nucleus-core-ts 0.9.176 → 0.9.178

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.js +8 -8
  2. package/dist/src/ElysiaPlugin/routes/auth/emailLinks/index.d.ts +32 -0
  3. package/dist/src/ElysiaPlugin/routes/auth/passwordReset/index.d.ts +1 -1
  4. package/dist/src/ElysiaPlugin/routes/entity/types.d.ts +6 -0
  5. package/dist/src/Services/Tenant/TenantRegistry.d.ts +1 -0
  6. package/dist/src/Services/Tenant/types.d.ts +7 -0
  7. package/package.json +1 -1
package/dist/src/ElysiaPlugin/routes/auth/emailLinks/index.d.ts ADDED
@@ -0,0 +1,32 @@
1
+ /**
2
+ * Builds outbound email action links (verification, password reset, magic
3
+ * link, invite) so they point back to the frontend origin the request
4
+ * actually came from.
5
+ *
6
+ * In multi-tenant deployments a single IDP serves many subdomains
7
+ * (e.g. `band-a.example.com`, `band-b.example.com`). A statically
8
+ * configured redirect URL therefore cannot be correct for every tenant.
9
+ * The originating frontend declares its public origin via the
10
+ * `x-app-origin` header; this module resolves that and falls back to the
11
+ * configured URL so existing single-tenant setups keep working unchanged.
12
+ *
13
+ * Origin resolution order:
14
+ * 1. `x-app-origin` header (frontend explicitly declares its origin)
15
+ * 2. `origin` header (browser-initiated cross-origin requests)
16
+ * 3. `x-forwarded-host` + `x-forwarded-proto` (proxied browser host)
17
+ * 4. origin of the configured fallback URL
18
+ */
19
+ export declare function resolveAppOrigin(request: Request, fallbackUrl?: string): string;
20
+ /**
21
+ * Extracts the path portion of a configured redirect URL so the host can be
22
+ * swapped for the request origin while preserving the intended landing route.
23
+ * Accepts absolute URLs, bare paths, or returns the provided default.
24
+ */
25
+ export declare function extractConfiguredPath(configuredUrl: string, defaultPath: string): string;
26
+ export interface BuildEmailActionLinkParams {
27
+ request: Request;
28
+ configuredUrl?: string;
29
+ path: string;
30
+ query: Record<string, string>;
31
+ }
32
+ export declare function buildEmailActionLink(params: BuildEmailActionLinkParams): string;
package/dist/src/ElysiaPlugin/routes/auth/passwordReset/index.d.ts CHANGED
@@ -3,7 +3,7 @@ import type { AuthRouteConfig, PasswordResetConfig } from '../types';
3
3
  export declare function createPasswordResetRoute(config: AuthRouteConfig, passwordResetConfig: PasswordResetConfig, storeResetToken: (userId: string, token: string, expiresAt: Date, schemaName?: string) => Promise<void>, getResetToken: (token: string, schemaName?: string) => Promise<{
4
4
  userId: string;
5
5
  expiresAt: Date;
6
- } | null>, deleteResetToken: (token: string, schemaName?: string) => Promise<void>, sendResetEmail?: (email: string, token: string) => Promise<void>): Elysia<"", {
6
+ } | null>, deleteResetToken: (token: string, schemaName?: string) => Promise<void>, sendResetEmail?: (email: string, token: string, request?: Request) => Promise<void>): Elysia<"", {
7
7
  decorator: {};
8
8
  store: {};
9
9
  derive: {};
package/dist/src/ElysiaPlugin/routes/entity/types.d.ts CHANGED
@@ -25,6 +25,12 @@ export interface EntityRouteConfig {
25
25
  enabled?: boolean;
26
26
  skipTables?: string[];
27
27
  skipColumns?: string[];
28
+ /**
29
+ * How claims reach this service. "embed" (default) → roles/claims are in the
30
+ * JWT and authorization is evaluated statelessly from the token. "resolve" →
31
+ * proxy to the IDP /auth/check for scope-aware checks.
32
+ */
33
+ jwtClaimsMode?: 'embed' | 'resolve';
28
34
  };
29
35
  authMode?: 'full' | 'consumer';
30
36
  idpUrl?: string;
package/dist/src/Services/Tenant/TenantRegistry.d.ts CHANGED
@@ -15,6 +15,7 @@ export declare class TenantRegistry {
15
15
  private defaultTrustedSources;
16
16
  private idpUrl;
17
17
  private allowDataLoss;
18
+ private onTenantProvisioned;
18
19
  private tenantsBySubdomain;
19
20
  private tenantsBySchemaName;
20
21
  private tenantsById;
package/dist/src/Services/Tenant/types.d.ts CHANGED
@@ -62,6 +62,13 @@ export type TenantRegistryConfig = {
62
62
  idpUrl?: string;
63
63
  /** Apply destructive DDL during tenant schema sync (database.allowDataLoss). Default: false. */
64
64
  allowDataLoss?: boolean;
65
+ /**
66
+ * Optional hook invoked after a NEW tenant schema is provisioned (tables synced).
67
+ * Used by the IDP to seed authorization claims + custom roles (e.g. the default
68
+ * "fan" role) into the fresh schema so runtime-created tenants match the
69
+ * boot-time per-schema seeding. Failures must be non-fatal to provisioning.
70
+ */
71
+ onTenantProvisioned?: (context: TenantSchemaContext) => Promise<void>;
65
72
  };
66
73
  export type TenantResolutionResult = {
67
74
  resolved: true;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nucleus-core-ts",
3
- "version": "0.9.176",
3
+ "version": "0.9.178",
4
4
  "description": "Production-ready, enterprise-grade TypeScript framework for building multi-tenant APIs",
5
5
  "author": "Hidayet Can Özcan <hidayetcan@gmail.com>",
6
6
  "license": "SEE LICENSE IN LICENSE",