vona-module-a-user 5.0.8 → 5.0.10

package/dist/.metadata/index.d.ts

@@ -0,0 +1,129 @@
+import type { BeanScopeUtil, TypeModuleConfig } from 'vona';
+import type { EventOn } from 'vona-module-a-event';
+/** bean: end */
+/** bean: begin */
+import type { BeanAuthInner } from '../bean/bean.authInner.ts';
+import type { BeanPassport } from '../bean/bean.passport.ts';
+import type { BeanUserInner } from '../bean/bean.userInner.ts';
+/** event: end */
+/** event: begin */
+import type { EventCreateUserAnonymous } from '../bean/event.createUserAnonymous.ts';
+/** event: end */
+/** event: begin */
+import type { TypeEventCreateUserAnonymousData, TypeEventCreateUserAnonymousResult } from '../bean/event.createUserAnonymous.ts';
+import type { EventSignin } from '../bean/event.signin.ts';
+import type { TypeEventSigninData, TypeEventSigninResult } from '../bean/event.signin.ts';
+import type { EventSignout } from '../bean/event.signout.ts';
+import type { TypeEventSignoutData, TypeEventSignoutResult } from '../bean/event.signout.ts';
+/** guard: end */
+/** bean: begin */
+import type { IGuardOptionsAdmin } from '../bean/guard.admin.ts';
+import type { IGuardOptionsPassport } from '../bean/guard.passport.ts';
+import type { config } from '../config/config.ts';
+/** config: end */
+/** scope: begin */
+import { BeanScopeBase } from 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+export * from '../bean/bean.authInner.ts';
+export * from '../bean/bean.passport.ts';
+declare module 'vona-module-a-aspect' {
+    interface IGuardRecordGlobal {
+        'a-user:passport': IGuardOptionsPassport;
+    }
+    interface IGuardRecordLocal {
+        'a-user:admin': IGuardOptionsAdmin;
+    }
+}
+declare module 'vona-module-a-user' {
+    interface GuardAdmin {
+    }
+    interface GuardPassport {
+    }
+}
+export * from '../bean/bean.userInner.ts';
+/** bean: end */
+/** event: begin */
+export * from '../bean/event.createUserAnonymous.ts';
+export * from '../bean/event.signin.ts';
+declare module 'vona' {
+}
+declare module 'vona-module-a-user' {
+    interface BeanAuthInner {
+    }
+    interface BeanPassport {
+    }
+    interface BeanUserInner {
+    }
+}
+declare module 'vona' {
+    interface IBeanRecordGlobal {
+        authInner: BeanAuthInner;
+        passport: BeanPassport;
+        userInner: BeanUserInner;
+    }
+}
+export * from '../bean/event.signout.ts';
+/** guard: begin */
+export * from '../bean/guard.admin.ts';
+export * from '../bean/guard.passport.ts';
+declare module 'vona' {
+}
+declare module 'vona-module-a-user' {
+    interface EventCreateUserAnonymous {
+    }
+    interface EventSignin {
+    }
+    interface EventSignout {
+    }
+}
+export interface IModuleEvent {
+    createUserAnonymous: EventCreateUserAnonymous;
+    signin: EventSignin;
+    signout: EventSignout;
+}
+declare module 'vona-module-a-event' {
+    interface IEventRecord {
+        'a-user:createUserAnonymous': EventOn<TypeEventCreateUserAnonymousData, TypeEventCreateUserAnonymousResult>;
+        'a-user:signin': EventOn<TypeEventSigninData, TypeEventSigninResult>;
+        'a-user:signout': EventOn<TypeEventSignoutData, TypeEventSignoutResult>;
+    }
+}
+/** event: end */
+/** meta: begin */
+export * from '../bean/meta.printTip.ts';
+declare module 'vona' {
+    interface IMetaRecord {
+        'a-user:printTip': never;
+    }
+}
+declare module 'vona-module-a-user' {
+    interface MetaPrintTip {
+    }
+}
+/** meta: end */
+/** config: begin */
+export * from '../config/config.ts';
+export declare class ScopeModuleAUser extends BeanScopeBase {
+}
+export interface ScopeModuleAUser {
+    util: BeanScopeUtil;
+    config: TypeModuleConfig<typeof config>;
+    event: IModuleEvent;
+}
+declare module 'vona' {
+    interface IBeanScopeRecord {
+        'a-user': ScopeModuleAUser;
+    }
+    interface IBeanScopeContainer {
+        user: ScopeModuleAUser;
+    }
+    interface IBeanScopeConfig {
+        'a-user': ReturnType<typeof config>;
+    }
+}
+/** scope: end */

package/dist/.metadata/index.js

@@ -0,0 +1,40 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+/** config: end */
+/** scope: begin */
+import { BeanScopeBase } from 'vona';
+import { Scope } from 'vona-module-a-bean';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+export * from "../bean/bean.authInner.js";
+export * from "../bean/bean.passport.js";
+export * from "../bean/bean.userInner.js";
+/** bean: end */
+/** event: begin */
+export * from "../bean/event.createUserAnonymous.js";
+export * from "../bean/event.signin.js";
+export * from "../bean/event.signout.js";
+/** guard: begin */
+export * from "../bean/guard.admin.js";
+export * from "../bean/guard.passport.js";
+/** event: end */
+/** meta: begin */
+export * from "../bean/meta.printTip.js";
+/** meta: end */
+/** config: begin */
+export * from "../config/config.js";
+let ScopeModuleAUser = class ScopeModuleAUser extends BeanScopeBase {
+};
+ScopeModuleAUser = __decorate([
+    Scope()
+], ScopeModuleAUser);
+export { ScopeModuleAUser };
+/** scope: end */

package/dist/.metadata/this.d.ts

@@ -0,0 +1,2 @@
+export declare const __ThisModule__ = "a-user";
+export { ScopeModuleAUser as ScopeModule } from './index.ts';

package/dist/.metadata/this.js

@@ -0,0 +1,2 @@
+export const __ThisModule__ = 'a-user';
+export { ScopeModuleAUser as ScopeModule } from "./index.js";

package/dist/bean/bean.authInner.d.ts

@@ -0,0 +1,7 @@
+import type { IAuthBase } from '../types/auth.ts';
+import { BeanBase } from 'vona';
+export declare class BeanAuthInner extends BeanBase {
+    private _authInnerAdapter;
+    private get authInnerAdapter();
+    get(auth: Partial<IAuthBase>): Promise<IAuthBase | undefined>;
+}

package/dist/bean/bean.authInner.js

@@ -0,0 +1,27 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanBase, beanFullNameFromOnionName } from 'vona';
+import { Bean } from 'vona-module-a-bean';
+let BeanAuthInner = class BeanAuthInner extends BeanBase {
+    _authInnerAdapter;
+    get authInnerAdapter() {
+        if (!this._authInnerAdapter) {
+            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authInner, 'service');
+            this._authInnerAdapter = this.bean._getBean(beanFullName);
+        }
+        return this._authInnerAdapter;
+    }
+    async get(auth) {
+        if (String(auth.id).charAt(0) === '-')
+            return auth;
+        return await this.authInnerAdapter.get(auth);
+    }
+};
+BeanAuthInner = __decorate([
+    Bean()
+], BeanAuthInner);
+export { BeanAuthInner };

package/dist/bean/bean.passport.d.ts

@@ -0,0 +1,33 @@
+import type { IJwtClientRecord, IJwtSignOptions, IJwtToken, IPayloadDataBase } from 'vona-module-a-jwt';
+import type { IAuthBase, IAuthIdRecord, ISigninOptions } from '../types/auth.ts';
+import type { IPassportBase } from '../types/passport.ts';
+import type { IUserBase } from '../types/user.ts';
+import { BeanBase } from 'vona';
+export declare class BeanPassport extends BeanBase {
+    private _authTokenAdapter;
+    private _passportAdapter;
+    private _mockCounter;
+    private get authTokenAdapter();
+    private get passportAdapter();
+    get isAuthenticated(): boolean;
+    isAdmin(): Promise<boolean>;
+    setCurrent(passport: IPassportBase | undefined): Promise<void>;
+    getCurrent(): IPassportBase | undefined;
+    getCurrentUser(): IUserBase | undefined;
+    getCurrentAuth(): IAuthBase | undefined;
+    signin(passport: IPassportBase, options?: ISigninOptions): Promise<IJwtToken>;
+    signout(): Promise<void>;
+    signinSystem<K extends keyof IAuthIdRecord>(authName: IAuthIdRecord[K], authId: K, name?: string, options?: ISigninOptions): Promise<IJwtToken>;
+    signinMock(name?: string, options?: ISigninOptions): Promise<IJwtToken>;
+    signinWithAnonymous(): Promise<void>;
+    createUserAnonymous(): Promise<IUserBase>;
+    kickOut(user: IUserBase): Promise<void>;
+    checkAuthToken(accessToken?: string, clientName?: keyof IJwtClientRecord): Promise<IPayloadDataBase | undefined>;
+    refreshAuthToken(refreshToken: string): Promise<IJwtToken>;
+    createTempAuthToken(options?: IJwtSignOptions): Promise<string>;
+    createOauthAuthToken(options?: IJwtSignOptions): Promise<string>;
+    createOauthCode(accessToken: string, options?: IJwtSignOptions): Promise<string>;
+    createAuthTokenFromOauthCode(code: string): Promise<IJwtToken>;
+    private _passportSerialize;
+    private _handlePayloadData;
+}

package/dist/bean/bean.passport.js

@@ -0,0 +1,198 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { catchError } from '@cabloy/utils';
+import { BeanBase, beanFullNameFromOnionName } from 'vona';
+import { Bean } from 'vona-module-a-bean';
+import { $getAuthIdSystem } from "../lib/auth.js";
+import { $getUserAnonymous } from "../lib/user.js";
+let BeanPassport = class BeanPassport extends BeanBase {
+    _authTokenAdapter;
+    _passportAdapter;
+    _mockCounter = 0;
+    get authTokenAdapter() {
+        if (!this._authTokenAdapter) {
+            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authToken, 'service');
+            this._authTokenAdapter = this.bean._getBean(beanFullName);
+        }
+        return this._authTokenAdapter;
+    }
+    get passportAdapter() {
+        if (!this._passportAdapter) {
+            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.passport, 'service');
+            this._passportAdapter = this.bean._getBean(beanFullName);
+        }
+        return this._passportAdapter;
+    }
+    get isAuthenticated() {
+        const user = this.getCurrentUser();
+        return !!user && !$getUserAnonymous(user);
+    }
+    async isAdmin() {
+        const user = this.getCurrentUser();
+        return !!user && this.isAuthenticated && await this.passportAdapter.isAdmin(user);
+    }
+    async setCurrent(passport) {
+        this.ctx.state.passport = await this.passportAdapter.setCurrent(passport);
+    }
+    getCurrent() {
+        return this.ctx.state.passport;
+    }
+    getCurrentUser() {
+        return this.ctx.state.passport?.user;
+    }
+    getCurrentAuth() {
+        return this.ctx.state.passport?.auth;
+    }
+    async signin(passport, options) {
+        // current
+        await this.setCurrent(passport);
+        // event
+        await this.scope.event.signin.emit(passport);
+        // serialize: payloadData for client certificate
+        const payloadData = await this._passportSerialize(passport, options);
+        // jwt token
+        return await this.bean.jwt.create(payloadData, { dev: passport.auth?.id.toString() === '-1' });
+    }
+    async signout() {
+        // current
+        const passport = this.getCurrent();
+        if (!passport)
+            return;
+        // removeAuthToken
+        const payloadData = await this.passportAdapter.serialize(passport);
+        await this.authTokenAdapter.remove(payloadData);
+        // event
+        await this.scope.event.signout.emit(passport);
+        // ok
+        await this.setCurrent(undefined);
+    }
+    async signinSystem(authName, authId, name, options) {
+        const user = await this.bean.userInner.getByName(name ?? 'admin');
+        if (!user)
+            return this.app.throw(401);
+        const auth = { id: $getAuthIdSystem(authName, authId) };
+        const passport = { user, auth };
+        return await this.signin(passport, options);
+    }
+    async signinMock(name, options) {
+        return await this.signinSystem('mock', (-10000 - ++this._mockCounter), name, options);
+    }
+    async signinWithAnonymous() {
+        const userAnonymous = await this.createUserAnonymous();
+        const passport = { user: userAnonymous, auth: undefined };
+        await this.setCurrent(passport);
+    }
+    async createUserAnonymous() {
+        const userAnonymous = await this.bean.userInner.createAnonymous();
+        // event
+        await this.scope.event.createUserAnonymous.emit(userAnonymous);
+        // ok
+        return userAnonymous;
+    }
+    async kickOut(user) {
+        await this.authTokenAdapter.removeAll(user);
+    }
+    async checkAuthToken(accessToken, clientName) {
+        clientName = clientName ?? 'access';
+        const [payloadData, err] = await catchError(() => {
+            return this.bean.jwt.get(clientName).verify(accessToken);
+        });
+        if (err) {
+            if (['access', 'refresh'].includes(clientName)) {
+                err.code = 401;
+            }
+            throw err;
+        }
+        if (!payloadData)
+            return; // no jwt token
+        const verified = await this.authTokenAdapter.verify(payloadData);
+        if (!verified)
+            return this.app.throw(401);
+        const passport = await this.passportAdapter.deserialize(payloadData);
+        if (!passport)
+            return this.app.throw(401);
+        await this.setCurrent(passport);
+        return payloadData;
+    }
+    async refreshAuthToken(refreshToken) {
+        // checkAuthToken by code
+        let payloadData = await this.checkAuthToken(refreshToken, 'refresh');
+        if (!payloadData)
+            return this.app.throw(401);
+        // refreshAuthToken
+        const configRefreshAuthToken = this.scope.config.passport.refreshAuthToken;
+        payloadData = await this._handlePayloadData(payloadData, { authToken: configRefreshAuthToken });
+        // jwt token
+        return await this.bean.jwt.create(payloadData);
+    }
+    // only created by accessToken
+    async createTempAuthToken(options) {
+        // current
+        const passport = this.getCurrent();
+        if (!passport)
+            return this.app.throw(401);
+        // payloadData
+        const payloadData = await this._passportSerialize(passport, { authToken: 'nochange' });
+        // jwt token
+        return await this.bean.jwt.createTemp(payloadData, options);
+    }
+    async createOauthAuthToken(options) {
+        // current
+        const passport = this.getCurrent();
+        if (!passport)
+            return this.app.throw(401);
+        // payloadData
+        const payloadData = await this._passportSerialize(passport, { authToken: 'nochange' });
+        // jwt token
+        return await this.bean.jwt.createOauth(payloadData, options);
+    }
+    async createOauthCode(accessToken, options) {
+        // payloadData
+        const payloadData = await this.bean.jwt.get('access').verify(accessToken);
+        if (!payloadData)
+            return this.app.throw(401);
+        // create
+        return await this.bean.jwt.createOauthCode(payloadData, options);
+    }
+    async createAuthTokenFromOauthCode(code) {
+        // checkAuthToken by code
+        const payloadData = await this.checkAuthToken(code, 'code');
+        if (!payloadData)
+            return this.app.throw(401);
+        // jwt token
+        return await this.bean.jwt.create(payloadData);
+    }
+    async _passportSerialize(passport, options) {
+        // serialize
+        const payloadData = await this.passportAdapter.serialize(passport);
+        return await this._handlePayloadData(payloadData, options);
+    }
+    async _handlePayloadData(payloadData, options) {
+        // auth token
+        const authToken = options?.authToken ?? 'refresh';
+        if (authToken === 'recreate') {
+            return await this.authTokenAdapter.create(payloadData);
+        }
+        else {
+            const payloadData2 = await this.authTokenAdapter.retrieve(payloadData);
+            if (!payloadData2) {
+                return await this.authTokenAdapter.create(payloadData);
+            }
+            if (authToken === 'refresh') {
+                await this.authTokenAdapter.refresh(payloadData2);
+            }
+            else if (authToken === 'nochange') {
+                // do nothing
+            }
+            return payloadData2;
+        }
+    }
+};
+BeanPassport = __decorate([
+    Bean()
+], BeanPassport);
+export { BeanPassport };

package/dist/bean/bean.userInner.d.ts

@@ -0,0 +1,13 @@
+import type { IAuthUserProfile } from '../types/authProfile.ts';
+import type { IUserBase } from '../types/user.ts';
+import { BeanBase } from 'vona';
+export declare class BeanUserInner extends BeanBase {
+    private _userInnerAdapter;
+    private get userInnerAdapter();
+    createByProfile(profile: IAuthUserProfile): Promise<IUserBase>;
+    createAnonymous(): Promise<IUserBase>;
+    getByName(name: string): Promise<IUserBase | undefined>;
+    get(user: Partial<IUserBase>): Promise<IUserBase | undefined>;
+    update(user: Partial<IUserBase>): Promise<void>;
+    delete(user: Partial<IUserBase>): Promise<void>;
+}

package/dist/bean/bean.userInner.js

@@ -0,0 +1,40 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanBase, beanFullNameFromOnionName } from 'vona';
+import { Bean } from 'vona-module-a-bean';
+let BeanUserInner = class BeanUserInner extends BeanBase {
+    _userInnerAdapter;
+    get userInnerAdapter() {
+        if (!this._userInnerAdapter) {
+            const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.userInner, 'service');
+            this._userInnerAdapter = this.bean._getBean(beanFullName);
+        }
+        return this._userInnerAdapter;
+    }
+    createByProfile(profile) {
+        return this.userInnerAdapter.createByProfile(profile);
+    }
+    createAnonymous() {
+        return this.userInnerAdapter.createAnonymous();
+    }
+    getByName(name) {
+        return this.userInnerAdapter.getByName(name);
+    }
+    get(user) {
+        return this.userInnerAdapter.get(user);
+    }
+    update(user) {
+        return this.userInnerAdapter.update(user);
+    }
+    delete(user) {
+        return this.userInnerAdapter.delete(user);
+    }
+};
+BeanUserInner = __decorate([
+    Bean()
+], BeanUserInner);
+export { BeanUserInner };

package/dist/bean/event.createUserAnonymous.d.ts

@@ -0,0 +1,6 @@
+import type { IUserBase } from '../types/user.ts';
+import { BeanEventBase } from 'vona-module-a-event';
+export type TypeEventCreateUserAnonymousData = IUserBase;
+export type TypeEventCreateUserAnonymousResult = void;
+export declare class EventCreateUserAnonymous extends BeanEventBase<TypeEventCreateUserAnonymousData, TypeEventCreateUserAnonymousResult> {
+}

package/dist/bean/event.createUserAnonymous.js

@@ -0,0 +1,13 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanEventBase, Event } from 'vona-module-a-event';
+let EventCreateUserAnonymous = class EventCreateUserAnonymous extends BeanEventBase {
+};
+EventCreateUserAnonymous = __decorate([
+    Event()
+], EventCreateUserAnonymous);
+export { EventCreateUserAnonymous };

package/dist/bean/event.signin.d.ts

@@ -0,0 +1,6 @@
+import type { IPassportBase } from '../types/passport.ts';
+import { BeanEventBase } from 'vona-module-a-event';
+export type TypeEventSigninData = IPassportBase;
+export type TypeEventSigninResult = void;
+export declare class EventSignin extends BeanEventBase<TypeEventSigninData, TypeEventSigninResult> {
+}

package/dist/bean/event.signin.js

@@ -0,0 +1,13 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanEventBase, Event } from 'vona-module-a-event';
+let EventSignin = class EventSignin extends BeanEventBase {
+};
+EventSignin = __decorate([
+    Event()
+], EventSignin);
+export { EventSignin };

package/dist/bean/event.signout.d.ts

@@ -0,0 +1,6 @@
+import type { IPassportBase } from '../types/passport.ts';
+import { BeanEventBase } from 'vona-module-a-event';
+export type TypeEventSignoutData = IPassportBase;
+export type TypeEventSignoutResult = void;
+export declare class EventSignout extends BeanEventBase<TypeEventSignoutData, TypeEventSignoutResult> {
+}

package/dist/bean/event.signout.js

@@ -0,0 +1,13 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanEventBase, Event } from 'vona-module-a-event';
+let EventSignout = class EventSignout extends BeanEventBase {
+};
+EventSignout = __decorate([
+    Event()
+], EventSignout);
+export { EventSignout };

package/dist/bean/guard.admin.d.ts

@@ -0,0 +1,10 @@
+import type { Next } from 'vona';
+import type { IDecoratorGuardOptions, IGuardExecute } from 'vona-module-a-aspect';
+import { BeanBase } from 'vona';
+export interface IGuardOptionsAdmin extends IDecoratorGuardOptions {
+    admin: boolean;
+    passWhenAdmin: boolean;
+}
+export declare class GuardAdmin extends BeanBase implements IGuardExecute {
+    execute(options: IGuardOptionsAdmin, next: Next): Promise<boolean>;
+}

package/dist/bean/guard.admin.js

@@ -0,0 +1,25 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanBase } from 'vona';
+import { Guard } from 'vona-module-a-aspect';
+let GuardAdmin = class GuardAdmin extends BeanBase {
+    async execute(options, next) {
+        if (options.admin) {
+            const isAdmin = await this.bean.passport.isAdmin();
+            if (!isAdmin)
+                return this.app.throw(403);
+            if (options.passWhenAdmin)
+                return true;
+        }
+        // next
+        return next();
+    }
+};
+GuardAdmin = __decorate([
+    Guard({ admin: true, passWhenAdmin: true })
+], GuardAdmin);
+export { GuardAdmin };

package/dist/bean/guard.passport.d.ts

@@ -0,0 +1,10 @@
+import type { Next } from 'vona';
+import type { IDecoratorGuardOptionsGlobal, IGuardExecute } from 'vona-module-a-aspect';
+import { BeanBase } from 'vona';
+export interface IGuardOptionsPassport extends IDecoratorGuardOptionsGlobal {
+    public: boolean;
+    checkAuthToken: boolean;
+}
+export declare class GuardPassport extends BeanBase implements IGuardExecute {
+    execute(options: IGuardOptionsPassport, next: Next): Promise<boolean>;
+}

package/dist/bean/guard.passport.js

@@ -0,0 +1,42 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { catchError } from '@cabloy/utils';
+import { BeanBase } from 'vona';
+import { Guard } from 'vona-module-a-aspect';
+let GuardPassport = class GuardPassport extends BeanBase {
+    async execute(options, next) {
+        // auth token
+        if (!this.bean.passport.getCurrent()) {
+            if (options.checkAuthToken) {
+                // will return undefined if no accessToken, so not check options.public
+                const [_, err] = await catchError(() => {
+                    return this.bean.passport.checkAuthToken();
+                });
+                if (err && !options.public)
+                    throw err;
+            }
+        }
+        // check current
+        if (!this.bean.passport.getCurrent()) {
+            await this.bean.passport.signinWithAnonymous();
+        }
+        if (!options.public && !this.bean.passport.isAuthenticated) {
+            // return false;
+            // 401 for this guard,403 for the next guards
+            return this.app.throw(401);
+        }
+        // check innerAccess
+        if (this.ctx.innerAccess)
+            return true;
+        // next
+        return next();
+    }
+};
+GuardPassport = __decorate([
+    Guard({ global: true, public: false, checkAuthToken: true })
+], GuardPassport);
+export { GuardPassport };

package/dist/bean/meta.printTip.d.ts

@@ -0,0 +1,5 @@
+import type { IMetaPrintTipExecute, TypeMetaPrintTipResult } from 'vona-module-a-printtip';
+import { BeanBase } from 'vona';
+export declare class MetaPrintTip extends BeanBase implements IMetaPrintTipExecute {
+    execute(): Promise<TypeMetaPrintTipResult>;
+}

package/dist/bean/meta.printTip.js

@@ -0,0 +1,27 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+import { BeanBase } from 'vona';
+import { Meta } from 'vona-module-a-meta';
+let MetaPrintTip = class MetaPrintTip extends BeanBase {
+    async execute() {
+        if (!this.app.meta.isLocal)
+            return;
+        // signin
+        const jwt = await this.app.bean.executor.newCtx(async () => {
+            return await this.bean.passport.signinSystem('dev', '-1');
+        }, { instanceName: '' });
+        const accessToken = jwt.accessToken;
+        return {
+            title: 'access token [admin] [dev]',
+            path: `Bearer ${accessToken}`,
+        };
+    }
+};
+MetaPrintTip = __decorate([
+    Meta()
+], MetaPrintTip);
+export { MetaPrintTip };

package/dist/config/config.d.ts

@@ -0,0 +1,14 @@
+import type { VonaApplication } from 'vona';
+import type { IServiceRecord } from 'vona-module-a-web';
+import type { TypeAuthToken } from '../types/auth.ts';
+export declare function config(_app: VonaApplication): {
+    passport: {
+        refreshAuthToken: TypeAuthToken;
+    };
+    adapter: {
+        authToken: keyof IServiceRecord;
+        passport: keyof IServiceRecord;
+        userInner: keyof IServiceRecord;
+        authInner: keyof IServiceRecord;
+    };
+};

package/dist/config/config.js

@@ -0,0 +1,13 @@
+export function config(_app) {
+    return {
+        passport: {
+            refreshAuthToken: 'recreate',
+        },
+        adapter: {
+            authToken: 'home-user:authTokenAdapter',
+            passport: 'home-user:passportAdapter',
+            userInner: 'home-user:userInnerAdapter',
+            authInner: 'home-user:authInnerAdapter',
+        },
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from './.metadata/index.ts';
+export * from './lib/index.ts';
+export * from './types/index.ts';

package/dist/index.js

@@ -0,0 +1,3 @@
+export * from "./.metadata/index.js";
+export * from "./lib/index.js";
+export * from "./types/index.js";

package/dist/lib/auth.d.ts

@@ -0,0 +1,5 @@
+import type { TableIdentity } from 'vona-module-a-database';
+import type { IAuthAdapter, IAuthBase, IAuthIdRecord } from '../types/auth.ts';
+export declare function setAuthAdapter(authAdapter: IAuthAdapter): void;
+export declare function $getAuthId(user: IAuthBase): TableIdentity;
+export declare function $getAuthIdSystem<K extends keyof IAuthIdRecord>(_authName: IAuthIdRecord[K], authId: K): TableIdentity;

package/dist/lib/auth.js

@@ -0,0 +1,10 @@
+let __authAdapter;
+export function setAuthAdapter(authAdapter) {
+    __authAdapter = authAdapter;
+}
+export function $getAuthId(user) {
+    return __authAdapter.getAuthId(user);
+}
+export function $getAuthIdSystem(_authName, authId) {
+    return authId;
+}

package/dist/lib/index.d.ts

@@ -0,0 +1,3 @@
+export * from './auth.ts';
+export * from './passport.ts';
+export * from './user.ts';

package/dist/lib/index.js

@@ -0,0 +1,3 @@
+export * from "./auth.js";
+export * from "./passport.js";
+export * from "./user.js";

package/dist/lib/passport.d.ts

@@ -0,0 +1,10 @@
+import type { TypeUseOnionOmitOptionsGlobal } from 'vona-module-a-onion';
+import type { IGuardOptionsAdmin } from '../bean/guard.admin.ts';
+import type { IGuardOptionsPassport } from '../bean/guard.passport.ts';
+declare function Public(options?: Partial<TypeUseOnionOmitOptionsGlobal<IGuardOptionsPassport>>): ClassDecorator & MethodDecorator;
+declare function Admin(options?: Partial<IGuardOptionsAdmin>): ClassDecorator & MethodDecorator;
+export declare const Passport: {
+    admin: typeof Admin;
+    public: typeof Public;
+};
+export {};

package/dist/lib/passport.js

@@ -0,0 +1,12 @@
+import { Aspect } from 'vona-module-a-aspect';
+function Public(options) {
+    const _public = options?.public === undefined ? true : options.public;
+    return Aspect.guardGlobal('a-user:passport', { public: _public });
+}
+function Admin(options) {
+    return Aspect.guard('a-user:admin', options);
+}
+export const Passport = {
+    admin: Admin,
+    public: Public,
+};

package/dist/lib/user.d.ts

@@ -0,0 +1,10 @@
+import type { ILocaleInfos } from 'vona';
+import type { TableIdentity } from 'vona-module-a-database';
+import type { IUserAdapter, IUserBase, IUserIdRecord } from '../types/user.ts';
+export declare function setUserAdapter(userAdapter: IUserAdapter): void;
+export declare function $getUserId(user: IUserBase): TableIdentity;
+export declare function $getUserName(user: IUserBase): string;
+export declare function $getUserAvatar(user: IUserBase): string | undefined;
+export declare function $getUserLocale(user: IUserBase): keyof ILocaleInfos | undefined;
+export declare function $getUserAnonymous(user: IUserBase): boolean;
+export declare function $getUserIdSystem<K extends keyof IUserIdRecord>(_userName: IUserIdRecord[K], userId: K): TableIdentity;

package/dist/lib/user.js

@@ -0,0 +1,22 @@
+let __userAdapter;
+export function setUserAdapter(userAdapter) {
+    __userAdapter = userAdapter;
+}
+export function $getUserId(user) {
+    return __userAdapter.getUserId(user);
+}
+export function $getUserName(user) {
+    return __userAdapter.getUserName(user);
+}
+export function $getUserAvatar(user) {
+    return __userAdapter.getUserAvatar(user);
+}
+export function $getUserLocale(user) {
+    return __userAdapter.getUserLocale(user);
+}
+export function $getUserAnonymous(user) {
+    return __userAdapter.getUserAnonymous(user);
+}
+export function $getUserIdSystem(_userName, userId) {
+    return userId;
+}

package/dist/types/auth.d.ts

@@ -0,0 +1,19 @@
+import type { TableIdentity } from 'vona-module-a-database';
+export interface IAuthIdRecord {
+    '-1': 'dev';
+    '-10000': 'mock';
+}
+export interface IAuthBase {
+    id: TableIdentity;
+}
+export interface IAuthAdapter {
+    getAuthId(user: IAuthBase): TableIdentity;
+}
+export type TypeAuthToken = 'recreate' | 'refresh' | 'nochange';
+export interface ISigninOptions {
+    /** default: refresh */
+    authToken?: TypeAuthToken;
+}
+export interface IAuthInnerAdapter {
+    get(auth: Partial<IAuthBase>): Promise<IAuthBase | undefined>;
+}

package/dist/types/auth.js

@@ -0,0 +1 @@
+export {};

package/dist/types/authProfile.d.ts

@@ -0,0 +1,19 @@
+export interface IAuthUserProfilePropSlice {
+    value: string;
+}
+export interface IAuthUserProfileName {
+    familyName?: string;
+    givenName?: string;
+    middleName?: string;
+}
+export interface IAuthUserProfile {
+    id: string;
+    username?: string;
+    displayName?: string;
+    name?: IAuthUserProfileName;
+    gender?: string;
+    profileUrl?: string;
+    emails?: IAuthUserProfilePropSlice[];
+    photos?: IAuthUserProfilePropSlice[];
+    confirmed?: boolean;
+}

package/dist/types/authProfile.js

@@ -0,0 +1 @@
+export {};

package/dist/types/authToken.d.ts

@@ -0,0 +1,10 @@
+import type { IPayloadDataBase } from 'vona-module-a-jwt';
+import type { IUserBase } from './user.ts';
+export interface IAuthTokenAdapter {
+    create(payloadData: IPayloadDataBase): Promise<IPayloadDataBase>;
+    retrieve(payloadData: IPayloadDataBase): Promise<IPayloadDataBase | undefined>;
+    verify(payloadData: IPayloadDataBase): Promise<boolean>;
+    refresh(payloadData: IPayloadDataBase): Promise<void>;
+    remove(payloadData: IPayloadDataBase): Promise<void>;
+    removeAll(user: IUserBase): Promise<void>;
+}

package/dist/types/authToken.js

@@ -0,0 +1 @@
+export {};

package/dist/types/index.d.ts

@@ -0,0 +1,5 @@
+export * from './auth.ts';
+export * from './authProfile.ts';
+export * from './authToken.ts';
+export * from './passport.ts';
+export * from './user.ts';

package/dist/types/index.js

@@ -0,0 +1,5 @@
+export * from "./auth.js";
+export * from "./authProfile.js";
+export * from "./authToken.js";
+export * from "./passport.js";
+export * from "./user.js";

package/dist/types/passport.d.ts

@@ -0,0 +1,18 @@
+import type { IPayloadDataBase } from 'vona-module-a-jwt';
+import type { IAuthBase } from './auth.ts';
+import type { IUserBase } from './user.ts';
+export interface IPassportBase {
+    user?: IUserBase;
+    auth?: IAuthBase;
+}
+export interface IPassportAdapter {
+    isAdmin(user: IUserBase): Promise<boolean>;
+    setCurrent(passport: IPassportBase | undefined): Promise<IPassportBase | undefined>;
+    serialize(passport: IPassportBase): Promise<IPayloadDataBase>;
+    deserialize(payloadData: IPayloadDataBase): Promise<IPassportBase | undefined>;
+}
+declare module 'vona' {
+    interface ContextState {
+        passport?: IPassportBase;
+    }
+}

package/dist/types/passport.js

@@ -0,0 +1 @@
+export {};

package/dist/types/user.d.ts

@@ -0,0 +1,24 @@
+import type { ILocaleInfos } from 'vona';
+import type { TableIdentity } from 'vona-module-a-database';
+import type { IAuthUserProfile } from './authProfile.ts';
+export interface IUserIdRecord {
+    '-1': 'anonymous';
+}
+export interface IUserBase {
+    id: TableIdentity;
+}
+export interface IUserAdapter {
+    getUserId(user: IUserBase): TableIdentity;
+    getUserName(user: IUserBase): string;
+    getUserAvatar(user: IUserBase): string | undefined;
+    getUserLocale(user: IUserBase): keyof ILocaleInfos | undefined;
+    getUserAnonymous(user: IUserBase): boolean;
+}
+export interface IUserInnerAdapter {
+    createByProfile(profile: IAuthUserProfile): Promise<IUserBase>;
+    createAnonymous(): Promise<IUserBase>;
+    getByName(name: string): Promise<IUserBase | undefined>;
+    get(user: Partial<IUserBase>): Promise<IUserBase | undefined>;
+    update(user: Partial<IUserBase>): Promise<void>;
+    delete(user: Partial<IUserBase>): Promise<void>;
+}

package/dist/types/user.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "vona-module-a-user",
   "type": "module",
-  "version": "5.0.8",
+  "version": "5.0.10",
   "title": "a-user",
   "vonaModule": {
     "dependencies": {}
@@ -25,8 +25,12 @@
     "dist",
     "static"
   ],
+  "devDependencies": {
+    "clean-package": "^2.2.0",
+    "rimraf": "^6.0.1"
+  },
   "scripts": {
-    "clean": "rimraf dist tsconfig.tsbuildinfo",
-    "tsc:publish": "npm run clean && tsc"
+    "clean": "rimraf dist tsconfig.build.tsbuildinfo",
+    "tsc:publish": "npm run clean && tsc -p tsconfig.build.json"
   }
 }