@arikajs/auth 0.0.4 → 0.0.5

package/dist/Guards/JwtGuard.js

@@ -0,0 +1,158 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtGuard = void 0;
+const jwt = __importStar(require("jsonwebtoken"));
+const crypto = __importStar(require("crypto"));
+class JwtGuard {
+    constructor(provider, request, secret, options = {}) {
+        this.loggedUser = null;
+        this.provider = provider;
+        this.request = request;
+        this.secret = secret;
+        this.options = options;
+    }
+    async check() {
+        return !!(await this.user());
+    }
+    async guest() {
+        return !(await this.check());
+    }
+    async user() {
+        if (this.loggedUser)
+            return this.loggedUser;
+        const token = this.getTokenForRequest();
+        if (!token)
+            return null;
+        try {
+            const decoded = jwt.verify(token, this.secret, this.options);
+            if (decoded && decoded.sub) {
+                // If the provider supports retrieving by ID, use it for stateless verification payload validation
+                // In a purely stateless app, you might just return the decoded payload or a Model proxy instead
+                // of querying the DB. But to ensure user is active/exists, we retrieve it:
+                this.loggedUser = await this.provider.retrieveById(decoded.sub);
+                return this.loggedUser;
+            }
+        }
+        catch (e) {
+            return null; // Invalid token
+        }
+        return null;
+    }
+    async id() {
+        if (this.loggedUser)
+            return this.loggedUser.id;
+        const token = this.getTokenForRequest();
+        if (!token)
+            return null;
+        try {
+            const decoded = jwt.verify(token, this.secret, this.options);
+            return decoded ? decoded.sub : null;
+        }
+        catch (e) {
+            return null;
+        }
+    }
+    async validate(credentials) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (!user)
+            return false;
+        return await this.provider.validateCredentials(user, credentials);
+    }
+    /**
+     * Authenticate a user and return a JWT token and refresh token
+     */
+    async attempt(credentials) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (user && await this.provider.validateCredentials(user, credentials)) {
+            this.login(user);
+            return await this.issueTokens(user);
+        }
+        return false;
+    }
+    async issueTokens(user, additionalPayload = {}) {
+        const payload = { sub: user.id, ...additionalPayload };
+        const access_token = jwt.sign(payload, this.secret, this.options);
+        const response = { access_token };
+        if (this.provider.updateRefreshToken) {
+            const refresh_token = crypto.randomBytes(40).toString('hex');
+            await this.provider.updateRefreshToken(user, refresh_token);
+            response.refresh_token = refresh_token;
+        }
+        return response;
+    }
+    async refresh(refreshToken) {
+        if (!this.provider.retrieveByRefreshToken) {
+            throw new Error('UserProvider does not support retrieveByRefreshToken');
+        }
+        const user = await this.provider.retrieveByRefreshToken(refreshToken);
+        if (!user) {
+            throw new Error('Invalid or expired refresh token');
+        }
+        return await this.issueTokens(user);
+    }
+    login(user) {
+        this.setUser(user);
+    }
+    logout() {
+        this.loggedUser = null;
+    }
+    setUser(user) {
+        this.loggedUser = user;
+        if (this.request) {
+            this.request.user = user;
+        }
+    }
+    setRequest(request) {
+        this.request = request;
+    }
+    getTokenForRequest() {
+        let authHeader;
+        // Support ArikaJS Request with header() method
+        if (typeof this.request?.header === 'function') {
+            authHeader = this.request.header('authorization');
+        }
+        // Fallback to raw headers object
+        if (!authHeader && this.request?.headers?.['authorization']) {
+            authHeader = this.request.headers['authorization'];
+        }
+        if (authHeader && authHeader.startsWith('Bearer ')) {
+            return authHeader.substring(7);
+        }
+        return null;
+    }
+}
+exports.JwtGuard = JwtGuard;
+//# sourceMappingURL=JwtGuard.js.map

package/dist/Guards/JwtGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtGuard.js","sourceRoot":"","sources":["../../src/Guards/JwtGuard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,kDAAoC;AACpC,+CAAiC;AAEjC,MAAa,QAAQ;IAOjB,YAAY,QAAsB,EAAE,OAAY,EAAE,MAAc,EAAE,UAAe,EAAE;QAF3E,eAAU,GAAQ,IAAI,CAAC;QAG3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAA4B,CAAQ,CAAC;YACzF,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBACzB,kGAAkG;gBAClG,gGAAgG;gBAChG,2EAA2E;gBAC3E,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAChE,OAAO,IAAI,CAAC,UAAU,CAAC;YAC3B,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,IAAI,CAAC,CAAC,gBAAgB;QACjC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,EAAE;QACX,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAE/C,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAA4B,CAAQ,CAAC;YACzF,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;QACxC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAgC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,WAAgC;QACjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,CAAC;YACrE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAS,EAAE,oBAA4B,EAAE;QAC9D,MAAM,OAAO,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,iBAAiB,EAAE,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAA0B,CAAC,CAAC;QAErF,MAAM,QAAQ,GAAqD,EAAE,YAAY,EAAE,CAAC;QAEpF,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC;YACnC,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YAC5D,QAAQ,CAAC,aAAa,GAAG,aAAa,CAAC;QAC3C,CAAC;QAED,OAAO,QAAQ,CAAC;IACpB,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,YAAoB;QACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,IAAS;QAClB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAEM,MAAM;QACT,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3B,CAAC;IAEM,OAAO,CAAC,IAAS;QACpB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QAC7B,CAAC;IACL,CAAC;IAEM,UAAU,CAAC,OAAY;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAES,kBAAkB;QACxB,IAAI,UAA8B,CAAC;QAEnC,+CAA+C;QAC/C,IAAI,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,KAAK,UAAU,EAAE,CAAC;YAC7C,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAW,CAAC;QAChE,CAAC;QACD,iCAAiC;QACjC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;YAC1D,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ;AA9ID,4BA8IC"}

package/dist/Guards/SessionGuard.d.ts

@@ -10,10 +10,14 @@ export declare class SessionGuard implements Guard {
     user(): Promise<any>;
     id(): Promise<string | number | null>;
     validate(credentials: Record<string, any>): Promise<boolean>;
-    attempt(credentials: Record<string, any>): Promise<boolean>;
-    login(user: any): void;
-    logout(): void;
+    attempt(credentials: Record<string, any>, remember?: boolean): Promise<boolean>;
+    login(user: any, remember?: boolean): Promise<void>;
+    logout(): Promise<void>;
     setUser(user: any): void;
+    private request;
     setRequest(request: any): void;
+    private getRememberCookie;
+    private queueRememberCookie;
+    private clearRememberCookie;
 }
 //# sourceMappingURL=SessionGuard.d.ts.map

package/dist/Guards/SessionGuard.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"SessionGuard.d.ts","sourceRoot":"","sources":["../../src/Guards/SessionGuard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,qBAAa,YAAa,YAAW,KAAK;IACtC,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,OAAO,CAAM;IACrB,OAAO,CAAC,UAAU,CAAa;gBAEnB,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG;IAKnC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC;IAcpB,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAKrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAS5D,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IASjE,KAAK,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI;IAOtB,MAAM,IAAI,IAAI;IAOd,OAAO,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI;IAIxB,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI;CAMxC"}
+{"version":3,"file":"SessionGuard.d.ts","sourceRoot":"","sources":["../../src/Guards/SessionGuard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,qBAAa,YAAa,YAAW,KAAK;IACtC,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,OAAO,CAAM;IACrB,OAAO,CAAC,UAAU,CAAa;gBAEnB,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG;IAiBnC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC;IA4BpB,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAKrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAS5D,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,QAAQ,GAAE,OAAe,GAAG,OAAO,CAAC,OAAO,CAAC;IAStF,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB1D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAgB7B,OAAO,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI;IAI/B,OAAO,CAAC,OAAO,CAAM;IAEd,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI;IAOrC,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,mBAAmB;CAK9B"}

package/dist/Guards/SessionGuard.js

@@ -1,11 +1,58 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SessionGuard = void 0;
+const crypto = __importStar(require("crypto"));
 class SessionGuard {
     constructor(provider, session) {
         this.loggedUser = null;
         this.provider = provider;
-        this.session = session;
+        // Accept any session-like object (sync or async API).
+        // The @arikajs/session Session class has async get/put;
+        // the legacy fallback below is sync — both work because we await all calls.
+        if (session && (typeof session.get === 'function' || typeof session.put === 'function')) {
+            this.session = session;
+        }
+        else {
+            const store = {};
+            this.session = {
+                get(key) { return store[key] ?? null; },
+                put(key, value) { store[key] = value; },
+                forget(key) { delete store[key]; },
+            };
+        }
     }
     async check() {
         return !!(await this.user());
@@ -17,10 +64,25 @@ class SessionGuard {
         if (this.loggedUser) {
             return this.loggedUser;
         }
-        const id = this.session.get ? this.session.get('auth_user_id') : null;
+        // Await to support both sync (legacy) and async (Session class) APIs
+        const id = this.session.get ? await Promise.resolve(this.session.get('auth_user_id')) : null;
         if (id) {
             this.loggedUser = await this.provider.retrieveById(id);
         }
+        else {
+            // Check for remember me cookie
+            const rememberTokenString = this.getRememberCookie();
+            if (rememberTokenString) {
+                const [userId, token] = rememberTokenString.split('|');
+                if (userId && token && this.provider.retrieveByToken) {
+                    const user = await this.provider.retrieveByToken(userId, token);
+                    if (user) {
+                        this.login(user, true); // re-authenticate
+                        this.loggedUser = user;
+                    }
+                }
+            }
+        }
         return this.loggedUser;
     }
     async id() {
@@ -34,35 +96,67 @@ class SessionGuard {
         }
         return await this.provider.validateCredentials(user, credentials);
     }
-    async attempt(credentials) {
+    async attempt(credentials, remember = false) {
         if (await this.validate(credentials)) {
             const user = await this.provider.retrieveByCredentials(credentials);
-            this.login(user);
+            await this.login(user, remember);
             return true;
         }
         return false;
     }
-    login(user) {
+    async login(user, remember = false) {
         this.loggedUser = user;
         if (this.session.put) {
-            this.session.put('auth_user_id', user.id);
+            // Await to support both sync and async session APIs
+            await Promise.resolve(this.session.put('auth_user_id', user.id));
+        }
+        if (remember) {
+            const token = crypto.randomBytes(32).toString('hex');
+            if (this.provider.updateRememberToken) {
+                await this.provider.updateRememberToken(user, token);
+            }
+            this.queueRememberCookie(user.id, token);
         }
     }
-    logout() {
+    async logout() {
+        const userId = this.loggedUser?.id;
         this.loggedUser = null;
         if (this.session.forget) {
-            this.session.forget('auth_user_id');
+            await Promise.resolve(this.session.forget('auth_user_id'));
+        }
+        this.clearRememberCookie();
+        if (userId && this.provider.updateRememberToken) {
+            // Invalidate token in provider asynchronously 
+            this.provider.updateRememberToken({ id: userId }, null).catch(() => { });
         }
     }
     setUser(user) {
         this.loggedUser = user;
     }
     setRequest(request) {
-        // In a real framework, this would bind the session from the request
-        if (request.session) {
+        this.request = request;
+        if (request && request.session) {
             this.session = request.session;
         }
     }
+    getRememberCookie() {
+        if (this.request?.cookies && typeof this.request.cookies === 'function') {
+            return this.request.cookies('remember_web');
+        }
+        return this.request?.cookies?.['remember_web'] || null;
+    }
+    queueRememberCookie(userId, token) {
+        const val = `${userId}|${token}`;
+        if (this.request?.cookie && typeof this.request.cookie === 'function') {
+            // Expires in 5 years essentially "forever" in internet time
+            this.request.cookie('remember_web', val, { maxAge: 5 * 365 * 24 * 60 * 60 * 1000, httpOnly: true });
+        }
+    }
+    clearRememberCookie() {
+        if (this.request?.clearCookie && typeof this.request.clearCookie === 'function') {
+            this.request.clearCookie('remember_web');
+        }
+    }
 }
 exports.SessionGuard = SessionGuard;
 //# sourceMappingURL=SessionGuard.js.map

package/dist/Guards/SessionGuard.js.map

@@ -1 +1 @@
-{"version":3,"file":"SessionGuard.js","sourceRoot":"","sources":["../../src/Guards/SessionGuard.ts"],"names":[],"mappings":";;;AAIA,MAAa,YAAY;IAKrB,YAAY,QAAsB,EAAE,OAAY;QAFxC,eAAU,GAAQ,IAAI,CAAC;QAG3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,UAAU,CAAC;QAC3B,CAAC;QAED,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAEtE,IAAI,EAAE,EAAE,CAAC;YACL,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,EAAE;QACX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAgC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,WAAgC;QACjD,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YACpE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAEM,KAAK,CAAC,IAAS;QAClB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACnB,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC;QAC9C,CAAC;IACL,CAAC;IAEM,MAAM;QACT,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QACxC,CAAC;IACL,CAAC;IAEM,OAAO,CAAC,IAAS;QACpB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3B,CAAC;IAEM,UAAU,CAAC,OAAY;QAC1B,oEAAoE;QACpE,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAClB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QACnC,CAAC;IACL,CAAC;CACJ;AA/ED,oCA+EC"}
+{"version":3,"file":"SessionGuard.js","sourceRoot":"","sources":["../../src/Guards/SessionGuard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,+CAAiC;AAEjC,MAAa,YAAY;IAKrB,YAAY,QAAsB,EAAE,OAAY;QAFxC,eAAU,GAAQ,IAAI,CAAC;QAG3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,sDAAsD;QACtD,wDAAwD;QACxD,4EAA4E;QAC5E,IAAI,OAAO,IAAI,CAAC,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,CAAC,EAAE,CAAC;YACtF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;aAAM,CAAC;YACJ,MAAM,KAAK,GAAwB,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,GAAG;gBACX,GAAG,CAAC,GAAW,IAAI,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;gBAC/C,GAAG,CAAC,GAAW,EAAE,KAAU,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;gBACpD,MAAM,CAAC,GAAW,IAAI,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC7C,CAAC;QACN,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,UAAU,CAAC;QAC3B,CAAC;QAED,qEAAqE;QACrE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7F,IAAI,EAAE,EAAE,CAAC;YACL,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACJ,+BAA+B;YAC/B,MAAM,mBAAmB,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACrD,IAAI,mBAAmB,EAAE,CAAC;gBACtB,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvD,IAAI,MAAM,IAAI,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC;oBACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;oBAChE,IAAI,IAAI,EAAE,CAAC;wBACP,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,kBAAkB;wBAC1C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;oBAC3B,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,EAAE;QACX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAgC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,WAAgC,EAAE,WAAoB,KAAK;QAC5E,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YACpE,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAEM,KAAK,CAAC,KAAK,CAAC,IAAS,EAAE,WAAoB,KAAK;QACnD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACnB,oDAAoD;YACpD,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAErD,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,MAAM;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAEvB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAE3B,IAAI,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,+CAA+C;YAC/C,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7E,CAAC;IACL,CAAC;IAEM,OAAO,CAAC,IAAS;QACpB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3B,CAAC;IAIM,UAAU,CAAC,OAAY;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QACnC,CAAC;IACL,CAAC;IAEO,iBAAiB;QACrB,IAAI,IAAI,CAAC,OAAO,EAAE,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC;IAC3D,CAAC;IAEO,mBAAmB,CAAC,MAAuB,EAAE,KAAa;QAC9D,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;QACjC,IAAI,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACpE,4DAA4D;YAC5D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACxG,CAAC;IACL,CAAC;IAEO,mBAAmB;QACvB,IAAI,IAAI,CAAC,OAAO,EAAE,WAAW,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC9E,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;CACJ;AApJD,oCAoJC"}

package/dist/Hasher.d.ts

@@ -7,5 +7,9 @@ export declare class Hasher {
      * Check if a plain text value matches a hash.
      */
     static check(value: string, hash: string): Promise<boolean>;
+    /**
+     * Check if a hash needs to be rehashed.
+     */
+    static needsRehash(hash: string): boolean;
 }
 //# sourceMappingURL=Hasher.d.ts.map

package/dist/Hasher.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Hasher.d.ts","sourceRoot":"","sources":["../src/Hasher.ts"],"names":[],"mappings":"AAEA,qBAAa,MAAM;IACf;;OAEG;WACiB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,MAAW,GAAG,OAAO,CAAC,MAAM,CAAC;IAI7E;;OAEG;WACiB,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAG3E"}
+{"version":3,"file":"Hasher.d.ts","sourceRoot":"","sources":["../src/Hasher.ts"],"names":[],"mappings":"AAEA,qBAAa,MAAM;IACf;;OAEG;WACiB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,MAAW,GAAG,OAAO,CAAC,MAAM,CAAC;IAI7E;;OAEG;WACiB,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIxE;;OAEG;WACW,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAGnD"}

package/dist/Hasher.js

@@ -48,6 +48,12 @@ class Hasher {
     static async check(value, hash) {
         return await bcrypt.compare(value, hash);
     }
+    /**
+     * Check if a hash needs to be rehashed.
+     */
+    static needsRehash(hash) {
+        return false; // Implement proper check later
+    }
 }
 exports.Hasher = Hasher;
 //# sourceMappingURL=Hasher.js.map

package/dist/Hasher.js.map

@@ -1 +1 @@
-{"version":3,"file":"Hasher.js","sourceRoot":"","sources":["../src/Hasher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,MAAa,MAAM;IACf;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB,EAAE;QACvD,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE,IAAY;QACjD,OAAO,MAAM,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;CACJ;AAdD,wBAcC"}
+{"version":3,"file":"Hasher.js","sourceRoot":"","sources":["../src/Hasher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,MAAa,MAAM;IACf;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB,EAAE;QACvD,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE,IAAY;QACjD,OAAO,MAAM,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW,CAAC,IAAY;QAClC,OAAO,KAAK,CAAC,CAAC,+BAA+B;IACjD,CAAC;CACJ;AArBD,wBAqBC"}

package/dist/Middleware/Authenticate.d.ts

@@ -1,7 +1,7 @@
 import { AuthManager } from '../AuthManager';
 export declare class Authenticate {
-    private auth;
     protected guards: string[];
+    private auth;
     constructor(auth: AuthManager);
     /**
      * Set the guards that should be checked.
@@ -9,7 +9,16 @@ export declare class Authenticate {
     using(...guards: string[]): this;
     /**
      * Handle the incoming request.
+     * Creates a per-request AuthContext and binds it to req.auth
+     */
+    handle(request: any, next: (request: any) => Promise<any> | any, response?: any, ...guards: string[]): Promise<any>;
+    /**
+     * Handle an unauthenticated user.
+     */
+    protected unauthenticated(request: any, guards: string[], response?: any): any;
+    /**
+     * Get the path the user should be redirected to when they are not authenticated.
      */
-    handle(request: any, next: (request: any) => Promise<any> | any): Promise<any>;
+    protected redirectTo(request: any): string | null;
 }
 //# sourceMappingURL=Authenticate.d.ts.map

package/dist/Middleware/Authenticate.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"Authenticate.d.ts","sourceRoot":"","sources":["../../src/Middleware/Authenticate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,qBAAa,YAAY;IAGT,OAAO,CAAC,IAAI;IAFxB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAM;gBAEZ,IAAI,EAAE,WAAW;IAErC;;OAEG;IACI,KAAK,CAAC,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI;IAKvC;;OAEG;IACU,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;CAoB9F"}
+{"version":3,"file":"Authenticate.d.ts","sourceRoot":"","sources":["../../src/Middleware/Authenticate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,qBAAa,YAAY;IACrB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAM;IAEhC,OAAO,CAAC,IAAI,CAAc;gBACd,IAAI,EAAE,WAAW;IAI7B;;OAEG;IACI,KAAK,CAAC,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI;IAKvC;;;OAGG;IACU,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IA4BhI;;OAEG;IACH,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,GAAG;IAa9E;;OAEG;IACH,SAAS,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI;CAGpD"}

package/dist/Middleware/Authenticate.js

@@ -1,10 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Authenticate = void 0;
+const AuthManager_1 = require("../AuthManager");
 class Authenticate {
     constructor(auth) {
-        this.auth = auth;
         this.guards = [];
+        this.auth = auth instanceof AuthManager_1.AuthManager ? auth : auth.resolve(AuthManager_1.AuthManager);
     }
     /**
      * Set the guards that should be checked.
@@ -15,24 +16,51 @@ class Authenticate {
     }
     /**
      * Handle the incoming request.
+     * Creates a per-request AuthContext and binds it to req.auth
      */
-    async handle(request, next) {
-        // 1. Bind the current request to the AuthManager/Guards
-        this.auth.setRequest(request);
-        // 2. Determine guards to check
-        const guardsToCheck = this.guards.length === 0
-            ? [undefined]
-            : this.guards;
-        // 3. Check each guard
-        for (const guard of guardsToCheck) {
-            if (await this.auth.guard(guard).check()) {
-                this.auth.shouldUse(guard);
-                return next(request);
+    async handle(request, next, response, ...guards) {
+        // 1. Create an isolated AuthContext for this request (binds to req.auth)
+        const context = this.auth.createContext(request);
+        // 2. Run the rest of the request within this context (for global facade support)
+        return await this.auth.runWithContext(context, async () => {
+            // 3. Determine guards to check
+            // Priority:
+            // 1. Guards passed via middleware string (e.g., 'auth:web,admin')
+            // 2. Guards set via .using() in code
+            // 3. Default guard from config
+            const guardsToCheck = guards.length > 0
+                ? guards
+                : (this.guards.length === 0 ? [this.auth.getDefaultGuard()] : this.guards);
+            // 4. Check each guard
+            for (const guard of guardsToCheck) {
+                if (await context.guard(guard).check()) {
+                    this.auth.shouldUse(guard);
+                    return next(request);
+                }
             }
+            // 5. Fail if no guard authenticated
+            return this.unauthenticated(request, guardsToCheck, response);
+        });
+    }
+    /**
+     * Handle an unauthenticated user.
+     */
+    unauthenticated(request, guards, response) {
+        if (request && typeof request.expectsJson === 'function' && request.expectsJson()) {
+            return response.json({ message: 'Unauthenticated.' }, 401);
+        }
+        const redirectTo = this.redirectTo(request);
+        if (redirectTo && response) {
+            return response.redirect(redirectTo);
         }
-        // 4. Fail if no guard authenticated
         throw new Error('Unauthenticated.');
     }
+    /**
+     * Get the path the user should be redirected to when they are not authenticated.
+     */
+    redirectTo(request) {
+        return '/auth/login';
+    }
 }
 exports.Authenticate = Authenticate;
 //# sourceMappingURL=Authenticate.js.map

package/dist/Middleware/Authenticate.js.map

@@ -1 +1 @@
-{"version":3,"file":"Authenticate.js","sourceRoot":"","sources":["../../src/Middleware/Authenticate.ts"],"names":[],"mappings":";;;AAEA,MAAa,YAAY;IAGrB,YAAoB,IAAiB;QAAjB,SAAI,GAAJ,IAAI,CAAa;QAF3B,WAAM,GAAa,EAAE,CAAC;IAES,CAAC;IAE1C;;OAEG;IACI,KAAK,CAAC,GAAG,MAAgB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,MAAM,CAAC,OAAY,EAAE,IAA0C;QACxE,wDAAwD;QACxD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE9B,+BAA+B;QAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAC1C,CAAC,CAAC,CAAC,SAA8B,CAAC;YAClC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QAElB,sBAAsB;QACtB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;YAChC,IAAI,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;gBACvC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;YACzB,CAAC;QACL,CAAC;QAED,oCAAoC;QACpC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACxC,CAAC;CACJ;AApCD,oCAoCC"}
+{"version":3,"file":"Authenticate.js","sourceRoot":"","sources":["../../src/Middleware/Authenticate.ts"],"names":[],"mappings":";;;AAAA,gDAA6C;AAE7C,MAAa,YAAY;IAIrB,YAAY,IAAiB;QAHnB,WAAM,GAAa,EAAE,CAAC;QAI5B,IAAI,CAAC,IAAI,GAAG,IAAI,YAAY,yBAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAE,IAAY,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;IACxF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,GAAG,MAAgB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,MAAM,CAAC,OAAY,EAAE,IAA0C,EAAE,QAAc,EAAE,GAAG,MAAgB;QAC7G,yEAAyE;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAEjD,iFAAiF;QACjF,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACtD,+BAA+B;YAC/B,YAAY;YACZ,kEAAkE;YAClE,qCAAqC;YACrC,+BAA+B;YAC/B,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC;gBACnC,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE/E,sBAAsB;YACtB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;gBAChC,IAAI,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;oBACrC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzB,CAAC;YACL,CAAC;YAED,oCAAoC;YACpC,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACO,eAAe,CAAC,OAAY,EAAE,MAAgB,EAAE,QAAc;QACpE,IAAI,OAAO,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;YAChF,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,UAAU,IAAI,QAAQ,EAAE,CAAC;YACzB,OAAO,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACO,UAAU,CAAC,OAAY;QAC7B,OAAO,aAAa,CAAC;IACzB,CAAC;CACJ;AAtED,oCAsEC"}

package/dist/Middleware/EnsureEmailIsVerified.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Middleware that ensures the authenticated user has verified their email.
+ * Use as: .middleware(['verified'])
+ */
+export declare class EnsureEmailIsVerified {
+    handle(request: any, next: (req: any) => Promise<any> | any, response?: any): Promise<any>;
+}
+//# sourceMappingURL=EnsureEmailIsVerified.d.ts.map

package/dist/Middleware/EnsureEmailIsVerified.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnsureEmailIsVerified.d.ts","sourceRoot":"","sources":["../../src/Middleware/EnsureEmailIsVerified.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,qBAAqB;IACjB,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;CAmB1G"}

package/dist/Middleware/EnsureEmailIsVerified.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EnsureEmailIsVerified = void 0;
+/**
+ * Middleware that ensures the authenticated user has verified their email.
+ * Use as: .middleware(['verified'])
+ */
+class EnsureEmailIsVerified {
+    async handle(request, next, response) {
+        const user = request.auth ? await request.auth.user() : null;
+        if (!user) {
+            if (request.expectsJson && request.expectsJson()) {
+                return response.json({ message: 'Unauthenticated.' }, 401);
+            }
+            throw new Error('Unauthenticated.');
+        }
+        if (typeof user.hasVerifiedEmail === 'function' && !user.hasVerifiedEmail()) {
+            if (request.expectsJson && request.expectsJson()) {
+                return response.json({ message: 'Your email address is not verified.' }, 403);
+            }
+            throw new Error('Your email address is not verified.');
+        }
+        return next(request);
+    }
+}
+exports.EnsureEmailIsVerified = EnsureEmailIsVerified;
+//# sourceMappingURL=EnsureEmailIsVerified.js.map

package/dist/Middleware/EnsureEmailIsVerified.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnsureEmailIsVerified.js","sourceRoot":"","sources":["../../src/Middleware/EnsureEmailIsVerified.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,MAAa,qBAAqB;IACvB,KAAK,CAAC,MAAM,CAAC,OAAY,EAAE,IAAsC,EAAE,QAAc;QACpF,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7D,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,UAAU,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC;YAC1E,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;gBAC/C,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,qCAAqC,EAAE,EAAE,GAAG,CAAC,CAAC;YAClF,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;IACzB,CAAC;CACJ;AApBD,sDAoBC"}

package/dist/Passwords/PasswordResetBroker.d.ts

@@ -0,0 +1,37 @@
+import { UserProvider } from '../Contracts/UserProvider';
+export interface TokenRepository {
+    create(user: any): Promise<string>;
+    exists(user: any, token: string): Promise<boolean>;
+    delete(user: any): Promise<void>;
+    deleteExpired(): Promise<void>;
+}
+/**
+ * In-memory token repository (production apps should use a database-backed one)
+ */
+export declare class InMemoryTokenRepository implements TokenRepository {
+    private tokens;
+    private expiryMinutes;
+    constructor(expiryMinutes?: number);
+    create(user: any): Promise<string>;
+    exists(user: any, token: string): Promise<boolean>;
+    delete(user: any): Promise<void>;
+    deleteExpired(): Promise<void>;
+}
+export declare class PasswordResetBroker {
+    private provider;
+    private tokens;
+    constructor(provider: UserProvider, tokens?: TokenRepository);
+    /**
+     * Send a password reset link to a user.
+     */
+    sendResetLink(credentials: Record<string, any>): Promise<string>;
+    /**
+     * Reset the password for the given token.
+     */
+    reset(credentials: Record<string, any>, callback: (user: any, password: string) => Promise<void>): Promise<string>;
+    /**
+     * Clean up expired tokens
+     */
+    deleteExpiredTokens(): Promise<void>;
+}
+//# sourceMappingURL=PasswordResetBroker.d.ts.map

package/dist/Passwords/PasswordResetBroker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"PasswordResetBroker.d.ts","sourceRoot":"","sources":["../../src/Passwords/PasswordResetBroker.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,MAAM,WAAW,eAAe;IAC5B,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACnC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnD,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,qBAAa,uBAAwB,YAAW,eAAe;IAC3D,OAAO,CAAC,MAAM,CAA8D;IAC5E,OAAO,CAAC,aAAa,CAAS;gBAElB,aAAa,GAAE,MAAW;IAIzB,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAYlC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAmBlD,MAAM,CAAC,IAAI,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAIhC,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAU9C;AAED,qBAAa,mBAAmB;IAC5B,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,MAAM,CAAkB;gBAEpB,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,eAAe;IAK5D;;OAEG;IACU,aAAa,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAe7E;;OAEG;IACU,KAAK,CACd,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAChC,QAAQ,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GACzD,OAAO,CAAC,MAAM,CAAC;IAgBlB;;OAEG;IACU,mBAAmB,IAAI,OAAO,CAAC,IAAI,CAAC;CAGpD"}