@arkstack/auth 0.12.18 → 0.12.20

package/dist/index.d.ts

@@ -3,6 +3,7 @@ import { Exception } from "@arkstack/common";
 import { Request, RequestSource, Response, ResponseSource, Session } from "@arkstack/http";
 import * as _$otpauth from "otpauth";
 import { Model } from "@arkstack/database";
+import { User as User$1 } from "@app/models/User";
 
 //#region src/Contracts/PersonalAccessToken.d.ts
 declare abstract class PersonalAccessToken extends Model {
@@ -40,17 +41,6 @@ declare class AuthSession extends Session {
   token(): Promise<PersonalAccessToken | null>;
 }
 //#endregion
-//#region src/Contracts/User.d.ts
-declare abstract class User extends Model {
-  [key: string]: any;
-  email: string;
-  name: string;
-  password: string;
-  createdAt: Date;
-  updatedAt: Date;
-  protected static table?: string | undefined;
-}
-//#endregion
 //#region src/Contracts/AuthContract.d.ts
 /**
  * The Auth class provides methods for user authentication, including verifying
@@ -65,20 +55,20 @@ declare abstract class AuthContract {
    * @param req   The HTTP request instance to be set.
    * @returns     The Auth instance itself for method chaining.
    */
-  abstract setRequest(req: Request<User> | RequestSource<User>): this;
+  abstract setRequest(req: Request<User$1> | RequestSource<User$1>): this;
   /**
    * Get the current HTTP request instance being processed, which may contain
    * user information and other request-specific data relevant to authentication operations.
    *
    * @returns The current HTTP request instance or undefined if not set.
    */
-  abstract getRequest(): Request<User> | undefined;
+  abstract getRequest(): Request<User$1> | undefined;
   /**
    * Get the currently authenticated user
    *
    * @returns The currently authenticated user or null if not authenticated.
    */
-  abstract user(): User | null;
+  abstract user(): User$1 | null;
   /**
    * Verify user credentials
    *
@@ -94,7 +84,7 @@ declare abstract class AuthContract {
    * @param password
    * @returns
    */
-  abstract attempt(email: string, password: string): Promise<User>;
+  abstract attempt(email: string, password: string): Promise<User$1>;
   /**
    * Login a user and create a personal access token
    *
@@ -112,7 +102,7 @@ declare abstract class AuthContract {
    * @param expiresIn
    * @returns
    */
-  abstract createTemporaryToken(user: User, purpose: string, expiresIn?: string): Promise<string>;
+  abstract createTemporaryToken(user: User$1, purpose: string, expiresIn?: string): Promise<string>;
   /**
    * Authorize a temporary token and return the associated user if the token is
    * valid and matches the expected purpose.
@@ -121,7 +111,7 @@ declare abstract class AuthContract {
    * @param purpose
    * @returns
    */
-  abstract authorizeTemporaryToken(token: string, purpose: string): Promise<User>;
+  abstract authorizeTemporaryToken(token: string, purpose: string): Promise<User$1>;
   /**
    * Logout the currently authenticated user and delete all their personal access tokens
    *
@@ -147,14 +137,14 @@ declare abstract class AuthContract {
    * @param user
    * @returns
    */
-  abstract create(user: User): Promise<PersonalAccessToken>;
+  abstract create(user: User$1): Promise<PersonalAccessToken>;
   /**
    * Authorize a token and return the associated user
    *
    * @param token
    * @returns
    */
-  abstract authorizeToken(token: string): Promise<User>;
+  abstract authorizeToken(token: string): Promise<User$1>;
 }
 //#endregion
 //#region src/Auth.d.ts
@@ -166,9 +156,9 @@ declare abstract class AuthContract {
  */
 declare class Auth extends AuthContract {
   #private;
-  protected static req?: Request<User>;
+  protected static req?: Request<User$1>;
   private configuredSecret?;
-  constructor(secret?: string, req?: Request<User> | RequestSource<User>);
+  constructor(secret?: string, req?: Request<User$1> | RequestSource<User$1>);
   /**
    * Create a new instance of the Auth class with an optional secret for JWT
    * signing and verification.
@@ -183,27 +173,27 @@ declare class Auth extends AuthContract {
    * @param req   The HTTP request instance to be set.
    * @returns     The Auth class itself for method chaining.
    */
-  static setRequest(req: Request<User> | RequestSource<User>): typeof Auth;
+  static setRequest(req: Request<User$1> | RequestSource<User$1>): typeof Auth;
   /**
    * Set the current HTTP request instance being processed.
    *
    * @param req   The HTTP request instance to be set.
    * @returns     The Auth instance itself for method chaining.
    */
-  setRequest(req: Request<User> | RequestSource<User>): this;
+  setRequest(req: Request<User$1> | RequestSource<User$1>): this;
   /**
    * Get the current HTTP request instance being processed, which may contain
    * user information and other request-specific data relevant to authentication operations.
    *
    * @returns The current HTTP request instance or undefined if not set.
    */
-  getRequest(): Request<User> | undefined;
+  getRequest(): Request<User$1> | undefined;
   /**
    * Get the currently authenticated user
    *
    * @returns The currently authenticated user or null if not authenticated.
    */
-  user(): User | null;
+  user(): User$1 | null;
   /**
    * Verify user credentials
    *
@@ -219,7 +209,7 @@ declare class Auth extends AuthContract {
    * @param password
    * @returns
    */
-  attempt(email: string, password: string): Promise<User>;
+  attempt(email: string, password: string): Promise<User$1>;
   /**
    * Login a user and create a personal access token
    *
@@ -237,7 +227,7 @@ declare class Auth extends AuthContract {
    * @param expiresIn
    * @returns
    */
-  createTemporaryToken(user: User, purpose: string, expiresIn?: string): Promise<string>;
+  createTemporaryToken(user: User$1, purpose: string, expiresIn?: string): Promise<string>;
   /**
    * Authorize a temporary token and return the associated user if the token is
    * valid and matches the expected purpose.
@@ -246,7 +236,7 @@ declare class Auth extends AuthContract {
    * @param purpose
    * @returns
    */
-  authorizeTemporaryToken(token: string, purpose: string): Promise<User>;
+  authorizeTemporaryToken(token: string, purpose: string): Promise<User$1>;
   /**
    * Logout the currently authenticated user and delete all their personal access tokens
    *
@@ -272,7 +262,7 @@ declare class Auth extends AuthContract {
    * @param user
    * @returns
    */
-  create(user: User): Promise<PersonalAccessToken>;
+  create(user: User$1): Promise<PersonalAccessToken>;
   /**
    * Create or replace the personal access token for the same user and device
    * while keeping a single active session record for that device.
@@ -288,7 +278,7 @@ declare class Auth extends AuthContract {
    * @param token
    * @returns
    */
-  authorizeToken(token: string): Promise<User>;
+  authorizeToken(token: string): Promise<User$1>;
   /**
    * Create a JWT token
    *
@@ -304,6 +294,7 @@ declare class Auth extends AuthContract {
    */
   private verifyJWT;
   private getSecret;
+  private setAuthenticated;
   /**
    * Update the last used timestamp and device information of a personal
    * access token to keep the session active and reflect the latest device details.
@@ -467,7 +458,7 @@ declare class TwoFactor {
    * @param user
    * @returns
    */
-  static getLabel(user: User): string;
+  static getLabel(user: User$1): string;
   /**
    * Create the per-user TOTP instance for setup and verification.
    *
@@ -475,7 +466,7 @@ declare class TwoFactor {
    * @param secret
    * @returns
    */
-  static getTotp(user: User, secret: string): _$otpauth.TOTP;
+  static getTotp(user: User$1, secret: string): _$otpauth.TOTP;
   /**
    * Generate a new shared secret for authenticator-based 2FA.
    *
@@ -489,7 +480,7 @@ declare class TwoFactor {
    * @param secret Optional existing secret to use for the setup.
    * @returns An object containing the secret and the OTPAuth URL.
    */
-  static createSetup(user: User, secret?: string): TwoFactorSetup;
+  static createSetup(user: User$1, secret?: string): TwoFactorSetup;
   /**
    * Verify a 6-digit authenticator code for a user.
    *
@@ -498,44 +489,44 @@ declare class TwoFactor {
    * @param code The 6-digit code to verify.
    * @returns  True if the code is valid, false otherwise.
    */
-  static verifyCode(user: User, secret: string, code: string): boolean;
-  static getMethod(userId: User['id']): Promise<TwoFactorMethod | null>;
-  static setMethod(userId: User['id'], method: TwoFactorMethod): Promise<void>;
+  static verifyCode(user: User$1, secret: string, code: string): boolean;
+  static getMethod(userId: User$1['id']): Promise<TwoFactorMethod | null>;
+  static setMethod(userId: User$1['id'], method: TwoFactorMethod): Promise<void>;
   /**
    * Read the setup secret stored for a user.
    *
    * @param userId The ID of the user.
    * @returns The stored secret, or null if not found.
    */
-  static getSecret(userId: User['id']): Promise<string | null>;
+  static getSecret(userId: User$1['id']): Promise<string | null>;
   /**
    * Store the setup secret for a user.
    *
    * @param userId The ID of the user.
    * @param secret The secret to store.
    */
-  static setSecret(userId: User['id'], secret: string): Promise<void>;
-  static clearSecret(userId: User['id']): Promise<void>;
+  static setSecret(userId: User$1['id'], secret: string): Promise<void>;
+  static clearSecret(userId: User$1['id']): Promise<void>;
   /**
    * Read the timestamp indicating whether 2FA is enabled.
    *
    * @param userId The ID of the user.
    * @returns The timestamp when 2FA was enabled, or null if not enabled.
    */
-  static getEnabledAt(userId: User['id']): Promise<string | null>;
+  static getEnabledAt(userId: User$1['id']): Promise<string | null>;
   /**
    * Persist the timestamp marking 2FA as enabled.
    *
    * @param userId The ID of the user.
    * @param enabledAt The timestamp to store.
    */
-  static setEnabledAt(userId: User['id'], enabledAt?: string | Date): Promise<void>;
+  static setEnabledAt(userId: User$1['id'], enabledAt?: string | Date): Promise<void>;
   /**
    * Remove all persisted 2FA state for a user.
    *
    * @param userId The ID of the user.
    */
-  static clear(userId: User['id']): Promise<void>;
+  static clear(userId: User$1['id']): Promise<void>;
   /**
    * Generate one-time recovery codes shown when 2FA is enabled.
    *
@@ -555,14 +546,14 @@ declare class TwoFactor {
    * @param userId The ID of the user.
    * @returns An array of recovery-code hashes.
    */
-  static readRecoveryCodeHashes(userId: User['id']): Promise<string[]>;
+  static readRecoveryCodeHashes(userId: User$1['id']): Promise<string[]>;
   /**
    * Persist recovery-code hashes on the user's dedicated 2FA record.
    *
    * @param userId
    * @param hashes
    */
-  static writeRecoveryCodeHashes(userId: User['id'], hashes: string[]): Promise<void>;
+  static writeRecoveryCodeHashes(userId: User$1['id'], hashes: string[]): Promise<void>;
   /**
    * Consume a valid recovery code and invalidate it immediately.
    *
@@ -570,14 +561,14 @@ declare class TwoFactor {
    * @param recoveryCode The recovery code to consume.
    * @returns True if the recovery code was valid and consumed, false otherwise.
    */
-  static consumeRecoveryCode(userId: User['id'], recoveryCode: string): Promise<boolean>;
+  static consumeRecoveryCode(userId: User$1['id'], recoveryCode: string): Promise<boolean>;
   /**
    * Return the public 2FA status payload for a user.
    *
    * @param userId The ID of the user.
    * @returns An object containing the 2FA status and recovery codes remaining.
    */
-  static readStatus(userId: User['id']): Promise<TwoFactorStatus>;
+  static readStatus(userId: User$1['id']): Promise<TwoFactorStatus>;
   static createSmsCode(): string;
   /**
    * Issue a new SMS code for the given user and send it via SMS for the specified purpose.
@@ -585,8 +576,8 @@ declare class TwoFactor {
    * @param user
    * @param purpose
    */
-  static issueSmsCode(user: User, purpose: SmsCodePurpose): Promise<IssuedSmsCode>;
-  static clearSmsCode(userId: User['id']): Promise<void>;
+  static issueSmsCode(user: User$1, purpose: SmsCodePurpose): Promise<IssuedSmsCode>;
+  static clearSmsCode(userId: User$1['id']): Promise<void>;
   /**
    * Verify a submitted SMS code for a user and purpose, consuming the code if valid.
    *
@@ -595,13 +586,24 @@ declare class TwoFactor {
    * @param purpose
    * @returns
    */
-  static verifySmsCode(userId: User['id'], code: string, purpose: SmsCodePurpose): Promise<boolean>;
+  static verifySmsCode(userId: User$1['id'], code: string, purpose: SmsCodePurpose): Promise<boolean>;
+}
+//#endregion
+//#region src/Contracts/User.d.ts
+declare abstract class User extends Model {
+  [key: string]: any;
+  email: string;
+  name: string;
+  password: string;
+  createdAt: Date;
+  updatedAt: Date;
+  protected static table?: string | undefined;
 }
 //#endregion
 //#region src/Contracts/UserTwoFactor.d.ts
 declare abstract class UserTwoFactor extends Model {
   [key: string]: any;
-  userId: User['id'];
+  userId: User$1['id'];
   method: TwoFactorMethod | null;
   secretCiphertext: string | null;
   smsCodeHash: string | null;

package/dist/index.js

@@ -356,8 +356,7 @@ var Auth = class Auth extends AuthContract {
 			status: 422,
 			errors: { password: ["Invalid password"] }
 		});
-		Auth.req?.setUser(user);
-		this.#user = user;
+		this.setAuthenticated(user);
 		return user;
 	}
 	/**
@@ -406,8 +405,7 @@ var Auth = class Auth extends AuthContract {
 			req: Auth.req,
 			status: 401
 		});
-		Auth.req?.setUser(user);
-		this.#user = user;
+		this.setAuthenticated(user, token);
 		return user;
 	}
 	/**
@@ -422,6 +420,7 @@ var Auth = class Auth extends AuthContract {
 		else await token.delete();
 		else await (await getModel("PersonalAccessToken")).query().where({ userId: this.#user.id }).delete();
 		this.#user = null;
+		if (Auth.req?.auth === this) Auth.req.clearAuthentication();
 	}
 	/**
 	* Check if the user is authenticated
@@ -450,11 +449,11 @@ var Auth = class Auth extends AuthContract {
 			sub: user.id.toString(),
 			email: user.email
 		};
-		Auth.req?.setUser(user);
 		const token = await this.createJWT(payload);
 		const deviceInfo = SessionDevice.fromRequest(Auth.req);
 		const pat = await this.upsertDeviceToken(user, token, deviceInfo);
 		pat.setLoadedRelation("user", user);
+		this.setAuthenticated(user, token);
 		return pat;
 	}
 	/**
@@ -514,11 +513,10 @@ var Auth = class Auth extends AuthContract {
 			req: Auth.req,
 			status: 401
 		});
-		Auth.req?.setUser(user);
 		this.touchSession(pat).catch((error) => {
 			if (env("NODE_ENV") === "development") console.error("Failed to update session activity", error);
 		});
-		this.#user = user;
+		this.setAuthenticated(user, token);
 		return user;
 	}
 	/**
@@ -547,6 +545,10 @@ var Auth = class Auth extends AuthContract {
 	getSecret() {
 		return this.configuredSecret ?? env("JWT_SECRET", "default_secret");
 	}
+	setAuthenticated(user, token) {
+		this.#user = user;
+		Auth.req?.setAuthentication(this, user, token);
+	}
 	/**
 	* Update the last used timestamp and device information of a personal 
 	* access token to keep the session active and reflect the latest device details.

package/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@arkstack/auth",
-  "version": "0.12.18",
+  "version": "0.12.20",
   "type": "module",
   "description": "Authentication module for Arkstack, providing core authentication and identity features.",
   "homepage": "https://arkstack.toneflix.net/guide/auth",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/arkstack-tmp/arkstack.git",
+    "url": "git+https://github.com/arkstack-hq/arkstack.git",
     "directory": "packages/auth"
   },
   "keywords": [
@@ -38,12 +38,12 @@
     "jose": "^6.2.3",
     "otpauth": "^9.5.1",
     "ua-parser-js": "^2.0.9",
-    "@arkstack/common": "^0.12.18",
-    "@arkstack/http": "^0.12.18"
+    "@arkstack/common": "^0.12.20",
+    "@arkstack/http": "^0.12.20"
   },
   "peerDependencies": {
     "@h3ravel/support": "^0.15.11",
-    "@arkstack/database": "^0.12.18"
+    "@arkstack/database": "^0.12.20"
   },
   "scripts": {
     "build": "tsdown --config-loader unrun",