@adonisjs/auth 9.0.2 → 9.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -644,6 +644,7 @@ var AccessTokensGuard = class {
|
|
|
644
644
|
};
|
|
645
645
|
|
|
646
646
|
// modules/access_tokens_guard/token_providers/db.ts
|
|
647
|
+
import { inspect } from "node:util";
|
|
647
648
|
import { RuntimeException as RuntimeException2 } from "@adonisjs/core/exceptions";
|
|
648
649
|
var DbAccessTokensProvider = class _DbAccessTokensProvider {
|
|
649
650
|
constructor(options) {
|
|
@@ -681,6 +682,12 @@ var DbAccessTokensProvider = class _DbAccessTokensProvider {
|
|
|
681
682
|
* secure random string.
|
|
682
683
|
*/
|
|
683
684
|
tokenSecretLength;
|
|
685
|
+
/**
|
|
686
|
+
* Check if value is an object
|
|
687
|
+
*/
|
|
688
|
+
#isObject(value) {
|
|
689
|
+
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
690
|
+
}
|
|
684
691
|
/**
|
|
685
692
|
* Ensure the provided user is an instance of the user model and
|
|
686
693
|
* has a primary key
|
|
@@ -744,7 +751,13 @@ var DbAccessTokensProvider = class _DbAccessTokensProvider {
|
|
|
744
751
|
last_used_at: null,
|
|
745
752
|
expires_at: transientToken.expiresAt || null
|
|
746
753
|
};
|
|
747
|
-
const
|
|
754
|
+
const result = await queryClient.table(this.table).insert(dbRow).returning("id");
|
|
755
|
+
const id = this.#isObject(result[0]) ? result[0].id : result[0];
|
|
756
|
+
if (!id) {
|
|
757
|
+
throw new RuntimeException2(
|
|
758
|
+
`Cannot save access token. The result "${inspect(result)}" of insert query is unexpected`
|
|
759
|
+
);
|
|
760
|
+
}
|
|
748
761
|
return new AccessToken({
|
|
749
762
|
identifier: id,
|
|
750
763
|
tokenableId: dbRow.tokenable_id,
|
|
@@ -787,7 +800,23 @@ var DbAccessTokensProvider = class _DbAccessTokensProvider {
|
|
|
787
800
|
async all(user) {
|
|
788
801
|
this.#ensureIsPersisted(user);
|
|
789
802
|
const queryClient = await this.getDb();
|
|
790
|
-
const dbRows = await queryClient.query().from(this.table).where({ tokenable_id: user.$primaryKeyValue, type: this.type }).
|
|
803
|
+
const dbRows = await queryClient.query().from(this.table).where({ tokenable_id: user.$primaryKeyValue, type: this.type }).ifDialect("postgres", (query) => {
|
|
804
|
+
query.orderBy([
|
|
805
|
+
{
|
|
806
|
+
column: "last_used_at",
|
|
807
|
+
order: "desc",
|
|
808
|
+
nulls: "last"
|
|
809
|
+
}
|
|
810
|
+
]);
|
|
811
|
+
}).unlessDialect("postgres", (query) => {
|
|
812
|
+
query.orderBy([
|
|
813
|
+
{
|
|
814
|
+
column: "last_used_at",
|
|
815
|
+
order: "asc",
|
|
816
|
+
nulls: "last"
|
|
817
|
+
}
|
|
818
|
+
]);
|
|
819
|
+
}).orderBy("id", "desc").exec();
|
|
791
820
|
return dbRows.map((dbRow) => {
|
|
792
821
|
return this.dbRowToAccessToken(dbRow);
|
|
793
822
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../modules/access_tokens_guard/access_token.ts","../../../modules/access_tokens_guard/crc32.ts","../../../modules/access_tokens_guard/guard.ts","../../../modules/access_tokens_guard/token_providers/db.ts","../../../modules/access_tokens_guard/user_providers/lucid.ts","../../../modules/access_tokens_guard/define_config.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { createHash } from 'node:crypto'\nimport string from '@adonisjs/core/helpers/string'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport { Secret, base64, safeEqual } from '@adonisjs/core/helpers'\n\nimport { CRC32 } from './crc32.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\n\n/**\n * Access token represents a token created for a user to authenticate\n * using the auth module.\n *\n * It encapsulates the logic of creating an opaque token, generating\n * its hash and verifying its hash.\n */\nexport class AccessToken {\n /**\n * Decodes a publicly shared token and return the series\n * and the token value from it.\n *\n * Returns null when unable to decode the token because of\n * invalid format or encoding.\n */\n static decode(\n prefix: string,\n value: string\n ): null | { identifier: string; secret: Secret<string> } {\n /**\n * Ensure value is a string and starts with the prefix.\n */\n if (typeof value !== 'string' || !value.startsWith(`${prefix}`)) {\n return null\n }\n\n /**\n * Remove prefix from the rest of the token.\n */\n const token = value.replace(new RegExp(`^${prefix}`), '')\n if (!token) {\n return null\n }\n\n const [identifier, ...tokenValue] = token.split('.')\n if (!identifier || tokenValue.length === 0) {\n return null\n }\n\n const decodedIdentifier = base64.urlDecode(identifier)\n const decodedSecret = base64.urlDecode(tokenValue.join('.'))\n if (!decodedIdentifier || !decodedSecret) {\n return null\n }\n\n return {\n identifier: decodedIdentifier,\n secret: new Secret(decodedSecret),\n }\n }\n\n /**\n * Creates a transient token that can be shared with the persistence\n * layer.\n */\n static createTransientToken(\n userId: string | number | BigInt,\n size: number,\n expiresIn?: string | number\n ) {\n let expiresAt: Date | undefined\n if (expiresIn) {\n expiresAt = new Date()\n expiresAt.setSeconds(expiresAt.getSeconds() + string.seconds.parse(expiresIn))\n }\n\n return {\n userId,\n expiresAt,\n ...this.seed(size),\n }\n }\n\n /**\n * Creates a secret opaque token and its hash. The secret is\n * suffixed with a crc32 checksum for secret scanning tools\n * to easily identify the token.\n */\n static seed(size: number) {\n const seed = string.random(size)\n const secret = new Secret(`${seed}${new CRC32().calculate(seed)}`)\n const hash = createHash('sha256').update(secret.release()).digest('hex')\n return { secret, hash }\n }\n\n /**\n * Identifer is a unique sequence to identify the\n * token within database. It should be the\n * primary/unique key\n */\n identifier: string | number | BigInt\n\n /**\n * Reference to the user id for whom the token\n * is generated.\n */\n tokenableId: string | number | BigInt\n\n /**\n * The value is a public representation of a token. It is created\n * by combining the \"identifier\".\"secret\"\n */\n value?: Secret<string>\n\n /**\n * Recognizable name for the token\n */\n name: string | null\n\n /**\n * A unique type to identify a bucket of tokens inside the\n * storage layer.\n */\n type: string\n\n /**\n * Hash is computed from the seed to later verify the validity\n * of seed\n */\n hash: string\n\n /**\n * Date/time when the token instance was created\n */\n createdAt: Date\n\n /**\n * Date/time when the token was updated\n */\n updatedAt: Date\n\n /**\n * Timestamp at which the token was used for authentication\n */\n lastUsedAt: Date | null\n\n /**\n * Timestamp at which the token will expire\n */\n expiresAt: Date | null\n\n /**\n * An array of abilities the token can perform. The abilities\n * is an array of abritary string values\n */\n abilities: string[]\n\n constructor(attributes: {\n identifier: string | number | BigInt\n tokenableId: string | number | BigInt\n type: string\n hash: string\n createdAt: Date\n updatedAt: Date\n lastUsedAt: Date | null\n expiresAt: Date | null\n name: string | null\n prefix?: string\n secret?: Secret<string>\n abilities?: string[]\n }) {\n this.identifier = attributes.identifier\n this.tokenableId = attributes.tokenableId\n this.name = attributes.name\n this.hash = attributes.hash\n this.type = attributes.type\n this.createdAt = attributes.createdAt\n this.updatedAt = attributes.updatedAt\n this.expiresAt = attributes.expiresAt\n this.lastUsedAt = attributes.lastUsedAt\n this.abilities = attributes.abilities || ['*']\n\n /**\n * Compute value when secret is provided\n */\n if (attributes.secret) {\n if (!attributes.prefix) {\n throw new RuntimeException('Cannot compute token value without the prefix')\n }\n this.value = new Secret(\n `${attributes.prefix}${base64.urlEncode(String(this.identifier))}.${base64.urlEncode(\n attributes.secret.release()\n )}`\n )\n }\n }\n\n /**\n * Check if the token allows the given ability.\n */\n allows(ability: string) {\n return this.abilities.includes(ability) || this.abilities.includes('*')\n }\n\n /**\n * Check if the token denies the ability.\n */\n denies(ability: string) {\n return !this.abilities.includes(ability) && !this.abilities.includes('*')\n }\n\n /**\n * Authorize ability access using the current access token\n */\n authorize(ability: string) {\n if (this.denies(ability)) {\n throw new E_UNAUTHORIZED_ACCESS('Unauthorized access', { guardDriverName: 'access_tokens' })\n }\n }\n\n /**\n * Check if the token has been expired. Verifies\n * the \"expiresAt\" timestamp with the current\n * date.\n *\n * Tokens with no expiry never expire\n */\n isExpired() {\n if (!this.expiresAt) {\n return false\n }\n\n return this.expiresAt < new Date()\n }\n\n /**\n * Verifies the value of a token against the pre-defined hash\n */\n verify(secret: Secret<string>): boolean {\n const newHash = createHash('sha256').update(secret.release()).digest('hex')\n return safeEqual(this.hash, newHash)\n }\n\n toJSON() {\n return {\n type: 'bearer',\n name: this.name,\n token: this.value ? this.value.release() : undefined,\n abilities: this.abilities,\n lastUsedAt: this.lastUsedAt,\n expiresAt: this.expiresAt,\n }\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\n/**\n * We use CRC32 just to add a recognizable checksum to tokens. This helps\n * secret scanning tools like https://docs.github.com/en/github/administering-a-repository/about-secret-scanning easily detect tokens generated by a given program.\n *\n * You can learn more about appending checksum to a hash here in this Github\n * article. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/\n *\n * Code taken from:\n * https://github.com/tsxper/crc32/blob/main/src/CRC32.ts\n */\n\nexport class CRC32 {\n /**\n * Lookup table calculated for 0xEDB88320 divisor\n */\n #lookupTable = [\n 0, 1996959894, 3993919788, 2567524794, 124634137, 1886057615, 3915621685, 2657392035, 249268274,\n 2044508324, 3772115230, 2547177864, 162941995, 2125561021, 3887607047, 2428444049, 498536548,\n 1789927666, 4089016648, 2227061214, 450548861, 1843258603, 4107580753, 2211677639, 325883990,\n 1684777152, 4251122042, 2321926636, 335633487, 1661365465, 4195302755, 2366115317, 997073096,\n 1281953886, 3579855332, 2724688242, 1006888145, 1258607687, 3524101629, 2768942443, 901097722,\n 1119000684, 3686517206, 2898065728, 853044451, 1172266101, 3705015759, 2882616665, 651767980,\n 1373503546, 3369554304, 3218104598, 565507253, 1454621731, 3485111705, 3099436303, 671266974,\n 1594198024, 3322730930, 2970347812, 795835527, 1483230225, 3244367275, 3060149565, 1994146192,\n 31158534, 2563907772, 4023717930, 1907459465, 112637215, 2680153253, 3904427059, 2013776290,\n 251722036, 2517215374, 3775830040, 2137656763, 141376813, 2439277719, 3865271297, 1802195444,\n 476864866, 2238001368, 4066508878, 1812370925, 453092731, 2181625025, 4111451223, 1706088902,\n 314042704, 2344532202, 4240017532, 1658658271, 366619977, 2362670323, 4224994405, 1303535960,\n 984961486, 2747007092, 3569037538, 1256170817, 1037604311, 2765210733, 3554079995, 1131014506,\n 879679996, 2909243462, 3663771856, 1141124467, 855842277, 2852801631, 3708648649, 1342533948,\n 654459306, 3188396048, 3373015174, 1466479909, 544179635, 3110523913, 3462522015, 1591671054,\n 702138776, 2966460450, 3352799412, 1504918807, 783551873, 3082640443, 3233442989, 3988292384,\n 2596254646, 62317068, 1957810842, 3939845945, 2647816111, 81470997, 1943803523, 3814918930,\n 2489596804, 225274430, 2053790376, 3826175755, 2466906013, 167816743, 2097651377, 4027552580,\n 2265490386, 503444072, 1762050814, 4150417245, 2154129355, 426522225, 1852507879, 4275313526,\n 2312317920, 282753626, 1742555852, 4189708143, 2394877945, 397917763, 1622183637, 3604390888,\n 2714866558, 953729732, 1340076626, 3518719985, 2797360999, 1068828381, 1219638859, 3624741850,\n 2936675148, 906185462, 1090812512, 3747672003, 2825379669, 829329135, 1181335161, 3412177804,\n 3160834842, 628085408, 1382605366, 3423369109, 3138078467, 570562233, 1426400815, 3317316542,\n 2998733608, 733239954, 1555261956, 3268935591, 3050360625, 752459403, 1541320221, 2607071920,\n 3965973030, 1969922972, 40735498, 2617837225, 3943577151, 1913087877, 83908371, 2512341634,\n 3803740692, 2075208622, 213261112, 2463272603, 3855990285, 2094854071, 198958881, 2262029012,\n 4057260610, 1759359992, 534414190, 2176718541, 4139329115, 1873836001, 414664567, 2282248934,\n 4279200368, 1711684554, 285281116, 2405801727, 4167216745, 1634467795, 376229701, 2685067896,\n 3608007406, 1308918612, 956543938, 2808555105, 3495958263, 1231636301, 1047427035, 2932959818,\n 3654703836, 1088359270, 936918000, 2847714899, 3736837829, 1202900863, 817233897, 3183342108,\n 3401237130, 1404277552, 615818150, 3134207493, 3453421203, 1423857449, 601450431, 3009837614,\n 3294710456, 1567103746, 711928724, 3020668471, 3272380065, 1510334235, 755167117,\n ]\n\n #initialCRC = 0xffffffff\n\n #calculateBytes(bytes: Uint8Array, accumulator?: number): number {\n let crc = accumulator || this.#initialCRC\n for (const byte of bytes) {\n const tableIndex = (crc ^ byte) & 0xff\n const tableVal = this.#lookupTable[tableIndex] as number\n crc = (crc >>> 8) ^ tableVal\n }\n return crc\n }\n\n #crcToUint(crc: number): number {\n return this.#toUint32(crc ^ 0xffffffff)\n }\n\n #strToBytes(input: string): Uint8Array {\n const encoder = new TextEncoder()\n return encoder.encode(input)\n }\n\n #toUint32(num: number): number {\n if (num >= 0) {\n return num\n }\n return 0xffffffff - num * -1 + 1\n }\n\n calculate(input: string): number {\n return this.forString(input)\n }\n\n forString(input: string): number {\n const bytes = this.#strToBytes(input)\n return this.forBytes(bytes)\n }\n\n forBytes(bytes: Uint8Array, accumulator?: number): number {\n const crc = this.#calculateBytes(bytes, accumulator)\n return this.#crcToUint(crc)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { EmitterLike } from '@adonisjs/core/types/events'\n\nimport type { AccessToken } from './access_token.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\nimport type { AuthClientResponse, GuardContract } from '../../src/types.js'\nimport { GUARD_KNOWN_EVENTS, PROVIDER_REAL_USER } from '../../src/symbols.js'\nimport type { AccessTokensGuardEvents, AccessTokensUserProviderContract } from './types.js'\n\n/**\n * Implementation of access tokens guard for the Auth layer. The heavy lifting\n * of verifying tokens is done by the user provider. However, the guard is\n * used to seamlessly integrate with the auth layer of the package.\n */\nexport class AccessTokensGuard<UserProvider extends AccessTokensUserProviderContract<unknown>>\n implements\n GuardContract<UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }>\n{\n /**\n * Events emitted by the guard\n */\n declare [GUARD_KNOWN_EVENTS]: AccessTokensGuardEvents<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n >\n\n /**\n * A unique name for the guard.\n */\n #name: string\n\n /**\n * Reference to the current HTTP context\n */\n #ctx: HttpContext\n\n /**\n * Provider to lookup user details\n */\n #userProvider: UserProvider\n\n /**\n * Emitter to emit events\n */\n #emitter: EmitterLike<\n AccessTokensGuardEvents<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n >\n >\n\n /**\n * Driver name of the guard\n */\n driverName: 'access_tokens' = 'access_tokens'\n\n /**\n * Whether or not the authentication has been attempted\n * during the current request.\n */\n authenticationAttempted = false\n\n /**\n * A boolean to know if the current request has\n * been authenticated\n */\n isAuthenticated = false\n\n /**\n * Reference to an instance of the authenticated user.\n * The value only exists after calling one of the\n * following methods.\n *\n * - authenticate\n * - check\n *\n * You can use the \"getUserOrFail\" method to throw an exception if\n * the request is not authenticated.\n */\n user?: UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n\n constructor(\n name: string,\n ctx: HttpContext,\n emitter: EmitterLike<\n AccessTokensGuardEvents<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n >\n >,\n userProvider: UserProvider\n ) {\n this.#name = name\n this.#ctx = ctx\n this.#emitter = emitter\n this.#userProvider = userProvider\n }\n\n /**\n * Emits authentication failure and returns an exception\n * to end the authentication cycle.\n */\n #authenticationFailed() {\n const error = new E_UNAUTHORIZED_ACCESS('Unauthorized access', {\n guardDriverName: this.driverName,\n })\n\n this.#emitter.emit('access_tokens_auth:authentication_failed', {\n ctx: this.#ctx,\n guardName: this.#name,\n error,\n })\n\n return error\n }\n\n /**\n * Returns the bearer token from the request headers or fails\n */\n #getBearerToken(): string {\n const bearerToken = this.#ctx.request.header('authorization', '')!\n const [, token] = bearerToken.split('Bearer ')\n if (!token) {\n throw this.#authenticationFailed()\n }\n\n return token\n }\n\n /**\n * Returns an instance of the authenticated user. Or throws\n * an exception if the request is not authenticated.\n */\n getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken } {\n if (!this.user) {\n throw new E_UNAUTHORIZED_ACCESS('Unauthorized access', {\n guardDriverName: this.driverName,\n })\n }\n\n return this.user\n }\n\n /**\n * Authenticate the current HTTP request by verifying the bearer\n * token or fails with an exception\n */\n async authenticate(): Promise<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n > {\n /**\n * Return early when authentication has already\n * been attempted\n */\n if (this.authenticationAttempted) {\n return this.getUserOrFail()\n }\n\n /**\n * Notify we begin to attempt the authentication\n */\n this.authenticationAttempted = true\n this.#emitter.emit('access_tokens_auth:authentication_attempted', {\n ctx: this.#ctx,\n guardName: this.#name,\n })\n\n /**\n * Decode token or fail when unable to do so\n */\n const bearerToken = new Secret(this.#getBearerToken())\n\n /**\n * Verify for token via the user provider\n */\n const token = await this.#userProvider.verifyToken(bearerToken)\n if (!token) {\n throw this.#authenticationFailed()\n }\n\n /**\n * Check if a user for the token exists. Otherwise abort\n * authentication\n */\n const providerUser = await this.#userProvider.findById(token.tokenableId)\n if (!providerUser) {\n throw this.#authenticationFailed()\n }\n\n /**\n * Update local state\n */\n this.isAuthenticated = true\n this.user = providerUser.getOriginal() as UserProvider[typeof PROVIDER_REAL_USER] & {\n currentAccessToken: AccessToken\n }\n this.user!.currentAccessToken = token\n\n /**\n * Notify\n */\n this.#emitter.emit('access_tokens_auth:authentication_succeeded', {\n ctx: this.#ctx,\n token,\n guardName: this.#name,\n user: this.user,\n })\n\n return this.user\n }\n\n /**\n * Returns the Authorization header clients can use to authenticate\n * the request.\n */\n async authenticateAsClient(\n user: UserProvider[typeof PROVIDER_REAL_USER],\n abilities?: string[],\n options?: {\n expiresIn?: string | number\n name?: string\n }\n ): Promise<AuthClientResponse> {\n const token = await this.#userProvider.createToken(user, abilities, options)\n return {\n headers: {\n authorization: `Bearer ${token.value!.release()}`,\n },\n }\n }\n\n /**\n * Silently check if the user is authenticated or not. The\n * method is same the \"authenticate\" method but does not\n * throw any exceptions.\n */\n async check(): Promise<boolean> {\n try {\n await this.authenticate()\n return true\n } catch (error) {\n if (error instanceof E_UNAUTHORIZED_ACCESS) {\n return false\n }\n\n throw error\n }\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { LucidModel } from '@adonisjs/lucid/types/model'\n\nimport { AccessToken } from '../access_token.js'\nimport type {\n AccessTokenDbColumns,\n AccessTokensProviderContract,\n DbAccessTokensProviderOptions,\n} from '../types.js'\n\n/**\n * DbAccessTokensProvider uses lucid database service to fetch and\n * persist tokens for a given user.\n *\n * The user must be an instance of the associated user model.\n */\nexport class DbAccessTokensProvider<TokenableModel extends LucidModel>\n implements AccessTokensProviderContract<TokenableModel>\n{\n /**\n * Create tokens provider instance for a given Lucid model\n */\n static forModel<TokenableModel extends LucidModel>(\n model: DbAccessTokensProviderOptions<TokenableModel>['tokenableModel'],\n options?: Omit<DbAccessTokensProviderOptions<TokenableModel>, 'tokenableModel'>\n ) {\n return new DbAccessTokensProvider<TokenableModel>({ tokenableModel: model, ...(options || {}) })\n }\n\n /**\n * A unique type for the value. The type is used to identify a\n * bucket of tokens within the storage layer.\n *\n * Defaults to auth_token\n */\n protected type: string\n\n /**\n * A unique prefix to append to the publicly shared token value.\n *\n * Defaults to oat\n */\n protected prefix: string\n\n /**\n * Database table to use for querying access tokens\n */\n protected table: string\n\n /**\n * The length for the token secret. A secret is a cryptographically\n * secure random string.\n */\n protected tokenSecretLength: number\n\n constructor(protected options: DbAccessTokensProviderOptions<TokenableModel>) {\n this.table = options.table || 'auth_access_tokens'\n this.tokenSecretLength = options.tokenSecretLength || 40\n this.type = options.type || 'auth_token'\n this.prefix = options.prefix || 'oat_'\n }\n\n /**\n * Ensure the provided user is an instance of the user model and\n * has a primary key\n */\n #ensureIsPersisted(user: InstanceType<TokenableModel>) {\n const model = this.options.tokenableModel\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for managing access tokens. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n }\n\n /**\n * Maps a database row to an instance token instance\n */\n protected dbRowToAccessToken(dbRow: AccessTokenDbColumns): AccessToken {\n return new AccessToken({\n identifier: dbRow.id,\n tokenableId: dbRow.tokenable_id,\n type: dbRow.type,\n name: dbRow.name,\n hash: dbRow.hash,\n abilities: JSON.parse(dbRow.abilities),\n createdAt:\n typeof dbRow.created_at === 'number' ? new Date(dbRow.created_at) : dbRow.created_at,\n updatedAt:\n typeof dbRow.updated_at === 'number' ? new Date(dbRow.updated_at) : dbRow.updated_at,\n lastUsedAt:\n typeof dbRow.last_used_at === 'number' ? new Date(dbRow.last_used_at) : dbRow.last_used_at,\n expiresAt:\n typeof dbRow.expires_at === 'number' ? new Date(dbRow.expires_at) : dbRow.expires_at,\n })\n }\n\n /**\n * Returns a query client instance from the parent model\n */\n protected async getDb() {\n const model = this.options.tokenableModel\n return model.$adapter.query(model).client\n }\n\n /**\n * Create a token for a user\n */\n async create(\n user: InstanceType<TokenableModel>,\n abilities: string[] = ['*'],\n options?: {\n name?: string\n expiresIn?: string | number\n }\n ) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n\n /**\n * Creating a transient token. Transient token abstracts\n * the logic of creating a random secure secret and its\n * hash\n */\n const transientToken = AccessToken.createTransientToken(\n user.$primaryKeyValue!,\n this.tokenSecretLength,\n options?.expiresIn || this.options.expiresIn\n )\n\n /**\n * Row to insert inside the database. We expect exactly these\n * columns to exist.\n */\n const dbRow: Omit<AccessTokenDbColumns, 'id'> = {\n tokenable_id: transientToken.userId,\n type: this.type,\n name: options?.name || null,\n hash: transientToken.hash,\n abilities: JSON.stringify(abilities),\n created_at: new Date(),\n updated_at: new Date(),\n last_used_at: null,\n expires_at: transientToken.expiresAt || null,\n }\n\n /**\n * Insert data to the database.\n */\n const [id] = await queryClient.table(this.table).insert(dbRow)\n\n /**\n * Convert db row to an access token\n */\n return new AccessToken({\n identifier: id,\n tokenableId: dbRow.tokenable_id,\n type: dbRow.type,\n prefix: this.prefix,\n secret: transientToken.secret,\n name: dbRow.name,\n hash: dbRow.hash,\n abilities: JSON.parse(dbRow.abilities),\n createdAt: dbRow.created_at,\n updatedAt: dbRow.updated_at,\n lastUsedAt: dbRow.last_used_at,\n expiresAt: dbRow.expires_at,\n })\n }\n\n /**\n * Find a token for a user by the token id\n */\n async find(user: InstanceType<TokenableModel>, identifier: string | number | BigInt) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRow = await queryClient\n .query<AccessTokenDbColumns>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue, type: this.type })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n return this.dbRowToAccessToken(dbRow)\n }\n\n /**\n * Delete a token by its id\n */\n async delete(\n user: InstanceType<TokenableModel>,\n identifier: string | number | BigInt\n ): Promise<number> {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const affectedRows = await queryClient\n .query<number>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue, type: this.type })\n .del()\n .exec()\n\n return affectedRows as unknown as number\n }\n\n /**\n * Returns all the tokens a given user\n */\n async all(user: InstanceType<TokenableModel>) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRows = await queryClient\n .query<AccessTokenDbColumns>()\n .from(this.table)\n .where({ tokenable_id: user.$primaryKeyValue, type: this.type })\n .orderBy('last_used_at', 'desc')\n .orderBy('id', 'desc')\n .exec()\n\n return dbRows.map((dbRow) => {\n return this.dbRowToAccessToken(dbRow)\n })\n }\n\n /**\n * Verifies a publicly shared access token and returns an\n * access token for it.\n *\n * Returns null when unable to verify the token or find it\n * inside the storage\n */\n async verify(tokenValue: Secret<string>) {\n const decodedToken = AccessToken.decode(this.prefix, tokenValue.release())\n if (!decodedToken) {\n return null\n }\n\n const db = await this.getDb()\n const dbRow = await db\n .query<AccessTokenDbColumns>()\n .from(this.table)\n .where({ id: decodedToken.identifier, type: this.type })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n /**\n * Update last time the token is used\n */\n dbRow.last_used_at = new Date()\n await db\n .from(this.table)\n .where({ id: dbRow.id, type: dbRow.type })\n .update({ last_used_at: dbRow.last_used_at })\n\n /**\n * Convert to access token instance\n */\n const accessToken = this.dbRowToAccessToken(dbRow)\n\n /**\n * Ensure the token secret matches the token hash\n */\n if (!accessToken.verify(decodedToken.secret) || accessToken.isExpired()) {\n return null\n }\n\n return accessToken\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { LucidRow } from '@adonisjs/lucid/types/model'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\n\nimport { AccessToken } from '../access_token.js'\nimport { PROVIDER_REAL_USER } from '../../../src/symbols.js'\nimport type {\n LucidTokenable,\n AccessTokensGuardUser,\n AccessTokensUserProviderContract,\n AccessTokensLucidUserProviderOptions,\n} from '../types.js'\n\n/**\n * Uses a lucid model to verify access tokens and find a user during\n * authentication\n */\nexport class AccessTokensLucidUserProvider<\n TokenableProperty extends string,\n UserModel extends LucidTokenable<TokenableProperty>,\n> implements AccessTokensUserProviderContract<InstanceType<UserModel>>\n{\n declare [PROVIDER_REAL_USER]: InstanceType<UserModel>\n\n /**\n * Reference to the lazily imported model\n */\n protected model?: UserModel\n\n constructor(\n /**\n * Lucid provider options\n */\n protected options: AccessTokensLucidUserProviderOptions<TokenableProperty, UserModel>\n ) {}\n\n /**\n * Imports the model from the provider, returns and caches it\n * for further operations.\n */\n protected async getModel() {\n if (this.model) {\n return this.model\n }\n\n const importedModel = await this.options.model()\n this.model = importedModel.default\n return this.model\n }\n\n /**\n * Returns the tokens provider associated with the user model\n */\n protected async getTokensProvider() {\n const model = await this.getModel()\n\n if (!model[this.options.tokens]) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for verifying access tokens. Make sure to assign a token provider to the model.`\n )\n }\n\n return model[this.options.tokens]\n }\n\n /**\n * Creates an adapter user for the guard\n */\n async createUserForGuard(\n user: InstanceType<UserModel>\n ): Promise<AccessTokensGuardUser<InstanceType<UserModel>>> {\n const model = await this.getModel()\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n return {\n getId() {\n /**\n * Ensure user has a primary key\n */\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for authentication. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n\n return user.$primaryKeyValue\n },\n getOriginal() {\n return user\n },\n }\n }\n\n /**\n * Create a token for a given user\n */\n async createToken(\n user: InstanceType<UserModel>,\n abilities?: string[] | undefined,\n options?: {\n name?: string\n expiresIn?: string | number\n }\n ): Promise<AccessToken> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.create(user as LucidRow, abilities, options)\n }\n\n /**\n * Finds a user by the user id\n */\n async findById(\n identifier: string | number | BigInt\n ): Promise<AccessTokensGuardUser<InstanceType<UserModel>> | null> {\n const model = await this.getModel()\n const user = await model.find(identifier)\n\n if (!user) {\n return null\n }\n\n return this.createUserForGuard(user)\n }\n\n /**\n * Verifies a publicly shared access token and returns an\n * access token for it.\n */\n async verifyToken(tokenValue: Secret<string>): Promise<AccessToken | null> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.verify(tokenValue)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { ConfigProvider } from '@adonisjs/core/types'\n\nimport { AccessTokensGuard } from './guard.js'\nimport type { GuardConfigProvider } from '../../src/types.js'\nimport { AccessTokensLucidUserProvider } from './user_providers/lucid.js'\nimport type {\n LucidTokenable,\n AccessTokensUserProviderContract,\n AccessTokensLucidUserProviderOptions,\n} from './types.js'\n\n/**\n * Configures access tokens guard for authentication\n */\nexport function tokensGuard<\n UserProvider extends AccessTokensUserProviderContract<unknown>,\n>(config: {\n provider: UserProvider | ConfigProvider<UserProvider>\n}): GuardConfigProvider<(ctx: HttpContext) => AccessTokensGuard<UserProvider>> {\n return {\n async resolver(name, app) {\n const emitter = await app.container.make('emitter')\n const provider =\n 'resolver' in config.provider ? await config.provider.resolver(app) : config.provider\n return (ctx) => new AccessTokensGuard(name, ctx, emitter as any, provider)\n },\n }\n}\n\n/**\n * Configures user provider that uses Lucid models to verify\n * access tokens and find users during authentication.\n */\nexport function tokensUserProvider<\n TokenableProperty extends string,\n Model extends LucidTokenable<TokenableProperty>,\n>(\n config: AccessTokensLucidUserProviderOptions<TokenableProperty, Model>\n): AccessTokensLucidUserProvider<TokenableProperty, Model> {\n return new AccessTokensLucidUserProvider(config)\n}\n"],"mappings":";;;;;;AASA,SAAS,kBAAkB;AAC3B,OAAO,YAAY;AACnB,SAAS,wBAAwB;AACjC,SAAS,QAAQ,QAAQ,iBAAiB;;;ACQnC,IAAM,QAAN,MAAY;AAAA;AAAA;AAAA;AAAA,EAIjB,eAAe;AAAA,IACb;AAAA,IAAG;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACtF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACpF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAU;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IACjF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAU;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAU;AAAA,IAAY;AAAA,IAChF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAU;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAU;AAAA,IAChF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,EACzE;AAAA,EAEA,cAAc;AAAA,EAEd,gBAAgB,OAAmB,aAA8B;AAC/D,QAAI,MAAM,eAAe,KAAK;AAC9B,eAAW,QAAQ,OAAO;AACxB,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,WAAW,KAAK,aAAa,UAAU;AAC7C,YAAO,QAAQ,IAAK;AAAA,IACtB;AACA,WAAO;AAAA,EACT;AAAA,EAEA,WAAW,KAAqB;AAC9B,WAAO,KAAK,UAAU,MAAM,UAAU;AAAA,EACxC;AAAA,EAEA,YAAY,OAA2B;AACrC,UAAM,UAAU,IAAI,YAAY;AAChC,WAAO,QAAQ,OAAO,KAAK;AAAA,EAC7B;AAAA,EAEA,UAAU,KAAqB;AAC7B,QAAI,OAAO,GAAG;AACZ,aAAO;AAAA,IACT;AACA,WAAO,aAAa,MAAM,KAAK;AAAA,EACjC;AAAA,EAEA,UAAU,OAAuB;AAC/B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAAA,EAEA,UAAU,OAAuB;AAC/B,UAAM,QAAQ,KAAK,YAAY,KAAK;AACpC,WAAO,KAAK,SAAS,KAAK;AAAA,EAC5B;AAAA,EAEA,SAAS,OAAmB,aAA8B;AACxD,UAAM,MAAM,KAAK,gBAAgB,OAAO,WAAW;AACnD,WAAO,KAAK,WAAW,GAAG;AAAA,EAC5B;AACF;;;AD5EO,IAAM,cAAN,MAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQvB,OAAO,OACL,QACA,OACuD;AAIvD,QAAI,OAAO,UAAU,YAAY,CAAC,MAAM,WAAW,GAAG,MAAM,EAAE,GAAG;AAC/D,aAAO;AAAA,IACT;AAKA,UAAM,QAAQ,MAAM,QAAQ,IAAI,OAAO,IAAI,MAAM,EAAE,GAAG,EAAE;AACxD,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,YAAY,GAAG,UAAU,IAAI,MAAM,MAAM,GAAG;AACnD,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,IACT;AAEA,UAAM,oBAAoB,OAAO,UAAU,UAAU;AACrD,UAAM,gBAAgB,OAAO,UAAU,WAAW,KAAK,GAAG,CAAC;AAC3D,QAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,QAAQ,IAAI,OAAO,aAAa;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,qBACL,QACA,MACA,WACA;AACA,QAAI;AACJ,QAAI,WAAW;AACb,kBAAY,oBAAI,KAAK;AACrB,gBAAU,WAAW,UAAU,WAAW,IAAI,OAAO,QAAQ,MAAM,SAAS,CAAC;AAAA,IAC/E;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,GAAG,KAAK,KAAK,IAAI;AAAA,IACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,KAAK,MAAc;AACxB,UAAM,OAAO,OAAO,OAAO,IAAI;AAC/B,UAAM,SAAS,IAAI,OAAO,GAAG,IAAI,GAAG,IAAI,MAAM,EAAE,UAAU,IAAI,CAAC,EAAE;AACjE,UAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AACvE,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,EAEA,YAAY,YAaT;AACD,SAAK,aAAa,WAAW;AAC7B,SAAK,cAAc,WAAW;AAC9B,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO,WAAW;AACvB,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,aAAa,WAAW;AAC7B,SAAK,YAAY,WAAW,aAAa,CAAC,GAAG;AAK7C,QAAI,WAAW,QAAQ;AACrB,UAAI,CAAC,WAAW,QAAQ;AACtB,cAAM,IAAI,iBAAiB,+CAA+C;AAAA,MAC5E;AACA,WAAK,QAAQ,IAAI;AAAA,QACf,GAAG,WAAW,MAAM,GAAG,OAAO,UAAU,OAAO,KAAK,UAAU,CAAC,CAAC,IAAI,OAAO;AAAA,UACzE,WAAW,OAAO,QAAQ;AAAA,QAC5B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,SAAiB;AACtB,WAAO,KAAK,UAAU,SAAS,OAAO,KAAK,KAAK,UAAU,SAAS,GAAG;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,SAAiB;AACtB,WAAO,CAAC,KAAK,UAAU,SAAS,OAAO,KAAK,CAAC,KAAK,UAAU,SAAS,GAAG;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,SAAiB;AACzB,QAAI,KAAK,OAAO,OAAO,GAAG;AACxB,YAAM,IAAI,sBAAsB,uBAAuB,EAAE,iBAAiB,gBAAgB,CAAC;AAAA,IAC7F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,YAAY;AACV,QAAI,CAAC,KAAK,WAAW;AACnB,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,YAAY,oBAAI,KAAK;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,QAAiC;AACtC,UAAM,UAAU,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AAC1E,WAAO,UAAU,KAAK,MAAM,OAAO;AAAA,EACrC;AAAA,EAEA,SAAS;AACP,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,QAAQ,KAAK,MAAM,QAAQ,IAAI;AAAA,MAC3C,WAAW,KAAK;AAAA,MAChB,YAAY,KAAK;AAAA,MACjB,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;AE3PA,SAAS,UAAAA,eAAc;AAehB,IAAM,oBAAN,MAGP;AAAA;AAAA;AAAA;AAAA,EAWE;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EASA,aAA8B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9B,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM1B,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAalB;AAAA,EAEA,YACE,MACA,KACA,SAKA,cACA;AACA,SAAK,QAAQ;AACb,SAAK,OAAO;AACZ,SAAK,WAAW;AAChB,SAAK,gBAAgB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,wBAAwB;AACtB,UAAM,QAAQ,IAAI,sBAAsB,uBAAuB;AAAA,MAC7D,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAED,SAAK,SAAS,KAAK,4CAA4C;AAAA,MAC7D,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,kBAA0B;AACxB,UAAM,cAAc,KAAK,KAAK,QAAQ,OAAO,iBAAiB,EAAE;AAChE,UAAM,CAAC,EAAE,KAAK,IAAI,YAAY,MAAM,SAAS;AAC7C,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB;AAAA,IACnC;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAA+F;AAC7F,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,sBAAsB,uBAAuB;AAAA,QACrD,iBAAiB,KAAK;AAAA,MACxB,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAEJ;AAKA,QAAI,KAAK,yBAAyB;AAChC,aAAO,KAAK,cAAc;AAAA,IAC5B;AAKA,SAAK,0BAA0B;AAC/B,SAAK,SAAS,KAAK,+CAA+C;AAAA,MAChE,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,IAClB,CAAC;AAKD,UAAM,cAAc,IAAIC,QAAO,KAAK,gBAAgB,CAAC;AAKrD,UAAM,QAAQ,MAAM,KAAK,cAAc,YAAY,WAAW;AAC9D,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB;AAAA,IACnC;AAMA,UAAM,eAAe,MAAM,KAAK,cAAc,SAAS,MAAM,WAAW;AACxE,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB;AAAA,IACnC;AAKA,SAAK,kBAAkB;AACvB,SAAK,OAAO,aAAa,YAAY;AAGrC,SAAK,KAAM,qBAAqB;AAKhC,SAAK,SAAS,KAAK,+CAA+C;AAAA,MAChE,KAAK,KAAK;AAAA,MACV;AAAA,MACA,WAAW,KAAK;AAAA,MAChB,MAAM,KAAK;AAAA,IACb,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBACJ,MACA,WACA,SAI6B;AAC7B,UAAM,QAAQ,MAAM,KAAK,cAAc,YAAY,MAAM,WAAW,OAAO;AAC3E,WAAO;AAAA,MACL,SAAS;AAAA,QACP,eAAe,UAAU,MAAM,MAAO,QAAQ,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,QAA0B;AAC9B,QAAI;AACF,YAAM,KAAK,aAAa;AACxB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,uBAAuB;AAC1C,eAAO;AAAA,MACT;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AACF;;;ACrPA,SAAS,oBAAAC,yBAAwB;AAgB1B,IAAM,yBAAN,MAAM,wBAEb;AAAA,EAqCE,YAAsB,SAAwD;AAAxD;AACpB,SAAK,QAAQ,QAAQ,SAAS;AAC9B,SAAK,oBAAoB,QAAQ,qBAAqB;AACtD,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,SAAS,QAAQ,UAAU;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAtCA,OAAO,SACL,OACA,SACA;AACA,WAAO,IAAI,wBAAuC,EAAE,gBAAgB,OAAO,GAAI,WAAW,CAAC,EAAG,CAAC;AAAA,EACjG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaV,mBAAmB,MAAoC;AACrD,UAAM,QAAQ,KAAK,QAAQ;AAC3B,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIC;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,kBAAkB;AAC1B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI,4DAA4D,MAAM,UAAU;AAAA,MACvG;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKU,mBAAmB,OAA0C;AACrE,WAAO,IAAI,YAAY;AAAA,MACrB,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW,KAAK,MAAM,MAAM,SAAS;AAAA,MACrC,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,YACE,OAAO,MAAM,iBAAiB,WAAW,IAAI,KAAK,MAAM,YAAY,IAAI,MAAM;AAAA,MAChF,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,IAC9E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,QAAQ;AACtB,UAAM,QAAQ,KAAK,QAAQ;AAC3B,WAAO,MAAM,SAAS,MAAM,KAAK,EAAE;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YAAsB,CAAC,GAAG,GAC1B,SAIA;AACA,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AAOrC,UAAM,iBAAiB,YAAY;AAAA,MACjC,KAAK;AAAA,MACL,KAAK;AAAA,MACL,SAAS,aAAa,KAAK,QAAQ;AAAA,IACrC;AAMA,UAAM,QAA0C;AAAA,MAC9C,cAAc,eAAe;AAAA,MAC7B,MAAM,KAAK;AAAA,MACX,MAAM,SAAS,QAAQ;AAAA,MACvB,MAAM,eAAe;AAAA,MACrB,WAAW,KAAK,UAAU,SAAS;AAAA,MACnC,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,cAAc;AAAA,MACd,YAAY,eAAe,aAAa;AAAA,IAC1C;AAKA,UAAM,CAAC,EAAE,IAAI,MAAM,YAAY,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK;AAK7D,WAAO,IAAI,YAAY;AAAA,MACrB,YAAY;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,QAAQ,eAAe;AAAA,MACvB,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW,KAAK,MAAM,MAAM,SAAS;AAAA,MACrC,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,YAAY,MAAM;AAAA,MAClB,WAAW,MAAM;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,MAAoC,YAAsC;AACnF,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,QAAQ,MAAM,YACjB,MAA4B,EAC5B,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,kBAAkB,MAAM,KAAK,KAAK,CAAC,EAC9E,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,KAAK;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YACiB;AACjB,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,eAAe,MAAM,YACxB,MAAc,EACd,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,kBAAkB,MAAM,KAAK,KAAK,CAAC,EAC9E,IAAI,EACJ,KAAK;AAER,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,MAAoC;AAC5C,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,SAAS,MAAM,YAClB,MAA4B,EAC5B,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,cAAc,KAAK,kBAAkB,MAAM,KAAK,KAAK,CAAC,EAC9D,QAAQ,gBAAgB,MAAM,EAC9B,QAAQ,MAAM,MAAM,EACpB,KAAK;AAER,WAAO,OAAO,IAAI,CAAC,UAAU;AAC3B,aAAO,KAAK,mBAAmB,KAAK;AAAA,IACtC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,YAA4B;AACvC,UAAM,eAAe,YAAY,OAAO,KAAK,QAAQ,WAAW,QAAQ,CAAC;AACzE,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,KAAK,MAAM,KAAK,MAAM;AAC5B,UAAM,QAAQ,MAAM,GACjB,MAA4B,EAC5B,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,aAAa,YAAY,MAAM,KAAK,KAAK,CAAC,EACtD,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAKA,UAAM,eAAe,oBAAI,KAAK;AAC9B,UAAM,GACH,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,MAAM,IAAI,MAAM,MAAM,KAAK,CAAC,EACxC,OAAO,EAAE,cAAc,MAAM,aAAa,CAAC;AAK9C,UAAM,cAAc,KAAK,mBAAmB,KAAK;AAKjD,QAAI,CAAC,YAAY,OAAO,aAAa,MAAM,KAAK,YAAY,UAAU,GAAG;AACvE,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AACF;;;AC7RA,SAAS,oBAAAC,yBAAwB;AAe1B,IAAM,gCAAN,MAIP;AAAA,EAQE,YAIY,SACV;AADU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAPO;AAAA;AAAA;AAAA;AAAA;AAAA,EAaV,MAAgB,WAAW;AACzB,QAAI,KAAK,OAAO;AACd,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,gBAAgB,MAAM,KAAK,QAAQ,MAAM;AAC/C,SAAK,QAAQ,cAAc;AAC3B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,oBAAoB;AAClC,UAAM,QAAQ,MAAM,KAAK,SAAS;AAElC,QAAI,CAAC,MAAM,KAAK,QAAQ,MAAM,GAAG;AAC/B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI;AAAA,MAC3B;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,QAAQ,MAAM;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACyD;AACzD,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIA;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,WAAO;AAAA,MACL,QAAQ;AAIN,YAAI,CAAC,KAAK,kBAAkB;AAC1B,gBAAM,IAAIA;AAAA,YACR,eAAe,MAAM,IAAI,oDAAoD,MAAM,UAAU;AAAA,UAC/F;AAAA,QACF;AAEA,eAAO,KAAK;AAAA,MACd;AAAA,MACA,cAAc;AACZ,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YACJ,MACA,WACA,SAIsB;AACtB,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAkB,WAAW,OAAO;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SACJ,YACgE;AAChE,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,UAAM,OAAO,MAAM,MAAM,KAAK,UAAU;AAExC,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,YAAyD;AACzE,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,UAAU;AAAA,EACzC;AACF;;;ACzHO,SAAS,YAEd,QAE6E;AAC7E,SAAO;AAAA,IACL,MAAM,SAAS,MAAM,KAAK;AACxB,YAAM,UAAU,MAAM,IAAI,UAAU,KAAK,SAAS;AAClD,YAAM,WACJ,cAAc,OAAO,WAAW,MAAM,OAAO,SAAS,SAAS,GAAG,IAAI,OAAO;AAC/E,aAAO,CAAC,QAAQ,IAAI,kBAAkB,MAAM,KAAK,SAAgB,QAAQ;AAAA,IAC3E;AAAA,EACF;AACF;AAMO,SAAS,mBAId,QACyD;AACzD,SAAO,IAAI,8BAA8B,MAAM;AACjD;","names":["Secret","Secret","RuntimeException","RuntimeException","RuntimeException"]}
|
|
1
|
+
{"version":3,"sources":["../../../modules/access_tokens_guard/access_token.ts","../../../modules/access_tokens_guard/crc32.ts","../../../modules/access_tokens_guard/guard.ts","../../../modules/access_tokens_guard/token_providers/db.ts","../../../modules/access_tokens_guard/user_providers/lucid.ts","../../../modules/access_tokens_guard/define_config.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { createHash } from 'node:crypto'\nimport string from '@adonisjs/core/helpers/string'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport { Secret, base64, safeEqual } from '@adonisjs/core/helpers'\n\nimport { CRC32 } from './crc32.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\n\n/**\n * Access token represents a token created for a user to authenticate\n * using the auth module.\n *\n * It encapsulates the logic of creating an opaque token, generating\n * its hash and verifying its hash.\n */\nexport class AccessToken {\n /**\n * Decodes a publicly shared token and return the series\n * and the token value from it.\n *\n * Returns null when unable to decode the token because of\n * invalid format or encoding.\n */\n static decode(\n prefix: string,\n value: string\n ): null | { identifier: string; secret: Secret<string> } {\n /**\n * Ensure value is a string and starts with the prefix.\n */\n if (typeof value !== 'string' || !value.startsWith(`${prefix}`)) {\n return null\n }\n\n /**\n * Remove prefix from the rest of the token.\n */\n const token = value.replace(new RegExp(`^${prefix}`), '')\n if (!token) {\n return null\n }\n\n const [identifier, ...tokenValue] = token.split('.')\n if (!identifier || tokenValue.length === 0) {\n return null\n }\n\n const decodedIdentifier = base64.urlDecode(identifier)\n const decodedSecret = base64.urlDecode(tokenValue.join('.'))\n if (!decodedIdentifier || !decodedSecret) {\n return null\n }\n\n return {\n identifier: decodedIdentifier,\n secret: new Secret(decodedSecret),\n }\n }\n\n /**\n * Creates a transient token that can be shared with the persistence\n * layer.\n */\n static createTransientToken(\n userId: string | number | BigInt,\n size: number,\n expiresIn?: string | number\n ) {\n let expiresAt: Date | undefined\n if (expiresIn) {\n expiresAt = new Date()\n expiresAt.setSeconds(expiresAt.getSeconds() + string.seconds.parse(expiresIn))\n }\n\n return {\n userId,\n expiresAt,\n ...this.seed(size),\n }\n }\n\n /**\n * Creates a secret opaque token and its hash. The secret is\n * suffixed with a crc32 checksum for secret scanning tools\n * to easily identify the token.\n */\n static seed(size: number) {\n const seed = string.random(size)\n const secret = new Secret(`${seed}${new CRC32().calculate(seed)}`)\n const hash = createHash('sha256').update(secret.release()).digest('hex')\n return { secret, hash }\n }\n\n /**\n * Identifer is a unique sequence to identify the\n * token within database. It should be the\n * primary/unique key\n */\n identifier: string | number | BigInt\n\n /**\n * Reference to the user id for whom the token\n * is generated.\n */\n tokenableId: string | number | BigInt\n\n /**\n * The value is a public representation of a token. It is created\n * by combining the \"identifier\".\"secret\"\n */\n value?: Secret<string>\n\n /**\n * Recognizable name for the token\n */\n name: string | null\n\n /**\n * A unique type to identify a bucket of tokens inside the\n * storage layer.\n */\n type: string\n\n /**\n * Hash is computed from the seed to later verify the validity\n * of seed\n */\n hash: string\n\n /**\n * Date/time when the token instance was created\n */\n createdAt: Date\n\n /**\n * Date/time when the token was updated\n */\n updatedAt: Date\n\n /**\n * Timestamp at which the token was used for authentication\n */\n lastUsedAt: Date | null\n\n /**\n * Timestamp at which the token will expire\n */\n expiresAt: Date | null\n\n /**\n * An array of abilities the token can perform. The abilities\n * is an array of abritary string values\n */\n abilities: string[]\n\n constructor(attributes: {\n identifier: string | number | BigInt\n tokenableId: string | number | BigInt\n type: string\n hash: string\n createdAt: Date\n updatedAt: Date\n lastUsedAt: Date | null\n expiresAt: Date | null\n name: string | null\n prefix?: string\n secret?: Secret<string>\n abilities?: string[]\n }) {\n this.identifier = attributes.identifier\n this.tokenableId = attributes.tokenableId\n this.name = attributes.name\n this.hash = attributes.hash\n this.type = attributes.type\n this.createdAt = attributes.createdAt\n this.updatedAt = attributes.updatedAt\n this.expiresAt = attributes.expiresAt\n this.lastUsedAt = attributes.lastUsedAt\n this.abilities = attributes.abilities || ['*']\n\n /**\n * Compute value when secret is provided\n */\n if (attributes.secret) {\n if (!attributes.prefix) {\n throw new RuntimeException('Cannot compute token value without the prefix')\n }\n this.value = new Secret(\n `${attributes.prefix}${base64.urlEncode(String(this.identifier))}.${base64.urlEncode(\n attributes.secret.release()\n )}`\n )\n }\n }\n\n /**\n * Check if the token allows the given ability.\n */\n allows(ability: string) {\n return this.abilities.includes(ability) || this.abilities.includes('*')\n }\n\n /**\n * Check if the token denies the ability.\n */\n denies(ability: string) {\n return !this.abilities.includes(ability) && !this.abilities.includes('*')\n }\n\n /**\n * Authorize ability access using the current access token\n */\n authorize(ability: string) {\n if (this.denies(ability)) {\n throw new E_UNAUTHORIZED_ACCESS('Unauthorized access', { guardDriverName: 'access_tokens' })\n }\n }\n\n /**\n * Check if the token has been expired. Verifies\n * the \"expiresAt\" timestamp with the current\n * date.\n *\n * Tokens with no expiry never expire\n */\n isExpired() {\n if (!this.expiresAt) {\n return false\n }\n\n return this.expiresAt < new Date()\n }\n\n /**\n * Verifies the value of a token against the pre-defined hash\n */\n verify(secret: Secret<string>): boolean {\n const newHash = createHash('sha256').update(secret.release()).digest('hex')\n return safeEqual(this.hash, newHash)\n }\n\n toJSON() {\n return {\n type: 'bearer',\n name: this.name,\n token: this.value ? this.value.release() : undefined,\n abilities: this.abilities,\n lastUsedAt: this.lastUsedAt,\n expiresAt: this.expiresAt,\n }\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\n/**\n * We use CRC32 just to add a recognizable checksum to tokens. This helps\n * secret scanning tools like https://docs.github.com/en/github/administering-a-repository/about-secret-scanning easily detect tokens generated by a given program.\n *\n * You can learn more about appending checksum to a hash here in this Github\n * article. https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/\n *\n * Code taken from:\n * https://github.com/tsxper/crc32/blob/main/src/CRC32.ts\n */\n\nexport class CRC32 {\n /**\n * Lookup table calculated for 0xEDB88320 divisor\n */\n #lookupTable = [\n 0, 1996959894, 3993919788, 2567524794, 124634137, 1886057615, 3915621685, 2657392035, 249268274,\n 2044508324, 3772115230, 2547177864, 162941995, 2125561021, 3887607047, 2428444049, 498536548,\n 1789927666, 4089016648, 2227061214, 450548861, 1843258603, 4107580753, 2211677639, 325883990,\n 1684777152, 4251122042, 2321926636, 335633487, 1661365465, 4195302755, 2366115317, 997073096,\n 1281953886, 3579855332, 2724688242, 1006888145, 1258607687, 3524101629, 2768942443, 901097722,\n 1119000684, 3686517206, 2898065728, 853044451, 1172266101, 3705015759, 2882616665, 651767980,\n 1373503546, 3369554304, 3218104598, 565507253, 1454621731, 3485111705, 3099436303, 671266974,\n 1594198024, 3322730930, 2970347812, 795835527, 1483230225, 3244367275, 3060149565, 1994146192,\n 31158534, 2563907772, 4023717930, 1907459465, 112637215, 2680153253, 3904427059, 2013776290,\n 251722036, 2517215374, 3775830040, 2137656763, 141376813, 2439277719, 3865271297, 1802195444,\n 476864866, 2238001368, 4066508878, 1812370925, 453092731, 2181625025, 4111451223, 1706088902,\n 314042704, 2344532202, 4240017532, 1658658271, 366619977, 2362670323, 4224994405, 1303535960,\n 984961486, 2747007092, 3569037538, 1256170817, 1037604311, 2765210733, 3554079995, 1131014506,\n 879679996, 2909243462, 3663771856, 1141124467, 855842277, 2852801631, 3708648649, 1342533948,\n 654459306, 3188396048, 3373015174, 1466479909, 544179635, 3110523913, 3462522015, 1591671054,\n 702138776, 2966460450, 3352799412, 1504918807, 783551873, 3082640443, 3233442989, 3988292384,\n 2596254646, 62317068, 1957810842, 3939845945, 2647816111, 81470997, 1943803523, 3814918930,\n 2489596804, 225274430, 2053790376, 3826175755, 2466906013, 167816743, 2097651377, 4027552580,\n 2265490386, 503444072, 1762050814, 4150417245, 2154129355, 426522225, 1852507879, 4275313526,\n 2312317920, 282753626, 1742555852, 4189708143, 2394877945, 397917763, 1622183637, 3604390888,\n 2714866558, 953729732, 1340076626, 3518719985, 2797360999, 1068828381, 1219638859, 3624741850,\n 2936675148, 906185462, 1090812512, 3747672003, 2825379669, 829329135, 1181335161, 3412177804,\n 3160834842, 628085408, 1382605366, 3423369109, 3138078467, 570562233, 1426400815, 3317316542,\n 2998733608, 733239954, 1555261956, 3268935591, 3050360625, 752459403, 1541320221, 2607071920,\n 3965973030, 1969922972, 40735498, 2617837225, 3943577151, 1913087877, 83908371, 2512341634,\n 3803740692, 2075208622, 213261112, 2463272603, 3855990285, 2094854071, 198958881, 2262029012,\n 4057260610, 1759359992, 534414190, 2176718541, 4139329115, 1873836001, 414664567, 2282248934,\n 4279200368, 1711684554, 285281116, 2405801727, 4167216745, 1634467795, 376229701, 2685067896,\n 3608007406, 1308918612, 956543938, 2808555105, 3495958263, 1231636301, 1047427035, 2932959818,\n 3654703836, 1088359270, 936918000, 2847714899, 3736837829, 1202900863, 817233897, 3183342108,\n 3401237130, 1404277552, 615818150, 3134207493, 3453421203, 1423857449, 601450431, 3009837614,\n 3294710456, 1567103746, 711928724, 3020668471, 3272380065, 1510334235, 755167117,\n ]\n\n #initialCRC = 0xffffffff\n\n #calculateBytes(bytes: Uint8Array, accumulator?: number): number {\n let crc = accumulator || this.#initialCRC\n for (const byte of bytes) {\n const tableIndex = (crc ^ byte) & 0xff\n const tableVal = this.#lookupTable[tableIndex] as number\n crc = (crc >>> 8) ^ tableVal\n }\n return crc\n }\n\n #crcToUint(crc: number): number {\n return this.#toUint32(crc ^ 0xffffffff)\n }\n\n #strToBytes(input: string): Uint8Array {\n const encoder = new TextEncoder()\n return encoder.encode(input)\n }\n\n #toUint32(num: number): number {\n if (num >= 0) {\n return num\n }\n return 0xffffffff - num * -1 + 1\n }\n\n calculate(input: string): number {\n return this.forString(input)\n }\n\n forString(input: string): number {\n const bytes = this.#strToBytes(input)\n return this.forBytes(bytes)\n }\n\n forBytes(bytes: Uint8Array, accumulator?: number): number {\n const crc = this.#calculateBytes(bytes, accumulator)\n return this.#crcToUint(crc)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { EmitterLike } from '@adonisjs/core/types/events'\n\nimport type { AccessToken } from './access_token.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\nimport type { AuthClientResponse, GuardContract } from '../../src/types.js'\nimport { GUARD_KNOWN_EVENTS, PROVIDER_REAL_USER } from '../../src/symbols.js'\nimport type { AccessTokensGuardEvents, AccessTokensUserProviderContract } from './types.js'\n\n/**\n * Implementation of access tokens guard for the Auth layer. The heavy lifting\n * of verifying tokens is done by the user provider. However, the guard is\n * used to seamlessly integrate with the auth layer of the package.\n */\nexport class AccessTokensGuard<UserProvider extends AccessTokensUserProviderContract<unknown>>\n implements\n GuardContract<UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }>\n{\n /**\n * Events emitted by the guard\n */\n declare [GUARD_KNOWN_EVENTS]: AccessTokensGuardEvents<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n >\n\n /**\n * A unique name for the guard.\n */\n #name: string\n\n /**\n * Reference to the current HTTP context\n */\n #ctx: HttpContext\n\n /**\n * Provider to lookup user details\n */\n #userProvider: UserProvider\n\n /**\n * Emitter to emit events\n */\n #emitter: EmitterLike<\n AccessTokensGuardEvents<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n >\n >\n\n /**\n * Driver name of the guard\n */\n driverName: 'access_tokens' = 'access_tokens'\n\n /**\n * Whether or not the authentication has been attempted\n * during the current request.\n */\n authenticationAttempted = false\n\n /**\n * A boolean to know if the current request has\n * been authenticated\n */\n isAuthenticated = false\n\n /**\n * Reference to an instance of the authenticated user.\n * The value only exists after calling one of the\n * following methods.\n *\n * - authenticate\n * - check\n *\n * You can use the \"getUserOrFail\" method to throw an exception if\n * the request is not authenticated.\n */\n user?: UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n\n constructor(\n name: string,\n ctx: HttpContext,\n emitter: EmitterLike<\n AccessTokensGuardEvents<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n >\n >,\n userProvider: UserProvider\n ) {\n this.#name = name\n this.#ctx = ctx\n this.#emitter = emitter\n this.#userProvider = userProvider\n }\n\n /**\n * Emits authentication failure and returns an exception\n * to end the authentication cycle.\n */\n #authenticationFailed() {\n const error = new E_UNAUTHORIZED_ACCESS('Unauthorized access', {\n guardDriverName: this.driverName,\n })\n\n this.#emitter.emit('access_tokens_auth:authentication_failed', {\n ctx: this.#ctx,\n guardName: this.#name,\n error,\n })\n\n return error\n }\n\n /**\n * Returns the bearer token from the request headers or fails\n */\n #getBearerToken(): string {\n const bearerToken = this.#ctx.request.header('authorization', '')!\n const [, token] = bearerToken.split('Bearer ')\n if (!token) {\n throw this.#authenticationFailed()\n }\n\n return token\n }\n\n /**\n * Returns an instance of the authenticated user. Or throws\n * an exception if the request is not authenticated.\n */\n getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken } {\n if (!this.user) {\n throw new E_UNAUTHORIZED_ACCESS('Unauthorized access', {\n guardDriverName: this.driverName,\n })\n }\n\n return this.user\n }\n\n /**\n * Authenticate the current HTTP request by verifying the bearer\n * token or fails with an exception\n */\n async authenticate(): Promise<\n UserProvider[typeof PROVIDER_REAL_USER] & { currentAccessToken: AccessToken }\n > {\n /**\n * Return early when authentication has already\n * been attempted\n */\n if (this.authenticationAttempted) {\n return this.getUserOrFail()\n }\n\n /**\n * Notify we begin to attempt the authentication\n */\n this.authenticationAttempted = true\n this.#emitter.emit('access_tokens_auth:authentication_attempted', {\n ctx: this.#ctx,\n guardName: this.#name,\n })\n\n /**\n * Decode token or fail when unable to do so\n */\n const bearerToken = new Secret(this.#getBearerToken())\n\n /**\n * Verify for token via the user provider\n */\n const token = await this.#userProvider.verifyToken(bearerToken)\n if (!token) {\n throw this.#authenticationFailed()\n }\n\n /**\n * Check if a user for the token exists. Otherwise abort\n * authentication\n */\n const providerUser = await this.#userProvider.findById(token.tokenableId)\n if (!providerUser) {\n throw this.#authenticationFailed()\n }\n\n /**\n * Update local state\n */\n this.isAuthenticated = true\n this.user = providerUser.getOriginal() as UserProvider[typeof PROVIDER_REAL_USER] & {\n currentAccessToken: AccessToken\n }\n this.user!.currentAccessToken = token\n\n /**\n * Notify\n */\n this.#emitter.emit('access_tokens_auth:authentication_succeeded', {\n ctx: this.#ctx,\n token,\n guardName: this.#name,\n user: this.user,\n })\n\n return this.user\n }\n\n /**\n * Returns the Authorization header clients can use to authenticate\n * the request.\n */\n async authenticateAsClient(\n user: UserProvider[typeof PROVIDER_REAL_USER],\n abilities?: string[],\n options?: {\n expiresIn?: string | number\n name?: string\n }\n ): Promise<AuthClientResponse> {\n const token = await this.#userProvider.createToken(user, abilities, options)\n return {\n headers: {\n authorization: `Bearer ${token.value!.release()}`,\n },\n }\n }\n\n /**\n * Silently check if the user is authenticated or not. The\n * method is same the \"authenticate\" method but does not\n * throw any exceptions.\n */\n async check(): Promise<boolean> {\n try {\n await this.authenticate()\n return true\n } catch (error) {\n if (error instanceof E_UNAUTHORIZED_ACCESS) {\n return false\n }\n\n throw error\n }\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { inspect } from 'node:util'\nimport type { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { LucidModel } from '@adonisjs/lucid/types/model'\n\nimport { AccessToken } from '../access_token.js'\nimport type {\n AccessTokenDbColumns,\n AccessTokensProviderContract,\n DbAccessTokensProviderOptions,\n} from '../types.js'\n\n/**\n * DbAccessTokensProvider uses lucid database service to fetch and\n * persist tokens for a given user.\n *\n * The user must be an instance of the associated user model.\n */\nexport class DbAccessTokensProvider<TokenableModel extends LucidModel>\n implements AccessTokensProviderContract<TokenableModel>\n{\n /**\n * Create tokens provider instance for a given Lucid model\n */\n static forModel<TokenableModel extends LucidModel>(\n model: DbAccessTokensProviderOptions<TokenableModel>['tokenableModel'],\n options?: Omit<DbAccessTokensProviderOptions<TokenableModel>, 'tokenableModel'>\n ) {\n return new DbAccessTokensProvider<TokenableModel>({ tokenableModel: model, ...(options || {}) })\n }\n\n /**\n * A unique type for the value. The type is used to identify a\n * bucket of tokens within the storage layer.\n *\n * Defaults to auth_token\n */\n protected type: string\n\n /**\n * A unique prefix to append to the publicly shared token value.\n *\n * Defaults to oat\n */\n protected prefix: string\n\n /**\n * Database table to use for querying access tokens\n */\n protected table: string\n\n /**\n * The length for the token secret. A secret is a cryptographically\n * secure random string.\n */\n protected tokenSecretLength: number\n\n constructor(protected options: DbAccessTokensProviderOptions<TokenableModel>) {\n this.table = options.table || 'auth_access_tokens'\n this.tokenSecretLength = options.tokenSecretLength || 40\n this.type = options.type || 'auth_token'\n this.prefix = options.prefix || 'oat_'\n }\n\n /**\n * Check if value is an object\n */\n #isObject(value: unknown) {\n return value !== null && typeof value === 'object' && !Array.isArray(value)\n }\n\n /**\n * Ensure the provided user is an instance of the user model and\n * has a primary key\n */\n #ensureIsPersisted(user: InstanceType<TokenableModel>) {\n const model = this.options.tokenableModel\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for managing access tokens. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n }\n\n /**\n * Maps a database row to an instance token instance\n */\n protected dbRowToAccessToken(dbRow: AccessTokenDbColumns): AccessToken {\n return new AccessToken({\n identifier: dbRow.id,\n tokenableId: dbRow.tokenable_id,\n type: dbRow.type,\n name: dbRow.name,\n hash: dbRow.hash,\n abilities: JSON.parse(dbRow.abilities),\n createdAt:\n typeof dbRow.created_at === 'number' ? new Date(dbRow.created_at) : dbRow.created_at,\n updatedAt:\n typeof dbRow.updated_at === 'number' ? new Date(dbRow.updated_at) : dbRow.updated_at,\n lastUsedAt:\n typeof dbRow.last_used_at === 'number' ? new Date(dbRow.last_used_at) : dbRow.last_used_at,\n expiresAt:\n typeof dbRow.expires_at === 'number' ? new Date(dbRow.expires_at) : dbRow.expires_at,\n })\n }\n\n /**\n * Returns a query client instance from the parent model\n */\n protected async getDb() {\n const model = this.options.tokenableModel\n return model.$adapter.query(model).client\n }\n\n /**\n * Create a token for a user\n */\n async create(\n user: InstanceType<TokenableModel>,\n abilities: string[] = ['*'],\n options?: {\n name?: string\n expiresIn?: string | number\n }\n ) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n\n /**\n * Creating a transient token. Transient token abstracts\n * the logic of creating a random secure secret and its\n * hash\n */\n const transientToken = AccessToken.createTransientToken(\n user.$primaryKeyValue!,\n this.tokenSecretLength,\n options?.expiresIn || this.options.expiresIn\n )\n\n /**\n * Row to insert inside the database. We expect exactly these\n * columns to exist.\n */\n const dbRow: Omit<AccessTokenDbColumns, 'id'> = {\n tokenable_id: transientToken.userId,\n type: this.type,\n name: options?.name || null,\n hash: transientToken.hash,\n abilities: JSON.stringify(abilities),\n created_at: new Date(),\n updated_at: new Date(),\n last_used_at: null,\n expires_at: transientToken.expiresAt || null,\n }\n\n /**\n * Insert data to the database.\n */\n const result = await queryClient.table(this.table).insert(dbRow).returning('id')\n const id = this.#isObject(result[0]) ? result[0].id : result[0]\n\n /**\n * Throw error when unable to find id in the return value of\n * the insert query\n */\n if (!id) {\n throw new RuntimeException(\n `Cannot save access token. The result \"${inspect(result)}\" of insert query is unexpected`\n )\n }\n\n /**\n * Convert db row to an access token\n */\n return new AccessToken({\n identifier: id,\n tokenableId: dbRow.tokenable_id,\n type: dbRow.type,\n prefix: this.prefix,\n secret: transientToken.secret,\n name: dbRow.name,\n hash: dbRow.hash,\n abilities: JSON.parse(dbRow.abilities),\n createdAt: dbRow.created_at,\n updatedAt: dbRow.updated_at,\n lastUsedAt: dbRow.last_used_at,\n expiresAt: dbRow.expires_at,\n })\n }\n\n /**\n * Find a token for a user by the token id\n */\n async find(user: InstanceType<TokenableModel>, identifier: string | number | BigInt) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRow = await queryClient\n .query<AccessTokenDbColumns>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue, type: this.type })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n return this.dbRowToAccessToken(dbRow)\n }\n\n /**\n * Delete a token by its id\n */\n async delete(\n user: InstanceType<TokenableModel>,\n identifier: string | number | BigInt\n ): Promise<number> {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const affectedRows = await queryClient\n .query<number>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue, type: this.type })\n .del()\n .exec()\n\n return affectedRows as unknown as number\n }\n\n /**\n * Returns all the tokens a given user\n */\n async all(user: InstanceType<TokenableModel>) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRows = await queryClient\n .query<AccessTokenDbColumns>()\n .from(this.table)\n .where({ tokenable_id: user.$primaryKeyValue, type: this.type })\n .ifDialect('postgres', (query) => {\n query.orderBy([\n {\n column: 'last_used_at',\n order: 'desc',\n nulls: 'last',\n },\n ])\n })\n .unlessDialect('postgres', (query) => {\n query.orderBy([\n {\n column: 'last_used_at',\n order: 'asc',\n nulls: 'last',\n },\n ])\n })\n .orderBy('id', 'desc')\n .exec()\n\n return dbRows.map((dbRow) => {\n return this.dbRowToAccessToken(dbRow)\n })\n }\n\n /**\n * Verifies a publicly shared access token and returns an\n * access token for it.\n *\n * Returns null when unable to verify the token or find it\n * inside the storage\n */\n async verify(tokenValue: Secret<string>) {\n const decodedToken = AccessToken.decode(this.prefix, tokenValue.release())\n if (!decodedToken) {\n return null\n }\n\n const db = await this.getDb()\n const dbRow = await db\n .query<AccessTokenDbColumns>()\n .from(this.table)\n .where({ id: decodedToken.identifier, type: this.type })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n /**\n * Update last time the token is used\n */\n dbRow.last_used_at = new Date()\n await db\n .from(this.table)\n .where({ id: dbRow.id, type: dbRow.type })\n .update({ last_used_at: dbRow.last_used_at })\n\n /**\n * Convert to access token instance\n */\n const accessToken = this.dbRowToAccessToken(dbRow)\n\n /**\n * Ensure the token secret matches the token hash\n */\n if (!accessToken.verify(decodedToken.secret) || accessToken.isExpired()) {\n return null\n }\n\n return accessToken\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { LucidRow } from '@adonisjs/lucid/types/model'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\n\nimport { AccessToken } from '../access_token.js'\nimport { PROVIDER_REAL_USER } from '../../../src/symbols.js'\nimport type {\n LucidTokenable,\n AccessTokensGuardUser,\n AccessTokensUserProviderContract,\n AccessTokensLucidUserProviderOptions,\n} from '../types.js'\n\n/**\n * Uses a lucid model to verify access tokens and find a user during\n * authentication\n */\nexport class AccessTokensLucidUserProvider<\n TokenableProperty extends string,\n UserModel extends LucidTokenable<TokenableProperty>,\n> implements AccessTokensUserProviderContract<InstanceType<UserModel>>\n{\n declare [PROVIDER_REAL_USER]: InstanceType<UserModel>\n\n /**\n * Reference to the lazily imported model\n */\n protected model?: UserModel\n\n constructor(\n /**\n * Lucid provider options\n */\n protected options: AccessTokensLucidUserProviderOptions<TokenableProperty, UserModel>\n ) {}\n\n /**\n * Imports the model from the provider, returns and caches it\n * for further operations.\n */\n protected async getModel() {\n if (this.model) {\n return this.model\n }\n\n const importedModel = await this.options.model()\n this.model = importedModel.default\n return this.model\n }\n\n /**\n * Returns the tokens provider associated with the user model\n */\n protected async getTokensProvider() {\n const model = await this.getModel()\n\n if (!model[this.options.tokens]) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for verifying access tokens. Make sure to assign a token provider to the model.`\n )\n }\n\n return model[this.options.tokens]\n }\n\n /**\n * Creates an adapter user for the guard\n */\n async createUserForGuard(\n user: InstanceType<UserModel>\n ): Promise<AccessTokensGuardUser<InstanceType<UserModel>>> {\n const model = await this.getModel()\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n return {\n getId() {\n /**\n * Ensure user has a primary key\n */\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for authentication. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n\n return user.$primaryKeyValue\n },\n getOriginal() {\n return user\n },\n }\n }\n\n /**\n * Create a token for a given user\n */\n async createToken(\n user: InstanceType<UserModel>,\n abilities?: string[] | undefined,\n options?: {\n name?: string\n expiresIn?: string | number\n }\n ): Promise<AccessToken> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.create(user as LucidRow, abilities, options)\n }\n\n /**\n * Finds a user by the user id\n */\n async findById(\n identifier: string | number | BigInt\n ): Promise<AccessTokensGuardUser<InstanceType<UserModel>> | null> {\n const model = await this.getModel()\n const user = await model.find(identifier)\n\n if (!user) {\n return null\n }\n\n return this.createUserForGuard(user)\n }\n\n /**\n * Verifies a publicly shared access token and returns an\n * access token for it.\n */\n async verifyToken(tokenValue: Secret<string>): Promise<AccessToken | null> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.verify(tokenValue)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { ConfigProvider } from '@adonisjs/core/types'\n\nimport { AccessTokensGuard } from './guard.js'\nimport type { GuardConfigProvider } from '../../src/types.js'\nimport { AccessTokensLucidUserProvider } from './user_providers/lucid.js'\nimport type {\n LucidTokenable,\n AccessTokensUserProviderContract,\n AccessTokensLucidUserProviderOptions,\n} from './types.js'\n\n/**\n * Configures access tokens guard for authentication\n */\nexport function tokensGuard<\n UserProvider extends AccessTokensUserProviderContract<unknown>,\n>(config: {\n provider: UserProvider | ConfigProvider<UserProvider>\n}): GuardConfigProvider<(ctx: HttpContext) => AccessTokensGuard<UserProvider>> {\n return {\n async resolver(name, app) {\n const emitter = await app.container.make('emitter')\n const provider =\n 'resolver' in config.provider ? await config.provider.resolver(app) : config.provider\n return (ctx) => new AccessTokensGuard(name, ctx, emitter as any, provider)\n },\n }\n}\n\n/**\n * Configures user provider that uses Lucid models to verify\n * access tokens and find users during authentication.\n */\nexport function tokensUserProvider<\n TokenableProperty extends string,\n Model extends LucidTokenable<TokenableProperty>,\n>(\n config: AccessTokensLucidUserProviderOptions<TokenableProperty, Model>\n): AccessTokensLucidUserProvider<TokenableProperty, Model> {\n return new AccessTokensLucidUserProvider(config)\n}\n"],"mappings":";;;;;;AASA,SAAS,kBAAkB;AAC3B,OAAO,YAAY;AACnB,SAAS,wBAAwB;AACjC,SAAS,QAAQ,QAAQ,iBAAiB;;;ACQnC,IAAM,QAAN,MAAY;AAAA;AAAA;AAAA;AAAA,EAIjB,eAAe;AAAA,IACb;AAAA,IAAG;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACtF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACpF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAU;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IACjF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAU;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAU;AAAA,IAAY;AAAA,IAChF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAU;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAU;AAAA,IAChF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IACnF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAClF;AAAA,IAAY;AAAA,IAAY;AAAA,IAAW;AAAA,IAAY;AAAA,IAAY;AAAA,IAAY;AAAA,EACzE;AAAA,EAEA,cAAc;AAAA,EAEd,gBAAgB,OAAmB,aAA8B;AAC/D,QAAI,MAAM,eAAe,KAAK;AAC9B,eAAW,QAAQ,OAAO;AACxB,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,WAAW,KAAK,aAAa,UAAU;AAC7C,YAAO,QAAQ,IAAK;AAAA,IACtB;AACA,WAAO;AAAA,EACT;AAAA,EAEA,WAAW,KAAqB;AAC9B,WAAO,KAAK,UAAU,MAAM,UAAU;AAAA,EACxC;AAAA,EAEA,YAAY,OAA2B;AACrC,UAAM,UAAU,IAAI,YAAY;AAChC,WAAO,QAAQ,OAAO,KAAK;AAAA,EAC7B;AAAA,EAEA,UAAU,KAAqB;AAC7B,QAAI,OAAO,GAAG;AACZ,aAAO;AAAA,IACT;AACA,WAAO,aAAa,MAAM,KAAK;AAAA,EACjC;AAAA,EAEA,UAAU,OAAuB;AAC/B,WAAO,KAAK,UAAU,KAAK;AAAA,EAC7B;AAAA,EAEA,UAAU,OAAuB;AAC/B,UAAM,QAAQ,KAAK,YAAY,KAAK;AACpC,WAAO,KAAK,SAAS,KAAK;AAAA,EAC5B;AAAA,EAEA,SAAS,OAAmB,aAA8B;AACxD,UAAM,MAAM,KAAK,gBAAgB,OAAO,WAAW;AACnD,WAAO,KAAK,WAAW,GAAG;AAAA,EAC5B;AACF;;;AD5EO,IAAM,cAAN,MAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQvB,OAAO,OACL,QACA,OACuD;AAIvD,QAAI,OAAO,UAAU,YAAY,CAAC,MAAM,WAAW,GAAG,MAAM,EAAE,GAAG;AAC/D,aAAO;AAAA,IACT;AAKA,UAAM,QAAQ,MAAM,QAAQ,IAAI,OAAO,IAAI,MAAM,EAAE,GAAG,EAAE;AACxD,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,YAAY,GAAG,UAAU,IAAI,MAAM,MAAM,GAAG;AACnD,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,IACT;AAEA,UAAM,oBAAoB,OAAO,UAAU,UAAU;AACrD,UAAM,gBAAgB,OAAO,UAAU,WAAW,KAAK,GAAG,CAAC;AAC3D,QAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,QAAQ,IAAI,OAAO,aAAa;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,qBACL,QACA,MACA,WACA;AACA,QAAI;AACJ,QAAI,WAAW;AACb,kBAAY,oBAAI,KAAK;AACrB,gBAAU,WAAW,UAAU,WAAW,IAAI,OAAO,QAAQ,MAAM,SAAS,CAAC;AAAA,IAC/E;AAEA,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,GAAG,KAAK,KAAK,IAAI;AAAA,IACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,KAAK,MAAc;AACxB,UAAM,OAAO,OAAO,OAAO,IAAI;AAC/B,UAAM,SAAS,IAAI,OAAO,GAAG,IAAI,GAAG,IAAI,MAAM,EAAE,UAAU,IAAI,CAAC,EAAE;AACjE,UAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AACvE,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA,EAEA,YAAY,YAaT;AACD,SAAK,aAAa,WAAW;AAC7B,SAAK,cAAc,WAAW;AAC9B,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO,WAAW;AACvB,SAAK,OAAO,WAAW;AACvB,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,aAAa,WAAW;AAC7B,SAAK,YAAY,WAAW,aAAa,CAAC,GAAG;AAK7C,QAAI,WAAW,QAAQ;AACrB,UAAI,CAAC,WAAW,QAAQ;AACtB,cAAM,IAAI,iBAAiB,+CAA+C;AAAA,MAC5E;AACA,WAAK,QAAQ,IAAI;AAAA,QACf,GAAG,WAAW,MAAM,GAAG,OAAO,UAAU,OAAO,KAAK,UAAU,CAAC,CAAC,IAAI,OAAO;AAAA,UACzE,WAAW,OAAO,QAAQ;AAAA,QAC5B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,SAAiB;AACtB,WAAO,KAAK,UAAU,SAAS,OAAO,KAAK,KAAK,UAAU,SAAS,GAAG;AAAA,EACxE;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,SAAiB;AACtB,WAAO,CAAC,KAAK,UAAU,SAAS,OAAO,KAAK,CAAC,KAAK,UAAU,SAAS,GAAG;AAAA,EAC1E;AAAA;AAAA;AAAA;AAAA,EAKA,UAAU,SAAiB;AACzB,QAAI,KAAK,OAAO,OAAO,GAAG;AACxB,YAAM,IAAI,sBAAsB,uBAAuB,EAAE,iBAAiB,gBAAgB,CAAC;AAAA,IAC7F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,YAAY;AACV,QAAI,CAAC,KAAK,WAAW;AACnB,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,YAAY,oBAAI,KAAK;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,QAAiC;AACtC,UAAM,UAAU,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AAC1E,WAAO,UAAU,KAAK,MAAM,OAAO;AAAA,EACrC;AAAA,EAEA,SAAS;AACP,WAAO;AAAA,MACL,MAAM;AAAA,MACN,MAAM,KAAK;AAAA,MACX,OAAO,KAAK,QAAQ,KAAK,MAAM,QAAQ,IAAI;AAAA,MAC3C,WAAW,KAAK;AAAA,MAChB,YAAY,KAAK;AAAA,MACjB,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;AE3PA,SAAS,UAAAA,eAAc;AAehB,IAAM,oBAAN,MAGP;AAAA;AAAA;AAAA;AAAA,EAWE;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EASA,aAA8B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM9B,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM1B,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAalB;AAAA,EAEA,YACE,MACA,KACA,SAKA,cACA;AACA,SAAK,QAAQ;AACb,SAAK,OAAO;AACZ,SAAK,WAAW;AAChB,SAAK,gBAAgB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,wBAAwB;AACtB,UAAM,QAAQ,IAAI,sBAAsB,uBAAuB;AAAA,MAC7D,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAED,SAAK,SAAS,KAAK,4CAA4C;AAAA,MAC7D,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,kBAA0B;AACxB,UAAM,cAAc,KAAK,KAAK,QAAQ,OAAO,iBAAiB,EAAE;AAChE,UAAM,CAAC,EAAE,KAAK,IAAI,YAAY,MAAM,SAAS;AAC7C,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB;AAAA,IACnC;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAA+F;AAC7F,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,sBAAsB,uBAAuB;AAAA,QACrD,iBAAiB,KAAK;AAAA,MACxB,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAEJ;AAKA,QAAI,KAAK,yBAAyB;AAChC,aAAO,KAAK,cAAc;AAAA,IAC5B;AAKA,SAAK,0BAA0B;AAC/B,SAAK,SAAS,KAAK,+CAA+C;AAAA,MAChE,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,IAClB,CAAC;AAKD,UAAM,cAAc,IAAIC,QAAO,KAAK,gBAAgB,CAAC;AAKrD,UAAM,QAAQ,MAAM,KAAK,cAAc,YAAY,WAAW;AAC9D,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB;AAAA,IACnC;AAMA,UAAM,eAAe,MAAM,KAAK,cAAc,SAAS,MAAM,WAAW;AACxE,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB;AAAA,IACnC;AAKA,SAAK,kBAAkB;AACvB,SAAK,OAAO,aAAa,YAAY;AAGrC,SAAK,KAAM,qBAAqB;AAKhC,SAAK,SAAS,KAAK,+CAA+C;AAAA,MAChE,KAAK,KAAK;AAAA,MACV;AAAA,MACA,WAAW,KAAK;AAAA,MAChB,MAAM,KAAK;AAAA,IACb,CAAC;AAED,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBACJ,MACA,WACA,SAI6B;AAC7B,UAAM,QAAQ,MAAM,KAAK,cAAc,YAAY,MAAM,WAAW,OAAO;AAC3E,WAAO;AAAA,MACL,SAAS;AAAA,QACP,eAAe,UAAU,MAAM,MAAO,QAAQ,CAAC;AAAA,MACjD;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,QAA0B;AAC9B,QAAI;AACF,YAAM,KAAK,aAAa;AACxB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,uBAAuB;AAC1C,eAAO;AAAA,MACT;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AACF;;;ACtPA,SAAS,eAAe;AAExB,SAAS,oBAAAC,yBAAwB;AAgB1B,IAAM,yBAAN,MAAM,wBAEb;AAAA,EAqCE,YAAsB,SAAwD;AAAxD;AACpB,SAAK,QAAQ,QAAQ,SAAS;AAC9B,SAAK,oBAAoB,QAAQ,qBAAqB;AACtD,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,SAAS,QAAQ,UAAU;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAtCA,OAAO,SACL,OACA,SACA;AACA,WAAO,IAAI,wBAAuC,EAAE,gBAAgB,OAAO,GAAI,WAAW,CAAC,EAAG,CAAC;AAAA,EACjG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQU;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAYV,UAAU,OAAgB;AACxB,WAAO,UAAU,QAAQ,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBAAmB,MAAoC;AACrD,UAAM,QAAQ,KAAK,QAAQ;AAC3B,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIC;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,kBAAkB;AAC1B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI,4DAA4D,MAAM,UAAU;AAAA,MACvG;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKU,mBAAmB,OAA0C;AACrE,WAAO,IAAI,YAAY;AAAA,MACrB,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW,KAAK,MAAM,MAAM,SAAS;AAAA,MACrC,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,YACE,OAAO,MAAM,iBAAiB,WAAW,IAAI,KAAK,MAAM,YAAY,IAAI,MAAM;AAAA,MAChF,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,IAC9E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,QAAQ;AACtB,UAAM,QAAQ,KAAK,QAAQ;AAC3B,WAAO,MAAM,SAAS,MAAM,KAAK,EAAE;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YAAsB,CAAC,GAAG,GAC1B,SAIA;AACA,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AAOrC,UAAM,iBAAiB,YAAY;AAAA,MACjC,KAAK;AAAA,MACL,KAAK;AAAA,MACL,SAAS,aAAa,KAAK,QAAQ;AAAA,IACrC;AAMA,UAAM,QAA0C;AAAA,MAC9C,cAAc,eAAe;AAAA,MAC7B,MAAM,KAAK;AAAA,MACX,MAAM,SAAS,QAAQ;AAAA,MACvB,MAAM,eAAe;AAAA,MACrB,WAAW,KAAK,UAAU,SAAS;AAAA,MACnC,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,cAAc;AAAA,MACd,YAAY,eAAe,aAAa;AAAA,IAC1C;AAKA,UAAM,SAAS,MAAM,YAAY,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK,EAAE,UAAU,IAAI;AAC/E,UAAM,KAAK,KAAK,UAAU,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC;AAM9D,QAAI,CAAC,IAAI;AACP,YAAM,IAAIA;AAAA,QACR,yCAAyC,QAAQ,MAAM,CAAC;AAAA,MAC1D;AAAA,IACF;AAKA,WAAO,IAAI,YAAY;AAAA,MACrB,YAAY;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,QAAQ,KAAK;AAAA,MACb,QAAQ,eAAe;AAAA,MACvB,MAAM,MAAM;AAAA,MACZ,MAAM,MAAM;AAAA,MACZ,WAAW,KAAK,MAAM,MAAM,SAAS;AAAA,MACrC,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,YAAY,MAAM;AAAA,MAClB,WAAW,MAAM;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,MAAoC,YAAsC;AACnF,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,QAAQ,MAAM,YACjB,MAA4B,EAC5B,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,kBAAkB,MAAM,KAAK,KAAK,CAAC,EAC9E,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,KAAK;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YACiB;AACjB,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,eAAe,MAAM,YACxB,MAAc,EACd,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,kBAAkB,MAAM,KAAK,KAAK,CAAC,EAC9E,IAAI,EACJ,KAAK;AAER,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,MAAoC;AAC5C,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,SAAS,MAAM,YAClB,MAA4B,EAC5B,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,cAAc,KAAK,kBAAkB,MAAM,KAAK,KAAK,CAAC,EAC9D,UAAU,YAAY,CAAC,UAAU;AAChC,YAAM,QAAQ;AAAA,QACZ;AAAA,UACE,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF,CAAC;AAAA,IACH,CAAC,EACA,cAAc,YAAY,CAAC,UAAU;AACpC,YAAM,QAAQ;AAAA,QACZ;AAAA,UACE,QAAQ;AAAA,UACR,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF,CAAC;AAAA,IACH,CAAC,EACA,QAAQ,MAAM,MAAM,EACpB,KAAK;AAER,WAAO,OAAO,IAAI,CAAC,UAAU;AAC3B,aAAO,KAAK,mBAAmB,KAAK;AAAA,IACtC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,YAA4B;AACvC,UAAM,eAAe,YAAY,OAAO,KAAK,QAAQ,WAAW,QAAQ,CAAC;AACzE,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,KAAK,MAAM,KAAK,MAAM;AAC5B,UAAM,QAAQ,MAAM,GACjB,MAA4B,EAC5B,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,aAAa,YAAY,MAAM,KAAK,KAAK,CAAC,EACtD,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAKA,UAAM,eAAe,oBAAI,KAAK;AAC9B,UAAM,GACH,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,MAAM,IAAI,MAAM,MAAM,KAAK,CAAC,EACxC,OAAO,EAAE,cAAc,MAAM,aAAa,CAAC;AAK9C,UAAM,cAAc,KAAK,mBAAmB,KAAK;AAKjD,QAAI,CAAC,YAAY,OAAO,aAAa,MAAM,KAAK,YAAY,UAAU,GAAG;AACvE,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AACF;;;ACjUA,SAAS,oBAAAC,yBAAwB;AAe1B,IAAM,gCAAN,MAIP;AAAA,EAQE,YAIY,SACV;AADU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAPO;AAAA;AAAA;AAAA;AAAA;AAAA,EAaV,MAAgB,WAAW;AACzB,QAAI,KAAK,OAAO;AACd,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,gBAAgB,MAAM,KAAK,QAAQ,MAAM;AAC/C,SAAK,QAAQ,cAAc;AAC3B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,oBAAoB;AAClC,UAAM,QAAQ,MAAM,KAAK,SAAS;AAElC,QAAI,CAAC,MAAM,KAAK,QAAQ,MAAM,GAAG;AAC/B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI;AAAA,MAC3B;AAAA,IACF;AAEA,WAAO,MAAM,KAAK,QAAQ,MAAM;AAAA,EAClC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACyD;AACzD,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIA;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,WAAO;AAAA,MACL,QAAQ;AAIN,YAAI,CAAC,KAAK,kBAAkB;AAC1B,gBAAM,IAAIA;AAAA,YACR,eAAe,MAAM,IAAI,oDAAoD,MAAM,UAAU;AAAA,UAC/F;AAAA,QACF;AAEA,eAAO,KAAK;AAAA,MACd;AAAA,MACA,cAAc;AACZ,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,YACJ,MACA,WACA,SAIsB;AACtB,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAkB,WAAW,OAAO;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SACJ,YACgE;AAChE,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,UAAM,OAAO,MAAM,MAAM,KAAK,UAAU;AAExC,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,YAAyD;AACzE,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,UAAU;AAAA,EACzC;AACF;;;ACzHO,SAAS,YAEd,QAE6E;AAC7E,SAAO;AAAA,IACL,MAAM,SAAS,MAAM,KAAK;AACxB,YAAM,UAAU,MAAM,IAAI,UAAU,KAAK,SAAS;AAClD,YAAM,WACJ,cAAc,OAAO,WAAW,MAAM,OAAO,SAAS,SAAS,GAAG,IAAI,OAAO;AAC/E,aAAO,CAAC,QAAQ,IAAI,kBAAkB,MAAM,KAAK,SAAgB,QAAQ;AAAA,IAC3E;AAAA,EACF;AACF;AAMO,SAAS,mBAId,QACyD;AACzD,SAAO,IAAI,8BAA8B,MAAM;AACjD;","names":["Secret","Secret","RuntimeException","RuntimeException","RuntimeException"]}
|
|
@@ -458,6 +458,7 @@ var SessionGuard = class {
|
|
|
458
458
|
};
|
|
459
459
|
|
|
460
460
|
// modules/session_guard/token_providers/db.ts
|
|
461
|
+
import { inspect } from "node:util";
|
|
461
462
|
import { RuntimeException as RuntimeException2 } from "@adonisjs/core/exceptions";
|
|
462
463
|
var DbRememberMeTokensProvider = class _DbRememberMeTokensProvider {
|
|
463
464
|
constructor(options) {
|
|
@@ -483,6 +484,12 @@ var DbRememberMeTokensProvider = class _DbRememberMeTokensProvider {
|
|
|
483
484
|
* secure random string.
|
|
484
485
|
*/
|
|
485
486
|
tokenSecretLength;
|
|
487
|
+
/**
|
|
488
|
+
* Check if value is an object
|
|
489
|
+
*/
|
|
490
|
+
#isObject(value) {
|
|
491
|
+
return value !== null && typeof value === "object" && !Array.isArray(value);
|
|
492
|
+
}
|
|
486
493
|
/**
|
|
487
494
|
* Ensure the provided user is an instance of the user model and
|
|
488
495
|
* has a primary key
|
|
@@ -538,7 +545,13 @@ var DbRememberMeTokensProvider = class _DbRememberMeTokensProvider {
|
|
|
538
545
|
updated_at: /* @__PURE__ */ new Date(),
|
|
539
546
|
expires_at: transientToken.expiresAt
|
|
540
547
|
};
|
|
541
|
-
const
|
|
548
|
+
const result = await queryClient.table(this.table).insert(dbRow).returning("id");
|
|
549
|
+
const id = this.#isObject(result[0]) ? result[0].id : result[0];
|
|
550
|
+
if (!id) {
|
|
551
|
+
throw new RuntimeException2(
|
|
552
|
+
`Cannot save access token. The result "${inspect(result)}" of insert query is unexpected`
|
|
553
|
+
);
|
|
554
|
+
}
|
|
542
555
|
return new RememberMeToken({
|
|
543
556
|
identifier: id,
|
|
544
557
|
tokenableId: dbRow.tokenable_id,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../../modules/session_guard/remember_me_token.ts","../../../modules/session_guard/guard.ts","../../../modules/session_guard/token_providers/db.ts","../../../modules/session_guard/user_providers/lucid.ts","../../../modules/session_guard/define_config.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { createHash } from 'node:crypto'\nimport string from '@adonisjs/core/helpers/string'\nimport { Secret, base64, safeEqual } from '@adonisjs/core/helpers'\n\n/**\n * Remember me token represents an opaque token that can be\n * used to automatically login a user without asking them\n * to re-login\n */\nexport class RememberMeToken {\n /**\n * Decodes a publicly shared token and return the series\n * and the token value from it.\n *\n * Returns null when unable to decode the token because of\n * invalid format or encoding.\n */\n static decode(value: string): null | { identifier: string; secret: Secret<string> } {\n /**\n * Ensure value is a string and starts with the prefix.\n */\n if (typeof value !== 'string') {\n return null\n }\n\n /**\n * Remove prefix from the rest of the token.\n */\n if (!value) {\n return null\n }\n\n const [identifier, ...tokenValue] = value.split('.')\n if (!identifier || tokenValue.length === 0) {\n return null\n }\n\n const decodedIdentifier = base64.urlDecode(identifier)\n const decodedSecret = base64.urlDecode(tokenValue.join('.'))\n if (!decodedIdentifier || !decodedSecret) {\n return null\n }\n\n return {\n identifier: decodedIdentifier,\n secret: new Secret(decodedSecret),\n }\n }\n\n /**\n * Creates a transient token that can be shared with the persistence\n * layer.\n */\n static createTransientToken(\n userId: string | number | BigInt,\n size: number,\n expiresIn: string | number\n ) {\n const expiresAt = new Date()\n expiresAt.setSeconds(expiresAt.getSeconds() + string.seconds.parse(expiresIn))\n\n return {\n userId,\n expiresAt,\n ...this.seed(size),\n }\n }\n\n /**\n * Creates a secret opaque token and its hash.\n */\n static seed(size: number) {\n const seed = string.random(size)\n const secret = new Secret(seed)\n const hash = createHash('sha256').update(secret.release()).digest('hex')\n return { secret, hash }\n }\n\n /**\n * Identifer is a unique sequence to identify the\n * token within database. It should be the\n * primary/unique key\n */\n identifier: string | number | BigInt\n\n /**\n * Reference to the user id for whom the token\n * is generated.\n */\n tokenableId: string | number | BigInt\n\n /**\n * The value is a public representation of a token. It is created\n * by combining the \"identifier\".\"secret\"\n */\n value?: Secret<string>\n\n /**\n * Hash is computed from the seed to later verify the validity\n * of seed\n */\n hash: string\n\n /**\n * Date/time when the token instance was created\n */\n createdAt: Date\n\n /**\n * Date/time when the token was updated\n */\n updatedAt: Date\n\n /**\n * Timestamp at which the token will expire\n */\n expiresAt: Date\n\n constructor(attributes: {\n identifier: string | number | BigInt\n tokenableId: string | number | BigInt\n hash: string\n createdAt: Date\n updatedAt: Date\n expiresAt: Date\n secret?: Secret<string>\n }) {\n this.identifier = attributes.identifier\n this.tokenableId = attributes.tokenableId\n this.hash = attributes.hash\n this.createdAt = attributes.createdAt\n this.updatedAt = attributes.updatedAt\n this.expiresAt = attributes.expiresAt\n\n /**\n * Compute value when secret is provided\n */\n if (attributes.secret) {\n this.value = new Secret(\n `${base64.urlEncode(String(this.identifier))}.${base64.urlEncode(\n attributes.secret.release()\n )}`\n )\n }\n }\n\n /**\n * Check if the token has been expired. Verifies\n * the \"expiresAt\" timestamp with the current\n * date.\n */\n isExpired() {\n return this.expiresAt < new Date()\n }\n\n /**\n * Verifies the value of a token against the pre-defined hash\n */\n verify(secret: Secret<string>): boolean {\n const newHash = createHash('sha256').update(secret.release()).digest('hex')\n return safeEqual(this.hash, newHash)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { HttpContext } from '@adonisjs/core/http'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { EmitterLike } from '@adonisjs/core/types/events'\n\nimport { RememberMeToken } from './remember_me_token.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\nimport type { AuthClientResponse, GuardContract } from '../../src/types.js'\nimport { GUARD_KNOWN_EVENTS, PROVIDER_REAL_USER } from '../../src/symbols.js'\nimport type {\n SessionGuardEvents,\n SessionGuardOptions,\n SessionUserProviderContract,\n SessionWithTokensUserProviderContract,\n} from './types.js'\n\n/**\n * Session guard uses AdonisJS session store to track logged-in\n * user information.\n */\nexport class SessionGuard<\n UseRememberTokens extends boolean,\n UserProvider extends UseRememberTokens extends true\n ? SessionWithTokensUserProviderContract<unknown>\n : SessionUserProviderContract<unknown>,\n> implements GuardContract<UserProvider[typeof PROVIDER_REAL_USER]>\n{\n /**\n * Events emitted by the guard\n */\n declare [GUARD_KNOWN_EVENTS]: SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>\n\n /**\n * A unique name for the guard.\n */\n #name: string\n\n /**\n * Reference to the current HTTP context\n */\n #ctx: HttpContext\n\n /**\n * Options accepted by the session guard\n */\n #options: Required<SessionGuardOptions<UseRememberTokens>>\n\n /**\n * Provider to lookup user details\n */\n #userProvider: UserProvider\n\n /**\n * Emitter to emit events\n */\n #emitter: EmitterLike<SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>\n\n /**\n * Driver name of the guard\n */\n driverName: 'session' = 'session'\n\n /**\n * Whether or not the authentication has been attempted\n * during the current request.\n */\n authenticationAttempted = false\n\n /**\n * A boolean to know if a remember me token was used in attempt\n * to login a user.\n */\n attemptedViaRemember = false\n\n /**\n * A boolean to know if the current request has\n * been authenticated\n */\n isAuthenticated = false\n\n /**\n * A boolean to know if the current request is authenticated\n * using the \"rememember_me\" token.\n */\n viaRemember = false\n\n /**\n * Find if the user has been logged out during\n * the current request\n */\n isLoggedOut = false\n\n /**\n * Reference to an instance of the authenticated user.\n * The value only exists after calling one of the\n * following methods.\n *\n * - authenticate\n * - check\n *\n * You can use the \"getUserOrFail\" method to throw an exception if\n * the request is not authenticated.\n */\n user?: UserProvider[typeof PROVIDER_REAL_USER]\n\n /**\n * The key used to store the logged-in user id inside\n * session\n */\n get sessionKeyName() {\n return `auth_${this.#name}`\n }\n\n /**\n * The key used to store the remember me token cookie\n */\n get rememberMeKeyName() {\n return `remember_${this.#name}`\n }\n\n constructor(\n name: string,\n ctx: HttpContext,\n options: SessionGuardOptions<UseRememberTokens>,\n emitter: EmitterLike<SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>,\n userProvider: UserProvider\n ) {\n this.#name = name\n this.#ctx = ctx\n this.#options = { rememberMeTokensAge: '2 years', ...options }\n this.#emitter = emitter\n this.#userProvider = userProvider\n }\n\n /**\n * Returns the session instance for the given request,\n * ensuring the property exists\n */\n #getSession() {\n if (!('session' in this.#ctx)) {\n throw new RuntimeException(\n 'Cannot authenticate user. Install and configure \"@adonisjs/session\" package'\n )\n }\n\n return this.#ctx.session\n }\n\n /**\n * Emits authentication failure, updates the local state,\n * and returns an exception to end the authentication\n * cycle.\n */\n #authenticationFailed(sessionId: string) {\n this.isAuthenticated = false\n this.viaRemember = false\n this.user = undefined\n this.isLoggedOut = false\n\n const error = new E_UNAUTHORIZED_ACCESS('Invalid or expired user session', {\n guardDriverName: this.driverName,\n })\n\n this.#emitter.emit('session_auth:authentication_failed', {\n ctx: this.#ctx,\n guardName: this.#name,\n error,\n sessionId,\n })\n\n return error\n }\n\n /**\n * Emits the authentication succeeded event and updates\n * the local state to reflect successful authentication\n */\n #authenticationSucceeded(\n sessionId: string,\n user: UserProvider[typeof PROVIDER_REAL_USER],\n rememberMeToken?: RememberMeToken\n ) {\n this.isAuthenticated = true\n this.viaRemember = !!rememberMeToken\n this.user = user\n this.isLoggedOut = false\n\n this.#emitter.emit('session_auth:authentication_succeeded', {\n ctx: this.#ctx,\n guardName: this.#name,\n sessionId,\n user,\n rememberMeToken,\n })\n }\n\n /**\n * Emits the login succeeded event and updates the login\n * state\n */\n #loginSucceeded(\n sessionId: string,\n user: UserProvider[typeof PROVIDER_REAL_USER],\n rememberMeToken?: RememberMeToken\n ) {\n this.user = user\n this.isLoggedOut = false\n\n this.#emitter.emit('session_auth:login_succeeded', {\n ctx: this.#ctx,\n guardName: this.#name,\n sessionId,\n user,\n rememberMeToken,\n })\n }\n\n /**\n * Creates session for a given user by their user id.\n */\n #createSessionForUser(userId: string | number | BigInt) {\n const session = this.#getSession()\n session.put(this.sessionKeyName, userId)\n session.regenerate()\n }\n\n /**\n * Creates the remember me cookie\n */\n #createRememberMeCookie(value: Secret<string>) {\n this.#ctx.response.encryptedCookie(this.rememberMeKeyName, value.release(), {\n maxAge: this.#options.rememberMeTokensAge,\n httpOnly: true,\n })\n }\n\n /**\n * Authenticates the user using its id read from the session\n * store.\n *\n * - We check the user exists in the db\n * - If not, throw exception.\n * - Otherwise, update local state to mark the user as logged-in\n */\n async #authenticateViaId(userId: string | number | BigInt, sessionId: string) {\n const providerUser = await this.#userProvider.findById(userId)\n if (!providerUser) {\n throw this.#authenticationFailed(sessionId)\n }\n\n this.#authenticationSucceeded(sessionId, providerUser.getOriginal())\n return this.user!\n }\n\n /**\n * Authenticates user from the remember me cookie. Creates a fresh\n * session for them and recycles the remember me token as well.\n */\n async #authenticateViaRememberCookie(rememberMeCookie: string, sessionId: string) {\n /**\n * This method is only invoked when \"options.useRememberTokens\" is set to\n * true and hence the user provider will have methods to manage tokens\n */\n const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n UserProvider[typeof PROVIDER_REAL_USER]\n >\n\n /**\n * Verify the token using the user provider.\n */\n const token = await userProvider.verifyRememberToken(new Secret(rememberMeCookie))\n if (!token) {\n throw this.#authenticationFailed(sessionId)\n }\n\n /**\n * Check if a user for the token exists. Otherwise abort\n * authentication\n */\n const providerUser = await userProvider.findById(token.tokenableId)\n if (!providerUser) {\n throw this.#authenticationFailed(sessionId)\n }\n\n /**\n * Recycle remember token and the remember me cookie\n */\n const recycledToken = await userProvider.recycleRememberToken(\n providerUser.getOriginal(),\n token.identifier,\n this.#options.rememberMeTokensAge\n )\n\n /**\n * Persist remember token inside the cookie\n */\n this.#createRememberMeCookie(recycledToken.value!)\n\n /**\n * Create session\n */\n this.#createSessionForUser(providerUser.getId())\n\n /**\n * Emit event and update local state\n */\n this.#authenticationSucceeded(sessionId, providerUser.getOriginal(), token)\n\n return this.user!\n }\n\n /**\n * Returns an instance of the authenticated user. Or throws\n * an exception if the request is not authenticated.\n */\n getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER] {\n if (!this.user) {\n throw new E_UNAUTHORIZED_ACCESS('Invalid or expired user session', {\n guardDriverName: this.driverName,\n })\n }\n\n return this.user\n }\n\n /**\n * Login user using sessions. Optionally, you can also create\n * a remember me token to automatically login user when their\n * session expires.\n */\n async login(user: UserProvider[typeof PROVIDER_REAL_USER], remember: boolean = false) {\n const session = this.#getSession()\n const providerUser = await this.#userProvider.createUserForGuard(user)\n\n this.#emitter.emit('session_auth:login_attempted', {\n ctx: this.#ctx,\n user,\n guardName: this.#name,\n })\n\n /**\n * Create remember me token and persist it with the provider\n * when remember me token is true.\n */\n let token: RememberMeToken | undefined\n if (remember) {\n if (!this.#options.useRememberMeTokens) {\n throw new RuntimeException('Cannot use \"rememberMe\" feature. It has been disabled')\n }\n\n /**\n * Here we assume the userProvider has implemented APIs to manage remember\n * me tokens, since the \"useRememberMeTokens\" flag is enabled.\n */\n const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n UserProvider[typeof PROVIDER_REAL_USER]\n >\n\n token = await userProvider.createRememberToken(\n providerUser.getOriginal(),\n this.#options.rememberMeTokensAge\n )\n }\n\n /**\n * Persist remember token inside the cookie (if exists)\n * Otherwise remove the cookie\n */\n if (token) {\n this.#createRememberMeCookie(token.value!)\n } else {\n this.#ctx.response.clearCookie(this.rememberMeKeyName)\n }\n\n /**\n * Create session\n */\n this.#createSessionForUser(providerUser.getId())\n\n /**\n * Mark user as logged-in\n */\n this.#loginSucceeded(session.sessionId, providerUser.getOriginal(), token)\n }\n\n /**\n * Logout a user by removing its state from the session\n * store and delete the remember me cookie (if any).\n */\n async logout() {\n const session = this.#getSession()\n const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName)\n\n /**\n * Clear client side state\n */\n session.forget(this.sessionKeyName)\n this.#ctx.response.clearCookie(this.rememberMeKeyName)\n\n /**\n * Delete remember me token when\n *\n * - Tokens are enabled\n * - A cookie exists\n * - And we know about the user already\n */\n if (this.user && rememberMeCookie && this.#options.useRememberMeTokens) {\n /**\n * Here we assume the userProvider has implemented APIs to manage remember\n * me tokens, since the \"useRememberMeTokens\" flag is enabled.\n */\n const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n UserProvider[typeof PROVIDER_REAL_USER]\n >\n\n const token = await userProvider.verifyRememberToken(new Secret(rememberMeCookie))\n if (token) {\n await userProvider.deleteRemeberToken(this.user, token.identifier)\n }\n }\n\n /**\n * Update local state\n */\n this.user = undefined\n this.viaRemember = false\n this.isAuthenticated = false\n this.isLoggedOut = true\n\n /**\n * Notify the user has been logged out\n */\n this.#emitter.emit('session_auth:logged_out', {\n ctx: this.#ctx,\n guardName: this.#name,\n user: this.user || null,\n sessionId: session.sessionId,\n })\n }\n\n /**\n * Authenticate the current HTTP request by verifying the bearer\n * token or fails with an exception\n */\n async authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER]> {\n /**\n * Return early when authentication has already been\n * attempted\n */\n if (this.authenticationAttempted) {\n return this.getUserOrFail()\n }\n\n /**\n * Notify we begin to attempt the authentication\n */\n this.authenticationAttempted = true\n const session = this.#getSession()\n\n this.#emitter.emit('session_auth:authentication_attempted', {\n ctx: this.#ctx,\n sessionId: session.sessionId,\n guardName: this.#name,\n })\n\n /**\n * Check if there is a user id inside the session store.\n * If yes, fetch the user from the persistent storage\n * and mark them as logged-in\n */\n const authUserId = session.get(this.sessionKeyName)\n if (authUserId) {\n return this.#authenticateViaId(authUserId, session.sessionId)\n }\n\n /**\n * If user provider supports remember me tokens and the remember me\n * cookie exists, then attempt to login + authenticate via\n * the remember me token.\n */\n const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName)\n if (rememberMeCookie && this.#options.useRememberMeTokens) {\n this.attemptedViaRemember = true\n return this.#authenticateViaRememberCookie(rememberMeCookie, session.sessionId)\n }\n\n /**\n * Otherwise throw an exception\n */\n throw this.#authenticationFailed(session.sessionId)\n }\n\n /**\n * Silently check if the user is authenticated or not, without\n * throwing any exceptions\n */\n async check(): Promise<boolean> {\n try {\n await this.authenticate()\n return true\n } catch (error) {\n if (error instanceof E_UNAUTHORIZED_ACCESS) {\n return false\n }\n\n throw error\n }\n }\n\n /**\n * Returns the session info for the clients to send during\n * an HTTP request to mark the user as logged-in.\n */\n async authenticateAsClient(\n user: UserProvider[typeof PROVIDER_REAL_USER]\n ): Promise<AuthClientResponse> {\n const providerUser = await this.#userProvider.createUserForGuard(user)\n const userId = providerUser.getId()\n\n return {\n session: {\n [this.sessionKeyName]: userId,\n },\n }\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { LucidModel } from '@adonisjs/lucid/types/model'\n\nimport { RememberMeToken } from '../remember_me_token.js'\nimport type {\n RememberMeTokenDbColumns,\n RememberMeTokensProviderContract,\n DbRememberMeTokensProviderOptions,\n} from '../types.js'\n\n/**\n * DbRememberMeTokensProvider uses lucid database service to fetch and\n * persist tokens for a given user.\n *\n * The user must be an instance of the associated user model.\n */\nexport class DbRememberMeTokensProvider<TokenableModel extends LucidModel>\n implements RememberMeTokensProviderContract<TokenableModel>\n{\n /**\n * Create tokens provider instance for a given Lucid model\n */\n static forModel<TokenableModel extends LucidModel>(\n model: DbRememberMeTokensProviderOptions<TokenableModel>['tokenableModel'],\n options?: Omit<DbRememberMeTokensProviderOptions<TokenableModel>, 'tokenableModel'>\n ) {\n return new DbRememberMeTokensProvider<TokenableModel>({\n tokenableModel: model,\n ...(options || {}),\n })\n }\n\n /**\n * Database table to use for querying remember me tokens\n */\n protected table: string\n\n /**\n * The length for the token secret. A secret is a cryptographically\n * secure random string.\n */\n protected tokenSecretLength: number\n\n constructor(protected options: DbRememberMeTokensProviderOptions<TokenableModel>) {\n this.table = options.table || 'remember_me_tokens'\n this.tokenSecretLength = options.tokenSecretLength || 40\n }\n\n /**\n * Ensure the provided user is an instance of the user model and\n * has a primary key\n */\n #ensureIsPersisted(user: InstanceType<TokenableModel>) {\n const model = this.options.tokenableModel\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for managing remember me tokens. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n }\n\n /**\n * Maps a database row to an instance token instance\n */\n protected dbRowToRememberMeToken(dbRow: RememberMeTokenDbColumns): RememberMeToken {\n return new RememberMeToken({\n identifier: dbRow.id,\n tokenableId: dbRow.tokenable_id,\n hash: dbRow.hash,\n createdAt:\n typeof dbRow.created_at === 'number' ? new Date(dbRow.created_at) : dbRow.created_at,\n updatedAt:\n typeof dbRow.updated_at === 'number' ? new Date(dbRow.updated_at) : dbRow.updated_at,\n expiresAt:\n typeof dbRow.expires_at === 'number' ? new Date(dbRow.expires_at) : dbRow.expires_at,\n })\n }\n\n /**\n * Returns a query client instance from the parent model\n */\n protected async getDb() {\n const model = this.options.tokenableModel\n return model.$adapter.query(model).client\n }\n\n /**\n * Create a token for a user\n */\n async create(user: InstanceType<TokenableModel>, expiresIn: string | number) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n\n /**\n * Creating a transient token. Transient token abstracts\n * the logic of creating a random secure secret and its\n * hash\n */\n const transientToken = RememberMeToken.createTransientToken(\n user.$primaryKeyValue!,\n this.tokenSecretLength,\n expiresIn\n )\n\n /**\n * Row to insert inside the database. We expect exactly these\n * columns to exist.\n */\n const dbRow: Omit<RememberMeTokenDbColumns, 'id'> = {\n tokenable_id: transientToken.userId,\n hash: transientToken.hash,\n created_at: new Date(),\n updated_at: new Date(),\n expires_at: transientToken.expiresAt,\n }\n\n /**\n * Insert data to the database.\n */\n const [id] = await queryClient.table(this.table).insert(dbRow)\n\n /**\n * Convert db row to a remember token\n */\n return new RememberMeToken({\n identifier: id,\n tokenableId: dbRow.tokenable_id,\n secret: transientToken.secret,\n hash: dbRow.hash,\n createdAt: dbRow.created_at,\n updatedAt: dbRow.updated_at,\n expiresAt: dbRow.expires_at,\n })\n }\n\n /**\n * Find a token for a user by the token id\n */\n async find(user: InstanceType<TokenableModel>, identifier: string | number | BigInt) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRow = await queryClient\n .query<RememberMeTokenDbColumns>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n return this.dbRowToRememberMeToken(dbRow)\n }\n\n /**\n * Delete a token by its id\n */\n async delete(\n user: InstanceType<TokenableModel>,\n identifier: string | number | BigInt\n ): Promise<number> {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const affectedRows = await queryClient\n .query<number>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue })\n .del()\n .exec()\n\n return affectedRows as unknown as number\n }\n\n /**\n * Returns all the tokens a given user\n */\n async all(user: InstanceType<TokenableModel>) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRows = await queryClient\n .query<RememberMeTokenDbColumns>()\n .from(this.table)\n .where({ tokenable_id: user.$primaryKeyValue })\n .orderBy('id', 'desc')\n .exec()\n\n return dbRows.map((dbRow) => {\n return this.dbRowToRememberMeToken(dbRow)\n })\n }\n\n /**\n * Verifies a publicly shared remember me token and returns an\n * RememberMeToken for it.\n *\n * Returns null when unable to verify the token or find it\n * inside the storage\n */\n async verify(tokenValue: Secret<string>) {\n const decodedToken = RememberMeToken.decode(tokenValue.release())\n if (!decodedToken) {\n return null\n }\n\n const db = await this.getDb()\n const dbRow = await db\n .query<RememberMeTokenDbColumns>()\n .from(this.table)\n .where({ id: decodedToken.identifier })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n /**\n * Convert to remember me token instance\n */\n const rememberMeToken = this.dbRowToRememberMeToken(dbRow)\n\n /**\n * Ensure the token secret matches the token hash\n */\n if (!rememberMeToken.verify(decodedToken.secret) || rememberMeToken.isExpired()) {\n return null\n }\n\n return rememberMeToken\n }\n\n /**\n * Recycles a remember me token by deleting the old one and\n * creates a new one.\n *\n * Ideally, the recycle should update the existing token, but we\n * skip that for now and come back to it later and handle race\n * conditions as well.\n */\n async recycle(\n user: InstanceType<TokenableModel>,\n identifier: string | number | BigInt,\n expiresIn: string | number\n ): Promise<RememberMeToken> {\n await this.delete(user, identifier)\n return this.create(user, expiresIn)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\n\nimport { RememberMeToken } from '../remember_me_token.js'\nimport { PROVIDER_REAL_USER } from '../../../src/symbols.js'\nimport type {\n SessionGuardUser,\n LucidAuthenticatable,\n SessionLucidUserProviderOptions,\n SessionUserProviderContract,\n} from '../types.js'\n\n/**\n * Uses a lucid model to verify access tokens and find a user during\n * authentication\n */\nexport class SessionLucidUserProvider<UserModel extends LucidAuthenticatable>\n implements SessionUserProviderContract<InstanceType<UserModel>>\n{\n declare [PROVIDER_REAL_USER]: InstanceType<UserModel>\n\n /**\n * Reference to the lazily imported model\n */\n protected model?: UserModel\n\n constructor(\n /**\n * Lucid provider options\n */\n protected options: SessionLucidUserProviderOptions<UserModel>\n ) {}\n\n /**\n * Imports the model from the provider, returns and caches it\n * for further operations.\n */\n protected async getModel() {\n if (this.model) {\n return this.model\n }\n\n const importedModel = await this.options.model()\n this.model = importedModel.default\n return this.model\n }\n\n /**\n * Returns the tokens provider associated with the user model\n */\n protected async getTokensProvider() {\n const model = await this.getModel()\n\n if (!model.rememberMeTokens) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for verifying remember me tokens. Make sure to assign a token provider to the model.`\n )\n }\n\n return model.rememberMeTokens\n }\n\n /**\n * Creates an adapter user for the guard\n */\n async createUserForGuard(\n user: InstanceType<UserModel>\n ): Promise<SessionGuardUser<InstanceType<UserModel>>> {\n const model = await this.getModel()\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n return {\n getId() {\n /**\n * Ensure user has a primary key\n */\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for authentication. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n\n return user.$primaryKeyValue\n },\n getOriginal() {\n return user\n },\n }\n }\n\n /**\n * Finds a user by their primary key value\n */\n async findById(\n identifier: string | number | BigInt\n ): Promise<SessionGuardUser<InstanceType<UserModel>> | null> {\n const model = await this.getModel()\n const user = await model.find(identifier)\n\n if (!user) {\n return null\n }\n\n return this.createUserForGuard(user)\n }\n\n /**\n * Creates a remember token for a given user\n */\n async createRememberToken(\n user: InstanceType<UserModel>,\n expiresIn: string | number\n ): Promise<RememberMeToken> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.create(user, expiresIn)\n }\n\n /**\n * Verify a token by its publicly shared value\n */\n async verifyRememberToken(tokenValue: Secret<string>): Promise<RememberMeToken | null> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.verify(tokenValue)\n }\n\n /**\n * Delete a token for a user by the token identifier\n */\n async deleteRemeberToken(\n user: InstanceType<UserModel>,\n identifier: string | number | BigInt\n ): Promise<number> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.delete(user, identifier)\n }\n\n /**\n * Recycle a token for a user by the token identifier\n */\n async recycleRememberToken(\n user: InstanceType<UserModel>,\n identifier: string | number | BigInt,\n expiresIn: string | number\n ) {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.recycle(user, identifier, expiresIn)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { ConfigProvider } from '@adonisjs/core/types'\n\nimport { SessionGuard } from './guard.js'\nimport type { GuardConfigProvider } from '../../src/types.js'\nimport { SessionLucidUserProvider } from './user_providers/lucid.js'\nimport type {\n SessionGuardOptions,\n LucidAuthenticatable,\n SessionUserProviderContract,\n SessionLucidUserProviderOptions,\n SessionWithTokensUserProviderContract,\n} from './types.js'\n\n/**\n * Configures session tokens guard for authentication\n */\nexport function sessionGuard<\n UseRememberTokens extends boolean,\n UserProvider extends UseRememberTokens extends true\n ? SessionWithTokensUserProviderContract<unknown>\n : SessionUserProviderContract<unknown>,\n>(\n config: {\n provider: UserProvider | ConfigProvider<UserProvider>\n } & SessionGuardOptions<UseRememberTokens>\n): GuardConfigProvider<(ctx: HttpContext) => SessionGuard<UseRememberTokens, UserProvider>> {\n return {\n async resolver(name, app) {\n const emitter = await app.container.make('emitter')\n const provider =\n 'resolver' in config.provider ? await config.provider.resolver(app) : config.provider\n return (ctx) => new SessionGuard(name, ctx, config, emitter as any, provider)\n },\n }\n}\n\n/**\n * Configures user provider that uses Lucid models to authenticate\n * users using sessions\n */\nexport function sessionUserProvider<Model extends LucidAuthenticatable>(\n config: SessionLucidUserProviderOptions<Model>\n): SessionLucidUserProvider<Model> {\n return new SessionLucidUserProvider(config)\n}\n"],"mappings":";;;;;;AASA,SAAS,kBAAkB;AAC3B,OAAO,YAAY;AACnB,SAAS,QAAQ,QAAQ,iBAAiB;AAOnC,IAAM,kBAAN,MAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ3B,OAAO,OAAO,OAAsE;AAIlF,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;AAAA,IACT;AAKA,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,YAAY,GAAG,UAAU,IAAI,MAAM,MAAM,GAAG;AACnD,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,IACT;AAEA,UAAM,oBAAoB,OAAO,UAAU,UAAU;AACrD,UAAM,gBAAgB,OAAO,UAAU,WAAW,KAAK,GAAG,CAAC;AAC3D,QAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,QAAQ,IAAI,OAAO,aAAa;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,qBACL,QACA,MACA,WACA;AACA,UAAM,YAAY,oBAAI,KAAK;AAC3B,cAAU,WAAW,UAAU,WAAW,IAAI,OAAO,QAAQ,MAAM,SAAS,CAAC;AAE7E,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,GAAG,KAAK,KAAK,IAAI;AAAA,IACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAK,MAAc;AACxB,UAAM,OAAO,OAAO,OAAO,IAAI;AAC/B,UAAM,SAAS,IAAI,OAAO,IAAI;AAC9B,UAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AACvE,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEA,YAAY,YAQT;AACD,SAAK,aAAa,WAAW;AAC7B,SAAK,cAAc,WAAW;AAC9B,SAAK,OAAO,WAAW;AACvB,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAK5B,QAAI,WAAW,QAAQ;AACrB,WAAK,QAAQ,IAAI;AAAA,QACf,GAAG,OAAO,UAAU,OAAO,KAAK,UAAU,CAAC,CAAC,IAAI,OAAO;AAAA,UACrD,WAAW,OAAO,QAAQ;AAAA,QAC5B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAY;AACV,WAAO,KAAK,YAAY,oBAAI,KAAK;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,QAAiC;AACtC,UAAM,UAAU,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AAC1E,WAAO,UAAU,KAAK,MAAM,OAAO;AAAA,EACrC;AACF;;;AClKA,SAAS,UAAAA,eAAc;AAEvB,SAAS,wBAAwB;AAkB1B,IAAM,eAAN,MAMP;AAAA;AAAA;AAAA;AAAA,EASE;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxB,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM1B,uBAAuB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvB,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMlB,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAad;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,iBAAiB;AACnB,WAAO,QAAQ,KAAK,KAAK;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,oBAAoB;AACtB,WAAO,YAAY,KAAK,KAAK;AAAA,EAC/B;AAAA,EAEA,YACE,MACA,KACA,SACA,SACA,cACA;AACA,SAAK,QAAQ;AACb,SAAK,OAAO;AACZ,SAAK,WAAW,EAAE,qBAAqB,WAAW,GAAG,QAAQ;AAC7D,SAAK,WAAW;AAChB,SAAK,gBAAgB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc;AACZ,QAAI,EAAE,aAAa,KAAK,OAAO;AAC7B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,WAAO,KAAK,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAsB,WAAmB;AACvC,SAAK,kBAAkB;AACvB,SAAK,cAAc;AACnB,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,UAAM,QAAQ,IAAI,sBAAsB,mCAAmC;AAAA,MACzE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAED,SAAK,SAAS,KAAK,sCAAsC;AAAA,MACvD,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,yBACE,WACA,MACA,iBACA;AACA,SAAK,kBAAkB;AACvB,SAAK,cAAc,CAAC,CAAC;AACrB,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,SAAK,SAAS,KAAK,yCAAyC;AAAA,MAC1D,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,WACA,MACA,iBACA;AACA,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,SAAK,SAAS,KAAK,gCAAgC;AAAA,MACjD,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,QAAkC;AACtD,UAAM,UAAU,KAAK,YAAY;AACjC,YAAQ,IAAI,KAAK,gBAAgB,MAAM;AACvC,YAAQ,WAAW;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,OAAuB;AAC7C,SAAK,KAAK,SAAS,gBAAgB,KAAK,mBAAmB,MAAM,QAAQ,GAAG;AAAA,MAC1E,QAAQ,KAAK,SAAS;AAAA,MACtB,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,mBAAmB,QAAkC,WAAmB;AAC5E,UAAM,eAAe,MAAM,KAAK,cAAc,SAAS,MAAM;AAC7D,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAEA,SAAK,yBAAyB,WAAW,aAAa,YAAY,CAAC;AACnE,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,+BAA+B,kBAA0B,WAAmB;AAKhF,UAAM,eAAe,KAAK;AAO1B,UAAM,QAAQ,MAAM,aAAa,oBAAoB,IAAIC,QAAO,gBAAgB,CAAC;AACjF,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAMA,UAAM,eAAe,MAAM,aAAa,SAAS,MAAM,WAAW;AAClE,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAKA,UAAM,gBAAgB,MAAM,aAAa;AAAA,MACvC,aAAa,YAAY;AAAA,MACzB,MAAM;AAAA,MACN,KAAK,SAAS;AAAA,IAChB;AAKA,SAAK,wBAAwB,cAAc,KAAM;AAKjD,SAAK,sBAAsB,aAAa,MAAM,CAAC;AAK/C,SAAK,yBAAyB,WAAW,aAAa,YAAY,GAAG,KAAK;AAE1E,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAyD;AACvD,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,sBAAsB,mCAAmC;AAAA,QACjE,iBAAiB,KAAK;AAAA,MACxB,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,MAA+C,WAAoB,OAAO;AACpF,UAAM,UAAU,KAAK,YAAY;AACjC,UAAM,eAAe,MAAM,KAAK,cAAc,mBAAmB,IAAI;AAErE,SAAK,SAAS,KAAK,gCAAgC;AAAA,MACjD,KAAK,KAAK;AAAA,MACV;AAAA,MACA,WAAW,KAAK;AAAA,IAClB,CAAC;AAMD,QAAI;AACJ,QAAI,UAAU;AACZ,UAAI,CAAC,KAAK,SAAS,qBAAqB;AACtC,cAAM,IAAI,iBAAiB,uDAAuD;AAAA,MACpF;AAMA,YAAM,eAAe,KAAK;AAI1B,cAAQ,MAAM,aAAa;AAAA,QACzB,aAAa,YAAY;AAAA,QACzB,KAAK,SAAS;AAAA,MAChB;AAAA,IACF;AAMA,QAAI,OAAO;AACT,WAAK,wBAAwB,MAAM,KAAM;AAAA,IAC3C,OAAO;AACL,WAAK,KAAK,SAAS,YAAY,KAAK,iBAAiB;AAAA,IACvD;AAKA,SAAK,sBAAsB,aAAa,MAAM,CAAC;AAK/C,SAAK,gBAAgB,QAAQ,WAAW,aAAa,YAAY,GAAG,KAAK;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS;AACb,UAAM,UAAU,KAAK,YAAY;AACjC,UAAM,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,KAAK,iBAAiB;AAKjF,YAAQ,OAAO,KAAK,cAAc;AAClC,SAAK,KAAK,SAAS,YAAY,KAAK,iBAAiB;AASrD,QAAI,KAAK,QAAQ,oBAAoB,KAAK,SAAS,qBAAqB;AAKtE,YAAM,eAAe,KAAK;AAI1B,YAAM,QAAQ,MAAM,aAAa,oBAAoB,IAAIA,QAAO,gBAAgB,CAAC;AACjF,UAAI,OAAO;AACT,cAAM,aAAa,mBAAmB,KAAK,MAAM,MAAM,UAAU;AAAA,MACnE;AAAA,IACF;AAKA,SAAK,OAAO;AACZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,cAAc;AAKnB,SAAK,SAAS,KAAK,2BAA2B;AAAA,MAC5C,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB,MAAM,KAAK,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,IACrB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAiE;AAKrE,QAAI,KAAK,yBAAyB;AAChC,aAAO,KAAK,cAAc;AAAA,IAC5B;AAKA,SAAK,0BAA0B;AAC/B,UAAM,UAAU,KAAK,YAAY;AAEjC,SAAK,SAAS,KAAK,yCAAyC;AAAA,MAC1D,KAAK,KAAK;AAAA,MACV,WAAW,QAAQ;AAAA,MACnB,WAAW,KAAK;AAAA,IAClB,CAAC;AAOD,UAAM,aAAa,QAAQ,IAAI,KAAK,cAAc;AAClD,QAAI,YAAY;AACd,aAAO,KAAK,mBAAmB,YAAY,QAAQ,SAAS;AAAA,IAC9D;AAOA,UAAM,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,KAAK,iBAAiB;AACjF,QAAI,oBAAoB,KAAK,SAAS,qBAAqB;AACzD,WAAK,uBAAuB;AAC5B,aAAO,KAAK,+BAA+B,kBAAkB,QAAQ,SAAS;AAAA,IAChF;AAKA,UAAM,KAAK,sBAAsB,QAAQ,SAAS;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QAA0B;AAC9B,QAAI;AACF,YAAM,KAAK,aAAa;AACxB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,uBAAuB;AAC1C,eAAO;AAAA,MACT;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBACJ,MAC6B;AAC7B,UAAM,eAAe,MAAM,KAAK,cAAc,mBAAmB,IAAI;AACrE,UAAM,SAAS,aAAa,MAAM;AAElC,WAAO;AAAA,MACL,SAAS;AAAA,QACP,CAAC,KAAK,cAAc,GAAG;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AACF;;;AC5gBA,SAAS,oBAAAC,yBAAwB;AAgB1B,IAAM,6BAAN,MAAM,4BAEb;AAAA,EAyBE,YAAsB,SAA4D;AAA5D;AACpB,SAAK,QAAQ,QAAQ,SAAS;AAC9B,SAAK,oBAAoB,QAAQ,qBAAqB;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAxBA,OAAO,SACL,OACA,SACA;AACA,WAAO,IAAI,4BAA2C;AAAA,MACpD,gBAAgB;AAAA,MAChB,GAAI,WAAW,CAAC;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKU;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWV,mBAAmB,MAAoC;AACrD,UAAM,QAAQ,KAAK,QAAQ;AAC3B,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIC;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,kBAAkB;AAC1B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI,iEAAiE,MAAM,UAAU;AAAA,MAC5G;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKU,uBAAuB,OAAkD;AACjF,WAAO,IAAI,gBAAgB;AAAA,MACzB,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,IAC9E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,QAAQ;AACtB,UAAM,QAAQ,KAAK,QAAQ;AAC3B,WAAO,MAAM,SAAS,MAAM,KAAK,EAAE;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,MAAoC,WAA4B;AAC3E,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AAOrC,UAAM,iBAAiB,gBAAgB;AAAA,MACrC,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,IACF;AAMA,UAAM,QAA8C;AAAA,MAClD,cAAc,eAAe;AAAA,MAC7B,MAAM,eAAe;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,eAAe;AAAA,IAC7B;AAKA,UAAM,CAAC,EAAE,IAAI,MAAM,YAAY,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK;AAK7D,WAAO,IAAI,gBAAgB;AAAA,MACzB,YAAY;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,QAAQ,eAAe;AAAA,MACvB,MAAM,MAAM;AAAA,MACZ,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,MAAoC,YAAsC;AACnF,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,QAAQ,MAAM,YACjB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,iBAAiB,CAAC,EAC7D,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,uBAAuB,KAAK;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YACiB;AACjB,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,eAAe,MAAM,YACxB,MAAc,EACd,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,iBAAiB,CAAC,EAC7D,IAAI,EACJ,KAAK;AAER,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,MAAoC;AAC5C,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,SAAS,MAAM,YAClB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,cAAc,KAAK,iBAAiB,CAAC,EAC7C,QAAQ,MAAM,MAAM,EACpB,KAAK;AAER,WAAO,OAAO,IAAI,CAAC,UAAU;AAC3B,aAAO,KAAK,uBAAuB,KAAK;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,YAA4B;AACvC,UAAM,eAAe,gBAAgB,OAAO,WAAW,QAAQ,CAAC;AAChE,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,KAAK,MAAM,KAAK,MAAM;AAC5B,UAAM,QAAQ,MAAM,GACjB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,aAAa,WAAW,CAAC,EACrC,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAKA,UAAM,kBAAkB,KAAK,uBAAuB,KAAK;AAKzD,QAAI,CAAC,gBAAgB,OAAO,aAAa,MAAM,KAAK,gBAAgB,UAAU,GAAG;AAC/E,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QACJ,MACA,YACA,WAC0B;AAC1B,UAAM,KAAK,OAAO,MAAM,UAAU;AAClC,WAAO,KAAK,OAAO,MAAM,SAAS;AAAA,EACpC;AACF;;;AClQA,SAAS,oBAAAC,yBAAwB;AAe1B,IAAM,2BAAN,MAEP;AAAA,EAQE,YAIY,SACV;AADU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAPO;AAAA;AAAA;AAAA;AAAA;AAAA,EAaV,MAAgB,WAAW;AACzB,QAAI,KAAK,OAAO;AACd,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,gBAAgB,MAAM,KAAK,QAAQ,MAAM;AAC/C,SAAK,QAAQ,cAAc;AAC3B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,oBAAoB;AAClC,UAAM,QAAQ,MAAM,KAAK,SAAS;AAElC,QAAI,CAAC,MAAM,kBAAkB;AAC3B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI;AAAA,MAC3B;AAAA,IACF;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACoD;AACpD,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIA;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,WAAO;AAAA,MACL,QAAQ;AAIN,YAAI,CAAC,KAAK,kBAAkB;AAC1B,gBAAM,IAAIA;AAAA,YACR,eAAe,MAAM,IAAI,oDAAoD,MAAM,UAAU;AAAA,UAC/F;AAAA,QACF;AAEA,eAAO,KAAK;AAAA,MACd;AAAA,MACA,cAAc;AACZ,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SACJ,YAC2D;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,UAAM,OAAO,MAAM,MAAM,KAAK,UAAU;AAExC,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,MACA,WAC0B;AAC1B,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAM,SAAS;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAoB,YAA6D;AACrF,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,UAAU;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACA,YACiB;AACjB,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAM,UAAU;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBACJ,MACA,YACA,WACA;AACA,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,QAAQ,MAAM,YAAY,SAAS;AAAA,EAC3D;AACF;;;ACtIO,SAAS,aAMd,QAG0F;AAC1F,SAAO;AAAA,IACL,MAAM,SAAS,MAAM,KAAK;AACxB,YAAM,UAAU,MAAM,IAAI,UAAU,KAAK,SAAS;AAClD,YAAM,WACJ,cAAc,OAAO,WAAW,MAAM,OAAO,SAAS,SAAS,GAAG,IAAI,OAAO;AAC/E,aAAO,CAAC,QAAQ,IAAI,aAAa,MAAM,KAAK,QAAQ,SAAgB,QAAQ;AAAA,IAC9E;AAAA,EACF;AACF;AAMO,SAAS,oBACd,QACiC;AACjC,SAAO,IAAI,yBAAyB,MAAM;AAC5C;","names":["Secret","Secret","RuntimeException","RuntimeException","RuntimeException"]}
|
|
1
|
+
{"version":3,"sources":["../../../modules/session_guard/remember_me_token.ts","../../../modules/session_guard/guard.ts","../../../modules/session_guard/token_providers/db.ts","../../../modules/session_guard/user_providers/lucid.ts","../../../modules/session_guard/define_config.ts"],"sourcesContent":["/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { createHash } from 'node:crypto'\nimport string from '@adonisjs/core/helpers/string'\nimport { Secret, base64, safeEqual } from '@adonisjs/core/helpers'\n\n/**\n * Remember me token represents an opaque token that can be\n * used to automatically login a user without asking them\n * to re-login\n */\nexport class RememberMeToken {\n /**\n * Decodes a publicly shared token and return the series\n * and the token value from it.\n *\n * Returns null when unable to decode the token because of\n * invalid format or encoding.\n */\n static decode(value: string): null | { identifier: string; secret: Secret<string> } {\n /**\n * Ensure value is a string and starts with the prefix.\n */\n if (typeof value !== 'string') {\n return null\n }\n\n /**\n * Remove prefix from the rest of the token.\n */\n if (!value) {\n return null\n }\n\n const [identifier, ...tokenValue] = value.split('.')\n if (!identifier || tokenValue.length === 0) {\n return null\n }\n\n const decodedIdentifier = base64.urlDecode(identifier)\n const decodedSecret = base64.urlDecode(tokenValue.join('.'))\n if (!decodedIdentifier || !decodedSecret) {\n return null\n }\n\n return {\n identifier: decodedIdentifier,\n secret: new Secret(decodedSecret),\n }\n }\n\n /**\n * Creates a transient token that can be shared with the persistence\n * layer.\n */\n static createTransientToken(\n userId: string | number | BigInt,\n size: number,\n expiresIn: string | number\n ) {\n const expiresAt = new Date()\n expiresAt.setSeconds(expiresAt.getSeconds() + string.seconds.parse(expiresIn))\n\n return {\n userId,\n expiresAt,\n ...this.seed(size),\n }\n }\n\n /**\n * Creates a secret opaque token and its hash.\n */\n static seed(size: number) {\n const seed = string.random(size)\n const secret = new Secret(seed)\n const hash = createHash('sha256').update(secret.release()).digest('hex')\n return { secret, hash }\n }\n\n /**\n * Identifer is a unique sequence to identify the\n * token within database. It should be the\n * primary/unique key\n */\n identifier: string | number | BigInt\n\n /**\n * Reference to the user id for whom the token\n * is generated.\n */\n tokenableId: string | number | BigInt\n\n /**\n * The value is a public representation of a token. It is created\n * by combining the \"identifier\".\"secret\"\n */\n value?: Secret<string>\n\n /**\n * Hash is computed from the seed to later verify the validity\n * of seed\n */\n hash: string\n\n /**\n * Date/time when the token instance was created\n */\n createdAt: Date\n\n /**\n * Date/time when the token was updated\n */\n updatedAt: Date\n\n /**\n * Timestamp at which the token will expire\n */\n expiresAt: Date\n\n constructor(attributes: {\n identifier: string | number | BigInt\n tokenableId: string | number | BigInt\n hash: string\n createdAt: Date\n updatedAt: Date\n expiresAt: Date\n secret?: Secret<string>\n }) {\n this.identifier = attributes.identifier\n this.tokenableId = attributes.tokenableId\n this.hash = attributes.hash\n this.createdAt = attributes.createdAt\n this.updatedAt = attributes.updatedAt\n this.expiresAt = attributes.expiresAt\n\n /**\n * Compute value when secret is provided\n */\n if (attributes.secret) {\n this.value = new Secret(\n `${base64.urlEncode(String(this.identifier))}.${base64.urlEncode(\n attributes.secret.release()\n )}`\n )\n }\n }\n\n /**\n * Check if the token has been expired. Verifies\n * the \"expiresAt\" timestamp with the current\n * date.\n */\n isExpired() {\n return this.expiresAt < new Date()\n }\n\n /**\n * Verifies the value of a token against the pre-defined hash\n */\n verify(secret: Secret<string>): boolean {\n const newHash = createHash('sha256').update(secret.release()).digest('hex')\n return safeEqual(this.hash, newHash)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport type { HttpContext } from '@adonisjs/core/http'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { EmitterLike } from '@adonisjs/core/types/events'\n\nimport { RememberMeToken } from './remember_me_token.js'\nimport { E_UNAUTHORIZED_ACCESS } from '../../src/errors.js'\nimport type { AuthClientResponse, GuardContract } from '../../src/types.js'\nimport { GUARD_KNOWN_EVENTS, PROVIDER_REAL_USER } from '../../src/symbols.js'\nimport type {\n SessionGuardEvents,\n SessionGuardOptions,\n SessionUserProviderContract,\n SessionWithTokensUserProviderContract,\n} from './types.js'\n\n/**\n * Session guard uses AdonisJS session store to track logged-in\n * user information.\n */\nexport class SessionGuard<\n UseRememberTokens extends boolean,\n UserProvider extends UseRememberTokens extends true\n ? SessionWithTokensUserProviderContract<unknown>\n : SessionUserProviderContract<unknown>,\n> implements GuardContract<UserProvider[typeof PROVIDER_REAL_USER]>\n{\n /**\n * Events emitted by the guard\n */\n declare [GUARD_KNOWN_EVENTS]: SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>\n\n /**\n * A unique name for the guard.\n */\n #name: string\n\n /**\n * Reference to the current HTTP context\n */\n #ctx: HttpContext\n\n /**\n * Options accepted by the session guard\n */\n #options: Required<SessionGuardOptions<UseRememberTokens>>\n\n /**\n * Provider to lookup user details\n */\n #userProvider: UserProvider\n\n /**\n * Emitter to emit events\n */\n #emitter: EmitterLike<SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>\n\n /**\n * Driver name of the guard\n */\n driverName: 'session' = 'session'\n\n /**\n * Whether or not the authentication has been attempted\n * during the current request.\n */\n authenticationAttempted = false\n\n /**\n * A boolean to know if a remember me token was used in attempt\n * to login a user.\n */\n attemptedViaRemember = false\n\n /**\n * A boolean to know if the current request has\n * been authenticated\n */\n isAuthenticated = false\n\n /**\n * A boolean to know if the current request is authenticated\n * using the \"rememember_me\" token.\n */\n viaRemember = false\n\n /**\n * Find if the user has been logged out during\n * the current request\n */\n isLoggedOut = false\n\n /**\n * Reference to an instance of the authenticated user.\n * The value only exists after calling one of the\n * following methods.\n *\n * - authenticate\n * - check\n *\n * You can use the \"getUserOrFail\" method to throw an exception if\n * the request is not authenticated.\n */\n user?: UserProvider[typeof PROVIDER_REAL_USER]\n\n /**\n * The key used to store the logged-in user id inside\n * session\n */\n get sessionKeyName() {\n return `auth_${this.#name}`\n }\n\n /**\n * The key used to store the remember me token cookie\n */\n get rememberMeKeyName() {\n return `remember_${this.#name}`\n }\n\n constructor(\n name: string,\n ctx: HttpContext,\n options: SessionGuardOptions<UseRememberTokens>,\n emitter: EmitterLike<SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>>,\n userProvider: UserProvider\n ) {\n this.#name = name\n this.#ctx = ctx\n this.#options = { rememberMeTokensAge: '2 years', ...options }\n this.#emitter = emitter\n this.#userProvider = userProvider\n }\n\n /**\n * Returns the session instance for the given request,\n * ensuring the property exists\n */\n #getSession() {\n if (!('session' in this.#ctx)) {\n throw new RuntimeException(\n 'Cannot authenticate user. Install and configure \"@adonisjs/session\" package'\n )\n }\n\n return this.#ctx.session\n }\n\n /**\n * Emits authentication failure, updates the local state,\n * and returns an exception to end the authentication\n * cycle.\n */\n #authenticationFailed(sessionId: string) {\n this.isAuthenticated = false\n this.viaRemember = false\n this.user = undefined\n this.isLoggedOut = false\n\n const error = new E_UNAUTHORIZED_ACCESS('Invalid or expired user session', {\n guardDriverName: this.driverName,\n })\n\n this.#emitter.emit('session_auth:authentication_failed', {\n ctx: this.#ctx,\n guardName: this.#name,\n error,\n sessionId,\n })\n\n return error\n }\n\n /**\n * Emits the authentication succeeded event and updates\n * the local state to reflect successful authentication\n */\n #authenticationSucceeded(\n sessionId: string,\n user: UserProvider[typeof PROVIDER_REAL_USER],\n rememberMeToken?: RememberMeToken\n ) {\n this.isAuthenticated = true\n this.viaRemember = !!rememberMeToken\n this.user = user\n this.isLoggedOut = false\n\n this.#emitter.emit('session_auth:authentication_succeeded', {\n ctx: this.#ctx,\n guardName: this.#name,\n sessionId,\n user,\n rememberMeToken,\n })\n }\n\n /**\n * Emits the login succeeded event and updates the login\n * state\n */\n #loginSucceeded(\n sessionId: string,\n user: UserProvider[typeof PROVIDER_REAL_USER],\n rememberMeToken?: RememberMeToken\n ) {\n this.user = user\n this.isLoggedOut = false\n\n this.#emitter.emit('session_auth:login_succeeded', {\n ctx: this.#ctx,\n guardName: this.#name,\n sessionId,\n user,\n rememberMeToken,\n })\n }\n\n /**\n * Creates session for a given user by their user id.\n */\n #createSessionForUser(userId: string | number | BigInt) {\n const session = this.#getSession()\n session.put(this.sessionKeyName, userId)\n session.regenerate()\n }\n\n /**\n * Creates the remember me cookie\n */\n #createRememberMeCookie(value: Secret<string>) {\n this.#ctx.response.encryptedCookie(this.rememberMeKeyName, value.release(), {\n maxAge: this.#options.rememberMeTokensAge,\n httpOnly: true,\n })\n }\n\n /**\n * Authenticates the user using its id read from the session\n * store.\n *\n * - We check the user exists in the db\n * - If not, throw exception.\n * - Otherwise, update local state to mark the user as logged-in\n */\n async #authenticateViaId(userId: string | number | BigInt, sessionId: string) {\n const providerUser = await this.#userProvider.findById(userId)\n if (!providerUser) {\n throw this.#authenticationFailed(sessionId)\n }\n\n this.#authenticationSucceeded(sessionId, providerUser.getOriginal())\n return this.user!\n }\n\n /**\n * Authenticates user from the remember me cookie. Creates a fresh\n * session for them and recycles the remember me token as well.\n */\n async #authenticateViaRememberCookie(rememberMeCookie: string, sessionId: string) {\n /**\n * This method is only invoked when \"options.useRememberTokens\" is set to\n * true and hence the user provider will have methods to manage tokens\n */\n const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n UserProvider[typeof PROVIDER_REAL_USER]\n >\n\n /**\n * Verify the token using the user provider.\n */\n const token = await userProvider.verifyRememberToken(new Secret(rememberMeCookie))\n if (!token) {\n throw this.#authenticationFailed(sessionId)\n }\n\n /**\n * Check if a user for the token exists. Otherwise abort\n * authentication\n */\n const providerUser = await userProvider.findById(token.tokenableId)\n if (!providerUser) {\n throw this.#authenticationFailed(sessionId)\n }\n\n /**\n * Recycle remember token and the remember me cookie\n */\n const recycledToken = await userProvider.recycleRememberToken(\n providerUser.getOriginal(),\n token.identifier,\n this.#options.rememberMeTokensAge\n )\n\n /**\n * Persist remember token inside the cookie\n */\n this.#createRememberMeCookie(recycledToken.value!)\n\n /**\n * Create session\n */\n this.#createSessionForUser(providerUser.getId())\n\n /**\n * Emit event and update local state\n */\n this.#authenticationSucceeded(sessionId, providerUser.getOriginal(), token)\n\n return this.user!\n }\n\n /**\n * Returns an instance of the authenticated user. Or throws\n * an exception if the request is not authenticated.\n */\n getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER] {\n if (!this.user) {\n throw new E_UNAUTHORIZED_ACCESS('Invalid or expired user session', {\n guardDriverName: this.driverName,\n })\n }\n\n return this.user\n }\n\n /**\n * Login user using sessions. Optionally, you can also create\n * a remember me token to automatically login user when their\n * session expires.\n */\n async login(user: UserProvider[typeof PROVIDER_REAL_USER], remember: boolean = false) {\n const session = this.#getSession()\n const providerUser = await this.#userProvider.createUserForGuard(user)\n\n this.#emitter.emit('session_auth:login_attempted', {\n ctx: this.#ctx,\n user,\n guardName: this.#name,\n })\n\n /**\n * Create remember me token and persist it with the provider\n * when remember me token is true.\n */\n let token: RememberMeToken | undefined\n if (remember) {\n if (!this.#options.useRememberMeTokens) {\n throw new RuntimeException('Cannot use \"rememberMe\" feature. It has been disabled')\n }\n\n /**\n * Here we assume the userProvider has implemented APIs to manage remember\n * me tokens, since the \"useRememberMeTokens\" flag is enabled.\n */\n const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n UserProvider[typeof PROVIDER_REAL_USER]\n >\n\n token = await userProvider.createRememberToken(\n providerUser.getOriginal(),\n this.#options.rememberMeTokensAge\n )\n }\n\n /**\n * Persist remember token inside the cookie (if exists)\n * Otherwise remove the cookie\n */\n if (token) {\n this.#createRememberMeCookie(token.value!)\n } else {\n this.#ctx.response.clearCookie(this.rememberMeKeyName)\n }\n\n /**\n * Create session\n */\n this.#createSessionForUser(providerUser.getId())\n\n /**\n * Mark user as logged-in\n */\n this.#loginSucceeded(session.sessionId, providerUser.getOriginal(), token)\n }\n\n /**\n * Logout a user by removing its state from the session\n * store and delete the remember me cookie (if any).\n */\n async logout() {\n const session = this.#getSession()\n const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName)\n\n /**\n * Clear client side state\n */\n session.forget(this.sessionKeyName)\n this.#ctx.response.clearCookie(this.rememberMeKeyName)\n\n /**\n * Delete remember me token when\n *\n * - Tokens are enabled\n * - A cookie exists\n * - And we know about the user already\n */\n if (this.user && rememberMeCookie && this.#options.useRememberMeTokens) {\n /**\n * Here we assume the userProvider has implemented APIs to manage remember\n * me tokens, since the \"useRememberMeTokens\" flag is enabled.\n */\n const userProvider = this.#userProvider as SessionWithTokensUserProviderContract<\n UserProvider[typeof PROVIDER_REAL_USER]\n >\n\n const token = await userProvider.verifyRememberToken(new Secret(rememberMeCookie))\n if (token) {\n await userProvider.deleteRemeberToken(this.user, token.identifier)\n }\n }\n\n /**\n * Update local state\n */\n this.user = undefined\n this.viaRemember = false\n this.isAuthenticated = false\n this.isLoggedOut = true\n\n /**\n * Notify the user has been logged out\n */\n this.#emitter.emit('session_auth:logged_out', {\n ctx: this.#ctx,\n guardName: this.#name,\n user: this.user || null,\n sessionId: session.sessionId,\n })\n }\n\n /**\n * Authenticate the current HTTP request by verifying the bearer\n * token or fails with an exception\n */\n async authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER]> {\n /**\n * Return early when authentication has already been\n * attempted\n */\n if (this.authenticationAttempted) {\n return this.getUserOrFail()\n }\n\n /**\n * Notify we begin to attempt the authentication\n */\n this.authenticationAttempted = true\n const session = this.#getSession()\n\n this.#emitter.emit('session_auth:authentication_attempted', {\n ctx: this.#ctx,\n sessionId: session.sessionId,\n guardName: this.#name,\n })\n\n /**\n * Check if there is a user id inside the session store.\n * If yes, fetch the user from the persistent storage\n * and mark them as logged-in\n */\n const authUserId = session.get(this.sessionKeyName)\n if (authUserId) {\n return this.#authenticateViaId(authUserId, session.sessionId)\n }\n\n /**\n * If user provider supports remember me tokens and the remember me\n * cookie exists, then attempt to login + authenticate via\n * the remember me token.\n */\n const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName)\n if (rememberMeCookie && this.#options.useRememberMeTokens) {\n this.attemptedViaRemember = true\n return this.#authenticateViaRememberCookie(rememberMeCookie, session.sessionId)\n }\n\n /**\n * Otherwise throw an exception\n */\n throw this.#authenticationFailed(session.sessionId)\n }\n\n /**\n * Silently check if the user is authenticated or not, without\n * throwing any exceptions\n */\n async check(): Promise<boolean> {\n try {\n await this.authenticate()\n return true\n } catch (error) {\n if (error instanceof E_UNAUTHORIZED_ACCESS) {\n return false\n }\n\n throw error\n }\n }\n\n /**\n * Returns the session info for the clients to send during\n * an HTTP request to mark the user as logged-in.\n */\n async authenticateAsClient(\n user: UserProvider[typeof PROVIDER_REAL_USER]\n ): Promise<AuthClientResponse> {\n const providerUser = await this.#userProvider.createUserForGuard(user)\n const userId = providerUser.getId()\n\n return {\n session: {\n [this.sessionKeyName]: userId,\n },\n }\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { inspect } from 'node:util'\nimport type { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\nimport type { LucidModel } from '@adonisjs/lucid/types/model'\n\nimport { RememberMeToken } from '../remember_me_token.js'\nimport type {\n RememberMeTokenDbColumns,\n RememberMeTokensProviderContract,\n DbRememberMeTokensProviderOptions,\n} from '../types.js'\n\n/**\n * DbRememberMeTokensProvider uses lucid database service to fetch and\n * persist tokens for a given user.\n *\n * The user must be an instance of the associated user model.\n */\nexport class DbRememberMeTokensProvider<TokenableModel extends LucidModel>\n implements RememberMeTokensProviderContract<TokenableModel>\n{\n /**\n * Create tokens provider instance for a given Lucid model\n */\n static forModel<TokenableModel extends LucidModel>(\n model: DbRememberMeTokensProviderOptions<TokenableModel>['tokenableModel'],\n options?: Omit<DbRememberMeTokensProviderOptions<TokenableModel>, 'tokenableModel'>\n ) {\n return new DbRememberMeTokensProvider<TokenableModel>({\n tokenableModel: model,\n ...(options || {}),\n })\n }\n\n /**\n * Database table to use for querying remember me tokens\n */\n protected table: string\n\n /**\n * The length for the token secret. A secret is a cryptographically\n * secure random string.\n */\n protected tokenSecretLength: number\n\n constructor(protected options: DbRememberMeTokensProviderOptions<TokenableModel>) {\n this.table = options.table || 'remember_me_tokens'\n this.tokenSecretLength = options.tokenSecretLength || 40\n }\n\n /**\n * Check if value is an object\n */\n #isObject(value: unknown) {\n return value !== null && typeof value === 'object' && !Array.isArray(value)\n }\n\n /**\n * Ensure the provided user is an instance of the user model and\n * has a primary key\n */\n #ensureIsPersisted(user: InstanceType<TokenableModel>) {\n const model = this.options.tokenableModel\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for managing remember me tokens. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n }\n\n /**\n * Maps a database row to an instance token instance\n */\n protected dbRowToRememberMeToken(dbRow: RememberMeTokenDbColumns): RememberMeToken {\n return new RememberMeToken({\n identifier: dbRow.id,\n tokenableId: dbRow.tokenable_id,\n hash: dbRow.hash,\n createdAt:\n typeof dbRow.created_at === 'number' ? new Date(dbRow.created_at) : dbRow.created_at,\n updatedAt:\n typeof dbRow.updated_at === 'number' ? new Date(dbRow.updated_at) : dbRow.updated_at,\n expiresAt:\n typeof dbRow.expires_at === 'number' ? new Date(dbRow.expires_at) : dbRow.expires_at,\n })\n }\n\n /**\n * Returns a query client instance from the parent model\n */\n protected async getDb() {\n const model = this.options.tokenableModel\n return model.$adapter.query(model).client\n }\n\n /**\n * Create a token for a user\n */\n async create(user: InstanceType<TokenableModel>, expiresIn: string | number) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n\n /**\n * Creating a transient token. Transient token abstracts\n * the logic of creating a random secure secret and its\n * hash\n */\n const transientToken = RememberMeToken.createTransientToken(\n user.$primaryKeyValue!,\n this.tokenSecretLength,\n expiresIn\n )\n\n /**\n * Row to insert inside the database. We expect exactly these\n * columns to exist.\n */\n const dbRow: Omit<RememberMeTokenDbColumns, 'id'> = {\n tokenable_id: transientToken.userId,\n hash: transientToken.hash,\n created_at: new Date(),\n updated_at: new Date(),\n expires_at: transientToken.expiresAt,\n }\n\n /**\n * Insert data to the database.\n */\n const result = await queryClient.table(this.table).insert(dbRow).returning('id')\n const id = this.#isObject(result[0]) ? result[0].id : result[0]\n\n /**\n * Throw error when unable to find id in the return value of\n * the insert query\n */\n if (!id) {\n throw new RuntimeException(\n `Cannot save access token. The result \"${inspect(result)}\" of insert query is unexpected`\n )\n }\n\n /**\n * Convert db row to a remember token\n */\n return new RememberMeToken({\n identifier: id,\n tokenableId: dbRow.tokenable_id,\n secret: transientToken.secret,\n hash: dbRow.hash,\n createdAt: dbRow.created_at,\n updatedAt: dbRow.updated_at,\n expiresAt: dbRow.expires_at,\n })\n }\n\n /**\n * Find a token for a user by the token id\n */\n async find(user: InstanceType<TokenableModel>, identifier: string | number | BigInt) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRow = await queryClient\n .query<RememberMeTokenDbColumns>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n return this.dbRowToRememberMeToken(dbRow)\n }\n\n /**\n * Delete a token by its id\n */\n async delete(\n user: InstanceType<TokenableModel>,\n identifier: string | number | BigInt\n ): Promise<number> {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const affectedRows = await queryClient\n .query<number>()\n .from(this.table)\n .where({ id: identifier, tokenable_id: user.$primaryKeyValue })\n .del()\n .exec()\n\n return affectedRows as unknown as number\n }\n\n /**\n * Returns all the tokens a given user\n */\n async all(user: InstanceType<TokenableModel>) {\n this.#ensureIsPersisted(user)\n\n const queryClient = await this.getDb()\n const dbRows = await queryClient\n .query<RememberMeTokenDbColumns>()\n .from(this.table)\n .where({ tokenable_id: user.$primaryKeyValue })\n .orderBy('id', 'desc')\n .exec()\n\n return dbRows.map((dbRow) => {\n return this.dbRowToRememberMeToken(dbRow)\n })\n }\n\n /**\n * Verifies a publicly shared remember me token and returns an\n * RememberMeToken for it.\n *\n * Returns null when unable to verify the token or find it\n * inside the storage\n */\n async verify(tokenValue: Secret<string>) {\n const decodedToken = RememberMeToken.decode(tokenValue.release())\n if (!decodedToken) {\n return null\n }\n\n const db = await this.getDb()\n const dbRow = await db\n .query<RememberMeTokenDbColumns>()\n .from(this.table)\n .where({ id: decodedToken.identifier })\n .limit(1)\n .first()\n\n if (!dbRow) {\n return null\n }\n\n /**\n * Convert to remember me token instance\n */\n const rememberMeToken = this.dbRowToRememberMeToken(dbRow)\n\n /**\n * Ensure the token secret matches the token hash\n */\n if (!rememberMeToken.verify(decodedToken.secret) || rememberMeToken.isExpired()) {\n return null\n }\n\n return rememberMeToken\n }\n\n /**\n * Recycles a remember me token by deleting the old one and\n * creates a new one.\n *\n * Ideally, the recycle should update the existing token, but we\n * skip that for now and come back to it later and handle race\n * conditions as well.\n */\n async recycle(\n user: InstanceType<TokenableModel>,\n identifier: string | number | BigInt,\n expiresIn: string | number\n ): Promise<RememberMeToken> {\n await this.delete(user, identifier)\n return this.create(user, expiresIn)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport { Secret } from '@adonisjs/core/helpers'\nimport { RuntimeException } from '@adonisjs/core/exceptions'\n\nimport { RememberMeToken } from '../remember_me_token.js'\nimport { PROVIDER_REAL_USER } from '../../../src/symbols.js'\nimport type {\n SessionGuardUser,\n LucidAuthenticatable,\n SessionLucidUserProviderOptions,\n SessionUserProviderContract,\n} from '../types.js'\n\n/**\n * Uses a lucid model to verify access tokens and find a user during\n * authentication\n */\nexport class SessionLucidUserProvider<UserModel extends LucidAuthenticatable>\n implements SessionUserProviderContract<InstanceType<UserModel>>\n{\n declare [PROVIDER_REAL_USER]: InstanceType<UserModel>\n\n /**\n * Reference to the lazily imported model\n */\n protected model?: UserModel\n\n constructor(\n /**\n * Lucid provider options\n */\n protected options: SessionLucidUserProviderOptions<UserModel>\n ) {}\n\n /**\n * Imports the model from the provider, returns and caches it\n * for further operations.\n */\n protected async getModel() {\n if (this.model) {\n return this.model\n }\n\n const importedModel = await this.options.model()\n this.model = importedModel.default\n return this.model\n }\n\n /**\n * Returns the tokens provider associated with the user model\n */\n protected async getTokensProvider() {\n const model = await this.getModel()\n\n if (!model.rememberMeTokens) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for verifying remember me tokens. Make sure to assign a token provider to the model.`\n )\n }\n\n return model.rememberMeTokens\n }\n\n /**\n * Creates an adapter user for the guard\n */\n async createUserForGuard(\n user: InstanceType<UserModel>\n ): Promise<SessionGuardUser<InstanceType<UserModel>>> {\n const model = await this.getModel()\n if (user instanceof model === false) {\n throw new RuntimeException(\n `Invalid user object. It must be an instance of the \"${model.name}\" model`\n )\n }\n\n return {\n getId() {\n /**\n * Ensure user has a primary key\n */\n if (!user.$primaryKeyValue) {\n throw new RuntimeException(\n `Cannot use \"${model.name}\" model for authentication. The value of column \"${model.primaryKey}\" is undefined or null`\n )\n }\n\n return user.$primaryKeyValue\n },\n getOriginal() {\n return user\n },\n }\n }\n\n /**\n * Finds a user by their primary key value\n */\n async findById(\n identifier: string | number | BigInt\n ): Promise<SessionGuardUser<InstanceType<UserModel>> | null> {\n const model = await this.getModel()\n const user = await model.find(identifier)\n\n if (!user) {\n return null\n }\n\n return this.createUserForGuard(user)\n }\n\n /**\n * Creates a remember token for a given user\n */\n async createRememberToken(\n user: InstanceType<UserModel>,\n expiresIn: string | number\n ): Promise<RememberMeToken> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.create(user, expiresIn)\n }\n\n /**\n * Verify a token by its publicly shared value\n */\n async verifyRememberToken(tokenValue: Secret<string>): Promise<RememberMeToken | null> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.verify(tokenValue)\n }\n\n /**\n * Delete a token for a user by the token identifier\n */\n async deleteRemeberToken(\n user: InstanceType<UserModel>,\n identifier: string | number | BigInt\n ): Promise<number> {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.delete(user, identifier)\n }\n\n /**\n * Recycle a token for a user by the token identifier\n */\n async recycleRememberToken(\n user: InstanceType<UserModel>,\n identifier: string | number | BigInt,\n expiresIn: string | number\n ) {\n const tokensProvider = await this.getTokensProvider()\n return tokensProvider.recycle(user, identifier, expiresIn)\n }\n}\n","/*\n * @adonisjs/auth\n *\n * (c) AdonisJS\n *\n * For the full copyright and license information, please view the LICENSE\n * file that was distributed with this source code.\n */\n\nimport type { HttpContext } from '@adonisjs/core/http'\nimport type { ConfigProvider } from '@adonisjs/core/types'\n\nimport { SessionGuard } from './guard.js'\nimport type { GuardConfigProvider } from '../../src/types.js'\nimport { SessionLucidUserProvider } from './user_providers/lucid.js'\nimport type {\n SessionGuardOptions,\n LucidAuthenticatable,\n SessionUserProviderContract,\n SessionLucidUserProviderOptions,\n SessionWithTokensUserProviderContract,\n} from './types.js'\n\n/**\n * Configures session tokens guard for authentication\n */\nexport function sessionGuard<\n UseRememberTokens extends boolean,\n UserProvider extends UseRememberTokens extends true\n ? SessionWithTokensUserProviderContract<unknown>\n : SessionUserProviderContract<unknown>,\n>(\n config: {\n provider: UserProvider | ConfigProvider<UserProvider>\n } & SessionGuardOptions<UseRememberTokens>\n): GuardConfigProvider<(ctx: HttpContext) => SessionGuard<UseRememberTokens, UserProvider>> {\n return {\n async resolver(name, app) {\n const emitter = await app.container.make('emitter')\n const provider =\n 'resolver' in config.provider ? await config.provider.resolver(app) : config.provider\n return (ctx) => new SessionGuard(name, ctx, config, emitter as any, provider)\n },\n }\n}\n\n/**\n * Configures user provider that uses Lucid models to authenticate\n * users using sessions\n */\nexport function sessionUserProvider<Model extends LucidAuthenticatable>(\n config: SessionLucidUserProviderOptions<Model>\n): SessionLucidUserProvider<Model> {\n return new SessionLucidUserProvider(config)\n}\n"],"mappings":";;;;;;AASA,SAAS,kBAAkB;AAC3B,OAAO,YAAY;AACnB,SAAS,QAAQ,QAAQ,iBAAiB;AAOnC,IAAM,kBAAN,MAAsB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ3B,OAAO,OAAO,OAAsE;AAIlF,QAAI,OAAO,UAAU,UAAU;AAC7B,aAAO;AAAA,IACT;AAKA,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,UAAM,CAAC,YAAY,GAAG,UAAU,IAAI,MAAM,MAAM,GAAG;AACnD,QAAI,CAAC,cAAc,WAAW,WAAW,GAAG;AAC1C,aAAO;AAAA,IACT;AAEA,UAAM,oBAAoB,OAAO,UAAU,UAAU;AACrD,UAAM,gBAAgB,OAAO,UAAU,WAAW,KAAK,GAAG,CAAC;AAC3D,QAAI,CAAC,qBAAqB,CAAC,eAAe;AACxC,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,MACL,YAAY;AAAA,MACZ,QAAQ,IAAI,OAAO,aAAa;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,qBACL,QACA,MACA,WACA;AACA,UAAM,YAAY,oBAAI,KAAK;AAC3B,cAAU,WAAW,UAAU,WAAW,IAAI,OAAO,QAAQ,MAAM,SAAS,CAAC;AAE7E,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,GAAG,KAAK,KAAK,IAAI;AAAA,IACnB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,KAAK,MAAc;AACxB,UAAM,OAAO,OAAO,OAAO,IAAI;AAC/B,UAAM,SAAS,IAAI,OAAO,IAAI;AAC9B,UAAM,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AACvE,WAAO,EAAE,QAAQ,KAAK;AAAA,EACxB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEA,YAAY,YAQT;AACD,SAAK,aAAa,WAAW;AAC7B,SAAK,cAAc,WAAW;AAC9B,SAAK,OAAO,WAAW;AACvB,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAC5B,SAAK,YAAY,WAAW;AAK5B,QAAI,WAAW,QAAQ;AACrB,WAAK,QAAQ,IAAI;AAAA,QACf,GAAG,OAAO,UAAU,OAAO,KAAK,UAAU,CAAC,CAAC,IAAI,OAAO;AAAA,UACrD,WAAW,OAAO,QAAQ;AAAA,QAC5B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,YAAY;AACV,WAAO,KAAK,YAAY,oBAAI,KAAK;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,QAAiC;AACtC,UAAM,UAAU,WAAW,QAAQ,EAAE,OAAO,OAAO,QAAQ,CAAC,EAAE,OAAO,KAAK;AAC1E,WAAO,UAAU,KAAK,MAAM,OAAO;AAAA,EACrC;AACF;;;AClKA,SAAS,UAAAA,eAAc;AAEvB,SAAS,wBAAwB;AAkB1B,IAAM,eAAN,MAMP;AAAA;AAAA;AAAA;AAAA,EASE;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA,aAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMxB,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA,EAM1B,uBAAuB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvB,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMlB,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA,EAMd,cAAc;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAad;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,IAAI,iBAAiB;AACnB,WAAO,QAAQ,KAAK,KAAK;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,oBAAoB;AACtB,WAAO,YAAY,KAAK,KAAK;AAAA,EAC/B;AAAA,EAEA,YACE,MACA,KACA,SACA,SACA,cACA;AACA,SAAK,QAAQ;AACb,SAAK,OAAO;AACZ,SAAK,WAAW,EAAE,qBAAqB,WAAW,GAAG,QAAQ;AAC7D,SAAK,WAAW;AAChB,SAAK,gBAAgB;AAAA,EACvB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,cAAc;AACZ,QAAI,EAAE,aAAa,KAAK,OAAO;AAC7B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,WAAO,KAAK,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,sBAAsB,WAAmB;AACvC,SAAK,kBAAkB;AACvB,SAAK,cAAc;AACnB,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,UAAM,QAAQ,IAAI,sBAAsB,mCAAmC;AAAA,MACzE,iBAAiB,KAAK;AAAA,IACxB,CAAC;AAED,SAAK,SAAS,KAAK,sCAAsC;AAAA,MACvD,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,IACF,CAAC;AAED,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,yBACE,WACA,MACA,iBACA;AACA,SAAK,kBAAkB;AACvB,SAAK,cAAc,CAAC,CAAC;AACrB,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,SAAK,SAAS,KAAK,yCAAyC;AAAA,MAC1D,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBACE,WACA,MACA,iBACA;AACA,SAAK,OAAO;AACZ,SAAK,cAAc;AAEnB,SAAK,SAAS,KAAK,gCAAgC;AAAA,MACjD,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,sBAAsB,QAAkC;AACtD,UAAM,UAAU,KAAK,YAAY;AACjC,YAAQ,IAAI,KAAK,gBAAgB,MAAM;AACvC,YAAQ,WAAW;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA,EAKA,wBAAwB,OAAuB;AAC7C,SAAK,KAAK,SAAS,gBAAgB,KAAK,mBAAmB,MAAM,QAAQ,GAAG;AAAA,MAC1E,QAAQ,KAAK,SAAS;AAAA,MACtB,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,mBAAmB,QAAkC,WAAmB;AAC5E,UAAM,eAAe,MAAM,KAAK,cAAc,SAAS,MAAM;AAC7D,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAEA,SAAK,yBAAyB,WAAW,aAAa,YAAY,CAAC;AACnE,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,+BAA+B,kBAA0B,WAAmB;AAKhF,UAAM,eAAe,KAAK;AAO1B,UAAM,QAAQ,MAAM,aAAa,oBAAoB,IAAIC,QAAO,gBAAgB,CAAC;AACjF,QAAI,CAAC,OAAO;AACV,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAMA,UAAM,eAAe,MAAM,aAAa,SAAS,MAAM,WAAW;AAClE,QAAI,CAAC,cAAc;AACjB,YAAM,KAAK,sBAAsB,SAAS;AAAA,IAC5C;AAKA,UAAM,gBAAgB,MAAM,aAAa;AAAA,MACvC,aAAa,YAAY;AAAA,MACzB,MAAM;AAAA,MACN,KAAK,SAAS;AAAA,IAChB;AAKA,SAAK,wBAAwB,cAAc,KAAM;AAKjD,SAAK,sBAAsB,aAAa,MAAM,CAAC;AAK/C,SAAK,yBAAyB,WAAW,aAAa,YAAY,GAAG,KAAK;AAE1E,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,gBAAyD;AACvD,QAAI,CAAC,KAAK,MAAM;AACd,YAAM,IAAI,sBAAsB,mCAAmC;AAAA,QACjE,iBAAiB,KAAK;AAAA,MACxB,CAAC;AAAA,IACH;AAEA,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,MAAM,MAA+C,WAAoB,OAAO;AACpF,UAAM,UAAU,KAAK,YAAY;AACjC,UAAM,eAAe,MAAM,KAAK,cAAc,mBAAmB,IAAI;AAErE,SAAK,SAAS,KAAK,gCAAgC;AAAA,MACjD,KAAK,KAAK;AAAA,MACV;AAAA,MACA,WAAW,KAAK;AAAA,IAClB,CAAC;AAMD,QAAI;AACJ,QAAI,UAAU;AACZ,UAAI,CAAC,KAAK,SAAS,qBAAqB;AACtC,cAAM,IAAI,iBAAiB,uDAAuD;AAAA,MACpF;AAMA,YAAM,eAAe,KAAK;AAI1B,cAAQ,MAAM,aAAa;AAAA,QACzB,aAAa,YAAY;AAAA,QACzB,KAAK,SAAS;AAAA,MAChB;AAAA,IACF;AAMA,QAAI,OAAO;AACT,WAAK,wBAAwB,MAAM,KAAM;AAAA,IAC3C,OAAO;AACL,WAAK,KAAK,SAAS,YAAY,KAAK,iBAAiB;AAAA,IACvD;AAKA,SAAK,sBAAsB,aAAa,MAAM,CAAC;AAK/C,SAAK,gBAAgB,QAAQ,WAAW,aAAa,YAAY,GAAG,KAAK;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAS;AACb,UAAM,UAAU,KAAK,YAAY;AACjC,UAAM,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,KAAK,iBAAiB;AAKjF,YAAQ,OAAO,KAAK,cAAc;AAClC,SAAK,KAAK,SAAS,YAAY,KAAK,iBAAiB;AASrD,QAAI,KAAK,QAAQ,oBAAoB,KAAK,SAAS,qBAAqB;AAKtE,YAAM,eAAe,KAAK;AAI1B,YAAM,QAAQ,MAAM,aAAa,oBAAoB,IAAIA,QAAO,gBAAgB,CAAC;AACjF,UAAI,OAAO;AACT,cAAM,aAAa,mBAAmB,KAAK,MAAM,MAAM,UAAU;AAAA,MACnE;AAAA,IACF;AAKA,SAAK,OAAO;AACZ,SAAK,cAAc;AACnB,SAAK,kBAAkB;AACvB,SAAK,cAAc;AAKnB,SAAK,SAAS,KAAK,2BAA2B;AAAA,MAC5C,KAAK,KAAK;AAAA,MACV,WAAW,KAAK;AAAA,MAChB,MAAM,KAAK,QAAQ;AAAA,MACnB,WAAW,QAAQ;AAAA,IACrB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAiE;AAKrE,QAAI,KAAK,yBAAyB;AAChC,aAAO,KAAK,cAAc;AAAA,IAC5B;AAKA,SAAK,0BAA0B;AAC/B,UAAM,UAAU,KAAK,YAAY;AAEjC,SAAK,SAAS,KAAK,yCAAyC;AAAA,MAC1D,KAAK,KAAK;AAAA,MACV,WAAW,QAAQ;AAAA,MACnB,WAAW,KAAK;AAAA,IAClB,CAAC;AAOD,UAAM,aAAa,QAAQ,IAAI,KAAK,cAAc;AAClD,QAAI,YAAY;AACd,aAAO,KAAK,mBAAmB,YAAY,QAAQ,SAAS;AAAA,IAC9D;AAOA,UAAM,mBAAmB,KAAK,KAAK,QAAQ,gBAAgB,KAAK,iBAAiB;AACjF,QAAI,oBAAoB,KAAK,SAAS,qBAAqB;AACzD,WAAK,uBAAuB;AAC5B,aAAO,KAAK,+BAA+B,kBAAkB,QAAQ,SAAS;AAAA,IAChF;AAKA,UAAM,KAAK,sBAAsB,QAAQ,SAAS;AAAA,EACpD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,QAA0B;AAC9B,QAAI;AACF,YAAM,KAAK,aAAa;AACxB,aAAO;AAAA,IACT,SAAS,OAAO;AACd,UAAI,iBAAiB,uBAAuB;AAC1C,eAAO;AAAA,MACT;AAEA,YAAM;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBACJ,MAC6B;AAC7B,UAAM,eAAe,MAAM,KAAK,cAAc,mBAAmB,IAAI;AACrE,UAAM,SAAS,aAAa,MAAM;AAElC,WAAO;AAAA,MACL,SAAS;AAAA,QACP,CAAC,KAAK,cAAc,GAAG;AAAA,MACzB;AAAA,IACF;AAAA,EACF;AACF;;;AC7gBA,SAAS,eAAe;AAExB,SAAS,oBAAAC,yBAAwB;AAgB1B,IAAM,6BAAN,MAAM,4BAEb;AAAA,EAyBE,YAAsB,SAA4D;AAA5D;AACpB,SAAK,QAAQ,QAAQ,SAAS;AAC9B,SAAK,oBAAoB,QAAQ,qBAAqB;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA,EAxBA,OAAO,SACL,OACA,SACA;AACA,WAAO,IAAI,4BAA2C;AAAA,MACpD,gBAAgB;AAAA,MAChB,GAAI,WAAW,CAAC;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKU;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA;AAAA;AAAA;AAAA;AAAA,EAUV,UAAU,OAAgB;AACxB,WAAO,UAAU,QAAQ,OAAO,UAAU,YAAY,CAAC,MAAM,QAAQ,KAAK;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,mBAAmB,MAAoC;AACrD,UAAM,QAAQ,KAAK,QAAQ;AAC3B,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIC;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,QAAI,CAAC,KAAK,kBAAkB;AAC1B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI,iEAAiE,MAAM,UAAU;AAAA,MAC5G;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKU,uBAAuB,OAAkD;AACjF,WAAO,IAAI,gBAAgB;AAAA,MACzB,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,MAAM,MAAM;AAAA,MACZ,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,MAC5E,WACE,OAAO,MAAM,eAAe,WAAW,IAAI,KAAK,MAAM,UAAU,IAAI,MAAM;AAAA,IAC9E,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,QAAQ;AACtB,UAAM,QAAQ,KAAK,QAAQ;AAC3B,WAAO,MAAM,SAAS,MAAM,KAAK,EAAE;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAO,MAAoC,WAA4B;AAC3E,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AAOrC,UAAM,iBAAiB,gBAAgB;AAAA,MACrC,KAAK;AAAA,MACL,KAAK;AAAA,MACL;AAAA,IACF;AAMA,UAAM,QAA8C;AAAA,MAClD,cAAc,eAAe;AAAA,MAC7B,MAAM,eAAe;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,oBAAI,KAAK;AAAA,MACrB,YAAY,eAAe;AAAA,IAC7B;AAKA,UAAM,SAAS,MAAM,YAAY,MAAM,KAAK,KAAK,EAAE,OAAO,KAAK,EAAE,UAAU,IAAI;AAC/E,UAAM,KAAK,KAAK,UAAU,OAAO,CAAC,CAAC,IAAI,OAAO,CAAC,EAAE,KAAK,OAAO,CAAC;AAM9D,QAAI,CAAC,IAAI;AACP,YAAM,IAAIA;AAAA,QACR,yCAAyC,QAAQ,MAAM,CAAC;AAAA,MAC1D;AAAA,IACF;AAKA,WAAO,IAAI,gBAAgB;AAAA,MACzB,YAAY;AAAA,MACZ,aAAa,MAAM;AAAA,MACnB,QAAQ,eAAe;AAAA,MACvB,MAAM,MAAM;AAAA,MACZ,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,MACjB,WAAW,MAAM;AAAA,IACnB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,KAAK,MAAoC,YAAsC;AACnF,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,QAAQ,MAAM,YACjB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,iBAAiB,CAAC,EAC7D,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,uBAAuB,KAAK;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OACJ,MACA,YACiB;AACjB,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,eAAe,MAAM,YACxB,MAAc,EACd,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,YAAY,cAAc,KAAK,iBAAiB,CAAC,EAC7D,IAAI,EACJ,KAAK;AAER,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,IAAI,MAAoC;AAC5C,SAAK,mBAAmB,IAAI;AAE5B,UAAM,cAAc,MAAM,KAAK,MAAM;AACrC,UAAM,SAAS,MAAM,YAClB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,cAAc,KAAK,iBAAiB,CAAC,EAC7C,QAAQ,MAAM,MAAM,EACpB,KAAK;AAER,WAAO,OAAO,IAAI,CAAC,UAAU;AAC3B,aAAO,KAAK,uBAAuB,KAAK;AAAA,IAC1C,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OAAO,YAA4B;AACvC,UAAM,eAAe,gBAAgB,OAAO,WAAW,QAAQ,CAAC;AAChE,QAAI,CAAC,cAAc;AACjB,aAAO;AAAA,IACT;AAEA,UAAM,KAAK,MAAM,KAAK,MAAM;AAC5B,UAAM,QAAQ,MAAM,GACjB,MAAgC,EAChC,KAAK,KAAK,KAAK,EACf,MAAM,EAAE,IAAI,aAAa,WAAW,CAAC,EACrC,MAAM,CAAC,EACP,MAAM;AAET,QAAI,CAAC,OAAO;AACV,aAAO;AAAA,IACT;AAKA,UAAM,kBAAkB,KAAK,uBAAuB,KAAK;AAKzD,QAAI,CAAC,gBAAgB,OAAO,aAAa,MAAM,KAAK,gBAAgB,UAAU,GAAG;AAC/E,aAAO;AAAA,IACT;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,QACJ,MACA,YACA,WAC0B;AAC1B,UAAM,KAAK,OAAO,MAAM,UAAU;AAClC,WAAO,KAAK,OAAO,MAAM,SAAS;AAAA,EACpC;AACF;;;ACrRA,SAAS,oBAAAC,yBAAwB;AAe1B,IAAM,2BAAN,MAEP;AAAA,EAQE,YAIY,SACV;AADU;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAPO;AAAA;AAAA;AAAA;AAAA;AAAA,EAaV,MAAgB,WAAW;AACzB,QAAI,KAAK,OAAO;AACd,aAAO,KAAK;AAAA,IACd;AAEA,UAAM,gBAAgB,MAAM,KAAK,QAAQ,MAAM;AAC/C,SAAK,QAAQ,cAAc;AAC3B,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA,EAKA,MAAgB,oBAAoB;AAClC,UAAM,QAAQ,MAAM,KAAK,SAAS;AAElC,QAAI,CAAC,MAAM,kBAAkB;AAC3B,YAAM,IAAIA;AAAA,QACR,eAAe,MAAM,IAAI;AAAA,MAC3B;AAAA,IACF;AAEA,WAAO,MAAM;AAAA,EACf;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACoD;AACpD,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,QAAI,gBAAgB,UAAU,OAAO;AACnC,YAAM,IAAIA;AAAA,QACR,uDAAuD,MAAM,IAAI;AAAA,MACnE;AAAA,IACF;AAEA,WAAO;AAAA,MACL,QAAQ;AAIN,YAAI,CAAC,KAAK,kBAAkB;AAC1B,gBAAM,IAAIA;AAAA,YACR,eAAe,MAAM,IAAI,oDAAoD,MAAM,UAAU;AAAA,UAC/F;AAAA,QACF;AAEA,eAAO,KAAK;AAAA,MACd;AAAA,MACA,cAAc;AACZ,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,SACJ,YAC2D;AAC3D,UAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,UAAM,OAAO,MAAM,MAAM,KAAK,UAAU;AAExC,QAAI,CAAC,MAAM;AACT,aAAO;AAAA,IACT;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACrC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBACJ,MACA,WAC0B;AAC1B,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAM,SAAS;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,oBAAoB,YAA6D;AACrF,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,UAAU;AAAA,EACzC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,mBACJ,MACA,YACiB;AACjB,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,OAAO,MAAM,UAAU;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,qBACJ,MACA,YACA,WACA;AACA,UAAM,iBAAiB,MAAM,KAAK,kBAAkB;AACpD,WAAO,eAAe,QAAQ,MAAM,YAAY,SAAS;AAAA,EAC3D;AACF;;;ACtIO,SAAS,aAMd,QAG0F;AAC1F,SAAO;AAAA,IACL,MAAM,SAAS,MAAM,KAAK;AACxB,YAAM,UAAU,MAAM,IAAI,UAAU,KAAK,SAAS;AAClD,YAAM,WACJ,cAAc,OAAO,WAAW,MAAM,OAAO,SAAS,SAAS,GAAG,IAAI,OAAO;AAC/E,aAAO,CAAC,QAAQ,IAAI,aAAa,MAAM,KAAK,QAAQ,SAAgB,QAAQ;AAAA,IAC9E;AAAA,EACF;AACF;AAMO,SAAS,oBACd,QACiC;AACjC,SAAO,IAAI,yBAAyB,MAAM;AAC5C;","names":["Secret","Secret","RuntimeException","RuntimeException","RuntimeException"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adonisjs/auth",
|
|
3
|
-
"version": "9.0.
|
|
3
|
+
"version": "9.0.3",
|
|
4
4
|
"description": "Official authentication provider for Adonis framework",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "build/index.js",
|
|
@@ -28,7 +28,11 @@
|
|
|
28
28
|
},
|
|
29
29
|
"scripts": {
|
|
30
30
|
"pretest": "npm run lint",
|
|
31
|
-
"test": "c8 npm run
|
|
31
|
+
"test": "c8 npm run test:sqlite && npm run test:mysql && npm run test:pg && npm run test:mssql",
|
|
32
|
+
"test:sqlite": "npm run quick:test",
|
|
33
|
+
"test:mysql": "cross-env DB=mysql npm run quick:test",
|
|
34
|
+
"test:mssql": "cross-env DB=mssql npm run quick:test",
|
|
35
|
+
"test:pg": "cross-env DB=pg npm run quick:test",
|
|
32
36
|
"clean": "del-cli build",
|
|
33
37
|
"typecheck": "tsc --noEmit",
|
|
34
38
|
"copy:templates": "copyfiles \"stubs/**/*.stub\" --up=\"1\" build",
|
|
@@ -64,9 +68,9 @@
|
|
|
64
68
|
"@adonisjs/core": "^6.2.1",
|
|
65
69
|
"@adonisjs/eslint-config": "^1.2.1",
|
|
66
70
|
"@adonisjs/i18n": "^2.0.0",
|
|
67
|
-
"@adonisjs/lucid": "^
|
|
71
|
+
"@adonisjs/lucid": "^20.0.0",
|
|
68
72
|
"@adonisjs/prettier-config": "^1.2.1",
|
|
69
|
-
"@adonisjs/session": "^7.1.
|
|
73
|
+
"@adonisjs/session": "^7.1.1",
|
|
70
74
|
"@adonisjs/tsconfig": "^1.2.1",
|
|
71
75
|
"@commitlint/cli": "^18.5.0",
|
|
72
76
|
"@commitlint/config-conventional": "^18.5.0",
|
|
@@ -81,7 +85,7 @@
|
|
|
81
85
|
"@swc/core": "^1.3.105",
|
|
82
86
|
"@types/basic-auth": "^1.1.7",
|
|
83
87
|
"@types/luxon": "^3.4.2",
|
|
84
|
-
"@types/node": "^20.
|
|
88
|
+
"@types/node": "^20.11.6",
|
|
85
89
|
"@types/set-cookie-parser": "^2.4.7",
|
|
86
90
|
"@types/sinon": "^17.0.3",
|
|
87
91
|
"c8": "^9.0.0",
|
|
@@ -89,17 +93,21 @@
|
|
|
89
93
|
"copyfiles": "^2.4.1",
|
|
90
94
|
"cross-env": "^7.0.3",
|
|
91
95
|
"del-cli": "^5.1.0",
|
|
96
|
+
"dotenv": "^16.4.1",
|
|
92
97
|
"eslint": "^8.56.0",
|
|
93
98
|
"github-label-sync": "^2.3.1",
|
|
94
|
-
"husky": "^
|
|
99
|
+
"husky": "^9.0.1",
|
|
95
100
|
"luxon": "^3.4.4",
|
|
101
|
+
"mysql2": "^3.8.0",
|
|
96
102
|
"nock": "^13.5.0",
|
|
97
103
|
"np": "^9.2.0",
|
|
104
|
+
"pg": "^8.11.3",
|
|
98
105
|
"playwright": "^1.41.1",
|
|
99
106
|
"prettier": "^3.1.1",
|
|
100
107
|
"set-cookie-parser": "^2.6.0",
|
|
101
108
|
"sinon": "^17.0.1",
|
|
102
109
|
"sqlite3": "^5.1.7",
|
|
110
|
+
"tedious": "^16.6.1",
|
|
103
111
|
"timekeeper": "^2.3.1",
|
|
104
112
|
"ts-node": "^10.9.2",
|
|
105
113
|
"tsup": "^8.0.1",
|
|
@@ -136,7 +144,7 @@
|
|
|
136
144
|
]
|
|
137
145
|
},
|
|
138
146
|
"dependencies": {
|
|
139
|
-
"@adonisjs/presets": "^2.2.
|
|
147
|
+
"@adonisjs/presets": "^2.2.3",
|
|
140
148
|
"basic-auth": "^2.0.1"
|
|
141
149
|
},
|
|
142
150
|
"peerDependencies": {
|