vona-module-a-user 5.0.9 → 5.0.11

package/dist/.metadata/index.d.ts

@@ -0,0 +1,129 @@
+import type { BeanScopeUtil, TypeModuleConfig } from 'vona';
+import type { EventOn } from 'vona-module-a-event';
+/** bean: end */
+/** bean: begin */
+import type { BeanAuthInner } from '../bean/bean.authInner.ts';
+import type { BeanPassport } from '../bean/bean.passport.ts';
+import type { BeanUserInner } from '../bean/bean.userInner.ts';
+/** event: end */
+/** event: begin */
+import type { EventCreateUserAnonymous } from '../bean/event.createUserAnonymous.ts';
+/** event: end */
+/** event: begin */
+import type { TypeEventCreateUserAnonymousData, TypeEventCreateUserAnonymousResult } from '../bean/event.createUserAnonymous.ts';
+import type { EventSignin } from '../bean/event.signin.ts';
+import type { TypeEventSigninData, TypeEventSigninResult } from '../bean/event.signin.ts';
+import type { EventSignout } from '../bean/event.signout.ts';
+import type { TypeEventSignoutData, TypeEventSignoutResult } from '../bean/event.signout.ts';
+/** guard: end */
+/** bean: begin */
+import type { IGuardOptionsAdmin } from '../bean/guard.admin.ts';
+import type { IGuardOptionsPassport } from '../bean/guard.passport.ts';
+import type { config } from '../config/config.ts';
+/** config: end */
+/** scope: begin */
+import { BeanScopeBase } from 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+import 'vona';
+export * from '../bean/bean.authInner.ts';
+export * from '../bean/bean.passport.ts';
+declare module 'vona-module-a-aspect' {
+    interface IGuardRecordGlobal {
+        'a-user:passport': IGuardOptionsPassport;
+    }
+    interface IGuardRecordLocal {
+        'a-user:admin': IGuardOptionsAdmin;
+    }
+}
+declare module 'vona-module-a-user' {
+    interface GuardAdmin {
+    }
+    interface GuardPassport {
+    }
+}
+export * from '../bean/bean.userInner.ts';
+/** bean: end */
+/** event: begin */
+export * from '../bean/event.createUserAnonymous.ts';
+export * from '../bean/event.signin.ts';
+declare module 'vona' {
+}
+declare module 'vona-module-a-user' {
+    interface BeanAuthInner {
+    }
+    interface BeanPassport {
+    }
+    interface BeanUserInner {
+    }
+}
+declare module 'vona' {
+    interface IBeanRecordGlobal {
+        authInner: BeanAuthInner;
+        passport: BeanPassport;
+        userInner: BeanUserInner;
+    }
+}
+export * from '../bean/event.signout.ts';
+/** guard: begin */
+export * from '../bean/guard.admin.ts';
+export * from '../bean/guard.passport.ts';
+declare module 'vona' {
+}
+declare module 'vona-module-a-user' {
+    interface EventCreateUserAnonymous {
+    }
+    interface EventSignin {
+    }
+    interface EventSignout {
+    }
+}
+export interface IModuleEvent {
+    createUserAnonymous: EventCreateUserAnonymous;
+    signin: EventSignin;
+    signout: EventSignout;
+}
+declare module 'vona-module-a-event' {
+    interface IEventRecord {
+        'a-user:createUserAnonymous': EventOn<TypeEventCreateUserAnonymousData, TypeEventCreateUserAnonymousResult>;
+        'a-user:signin': EventOn<TypeEventSigninData, TypeEventSigninResult>;
+        'a-user:signout': EventOn<TypeEventSignoutData, TypeEventSignoutResult>;
+    }
+}
+/** event: end */
+/** meta: begin */
+export * from '../bean/meta.printTip.ts';
+declare module 'vona' {
+    interface IMetaRecord {
+        'a-user:printTip': never;
+    }
+}
+declare module 'vona-module-a-user' {
+    interface MetaPrintTip {
+    }
+}
+/** meta: end */
+/** config: begin */
+export * from '../config/config.ts';
+export declare class ScopeModuleAUser extends BeanScopeBase {
+}
+export interface ScopeModuleAUser {
+    util: BeanScopeUtil;
+    config: TypeModuleConfig<typeof config>;
+    event: IModuleEvent;
+}
+declare module 'vona' {
+    interface IBeanScopeRecord {
+        'a-user': ScopeModuleAUser;
+    }
+    interface IBeanScopeContainer {
+        user: ScopeModuleAUser;
+    }
+    interface IBeanScopeConfig {
+        'a-user': ReturnType<typeof config>;
+    }
+}
+/** scope: end */

package/dist/.metadata/this.d.ts

@@ -0,0 +1,2 @@
+export declare const __ThisModule__ = "a-user";
+export { ScopeModuleAUser as ScopeModule } from './index.ts';

package/dist/bean/bean.authInner.d.ts

@@ -0,0 +1,7 @@
+import type { IAuthBase } from '../types/auth.ts';
+import { BeanBase } from 'vona';
+export declare class BeanAuthInner extends BeanBase {
+    private _authInnerAdapter;
+    private get authInnerAdapter();
+    get(auth: Partial<IAuthBase>): Promise<IAuthBase | undefined>;
+}

package/dist/bean/bean.passport.d.ts

@@ -0,0 +1,33 @@
+import type { IJwtClientRecord, IJwtSignOptions, IJwtToken, IPayloadDataBase } from 'vona-module-a-jwt';
+import type { IAuthBase, IAuthIdRecord, ISigninOptions } from '../types/auth.ts';
+import type { IPassportBase } from '../types/passport.ts';
+import type { IUserBase } from '../types/user.ts';
+import { BeanBase } from 'vona';
+export declare class BeanPassport extends BeanBase {
+    private _authTokenAdapter;
+    private _passportAdapter;
+    private _mockCounter;
+    private get authTokenAdapter();
+    private get passportAdapter();
+    get isAuthenticated(): boolean;
+    isAdmin(): Promise<boolean>;
+    setCurrent(passport: IPassportBase | undefined): Promise<void>;
+    getCurrent(): IPassportBase | undefined;
+    getCurrentUser(): IUserBase | undefined;
+    getCurrentAuth(): IAuthBase | undefined;
+    signin(passport: IPassportBase, options?: ISigninOptions): Promise<IJwtToken>;
+    signout(): Promise<void>;
+    signinSystem<K extends keyof IAuthIdRecord>(authName: IAuthIdRecord[K], authId: K, name?: string, options?: ISigninOptions): Promise<IJwtToken>;
+    signinMock(name?: string, options?: ISigninOptions): Promise<IJwtToken>;
+    signinWithAnonymous(): Promise<void>;
+    createUserAnonymous(): Promise<IUserBase>;
+    kickOut(user: IUserBase): Promise<void>;
+    checkAuthToken(accessToken?: string, clientName?: keyof IJwtClientRecord): Promise<IPayloadDataBase | undefined>;
+    refreshAuthToken(refreshToken: string): Promise<IJwtToken>;
+    createTempAuthToken(options?: IJwtSignOptions): Promise<string>;
+    createOauthAuthToken(options?: IJwtSignOptions): Promise<string>;
+    createOauthCode(accessToken: string, options?: IJwtSignOptions): Promise<string>;
+    createAuthTokenFromOauthCode(code: string): Promise<IJwtToken>;
+    private _passportSerialize;
+    private _handlePayloadData;
+}

package/dist/bean/bean.userInner.d.ts

@@ -0,0 +1,13 @@
+import type { IAuthUserProfile } from '../types/authProfile.ts';
+import type { IUserBase } from '../types/user.ts';
+import { BeanBase } from 'vona';
+export declare class BeanUserInner extends BeanBase {
+    private _userInnerAdapter;
+    private get userInnerAdapter();
+    createByProfile(profile: IAuthUserProfile): Promise<IUserBase>;
+    createAnonymous(): Promise<IUserBase>;
+    getByName(name: string): Promise<IUserBase | undefined>;
+    get(user: Partial<IUserBase>): Promise<IUserBase | undefined>;
+    update(user: Partial<IUserBase>): Promise<void>;
+    delete(user: Partial<IUserBase>): Promise<void>;
+}

package/dist/bean/event.createUserAnonymous.d.ts

@@ -0,0 +1,6 @@
+import type { IUserBase } from '../types/user.ts';
+import { BeanEventBase } from 'vona-module-a-event';
+export type TypeEventCreateUserAnonymousData = IUserBase;
+export type TypeEventCreateUserAnonymousResult = void;
+export declare class EventCreateUserAnonymous extends BeanEventBase<TypeEventCreateUserAnonymousData, TypeEventCreateUserAnonymousResult> {
+}

package/dist/bean/event.signin.d.ts

@@ -0,0 +1,6 @@
+import type { IPassportBase } from '../types/passport.ts';
+import { BeanEventBase } from 'vona-module-a-event';
+export type TypeEventSigninData = IPassportBase;
+export type TypeEventSigninResult = void;
+export declare class EventSignin extends BeanEventBase<TypeEventSigninData, TypeEventSigninResult> {
+}

package/dist/bean/event.signout.d.ts

@@ -0,0 +1,6 @@
+import type { IPassportBase } from '../types/passport.ts';
+import { BeanEventBase } from 'vona-module-a-event';
+export type TypeEventSignoutData = IPassportBase;
+export type TypeEventSignoutResult = void;
+export declare class EventSignout extends BeanEventBase<TypeEventSignoutData, TypeEventSignoutResult> {
+}

package/dist/bean/guard.admin.d.ts

@@ -0,0 +1,10 @@
+import type { Next } from 'vona';
+import type { IDecoratorGuardOptions, IGuardExecute } from 'vona-module-a-aspect';
+import { BeanBase } from 'vona';
+export interface IGuardOptionsAdmin extends IDecoratorGuardOptions {
+    admin: boolean;
+    passWhenAdmin: boolean;
+}
+export declare class GuardAdmin extends BeanBase implements IGuardExecute {
+    execute(options: IGuardOptionsAdmin, next: Next): Promise<boolean>;
+}

package/dist/bean/guard.passport.d.ts

@@ -0,0 +1,10 @@
+import type { Next } from 'vona';
+import type { IDecoratorGuardOptionsGlobal, IGuardExecute } from 'vona-module-a-aspect';
+import { BeanBase } from 'vona';
+export interface IGuardOptionsPassport extends IDecoratorGuardOptionsGlobal {
+    public: boolean;
+    checkAuthToken: boolean;
+}
+export declare class GuardPassport extends BeanBase implements IGuardExecute {
+    execute(options: IGuardOptionsPassport, next: Next): Promise<boolean>;
+}

package/dist/bean/meta.printTip.d.ts

@@ -0,0 +1,5 @@
+import type { IMetaPrintTipExecute, TypeMetaPrintTipResult } from 'vona-module-a-printtip';
+import { BeanBase } from 'vona';
+export declare class MetaPrintTip extends BeanBase implements IMetaPrintTipExecute {
+    execute(): Promise<TypeMetaPrintTipResult>;
+}

package/dist/config/config.d.ts

@@ -0,0 +1,14 @@
+import type { VonaApplication } from 'vona';
+import type { IServiceRecord } from 'vona-module-a-web';
+import type { TypeAuthToken } from '../types/auth.ts';
+export declare function config(_app: VonaApplication): {
+    passport: {
+        refreshAuthToken: TypeAuthToken;
+    };
+    adapter: {
+        authToken: keyof IServiceRecord;
+        passport: keyof IServiceRecord;
+        userInner: keyof IServiceRecord;
+        authInner: keyof IServiceRecord;
+    };
+};

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from './.metadata/index.ts';
+export * from './lib/index.ts';
+export * from './types/index.ts';

package/dist/index.js

@@ -0,0 +1,414 @@
+import { BeanInfo, BeanBase, beanFullNameFromOnionName, BeanScopeBase } from 'vona';
+import { Bean, Scope } from 'vona-module-a-bean';
+import { catchError } from '@cabloy/utils';
+import { Event, BeanEventBase } from 'vona-module-a-event';
+import { Guard, Aspect } from 'vona-module-a-aspect';
+import { Meta } from 'vona-module-a-meta';
+
+var _dec$9, _dec2$9, _class$9;
+let BeanAuthInner = (_dec$9 = Bean(), _dec2$9 = BeanInfo({
+  module: "a-user"
+}), _dec$9(_class$9 = _dec2$9(_class$9 = class BeanAuthInner extends BeanBase {
+  constructor(...args) {
+    super(...args);
+    this._authInnerAdapter = void 0;
+  }
+  get authInnerAdapter() {
+    if (!this._authInnerAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authInner, 'service');
+      this._authInnerAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._authInnerAdapter;
+  }
+  async get(auth) {
+    if (String(auth.id).charAt(0) === '-') return auth;
+    return await this.authInnerAdapter.get(auth);
+  }
+}) || _class$9) || _class$9);
+
+let __authAdapter;
+function setAuthAdapter(authAdapter) {
+  __authAdapter = authAdapter;
+}
+function $getAuthId(user) {
+  return __authAdapter.getAuthId(user);
+}
+function $getAuthIdSystem(_authName, authId) {
+  return authId;
+}
+
+let __userAdapter;
+function setUserAdapter(userAdapter) {
+  __userAdapter = userAdapter;
+}
+function $getUserId(user) {
+  return __userAdapter.getUserId(user);
+}
+function $getUserName(user) {
+  return __userAdapter.getUserName(user);
+}
+function $getUserAvatar(user) {
+  return __userAdapter.getUserAvatar(user);
+}
+function $getUserLocale(user) {
+  return __userAdapter.getUserLocale(user);
+}
+function $getUserAnonymous(user) {
+  return __userAdapter.getUserAnonymous(user);
+}
+function $getUserIdSystem(_userName, userId) {
+  return userId;
+}
+
+var _dec$8, _dec2$8, _class$8;
+let BeanPassport = (_dec$8 = Bean(), _dec2$8 = BeanInfo({
+  module: "a-user"
+}), _dec$8(_class$8 = _dec2$8(_class$8 = class BeanPassport extends BeanBase {
+  constructor(...args) {
+    super(...args);
+    this._authTokenAdapter = void 0;
+    this._passportAdapter = void 0;
+    this._mockCounter = 0;
+  }
+  get authTokenAdapter() {
+    if (!this._authTokenAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.authToken, 'service');
+      this._authTokenAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._authTokenAdapter;
+  }
+  get passportAdapter() {
+    if (!this._passportAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.passport, 'service');
+      this._passportAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._passportAdapter;
+  }
+  get isAuthenticated() {
+    const user = this.getCurrentUser();
+    return !!user && !$getUserAnonymous(user);
+  }
+  async isAdmin() {
+    const user = this.getCurrentUser();
+    return !!user && this.isAuthenticated && (await this.passportAdapter.isAdmin(user));
+  }
+  async setCurrent(passport) {
+    this.ctx.state.passport = await this.passportAdapter.setCurrent(passport);
+  }
+  getCurrent() {
+    return this.ctx.state.passport;
+  }
+  getCurrentUser() {
+    return this.ctx.state.passport?.user;
+  }
+  getCurrentAuth() {
+    return this.ctx.state.passport?.auth;
+  }
+  async signin(passport, options) {
+    // current
+    await this.setCurrent(passport);
+    // event
+    await this.scope.event.signin.emit(passport);
+    // serialize: payloadData for client certificate
+    const payloadData = await this._passportSerialize(passport, options);
+    // jwt token
+    return await this.bean.jwt.create(payloadData, {
+      dev: passport.auth?.id.toString() === '-1'
+    });
+  }
+  async signout() {
+    // current
+    const passport = this.getCurrent();
+    if (!passport) return;
+    // removeAuthToken
+    const payloadData = await this.passportAdapter.serialize(passport);
+    await this.authTokenAdapter.remove(payloadData);
+    // event
+    await this.scope.event.signout.emit(passport);
+    // ok
+    await this.setCurrent(undefined);
+  }
+  async signinSystem(authName, authId, name, options) {
+    const user = await this.bean.userInner.getByName(name ?? 'admin');
+    if (!user) return this.app.throw(401);
+    const auth = {
+      id: $getAuthIdSystem(authName, authId)
+    };
+    const passport = {
+      user,
+      auth
+    };
+    return await this.signin(passport, options);
+  }
+  async signinMock(name, options) {
+    return await this.signinSystem('mock', -1e4 - ++this._mockCounter, name, options);
+  }
+  async signinWithAnonymous() {
+    const userAnonymous = await this.createUserAnonymous();
+    const passport = {
+      user: userAnonymous,
+      auth: undefined
+    };
+    await this.setCurrent(passport);
+  }
+  async createUserAnonymous() {
+    const userAnonymous = await this.bean.userInner.createAnonymous();
+    // event
+    await this.scope.event.createUserAnonymous.emit(userAnonymous);
+    // ok
+    return userAnonymous;
+  }
+  async kickOut(user) {
+    await this.authTokenAdapter.removeAll(user);
+  }
+  async checkAuthToken(accessToken, clientName) {
+    clientName = clientName ?? 'access';
+    const [payloadData, err] = await catchError(() => {
+      return this.bean.jwt.get(clientName).verify(accessToken);
+    });
+    if (err) {
+      if (['access', 'refresh'].includes(clientName)) {
+        err.code = 401;
+      }
+      throw err;
+    }
+    if (!payloadData) return; // no jwt token
+    const verified = await this.authTokenAdapter.verify(payloadData);
+    if (!verified) return this.app.throw(401);
+    const passport = await this.passportAdapter.deserialize(payloadData);
+    if (!passport) return this.app.throw(401);
+    await this.setCurrent(passport);
+    return payloadData;
+  }
+  async refreshAuthToken(refreshToken) {
+    // checkAuthToken by code
+    let payloadData = await this.checkAuthToken(refreshToken, 'refresh');
+    if (!payloadData) return this.app.throw(401);
+    // refreshAuthToken
+    const configRefreshAuthToken = this.scope.config.passport.refreshAuthToken;
+    payloadData = await this._handlePayloadData(payloadData, {
+      authToken: configRefreshAuthToken
+    });
+    // jwt token
+    return await this.bean.jwt.create(payloadData);
+  }
+
+  // only created by accessToken
+  async createTempAuthToken(options) {
+    // current
+    const passport = this.getCurrent();
+    if (!passport) return this.app.throw(401);
+    // payloadData
+    const payloadData = await this._passportSerialize(passport, {
+      authToken: 'nochange'
+    });
+    // jwt token
+    return await this.bean.jwt.createTemp(payloadData, options);
+  }
+  async createOauthAuthToken(options) {
+    // current
+    const passport = this.getCurrent();
+    if (!passport) return this.app.throw(401);
+    // payloadData
+    const payloadData = await this._passportSerialize(passport, {
+      authToken: 'nochange'
+    });
+    // jwt token
+    return await this.bean.jwt.createOauth(payloadData, options);
+  }
+  async createOauthCode(accessToken, options) {
+    // payloadData
+    const payloadData = await this.bean.jwt.get('access').verify(accessToken);
+    if (!payloadData) return this.app.throw(401);
+    // create
+    return await this.bean.jwt.createOauthCode(payloadData, options);
+  }
+  async createAuthTokenFromOauthCode(code) {
+    // checkAuthToken by code
+    const payloadData = await this.checkAuthToken(code, 'code');
+    if (!payloadData) return this.app.throw(401);
+    // jwt token
+    return await this.bean.jwt.create(payloadData);
+  }
+  async _passportSerialize(passport, options) {
+    // serialize
+    const payloadData = await this.passportAdapter.serialize(passport);
+    return await this._handlePayloadData(payloadData, options);
+  }
+  async _handlePayloadData(payloadData, options) {
+    // auth token
+    const authToken = options?.authToken ?? 'refresh';
+    if (authToken === 'recreate') {
+      return await this.authTokenAdapter.create(payloadData);
+    } else {
+      const payloadData2 = await this.authTokenAdapter.retrieve(payloadData);
+      if (!payloadData2) {
+        return await this.authTokenAdapter.create(payloadData);
+      }
+      if (authToken === 'refresh') {
+        await this.authTokenAdapter.refresh(payloadData2);
+      }
+      return payloadData2;
+    }
+  }
+}) || _class$8) || _class$8);
+
+var _dec$7, _dec2$7, _class$7;
+let BeanUserInner = (_dec$7 = Bean(), _dec2$7 = BeanInfo({
+  module: "a-user"
+}), _dec$7(_class$7 = _dec2$7(_class$7 = class BeanUserInner extends BeanBase {
+  constructor(...args) {
+    super(...args);
+    this._userInnerAdapter = void 0;
+  }
+  get userInnerAdapter() {
+    if (!this._userInnerAdapter) {
+      const beanFullName = beanFullNameFromOnionName(this.scope.config.adapter.userInner, 'service');
+      this._userInnerAdapter = this.bean._getBean(beanFullName);
+    }
+    return this._userInnerAdapter;
+  }
+  createByProfile(profile) {
+    return this.userInnerAdapter.createByProfile(profile);
+  }
+  createAnonymous() {
+    return this.userInnerAdapter.createAnonymous();
+  }
+  getByName(name) {
+    return this.userInnerAdapter.getByName(name);
+  }
+  get(user) {
+    return this.userInnerAdapter.get(user);
+  }
+  update(user) {
+    return this.userInnerAdapter.update(user);
+  }
+  delete(user) {
+    return this.userInnerAdapter.delete(user);
+  }
+}) || _class$7) || _class$7);
+
+var _dec$6, _dec2$6, _class$6;
+let EventCreateUserAnonymous = (_dec$6 = Event(), _dec2$6 = BeanInfo({
+  module: "a-user"
+}), _dec$6(_class$6 = _dec2$6(_class$6 = class EventCreateUserAnonymous extends BeanEventBase {}) || _class$6) || _class$6);
+
+var _dec$5, _dec2$5, _class$5;
+let EventSignin = (_dec$5 = Event(), _dec2$5 = BeanInfo({
+  module: "a-user"
+}), _dec$5(_class$5 = _dec2$5(_class$5 = class EventSignin extends BeanEventBase {}) || _class$5) || _class$5);
+
+var _dec$4, _dec2$4, _class$4;
+let EventSignout = (_dec$4 = Event(), _dec2$4 = BeanInfo({
+  module: "a-user"
+}), _dec$4(_class$4 = _dec2$4(_class$4 = class EventSignout extends BeanEventBase {}) || _class$4) || _class$4);
+
+var _dec$3, _dec2$3, _class$3;
+let GuardAdmin = (_dec$3 = Guard({
+  admin: true,
+  passWhenAdmin: true
+}), _dec2$3 = BeanInfo({
+  module: "a-user"
+}), _dec$3(_class$3 = _dec2$3(_class$3 = class GuardAdmin extends BeanBase {
+  async execute(options, next) {
+    if (options.admin) {
+      const isAdmin = await this.bean.passport.isAdmin();
+      if (!isAdmin) return this.app.throw(403);
+      if (options.passWhenAdmin) return true;
+    }
+    // next
+    return next();
+  }
+}) || _class$3) || _class$3);
+
+var _dec$2, _dec2$2, _class$2;
+let GuardPassport = (_dec$2 = Guard({
+  global: true,
+  public: false,
+  checkAuthToken: true
+}), _dec2$2 = BeanInfo({
+  module: "a-user"
+}), _dec$2(_class$2 = _dec2$2(_class$2 = class GuardPassport extends BeanBase {
+  async execute(options, next) {
+    // auth token
+    if (!this.bean.passport.getCurrent()) {
+      if (options.checkAuthToken) {
+        // will return undefined if no accessToken, so not check options.public
+        const [_, err] = await catchError(() => {
+          return this.bean.passport.checkAuthToken();
+        });
+        if (err && !options.public) throw err;
+      }
+    }
+    // check current
+    if (!this.bean.passport.getCurrent()) {
+      await this.bean.passport.signinWithAnonymous();
+    }
+    if (!options.public && !this.bean.passport.isAuthenticated) {
+      // return false;
+      // 401 for this guard,403 for the next guards
+      return this.app.throw(401);
+    }
+    // check innerAccess
+    if (this.ctx.innerAccess) return true;
+    // next
+    return next();
+  }
+}) || _class$2) || _class$2);
+
+var _dec$1, _dec2$1, _class$1;
+let MetaPrintTip = (_dec$1 = Meta(), _dec2$1 = BeanInfo({
+  module: "a-user"
+}), _dec$1(_class$1 = _dec2$1(_class$1 = class MetaPrintTip extends BeanBase {
+  async execute() {
+    if (!this.app.meta.isLocal) return;
+    // signin
+    const jwt = await this.app.bean.executor.newCtx(async () => {
+      return await this.bean.passport.signinSystem('dev', '-1');
+    }, {
+      instanceName: ''
+    });
+    const accessToken = jwt.accessToken;
+    return {
+      title: 'access token [admin] [dev]',
+      path: `Bearer ${accessToken}`
+    };
+  }
+}) || _class$1) || _class$1);
+
+function config(_app) {
+  return {
+    passport: {
+      refreshAuthToken: 'recreate'
+    },
+    adapter: {
+      authToken: 'home-user:authTokenAdapter',
+      passport: 'home-user:passportAdapter',
+      userInner: 'home-user:userInnerAdapter',
+      authInner: 'home-user:authInnerAdapter'
+    }
+  };
+}
+
+var _dec, _dec2, _class;
+let ScopeModuleAUser = (_dec = Scope(), _dec2 = BeanInfo({
+  module: "a-user"
+}), _dec(_class = _dec2(_class = class ScopeModuleAUser extends BeanScopeBase {}) || _class) || _class);
+
+/** scope: end */
+
+function Public(options) {
+  const _public = options?.public === undefined ? true : options.public;
+  return Aspect.guardGlobal('a-user:passport', {
+    public: _public
+  });
+}
+function Admin(options) {
+  return Aspect.guard('a-user:admin', options);
+}
+const Passport = {
+  admin: Admin,
+  public: Public
+};
+
+export { $getAuthId, $getAuthIdSystem, $getUserAnonymous, $getUserAvatar, $getUserId, $getUserIdSystem, $getUserLocale, $getUserName, BeanAuthInner, BeanPassport, BeanUserInner, EventCreateUserAnonymous, EventSignin, EventSignout, GuardAdmin, GuardPassport, MetaPrintTip, Passport, ScopeModuleAUser, config, setAuthAdapter, setUserAdapter };

package/dist/lib/auth.d.ts

@@ -0,0 +1,5 @@
+import type { TableIdentity } from 'vona-module-a-database';
+import type { IAuthAdapter, IAuthBase, IAuthIdRecord } from '../types/auth.ts';
+export declare function setAuthAdapter(authAdapter: IAuthAdapter): void;
+export declare function $getAuthId(user: IAuthBase): TableIdentity;
+export declare function $getAuthIdSystem<K extends keyof IAuthIdRecord>(_authName: IAuthIdRecord[K], authId: K): TableIdentity;

package/dist/lib/index.d.ts

@@ -0,0 +1,3 @@
+export * from './auth.ts';
+export * from './passport.ts';
+export * from './user.ts';

package/dist/lib/passport.d.ts

@@ -0,0 +1,10 @@
+import type { TypeUseOnionOmitOptionsGlobal } from 'vona-module-a-onion';
+import type { IGuardOptionsAdmin } from '../bean/guard.admin.ts';
+import type { IGuardOptionsPassport } from '../bean/guard.passport.ts';
+declare function Public(options?: Partial<TypeUseOnionOmitOptionsGlobal<IGuardOptionsPassport>>): ClassDecorator & MethodDecorator;
+declare function Admin(options?: Partial<IGuardOptionsAdmin>): ClassDecorator & MethodDecorator;
+export declare const Passport: {
+    admin: typeof Admin;
+    public: typeof Public;
+};
+export {};

package/dist/lib/user.d.ts

@@ -0,0 +1,10 @@
+import type { ILocaleInfos } from 'vona';
+import type { TableIdentity } from 'vona-module-a-database';
+import type { IUserAdapter, IUserBase, IUserIdRecord } from '../types/user.ts';
+export declare function setUserAdapter(userAdapter: IUserAdapter): void;
+export declare function $getUserId(user: IUserBase): TableIdentity;
+export declare function $getUserName(user: IUserBase): string;
+export declare function $getUserAvatar(user: IUserBase): string | undefined;
+export declare function $getUserLocale(user: IUserBase): keyof ILocaleInfos | undefined;
+export declare function $getUserAnonymous(user: IUserBase): boolean;
+export declare function $getUserIdSystem<K extends keyof IUserIdRecord>(_userName: IUserIdRecord[K], userId: K): TableIdentity;

package/dist/types/auth.d.ts

@@ -0,0 +1,19 @@
+import type { TableIdentity } from 'vona-module-a-database';
+export interface IAuthIdRecord {
+    '-1': 'dev';
+    '-10000': 'mock';
+}
+export interface IAuthBase {
+    id: TableIdentity;
+}
+export interface IAuthAdapter {
+    getAuthId(user: IAuthBase): TableIdentity;
+}
+export type TypeAuthToken = 'recreate' | 'refresh' | 'nochange';
+export interface ISigninOptions {
+    /** default: refresh */
+    authToken?: TypeAuthToken;
+}
+export interface IAuthInnerAdapter {
+    get(auth: Partial<IAuthBase>): Promise<IAuthBase | undefined>;
+}

package/dist/types/authProfile.d.ts

@@ -0,0 +1,19 @@
+export interface IAuthUserProfilePropSlice {
+    value: string;
+}
+export interface IAuthUserProfileName {
+    familyName?: string;
+    givenName?: string;
+    middleName?: string;
+}
+export interface IAuthUserProfile {
+    id: string;
+    username?: string;
+    displayName?: string;
+    name?: IAuthUserProfileName;
+    gender?: string;
+    profileUrl?: string;
+    emails?: IAuthUserProfilePropSlice[];
+    photos?: IAuthUserProfilePropSlice[];
+    confirmed?: boolean;
+}

package/dist/types/authToken.d.ts

@@ -0,0 +1,10 @@
+import type { IPayloadDataBase } from 'vona-module-a-jwt';
+import type { IUserBase } from './user.ts';
+export interface IAuthTokenAdapter {
+    create(payloadData: IPayloadDataBase): Promise<IPayloadDataBase>;
+    retrieve(payloadData: IPayloadDataBase): Promise<IPayloadDataBase | undefined>;
+    verify(payloadData: IPayloadDataBase): Promise<boolean>;
+    refresh(payloadData: IPayloadDataBase): Promise<void>;
+    remove(payloadData: IPayloadDataBase): Promise<void>;
+    removeAll(user: IUserBase): Promise<void>;
+}

package/dist/types/index.d.ts

@@ -0,0 +1,5 @@
+export * from './auth.ts';
+export * from './authProfile.ts';
+export * from './authToken.ts';
+export * from './passport.ts';
+export * from './user.ts';

package/dist/types/passport.d.ts

@@ -0,0 +1,18 @@
+import type { IPayloadDataBase } from 'vona-module-a-jwt';
+import type { IAuthBase } from './auth.ts';
+import type { IUserBase } from './user.ts';
+export interface IPassportBase {
+    user?: IUserBase;
+    auth?: IAuthBase;
+}
+export interface IPassportAdapter {
+    isAdmin(user: IUserBase): Promise<boolean>;
+    setCurrent(passport: IPassportBase | undefined): Promise<IPassportBase | undefined>;
+    serialize(passport: IPassportBase): Promise<IPayloadDataBase>;
+    deserialize(payloadData: IPayloadDataBase): Promise<IPassportBase | undefined>;
+}
+declare module 'vona' {
+    interface ContextState {
+        passport?: IPassportBase;
+    }
+}

package/dist/types/user.d.ts

@@ -0,0 +1,24 @@
+import type { ILocaleInfos } from 'vona';
+import type { TableIdentity } from 'vona-module-a-database';
+import type { IAuthUserProfile } from './authProfile.ts';
+export interface IUserIdRecord {
+    '-1': 'anonymous';
+}
+export interface IUserBase {
+    id: TableIdentity;
+}
+export interface IUserAdapter {
+    getUserId(user: IUserBase): TableIdentity;
+    getUserName(user: IUserBase): string;
+    getUserAvatar(user: IUserBase): string | undefined;
+    getUserLocale(user: IUserBase): keyof ILocaleInfos | undefined;
+    getUserAnonymous(user: IUserBase): boolean;
+}
+export interface IUserInnerAdapter {
+    createByProfile(profile: IAuthUserProfile): Promise<IUserBase>;
+    createAnonymous(): Promise<IUserBase>;
+    getByName(name: string): Promise<IUserBase | undefined>;
+    get(user: Partial<IUserBase>): Promise<IUserBase | undefined>;
+    update(user: Partial<IUserBase>): Promise<void>;
+    delete(user: Partial<IUserBase>): Promise<void>;
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "vona-module-a-user",
   "type": "module",
-  "version": "5.0.9",
+  "version": "5.0.11",
   "title": "a-user",
   "vonaModule": {
     "dependencies": {}
@@ -25,8 +25,12 @@
     "dist",
     "static"
   ],
+  "devDependencies": {
+    "clean-package": "^2.2.0",
+    "rimraf": "^6.0.1"
+  },
   "scripts": {
-    "clean": "rimraf dist tsconfig.tsbuildinfo",
-    "tsc:publish": "npm run clean && tsc"
+    "clean": "rimraf dist tsconfig.build.tsbuildinfo",
+    "tsc:publish": "npm run clean && vona :bin:buildModule && tsc -p tsconfig.build.json"
   }
 }