@alinsafawi/aegis-auth 0.1.4 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/index.js +32 -65
  2. package/package.json +1 -1
package/dist/index.js CHANGED
@@ -22720,54 +22720,24 @@ async function promptFeatures(roleIds) {
22720
22720
  ${import_chalk5.default.dim("All features can be toggled later in auth.config.ts \u2192 features")}
22721
22721
  `
22722
22722
  );
22723
- const selected = await p4.multiselect({
22724
- message: "Which security features do you want?",
22725
- options: [
22726
- {
22727
- value: "twoFactor",
22728
- label: "Two-Factor Authentication",
22729
- hint: "TOTP (Authy, 1Password) + backup codes"
22730
- },
22731
- {
22732
- value: "emailVerification",
22733
- label: "Email Verification",
22734
- hint: "6-digit code, 15 min expiry, resend flow"
22735
- },
22736
- {
22737
- value: "passwordReset",
22738
- label: "Password Reset",
22739
- hint: '"Forgot password" via email'
22740
- },
22741
- {
22742
- value: "accountLockout",
22743
- label: "Account Lockout",
22744
- hint: "per-account, not per-IP \u2014 locks after failed logins"
22745
- },
22746
- {
22747
- value: "apiKeys",
22748
- label: "API Keys",
22749
- hint: "users generate keys for programmatic access"
22750
- },
22751
- {
22752
- value: "auditLog",
22753
- label: "Audit Log",
22754
- hint: "records every auth event to a DB table"
22755
- },
22756
- {
22757
- value: "sessionTracking",
22758
- label: "Session Tracking",
22759
- hint: '"Sign out all devices" \u2014 without this, JWTs are stateless'
22760
- }
22761
- ],
22762
- initialValues: ["twoFactor", "emailVerification", "passwordReset", "accountLockout"],
22763
- required: false
22764
- });
22765
- if (p4.isCancel(selected)) process.exit(0);
22766
- const has = (f) => selected.includes(f);
22723
+ const twoFactor = await p4.confirm({ message: "Two-Factor Authentication (TOTP via Authy, 1Password + backup codes)", initialValue: true });
22724
+ if (p4.isCancel(twoFactor)) process.exit(0);
22725
+ const emailVerification = await p4.confirm({ message: "Email Verification (6-digit code, 15 min expiry, resend flow)", initialValue: true });
22726
+ if (p4.isCancel(emailVerification)) process.exit(0);
22727
+ const passwordReset = await p4.confirm({ message: 'Password Reset ("Forgot password" via email)', initialValue: true });
22728
+ if (p4.isCancel(passwordReset)) process.exit(0);
22729
+ const accountLockout = await p4.confirm({ message: "Account Lockout (locks after N failed logins, per-account)", initialValue: true });
22730
+ if (p4.isCancel(accountLockout)) process.exit(0);
22731
+ const apiKeys = await p4.confirm({ message: "API Keys (users generate keys for programmatic access)", initialValue: false });
22732
+ if (p4.isCancel(apiKeys)) process.exit(0);
22733
+ const auditLog = await p4.confirm({ message: "Audit Log (records every auth event to a DB table)", initialValue: false });
22734
+ if (p4.isCancel(auditLog)) process.exit(0);
22735
+ const sessionTracking = await p4.confirm({ message: 'Session Tracking ("Sign out all devices" \u2014 without this, JWTs are stateless)', initialValue: false });
22736
+ if (p4.isCancel(sessionTracking)) process.exit(0);
22767
22737
  let lockoutAttempts = 5;
22768
22738
  let lockoutMinutes = 15;
22769
22739
  let enforced2FARoles = [];
22770
- if (has("accountLockout")) {
22740
+ if (accountLockout) {
22771
22741
  console.log(
22772
22742
  `
22773
22743
  ${import_chalk5.default.dim("\u2500 Account Lockout Settings \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500")}
@@ -22798,7 +22768,7 @@ async function promptFeatures(roleIds) {
22798
22768
  if (p4.isCancel(duration)) process.exit(0);
22799
22769
  lockoutMinutes = duration;
22800
22770
  }
22801
- if (has("twoFactor") && roleIds.length > 0) {
22771
+ if (twoFactor && roleIds.length > 0) {
22802
22772
  console.log(
22803
22773
  `
22804
22774
  ${import_chalk5.default.dim("\u2500 2FA Enforcement \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500")}
@@ -22809,17 +22779,14 @@ async function promptFeatures(roleIds) {
22809
22779
  ${import_chalk5.default.dim("access the app until setup is complete.")}
22810
22780
  `
22811
22781
  );
22812
- const enforced = await p4.multiselect({
22813
- message: "Require 2FA for any roles? (cannot be skipped)",
22814
- options: [
22815
- { value: "__none__", label: "No role requires it" },
22816
- ...roleIds.map((id) => ({ value: id, label: id }))
22817
- ],
22818
- initialValues: ["__none__"],
22819
- required: false
22820
- });
22821
- if (p4.isCancel(enforced)) process.exit(0);
22822
- enforced2FARoles = enforced.filter((r) => r !== "__none__");
22782
+ for (const roleId of roleIds) {
22783
+ const enforce = await p4.confirm({
22784
+ message: `Require 2FA for role "${roleId}"?`,
22785
+ initialValue: false
22786
+ });
22787
+ if (p4.isCancel(enforce)) process.exit(0);
22788
+ if (enforce) enforced2FARoles.push(roleId);
22789
+ }
22823
22790
  }
22824
22791
  console.log(
22825
22792
  `
@@ -22858,15 +22825,15 @@ async function promptFeatures(roleIds) {
22858
22825
  });
22859
22826
  if (p4.isCancel(reuse)) process.exit(0);
22860
22827
  return {
22861
- twoFactor: has("twoFactor"),
22862
- emailVerification: has("emailVerification"),
22863
- passwordReset: has("passwordReset"),
22864
- accountLockout: has("accountLockout"),
22828
+ twoFactor,
22829
+ emailVerification,
22830
+ passwordReset,
22831
+ accountLockout,
22865
22832
  lockoutAttempts,
22866
22833
  lockoutMinutes,
22867
- apiKeys: has("apiKeys"),
22868
- auditLog: has("auditLog"),
22869
- sessionTracking: has("sessionTracking"),
22834
+ apiKeys,
22835
+ auditLog,
22836
+ sessionTracking,
22870
22837
  enforced2FARoles,
22871
22838
  minPasswordLength: Number(minLen),
22872
22839
  passwordExpiry: expiry,
@@ -23991,7 +23958,7 @@ dist
23991
23958
  n: 1,
23992
23959
  title: "Fill in .env.local",
23993
23960
  lines: [
23994
- `${import_chalk8.default.cyan("AEGIS_JWT_SECRET=")} ${import_chalk8.default.dim("\u2190 openssl rand -base64 32")}`,
23961
+ `${import_chalk8.default.cyan("AEGIS_JWT_SECRET=")} ${import_chalk8.default.dim(process.platform === "win32" ? "\u2190 [Convert]::ToBase64String((1..32|%{[byte](Get-Random -Max 256)}))" : "\u2190 openssl rand -base64 32")}`,
23995
23962
  `${import_chalk8.default.cyan("DATABASE_URL=")}`,
23996
23963
  features.emailVerification || features.passwordReset ? `${import_chalk8.default.cyan("AEGIS_SMTP_HOST=")}` : "",
23997
23964
  infra.rateLimitProvider === "upstash" ? `${import_chalk8.default.cyan("UPSTASH_REDIS_REST_URL=")}` : ""
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@alinsafawi/aegis-auth",
3
- "version": "0.1.4",
3
+ "version": "0.1.6",
4
4
  "description": "The shield your Next.js app deserves — full-stack auth in minutes",
5
5
  "bin": {
6
6
  "aegis-auth": "dist/index.js"