npm - @arkstack/auth - Versions diffs - 0.3.15 - Mend

@arkstack/auth 0.3.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Toneflix Technologies Limited
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,26 @@
+# @arkstack/auth
+Authentication package for Arkstack applications.
+`@arkstack/auth` provides the framework-neutral auth service used by Arkstack runtime drivers. It supports credential verification, JWT-backed personal access tokens, temporary purpose-bound tokens, current-session lookup, and auth-specific exceptions.
+## Usage
+```ts
+import { Auth } from '@arkstack/auth';
+const auth = Auth.make();
+const token = await auth.login(email, password);
+const user = await auth.authorizeToken(token.token);
+```
+Auth resolves your app's `User` and `PersonalAccessToken` models with `getModel()` from `@arkstack/common`.
+Driver middleware lives in the runtime packages:
+```ts
+import { auth } from '@arkstack/driver-express/middlewares';
+import { auth as h3Auth } from '@arkstack/driver-h3/middlewares';
+```
+See the documentation Authentication guide for the full setup.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,135 @@
+import { Exception } from "@arkstack/common";
+import { Request, RequestSource, Response, ResponseSource } from "@arkstack/http";
+import { Model } from "arkormx";
+//#region src/Contracts/PersonalAccessToken.d.ts
+declare abstract class PersonalAccessToken extends Model {
+  id: number;
+  name: string;
+  token: string;
+  abilities: string[];
+  userId: number;
+  createdAt: Date;
+  expiresAt: Date | null;
+  lastUsedAt: Date | null;
+  deviceInfo: Record<string, unknown> | null;
+}
+//#endregion
+//#region src/CurrentSession.d.ts
+declare class CurrentSession {
+  private auth;
+  constructor(auth: AuthContract);
+  destroy(): Promise<void>;
+  token(): Promise<PersonalAccessToken | null>;
+}
+//#endregion
+//#region src/Contracts/User.d.ts
+declare abstract class User extends Model {
+  id: number;
+  name: string;
+  email: string;
+  password: string;
+  protected static table?: string | undefined;
+}
+//#endregion
+//#region src/Contracts/AuthContract.d.ts
+declare abstract class AuthContract {
+  abstract setRequest(req: Request<User> | RequestSource<User>): this;
+  abstract getRequest(): Request<User> | undefined;
+  abstract user(): User | null;
+  abstract verify(email: string, password: string): Promise<boolean>;
+  abstract attempt(email: string, password: string): Promise<User>;
+  abstract login(email: string, password: string): Promise<PersonalAccessToken>;
+  abstract createTemporaryToken(user: User, purpose: string, expiresIn?: string): Promise<string>;
+  abstract authorizeTemporaryToken(token: string, purpose: string): Promise<User>;
+  abstract logout(token?: string | PersonalAccessToken): Promise<void>;
+  abstract check(): Promise<boolean>;
+  abstract currentSession(): CurrentSession;
+  abstract create(user: User): Promise<PersonalAccessToken>;
+  abstract authorizeToken(token: string): Promise<User>;
+}
+//#endregion
+//#region src/Auth.d.ts
+declare class Auth extends AuthContract {
+  #private;
+  protected static req?: Request<User>;
+  private configuredSecret?;
+  constructor(secret?: string, req?: Request<User> | RequestSource<User>);
+  static make(secret?: string): Auth;
+  static setRequest(req: Request<User> | RequestSource<User>): typeof Auth;
+  setRequest(req: Request<User> | RequestSource<User>): this;
+  getRequest(): Request<User> | undefined;
+  user(): User | null;
+  verify(email: string, password: string): Promise<boolean>;
+  attempt(email: string, password: string): Promise<User>;
+  login(email: string, password: string): Promise<PersonalAccessToken>;
+  createTemporaryToken(user: User, purpose: string, expiresIn?: string): Promise<string>;
+  authorizeTemporaryToken(token: string, purpose: string): Promise<User>;
+  logout(token?: string | PersonalAccessToken): Promise<void>;
+  check(): Promise<boolean>;
+  currentSession(): CurrentSession;
+  create(user: User): Promise<PersonalAccessToken>;
+  private upsertDeviceToken;
+  authorizeToken(token: string): Promise<User>;
+  private createJWT;
+  private verifyJWT;
+  private getSecret;
+  private touchSession;
+}
+//#endregion
+//#region src/types/Session.d.ts
+interface SessionDeviceInfo extends Record<string, unknown> {
+  browser: string | null;
+  os: string | null;
+  osVersion: string | null;
+  deviceType: 'mobile' | 'tablet' | 'desktop' | 'bot' | 'unknown';
+  deviceName: string | null;
+  manufacturer: string | null;
+  model: string | null;
+  platform: string | null;
+  ipAddress: string | null;
+  userAgent: string | null;
+}
+type AuthAgentPayload = {
+  deviceName?: string;
+  manufacturer?: string;
+  model?: string;
+  platform?: string;
+  os?: string;
+  osVersion?: string;
+  deviceType?: SessionDeviceInfo['deviceType'];
+};
+//#endregion
+//#region src/SessionDevice.d.ts
+declare class SessionDevice {
+  private static readonly uniqueIdentityFields;
+  static fromRequest(req?: Request): SessionDeviceInfo;
+  static getDisplayName(deviceInfo?: Record<string, unknown> | null): string;
+  static getUniqueKey(deviceInfo?: Record<string, unknown> | null): string | null;
+  static matches(left?: Record<string, unknown> | null, right?: Record<string, unknown> | null): boolean;
+  private static readUserAgent;
+  private static readString;
+  private static readAuthAgent;
+  private static normalizeDeviceType;
+  private static detectIpAddress;
+  private static detectBrowser;
+  private static detectOs;
+  private static detectDeviceType;
+}
+//#endregion
+//#region src/Exceptions/AuthenticationException.d.ts
+declare class AuthenticationException extends Exception {
+  #private;
+  statusCode: number;
+  name: string;
+  constructor(message?: string, ctx?: {
+    req?: Request | RequestSource;
+    res?: Response | ResponseSource;
+    status?: number;
+    errors?: Record<string, any>;
+  });
+  errors(): Record<string, any> | undefined;
+}
+//#endregion
+export { Auth, AuthAgentPayload, AuthContract, AuthenticationException, CurrentSession, PersonalAccessToken, SessionDevice, SessionDeviceInfo, User };
+//# sourceMappingURL=index.d.ts.map

package/dist/index.js ADDED Viewed

@@ -0,0 +1,594 @@
+import { Exception, Hash, env, getModel } from "@arkstack/common";
+import { SignJWT, jwtVerify } from "jose";
+import { Request, Response } from "@arkstack/http";
+import { UAParser } from "ua-parser-js";
+import { Model } from "arkormx";
+//#region src/Contracts/AuthContract.ts
+/**
+* The Auth class provides methods for user authentication, including verifying
+* credentials, logging in, logging out, and managing personal access tokens.
+*
+* @author Legacy (3m1n3nc3)
+*/
+var AuthContract = class {};
+//#endregion
+//#region src/Exceptions/AuthenticationException.ts
+var AuthenticationException = class extends Exception {
+	#errors;
+	#request;
+	#response;
+	statusCode = 401;
+	name;
+	constructor(message = "Authentication failed", ctx) {
+		super(message);
+		this.name = "AuthenticationException";
+		this.statusCode = ctx?.status ?? 401;
+		if (ctx) {
+			this.#request = Request.from(ctx.req);
+			this.#response = Response.from(ctx.res);
+			this.#errors = ctx.errors;
+		}
+		this.#response;
+		this.#request;
+	}
+	errors() {
+		return this.#errors;
+	}
+};
+//#endregion
+//#region src/CurrentSession.ts
+/**
+* The CurrentSession class represents the current authentication session and provides
+* methods to manage it, such as destroying the session (logging out) and retrieving
+* the current personal access token. It is used internally by the Auth class to
+* handle session-specific operations.
+*
+* @author Legacy (3m1n3nc3)
+* @since 1.0.0
+* @version 1.0.0
+* @see Auth
+*/
+var CurrentSession = class {
+	constructor(auth) {
+		this.auth = auth;
+	}
+	/**
+	* Destroy the current session's personal access token, effectively
+	* logging out the user from this session.
+	*/
+	async destroy() {
+		const pat = await this.token();
+		if (pat) await this.auth.logout(pat);
+	}
+	/**
+	* Get the current session's personal access token
+	*
+	* @returns
+	*/
+	async token() {
+		if (!this.auth.getRequest()) return null;
+		const token = this.auth.getRequest().bearerToken();
+		if (!token) return null;
+		return await (await getModel("PersonalAccessToken")).query().where({ token }).first();
+	}
+};
+//#endregion
+//#region src/SessionDevice.ts
+var SessionDevice = class {
+	static uniqueIdentityFields = [
+		"deviceName",
+		"manufacturer",
+		"model",
+		"platform",
+		"os",
+		"osVersion",
+		"browser",
+		"deviceType"
+	];
+	/**
+	* Extracts device information from the incoming request to build a SessionDeviceInfo object.
+	*
+	* @param req The incoming HTTP request object.
+	* @returns A SessionDeviceInfo object containing information about the client's device.
+	*/
+	static fromRequest(req) {
+		const userAgent = this.readUserAgent(req);
+		const ua = new UAParser(userAgent ?? void 0).getResult();
+		const ca = this.readAuthAgent(req);
+		return {
+			browser: this.readString(ua.browser.name) ?? this.detectBrowser(userAgent),
+			os: ca?.os ?? this.readString(ua.os.name) ?? this.detectOs(userAgent),
+			osVersion: ca?.osVersion ?? this.readString(ua.os.version),
+			deviceType: ca?.deviceType ?? this.normalizeDeviceType(ua.device.type) ?? this.detectDeviceType(userAgent),
+			deviceName: ca?.deviceName ?? null,
+			manufacturer: ca?.manufacturer ?? this.readString(ua.device.vendor),
+			model: ca?.model ?? this.readString(ua.device.model),
+			platform: ca?.platform ?? null,
+			ipAddress: this.detectIpAddress(req),
+			userAgent
+		};
+	}
+	/**
+	* Generates a human-readable display name for the device based on available information.
+	*
+	* @param deviceInfo A record containing device information.
+	* @returns A string representing the display name of the device.
+	*/
+	static getDisplayName(deviceInfo) {
+		const deviceName = this.readString(deviceInfo?.deviceName);
+		const manufacturer = this.readString(deviceInfo?.manufacturer);
+		const model = this.readString(deviceInfo?.model);
+		const browser = this.readString(deviceInfo?.browser);
+		const os = this.readString(deviceInfo?.os);
+		const deviceType = this.readString(deviceInfo?.deviceType);
+		if (manufacturer && model) return model.startsWith(manufacturer) ? model : `${manufacturer} ${model}`;
+		if (model) return model;
+		if (deviceName) return deviceName;
+		if (browser && os) return `${browser} on ${os}`;
+		if (os && deviceType && deviceType !== "unknown") return `${os} ${deviceType}`;
+		if (browser) return browser;
+		return "Unknown device";
+	}
+	/**
+	* Builds a stable device key for matching previously issued sessions to the
+	* current request device.
+	*
+	* @param deviceInfo A record containing device information.
+	* @returns A normalized device key or null when there is not enough signal.
+	*/
+	static getUniqueKey(deviceInfo) {
+		const parts = this.uniqueIdentityFields.map((field) => [field, this.readString(deviceInfo?.[field])?.toLowerCase()]).filter(([, value]) => !!value);
+		if (parts.length < 2) return this.readString(deviceInfo?.userAgent)?.toLowerCase() ?? null;
+		return parts.map(([field, value]) => `${field}:${value}`).join("|");
+	}
+	/**
+	* Determines whether two device payloads represent the same device.
+	*
+	* @param left The first device payload.
+	* @param right The second device payload.
+	* @returns True when both payloads resolve to the same device key.
+	*/
+	static matches(left, right) {
+		const leftKey = this.getUniqueKey(left);
+		const rightKey = this.getUniqueKey(right);
+		if (!leftKey || !rightKey) return false;
+		return leftKey === rightKey;
+	}
+	/**
+	* Safely reads the user agent string from the request headers.
+	*
+	* @param req
+	* @returns
+	*/
+	static readUserAgent(req) {
+		const userAgent = req?.header("user-agent");
+		return typeof userAgent === "string" ? userAgent : null;
+	}
+	/**
+	* Safely reads a string value, ensuring it's a non-empty string or returns null.
+	*
+	* @param value
+	* @returns
+	*/
+	static readString(value) {
+		return typeof value === "string" && value.length > 0 ? value : null;
+	}
+	/**
+	* Reads a specific device-related header from the request
+	*
+	* @param req
+	* @param headerName
+	* @returns
+	*/
+	static readAuthAgent(req) {
+		const value = req?.header("x-auth-agent");
+		if (typeof value !== "string" || value.length < 1) return null;
+		try {
+			const parsed = JSON.parse(value);
+			return {
+				deviceName: this.readString(parsed.deviceName) ?? void 0,
+				manufacturer: this.readString(parsed.manufacturer) ?? void 0,
+				model: this.readString(parsed.model) ?? void 0,
+				platform: this.readString(parsed.platform) ?? void 0,
+				os: this.readString(parsed.os) ?? void 0,
+				osVersion: this.readString(parsed.osVersion) ?? void 0,
+				deviceType: this.normalizeDeviceType(parsed.deviceType) ?? void 0
+			};
+		} catch {
+			return null;
+		}
+	}
+	static normalizeDeviceType(value) {
+		if (value === "mobile" || value === "tablet" || value === "desktop" || value === "bot" || value === "unknown") return value;
+		return null;
+	}
+	/**
+	* Detects the client's IP address from the request, considering common headers set by proxies.
+	*
+	* @param req
+	* @returns
+	*/
+	static detectIpAddress(req) {
+		const forwarded = req?.header("x-forwarded-for");
+		if (typeof forwarded === "string" && forwarded.length > 0) return forwarded.split(",")[0].trim();
+		return req?.ip ?? null;
+	}
+	/**
+	* Detects the browser from the user agent string.
+	*
+	* @param userAgent
+	* @returns
+	*/
+	static detectBrowser(userAgent) {
+		if (!userAgent) return null;
+		if (/Edg\//i.test(userAgent)) return "Edge";
+		if (/OPR\//i.test(userAgent)) return "Opera";
+		if (/SamsungBrowser\//i.test(userAgent)) return "Samsung Internet";
+		if (/Chrome\//i.test(userAgent) && !/Edg\//i.test(userAgent)) return "Chrome";
+		if (/Firefox\//i.test(userAgent)) return "Firefox";
+		if (/Safari\//i.test(userAgent) && !/Chrome\//i.test(userAgent)) return "Safari";
+		if (/PostmanRuntime\//i.test(userAgent)) return "Postman";
+		if (/okhttp\//i.test(userAgent)) return "OkHttp";
+		if (/curl\//i.test(userAgent)) return "cURL";
+		return null;
+	}
+	/**
+	* Detects the operating system from the user agent string.
+	*
+	* @param userAgent
+	* @returns
+	*/
+	static detectOs(userAgent) {
+		if (!userAgent) return null;
+		if (/iPhone|iPad|iPod/i.test(userAgent)) return "iOS";
+		if (/Android/i.test(userAgent)) return "Android";
+		if (/Mac OS X|Macintosh/i.test(userAgent)) return "macOS";
+		if (/Windows NT/i.test(userAgent)) return "Windows";
+		if (/Linux/i.test(userAgent)) return "Linux";
+		return null;
+	}
+	/**
+	* Detects the device type from the user agent string.
+	*
+	* @param userAgent
+	* @returns
+	*/
+	static detectDeviceType(userAgent) {
+		if (!userAgent) return "unknown";
+		if (/bot|spider|crawl/i.test(userAgent)) return "bot";
+		if (/iPad|Tablet/i.test(userAgent)) return "tablet";
+		if (/Mobile|iPhone|Android/i.test(userAgent)) return "mobile";
+		return "desktop";
+	}
+};
+//#endregion
+//#region src/Auth.ts
+/**
+* The Auth class provides methods for user authentication, including verifying
+* credentials, logging in, logging out, and managing personal access tokens.
+*
+* @author Legacy (3m1n3nc3)
+*/
+var Auth = class Auth extends AuthContract {
+	static req;
+	configuredSecret;
+	#user = null;
+	constructor(secret, req) {
+		super();
+		Auth.req = Request.from(req);
+		this.configuredSecret = secret;
+	}
+	/**
+	* Create a new instance of the Auth class with an optional secret for JWT
+	* signing and verification.
+	*
+	* @param secret    The secret key used for signing and verifying JWTs.
+	* @returns         A new instance of the Auth class.
+	*/
+	static make(secret) {
+		return new Auth(secret);
+	}
+	/**
+	* Set the current HTTP request instance being processed.
+	*
+	* @param req   The HTTP request instance to be set.
+	* @returns     The Auth class itself for method chaining.
+	*/
+	static setRequest(req) {
+		this.req = Request.from(req);
+		return this;
+	}
+	/**
+	* Set the current HTTP request instance being processed.
+	*
+	* @param req   The HTTP request instance to be set.
+	* @returns     The Auth instance itself for method chaining.
+	*/
+	setRequest(req) {
+		Auth.req ??= Request.from(req);
+		return this;
+	}
+	/**
+	* Get the current HTTP request instance being processed, which may contain
+	* user information and other request-specific data relevant to authentication operations.
+	*
+	* @returns The current HTTP request instance or undefined if not set.
+	*/
+	getRequest() {
+		return Auth.req;
+	}
+	/**
+	* Get the currently authenticated user
+	*
+	* @returns The currently authenticated user or null if not authenticated.
+	*/
+	user() {
+		return this.#user;
+	}
+	/**
+	* Verify user credentials
+	*
+	* @param email     The email address of the user.
+	* @param password  The password of the user.
+	* @returns         A boolean indicating whether the credentials are valid.
+	*/
+	async verify(email, password) {
+		const user = await (await getModel("User")).query().where({ email }).first();
+		return !!user && await Hash.verify(password, user.password);
+	}
+	/**
+	* Attempt to authenticate a user with the given email and password.
+	*
+	* @param email
+	* @param password
+	* @returns
+	*/
+	async attempt(email, password) {
+		const user = await (await getModel("User")).query().where({ email }).first();
+		if (!user) throw new AuthenticationException("User account not found", {
+			req: Auth.req,
+			status: 422,
+			errors: { email: ["No account found for this email address"] }
+		});
+		if (!await Hash.verify(password, user.password)) throw new AuthenticationException("Invalid credentials", {
+			req: Auth.req,
+			status: 422,
+			errors: { password: ["Invalid password"] }
+		});
+		Auth.req?.setUser(user);
+		this.#user = user;
+		return user;
+	}
+	/**
+	* Login a user and create a personal access token
+	*
+	* @param email
+	* @param password
+	* @returns
+	*/
+	async login(email, password) {
+		const user = await this.attempt(email, password);
+		return await this.create(user);
+	}
+	/**
+	* Create a temporary token for a user with a specific purpose, such as
+	* two-factor authentication.
+	*
+	* @param user
+	* @param purpose
+	* @param expiresIn
+	* @returns
+	*/
+	async createTemporaryToken(user, purpose, expiresIn = "10m") {
+		return await this.createJWT({
+			sub: user.id.toString(),
+			email: user.email,
+			purpose
+		}, expiresIn);
+	}
+	/**
+	* Authorize a temporary token and return the associated user if the token is
+	* valid and matches the expected purpose.
+	*
+	* @param token
+	* @param purpose
+	* @returns
+	*/
+	async authorizeTemporaryToken(token, purpose) {
+		const payload = await this.verifyJWT(token);
+		if (!payload || payload.purpose !== purpose || !payload.sub) throw new AuthenticationException("Invalid or expired two-factor session", {
+			req: Auth.req,
+			status: 401
+		});
+		const user = await (await getModel("User")).query().find(payload.sub);
+		if (!user) throw new AuthenticationException("User account not found", {
+			req: Auth.req,
+			status: 401
+		});
+		Auth.req?.setUser(user);
+		this.#user = user;
+		return user;
+	}
+	/**
+	* Logout the currently authenticated user and delete all their personal access tokens
+	*
+	* @param token
+	* @returns
+	*/
+	async logout(token) {
+		if (!this.#user && !token) return;
+		if (token) if (typeof token === "string") await (await getModel("PersonalAccessToken")).query().where({ token }).delete();
+		else await token.delete();
+		else await (await getModel("PersonalAccessToken")).query().where({ userId: this.#user.id }).delete();
+		this.#user = null;
+	}
+	/**
+	* Check if the user is authenticated
+	*
+	* @returns
+	*/
+	async check() {
+		return !!this.#user;
+	}
+	/**
+	* Get the current session's personal access token
+	*
+	* @returns
+	*/
+	currentSession() {
+		return new CurrentSession(this);
+	}
+	/**
+	* Create a personal access token for a user
+	*
+	* @param user
+	* @returns
+	*/
+	async create(user) {
+		const payload = {
+			sub: user.id.toString(),
+			email: user.email
+		};
+		Auth.req?.setUser(user);
+		const token = await this.createJWT(payload);
+		const deviceInfo = SessionDevice.fromRequest(Auth.req);
+		const pat = await this.upsertDeviceToken(user, token, deviceInfo);
+		await pat.load(["user"]);
+		return pat;
+	}
+	/**
+	* Create or replace the personal access token for the same user and device
+	* while keeping a single active session record for that device.
+	*
+	* @param user The authenticated user.
+	* @param token The new bearer token to persist.
+	* @param deviceInfo The current request's device information.
+	*/
+	async upsertDeviceToken(user, token, deviceInfo) {
+		const TokenModel = await getModel("PersonalAccessToken");
+		const deviceKey = SessionDevice.getUniqueKey(deviceInfo);
+		const payload = {
+			abilities: [],
+			token,
+			name: SessionDevice.getDisplayName(deviceInfo),
+			userId: user.id,
+			lastUsedAt: /* @__PURE__ */ new Date()
+		};
+		if (!deviceKey) return await TokenModel.query().create(payload);
+		payload.deviceInfo = deviceInfo;
+		const matchingSessions = (await TokenModel.query().where({ userId: user.id }).get()).all().filter((session) => SessionDevice.matches(session.deviceInfo, deviceInfo)).sort((left, right) => {
+			const leftTime = (left.lastUsedAt ?? left.createdAt).getTime();
+			return (right.lastUsedAt ?? right.createdAt).getTime() - leftTime;
+		});
+		if (matchingSessions.length < 1) return await TokenModel.query().create(payload);
+		const [currentSession, ...duplicateSessions] = matchingSessions;
+		if (duplicateSessions.length > 0) await Promise.all(duplicateSessions.map(async (session) => await session.delete()));
+		await TokenModel.query().where({ id: currentSession.id }).update(payload);
+		currentSession.token = payload.token;
+		currentSession.name = payload.name;
+		currentSession.userId = payload.userId;
+		currentSession.deviceInfo = payload.deviceInfo;
+		currentSession.lastUsedAt = payload.lastUsedAt;
+		return currentSession;
+	}
+	/**
+	* Authorize a token and return the associated user
+	*
+	* @param token
+	* @returns
+	*/
+	async authorizeToken(token) {
+		const payload = await this.verifyJWT(token);
+		if (!payload) throw new AuthenticationException("Invalid or expired session", {
+			req: Auth.req,
+			status: 401
+		});
+		const pat = await (await getModel("PersonalAccessToken")).query().where({ token }).first();
+		if (!pat) throw new AuthenticationException("Invalid or expired access token", {
+			req: Auth.req,
+			status: 401
+		});
+		const user = await (await getModel("User")).query().find(payload.sub);
+		if (!user) throw new AuthenticationException("User account not found", {
+			req: Auth.req,
+			status: 401
+		});
+		Auth.req?.setUser(user);
+		this.touchSession(pat).catch((error) => {
+			if (env("NODE_ENV") === "development") console.error("Failed to update session activity", error);
+		});
+		this.#user = user;
+		return user;
+	}
+	/**
+	* Create a JWT token
+	*
+	* @param payload
+	* @returns
+	*/
+	async createJWT(payload, expiresIn = env("JWT_EXPIRES_IN", "1h")) {
+		return await new SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(expiresIn).sign(new TextEncoder().encode(this.getSecret()));
+	}
+	/**
+	* Verify a JWT token
+	*
+	* @param token
+	* @returns
+	*/
+	async verifyJWT(token) {
+		try {
+			const { payload } = await jwtVerify(token, new TextEncoder().encode(this.getSecret()));
+			return payload;
+		} catch {
+			return null;
+		}
+	}
+	getSecret() {
+		return this.configuredSecret ?? env("JWT_SECRET", "default_secret");
+	}
+	/**
+	* Update the last used timestamp and device information of a personal
+	* access token to keep the session active and reflect the latest device details.
+	*
+	* @param pat The personal access token to update.
+	* @returns A promise that resolves when the update is complete.
+	*/
+	async touchSession(pat) {
+		const now = /* @__PURE__ */ new Date();
+		const currentDeviceInfo = SessionDevice.fromRequest(Auth.req);
+		const shouldUpdateLastUsedAt = !pat.lastUsedAt || now.getTime() - pat.lastUsedAt.getTime() > 300 * 1e3;
+		const hasDeviceInfo = !!pat.deviceInfo;
+		const currentDisplayName = SessionDevice.getDisplayName(currentDeviceInfo);
+		const storedDisplayName = SessionDevice.getDisplayName(pat.deviceInfo);
+		const shouldRefreshDeviceInfo = !hasDeviceInfo || storedDisplayName !== currentDisplayName;
+		if (!shouldUpdateLastUsedAt && !shouldRefreshDeviceInfo) return;
+		const payload = { lastUsedAt: now };
+		if (shouldRefreshDeviceInfo) {
+			payload.deviceInfo = currentDeviceInfo;
+			payload.name = currentDisplayName;
+		}
+		await (await getModel("PersonalAccessToken")).query().where({ id: pat.id }).update(payload);
+		pat.lastUsedAt = now;
+		if (payload.deviceInfo !== void 0) pat.deviceInfo = payload.deviceInfo;
+		if (payload.name !== void 0) pat.name = payload.name;
+	}
+};
+//#endregion
+//#region src/Contracts/PersonalAccessToken.ts
+var PersonalAccessToken = class extends Model {};
+//#endregion
+//#region src/Contracts/User.ts
+var User = class extends Model {
+	static table = "users";
+};
+//#endregion
+export { Auth, AuthContract, AuthenticationException, CurrentSession, PersonalAccessToken, SessionDevice, User };
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":["#request","#response","#errors","#user"],"sources":["../src/Contracts/AuthContract.ts","../src/Exceptions/AuthenticationException.ts","../src/CurrentSession.ts","../src/SessionDevice.ts","../src/Auth.ts","../src/Contracts/PersonalAccessToken.ts","../src/Contracts/User.ts"],"sourcesContent":["import { CurrentSession } from '../CurrentSession'\nimport { PersonalAccessToken } from './PersonalAccessToken'\nimport { Request, type RequestSource } from '@arkstack/http'\nimport { User } from './User'\n\n/**\n * The Auth class provides methods for user authentication, including verifying \n * credentials, logging in, logging out, and managing personal access tokens. \n * \n * @author Legacy (3m1n3nc3)\n */\nexport abstract class AuthContract {\n /**\n * Set the current HTTP request instance being processed.\n * \n * @param req The HTTP request instance to be set.\n * @returns The Auth instance itself for method chaining.\n */\n abstract setRequest (req: Request<User> | RequestSource<User>): this\n\n /**\n * Get the current HTTP request instance being processed, which may contain\n * user information and other request-specific data relevant to authentication operations.\n * \n * @returns The current HTTP request instance or undefined if not set.\n */\n abstract getRequest (): Request<User> | undefined\n\n /**\n * Get the currently authenticated user\n * \n * @returns The currently authenticated user or null if not authenticated.\n */\n abstract user (): User | null\n\n /**\n * Verify user credentials\n * \n * @param email The email address of the user.\n * @param password The password of the user.\n * @returns A boolean indicating whether the credentials are valid.\n */\n abstract verify (email: string, password: string): Promise<boolean>\n\n /**\n * Attempt to authenticate a user with the given email and password.\n * \n * @param email \n * @param password \n * @returns \n */\n abstract attempt (email: string, password: string): Promise<User>\n\n /**\n * Login a user and create a personal access token\n * \n * @param email \n * @param password \n * @returns \n */\n abstract login (email: string, password: string): Promise<PersonalAccessToken>\n\n /**\n * Create a temporary token for a user with a specific purpose, such as\n * two-factor authentication.\n * \n * @param user \n * @param purpose \n * @param expiresIn \n * @returns \n */\n abstract createTemporaryToken (user: User, purpose: string, expiresIn?: string): Promise<string>\n\n /**\n * Authorize a temporary token and return the associated user if the token is \n * valid and matches the expected purpose.\n * \n * @param token \n * @param purpose \n * @returns \n */\n abstract authorizeTemporaryToken (token: string, purpose: string): Promise<User>\n\n /**\n * Logout the currently authenticated user and delete all their personal access tokens\n * \n * @param token \n * @returns \n */\n abstract logout (token?: string | PersonalAccessToken): Promise<void>\n\n /**\n * Check if the user is authenticated\n * \n * @returns \n */\n abstract check (): Promise<boolean>\n\n /**\n * Get the current session's personal access token\n * \n * @returns \n */\n abstract currentSession (): CurrentSession\n\n /**\n * Create a personal access token for a user\n * \n * @param user \n * @returns \n */\n abstract create (user: User): Promise<PersonalAccessToken>\n\n /**\n * Authorize a token and return the associated user\n * \n * @param token \n * @returns \n */\n abstract authorizeToken (token: string): Promise<User>\n}\n","import { Request, Response, type RequestSource, type ResponseSource } from '@arkstack/http'\n\nimport { Exception } from '@arkstack/common'\n\nexport class AuthenticationException extends Exception {\n #errors?: Record<string, any>\n #request?: Request\n #response?: Response\n statusCode: number = 401\n name: string\n\n constructor(\n message: string = 'Authentication failed',\n ctx?: {\n req?: Request | RequestSource,\n res?: Response | ResponseSource,\n status?: number,\n errors?: Record<string, any>\n }\n ) {\n super(message)\n this.name = 'AuthenticationException'\n this.statusCode = ctx?.status ?? 401\n if (ctx) {\n this.#request = Request.from(ctx.req)\n this.#response = Response.from(ctx.res)\n this.#errors = ctx.errors\n }\n\n void this.#response\n void this.#request\n }\n\n errors (): Record<string, any> | undefined {\n return this.#errors\n }\n}\n","import { AuthContract } from './Contracts/AuthContract'\nimport { PersonalAccessToken } from './Contracts/PersonalAccessToken'\nimport { getModel } from '@arkstack/common'\n\n/**\n * The CurrentSession class represents the current authentication session and provides \n * methods to manage it, such as destroying the session (logging out) and retrieving \n * the current personal access token. It is used internally by the Auth class to \n * handle session-specific operations.\n * \n * @author Legacy (3m1n3nc3)\n * @since 1.0.0\n * @version 1.0.0\n * @see Auth\n */\nexport class CurrentSession {\n constructor(private auth: AuthContract) { }\n\n /**\n * Destroy the current session's personal access token, effectively \n * logging out the user from this session.\n */\n async destroy () {\n const pat = await this.token()\n\n if (pat) {\n await this.auth.logout(pat)\n }\n }\n\n /**\n * Get the current session's personal access token\n * \n * @returns \n */\n async token (): Promise<PersonalAccessToken | null> {\n if (!this.auth.getRequest()) {\n return null\n }\n\n const token = this.auth.getRequest()!.bearerToken()\n\n if (!token) {\n return null\n }\n\n const Model = await getModel<typeof PersonalAccessToken>('PersonalAccessToken')\n const pat = await Model.query().where({ token }).first()\n\n return pat\n }\n}\n","import { type Request } from '@arkstack/http'\nimport { AuthAgentPayload, SessionDeviceInfo } from './types/Session'\nimport { UAParser } from 'ua-parser-js'\n\nexport class SessionDevice {\n private static readonly uniqueIdentityFields = [\n 'deviceName',\n 'manufacturer',\n 'model',\n 'platform',\n 'os',\n 'osVersion',\n 'browser',\n 'deviceType',\n ] as const\n\n /**\n * Extracts device information from the incoming request to build a SessionDeviceInfo object.\n * \n * @param req The incoming HTTP request object.\n * @returns A SessionDeviceInfo object containing information about the client's device.\n */\n static fromRequest (req?: Request): SessionDeviceInfo {\n const userAgent = this.readUserAgent(req)\n const ua = new UAParser(userAgent ?? undefined).getResult()\n const ca = this.readAuthAgent(req)\n\n return {\n browser: this.readString(ua.browser.name) ?? this.detectBrowser(userAgent),\n os: ca?.os ?? this.readString(ua.os.name) ?? this.detectOs(userAgent),\n osVersion: ca?.osVersion ?? this.readString(ua.os.version),\n deviceType: ca?.deviceType ?? this.normalizeDeviceType(ua.device.type) ?? this.detectDeviceType(userAgent),\n deviceName: ca?.deviceName ?? null,\n manufacturer: ca?.manufacturer ?? this.readString(ua.device.vendor),\n model: ca?.model ?? this.readString(ua.device.model),\n platform: ca?.platform ?? null,\n ipAddress: this.detectIpAddress(req),\n userAgent,\n }\n }\n\n /**\n * Generates a human-readable display name for the device based on available information.\n * \n * @param deviceInfo A record containing device information.\n * @returns A string representing the display name of the device.\n */\n static getDisplayName (deviceInfo?: Record<string, unknown> | null) {\n const deviceName = this.readString(deviceInfo?.deviceName)\n const manufacturer = this.readString(deviceInfo?.manufacturer)\n const model = this.readString(deviceInfo?.model)\n const browser = this.readString(deviceInfo?.browser)\n const os = this.readString(deviceInfo?.os)\n const deviceType = this.readString(deviceInfo?.deviceType)\n\n if (manufacturer && model) {\n return model.startsWith(manufacturer) ? model : `${manufacturer} ${model}`\n }\n\n if (model) {\n return model\n }\n\n if (deviceName) {\n return deviceName\n }\n\n if (browser && os) {\n return `${browser} on ${os}`\n }\n\n if (os && deviceType && deviceType !== 'unknown') {\n return `${os} ${deviceType}`\n }\n\n if (browser) {\n return browser\n }\n\n return 'Unknown device'\n }\n\n /**\n * Builds a stable device key for matching previously issued sessions to the\n * current request device.\n *\n * @param deviceInfo A record containing device information.\n * @returns A normalized device key or null when there is not enough signal.\n */\n static getUniqueKey (deviceInfo?: Record<string, unknown> | null) {\n const parts = this.uniqueIdentityFields\n .map((field) => [field, this.readString(deviceInfo?.[field])?.toLowerCase()] as const)\n .filter(([, value]) => !!value)\n\n if (parts.length < 2) {\n const fallbackUserAgent = this.readString(deviceInfo?.userAgent)?.toLowerCase()\n\n return fallbackUserAgent ?? null\n }\n\n return parts.map(([field, value]) => `${field}:${value}`).join('|')\n }\n\n /**\n * Determines whether two device payloads represent the same device.\n *\n * @param left The first device payload.\n * @param right The second device payload.\n * @returns True when both payloads resolve to the same device key.\n */\n static matches (left?: Record<string, unknown> | null, right?: Record<string, unknown> | null) {\n const leftKey = this.getUniqueKey(left)\n const rightKey = this.getUniqueKey(right)\n\n if (!leftKey || !rightKey) {\n return false\n }\n\n return leftKey === rightKey\n }\n\n /**\n * Safely reads the user agent string from the request headers.\n * \n * @param req \n * @returns \n */\n private static readUserAgent (req?: Request) {\n const userAgent = req?.header('user-agent')\n\n return typeof userAgent === 'string' ? userAgent : null\n }\n\n /**\n * Safely reads a string value, ensuring it's a non-empty string or returns null.\n * \n * @param value \n * @returns \n */\n private static readString (value: unknown) {\n return typeof value === 'string' && value.length > 0 ? value : null\n }\n\n /**\n * Reads a specific device-related header from the request\n * \n * @param req \n * @param headerName \n * @returns \n */\n private static readAuthAgent (req?: Request): AuthAgentPayload | null {\n const value = req?.header('x-auth-agent')\n\n if (typeof value !== 'string' || value.length < 1) {\n return null\n }\n\n try {\n const parsed: AuthAgentPayload = JSON.parse(value)\n\n return {\n deviceName: this.readString(parsed.deviceName) ?? undefined,\n manufacturer: this.readString(parsed.manufacturer) ?? undefined,\n model: this.readString(parsed.model) ?? undefined,\n platform: this.readString(parsed.platform) ?? undefined,\n os: this.readString(parsed.os) ?? undefined,\n osVersion: this.readString(parsed.osVersion) ?? undefined,\n deviceType: this.normalizeDeviceType(parsed.deviceType) ?? undefined,\n }\n } catch {\n return null\n }\n }\n\n private static normalizeDeviceType (value: unknown): SessionDeviceInfo['deviceType'] | null {\n if (value === 'mobile' || value === 'tablet' || value === 'desktop' || value === 'bot' || value === 'unknown') {\n return value\n }\n\n return null\n }\n\n /**\n * Detects the client's IP address from the request, considering common headers set by proxies.\n * \n * @param req \n * @returns \n */\n private static detectIpAddress (req?: Request) {\n const forwarded = req?.header('x-forwarded-for')\n\n if (typeof forwarded === 'string' && forwarded.length > 0) {\n return forwarded.split(',')[0].trim()\n }\n\n return req?.ip ?? null\n }\n\n /**\n * Detects the browser from the user agent string.\n * \n * @param userAgent \n * @returns \n */\n private static detectBrowser (userAgent: string | null) {\n if (!userAgent) return null\n if (/Edg\\//i.test(userAgent)) return 'Edge'\n if (/OPR\\//i.test(userAgent)) return 'Opera'\n if (/SamsungBrowser\\//i.test(userAgent)) return 'Samsung Internet'\n if (/Chrome\\//i.test(userAgent) && !/Edg\\//i.test(userAgent)) return 'Chrome'\n if (/Firefox\\//i.test(userAgent)) return 'Firefox'\n if (/Safari\\//i.test(userAgent) && !/Chrome\\//i.test(userAgent)) return 'Safari'\n if (/PostmanRuntime\\//i.test(userAgent)) return 'Postman'\n if (/okhttp\\//i.test(userAgent)) return 'OkHttp'\n if (/curl\\//i.test(userAgent)) return 'cURL'\n\n return null\n }\n\n /**\n * Detects the operating system from the user agent string.\n * \n * @param userAgent \n * @returns \n */\n private static detectOs (userAgent: string | null) {\n if (!userAgent) return null\n if (/iPhone|iPad|iPod/i.test(userAgent)) return 'iOS'\n if (/Android/i.test(userAgent)) return 'Android'\n if (/Mac OS X|Macintosh/i.test(userAgent)) return 'macOS'\n if (/Windows NT/i.test(userAgent)) return 'Windows'\n if (/Linux/i.test(userAgent)) return 'Linux'\n\n return null\n }\n\n /**\n * Detects the device type from the user agent string.\n * \n * @param userAgent \n * @returns \n */\n private static detectDeviceType (userAgent: string | null): SessionDeviceInfo['deviceType'] {\n if (!userAgent) return 'unknown'\n if (/bot|spider|crawl/i.test(userAgent)) return 'bot'\n if (/iPad|Tablet/i.test(userAgent)) return 'tablet'\n if (/Mobile|iPhone|Android/i.test(userAgent)) return 'mobile'\n\n return 'desktop'\n }\n}\n","import { Hash, env, getModel } from '@arkstack/common'\nimport { JWTPayload, SignJWT, jwtVerify } from 'jose'\n\nimport { AuthContract } from './Contracts/AuthContract'\nimport { AuthenticationException } from './Exceptions/AuthenticationException'\nimport { CurrentSession } from './CurrentSession'\nimport { PersonalAccessToken } from './Contracts/PersonalAccessToken'\nimport { Request, type RequestSource } from '@arkstack/http'\nimport { SessionDevice } from './SessionDevice'\nimport { User } from './Contracts/User'\n\n/**\n * The Auth class provides methods for user authentication, including verifying \n * credentials, logging in, logging out, and managing personal access tokens. \n * \n * @author Legacy (3m1n3nc3)\n */\nexport class Auth extends AuthContract {\n protected static req?: Request<User>\n private configuredSecret?: string\n #user: User | null = null\n\n constructor(secret?: string, req?: Request<User> | RequestSource<User>) {\n super()\n Auth.req = Request.from<User>(req)\n this.configuredSecret = secret\n }\n\n /**\n * Create a new instance of the Auth class with an optional secret for JWT \n * signing and verification.\n * \n * @param secret The secret key used for signing and verifying JWTs.\n * @returns A new instance of the Auth class.\n */\n static make (secret?: string) {\n return new Auth(secret)\n }\n\n /**\n * Set the current HTTP request instance being processed.\n * \n * @param req The HTTP request instance to be set.\n * @returns The Auth class itself for method chaining.\n */\n static setRequest (req: Request<User> | RequestSource<User>) {\n this.req = Request.from<User>(req)\n\n return this\n }\n\n /**\n * Set the current HTTP request instance being processed.\n * \n * @param req The HTTP request instance to be set.\n * @returns The Auth instance itself for method chaining.\n */\n setRequest (req: Request<User> | RequestSource<User>) {\n Auth.req ??= Request.from<User>(req)\n\n return this\n }\n\n /**\n * Get the current HTTP request instance being processed, which may contain\n * user information and other request-specific data relevant to authentication operations.\n * \n * @returns The current HTTP request instance or undefined if not set.\n */\n getRequest (): Request<User> | undefined {\n return Auth.req\n }\n\n /**\n * Get the currently authenticated user\n * \n * @returns The currently authenticated user or null if not authenticated.\n */\n user (): User | null {\n return this.#user\n }\n\n /**\n * Verify user credentials\n * \n * @param email The email address of the user.\n * @param password The password of the user.\n * @returns A boolean indicating whether the credentials are valid.\n */\n async verify (email: string, password: string): Promise<boolean> {\n const user = await (await getModel<typeof User>('User')).query().where({ email }).first()\n\n return !!user && await Hash.verify(password, user.password)\n }\n\n /**\n * Attempt to authenticate a user with the given email and password.\n * \n * @param email \n * @param password \n * @returns \n */\n async attempt (email: string, password: string): Promise<User> {\n const user = await (await getModel<typeof User>('User')).query().where({ email }).first()\n\n if (!user) {\n throw new AuthenticationException('User account not found', { req: Auth.req, status: 422, errors: { email: ['No account found for this email address'] } })\n }\n\n const isValid = await Hash.verify(password, user.password)\n\n if (!isValid) {\n throw new AuthenticationException('Invalid credentials', { req: Auth.req, status: 422, errors: { password: ['Invalid password'] } })\n }\n\n Auth.req?.setUser(user)\n\n this.#user = user\n\n return user\n }\n\n /**\n * Login a user and create a personal access token\n * \n * @param email \n * @param password \n * @returns \n */\n async login (email: string, password: string): Promise<PersonalAccessToken> {\n const user = await this.attempt(email, password)\n\n return await this.create(user)\n }\n\n /**\n * Create a temporary token for a user with a specific purpose, such as\n * two-factor authentication.\n * \n * @param user \n * @param purpose \n * @param expiresIn \n * @returns \n */\n async createTemporaryToken (user: User, purpose: string, expiresIn: string = '10m'): Promise<string> {\n return await this.createJWT({\n sub: user.id.toString(),\n email: user.email,\n purpose,\n }, expiresIn)\n }\n\n /**\n * Authorize a temporary token and return the associated user if the token is \n * valid and matches the expected purpose.\n * \n * @param token \n * @param purpose \n * @returns \n */\n async authorizeTemporaryToken (token: string, purpose: string): Promise<User> {\n const payload = await this.verifyJWT(token)\n\n if (!payload || payload.purpose !== purpose || !payload.sub) {\n throw new AuthenticationException(\n 'Invalid or expired two-factor session',\n { req: Auth.req, status: 401 }\n )\n }\n\n const user = await (await getModel<typeof User>('User')).query().find(payload.sub)\n\n if (!user) {\n throw new AuthenticationException(\n 'User account not found',\n { req: Auth.req, status: 401 }\n )\n }\n\n Auth.req?.setUser(user)\n\n this.#user = user\n\n return user\n }\n\n /**\n * Logout the currently authenticated user and delete all their personal access tokens\n * \n * @param token \n * @returns \n */\n async logout (token?: string | PersonalAccessToken): Promise<void> {\n if (!this.#user && !token) {\n return\n }\n\n if (token) {\n if (typeof token === 'string') {\n const TokenModel = await getModel<typeof PersonalAccessToken>('PersonalAccessToken')\n\n await TokenModel.query().where({ token }).delete()\n } else {\n await token.delete()\n }\n } else {\n const TokenModel = await getModel<typeof PersonalAccessToken>('PersonalAccessToken')\n\n await TokenModel.query().where({ userId: this.#user!.id }).delete()\n }\n\n this.#user = null\n }\n\n /**\n * Check if the user is authenticated\n * \n * @returns \n */\n async check (): Promise<boolean> {\n return !!this.#user\n }\n\n /**\n * Get the current session's personal access token\n * \n * @returns \n */\n currentSession () {\n return new CurrentSession(this)\n }\n\n /**\n * Create a personal access token for a user\n * \n * @param user \n * @returns \n */\n async create (user: User): Promise<PersonalAccessToken> {\n const payload: JWTPayload = {\n sub: user.id.toString(),\n email: user.email,\n }\n\n Auth.req?.setUser(user)\n\n const token = await this.createJWT(payload)\n const deviceInfo = SessionDevice.fromRequest(Auth.req)\n\n const pat = await this.upsertDeviceToken(user, token, deviceInfo)\n\n await pat.load(['user'])\n\n return pat\n }\n\n /**\n * Create or replace the personal access token for the same user and device\n * while keeping a single active session record for that device.\n *\n * @param user The authenticated user.\n * @param token The new bearer token to persist.\n * @param deviceInfo The current request's device information.\n */\n private async upsertDeviceToken (user: User, token: string, deviceInfo: Record<string, unknown> | null) {\n const TokenModel = await getModel<typeof PersonalAccessToken>('PersonalAccessToken')\n const deviceKey = SessionDevice.getUniqueKey(deviceInfo)\n const payload = {\n abilities: [],\n token,\n name: SessionDevice.getDisplayName(deviceInfo),\n userId: user.id,\n lastUsedAt: new Date(),\n } as {\n abilities: string[]\n token: string\n name: string\n userId: User['id']\n deviceInfo?: Record<string, unknown> | null\n lastUsedAt: Date\n }\n\n if (!deviceKey) {\n return await TokenModel.query().create(payload)\n }\n\n payload.deviceInfo = deviceInfo\n\n const existingSessions = (await TokenModel.query().where({ userId: user.id }).get()).all()\n const matchingSessions = existingSessions\n .filter((session) => SessionDevice.matches(session.deviceInfo, deviceInfo))\n .sort((left, right) => {\n const leftTime = (left.lastUsedAt ?? left.createdAt).getTime()\n const rightTime = (right.lastUsedAt ?? right.createdAt).getTime()\n\n return rightTime - leftTime\n })\n\n if (matchingSessions.length < 1) {\n return await TokenModel.query().create(payload)\n }\n\n const [currentSession, ...duplicateSessions] = matchingSessions\n\n if (duplicateSessions.length > 0) {\n await Promise.all(duplicateSessions.map(async (session) => await session.delete()))\n }\n\n await TokenModel.query().where({ id: currentSession.id }).update(payload)\n\n currentSession.token = payload.token\n currentSession.name = payload.name\n currentSession.userId = payload.userId\n currentSession.deviceInfo = payload.deviceInfo\n currentSession.lastUsedAt = payload.lastUsedAt\n\n return currentSession\n }\n\n /**\n * Authorize a token and return the associated user\n * \n * @param token \n * @returns \n */\n async authorizeToken (token: string): Promise<User> {\n const payload = await this.verifyJWT(token)\n\n if (!payload) {\n throw new AuthenticationException(\n 'Invalid or expired session',\n { req: Auth.req, status: 401 }\n )\n }\n\n const TokenModel = await getModel<typeof PersonalAccessToken>('PersonalAccessToken')\n const pat = await TokenModel.query().where({ token }).first()\n\n if (!pat) {\n throw new AuthenticationException(\n 'Invalid or expired access token',\n { req: Auth.req, status: 401 }\n )\n }\n\n const user = await (await getModel<typeof User>('User')).query().find(payload.sub!)\n\n if (!user) {\n throw new AuthenticationException(\n 'User account not found',\n { req: Auth.req, status: 401 }\n )\n }\n\n Auth.req?.setUser(user)\n\n void this.touchSession(pat).catch((error) => {\n if (env('NODE_ENV') === 'development') {\n console.error('Failed to update session activity', error)\n }\n })\n\n this.#user = user\n\n return user\n }\n\n /**\n * Create a JWT token\n * \n * @param payload \n * @returns \n */\n private async createJWT (payload: JWTPayload, expiresIn: string = env('JWT_EXPIRES_IN', '1h')): Promise<string> {\n const jwt = await new SignJWT(payload)\n .setProtectedHeader({ alg: 'HS256' })\n .setIssuedAt()\n .setExpirationTime(expiresIn)\n .sign(new TextEncoder().encode(this.getSecret()))\n\n return jwt\n }\n\n /**\n * Verify a JWT token\n * \n * @param token \n * @returns \n */\n private async verifyJWT (token: string): Promise<JWTPayload | null> {\n try {\n const { payload } = await jwtVerify(token, new TextEncoder().encode(this.getSecret()))\n\n return payload\n } catch {\n return null\n }\n }\n\n private getSecret (): string {\n return this.configuredSecret ?? env('JWT_SECRET', 'default_secret')\n }\n\n /**\n * Update the last used timestamp and device information of a personal \n * access token to keep the session active and reflect the latest device details.\n * \n * @param pat The personal access token to update.\n * @returns A promise that resolves when the update is complete.\n */\n private async touchSession (pat: PersonalAccessToken) {\n const now = new Date()\n const currentDeviceInfo = SessionDevice.fromRequest(Auth.req)\n const shouldUpdateLastUsedAt = !pat.lastUsedAt || (now.getTime() - pat.lastUsedAt.getTime()) > 5 * 60 * 1000\n const hasDeviceInfo = !!pat.deviceInfo\n const currentDisplayName = SessionDevice.getDisplayName(currentDeviceInfo)\n const storedDisplayName = SessionDevice.getDisplayName(pat.deviceInfo)\n const shouldRefreshDeviceInfo = !hasDeviceInfo || storedDisplayName !== currentDisplayName\n\n if (!shouldUpdateLastUsedAt && !shouldRefreshDeviceInfo) {\n return\n }\n\n const payload: {\n lastUsedAt: Date\n deviceInfo?: Record<string, unknown> | null\n name?: string\n } = {\n lastUsedAt: now,\n }\n\n if (shouldRefreshDeviceInfo) {\n payload.deviceInfo = currentDeviceInfo\n payload.name = currentDisplayName\n }\n\n const TokenModel = await getModel<typeof PersonalAccessToken>('PersonalAccessToken')\n\n await TokenModel.query().where({ id: pat.id }).update(payload)\n\n pat.lastUsedAt = now\n\n if (payload.deviceInfo !== undefined) {\n pat.deviceInfo = payload.deviceInfo\n }\n\n if (payload.name !== undefined) {\n pat.name = payload.name\n }\n }\n}\n","import { Model } from 'arkormx'\n\nexport abstract class PersonalAccessToken extends Model {\n declare id: number\n declare name: string\n declare token: string\n declare abilities: string[]\n declare userId: number\n declare createdAt: Date\n declare expiresAt: Date | null\n declare lastUsedAt: Date | null\n declare deviceInfo: Record<string, unknown> | null\n}\n","import { Model } from 'arkormx'\n\nexport abstract class User extends Model {\n declare id: number\n declare name: string\n declare email: string\n declare password: string\n\n protected static table?: string | undefined = 'users'\n}"],"mappings":";;;;;;;;;;;;;AAWA,IAAsB,eAAtB,MAAmC;;;;ACPnC,IAAa,0BAAb,cAA6C,UAAU;CACnD;CACA;CACA;CACA,aAAqB;CACrB;CAEA,YACI,UAAkB,yBAClB,KAMF;AACE,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,OAAK,aAAa,KAAK,UAAU;AACjC,MAAI,KAAK;AACL,SAAKA,UAAW,QAAQ,KAAK,IAAI,IAAI;AACrC,SAAKC,WAAY,SAAS,KAAK,IAAI,IAAI;AACvC,SAAKC,SAAU,IAAI;;AAGvB,EAAK,MAAKD;AACV,EAAK,MAAKD;;CAGd,SAA2C;AACvC,SAAO,MAAKE;;;;;;;;;;;;;;;;;ACnBpB,IAAa,iBAAb,MAA4B;CACxB,YAAY,AAAQ,MAAoB;EAApB;;;;;;CAMpB,MAAM,UAAW;EACb,MAAM,MAAM,MAAM,KAAK,OAAO;AAE9B,MAAI,IACA,OAAM,KAAK,KAAK,OAAO,IAAI;;;;;;;CASnC,MAAM,QAA8C;AAChD,MAAI,CAAC,KAAK,KAAK,YAAY,CACvB,QAAO;EAGX,MAAM,QAAQ,KAAK,KAAK,YAAY,CAAE,aAAa;AAEnD,MAAI,CAAC,MACD,QAAO;AAMX,SAFY,OADE,MAAM,SAAqC,sBAAsB,EACvD,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO;;;;;;AC3ChE,IAAa,gBAAb,MAA2B;CACvB,OAAwB,uBAAuB;EAC3C;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACH;;;;;;;CAQD,OAAO,YAAa,KAAkC;EAClD,MAAM,YAAY,KAAK,cAAc,IAAI;EACzC,MAAM,KAAK,IAAI,SAAS,aAAa,OAAU,CAAC,WAAW;EAC3D,MAAM,KAAK,KAAK,cAAc,IAAI;AAElC,SAAO;GACH,SAAS,KAAK,WAAW,GAAG,QAAQ,KAAK,IAAI,KAAK,cAAc,UAAU;GAC1E,IAAI,IAAI,MAAM,KAAK,WAAW,GAAG,GAAG,KAAK,IAAI,KAAK,SAAS,UAAU;GACrE,WAAW,IAAI,aAAa,KAAK,WAAW,GAAG,GAAG,QAAQ;GAC1D,YAAY,IAAI,cAAc,KAAK,oBAAoB,GAAG,OAAO,KAAK,IAAI,KAAK,iBAAiB,UAAU;GAC1G,YAAY,IAAI,cAAc;GAC9B,cAAc,IAAI,gBAAgB,KAAK,WAAW,GAAG,OAAO,OAAO;GACnE,OAAO,IAAI,SAAS,KAAK,WAAW,GAAG,OAAO,MAAM;GACpD,UAAU,IAAI,YAAY;GAC1B,WAAW,KAAK,gBAAgB,IAAI;GACpC;GACH;;;;;;;;CASL,OAAO,eAAgB,YAA6C;EAChE,MAAM,aAAa,KAAK,WAAW,YAAY,WAAW;EAC1D,MAAM,eAAe,KAAK,WAAW,YAAY,aAAa;EAC9D,MAAM,QAAQ,KAAK,WAAW,YAAY,MAAM;EAChD,MAAM,UAAU,KAAK,WAAW,YAAY,QAAQ;EACpD,MAAM,KAAK,KAAK,WAAW,YAAY,GAAG;EAC1C,MAAM,aAAa,KAAK,WAAW,YAAY,WAAW;AAE1D,MAAI,gBAAgB,MAChB,QAAO,MAAM,WAAW,aAAa,GAAG,QAAQ,GAAG,aAAa,GAAG;AAGvE,MAAI,MACA,QAAO;AAGX,MAAI,WACA,QAAO;AAGX,MAAI,WAAW,GACX,QAAO,GAAG,QAAQ,MAAM;AAG5B,MAAI,MAAM,cAAc,eAAe,UACnC,QAAO,GAAG,GAAG,GAAG;AAGpB,MAAI,QACA,QAAO;AAGX,SAAO;;;;;;;;;CAUX,OAAO,aAAc,YAA6C;EAC9D,MAAM,QAAQ,KAAK,qBACd,KAAK,UAAU,CAAC,OAAO,KAAK,WAAW,aAAa,OAAO,EAAE,aAAa,CAAC,CAAU,CACrF,QAAQ,GAAG,WAAW,CAAC,CAAC,MAAM;AAEnC,MAAI,MAAM,SAAS,EAGf,QAF0B,KAAK,WAAW,YAAY,UAAU,EAAE,aAAa,IAEnD;AAGhC,SAAO,MAAM,KAAK,CAAC,OAAO,WAAW,GAAG,MAAM,GAAG,QAAQ,CAAC,KAAK,IAAI;;;;;;;;;CAUvE,OAAO,QAAS,MAAuC,OAAwC;EAC3F,MAAM,UAAU,KAAK,aAAa,KAAK;EACvC,MAAM,WAAW,KAAK,aAAa,MAAM;AAEzC,MAAI,CAAC,WAAW,CAAC,SACb,QAAO;AAGX,SAAO,YAAY;;;;;;;;CASvB,OAAe,cAAe,KAAe;EACzC,MAAM,YAAY,KAAK,OAAO,aAAa;AAE3C,SAAO,OAAO,cAAc,WAAW,YAAY;;;;;;;;CASvD,OAAe,WAAY,OAAgB;AACvC,SAAO,OAAO,UAAU,YAAY,MAAM,SAAS,IAAI,QAAQ;;;;;;;;;CAUnE,OAAe,cAAe,KAAwC;EAClE,MAAM,QAAQ,KAAK,OAAO,eAAe;AAEzC,MAAI,OAAO,UAAU,YAAY,MAAM,SAAS,EAC5C,QAAO;AAGX,MAAI;GACA,MAAM,SAA2B,KAAK,MAAM,MAAM;AAElD,UAAO;IACH,YAAY,KAAK,WAAW,OAAO,WAAW,IAAI;IAClD,cAAc,KAAK,WAAW,OAAO,aAAa,IAAI;IACtD,OAAO,KAAK,WAAW,OAAO,MAAM,IAAI;IACxC,UAAU,KAAK,WAAW,OAAO,SAAS,IAAI;IAC9C,IAAI,KAAK,WAAW,OAAO,GAAG,IAAI;IAClC,WAAW,KAAK,WAAW,OAAO,UAAU,IAAI;IAChD,YAAY,KAAK,oBAAoB,OAAO,WAAW,IAAI;IAC9D;UACG;AACJ,UAAO;;;CAIf,OAAe,oBAAqB,OAAwD;AACxF,MAAI,UAAU,YAAY,UAAU,YAAY,UAAU,aAAa,UAAU,SAAS,UAAU,UAChG,QAAO;AAGX,SAAO;;;;;;;;CASX,OAAe,gBAAiB,KAAe;EAC3C,MAAM,YAAY,KAAK,OAAO,kBAAkB;AAEhD,MAAI,OAAO,cAAc,YAAY,UAAU,SAAS,EACpD,QAAO,UAAU,MAAM,IAAI,CAAC,GAAG,MAAM;AAGzC,SAAO,KAAK,MAAM;;;;;;;;CAStB,OAAe,cAAe,WAA0B;AACpD,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,SAAS,KAAK,UAAU,CAAE,QAAO;AACrC,MAAI,SAAS,KAAK,UAAU,CAAE,QAAO;AACrC,MAAI,oBAAoB,KAAK,UAAU,CAAE,QAAO;AAChD,MAAI,YAAY,KAAK,UAAU,IAAI,CAAC,SAAS,KAAK,UAAU,CAAE,QAAO;AACrE,MAAI,aAAa,KAAK,UAAU,CAAE,QAAO;AACzC,MAAI,YAAY,KAAK,UAAU,IAAI,CAAC,YAAY,KAAK,UAAU,CAAE,QAAO;AACxE,MAAI,oBAAoB,KAAK,UAAU,CAAE,QAAO;AAChD,MAAI,YAAY,KAAK,UAAU,CAAE,QAAO;AACxC,MAAI,UAAU,KAAK,UAAU,CAAE,QAAO;AAEtC,SAAO;;;;;;;;CASX,OAAe,SAAU,WAA0B;AAC/C,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,oBAAoB,KAAK,UAAU,CAAE,QAAO;AAChD,MAAI,WAAW,KAAK,UAAU,CAAE,QAAO;AACvC,MAAI,sBAAsB,KAAK,UAAU,CAAE,QAAO;AAClD,MAAI,cAAc,KAAK,UAAU,CAAE,QAAO;AAC1C,MAAI,SAAS,KAAK,UAAU,CAAE,QAAO;AAErC,SAAO;;;;;;;;CASX,OAAe,iBAAkB,WAA2D;AACxF,MAAI,CAAC,UAAW,QAAO;AACvB,MAAI,oBAAoB,KAAK,UAAU,CAAE,QAAO;AAChD,MAAI,eAAe,KAAK,UAAU,CAAE,QAAO;AAC3C,MAAI,yBAAyB,KAAK,UAAU,CAAE,QAAO;AAErD,SAAO;;;;;;;;;;;;ACvOf,IAAa,OAAb,MAAa,aAAa,aAAa;CACnC,OAAiB;CACjB,AAAQ;CACR,QAAqB;CAErB,YAAY,QAAiB,KAA2C;AACpE,SAAO;AACP,OAAK,MAAM,QAAQ,KAAW,IAAI;AAClC,OAAK,mBAAmB;;;;;;;;;CAU5B,OAAO,KAAM,QAAiB;AAC1B,SAAO,IAAI,KAAK,OAAO;;;;;;;;CAS3B,OAAO,WAAY,KAA0C;AACzD,OAAK,MAAM,QAAQ,KAAW,IAAI;AAElC,SAAO;;;;;;;;CASX,WAAY,KAA0C;AAClD,OAAK,QAAQ,QAAQ,KAAW,IAAI;AAEpC,SAAO;;;;;;;;CASX,aAAyC;AACrC,SAAO,KAAK;;;;;;;CAQhB,OAAqB;AACjB,SAAO,MAAKC;;;;;;;;;CAUhB,MAAM,OAAQ,OAAe,UAAoC;EAC7D,MAAM,OAAO,OAAO,MAAM,SAAsB,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO;AAEzF,SAAO,CAAC,CAAC,QAAQ,MAAM,KAAK,OAAO,UAAU,KAAK,SAAS;;;;;;;;;CAU/D,MAAM,QAAS,OAAe,UAAiC;EAC3D,MAAM,OAAO,OAAO,MAAM,SAAsB,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO;AAEzF,MAAI,CAAC,KACD,OAAM,IAAI,wBAAwB,0BAA0B;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,QAAQ,EAAE,OAAO,CAAC,0CAA0C,EAAE;GAAE,CAAC;AAK/J,MAAI,CAFY,MAAM,KAAK,OAAO,UAAU,KAAK,SAAS,CAGtD,OAAM,IAAI,wBAAwB,uBAAuB;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,QAAQ,EAAE,UAAU,CAAC,mBAAmB,EAAE;GAAE,CAAC;AAGxI,OAAK,KAAK,QAAQ,KAAK;AAEvB,QAAKA,OAAQ;AAEb,SAAO;;;;;;;;;CAUX,MAAM,MAAO,OAAe,UAAgD;EACxE,MAAM,OAAO,MAAM,KAAK,QAAQ,OAAO,SAAS;AAEhD,SAAO,MAAM,KAAK,OAAO,KAAK;;;;;;;;;;;CAYlC,MAAM,qBAAsB,MAAY,SAAiB,YAAoB,OAAwB;AACjG,SAAO,MAAM,KAAK,UAAU;GACxB,KAAK,KAAK,GAAG,UAAU;GACvB,OAAO,KAAK;GACZ;GACH,EAAE,UAAU;;;;;;;;;;CAWjB,MAAM,wBAAyB,OAAe,SAAgC;EAC1E,MAAM,UAAU,MAAM,KAAK,UAAU,MAAM;AAE3C,MAAI,CAAC,WAAW,QAAQ,YAAY,WAAW,CAAC,QAAQ,IACpD,OAAM,IAAI,wBACN,yCACA;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,CACjC;EAGL,MAAM,OAAO,OAAO,MAAM,SAAsB,OAAO,EAAE,OAAO,CAAC,KAAK,QAAQ,IAAI;AAElF,MAAI,CAAC,KACD,OAAM,IAAI,wBACN,0BACA;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,CACjC;AAGL,OAAK,KAAK,QAAQ,KAAK;AAEvB,QAAKA,OAAQ;AAEb,SAAO;;;;;;;;CASX,MAAM,OAAQ,OAAqD;AAC/D,MAAI,CAAC,MAAKA,QAAS,CAAC,MAChB;AAGJ,MAAI,MACA,KAAI,OAAO,UAAU,SAGjB,QAFmB,MAAM,SAAqC,sBAAsB,EAEnE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,QAAQ;MAElD,OAAM,MAAM,QAAQ;MAKxB,QAFmB,MAAM,SAAqC,sBAAsB,EAEnE,OAAO,CAAC,MAAM,EAAE,QAAQ,MAAKA,KAAO,IAAI,CAAC,CAAC,QAAQ;AAGvE,QAAKA,OAAQ;;;;;;;CAQjB,MAAM,QAA2B;AAC7B,SAAO,CAAC,CAAC,MAAKA;;;;;;;CAQlB,iBAAkB;AACd,SAAO,IAAI,eAAe,KAAK;;;;;;;;CASnC,MAAM,OAAQ,MAA0C;EACpD,MAAM,UAAsB;GACxB,KAAK,KAAK,GAAG,UAAU;GACvB,OAAO,KAAK;GACf;AAED,OAAK,KAAK,QAAQ,KAAK;EAEvB,MAAM,QAAQ,MAAM,KAAK,UAAU,QAAQ;EAC3C,MAAM,aAAa,cAAc,YAAY,KAAK,IAAI;EAEtD,MAAM,MAAM,MAAM,KAAK,kBAAkB,MAAM,OAAO,WAAW;AAEjE,QAAM,IAAI,KAAK,CAAC,OAAO,CAAC;AAExB,SAAO;;;;;;;;;;CAWX,MAAc,kBAAmB,MAAY,OAAe,YAA4C;EACpG,MAAM,aAAa,MAAM,SAAqC,sBAAsB;EACpF,MAAM,YAAY,cAAc,aAAa,WAAW;EACxD,MAAM,UAAU;GACZ,WAAW,EAAE;GACb;GACA,MAAM,cAAc,eAAe,WAAW;GAC9C,QAAQ,KAAK;GACb,4BAAY,IAAI,MAAM;GACzB;AASD,MAAI,CAAC,UACD,QAAO,MAAM,WAAW,OAAO,CAAC,OAAO,QAAQ;AAGnD,UAAQ,aAAa;EAGrB,MAAM,oBADoB,MAAM,WAAW,OAAO,CAAC,MAAM,EAAE,QAAQ,KAAK,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,CAErF,QAAQ,YAAY,cAAc,QAAQ,QAAQ,YAAY,WAAW,CAAC,CAC1E,MAAM,MAAM,UAAU;GACnB,MAAM,YAAY,KAAK,cAAc,KAAK,WAAW,SAAS;AAG9D,WAFmB,MAAM,cAAc,MAAM,WAAW,SAAS,GAE9C;IACrB;AAEN,MAAI,iBAAiB,SAAS,EAC1B,QAAO,MAAM,WAAW,OAAO,CAAC,OAAO,QAAQ;EAGnD,MAAM,CAAC,gBAAgB,GAAG,qBAAqB;AAE/C,MAAI,kBAAkB,SAAS,EAC3B,OAAM,QAAQ,IAAI,kBAAkB,IAAI,OAAO,YAAY,MAAM,QAAQ,QAAQ,CAAC,CAAC;AAGvF,QAAM,WAAW,OAAO,CAAC,MAAM,EAAE,IAAI,eAAe,IAAI,CAAC,CAAC,OAAO,QAAQ;AAEzE,iBAAe,QAAQ,QAAQ;AAC/B,iBAAe,OAAO,QAAQ;AAC9B,iBAAe,SAAS,QAAQ;AAChC,iBAAe,aAAa,QAAQ;AACpC,iBAAe,aAAa,QAAQ;AAEpC,SAAO;;;;;;;;CASX,MAAM,eAAgB,OAA8B;EAChD,MAAM,UAAU,MAAM,KAAK,UAAU,MAAM;AAE3C,MAAI,CAAC,QACD,OAAM,IAAI,wBACN,8BACA;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,CACjC;EAIL,MAAM,MAAM,OADO,MAAM,SAAqC,sBAAsB,EACvD,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,OAAO;AAE7D,MAAI,CAAC,IACD,OAAM,IAAI,wBACN,mCACA;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,CACjC;EAGL,MAAM,OAAO,OAAO,MAAM,SAAsB,OAAO,EAAE,OAAO,CAAC,KAAK,QAAQ,IAAK;AAEnF,MAAI,CAAC,KACD,OAAM,IAAI,wBACN,0BACA;GAAE,KAAK,KAAK;GAAK,QAAQ;GAAK,CACjC;AAGL,OAAK,KAAK,QAAQ,KAAK;AAEvB,EAAK,KAAK,aAAa,IAAI,CAAC,OAAO,UAAU;AACzC,OAAI,IAAI,WAAW,KAAK,cACpB,SAAQ,MAAM,qCAAqC,MAAM;IAE/D;AAEF,QAAKA,OAAQ;AAEb,SAAO;;;;;;;;CASX,MAAc,UAAW,SAAqB,YAAoB,IAAI,kBAAkB,KAAK,EAAmB;AAO5G,SANY,MAAM,IAAI,QAAQ,QAAQ,CACjC,mBAAmB,EAAE,KAAK,SAAS,CAAC,CACpC,aAAa,CACb,kBAAkB,UAAU,CAC5B,KAAK,IAAI,aAAa,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC;;;;;;;;CAWzD,MAAc,UAAW,OAA2C;AAChE,MAAI;GACA,MAAM,EAAE,YAAY,MAAM,UAAU,OAAO,IAAI,aAAa,CAAC,OAAO,KAAK,WAAW,CAAC,CAAC;AAEtF,UAAO;UACH;AACJ,UAAO;;;CAIf,AAAQ,YAAqB;AACzB,SAAO,KAAK,oBAAoB,IAAI,cAAc,iBAAiB;;;;;;;;;CAUvE,MAAc,aAAc,KAA0B;EAClD,MAAM,sBAAM,IAAI,MAAM;EACtB,MAAM,oBAAoB,cAAc,YAAY,KAAK,IAAI;EAC7D,MAAM,yBAAyB,CAAC,IAAI,cAAe,IAAI,SAAS,GAAG,IAAI,WAAW,SAAS,GAAI,MAAS;EACxG,MAAM,gBAAgB,CAAC,CAAC,IAAI;EAC5B,MAAM,qBAAqB,cAAc,eAAe,kBAAkB;EAC1E,MAAM,oBAAoB,cAAc,eAAe,IAAI,WAAW;EACtE,MAAM,0BAA0B,CAAC,iBAAiB,sBAAsB;AAExE,MAAI,CAAC,0BAA0B,CAAC,wBAC5B;EAGJ,MAAM,UAIF,EACA,YAAY,KACf;AAED,MAAI,yBAAyB;AACzB,WAAQ,aAAa;AACrB,WAAQ,OAAO;;AAKnB,SAFmB,MAAM,SAAqC,sBAAsB,EAEnE,OAAO,CAAC,MAAM,EAAE,IAAI,IAAI,IAAI,CAAC,CAAC,OAAO,QAAQ;AAE9D,MAAI,aAAa;AAEjB,MAAI,QAAQ,eAAe,OACvB,KAAI,aAAa,QAAQ;AAG7B,MAAI,QAAQ,SAAS,OACjB,KAAI,OAAO,QAAQ;;;;;;AC7b/B,IAAsB,sBAAtB,cAAkD,MAAM;;;;ACAxD,IAAsB,OAAtB,cAAmC,MAAM;CAMrC,OAAiB,QAA6B"}

package/package.json ADDED Viewed

@@ -0,0 +1,51 @@
+{
+  "name": "@arkstack/auth",
+  "version": "0.3.15",
+  "type": "module",
+  "description": "Authentication package for Arkstack applications, providing utilities for user authentication, password hashing, and two-factor authentication.",
+  "homepage": "https://arkstack.toneflix.net",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/arkstack-hq/arkstack.git",
+    "directory": "packages/auth"
+  },
+  "keywords": [
+    "authentication",
+    "password",
+    "hashing",
+    "two-factor",
+    "2fa",
+    "auth",
+    "utilities",
+    "helpers",
+    "logging",
+    "configuration",
+    "error-handling",
+    "validation",
+    "arkstack"
+  ],
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "exports": {
+    ".": "./dist/index.js",
+    "./package.json": "./package.json"
+  },
+  "dependencies": {
+    "jose": "^6.2.3",
+    "ua-parser-js": "^2.0.9",
+    "@arkstack/common": "^0.3.15",
+    "@arkstack/http": "^0.3.15"
+  },
+  "peerDependencies": {
+    "@h3ravel/support": "^0.15.11",
+    "arkormx": "^2.0.6"
+  },
+  "scripts": {
+    "build": "tsdown --config-loader unconfig",
+    "version:patch": "pnpm version patch"
+  }
+}