npm - @baeta/auth - Versions diffs - 0.0.0 → 2.0.0-next.15 - Mend

@baeta/auth 0.0.0 → 2.0.0-next.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","names":[],"sources":["../lib/error.ts","../utils/resolver.ts","../lib/store.ts","../lib/grant.ts","../lib/scope-defaults.ts","../lib/scope-rules.ts","../lib/grant-cache.ts","../lib/serialize.ts","../lib/scope-cache.ts","../lib/scope-resolver.ts","../lib/store-loader.ts","../lib/auth-middlewares.ts","../lib/define-rules.ts","../lib/define-scopes.ts","../lib/create-auth.ts"],"sourcesContent":["import { AggregateGraphQLError, InternalServerError } from '@baeta/errors';\nimport { log } from '@baeta/util-log';\nimport { GraphQLError } from 'graphql';\n\n/** Custom error resolver function for authorization failures. */\nexport type ScopeErrorResolver = (err: unknown) => unknown;\n\nexport function resolveError(err: unknown, resolve: ScopeErrorResolver) {\n\tconst resolvedError = resolve(err);\n\n\tif (resolvedError instanceof Error) {\n\t\tthrow resolvedError;\n\t}\n\n\tthrow err;\n}\n\nexport function defaultErrorResolver(err: unknown): unknown {\n\tif (err instanceof AggregateError) {\n\t\treturn aggregateErrorResolver(err);\n\t}\n\n\tif (!isGraphqlError(err)) {\n\t\tlog.warn(`Non GraphQLError encountered by auth`, err);\n\t}\n\n\treturn err;\n}\n\n/**\n * Default error resolver for authorization failures.\n * If multiple authorization errors are encountered they are combined into `AggregateGraphQLError` with proper HTTP status codes.\n */\nexport function aggregateErrorResolver(err: AggregateError) {\n\tif (err.errors.length === 1) {\n\t\tif (!isGraphqlError(err.errors[0])) {\n\t\t\tlog.warn(`Non GraphQLError encountered by auth`, err);\n\t\t}\n\t\treturn err.errors[0];\n\t}\n\n\tlet http: { status?: number } = {};\n\tconst errors: GraphQLError[] = [];\n\n\tfor (const error of err.errors) {\n\t\tif (!isGraphqlError(error)) {\n\t\t\terrors.push(new InternalServerError(error));\n\t\t\tlog.warn(`Non GraphQLError encountered by auth`, err);\n\t\t\tcontinue;\n\t\t}\n\t\terrors.push(error);\n\t\tif (error.extensions.http && http?.status !== 401) {\n\t\t\thttp = error.extensions.http;\n\t\t}\n\t}\n\n\treturn new AggregateGraphQLError(errors, undefined, {\n\t\textensions: {\n\t\t\thttp,\n\t\t},\n\t});\n}\n\nfunction isGraphqlError(err: unknown): err is GraphQLError {\n\treturn err instanceof GraphQLError;\n}\n","export function isOperationType(type: string): type is 'Query' | 'Mutation' | 'Subscription' {\n\treturn ['Query', 'Mutation', 'Subscription'].includes(type);\n}\n","import { createContextStore } from '@baeta/core';\nimport type { GrantCache } from './grant-cache.ts';\nimport type { ScopeCache } from './scope-cache.ts';\nimport type { ScopeResolverMap } from './scope-resolver.ts';\nimport type { ScopesShape } from './scope-rules.ts';\n\nexport interface AuthStore {\n\tscopes: ScopeResolverMap<ScopesShape>;\n\tscopeCache: ScopeCache;\n\tgrantCache: GrantCache;\n}\n\nexport const authStoreKey = Symbol('@baeta/auth');\n\nexport const [getAuthStore, setAuthStore] = createContextStore<AuthStore>(authStoreKey);\n","import type { ResolverParams } from '@baeta/core';\nimport { getAuthStore } from './store.ts';\n\n/**\n * Represents the result of a grant operation.\n * Can be either a single grant or an array of grants defined in AuthExtension.GrantsMap.\n */\nexport type GetGrantResult<Grant extends string, Result> =\n\t| Grant\n\t| Grant[]\n\t| GrantConfig<Grant, Result>\n\t| GrantConfig<Grant, Result>[];\n\n/**\n * Attaches a grant to a specific object derived from the resolver result,\n * instead of the result itself. For array results, `target` is invoked per\n * entry. `target` must return a non-primitive value.\n */\nexport type GrantConfig<Grant extends string, Result> = {\n\tgrant: Grant | Grant[];\n\ttarget: (result: GrantTarget<Result>) => unknown;\n};\n\ntype GrantTarget<Result> = Result extends Array<infer U> ? U : Result;\n\n/**\n * Function that determines grants based on resolver parameters and result.\n * Used for dynamic permission granting based on resolved data.\n */\nexport type GetGrantFn<Grants extends string, Result, Source, Context, Args, Info> = (\n\tparams: ResolverParams<Source, Context, Args, Info>,\n\tresult: Result,\n) => GetGrantResult<Grants, Result> | PromiseLike<GetGrantResult<Grants, Result>>;\n\n/**\n * Union type for grant specifications.\n * Can be either a static grant result or a function that determines grants dynamically.\n */\nexport type GetGrant<Grants extends string, Result, Source, Context, Args, Info> =\n\t| GetGrantFn<Grants, Result, Source, Context, Args, Info>\n\t| GetGrantResult<Grants, Result>;\n\nexport async function saveGrants<Grants extends string, Result, Source, Context, Args, Info>(\n\tparams: ResolverParams<Source, Context, Args, Info>,\n\tresult: Result,\n\tgrants: GetGrant<Grants, Result, Source, Context, Args, Info>,\n) {\n\tif (result == null) return;\n\tconst [store, resolvedGrants] = await Promise.all([\n\t\tgetAuthStore(params.ctx),\n\t\tresolveGrants(params, result, grants),\n\t]);\n\tconst entries = Array.isArray(result) ? result : [result];\n\tresolvedGrants.forEach(({ grant, target }) => {\n\t\tfor (const entry of entries) {\n\t\t\tif (entry == null) continue;\n\t\t\tstore.grantCache.addGrants(target(entry), grant);\n\t\t}\n\t});\n}\n\nfunction defaultTarget<Entry>(entry: Entry) {\n\treturn entry;\n}\n\nfunction normalizeGrant<Grant extends string, Result>(\n\tgrants: Grant | GrantConfig<Grant, Result>,\n): { grant: Grant[]; target: (entry: GrantTarget<Result>) => unknown } {\n\tif (typeof grants === 'string') {\n\t\treturn { grant: [grants], target: defaultTarget };\n\t}\n\treturn {\n\t\tgrant: Array.isArray(grants.grant) ? grants.grant : [grants.grant],\n\t\ttarget: grants.target,\n\t};\n}\n\nfunction normalizeGrants<Grant extends string, Result>(\n\tgrants: GetGrantResult<Grant, Result>,\n): Array<{ grant: Grant[]; target: (entry: GrantTarget<Result>) => unknown }> {\n\tif (Array.isArray(grants)) {\n\t\treturn grants.map((el) => normalizeGrant(el));\n\t}\n\treturn [normalizeGrant(grants)];\n}\n\nasync function resolveGrants<Grants extends string, Result, Source, Context, Args, Info>(\n\tparams: ResolverParams<Source, Context, Args, Info>,\n\tresult: Result,\n\tgrants: GetGrant<Grants, Result, Source, Context, Args, Info>,\n) {\n\tif (typeof grants !== 'function') {\n\t\treturn normalizeGrants(grants);\n\t}\n\tconst grantFnResult = await grants(params, result);\n\treturn normalizeGrants(grantFnResult);\n}\n","import { isOperationType } from '../utils/resolver.ts';\nimport type { ScopeRules, ScopesShape } from './scope-rules.ts';\n\n/** Configuration for default authorization scopes that apply to all operations of a specific type. */\nexport type DefaultScopes<Scopes extends ScopesShape, Grants extends string> = {\n\t/** Default scopes applied to all Query operations */\n\tQuery?: ScopeRules<Scopes, Grants>;\n\t/** Default scopes applied to all Mutation operations */\n\tMutation?: ScopeRules<Scopes, Grants>;\n\t/** Default scopes for Subscription operations */\n\tSubscription?: ScopeRules<Scopes, Grants>;\n};\n\nexport function selectDefaultScopes<Scopes extends ScopesShape, Grants extends string>(\n\tskipDefaults: boolean | undefined,\n\ttype: string,\n\tdefaultScopes?: DefaultScopes<Scopes, Grants>,\n) {\n\tif (!defaultScopes) {\n\t\treturn;\n\t}\n\n\tif (!isOperationType(type)) {\n\t\treturn;\n\t}\n\n\tif (skipDefaults === true) {\n\t\treturn;\n\t}\n\n\tif (type === 'Query') {\n\t\treturn defaultScopes.Query;\n\t}\n\n\tif (type === 'Mutation') {\n\t\treturn defaultScopes.Mutation;\n\t}\n\n\tif (type === 'Subscription') {\n\t\treturn defaultScopes.Subscription;\n\t}\n}\n","import type { ResolverParams } from '@baeta/core';\nimport { ForbiddenError } from '@baeta/errors';\nimport { getAuthStore } from './store.ts';\n\nexport type LogicRule = 'and' | 'or' | 'chain' | 'race';\n\nexport type ScopesShape = Record<string, unknown>;\n\n/**\n * Defines the structure of authorization scope rules.\n * Combines individual scope rules with logical operators and granted permissions.\n */\nexport type ScopeRules<Scopes extends ScopesShape, Grants extends string> =\n\t| ScopeRule<Scopes, Grants>\n\t| ScopeLogicRule<Scopes, Grants>;\n\n/**\n * Utility type that enforces boolean scopes must be true.\n * For non-boolean scopes, preserves the original type.\n */\nexport type ScopeRule<Scopes extends ScopesShape, Grants extends string> =\n\t| {\n\t\t\t[K in keyof Scopes]: {\n\t\t\t\ttype: 'scope';\n\t\t\t\tkey: K;\n\t\t\t\tvalue: Scopes[K] extends boolean ? true : Scopes[K];\n\t\t\t};\n\t }[keyof Scopes]\n\t| { type: 'grant'; grant: Grants };\n\nexport type ScopeLogicRule<Scopes extends ScopesShape, Grants extends string> = {\n\ttype: 'rule';\n\trule: LogicRule;\n\tscopes: ScopeRules<Scopes, Grants>[];\n};\n\nexport async function verifyGrant(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tgrant: string | undefined,\n): Promise<true> {\n\tif (grant == null) {\n\t\tthrow new Error(\"Grant key '$granted' must be defined in the scope rules!\");\n\t}\n\tconst store = await getAuthStore(params.ctx);\n\tconst granted = store.grantCache.getGrants(params.source);\n\tif (granted?.has(grant) !== true) {\n\t\tthrow new ForbiddenError();\n\t}\n\treturn true;\n}\n\nexport async function verifyScope<Scopes extends ScopesShape, Grants extends string>(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tscope: ScopeRules<Scopes, Grants> | undefined,\n) {\n\tif (scope == null) {\n\t\tthrow new Error('Scope rules cannot be undefined!');\n\t}\n\n\tif (scope.type === 'rule') {\n\t\treturn await verifyScopeRule(params, scope);\n\t}\n\n\tif (scope.type === 'grant') {\n\t\treturn await verifyGrant(params, scope.grant);\n\t}\n\n\tif (scope.type === 'scope') {\n\t\tconst store = await getAuthStore(params.ctx);\n\t\tconst resolve = store.scopes.get(scope.key as string);\n\t\tif (resolve == null) {\n\t\t\tthrow new Error(`No scope resolver found for key '${scope.key as string}'!`);\n\t\t}\n\t\tconst result = await resolve(scope.value);\n\t\tif (result !== true) {\n\t\t\tthrow new Error('Scope resolver should throw for non true results!');\n\t\t}\n\t\treturn true;\n\t}\n\n\tscope satisfies never;\n\tthrow new Error('Invalid scope rule! Must be a scope, grant, or nested rule.');\n}\n\nexport async function verifyScopeRule<Scopes extends ScopesShape, Grants extends string>(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tscope: ScopeLogicRule<Scopes, Grants>,\n): Promise<true> {\n\tif (scope.scopes.length === 0) {\n\t\tthrow new Error('Scope rule cannot be empty!');\n\t}\n\n\tif (scope.rule === 'chain') {\n\t\treturn await verifyChainScopes(params, scope.scopes);\n\t}\n\n\tif (scope.rule === 'race') {\n\t\treturn await verifyRaceScopes(params, scope.scopes);\n\t}\n\n\tif (scope.rule === 'or') {\n\t\treturn await verifyOrScopes(params, scope.scopes);\n\t}\n\n\tif (scope.rule === 'and') {\n\t\treturn await verifyAndScopes(params, scope.scopes);\n\t}\n\n\tscope.rule satisfies never;\n\tthrow new Error(\"Invalid logic rule! Must be one of 'chain', 'race', 'or', or 'and'.\");\n}\n\nexport async function verifyChainScopes<Scopes extends ScopesShape, Grants extends string>(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tscopes: ScopeRules<Scopes, Grants>[],\n): Promise<true> {\n\tfor (const scope of scopes) {\n\t\tawait verifyScope(params, scope);\n\t}\n\treturn true;\n}\n\nexport async function verifyRaceScopes<Scopes extends ScopesShape, Grants extends string>(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tscopes: ScopeRules<Scopes, Grants>[],\n): Promise<true> {\n\tfor (const scope of scopes) {\n\t\tconst result = await verifyScope(params, scope).catch((err) => err);\n\t\tif (result === true) {\n\t\t\treturn true;\n\t\t}\n\t}\n\tthrow new ForbiddenError();\n}\n\nexport async function verifyOrScopes<Scopes extends ScopesShape, Grants extends string>(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tscopes: ScopeRules<Scopes, Grants>[],\n): Promise<true> {\n\tconst promises = scopes.map((scope) => verifyScope(params, scope));\n\treturn await Promise.any(promises);\n}\n\nexport async function verifyAndScopes<Scopes extends ScopesShape, Grants extends string>(\n\tparams: ResolverParams<unknown, unknown, unknown, unknown>,\n\tscopes: ScopeRules<Scopes, Grants>[],\n): Promise<true> {\n\tconst promises = scopes.map((scope) => verifyScope(params, scope));\n\tawait Promise.all(promises);\n\treturn true;\n}\n","import { log } from '@baeta/util-log';\n\nexport function createGrantCache() {\n\tconst cache = new WeakMap<object, Set<string>>();\n\treturn {\n\t\tgetGrants: (result: unknown) => {\n\t\t\tif (!isValidTarget(result)) return;\n\t\t\treturn cache.get(result);\n\t\t},\n\t\taddGrants: (result: unknown, values: string[]) => {\n\t\t\tif (!isValidTarget(result)) {\n\t\t\t\tlog.warn(\n\t\t\t\t\t`Attempted to add grants for a non-object result. Grants will not be saved.`,\n\t\t\t\t\tnew Error().stack,\n\t\t\t\t);\n\t\t\t\treturn;\n\t\t\t}\n\t\t\tconst existing = cache.get(result) ?? new Set<string>();\n\t\t\tvalues.forEach((grant) => existing.add(grant));\n\t\t\tcache.set(result, existing);\n\t\t},\n\t};\n}\n\nfunction isValidTarget(target: unknown): target is object {\n\treturn typeof target === 'object' && target !== null;\n}\n\nexport type GrantCache = ReturnType<typeof createGrantCache>;\n","import stringify from 'safe-stable-stringify';\n\nexport type SerializableScope =\n\t| string\n\t| number\n\t| boolean\n\t| null\n\t| SerializableScope[]\n\t| { [key: string]: SerializableScope };\n\nexport function createScopeCacheKey(params: SerializableScope): string {\n\treturn stringify(params);\n}\n\nexport function canSafelySerialize(\n\tvalue: any,\n\tpath: WeakSet<object> = new WeakSet(),\n): value is SerializableScope {\n\tif (Array.isArray(value)) {\n\t\tif (path.has(value)) return false;\n\t\tpath.add(value);\n\t\tconst ok = value.every((v) => canSafelySerialize(v, path));\n\t\tpath.delete(value);\n\t\treturn ok;\n\t}\n\tif (value && typeof value === 'object') {\n\t\tconst proto = Object.getPrototypeOf(value);\n\t\tif (proto !== null && proto !== Object.prototype) return false;\n\t\tif (path.has(value)) return false;\n\t\tpath.add(value);\n\t\tconst ok = Object.values(value).every((v) => canSafelySerialize(v, path));\n\t\tpath.delete(value);\n\t\treturn ok;\n\t}\n\treturn isSerializablePrimitive(value);\n}\n\nexport function isSerializablePrimitive(value: any): value is string | number | boolean | null {\n\tif (typeof value === 'number') {\n\t\treturn Number.isFinite(value);\n\t}\n\treturn value === null || typeof value === 'boolean' || typeof value === 'string';\n}\n","import type { ScopeCacheKeyMap } from './scope-cache-keys.ts';\nimport type { ScopesShape } from './scope-rules.ts';\nimport { canSafelySerialize, createScopeCacheKey } from './serialize.ts';\n\nconst noParameterKey = Symbol('no-parameter');\n\nexport function createScopeCache<Scopes extends ScopesShape>(\n\tcacheKeyMap: ScopeCacheKeyMap<Scopes>,\n) {\n\tconst scopeCache = new Map<string, Map<any, boolean | Promise<boolean>>>();\n\tconst keyFns = cacheKeyMap as Record<string, ((param?: unknown) => unknown) | undefined>;\n\n\tconst makeKey = (scope: string, params?: unknown) => {\n\t\tif (params === undefined) return noParameterKey;\n\t\tconst customKeyFn = keyFns[scope];\n\t\tif (customKeyFn) return customKeyFn(params);\n\t\tif (canSafelySerialize(params)) return createScopeCacheKey(params);\n\t\treturn params;\n\t};\n\n\treturn {\n\t\tgetScopeValue: (scope: string, params?: unknown) => {\n\t\t\treturn scopeCache.get(scope)?.get(makeKey(scope, params));\n\t\t},\n\t\tsetScopeValue: (scope: string, params: unknown, value: boolean | Promise<boolean>) => {\n\t\t\tlet scopeParamsMap = scopeCache.get(scope);\n\t\t\tif (scopeParamsMap == null) {\n\t\t\t\tscopeParamsMap = new Map<any, boolean | Promise<boolean>>();\n\t\t\t\tscopeCache.set(scope, scopeParamsMap);\n\t\t\t}\n\t\t\tscopeParamsMap.set(makeKey(scope, params), value);\n\t\t},\n\t};\n}\n\nexport type ScopeCache = ReturnType<typeof createScopeCache>;\n","import { ForbiddenError } from '@baeta/errors';\nimport type { ScopesShape } from './scope-rules.ts';\nimport { getAuthStore } from './store.ts';\n\n/**\n * Function that creates scope loaders for authorization checks.\n * Returns a map of scope loaders that can be synchronous or asynchronous.\n *\n * @param ctx - The application context\n * @returns A map of scope loaders or a promise resolving to scope loaders\n *\n * @example\n * ```typescript\n * const getScopeLoader: GetScopeLoader<Context> = (ctx) => ({\n * isLoggedIn: async () => {\n * if (!ctx.userId) throw new UnauthenticatedError();\n * return true;\n * },\n * hasAccess: (role) => ctx.user?.role === role\n * });\n * ```\n */\nexport type GetScopeLoader<Scopes extends ScopesShape, Ctx> = (\n\tctx: Ctx,\n) => ScopeLoaderMap<Scopes> | Promise<ScopeLoaderMap<Scopes>>;\n\n/**\n * Represents a scope loader that can be either a boolean value or a function.\n * Function loaders receive the scope value and return a boolean result.\n *\n * @example\n * ```typescript\n * // Boolean loader\n * const publicLoader: ScopeLoader<boolean> = true;\n *\n * // Function loader\n * const roleLoader: ScopeLoader<string> = (role) => userRole === role;\n * ```\n */\nexport type ScopeLoader<T> = T extends boolean\n\t? boolean | (() => boolean | Promise<boolean>)\n\t: (param: T) => boolean | Promise<boolean>;\n\n/**\n * Maps scope names to their respective loaders.\n * Each loader handles authorization checks for its scope.\n *\n * @example\n * ```typescript\n * const loaders: ScopeLoaderMap = {\n * isPublic: true,\n * isLoggedIn: () => Boolean(ctx.userId),\n * hasAccess: (role) => ctx.user?.roles.includes(role)\n * };\n * ```\n */\nexport type ScopeLoaderMap<Scopes extends ScopesShape> = {\n\t[K in keyof Scopes]: Scopes[K] extends boolean\n\t\t? boolean | (() => boolean | Promise<boolean>)\n\t\t: (param: Scopes[K]) => boolean | Promise<boolean>;\n};\n\ntype ScopeResolver = (value: unknown) => true | Promise<true>;\n\nexport type ScopeResolverMap<Scopes extends ScopesShape> = Map<keyof Scopes, ScopeResolver>;\n\nexport function resolveBoolean(param: boolean) {\n\tif (param !== true) {\n\t\tthrow new ForbiddenError();\n\t}\n\treturn true as const;\n}\n\nexport function createScopeResolver(\n\tctx: unknown,\n\tname: string,\n\tvalue: boolean | ScopeLoader<unknown>,\n): ScopeResolver {\n\tconst isFunction = typeof value === 'function';\n\n\tif (!isFunction) {\n\t\treturn () => resolveBoolean(value);\n\t}\n\n\treturn async (params: unknown) => {\n\t\tconst store = await getAuthStore(ctx);\n\t\tconst cached = await store.scopeCache.getScopeValue(name, params);\n\n\t\tif (cached != null) {\n\t\t\treturn resolveBoolean(cached);\n\t\t}\n\n\t\tconst resultPromise = value(params);\n\t\tstore.scopeCache.setScopeValue(name, params, resultPromise);\n\t\tconst result = await resultPromise;\n\t\treturn resolveBoolean(result);\n\t};\n}\n\nexport function createScopeResolverMap<Scopes extends ScopesShape>(\n\tctx: unknown,\n\tscopeLoaderMap: ScopeLoaderMap<Scopes>,\n): ScopeResolverMap<Scopes> {\n\tconst map = new Map<keyof Scopes, ScopeResolver>();\n\tfor (const [key, value] of Object.entries(scopeLoaderMap)) {\n\t\tmap.set(key, createScopeResolver(ctx, key, value));\n\t}\n\treturn map;\n}\n","import { createGrantCache } from './grant-cache.ts';\nimport type { ScopeCacheKeyMap } from './scope-cache-keys.ts';\nimport { createScopeCache } from './scope-cache.ts';\nimport {\n\tcreateScopeResolverMap,\n\ttype GetScopeLoader,\n\ttype ScopeResolverMap,\n} from './scope-resolver.ts';\nimport type { ScopesShape } from './scope-rules.ts';\nimport { setAuthStore } from './store.ts';\n\nexport function loadAuthStore<S extends ScopesShape, T>(\n\tctx: T,\n\tgetScopeLoader: GetScopeLoader<S, T>,\n\tcacheKeyMap: ScopeCacheKeyMap<S>,\n) {\n\tsetAuthStore(ctx, async () => {\n\t\tconst scopeLoaders = await getScopeLoader(ctx);\n\t\treturn {\n\t\t\tscopes: createScopeResolverMap(ctx, scopeLoaders) as ScopeResolverMap<ScopesShape>,\n\t\t\tscopeCache: createScopeCache(cacheKeyMap),\n\t\t\tgrantCache: createGrantCache(),\n\t\t};\n\t});\n}\n","import type { Middleware, ResolverParams } from '@baeta/core';\nimport { ForbiddenError } from '@baeta/errors';\nimport { defaultErrorResolver, resolveError, type ScopeErrorResolver } from './error.ts';\nimport { type GetGrant, saveGrants } from './grant.ts';\nimport type { ScopeCacheKeyMap } from './scope-cache-keys.ts';\nimport { type DefaultScopes, selectDefaultScopes } from './scope-defaults.ts';\nimport type { GetScopeLoader } from './scope-resolver.ts';\nimport { verifyScope, type ScopeRules, type ScopesShape } from './scope-rules.ts';\nimport { loadAuthStore } from './store-loader.ts';\n\n/**\n * Options for authorization middlewares\n */\nexport interface AuthMiddlewareOptions<Grants extends string, Result, Source, Context, Args, Info> {\n\t/** Permissions to grant after successful authorization */\n\tgrants?: GetGrant<Grants, Result, Source, Context, Args, Info>;\n\t/** Whether to skip default scopes for this operation */\n\tskipDefaults?: boolean;\n}\n\n/**\n * Function to get scope rules for pre-resolution authorization\n */\nexport type GetScopeRules<\n\tScopes extends ScopesShape,\n\tGrants extends string,\n\tSource,\n\tContext,\n\tArgs,\n\tInfo,\n> = (\n\tparams: ResolverParams<Source, Context, Args, Info>,\n) => boolean | ScopeRules<Scopes, Grants> | PromiseLike<boolean | ScopeRules<Scopes, Grants>>;\n\n/**\n * Function to get scope rules for post-resolution authorization\n */\nexport type GetPostScopeRules<\n\tScopes extends ScopesShape,\n\tGrants extends string,\n\tResult,\n\tSource,\n\tContext,\n\tArgs,\n\tInfo,\n> = (\n\tparams: ResolverParams<Source, Context, Args, Info>,\n\tresult: Result,\n) => boolean | ScopeRules<Scopes, Grants> | PromiseLike<boolean | ScopeRules<Scopes, Grants>>;\n\nexport function createMiddleware<\n\tScopes extends ScopesShape,\n\tGrants extends string,\n\tResult,\n\tSource,\n\tContext,\n\tArgs,\n\tInfo,\n>(\n\ttype: string,\n\tloadScopes: GetScopeLoader<Scopes, Context>,\n\tcacheKeyMap: ScopeCacheKeyMap<Scopes>,\n\tscopes: ScopeRules<Scopes, Grants> | GetScopeRules<Scopes, Grants, Source, Context, Args, Info>,\n\tglobalScopes?: DefaultScopes<Scopes, Grants>,\n\toptions?: AuthMiddlewareOptions<Grants, Result, Source, Context, Args, Info>,\n\tonError?: ScopeErrorResolver,\n): Middleware<Result, Source, Context, Args, Info> {\n\tconst getScopes = typeof scopes === 'function' ? scopes : () => scopes;\n\tconst defaultScopes = selectDefaultScopes(options?.skipDefaults, type, globalScopes);\n\n\treturn async (next, params) => {\n\t\tloadAuthStore(params.ctx, loadScopes, cacheKeyMap);\n\n\t\tconst requiredScopes = await getScopes(params);\n\n\t\tawait verifyMiddlewareScopes(\n\t\t\tparams,\n\t\t\tdefaultScopes,\n\t\t\trequiredScopes,\n\t\t\tonError ?? defaultErrorResolver,\n\t\t);\n\n\t\tconst result = await next();\n\n\t\tif (options?.grants) {\n\t\t\tawait saveGrants(params, result, options.grants);\n\t\t}\n\n\t\treturn result;\n\t};\n}\n\nexport function createPostMiddleware<\n\tScopes extends ScopesShape,\n\tGrants extends string,\n\tResult,\n\tSource,\n\tContext,\n\tArgs,\n\tInfo,\n>(\n\ttype: string,\n\tloadScopes: GetScopeLoader<Scopes, Context>,\n\tcacheKeyMap: ScopeCacheKeyMap<Scopes>,\n\tgetScopes: GetPostScopeRules<Scopes, Grants, Result, Source, Context, Args, Info>,\n\tglobalScopes?: DefaultScopes<Scopes, Grants>,\n\toptions?: AuthMiddlewareOptions<Grants, Result, Source, Context, Args, Info>,\n\tonError?: ScopeErrorResolver,\n): Middleware<Result, Source, Context, Args, Info> {\n\tconst defaultScopes = selectDefaultScopes(options?.skipDefaults, type, globalScopes);\n\n\treturn async (next, params) => {\n\t\tloadAuthStore(params.ctx, loadScopes, cacheKeyMap);\n\n\t\tconst result = await next();\n\t\tconst requiredScopes = await getScopes(params, result);\n\n\t\tawait verifyMiddlewareScopes(\n\t\t\tparams,\n\t\t\tdefaultScopes,\n\t\t\trequiredScopes,\n\t\t\tonError ?? defaultErrorResolver,\n\t\t);\n\n\t\tif (options?.grants) {\n\t\t\tawait saveGrants(params, result, options.grants);\n\t\t}\n\n\t\treturn result;\n\t};\n}\n\nexport function createFallbackMiddleware<\n\tScopes extends ScopesShape,\n\tGrants extends string,\n\tContext,\n>(\n\ttype: string,\n\tloadScopes: GetScopeLoader<Scopes, Context>,\n\tcacheKeyMap: ScopeCacheKeyMap<Scopes>,\n\tglobalScopes?: DefaultScopes<Scopes, Grants>,\n\tonError?: ScopeErrorResolver,\n) {\n\tconst rules = selectDefaultScopes(false, type, globalScopes);\n\n\tif (rules == null) {\n\t\treturn;\n\t}\n\n\treturn createMiddleware<Scopes, Grants, any, unknown, Context, unknown, unknown>(\n\t\ttype,\n\t\tloadScopes,\n\t\tcacheKeyMap,\n\t\trules,\n\t\t{},\n\t\t{\n\t\t\tskipDefaults: true,\n\t\t},\n\t\tonError,\n\t);\n}\n\nexport async function verifyMiddlewareScopes<\n\tScopes extends ScopesShape,\n\tGrants extends string,\n\tSource,\n\tContext,\n>(\n\tparams: ResolverParams<Source, Context, unknown, unknown>,\n\tdefaultScopes: ScopeRules<Scopes, Grants> | undefined,\n\trequiredScopes: ScopeRules<Scopes, Grants> | boolean | undefined,\n\terrorResolver: ScopeErrorResolver,\n) {\n\tif (requiredScopes === false) {\n\t\tthrow new ForbiddenError();\n\t}\n\n\tconst promises: Promise<unknown>[] = [];\n\n\tif (defaultScopes) {\n\t\tpromises.push(verifyScope(params, defaultScopes));\n\t}\n\n\tif (requiredScopes !== true) {\n\t\tpromises.push(verifyScope(params, requiredScopes));\n\t}\n\n\tif (promises.length === 0) {\n\t\treturn;\n\t}\n\n\treturn await Promise.all(promises).catch((err) => resolveError(err, errorResolver));\n}\n","import type { ScopeRules, ScopesShape } from './scope-rules.ts';\n\nexport type RuleAccessor<Scopes extends ScopesShape, Grants extends string> = {\n\tand(\n\t\tscope: ScopeRules<Scopes, Grants>,\n\t\t...scopes: ScopeRules<Scopes, Grants>[]\n\t): ScopeRules<Scopes, Grants>;\n\tor(\n\t\tscope: ScopeRules<Scopes, Grants>,\n\t\t...scopes: ScopeRules<Scopes, Grants>[]\n\t): ScopeRules<Scopes, Grants>;\n\tchain(\n\t\tscope: ScopeRules<Scopes, Grants>,\n\t\t...scopes: ScopeRules<Scopes, Grants>[]\n\t): ScopeRules<Scopes, Grants>;\n\trace(\n\t\tscope: ScopeRules<Scopes, Grants>,\n\t\t...scopes: ScopeRules<Scopes, Grants>[]\n\t): ScopeRules<Scopes, Grants>;\n};\n\nexport function defineRules<Scopes extends ScopesShape, Grants extends string>(): RuleAccessor<\n\tScopes,\n\tGrants\n> {\n\treturn {\n\t\tand(...scopes) {\n\t\t\treturn {\n\t\t\t\ttype: 'rule',\n\t\t\t\trule: 'and',\n\t\t\t\tscopes,\n\t\t\t};\n\t\t},\n\t\tor(...scopes) {\n\t\t\treturn {\n\t\t\t\ttype: 'rule',\n\t\t\t\trule: 'or',\n\t\t\t\tscopes,\n\t\t\t};\n\t\t},\n\t\tchain(...scopes) {\n\t\t\treturn {\n\t\t\t\ttype: 'rule',\n\t\t\t\trule: 'chain',\n\t\t\t\tscopes,\n\t\t\t};\n\t\t},\n\t\trace(...scopes) {\n\t\t\treturn {\n\t\t\t\ttype: 'rule',\n\t\t\t\trule: 'race',\n\t\t\t\tscopes,\n\t\t\t};\n\t\t},\n\t};\n}\n","import type { ScopeRule, ScopeRules, ScopesShape } from './scope-rules.ts';\n\nexport type ScopeAccessor<Scopes extends ScopesShape, Grants extends string> = {\n\t[K in keyof Scopes]: Scopes[K] extends boolean\n\t\t? ScopeRules<Scopes, Grants>\n\t\t: (param: Scopes[K]) => ScopeRules<Scopes, Grants>;\n} & {\n\t$granted: <G extends Grants>(grant: G) => ScopeRule<Scopes, G>;\n};\n\ntype ScopeAccessorResult<Scopes extends ScopesShape, Grants extends string> =\n\t| ScopeRule<Scopes, Grants>\n\t| ((param: Scopes[keyof Scopes]) => ScopeRules<Scopes, Grants>)\n\t| ((grant: Grants) => ScopeRule<Scopes, Grants>);\n\nexport function defineScopes<Scopes extends ScopesShape, Grants extends string>(): ScopeAccessor<\n\tScopes,\n\tGrants\n> {\n\tconst cache = new Map<string, ScopeAccessorResult<Scopes, Grants>>();\n\tconst resolveScope = (prop: string): ScopeAccessorResult<Scopes, Grants> => {\n\t\tif (prop === '$granted') {\n\t\t\treturn <G extends Grants>(grant: G) => makeGrant(grant);\n\t\t}\n\t\t// We can't tell at runtime whether the scope is boolean or parameterized,\n\t\t// so we return something that works as BOTH: a callable object.\n\t\tconst leaf = makeProp(prop, true);\n\t\tconst fn = (param: unknown) => makeProp(prop, param);\n\t\treturn Object.assign(fn, leaf);\n\t};\n\treturn new Proxy({} as ScopeAccessor<Scopes, Grants>, {\n\t\tget(_target, prop: string) {\n\t\t\tconst cached = cache.get(prop);\n\t\t\tif (cached) return cached;\n\t\t\tconst result = resolveScope(prop);\n\t\t\tcache.set(prop, result);\n\t\t\treturn result;\n\t\t},\n\t});\n}\n\nfunction makeGrant<Grants extends string>(grant: Grants): ScopeRule<any, Grants> {\n\treturn {\n\t\ttype: 'grant',\n\t\tgrant,\n\t};\n}\n\nfunction makeProp(prop: string, value: unknown): ScopeRule<any, any> {\n\treturn {\n\t\ttype: 'scope' as const,\n\t\tkey: prop,\n\t\tvalue,\n\t};\n}\n","import type { Middleware } from '@baeta/core';\nimport {\n\ttype AppPlugin,\n\ttype FieldUsePlugin,\n\ttype ModuleCompiler,\n\ttype SubscriptionUsePlugin,\n\ttype TypeUsePlugin,\n\tcreateAppPluginId,\n\tmakePluginSymbol,\n\tnameFunction,\n} from '@baeta/core/sdk';\nimport { isOperationType } from '../utils/resolver.ts';\nimport {\n\ttype AuthMiddlewareOptions,\n\ttype GetPostScopeRules,\n\ttype GetScopeRules,\n\tcreateFallbackMiddleware,\n\tcreateMiddleware,\n\tcreatePostMiddleware,\n} from './auth-middlewares.ts';\nimport { defineRules, type RuleAccessor } from './define-rules.ts';\nimport { defineScopes, type ScopeAccessor } from './define-scopes.ts';\nimport type { ScopeErrorResolver } from './error.ts';\nimport type { ScopeCacheKeyMap } from './scope-cache-keys.ts';\nimport type { DefaultScopes } from './scope-defaults.ts';\nimport type { GetScopeLoader } from './scope-resolver.ts';\nimport type { ScopeRules, ScopesShape } from './scope-rules.ts';\n\ntype AuthPlugin<Result, Source, Context, Args, Info> = FieldUsePlugin<\n\tResult,\n\tSource,\n\tContext,\n\tArgs,\n\tInfo\n> &\n\tTypeUsePlugin<Source, Context, Info> &\n\tSubscriptionUsePlugin<Result, Source, Context, Args, Info, 'resolve'> &\n\tSubscriptionUsePlugin<Result, Source, Context, Args, Info, 'subscribe'>;\n\ninterface BuildContext {\n\ttype: string;\n\tfield?: string;\n\tsubscriptionFieldKind?: 'subscribe' | 'resolve';\n}\n\n/** Configuration options for Auth */\nexport interface AuthOptions<Scopes extends ScopesShape, Grants extends string> {\n\t/** Default authorization scopes for queries, mutations or subscriptions */\n\tdefaultScopes?: (opt: {\n\t\tscope: ScopeAccessor<Scopes, Grants>;\n\t\trule: RuleAccessor<Scopes, Grants>;\n\t}) => DefaultScopes<Scopes, Grants>;\n\t/** Custom error resolver for authorization failures */\n\terrorResolver?: ScopeErrorResolver;\n\n\t/**\n\t * Per-scope cache key overrides. Recommended for scopes whose argument\n\t * isn't safely auto-serializable: serializable args (primitives, plain\n\t * objects, arrays of those) are stringified automatically, and anything\n\t * else falls back to reference identity — which may miss cache hits when\n\t * callers construct equivalent-but-distinct values.\n\t */\n\tcacheKeyMap?: ScopeCacheKeyMap<Scopes>;\n}\n\ninterface AuthState {\n\thasAuth: true;\n}\n\nexport function createAuth<Context, Scopes extends ScopesShape, Grants extends string>(\n\tloadScopes: GetScopeLoader<Scopes, Context>,\n\tglobalOptions: AuthOptions<Scopes, Grants> = {},\n) {\n\tconst id = createAppPluginId('Baeta Auth');\n\tconst stateKey = Symbol('auth');\n\tconst scope = defineScopes<Scopes, Grants>();\n\tconst rule = defineRules<Scopes, Grants>();\n\tconst loadScopesFn = loadScopes as GetScopeLoader<Scopes, unknown>;\n\tconst defaultScopes = globalOptions.defaultScopes?.({ scope, rule });\n\tconst cacheKeyMap: ScopeCacheKeyMap<Scopes> = globalOptions.cacheKeyMap ?? {};\n\n\tconst makeAuthBuilder = <Result, Source, Context, Args, Info>(\n\t\tbuildMiddleware: (type: string) => Middleware<Result, Source, Context, Args, Info>,\n\t): AuthPlugin<Result, Source, Context, Args, Info> => {\n\t\treturn {\n\t\t\t[makePluginSymbol]: ({ type, field, subscriptionFieldKind }: BuildContext) => {\n\t\t\t\tconst middleware = buildMiddleware(type) as Middleware<any, Source, Context, any, Info>;\n\t\t\t\tnameFunction(middleware, buildMiddlewareName(type, field, subscriptionFieldKind));\n\t\t\t\tconst metadata = new Map<symbol, AuthState>([[stateKey, { hasAuth: true }]]);\n\t\t\t\treturn { id, middleware, meta: metadata };\n\t\t\t},\n\t\t};\n\t};\n\n\tconst auth = <Result, Source, Context, Args, Info>(\n\t\tscopes: ScopeRules<Scopes, Grants> | GetScopeRules<Scopes, Grants, Source, Context, Args, Info>,\n\t\toptions?: AuthMiddlewareOptions<Grants, Result, Source, Context, Args, Info>,\n\t): AuthPlugin<Result, Source, Context, Args, Info> =>\n\t\tmakeAuthBuilder<Result, Source, Context, Args, Info>((type) =>\n\t\t\tcreateMiddleware(\n\t\t\t\ttype,\n\t\t\t\tloadScopesFn,\n\t\t\t\tcacheKeyMap,\n\t\t\t\tscopes,\n\t\t\t\tdefaultScopes,\n\t\t\t\toptions,\n\t\t\t\tglobalOptions.errorResolver,\n\t\t\t),\n\t\t);\n\n\tconst authAfter = <Result, Source, Context, Args, Info>(\n\t\tgetScopes: GetPostScopeRules<Scopes, Grants, Result, Source, Context, Args, Info>,\n\t\toptions?: AuthMiddlewareOptions<Grants, Result, Source, Context, Args, Info>,\n\t): AuthPlugin<Result, Source, Context, Args, Info> =>\n\t\tmakeAuthBuilder<Result, Source, Context, Args, Info>((type) => {\n\t\t\tif (type === 'Mutation') {\n\t\t\t\tthrow new Error(\n\t\t\t\t\t'\"authAfter\" cannot be used on Mutations! authAfter is executed after the resolver thus cannot protect mutations. Use \"auth\" instead for mutations.',\n\t\t\t\t);\n\t\t\t}\n\t\t\treturn createPostMiddleware(\n\t\t\t\ttype,\n\t\t\t\tloadScopesFn,\n\t\t\t\tcacheKeyMap,\n\t\t\t\tgetScopes,\n\t\t\t\tdefaultScopes,\n\t\t\t\toptions,\n\t\t\t\tglobalOptions.errorResolver,\n\t\t\t);\n\t\t});\n\n\tconst authAppPlugin: AppPlugin = {\n\t\tid,\n\t\tname: 'Baeta Auth',\n\t\tmutate: (compilers) => {\n\t\t\tif (defaultScopes == null) return;\n\t\t\tfor (const typeCompiler of iterateTypes(compilers)) {\n\t\t\t\tif (!isOperationType(typeCompiler.type)) continue;\n\t\t\t\tif (defaultScopes[typeCompiler.type] == null) continue;\n\t\t\t\tif (hasAuth(typeCompiler.useMetadata<AuthState>(stateKey).get())) continue;\n\t\t\t\tfor (const fieldCompiler of typeCompiler.fields) {\n\t\t\t\t\tif (hasAuth(readFieldAuthState(fieldCompiler, stateKey))) continue;\n\t\t\t\t\tconst middleware = createFallbackMiddleware(\n\t\t\t\t\t\ttypeCompiler.type,\n\t\t\t\t\t\tloadScopesFn,\n\t\t\t\t\t\tcacheKeyMap,\n\t\t\t\t\t\tdefaultScopes,\n\t\t\t\t\t\tglobalOptions.errorResolver,\n\t\t\t\t\t);\n\t\t\t\t\tif (!middleware) {\n\t\t\t\t\t\tcontinue;\n\t\t\t\t\t}\n\t\t\t\t\tif (fieldCompiler.kind === 'Field') {\n\t\t\t\t\t\tfieldCompiler.addTopLevelMiddleware(middleware);\n\t\t\t\t\t} else {\n\t\t\t\t\t\tfieldCompiler.addTopLevelSubscribeMiddleware(middleware);\n\t\t\t\t\t}\n\t\t\t\t}\n\t\t\t}\n\t\t},\n\t};\n\n\treturn {\n\t\tauth,\n\t\tauthAfter,\n\t\tauthAppPlugin,\n\t\trule,\n\t\tscope,\n\t};\n}\n\nfunction buildMiddlewareName(\n\ttype: string,\n\tfield: string | undefined,\n\tsubscriptionFieldKind: 'subscribe' | 'resolve' | undefined,\n) {\n\tif (field && subscriptionFieldKind) return `${type}.${field}.${subscriptionFieldKind}.$use.auth`;\n\tif (field) return `${type}.${field}.$use.auth`;\n\treturn `${type}.$use.auth`;\n}\n\nfunction hasAuth(state: AuthState | undefined) {\n\treturn state?.hasAuth === true;\n}\n\nfunction readFieldAuthState(\n\tfield: ModuleCompiler['types'][number]['fields'][number],\n\tkey: symbol,\n): AuthState | undefined {\n\treturn field.kind === 'Field'\n\t\t? field.useMetadata<AuthState>(key).get()\n\t\t: field.useSubscribeMetadata<AuthState>(key).get();\n}\n\nfunction* iterateTypes(compilers: ModuleCompiler[]) {\n\tfor (const compiler of compilers) {\n\t\tfor (const typeCompiler of compiler.types) {\n\t\t\tyield typeCompiler;\n\t\t}\n\t}\n}\n"],"mappings":";;;;;;;AAOA,SAAgB,aAAa,KAAc,SAA6B;CACvE,MAAM,gBAAgB,QAAQ,GAAG;CAEjC,IAAI,yBAAyB,OAC5B,MAAM;CAGP,MAAM;AACP;AAEA,SAAgB,qBAAqB,KAAuB;CAC3D,IAAI,eAAe,gBAClB,OAAO,uBAAuB,GAAG;CAGlC,IAAI,CAAC,eAAe,GAAG,GACtB,IAAI,KAAK,wCAAwC,GAAG;CAGrD,OAAO;AACR;;;;;AAMA,SAAgB,uBAAuB,KAAqB;CAC3D,IAAI,IAAI,OAAO,WAAW,GAAG;EAC5B,IAAI,CAAC,eAAe,IAAI,OAAO,EAAE,GAChC,IAAI,KAAK,wCAAwC,GAAG;EAErD,OAAO,IAAI,OAAO;CACnB;CAEA,IAAI,OAA4B,CAAC;CACjC,MAAM,SAAyB,CAAC;CAEhC,KAAK,MAAM,SAAS,IAAI,QAAQ;EAC/B,IAAI,CAAC,eAAe,KAAK,GAAG;GAC3B,OAAO,KAAK,IAAI,oBAAoB,KAAK,CAAC;GAC1C,IAAI,KAAK,wCAAwC,GAAG;GACpD;EACD;EACA,OAAO,KAAK,KAAK;EACjB,IAAI,MAAM,WAAW,QAAQ,MAAM,WAAW,KAC7C,OAAO,MAAM,WAAW;CAE1B;CAEA,OAAO,IAAI,sBAAsB,QAAQ,KAAA,GAAW,EACnD,YAAY,EACX,KACD,EACD,CAAC;AACF;AAEA,SAAS,eAAe,KAAmC;CAC1D,OAAO,eAAe;AACvB;;;ACjEA,SAAgB,gBAAgB,MAA6D;CAC5F,OAAO;EAAC;EAAS;EAAY;CAAc,EAAE,SAAS,IAAI;AAC3D;ACYA,MAAa,CAAC,cAAc,gBAAgB,mBAFhB,OAAO,aAEuC,CAAY;;;AC4BtF,eAAsB,WACrB,QACA,QACA,QACC;CACD,IAAI,UAAU,MAAM;CACpB,MAAM,CAAC,OAAO,kBAAkB,MAAM,QAAQ,IAAI,CACjD,aAAa,OAAO,GAAG,GACvB,cAAc,QAAQ,QAAQ,MAAM,CACrC,CAAC;CACD,MAAM,UAAU,MAAM,QAAQ,MAAM,IAAI,SAAS,CAAC,MAAM;CACxD,eAAe,SAAS,EAAE,OAAO,aAAa;EAC7C,KAAK,MAAM,SAAS,SAAS;GAC5B,IAAI,SAAS,MAAM;GACnB,MAAM,WAAW,UAAU,OAAO,KAAK,GAAG,KAAK;EAChD;CACD,CAAC;AACF;AAEA,SAAS,cAAqB,OAAc;CAC3C,OAAO;AACR;AAEA,SAAS,eACR,QACsE;CACtE,IAAI,OAAO,WAAW,UACrB,OAAO;EAAE,OAAO,CAAC,MAAM;EAAG,QAAQ;CAAc;CAEjD,OAAO;EACN,OAAO,MAAM,QAAQ,OAAO,KAAK,IAAI,OAAO,QAAQ,CAAC,OAAO,KAAK;EACjE,QAAQ,OAAO;CAChB;AACD;AAEA,SAAS,gBACR,QAC6E;CAC7E,IAAI,MAAM,QAAQ,MAAM,GACvB,OAAO,OAAO,KAAK,OAAO,eAAe,EAAE,CAAC;CAE7C,OAAO,CAAC,eAAe,MAAM,CAAC;AAC/B;AAEA,eAAe,cACd,QACA,QACA,QACC;CACD,IAAI,OAAO,WAAW,YACrB,OAAO,gBAAgB,MAAM;CAG9B,OAAO,gBAAgB,MADK,OAAO,QAAQ,MAAM,CACb;AACrC;;;ACnFA,SAAgB,oBACf,cACA,MACA,eACC;CACD,IAAI,CAAC,eACJ;CAGD,IAAI,CAAC,gBAAgB,IAAI,GACxB;CAGD,IAAI,iBAAiB,MACpB;CAGD,IAAI,SAAS,SACZ,OAAO,cAAc;CAGtB,IAAI,SAAS,YACZ,OAAO,cAAc;CAGtB,IAAI,SAAS,gBACZ,OAAO,cAAc;AAEvB;;;ACLA,eAAsB,YACrB,QACA,OACgB;CAChB,IAAI,SAAS,MACZ,MAAM,IAAI,MAAM,0DAA0D;CAI3E,KADgB,MADI,aAAa,OAAO,GAAG,GACrB,WAAW,UAAU,OAAO,MACxC,GAAG,IAAI,KAAK,MAAM,MAC3B,MAAM,IAAI,eAAe;CAE1B,OAAO;AACR;AAEA,eAAsB,YACrB,QACA,OACC;CACD,IAAI,SAAS,MACZ,MAAM,IAAI,MAAM,kCAAkC;CAGnD,IAAI,MAAM,SAAS,QAClB,OAAO,MAAM,gBAAgB,QAAQ,KAAK;CAG3C,IAAI,MAAM,SAAS,SAClB,OAAO,MAAM,YAAY,QAAQ,MAAM,KAAK;CAG7C,IAAI,MAAM,SAAS,SAAS;EAE3B,MAAM,WAAU,MADI,aAAa,OAAO,GAAG,GACrB,OAAO,IAAI,MAAM,GAAa;EACpD,IAAI,WAAW,MACd,MAAM,IAAI,MAAM,oCAAoC,MAAM,IAAc,GAAG;EAG5E,IAAI,MADiB,QAAQ,MAAM,KAAK,MACzB,MACd,MAAM,IAAI,MAAM,mDAAmD;EAEpE,OAAO;CACR;CAGA,MAAM,IAAI,MAAM,6DAA6D;AAC9E;AAEA,eAAsB,gBACrB,QACA,OACgB;CAChB,IAAI,MAAM,OAAO,WAAW,GAC3B,MAAM,IAAI,MAAM,6BAA6B;CAG9C,IAAI,MAAM,SAAS,SAClB,OAAO,MAAM,kBAAkB,QAAQ,MAAM,MAAM;CAGpD,IAAI,MAAM,SAAS,QAClB,OAAO,MAAM,iBAAiB,QAAQ,MAAM,MAAM;CAGnD,IAAI,MAAM,SAAS,MAClB,OAAO,MAAM,eAAe,QAAQ,MAAM,MAAM;CAGjD,IAAI,MAAM,SAAS,OAClB,OAAO,MAAM,gBAAgB,QAAQ,MAAM,MAAM;CAGlD,MAAM;CACN,MAAM,IAAI,MAAM,qEAAqE;AACtF;AAEA,eAAsB,kBACrB,QACA,QACgB;CAChB,KAAK,MAAM,SAAS,QACnB,MAAM,YAAY,QAAQ,KAAK;CAEhC,OAAO;AACR;AAEA,eAAsB,iBACrB,QACA,QACgB;CAChB,KAAK,MAAM,SAAS,QAEnB,IAAI,MADiB,YAAY,QAAQ,KAAK,EAAE,OAAO,QAAQ,GAAG,MACnD,MACd,OAAO;CAGT,MAAM,IAAI,eAAe;AAC1B;AAEA,eAAsB,eACrB,QACA,QACgB;CAChB,MAAM,WAAW,OAAO,KAAK,UAAU,YAAY,QAAQ,KAAK,CAAC;CACjE,OAAO,MAAM,QAAQ,IAAI,QAAQ;AAClC;AAEA,eAAsB,gBACrB,QACA,QACgB;CAChB,MAAM,WAAW,OAAO,KAAK,UAAU,YAAY,QAAQ,KAAK,CAAC;CACjE,MAAM,QAAQ,IAAI,QAAQ;CAC1B,OAAO;AACR;;;ACpJA,SAAgB,mBAAmB;CAClC,MAAM,wBAAQ,IAAI,QAA6B;CAC/C,OAAO;EACN,YAAY,WAAoB;GAC/B,IAAI,CAAC,cAAc,MAAM,GAAG;GAC5B,OAAO,MAAM,IAAI,MAAM;EACxB;EACA,YAAY,QAAiB,WAAqB;GACjD,IAAI,CAAC,cAAc,MAAM,GAAG;IAC3B,IAAI,KACH,+FACA,IAAI,MAAM,GAAE,KACb;IACA;GACD;GACA,MAAM,WAAW,MAAM,IAAI,MAAM,qBAAK,IAAI,IAAY;GACtD,OAAO,SAAS,UAAU,SAAS,IAAI,KAAK,CAAC;GAC7C,MAAM,IAAI,QAAQ,QAAQ;EAC3B;CACD;AACD;AAEA,SAAS,cAAc,QAAmC;CACzD,OAAO,OAAO,WAAW,YAAY,WAAW;AACjD;;;AChBA,SAAgB,oBAAoB,QAAmC;CACtE,OAAO,UAAU,MAAM;AACxB;AAEA,SAAgB,mBACf,OACA,uBAAwB,IAAI,QAAQ,GACP;CAC7B,IAAI,MAAM,QAAQ,KAAK,GAAG;EACzB,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;EAC5B,KAAK,IAAI,KAAK;EACd,MAAM,KAAK,MAAM,OAAO,MAAM,mBAAmB,GAAG,IAAI,CAAC;EACzD,KAAK,OAAO,KAAK;EACjB,OAAO;CACR;CACA,IAAI,SAAS,OAAO,UAAU,UAAU;EACvC,MAAM,QAAQ,OAAO,eAAe,KAAK;EACzC,IAAI,UAAU,QAAQ,UAAU,OAAO,WAAW,OAAO;EACzD,IAAI,KAAK,IAAI,KAAK,GAAG,OAAO;EAC5B,KAAK,IAAI,KAAK;EACd,MAAM,KAAK,OAAO,OAAO,KAAK,EAAE,OAAO,MAAM,mBAAmB,GAAG,IAAI,CAAC;EACxE,KAAK,OAAO,KAAK;EACjB,OAAO;CACR;CACA,OAAO,wBAAwB,KAAK;AACrC;AAEA,SAAgB,wBAAwB,OAAuD;CAC9F,IAAI,OAAO,UAAU,UACpB,OAAO,OAAO,SAAS,KAAK;CAE7B,OAAO,UAAU,QAAQ,OAAO,UAAU,aAAa,OAAO,UAAU;AACzE;;;ACtCA,MAAM,iBAAiB,OAAO,cAAc;AAE5C,SAAgB,iBACf,aACC;CACD,MAAM,6BAAa,IAAI,IAAkD;CACzE,MAAM,SAAS;CAEf,MAAM,WAAW,OAAe,WAAqB;EACpD,IAAI,WAAW,KAAA,GAAW,OAAO;EACjC,MAAM,cAAc,OAAO;EAC3B,IAAI,aAAa,OAAO,YAAY,MAAM;EAC1C,IAAI,mBAAmB,MAAM,GAAG,OAAO,oBAAoB,MAAM;EACjE,OAAO;CACR;CAEA,OAAO;EACN,gBAAgB,OAAe,WAAqB;GACnD,OAAO,WAAW,IAAI,KAAK,GAAG,IAAI,QAAQ,OAAO,MAAM,CAAC;EACzD;EACA,gBAAgB,OAAe,QAAiB,UAAsC;GACrF,IAAI,iBAAiB,WAAW,IAAI,KAAK;GACzC,IAAI,kBAAkB,MAAM;IAC3B,iCAAiB,IAAI,IAAqC;IAC1D,WAAW,IAAI,OAAO,cAAc;GACrC;GACA,eAAe,IAAI,QAAQ,OAAO,MAAM,GAAG,KAAK;EACjD;CACD;AACD;;;ACiCA,SAAgB,eAAe,OAAgB;CAC9C,IAAI,UAAU,MACb,MAAM,IAAI,eAAe;CAE1B,OAAO;AACR;AAEA,SAAgB,oBACf,KACA,MACA,OACgB;CAGhB,IAAI,EAFe,OAAO,UAAU,aAGnC,aAAa,eAAe,KAAK;CAGlC,OAAO,OAAO,WAAoB;EACjC,MAAM,QAAQ,MAAM,aAAa,GAAG;EACpC,MAAM,SAAS,MAAM,MAAM,WAAW,cAAc,MAAM,MAAM;EAEhE,IAAI,UAAU,MACb,OAAO,eAAe,MAAM;EAG7B,MAAM,gBAAgB,MAAM,MAAM;EAClC,MAAM,WAAW,cAAc,MAAM,QAAQ,aAAa;EAE1D,OAAO,eAAe,MADD,aACO;CAC7B;AACD;AAEA,SAAgB,uBACf,KACA,gBAC2B;CAC3B,MAAM,sBAAM,IAAI,IAAiC;CACjD,KAAK,MAAM,CAAC,KAAK,UAAU,OAAO,QAAQ,cAAc,GACvD,IAAI,IAAI,KAAK,oBAAoB,KAAK,KAAK,KAAK,CAAC;CAElD,OAAO;AACR;;;ACjGA,SAAgB,cACf,KACA,gBACA,aACC;CACD,aAAa,KAAK,YAAY;EAE7B,OAAO;GACN,QAAQ,uBAAuB,KAAK,MAFV,eAAe,GAAG,CAEI;GAChD,YAAY,iBAAiB,WAAW;GACxC,YAAY,iBAAiB;EAC9B;CACD,CAAC;AACF;;;AC0BA,SAAgB,iBASf,MACA,YACA,aACA,QACA,cACA,SACA,SACkD;CAClD,MAAM,YAAY,OAAO,WAAW,aAAa,eAAe;CAChE,MAAM,gBAAgB,oBAAoB,SAAS,cAAc,MAAM,YAAY;CAEnF,OAAO,OAAO,MAAM,WAAW;EAC9B,cAAc,OAAO,KAAK,YAAY,WAAW;EAIjD,MAAM,uBACL,QACA,eACA,MAL4B,UAAU,MAAM,GAM5C,WAAW,oBACZ;EAEA,MAAM,SAAS,MAAM,KAAK;EAE1B,IAAI,SAAS,QACZ,MAAM,WAAW,QAAQ,QAAQ,QAAQ,MAAM;EAGhD,OAAO;CACR;AACD;AAEA,SAAgB,qBASf,MACA,YACA,aACA,WACA,cACA,SACA,SACkD;CAClD,MAAM,gBAAgB,oBAAoB,SAAS,cAAc,MAAM,YAAY;CAEnF,OAAO,OAAO,MAAM,WAAW;EAC9B,cAAc,OAAO,KAAK,YAAY,WAAW;EAEjD,MAAM,SAAS,MAAM,KAAK;EAG1B,MAAM,uBACL,QACA,eACA,MAL4B,UAAU,QAAQ,MAAM,GAMpD,WAAW,oBACZ;EAEA,IAAI,SAAS,QACZ,MAAM,WAAW,QAAQ,QAAQ,QAAQ,MAAM;EAGhD,OAAO;CACR;AACD;AAEA,SAAgB,yBAKf,MACA,YACA,aACA,cACA,SACC;CACD,MAAM,QAAQ,oBAAoB,OAAO,MAAM,YAAY;CAE3D,IAAI,SAAS,MACZ;CAGD,OAAO,iBACN,MACA,YACA,aACA,OACA,CAAC,GACD,EACC,cAAc,KACf,GACA,OACD;AACD;AAEA,eAAsB,uBAMrB,QACA,eACA,gBACA,eACC;CACD,IAAI,mBAAmB,OACtB,MAAM,IAAI,eAAe;CAG1B,MAAM,WAA+B,CAAC;CAEtC,IAAI,eACH,SAAS,KAAK,YAAY,QAAQ,aAAa,CAAC;CAGjD,IAAI,mBAAmB,MACtB,SAAS,KAAK,YAAY,QAAQ,cAAc,CAAC;CAGlD,IAAI,SAAS,WAAW,GACvB;CAGD,OAAO,MAAM,QAAQ,IAAI,QAAQ,EAAE,OAAO,QAAQ,aAAa,KAAK,aAAa,CAAC;AACnF;;;AC3KA,SAAgB,cAGd;CACD,OAAO;EACN,IAAI,GAAG,QAAQ;GACd,OAAO;IACN,MAAM;IACN,MAAM;IACN;GACD;EACD;EACA,GAAG,GAAG,QAAQ;GACb,OAAO;IACN,MAAM;IACN,MAAM;IACN;GACD;EACD;EACA,MAAM,GAAG,QAAQ;GAChB,OAAO;IACN,MAAM;IACN,MAAM;IACN;GACD;EACD;EACA,KAAK,GAAG,QAAQ;GACf,OAAO;IACN,MAAM;IACN,MAAM;IACN;GACD;EACD;CACD;AACD;;;ACxCA,SAAgB,eAGd;CACD,MAAM,wBAAQ,IAAI,IAAiD;CACnE,MAAM,gBAAgB,SAAsD;EAC3E,IAAI,SAAS,YACZ,QAA0B,UAAa,UAAU,KAAK;EAIvD,MAAM,OAAO,SAAS,MAAM,IAAI;EAChC,MAAM,MAAM,UAAmB,SAAS,MAAM,KAAK;EACnD,OAAO,OAAO,OAAO,IAAI,IAAI;CAC9B;CACA,OAAO,IAAI,MAAM,CAAC,GAAoC,EACrD,IAAI,SAAS,MAAc;EAC1B,MAAM,SAAS,MAAM,IAAI,IAAI;EAC7B,IAAI,QAAQ,OAAO;EACnB,MAAM,SAAS,aAAa,IAAI;EAChC,MAAM,IAAI,MAAM,MAAM;EACtB,OAAO;CACR,EACD,CAAC;AACF;AAEA,SAAS,UAAiC,OAAuC;CAChF,OAAO;EACN,MAAM;EACN;CACD;AACD;AAEA,SAAS,SAAS,MAAc,OAAqC;CACpE,OAAO;EACN,MAAM;EACN,KAAK;EACL;CACD;AACD;;;ACeA,SAAgB,WACf,YACA,gBAA6C,CAAC,GAC7C;CACD,MAAM,KAAK,kBAAkB,YAAY;CACzC,MAAM,WAAW,OAAO,MAAM;CAC9B,MAAM,QAAQ,aAA6B;CAC3C,MAAM,OAAO,YAA4B;CACzC,MAAM,eAAe;CACrB,MAAM,gBAAgB,cAAc,gBAAgB;EAAE;EAAO;CAAK,CAAC;CACnE,MAAM,cAAwC,cAAc,eAAe,CAAC;CAE5E,MAAM,mBACL,oBACqD;EACrD,OAAO,GACL,oBAAoB,EAAE,MAAM,OAAO,4BAA0C;GAC7E,MAAM,aAAa,gBAAgB,IAAI;GACvC,aAAa,YAAY,oBAAoB,MAAM,OAAO,qBAAqB,CAAC;GAEhF,OAAO;IAAE;IAAI;IAAY,MAAM,IADV,IAAuB,CAAC,CAAC,UAAU,EAAE,SAAS,KAAK,CAAC,CAAC,CACpC;GAAE;EACzC,EACD;CACD;CAEA,MAAM,QACL,QACA,YAEA,iBAAsD,SACrD,iBACC,MACA,cACA,aACA,QACA,eACA,SACA,cAAc,aACf,CACD;CAED,MAAM,aACL,WACA,YAEA,iBAAsD,SAAS;EAC9D,IAAI,SAAS,YACZ,MAAM,IAAI,MACT,wJACD;EAED,OAAO,qBACN,MACA,cACA,aACA,WACA,eACA,SACA,cAAc,aACf;CACD,CAAC;CAiCF,OAAO;EACN;EACA;EACA,eAAA;GAjCA;GACA,MAAM;GACN,SAAS,cAAc;IACtB,IAAI,iBAAiB,MAAM;IAC3B,KAAK,MAAM,gBAAgB,aAAa,SAAS,GAAG;KACnD,IAAI,CAAC,gBAAgB,aAAa,IAAI,GAAG;KACzC,IAAI,cAAc,aAAa,SAAS,MAAM;KAC9C,IAAI,QAAQ,aAAa,YAAuB,QAAQ,EAAE,IAAI,CAAC,GAAG;KAClE,KAAK,MAAM,iBAAiB,aAAa,QAAQ;MAChD,IAAI,QAAQ,mBAAmB,eAAe,QAAQ,CAAC,GAAG;MAC1D,MAAM,aAAa,yBAClB,aAAa,MACb,cACA,aACA,eACA,cAAc,aACf;MACA,IAAI,CAAC,YACJ;MAED,IAAI,cAAc,SAAS,SAC1B,cAAc,sBAAsB,UAAU;WAE9C,cAAc,+BAA+B,UAAU;KAEzD;IACD;GACD;EAMY;EACZ;EACA;CACD;AACD;AAEA,SAAS,oBACR,MACA,OACA,uBACC;CACD,IAAI,SAAS,uBAAuB,OAAO,GAAG,KAAK,GAAG,MAAM,GAAG,sBAAsB;CACrF,IAAI,OAAO,OAAO,GAAG,KAAK,GAAG,MAAM;CACnC,OAAO,GAAG,KAAK;AAChB;AAEA,SAAS,QAAQ,OAA8B;CAC9C,OAAO,OAAO,YAAY;AAC3B;AAEA,SAAS,mBACR,OACA,KACwB;CACxB,OAAO,MAAM,SAAS,UACnB,MAAM,YAAuB,GAAG,EAAE,IAAI,IACtC,MAAM,qBAAgC,GAAG,EAAE,IAAI;AACnD;AAEA,UAAU,aAAa,WAA6B;CACnD,KAAK,MAAM,YAAY,WACtB,KAAK,MAAM,gBAAgB,SAAS,OACnC,MAAM;AAGT"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@baeta/auth",
-  "version": "0.0.0",
+  "version": "2.0.0-next.15",
   "description": "Authorization for Baeta.",
   "keywords": [
     "baeta",
@@ -25,7 +25,71 @@
     "url": "git+https://github.com/andreisergiu98/baeta.git",
     "directory": "packages/auth"
   },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "sideEffects": false,
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
   "publishConfig": {
+    "exports": {
+      ".": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    },
     "access": "public"
+  },
+  "scripts": {
+    "build": "builder build",
+    "check:deps": "builder check-deps",
+    "postpack": "builder prepare --restore",
+    "prepack": "builder prepare",
+    "test": "builder test",
+    "types": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@baeta/errors": "^2.0.0-next.15",
+    "@baeta/util-log": "^2.0.0-next.4",
+    "safe-stable-stringify": "^2.5.0"
+  },
+  "devDependencies": {
+    "@baeta/builder": "^0.0.0",
+    "@baeta/core": "^2.0.0-next.15",
+    "@baeta/testing": "^0.0.0",
+    "@baeta/tsconfig": "^0.0.0",
+    "graphql": "^16.6.0",
+    "typescript": "^6.0.0"
+  },
+  "peerDependencies": {
+    "@baeta/core": "^2.0.0-next.15",
+    "graphql": "^16.6.0"
+  },
+  "ava": {
+    "extensions": [
+      "ts"
+    ]
+  },
+  "engines": {
+    "node": "^22.20.0 || ^24.0.0 || >=26.0.0"
+  },
+  "typedocOptions": {
+    "entryPoints": [
+      "./index.ts"
+    ],
+    "readme": "none",
+    "tsconfig": "./tsconfig.json",
+    "sort": [
+      "kind",
+      "instance-first",
+      "required-first",
+      "alphabetical-ignoring-documents"
+    ]
   }
-}
+}