vona-module-a-user 5.0.10 → 5.0.12

package/dist/.metadata/index.d.ts

@@ -19,6 +19,7 @@ import type { TypeEventSignoutData, TypeEventSignoutResult } from '../bean/event
 /** bean: begin */
 import type { IGuardOptionsAdmin } from '../bean/guard.admin.ts';
 import type { IGuardOptionsPassport } from '../bean/guard.passport.ts';
+import type { IGuardOptionsUserName } from '../bean/guard.userName.ts';
 import type { config } from '../config/config.ts';
 /** config: end */
 /** scope: begin */
@@ -31,12 +32,14 @@ import 'vona';
 import 'vona';
 export * from '../bean/bean.authInner.ts';
 export * from '../bean/bean.passport.ts';
+export * from '../bean/bean.userInner.ts';
 declare module 'vona-module-a-aspect' {
     interface IGuardRecordGlobal {
         'a-user:passport': IGuardOptionsPassport;
     }
     interface IGuardRecordLocal {
         'a-user:admin': IGuardOptionsAdmin;
+        'a-user:userName': IGuardOptionsUserName;
     }
 }
 declare module 'vona-module-a-user' {
@@ -44,12 +47,14 @@ declare module 'vona-module-a-user' {
     }
     interface GuardPassport {
     }
+    interface GuardUserName {
+    }
 }
-export * from '../bean/bean.userInner.ts';
 /** bean: end */
 /** event: begin */
 export * from '../bean/event.createUserAnonymous.ts';
 export * from '../bean/event.signin.ts';
+export * from '../bean/event.signout.ts';
 declare module 'vona' {
 }
 declare module 'vona-module-a-user' {
@@ -67,10 +72,10 @@ declare module 'vona' {
         userInner: BeanUserInner;
     }
 }
-export * from '../bean/event.signout.ts';
 /** guard: begin */
 export * from '../bean/guard.admin.ts';
 export * from '../bean/guard.passport.ts';
+export * from '../bean/guard.userName.ts';
 declare module 'vona' {
 }
 declare module 'vona-module-a-user' {

package/dist/bean/guard.admin.d.ts

@@ -3,7 +3,7 @@ import type { IDecoratorGuardOptions, IGuardExecute } from 'vona-module-a-aspect
 import { BeanBase } from 'vona';
 export interface IGuardOptionsAdmin extends IDecoratorGuardOptions {
     admin: boolean;
-    passWhenAdmin: boolean;
+    passWhenMatched: boolean;
 }
 export declare class GuardAdmin extends BeanBase implements IGuardExecute {
     execute(options: IGuardOptionsAdmin, next: Next): Promise<boolean>;

package/dist/bean/guard.userName.d.ts

@@ -0,0 +1,11 @@
+import type { Next } from 'vona';
+import type { IDecoratorGuardOptions, IGuardExecute } from 'vona-module-a-aspect';
+import type { IUserNameRecord } from '../types/user.ts';
+import { BeanBase } from 'vona';
+export interface IGuardOptionsUserName extends IDecoratorGuardOptions {
+    name?: keyof IUserNameRecord | (keyof IUserNameRecord)[];
+    passWhenMatched: boolean;
+}
+export declare class GuardUserName extends BeanBase implements IGuardExecute {
+    execute(options: IGuardOptionsUserName, next: Next): Promise<boolean>;
+}

package/dist/index.js

@@ -1,3 +1,437 @@
-export * from "./.metadata/index.js";
-export * from "./lib/index.js";
-export * from "./types/index.js";
+import { BeanInfo, BeanBase, beanFullNameFromOnionName, BeanScopeBase } from 'vona';
+import { Bean, Scope } from 'vona-module-a-bean';
+import { catchError } from '@cabloy/utils';
+import { Event, BeanEventBase } from 'vona-module-a-event';
+import { Guard, Aspect } from 'vona-module-a-aspect';
+import { Meta } from 'vona-module-a-meta';
+
+var _dec$a, _dec2$a, _class$a;
+let BeanAuthInner = (_dec$a = Bean(), _dec2$a = BeanInfo({
+  module: "a-user"
+}), _dec$a(_class$a = _dec2$a(_class$a = class BeanAuthInner extends BeanBase {
+  constructor(...args) {
+    super(...args);
+    this._authInnerAdapter = void 0;
+  }
+  get authInnerAdapter() {
+    if (!this._authInnerAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authInner, 'service');
+      this._authInnerAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._authInnerAdapter;
+  }
+  async get(auth) {
+    if (String(auth.id).charAt(0) === '-') return auth;
+    return await this.authInnerAdapter.get(auth);
+  }
+}) || _class$a) || _class$a);
+
+let __authAdapter;
+function setAuthAdapter(authAdapter) {
+  __authAdapter = authAdapter;
+}
+function $getAuthId(user) {
+  return __authAdapter.getAuthId(user);
+}
+function $getAuthIdSystem(_authName, authId) {
+  return authId;
+}
+
+let __userAdapter;
+function setUserAdapter(userAdapter) {
+  __userAdapter = userAdapter;
+}
+function $getUserId(user) {
+  return __userAdapter.getUserId(user);
+}
+function $getUserName(user) {
+  return __userAdapter.getUserName(user);
+}
+function $getUserAvatar(user) {
+  return __userAdapter.getUserAvatar(user);
+}
+function $getUserLocale(user) {
+  return __userAdapter.getUserLocale(user);
+}
+function $getUserAnonymous(user) {
+  return __userAdapter.getUserAnonymous(user);
+}
+function $getUserIdSystem(_userName, userId) {
+  return userId;
+}
+
+var _dec$9, _dec2$9, _class$9;
+let BeanPassport = (_dec$9 = Bean(), _dec2$9 = BeanInfo({
+  module: "a-user"
+}), _dec$9(_class$9 = _dec2$9(_class$9 = class BeanPassport extends BeanBase {
+  constructor(...args) {
+    super(...args);
+    this._authTokenAdapter = void 0;
+    this._passportAdapter = void 0;
+    this._mockCounter = 0;
+  }
+  get authTokenAdapter() {
+    if (!this._authTokenAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authToken, 'service');
+      this._authTokenAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._authTokenAdapter;
+  }
+  get passportAdapter() {
+    if (!this._passportAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.passport, 'service');
+      this._passportAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._passportAdapter;
+  }
+  get isAuthenticated() {
+    const user = this.getCurrentUser();
+    return !!user && !$getUserAnonymous(user);
+  }
+  async isAdmin() {
+    const user = this.getCurrentUser();
+    return !!user && this.isAuthenticated && (await this.passportAdapter.isAdmin(user));
+  }
+  async setCurrent(passport) {
+    this.ctx.state.passport = await this.passportAdapter.setCurrent(passport);
+  }
+  getCurrent() {
+    return this.ctx.state.passport;
+  }
+  getCurrentUser() {
+    return this.ctx.state.passport?.user;
+  }
+  getCurrentAuth() {
+    return this.ctx.state.passport?.auth;
+  }
+  async signin(passport, options) {
+    // current
+    await this.setCurrent(passport);
+    // event
+    await this.scope.event.signin.emit(passport);
+    // serialize: payloadData for client certificate
+    const payloadData = await this._passportSerialize(passport, options);
+    // jwt token
+    return await this.bean.jwt.create(payloadData, {
+      dev: passport.auth?.id.toString() === '-1'
+    });
+  }
+  async signout() {
+    // current
+    const passport = this.getCurrent();
+    if (!passport) return;
+    // removeAuthToken
+    const payloadData = await this.passportAdapter.serialize(passport);
+    await this.authTokenAdapter.remove(payloadData);
+    // event
+    await this.scope.event.signout.emit(passport);
+    // ok
+    await this.setCurrent(undefined);
+  }
+  async signinSystem(authName, authId, name, options) {
+    const user = await this.bean.userInner.getByName(name ?? 'admin');
+    if (!user) return this.app.throw(401);
+    const auth = {
+      id: $getAuthIdSystem(authName, authId)
+    };
+    const passport = {
+      user,
+      auth
+    };
+    return await this.signin(passport, options);
+  }
+  async signinMock(name, options) {
+    return await this.signinSystem('mock', -1e4 - ++this._mockCounter, name, options);
+  }
+  async signinWithAnonymous() {
+    const userAnonymous = await this.createUserAnonymous();
+    const passport = {
+      user: userAnonymous,
+      auth: undefined
+    };
+    await this.setCurrent(passport);
+  }
+  async createUserAnonymous() {
+    const userAnonymous = await this.bean.userInner.createAnonymous();
+    // event
+    await this.scope.event.createUserAnonymous.emit(userAnonymous);
+    // ok
+    return userAnonymous;
+  }
+  async kickOut(user) {
+    await this.authTokenAdapter.removeAll(user);
+  }
+  async checkAuthToken(accessToken, clientName) {
+    clientName = clientName ?? 'access';
+    const [payloadData, err] = await catchError(() => {
+      return this.bean.jwt.get(clientName).verify(accessToken);
+    });
+    if (err) {
+      if (['access', 'refresh'].includes(clientName)) {
+        err.code = 401;
+      }
+      throw err;
+    }
+    if (!payloadData) return; // no jwt token
+    const verified = await this.authTokenAdapter.verify(payloadData);
+    if (!verified) return this.app.throw(401);
+    const passport = await this.passportAdapter.deserialize(payloadData);
+    if (!passport) return this.app.throw(401);
+    await this.setCurrent(passport);
+    return payloadData;
+  }
+  async refreshAuthToken(refreshToken) {
+    // checkAuthToken by code
+    let payloadData = await this.checkAuthToken(refreshToken, 'refresh');
+    if (!payloadData) return this.app.throw(401);
+    // refreshAuthToken
+    const configRefreshAuthToken = this.scope.config.passport.refreshAuthToken;
+    payloadData = await this._handlePayloadData(payloadData, {
+      authToken: configRefreshAuthToken
+    });
+    // jwt token
+    return await this.bean.jwt.create(payloadData);
+  }
+
+  // only created by accessToken
+  async createTempAuthToken(options) {
+    // current
+    const passport = this.getCurrent();
+    if (!passport) return this.app.throw(401);
+    // payloadData
+    const payloadData = await this._passportSerialize(passport, {
+      authToken: 'nochange'
+    });
+    // jwt token
+    return await this.bean.jwt.createTemp(payloadData, options);
+  }
+  async createOauthAuthToken(options) {
+    // current
+    const passport = this.getCurrent();
+    if (!passport) return this.app.throw(401);
+    // payloadData
+    const payloadData = await this._passportSerialize(passport, {
+      authToken: 'nochange'
+    });
+    // jwt token
+    return await this.bean.jwt.createOauth(payloadData, options);
+  }
+  async createOauthCode(accessToken, options) {
+    // payloadData
+    const payloadData = await this.bean.jwt.get('access').verify(accessToken);
+    if (!payloadData) return this.app.throw(401);
+    // create
+    return await this.bean.jwt.createOauthCode(payloadData, options);
+  }
+  async createAuthTokenFromOauthCode(code) {
+    // checkAuthToken by code
+    const payloadData = await this.checkAuthToken(code, 'code');
+    if (!payloadData) return this.app.throw(401);
+    // jwt token
+    return await this.bean.jwt.create(payloadData);
+  }
+  async _passportSerialize(passport, options) {
+    // serialize
+    const payloadData = await this.passportAdapter.serialize(passport);
+    return await this._handlePayloadData(payloadData, options);
+  }
+  async _handlePayloadData(payloadData, options) {
+    // auth token
+    const authToken = options?.authToken ?? 'refresh';
+    if (authToken === 'recreate') {
+      return await this.authTokenAdapter.create(payloadData);
+    } else {
+      const payloadData2 = await this.authTokenAdapter.retrieve(payloadData);
+      if (!payloadData2) {
+        return await this.authTokenAdapter.create(payloadData);
+      }
+      if (authToken === 'refresh') {
+        await this.authTokenAdapter.refresh(payloadData2);
+      }
+      return payloadData2;
+    }
+  }
+}) || _class$9) || _class$9);
+
+var _dec$8, _dec2$8, _class$8;
+let BeanUserInner = (_dec$8 = Bean(), _dec2$8 = BeanInfo({
+  module: "a-user"
+}), _dec$8(_class$8 = _dec2$8(_class$8 = class BeanUserInner extends BeanBase {
+  constructor(...args) {
+    super(...args);
+    this._userInnerAdapter = void 0;
+  }
+  get userInnerAdapter() {
+    if (!this._userInnerAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.userInner, 'service');
+      this._userInnerAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._userInnerAdapter;
+  }
+  createByProfile(profile) {
+    return this.userInnerAdapter.createByProfile(profile);
+  }
+  createAnonymous() {
+    return this.userInnerAdapter.createAnonymous();
+  }
+  getByName(name) {
+    return this.userInnerAdapter.getByName(name);
+  }
+  get(user) {
+    return this.userInnerAdapter.get(user);
+  }
+  update(user) {
+    return this.userInnerAdapter.update(user);
+  }
+  delete(user) {
+    return this.userInnerAdapter.delete(user);
+  }
+}) || _class$8) || _class$8);
+
+var _dec$7, _dec2$7, _class$7;
+let EventCreateUserAnonymous = (_dec$7 = Event(), _dec2$7 = BeanInfo({
+  module: "a-user"
+}), _dec$7(_class$7 = _dec2$7(_class$7 = class EventCreateUserAnonymous extends BeanEventBase {}) || _class$7) || _class$7);
+
+var _dec$6, _dec2$6, _class$6;
+let EventSignin = (_dec$6 = Event(), _dec2$6 = BeanInfo({
+  module: "a-user"
+}), _dec$6(_class$6 = _dec2$6(_class$6 = class EventSignin extends BeanEventBase {}) || _class$6) || _class$6);
+
+var _dec$5, _dec2$5, _class$5;
+let EventSignout = (_dec$5 = Event(), _dec2$5 = BeanInfo({
+  module: "a-user"
+}), _dec$5(_class$5 = _dec2$5(_class$5 = class EventSignout extends BeanEventBase {}) || _class$5) || _class$5);
+
+var _dec$4, _dec2$4, _class$4;
+let GuardAdmin = (_dec$4 = Guard({
+  admin: true,
+  passWhenMatched: true
+}), _dec2$4 = BeanInfo({
+  module: "a-user"
+}), _dec$4(_class$4 = _dec2$4(_class$4 = class GuardAdmin extends BeanBase {
+  async execute(options, next) {
+    if (options.admin) {
+      const isAdmin = await this.bean.passport.isAdmin();
+      if (!isAdmin) return this.app.throw(403);
+      if (options.passWhenMatched) return true;
+    }
+    // next
+    return next();
+  }
+}) || _class$4) || _class$4);
+
+var _dec$3, _dec2$3, _class$3;
+let GuardPassport = (_dec$3 = Guard({
+  global: true,
+  public: false,
+  checkAuthToken: true
+}), _dec2$3 = BeanInfo({
+  module: "a-user"
+}), _dec$3(_class$3 = _dec2$3(_class$3 = class GuardPassport extends BeanBase {
+  async execute(options, next) {
+    // auth token
+    if (!this.bean.passport.getCurrent()) {
+      if (options.checkAuthToken) {
+        // will return undefined if no accessToken, so not check options.public
+        const [_, err] = await catchError(() => {
+          return this.bean.passport.checkAuthToken();
+        });
+        if (err && !options.public) throw err;
+      }
+    }
+    // check current
+    if (!this.bean.passport.getCurrent()) {
+      await this.bean.passport.signinWithAnonymous();
+    }
+    if (!options.public && !this.bean.passport.isAuthenticated) {
+      // return false;
+      // 401 for this guard,403 for the next guards
+      return this.app.throw(401);
+    }
+    // check innerAccess
+    if (this.ctx.innerAccess) return true;
+    // next
+    return next();
+  }
+}) || _class$3) || _class$3);
+
+var _dec$2, _dec2$2, _class$2;
+let GuardUserName = (_dec$2 = Guard({
+  passWhenMatched: true
+}), _dec2$2 = BeanInfo({
+  module: "a-user"
+}), _dec$2(_class$2 = _dec2$2(_class$2 = class GuardUserName extends BeanBase {
+  async execute(options, next) {
+    if (!options.name) return this.app.throw(403);
+    const user = this.bean.passport.getCurrentUser();
+    if (!user || $getUserAnonymous(user)) return this.app.throw(403);
+    const userName = $getUserName(user);
+    const optionsName = Array.isArray(options.name) ? options.name : [options.name];
+    if (!optionsName.includes(userName)) return this.app.throw(403);
+    if (options.passWhenMatched) return true;
+    // next
+    return next();
+  }
+}) || _class$2) || _class$2);
+
+var _dec$1, _dec2$1, _class$1;
+let MetaPrintTip = (_dec$1 = Meta(), _dec2$1 = BeanInfo({
+  module: "a-user"
+}), _dec$1(_class$1 = _dec2$1(_class$1 = class MetaPrintTip extends BeanBase {
+  async execute() {
+    if (!this.app.meta.isLocal) return;
+    // signin
+    const jwt = await this.app.bean.executor.newCtx(async () => {
+      return await this.bean.passport.signinSystem('dev', '-1');
+    }, {
+      instanceName: ''
+    });
+    const accessToken = jwt.accessToken;
+    return {
+      title: 'access token [admin] [dev]',
+      path: `Bearer ${accessToken}`
+    };
+  }
+}) || _class$1) || _class$1);
+
+function config(_app) {
+  return {
+    passport: {
+      refreshAuthToken: 'recreate'
+    },
+    adapter: {
+      authToken: 'home-user:authTokenAdapter',
+      passport: 'home-user:passportAdapter',
+      userInner: 'home-user:userInnerAdapter',
+      authInner: 'home-user:authInnerAdapter'
+    }
+  };
+}
+
+var _dec, _dec2, _class;
+let ScopeModuleAUser = (_dec = Scope(), _dec2 = BeanInfo({
+  module: "a-user"
+}), _dec(_class = _dec2(_class = class ScopeModuleAUser extends BeanScopeBase {}) || _class) || _class);
+
+/** scope: end */
+
+function Public(options) {
+  const _public = options?.public === undefined ? true : options.public;
+  return Aspect.guardGlobal('a-user:passport', {
+    public: _public
+  });
+}
+function Admin(options) {
+  return Aspect.guard('a-user:admin', options);
+}
+function UserName(options) {
+  return Aspect.guard('a-user:userName', options);
+}
+const Passport = {
+  admin: Admin,
+  public: Public,
+  userName: UserName
+};
+
+export { $getAuthId, $getAuthIdSystem, $getUserAnonymous, $getUserAvatar, $getUserId, $getUserIdSystem, $getUserLocale, $getUserName, BeanAuthInner, BeanPassport, BeanUserInner, EventCreateUserAnonymous, EventSignin, EventSignout, GuardAdmin, GuardPassport, GuardUserName, MetaPrintTip, Passport, ScopeModuleAUser, config, setAuthAdapter, setUserAdapter };

package/dist/lib/passport.d.ts

@@ -1,10 +1,14 @@
 import type { TypeUseOnionOmitOptionsGlobal } from 'vona-module-a-onion';
 import type { IGuardOptionsAdmin } from '../bean/guard.admin.ts';
 import type { IGuardOptionsPassport } from '../bean/guard.passport.ts';
+import type { IGuardOptionsUserName } from '../bean/guard.userName.ts';
 declare function Public(options?: Partial<TypeUseOnionOmitOptionsGlobal<IGuardOptionsPassport>>): ClassDecorator & MethodDecorator;
 declare function Admin(options?: Partial<IGuardOptionsAdmin>): ClassDecorator & MethodDecorator;
-export declare const Passport: {
+declare function UserName(options?: Partial<IGuardOptionsUserName>): ClassDecorator & MethodDecorator;
+export interface IDecoratorGroupPassport {
     admin: typeof Admin;
     public: typeof Public;
-};
+    userName: typeof UserName;
+}
+export declare const Passport: IDecoratorGroupPassport;
 export {};

package/dist/types/user.d.ts

@@ -1,6 +1,9 @@
 import type { ILocaleInfos } from 'vona';
 import type { TableIdentity } from 'vona-module-a-database';
 import type { IAuthUserProfile } from './authProfile.ts';
+export interface IUserNameRecord {
+    admin: never;
+}
 export interface IUserIdRecord {
     '-1': 'anonymous';
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "vona-module-a-user",
   "type": "module",
-  "version": "5.0.10",
+  "version": "5.0.12",
   "title": "a-user",
   "vonaModule": {
     "dependencies": {}
@@ -31,6 +31,6 @@
   },
   "scripts": {
     "clean": "rimraf dist tsconfig.build.tsbuildinfo",
-    "tsc:publish": "npm run clean && tsc -p tsconfig.build.json"
+    "tsc:publish": "npm run clean && vona :bin:buildModule && tsc -p tsconfig.build.json"
   }
 }

package/dist/.metadata/index.js

@@ -1,40 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-/** config: end */
-/** scope: begin */
-import { BeanScopeBase } from 'vona';
-import { Scope } from 'vona-module-a-bean';
-import 'vona';
-import 'vona';
-import 'vona';
-import 'vona';
-import 'vona';
-import 'vona';
-export * from "../bean/bean.authInner.js";
-export * from "../bean/bean.passport.js";
-export * from "../bean/bean.userInner.js";
-/** bean: end */
-/** event: begin */
-export * from "../bean/event.createUserAnonymous.js";
-export * from "../bean/event.signin.js";
-export * from "../bean/event.signout.js";
-/** guard: begin */
-export * from "../bean/guard.admin.js";
-export * from "../bean/guard.passport.js";
-/** event: end */
-/** meta: begin */
-export * from "../bean/meta.printTip.js";
-/** meta: end */
-/** config: begin */
-export * from "../config/config.js";
-let ScopeModuleAUser = class ScopeModuleAUser extends BeanScopeBase {
-};
-ScopeModuleAUser = __decorate([
-    Scope()
-], ScopeModuleAUser);
-export { ScopeModuleAUser };
-/** scope: end */

package/dist/.metadata/this.js

@@ -1,2 +0,0 @@
-export const __ThisModule__ = 'a-user';
-export { ScopeModuleAUser as ScopeModule } from "./index.js";

package/dist/bean/bean.authInner.js

@@ -1,27 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanBase, beanFullNameFromOnionName } from 'vona';
-import { Bean } from 'vona-module-a-bean';
-let BeanAuthInner = class BeanAuthInner extends BeanBase {
-    _authInnerAdapter;
-    get authInnerAdapter() {
-        if (!this._authInnerAdapter) {
-            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authInner, 'service');
-            this._authInnerAdapter = this.bean._getBean(beanFullName);
-        }
-        return this._authInnerAdapter;
-    }
-    async get(auth) {
-        if (String(auth.id).charAt(0) === '-')
-            return auth;
-        return await this.authInnerAdapter.get(auth);
-    }
-};
-BeanAuthInner = __decorate([
-    Bean()
-], BeanAuthInner);
-export { BeanAuthInner };

package/dist/bean/bean.passport.js

@@ -1,198 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { catchError } from '@cabloy/utils';
-import { BeanBase, beanFullNameFromOnionName } from 'vona';
-import { Bean } from 'vona-module-a-bean';
-import { $getAuthIdSystem } from "../lib/auth.js";
-import { $getUserAnonymous } from "../lib/user.js";
-let BeanPassport = class BeanPassport extends BeanBase {
-    _authTokenAdapter;
-    _passportAdapter;
-    _mockCounter = 0;
-    get authTokenAdapter() {
-        if (!this._authTokenAdapter) {
-            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authToken, 'service');
-            this._authTokenAdapter = this.bean._getBean(beanFullName);
-        }
-        return this._authTokenAdapter;
-    }
-    get passportAdapter() {
-        if (!this._passportAdapter) {
-            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.passport, 'service');
-            this._passportAdapter = this.bean._getBean(beanFullName);
-        }
-        return this._passportAdapter;
-    }
-    get isAuthenticated() {
-        const user = this.getCurrentUser();
-        return !!user && !$getUserAnonymous(user);
-    }
-    async isAdmin() {
-        const user = this.getCurrentUser();
-        return !!user && this.isAuthenticated && await this.passportAdapter.isAdmin(user);
-    }
-    async setCurrent(passport) {
-        this.ctx.state.passport = await this.passportAdapter.setCurrent(passport);
-    }
-    getCurrent() {
-        return this.ctx.state.passport;
-    }
-    getCurrentUser() {
-        return this.ctx.state.passport?.user;
-    }
-    getCurrentAuth() {
-        return this.ctx.state.passport?.auth;
-    }
-    async signin(passport, options) {
-        // current
-        await this.setCurrent(passport);
-        // event
-        await this.scope.event.signin.emit(passport);
-        // serialize: payloadData for client certificate
-        const payloadData = await this._passportSerialize(passport, options);
-        // jwt token
-        return await this.bean.jwt.create(payloadData, { dev: passport.auth?.id.toString() === '-1' });
-    }
-    async signout() {
-        // current
-        const passport = this.getCurrent();
-        if (!passport)
-            return;
-        // removeAuthToken
-        const payloadData = await this.passportAdapter.serialize(passport);
-        await this.authTokenAdapter.remove(payloadData);
-        // event
-        await this.scope.event.signout.emit(passport);
-        // ok
-        await this.setCurrent(undefined);
-    }
-    async signinSystem(authName, authId, name, options) {
-        const user = await this.bean.userInner.getByName(name ?? 'admin');
-        if (!user)
-            return this.app.throw(401);
-        const auth = { id: $getAuthIdSystem(authName, authId) };
-        const passport = { user, auth };
-        return await this.signin(passport, options);
-    }
-    async signinMock(name, options) {
-        return await this.signinSystem('mock', (-10000 - ++this._mockCounter), name, options);
-    }
-    async signinWithAnonymous() {
-        const userAnonymous = await this.createUserAnonymous();
-        const passport = { user: userAnonymous, auth: undefined };
-        await this.setCurrent(passport);
-    }
-    async createUserAnonymous() {
-        const userAnonymous = await this.bean.userInner.createAnonymous();
-        // event
-        await this.scope.event.createUserAnonymous.emit(userAnonymous);
-        // ok
-        return userAnonymous;
-    }
-    async kickOut(user) {
-        await this.authTokenAdapter.removeAll(user);
-    }
-    async checkAuthToken(accessToken, clientName) {
-        clientName = clientName ?? 'access';
-        const [payloadData, err] = await catchError(() => {
-            return this.bean.jwt.get(clientName).verify(accessToken);
-        });
-        if (err) {
-            if (['access', 'refresh'].includes(clientName)) {
-                err.code = 401;
-            }
-            throw err;
-        }
-        if (!payloadData)
-            return; // no jwt token
-        const verified = await this.authTokenAdapter.verify(payloadData);
-        if (!verified)
-            return this.app.throw(401);
-        const passport = await this.passportAdapter.deserialize(payloadData);
-        if (!passport)
-            return this.app.throw(401);
-        await this.setCurrent(passport);
-        return payloadData;
-    }
-    async refreshAuthToken(refreshToken) {
-        // checkAuthToken by code
-        let payloadData = await this.checkAuthToken(refreshToken, 'refresh');
-        if (!payloadData)
-            return this.app.throw(401);
-        // refreshAuthToken
-        const configRefreshAuthToken = this.scope.config.passport.refreshAuthToken;
-        payloadData = await this._handlePayloadData(payloadData, { authToken: configRefreshAuthToken });
-        // jwt token
-        return await this.bean.jwt.create(payloadData);
-    }
-    // only created by accessToken
-    async createTempAuthToken(options) {
-        // current
-        const passport = this.getCurrent();
-        if (!passport)
-            return this.app.throw(401);
-        // payloadData
-        const payloadData = await this._passportSerialize(passport, { authToken: 'nochange' });
-        // jwt token
-        return await this.bean.jwt.createTemp(payloadData, options);
-    }
-    async createOauthAuthToken(options) {
-        // current
-        const passport = this.getCurrent();
-        if (!passport)
-            return this.app.throw(401);
-        // payloadData
-        const payloadData = await this._passportSerialize(passport, { authToken: 'nochange' });
-        // jwt token
-        return await this.bean.jwt.createOauth(payloadData, options);
-    }
-    async createOauthCode(accessToken, options) {
-        // payloadData
-        const payloadData = await this.bean.jwt.get('access').verify(accessToken);
-        if (!payloadData)
-            return this.app.throw(401);
-        // create
-        return await this.bean.jwt.createOauthCode(payloadData, options);
-    }
-    async createAuthTokenFromOauthCode(code) {
-        // checkAuthToken by code
-        const payloadData = await this.checkAuthToken(code, 'code');
-        if (!payloadData)
-            return this.app.throw(401);
-        // jwt token
-        return await this.bean.jwt.create(payloadData);
-    }
-    async _passportSerialize(passport, options) {
-        // serialize
-        const payloadData = await this.passportAdapter.serialize(passport);
-        return await this._handlePayloadData(payloadData, options);
-    }
-    async _handlePayloadData(payloadData, options) {
-        // auth token
-        const authToken = options?.authToken ?? 'refresh';
-        if (authToken === 'recreate') {
-            return await this.authTokenAdapter.create(payloadData);
-        }
-        else {
-            const payloadData2 = await this.authTokenAdapter.retrieve(payloadData);
-            if (!payloadData2) {
-                return await this.authTokenAdapter.create(payloadData);
-            }
-            if (authToken === 'refresh') {
-                await this.authTokenAdapter.refresh(payloadData2);
-            }
-            else if (authToken === 'nochange') {
-                // do nothing
-            }
-            return payloadData2;
-        }
-    }
-};
-BeanPassport = __decorate([
-    Bean()
-], BeanPassport);
-export { BeanPassport };

package/dist/bean/bean.userInner.js

@@ -1,40 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanBase, beanFullNameFromOnionName } from 'vona';
-import { Bean } from 'vona-module-a-bean';
-let BeanUserInner = class BeanUserInner extends BeanBase {
-    _userInnerAdapter;
-    get userInnerAdapter() {
-        if (!this._userInnerAdapter) {
-            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.userInner, 'service');
-            this._userInnerAdapter = this.bean._getBean(beanFullName);
-        }
-        return this._userInnerAdapter;
-    }
-    createByProfile(profile) {
-        return this.userInnerAdapter.createByProfile(profile);
-    }
-    createAnonymous() {
-        return this.userInnerAdapter.createAnonymous();
-    }
-    getByName(name) {
-        return this.userInnerAdapter.getByName(name);
-    }
-    get(user) {
-        return this.userInnerAdapter.get(user);
-    }
-    update(user) {
-        return this.userInnerAdapter.update(user);
-    }
-    delete(user) {
-        return this.userInnerAdapter.delete(user);
-    }
-};
-BeanUserInner = __decorate([
-    Bean()
-], BeanUserInner);
-export { BeanUserInner };

package/dist/bean/event.createUserAnonymous.js

@@ -1,13 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanEventBase, Event } from 'vona-module-a-event';
-let EventCreateUserAnonymous = class EventCreateUserAnonymous extends BeanEventBase {
-};
-EventCreateUserAnonymous = __decorate([
-    Event()
-], EventCreateUserAnonymous);
-export { EventCreateUserAnonymous };

package/dist/bean/event.signin.js

@@ -1,13 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanEventBase, Event } from 'vona-module-a-event';
-let EventSignin = class EventSignin extends BeanEventBase {
-};
-EventSignin = __decorate([
-    Event()
-], EventSignin);
-export { EventSignin };

package/dist/bean/event.signout.js

@@ -1,13 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanEventBase, Event } from 'vona-module-a-event';
-let EventSignout = class EventSignout extends BeanEventBase {
-};
-EventSignout = __decorate([
-    Event()
-], EventSignout);
-export { EventSignout };

package/dist/bean/guard.admin.js

@@ -1,25 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanBase } from 'vona';
-import { Guard } from 'vona-module-a-aspect';
-let GuardAdmin = class GuardAdmin extends BeanBase {
-    async execute(options, next) {
-        if (options.admin) {
-            const isAdmin = await this.bean.passport.isAdmin();
-            if (!isAdmin)
-                return this.app.throw(403);
-            if (options.passWhenAdmin)
-                return true;
-        }
-        // next
-        return next();
-    }
-};
-GuardAdmin = __decorate([
-    Guard({ admin: true, passWhenAdmin: true })
-], GuardAdmin);
-export { GuardAdmin };

package/dist/bean/guard.passport.js

@@ -1,42 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { catchError } from '@cabloy/utils';
-import { BeanBase } from 'vona';
-import { Guard } from 'vona-module-a-aspect';
-let GuardPassport = class GuardPassport extends BeanBase {
-    async execute(options, next) {
-        // auth token
-        if (!this.bean.passport.getCurrent()) {
-            if (options.checkAuthToken) {
-                // will return undefined if no accessToken, so not check options.public
-                const [_, err] = await catchError(() => {
-                    return this.bean.passport.checkAuthToken();
-                });
-                if (err && !options.public)
-                    throw err;
-            }
-        }
-        // check current
-        if (!this.bean.passport.getCurrent()) {
-            await this.bean.passport.signinWithAnonymous();
-        }
-        if (!options.public && !this.bean.passport.isAuthenticated) {
-            // return false;
-            // 401 for this guard,403 for the next guards
-            return this.app.throw(401);
-        }
-        // check innerAccess
-        if (this.ctx.innerAccess)
-            return true;
-        // next
-        return next();
-    }
-};
-GuardPassport = __decorate([
-    Guard({ global: true, public: false, checkAuthToken: true })
-], GuardPassport);
-export { GuardPassport };

package/dist/bean/meta.printTip.js

@@ -1,27 +0,0 @@
-var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
-    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
-    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
-    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
-    return c > 3 && r && Object.defineProperty(target, key, r), r;
-};
-import { BeanBase } from 'vona';
-import { Meta } from 'vona-module-a-meta';
-let MetaPrintTip = class MetaPrintTip extends BeanBase {
-    async execute() {
-        if (!this.app.meta.isLocal)
-            return;
-        // signin
-        const jwt = await this.app.bean.executor.newCtx(async () => {
-            return await this.bean.passport.signinSystem('dev', '-1');
-        }, { instanceName: '' });
-        const accessToken = jwt.accessToken;
-        return {
-            title: 'access token [admin] [dev]',
-            path: `Bearer ${accessToken}`,
-        };
-    }
-};
-MetaPrintTip = __decorate([
-    Meta()
-], MetaPrintTip);
-export { MetaPrintTip };

package/dist/config/config.js

@@ -1,13 +0,0 @@
-export function config(_app) {
-    return {
-        passport: {
-            refreshAuthToken: 'recreate',
-        },
-        adapter: {
-            authToken: 'home-user:authTokenAdapter',
-            passport: 'home-user:passportAdapter',
-            userInner: 'home-user:userInnerAdapter',
-            authInner: 'home-user:authInnerAdapter',
-        },
-    };
-}

package/dist/lib/auth.js

@@ -1,10 +0,0 @@
-let __authAdapter;
-export function setAuthAdapter(authAdapter) {
-    __authAdapter = authAdapter;
-}
-export function $getAuthId(user) {
-    return __authAdapter.getAuthId(user);
-}
-export function $getAuthIdSystem(_authName, authId) {
-    return authId;
-}

package/dist/lib/index.js

@@ -1,3 +0,0 @@
-export * from "./auth.js";
-export * from "./passport.js";
-export * from "./user.js";

package/dist/lib/passport.js

@@ -1,12 +0,0 @@
-import { Aspect } from 'vona-module-a-aspect';
-function Public(options) {
-    const _public = options?.public === undefined ? true : options.public;
-    return Aspect.guardGlobal('a-user:passport', { public: _public });
-}
-function Admin(options) {
-    return Aspect.guard('a-user:admin', options);
-}
-export const Passport = {
-    admin: Admin,
-    public: Public,
-};

package/dist/lib/user.js

@@ -1,22 +0,0 @@
-let __userAdapter;
-export function setUserAdapter(userAdapter) {
-    __userAdapter = userAdapter;
-}
-export function $getUserId(user) {
-    return __userAdapter.getUserId(user);
-}
-export function $getUserName(user) {
-    return __userAdapter.getUserName(user);
-}
-export function $getUserAvatar(user) {
-    return __userAdapter.getUserAvatar(user);
-}
-export function $getUserLocale(user) {
-    return __userAdapter.getUserLocale(user);
-}
-export function $getUserAnonymous(user) {
-    return __userAdapter.getUserAnonymous(user);
-}
-export function $getUserIdSystem(_userName, userId) {
-    return userId;
-}

package/dist/types/auth.js

@@ -1 +0,0 @@
-export {};

package/dist/types/authProfile.js

@@ -1 +0,0 @@
-export {};

package/dist/types/authToken.js

@@ -1 +0,0 @@
-export {};

package/dist/types/index.js

@@ -1,5 +0,0 @@
-export * from "./auth.js";
-export * from "./authProfile.js";
-export * from "./authToken.js";
-export * from "./passport.js";
-export * from "./user.js";

package/dist/types/passport.js

@@ -1 +0,0 @@
-export {};

package/dist/types/user.js

@@ -1 +0,0 @@
-export {};