npm - @absolutejs/auth - Versions diffs - 0.27.0-beta.0 → 0.27.0-beta.2 - Mend

@absolutejs/auth 0.27.0-beta.0 → 0.27.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/dist/adaptive/config.d.ts +22 -0
package/dist/adaptive/inMemoryStores.d.ts +3 -0
package/dist/adaptive/postgresStores.d.ts +293 -0
package/dist/adaptive/types.d.ts +50 -0
package/dist/apikeys/config.d.ts +64 -0
package/dist/apikeys/inMemoryStores.d.ts +4 -0
package/dist/apikeys/postgresStores.d.ts +507 -0
package/dist/apikeys/routes.d.ts +83 -0
package/dist/apikeys/types.d.ts +53 -0
package/dist/index.d.ts +41 -4
package/dist/index.js +2143 -1372
package/dist/index.js.map +28 -20
package/dist/mfa/rotation.d.ts +17 -0
package/dist/mfa/types.d.ts +1 -0
package/dist/portal/routes.d.ts +1 -1
package/dist/types.d.ts +8 -0
package/package.json +1 -1

package/dist/adaptive/config.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { KnownDeviceStore, LoginHistoryStore, RiskAction, RiskAssessment, RiskContext, RiskSignal } from './types';
+export type AdaptiveConfig = {
+    historyLimit?: number;
+    knownDeviceStore: KnownDeviceStore;
+    loginHistoryStore: LoginHistoryStore;
+    maxTravelKmh?: number;
+    rules?: Partial<Record<RiskSignal, RiskAction>>;
+    velocityMaxAttempts?: number;
+    velocityWindowMs?: number;
+};
+export declare const assessRisk: (config: AdaptiveConfig, context: RiskContext) => Promise<RiskAssessment>;
+export declare const createRiskEngine: (config: AdaptiveConfig) => {
+    assessRisk: (context: RiskContext) => Promise<RiskAssessment>;
+    recordAttempt: (context: RiskContext & {
+        outcome: RiskAction;
+    }) => Promise<void>;
+    trustDevice: (userId: string, deviceId: string, label?: string) => Promise<void>;
+};
+export declare const recordLoginAttempt: (config: AdaptiveConfig, context: RiskContext & {
+    outcome: RiskAction;
+}) => Promise<void>;
+export declare const trustDevice: (config: AdaptiveConfig, userId: string, deviceId: string, label?: string) => Promise<void>;

package/dist/adaptive/inMemoryStores.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { KnownDeviceStore, LoginHistoryStore } from './types';
+export declare const createInMemoryKnownDeviceStore: () => KnownDeviceStore;
+export declare const createInMemoryLoginHistoryStore: () => LoginHistoryStore;

package/dist/adaptive/postgresStores.d.ts ADDED Viewed

@@ -0,0 +1,293 @@
+import { type AnyPgDatabase } from '../stores/postgres';
+import type { KnownDeviceStore, LoginHistoryStore } from './types';
+export declare const knownDevicesTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "auth_known_devices";
+    schema: undefined;
+    columns: {
+        device_id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "device_id";
+            tableName: "auth_known_devices";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        first_seen_at_ms: import("drizzle-orm/pg-core").PgColumn<{
+            name: "first_seen_at_ms";
+            tableName: "auth_known_devices";
+            dataType: "number";
+            columnType: "PgBigInt53";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        label: import("drizzle-orm/pg-core").PgColumn<{
+            name: "label";
+            tableName: "auth_known_devices";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        last_seen_at_ms: import("drizzle-orm/pg-core").PgColumn<{
+            name: "last_seen_at_ms";
+            tableName: "auth_known_devices";
+            dataType: "number";
+            columnType: "PgBigInt53";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        trusted: import("drizzle-orm/pg-core").PgColumn<{
+            name: "trusted";
+            tableName: "auth_known_devices";
+            dataType: "boolean";
+            columnType: "PgBoolean";
+            data: boolean;
+            driverParam: boolean;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        user_id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "user_id";
+            tableName: "auth_known_devices";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+    };
+    dialect: "pg";
+}>;
+export declare const loginHistoryTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "auth_login_history";
+    schema: undefined;
+    columns: {
+        attempt_id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "attempt_id";
+            tableName: "auth_login_history";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: true;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        country: import("drizzle-orm/pg-core").PgColumn<{
+            name: "country";
+            tableName: "auth_login_history";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        device_id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "device_id";
+            tableName: "auth_login_history";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        ip_address: import("drizzle-orm/pg-core").PgColumn<{
+            name: "ip_address";
+            tableName: "auth_login_history";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        latitude: import("drizzle-orm/pg-core").PgColumn<{
+            name: "latitude";
+            tableName: "auth_login_history";
+            dataType: "number";
+            columnType: "PgDoublePrecision";
+            data: number;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        longitude: import("drizzle-orm/pg-core").PgColumn<{
+            name: "longitude";
+            tableName: "auth_login_history";
+            dataType: "number";
+            columnType: "PgDoublePrecision";
+            data: number;
+            driverParam: string | number;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        outcome: import("drizzle-orm/pg-core").PgColumn<{
+            name: "outcome";
+            tableName: "auth_login_history";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+        timestamp_ms: import("drizzle-orm/pg-core").PgColumn<{
+            name: "timestamp_ms";
+            tableName: "auth_login_history";
+            dataType: "number";
+            columnType: "PgBigInt53";
+            data: number;
+            driverParam: string | number;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {}>;
+        user_id: import("drizzle-orm/pg-core").PgColumn<{
+            name: "user_id";
+            tableName: "auth_login_history";
+            dataType: "string";
+            columnType: "PgVarchar";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: [string, ...string[]];
+            baseColumn: never;
+            identity: undefined;
+            generated: undefined;
+        }, {}, {
+            length: 255;
+        }>;
+    };
+    dialect: "pg";
+}>;
+export declare const createNeonKnownDeviceStore: (databaseUrl: string) => KnownDeviceStore;
+export declare const createNeonLoginHistoryStore: (databaseUrl: string) => LoginHistoryStore;
+export declare const createPostgresKnownDeviceStore: (db: AnyPgDatabase) => KnownDeviceStore;
+export declare const createPostgresLoginHistoryStore: (db: AnyPgDatabase) => LoginHistoryStore;

package/dist/adaptive/types.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+export type RiskAction = 'allow' | 'deny' | 'step_up';
+export type RiskSignal = 'impossible_travel' | 'new_country' | 'new_device' | 'velocity';
+export type GeoPoint = {
+    country?: string;
+    latitude?: number;
+    longitude?: number;
+};
+export type RiskContext = {
+    deviceId: string;
+    geo?: GeoPoint;
+    ipAddress?: string;
+    now?: number;
+    userId: string;
+};
+export type RiskReason = {
+    action: RiskAction;
+    signal: RiskSignal;
+};
+export type RiskAssessment = {
+    action: RiskAction;
+    reasons: RiskReason[];
+};
+export type KnownDevice = {
+    deviceId: string;
+    firstSeenAt: number;
+    label?: string;
+    lastSeenAt: number;
+    trusted: boolean;
+    userId: string;
+};
+export type KnownDeviceStore = {
+    findDevice: (userId: string, deviceId: string) => Promise<KnownDevice | undefined>;
+    listDevices: (userId: string) => Promise<KnownDevice[]>;
+    saveDevice: (device: KnownDevice) => Promise<void>;
+};
+export type LoginAttempt = {
+    attemptId: string;
+    country?: string;
+    deviceId: string;
+    ipAddress?: string;
+    latitude?: number;
+    longitude?: number;
+    outcome: RiskAction;
+    timestamp: number;
+    userId: string;
+};
+export type LoginHistoryStore = {
+    listRecent: (userId: string, limit: number) => Promise<LoginAttempt[]>;
+    recordAttempt: (attempt: LoginAttempt) => Promise<void>;
+};

package/dist/apikeys/config.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+import type { RouteString } from '../types';
+import type { AccessTokenStore, ApiClient, ApiClientStore, ApiKey, ApiKeyStore, ApiPrincipal } from './types';
+export declare const DEFAULT_TOKEN_ROUTE: RouteString;
+export type ApiKeysConfig = {
+    /** Where minted access tokens live — required (with `apiClientStore`) for the
+     *  client_credentials grant to be mounted. */
+    accessTokenStore?: AccessTokenStore;
+    /** Lifetime of a minted access token (defaults to one hour). */
+    accessTokenTtlMs?: number;
+    /** Registered M2M clients — required (with `accessTokenStore`) for the
+     *  client_credentials grant. */
+    apiClientStore?: ApiClientStore;
+    /** Static API keys. Used by the exported `verifyApiKey` / `resolveApiPrincipal`
+     *  helpers; the consumer wires its own management + guard routes. */
+    apiKeyStore?: ApiKeyStore;
+    /** Path of the client_credentials token endpoint (defaults to `/oauth2/token`). */
+    tokenRoute?: RouteString;
+};
+export type ClientCredentialsResult = {
+    error: 'invalid_client' | 'invalid_scope';
+    ok: false;
+} | {
+    accessToken: string;
+    expiresIn: number;
+    ok: true;
+    scopes: string[];
+};
+export declare const createApiClient: (apiClientStore: ApiClientStore, options: {
+    name: string;
+    ownerId?: string;
+    scopes?: string[];
+}) => Promise<{
+    clientId: string;
+    clientSecret: string;
+    record: ApiClient;
+}>;
+export declare const createApiKey: (apiKeyStore: ApiKeyStore, options: {
+    expiresAt?: number;
+    name: string;
+    ownerId?: string;
+    scopes?: string[];
+}) => Promise<{
+    key: string;
+    record: ApiKey;
+}>;
+export declare const exchangeClientCredentials: ({ accessTokenStore, apiClientStore, clientId, clientSecret, now, requestedScopes, ttlMs }: {
+    accessTokenStore: AccessTokenStore;
+    apiClientStore: ApiClientStore;
+    clientId: string;
+    clientSecret: string;
+    now?: number;
+    requestedScopes?: string[];
+    ttlMs?: number;
+}) => Promise<ClientCredentialsResult>;
+export declare const hasScopes: (principal: ApiPrincipal | undefined, required: string[]) => boolean;
+export declare const resolveApiPrincipal: ({ accessTokenStore, apiKey, apiKeyStore, authorization, now }: {
+    accessTokenStore?: AccessTokenStore;
+    apiKey?: string;
+    apiKeyStore?: ApiKeyStore;
+    authorization?: string;
+    now?: number;
+}) => Promise<ApiPrincipal | undefined>;
+export declare const verifyAccessToken: (accessTokenStore: AccessTokenStore, presented: string, now?: number) => Promise<import("./types").AccessToken | undefined>;
+export declare const verifyApiKey: (apiKeyStore: ApiKeyStore, presented: string, now?: number) => Promise<ApiKey | undefined>;

package/dist/apikeys/inMemoryStores.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import type { AccessTokenStore, ApiClientStore, ApiKeyStore } from './types';
+export declare const createInMemoryAccessTokenStore: () => AccessTokenStore;
+export declare const createInMemoryApiClientStore: () => ApiClientStore;
+export declare const createInMemoryApiKeyStore: () => ApiKeyStore;