wabe 0.6.13 → 0.6.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/OTP.d.ts +10 -6
- package/dist/authentication/interface.d.ts +3 -5
- package/dist/authentication/security.d.ts +1 -2
- package/dist/database/DatabaseController.d.ts +13 -2
- package/dist/database/interface.d.ts +2 -0
- package/dist/file/FileDevAdapter.d.ts +1 -0
- package/dist/graphql/pointerAndRelationFunction.d.ts +6 -0
- package/dist/index.js +4183 -3809
- package/dist/schema/Schema.d.ts +2 -2
- package/dist/server/generateCodegen.d.ts +27 -0
- package/dist/server/index.d.ts +7 -1
- package/dist/utils/objectKeys.d.ts +1 -0
- package/package.json +4 -4
- package/dist/schema/resolvers/sendEmail.d.ts +0 -1
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
import type { TOTP } from "otplib/core";
|
|
2
|
+
import type { WabeContext } from "../server/interface";
|
|
3
|
+
export declare const generateOtpSalt: () => string;
|
|
4
|
+
export declare const getOrCreateOtpSalt: (context: WabeContext<any>, userId: string) => Promise<string>;
|
|
2
5
|
export declare class OTP {
|
|
3
6
|
private secret;
|
|
4
7
|
internalTotp: TOTP;
|
|
5
8
|
constructor(rootKey: string);
|
|
6
|
-
deriveSecret(userId: string): string;
|
|
7
|
-
generate(userId: string): string;
|
|
8
|
-
verify(otp: string, userId: string): boolean;
|
|
9
|
-
authenticatorGenerate(userId: string): string;
|
|
10
|
-
authenticatorVerify(otp: string, userId: string): boolean;
|
|
11
|
-
generateKeyuri({ userId, emailOrUsername, applicationName }: {
|
|
9
|
+
deriveSecret(userId: string, salt?: string): string;
|
|
10
|
+
generate(userId: string, salt?: string): string;
|
|
11
|
+
verify(otp: string, userId: string, salt?: string): boolean;
|
|
12
|
+
authenticatorGenerate(userId: string, salt?: string): string;
|
|
13
|
+
authenticatorVerify(otp: string, userId: string, salt?: string): boolean;
|
|
14
|
+
generateKeyuri({ userId, emailOrUsername, applicationName, salt }: {
|
|
12
15
|
userId: string;
|
|
13
16
|
emailOrUsername: string;
|
|
14
17
|
applicationName: string;
|
|
18
|
+
salt?: string;
|
|
15
19
|
}): string;
|
|
16
20
|
}
|
|
@@ -123,7 +123,7 @@ export interface SessionConfig<T extends WabeTypes> {
|
|
|
123
123
|
}
|
|
124
124
|
export interface AuthenticationRateLimitConfig {
|
|
125
125
|
/**
|
|
126
|
-
* Enable this rate limiter. Enabled by default
|
|
126
|
+
* Enable this rate limiter. Enabled by default.
|
|
127
127
|
*/
|
|
128
128
|
enabled?: boolean;
|
|
129
129
|
maxAttempts?: number;
|
|
@@ -134,11 +134,9 @@ export interface AuthenticationSecurityConfig {
|
|
|
134
134
|
signInRateLimit?: AuthenticationRateLimitConfig;
|
|
135
135
|
signUpRateLimit?: AuthenticationRateLimitConfig;
|
|
136
136
|
verifyChallengeRateLimit?: AuthenticationRateLimitConfig;
|
|
137
|
+
sendOtpCodeRateLimit?: AuthenticationRateLimitConfig;
|
|
138
|
+
resetPasswordRateLimit?: AuthenticationRateLimitConfig;
|
|
137
139
|
mfaChallengeTtlMs?: number;
|
|
138
|
-
/**
|
|
139
|
-
* Require a valid challenge token during verifyChallenge in production.
|
|
140
|
-
*/
|
|
141
|
-
requireMfaChallengeInProduction?: boolean;
|
|
142
140
|
}
|
|
143
141
|
export interface AuthenticationConfig<T extends WabeTypes> {
|
|
144
142
|
session?: SessionConfig<T>;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import type { WabeContext } from "../server/interface";
|
|
2
2
|
import type { WabeTypes } from "../server";
|
|
3
3
|
import { DevWabeTypes } from "src/utils/helper";
|
|
4
|
-
type RateLimitScope = "signIn" | "signUp" | "verifyChallenge";
|
|
4
|
+
type RateLimitScope = "signIn" | "signUp" | "verifyChallenge" | "sendOtpCode" | "resetPassword";
|
|
5
5
|
export declare const isRateLimited: <T extends WabeTypes>(context: WabeContext<T>, scope: RateLimitScope, key: string) => boolean;
|
|
6
6
|
export declare const registerRateLimitFailure: unknown;
|
|
7
7
|
export declare const clearRateLimit: unknown;
|
|
@@ -14,5 +14,4 @@ export declare const consumeMfaChallenge: (context: WabeContext<DevWabeTypes>, {
|
|
|
14
14
|
userId: string;
|
|
15
15
|
provider: string;
|
|
16
16
|
}) => Promise<boolean>;
|
|
17
|
-
export declare const shouldRequireMfaChallenge: unknown;
|
|
18
17
|
export {};
|
|
@@ -68,7 +68,18 @@ export declare class DatabaseController<T extends WabeTypes> {
|
|
|
68
68
|
selectWithoutPointers: Select;
|
|
69
69
|
};
|
|
70
70
|
_isFieldOfType(originClassName: string, pointerField: string, expectedType: "Pointer" | "Relation", context: WabeContext<T>, currentClassName?: string): boolean;
|
|
71
|
-
|
|
71
|
+
_extractPointerId(pointerValue: unknown): string | undefined;
|
|
72
|
+
_extractRelationIds(relationValue: unknown): string[];
|
|
73
|
+
_getWhereObjectWithPointerOrRelation<U extends keyof T["types"]>(className: U, where: WhereType<T, U>, context: WabeContext<T>, depth?: number);
|
|
74
|
+
/**
|
|
75
|
+
* Adds ACL-based conditions to the where clause.
|
|
76
|
+
*
|
|
77
|
+
* IMPORTANT: Objects with `acl == null` are accessible to ANY authenticated
|
|
78
|
+
* user. If you only use class-level permissions (CLP) without setting
|
|
79
|
+
* per-object ACLs, any user with the required role can read/update/delete
|
|
80
|
+
* any row. To restrict access to the owner, set `acl` on each object at
|
|
81
|
+
* creation time via hooks or custom logic.
|
|
82
|
+
*/
|
|
72
83
|
_buildWhereWithACL<K extends keyof T["types"]>(where: WhereType<T, K>, context: WabeContext<T>, operation: "write" | "read"): WhereType<T, K>;
|
|
73
84
|
/**
|
|
74
85
|
* Private helper to load a single object for hooks (skips hooks to avoid recursion)
|
|
@@ -138,7 +149,7 @@ export declare class DatabaseController<T extends WabeTypes> {
|
|
|
138
149
|
K extends keyof T["types"],
|
|
139
150
|
U extends keyof T["types"][K],
|
|
140
151
|
W extends keyof T["types"][K]
|
|
141
|
-
>({ className, select, context, where, _skipHooks, first, offset, order }: GetObjectsOptions<T, K, U, W>): Promise<OutputType<T, K, W>[]>;
|
|
152
|
+
>({ className, select, context, where, _skipHooks, first, offset, order, _whereRecursionDepth }: GetObjectsOptions<T, K, U, W>): Promise<OutputType<T, K, W>[]>;
|
|
142
153
|
createObject<
|
|
143
154
|
K extends keyof T["types"],
|
|
144
155
|
U extends keyof T["types"][K],
|
|
@@ -118,6 +118,8 @@ export interface GetObjectsOptions<
|
|
|
118
118
|
context: WabeContext<T>;
|
|
119
119
|
_skipHooks?: boolean;
|
|
120
120
|
select?: SelectType<T, K, W>;
|
|
121
|
+
/** @internal For security: limits recursion depth of where with Pointer/Relation */
|
|
122
|
+
_whereRecursionDepth?: number;
|
|
121
123
|
}
|
|
122
124
|
export interface CreateObjectOptions<
|
|
123
125
|
T extends WabeTypes,
|
|
@@ -2,6 +2,7 @@ import type { FileAdapter, ReadFileOptions } from ".";
|
|
|
2
2
|
export declare class FileDevAdapter implements FileAdapter {
|
|
3
3
|
private basePath;
|
|
4
4
|
private rootPath;
|
|
5
|
+
private getSafeFilePath;
|
|
5
6
|
uploadFile(file: File): Promise<void>;
|
|
6
7
|
readFile(fileName: string, options?: ReadFileOptions): Promise<string | null>;
|
|
7
8
|
deleteFile(fileName: string): Promise<void>;
|
|
@@ -4,6 +4,12 @@ type Unlink = boolean;
|
|
|
4
4
|
type Add = Array<string>;
|
|
5
5
|
type Remove = Array<string>;
|
|
6
6
|
type CreateAndAdd = Array<any>;
|
|
7
|
+
export type PointerObject = {
|
|
8
|
+
class: string;
|
|
9
|
+
id: string;
|
|
10
|
+
type: "Pointer";
|
|
11
|
+
};
|
|
12
|
+
export declare const getPointerId: (value: unknown) => string | undefined;
|
|
7
13
|
export type TypeOfExecution = "create" | "update" | "updateMany";
|
|
8
14
|
export type InputFields = Record<string, {
|
|
9
15
|
createAndLink?: CreateAndLink;
|