@arikajs/auth 0.0.4 → 0.0.6

package/dist/src/Guards/JwtGuard.js

@@ -0,0 +1,158 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtGuard = void 0;
+const jwt = __importStar(require("jsonwebtoken"));
+const crypto = __importStar(require("crypto"));
+class JwtGuard {
+    constructor(provider, request, secret, options = {}) {
+        this.loggedUser = null;
+        this.provider = provider;
+        this.request = request;
+        this.secret = secret;
+        this.options = options;
+    }
+    async check() {
+        return !!(await this.user());
+    }
+    async guest() {
+        return !(await this.check());
+    }
+    async user() {
+        if (this.loggedUser)
+            return this.loggedUser;
+        const token = this.getTokenForRequest();
+        if (!token)
+            return null;
+        try {
+            const decoded = jwt.verify(token, this.secret, this.options);
+            if (decoded && decoded.sub) {
+                // If the provider supports retrieving by ID, use it for stateless verification payload validation
+                // In a purely stateless app, you might just return the decoded payload or a Model proxy instead
+                // of querying the DB. But to ensure user is active/exists, we retrieve it:
+                this.loggedUser = await this.provider.retrieveById(decoded.sub);
+                return this.loggedUser;
+            }
+        }
+        catch (e) {
+            return null; // Invalid token
+        }
+        return null;
+    }
+    async id() {
+        if (this.loggedUser)
+            return this.loggedUser.id;
+        const token = this.getTokenForRequest();
+        if (!token)
+            return null;
+        try {
+            const decoded = jwt.verify(token, this.secret, this.options);
+            return decoded ? decoded.sub : null;
+        }
+        catch (e) {
+            return null;
+        }
+    }
+    async validate(credentials) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (!user)
+            return false;
+        return await this.provider.validateCredentials(user, credentials);
+    }
+    /**
+     * Authenticate a user and return a JWT token and refresh token
+     */
+    async attempt(credentials) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (user && await this.provider.validateCredentials(user, credentials)) {
+            this.login(user);
+            return await this.issueTokens(user);
+        }
+        return false;
+    }
+    async issueTokens(user, additionalPayload = {}) {
+        const payload = { sub: user.id, ...additionalPayload };
+        const access_token = jwt.sign(payload, this.secret, this.options);
+        const response = { access_token };
+        if (this.provider.updateRefreshToken) {
+            const refresh_token = crypto.randomBytes(40).toString('hex');
+            await this.provider.updateRefreshToken(user, refresh_token);
+            response.refresh_token = refresh_token;
+        }
+        return response;
+    }
+    async refresh(refreshToken) {
+        if (!this.provider.retrieveByRefreshToken) {
+            throw new Error('UserProvider does not support retrieveByRefreshToken');
+        }
+        const user = await this.provider.retrieveByRefreshToken(refreshToken);
+        if (!user) {
+            throw new Error('Invalid or expired refresh token');
+        }
+        return await this.issueTokens(user);
+    }
+    login(user) {
+        this.setUser(user);
+    }
+    logout() {
+        this.loggedUser = null;
+    }
+    setUser(user) {
+        this.loggedUser = user;
+        if (this.request) {
+            this.request.user = user;
+        }
+    }
+    setRequest(request) {
+        this.request = request;
+    }
+    getTokenForRequest() {
+        let authHeader;
+        // Support ArikaJS Request with header() method
+        if (typeof this.request?.header === 'function') {
+            authHeader = this.request.header('authorization');
+        }
+        // Fallback to raw headers object
+        if (!authHeader && this.request?.headers?.['authorization']) {
+            authHeader = this.request.headers['authorization'];
+        }
+        if (authHeader && authHeader.startsWith('Bearer ')) {
+            return authHeader.substring(7);
+        }
+        return null;
+    }
+}
+exports.JwtGuard = JwtGuard;
+//# sourceMappingURL=JwtGuard.js.map

package/dist/src/Guards/JwtGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"JwtGuard.js","sourceRoot":"","sources":["../../../src/Guards/JwtGuard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,kDAAoC;AACpC,+CAAiC;AAEjC,MAAa,QAAQ;IAOjB,YAAY,QAAsB,EAAE,OAAY,EAAE,MAAc,EAAE,UAAe,EAAE;QAF3E,eAAU,GAAQ,IAAI,CAAC;QAG3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC;QAE5C,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAA4B,CAAQ,CAAC;YACzF,IAAI,OAAO,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBACzB,kGAAkG;gBAClG,gGAAgG;gBAChG,2EAA2E;gBAC3E,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBAChE,OAAO,IAAI,CAAC,UAAU,CAAC;YAC3B,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,IAAI,CAAC,CAAC,gBAAgB;QACjC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,EAAE;QACX,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;QAE/C,MAAM,KAAK,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,IAAI,CAAC;YACD,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAA4B,CAAQ,CAAC;YACzF,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;QACxC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACT,OAAO,IAAI,CAAC;QAChB,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAgC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QAExB,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,OAAO,CAAC,WAAgC;QACjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,IAAI,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,EAAE,CAAC;YACrE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,IAAS,EAAE,oBAA4B,EAAE;QAC9D,MAAM,OAAO,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,iBAAiB,EAAE,CAAC;QACvD,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAA0B,CAAC,CAAC;QAErF,MAAM,QAAQ,GAAqD,EAAE,YAAY,EAAE,CAAC;QAEpF,IAAI,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,CAAC;YACnC,MAAM,aAAa,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;YAC5D,QAAQ,CAAC,aAAa,GAAG,aAAa,CAAC;QAC3C,CAAC;QAED,OAAO,QAAQ,CAAC;IACpB,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,YAAoB;QACrC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,sBAAsB,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,YAAY,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,IAAS;QAClB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;IAEM,MAAM;QACT,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3B,CAAC;IAEM,OAAO,CAAC,IAAS;QACpB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QAC7B,CAAC;IACL,CAAC;IAEM,UAAU,CAAC,OAAY;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAES,kBAAkB;QACxB,IAAI,UAA8B,CAAC;QAEnC,+CAA+C;QAC/C,IAAI,OAAO,IAAI,CAAC,OAAO,EAAE,MAAM,KAAK,UAAU,EAAE,CAAC;YAC7C,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,eAAe,CAAW,CAAC;QAChE,CAAC;QACD,iCAAiC;QACjC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,eAAe,CAAC,EAAE,CAAC;YAC1D,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,UAAU,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACjD,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ;AA9ID,4BA8IC"}

package/dist/src/Guards/SessionGuard.d.ts

@@ -0,0 +1,23 @@
+import { Guard } from '../Guard';
+import { UserProvider } from '../Contracts/UserProvider';
+export declare class SessionGuard implements Guard {
+    private provider;
+    private session;
+    private loggedUser;
+    constructor(provider: UserProvider, session: any);
+    check(): Promise<boolean>;
+    guest(): Promise<boolean>;
+    user(): Promise<any>;
+    id(): Promise<string | number | null>;
+    validate(credentials: Record<string, any>): Promise<boolean>;
+    attempt(credentials: Record<string, any>, remember?: boolean): Promise<boolean>;
+    login(user: any, remember?: boolean): Promise<void>;
+    logout(): Promise<void>;
+    setUser(user: any): void;
+    private request;
+    setRequest(request: any): void;
+    private getRememberCookie;
+    private queueRememberCookie;
+    private clearRememberCookie;
+}
+//# sourceMappingURL=SessionGuard.d.ts.map

package/dist/src/Guards/SessionGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionGuard.d.ts","sourceRoot":"","sources":["../../../src/Guards/SessionGuard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,qBAAa,YAAa,YAAW,KAAK;IACtC,OAAO,CAAC,QAAQ,CAAe;IAC/B,OAAO,CAAC,OAAO,CAAM;IACrB,OAAO,CAAC,UAAU,CAAa;gBAEnB,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG;IAiBnC,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC;IA4BpB,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAKrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAS5D,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,QAAQ,GAAE,OAAe,GAAG,OAAO,CAAC,OAAO,CAAC;IAStF,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,QAAQ,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB1D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAgB7B,OAAO,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI;IAI/B,OAAO,CAAC,OAAO,CAAM;IAEd,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI;IAOrC,OAAO,CAAC,iBAAiB;IAOzB,OAAO,CAAC,mBAAmB;IAQ3B,OAAO,CAAC,mBAAmB;CAK9B"}

package/dist/src/Guards/SessionGuard.js

@@ -0,0 +1,162 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionGuard = void 0;
+const crypto = __importStar(require("crypto"));
+class SessionGuard {
+    constructor(provider, session) {
+        this.loggedUser = null;
+        this.provider = provider;
+        // Accept any session-like object (sync or async API).
+        // The @arikajs/session Session class has async get/put;
+        // the legacy fallback below is sync — both work because we await all calls.
+        if (session && (typeof session.get === 'function' || typeof session.put === 'function')) {
+            this.session = session;
+        }
+        else {
+            const store = {};
+            this.session = {
+                get(key) { return store[key] ?? null; },
+                put(key, value) { store[key] = value; },
+                forget(key) { delete store[key]; },
+            };
+        }
+    }
+    async check() {
+        return !!(await this.user());
+    }
+    async guest() {
+        return !(await this.check());
+    }
+    async user() {
+        if (this.loggedUser) {
+            return this.loggedUser;
+        }
+        // Await to support both sync (legacy) and async (Session class) APIs
+        const id = this.session.get ? await Promise.resolve(this.session.get('auth_user_id')) : null;
+        if (id) {
+            this.loggedUser = await this.provider.retrieveById(id);
+        }
+        else {
+            // Check for remember me cookie
+            const rememberTokenString = this.getRememberCookie();
+            if (rememberTokenString) {
+                const [userId, token] = rememberTokenString.split('|');
+                if (userId && token && this.provider.retrieveByToken) {
+                    const user = await this.provider.retrieveByToken(userId, token);
+                    if (user) {
+                        this.login(user, true); // re-authenticate
+                        this.loggedUser = user;
+                    }
+                }
+            }
+        }
+        return this.loggedUser;
+    }
+    async id() {
+        const user = await this.user();
+        return user ? user.id : null;
+    }
+    async validate(credentials) {
+        const user = await this.provider.retrieveByCredentials(credentials);
+        if (!user) {
+            return false;
+        }
+        return await this.provider.validateCredentials(user, credentials);
+    }
+    async attempt(credentials, remember = false) {
+        if (await this.validate(credentials)) {
+            const user = await this.provider.retrieveByCredentials(credentials);
+            await this.login(user, remember);
+            return true;
+        }
+        return false;
+    }
+    async login(user, remember = false) {
+        this.loggedUser = user;
+        if (this.session.put) {
+            // Await to support both sync and async session APIs
+            await Promise.resolve(this.session.put('auth_user_id', user.id));
+        }
+        if (remember) {
+            const token = crypto.randomBytes(32).toString('hex');
+            if (this.provider.updateRememberToken) {
+                await this.provider.updateRememberToken(user, token);
+            }
+            this.queueRememberCookie(user.id, token);
+        }
+    }
+    async logout() {
+        const userId = this.loggedUser?.id;
+        this.loggedUser = null;
+        if (this.session.forget) {
+            await Promise.resolve(this.session.forget('auth_user_id'));
+        }
+        this.clearRememberCookie();
+        if (userId && this.provider.updateRememberToken) {
+            // Invalidate token in provider asynchronously 
+            this.provider.updateRememberToken({ id: userId }, null).catch(() => { });
+        }
+    }
+    setUser(user) {
+        this.loggedUser = user;
+    }
+    setRequest(request) {
+        this.request = request;
+        if (request && request.session) {
+            this.session = request.session;
+        }
+    }
+    getRememberCookie() {
+        if (this.request?.cookies && typeof this.request.cookies === 'function') {
+            return this.request.cookies('remember_web');
+        }
+        return this.request?.cookies?.['remember_web'] || null;
+    }
+    queueRememberCookie(userId, token) {
+        const val = `${userId}|${token}`;
+        if (this.request?.cookie && typeof this.request.cookie === 'function') {
+            // Expires in 5 years essentially "forever" in internet time
+            this.request.cookie('remember_web', val, { maxAge: 5 * 365 * 24 * 60 * 60 * 1000, httpOnly: true });
+        }
+    }
+    clearRememberCookie() {
+        if (this.request?.clearCookie && typeof this.request.clearCookie === 'function') {
+            this.request.clearCookie('remember_web');
+        }
+    }
+}
+exports.SessionGuard = SessionGuard;
+//# sourceMappingURL=SessionGuard.js.map

package/dist/src/Guards/SessionGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SessionGuard.js","sourceRoot":"","sources":["../../../src/Guards/SessionGuard.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,+CAAiC;AAEjC,MAAa,YAAY;IAKrB,YAAY,QAAsB,EAAE,OAAY;QAFxC,eAAU,GAAQ,IAAI,CAAC;QAG3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,sDAAsD;QACtD,wDAAwD;QACxD,4EAA4E;QAC5E,IAAI,OAAO,IAAI,CAAC,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,UAAU,CAAC,EAAE,CAAC;YACtF,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;aAAM,CAAC;YACJ,MAAM,KAAK,GAAwB,EAAE,CAAC;YACtC,IAAI,CAAC,OAAO,GAAG;gBACX,GAAG,CAAC,GAAW,IAAI,OAAO,KAAK,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;gBAC/C,GAAG,CAAC,GAAW,EAAE,KAAU,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC;gBACpD,MAAM,CAAC,GAAW,IAAI,OAAO,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;aAC7C,CAAC;QACN,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YAClB,OAAO,IAAI,CAAC,UAAU,CAAC;QAC3B,CAAC;QAED,qEAAqE;QACrE,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAE7F,IAAI,EAAE,EAAE,CAAC;YACL,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACJ,+BAA+B;YAC/B,MAAM,mBAAmB,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACrD,IAAI,mBAAmB,EAAE,CAAC;gBACtB,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBACvD,IAAI,MAAM,IAAI,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,CAAC;oBACnD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;oBAChE,IAAI,IAAI,EAAE,CAAC;wBACP,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,kBAAkB;wBAC1C,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;oBAC3B,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC,UAAU,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,EAAE;QACX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAgC;QAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;QACpE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IACtE,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,WAAgC,EAAE,WAAoB,KAAK;QAC5E,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;YACpE,MAAM,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;YACjC,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,KAAK,CAAC;IACjB,CAAC;IAEM,KAAK,CAAC,KAAK,CAAC,IAAS,EAAE,WAAoB,KAAK;QACnD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACvB,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YACnB,oDAAoD;YACpD,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACrE,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAErD,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;gBACpC,MAAM,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;IAEM,KAAK,CAAC,MAAM;QACf,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,EAAE,CAAC;QACnC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAEvB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;YACtB,MAAM,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC;QAC/D,CAAC;QAED,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAE3B,IAAI,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;YAC9C,+CAA+C;YAC/C,IAAI,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QAC7E,CAAC;IACL,CAAC;IAEM,OAAO,CAAC,IAAS;QACpB,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3B,CAAC;IAIM,UAAU,CAAC,OAAY;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QACnC,CAAC;IACL,CAAC;IAEO,iBAAiB;QACrB,IAAI,IAAI,CAAC,OAAO,EAAE,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;YACtE,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAChD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC;IAC3D,CAAC;IAEO,mBAAmB,CAAC,MAAuB,EAAE,KAAa;QAC9D,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,KAAK,EAAE,CAAC;QACjC,IAAI,IAAI,CAAC,OAAO,EAAE,MAAM,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;YACpE,4DAA4D;YAC5D,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACxG,CAAC;IACL,CAAC;IAEO,mBAAmB;QACvB,IAAI,IAAI,CAAC,OAAO,EAAE,WAAW,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC9E,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC;QAC7C,CAAC;IACL,CAAC;CACJ;AApJD,oCAoJC"}

package/dist/src/Guards/TokenGuard.d.ts

@@ -0,0 +1,17 @@
+import { Guard } from '../Guard';
+export declare class TokenGuard implements Guard {
+    private provider;
+    private storageKey;
+    private inputKey;
+    private request;
+    constructor(provider: any, request: any, inputKey?: string, storageKey?: string);
+    user(): Promise<any>;
+    check(): Promise<boolean>;
+    guest(): Promise<boolean>;
+    id(): Promise<string | number | null>;
+    validate(credentials: Record<string, any>): Promise<boolean>;
+    setUser(user: any): void;
+    setRequest(request: any): void;
+    protected getTokenForRequest(): string | null;
+}
+//# sourceMappingURL=TokenGuard.d.ts.map

package/dist/src/Guards/TokenGuard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenGuard.d.ts","sourceRoot":"","sources":["../../../src/Guards/TokenGuard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAEjC,qBAAa,UAAW,YAAW,KAAK;IACpC,OAAO,CAAC,QAAQ,CAAM;IACtB,OAAO,CAAC,UAAU,CAAuB;IACzC,OAAO,CAAC,QAAQ,CAAuB;IACvC,OAAO,CAAC,OAAO,CAAM;gBAET,QAAQ,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,GAAE,MAAoB,EAAE,UAAU,GAAE,MAAoB;IAO5F,IAAI;IASJ,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,KAAK,IAAI,OAAO,CAAC,OAAO,CAAC;IAIzB,EAAE,IAAI,OAAO,CAAC,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAKrC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAIlE,OAAO,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI;IAMxB,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,IAAI;IAIrC,SAAS,CAAC,kBAAkB,IAAI,MAAM,GAAG,IAAI;CAmBhD"}

package/dist/src/Guards/TokenGuard.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenGuard = void 0;
+class TokenGuard {
+    constructor(provider, request, inputKey = 'api_token', storageKey = 'api_token') {
+        this.storageKey = 'api_token';
+        this.inputKey = 'api_token';
+        this.provider = provider;
+        this.request = request;
+        this.inputKey = inputKey;
+        this.storageKey = storageKey;
+    }
+    async user() {
+        if (!this.request)
+            return null;
+        let token = this.getTokenForRequest();
+        if (!token)
+            return null;
+        return await this.provider.retrieveByCredentials({ [this.storageKey]: token });
+    }
+    async check() {
+        return !!(await this.user());
+    }
+    async guest() {
+        return !(await this.check());
+    }
+    async id() {
+        const user = await this.user();
+        return user ? user.id : null;
+    }
+    async validate(credentials) {
+        return !!(await this.provider.retrieveByCredentials(credentials));
+    }
+    setUser(user) {
+        if (this.request) {
+            this.request.user = user;
+        }
+    }
+    setRequest(request) {
+        this.request = request;
+    }
+    getTokenForRequest() {
+        // Simple implementation: check query param, input body, or Bearer token
+        if (this.request.query && this.request.query[this.inputKey]) {
+            return this.request.query[this.inputKey];
+        }
+        if (this.request.body && this.request.body[this.inputKey]) {
+            return this.request.body[this.inputKey];
+        }
+        if (this.request.headers && this.request.headers['authorization']) {
+            const authHeader = this.request.headers['authorization'];
+            if (authHeader.startsWith('Bearer ')) {
+                return authHeader.substring(7);
+            }
+        }
+        return null;
+    }
+}
+exports.TokenGuard = TokenGuard;
+//# sourceMappingURL=TokenGuard.js.map

package/dist/src/Guards/TokenGuard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TokenGuard.js","sourceRoot":"","sources":["../../../src/Guards/TokenGuard.ts"],"names":[],"mappings":";;;AAEA,MAAa,UAAU;IAMnB,YAAY,QAAa,EAAE,OAAY,EAAE,WAAmB,WAAW,EAAE,aAAqB,WAAW;QAJjG,eAAU,GAAW,WAAW,CAAC;QACjC,aAAQ,GAAW,WAAW,CAAC;QAInC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,IAAI;QACb,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE/B,IAAI,KAAK,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACtC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACnF,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,KAAK;QACd,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,EAAE;QACX,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACjC,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,WAAgC;QAClD,OAAO,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,QAAQ,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC,CAAC;IACtE,CAAC;IAEM,OAAO,CAAC,IAAS;QACpB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC;QAC7B,CAAC;IACL,CAAC;IAEM,UAAU,CAAC,OAAY;QAC1B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IAC3B,CAAC;IAES,kBAAkB;QACxB,wEAAwE;QACxE,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7C,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,EAAE,CAAC;YAChE,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;YACzD,IAAI,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACnC,OAAO,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC;QACL,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;CACJ;AApED,gCAoEC"}

package/dist/src/Hasher.d.ts

@@ -0,0 +1,15 @@
+export declare class Hasher {
+    /**
+     * Create a hash from a plain text value.
+     */
+    static make(value: string, rounds?: number): Promise<string>;
+    /**
+     * Check if a plain text value matches a hash.
+     */
+    static check(value: string, hash: string): Promise<boolean>;
+    /**
+     * Check if a hash needs to be rehashed.
+     */
+    static needsRehash(hash: string): boolean;
+}
+//# sourceMappingURL=Hasher.d.ts.map

package/dist/src/Hasher.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Hasher.d.ts","sourceRoot":"","sources":["../../src/Hasher.ts"],"names":[],"mappings":"AAEA,qBAAa,MAAM;IACf;;OAEG;WACiB,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,GAAE,MAAW,GAAG,OAAO,CAAC,MAAM,CAAC;IAI7E;;OAEG;WACiB,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIxE;;OAEG;WACW,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;CAGnD"}

package/dist/src/Hasher.js

@@ -0,0 +1,59 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Hasher = void 0;
+const bcrypt = __importStar(require("bcryptjs"));
+class Hasher {
+    /**
+     * Create a hash from a plain text value.
+     */
+    static async make(value, rounds = 10) {
+        return await bcrypt.hash(value, rounds);
+    }
+    /**
+     * Check if a plain text value matches a hash.
+     */
+    static async check(value, hash) {
+        return await bcrypt.compare(value, hash);
+    }
+    /**
+     * Check if a hash needs to be rehashed.
+     */
+    static needsRehash(hash) {
+        return false; // Implement proper check later
+    }
+}
+exports.Hasher = Hasher;
+//# sourceMappingURL=Hasher.js.map

package/dist/src/Hasher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Hasher.js","sourceRoot":"","sources":["../../src/Hasher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,iDAAmC;AAEnC,MAAa,MAAM;IACf;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,KAAa,EAAE,SAAiB,EAAE;QACvD,OAAO,MAAM,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,KAAa,EAAE,IAAY;QACjD,OAAO,MAAM,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,MAAM,CAAC,WAAW,CAAC,IAAY;QAClC,OAAO,KAAK,CAAC,CAAC,+BAA+B;IACjD,CAAC;CACJ;AArBD,wBAqBC"}

package/dist/src/Middleware/Authenticate.d.ts

@@ -0,0 +1,24 @@
+import { AuthManager } from '../AuthManager';
+export declare class Authenticate {
+    protected guards: string[];
+    private auth;
+    constructor(auth: AuthManager);
+    /**
+     * Set the guards that should be checked.
+     */
+    using(...guards: string[]): this;
+    /**
+     * Handle the incoming request.
+     * Creates a per-request AuthContext and binds it to req.auth
+     */
+    handle(request: any, next: (request: any) => Promise<any> | any, response?: any, ...guards: string[]): Promise<any>;
+    /**
+     * Handle an unauthenticated user.
+     */
+    protected unauthenticated(request: any, guards: string[], response?: any): any;
+    /**
+     * Get the path the user should be redirected to when they are not authenticated.
+     */
+    protected redirectTo(request: any): string | null;
+}
+//# sourceMappingURL=Authenticate.d.ts.map

package/dist/src/Middleware/Authenticate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Authenticate.d.ts","sourceRoot":"","sources":["../../../src/Middleware/Authenticate.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAE7C,qBAAa,YAAY;IACrB,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,CAAM;IAEhC,OAAO,CAAC,IAAI,CAAc;gBACd,IAAI,EAAE,WAAW;IAI7B;;OAEG;IACI,KAAK,CAAC,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI;IAKvC;;;OAGG;IACU,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,EAAE,GAAG,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IA4BhI;;OAEG;IACH,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,GAAG;IAa9E;;OAEG;IACH,SAAS,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI;CAGpD"}

package/dist/src/Middleware/Authenticate.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Authenticate = void 0;
+const AuthManager_1 = require("../AuthManager");
+class Authenticate {
+    constructor(auth) {
+        this.guards = [];
+        this.auth = auth instanceof AuthManager_1.AuthManager ? auth : auth.resolve(AuthManager_1.AuthManager);
+    }
+    /**
+     * Set the guards that should be checked.
+     */
+    using(...guards) {
+        this.guards = guards;
+        return this;
+    }
+    /**
+     * Handle the incoming request.
+     * Creates a per-request AuthContext and binds it to req.auth
+     */
+    async handle(request, next, response, ...guards) {
+        // 1. Create an isolated AuthContext for this request (binds to req.auth)
+        const context = this.auth.createContext(request);
+        // 2. Run the rest of the request within this context (for global facade support)
+        return await this.auth.runWithContext(context, async () => {
+            // 3. Determine guards to check
+            // Priority:
+            // 1. Guards passed via middleware string (e.g., 'auth:web,admin')
+            // 2. Guards set via .using() in code
+            // 3. Default guard from config
+            const guardsToCheck = guards.length > 0
+                ? guards
+                : (this.guards.length === 0 ? [this.auth.getDefaultGuard()] : this.guards);
+            // 4. Check each guard
+            for (const guard of guardsToCheck) {
+                if (await context.guard(guard).check()) {
+                    this.auth.shouldUse(guard);
+                    return next(request);
+                }
+            }
+            // 5. Fail if no guard authenticated
+            return this.unauthenticated(request, guardsToCheck, response);
+        });
+    }
+    /**
+     * Handle an unauthenticated user.
+     */
+    unauthenticated(request, guards, response) {
+        if (request && typeof request.expectsJson === 'function' && request.expectsJson()) {
+            return response.json({ message: 'Unauthenticated.' }, 401);
+        }
+        const redirectTo = this.redirectTo(request);
+        if (redirectTo && response) {
+            return response.redirect(redirectTo);
+        }
+        throw new Error('Unauthenticated.');
+    }
+    /**
+     * Get the path the user should be redirected to when they are not authenticated.
+     */
+    redirectTo(request) {
+        return '/auth/login';
+    }
+}
+exports.Authenticate = Authenticate;
+//# sourceMappingURL=Authenticate.js.map

package/dist/src/Middleware/Authenticate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Authenticate.js","sourceRoot":"","sources":["../../../src/Middleware/Authenticate.ts"],"names":[],"mappings":";;;AAAA,gDAA6C;AAE7C,MAAa,YAAY;IAIrB,YAAY,IAAiB;QAHnB,WAAM,GAAa,EAAE,CAAC;QAI5B,IAAI,CAAC,IAAI,GAAG,IAAI,YAAY,yBAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAE,IAAY,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;IACxF,CAAC;IAED;;OAEG;IACI,KAAK,CAAC,GAAG,MAAgB;QAC5B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,MAAM,CAAC,OAAY,EAAE,IAA0C,EAAE,QAAc,EAAE,GAAG,MAAgB;QAC7G,yEAAyE;QACzE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;QAEjD,iFAAiF;QACjF,OAAO,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,KAAK,IAAI,EAAE;YACtD,+BAA+B;YAC/B,YAAY;YACZ,kEAAkE;YAClE,qCAAqC;YACrC,+BAA+B;YAC/B,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC;gBACnC,CAAC,CAAC,MAAM;gBACR,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAE/E,sBAAsB;YACtB,KAAK,MAAM,KAAK,IAAI,aAAa,EAAE,CAAC;gBAChC,IAAI,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;oBACrC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;oBAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;gBACzB,CAAC;YACL,CAAC;YAED,oCAAoC;YACpC,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,aAAa,EAAE,QAAQ,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACO,eAAe,CAAC,OAAY,EAAE,MAAgB,EAAE,QAAc;QACpE,IAAI,OAAO,IAAI,OAAO,OAAO,CAAC,WAAW,KAAK,UAAU,IAAI,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;YAChF,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,UAAU,IAAI,QAAQ,EAAE,CAAC;YACzB,OAAO,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;IACxC,CAAC;IAED;;OAEG;IACO,UAAU,CAAC,OAAY;QAC7B,OAAO,aAAa,CAAC;IACzB,CAAC;CACJ;AAtED,oCAsEC"}

package/dist/src/Middleware/EnsureEmailIsVerified.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Middleware that ensures the authenticated user has verified their email.
+ * Use as: .middleware(['verified'])
+ */
+export declare class EnsureEmailIsVerified {
+    handle(request: any, next: (req: any) => Promise<any> | any, response?: any): Promise<any>;
+}
+//# sourceMappingURL=EnsureEmailIsVerified.d.ts.map

package/dist/src/Middleware/EnsureEmailIsVerified.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"EnsureEmailIsVerified.d.ts","sourceRoot":"","sources":["../../../src/Middleware/EnsureEmailIsVerified.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,qBAAa,qBAAqB;IACjB,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;CAmB1G"}