@alinsafawi/aegis-auth 0.1.4 → 0.1.5

package/dist/index.js

@@ -22720,54 +22720,24 @@ async function promptFeatures(roleIds) {
   ${import_chalk5.default.dim("All features can be toggled later in auth.config.ts \u2192 features")}
 `
   );
-  const selected = await p4.multiselect({
-    message: "Which security features do you want?",
-    options: [
-      {
-        value: "twoFactor",
-        label: "Two-Factor Authentication",
-        hint: "TOTP (Authy, 1Password) + backup codes"
-      },
-      {
-        value: "emailVerification",
-        label: "Email Verification",
-        hint: "6-digit code, 15 min expiry, resend flow"
-      },
-      {
-        value: "passwordReset",
-        label: "Password Reset",
-        hint: '"Forgot password" via email'
-      },
-      {
-        value: "accountLockout",
-        label: "Account Lockout",
-        hint: "per-account, not per-IP \u2014 locks after failed logins"
-      },
-      {
-        value: "apiKeys",
-        label: "API Keys",
-        hint: "users generate keys for programmatic access"
-      },
-      {
-        value: "auditLog",
-        label: "Audit Log",
-        hint: "records every auth event to a DB table"
-      },
-      {
-        value: "sessionTracking",
-        label: "Session Tracking",
-        hint: '"Sign out all devices" \u2014 without this, JWTs are stateless'
-      }
-    ],
-    initialValues: ["twoFactor", "emailVerification", "passwordReset", "accountLockout"],
-    required: false
-  });
-  if (p4.isCancel(selected)) process.exit(0);
-  const has = (f) => selected.includes(f);
+  const twoFactor = await p4.confirm({ message: "Two-Factor Authentication  (TOTP via Authy, 1Password + backup codes)", initialValue: true });
+  if (p4.isCancel(twoFactor)) process.exit(0);
+  const emailVerification = await p4.confirm({ message: "Email Verification  (6-digit code, 15 min expiry, resend flow)", initialValue: true });
+  if (p4.isCancel(emailVerification)) process.exit(0);
+  const passwordReset = await p4.confirm({ message: 'Password Reset  ("Forgot password" via email)', initialValue: true });
+  if (p4.isCancel(passwordReset)) process.exit(0);
+  const accountLockout = await p4.confirm({ message: "Account Lockout  (locks after N failed logins, per-account)", initialValue: true });
+  if (p4.isCancel(accountLockout)) process.exit(0);
+  const apiKeys = await p4.confirm({ message: "API Keys  (users generate keys for programmatic access)", initialValue: false });
+  if (p4.isCancel(apiKeys)) process.exit(0);
+  const auditLog = await p4.confirm({ message: "Audit Log  (records every auth event to a DB table)", initialValue: false });
+  if (p4.isCancel(auditLog)) process.exit(0);
+  const sessionTracking = await p4.confirm({ message: 'Session Tracking  ("Sign out all devices" \u2014 without this, JWTs are stateless)', initialValue: false });
+  if (p4.isCancel(sessionTracking)) process.exit(0);
   let lockoutAttempts = 5;
   let lockoutMinutes = 15;
   let enforced2FARoles = [];
-  if (has("accountLockout")) {
+  if (accountLockout) {
     console.log(
       `
   ${import_chalk5.default.dim("\u2500  Account Lockout Settings  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500")}
@@ -22798,7 +22768,7 @@ async function promptFeatures(roleIds) {
     if (p4.isCancel(duration)) process.exit(0);
     lockoutMinutes = duration;
   }
-  if (has("twoFactor") && roleIds.length > 0) {
+  if (twoFactor && roleIds.length > 0) {
     console.log(
       `
   ${import_chalk5.default.dim("\u2500  2FA Enforcement  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500")}
@@ -22809,17 +22779,14 @@ async function promptFeatures(roleIds) {
   ${import_chalk5.default.dim("access the app until setup is complete.")}
 `
     );
-    const enforced = await p4.multiselect({
-      message: "Require 2FA for any roles?  (cannot be skipped)",
-      options: [
-        { value: "__none__", label: "No role requires it" },
-        ...roleIds.map((id) => ({ value: id, label: id }))
-      ],
-      initialValues: ["__none__"],
-      required: false
-    });
-    if (p4.isCancel(enforced)) process.exit(0);
-    enforced2FARoles = enforced.filter((r) => r !== "__none__");
+    for (const roleId of roleIds) {
+      const enforce = await p4.confirm({
+        message: `Require 2FA for role "${roleId}"?`,
+        initialValue: false
+      });
+      if (p4.isCancel(enforce)) process.exit(0);
+      if (enforce) enforced2FARoles.push(roleId);
+    }
   }
   console.log(
     `
@@ -22858,15 +22825,15 @@ async function promptFeatures(roleIds) {
   });
   if (p4.isCancel(reuse)) process.exit(0);
   return {
-    twoFactor: has("twoFactor"),
-    emailVerification: has("emailVerification"),
-    passwordReset: has("passwordReset"),
-    accountLockout: has("accountLockout"),
+    twoFactor,
+    emailVerification,
+    passwordReset,
+    accountLockout,
     lockoutAttempts,
     lockoutMinutes,
-    apiKeys: has("apiKeys"),
-    auditLog: has("auditLog"),
-    sessionTracking: has("sessionTracking"),
+    apiKeys,
+    auditLog,
+    sessionTracking,
     enforced2FARoles,
     minPasswordLength: Number(minLen),
     passwordExpiry: expiry,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@alinsafawi/aegis-auth",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "The shield your Next.js app deserves — full-stack auth in minutes",
   "bin": {
     "aegis-auth": "dist/index.js"