@absolutejs/auth 0.25.1 → 0.26.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/dist/audit/config.d.ts +8 -0
  2. package/dist/audit/inMemoryAuditStore.d.ts +2 -0
  3. package/dist/audit/postgresAuditStore.d.ts +142 -0
  4. package/dist/audit/types.d.ts +18 -0
  5. package/dist/audit/wrap.d.ts +9 -0
  6. package/dist/credentials/config.d.ts +61 -0
  7. package/dist/credentials/emailVerification.d.ts +83 -0
  8. package/dist/credentials/inMemoryCredentialStore.d.ts +2 -0
  9. package/dist/credentials/login.d.ts +75 -0
  10. package/dist/credentials/passwordPolicy.d.ts +14 -0
  11. package/dist/credentials/passwordReset.d.ts +87 -0
  12. package/dist/credentials/postgresCredentialStore.d.ts +279 -0
  13. package/dist/credentials/register.d.ts +54 -0
  14. package/dist/credentials/routes.d.ts +200 -0
  15. package/dist/credentials/types.d.ts +26 -0
  16. package/dist/crypto.d.ts +32 -0
  17. package/dist/{ui → htmx}/index.js +2 -2
  18. package/dist/{ui → htmx}/index.js.map +2 -2
  19. package/dist/{htmxRoutes.d.ts → htmx/routes.d.ts} +4 -4
  20. package/dist/index.d.ts +427 -27
  21. package/dist/index.js +3314 -1932
  22. package/dist/index.js.map +60 -27
  23. package/dist/{neonLinkedProviders.d.ts → linkedProviders/neonStores.d.ts} +619 -613
  24. package/dist/{oauthLinkedProviderResolver.d.ts → linkedProviders/oauthResolver.d.ts} +1 -1
  25. package/dist/lockout/config.d.ts +17 -0
  26. package/dist/lockout/inMemoryLockoutStore.d.ts +2 -0
  27. package/dist/lockout/postgresLockoutStore.d.ts +81 -0
  28. package/dist/lockout/types.d.ts +12 -0
  29. package/dist/mfa/backupCodes.d.ts +5 -0
  30. package/dist/mfa/challenge.d.ts +65 -0
  31. package/dist/mfa/config.d.ts +32 -0
  32. package/dist/mfa/gate.d.ts +2 -0
  33. package/dist/mfa/inMemoryMfaStore.d.ts +2 -0
  34. package/dist/mfa/postgresMfaStore.d.ts +134 -0
  35. package/dist/mfa/routes.d.ts +117 -0
  36. package/dist/mfa/secret.d.ts +2 -0
  37. package/dist/mfa/totp.d.ts +91 -0
  38. package/dist/mfa/types.d.ts +16 -0
  39. package/dist/{providerClients.d.ts → providers/clients.d.ts} +35 -19
  40. package/dist/{authorize.d.ts → routes/authorize.d.ts} +5 -5
  41. package/dist/{callback.d.ts → routes/callback.d.ts} +4 -4
  42. package/dist/{profile.d.ts → routes/profile.d.ts} +5 -5
  43. package/dist/{protectRoute.d.ts → routes/protectRoute.d.ts} +5 -5
  44. package/dist/{refresh.d.ts → routes/refresh.d.ts} +5 -5
  45. package/dist/{revoke.d.ts → routes/revoke.d.ts} +6 -6
  46. package/dist/routes/sessions.d.ts +103 -0
  47. package/dist/{signout.d.ts → routes/signout.d.ts} +4 -4
  48. package/dist/routes/stepUp.d.ts +48 -0
  49. package/dist/{userStatus.d.ts → routes/userStatus.d.ts} +4 -4
  50. package/dist/{sessionAccess.d.ts → session/access.d.ts} +12 -12
  51. package/dist/{sessionCleanup.d.ts → session/cleanup.d.ts} +2 -2
  52. package/dist/{authSessionStores.d.ts → session/inMemoryStore.d.ts} +2 -2
  53. package/dist/{neonAuthSessionStore.d.ts → session/neonStore.d.ts} +209 -175
  54. package/dist/session/promote.d.ts +13 -0
  55. package/dist/session/sessionsConfig.d.ts +9 -0
  56. package/dist/{sessionStore.d.ts → session/state.d.ts} +1 -1
  57. package/dist/{sessionTypes.d.ts → session/types.d.ts} +1 -1
  58. package/dist/session/userSessions.d.ts +16 -0
  59. package/dist/stores/postgres.d.ts +5 -0
  60. package/dist/tenancy.d.ts +9 -0
  61. package/dist/typeGuards.d.ts +2 -2
  62. package/dist/typebox.d.ts +3 -3
  63. package/dist/types.d.ts +33 -3
  64. package/dist/utils.d.ts +9 -9
  65. package/package.json +19 -16
  66. /package/dist/{ui → htmx}/index.d.ts +0 -0
  67. /package/dist/{ui → htmx}/renderers.d.ts +0 -0
  68. /package/dist/{ui → htmx}/types.d.ts +0 -0
  69. /package/dist/{linkedProviderStores.d.ts → linkedProviders/inMemoryStores.d.ts} +0 -0
  70. /package/dist/{linkedProviderResolver.d.ts → linkedProviders/resolver.d.ts} +0 -0
package/dist/{oauthLinkedProviderResolver.d.ts → linkedProviders/oauthResolver.d.ts} RENAMED
@@ -1,5 +1,5 @@
1
1
  import type { LinkedProviderBindingStore, LinkedProviderGrantStore } from '@absolutejs/linked-providers';
2
- import type { OAuth2ConfigurationOptions } from './types';
2
+ import type { OAuth2ConfigurationOptions } from '../types';
3
3
  export type CreateOAuthLinkedProviderCredentialResolverOptions = {
4
4
  grantStore: LinkedProviderGrantStore;
5
5
  bindingStore: LinkedProviderBindingStore;
package/dist/lockout/config.d.ts ADDED
@@ -0,0 +1,17 @@
1
+ import type { LockoutStore } from './types';
2
+ export type LockoutConfig = {
3
+ lockoutStore: LockoutStore;
4
+ lockoutMs?: number;
5
+ maxAttempts?: number;
6
+ windowMs?: number;
7
+ };
8
+ export type LockoutState = {
9
+ locked: boolean;
10
+ retryAfterMs?: number;
11
+ };
12
+ export type LockoutGuard = {
13
+ check: (key: string) => Promise<LockoutState>;
14
+ recordFailure: (key: string) => Promise<void>;
15
+ recordSuccess: (key: string) => Promise<void>;
16
+ };
17
+ export declare const createLockoutGuard: ({ lockoutMs, lockoutStore, maxAttempts, windowMs }: LockoutConfig) => LockoutGuard;
package/dist/lockout/inMemoryLockoutStore.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { LockoutStore } from './types';
2
+ export declare const createInMemoryLockoutStore: () => LockoutStore;
package/dist/lockout/postgresLockoutStore.d.ts ADDED
@@ -0,0 +1,81 @@
1
+ import { type AnyPgDatabase } from '../stores/postgres';
2
+ import type { LockoutStore } from './types';
3
+ export declare const lockoutsTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
4
+ name: "auth_lockouts";
5
+ schema: undefined;
6
+ columns: {
7
+ failed_attempts: import("drizzle-orm/pg-core").PgColumn<{
8
+ name: "failed_attempts";
9
+ tableName: "auth_lockouts";
10
+ dataType: "number";
11
+ columnType: "PgInteger";
12
+ data: number;
13
+ driverParam: string | number;
14
+ notNull: true;
15
+ hasDefault: true;
16
+ isPrimaryKey: false;
17
+ isAutoincrement: false;
18
+ hasRuntimeDefault: false;
19
+ enumValues: undefined;
20
+ baseColumn: never;
21
+ identity: undefined;
22
+ generated: undefined;
23
+ }, {}, {}>;
24
+ key: import("drizzle-orm/pg-core").PgColumn<{
25
+ name: "key";
26
+ tableName: "auth_lockouts";
27
+ dataType: "string";
28
+ columnType: "PgVarchar";
29
+ data: string;
30
+ driverParam: string;
31
+ notNull: true;
32
+ hasDefault: false;
33
+ isPrimaryKey: true;
34
+ isAutoincrement: false;
35
+ hasRuntimeDefault: false;
36
+ enumValues: [string, ...string[]];
37
+ baseColumn: never;
38
+ identity: undefined;
39
+ generated: undefined;
40
+ }, {}, {
41
+ length: 320;
42
+ }>;
43
+ locked_until_ms: import("drizzle-orm/pg-core").PgColumn<{
44
+ name: "locked_until_ms";
45
+ tableName: "auth_lockouts";
46
+ dataType: "number";
47
+ columnType: "PgBigInt53";
48
+ data: number;
49
+ driverParam: string | number;
50
+ notNull: false;
51
+ hasDefault: false;
52
+ isPrimaryKey: false;
53
+ isAutoincrement: false;
54
+ hasRuntimeDefault: false;
55
+ enumValues: undefined;
56
+ baseColumn: never;
57
+ identity: undefined;
58
+ generated: undefined;
59
+ }, {}, {}>;
60
+ window_started_at_ms: import("drizzle-orm/pg-core").PgColumn<{
61
+ name: "window_started_at_ms";
62
+ tableName: "auth_lockouts";
63
+ dataType: "number";
64
+ columnType: "PgBigInt53";
65
+ data: number;
66
+ driverParam: string | number;
67
+ notNull: true;
68
+ hasDefault: false;
69
+ isPrimaryKey: false;
70
+ isAutoincrement: false;
71
+ hasRuntimeDefault: false;
72
+ enumValues: undefined;
73
+ baseColumn: never;
74
+ identity: undefined;
75
+ generated: undefined;
76
+ }, {}, {}>;
77
+ };
78
+ dialect: "pg";
79
+ }>;
80
+ export declare const createNeonLockoutStore: (databaseUrl: string) => LockoutStore;
81
+ export declare const createPostgresLockoutStore: (db: AnyPgDatabase) => LockoutStore;
package/dist/lockout/types.d.ts ADDED
@@ -0,0 +1,12 @@
1
+ export type LockoutRecord = {
2
+ failedAttempts: number;
3
+ key: string;
4
+ lockedUntil?: number;
5
+ windowStartedAt: number;
6
+ };
7
+ export type LockoutStore = {
8
+ get: (key: string) => Promise<LockoutRecord | undefined>;
9
+ increment: (key: string, windowMs: number) => Promise<LockoutRecord>;
10
+ lock: (key: string, lockedUntil: number) => Promise<void>;
11
+ reset: (key: string) => Promise<void>;
12
+ };
package/dist/mfa/backupCodes.d.ts ADDED
@@ -0,0 +1,5 @@
1
+ export declare const consumeBackupCode: (code: string, hashes: string[]) => Promise<string[] | undefined>;
2
+ export declare const generateBackupCodes: (count: number) => Promise<{
3
+ codes: string[];
4
+ hashes: string[];
5
+ }>;
package/dist/mfa/challenge.d.ts ADDED
@@ -0,0 +1,65 @@
1
+ import { Elysia } from 'elysia';
2
+ import { type MfaRouteProps } from './config';
3
+ export declare const mfaChallenge: <UserType>({ authSessionStore, challengeRoute, encryptionKey, getChallengeUser, getUserId, mfaStore, onMfaChallengeError, onMfaChallengeSuccess, sessionDurationMs }: MfaRouteProps<UserType>) => Elysia<"", {
4
+ decorator: {};
5
+ store: {
6
+ session: import("..").SessionRecord<UserType>;
7
+ unregisteredSession: import("..").UnregisteredSessionRecord;
8
+ };
9
+ derive: {};
10
+ resolve: {};
11
+ }, {
12
+ typebox: {};
13
+ error: {};
14
+ }, {
15
+ schema: {};
16
+ standaloneSchema: {};
17
+ macro: {};
18
+ macroFn: {};
19
+ parser: {};
20
+ response: {};
21
+ }, {
22
+ [x: string]: {
23
+ post: {
24
+ body: {
25
+ code: string;
26
+ };
27
+ params: {};
28
+ query: unknown;
29
+ headers: unknown;
30
+ response: {
31
+ 200: {
32
+ readonly status: "authenticated";
33
+ };
34
+ 401: "No MFA challenge in progress" | "Invalid MFA code";
35
+ 422: {
36
+ type: "validation";
37
+ on: string;
38
+ summary?: string;
39
+ message?: string;
40
+ found?: unknown;
41
+ property?: string;
42
+ expected?: string;
43
+ };
44
+ };
45
+ };
46
+ };
47
+ }, {
48
+ derive: {};
49
+ resolve: {};
50
+ schema: {};
51
+ standaloneSchema: {};
52
+ response: {};
53
+ }, {
54
+ derive: {};
55
+ resolve: {};
56
+ schema: {};
57
+ standaloneSchema: {};
58
+ response: {};
59
+ } & {
60
+ derive: {};
61
+ resolve: {};
62
+ schema: {};
63
+ standaloneSchema: {};
64
+ response: {};
65
+ }>;
package/dist/mfa/config.d.ts ADDED
@@ -0,0 +1,32 @@
1
+ import type { AuthSessionStore } from '../session/types';
2
+ import type { RouteString, UserSessionId } from '../types';
3
+ import type { MFAStore } from './types';
4
+ export declare const DEFAULT_BACKUP_CODE_COUNT = 10;
5
+ export declare const DEFAULT_MFA_ISSUER = "AbsoluteAuth";
6
+ export declare const DEFAULT_MFA_SESSION_TTL_MS: number;
7
+ export type MfaConfig<UserType> = {
8
+ mfaStore: MFAStore;
9
+ getUserId: (user: UserType) => string;
10
+ getChallengeUser: (userIdentity: Record<string, unknown>) => Promise<UserType | null | undefined> | UserType | null | undefined;
11
+ backupCodeCount?: number;
12
+ challengeRoute?: RouteString;
13
+ encryptionKey?: string;
14
+ issuer?: string;
15
+ onMfaChallengeError?: (context: {
16
+ error: unknown;
17
+ userId?: string;
18
+ }) => void | Promise<void>;
19
+ onMfaChallengeSuccess?: (context: {
20
+ user: UserType;
21
+ userSessionId: UserSessionId;
22
+ }) => void | Promise<void>;
23
+ onMfaEnrolled?: (context: {
24
+ userId: string;
25
+ }) => void | Promise<void>;
26
+ sessionDurationMs?: number;
27
+ totpSetupRoute?: RouteString;
28
+ totpVerifyRoute?: RouteString;
29
+ };
30
+ export type MfaRouteProps<UserType> = MfaConfig<UserType> & {
31
+ authSessionStore?: AuthSessionStore<UserType>;
32
+ };
package/dist/mfa/gate.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { MfaConfig } from './config';
2
+ export declare const createMfaGate: <UserType>({ getUserId, mfaStore }: MfaConfig<UserType>) => (user: UserType) => Promise<boolean>;
package/dist/mfa/inMemoryMfaStore.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { MFAStore } from './types';
2
+ export declare const createInMemoryMfaStore: () => MFAStore;
package/dist/mfa/postgresMfaStore.d.ts ADDED
@@ -0,0 +1,134 @@
1
+ import { type AnyPgDatabase } from '../stores/postgres';
2
+ import type { MFAStore } from './types';
3
+ export declare const mfaEnrollmentsTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
4
+ name: "auth_mfa_enrollments";
5
+ schema: undefined;
6
+ columns: {
7
+ backup_code_hashes: import("drizzle-orm/pg-core").PgColumn<{
8
+ name: "backup_code_hashes";
9
+ tableName: "auth_mfa_enrollments";
10
+ dataType: "json";
11
+ columnType: "PgJsonb";
12
+ data: string[];
13
+ driverParam: unknown;
14
+ notNull: true;
15
+ hasDefault: true;
16
+ isPrimaryKey: false;
17
+ isAutoincrement: false;
18
+ hasRuntimeDefault: false;
19
+ enumValues: undefined;
20
+ baseColumn: never;
21
+ identity: undefined;
22
+ generated: undefined;
23
+ }, {}, {
24
+ $type: string[];
25
+ }>;
26
+ created_at_ms: import("drizzle-orm/pg-core").PgColumn<{
27
+ name: "created_at_ms";
28
+ tableName: "auth_mfa_enrollments";
29
+ dataType: "number";
30
+ columnType: "PgBigInt53";
31
+ data: number;
32
+ driverParam: string | number;
33
+ notNull: true;
34
+ hasDefault: false;
35
+ isPrimaryKey: false;
36
+ isAutoincrement: false;
37
+ hasRuntimeDefault: false;
38
+ enumValues: undefined;
39
+ baseColumn: never;
40
+ identity: undefined;
41
+ generated: undefined;
42
+ }, {}, {}>;
43
+ last_used_at_ms: import("drizzle-orm/pg-core").PgColumn<{
44
+ name: "last_used_at_ms";
45
+ tableName: "auth_mfa_enrollments";
46
+ dataType: "number";
47
+ columnType: "PgBigInt53";
48
+ data: number;
49
+ driverParam: string | number;
50
+ notNull: false;
51
+ hasDefault: false;
52
+ isPrimaryKey: false;
53
+ isAutoincrement: false;
54
+ hasRuntimeDefault: false;
55
+ enumValues: undefined;
56
+ baseColumn: never;
57
+ identity: undefined;
58
+ generated: undefined;
59
+ }, {}, {}>;
60
+ totp_secret_ciphertext: import("drizzle-orm/pg-core").PgColumn<{
61
+ name: "totp_secret_ciphertext";
62
+ tableName: "auth_mfa_enrollments";
63
+ dataType: "string";
64
+ columnType: "PgText";
65
+ data: string;
66
+ driverParam: string;
67
+ notNull: false;
68
+ hasDefault: false;
69
+ isPrimaryKey: false;
70
+ isAutoincrement: false;
71
+ hasRuntimeDefault: false;
72
+ enumValues: [string, ...string[]];
73
+ baseColumn: never;
74
+ identity: undefined;
75
+ generated: undefined;
76
+ }, {}, {}>;
77
+ totp_verified: import("drizzle-orm/pg-core").PgColumn<{
78
+ name: "totp_verified";
79
+ tableName: "auth_mfa_enrollments";
80
+ dataType: "boolean";
81
+ columnType: "PgBoolean";
82
+ data: boolean;
83
+ driverParam: boolean;
84
+ notNull: true;
85
+ hasDefault: true;
86
+ isPrimaryKey: false;
87
+ isAutoincrement: false;
88
+ hasRuntimeDefault: false;
89
+ enumValues: undefined;
90
+ baseColumn: never;
91
+ identity: undefined;
92
+ generated: undefined;
93
+ }, {}, {}>;
94
+ updated_at_ms: import("drizzle-orm/pg-core").PgColumn<{
95
+ name: "updated_at_ms";
96
+ tableName: "auth_mfa_enrollments";
97
+ dataType: "number";
98
+ columnType: "PgBigInt53";
99
+ data: number;
100
+ driverParam: string | number;
101
+ notNull: true;
102
+ hasDefault: false;
103
+ isPrimaryKey: false;
104
+ isAutoincrement: false;
105
+ hasRuntimeDefault: false;
106
+ enumValues: undefined;
107
+ baseColumn: never;
108
+ identity: undefined;
109
+ generated: undefined;
110
+ }, {}, {}>;
111
+ user_id: import("drizzle-orm/pg-core").PgColumn<{
112
+ name: "user_id";
113
+ tableName: "auth_mfa_enrollments";
114
+ dataType: "string";
115
+ columnType: "PgVarchar";
116
+ data: string;
117
+ driverParam: string;
118
+ notNull: true;
119
+ hasDefault: false;
120
+ isPrimaryKey: true;
121
+ isAutoincrement: false;
122
+ hasRuntimeDefault: false;
123
+ enumValues: [string, ...string[]];
124
+ baseColumn: never;
125
+ identity: undefined;
126
+ generated: undefined;
127
+ }, {}, {
128
+ length: 255;
129
+ }>;
130
+ };
131
+ dialect: "pg";
132
+ }>;
133
+ export declare const createNeonMfaStore: (databaseUrl: string) => MFAStore;
134
+ export declare const createPostgresMfaStore: (db: AnyPgDatabase) => MFAStore;
package/dist/mfa/routes.d.ts ADDED
@@ -0,0 +1,117 @@
1
+ import { Elysia } from 'elysia';
2
+ import type { MfaRouteProps } from './config';
3
+ export declare const mfaRoutes: <UserType>(config: MfaRouteProps<UserType>) => Elysia<"", {
4
+ decorator: {};
5
+ store: {
6
+ session: import("..").SessionRecord<UserType>;
7
+ unregisteredSession: import("..").UnregisteredSessionRecord;
8
+ };
9
+ derive: {};
10
+ resolve: {};
11
+ }, {
12
+ typebox: {};
13
+ error: {};
14
+ }, {
15
+ schema: {};
16
+ standaloneSchema: {};
17
+ macro: {};
18
+ macroFn: {};
19
+ parser: {};
20
+ response: {};
21
+ }, {
22
+ [x: string]: {
23
+ post: {
24
+ body: unknown;
25
+ params: {};
26
+ query: unknown;
27
+ headers: unknown;
28
+ response: {
29
+ 200: {
30
+ readonly secret: string;
31
+ readonly uri: string;
32
+ };
33
+ 401: "Authentication required";
34
+ 422: {
35
+ type: "validation";
36
+ on: string;
37
+ summary?: string;
38
+ message?: string;
39
+ found?: unknown;
40
+ property?: string;
41
+ expected?: string;
42
+ };
43
+ };
44
+ };
45
+ };
46
+ } & {
47
+ [x: string]: {
48
+ post: {
49
+ body: {
50
+ code: string;
51
+ };
52
+ params: {};
53
+ query: unknown;
54
+ headers: unknown;
55
+ response: {
56
+ 200: {
57
+ readonly backupCodes: string[];
58
+ };
59
+ 400: "No TOTP enrollment in progress" | "Invalid TOTP code";
60
+ 401: "Authentication required";
61
+ 422: {
62
+ type: "validation";
63
+ on: string;
64
+ summary?: string;
65
+ message?: string;
66
+ found?: unknown;
67
+ property?: string;
68
+ expected?: string;
69
+ };
70
+ };
71
+ };
72
+ };
73
+ } & {
74
+ [x: string]: {
75
+ post: {
76
+ body: {
77
+ code: string;
78
+ };
79
+ params: {};
80
+ query: unknown;
81
+ headers: unknown;
82
+ response: {
83
+ 200: {
84
+ readonly status: "authenticated";
85
+ };
86
+ 401: "No MFA challenge in progress" | "Invalid MFA code";
87
+ 422: {
88
+ type: "validation";
89
+ on: string;
90
+ summary?: string;
91
+ message?: string;
92
+ found?: unknown;
93
+ property?: string;
94
+ expected?: string;
95
+ };
96
+ };
97
+ };
98
+ };
99
+ }, {
100
+ derive: {};
101
+ resolve: {};
102
+ schema: {};
103
+ standaloneSchema: {};
104
+ response: {};
105
+ }, {
106
+ derive: {};
107
+ resolve: {};
108
+ schema: {};
109
+ standaloneSchema: {};
110
+ response: {};
111
+ } & {
112
+ derive: {};
113
+ resolve: {};
114
+ schema: {};
115
+ standaloneSchema: {};
116
+ response: {};
117
+ }>;
package/dist/mfa/secret.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export declare const decryptTotpSecret: (ciphertext: string, encryptionKey?: string) => Promise<string>;
2
+ export declare const encryptTotpSecret: (secret: string, encryptionKey?: string) => Promise<string>;
package/dist/mfa/totp.d.ts ADDED
@@ -0,0 +1,91 @@
1
+ import { Elysia } from 'elysia';
2
+ import { type MfaRouteProps } from './config';
3
+ export declare const mfaTotpRoutes: <UserType>({ authSessionStore, backupCodeCount, encryptionKey, getUserId, issuer, mfaStore, onMfaEnrolled, totpSetupRoute, totpVerifyRoute }: MfaRouteProps<UserType>) => Elysia<"", {
4
+ decorator: {};
5
+ store: {
6
+ session: import("..").SessionRecord<UserType>;
7
+ unregisteredSession: import("..").UnregisteredSessionRecord;
8
+ };
9
+ derive: {};
10
+ resolve: {};
11
+ }, {
12
+ typebox: {};
13
+ error: {};
14
+ }, {
15
+ schema: {};
16
+ standaloneSchema: {};
17
+ macro: {};
18
+ macroFn: {};
19
+ parser: {};
20
+ response: {};
21
+ }, {
22
+ [x: string]: {
23
+ post: {
24
+ body: unknown;
25
+ params: {};
26
+ query: unknown;
27
+ headers: unknown;
28
+ response: {
29
+ 200: {
30
+ readonly secret: string;
31
+ readonly uri: string;
32
+ };
33
+ 401: "Authentication required";
34
+ 422: {
35
+ type: "validation";
36
+ on: string;
37
+ summary?: string;
38
+ message?: string;
39
+ found?: unknown;
40
+ property?: string;
41
+ expected?: string;
42
+ };
43
+ };
44
+ };
45
+ };
46
+ } & {
47
+ [x: string]: {
48
+ post: {
49
+ body: {
50
+ code: string;
51
+ };
52
+ params: {};
53
+ query: unknown;
54
+ headers: unknown;
55
+ response: {
56
+ 200: {
57
+ readonly backupCodes: string[];
58
+ };
59
+ 400: "No TOTP enrollment in progress" | "Invalid TOTP code";
60
+ 401: "Authentication required";
61
+ 422: {
62
+ type: "validation";
63
+ on: string;
64
+ summary?: string;
65
+ message?: string;
66
+ found?: unknown;
67
+ property?: string;
68
+ expected?: string;
69
+ };
70
+ };
71
+ };
72
+ };
73
+ }, {
74
+ derive: {};
75
+ resolve: {};
76
+ schema: {};
77
+ standaloneSchema: {};
78
+ response: {};
79
+ }, {
80
+ derive: {};
81
+ resolve: {};
82
+ schema: {};
83
+ standaloneSchema: {};
84
+ response: {};
85
+ } & {
86
+ derive: {};
87
+ resolve: {};
88
+ schema: {};
89
+ standaloneSchema: {};
90
+ response: {};
91
+ }>;
package/dist/mfa/types.d.ts ADDED
@@ -0,0 +1,16 @@
1
+ export type MfaFactorType = 'backup_codes' | 'totp';
2
+ export type MfaEnrollment = {
3
+ backupCodeHashes: string[];
4
+ createdAt: number;
5
+ lastUsedAt?: number;
6
+ totpSecretCiphertext?: string;
7
+ totpVerified: boolean;
8
+ updatedAt: number;
9
+ userId: string;
10
+ };
11
+ export type MFAStore = {
12
+ getEnrollment: (userId: string) => Promise<MfaEnrollment | undefined>;
13
+ removeEnrollment: (userId: string) => Promise<void>;
14
+ saveEnrollment: (enrollment: MfaEnrollment) => Promise<void>;
15
+ };
16
+ export declare const isMfaEnrolled: (enrollment: MfaEnrollment | undefined) => boolean;
package/dist/{providerClients.d.ts → providers/clients.d.ts} RENAMED
@@ -1,24 +1,23 @@
1
1
  import { CredentialsFor, OAuth2Client, ProviderOption } from 'citra';
2
- import { OAuth2ConfigurationOptions, OAuth2ProviderClientConfiguration, ClientProviderEntry, ClientProviderGroup } from './types';
3
- export declare const normalizeProvidersConfiguration: (providersConfiguration: OAuth2ConfigurationOptions) => Record<ProviderOption, Record<string, OAuth2ProviderClientConfiguration<ProviderOption>>>;
4
- export declare const resolveProviderClientConfiguration: ({ clientName, providerName, providersConfiguration }: {
5
- providerName: ProviderOption;
6
- clientName?: string;
7
- providersConfiguration: OAuth2ConfigurationOptions;
8
- }) => {
9
- error: "Client provider not found";
10
- config?: undefined;
11
- } | {
12
- config: OAuth2ProviderClientConfiguration<"42" | "amazoncognito" | "anilist" | "apple" | "atlassian" | "auth0" | "authentik" | "autodesk" | "battlenet" | "bitbucket" | "box" | "bungie" | "coinbase" | "discord" | "donationalerts" | "dribbble" | "dropbox" | "epicgames" | "etsy" | "facebook" | "figma" | "gitea" | "github" | "gitlab" | "google" | "intuit" | "kakao" | "keycloak" | "kick" | "lichess" | "line" | "linear" | "linkedin" | "mastodon" | "mercadolibre" | "mercadopago" | "microsoftentraid" | "myanimelist" | "naver" | "notion" | "okta" | "osu" | "patreon" | "polar" | "polaraccesslink" | "polarteampro" | "reddit" | "roblox" | "salesforce" | "shikimori" | "slack" | "spotify" | "startgg" | "strava" | "synology" | "tiktok" | "tiltify" | "tumblr" | "twitch" | "twitter" | "vk" | "withings" | "workos" | "yahoo" | "yandex" | "zoom"> | undefined;
13
- error?: undefined;
14
- } | {
15
- error: "Client variant is required";
16
- config?: undefined;
17
- } | {
18
- error: "Client variant not found";
19
- config?: undefined;
2
+ import { OAuth2ConfigurationOptions, OAuth2ProviderClientConfiguration, ClientProviderEntry, ClientProviderGroup } from '../types';
3
+ export declare const buildClientProviders: (providersConfiguration: OAuth2ConfigurationOptions, createOAuth2ClientFn: <P extends ProviderOption>(providerName: P, config: CredentialsFor<P>) => Promise<OAuth2Client<P>>) => Promise<{
4
+ [k: string]: {
5
+ entries: {
6
+ [k: string]: {
7
+ clientName: string | undefined;
8
+ providerInstance: import("citra").BaseOAuth2Client<"42" | "amazoncognito" | "anilist" | "apple" | "atlassian" | "auth0" | "authentik" | "autodesk" | "battlenet" | "bitbucket" | "box" | "bungie" | "coinbase" | "discord" | "donationalerts" | "dribbble" | "dropbox" | "epicgames" | "etsy" | "facebook" | "figma" | "gitea" | "github" | "gitlab" | "google" | "intuit" | "kakao" | "keycloak" | "kick" | "lichess" | "line" | "linear" | "linkedin" | "mastodon" | "mercadolibre" | "mercadopago" | "microsoftentraid" | "myanimelist" | "naver" | "notion" | "okta" | "osu" | "patreon" | "polar" | "polaraccesslink" | "polarteampro" | "reddit" | "roblox" | "salesforce" | "shikimori" | "slack" | "spotify" | "startgg" | "strava" | "synology" | "tiktok" | "tiltify" | "tumblr" | "twitch" | "twitter" | "vk" | "withings" | "workos" | "yahoo" | "yandex" | "zoom">;
9
+ scope: string[] | undefined;
10
+ searchParams: [string, string][] | undefined;
11
+ };
12
+ };
13
+ isSingleClient: boolean;
14
+ };
15
+ }>;
16
+ export declare const normalizeProvidersConfiguration: (providersConfiguration: OAuth2ConfigurationOptions) => {
17
+ [k: string]: {
18
+ [k: string]: OAuth2ProviderClientConfiguration<"42" | "amazoncognito" | "anilist" | "apple" | "atlassian" | "auth0" | "authentik" | "autodesk" | "battlenet" | "bitbucket" | "box" | "bungie" | "coinbase" | "discord" | "donationalerts" | "dribbble" | "dropbox" | "epicgames" | "etsy" | "facebook" | "figma" | "gitea" | "github" | "gitlab" | "google" | "intuit" | "kakao" | "keycloak" | "kick" | "lichess" | "line" | "linear" | "linkedin" | "mastodon" | "mercadolibre" | "mercadopago" | "microsoftentraid" | "myanimelist" | "naver" | "notion" | "okta" | "osu" | "patreon" | "polar" | "polaraccesslink" | "polarteampro" | "reddit" | "roblox" | "salesforce" | "shikimori" | "slack" | "spotify" | "startgg" | "strava" | "synology" | "tiktok" | "tiltify" | "tumblr" | "twitch" | "twitter" | "vk" | "withings" | "workos" | "yahoo" | "yandex" | "zoom">;
19
+ };
20
20
  };
21
- export declare const buildClientProviders: (providersConfiguration: OAuth2ConfigurationOptions, createOAuth2ClientFn: <P extends ProviderOption>(providerName: P, config: CredentialsFor<P>) => Promise<OAuth2Client<P>>) => Promise<Record<string, ClientProviderGroup>>;
22
21
  export declare const resolveClientProviderEntry: ({ clientName, clientProviders, providerName }: {
23
22
  providerName: string | undefined;
24
23
  clientName?: string;
@@ -39,3 +38,20 @@ export declare const resolveClientProviderEntry: ({ clientName, clientProviders,
39
38
  error: "Client variant not found";
40
39
  entry?: undefined;
41
40
  };
41
+ export declare const resolveProviderClientConfiguration: ({ clientName, providerName, providersConfiguration }: {
42
+ providerName: ProviderOption;
43
+ clientName?: string;
44
+ providersConfiguration: OAuth2ConfigurationOptions;
45
+ }) => {
46
+ error: "Client provider not found";
47
+ config?: undefined;
48
+ } | {
49
+ config: OAuth2ProviderClientConfiguration<"42" | "amazoncognito" | "anilist" | "apple" | "atlassian" | "auth0" | "authentik" | "autodesk" | "battlenet" | "bitbucket" | "box" | "bungie" | "coinbase" | "discord" | "donationalerts" | "dribbble" | "dropbox" | "epicgames" | "etsy" | "facebook" | "figma" | "gitea" | "github" | "gitlab" | "google" | "intuit" | "kakao" | "keycloak" | "kick" | "lichess" | "line" | "linear" | "linkedin" | "mastodon" | "mercadolibre" | "mercadopago" | "microsoftentraid" | "myanimelist" | "naver" | "notion" | "okta" | "osu" | "patreon" | "polar" | "polaraccesslink" | "polarteampro" | "reddit" | "roblox" | "salesforce" | "shikimori" | "slack" | "spotify" | "startgg" | "strava" | "synology" | "tiktok" | "tiltify" | "tumblr" | "twitch" | "twitter" | "vk" | "withings" | "workos" | "yahoo" | "yandex" | "zoom"> | undefined;
50
+ error?: undefined;
51
+ } | {
52
+ error: "Client variant is required";
53
+ config?: undefined;
54
+ } | {
55
+ error: "Client variant not found";
56
+ config?: undefined;
57
+ };