Lots of work on user person security. Also some general clean up. Wrapping up for the day.

src/lib/ae_core/ae_core_functions.ts

@@ -18,6 +18,16 @@ import {
     // handle_db_save_ae_obj_li__person
 } from "$lib/ae_core/core__person";
 
+import {
+    auth_ae_obj__username_password,
+    auth_ae_obj__user_id_user_auth_key,
+    // handle_load_ae_obj_id__user,
+    // handle_load_ae_obj_li__user,
+    // handle_create_ae_obj__user,
+    // handle_update_ae_obj__user,
+    // handle_db_save_ae_obj_li__user
+} from "$lib/ae_core/core__user";
+
 import {
     generate_qr_code,
 } from "$lib/ae_core/core__qr_code";
@@ -430,6 +440,8 @@ let export_obj = {
     handle_load_ae_obj_li__person: handle_load_ae_obj_li__person,
     handle_create_ae_obj__person: handle_create_ae_obj__person,
     handle_update_ae_obj__person: handle_update_ae_obj__person,
+    auth_ae_obj__username_password: auth_ae_obj__username_password,
+    auth_ae_obj__user_id_user_auth_key: auth_ae_obj__user_id_user_auth_key,
     handle_update_ae_obj_id_crud: handle_update_ae_obj_id_crud,
     handle_download_export__obj_type: handle_download_export__obj_type,
     generate_qr_code: generate_qr_code

src/lib/ae_core/core__person.ts

@@ -55,37 +55,46 @@ export async function handle_load_ae_obj_id__person(
 export async function handle_load_ae_obj_li__person(
         {
             api_cfg,
-            account_id,
+            for_obj_type = 'account',
+            for_obj_id,
+            enabled = 'enabled',
+            hidden = 'not_hidden',
+            limit = 99,
+            offset = 0,
+            order_by_li = {'start_datetime': 'DESC', 'name': 'ASC', 'updated_on': 'DESC', 'created_on': 'DESC'},
+            params_json = null,
             params={},
             try_cache=true,
             log_lvl=0
         }: {
             api_cfg: any,
-            account_id: string,
+            for_obj_type: string,
+            for_obj_id: string,
+            enabled?: string,
+            hidden?: string,
+            limit?: number,
+            offset?: number,
+            order_by_li?: key_val,
+            params_json?: null|key_val,
             params?: key_val,
             try_cache?: boolean,
             log_lvl?: number
         }
     ) {
-    console.log(`*** handle_load_ae_obj_li__person() *** account_id=${account_id}`);
-
-    let enabled: string = (params.qry__enabled ?? 'enabled'); // all, disabled, enabled
-    let hidden: string = (params.qry__hidden ?? 'not_hidden'); // all, hidden, not_hidden
-    let limit: number = (params.qry__limit ?? 99); // 99
-    let offset: number = (params.qry__offset ?? 0); // 0
-
-
-    let params_json: key_val = {};
+    console.log(`*** handle_load_ae_obj_li__person() *** for_obj_type=${for_obj_type} for_obj_id=${for_obj_id} enabled=${enabled} hidden=${hidden} limit=${limit} offset=${offset}`);
 
     // console.log('params_json:', params_json);
 
-    ae_promises.load__person_obj_li = await api.get_ae_obj_li_for_obj_id_crud({
+    ae_promises.load__person_obj_li = await api.get_ae_obj_li_for_obj_id_crud_v2({
         api_cfg: api_cfg,
         obj_type: 'person',
         for_obj_type: 'account',
-        for_obj_id: account_id,
-        use_alt_table: false, // NOTE: This will use the table_name_alt value instead of the table_name value in the API config.
-        use_alt_base: false, // NOTE: This will use the base_name_alt value instead of the base_name value
+        for_obj_id: for_obj_id,
+        use_alt_tbl: false,
+        use_alt_mdl: false,
+        use_alt_exp: false,
+        // use_alt_table: false, // NOTE: This will use the table_name_alt value instead of the table_name value in the API config.
+        // use_alt_base: false, // NOTE: This will use the base_name_alt value instead of the base_name value
         enabled: enabled,
         hidden: hidden,
         order_by_li: {'given_name': 'ASC', 'family_name': 'ASC', 'updated_on': 'DESC', 'created_on': 'DESC'},

src/lib/ae_core/core__user.ts

@@ -0,0 +1,136 @@
+import type { key_val } from '$lib/ae_stores';
+import { api } from '$lib/api';
+
+import { db_core } from "$lib/ae_core/db_core";
+
+let ae_promises: key_val = {};
+
+
+// Updated 2025-04-04
+export async function auth_ae_obj__username_password(
+        {
+            api_cfg,
+            account_id,
+            null_account_id = false,
+            username,
+            password,
+            params = {},
+            try_cache = true,
+            log_lvl = 1
+        }: {
+            api_cfg: any,
+            account_id: string,
+            null_account_id?: boolean,
+            username: string,
+            password: string,
+            params?: key_val,
+            try_cache?: boolean,
+            log_lvl?: number
+        }
+    ) {
+    if (log_lvl) {
+        console.log(`*** auth_ae_obj__username_password() *** account_id=${account_id} username=${username} password=${password}`);
+    }
+
+    let endpoint = '/user/authenticate';
+
+    if (null_account_id) {
+        params['null_account_id'] = true;
+    }
+    params['username'] = username; // Required
+    params['password'] = password; // Required
+    if (log_lvl > 1) {
+        console.log(`auth_ae_obj__username_password() - params:`, params);
+    }
+
+    ae_promises.auth__username_password = await api.get_object({
+        api_cfg: api_cfg,
+        endpoint: endpoint,
+        params: params,
+        // data: {},
+        log_lvl: log_lvl
+        })
+    .then(async function (user_obj_get_result) {
+        if (user_obj_get_result) {
+            // if (try_cache) {
+            //     // This is expecting a list
+            //     db_save_ae_obj_li__user({
+            //         obj_type: 'user',
+            //         obj_li: [user_obj_get_result],
+            //         log_lvl: log_lvl
+            //     });
+            // }
+            return user_obj_get_result;
+        } else {
+            console.log('No results returned.');
+            return null;
+        }
+    })
+    .catch(function (error) {
+        console.log('No results returned or failed.', error);
+    });
+
+
+
+    if (log_lvl) {
+        console.log('ae_promises.auth__username_password:', ae_promises.auth__username_password);
+    }
+    return ae_promises.auth__username_password;
+}
+
+
+// Updated 2025-04-04
+export async function auth_ae_obj__user_id_user_auth_key(
+        {
+            api_cfg,
+            account_id,
+            user_id,
+            user_auth_key,
+            params = {},
+            try_cache = true,
+            log_lvl = 1
+        }: {
+            api_cfg: any,
+            account_id: string,
+            user_id: string,
+            user_auth_key: string,
+            params?: key_val,
+            try_cache?: boolean,
+            log_lvl?: number
+        }
+    ) {
+    if (log_lvl) {
+        console.log(`*** auth_ae_obj__user_id_user_auth_key() *** account_id=${account_id} user_id=${user_id}`);
+    }
+
+    let endpoint = '/user/authenticate';
+
+    params['user_id'] = user_id; // Required
+    params['auth_key'] = user_auth_key; // Required
+    if (log_lvl > 1) {
+        console.log(`auth_ae_obj__user_id_user_auth_key() - params:`, params);
+    }
+
+    ae_promises.auth__user_id_user_key = await api.get_object({
+        api_cfg: api_cfg,
+        endpoint: endpoint,
+        params: params,
+        log_lvl: log_lvl
+        })
+    .then(async function (user_obj_get_result) {
+        if (user_obj_get_result) {
+            return user_obj_get_result;
+        } else {
+            console.log('No results returned.');
+            return null;
+        }
+    })
+    .catch(function (error) {
+        console.log('No results returned or failed.', error);
+    });
+
+    if (log_lvl) {
+        console.log('ae_promises.auth__user_id_user_key:', ae_promises.auth__user_id_user_key);
+    }
+    return ae_promises.auth__user_id_user_key;
+}