@adonisjs/auth 9.0.0-9 → 9.0.1

package/build/modules/session_guard/main.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../modules/session_guard/remember_me_token.ts","../../../modules/session_guard/guard.ts","../../../modules/session_guard/token_providers/db.ts","../../../modules/session_guard/user_providers/lucid.ts","../../../modules/session_guard/define_config.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { createHash } from 'node:crypto'\nimport string from '@adonisjs/core/helpers/string'\nimport { Secret, base64, safeEqual } from '@adonisjs/core/helpers'\n\n/**\n * Remember me token represents an opaque token that can be\n * used to automatically login a user without asking them\n * to re-login\n */\nexport class RememberMeToken {\n  /**\n   * Decodes a publicly shared token and return the series\n   * and the token value from it.\n   *\n   * Returns null when unable to decode the token because of\n   * invalid format or encoding.\n   */\n  static decode(value: string): null | { identifier: string; secret: Secret<string> } {\n    /**\n     * Ensure value is a string and starts with the prefix.\n     */\n    if (typeof value !== 'string') {\n      return null\n    }\n\n    /**\n     * Remove prefix from the rest of the token.\n     */\n    if (!value) {\n      return null\n    }\n\n    const [identifier, ...tokenValue] = value.split('.')\n    if (!identifier || tokenValue.length === 0) {\n      return null\n    }\n\n    const decodedIdentifier = base64.urlDecode(identifier)\n    const decodedSecret = base64.urlDecode(tokenValue.join('.'))\n    if (!decodedIdentifier || !decodedSecret) {\n      return null\n    }\n\n    return {\n      identifier: decodedIdentifier,\n      secret: new Secret(decodedSecret),\n    }\n  }\n\n  /**\n   * Creates a transient token that can be shared with the persistence\n   * layer.\n   */\n  static createTransientToken(\n    userId: string | number | BigInt,\n    size: number,\n    expiresIn: string | number\n  ) {\n    const expiresAt = new Date()\n    expiresAt.setSeconds(expiresAt.getSeconds() + string.seconds.parse(expiresIn))\n\n    return {\n      userId,\n      expiresAt,\n      ...this.seed(size),\n    }\n  }\n\n  /**\n   * Creates a secret opaque token and its hash.\n   */\n  static seed(size: number) {\n    const seed = string.random(size)\n    const secret = new Secret(seed)\n    const hash = createHash('sha256').update(secret.release()).digest('hex')\n    return { secret, hash }\n  }\n\n  /**\n   * Identifer is a unique sequence to identify the\n   * token within database. It should be the\n   * primary/unique key\n   */\n  identifier: string | number | BigInt\n\n  /**\n   * Reference to the user id for whom the token\n   * is generated.\n   */\n  tokenableId: string | number | BigInt\n\n  /**\n   * The value is a public representation of a token. It is created\n   * by combining the \"identifier\".\"secret\"\n   */\n  value?: Secret<string>\n\n  /**\n   * Hash is computed from the seed to later verify the validity\n   * of seed\n   */\n  hash: string\n\n  /**\n   * Date/time when the token instance was created\n   */\n  createdAt: Date\n\n  /**\n   * Date/time when the token was updated\n   */\n  updatedAt: Date\n\n  /**\n   * Timestamp at which the token will expire\n   */\n  expiresAt: Date\n\n  constructor(attributes: {\n    identifier: string | number | BigInt\n    tokenableId: string | number | BigInt\n    hash: string\n    createdAt: Date\n    updatedAt: Date\n    expiresAt: Date\n    secret?: Secret<string>\n  }) {\n    this.identifier = attributes.identifier\n    this.tokenableId = attributes.tokenableId\n    this.hash = attributes.hash\n    this.createdAt = attributes.createdAt\n    this.updatedAt = attributes.updatedAt\n    this.expiresAt = attributes.expiresAt\n\n    /**\n     * Compute value when secret is provided\n     */\n    if (attributes.secret) {\n      this.value = new Secret(\n        `${base64.urlEncode(String(this.identifier))}.${base64.urlEncode(\n          attributes.secret.release()\n        )}`\n      )\n    }\n  }\n\n  /**\n   * Check if the token has been expired. Verifies\n   * the \"expiresAt\" timestamp with the current\n   * date.\n   */\n  isExpired() {\n    return this.expiresAt < new Date()\n  }\n\n  /**\n   * Verifies the value of a token against the pre-defined hash\n   */\n  verify(secret: Secret<string>): boolean {\n    const newHash = createHash('sha256').update(secret.release()).digest('hex')\n    return safeEqual(this.hash, newHash)\n  }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { HttpContext } from '@adonisjs/core/http'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { EmitterLike } from '@adonisjs/core/types/events'\n\nimport { RememberMeToken } from './remember_me_token.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\nimport type { AuthClientResponse, GuardContract } from '../../src/types.js'\nimport { GUARD_KNOWN_EVENTS, PROVIDER_REAL_USER } from '../../src/symbols.js'\nimport type {\n  SessionGuardEvents,\n  SessionGuardOptions,\n  SessionUserProviderContract,\n  SessionWithTokensUserProviderContract,\n} from './types.js'\n\n/**\n * Session guard uses AdonisJS session store to track logged-in\n * user information.\n */\nexport class SessionGuard<\n  UseRememberTokens extends boolean,\n  UserProvider extends UseRememberTokens extends true\n    ? SessionWithTokensUserProviderContract<unknown>\n    : SessionUserProviderContract<unknown>,\n> implements GuardContract<UserProvider[typeof PROVIDER_REAL_USER]>\n{\n  /**\n   * Events emitted by the guard\n   */\n  declare [GUARD_KNOWN_EVENTS]: SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>\n\n  /**\n   * A unique name for the guard.\n   */\n  #name: string\n\n  /**\n   * Reference to the current HTTP context\n   */\n  #ctx: HttpContext\n\n  /**\n   * Options accepted by the session guard\n   */\n  #options: Required<SessionGuardOptions<UseRememberTokens>>\n\n  /**\n   * Provider to lookup user details\n   */\n  #userProvider: UserProvider\n\n  /**\n   * Emitter to emit events\n   */\n  #emitter: EmitterLike<SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>\n\n  /**\n   * Driver name of the guard\n   */\n  driverName: 'session' = 'session'\n\n  /**\n   * Whether or not the authentication has been attempted\n   * during the current request.\n   */\n  authenticationAttempted = false\n\n  /**\n   * A boolean to know if a remember me token was used in attempt\n   * to login a user.\n   */\n  attemptedViaRemember = false\n\n  /**\n   * A boolean to know if the current request has\n   * been authenticated\n   */\n  isAuthenticated = false\n\n  /**\n   * A boolean to know if the current request is authenticated\n   * using the \"rememember_me\" token.\n   */\n  viaRemember = false\n\n  /**\n   * Find if the user has been logged out during\n   * the current request\n   */\n  isLoggedOut = false\n\n  /**\n   * Reference to an instance of the authenticated user.\n   * The value only exists after calling one of the\n   * following methods.\n   *\n   * - authenticate\n   * - check\n   *\n   * You can use the \"getUserOrFail\" method to throw an exception if\n   * the request is not authenticated.\n   */\n  user?: UserProvider[typeof PROVIDER_REAL_USER]\n\n  /**\n   * The key used to store the logged-in user id inside\n   * session\n   */\n  get sessionKeyName() {\n    return `auth_${this.#name}`\n  }\n\n  /**\n   * The key used to store the remember me token cookie\n   */\n  get rememberMeKeyName() {\n    return `remember_${this.#name}`\n  }\n\n  constructor(\n    name: string,\n    ctx: HttpContext,\n    options: SessionGuardOptions<UseRememberTokens>,\n    emitter: EmitterLike<SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>,\n    userProvider: UserProvider\n  ) {\n    this.#name = name\n    this.#ctx = ctx\n    this.#options = { rememberMeTokensAge: '2 years', ...options }\n    this.#emitter = emitter\n    this.#userProvider = userProvider\n  }\n\n  /**\n   * Returns the session instance for the given request,\n   * ensuring the property exists\n   */\n  #getSession() {\n    if (!('session' in this.#ctx)) {\n      throw new RuntimeException(\n        'Cannot authenticate user. Install and configure \"@adonisjs/session\" package'\n      )\n    }\n\n    return this.#ctx.session\n  }\n\n  /**\n   * Emits authentication failure, updates the local state,\n   * and returns an exception to end the authentication\n   * cycle.\n   */\n  #authenticationFailed(sessionId: string) {\n    this.isAuthenticated = false\n    this.viaRemember = false\n    this.user = undefined\n    this.isLoggedOut = false\n\n    const error = new E_UNAUTHORIZED_ACCESS('Invalid or expired user session', {\n      guardDriverName: this.driverName,\n    })\n\n    this.#emitter.emit('session_auth:authentication_failed', {\n      ctx: this.#ctx,\n      guardName: this.#name,\n      error,\n      sessionId,\n    })\n\n    return error\n  }\n\n  /**\n   * Emits the authentication succeeded event and updates\n   * the local state to reflect successful authentication\n   */\n  #authenticationSucceeded(\n    sessionId: string,\n    user: UserProvider[typeof PROVIDER_REAL_USER],\n    rememberMeToken?: RememberMeToken\n  ) {\n    this.isAuthenticated = true\n    this.viaRemember = !!rememberMeToken\n    this.user = user\n    this.isLoggedOut = false\n\n    this.#emitter.emit('session_auth:authentication_succeeded', {\n      ctx: this.#ctx,\n      guardName: this.#name,\n      sessionId,\n      user,\n      rememberMeToken,\n    })\n  }\n\n  /**\n   * Emits the login succeeded event and updates the login\n   * state\n   */\n  #loginSucceeded(\n    sessionId: string,\n    user: UserProvider[typeof PROVIDER_REAL_USER],\n    rememberMeToken?: RememberMeToken\n  ) {\n    this.user = user\n    this.isLoggedOut = false\n\n    this.#emitter.emit('session_auth:login_succeeded', {\n      ctx: this.#ctx,\n      guardName: this.#name,\n      sessionId,\n      user,\n      rememberMeToken,\n    })\n  }\n\n  /**\n   * Creates session for a given user by their user id.\n   */\n  #createSessionForUser(userId: string | number | BigInt) {\n    const session = this.#getSession()\n    session.put(this.sessionKeyName, userId)\n    session.regenerate()\n  }\n\n  /**\n   * Creates the remember me cookie\n   */\n  #createRememberMeCookie(value: Secret<string>) {\n    this.#ctx.response.encryptedCookie(this.rememberMeKeyName, value.release(), {\n      maxAge: this.#options.rememberMeTokensAge,\n      httpOnly: true,\n    })\n  }\n\n  /**\n   * Authenticates the user using its id read from the session\n   * store.\n   *\n   * - We check the user exists in the db\n   * - If not, throw exception.\n   * - Otherwise, update local state to mark the user as logged-in\n   */\n  async #authenticateViaId(userId: string | number | BigInt, sessionId: string) {\n    const providerUser = await this.#userProvider.findById(userId)\n    if (!providerUser) {\n      throw this.#authenticationFailed(sessionId)\n    }\n\n    this.#authenticationSucceeded(sessionId, providerUser.getOriginal())\n    return this.user!\n  }\n\n  /**\n   * Authenticates user from the remember me cookie. Creates a fresh\n   * session for them and recycles the remember me token as well.\n   */\n  async #authenticateViaRememberCookie(rememberMeCookie: string, sessionId: string) {\n    /**\n     * This method is only invoked when \"options.useRememberTokens\" is set to\n     * true and hence the user provider will have methods to manage tokens\n     */\n    const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n      UserProvider[typeof PROVIDER_REAL_USER]\n    >\n\n    /**\n     * Verify the token using the user provider.\n     */\n    const token = await userProvider.verifyRememberToken(new Secret(rememberMeCookie))\n    if (!token) {\n      throw this.#authenticationFailed(sessionId)\n    }\n\n    /**\n     * Check if a user for the token exists. Otherwise abort\n     * authentication\n     */\n    const providerUser = await userProvider.findById(token.tokenableId)\n    if (!providerUser) {\n      throw this.#authenticationFailed(sessionId)\n    }\n\n    /**\n     * Recycle remember token and the remember me cookie\n     */\n    const recycledToken = await userProvider.recycleRememberToken(\n      providerUser.getOriginal(),\n      token.identifier,\n      this.#options.rememberMeTokensAge\n    )\n\n    /**\n     * Persist remember token inside the cookie\n     */\n    this.#createRememberMeCookie(recycledToken.value!)\n\n    /**\n     * Create session\n     */\n    this.#createSessionForUser(providerUser.getId())\n\n    /**\n     * Emit event and update local state\n     */\n    this.#authenticationSucceeded(sessionId, providerUser.getOriginal(), token)\n\n    return this.user!\n  }\n\n  /**\n   * Returns an instance of the authenticated user. Or throws\n   * an exception if the request is not authenticated.\n   */\n  getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER] {\n    if (!this.user) {\n      throw new E_UNAUTHORIZED_ACCESS('Invalid or expired user session', {\n        guardDriverName: this.driverName,\n      })\n    }\n\n    return this.user\n  }\n\n  /**\n   * Login user using sessions. Optionally, you can also create\n   * a remember me token to automatically login user when their\n   * session expires.\n   */\n  async login(user: UserProvider[typeof PROVIDER_REAL_USER], remember: boolean = false) {\n    const session = this.#getSession()\n    const providerUser = await this.#userProvider.createUserForGuard(user)\n\n    this.#emitter.emit('session_auth:login_attempted', {\n      ctx: this.#ctx,\n      user,\n      guardName: this.#name,\n    })\n\n    /**\n     * Create remember me token and persist it with the provider\n     * when remember me token is true.\n     */\n    let token: RememberMeToken | undefined\n    if (remember) {\n      if (!this.#options.useRememberMeTokens) {\n        throw new RuntimeException('Cannot use \"rememberMe\" feature. It has been disabled')\n      }\n\n      /**\n       * Here we assume the userProvider has implemented APIs to manage remember\n       * me tokens, since the \"useRememberMeTokens\" flag is enabled.\n       */\n      const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n        UserProvider[typeof PROVIDER_REAL_USER]\n      >\n\n      token = await userProvider.createRememberToken(\n        providerUser.getOriginal(),\n        this.#options.rememberMeTokensAge\n      )\n    }\n\n    /**\n     * Persist remember token inside the cookie (if exists)\n     * Otherwise remove the cookie\n     */\n    if (token) {\n      this.#createRememberMeCookie(token.value!)\n    } else {\n      this.#ctx.response.clearCookie(this.rememberMeKeyName)\n    }\n\n    /**\n     * Create session\n     */\n    this.#createSessionForUser(providerUser.getId())\n\n    /**\n     * Mark user as logged-in\n     */\n    this.#loginSucceeded(session.sessionId, providerUser.getOriginal(), token)\n  }\n\n  /**\n   * Logout a user by removing its state from the session\n   * store and delete the remember me cookie (if any).\n   */\n  async logout() {\n    const session = this.#getSession()\n    const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName)\n\n    /**\n     * Clear client side state\n     */\n    session.forget(this.sessionKeyName)\n    this.#ctx.response.clearCookie(this.rememberMeKeyName)\n\n    /**\n     * Delete remember me token when\n     *\n     * - Tokens are enabled\n     * - A cookie exists\n     * - And we know about the user already\n     */\n    if (this.user && rememberMeCookie && this.#options.useRememberMeTokens) {\n      /**\n       * Here we assume the userProvider has implemented APIs to manage remember\n       * me tokens, since the \"useRememberMeTokens\" flag is enabled.\n       */\n      const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n        UserProvider[typeof PROVIDER_REAL_USER]\n      >\n\n      const token = await userProvider.verifyRememberToken(new Secret(rememberMeCookie))\n      if (token) {\n        await userProvider.deleteRemeberToken(this.user, token.identifier)\n      }\n    }\n\n    /**\n     * Update local state\n     */\n    this.user = undefined\n    this.viaRemember = false\n    this.isAuthenticated = false\n    this.isLoggedOut = true\n\n    /**\n     * Notify the user has been logged out\n     */\n    this.#emitter.emit('session_auth:logged_out', {\n      ctx: this.#ctx,\n      guardName: this.#name,\n      user: this.user || null,\n      sessionId: session.sessionId,\n    })\n  }\n\n  /**\n   * Authenticate the current HTTP request by verifying the bearer\n   * token or fails with an exception\n   */\n  async authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER]> {\n    /**\n     * Return early when authentication has already been\n     * attempted\n     */\n    if (this.authenticationAttempted) {\n      return this.getUserOrFail()\n    }\n\n    /**\n     * Notify we begin to attempt the authentication\n     */\n    this.authenticationAttempted = true\n    const session = this.#getSession()\n\n    this.#emitter.emit('session_auth:authentication_attempted', {\n      ctx: this.#ctx,\n      sessionId: session.sessionId,\n      guardName: this.#name,\n    })\n\n    /**\n     * Check if there is a user id inside the session store.\n     * If yes, fetch the user from the persistent storage\n     * and mark them as logged-in\n     */\n    const authUserId = session.get(this.sessionKeyName)\n    if (authUserId) {\n      return this.#authenticateViaId(authUserId, session.sessionId)\n    }\n\n    /**\n     * If user provider supports remember me tokens and the remember me\n     * cookie exists, then attempt to login + authenticate via\n     * the remember me token.\n     */\n    const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName)\n    if (rememberMeCookie && this.#options.useRememberMeTokens) {\n      this.attemptedViaRemember = true\n      return this.#authenticateViaRememberCookie(rememberMeCookie, session.sessionId)\n    }\n\n    /**\n     * Otherwise throw an exception\n     */\n    throw this.#authenticationFailed(session.sessionId)\n  }\n\n  /**\n   * Silently check if the user is authenticated or not, without\n   * throwing any exceptions\n   */\n  async check(): Promise<boolean> {\n    try {\n      await this.authenticate()\n      return true\n    } catch (error) {\n      if (error instanceof E_UNAUTHORIZED_ACCESS) {\n        return false\n      }\n\n      throw error\n    }\n  }\n\n  /**\n   * Returns the session info for the clients to send during\n   * an HTTP request to mark the user as logged-in.\n   */\n  async authenticateAsClient(\n    user: UserProvider[typeof PROVIDER_REAL_USER]\n  ): Promise<AuthClientResponse> {\n    const providerUser = await this.#userProvider.createUserForGuard(user)\n    const userId = providerUser.getId()\n\n    return {\n      session: {\n        [this.sessionKeyName]: userId,\n      },\n    }\n  }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { LucidModel } from '@adonisjs/lucid/types/model'\n\nimport { RememberMeToken } from '../remember_me_token.js'\nimport type {\n  RememberMeTokenDbColumns,\n  RememberMeTokensProviderContract,\n  DbRememberMeTokensProviderOptions,\n} from '../types.js'\n\n/**\n * DbRememberMeTokensProvider uses lucid database service to fetch and\n * persist tokens for a given user.\n *\n * The user must be an instance of the associated user model.\n */\nexport class DbRememberMeTokensProvider<TokenableModel extends LucidModel>\n  implements RememberMeTokensProviderContract<TokenableModel>\n{\n  /**\n   * Create tokens provider instance for a given Lucid model\n   */\n  static forModel<TokenableModel extends LucidModel>(\n    model: DbRememberMeTokensProviderOptions<TokenableModel>['tokenableModel'],\n    options?: Omit<DbRememberMeTokensProviderOptions<TokenableModel>, 'tokenableModel'>\n  ) {\n    return new DbRememberMeTokensProvider<TokenableModel>({\n      tokenableModel: model,\n      ...(options || {}),\n    })\n  }\n\n  /**\n   * Database table to use for querying remember me tokens\n   */\n  protected table: string\n\n  /**\n   * The length for the token secret. A secret is a cryptographically\n   * secure random string.\n   */\n  protected tokenSecretLength: number\n\n  constructor(protected options: DbRememberMeTokensProviderOptions<TokenableModel>) {\n    this.table = options.table || 'remember_me_tokens'\n    this.tokenSecretLength = options.tokenSecretLength || 40\n  }\n\n  /**\n   * Ensure the provided user is an instance of the user model and\n   * has a primary key\n   */\n  #ensureIsPersisted(user: InstanceType<TokenableModel>) {\n    const model = this.options.tokenableModel\n    if (user instanceof model === false) {\n      throw new RuntimeException(\n        `Invalid user object. It must be an instance of the \"${model.name}\" model`\n      )\n    }\n\n    if (!user.$primaryKeyValue) {\n      throw new RuntimeException(\n        `Cannot use \"${model.name}\" model for managing remember me tokens. The value of column \"${model.primaryKey}\" is undefined or null`\n      )\n    }\n  }\n\n  /**\n   * Maps a database row to an instance token instance\n   */\n  protected dbRowToRememberMeToken(dbRow: RememberMeTokenDbColumns): RememberMeToken {\n    return new RememberMeToken({\n      identifier: dbRow.id,\n      tokenableId: dbRow.tokenable_id,\n      hash: dbRow.hash,\n      createdAt:\n        typeof dbRow.created_at === 'number' ? new Date(dbRow.created_at) : dbRow.created_at,\n      updatedAt:\n        typeof dbRow.updated_at === 'number' ? new Date(dbRow.updated_at) : dbRow.updated_at,\n      expiresAt:\n        typeof dbRow.expires_at === 'number' ? new Date(dbRow.expires_at) : dbRow.expires_at,\n    })\n  }\n\n  /**\n   * Returns a query client instance from the parent model\n   */\n  protected async getDb() {\n    const model = this.options.tokenableModel\n    return model.$adapter.query(model).client\n  }\n\n  /**\n   * Create a token for a user\n   */\n  async create(user: InstanceType<TokenableModel>, expiresIn: string | number) {\n    this.#ensureIsPersisted(user)\n\n    const queryClient = await this.getDb()\n\n    /**\n     * Creating a transient token. Transient token abstracts\n     * the logic of creating a random secure secret and its\n     * hash\n     */\n    const transientToken = RememberMeToken.createTransientToken(\n      user.$primaryKeyValue!,\n      this.tokenSecretLength,\n      expiresIn\n    )\n\n    /**\n     * Row to insert inside the database. We expect exactly these\n     * columns to exist.\n     */\n    const dbRow: Omit<RememberMeTokenDbColumns, 'id'> = {\n      tokenable_id: transientToken.userId,\n      hash: transientToken.hash,\n      created_at: new Date(),\n      updated_at: new Date(),\n      expires_at: transientToken.expiresAt,\n    }\n\n    /**\n     * Insert data to the database.\n     */\n    const [id] = await queryClient.table(this.table).insert(dbRow)\n\n    /**\n     * Convert db row to a remember token\n     */\n    return new RememberMeToken({\n      identifier: id,\n      tokenableId: dbRow.tokenable_id,\n      secret: transientToken.secret,\n      hash: dbRow.hash,\n      createdAt: dbRow.created_at,\n      updatedAt: dbRow.updated_at,\n      expiresAt: dbRow.expires_at,\n    })\n  }\n\n  /**\n   * Find a token for a user by the token id\n   */\n  async find(user: InstanceType<TokenableModel>, identifier: string | number | BigInt) {\n    this.#ensureIsPersisted(user)\n\n    const queryClient = await this.getDb()\n    const dbRow = await queryClient\n      .query<RememberMeTokenDbColumns>()\n      .from(this.table)\n      .where({ id: identifier, tokenable_id: user.$primaryKeyValue })\n      .limit(1)\n      .first()\n\n    if (!dbRow) {\n      return null\n    }\n\n    return this.dbRowToRememberMeToken(dbRow)\n  }\n\n  /**\n   * Delete a token by its id\n   */\n  async delete(\n    user: InstanceType<TokenableModel>,\n    identifier: string | number | BigInt\n  ): Promise<number> {\n    this.#ensureIsPersisted(user)\n\n    const queryClient = await this.getDb()\n    const affectedRows = await queryClient\n      .query<number>()\n      .from(this.table)\n      .where({ id: identifier, tokenable_id: user.$primaryKeyValue })\n      .del()\n      .exec()\n\n    return affectedRows as unknown as number\n  }\n\n  /**\n   * Returns all the tokens a given user\n   */\n  async all(user: InstanceType<TokenableModel>) {\n    this.#ensureIsPersisted(user)\n\n    const queryClient = await this.getDb()\n    const dbRows = await queryClient\n      .query<RememberMeTokenDbColumns>()\n      .from(this.table)\n      .where({ tokenable_id: user.$primaryKeyValue })\n      .orderBy('id', 'desc')\n      .exec()\n\n    return dbRows.map((dbRow) => {\n      return this.dbRowToRememberMeToken(dbRow)\n    })\n  }\n\n  /**\n   * Verifies a publicly shared remember me token and returns an\n   * RememberMeToken for it.\n   *\n   * Returns null when unable to verify the token or find it\n   * inside the storage\n   */\n  async verify(tokenValue: Secret<string>) {\n    const decodedToken = RememberMeToken.decode(tokenValue.release())\n    if (!decodedToken) {\n      return null\n    }\n\n    const db = await this.getDb()\n    const dbRow = await db\n      .query<RememberMeTokenDbColumns>()\n      .from(this.table)\n      .where({ id: decodedToken.identifier })\n      .limit(1)\n      .first()\n\n    if (!dbRow) {\n      return null\n    }\n\n    /**\n     * Convert to remember me token instance\n     */\n    const rememberMeToken = this.dbRowToRememberMeToken(dbRow)\n\n    /**\n     * Ensure the token secret matches the token hash\n     */\n    if (!rememberMeToken.verify(decodedToken.secret) || rememberMeToken.isExpired()) {\n      return null\n    }\n\n    return rememberMeToken\n  }\n\n  /**\n   * Recycles a remember me token by deleting the old one and\n   * creates a new one.\n   *\n   * Ideally, the recycle should update the existing token, but we\n   * skip that for now and come back to it later and handle race\n   * conditions as well.\n   */\n  async recycle(\n    user: InstanceType<TokenableModel>,\n    identifier: string | number | BigInt,\n    expiresIn: string | number\n  ): Promise<RememberMeToken> {\n    await this.delete(user, identifier)\n    return this.create(user, expiresIn)\n  }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\n\nimport { RememberMeToken } from '../remember_me_token.js'\nimport { PROVIDER_REAL_USER } from '../../../src/symbols.js'\nimport type {\n  SessionGuardUser,\n  LucidAuthenticatable,\n  SessionLucidUserProviderOptions,\n  SessionUserProviderContract,\n} from '../types.js'\n\n/**\n * Uses a lucid model to verify access tokens and find a user during\n * authentication\n */\nexport class SessionLucidUserProvider<UserModel extends LucidAuthenticatable>\n  implements SessionUserProviderContract<InstanceType<UserModel>>\n{\n  declare [PROVIDER_REAL_USER]: InstanceType<UserModel>\n\n  /**\n   * Reference to the lazily imported model\n   */\n  protected model?: UserModel\n\n  constructor(\n    /**\n     * Lucid provider options\n     */\n    protected options: SessionLucidUserProviderOptions<UserModel>\n  ) {}\n\n  /**\n   * Imports the model from the provider, returns and caches it\n   * for further operations.\n   */\n  protected async getModel() {\n    if (this.model) {\n      return this.model\n    }\n\n    const importedModel = await this.options.model()\n    this.model = importedModel.default\n    return this.model\n  }\n\n  /**\n   * Returns the tokens provider associated with the user model\n   */\n  protected async getTokensProvider() {\n    const model = await this.getModel()\n\n    if (!model.rememberMeTokens) {\n      throw new RuntimeException(\n        `Cannot use \"${model.name}\" model for verifying remember me tokens. Make sure to assign a token provider to the model.`\n      )\n    }\n\n    return model.rememberMeTokens\n  }\n\n  /**\n   * Creates an adapter user for the guard\n   */\n  async createUserForGuard(\n    user: InstanceType<UserModel>\n  ): Promise<SessionGuardUser<InstanceType<UserModel>>> {\n    const model = await this.getModel()\n    if (user instanceof model === false) {\n      throw new RuntimeException(\n        `Invalid user object. It must be an instance of the \"${model.name}\" model`\n      )\n    }\n\n    return {\n      getId() {\n        /**\n         * Ensure user has a primary key\n         */\n        if (!user.$primaryKeyValue) {\n          throw new RuntimeException(\n            `Cannot use \"${model.name}\" model for authentication. The value of column \"${model.primaryKey}\" is undefined or null`\n          )\n        }\n\n        return user.$primaryKeyValue\n      },\n      getOriginal() {\n        return user\n      },\n    }\n  }\n\n  /**\n   * Finds a user by their primary key value\n   */\n  async findById(\n    identifier: string | number | BigInt\n  ): Promise<SessionGuardUser<InstanceType<UserModel>> | null> {\n    const model = await this.getModel()\n    const user = await model.find(identifier)\n\n    if (!user) {\n      return null\n    }\n\n    return this.createUserForGuard(user)\n  }\n\n  /**\n   * Creates a remember token for a given user\n   */\n  async createRememberToken(\n    user: InstanceType<UserModel>,\n    expiresIn: string | number\n  ): Promise<RememberMeToken> {\n    const tokensProvider = await this.getTokensProvider()\n    return tokensProvider.create(user, expiresIn)\n  }\n\n  /**\n   * Verify a token by its publicly shared value\n   */\n  async verifyRememberToken(tokenValue: Secret<string>): Promise<RememberMeToken | null> {\n    const tokensProvider = await this.getTokensProvider()\n    return tokensProvider.verify(tokenValue)\n  }\n\n  /**\n   * Delete a token for a user by the token identifier\n   */\n  async deleteRemeberToken(\n    user: InstanceType<UserModel>,\n    identifier: string | number | BigInt\n  ): Promise<number> {\n    const tokensProvider = await this.getTokensProvider()\n    return tokensProvider.delete(user, identifier)\n  }\n\n  /**\n   * Recycle a token for a user by the token identifier\n   */\n  async recycleRememberToken(\n    user: InstanceType<UserModel>,\n    identifier: string | number | BigInt,\n    expiresIn: string | number\n  ) {\n    const tokensProvider = await this.getTokensProvider()\n    return tokensProvider.recycle(user, identifier, expiresIn)\n  }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { ConfigProvider } from '@adonisjs/core/types'\n\nimport { SessionGuard } from './guard.js'\nimport type { GuardConfigProvider } from '../../src/types.js'\nimport { SessionLucidUserProvider } from './user_providers/lucid.js'\nimport type {\n  SessionGuardOptions,\n  LucidAuthenticatable,\n  SessionUserProviderContract,\n  SessionLucidUserProviderOptions,\n  SessionWithTokensUserProviderContract,\n} from './types.js'\n\n/**\n * Configures session tokens guard for authentication\n */\nexport function sessionGuard<\n  UseRememberTokens extends boolean,\n  UserProvider extends UseRememberTokens extends true\n    ? SessionWithTokensUserProviderContract<unknown>\n    : SessionUserProviderContract<unknown>,\n>(\n  config: {\n    provider: UserProvider | ConfigProvider<UserProvider>\n  } & SessionGuardOptions<UseRememberTokens>\n): GuardConfigProvider<(ctx: HttpContext) => SessionGuard<UseRememberTokens, UserProvider>> {\n  return {\n    async resolver(name, app) {\n      const emitter = await app.container.make('emitter')\n      const provider =\n        'resolver' in config.provider ? await config.provider.resolver(app) : config.provider\n      return (ctx) => new SessionGuard(name, ctx, config, emitter as any, provider)\n    },\n  }\n}\n\n/**\n * Configures user provider that uses Lucid models to authenticate\n * users using sessions\n */\nexport function sessionUserProvider<Model extends LucidAuthenticatable>(\n  config: SessionLucidUserProviderOptions<Model>\n): SessionLucidUserProvider<Model> {\n  return new SessionLucidUserProvider(config)\n}\n"],"mappings":";;;;;;AASA,SAAS,kBAAkB;AAC3B,OAAO,YAAY;AACnB,SAAS,QAAQ,QAAQ,iBAAiB;AAOnC,IAAM,kBAAN,MAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ3B,OAAO,OAAO,OAAsE;AAIlF,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;AAAA,IACT;AAKA,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,YAAY,GAAG,UAAU,IAAI,MAAM,MAAM,GAAG;AACnD,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,IACT;AAEA,UAAM,oBAAoB,OAAO,UAAU,UAAU;AACrD,UAAM,gBAAgB,OAAO,UAAU,WAAW,KAAK,GAAG,CAAC;AAC3D,QAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,QAAQ,IAAI,OAAO,aAAa;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,qBACL,QACA,MACA,WACA;AACA,UAAM,YAAY,oBAAI,KAAK;AAC3B,cAAU,WAAW,UAAU,WAAW,IAAI,OAAO,QAAQ,MAAM,SAAS,CAAC;AAE7E,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,GAAG,KAAK,KAAK,IAAI;AAAA,IACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAK,MAAc;AACxB,UAAM,OAAO,OAAO,OAAO,IAAI;AAC/B,UAAM,SAAS,IAAI,OAAO,IAAI;AAC9B,UAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AACvE,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEA,YAAY,YAQT;AACD,SAAK,aAAa,WAAW;AAC7B,SAAK,cAAc,WAAW;AAC9B,SAAK,OAAO,WAAW;AACvB,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAK5B,QAAI,WAAW,QAAQ;AACrB,WAAK,QAAQ,IAAI;AAAA,QACf,GAAG,OAAO,UAAU,OAAO,KAAK,UAAU,CAAC,CAAC,IAAI,OAAO;AAAA,UACrD,WAAW,OAAO,QAAQ;AAAA,QAC5B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAY;AACV,WAAO,KAAK,YAAY,oBAAI,KAAK;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,QAAiC;AACtC,UAAM,UAAU,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AAC1E,WAAO,UAAU,KAAK,MAAM,OAAO;AAAA,EACrC;AACF;;;AClKA,SAAS,UAAAA,eAAc;AAEvB,SAAS,wBAAwB;AAkB1B,IAAM,eAAN,MAMP;AAAA;AAAA;AAAA;AAAA,EASE;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxB,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM1B,uBAAuB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvB,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMlB,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAad;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,iBAAiB;AACnB,WAAO,QAAQ,KAAK,KAAK;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,oBAAoB;AACtB,WAAO,YAAY,KAAK,KAAK;AAAA,EAC/B;AAAA,EAEA,YACE,MACA,KACA,SACA,SACA,cACA;AACA,SAAK,QAAQ;AACb,SAAK,OAAO;AACZ,SAAK,WAAW,EAAE,qBAAqB,WAAW,GAAG,QAAQ;AAC7D,SAAK,WAAW;AAChB,SAAK,gBAAgB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc;AACZ,QAAI,EAAE,aAAa,KAAK,OAAO;AAC7B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,WAAO,KAAK,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAsB,WAAmB;AACvC,SAAK,kBAAkB;AACvB,SAAK,cAAc;AACnB,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,UAAM,QAAQ,IAAI,sBAAsB,mCAAmC;AAAA,MACzE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAED,SAAK,SAAS,KAAK,sCAAsC;AAAA,MACvD,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,yBACE,WACA,MACA,iBACA;AACA,SAAK,kBAAkB;AACvB,SAAK,cAAc,CAAC,CAAC;AACrB,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,SAAK,SAAS,KAAK,yCAAyC;AAAA,MAC1D,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,WACA,MACA,iBACA;AACA,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,SAAK,SAAS,KAAK,gCAAgC;AAAA,MACjD,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,QAAkC;AACtD,UAAM,UAAU,KAAK,YAAY;AACjC,YAAQ,IAAI,KAAK,gBAAgB,MAAM;AACvC,YAAQ,WAAW;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,OAAuB;AAC7C,SAAK,KAAK,SAAS,gBAAgB,KAAK,mBAAmB,MAAM,QAAQ,GAAG;AAAA,MAC1E,QAAQ,KAAK,SAAS;AAAA,MACtB,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,mBAAmB,QAAkC,WAAmB;AAC5E,UAAM,eAAe,MAAM,KAAK,cAAc,SAAS,MAAM;AAC7D,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAEA,SAAK,yBAAyB,WAAW,aAAa,YAAY,CAAC;AACnE,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,+BAA+B,kBAA0B,WAAmB;AAKhF,UAAM,eAAe,KAAK;AAO1B,UAAM,QAAQ,MAAM,aAAa,oBAAoB,IAAIC,QAAO,gBAAgB,CAAC;AACjF,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAMA,UAAM,eAAe,MAAM,aAAa,SAAS,MAAM,WAAW;AAClE,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAKA,UAAM,gBAAgB,MAAM,aAAa;AAAA,MACvC,aAAa,YAAY;AAAA,MACzB,MAAM;AAAA,MACN,KAAK,SAAS;AAAA,IAChB;AAKA,SAAK,wBAAwB,cAAc,KAAM;AAKjD,SAAK,sBAAsB,aAAa,MAAM,CAAC;AAK/C,SAAK,yBAAyB,WAAW,aAAa,YAAY,GAAG,KAAK;AAE1E,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAyD;AACvD,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,sBAAsB,mCAAmC;AAAA,QACjE,iBAAiB,KAAK;AAAA,MACxB,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,MAA+C,WAAoB,OAAO;AACpF,UAAM,UAAU,KAAK,YAAY;AACjC,UAAM,eAAe,MAAM,KAAK,cAAc,mBAAmB,IAAI;AAErE,SAAK,SAAS,KAAK,gCAAgC;AAAA,MACjD,KAAK,KAAK;AAAA,MACV;AAAA,MACA,WAAW,KAAK;AAAA,IAClB,CAAC;AAMD,QAAI;AACJ,QAAI,UAAU;AACZ,UAAI,CAAC,KAAK,SAAS,qBAAqB;AACtC,cAAM,IAAI,iBAAiB,uDAAuD;AAAA,MACpF;AAMA,YAAM,eAAe,KAAK;AAI1B,cAAQ,MAAM,aAAa;AAAA,QACzB,aAAa,YAAY;AAAA,QACzB,KAAK,SAAS;AAAA,MAChB;AAAA,IACF;AAMA,QAAI,OAAO;AACT,WAAK,wBAAwB,MAAM,KAAM;AAAA,IAC3C,OAAO;AACL,WAAK,KAAK,SAAS,YAAY,KAAK,iBAAiB;AAAA,IACvD;AAKA,SAAK,sBAAsB,aAAa,MAAM,CAAC;AAK/C,SAAK,gBAAgB,QAAQ,WAAW,aAAa,YAAY,GAAG,KAAK;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS;AACb,UAAM,UAAU,KAAK,YAAY;AACjC,UAAM,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,KAAK,iBAAiB;AAKjF,YAAQ,OAAO,KAAK,cAAc;AAClC,SAAK,KAAK,SAAS,YAAY,KAAK,iBAAiB;AASrD,QAAI,KAAK,QAAQ,oBAAoB,KAAK,SAAS,qBAAqB;AAKtE,YAAM,eAAe,KAAK;AAI1B,YAAM,QAAQ,MAAM,aAAa,oBAAoB,IAAIA,QAAO,gBAAgB,CAAC;AACjF,UAAI,OAAO;AACT,cAAM,aAAa,mBAAmB,KAAK,MAAM,MAAM,UAAU;AAAA,MACnE;AAAA,IACF;AAKA,SAAK,OAAO;AACZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,cAAc;AAKnB,SAAK,SAAS,KAAK,2BAA2B;AAAA,MAC5C,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB,MAAM,KAAK,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,IACrB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAiE;AAKrE,QAAI,KAAK,yBAAyB;AAChC,aAAO,KAAK,cAAc;AAAA,IAC5B;AAKA,SAAK,0BAA0B;AAC/B,UAAM,UAAU,KAAK,YAAY;AAEjC,SAAK,SAAS,KAAK,yCAAyC;AAAA,MAC1D,KAAK,KAAK;AAAA,MACV,WAAW,QAAQ;AAAA,MACnB,WAAW,KAAK;AAAA,IAClB,CAAC;AAOD,UAAM,aAAa,QAAQ,IAAI,KAAK,cAAc;AAClD,QAAI,YAAY;AACd,aAAO,KAAK,mBAAmB,YAAY,QAAQ,SAAS;AAAA,IAC9D;AAOA,UAAM,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,KAAK,iBAAiB;AACjF,QAAI,oBAAoB,KAAK,SAAS,qBAAqB;AACzD,WAAK,uBAAuB;AAC5B,aAAO,KAAK,+BAA+B,kBAAkB,QAAQ,SAAS;AAAA,IAChF;AAKA,UAAM,KAAK,sBAAsB,QAAQ,SAAS;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QAA0B;AAC9B,QAAI;AACF,YAAM,KAAK,aAAa;AACxB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,uBAAuB;AAC1C,eAAO;AAAA,MACT;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBACJ,MAC6B;AAC7B,UAAM,eAAe,MAAM,KAAK,cAAc,mBAAmB,IAAI;AACrE,UAAM,SAAS,aAAa,MAAM;AAElC,WAAO;AAAA,MACL,SAAS;AAAA,QACP,CAAC,KAAK,cAAc,GAAG;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AACF;;;AC5gBA,SAAS,oBAAAC,yBAAwB;AAgB1B,IAAM,6BAAN,MAAM,4BAEb;AAAA,EAyBE,YAAsB,SAA4D;AAA5D;AACpB,SAAK,QAAQ,QAAQ,SAAS;AAC9B,SAAK,oBAAoB,QAAQ,qBAAqB;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAxBA,OAAO,SACL,OACA,SACA;AACA,WAAO,IAAI,4BAA2C;AAAA,MACpD,gBAAgB;AAAA,MAChB,GAAI,WAAW,CAAC;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKU;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWV,mBAAmB,MAAoC;AACrD,UAAM,QAAQ,KAAK,QAAQ;AAC3B,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIC;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,kBAAkB;AAC1B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI,iEAAiE,MAAM,UAAU;AAAA,MAC5G;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKU,uBAAuB,OAAkD;AACjF,WAAO,IAAI,gBAAgB;AAAA,MACzB,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,IAC9E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,QAAQ;AACtB,UAAM,QAAQ,KAAK,QAAQ;AAC3B,WAAO,MAAM,SAAS,MAAM,KAAK,EAAE;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,MAAoC,WAA4B;AAC3E,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AAOrC,UAAM,iBAAiB,gBAAgB;AAAA,MACrC,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,IACF;AAMA,UAAM,QAA8C;AAAA,MAClD,cAAc,eAAe;AAAA,MAC7B,MAAM,eAAe;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,eAAe;AAAA,IAC7B;AAKA,UAAM,CAAC,EAAE,IAAI,MAAM,YAAY,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK;AAK7D,WAAO,IAAI,gBAAgB;AAAA,MACzB,YAAY;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,QAAQ,eAAe;AAAA,MACvB,MAAM,MAAM;AAAA,MACZ,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,MAAoC,YAAsC;AACnF,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,QAAQ,MAAM,YACjB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,iBAAiB,CAAC,EAC7D,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,uBAAuB,KAAK;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YACiB;AACjB,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,eAAe,MAAM,YACxB,MAAc,EACd,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,iBAAiB,CAAC,EAC7D,IAAI,EACJ,KAAK;AAER,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,MAAoC;AAC5C,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,SAAS,MAAM,YAClB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,cAAc,KAAK,iBAAiB,CAAC,EAC7C,QAAQ,MAAM,MAAM,EACpB,KAAK;AAER,WAAO,OAAO,IAAI,CAAC,UAAU;AAC3B,aAAO,KAAK,uBAAuB,KAAK;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,YAA4B;AACvC,UAAM,eAAe,gBAAgB,OAAO,WAAW,QAAQ,CAAC;AAChE,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,KAAK,MAAM,KAAK,MAAM;AAC5B,UAAM,QAAQ,MAAM,GACjB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,aAAa,WAAW,CAAC,EACrC,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAKA,UAAM,kBAAkB,KAAK,uBAAuB,KAAK;AAKzD,QAAI,CAAC,gBAAgB,OAAO,aAAa,MAAM,KAAK,gBAAgB,UAAU,GAAG;AAC/E,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QACJ,MACA,YACA,WAC0B;AAC1B,UAAM,KAAK,OAAO,MAAM,UAAU;AAClC,WAAO,KAAK,OAAO,MAAM,SAAS;AAAA,EACpC;AACF;;;AClQA,SAAS,oBAAAC,yBAAwB;AAe1B,IAAM,2BAAN,MAEP;AAAA,EAQE,YAIY,SACV;AADU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAPO;AAAA;AAAA;AAAA;AAAA;AAAA,EAaV,MAAgB,WAAW;AACzB,QAAI,KAAK,OAAO;AACd,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,gBAAgB,MAAM,KAAK,QAAQ,MAAM;AAC/C,SAAK,QAAQ,cAAc;AAC3B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,oBAAoB;AAClC,UAAM,QAAQ,MAAM,KAAK,SAAS;AAElC,QAAI,CAAC,MAAM,kBAAkB;AAC3B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI;AAAA,MAC3B;AAAA,IACF;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACoD;AACpD,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIA;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,WAAO;AAAA,MACL,QAAQ;AAIN,YAAI,CAAC,KAAK,kBAAkB;AAC1B,gBAAM,IAAIA;AAAA,YACR,eAAe,MAAM,IAAI,oDAAoD,MAAM,UAAU;AAAA,UAC/F;AAAA,QACF;AAEA,eAAO,KAAK;AAAA,MACd;AAAA,MACA,cAAc;AACZ,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SACJ,YAC2D;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,UAAM,OAAO,MAAM,MAAM,KAAK,UAAU;AAExC,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,MACA,WAC0B;AAC1B,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAM,SAAS;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAoB,YAA6D;AACrF,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,UAAU;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACA,YACiB;AACjB,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAM,UAAU;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBACJ,MACA,YACA,WACA;AACA,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,QAAQ,MAAM,YAAY,SAAS;AAAA,EAC3D;AACF;;;ACtIO,SAAS,aAMd,QAG0F;AAC1F,SAAO;AAAA,IACL,MAAM,SAAS,MAAM,KAAK;AACxB,YAAM,UAAU,MAAM,IAAI,UAAU,KAAK,SAAS;AAClD,YAAM,WACJ,cAAc,OAAO,WAAW,MAAM,OAAO,SAAS,SAAS,GAAG,IAAI,OAAO;AAC/E,aAAO,CAAC,QAAQ,IAAI,aAAa,MAAM,KAAK,QAAQ,SAAgB,QAAQ;AAAA,IAC9E;AAAA,EACF;AACF;AAMO,SAAS,oBACd,QACiC;AACjC,SAAO,IAAI,yBAAyB,MAAM;AAC5C;","names":["Secret","Secret","RuntimeException","RuntimeException","RuntimeException"]}

package/build/modules/session_guard/remember_me_token.d.ts

@@ -0,0 +1,88 @@
+import { Secret } from '@adonisjs/core/helpers';
+/**
+ * Remember me token represents an opaque token that can be
+ * used to automatically login a user without asking them
+ * to re-login
+ */
+export declare class RememberMeToken {
+    /**
+     * Decodes a publicly shared token and return the series
+     * and the token value from it.
+     *
+     * Returns null when unable to decode the token because of
+     * invalid format or encoding.
+     */
+    static decode(value: string): null | {
+        identifier: string;
+        secret: Secret<string>;
+    };
+    /**
+     * Creates a transient token that can be shared with the persistence
+     * layer.
+     */
+    static createTransientToken(userId: string | number | BigInt, size: number, expiresIn: string | number): {
+        secret: Secret<string>;
+        hash: string;
+        userId: string | number | BigInt;
+        expiresAt: Date;
+    };
+    /**
+     * Creates a secret opaque token and its hash.
+     */
+    static seed(size: number): {
+        secret: Secret<string>;
+        hash: string;
+    };
+    /**
+     * Identifer is a unique sequence to identify the
+     * token within database. It should be the
+     * primary/unique key
+     */
+    identifier: string | number | BigInt;
+    /**
+     * Reference to the user id for whom the token
+     * is generated.
+     */
+    tokenableId: string | number | BigInt;
+    /**
+     * The value is a public representation of a token. It is created
+     * by combining the "identifier"."secret"
+     */
+    value?: Secret<string>;
+    /**
+     * Hash is computed from the seed to later verify the validity
+     * of seed
+     */
+    hash: string;
+    /**
+     * Date/time when the token instance was created
+     */
+    createdAt: Date;
+    /**
+     * Date/time when the token was updated
+     */
+    updatedAt: Date;
+    /**
+     * Timestamp at which the token will expire
+     */
+    expiresAt: Date;
+    constructor(attributes: {
+        identifier: string | number | BigInt;
+        tokenableId: string | number | BigInt;
+        hash: string;
+        createdAt: Date;
+        updatedAt: Date;
+        expiresAt: Date;
+        secret?: Secret<string>;
+    });
+    /**
+     * Check if the token has been expired. Verifies
+     * the "expiresAt" timestamp with the current
+     * date.
+     */
+    isExpired(): boolean;
+    /**
+     * Verifies the value of a token against the pre-defined hash
+     */
+    verify(secret: Secret<string>): boolean;
+}

package/build/modules/session_guard/token_providers/db.d.ts

@@ -0,0 +1,69 @@
+import type { Secret } from '@adonisjs/core/helpers';
+import type { LucidModel } from '@adonisjs/lucid/types/model';
+import { RememberMeToken } from '../remember_me_token.js';
+import type { RememberMeTokenDbColumns, RememberMeTokensProviderContract, DbRememberMeTokensProviderOptions } from '../types.js';
+/**
+ * DbRememberMeTokensProvider uses lucid database service to fetch and
+ * persist tokens for a given user.
+ *
+ * The user must be an instance of the associated user model.
+ */
+export declare class DbRememberMeTokensProvider<TokenableModel extends LucidModel> implements RememberMeTokensProviderContract<TokenableModel> {
+    #private;
+    protected options: DbRememberMeTokensProviderOptions<TokenableModel>;
+    /**
+     * Create tokens provider instance for a given Lucid model
+     */
+    static forModel<TokenableModel extends LucidModel>(model: DbRememberMeTokensProviderOptions<TokenableModel>['tokenableModel'], options?: Omit<DbRememberMeTokensProviderOptions<TokenableModel>, 'tokenableModel'>): DbRememberMeTokensProvider<TokenableModel>;
+    /**
+     * Database table to use for querying remember me tokens
+     */
+    protected table: string;
+    /**
+     * The length for the token secret. A secret is a cryptographically
+     * secure random string.
+     */
+    protected tokenSecretLength: number;
+    constructor(options: DbRememberMeTokensProviderOptions<TokenableModel>);
+    /**
+     * Maps a database row to an instance token instance
+     */
+    protected dbRowToRememberMeToken(dbRow: RememberMeTokenDbColumns): RememberMeToken;
+    /**
+     * Returns a query client instance from the parent model
+     */
+    protected getDb(): Promise<import("@adonisjs/lucid/types/database").QueryClientContract>;
+    /**
+     * Create a token for a user
+     */
+    create(user: InstanceType<TokenableModel>, expiresIn: string | number): Promise<RememberMeToken>;
+    /**
+     * Find a token for a user by the token id
+     */
+    find(user: InstanceType<TokenableModel>, identifier: string | number | BigInt): Promise<RememberMeToken | null>;
+    /**
+     * Delete a token by its id
+     */
+    delete(user: InstanceType<TokenableModel>, identifier: string | number | BigInt): Promise<number>;
+    /**
+     * Returns all the tokens a given user
+     */
+    all(user: InstanceType<TokenableModel>): Promise<RememberMeToken[]>;
+    /**
+     * Verifies a publicly shared remember me token and returns an
+     * RememberMeToken for it.
+     *
+     * Returns null when unable to verify the token or find it
+     * inside the storage
+     */
+    verify(tokenValue: Secret<string>): Promise<RememberMeToken | null>;
+    /**
+     * Recycles a remember me token by deleting the old one and
+     * creates a new one.
+     *
+     * Ideally, the recycle should update the existing token, but we
+     * skip that for now and come back to it later and handle race
+     * conditions as well.
+     */
+    recycle(user: InstanceType<TokenableModel>, identifier: string | number | BigInt, expiresIn: string | number): Promise<RememberMeToken>;
+}

package/build/modules/session_guard/types.d.ts

@@ -0,0 +1,243 @@
+import type { Secret } from '@adonisjs/core/helpers';
+import type { HttpContext } from '@adonisjs/core/http';
+import type { Exception } from '@adonisjs/core/exceptions';
+import type { LucidModel } from '@adonisjs/lucid/types/model';
+import { PROVIDER_REAL_USER } from '../../src/symbols.js';
+import type { RememberMeToken } from './remember_me_token.js';
+/**
+ * Options accepted by the tokens provider that uses lucid
+ * database service to fetch and persist tokens.
+ */
+export type DbRememberMeTokensProviderOptions<TokenableModel extends LucidModel> = {
+    /**
+     * The user model for which to generate tokens. Note, the model
+     * is not used for tokens, but is used to associate a user
+     * with the token
+     */
+    tokenableModel: TokenableModel;
+    /**
+     * Database table to use for querying tokens.
+     *
+     * Defaults to "remember_me_tokens"
+     */
+    table?: string;
+    /**
+     * The length for the token secret. A secret is a cryptographically
+     * secure random string.
+     *
+     * Defaults to 40
+     */
+    tokenSecretLength?: number;
+};
+/**
+ * Remember me token providers are used verify a remember me
+ * token during authentication
+ */
+export interface RememberMeTokensProviderContract<Tokenable extends LucidModel> {
+    /**
+     * Create a token for a given user
+     */
+    create(user: InstanceType<Tokenable>, expiresIn: string | number): Promise<RememberMeToken>;
+    /**
+     * Verifies the remember me token shared as cookie and returns an
+     * instance of remember me token
+     */
+    verify(tokenValue: Secret<string>): Promise<RememberMeToken | null>;
+    /**
+     * Delete token for a user by the token identifier.
+     */
+    delete(user: InstanceType<Tokenable>, identifier: string | number | BigInt): Promise<number>;
+    /**
+     * Recycle an existing token by its id. Recycling tokens helps
+     * detect compromised tokens.
+     * https://web.archive.org/web/20130214051957/http://jaspan.com/improved_persistent_login_cookie_best_practice
+     */
+    recycle(user: InstanceType<Tokenable>, identifier: string | number | BigInt, expiresIn: string | number): Promise<RememberMeToken>;
+}
+/**
+ * A lucid model with a tokens provider to verify remember me tokens during
+ * authentication
+ */
+export type LucidAuthenticatable = LucidModel & {
+    rememberMeTokens?: RememberMeTokensProviderContract<LucidModel>;
+};
+/**
+ * Options accepted by the user provider that uses a lucid
+ * model to lookup a user during authentication and verify
+ * tokens
+ */
+export type SessionLucidUserProviderOptions<Model extends LucidAuthenticatable> = {
+    /**
+     * The model to use for users lookup
+     */
+    model: () => Promise<{
+        default: Model;
+    }>;
+};
+/**
+ * The database columns expected at the database level
+ */
+export type RememberMeTokenDbColumns = {
+    /**
+     * Token primary key. It can be an integer, bigInteger or
+     * even a UUID or any other string based value.
+     *
+     * The id should not have ". (dots)" inside it.
+     */
+    id: number | string | BigInt;
+    /**
+     * The user or entity for whom the token is
+     * generated
+     */
+    tokenable_id: string | number | BigInt;
+    /**
+     * Token hash is used to verify the token shared
+     * with the user
+     */
+    hash: string;
+    /**
+     * Timestamps
+     */
+    created_at: Date;
+    updated_at: Date;
+    /**
+     * The date after which the token will be considered
+     * expired.
+     */
+    expires_at: Date;
+};
+/**
+ * Guard user is an adapter between the user provider
+ * and the guard.
+ *
+ * The guard is user provider agnostic and therefore it
+ * needs a adapter to known some basic info about the
+ * user.
+ */
+export type SessionGuardUser<RealUser> = {
+    getId(): string | number | BigInt;
+    getOriginal(): RealUser;
+};
+/**
+ * The user provider used by session guard to lookup users
+ * during authentication
+ */
+export interface SessionUserProviderContract<RealUser> {
+    [PROVIDER_REAL_USER]: RealUser;
+    /**
+     * Create a user object that acts as an adapter between
+     * the guard and real user value.
+     */
+    createUserForGuard(user: RealUser): Promise<SessionGuardUser<RealUser>>;
+    /**
+     * Find a user by their id.
+     */
+    findById(identifier: string | number | BigInt): Promise<SessionGuardUser<RealUser> | null>;
+}
+/**
+ * The user provider used by session guard with support for tokens
+ */
+export interface SessionWithTokensUserProviderContract<RealUser> extends SessionUserProviderContract<RealUser> {
+    /**
+     * Create a token for a given user. Must be implemented when
+     * "supportsRememberMeTokens" flag is true
+     */
+    createRememberToken(user: RealUser, expiresIn: string | number): Promise<RememberMeToken>;
+    /**
+     * Verify a token by its publicly shared value. Must be implemented when
+     * "supportsRememberMeTokens" flag is true
+     */
+    verifyRememberToken(tokenValue: Secret<string>): Promise<RememberMeToken | null>;
+    /**
+     * Recycle a token for a user by the token identifier. Must be
+     * implemented when "supportsRememberMeTokens" flag is true
+     */
+    recycleRememberToken(user: RealUser, tokenIdentifier: string | number | BigInt, expiresIn: string | number): Promise<RememberMeToken>;
+    /**
+     * Delete a token for a user by the token identifier. Must be
+     * implemented when "supportsRememberMeTokens" flag is true
+     */
+    deleteRemeberToken(user: RealUser, tokenIdentifier: string | number | BigInt): Promise<number>;
+}
+/**
+ * Options accepted by the session guard
+ */
+export type SessionGuardOptions<UseRememberTokens extends boolean> = {
+    /**
+     * Whether or not use remember me tokens during authentication
+     * and login.
+     *
+     * If enabled, the provided user provider must implement the APIs
+     * needed to manage remember me tokens
+     */
+    useRememberMeTokens: UseRememberTokens;
+    /**
+     * The age of remember me tokens after which they
+     * should expire.
+     *
+     * Defaults to "2 years"
+     */
+    rememberMeTokensAge?: string | number;
+};
+/**
+ * Events emitted by the session guard
+ */
+export type SessionGuardEvents<User> = {
+    /**
+     * The event is emitted when login is attempted for
+     * a given user.
+     */
+    'session_auth:login_attempted': {
+        ctx: HttpContext;
+        guardName: string;
+        user: User;
+    };
+    /**
+     * The event is emitted when user has been logged in
+     * successfully
+     */
+    'session_auth:login_succeeded': {
+        ctx: HttpContext;
+        guardName: string;
+        user: User;
+        sessionId: string;
+        rememberMeToken?: RememberMeToken;
+    };
+    /**
+     * Attempting to authenticate the user
+     */
+    'session_auth:authentication_attempted': {
+        ctx: HttpContext;
+        guardName: string;
+        sessionId: string;
+    };
+    /**
+     * Authentication was successful
+     */
+    'session_auth:authentication_succeeded': {
+        ctx: HttpContext;
+        guardName: string;
+        user: User;
+        sessionId: string;
+        rememberMeToken?: RememberMeToken;
+    };
+    /**
+     * Authentication failed
+     */
+    'session_auth:authentication_failed': {
+        ctx: HttpContext;
+        guardName: string;
+        error: Exception;
+        sessionId: string;
+    };
+    /**
+     * The event is emitted when user has been logged out
+     * sucessfully
+     */
+    'session_auth:logged_out': {
+        ctx: HttpContext;
+        guardName: string;
+        user: User | null;
+        sessionId: string;
+    };
+};

package/build/modules/session_guard/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/build/modules/session_guard/types.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/build/modules/session_guard/user_providers/lucid.d.ts

@@ -0,0 +1,57 @@
+import { Secret } from '@adonisjs/core/helpers';
+import { RememberMeToken } from '../remember_me_token.js';
+import { PROVIDER_REAL_USER } from '../../../src/symbols.js';
+import type { SessionGuardUser, LucidAuthenticatable, SessionLucidUserProviderOptions, SessionUserProviderContract } from '../types.js';
+/**
+ * Uses a lucid model to verify access tokens and find a user during
+ * authentication
+ */
+export declare class SessionLucidUserProvider<UserModel extends LucidAuthenticatable> implements SessionUserProviderContract<InstanceType<UserModel>> {
+    /**
+     * Lucid provider options
+     */
+    protected options: SessionLucidUserProviderOptions<UserModel>;
+    [PROVIDER_REAL_USER]: InstanceType<UserModel>;
+    /**
+     * Reference to the lazily imported model
+     */
+    protected model?: UserModel;
+    constructor(
+    /**
+     * Lucid provider options
+     */
+    options: SessionLucidUserProviderOptions<UserModel>);
+    /**
+     * Imports the model from the provider, returns and caches it
+     * for further operations.
+     */
+    protected getModel(): Promise<UserModel>;
+    /**
+     * Returns the tokens provider associated with the user model
+     */
+    protected getTokensProvider(): Promise<import("../types.js").RememberMeTokensProviderContract<import("@adonisjs/lucid/types/model").LucidModel>>;
+    /**
+     * Creates an adapter user for the guard
+     */
+    createUserForGuard(user: InstanceType<UserModel>): Promise<SessionGuardUser<InstanceType<UserModel>>>;
+    /**
+     * Finds a user by their primary key value
+     */
+    findById(identifier: string | number | BigInt): Promise<SessionGuardUser<InstanceType<UserModel>> | null>;
+    /**
+     * Creates a remember token for a given user
+     */
+    createRememberToken(user: InstanceType<UserModel>, expiresIn: string | number): Promise<RememberMeToken>;
+    /**
+     * Verify a token by its publicly shared value
+     */
+    verifyRememberToken(tokenValue: Secret<string>): Promise<RememberMeToken | null>;
+    /**
+     * Delete a token for a user by the token identifier
+     */
+    deleteRemeberToken(user: InstanceType<UserModel>, identifier: string | number | BigInt): Promise<number>;
+    /**
+     * Recycle a token for a user by the token identifier
+     */
+    recycleRememberToken(user: InstanceType<UserModel>, identifier: string | number | BigInt, expiresIn: string | number): Promise<RememberMeToken>;
+}

package/build/providers/auth_provider.d.ts

@@ -1,5 +1,5 @@
 import type { ApplicationService } from '@adonisjs/core/types';
-import type { AuthService } from '../src/auth/types.js';
+import type { AuthService } from '../src/types.js';
 declare module '@adonisjs/core/types' {
     interface ContainerBindings {
         'auth.manager': AuthService;

package/build/providers/auth_provider.js

@@ -1,27 +1,31 @@
-/*
- * @adonisjs/auth
- *
- * (c) AdonisJS
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-import { configProvider } from '@adonisjs/core';
-import { RuntimeException } from '@poppinss/utils';
-import { AuthManager } from '../src/auth/auth_manager.js';
-export default class AuthProvider {
-    app;
-    constructor(app) {
-        this.app = app;
-    }
-    register() {
-        this.app.container.singleton('auth.manager', async () => {
-            const authConfigProvider = this.app.config.get('auth');
-            const config = await configProvider.resolve(this.app, authConfigProvider);
-            if (!config) {
-                throw new RuntimeException('Invalid config exported from "config/auth.ts" file. Make sure to use the defineConfig method');
-            }
-            return new AuthManager(config);
-        });
-    }
-}
+import {
+  AuthManager
+} from "../chunk-OL2Z3AO5.js";
+import "../chunk-3HZHOWKL.js";
+import "../chunk-UGHJLKDI.js";
+import "../chunk-CZCFTIBB.js";
+
+// providers/auth_provider.ts
+import { configProvider } from "@adonisjs/core";
+import { RuntimeException } from "@poppinss/utils";
+var AuthProvider = class {
+  constructor(app) {
+    this.app = app;
+  }
+  register() {
+    this.app.container.singleton("auth.manager", async () => {
+      const authConfigProvider = this.app.config.get("auth");
+      const config = await configProvider.resolve(this.app, authConfigProvider);
+      if (!config) {
+        throw new RuntimeException(
+          'Invalid config exported from "config/auth.ts" file. Make sure to use the defineConfig method'
+        );
+      }
+      return new AuthManager(config);
+    });
+  }
+};
+export {
+  AuthProvider as default
+};
+//# sourceMappingURL=auth_provider.js.map

package/build/providers/auth_provider.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../providers/auth_provider.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { configProvider } from '@adonisjs/core'\nimport { RuntimeException } from '@poppinss/utils'\nimport type { ApplicationService } from '@adonisjs/core/types'\n\nimport type { AuthService } from '../src/types.js'\nimport { AuthManager } from '../src/auth_manager.js'\n\ndeclare module '@adonisjs/core/types' {\n  export interface ContainerBindings {\n    'auth.manager': AuthService\n  }\n}\n\nexport default class AuthProvider {\n  constructor(protected app: ApplicationService) {}\n\n  register() {\n    this.app.container.singleton('auth.manager', async () => {\n      const authConfigProvider = this.app.config.get('auth')\n      const config = await configProvider.resolve<any>(this.app, authConfigProvider)\n\n      if (!config) {\n        throw new RuntimeException(\n          'Invalid config exported from \"config/auth.ts\" file. Make sure to use the defineConfig method'\n        )\n      }\n\n      return new AuthManager(config)\n    })\n  }\n}\n"],"mappings":";;;;;;;;AASA,SAAS,sBAAsB;AAC/B,SAAS,wBAAwB;AAYjC,IAAqB,eAArB,MAAkC;AAAA,EAChC,YAAsB,KAAyB;AAAzB;AAAA,EAA0B;AAAA,EAEhD,WAAW;AACT,SAAK,IAAI,UAAU,UAAU,gBAAgB,YAAY;AACvD,YAAM,qBAAqB,KAAK,IAAI,OAAO,IAAI,MAAM;AACrD,YAAM,SAAS,MAAM,eAAe,QAAa,KAAK,KAAK,kBAAkB;AAE7E,UAAI,CAAC,QAAQ;AACX,cAAM,IAAI;AAAA,UACR;AAAA,QACF;AAAA,MACF;AAEA,aAAO,IAAI,YAAY,MAAM;AAAA,IAC/B,CAAC;AAAA,EACH;AACF;","names":[]}

package/build/services/auth.d.ts

@@ -1,3 +1,3 @@
-import { AuthService } from '../src/auth/types.js';
+import { AuthService } from '../src/types.js';
 declare let auth: AuthService;
 export { auth as default };