'
@@ -46,8 +46,8 @@ export async function sendEmail({
 }) {
   if (!config) {
     throw new Error('sendEmail: `config` missing')
-  } else if (!config.clientUrl) {
-    throw new Error('sendEmail: `config.clientUrl` is missing')
+  } else if (!config.baseUrl) {
+    throw new Error('sendEmail: `config.baseUrl` is missing')
   } else if (!config.emailFrom) {
     throw new Error('sendEmail: `config.emailFrom` is missing')
   } else if (!test && (!config.mailgunKey || !config.mailgunDomain)) {
@@ -81,7 +81,7 @@ export async function sendEmail({
     recipientVariables[toEmail] = {
       ...(data || {}),
       configName: ucFirst(config.name),
-      domain: config.clientUrl,
+      domain: config.baseUrl,
       replyToEmail: getNameEmail(replyTo)[1],
       replyToName: getNameEmail(replyTo)[0],
       email: toEmail,
@@ -95,7 +95,7 @@ export async function sendEmail({
     bcc: bcc,
     emailTemplateDir: getDirectories(path, config.pwd).emailTemplateDir,
     from: from,
-    isDev: config.clientUrl.match(/:/), // possibly use config.env here
+    isDev: config.baseUrl.match(/:/), // possibly use config.env here
     recipientVariables: recipientVariables,
     replyTo: replyTo,
     skipCssInline: skipCssInline,
@@ -103,7 +103,7 @@ export async function sendEmail({
     template: template,
     test: config.emailTestMode || test,
     to: to,
-    url: config.clientUrl,
+    url: config.baseUrl,
   }
 
   // Grab html and send

package/server/email/invite-user.html

@@ -1,3 +1,11 @@
+
+<!--
+todo: change naming to:
+  invite-link
+  invite-confirm
+  reset-link
+  reset-confirm
+-->
 <!-- extends references the default nitro layout file -->
 {% extends "partials/layout1.swig" %}
 

package/server/index.js

@@ -18,7 +18,7 @@ async function setupDefaultModels(db) {
 export { userModel, companyModel, setupDefaultModels }
 
 // Export router
-export { setupRouter, middleware } from './router.js'
+export { setupRouter, middleware, isValidUserOrRespond, isAdminUser } from './router.js'
 
 // Export email utility
 export { sendEmail } from './email/index.js'

package/server/router.js

@@ -374,42 +374,58 @@ export const middleware = {
 
 
   isAdmin: (req, res, next) => {
-    // Still need to remove cookie matching in favour of uid..
-    // E.g. Cookie matching handy for rare issues, e.g. signout > signin (to a different user on another tab)
-    const user = req.user
-    let cookieMatch = user && (!req.headers.authid || user._id?.toString() == req.headers.authid)
-    if (cookieMatch && user && (user.type?.match(/admin/) || user.isAdmin)) next()
-    else if (user && (user.type?.match(/admin/) || user.isAdmin)) res.unauthorized('Invalid cookie, please refresh your browser')
-    else if (user) res.unauthorized('You are not authorised to make this request.')
-    else res.unauthorized('Please sign in first.')
+    if (!isValidUserOrRespond(req, res)) return
+    else if (!isAdminUser(req)) res.unauthorized('You are not authorised to make this request.')
+    else next()
   },
-  // isCompanyOwner: (req, res, next) => {
-  //   let user = req.user || { companies: [] }
-  //   let cid = req.params.cid
-  //   let company = user.companies.find((o) => o._id.toString() == cid)
-  //   let companyUser = company?.users?.find((o) => o._id.toString() == user._id?.toString())
-  //   if (!user._id) return res.unauthorized('Please sign in first.')
-  //   else if (!company || !companyUser) res.unauthorized('You are not authorised to make this request.')
-  //   else if (companyUser.type != 'owner') res.unauthorized('Only owners can make this request.')
-  //   else next()
-  // },
-  // isCompanyUser: (req, res, next) => {
-  //   let user = req.user || { companies: [] }
-  //   let cid = req.params.cid
-  //   let company = user.companies.find((o) => o._id.toString() == cid)
-  //   if (!user._id) return res.unauthorized('Please sign in first.')
-  //   else if (!company) res.unauthorized('You are not authorised to make this request.')
-  //   else next()
-  // },
   isUser: (req, res, next) => {
-    // todo: need to double check that uid is always defined
-    let uid = req.params.uid
-    if (req.user && (typeof uid == 'undefined' || req.user._id?.toString() == uid)) next()
-    else if (req.user) res.unauthorized('You are not authorised to make this request.')
-    else res.unauthorized('Please sign in first.')
+    if (!isValidUserOrRespond(req, res)) return
+    else next()
+  },
+  isParamUser: (req, res, next) => {
+    const isParamUser = req.user?._id?.toString() == req.params.uid
+    if (!isValidUserOrRespond(req, res)) return
+    else if (!isParamUser && !isAdminUser(req)) res.unauthorized('You are not authorised to make this request.')
+    else next() 
   },
   isDevelopment: (req, res, next) => {
     if (configLocal.env !== 'development') res.error('This API endpoint is only available in development')
     else next()
   },
+  isCompanyUser: (req, res, next) => {
+    if (!isValidParamCompanyUserOrRespond(req)) return
+    else next()
+  },
+  isCompanyOwner: (req, res, next) => {
+    if (!isValidParamCompanyUserOrRespond(req, true)) return
+    else next()
+  },
+}
+
+export function isAdminUser(req) {
+  return (req.user?.type?.match(/admin/) || req.user?.isAdmin) ? true : false
+}
+
+export function isValidUserOrRespond(req, res) {
+  // Check if the user is logged in, and that the requesting user is the same as the user, the requesting user might be outdated.
+  // E.g. new tab > signout > signin to a different user, now old tab needs to refresh.
+  if (!req.user) {
+    res.unauthorized('Please sign in first.')
+    return false
+  } else if (req.headers.requestingUserId && req.user._id?.toString() != req.headers.requestingUserId) {
+    res.unauthorized('Invalid session, please refresh your browser.')
+    return false
+  } else {
+    return true
+  }
+}
+
+function isValidParamCompanyUserOrRespond(req, res, checkIsOwner = false) {
+  const _company = req.user?.company?._id?.toString() == req.params.cid ? req.user.company : false
+  const company = _company || req.user?.companies?.find((o) => o._id.toString() == req.params.cid)
+  const isCompanyOwner = company?.users?.find((o) => o._id.toString() == req.user?._id?.toString() && o.type === 'owner')
+  if (!isValidUserOrRespond(req, res)) return
+  else if (!isAdminUser(req) && !company) res.unauthorized('You are not authorised to make this request.')
+  else if (!isAdminUser(req) && checkIsOwner && !isCompanyOwner) res.unauthorized('Only owners can make this request.')
+  else return true
 }

package/types/components/auth/auth.api.d.ts

@@ -11,15 +11,42 @@ export function userCreate({ business, password, ...userDataProp }: {
 export function tokenCreate(id: any): Promise<any>;
 export function tokenParse(token: any): any;
 export function validatePassword(password: string, password2: any): Promise<void>;
+export function resetInstructions(req: any, res: any): Promise<void>;
+export function inviteInstructions(req: any, res: any): Promise<void>;
+export function inviteConfirm(req: any, res: any): Promise<void>;
+export function resetConfirm(req: any, res: any): Promise<void>;
+export function inviteOrResetConfirm(type: any, req: any): Promise<any>;
+/**
+ * Checks if the user exists, updates the user with the invite token and sends the invite email
+ * @param {object} options
+ * @param {'reset' | 'invite'} options.type -  The type of token to send (default: 'reset')
+ * @param {{_id: string, email: string, firstName: string}} options.user -  The user to send the invite email to
+ * @param {function} [options.beforeUpdate] - callback hook to run before updating the user
+ * @param {function} [options.beforeSendEmail] -  callback hook to run before sending the email
+ * @returns {Promise<{token: string, mailgunPromise: Promise<unknown>}>}
+ */
+export function sendToken({ type, user, beforeUpdate, beforeSendEmail }: {
+    type: "reset" | "invite";
+    user: {
+        _id: string;
+        email: string;
+        firstName: string;
+    };
+    beforeUpdate?: Function;
+    beforeSendEmail?: Function;
+}): Promise<{
+    token: string;
+    mailgunPromise: Promise<unknown>;
+}>;
 export const routes: {
     'get     /api/store': (typeof store)[];
     'get     /api/signout': (typeof signout)[];
     'post    /api/signin': (typeof signin)[];
     'post    /api/signup': (typeof signup)[];
     'post    /api/reset-instructions': (typeof resetInstructions)[];
-    'post    /api/reset-password': (typeof resetPassword)[];
+    'post    /api/reset-password': (typeof resetConfirm)[];
     'post    /api/invite-instructions': (typeof inviteInstructions)[];
-    'post    /api/invite-accept': (typeof resetPassword)[];
+    'post    /api/invite-accept': (typeof inviteConfirm)[];
     'delete  /api/account/:uid': (typeof remove)[];
     setup: typeof setup;
     findUserFromProvider: typeof findUserFromProvider;
@@ -29,14 +56,13 @@ export const routes: {
     tokenParse: typeof tokenParse;
     userCreate: typeof userCreate;
     validatePassword: typeof validatePassword;
+    sendToken: typeof sendToken;
+    inviteOrResetConfirm: typeof inviteOrResetConfirm;
 };
 declare function store(req: any, res: any): Promise<void>;
 declare function signout(req: any, res: any): void;
 declare function signin(req: any, res: any): any;
 declare function signup(req: any, res: any): Promise<void>;
-declare function resetInstructions(req: any, res: any): Promise<void>;
-declare function resetPassword(req: any, res: any): Promise<void>;
-declare function inviteInstructions(req: any, res: any): Promise<any>;
 declare function remove(req: any, res: any): Promise<void>;
 declare function setup(middleware: any, _config: any): void;
 export {};

package/types/components/auth/auth.api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.api.d.ts","sourceRoot":"","sources":["../../../components/auth/auth.api.js"],"names":[],"mappings":"AAmQA,qGAyCC;AAED;;GAKC;AAED,0FAQC;AAED;;;;iBAkDC;AAED,mDAOC;AAED,4CAYC;AAED,kFAiBC;AA7YD;;;;;;;;;;;;;;;;;;EAqBC;AAmED,0DAEC;AAkCD,mDAEC;AAnBD,iDAeC;AA9BD,2DAaC;AAuBD,sEAuBC;AAED,kEAuBC;AAED,sEAqCC;AAED,2DAwBC;AA1ND,4DA+DC"}
+{"version":3,"file":"auth.api.d.ts","sourceRoot":"","sources":["../../../components/auth/auth.api.js"],"names":[],"mappings":"AAkLA,qGAyCC;AAED;;GAKC;AAED,0FAQC;AAED;;;;iBAkDC;AAED,mDAOC;AAED,4CAYC;AAED,kFAiBC;AAOD,qEAeC;AAED,sEAWC;AAED,iEAMC;AAED,gEAMC;AAID,wEAoBC;AAED;;;;;;;;GAQG;AACH,yEANG;IAAoC,IAAI,EAAhC,OAAO,GAAG,QAAQ;IACuC,IAAI,EAA7D;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAC;IAC5B,YAAY;IACZ,eAAe;CAC1C,GAAU,OAAO,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,cAAc,EAAE,OAAO,CAAC,OAAO,CAAC,CAAA;CAAC,CAAC,CAgCtE;AAhbD;;;;;;;;;;;;;;;;;;;;EA6BC;AAmED,0DAEC;AAkCD,mDAEC;AAnBD,iDAeC;AA9BD,2DAaC;AAuBD,2DAwBC;AAjID,4DA+DC"}

package/types/server/email/index.d.ts

@@ -1,6 +1,6 @@
 /**
  * Sends an email using a predefined template, with optional data/or recipientVariables
- * @typedef {{ clientUrl?: string, emailFrom?: string, mailgunDomain?: string, mailgunKey?: string, name?: string }} Config
+ * @typedef {{ baseUrl?: string, emailFrom?: string, mailgunDomain?: string, mailgunKey?: string, name?: string }} Config
  *
  * @param {object} opts
  * @param {string} opts.template - Template name or raw HTML, e.g., 'reset-password'
@@ -33,7 +33,7 @@ export function sendEmail({ template, to, config, bcc, data, from, replyTo, reci
  * Sends an email using a predefined template, with optional data/or recipientVariables
  */
 export type Config = {
-    clientUrl?: string;
+    baseUrl?: string;
     emailFrom?: string;
     mailgunDomain?: string;
     mailgunKey?: string;

package/types/server/email/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../server/email/index.js"],"names":[],"mappings":"AAeA;;;;;;;;;;;;;;;;;GAiBG;AACH,iIAbG;IAAqB,QAAQ,EAArB,MAAM;IACO,EAAE,EAAf,MAAM;IACO,MAAM,EAAnB,MAAM;IACQ,GAAG,GAAjB,MAAM;IACQ,IAAI,GAAlB,MAAM;IACQ,IAAI,GAAlB,MAAM;IACQ,OAAO,GAArB,MAAM;IACQ,kBAAkB,GAAhC,MAAM;IACQ,OAAO,GAArB,MAAM;IACS,aAAa,GAA5B,OAAO;IACQ,IAAI,GAAnB,OAAO;CACf,GAAU,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAiF/B;;;;qBA/FY;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../server/email/index.js"],"names":[],"mappings":"AAeA;;;;;;;;;;;;;;;;;GAiBG;AACH,iIAbG;IAAqB,QAAQ,EAArB,MAAM;IACO,EAAE,EAAf,MAAM;IACO,MAAM,EAAnB,MAAM;IACQ,GAAG,GAAjB,MAAM;IACQ,IAAI,GAAlB,MAAM;IACQ,IAAI,GAAlB,MAAM;IACQ,OAAO,GAArB,MAAM;IACQ,kBAAkB,GAAhC,MAAM;IACQ,OAAO,GAArB,MAAM;IACS,aAAa,GAA5B,OAAO;IACQ,IAAI,GAAnB,OAAO;CACf,GAAU,OAAO,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAiF/B;;;;qBA/FY;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAC;IAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE"}

package/types/server/index.d.ts

@@ -13,5 +13,5 @@ import userModel from './models/user.js';
 import companyModel from './models/company.js';
 export function setupDefaultModels(db: any): Promise<void>;
 export { userModel, companyModel };
-export { setupRouter, middleware } from "./router.js";
+export { setupRouter, middleware, isValidUserOrRespond, isAdminUser } from "./router.js";
 //# sourceMappingURL=index.d.ts.map

package/types/server/router.d.ts

@@ -1,4 +1,6 @@
 export function setupRouter(config: any): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
+export function isAdminUser(req: any): boolean;
+export function isValidUserOrRespond(req: any, res: any): boolean;
 /** @type {MiddlewareConfig} */
 export const middleware: MiddlewareConfig;
 export type Request = express.Request & {

package/types/server/router.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../server/router.js"],"names":[],"mappings":"AAmCA,wHA6HC;AAgKD,+BAA+B;AAC/B,yBADW,gBAAgB,CA8F1B;sBA/YY,OAAO,CAAC,OAAO,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAoB,CAAC;CAC7B;uBACS,OAAO,CAAC,QAAQ,GAAG;IAC3B,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACjE,YAAY,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACvD,SAAS,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACpD,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACnD,WAAW,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;CACvD;+BACS;IACR,KAAK,EAAE,MAAM,EAAE,CAAC;IACpB,CAAK,GAAG,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,UAAU,KAAK,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC;CACnF;iBA1Ba,MAAM;oBAIH,SAAS"}
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../server/router.js"],"names":[],"mappings":"AAmCA,wHA6HC;AAoPD,+CAEC;AAED,kEAYC;AApGD,+BAA+B;AAC/B,yBADW,gBAAgB,CAkF1B;sBAnYY,OAAO,CAAC,OAAO,GAAG;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAoB,CAAC;CAC7B;uBACS,OAAO,CAAC,QAAQ,GAAG;IAC3B,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACjE,YAAY,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACvD,SAAS,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACpD,QAAQ,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;IACnD,WAAW,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,KAAK,GAAG,KAAK,EAAE,KAAK,IAAI,CAAC;CACvD;+BACS;IACR,KAAK,EAAE,MAAM,EAAE,CAAC;IACpB,CAAK,GAAG,EAAE,MAAM,GAAG,CAAC,CAAC,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,UAAU,KAAK,IAAI,CAAC,GAAG,MAAM,EAAE,CAAC;CACnF;iBA1Ba,MAAM;oBAIH,SAAS"}

package/types.ts

@@ -2,7 +2,7 @@
 
 type InjectedConfig = {
   awsUrl?: string
-  clientUrl: string
+  baseUrl: string
   env: string
   googleMapsApiKey?: string
   isDemo: boolean // implicitly defined by webpack

package/util.js

@@ -103,9 +103,9 @@ export function axios ({ createConfig } = {}) {
   if (typeof window !== 'undefined') {
     if (!axiosNonce) {
       // Remove mobile specific protocol and subdomain
-      const clientOrigin = window.document.location.origin.replace(/^(capacitor|https):\/\/(mobile\.)?/, 'https://')
+      const baseUrl = window.document.location.origin.replace(/^(capacitor|https):\/\/(mobile\.)?/, 'https://')
       axiosNonce = true
-      _axios.defaults.baseURL = clientOrigin
+      _axios.defaults.baseURL = baseUrl
       _axios.defaults.headers.desktop = true
       _axios.defaults.withCredentials = true
       _axios.defaults.timeout = 60000