npm - @absolutejs/auth - Versions diffs - 0.27.0-beta.5 → 0.27.0-beta.6 - Mend

@absolutejs/auth 0.27.0-beta.5 → 0.27.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/credentials/emailValidation.d.ts +9 -0
package/dist/credentials/passwordPolicy.d.ts +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.js +141 -1
package/dist/index.js.map +9 -6
package/dist/session/anonymous.d.ts +11 -0
package/dist/session/multiSession.d.ts +25 -0
package/dist/session/promote.d.ts +2 -1
package/dist/types.d.ts +3 -0
package/package.json +1 -1

package/dist/credentials/emailValidation.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+export type EmailValidationResult = {
+    ok: boolean;
+    reason?: 'disposable' | 'invalid_format' | 'no_mx';
+};
+export declare const isDisposableEmail: (email: string, extraDomains?: Iterable<string>) => boolean;
+export declare const validateEmailDeliverability: (email: string, options?: {
+    checkMx?: boolean;
+    disposableDomains?: Iterable<string>;
+}) => Promise<EmailValidationResult>;

package/dist/credentials/passwordPolicy.d.ts CHANGED Viewed

@@ -12,3 +12,4 @@ export type PasswordPolicyResult = {
     violations: PasswordPolicyViolation[];
 };
 export declare const evaluatePassword: (password: string, policy?: PasswordPolicy) => Promise<PasswordPolicyResult>;
+export declare const isPasswordCompromised: (password: string) => Promise<boolean>;

package/dist/index.d.ts CHANGED Viewed

@@ -14652,6 +14652,8 @@ export { sessionRoutes } from './routes/sessions';
 export { stepUpPlugin } from './routes/stepUp';
 export * from './session/sessionsConfig';
 export { endImpersonation, isImpersonating, startImpersonation } from './session/impersonation';
+export { createAnonymousSession, isAnonymousSession } from './session/anonymous';
+export { addToSessionRing, listRingSessions, readSessionRing, removeFromSessionRing, switchActiveSession } from './session/multiSession';
 export { listUserSessions, revokeUserSessions } from './session/userSessions';
 export type { UserSession } from './session/userSessions';
 export { sessionCleanup } from './session/cleanup';
@@ -14666,6 +14668,7 @@ export * from './crypto';
 export * from './tenancy';
 export * from './credentials/config';
 export * from './credentials/passwordPolicy';
+export * from './credentials/emailValidation';
 export * from './credentials/types';
 export { credentialRoutes } from './credentials/routes';
 export { credentialsEmailVerification } from './credentials/emailVerification';

package/dist/index.js CHANGED Viewed

@@ -3213,6 +3213,7 @@ var persistWhen = async (shouldPersist, persist) => {
     await persist();
 };
 var promoteToSession = async ({
+  anonymous,
   authSessionStore,
   cookie,
   impersonator,
@@ -3236,6 +3237,8 @@ var promoteToSession = async ({
     data.samlLogout = samlLogout;
   if (impersonator !== undefined)
     data.impersonator = impersonator;
+  if (anonymous === true)
+    data.anonymous = true;
   targetSession[userSessionId] = data;
   cookie.set({
     httpOnly: true,
@@ -3512,6 +3515,7 @@ var evaluatePassword = async (password, policy = {}) => {
   }
   return { ok: violations.length === 0, violations };
 };
+var isPasswordCompromised = (password) => isPasswordBreached(password);
 // src/credentials/passwordReset.ts
 var credentialsPasswordReset = ({
@@ -18141,6 +18145,90 @@ var startImpersonation = async ({
   });
   return sessionId;
 };
+// src/session/anonymous.ts
+var DEFAULT_GUEST_TTL_MS = MILLISECONDS_IN_A_DAY;
+var createAnonymousSession = async ({
+  authSessionStore,
+  cookie,
+  guestUser,
+  inMemorySession,
+  sessionDurationMs = DEFAULT_GUEST_TTL_MS
+}) => promoteToSession({
+  anonymous: true,
+  authSessionStore,
+  cookie,
+  inMemorySession,
+  sessionDurationMs,
+  user: guestUser
+});
+var isAnonymousSession = (session) => session?.anonymous === true;
+// src/session/multiSession.ts
+var SEPARATOR = " ";
+var writeRing = (ring, ids) => ring.set({
+  httpOnly: true,
+  sameSite: "lax",
+  secure: true,
+  value: ids.join(SEPARATOR)
+});
+var readRing = (ring) => (ring.value ?? "").split(SEPARATOR).filter((entry) => isUserSessionId(entry));
+var addToSessionRing = (ring, sessionId) => writeRing(ring, [...new Set([...readRing(ring), sessionId])]);
+var listRingSessions = async ({
+  authSessionStore,
+  inMemorySession,
+  ring
+}) => {
+  const resolved = await Promise.all(readRing(ring).map(async (sessionId) => {
+    const session = await loadSessionFromSource({
+      authSessionStore,
+      session: inMemorySession,
+      userSessionId: sessionId
+    });
+    return session === undefined ? undefined : { sessionId, user: session.user };
+  }));
+  return resolved.filter((entry) => entry !== undefined);
+};
+var readSessionRing = (ring) => readRing(ring);
+var removeFromSessionRing = async ({
+  activeCookie,
+  authSessionStore,
+  inMemorySession,
+  ring,
+  sessionId
+}) => {
+  const remaining = readRing(ring).filter((id) => id !== sessionId);
+  writeRing(ring, remaining);
+  if (authSessionStore)
+    await authSessionStore.removeSession(sessionId);
+  else if (inMemorySession)
+    delete inMemorySession[sessionId];
+  if (activeCookie?.value !== sessionId)
+    return;
+  const [fallback] = remaining;
+  if (fallback === undefined)
+    activeCookie.remove();
+  else
+    activeCookie.set({
+      httpOnly: true,
+      sameSite: "lax",
+      secure: true,
+      value: fallback
+    });
+};
+var switchActiveSession = ({
+  activeCookie,
+  ring,
+  sessionId
+}) => {
+  if (!readRing(ring).includes(sessionId))
+    return false;
+  activeCookie.set({
+    httpOnly: true,
+    sameSite: "lax",
+    secure: true,
+    value: sessionId
+  });
+  return true;
+};
 // src/utils.ts
 var defineAuthConfig = (configuration) => configuration;
 var defineAuthHtmxConfig = (htmxConfig) => htmxConfig;
@@ -18316,6 +18404,48 @@ var getUserSessionId = ({
 };
 // src/tenancy.ts
 var hasOrganizationScope = (value) => typeof value.organizationId === "string" && value.organizationId.length > 0;
+// src/credentials/emailValidation.ts
+import { resolveMx } from "dns/promises";
+var EMAIL_PATTERN = /^[^\s@]+@[^\s@]+\.[^\s@]+$/u;
+var DISPOSABLE_DOMAINS = new Set([
+  "10minutemail.com",
+  "fakeinbox.com",
+  "getnada.com",
+  "guerrillamail.com",
+  "mailinator.com",
+  "maildrop.cc",
+  "sharklasers.com",
+  "temp-mail.org",
+  "tempmail.com",
+  "throwaway.email",
+  "trashmail.com",
+  "yopmail.com"
+]);
+var domainOf = (email) => email.slice(email.lastIndexOf("@") + 1).toLowerCase();
+var hasMxRecord = async (domain) => {
+  try {
+    return (await resolveMx(domain)).length > 0;
+  } catch {
+    return false;
+  }
+};
+var isDisposableEmail = (email, extraDomains) => {
+  const domain = domainOf(email);
+  return DISPOSABLE_DOMAINS.has(domain) || extraDomains !== undefined && new Set(extraDomains).has(domain);
+};
+var validateEmailDeliverability = async (email, options) => {
+  const normalized = email.trim().toLowerCase();
+  if (!EMAIL_PATTERN.test(normalized)) {
+    return { ok: false, reason: "invalid_format" };
+  }
+  if (isDisposableEmail(normalized, options?.disposableDomains)) {
+    return { ok: false, reason: "disposable" };
+  }
+  if (options?.checkMx === true && !await hasMxRecord(domainOf(normalized))) {
+    return { ok: false, reason: "no_mx" };
+  }
+  return { ok: true };
+};
 // src/credentials/inMemoryCredentialStore.ts
 var cloneCredential = (value) => ({
   ...value
@@ -20580,9 +20710,11 @@ export {
   verifyApiKey,
   verifyAccessToken,
   validateSession,
+  validateEmailDeliverability,
   userSessionIdTypebox,
   trustDevice,
   toPublicJwk,
+  switchActiveSession,
   stepUpPlugin,
   startImpersonation,
   ssoDiscoveryRoute,
@@ -20612,8 +20744,10 @@ export {
   resolveClientProviderEntry,
   resolveAuthHtmxRenderers,
   resolveApiPrincipal,
+  removeFromSessionRing,
   refreshableProviderOptions,
   recordLoginAttempt,
+  readSessionRing,
   providers,
   providerOptions,
   protectRoutePlugin,
@@ -20642,6 +20776,7 @@ export {
   listUserSessions,
   listUserOrganizations,
   listSubjects,
+  listRingSessions,
   knownDevicesTable,
   jwkThumbprint,
   issueTokenSet,
@@ -20652,11 +20787,14 @@ export {
   isRevocableOAuth2Client,
   isRefreshableProviderOption,
   isRefreshableOAuth2Client,
+  isPasswordCompromised,
   isPKCEProviderOption,
   isOIDCProviderOption,
   isMfaEnrolled,
   isImpersonating,
+  isDisposableEmail,
   isAuthIntent,
+  isAnonymousSession,
   inviteToOrganization,
   instantiateUserSession,
   hashToken,
@@ -20784,6 +20922,7 @@ export {
   createAuditEmitter,
   createApiKey,
   createApiClient,
+  createAnonymousSession,
   createAbuseGuard,
   consumeBackupCode,
   constantTimeEqual,
@@ -20802,6 +20941,7 @@ export {
   apiKeysTable,
   apiKeysRoutes,
   apiClientsTable,
+  addToSessionRing,
   accessTokensTable,
   acceptInvitation,
   WEBAUTHN_CHALLENGE_COOKIE,
@@ -20834,5 +20974,5 @@ export {
   AuthIdentityConflictError
 };
-//# debugId=514E4AE78CF406D164756E2164756E21
+//# debugId=D6A51261327D341C64756E2164756E21
 //# sourceMappingURL=index.js.map