@absolutejs/auth 0.27.0-beta.1 → 0.27.0-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/dist/abuse/captcha.d.ts +11 -0
  2. package/dist/abuse/config.d.ts +29 -0
  3. package/dist/actions.d.ts +27 -0
  4. package/dist/adaptive/config.d.ts +13 -1
  5. package/dist/adaptive/fingerprint.d.ts +2 -0
  6. package/dist/adaptive/types.d.ts +13 -1
  7. package/dist/apikeys/routes.d.ts +1 -1
  8. package/dist/audit/export.d.ts +2 -0
  9. package/dist/audit/integrity.d.ts +19 -0
  10. package/dist/audit/siem.d.ts +11 -0
  11. package/dist/audit/types.d.ts +2 -1
  12. package/dist/credentials/config.d.ts +1 -0
  13. package/dist/credentials/emailValidation.d.ts +9 -0
  14. package/dist/credentials/login.d.ts +2 -1
  15. package/dist/credentials/passwordPolicy.d.ts +1 -0
  16. package/dist/credentials/routes.d.ts +1 -0
  17. package/dist/fga/config.d.ts +53 -0
  18. package/dist/fga/inMemoryStores.d.ts +3 -0
  19. package/dist/fga/postgresStores.d.ts +144 -0
  20. package/dist/fga/schema.d.ts +2 -0
  21. package/dist/fga/types.d.ts +28 -0
  22. package/dist/index.d.ts +6281 -3
  23. package/dist/index.js +10946 -9153
  24. package/dist/index.js.map +44 -19
  25. package/dist/mfa/rotation.d.ts +17 -0
  26. package/dist/mfa/types.d.ts +1 -0
  27. package/dist/oidc/config.d.ts +77 -0
  28. package/dist/oidc/dpop.d.ts +12 -0
  29. package/dist/oidc/inMemoryStores.d.ts +4 -0
  30. package/dist/oidc/keys.d.ts +21 -0
  31. package/dist/oidc/postgresStores.d.ts +573 -0
  32. package/dist/oidc/routes.d.ts +142 -0
  33. package/dist/oidc/types.d.ts +42 -0
  34. package/dist/organizations/operations.d.ts +7 -0
  35. package/dist/session/anonymous.d.ts +11 -0
  36. package/dist/session/impersonation.d.ts +29 -0
  37. package/dist/session/multiSession.d.ts +25 -0
  38. package/dist/session/promote.d.ts +3 -1
  39. package/dist/types.d.ts +24 -0
  40. package/dist/vault/config.d.ts +20 -0
  41. package/dist/vault/inMemoryVaultStore.d.ts +2 -0
  42. package/dist/vault/postgresVaultStore.d.ts +100 -0
  43. package/dist/vault/types.d.ts +14 -0
  44. package/package.json +1 -1
package/dist/abuse/captcha.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import type { AbuseContext } from './config';
2
+ export declare const verifyHcaptcha: ({ secret }: {
3
+ secret: string;
4
+ }) => (token: string | undefined, context: AbuseContext) => Promise<boolean>;
5
+ export declare const verifyRecaptcha: ({ minScore, secret }: {
6
+ minScore?: number;
7
+ secret: string;
8
+ }) => (token: string | undefined, context: AbuseContext) => Promise<boolean>;
9
+ export declare const verifyTurnstile: ({ secret }: {
10
+ secret: string;
11
+ }) => (token: string | undefined, context: AbuseContext) => Promise<boolean>;
package/dist/abuse/config.d.ts ADDED
@@ -0,0 +1,29 @@
1
+ export type AbuseAction = 'allow' | 'challenge' | 'deny';
2
+ export type AbuseSignal = 'blocked_ip' | 'bot' | 'captcha_failed' | 'not_allowlisted';
3
+ export type BotClass = 'agent' | 'bot' | 'crawler' | 'human';
4
+ export type AbuseContext = {
5
+ captchaToken?: string;
6
+ ip?: string;
7
+ userAgent?: string;
8
+ };
9
+ export type AbuseReason = {
10
+ action: AbuseAction;
11
+ signal: AbuseSignal;
12
+ };
13
+ export type AbuseAssessment = {
14
+ action: AbuseAction;
15
+ reasons: AbuseReason[];
16
+ };
17
+ export type AbuseConfig = {
18
+ botAction?: AbuseAction;
19
+ captchaAction?: AbuseAction;
20
+ classifyBot?: (context: AbuseContext) => BotClass | Promise<BotClass>;
21
+ ipAllow?: string[];
22
+ ipDeny?: string[];
23
+ verifyCaptcha?: (token: string | undefined, context: AbuseContext) => boolean | Promise<boolean>;
24
+ };
25
+ export declare const assessAbuse: (config: AbuseConfig, context: AbuseContext) => Promise<AbuseAssessment>;
26
+ export declare const createAbuseGuard: (config: AbuseConfig) => {
27
+ assess: (context: AbuseContext) => Promise<AbuseAssessment>;
28
+ };
29
+ export declare const defaultBotClassifier: (context: AbuseContext) => "bot" | "crawler" | "human";
package/dist/actions.d.ts ADDED
@@ -0,0 +1,27 @@
1
+ export type AuthEventName = 'postLogin' | 'postLogout' | 'postMfa' | 'postOauthCallback' | 'postRegister' | 'preLogin' | 'preRegister';
2
+ export type AuthActionContext<UserType> = {
3
+ email?: string;
4
+ event: AuthEventName;
5
+ ip?: string;
6
+ metadata?: Record<string, unknown>;
7
+ user?: UserType;
8
+ userAgent?: string;
9
+ };
10
+ export type AuthActionResult = {
11
+ kind: 'deny';
12
+ reason: string;
13
+ } | {
14
+ kind: 'pass';
15
+ } | {
16
+ kind: 'redirect';
17
+ url: string;
18
+ };
19
+ export type AuthAction<UserType> = {
20
+ event: AuthEventName | AuthEventName[];
21
+ handler: (context: AuthActionContext<UserType>) => AuthActionResult | Promise<AuthActionResult>;
22
+ name: string;
23
+ };
24
+ export type AuthPipeline<UserType> = {
25
+ run: (event: AuthEventName, context: Omit<AuthActionContext<UserType>, 'event'>) => Promise<AuthActionResult>;
26
+ };
27
+ export declare const createActionPipeline: <UserType>(actions: AuthAction<UserType>[]) => AuthPipeline<UserType>;
package/dist/adaptive/config.d.ts CHANGED
@@ -1,9 +1,13 @@
1
- import type { KnownDeviceStore, LoginHistoryStore, RiskAction, RiskAssessment, RiskContext, RiskSignal } from './types';
1
+ import type { KnownDeviceStore, LoginHistoryStore, RiskAction, RiskAssessment, RiskContext, RiskSignal, RiskThresholds, RiskWeights, WeightedRiskAssessment } from './types';
2
2
  export type AdaptiveConfig = {
3
3
  historyLimit?: number;
4
4
  knownDeviceStore: KnownDeviceStore;
5
5
  loginHistoryStore: LoginHistoryStore;
6
6
  maxTravelKmh?: number;
7
+ offHours?: {
8
+ end: number;
9
+ start: number;
10
+ };
7
11
  rules?: Partial<Record<RiskSignal, RiskAction>>;
8
12
  velocityMaxAttempts?: number;
9
13
  velocityWindowMs?: number;
@@ -14,9 +18,17 @@ export declare const createRiskEngine: (config: AdaptiveConfig) => {
14
18
  recordAttempt: (context: RiskContext & {
15
19
  outcome: RiskAction;
16
20
  }) => Promise<void>;
21
+ scoreRisk: (context: RiskContext, options?: {
22
+ thresholds?: RiskThresholds;
23
+ weights?: RiskWeights;
24
+ }) => Promise<WeightedRiskAssessment>;
17
25
  trustDevice: (userId: string, deviceId: string, label?: string) => Promise<void>;
18
26
  };
19
27
  export declare const recordLoginAttempt: (config: AdaptiveConfig, context: RiskContext & {
20
28
  outcome: RiskAction;
21
29
  }) => Promise<void>;
30
+ export declare const scoreRisk: (config: AdaptiveConfig & {
31
+ thresholds?: RiskThresholds;
32
+ weights?: RiskWeights;
33
+ }, context: RiskContext) => Promise<WeightedRiskAssessment>;
22
34
  export declare const trustDevice: (config: AdaptiveConfig, userId: string, deviceId: string, label?: string) => Promise<void>;
package/dist/adaptive/fingerprint.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export type DeviceSignals = Record<string, unknown>;
2
+ export declare const fingerprintDevice: (signals: DeviceSignals) => Promise<string>;
package/dist/adaptive/types.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  export type RiskAction = 'allow' | 'deny' | 'step_up';
2
- export type RiskSignal = 'impossible_travel' | 'new_country' | 'new_device' | 'velocity';
2
+ export type RiskSignal = 'impossible_travel' | 'new_country' | 'new_device' | 'off_hours' | 'proxy' | 'velocity';
3
3
  export type GeoPoint = {
4
4
  country?: string;
5
5
  latitude?: number;
@@ -9,6 +9,8 @@ export type RiskContext = {
9
9
  deviceId: string;
10
10
  geo?: GeoPoint;
11
11
  ipAddress?: string;
12
+ isProxy?: boolean;
13
+ localHour?: number;
12
14
  now?: number;
13
15
  userId: string;
14
16
  };
@@ -20,6 +22,16 @@ export type RiskAssessment = {
20
22
  action: RiskAction;
21
23
  reasons: RiskReason[];
22
24
  };
25
+ export type RiskWeights = Partial<Record<RiskSignal, number>>;
26
+ export type RiskThresholds = {
27
+ deny: number;
28
+ stepUp: number;
29
+ };
30
+ export type WeightedRiskAssessment = {
31
+ action: RiskAction;
32
+ reasons: RiskReason[];
33
+ score: number;
34
+ };
23
35
  export type KnownDevice = {
24
36
  deviceId: string;
25
37
  firstSeenAt: number;
package/dist/apikeys/routes.d.ts CHANGED
@@ -47,9 +47,9 @@ export declare const apiKeysRoutes: ({ accessTokenStore, accessTokenTtlMs, apiCl
47
47
  post: {
48
48
  body: {
49
49
  client_id?: string | undefined;
50
+ scope?: string | undefined;
50
51
  client_secret?: string | undefined;
51
52
  grant_type?: string | undefined;
52
- scope?: string | undefined;
53
53
  };
54
54
  params: {};
55
55
  query: unknown;
package/dist/audit/export.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { AuditEvent } from './types';
2
+ export declare const exportAuditCsv: (events: AuditEvent[]) => string;
package/dist/audit/integrity.d.ts ADDED
@@ -0,0 +1,19 @@
1
+ import type { AuditEvent, AuditSink } from './types';
2
+ export type AuditIntegrity = {
3
+ hash: string;
4
+ previousHash: string;
5
+ writerId?: string;
6
+ };
7
+ export type AuditChainResult = {
8
+ brokenAt?: number;
9
+ ok: boolean;
10
+ };
11
+ export declare const createTamperEvidentSink: ({ loadWriterHead, secret, seedScanLimit, sink, writerId }: {
12
+ loadWriterHead?: (writerId: string) => Promise<string | undefined> | string | undefined;
13
+ secret?: string;
14
+ seedScanLimit?: number;
15
+ sink: AuditSink;
16
+ writerId?: string;
17
+ }) => AuditSink;
18
+ export declare const hashAuditEvent: (event: AuditEvent, previousHash: string, secret?: string) => Promise<string>;
19
+ export declare const verifyAuditChain: (events: AuditEvent[], secret?: string) => Promise<AuditChainResult>;
package/dist/audit/siem.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import type { AuditSink } from './types';
2
+ export type SiemFormat = 'datadog' | 'generic' | 'splunk';
3
+ export type SiemEndpoint = {
4
+ format?: SiemFormat;
5
+ headers?: Record<string, string>;
6
+ token?: string;
7
+ url: string;
8
+ };
9
+ export declare const createSiemLogStream: ({ endpoints }: {
10
+ endpoints: SiemEndpoint[];
11
+ }) => AuditSink;
package/dist/audit/types.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import type { OrganizationId } from '../tenancy';
2
- export type AuditEventType = 'account_deleted' | 'authorization_denied' | 'credentials_login' | 'credentials_login_failed' | 'data_exported' | 'email_verified' | 'identity_conflict' | 'invitation_accepted' | 'invitation_created' | 'logout' | 'membership_removed' | 'mfa_challenge' | 'mfa_challenge_failed' | 'mfa_enrolled' | 'oauth_login' | 'organization_created' | 'password_reset' | 'passwordless_login' | 'register' | 'role_assigned' | 'scim_provision' | 'scim_token_created' | 'session_revoked' | 'setup_session_created' | 'sso_connection_configured' | 'sso_login' | 'token_refreshed' | 'token_revoked' | 'webauthn_authenticated' | 'webauthn_registered';
2
+ export type AuditEventType = 'account_deleted' | 'authorization_denied' | 'credentials_login' | 'credentials_login_failed' | 'data_exported' | 'email_verified' | 'identity_conflict' | 'impersonation_ended' | 'impersonation_started' | 'invitation_accepted' | 'invitation_created' | 'logout' | 'membership_removed' | 'mfa_challenge' | 'mfa_challenge_failed' | 'mfa_enrolled' | 'oauth_login' | 'organization_created' | 'password_reset' | 'passwordless_login' | 'register' | 'role_assigned' | 'scim_provision' | 'scim_token_created' | 'session_revoked' | 'setup_session_created' | 'sso_connection_configured' | 'sso_login' | 'token_refreshed' | 'token_revoked' | 'webauthn_authenticated' | 'webauthn_registered';
3
3
  export type AuditEvent = {
4
4
  at: number;
5
5
  ip?: string;
@@ -15,4 +15,5 @@ export type AuditEventFilter = {
15
15
  export type AuditSink = {
16
16
  append: (event: AuditEvent) => Promise<void>;
17
17
  list?: (filter?: AuditEventFilter) => Promise<AuditEvent[]>;
18
+ prune?: (before: number) => Promise<number>;
18
19
  };
package/dist/credentials/config.d.ts CHANGED
@@ -19,6 +19,7 @@ export type CredentialEmailMessage = {
19
19
  type: CredentialEmailType;
20
20
  };
21
21
  export type CredentialsConfig<UserType> = {
22
+ checkBreachesOnLogin?: boolean;
22
23
  credentialStore: CredentialStore;
23
24
  getUserByEmail: (email: string) => Promise<UserType | null | undefined> | UserType | null | undefined;
24
25
  isMfaRequired?: (user: UserType) => boolean | Promise<boolean>;
package/dist/credentials/emailValidation.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ export type EmailValidationResult = {
2
+ ok: boolean;
3
+ reason?: 'disposable' | 'invalid_format' | 'no_mx';
4
+ };
5
+ export declare const isDisposableEmail: (email: string, extraDomains?: Iterable<string>) => boolean;
6
+ export declare const validateEmailDeliverability: (email: string, options?: {
7
+ checkMx?: boolean;
8
+ disposableDomains?: Iterable<string>;
9
+ }) => Promise<EmailValidationResult>;
package/dist/credentials/login.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import { Elysia } from 'elysia';
2
2
  import { type CredentialRouteProps } from './config';
3
- export declare const credentialsLogin: <UserType>({ authSessionStore, credentialStore, getUserByEmail, isMfaRequired, lockoutGuard, loginRoute, onCredentialsLoginError, onCredentialsLoginSuccess, requireEmailVerification, sessionDurationMs }: CredentialRouteProps<UserType>) => Elysia<"", {
3
+ export declare const credentialsLogin: <UserType>({ authSessionStore, checkBreachesOnLogin, credentialStore, getUserByEmail, isMfaRequired, lockoutGuard, loginRoute, onCredentialsLoginError, onCredentialsLoginSuccess, requireEmailVerification, sessionDurationMs }: CredentialRouteProps<UserType>) => Elysia<"", {
4
4
  decorator: {};
5
5
  store: {
6
6
  session: import("..").SessionRecord<UserType>;
@@ -32,6 +32,7 @@ export declare const credentialsLogin: <UserType>({ authSessionStore, credential
32
32
  200: {
33
33
  readonly status: "mfa_required";
34
34
  } | {
35
+ readonly passwordCompromised: boolean;
35
36
  readonly status: "authenticated";
36
37
  };
37
38
  401: "Invalid email or password";
package/dist/credentials/passwordPolicy.d.ts CHANGED
@@ -12,3 +12,4 @@ export type PasswordPolicyResult = {
12
12
  violations: PasswordPolicyViolation[];
13
13
  };
14
14
  export declare const evaluatePassword: (password: string, policy?: PasswordPolicy) => Promise<PasswordPolicyResult>;
15
+ export declare const isPasswordCompromised: (password: string) => Promise<boolean>;
package/dist/credentials/routes.d.ts CHANGED
@@ -100,6 +100,7 @@ export declare const credentialRoutes: <UserType>(config: CredentialRouteProps<U
100
100
  200: {
101
101
  readonly status: "mfa_required";
102
102
  } | {
103
+ readonly passwordCompromised: boolean;
103
104
  readonly status: "authenticated";
104
105
  };
105
106
  401: "Invalid email or password";
package/dist/fga/config.d.ts ADDED
@@ -0,0 +1,53 @@
1
+ import type { FgaSchema, Warrant, WarrantStore } from './types';
2
+ export type FgaCache = {
3
+ clear: () => void;
4
+ get: (key: string) => boolean | undefined;
5
+ set: (key: string, value: boolean) => void;
6
+ };
7
+ export type FgaConfig = {
8
+ cache?: FgaCache;
9
+ maxDepth?: number;
10
+ schema: FgaSchema;
11
+ warrantStore: WarrantStore;
12
+ };
13
+ export type CheckQuery = {
14
+ relation: string;
15
+ resourceId: string;
16
+ resourceType: string;
17
+ subjectId: string;
18
+ subjectType: string;
19
+ };
20
+ export type Subject = {
21
+ subjectId: string;
22
+ subjectType: string;
23
+ };
24
+ export type ObjectQuery = {
25
+ relation: string;
26
+ resourceType: string;
27
+ subjectId: string;
28
+ subjectType: string;
29
+ };
30
+ export declare const check: (config: FgaConfig, query: CheckQuery) => Promise<boolean>;
31
+ export declare const createInMemoryCheckCache: ({ maxEntries, ttlMs }?: {
32
+ maxEntries?: number;
33
+ ttlMs?: number;
34
+ }) => FgaCache;
35
+ export declare const createFgaEngine: (config: FgaConfig) => {
36
+ check: (query: CheckQuery) => Promise<boolean>;
37
+ deleteWarrant: (warrant: Warrant) => Promise<void>;
38
+ listObjects: (query: ObjectQuery) => Promise<string[]>;
39
+ listSubjects: (query: {
40
+ relation: string;
41
+ resourceId: string;
42
+ resourceType: string;
43
+ }) => Promise<Subject[]>;
44
+ writeWarrant: (warrant: Warrant) => Promise<void>;
45
+ };
46
+ export declare const deleteWarrant: (config: FgaConfig, warrant: Warrant) => Promise<void>;
47
+ export declare const listObjects: (config: FgaConfig, query: ObjectQuery) => Promise<string[]>;
48
+ export declare const listSubjects: (config: FgaConfig, query: {
49
+ relation: string;
50
+ resourceId: string;
51
+ resourceType: string;
52
+ }) => Promise<Subject[]>;
53
+ export declare const writeWarrant: (config: FgaConfig, warrant: Warrant) => Promise<void>;
package/dist/fga/inMemoryStores.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { Warrant, WarrantStore } from './types';
2
+ export declare const createInMemoryWarrantStore: () => WarrantStore;
3
+ export declare const warrantKey: (warrant: Warrant) => string;
package/dist/fga/postgresStores.d.ts ADDED
@@ -0,0 +1,144 @@
1
+ import { type AnyPgDatabase } from '../stores/postgres';
2
+ import type { WarrantStore } from './types';
3
+ export declare const warrantsTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
4
+ name: "auth_fga_warrants";
5
+ schema: undefined;
6
+ columns: {
7
+ id: import("drizzle-orm/pg-core").PgColumn<{
8
+ name: "id";
9
+ tableName: "auth_fga_warrants";
10
+ dataType: "string";
11
+ columnType: "PgVarchar";
12
+ data: string;
13
+ driverParam: string;
14
+ notNull: true;
15
+ hasDefault: false;
16
+ isPrimaryKey: true;
17
+ isAutoincrement: false;
18
+ hasRuntimeDefault: false;
19
+ enumValues: [string, ...string[]];
20
+ baseColumn: never;
21
+ identity: undefined;
22
+ generated: undefined;
23
+ }, {}, {
24
+ length: 255;
25
+ }>;
26
+ relation: import("drizzle-orm/pg-core").PgColumn<{
27
+ name: "relation";
28
+ tableName: "auth_fga_warrants";
29
+ dataType: "string";
30
+ columnType: "PgVarchar";
31
+ data: string;
32
+ driverParam: string;
33
+ notNull: true;
34
+ hasDefault: false;
35
+ isPrimaryKey: false;
36
+ isAutoincrement: false;
37
+ hasRuntimeDefault: false;
38
+ enumValues: [string, ...string[]];
39
+ baseColumn: never;
40
+ identity: undefined;
41
+ generated: undefined;
42
+ }, {}, {
43
+ length: 255;
44
+ }>;
45
+ resource_id: import("drizzle-orm/pg-core").PgColumn<{
46
+ name: "resource_id";
47
+ tableName: "auth_fga_warrants";
48
+ dataType: "string";
49
+ columnType: "PgVarchar";
50
+ data: string;
51
+ driverParam: string;
52
+ notNull: true;
53
+ hasDefault: false;
54
+ isPrimaryKey: false;
55
+ isAutoincrement: false;
56
+ hasRuntimeDefault: false;
57
+ enumValues: [string, ...string[]];
58
+ baseColumn: never;
59
+ identity: undefined;
60
+ generated: undefined;
61
+ }, {}, {
62
+ length: 255;
63
+ }>;
64
+ resource_type: import("drizzle-orm/pg-core").PgColumn<{
65
+ name: "resource_type";
66
+ tableName: "auth_fga_warrants";
67
+ dataType: "string";
68
+ columnType: "PgVarchar";
69
+ data: string;
70
+ driverParam: string;
71
+ notNull: true;
72
+ hasDefault: false;
73
+ isPrimaryKey: false;
74
+ isAutoincrement: false;
75
+ hasRuntimeDefault: false;
76
+ enumValues: [string, ...string[]];
77
+ baseColumn: never;
78
+ identity: undefined;
79
+ generated: undefined;
80
+ }, {}, {
81
+ length: 255;
82
+ }>;
83
+ subject_id: import("drizzle-orm/pg-core").PgColumn<{
84
+ name: "subject_id";
85
+ tableName: "auth_fga_warrants";
86
+ dataType: "string";
87
+ columnType: "PgVarchar";
88
+ data: string;
89
+ driverParam: string;
90
+ notNull: true;
91
+ hasDefault: false;
92
+ isPrimaryKey: false;
93
+ isAutoincrement: false;
94
+ hasRuntimeDefault: false;
95
+ enumValues: [string, ...string[]];
96
+ baseColumn: never;
97
+ identity: undefined;
98
+ generated: undefined;
99
+ }, {}, {
100
+ length: 255;
101
+ }>;
102
+ subject_relation: import("drizzle-orm/pg-core").PgColumn<{
103
+ name: "subject_relation";
104
+ tableName: "auth_fga_warrants";
105
+ dataType: "string";
106
+ columnType: "PgVarchar";
107
+ data: string;
108
+ driverParam: string;
109
+ notNull: false;
110
+ hasDefault: false;
111
+ isPrimaryKey: false;
112
+ isAutoincrement: false;
113
+ hasRuntimeDefault: false;
114
+ enumValues: [string, ...string[]];
115
+ baseColumn: never;
116
+ identity: undefined;
117
+ generated: undefined;
118
+ }, {}, {
119
+ length: 255;
120
+ }>;
121
+ subject_type: import("drizzle-orm/pg-core").PgColumn<{
122
+ name: "subject_type";
123
+ tableName: "auth_fga_warrants";
124
+ dataType: "string";
125
+ columnType: "PgVarchar";
126
+ data: string;
127
+ driverParam: string;
128
+ notNull: true;
129
+ hasDefault: false;
130
+ isPrimaryKey: false;
131
+ isAutoincrement: false;
132
+ hasRuntimeDefault: false;
133
+ enumValues: [string, ...string[]];
134
+ baseColumn: never;
135
+ identity: undefined;
136
+ generated: undefined;
137
+ }, {}, {
138
+ length: 255;
139
+ }>;
140
+ };
141
+ dialect: "pg";
142
+ }>;
143
+ export declare const createNeonWarrantStore: (databaseUrl: string) => WarrantStore;
144
+ export declare const createPostgresWarrantStore: (db: AnyPgDatabase) => WarrantStore;
package/dist/fga/schema.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import type { FgaSchema } from './types';
2
+ export declare const parseSchema: (dsl: string) => FgaSchema;
package/dist/fga/types.d.ts ADDED
@@ -0,0 +1,28 @@
1
+ export type Warrant = {
2
+ relation: string;
3
+ resourceId: string;
4
+ resourceType: string;
5
+ subjectId: string;
6
+ subjectRelation?: string;
7
+ subjectType: string;
8
+ };
9
+ export type WarrantStore = {
10
+ deleteWarrant: (warrant: Warrant) => Promise<void>;
11
+ listForResource: (resourceType: string, resourceId: string, relation: string) => Promise<Warrant[]>;
12
+ listResourceIds: (resourceType: string) => Promise<string[]>;
13
+ saveWarrant: (warrant: Warrant) => Promise<void>;
14
+ };
15
+ export type RelationRule = {
16
+ kind: 'computedUserset';
17
+ relation: string;
18
+ } | {
19
+ kind: 'self';
20
+ } | {
21
+ kind: 'tupleToUserset';
22
+ relation: string;
23
+ viaRelation: string;
24
+ } | {
25
+ kind: 'union';
26
+ rules: RelationRule[];
27
+ };
28
+ export type FgaSchema = Record<string, Record<string, RelationRule>>;