@adonisjs/auth 9.0.0-8 → 9.0.0

package/build/index.js

@@ -1,15 +1,146 @@
-/*
- * @adonisjs/auth
- *
- * (c) AdonisJS
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-export { configure } from './configure.js';
-export { stubsRoot } from './stubs/main.js';
-export * as symbols from './src/auth/symbols.js';
-export { AuthManager } from './src/auth/auth_manager.js';
-export { Authenticator } from './src/auth/authenticator.js';
-export { defineConfig, providers } from './src/auth/define_config.js';
-export { AuthenticationException, InvalidCredentialsException } from './src/auth/errors.js';
+import {
+  AuthManager,
+  Authenticator,
+  AuthenticatorClient
+} from "./chunk-52DVKHJR.js";
+import "./chunk-3HZHOWKL.js";
+import {
+  E_INVALID_CREDENTIALS,
+  errors_exports
+} from "./chunk-BHB55PBJ.js";
+import {
+  __decorateClass,
+  __export
+} from "./chunk-CZCFTIBB.js";
+
+// configure.ts
+import { presetAuth } from "@adonisjs/presets/auth";
+async function configure(command) {
+  const codemods = await command.createCodemods();
+  let guard = command.parsedFlags.guard;
+  if (guard === void 0) {
+    guard = await command.prompt.choice(
+      "Select the auth guard you want to use",
+      [
+        {
+          name: "session",
+          message: "Session"
+        },
+        {
+          name: "access_tokens",
+          message: "Opaque access tokens"
+        }
+      ],
+      {
+        validate(value) {
+          return !!value;
+        }
+      }
+    );
+  }
+  if (!["session", "access_tokens"].includes(guard)) {
+    command.logger.error(
+      `The selected guard "${guard}" is invalid. Select one from: session, access_tokens`
+    );
+    command.exitCode = 1;
+    return;
+  }
+  await presetAuth(codemods, command.app, {
+    guard,
+    userProvider: "lucid"
+  });
+}
+
+// src/symbols.ts
+var symbols_exports = {};
+__export(symbols_exports, {
+  GUARD_KNOWN_EVENTS: () => GUARD_KNOWN_EVENTS,
+  PROVIDER_REAL_USER: () => PROVIDER_REAL_USER
+});
+var PROVIDER_REAL_USER = Symbol.for("PROVIDER_REAL_USER");
+var GUARD_KNOWN_EVENTS = Symbol.for("GUARD_KNOWN_EVENTS");
+
+// src/define_config.ts
+import { configProvider } from "@adonisjs/core";
+function defineConfig(config) {
+  return configProvider.create(async (app) => {
+    const guardsList = Object.keys(config.guards);
+    const guards = {};
+    for (let guardName of guardsList) {
+      const guard = config.guards[guardName];
+      if (typeof guard === "function") {
+        guards[guardName] = guard;
+      } else {
+        guards[guardName] = await guard.resolver(guardName, app);
+      }
+    }
+    return {
+      default: config.default,
+      guards
+    };
+  });
+}
+
+// src/mixins/with_auth_finder.ts
+import { RuntimeException } from "@adonisjs/core/exceptions";
+import { beforeSave } from "@adonisjs/lucid/orm";
+function withAuthFinder(hash, options) {
+  return (superclass) => {
+    class UserWithUserFinder extends superclass {
+      static async hashPassword(user) {
+        if (user.$dirty[options.passwordColumnName]) {
+          ;
+          user[options.passwordColumnName] = await hash.make(
+            user[options.passwordColumnName]
+          );
+        }
+      }
+      /**
+       * Finds the user for authentication via "verifyCredentials".
+       * Feel free to override this method customize the user
+       * lookup behavior.
+       */
+      static findForAuth(uids, value) {
+        const query = this.query();
+        uids.forEach((uid) => query.orWhere(uid, value));
+        return query.limit(1).first();
+      }
+      /**
+       * Find a user by uid and verify their password. This method is
+       * safe from timing attacks.
+       */
+      static async verifyCredentials(uid, password) {
+        const user = await this.findForAuth(options.uids, uid);
+        if (!user) {
+          await hash.make(password);
+          throw new E_INVALID_CREDENTIALS("Invalid user credentials");
+        }
+        const passwordHash = user[options.passwordColumnName];
+        if (!passwordHash) {
+          throw new RuntimeException(
+            `Cannot verify password during login. The value of column "${options.passwordColumnName}" is undefined or null`
+          );
+        }
+        if (await hash.verify(passwordHash, password)) {
+          return user;
+        }
+        throw new E_INVALID_CREDENTIALS("Invalid user credentials");
+      }
+    }
+    __decorateClass([
+      beforeSave()
+    ], UserWithUserFinder, "hashPassword", 1);
+    return UserWithUserFinder;
+  };
+}
+export {
+  AuthManager,
+  Authenticator,
+  AuthenticatorClient,
+  configure,
+  defineConfig,
+  errors_exports as errors,
+  symbols_exports as symbols,
+  withAuthFinder
+};
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../configure.ts","../src/symbols.ts","../src/define_config.ts","../src/mixins/with_auth_finder.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { presetAuth } from '@adonisjs/presets/auth'\nimport type Configure from '@adonisjs/core/commands/configure'\n\n/**\n * Configures the auth package\n */\nexport async function configure(command: Configure) {\n  const codemods = await command.createCodemods()\n  let guard: string | undefined = command.parsedFlags.guard\n\n  /**\n   * Prompts user to select a guard when not mentioned via\n   * the CLI\n   */\n  if (guard === undefined) {\n    guard = await command.prompt.choice(\n      'Select the auth guard you want to use',\n      [\n        {\n          name: 'session',\n          message: 'Session',\n        },\n        {\n          name: 'access_tokens',\n          message: 'Opaque access tokens',\n        },\n      ],\n      {\n        validate(value) {\n          return !!value\n        },\n      }\n    )\n  }\n\n  /**\n   * Ensure selected or guard defined via the CLI flag is\n   * valid\n   */\n  if (!['session', 'access_tokens'].includes(guard!)) {\n    command.logger.error(\n      `The selected guard \"${guard}\" is invalid. Select one from: session, access_tokens`\n    )\n    command.exitCode = 1\n    return\n  }\n\n  await presetAuth(codemods, command.app, {\n    guard: guard as 'session' | 'access_tokens',\n    userProvider: 'lucid',\n  })\n}\n","/*\n * @adonisjs/lucid\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\n/**\n * A symbol to identify the type of the real user for a given\n * user provider\n */\nexport const PROVIDER_REAL_USER = Symbol.for('PROVIDER_REAL_USER')\n\n/**\n * A symbol to identify the type for the events emitted by a guard\n */\nexport const GUARD_KNOWN_EVENTS = Symbol.for('GUARD_KNOWN_EVENTS')\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { configProvider } from '@adonisjs/core'\nimport type { ConfigProvider } from '@adonisjs/core/types'\nimport type { GuardConfigProvider, GuardFactory } from './types.js'\n\n/**\n * Config resolved by the \"defineConfig\" method\n */\nexport type ResolvedAuthConfig<\n  KnownGuards extends Record<string, GuardFactory | GuardConfigProvider<GuardFactory>>,\n> = {\n  default: keyof KnownGuards\n  guards: {\n    [K in keyof KnownGuards]: KnownGuards[K] extends GuardConfigProvider<infer A>\n      ? A\n      : KnownGuards[K]\n  }\n}\n\n/**\n * Define configuration for the auth package. The function returns\n * a config provider that is invoked inside the auth service\n * provider\n */\nexport function defineConfig<\n  KnownGuards extends Record<string, GuardFactory | GuardConfigProvider<GuardFactory>>,\n>(config: {\n  default: keyof KnownGuards\n  guards: KnownGuards\n}): ConfigProvider<ResolvedAuthConfig<KnownGuards>> {\n  return configProvider.create(async (app) => {\n    const guardsList = Object.keys(config.guards)\n    const guards = {} as Record<string, GuardFactory>\n\n    for (let guardName of guardsList) {\n      const guard = config.guards[guardName]\n      if (typeof guard === 'function') {\n        guards[guardName] = guard\n      } else {\n        guards[guardName] = await guard.resolver(guardName, app)\n      }\n    }\n\n    return {\n      default: config.default,\n      guards: guards,\n    } as ResolvedAuthConfig<KnownGuards>\n  })\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { Hash } from '@adonisjs/core/hash'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport { beforeSave, type BaseModel } from '@adonisjs/lucid/orm'\nimport type { NormalizeConstructor } from '@adonisjs/core/types/helpers'\nimport { E_INVALID_CREDENTIALS } from '../errors.js'\n\n/**\n * Mixing to add user lookup and password verification methods\n * on a model.\n *\n * Under the hood, this mixin defines following methods and hooks\n *\n * - beforeSave hook to hash user password\n * - findForAuth method to find a user during authentication\n * - verifyCredentials method to verify user credentials and prevent\n *   timing attacks.\n */\nexport function withAuthFinder(\n  hash: Hash,\n  options: {\n    uids: string[]\n    passwordColumnName: string\n  }\n) {\n  return <Model extends NormalizeConstructor<typeof BaseModel>>(superclass: Model) => {\n    class UserWithUserFinder extends superclass {\n      /**\n       * Hook to verify user password when creating or updating\n       * the user model.\n       */\n      @beforeSave()\n      static async hashPassword<T extends typeof UserWithUserFinder>(\n        this: T,\n        user: InstanceType<T>\n      ) {\n        if (user.$dirty[options.passwordColumnName]) {\n          ;(user as any)[options.passwordColumnName] = await hash.make(\n            (user as any)[options.passwordColumnName]\n          )\n        }\n      }\n\n      /**\n       * Finds the user for authentication via \"verifyCredentials\".\n       * Feel free to override this method customize the user\n       * lookup behavior.\n       */\n      static findForAuth<T extends typeof UserWithUserFinder>(\n        this: T,\n        uids: string[],\n        value: string\n      ): Promise<InstanceType<T> | null> {\n        const query = this.query()\n        uids.forEach((uid) => query.orWhere(uid, value))\n        return query.limit(1).first()\n      }\n\n      /**\n       * Find a user by uid and verify their password. This method is\n       * safe from timing attacks.\n       */\n      static async verifyCredentials<T extends typeof UserWithUserFinder>(\n        this: T,\n        uid: string,\n        password: string\n      ) {\n        const user = await this.findForAuth(options.uids, uid)\n        if (!user) {\n          await hash.make(password)\n          throw new E_INVALID_CREDENTIALS('Invalid user credentials')\n        }\n\n        const passwordHash = (user as any)[options.passwordColumnName]\n        if (!passwordHash) {\n          throw new RuntimeException(\n            `Cannot verify password during login. The value of column \"${options.passwordColumnName}\" is undefined or null`\n          )\n        }\n\n        if (await hash.verify(passwordHash, password)) {\n          return user\n        }\n\n        throw new E_INVALID_CREDENTIALS('Invalid user credentials')\n      }\n    }\n\n    return UserWithUserFinder\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AASA,SAAS,kBAAkB;AAM3B,eAAsB,UAAU,SAAoB;AAClD,QAAM,WAAW,MAAM,QAAQ,eAAe;AAC9C,MAAI,QAA4B,QAAQ,YAAY;AAMpD,MAAI,UAAU,QAAW;AACvB,YAAQ,MAAM,QAAQ,OAAO;AAAA,MAC3B;AAAA,MACA;AAAA,QACE;AAAA,UACE,MAAM;AAAA,UACN,SAAS;AAAA,QACX;AAAA,QACA;AAAA,UACE,MAAM;AAAA,UACN,SAAS;AAAA,QACX;AAAA,MACF;AAAA,MACA;AAAA,QACE,SAAS,OAAO;AACd,iBAAO,CAAC,CAAC;AAAA,QACX;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAMA,MAAI,CAAC,CAAC,WAAW,eAAe,EAAE,SAAS,KAAM,GAAG;AAClD,YAAQ,OAAO;AAAA,MACb,uBAAuB,KAAK;AAAA,IAC9B;AACA,YAAQ,WAAW;AACnB;AAAA,EACF;AAEA,QAAM,WAAW,UAAU,QAAQ,KAAK;AAAA,IACtC;AAAA,IACA,cAAc;AAAA,EAChB,CAAC;AACH;;;AC5DA;AAAA;AAAA;AAAA;AAAA;AAaO,IAAM,qBAAqB,OAAO,IAAI,oBAAoB;AAK1D,IAAM,qBAAqB,OAAO,IAAI,oBAAoB;;;ACTjE,SAAS,sBAAsB;AAuBxB,SAAS,aAEd,QAGkD;AAClD,SAAO,eAAe,OAAO,OAAO,QAAQ;AAC1C,UAAM,aAAa,OAAO,KAAK,OAAO,MAAM;AAC5C,UAAM,SAAS,CAAC;AAEhB,aAAS,aAAa,YAAY;AAChC,YAAM,QAAQ,OAAO,OAAO,SAAS;AACrC,UAAI,OAAO,UAAU,YAAY;AAC/B,eAAO,SAAS,IAAI;AAAA,MACtB,OAAO;AACL,eAAO,SAAS,IAAI,MAAM,MAAM,SAAS,WAAW,GAAG;AAAA,MACzD;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS,OAAO;AAAA,MAChB;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AC9CA,SAAS,wBAAwB;AACjC,SAAS,kBAAkC;AAepC,SAAS,eACd,MACA,SAIA;AACA,SAAO,CAAuD,eAAsB;AAAA,IAClF,MAAM,2BAA2B,WAAW;AAAA,MAM1C,aAAa,aAEX,MACA;AACA,YAAI,KAAK,OAAO,QAAQ,kBAAkB,GAAG;AAC3C;AAAC,UAAC,KAAa,QAAQ,kBAAkB,IAAI,MAAM,KAAK;AAAA,YACrD,KAAa,QAAQ,kBAAkB;AAAA,UAC1C;AAAA,QACF;AAAA,MACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOA,OAAO,YAEL,MACA,OACiC;AACjC,cAAM,QAAQ,KAAK,MAAM;AACzB,aAAK,QAAQ,CAAC,QAAQ,MAAM,QAAQ,KAAK,KAAK,CAAC;AAC/C,eAAO,MAAM,MAAM,CAAC,EAAE,MAAM;AAAA,MAC9B;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA,aAAa,kBAEX,KACA,UACA;AACA,cAAM,OAAO,MAAM,KAAK,YAAY,QAAQ,MAAM,GAAG;AACrD,YAAI,CAAC,MAAM;AACT,gBAAM,KAAK,KAAK,QAAQ;AACxB,gBAAM,IAAI,sBAAsB,0BAA0B;AAAA,QAC5D;AAEA,cAAM,eAAgB,KAAa,QAAQ,kBAAkB;AAC7D,YAAI,CAAC,cAAc;AACjB,gBAAM,IAAI;AAAA,YACR,6DAA6D,QAAQ,kBAAkB;AAAA,UACzF;AAAA,QACF;AAEA,YAAI,MAAM,KAAK,OAAO,cAAc,QAAQ,GAAG;AAC7C,iBAAO;AAAA,QACT;AAEA,cAAM,IAAI,sBAAsB,0BAA0B;AAAA,MAC5D;AAAA,IACF;AAtDe;AAAA,MADZ,WAAW;AAAA,OALR,oBAMS;AAwDf,WAAO;AAAA,EACT;AACF;","names":[]}

package/build/modules/access_tokens_guard/access_token.d.ts

@@ -0,0 +1,137 @@
+import { Secret } from '@adonisjs/core/helpers';
+/**
+ * Access token represents a token created for a user to authenticate
+ * using the auth module.
+ *
+ * It encapsulates the logic of creating an opaque token, generating
+ * its hash and verifying its hash.
+ */
+export declare class AccessToken {
+    /**
+     * Decodes a publicly shared token and return the series
+     * and the token value from it.
+     *
+     * Returns null when unable to decode the token because of
+     * invalid format or encoding.
+     */
+    static decode(prefix: string, value: string): null | {
+        identifier: string;
+        secret: Secret<string>;
+    };
+    /**
+     * Creates a transient token that can be shared with the persistence
+     * layer.
+     */
+    static createTransientToken(userId: string | number | BigInt, size: number, expiresIn?: string | number): {
+        secret: Secret<string>;
+        hash: string;
+        userId: string | number | BigInt;
+        expiresAt: Date | undefined;
+    };
+    /**
+     * Creates a secret opaque token and its hash. The secret is
+     * suffixed with a crc32 checksum for secret scanning tools
+     * to easily identify the token.
+     */
+    static seed(size: number): {
+        secret: Secret<string>;
+        hash: string;
+    };
+    /**
+     * Identifer is a unique sequence to identify the
+     * token within database. It should be the
+     * primary/unique key
+     */
+    identifier: string | number | BigInt;
+    /**
+     * Reference to the user id for whom the token
+     * is generated.
+     */
+    tokenableId: string | number | BigInt;
+    /**
+     * The value is a public representation of a token. It is created
+     * by combining the "identifier"."secret"
+     */
+    value?: Secret<string>;
+    /**
+     * Recognizable name for the token
+     */
+    name: string | null;
+    /**
+     * A unique type to identify a bucket of tokens inside the
+     * storage layer.
+     */
+    type: string;
+    /**
+     * Hash is computed from the seed to later verify the validity
+     * of seed
+     */
+    hash: string;
+    /**
+     * Date/time when the token instance was created
+     */
+    createdAt: Date;
+    /**
+     * Date/time when the token was updated
+     */
+    updatedAt: Date;
+    /**
+     * Timestamp at which the token was used for authentication
+     */
+    lastUsedAt: Date | null;
+    /**
+     * Timestamp at which the token will expire
+     */
+    expiresAt: Date | null;
+    /**
+     * An array of abilities the token can perform. The abilities
+     * is an array of abritary string values
+     */
+    abilities: string[];
+    constructor(attributes: {
+        identifier: string | number | BigInt;
+        tokenableId: string | number | BigInt;
+        type: string;
+        hash: string;
+        createdAt: Date;
+        updatedAt: Date;
+        lastUsedAt: Date | null;
+        expiresAt: Date | null;
+        name: string | null;
+        prefix?: string;
+        secret?: Secret<string>;
+        abilities?: string[];
+    });
+    /**
+     * Check if the token allows the given ability.
+     */
+    allows(ability: string): boolean;
+    /**
+     * Check if the token denies the ability.
+     */
+    denies(ability: string): boolean;
+    /**
+     * Authorize ability access using the current access token
+     */
+    authorize(ability: string): void;
+    /**
+     * Check if the token has been expired. Verifies
+     * the "expiresAt" timestamp with the current
+     * date.
+     *
+     * Tokens with no expiry never expire
+     */
+    isExpired(): boolean;
+    /**
+     * Verifies the value of a token against the pre-defined hash
+     */
+    verify(secret: Secret<string>): boolean;
+    toJSON(): {
+        type: string;
+        name: string | null;
+        token: string | undefined;
+        abilities: string[];
+        lastUsedAt: Date | null;
+        expiresAt: Date | null;
+    };
+}

package/build/modules/access_tokens_guard/crc32.d.ts

@@ -0,0 +1,16 @@
+/**
+ * We use CRC32 just to add a recognizable checksum to tokens. This helps
+ * secret scanning tools like https://docs.github.com/en/github/administering-a-repository/about-secret-scanning easily detect tokens generated by a given program.
+ *
+ * You can learn more about appending checksum to a hash here in this Github
+ * article. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/
+ *
+ * Code taken from:
+ * https://github.com/tsxper/crc32/blob/main/src/CRC32.ts
+ */
+export declare class CRC32 {
+    #private;
+    calculate(input: string): number;
+    forString(input: string): number;
+    forBytes(bytes: Uint8Array, accumulator?: number): number;
+}

package/build/modules/access_tokens_guard/define_config.d.ts

@@ -0,0 +1,17 @@
+import type { HttpContext } from '@adonisjs/core/http';
+import type { ConfigProvider } from '@adonisjs/core/types';
+import { AccessTokensGuard } from './guard.js';
+import type { GuardConfigProvider } from '../../src/types.js';
+import { AccessTokensLucidUserProvider } from './user_providers/lucid.js';
+import type { LucidTokenable, AccessTokensUserProviderContract, AccessTokensLucidUserProviderOptions } from './types.js';
+/**
+ * Configures access tokens guard for authentication
+ */
+export declare function tokensGuard<UserProvider extends AccessTokensUserProviderContract<unknown>>(config: {
+    provider: UserProvider | ConfigProvider<UserProvider>;
+}): GuardConfigProvider<(ctx: HttpContext) => AccessTokensGuard<UserProvider>>;
+/**
+ * Configures user provider that uses Lucid models to verify
+ * access tokens and find users during authentication.
+ */
+export declare function tokensUserProvider<TokenableProperty extends string, Model extends LucidTokenable<TokenableProperty>>(config: AccessTokensLucidUserProviderOptions<TokenableProperty, Model>): AccessTokensLucidUserProvider<TokenableProperty, Model>;

package/build/modules/access_tokens_guard/guard.d.ts

@@ -0,0 +1,81 @@
+import type { HttpContext } from '@adonisjs/core/http';
+import type { EmitterLike } from '@adonisjs/core/types/events';
+import type { AccessToken } from './access_token.js';
+import type { AuthClientResponse, GuardContract } from '../../src/types.js';
+import { GUARD_KNOWN_EVENTS, PROVIDER_REAL_USER } from '../../src/symbols.js';
+import type { AccessTokensGuardEvents, AccessTokensUserProviderContract } from './types.js';
+/**
+ * Implementation of access tokens guard for the Auth layer. The heavy lifting
+ * of verifying tokens is done by the user provider. However, the guard is
+ * used to seamlessly integrate with the auth layer of the package.
+ */
+export declare class AccessTokensGuard<UserProvider extends AccessTokensUserProviderContract<unknown>> implements GuardContract<UserProvider[typeof PROVIDER_REAL_USER] & {
+    currentAccessToken: AccessToken;
+}> {
+    #private;
+    /**
+     * Events emitted by the guard
+     */
+    [GUARD_KNOWN_EVENTS]: AccessTokensGuardEvents<UserProvider[typeof PROVIDER_REAL_USER] & {
+        currentAccessToken: AccessToken;
+    }>;
+    /**
+     * Driver name of the guard
+     */
+    driverName: 'access_tokens';
+    /**
+     * Whether or not the authentication has been attempted
+     * during the current request.
+     */
+    authenticationAttempted: boolean;
+    /**
+     * A boolean to know if the current request has
+     * been authenticated
+     */
+    isAuthenticated: boolean;
+    /**
+     * Reference to an instance of the authenticated user.
+     * The value only exists after calling one of the
+     * following methods.
+     *
+     * - authenticate
+     * - check
+     *
+     * You can use the "getUserOrFail" method to throw an exception if
+     * the request is not authenticated.
+     */
+    user?: UserProvider[typeof PROVIDER_REAL_USER] & {
+        currentAccessToken: AccessToken;
+    };
+    constructor(name: string, ctx: HttpContext, emitter: EmitterLike<AccessTokensGuardEvents<UserProvider[typeof PROVIDER_REAL_USER] & {
+        currentAccessToken: AccessToken;
+    }>>, userProvider: UserProvider);
+    /**
+     * Returns an instance of the authenticated user. Or throws
+     * an exception if the request is not authenticated.
+     */
+    getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER] & {
+        currentAccessToken: AccessToken;
+    };
+    /**
+     * Authenticate the current HTTP request by verifying the bearer
+     * token or fails with an exception
+     */
+    authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER] & {
+        currentAccessToken: AccessToken;
+    }>;
+    /**
+     * Returns the Authorization header clients can use to authenticate
+     * the request.
+     */
+    authenticateAsClient(user: UserProvider[typeof PROVIDER_REAL_USER], abilities?: string[], options?: {
+        expiresIn?: string | number;
+        name?: string;
+    }): Promise<AuthClientResponse>;
+    /**
+     * Silently check if the user is authenticated or not. The
+     * method is same the "authenticate" method but does not
+     * throw any exceptions.
+     */
+    check(): Promise<boolean>;
+}

package/build/modules/access_tokens_guard/main.d.ts

@@ -0,0 +1,5 @@
+export { AccessToken } from './access_token.js';
+export { AccessTokensGuard } from './guard.js';
+export { DbAccessTokensProvider } from './token_providers/db.js';
+export { tokensGuard, tokensUserProvider } from './define_config.js';
+export { AccessTokensLucidUserProvider } from './user_providers/lucid.js';