@absolutejs/auth 0.27.0-beta.2 → 0.27.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (23) hide show
  1. package/dist/abuse/config.d.ts +29 -0
  2. package/dist/apikeys/routes.d.ts +1 -1
  3. package/dist/audit/integrity.d.ts +15 -0
  4. package/dist/audit/siem.d.ts +11 -0
  5. package/dist/audit/types.d.ts +1 -1
  6. package/dist/fga/config.d.ts +35 -0
  7. package/dist/fga/inMemoryStores.d.ts +3 -0
  8. package/dist/fga/postgresStores.d.ts +144 -0
  9. package/dist/fga/types.d.ts +27 -0
  10. package/dist/index.d.ts +6262 -3
  11. package/dist/index.js +2224 -1199
  12. package/dist/index.js.map +18 -5
  13. package/dist/oidc/config.d.ts +44 -0
  14. package/dist/oidc/dpop.d.ts +12 -0
  15. package/dist/oidc/inMemoryStores.d.ts +4 -0
  16. package/dist/oidc/keys.d.ts +21 -0
  17. package/dist/oidc/postgresStores.d.ts +573 -0
  18. package/dist/oidc/routes.d.ts +138 -0
  19. package/dist/oidc/types.d.ts +42 -0
  20. package/dist/session/impersonation.d.ts +29 -0
  21. package/dist/session/promote.d.ts +2 -1
  22. package/dist/types.d.ts +21 -0
  23. package/package.json +1 -1
package/dist/abuse/config.d.ts ADDED
@@ -0,0 +1,29 @@
1
+ export type AbuseAction = 'allow' | 'challenge' | 'deny';
2
+ export type AbuseSignal = 'blocked_ip' | 'bot' | 'captcha_failed' | 'not_allowlisted';
3
+ export type BotClass = 'agent' | 'bot' | 'crawler' | 'human';
4
+ export type AbuseContext = {
5
+ captchaToken?: string;
6
+ ip?: string;
7
+ userAgent?: string;
8
+ };
9
+ export type AbuseReason = {
10
+ action: AbuseAction;
11
+ signal: AbuseSignal;
12
+ };
13
+ export type AbuseAssessment = {
14
+ action: AbuseAction;
15
+ reasons: AbuseReason[];
16
+ };
17
+ export type AbuseConfig = {
18
+ botAction?: AbuseAction;
19
+ captchaAction?: AbuseAction;
20
+ classifyBot?: (context: AbuseContext) => BotClass | Promise<BotClass>;
21
+ ipAllow?: string[];
22
+ ipDeny?: string[];
23
+ verifyCaptcha?: (token: string | undefined, context: AbuseContext) => boolean | Promise<boolean>;
24
+ };
25
+ export declare const assessAbuse: (config: AbuseConfig, context: AbuseContext) => Promise<AbuseAssessment>;
26
+ export declare const createAbuseGuard: (config: AbuseConfig) => {
27
+ assess: (context: AbuseContext) => Promise<AbuseAssessment>;
28
+ };
29
+ export declare const defaultBotClassifier: (context: AbuseContext) => "bot" | "crawler" | "human";
package/dist/apikeys/routes.d.ts CHANGED
@@ -47,9 +47,9 @@ export declare const apiKeysRoutes: ({ accessTokenStore, accessTokenTtlMs, apiCl
47
47
  post: {
48
48
  body: {
49
49
  client_id?: string | undefined;
50
+ scope?: string | undefined;
50
51
  client_secret?: string | undefined;
51
52
  grant_type?: string | undefined;
52
- scope?: string | undefined;
53
53
  };
54
54
  params: {};
55
55
  query: unknown;
package/dist/audit/integrity.d.ts ADDED
@@ -0,0 +1,15 @@
1
+ import type { AuditEvent, AuditSink } from './types';
2
+ export type AuditIntegrity = {
3
+ hash: string;
4
+ previousHash: string;
5
+ };
6
+ export type AuditChainResult = {
7
+ brokenAt?: number;
8
+ ok: boolean;
9
+ };
10
+ export declare const createTamperEvidentSink: ({ secret, sink }: {
11
+ secret?: string;
12
+ sink: AuditSink;
13
+ }) => AuditSink;
14
+ export declare const hashAuditEvent: (event: AuditEvent, previousHash: string, secret?: string) => Promise<string>;
15
+ export declare const verifyAuditChain: (events: AuditEvent[], secret?: string) => Promise<AuditChainResult>;
package/dist/audit/siem.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import type { AuditSink } from './types';
2
+ export type SiemFormat = 'datadog' | 'generic' | 'splunk';
3
+ export type SiemEndpoint = {
4
+ format?: SiemFormat;
5
+ headers?: Record<string, string>;
6
+ token?: string;
7
+ url: string;
8
+ };
9
+ export declare const createSiemLogStream: ({ endpoints }: {
10
+ endpoints: SiemEndpoint[];
11
+ }) => AuditSink;
package/dist/audit/types.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import type { OrganizationId } from '../tenancy';
2
- export type AuditEventType = 'account_deleted' | 'authorization_denied' | 'credentials_login' | 'credentials_login_failed' | 'data_exported' | 'email_verified' | 'identity_conflict' | 'invitation_accepted' | 'invitation_created' | 'logout' | 'membership_removed' | 'mfa_challenge' | 'mfa_challenge_failed' | 'mfa_enrolled' | 'oauth_login' | 'organization_created' | 'password_reset' | 'passwordless_login' | 'register' | 'role_assigned' | 'scim_provision' | 'scim_token_created' | 'session_revoked' | 'setup_session_created' | 'sso_connection_configured' | 'sso_login' | 'token_refreshed' | 'token_revoked' | 'webauthn_authenticated' | 'webauthn_registered';
2
+ export type AuditEventType = 'account_deleted' | 'authorization_denied' | 'credentials_login' | 'credentials_login_failed' | 'data_exported' | 'email_verified' | 'identity_conflict' | 'impersonation_ended' | 'impersonation_started' | 'invitation_accepted' | 'invitation_created' | 'logout' | 'membership_removed' | 'mfa_challenge' | 'mfa_challenge_failed' | 'mfa_enrolled' | 'oauth_login' | 'organization_created' | 'password_reset' | 'passwordless_login' | 'register' | 'role_assigned' | 'scim_provision' | 'scim_token_created' | 'session_revoked' | 'setup_session_created' | 'sso_connection_configured' | 'sso_login' | 'token_refreshed' | 'token_revoked' | 'webauthn_authenticated' | 'webauthn_registered';
3
3
  export type AuditEvent = {
4
4
  at: number;
5
5
  ip?: string;
package/dist/fga/config.d.ts ADDED
@@ -0,0 +1,35 @@
1
+ import type { FgaSchema, Warrant, WarrantStore } from './types';
2
+ export type FgaConfig = {
3
+ maxDepth?: number;
4
+ schema: FgaSchema;
5
+ warrantStore: WarrantStore;
6
+ };
7
+ export type CheckQuery = {
8
+ relation: string;
9
+ resourceId: string;
10
+ resourceType: string;
11
+ subjectId: string;
12
+ subjectType: string;
13
+ };
14
+ export type Subject = {
15
+ subjectId: string;
16
+ subjectType: string;
17
+ };
18
+ export declare const check: (config: FgaConfig, query: CheckQuery) => Promise<boolean>;
19
+ export declare const createFgaEngine: (config: FgaConfig) => {
20
+ check: (query: CheckQuery) => Promise<boolean>;
21
+ deleteWarrant: (warrant: Warrant) => Promise<void>;
22
+ listSubjects: (query: {
23
+ relation: string;
24
+ resourceId: string;
25
+ resourceType: string;
26
+ }) => Promise<Subject[]>;
27
+ writeWarrant: (warrant: Warrant) => Promise<void>;
28
+ };
29
+ export declare const deleteWarrant: (config: FgaConfig, warrant: Warrant) => Promise<void>;
30
+ export declare const listSubjects: (config: FgaConfig, query: {
31
+ relation: string;
32
+ resourceId: string;
33
+ resourceType: string;
34
+ }) => Promise<Subject[]>;
35
+ export declare const writeWarrant: (config: FgaConfig, warrant: Warrant) => Promise<void>;
package/dist/fga/inMemoryStores.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ import type { Warrant, WarrantStore } from './types';
2
+ export declare const createInMemoryWarrantStore: () => WarrantStore;
3
+ export declare const warrantKey: (warrant: Warrant) => string;
package/dist/fga/postgresStores.d.ts ADDED
@@ -0,0 +1,144 @@
1
+ import { type AnyPgDatabase } from '../stores/postgres';
2
+ import type { WarrantStore } from './types';
3
+ export declare const warrantsTable: import("drizzle-orm/pg-core").PgTableWithColumns<{
4
+ name: "auth_fga_warrants";
5
+ schema: undefined;
6
+ columns: {
7
+ id: import("drizzle-orm/pg-core").PgColumn<{
8
+ name: "id";
9
+ tableName: "auth_fga_warrants";
10
+ dataType: "string";
11
+ columnType: "PgVarchar";
12
+ data: string;
13
+ driverParam: string;
14
+ notNull: true;
15
+ hasDefault: false;
16
+ isPrimaryKey: true;
17
+ isAutoincrement: false;
18
+ hasRuntimeDefault: false;
19
+ enumValues: [string, ...string[]];
20
+ baseColumn: never;
21
+ identity: undefined;
22
+ generated: undefined;
23
+ }, {}, {
24
+ length: 255;
25
+ }>;
26
+ relation: import("drizzle-orm/pg-core").PgColumn<{
27
+ name: "relation";
28
+ tableName: "auth_fga_warrants";
29
+ dataType: "string";
30
+ columnType: "PgVarchar";
31
+ data: string;
32
+ driverParam: string;
33
+ notNull: true;
34
+ hasDefault: false;
35
+ isPrimaryKey: false;
36
+ isAutoincrement: false;
37
+ hasRuntimeDefault: false;
38
+ enumValues: [string, ...string[]];
39
+ baseColumn: never;
40
+ identity: undefined;
41
+ generated: undefined;
42
+ }, {}, {
43
+ length: 255;
44
+ }>;
45
+ resource_id: import("drizzle-orm/pg-core").PgColumn<{
46
+ name: "resource_id";
47
+ tableName: "auth_fga_warrants";
48
+ dataType: "string";
49
+ columnType: "PgVarchar";
50
+ data: string;
51
+ driverParam: string;
52
+ notNull: true;
53
+ hasDefault: false;
54
+ isPrimaryKey: false;
55
+ isAutoincrement: false;
56
+ hasRuntimeDefault: false;
57
+ enumValues: [string, ...string[]];
58
+ baseColumn: never;
59
+ identity: undefined;
60
+ generated: undefined;
61
+ }, {}, {
62
+ length: 255;
63
+ }>;
64
+ resource_type: import("drizzle-orm/pg-core").PgColumn<{
65
+ name: "resource_type";
66
+ tableName: "auth_fga_warrants";
67
+ dataType: "string";
68
+ columnType: "PgVarchar";
69
+ data: string;
70
+ driverParam: string;
71
+ notNull: true;
72
+ hasDefault: false;
73
+ isPrimaryKey: false;
74
+ isAutoincrement: false;
75
+ hasRuntimeDefault: false;
76
+ enumValues: [string, ...string[]];
77
+ baseColumn: never;
78
+ identity: undefined;
79
+ generated: undefined;
80
+ }, {}, {
81
+ length: 255;
82
+ }>;
83
+ subject_id: import("drizzle-orm/pg-core").PgColumn<{
84
+ name: "subject_id";
85
+ tableName: "auth_fga_warrants";
86
+ dataType: "string";
87
+ columnType: "PgVarchar";
88
+ data: string;
89
+ driverParam: string;
90
+ notNull: true;
91
+ hasDefault: false;
92
+ isPrimaryKey: false;
93
+ isAutoincrement: false;
94
+ hasRuntimeDefault: false;
95
+ enumValues: [string, ...string[]];
96
+ baseColumn: never;
97
+ identity: undefined;
98
+ generated: undefined;
99
+ }, {}, {
100
+ length: 255;
101
+ }>;
102
+ subject_relation: import("drizzle-orm/pg-core").PgColumn<{
103
+ name: "subject_relation";
104
+ tableName: "auth_fga_warrants";
105
+ dataType: "string";
106
+ columnType: "PgVarchar";
107
+ data: string;
108
+ driverParam: string;
109
+ notNull: false;
110
+ hasDefault: false;
111
+ isPrimaryKey: false;
112
+ isAutoincrement: false;
113
+ hasRuntimeDefault: false;
114
+ enumValues: [string, ...string[]];
115
+ baseColumn: never;
116
+ identity: undefined;
117
+ generated: undefined;
118
+ }, {}, {
119
+ length: 255;
120
+ }>;
121
+ subject_type: import("drizzle-orm/pg-core").PgColumn<{
122
+ name: "subject_type";
123
+ tableName: "auth_fga_warrants";
124
+ dataType: "string";
125
+ columnType: "PgVarchar";
126
+ data: string;
127
+ driverParam: string;
128
+ notNull: true;
129
+ hasDefault: false;
130
+ isPrimaryKey: false;
131
+ isAutoincrement: false;
132
+ hasRuntimeDefault: false;
133
+ enumValues: [string, ...string[]];
134
+ baseColumn: never;
135
+ identity: undefined;
136
+ generated: undefined;
137
+ }, {}, {
138
+ length: 255;
139
+ }>;
140
+ };
141
+ dialect: "pg";
142
+ }>;
143
+ export declare const createNeonWarrantStore: (databaseUrl: string) => WarrantStore;
144
+ export declare const createPostgresWarrantStore: (db: AnyPgDatabase) => WarrantStore;
package/dist/fga/types.d.ts ADDED
@@ -0,0 +1,27 @@
1
+ export type Warrant = {
2
+ relation: string;
3
+ resourceId: string;
4
+ resourceType: string;
5
+ subjectId: string;
6
+ subjectRelation?: string;
7
+ subjectType: string;
8
+ };
9
+ export type WarrantStore = {
10
+ deleteWarrant: (warrant: Warrant) => Promise<void>;
11
+ listForResource: (resourceType: string, resourceId: string, relation: string) => Promise<Warrant[]>;
12
+ saveWarrant: (warrant: Warrant) => Promise<void>;
13
+ };
14
+ export type RelationRule = {
15
+ kind: 'computedUserset';
16
+ relation: string;
17
+ } | {
18
+ kind: 'self';
19
+ } | {
20
+ kind: 'tupleToUserset';
21
+ relation: string;
22
+ viaRelation: string;
23
+ } | {
24
+ kind: 'union';
25
+ rules: RelationRule[];
26
+ };
27
+ export type FgaSchema = Record<string, Record<string, RelationRule>>;