sa2kit 2.0.4 → 3.1.0

package/dist/chunk-YGI7UU2D.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/common/auth/client/types.ts","../src/common/auth/client/base-api-client.ts"],"names":[],"mappings":";AAYO,IAAM,YAAA,GAAe;AAAA,EAC1B,UAAA,EAAY,YAAA;AAAA,EACZ,SAAA,EAAW;AACb;AAKO,IAAM,UAAA,GAAa;AAAA,EACxB,IAAA,EAAM;AAAA,IACJ,KAAA,EAAO,aAAA;AAAA,IACP,QAAA,EAAU,gBAAA;AAAA,IACV,MAAA,EAAQ,cAAA;AAAA,IACR,EAAA,EAAI;AAAA;AAER;;;ACGO,IAAM,gBAAN,MAA2C;AAAA,EAIhD,WAAA,CACU,OAAA,EACA,OAAA,EACA,OAAA,EACR;AAHQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AANV,IAAA,IAAA,CAAQ,KAAA,GAAuB,IAAA;AAC/B,IAAA,IAAA,CAAQ,IAAA,GAAoB,IAAA;AAAA,EAMzB;AAAA;AAAA;AAAA;AAAA,EAKH,MAAM,IAAA,GAAsB;AAC1B,IAAA,IAAI;AACF,MAAA,IAAA,CAAK,QAAQ,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,aAAa,UAAU,CAAA;AAC/D,MAAA,MAAM,WAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,aAAa,SAAS,CAAA;AAClE,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,IAAA,CAAK,IAAA,GAAO,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA;AAAA,MACjC;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,6BAA6B,KAAK,CAAA;AAAA,IAClD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SAAS,KAAA,EAAqC;AAClD,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AACb,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAQ,YAAA,CAAa,YAAY,KAAK,CAAA;AAAA,IAC3D,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,YAAA,CAAa,UAAU,CAAA;AAAA,IACvD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,IAAA,EAAkC;AAC9C,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,MAAM,IAAA,CAAK,QAAQ,OAAA,CAAQ,YAAA,CAAa,WAAW,IAAA,CAAK,SAAA,CAAU,IAAI,CAAC,CAAA;AAAA,IACzE,CAAA,MAAO;AACL,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,YAAA,CAAa,SAAS,CAAA;AAAA,IACtD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,QAAA,GAA0B;AACxB,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,OAAA,GAAuB;AACrB,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAA,GAAoC;AACxC,IAAA,OAAO,CAAC,CAAC,IAAA,CAAK,KAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,YAAA,CAAa,UAAU,CAAA;AACrD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,YAAA,CAAa,SAAS,CAAA;AACpD,IAAA,IAAA,CAAK,KAAA,GAAQ,IAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,YAAqB,MAAA,EAAgD;AACjF,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAkC;AAAA,QACtC,cAAA,EAAgB,kBAAA;AAAA,QAChB,GAAI,MAAA,CAAO,OAAA,IAAW;AAAC,OACzB;AAGA,MAAA,IAAI,KAAK,KAAA,EAAO;AACd,QAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,SAAA,GAAa,IAAA,CAAK,KAAA;AAAA,MAC/C;AAEA,MAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,OAAA,CAAwB;AAAA,QAC1D,GAAG,MAAA;AAAA,QACH,GAAA,EAAM,IAAA,CAAK,OAAA,GAAY,MAAA,CAAO,GAAA;AAAA,QAC9B;AAAA,OACD,CAAA;AAED,MAAA,OAAO,QAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,OAAA,CAAQ,KAAA,CAAM,sBAAsB,KAAK,CAAA;AACzC,MAAA,OAAO;AAAA,QACL,OAAA,EAAS,KAAA;AAAA,QACT,KAAA,EAAO,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,OAClD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,QAAA,CACJ,KAAA,EACA,QAAA,EACA,QAAA,EACoC;AACpC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,CAA0B;AAAA,MACpD,GAAA,EAAK,WAAW,IAAA,CAAK,QAAA;AAAA,MACrB,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA,EAAU,QAAA;AAAS,KACnC,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,IAAA,EAAM;AACrC,MAAA,MAAM,IAAA,CAAK,QAAA,CAAS,QAAA,CAAS,IAAA,CAAK,KAAK,CAAA;AACvC,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAAA,IACvC;AAEA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAA,CAAM,KAAA,EAAe,QAAA,EAAsD;AAC/E,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,CAA0B;AAAA,MACpD,GAAA,EAAK,WAAW,IAAA,CAAK,KAAA;AAAA,MACrB,MAAA,EAAQ,MAAA;AAAA,MACR,IAAA,EAAM,EAAE,KAAA,EAAO,QAAA;AAAS,KACzB,CAAA;AAED,IAAA,IAAI,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,IAAA,EAAM;AACrC,MAAA,MAAM,IAAA,CAAK,QAAA,CAAS,QAAA,CAAS,IAAA,CAAK,KAAK,CAAA;AACvC,MAAA,MAAM,IAAA,CAAK,OAAA,CAAQ,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAGrC,MAAA,IAAI,OAAO,WAAW,WAAA,EAAa;AACjC,QAAA,MAAA,CAAO,aAAA;AAAA,UACL,IAAI,YAAY,oBAAA,EAAsB;AAAA,YACpC,MAAA,EAAQ;AAAA,cACN,MAAA,EAAQ,QAAA,CAAS,IAAA,CAAK,IAAA,CAAK,EAAA;AAAA,cAC3B,KAAA,EAAO,QAAA,CAAS,IAAA,CAAK,IAAA,CAAK,KAAA;AAAA,cAC1B,IAAA,EAAM,QAAA,CAAS,IAAA,CAAK,IAAA,CAAK;AAAA;AAC3B,WACD;AAAA,SACH;AAAA,MACF;AAAA,IACF;AAEA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,GAAwB;AAC5B,IAAA,MAAM,KAAK,WAAA,CAAkB;AAAA,MAC3B,GAAA,EAAK,WAAW,IAAA,CAAK,MAAA;AAAA,MACrB,MAAA,EAAQ;AAAA,KACT,CAAA;AAGD,IAAA,MAAM,KAAK,aAAA,EAAc;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,cAAA,GAA6C;AACjD,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,CAAiB;AAAA,MAC3C,GAAA,EAAK,WAAW,IAAA,CAAK,EAAA;AAAA,MACrB,MAAA,EAAQ;AAAA,KACT,CAAA;AAGD,IAAA,IAAI,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,IAAA,EAAM;AACrC,MAAA,MAAM,QAAA,GAAW,QAAA,CAAS,IAAA,CAAK,IAAA,IAAQ,QAAA,CAAS,IAAA;AAChD,MAAA,MAAM,IAAA,CAAK,QAAQ,QAAQ,CAAA;AAC3B,MAAA,OAAO;AAAA,QACL,GAAG,QAAA;AAAA,QACH,IAAA,EAAM;AAAA,OACR;AAAA,IACF;AAEA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,GAAA,CAAa,GAAA,EAAa,MAAA,EAAuD;AACrF,IAAA,OAAO,KAAK,WAAA,CAAY,EAAE,KAAK,MAAA,EAAQ,KAAA,EAAO,QAAQ,CAAA;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAA,CAAc,GAAA,EAAa,IAAA,EAAqC;AACpE,IAAA,OAAO,KAAK,WAAA,CAAY,EAAE,KAAK,MAAA,EAAQ,MAAA,EAAQ,MAAM,CAAA;AAAA,EACvD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,GAAA,CAAa,GAAA,EAAa,IAAA,EAAqC;AACnE,IAAA,OAAO,KAAK,WAAA,CAAY,EAAE,KAAK,MAAA,EAAQ,KAAA,EAAO,MAAM,CAAA;AAAA,EACtD;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAgB,GAAA,EAAsC;AAC1D,IAAA,OAAO,KAAK,WAAA,CAAY,EAAE,GAAA,EAAK,MAAA,EAAQ,UAAU,CAAA;AAAA,EACnD;AACF","file":"chunk-YGI7UU2D.mjs","sourcesContent":["/**\n * Auth Client - Types\n * API 客户端类型定义\n */\n\nimport type { UserRole, User, ApiResponse, AuthResponse } from '../types';\n\nexport type { UserRole, User, ApiResponse, AuthResponse };\n\n/**\n * 存储键名\n */\nexport const STORAGE_KEYS = {\n  AUTH_TOKEN: 'auth_token',\n  USER_DATA: 'user_data',\n} as const;\n\n/**\n * API 路由\n */\nexport const API_ROUTES = {\n  AUTH: {\n    LOGIN: '/auth/login',\n    REGISTER: '/auth/register',\n    LOGOUT: '/auth/logout',\n    ME: '/auth/me',\n  },\n} as const;\n\n","/**\n * Auth Client - Base API Client\n * 基础 API 客户端\n */\n\nimport type { StorageAdapter } from '../../storage';\nimport type { RequestAdapter, RequestConfig } from '../../request';\nimport { API_ROUTES, STORAGE_KEYS, type ApiResponse, type User, type AuthResponse } from './types';\nimport type { IAuthClient } from '../types';\n\n/**\n * 基础 API 客户端\n * 提供统一的 API 调用逻辑，通过适配器模式支持多平台\n *\n * @example\n * ```typescript\n * import { BaseApiClient } from '@qhr123/sa2kit/auth/client';\n * import { WebStorageAdapter } from '@qhr123/sa2kit/storage';\n * import { WebRequestAdapter } from '@qhr123/sa2kit/request';\n *\n * const apiClient = new BaseApiClient(\n *   new WebStorageAdapter(),\n *   new WebRequestAdapter(),\n *   '/api'\n * );\n *\n * await apiClient.init();\n * const result = await apiClient.login('user@example.com', 'password');\n * ```\n */\nexport class BaseApiClient implements IAuthClient {\n  private token: string | null = null;\n  private user: User | null = null;\n\n  constructor(\n    private storage: StorageAdapter,\n    private request: RequestAdapter,\n    private baseUrl: string\n  ) {}\n\n  /**\n   * 初始化 - 从存储中加载 token 和用户信息\n   */\n  async init(): Promise<void> {\n    try {\n      this.token = await this.storage.getItem(STORAGE_KEYS.AUTH_TOKEN);\n      const userData = await this.storage.getItem(STORAGE_KEYS.USER_DATA);\n      if (userData) {\n        this.user = JSON.parse(userData);\n      }\n    } catch (error) {\n      console.error('Failed to load auth data:', error);\n    }\n  }\n\n  /**\n   * 设置认证 token\n   */\n  async setToken(token: string | null): Promise<void> {\n    this.token = token;\n    if (token) {\n      await this.storage.setItem(STORAGE_KEYS.AUTH_TOKEN, token);\n    } else {\n      await this.storage.removeItem(STORAGE_KEYS.AUTH_TOKEN);\n    }\n  }\n\n  /**\n   * 设置用户信息\n   */\n  async setUser(user: User | null): Promise<void> {\n    this.user = user;\n    if (user) {\n      await this.storage.setItem(STORAGE_KEYS.USER_DATA, JSON.stringify(user));\n    } else {\n      await this.storage.removeItem(STORAGE_KEYS.USER_DATA);\n    }\n  }\n\n  /**\n   * 获取当前 token\n   */\n  getToken(): string | null {\n    return this.token;\n  }\n\n  /**\n   * 获取当前用户\n   */\n  getUser(): User | null {\n    return this.user;\n  }\n\n  /**\n   * 检查是否已登录\n   */\n  async isAuthenticated(): Promise<boolean> {\n    return !!this.token;\n  }\n\n  /**\n   * 清除用户数据\n   */\n  async clearUserData(): Promise<void> {\n    await this.storage.removeItem(STORAGE_KEYS.AUTH_TOKEN);\n    await this.storage.removeItem(STORAGE_KEYS.USER_DATA);\n    this.token = null;\n    this.user = null;\n  }\n\n  /**\n   * 发送请求的通用方法\n   */\n  private async sendRequest<T = any>(config: RequestConfig): Promise<ApiResponse<T>> {\n    try {\n      const headers: Record<string, string> = {\n        'Content-Type': 'application/json',\n        ...(config.headers || {}),\n      };\n\n      // 添加认证 token\n      if (this.token) {\n        headers['Authorization'] = 'Bearer ' + (this.token);\n      }\n\n      const response = await this.request.request<ApiResponse<T>>({\n        ...config,\n        url: (this.baseUrl) + (config.url),\n        headers,\n      });\n\n      return response;\n    } catch (error) {\n      console.error('API request error:', error);\n      return {\n        success: false,\n        error: error instanceof Error ? error.message : '网络错误，请重试',\n      };\n    }\n  }\n\n  // ==================== 认证相关 API ====================\n\n  /**\n   * 用户注册\n   */\n  async register(\n    email: string,\n    password: string,\n    username: string\n  ): Promise<ApiResponse<AuthResponse>> {\n    const response = await this.sendRequest<AuthResponse>({\n      url: API_ROUTES.AUTH.REGISTER,\n      method: 'POST',\n      body: { email, password, username },\n    });\n\n    if (response.success && response.data) {\n      await this.setToken(response.data.token);\n      await this.setUser(response.data.user);\n    }\n\n    return response;\n  }\n\n  /**\n   * 用户登录\n   */\n  async login(email: string, password: string): Promise<ApiResponse<AuthResponse>> {\n    const response = await this.sendRequest<AuthResponse>({\n      url: API_ROUTES.AUTH.LOGIN,\n      method: 'POST',\n      body: { email, password },\n    });\n\n    if (response.success && response.data) {\n      await this.setToken(response.data.token);\n      await this.setUser(response.data.user);\n\n      // 触发自定义事件通知登录成功\n      if (typeof window !== 'undefined') {\n        window.dispatchEvent(\n          new CustomEvent('user_login_success', {\n            detail: {\n              userId: response.data.user.id,\n              email: response.data.user.email,\n              role: response.data.user.role,\n            },\n          })\n        );\n      }\n    }\n\n    return response;\n  }\n\n  /**\n   * 用户退出登录\n   */\n  async logout(): Promise<void> {\n    await this.sendRequest<void>({\n      url: API_ROUTES.AUTH.LOGOUT,\n      method: 'POST',\n    });\n\n    // 无论成功与否，都清除本地数据\n    await this.clearUserData();\n  }\n\n  /**\n   * 获取当前用户信息\n   */\n  async getCurrentUser(): Promise<ApiResponse<User>> {\n    const response = await this.sendRequest<any>({\n      url: API_ROUTES.AUTH.ME,\n      method: 'GET',\n    });\n\n    // 统一处理响应格式\n    if (response.success && response.data) {\n      const userData = response.data.user || response.data;\n      await this.setUser(userData);\n      return {\n        ...response,\n        data: userData,\n      };\n    }\n\n    return response;\n  }\n\n  // ==================== 通用方法 ====================\n\n  /**\n   * 发送 GET 请求\n   */\n  async get<T = any>(url: string, params?: Record<string, any>): Promise<ApiResponse<T>> {\n    return this.sendRequest({ url, method: 'GET', params });\n  }\n\n  /**\n   * 发送 POST 请求\n   */\n  async post<T = any>(url: string, body?: any): Promise<ApiResponse<T>> {\n    return this.sendRequest({ url, method: 'POST', body });\n  }\n\n  /**\n   * 发送 PUT 请求\n   */\n  async put<T = any>(url: string, body?: any): Promise<ApiResponse<T>> {\n    return this.sendRequest({ url, method: 'PUT', body });\n  }\n\n  /**\n   * 发送 DELETE 请求\n   */\n  async delete<T = any>(url: string): Promise<ApiResponse<T>> {\n    return this.sendRequest({ url, method: 'DELETE' });\n  }\n}\n\n"]}

package/dist/chunk-ZCLQSI5F.mjs

@@ -1,271 +0,0 @@
-import { user, session } from './chunk-IJ4YYWE3.mjs';
-import bcrypt from 'bcryptjs';
-import jwt from 'jsonwebtoken';
-import { eq, and, gt } from 'drizzle-orm';
-import { randomBytes } from 'crypto';
-
-async function hashPassword(password, saltRounds = 12) {
-  return bcrypt.hash(password, saltRounds);
-}
-async function verifyPassword(password, hashedPassword) {
-  return bcrypt.compare(password, hashedPassword);
-}
-function generateToken(payload, secret, expiresIn = "7d") {
-  return jwt.sign(payload, secret, { expiresIn });
-}
-function verifyJwtToken(token, secret) {
-  return jwt.verify(token, secret);
-}
-function getTokenFromRequest(request) {
-  const cookieHeader = request.headers.get("Cookie");
-  if (cookieHeader) {
-    const match = cookieHeader.match(/auth_token=([^;]+)/);
-    if (match && match[1]) {
-      return match[1];
-    }
-  }
-  const authHeader = request.headers.get("Authorization");
-  if (authHeader && authHeader.startsWith("Bearer ")) {
-    const token = authHeader.substring(7);
-    return token || null;
-  }
-  return null;
-}
-var DrizzleAuthService = class {
-  constructor(config) {
-    this.config = {
-      db: config.db,
-      jwtSecret: config.jwtSecret,
-      jwtExpiresIn: config.jwtExpiresIn || "7d",
-      saltRounds: config.saltRounds || 12,
-      checkSecretStrength: config.checkSecretStrength !== false
-    };
-    this.validateConfig();
-  }
-  /**
-   * 验证配置
-   */
-  validateConfig() {
-    if (!this.config.jwtSecret) {
-      throw new Error(
-        `JWT_SECRET is required. Please provide jwtSecret in config. You can generate a secure secret with: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`
-      );
-    }
-    if (this.config.checkSecretStrength && process.env.NODE_ENV === "production" && this.config.jwtSecret.length < 32) {
-      throw new Error(
-        "JWT_SECRET is too short (" + this.config.jwtSecret.length + " chars, minimum 32 required in production)"
-      );
-    }
-  }
-  /**
-   * 用户注册
-   */
-  async signUp(email, password, username, role = "USER") {
-    try {
-      const existingUser = await this.config.db.select().from(user).where(eq(user.email, email)).limit(1);
-      if (existingUser.length > 0) {
-        throw new Error("\u7528\u6237\u5DF2\u5B58\u5728");
-      }
-      const hashedPassword = await hashPassword(password, this.config.saltRounds);
-      const [newUser] = await this.config.db.insert(user).values({
-        id: randomBytes(16).toString("hex"),
-        email,
-        password: hashedPassword,
-        username: username || email.split("@")[0],
-        role,
-        emailVerified: false,
-        createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-        updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-      }).returning();
-      const token = generateToken(
-        {
-          userId: newUser.id,
-          email: newUser.email,
-          role: newUser.role
-        },
-        this.config.jwtSecret,
-        this.config.jwtExpiresIn
-      );
-      await this.createSession(newUser.id, token);
-      return {
-        user: {
-          id: newUser.id,
-          email: newUser.email,
-          username: newUser.username,
-          role: newUser.role
-        },
-        token
-      };
-    } catch (error) {
-      throw error;
-    }
-  }
-  /**
-   * 用户登录
-   */
-  async signIn(email, password) {
-    try {
-      const [foundUser] = await this.config.db.select().from(user).where(eq(user.email, email)).limit(1);
-      if (!foundUser) {
-        throw new Error("\u90AE\u7BB1\u6216\u5BC6\u7801\u9519\u8BEF");
-      }
-      if (!foundUser.password) {
-        throw new Error("\u7528\u6237\u5BC6\u7801\u672A\u8BBE\u7F6E");
-      }
-      const isPasswordValid = await verifyPassword(password, foundUser.password);
-      if (!isPasswordValid) {
-        throw new Error("\u90AE\u7BB1\u6216\u5BC6\u7801\u9519\u8BEF");
-      }
-      const token = generateToken(
-        {
-          userId: foundUser.id,
-          email: foundUser.email,
-          role: foundUser.role
-        },
-        this.config.jwtSecret,
-        this.config.jwtExpiresIn
-      );
-      await this.createSession(foundUser.id, token);
-      return {
-        user: {
-          id: foundUser.id,
-          email: foundUser.email,
-          username: foundUser.username,
-          role: foundUser.role
-        },
-        token
-      };
-    } catch (error) {
-      throw error;
-    }
-  }
-  /**
-   * 验证 Token
-   */
-  async verifyToken(token) {
-    try {
-      const decoded = verifyJwtToken(token, this.config.jwtSecret);
-      const [foundSession] = await this.config.db.select().from(session).where(
-        and(eq(session.token, token), gt(session.expiresAt, (/* @__PURE__ */ new Date()).toISOString()))
-      ).limit(1);
-      if (!foundSession) {
-        throw new Error("\u4F1A\u8BDD\u65E0\u6548\u6216\u5DF2\u8FC7\u671F");
-      }
-      const [foundUser] = await this.config.db.select().from(user).where(eq(user.id, decoded.userId)).limit(1);
-      if (!foundUser) {
-        throw new Error("\u7528\u6237\u4E0D\u5B58\u5728");
-      }
-      return {
-        user: {
-          id: foundUser.id,
-          email: foundUser.email,
-          username: foundUser.username,
-          role: foundUser.role
-        },
-        session: foundSession
-      };
-    } catch (error) {
-      throw error;
-    }
-  }
-  /**
-   * 创建会话
-   */
-  async createSession(userId, token, ipAddress, userAgent) {
-    const expiresAt = /* @__PURE__ */ new Date();
-    expiresAt.setDate(expiresAt.getDate() + 7);
-    await this.config.db.insert(session).values({
-      id: randomBytes(16).toString("hex"),
-      userId,
-      token,
-      expiresAt: expiresAt.toISOString(),
-      ipAddress,
-      userAgent,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      updatedAt: (/* @__PURE__ */ new Date()).toISOString()
-    });
-  }
-  /**
-   * 删除会话（登出）
-   */
-  async signOut(token) {
-    try {
-      await this.config.db.delete(session).where(eq(session.token, token));
-      return { success: true };
-    } catch (error) {
-      throw error;
-    }
-  }
-  /**
-   * 获取会话
-   */
-  async getSession(token) {
-    try {
-      return await this.verifyToken(token);
-    } catch (error) {
-      return null;
-    }
-  }
-  /**
-   * 检查管理员权限
-   */
-  async requireAdmin(token) {
-    const result = await this.verifyToken(token);
-    if (!["ADMIN", "SUPER_ADMIN"].includes(result.user.role)) {
-      throw new Error("\u9700\u8981\u7BA1\u7406\u5458\u6743\u9650");
-    }
-    return result;
-  }
-  /**
-   * 检查超级管理员权限
-   */
-  async requireSuperAdmin(token) {
-    const result = await this.verifyToken(token);
-    if (result.user.role !== "SUPER_ADMIN") {
-      throw new Error("\u9700\u8981\u8D85\u7EA7\u7BA1\u7406\u5458\u6743\u9650");
-    }
-    return result;
-  }
-  /**
-   * 通过用户 ID 获取用户信息
-   */
-  async getUserById(userId) {
-    try {
-      const [foundUser] = await this.config.db.select().from(user).where(eq(user.id, userId)).limit(1);
-      if (!foundUser) {
-        return null;
-      }
-      return {
-        id: foundUser.id,
-        email: foundUser.email,
-        username: foundUser.username,
-        role: foundUser.role
-      };
-    } catch (error) {
-      return null;
-    }
-  }
-  /**
-   * 通过邮箱获取用户信息
-   */
-  async getUserByEmail(email) {
-    try {
-      const [foundUser] = await this.config.db.select().from(user).where(eq(user.email, email)).limit(1);
-      if (!foundUser) {
-        return null;
-      }
-      return {
-        id: foundUser.id,
-        email: foundUser.email,
-        username: foundUser.username,
-        role: foundUser.role
-      };
-    } catch (error) {
-      return null;
-    }
-  }
-};
-
-export { DrizzleAuthService, generateToken, getTokenFromRequest, hashPassword, verifyJwtToken, verifyPassword };
-//# sourceMappingURL=chunk-ZCLQSI5F.mjs.map
-//# sourceMappingURL=chunk-ZCLQSI5F.mjs.map

package/dist/chunk-ZCLQSI5F.mjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/common/auth/services/password-utils.ts","../src/common/auth/services/token-utils.ts","../src/common/auth/services/drizzle-auth-service.ts"],"names":[],"mappings":";;;;;;AAUA,eAAsB,YAAA,CAAa,QAAA,EAAkB,UAAA,GAAqB,EAAA,EAAqB;AAC7F,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,UAAU,CAAA;AACzC;AAKA,eAAsB,cAAA,CAAe,UAAkB,cAAA,EAA0C;AAC/F,EAAA,OAAO,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU,cAAc,CAAA;AAChD;ACIO,SAAS,aAAA,CACd,OAAA,EACA,MAAA,EACA,SAAA,GAA6B,IAAA,EACrB;AACR,EAAA,OAAO,IAAI,IAAA,CAAK,OAAA,EAAS,MAAA,EAAQ,EAAE,WAA8B,CAAA;AACnE;AAKO,SAAS,cAAA,CAAe,OAAe,MAAA,EAA4B;AACxE,EAAA,OAAO,GAAA,CAAI,MAAA,CAAO,KAAA,EAAO,MAAM,CAAA;AACjC;AAMO,SAAS,oBAAoB,OAAA,EAAiC;AAEnE,EAAA,MAAM,YAAA,GAAe,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,QAAQ,CAAA;AACjD,EAAA,IAAI,YAAA,EAAc;AAEhB,IAAA,MAAM,KAAA,GAAQ,YAAA,CAAa,KAAA,CAAM,oBAAoB,CAAA;AACrD,IAAA,IAAI,KAAA,IAAS,KAAA,CAAM,CAAC,CAAA,EAAG;AACrB,MAAA,OAAO,MAAM,CAAC,CAAA;AAAA,IAChB;AAAA,EACF;AAGA,EAAA,MAAM,UAAA,GAAa,OAAA,CAAQ,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACtD,EAAA,IAAI,UAAA,IAAc,UAAA,CAAW,UAAA,CAAW,SAAS,CAAA,EAAG;AAClD,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,SAAA,CAAU,CAAC,CAAA;AACpC,IAAA,OAAO,KAAA,IAAS,IAAA;AAAA,EAClB;AAEA,EAAA,OAAO,IAAA;AACT;ACrBO,IAAM,qBAAN,MAAyB;AAAA,EAG9B,YAAY,MAAA,EAA2B;AAErC,IAAA,IAAA,CAAK,MAAA,GAAS;AAAA,MACZ,IAAI,MAAA,CAAO,EAAA;AAAA,MACX,WAAW,MAAA,CAAO,SAAA;AAAA,MAClB,YAAA,EAAc,OAAO,YAAA,IAAgB,IAAA;AAAA,MACrC,UAAA,EAAY,OAAO,UAAA,IAAc,EAAA;AAAA,MACjC,mBAAA,EAAqB,OAAO,mBAAA,KAAwB;AAAA,KACtD;AAGA,IAAA,IAAA,CAAK,cAAA,EAAe;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA,EAKQ,cAAA,GAAuB;AAC7B,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,SAAA,EAAW;AAC1B,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,CAAA,2KAAA;AAAA,OAEF;AAAA,IACF;AAGA,IAAA,IACE,IAAA,CAAK,MAAA,CAAO,mBAAA,IACZ,OAAA,CAAQ,GAAA,CAAI,QAAA,KAAa,YAAA,IACzB,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,MAAA,GAAS,EAAA,EAC/B;AACA,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,2BAAA,GAA+B,IAAA,CAAK,MAAA,CAAO,SAAA,CAAU,MAAA,GAAU;AAAA,OACjE;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,CACJ,KAAA,EACA,QAAA,EACA,QAAA,EACA,OAAiB,MAAA,EACI;AACrB,IAAA,IAAI;AAEF,MAAA,MAAM,eAAe,MAAM,IAAA,CAAK,OAAO,EAAA,CACpC,MAAA,GACA,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,KAAA,EAAO,KAAK,CAAC,CAAA,CAC3B,MAAM,CAAC,CAAA;AAEV,MAAA,IAAI,YAAA,CAAa,SAAS,CAAA,EAAG;AAC3B,QAAA,MAAM,IAAI,MAAM,gCAAO,CAAA;AAAA,MACzB;AAGA,MAAA,MAAM,iBAAiB,MAAM,YAAA,CAAa,QAAA,EAAU,IAAA,CAAK,OAAO,UAAU,CAAA;AAG1E,MAAA,MAAM,CAAC,OAAO,CAAA,GAAI,MAAM,IAAA,CAAK,OAAO,EAAA,CACjC,MAAA,CAAO,IAAI,CAAA,CACX,MAAA,CAAO;AAAA,QACN,EAAA,EAAI,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,KAAK,CAAA;AAAA,QAClC,KAAA;AAAA,QACA,QAAA,EAAU,cAAA;AAAA,QACV,UAAU,QAAA,IAAY,KAAA,CAAM,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAAA,QACxC,IAAA;AAAA,QACA,aAAA,EAAe,KAAA;AAAA,QACf,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,QAClC,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,OACnC,EACA,SAAA,EAAU;AAGb,MAAA,MAAM,KAAA,GAAQ,aAAA;AAAA,QACZ;AAAA,UACE,QAAQ,OAAA,CAAQ,EAAA;AAAA,UAChB,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,MAAM,OAAA,CAAQ;AAAA,SAChB;AAAA,QACA,KAAK,MAAA,CAAO,SAAA;AAAA,QACZ,KAAK,MAAA,CAAO;AAAA,OACd;AAGA,MAAA,MAAM,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,EAAA,EAAI,KAAK,CAAA;AAE1C,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,IAAI,OAAA,CAAQ,EAAA;AAAA,UACZ,OAAO,OAAA,CAAQ,KAAA;AAAA,UACf,UAAU,OAAA,CAAQ,QAAA;AAAA,UAClB,MAAM,OAAA,CAAQ;AAAA,SAChB;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,MAAA,CAAO,KAAA,EAAe,QAAA,EAAuC;AACjE,IAAA,IAAI;AAEF,MAAA,MAAM,CAAC,SAAS,CAAA,GAAI,MAAM,KAAK,MAAA,CAAO,EAAA,CACnC,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,KAAA,EAAO,KAAK,CAAC,CAAA,CAC3B,MAAM,CAAC,CAAA;AAEV,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAM,IAAI,MAAM,4CAAS,CAAA;AAAA,MAC3B;AAGA,MAAA,IAAI,CAAC,UAAU,QAAA,EAAU;AACvB,QAAA,MAAM,IAAI,MAAM,4CAAS,CAAA;AAAA,MAC3B;AAEA,MAAA,MAAM,eAAA,GAAkB,MAAM,cAAA,CAAe,QAAA,EAAU,UAAU,QAAQ,CAAA;AACzE,MAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,QAAA,MAAM,IAAI,MAAM,4CAAS,CAAA;AAAA,MAC3B;AAGA,MAAA,MAAM,KAAA,GAAQ,aAAA;AAAA,QACZ;AAAA,UACE,QAAQ,SAAA,CAAU,EAAA;AAAA,UAClB,OAAO,SAAA,CAAU,KAAA;AAAA,UACjB,MAAM,SAAA,CAAU;AAAA,SAClB;AAAA,QACA,KAAK,MAAA,CAAO,SAAA;AAAA,QACZ,KAAK,MAAA,CAAO;AAAA,OACd;AAGA,MAAA,MAAM,IAAA,CAAK,aAAA,CAAc,SAAA,CAAU,EAAA,EAAI,KAAK,CAAA;AAE5C,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,IAAI,SAAA,CAAU,EAAA;AAAA,UACd,OAAO,SAAA,CAAU,KAAA;AAAA,UACjB,UAAU,SAAA,CAAU,QAAA;AAAA,UACpB,MAAM,SAAA,CAAU;AAAA,SAClB;AAAA,QACA;AAAA,OACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,KAAA,EAAsC;AACtD,IAAA,IAAI;AAEF,MAAA,MAAM,OAAA,GAAU,cAAA,CAAe,KAAA,EAAO,IAAA,CAAK,OAAO,SAAS,CAAA;AAG3D,MAAA,MAAM,CAAC,YAAY,CAAA,GAAI,MAAM,IAAA,CAAK,MAAA,CAAO,EAAA,CACtC,MAAA,EAAO,CACP,IAAA,CAAK,OAAO,CAAA,CACZ,KAAA;AAAA,QACC,GAAA,CAAI,EAAA,CAAG,OAAA,CAAQ,KAAA,EAAO,KAAK,CAAA,EAAG,EAAA,CAAG,OAAA,CAAQ,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAa,CAAC;AAAA,OAC/E,CACC,MAAM,CAAC,CAAA;AAEV,MAAA,IAAI,CAAC,YAAA,EAAc;AACjB,QAAA,MAAM,IAAI,MAAM,kDAAU,CAAA;AAAA,MAC5B;AAGA,MAAA,MAAM,CAAC,SAAS,CAAA,GAAI,MAAM,KAAK,MAAA,CAAO,EAAA,CACnC,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,EAAA,EAAI,QAAQ,MAAM,CAAC,CAAA,CACjC,KAAA,CAAM,CAAC,CAAA;AAEV,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,MAAM,IAAI,MAAM,gCAAO,CAAA;AAAA,MACzB;AAEA,MAAA,OAAO;AAAA,QACL,IAAA,EAAM;AAAA,UACJ,IAAI,SAAA,CAAU,EAAA;AAAA,UACd,OAAO,SAAA,CAAU,KAAA;AAAA,UACjB,UAAU,SAAA,CAAU,QAAA;AAAA,UACpB,MAAM,SAAA,CAAU;AAAA,SAClB;AAAA,QACA,OAAA,EAAS;AAAA,OACX;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAA,CACJ,MAAA,EACA,KAAA,EACA,WACA,SAAA,EACe;AACf,IAAA,MAAM,SAAA,uBAAgB,IAAA,EAAK;AAC3B,IAAA,SAAA,CAAU,OAAA,CAAQ,SAAA,CAAU,OAAA,EAAQ,GAAI,CAAC,CAAA;AAEzC,IAAA,MAAM,KAAK,MAAA,CAAO,EAAA,CAAG,MAAA,CAAO,OAAO,EAAE,MAAA,CAAO;AAAA,MAC1C,EAAA,EAAI,WAAA,CAAY,EAAE,CAAA,CAAE,SAAS,KAAK,CAAA;AAAA,MAClC,MAAA;AAAA,MACA,KAAA;AAAA,MACA,SAAA,EAAW,UAAU,WAAA,EAAY;AAAA,MACjC,SAAA;AAAA,MACA,SAAA;AAAA,MACA,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA,EAAY;AAAA,MAClC,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACnC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAQ,KAAA,EAA8C;AAC1D,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,MAAA,CAAO,EAAA,CAAG,MAAA,CAAO,OAAO,CAAA,CAAE,KAAA,CAAM,EAAA,CAAG,OAAA,CAAQ,KAAA,EAAO,KAAK,CAAC,CAAA;AACnE,MAAA,OAAO,EAAE,SAAS,IAAA,EAAK;AAAA,IACzB,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,KAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,KAAA,EAA6C;AAC5D,IAAA,IAAI;AACF,MAAA,OAAO,MAAM,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AAAA,IACrC,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,KAAA,EAAsC;AACvD,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AAC3C,IAAA,IAAI,CAAC,CAAC,OAAA,EAAS,aAAa,EAAE,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,EAAG;AACxD,MAAA,MAAM,IAAI,MAAM,4CAAS,CAAA;AAAA,IAC3B;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,kBAAkB,KAAA,EAAsC;AAC5D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,WAAA,CAAY,KAAK,CAAA;AAC3C,IAAA,IAAI,MAAA,CAAO,IAAA,CAAK,IAAA,KAAS,aAAA,EAAe;AACtC,MAAA,MAAM,IAAI,MAAM,wDAAW,CAAA;AAAA,IAC7B;AACA,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YAAY,MAAA,EAA0C;AAC1D,IAAA,IAAI;AACF,MAAA,MAAM,CAAC,SAAS,CAAA,GAAI,MAAM,KAAK,MAAA,CAAO,EAAA,CACnC,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,EAAA,EAAI,MAAM,CAAC,CAAA,CACzB,MAAM,CAAC,CAAA;AAEV,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,SAAA,CAAU,EAAA;AAAA,QACd,OAAO,SAAA,CAAU,KAAA;AAAA,QACjB,UAAU,SAAA,CAAU,QAAA;AAAA,QACpB,MAAM,SAAA,CAAU;AAAA,OAClB;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,eAAe,KAAA,EAAyC;AAC5D,IAAA,IAAI;AACF,MAAA,MAAM,CAAC,SAAS,CAAA,GAAI,MAAM,KAAK,MAAA,CAAO,EAAA,CACnC,QAAO,CACP,IAAA,CAAK,IAAI,CAAA,CACT,KAAA,CAAM,GAAG,IAAA,CAAK,KAAA,EAAO,KAAK,CAAC,CAAA,CAC3B,MAAM,CAAC,CAAA;AAEV,MAAA,IAAI,CAAC,SAAA,EAAW;AACd,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,OAAO;AAAA,QACL,IAAI,SAAA,CAAU,EAAA;AAAA,QACd,OAAO,SAAA,CAAU,KAAA;AAAA,QACjB,UAAU,SAAA,CAAU,QAAA;AAAA,QACpB,MAAM,SAAA,CAAU;AAAA,OAClB;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,OAAO,IAAA;AAAA,IACT;AAAA,EACF;AACF","file":"chunk-ZCLQSI5F.mjs","sourcesContent":["/**\n * Auth Services - Password Utilities\n * 密码哈希相关工具函数\n */\n\nimport bcrypt from 'bcryptjs';\n\n/**\n * 哈希密码\n */\nexport async function hashPassword(password: string, saltRounds: number = 12): Promise<string> {\n  return bcrypt.hash(password, saltRounds);\n}\n\n/**\n * 验证密码\n */\nexport async function verifyPassword(password: string, hashedPassword: string): Promise<boolean> {\n  return bcrypt.compare(password, hashedPassword);\n}\n\n","/**\n * Auth Services - Token Utilities\n * Token 相关工具函数\n */\n\nimport jwt from 'jsonwebtoken';\nimport type { UserRole } from '../schema/enums';\n\n/**\n * JWT Payload\n */\nexport interface JwtPayload {\n  userId: string;\n  email: string;\n  username?: string;\n  role: UserRole;\n  iat?: number;\n  exp?: number;\n}\n\n/**\n * 生成 JWT Token\n */\nexport function generateToken(\n  payload: Omit<JwtPayload, 'iat' | 'exp'>,\n  secret: string,\n  expiresIn: string | number = '7d'\n): string {\n  return jwt.sign(payload, secret, { expiresIn } as jwt.SignOptions);\n}\n\n/**\n * 验证 JWT Token\n */\nexport function verifyJwtToken(token: string, secret: string): JwtPayload {\n  return jwt.verify(token, secret) as JwtPayload;\n}\n\n/**\n * 从请求中获取 Token\n * 优先从 Cookie 读取（Web），兼容 Authorization Header（Mobile/API）\n */\nexport function getTokenFromRequest(request: Request): string | null {\n  // 🔐 优先从 httpOnly Cookie 读取（Web 管理后台，更安全）\n  const cookieHeader = request.headers.get('Cookie');\n  if (cookieHeader) {\n    // 匹配 auth_token\n    const match = cookieHeader.match(/auth_token=([^;]+)/);\n    if (match && match[1]) {\n      return match[1];\n    }\n  }\n\n  // 🔄 兼容从 Authorization Header 读取（移动端、小程序、API 调用）\n  const authHeader = request.headers.get('Authorization');\n  if (authHeader && authHeader.startsWith('Bearer ')) {\n    const token = authHeader.substring(7);\n    return token || null;\n  }\n\n  return null;\n}\n\n","/**\n * Auth Services - Drizzle Auth Service\n * 基于 Drizzle ORM 的认证服务\n */\n\nimport { eq, and, gt } from 'drizzle-orm';\nimport { randomBytes } from 'crypto';\nimport { user, session } from '../schema';\nimport { hashPassword, verifyPassword } from './password-utils';\nimport { generateToken, verifyJwtToken } from './token-utils';\nimport type {\n  AuthServiceConfig,\n  AuthResult,\n  VerifyResult,\n  UserInfo,\n  SessionInfo,\n} from './types';\nimport type { UserRole } from '../schema/enums';\n\n/**\n * Drizzle 认证服务类\n *\n * @example\n * ```typescript\n * import { DrizzleAuthService } from '@qhr123/sa2kit/auth/services';\n * import { db } from './db';\n *\n * const authService = new DrizzleAuthService({\n *   db,\n *   jwtSecret: process.env.JWT_SECRET!,\n *   jwtExpiresIn: '7d',\n * });\n *\n * // 用户注册\n * const result = await authService.signUp('user@example.com', 'password123', 'username');\n *\n * // 用户登录\n * const loginResult = await authService.signIn('user@example.com', 'password123');\n * ```\n */\nexport class DrizzleAuthService {\n  private config: Required<AuthServiceConfig>;\n\n  constructor(config: AuthServiceConfig) {\n    // 设置默认值\n    this.config = {\n      db: config.db,\n      jwtSecret: config.jwtSecret,\n      jwtExpiresIn: config.jwtExpiresIn || '7d',\n      saltRounds: config.saltRounds || 12,\n      checkSecretStrength: config.checkSecretStrength !== false,\n    };\n\n    // 验证配置\n    this.validateConfig();\n  }\n\n  /**\n   * 验证配置\n   */\n  private validateConfig(): void {\n    if (!this.config.jwtSecret) {\n      throw new Error(\n        'JWT_SECRET is required. Please provide jwtSecret in config. ' +\n          \"You can generate a secure secret with: node -e \\\"console.log(require('crypto').randomBytes(64).toString('hex'))\\\"\"\n      );\n    }\n\n    // 生产环境检查密钥强度\n    if (\n      this.config.checkSecretStrength &&\n      process.env.NODE_ENV === 'production' &&\n      this.config.jwtSecret.length < 32\n    ) {\n      throw new Error(\n        'JWT_SECRET is too short (' + (this.config.jwtSecret.length) + ' chars, minimum 32 required in production)'\n      );\n    }\n  }\n\n  /**\n   * 用户注册\n   */\n  async signUp(\n    email: string,\n    password: string,\n    username?: string,\n    role: UserRole = 'USER'\n  ): Promise<AuthResult> {\n    try {\n      // 检查用户是否已存在\n      const existingUser = await this.config.db\n        .select()\n        .from(user)\n        .where(eq(user.email, email))\n        .limit(1);\n\n      if (existingUser.length > 0) {\n        throw new Error('用户已存在');\n      }\n\n      // 哈希密码\n      const hashedPassword = await hashPassword(password, this.config.saltRounds);\n\n      // 创建用户\n      const [newUser] = await this.config.db\n        .insert(user)\n        .values({\n          id: randomBytes(16).toString('hex'),\n          email,\n          password: hashedPassword,\n          username: username || email.split('@')[0],\n          role,\n          emailVerified: false,\n          createdAt: new Date().toISOString(),\n          updatedAt: new Date().toISOString(),\n        })\n        .returning();\n\n      // 生成 JWT token\n      const token = generateToken(\n        {\n          userId: newUser.id,\n          email: newUser.email,\n          role: newUser.role as UserRole,\n        },\n        this.config.jwtSecret,\n        this.config.jwtExpiresIn\n      );\n\n      // 创建会话\n      await this.createSession(newUser.id, token);\n\n      return {\n        user: {\n          id: newUser.id,\n          email: newUser.email,\n          username: newUser.username,\n          role: newUser.role as UserRole,\n        },\n        token,\n      };\n    } catch (error) {\n      throw error;\n    }\n  }\n\n  /**\n   * 用户登录\n   */\n  async signIn(email: string, password: string): Promise<AuthResult> {\n    try {\n      // 查找用户\n      const [foundUser] = await this.config.db\n        .select()\n        .from(user)\n        .where(eq(user.email, email))\n        .limit(1);\n\n      if (!foundUser) {\n        throw new Error('邮箱或密码错误');\n      }\n\n      // 验证密码\n      if (!foundUser.password) {\n        throw new Error('用户密码未设置');\n      }\n\n      const isPasswordValid = await verifyPassword(password, foundUser.password);\n      if (!isPasswordValid) {\n        throw new Error('邮箱或密码错误');\n      }\n\n      // 生成 JWT token\n      const token = generateToken(\n        {\n          userId: foundUser.id,\n          email: foundUser.email,\n          role: foundUser.role as UserRole,\n        },\n        this.config.jwtSecret,\n        this.config.jwtExpiresIn\n      );\n\n      // 创建会话\n      await this.createSession(foundUser.id, token);\n\n      return {\n        user: {\n          id: foundUser.id,\n          email: foundUser.email,\n          username: foundUser.username,\n          role: foundUser.role as UserRole,\n        },\n        token,\n      };\n    } catch (error) {\n      throw error;\n    }\n  }\n\n  /**\n   * 验证 Token\n   */\n  async verifyToken(token: string): Promise<VerifyResult> {\n    try {\n      // 验证 JWT\n      const decoded = verifyJwtToken(token, this.config.jwtSecret);\n\n      // 检查会话是否存在且未过期\n      const [foundSession] = await this.config.db\n        .select()\n        .from(session)\n        .where(\n          and(eq(session.token, token), gt(session.expiresAt, new Date().toISOString()))\n        )\n        .limit(1);\n\n      if (!foundSession) {\n        throw new Error('会话无效或已过期');\n      }\n\n      // 获取用户信息\n      const [foundUser] = await this.config.db\n        .select()\n        .from(user)\n        .where(eq(user.id, decoded.userId))\n        .limit(1);\n\n      if (!foundUser) {\n        throw new Error('用户不存在');\n      }\n\n      return {\n        user: {\n          id: foundUser.id,\n          email: foundUser.email,\n          username: foundUser.username,\n          role: foundUser.role as UserRole,\n        },\n        session: foundSession as SessionInfo,\n      };\n    } catch (error) {\n      throw error;\n    }\n  }\n\n  /**\n   * 创建会话\n   */\n  async createSession(\n    userId: string,\n    token: string,\n    ipAddress?: string,\n    userAgent?: string\n  ): Promise<void> {\n    const expiresAt = new Date();\n    expiresAt.setDate(expiresAt.getDate() + 7); // 7天后过期\n\n    await this.config.db.insert(session).values({\n      id: randomBytes(16).toString('hex'),\n      userId,\n      token,\n      expiresAt: expiresAt.toISOString(),\n      ipAddress,\n      userAgent,\n      createdAt: new Date().toISOString(),\n      updatedAt: new Date().toISOString(),\n    });\n  }\n\n  /**\n   * 删除会话（登出）\n   */\n  async signOut(token: string): Promise<{ success: boolean }> {\n    try {\n      await this.config.db.delete(session).where(eq(session.token, token));\n      return { success: true };\n    } catch (error) {\n      throw error;\n    }\n  }\n\n  /**\n   * 获取会话\n   */\n  async getSession(token: string): Promise<VerifyResult | null> {\n    try {\n      return await this.verifyToken(token);\n    } catch (error) {\n      return null;\n    }\n  }\n\n  /**\n   * 检查管理员权限\n   */\n  async requireAdmin(token: string): Promise<VerifyResult> {\n    const result = await this.verifyToken(token);\n    if (!['ADMIN', 'SUPER_ADMIN'].includes(result.user.role)) {\n      throw new Error('需要管理员权限');\n    }\n    return result;\n  }\n\n  /**\n   * 检查超级管理员权限\n   */\n  async requireSuperAdmin(token: string): Promise<VerifyResult> {\n    const result = await this.verifyToken(token);\n    if (result.user.role !== 'SUPER_ADMIN') {\n      throw new Error('需要超级管理员权限');\n    }\n    return result;\n  }\n\n  /**\n   * 通过用户 ID 获取用户信息\n   */\n  async getUserById(userId: string): Promise<UserInfo | null> {\n    try {\n      const [foundUser] = await this.config.db\n        .select()\n        .from(user)\n        .where(eq(user.id, userId))\n        .limit(1);\n\n      if (!foundUser) {\n        return null;\n      }\n\n      return {\n        id: foundUser.id,\n        email: foundUser.email,\n        username: foundUser.username,\n        role: foundUser.role as UserRole,\n      };\n    } catch (error) {\n      return null;\n    }\n  }\n\n  /**\n   * 通过邮箱获取用户信息\n   */\n  async getUserByEmail(email: string): Promise<UserInfo | null> {\n    try {\n      const [foundUser] = await this.config.db\n        .select()\n        .from(user)\n        .where(eq(user.email, email))\n        .limit(1);\n\n      if (!foundUser) {\n        return null;\n      }\n\n      return {\n        id: foundUser.id,\n        email: foundUser.email,\n        username: foundUser.username,\n        role: foundUser.role as UserRole,\n      };\n    } catch (error) {\n      return null;\n    }\n  }\n}\n\n"]}

package/dist/drizzle-auth-service-D-pljzCD.d.mts

@@ -1,145 +0,0 @@
-import { U as UserRole } from './enums-Dume-V5Y.mjs';
-
-/**
- * Auth Services - Types
- * 认证服务类型定义
- */
-
-/**
- * 认证服务配置
- */
-interface AuthServiceConfig {
-    /**
-     * Drizzle 数据库实例
-     */
-    db: any;
-    /**
-     * JWT 密钥
-     */
-    jwtSecret: string;
-    /**
-     * JWT 过期时间 (默认: '7d')
-     */
-    jwtExpiresIn?: string;
-    /**
-     * bcrypt 加密轮数 (默认: 12)
-     */
-    saltRounds?: number;
-    /**
-     * 是否在生产环境检查密钥强度 (默认: true)
-     */
-    checkSecretStrength?: boolean;
-}
-/**
- * 用户信息（返回给客户端的精简版）
- */
-interface UserInfo {
-    id: string;
-    email: string;
-    username: string;
-    role: UserRole;
-}
-/**
- * 认证结果
- */
-interface AuthResult {
-    user: UserInfo;
-    token: string;
-}
-/**
- * 会话信息
- */
-interface SessionInfo {
-    id: string;
-    userId: string;
-    token: string;
-    expiresAt: string;
-    ipAddress?: string | null;
-    userAgent?: string | null;
-}
-/**
- * 验证结果
- */
-interface VerifyResult {
-    user: UserInfo;
-    session: SessionInfo;
-}
-
-/**
- * Auth Services - Drizzle Auth Service
- * 基于 Drizzle ORM 的认证服务
- */
-
-/**
- * Drizzle 认证服务类
- *
- * @example
- * ```typescript
- * import { DrizzleAuthService } from '@qhr123/sa2kit/auth/services';
- * import { db } from './db';
- *
- * const authService = new DrizzleAuthService({
- *   db,
- *   jwtSecret: process.env.JWT_SECRET!,
- *   jwtExpiresIn: '7d',
- * });
- *
- * // 用户注册
- * const result = await authService.signUp('user@example.com', 'password123', 'username');
- *
- * // 用户登录
- * const loginResult = await authService.signIn('user@example.com', 'password123');
- * ```
- */
-declare class DrizzleAuthService {
-    private config;
-    constructor(config: AuthServiceConfig);
-    /**
-     * 验证配置
-     */
-    private validateConfig;
-    /**
-     * 用户注册
-     */
-    signUp(email: string, password: string, username?: string, role?: UserRole): Promise<AuthResult>;
-    /**
-     * 用户登录
-     */
-    signIn(email: string, password: string): Promise<AuthResult>;
-    /**
-     * 验证 Token
-     */
-    verifyToken(token: string): Promise<VerifyResult>;
-    /**
-     * 创建会话
-     */
-    createSession(userId: string, token: string, ipAddress?: string, userAgent?: string): Promise<void>;
-    /**
-     * 删除会话（登出）
-     */
-    signOut(token: string): Promise<{
-        success: boolean;
-    }>;
-    /**
-     * 获取会话
-     */
-    getSession(token: string): Promise<VerifyResult | null>;
-    /**
-     * 检查管理员权限
-     */
-    requireAdmin(token: string): Promise<VerifyResult>;
-    /**
-     * 检查超级管理员权限
-     */
-    requireSuperAdmin(token: string): Promise<VerifyResult>;
-    /**
-     * 通过用户 ID 获取用户信息
-     */
-    getUserById(userId: string): Promise<UserInfo | null>;
-    /**
-     * 通过邮箱获取用户信息
-     */
-    getUserByEmail(email: string): Promise<UserInfo | null>;
-}
-
-export { type AuthServiceConfig as A, DrizzleAuthService as D, type SessionInfo as S, type UserInfo as U, type VerifyResult as V, type AuthResult as a };

package/dist/drizzle-auth-service-D3qryE_I.d.ts

@@ -1,145 +0,0 @@
-import { U as UserRole } from './enums-Dume-V5Y.js';
-
-/**
- * Auth Services - Types
- * 认证服务类型定义
- */
-
-/**
- * 认证服务配置
- */
-interface AuthServiceConfig {
-    /**
-     * Drizzle 数据库实例
-     */
-    db: any;
-    /**
-     * JWT 密钥
-     */
-    jwtSecret: string;
-    /**
-     * JWT 过期时间 (默认: '7d')
-     */
-    jwtExpiresIn?: string;
-    /**
-     * bcrypt 加密轮数 (默认: 12)
-     */
-    saltRounds?: number;
-    /**
-     * 是否在生产环境检查密钥强度 (默认: true)
-     */
-    checkSecretStrength?: boolean;
-}
-/**
- * 用户信息（返回给客户端的精简版）
- */
-interface UserInfo {
-    id: string;
-    email: string;
-    username: string;
-    role: UserRole;
-}
-/**
- * 认证结果
- */
-interface AuthResult {
-    user: UserInfo;
-    token: string;
-}
-/**
- * 会话信息
- */
-interface SessionInfo {
-    id: string;
-    userId: string;
-    token: string;
-    expiresAt: string;
-    ipAddress?: string | null;
-    userAgent?: string | null;
-}
-/**
- * 验证结果
- */
-interface VerifyResult {
-    user: UserInfo;
-    session: SessionInfo;
-}
-
-/**
- * Auth Services - Drizzle Auth Service
- * 基于 Drizzle ORM 的认证服务
- */
-
-/**
- * Drizzle 认证服务类
- *
- * @example
- * ```typescript
- * import { DrizzleAuthService } from '@qhr123/sa2kit/auth/services';
- * import { db } from './db';
- *
- * const authService = new DrizzleAuthService({
- *   db,
- *   jwtSecret: process.env.JWT_SECRET!,
- *   jwtExpiresIn: '7d',
- * });
- *
- * // 用户注册
- * const result = await authService.signUp('user@example.com', 'password123', 'username');
- *
- * // 用户登录
- * const loginResult = await authService.signIn('user@example.com', 'password123');
- * ```
- */
-declare class DrizzleAuthService {
-    private config;
-    constructor(config: AuthServiceConfig);
-    /**
-     * 验证配置
-     */
-    private validateConfig;
-    /**
-     * 用户注册
-     */
-    signUp(email: string, password: string, username?: string, role?: UserRole): Promise<AuthResult>;
-    /**
-     * 用户登录
-     */
-    signIn(email: string, password: string): Promise<AuthResult>;
-    /**
-     * 验证 Token
-     */
-    verifyToken(token: string): Promise<VerifyResult>;
-    /**
-     * 创建会话
-     */
-    createSession(userId: string, token: string, ipAddress?: string, userAgent?: string): Promise<void>;
-    /**
-     * 删除会话（登出）
-     */
-    signOut(token: string): Promise<{
-        success: boolean;
-    }>;
-    /**
-     * 获取会话
-     */
-    getSession(token: string): Promise<VerifyResult | null>;
-    /**
-     * 检查管理员权限
-     */
-    requireAdmin(token: string): Promise<VerifyResult>;
-    /**
-     * 检查超级管理员权限
-     */
-    requireSuperAdmin(token: string): Promise<VerifyResult>;
-    /**
-     * 通过用户 ID 获取用户信息
-     */
-    getUserById(userId: string): Promise<UserInfo | null>;
-    /**
-     * 通过邮箱获取用户信息
-     */
-    getUserByEmail(email: string): Promise<UserInfo | null>;
-}
-
-export { type AuthServiceConfig as A, DrizzleAuthService as D, type SessionInfo as S, type UserInfo as U, type VerifyResult as V, type AuthResult as a };

package/dist/index-Bnh6VqFv.d.ts

@@ -1,35 +0,0 @@
-import { useAuth, useAuthForm } from './auth/hooks/index.js';
-import { B as BaseApiClient } from './base-api-client-B3wZZoaH.js';
-import { API_ROUTES, STORAGE_KEYS } from './auth/client/index.js';
-import { L as LoginFormState, R as RegisterFormState } from './types-C5vUWf9u.js';
-import { b as ApiResponse, c as AuthResponse, A as AuthResult, B as BaseUser, I as IAuthClient, L as LoginForm, R as RegisterForm, a as UseAuthReturn, U as User } from './types-C_W_CoUD.js';
-import { U as UserRole } from './enums-Dume-V5Y.js';
-
-/**
- * @package sa2kit/common/auth
- *
- * Browser / client 安全入口（R2-211）。
- */
-
-declare const index_API_ROUTES: typeof API_ROUTES;
-declare const index_ApiResponse: typeof ApiResponse;
-declare const index_AuthResponse: typeof AuthResponse;
-declare const index_AuthResult: typeof AuthResult;
-declare const index_BaseApiClient: typeof BaseApiClient;
-declare const index_BaseUser: typeof BaseUser;
-declare const index_IAuthClient: typeof IAuthClient;
-declare const index_LoginForm: typeof LoginForm;
-declare const index_LoginFormState: typeof LoginFormState;
-declare const index_RegisterForm: typeof RegisterForm;
-declare const index_RegisterFormState: typeof RegisterFormState;
-declare const index_STORAGE_KEYS: typeof STORAGE_KEYS;
-declare const index_UseAuthReturn: typeof UseAuthReturn;
-declare const index_User: typeof User;
-declare const index_UserRole: typeof UserRole;
-declare const index_useAuth: typeof useAuth;
-declare const index_useAuthForm: typeof useAuthForm;
-declare namespace index {
-  export { index_API_ROUTES as API_ROUTES, index_ApiResponse as ApiResponse, index_AuthResponse as AuthResponse, index_AuthResult as AuthResult, index_BaseApiClient as BaseApiClient, index_BaseUser as BaseUser, index_IAuthClient as IAuthClient, index_LoginForm as LoginForm, index_LoginFormState as LoginFormState, index_RegisterForm as RegisterForm, index_RegisterFormState as RegisterFormState, index_STORAGE_KEYS as STORAGE_KEYS, index_UseAuthReturn as UseAuthReturn, index_User as User, index_UserRole as UserRole, index_useAuth as useAuth, index_useAuthForm as useAuthForm };
-}
-
-export { index as i };