sonamu 0.9.2 → 0.9.4

package/src/auth/audit-log-ingestor.ts

@@ -0,0 +1,233 @@
+import { createHash } from "node:crypto";
+
+import { type Knex } from "knex";
+
+import { type AuditLogEvent } from "./audit-log/events";
+
+const AUDIT_EVENT_SOURCE = "better_auth";
+const AUDIT_EVENT_SOURCE_VERSION = "better-auth|@better-auth/infra";
+
+const SESSION_EVENT_TYPES = new Set<string>([
+  "user_signed_in",
+  "user_signed_out",
+  "user_sign_in_failed",
+  "session_created",
+  "session_revoked",
+  "all_sessions_revoked",
+  "user_impersonated",
+  "user_impersonated_stopped",
+]);
+
+const ACCOUNT_EVENT_TYPES = new Set<string>([
+  "account_linked",
+  "account_unlinked",
+  "password_changed",
+
+  // @better-auth/infra@0.1.14 기준 EVENT_TYPES 상수에는 정의되어 있으나 실제 trackEvent() 호출이 없는 미구현 이벤트임
+  // 향후 버전에서 emit될 경우를 대비해 account로 임시 등록
+  "two_factor_enabled",
+  "two_factor_disabled",
+  "two_factor_verified",
+]);
+
+const VERIFICATION_EVENT_TYPES = new Set<string>([
+  "email_verification_sent",
+  "password_reset_requested",
+  "password_reset_completed",
+]);
+
+const SECURITY_EVENT_TYPES = new Set<string>([
+  "security_blocked",
+  "security_allowed",
+  "security_challenged",
+  "security_stale_account",
+]);
+
+const USER_EVENT_TYPES = new Set<string>([
+  "user_created",
+  "profile_updated",
+  "profile_image_updated",
+  "email_verified",
+  "user_banned",
+  "user_unbanned",
+  "user_deleted",
+]);
+
+function pickString(source: Record<string, unknown>, key: string): string | null {
+  const value = source[key];
+  return typeof value === "string" ? value : null;
+}
+
+function pickFirstString(source: Record<string, unknown>, keys: readonly string[]): string | null {
+  for (const key of keys) {
+    const value = pickString(source, key);
+    if (value !== null) {
+      return value;
+    }
+  }
+  return null;
+}
+
+function parseOccurredAt(raw: unknown): Date {
+  if (raw instanceof Date && !Number.isNaN(raw.getTime())) {
+    return raw;
+  }
+  if (typeof raw === "string") {
+    const parsed = new Date(raw);
+    if (!Number.isNaN(parsed.getTime())) {
+      return parsed;
+    }
+  }
+  return new Date();
+}
+
+function classifyCategory(
+  eventType: string,
+): "user" | "session" | "account" | "verification" | "organization" | "security" {
+  if (eventType.startsWith("organization_")) {
+    return "organization";
+  }
+  if (SESSION_EVENT_TYPES.has(eventType)) {
+    return "session";
+  }
+  if (ACCOUNT_EVENT_TYPES.has(eventType)) {
+    return "account";
+  }
+  if (VERIFICATION_EVENT_TYPES.has(eventType)) {
+    return "verification";
+  }
+  if (SECURITY_EVENT_TYPES.has(eventType)) {
+    return "security";
+  }
+  if (USER_EVENT_TYPES.has(eventType)) {
+    return "user";
+  }
+  return "user";
+}
+
+function computeDedupeKey(parts: {
+  source: string;
+  event_type: string;
+  event_key: string;
+  actor_user_id: string | null;
+  subject_user_id: string | null;
+  organization_id: string | null;
+  team_id: string | null;
+  session_id: string | null;
+  identifier: string | null;
+  reason: string | null;
+  action: string | null;
+  occurred_at: Date;
+}): string {
+  const norm = (v: string | null): string => v ?? "";
+  const raw = [
+    parts.source,
+    parts.event_type,
+    parts.event_key,
+    norm(parts.actor_user_id),
+    norm(parts.subject_user_id),
+    norm(parts.organization_id),
+    norm(parts.team_id),
+    norm(parts.session_id),
+    norm(parts.identifier),
+    norm(parts.reason),
+    norm(parts.action),
+    parts.occurred_at.toISOString(),
+  ].join("|");
+  return createHash("sha256").update(raw).digest("hex");
+}
+
+/**
+ * sonamuAuditLog 플러그인이 구성한 AuditLogEvent를 audit_events 테이블에 적재합니다.
+ * ON CONFLICT (dedupe_key) DO NOTHING으로 중복을 silent 무시합니다.
+ * auth.plugins에 sonamuAuditLog() 추가 시 sonamu 내부에서 자동으로 호출됩니다.
+ */
+export async function ingestAuditEvent(db: Knex, event: AuditLogEvent): Promise<void> {
+  const eventData = event.eventData;
+  const occurred_at = parseOccurredAt(eventData["occurredAt"]);
+
+  const actor_user_id = pickString(eventData, "triggeredBy");
+  const subject_user_id = pickFirstString(eventData, [
+    "userId",
+    "userid",
+    "acceptedById",
+    "rejectedById",
+  ]);
+  const organization_id = pickString(eventData, "organizationId");
+  const team_id = pickFirstString(eventData, ["teamId", "inviteeTeamId"]);
+  const session_id = pickString(eventData, "sessionId");
+  const provider_id = pickString(eventData, "providerId");
+  const login_method = pickString(eventData, "loginMethod");
+  const identifier = pickFirstString(eventData, [
+    "identifier",
+    "userEmail",
+    "memberEmail",
+    "inviteeEmail",
+    "acceptedByEmail",
+    "rejectedByEmail",
+  ]);
+  const visitor_id = pickString(eventData, "visitorId");
+  const reason = pickFirstString(eventData, ["reason", "banReason"]);
+  const action = pickString(eventData, "action");
+  const trigger_context = pickString(eventData, "triggerContext");
+  const user_agent = pickString(eventData, "userAgent");
+
+  const ip_address = event.ipAddress ?? null;
+  const city = event.city ?? null;
+  const country = event.country ?? null;
+  const country_code = event.countryCode ?? null;
+
+  const category = classifyCategory(event.eventType);
+  const dedupe_key = computeDedupeKey({
+    source: AUDIT_EVENT_SOURCE,
+    event_type: event.eventType,
+    event_key: event.eventKey,
+    actor_user_id,
+    subject_user_id,
+    organization_id,
+    team_id,
+    session_id,
+    identifier,
+    reason,
+    action,
+    occurred_at,
+  });
+
+  // ON CONFLICT DO NOTHING: dedupe_key UNIQUE 위반을 silent 무시.
+  // try/catch 방식은 PG 커넥션을 aborted 상태로 만드므로 사용하지 않는다.
+  const inserted = await db("audit_events")
+    .insert({
+      source: AUDIT_EVENT_SOURCE,
+      source_version: AUDIT_EVENT_SOURCE_VERSION,
+      category,
+      event_type: event.eventType,
+      event_key: event.eventKey,
+      dedupe_key,
+      actor_user_id,
+      subject_user_id,
+      organization_id,
+      team_id,
+      session_id,
+      provider_id,
+      login_method,
+      identifier,
+      visitor_id,
+      reason,
+      action,
+      trigger_context,
+      ip_address,
+      country_code,
+      country,
+      city,
+      user_agent,
+      payload_json: eventData,
+      occurred_at,
+    })
+    .onConflict("dedupe_key")
+    .ignore()
+    .returning("dedupe_key");
+
+  if (inserted.length === 0) {
+    return; // silent dedupe
+  }
+}

package/src/auth/index.ts

@@ -1,5 +1,8 @@
 export type { GenerateBetterAuthEntitiesOptions } from "./auth-generator";
 export { generateBetterAuthEntities } from "./auth-generator";
+export { ingestAuditEvent } from "./audit-log-ingestor";
+export { type AuditLogEvent } from "./audit-log/events";
+export { sonamuAuditLog } from "./audit-log/plugin";
 export { BASE_FIELD_MAPPINGS, betterAuthV1 } from "./better-auth-entities";
 export { sonamuKnexAdapter } from "./knex-adapter";
 

package/src/auth/plugins/entity-definitions/admin.ts

@@ -10,7 +10,7 @@ import { type BetterAuthEntityDef } from "./types";
  * - role: 사용자 역할 (기본값: "user")
  * - banned: 차단 여부
  * - ban_reason: 차단 사유
- * - ban_expires: 차단 만료 시간 (Unix timestamp)
+ * - ban_expires: 차단 만료 시간 (Date)
  *
  * Session 테이블:
  * - impersonated_by: 대리 로그인한 관리자 ID
@@ -43,9 +43,9 @@ export const adminEntityDef: BetterAuthEntityDef = {
       },
       {
         name: "ban_expires",
-        type: "bigInteger",
+        type: "date",
         nullable: true,
-        desc: "차단 만료 (Unix timestamp)",
+        desc: "차단 만료",
       },
     ],
     Session: [

package/src/auth/plugins/entity-definitions/audit-log.ts

@@ -0,0 +1,171 @@
+import { type BetterAuthEntityDef } from "./types";
+
+/**
+ * better-auth AuditLog 플러그인 엔티티 정의
+ *
+ * auth.plugins에 sonamuAuditLog() 추가 시 audit_events 테이블이 사용됩니다.
+ * - sonamuAuditLog 플러그인이 Better Auth databaseHooks/organizationHooks/middleware에서 수신한 이벤트를 1건씩 적재합니다.
+ * - dedupe_key(sha256 hex)로 중복 적재를 방지합니다.
+ *
+ * 생성 방법: pnpm sonamu auth generate --plugins audit-log
+ */
+export const auditLogEntityDef: BetterAuthEntityDef = {
+  id: "audit-log",
+  name: "AuditLog",
+  entities: [
+    {
+      id: "AuditEvent",
+      table: "audit_events",
+      title: "감사이벤트",
+      props: [
+        { name: "id", type: "integer", desc: "ID" },
+        { name: "source", type: "string", length: 32, desc: "이벤트 소스" },
+        { name: "source_version", type: "string", length: 96, nullable: true, desc: "소스 버전" },
+        { name: "category", type: "enum", id: "AuditEventCategory", desc: "카테고리" },
+        { name: "event_type", type: "string", length: 64, desc: "이벤트 타입" },
+        { name: "event_key", type: "string", length: 191, desc: "이벤트 키" },
+        { name: "dedupe_key", type: "string", length: 64, desc: "중복 제거 키" },
+        {
+          name: "actor_user_id",
+          type: "string",
+          length: 191,
+          nullable: true,
+          desc: "액터 사용자 ID",
+        },
+        {
+          name: "subject_user_id",
+          type: "string",
+          length: 191,
+          nullable: true,
+          desc: "대상 사용자 ID",
+        },
+        {
+          name: "organization_id",
+          type: "string",
+          length: 191,
+          nullable: true,
+          desc: "조직 ID",
+        },
+        { name: "team_id", type: "string", length: 191, nullable: true, desc: "팀 ID" },
+        { name: "session_id", type: "string", length: 191, nullable: true, desc: "세션 ID" },
+        { name: "provider_id", type: "string", length: 64, nullable: true, desc: "프로바이더 ID" },
+        { name: "login_method", type: "string", length: 64, nullable: true, desc: "로그인 방식" },
+        { name: "identifier", type: "string", length: 255, nullable: true, desc: "식별자" },
+        { name: "visitor_id", type: "string", length: 191, nullable: true, desc: "방문자 ID" },
+        { name: "reason", type: "string", length: 128, nullable: true, desc: "사유" },
+        { name: "action", type: "string", length: 64, nullable: true, desc: "액션" },
+        {
+          name: "trigger_context",
+          type: "string",
+          length: 64,
+          nullable: true,
+          desc: "트리거 컨텍스트",
+        },
+        { name: "ip_address", type: "string", length: 45, nullable: true, desc: "IP 주소" },
+        { name: "country_code", type: "string", length: 8, nullable: true, desc: "국가 코드" },
+        { name: "country", type: "string", length: 100, nullable: true, desc: "국가" },
+        { name: "city", type: "string", length: 100, nullable: true, desc: "도시" },
+        { name: "user_agent", type: "string", nullable: true, desc: "User-Agent" },
+        { name: "payload_json", type: "json", id: "AuditEventPayload", desc: "원본 payload" },
+        { name: "occurred_at", type: "date", desc: "발생 시각" },
+        {
+          name: "ingested_at",
+          type: "date",
+          dbDefault: "CURRENT_TIMESTAMP",
+          desc: "적재 시각",
+        },
+      ],
+      indexes: [
+        {
+          type: "unique",
+          name: "audit_events_dedupe_key_unique",
+          columns: [{ name: "dedupe_key" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_occurred_at_index",
+          columns: [{ name: "occurred_at" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_event_type_occurred_at_index",
+          columns: [{ name: "event_type" }, { name: "occurred_at" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_subject_user_id_occurred_at_index",
+          columns: [{ name: "subject_user_id" }, { name: "occurred_at" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_actor_user_id_occurred_at_index",
+          columns: [{ name: "actor_user_id" }, { name: "occurred_at" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_organization_id_occurred_at_index",
+          columns: [{ name: "organization_id" }, { name: "occurred_at" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_team_id_occurred_at_index",
+          columns: [{ name: "team_id" }, { name: "occurred_at" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_session_id_index",
+          columns: [{ name: "session_id" }],
+        },
+        {
+          type: "index",
+          name: "audit_events_reason_occurred_at_index",
+          columns: [{ name: "reason" }, { name: "occurred_at" }],
+        },
+      ],
+      subsets: {
+        A: [
+          "id",
+          "source",
+          "source_version",
+          "category",
+          "event_type",
+          "event_key",
+          "dedupe_key",
+          "actor_user_id",
+          "subject_user_id",
+          "organization_id",
+          "team_id",
+          "session_id",
+          "provider_id",
+          "login_method",
+          "identifier",
+          "visitor_id",
+          "reason",
+          "action",
+          "trigger_context",
+          "ip_address",
+          "country_code",
+          "country",
+          "city",
+          "user_agent",
+          "payload_json",
+          "occurred_at",
+          "ingested_at",
+        ],
+      },
+      enums: {
+        AuditEventOrderBy: { "id-desc": "ID최신순" },
+        AuditEventSearchField: { id: "ID" },
+        AuditEventCategory: {
+          user: "사용자",
+          session: "세션",
+          account: "계정",
+          verification: "인증",
+          organization: "조직",
+          security: "보안",
+        },
+      },
+    },
+  ],
+  additionalProps: {},
+};

package/src/auth/plugins/entity-definitions/index.ts

@@ -1,6 +1,7 @@
 export { adminEntityDef } from "./admin";
 export { anonymousEntityDef } from "./anonymous";
 export { apiKeyEntityDef } from "./api-key";
+export { auditLogEntityDef } from "./audit-log";
 export { jwtEntityDef } from "./jwt";
 export { organizationEntityDef } from "./organization";
 export { passkeyEntityDef } from "./passkey";
@@ -13,6 +14,7 @@ export { usernameEntityDef } from "./username";
 import { adminEntityDef } from "./admin";
 import { anonymousEntityDef } from "./anonymous";
 import { apiKeyEntityDef } from "./api-key";
+import { auditLogEntityDef } from "./audit-log";
 import { jwtEntityDef } from "./jwt";
 import { organizationEntityDef } from "./organization";
 import { passkeyEntityDef } from "./passkey";
@@ -37,6 +39,7 @@ export const ENTITY_DEFINITIONS: Record<BetterAuthPluginId, BetterAuthEntityDef>
   "api-key": apiKeyEntityDef,
   jwt: jwtEntityDef,
   anonymous: anonymousEntityDef,
+  "audit-log": auditLogEntityDef,
 };
 
 /**

package/src/auth/plugins/entity-definitions/types.ts

@@ -14,7 +14,8 @@ export type BetterAuthPluginId =
   | "organization"
   | "api-key"
   | "jwt"
-  | "anonymous";
+  | "anonymous"
+  | "audit-log";
 
 /**
  * better-auth 엔티티 정의

package/src/bin/fixture.ts

@@ -22,6 +22,23 @@ interface FixtureCommandOptions {
   "no-cache"?: boolean;
 }
 
+/**
+ * username을 일반적인 규칙(영문자 시작, 영문자/숫자만, 1-20자)에 맞도록 정규화합니다.
+ */
+function sanitizeUsername(raw: string): string {
+  // 소문자 변환 후 영문자/숫자 외 문자 제거
+  let username = raw.toLowerCase().replace(/[^a-z0-9]/g, "");
+  if (username.length === 0) {
+    username = "user";
+  }
+  // 첫 글자가 숫자면 'u' 접두어 추가
+  if (/^[0-9]/.test(username)) {
+    username = `u${username}`;
+  }
+  // 20자 초과 시 truncate
+  return username.slice(0, 20);
+}
+
 /**
  * fixture gen 명령어 - cone 메타데이터를 활용하여 자동으로 fixture를 생성합니다.
  */
@@ -76,6 +93,132 @@ export async function fixtureGenCommand(options: FixtureCommandOptions) {
       count = result.count;
     }
 
+    // User 엔티티가 포함된 경우: 로그인 가능/확인용 분기 선택
+    const hasUser = entityNames.includes("User");
+
+    if (hasUser) {
+      const userModeResult = await prompts({
+        type: "select",
+        name: "userMode",
+        message: "User 엔티티가 포함되어 있습니다. 생성 방식을 선택하세요:",
+        choices: [
+          { title: "1. 로그인 가능한 사용자 fixture 생성", value: "login" },
+          { title: "2. 확인용 데이터(로그인 불가) 생성", value: "dummy" },
+        ],
+      });
+
+      if (!userModeResult.userMode) {
+        console.log(chalk.yellow("취소되었습니다."));
+        return;
+      }
+
+      if (userModeResult.userMode === "login") {
+        // LLM 사용 여부
+        let useLLM = options["use-llm"] ?? false;
+        if (!options["use-llm"]) {
+          const llmResult = await prompts({
+            type: "confirm",
+            name: "useLLM",
+            message:
+              "LLM으로 더 현실적인 데이터를 생성할까요? (fixtureHint 기반, ANTHROPIC_API_KEY 필요)",
+            initial: false,
+          });
+          useLLM = llmResult.useLLM ?? false;
+        }
+
+        const enableLLMCache = !options["no-cache"];
+        const DEFAULT_PASSWORD = "Test1234!";
+
+        // 로그인 가능 경로에서는 sourceDb로 development_master 사용
+        const sourceDb = DB.getDB("r");
+        const generator = new FixtureGenerator(
+          sourceDb,
+          sourceDb,
+          "production_master",
+          EntityManager,
+          { useLLM, enableLLMCache },
+        );
+
+        const createdCredentials: Array<{ email: string; password: string }> = [];
+        const basePath = Sonamu.config.server.auth?.basePath ?? "/api/auth";
+
+        if (useLLM) {
+          console.log(
+            chalk.cyan(
+              `\nLLM 모드로 로그인 가능한 사용자 ${count}명 생성 중... (캐싱: ${enableLLMCache ? "ON" : "OFF"})`,
+            ),
+          );
+        } else {
+          console.log(chalk.cyan(`\n로그인 가능한 사용자 ${count}명 생성 중...`));
+        }
+
+        for (let i = 0; i < count; i++) {
+          const userData = await generator.generate("User");
+
+          const name = String(userData.name ?? "");
+          const email = String(userData.email ?? "");
+          const username = sanitizeUsername(String(userData.username ?? ""));
+          const displayUsername =
+            userData.display_username !== undefined ? String(userData.display_username) : undefined;
+
+          const body: Record<string, unknown> = {
+            name,
+            email,
+            username,
+            password: DEFAULT_PASSWORD,
+          };
+          if (displayUsername !== undefined) {
+            body.display_username = displayUsername;
+          }
+
+          const req = new Request(`http://localhost${basePath}/sign-up/email`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(body),
+          });
+
+          const response = await Sonamu.auth.handler(req);
+
+          if (!response.ok) {
+            const responseData = (await response.json()) as Record<string, unknown>;
+            const code = typeof responseData.code === "string" ? responseData.code : undefined;
+            if (code === "USER_ALREADY_EXISTS") {
+              console.log(chalk.yellow(`  ⚠️  ${email} 이미 존재 - 건너뜁니다.`));
+              continue;
+            }
+            console.log(chalk.red(`  ❌ ${email} 생성 실패: ${JSON.stringify(responseData)}`));
+            continue;
+          }
+
+          createdCredentials.push({ email, password: DEFAULT_PASSWORD });
+          console.log(chalk.green(`  ✅ ${email} 생성 완료`));
+        }
+
+        // email_verified = true 직접 업데이트 (dev 편의)
+        if (createdCredentials.length > 0) {
+          const emails = createdCredentials.map((c) => c.email);
+          await DB.getDB("w")("users").whereIn("email", emails).update({ email_verified: true });
+          console.log(chalk.green(`\nemail_verified = true 업데이트 완료`));
+        }
+
+        if (useLLM) {
+          const stats = generator.getLLMCacheStats();
+          console.log(chalk.cyan(`[LLM Cache] 캐시 크기: ${stats.size}`));
+        }
+
+        console.log(
+          chalk.green(`\n✅ ${createdCredentials.length}명의 로그인 가능한 사용자 생성 완료`),
+        );
+        if (createdCredentials.length > 0) {
+          console.log("\n생성된 계정 목록:");
+          console.table(createdCredentials);
+        }
+
+        return;
+      }
+      // userMode === "dummy": 기존 generateBatch() 흐름 계속
+    }
+
     let saveTarget = options["save-to"] || "db";
     if (!options["save-to"]) {
       const result = await prompts({

package/src/database/_batch_update.ts

@@ -15,7 +15,7 @@ export type RowWithId<Id extends string> = {
 
 /**
  * Batch update rows in a table. Technically its a patch since it only updates the specified columns. Any omitted columns will not be affected
- * @param db
+ * @param knex
  * @param tableName
  * @param ids
  * @param rows

package/src/entity/entity-manager.ts

@@ -267,9 +267,16 @@ class EntityManagerClass {
    * @returns
    */
   getEntityIdFromPath(filePath: AbsolutePath): string {
-    const matched = filePath.match(/application\/(.+)\//);
-    assert(matched?.[1]);
-    return inflection.camelize(matched[1].replace(/-/g, "_"));
+    const fileName = path.basename(filePath);
+    const supportedSuffixes = [".model.ts", ".model.js", ".entity.json", ".frame.ts", ".frame.js"];
+    const matchedSuffix = supportedSuffixes.find((suffix) => fileName.endsWith(suffix));
+
+    assert(matchedSuffix, `지원하지 않는 entity 경로입니다: ${filePath}`);
+
+    const entityBaseName = fileName.slice(0, -matchedSuffix.length);
+    assert(entityBaseName.length > 0, `EntityId를 계산할 수 없는 경로입니다: ${filePath}`);
+
+    return inflection.camelize(entityBaseName.replace(/-/g, "_"));
   }
 
   private async registerNonEntityTypeModulePaths(): Promise<void> {

package/src/shared/app.shared.ts.txt

@@ -3,8 +3,8 @@
  * 최초 1회 생성되며, 이후에는 덮어쓰지 않습니다.
  * 필요시 직접 수정할 수 있습니다.
  */
+
 /* oxlint-disable react-hooks/exhaustive-deps */ // shared
-/* oxlint-disable @typescript-eslint/no-explicit-any */ // shared
 
 /*
   fetch
@@ -15,9 +15,8 @@ import qs from "qs";
 import { useEffect, useRef, useState } from "react";
 import { Alert } from "react-native";
 import { type core, z } from "zod";
-import { getCurrentLocale } from "~/i18n/sd.generated";
+import { getCurrentLocale } from "@/i18n/sd.generated";
 import { ExpoEventSource as EventSource } from "@falcondev-oss/expo-event-source-polyfill";
-import { getCurrentLocale } from "../i18n/sd.generated"
 
 // AbortSignal.timeout polyfill for React Native
 if (typeof AbortSignal !== "undefined" && !AbortSignal.timeout) {