@bernouy/socle 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 matthias-bernouy
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1 @@
+# DASS

package/dist/app.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/default/AuthenticationProvider/Authentication.d.ts

@@ -0,0 +1,69 @@
+import type { IBe5_AccountSummary, IBe5_Authentication, IBe5_Subject } from "../../interfaces/AuthInterface";
+import type { IBe5_Runner, Middleware } from "../../interfaces/RunnerInterface";
+import type { IBe5_Mailer } from "../../interfaces/MailerInterface";
+import type { AuthRepository } from "./interfaces/repository/AuthRepository";
+interface Be5_TokenPayload {
+    email: string;
+    role: "admin" | "user";
+    sub: string;
+}
+export type AuthConfig = {
+    basePath?: string;
+    registerDisabled?: boolean;
+    defaultRedirection?: string;
+    /**
+     * Absolute public base URL of the app (e.g. "https://app.example.com").
+     * Required for features that embed links in emails. If absent, reset
+     * links fall back to a relative URL (which may not be clickable in mail
+     * clients but still works for dev).
+     */
+    baseUrl?: string;
+    /**
+     * Optional mailer. If omitted, email-dependent features
+     * (requestPasswordReset) throw and the HTTP routes return 503.
+     */
+    mailer?: IBe5_Mailer;
+    /** Lifetime of a password reset token in minutes. Defaults to 30. */
+    resetTokenTtlMinutes?: number;
+    /** "From" address used for outgoing auth emails. */
+    mailFrom?: string;
+};
+export declare class Authentication implements IBe5_Authentication {
+    registerDisabled: boolean;
+    defaultRedirection: string;
+    private _repository;
+    private _mailer;
+    private _baseUrl;
+    private _resetTtlMs;
+    private _mailFrom;
+    private _basePath;
+    readonly loginPage: string;
+    readonly registerPage: string;
+    readonly recoverPage: string;
+    readonly resetPage: string;
+    readonly logoutPage: string;
+    readonly setupPage: string;
+    readonly adminAccountsPage: string;
+    constructor(repository: AuthRepository, runner: IBe5_Runner, config?: AuthConfig);
+    get repository(): AuthRepository;
+    get mailEnabled(): boolean;
+    getSubject(req: Request): Promise<IBe5_Subject | null>;
+    isAuthenticated(req: Request): Promise<boolean>;
+    guardAuthenticated(req: Request): Promise<IBe5_Subject>;
+    guardAdmin(req: Request): Promise<IBe5_Subject>;
+    withRedirect(page: string, redirect: string): string;
+    get requireAuthenticated(): Middleware;
+    get requireAdmin(): Middleware;
+    logout(): Response;
+    requestPasswordReset(email: string): Promise<void>;
+    resetPassword(token: string, newPassword: string): Promise<void>;
+    changePassword(req: Request, currentPassword: string, newPassword: string): Promise<void>;
+    listAccounts(): Promise<IBe5_AccountSummary[]>;
+    createAccount(identifier: string, password: string, role: "admin" | "user"): Promise<IBe5_Subject>;
+    deleteAccount(identifier: string): Promise<void>;
+    setAccountRole(identifier: string, role: "admin" | "user"): Promise<void>;
+    private countAdmins;
+}
+/** Convenience factory: produces a signed JWT for use by login handlers. */
+export declare function signAuthJwt(payload: Be5_TokenPayload): Promise<string>;
+export {};

package/dist/default/AuthenticationProvider/api/adminAccounts.d.ts

@@ -0,0 +1,5 @@
+import type { Authentication } from "../Authentication";
+export declare function adminListAccounts(_req: Request, system: Authentication): Promise<Response>;
+export declare function adminCreateAccount(req: Request, system: Authentication): Promise<Response>;
+export declare function adminDeleteAccount(req: Request, system: Authentication): Promise<Response>;
+export declare function adminUpdateRole(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/api/changePasswordSubmit.d.ts

@@ -0,0 +1,2 @@
+import type { Authentication } from "../Authentication";
+export declare function changePasswordSubmit(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/api/loginSubmit.d.ts

@@ -0,0 +1,2 @@
+import type { Authentication } from "../Authentication";
+export declare function loginSubmit(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/api/logoutHandler.d.ts

@@ -0,0 +1,2 @@
+import type { Authentication } from "../Authentication";
+export declare function logoutHandler(_req: Request, system: Authentication): Response;

package/dist/default/AuthenticationProvider/api/recoverSubmit.d.ts

@@ -0,0 +1,2 @@
+import type { Authentication } from "../Authentication";
+export declare function recoverSubmit(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/api/registerSubmit.d.ts

@@ -0,0 +1,2 @@
+import type { Authentication } from "../Authentication";
+export declare function registerSubmit(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/api/resetSubmit.d.ts

@@ -0,0 +1,2 @@
+import type { Authentication } from "../Authentication";
+export declare function resetSubmit(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/api/setupSubmit.d.ts

@@ -0,0 +1,6 @@
+import type { Authentication } from "../Authentication";
+/**
+ * Creates the very first admin account.
+ * 409 if any account already exists — this endpoint is meant to run exactly once.
+ */
+export declare function setupSubmit(req: Request, system: Authentication): Promise<Response>;

package/dist/default/AuthenticationProvider/interfaces/default-provider/AuthRepositoryProvider.d.ts

@@ -0,0 +1,26 @@
+import { MongoClient } from "mongodb";
+import type { AuthRepository, TSubject } from "../repository/AuthRepository";
+type DefaultDatastoreConfig = {
+    uri: string;
+    databaseName: string;
+};
+/**
+ * Default MongoDB-backed implementation of AuthRepository.
+ */
+export declare class AuthRepositoryProvider implements AuthRepository {
+    private _database;
+    private _accountCollection;
+    constructor(client: MongoClient, databaseName: string);
+    static create(config: DefaultDatastoreConfig): Promise<AuthRepositoryProvider>;
+    findByEmail(email: string): Promise<TSubject | null>;
+    findByResetTokenHash(tokenHash: string): Promise<TSubject | null>;
+    register(subject: TSubject): Promise<TSubject>;
+    updatePassword(email: string, passwordHash: string): Promise<void>;
+    updateRole(email: string, role: 'admin' | 'user'): Promise<void>;
+    setResetToken(email: string, tokenHash: string, expiresAt: Date): Promise<void>;
+    clearResetToken(email: string): Promise<void>;
+    delete(email: string): Promise<void>;
+    list(): Promise<TSubject[]>;
+    count(): Promise<number>;
+}
+export {};

package/dist/default/AuthenticationProvider/interfaces/repository/AuthRepository.d.ts

@@ -0,0 +1,23 @@
+export type TSubject = {
+    id?: string;
+    email: string;
+    passwordHash: string;
+    role: 'admin' | 'user';
+    createdAt?: Date;
+    /** sha256 hex of the active password-reset token, or null. */
+    passwordResetTokenHash?: string | null;
+    /** Expiry of the active reset token. */
+    passwordResetExpiresAt?: Date | null;
+};
+export interface AuthRepository {
+    findByEmail(email: string): Promise<TSubject | null>;
+    findByResetTokenHash(tokenHash: string): Promise<TSubject | null>;
+    register(subject: TSubject): Promise<TSubject>;
+    updatePassword(email: string, passwordHash: string): Promise<void>;
+    updateRole(email: string, role: 'admin' | 'user'): Promise<void>;
+    setResetToken(email: string, tokenHash: string, expiresAt: Date): Promise<void>;
+    clearResetToken(email: string): Promise<void>;
+    delete(email: string): Promise<void>;
+    list(): Promise<TSubject[]>;
+    count(): Promise<number>;
+}

package/dist/default/AuthenticationProvider/utilities/send_html.d.ts

@@ -0,0 +1 @@
+export declare function send_html(content: string): Response;

package/dist/default/MailerProvider/ConsoleMailerProvider.d.ts

@@ -0,0 +1,12 @@
+import type { Be5_MailMessage, IBe5_Mailer } from "../../interfaces/MailerInterface";
+/**
+ * Default mailer used for development and tests.
+ *
+ * It does not actually send anything — it just prints the message to stdout.
+ * Useful to inspect password reset links without configuring SMTP.
+ */
+export declare class ConsoleMailerProvider implements IBe5_Mailer {
+    private readonly defaultFrom;
+    constructor(defaultFrom?: string);
+    send(message: Be5_MailMessage): Promise<void>;
+}

package/dist/default/MailerProvider/SmtpMailerProvider.d.ts

@@ -0,0 +1,24 @@
+import type { Be5_MailMessage, IBe5_Mailer } from "../../interfaces/MailerInterface";
+export type SmtpMailerConfig = {
+    host: string;
+    port: number;
+    secure?: boolean;
+    auth?: {
+        user: string;
+        pass: string;
+    };
+    defaultFrom: string;
+};
+/**
+ * SMTP-backed mailer built on top of nodemailer.
+ *
+ * Nodemailer is imported dynamically so that consumers who only use the
+ * ConsoleMailerProvider don't pay the cost of pulling it in.
+ */
+export declare class SmtpMailerProvider implements IBe5_Mailer {
+    private readonly config;
+    private _transporter;
+    constructor(config: SmtpMailerConfig);
+    private transporter;
+    send(message: Be5_MailMessage): Promise<void>;
+}

package/dist/default/RunnerProvider.d.ts

@@ -0,0 +1,15 @@
+import type { IBe5_Runner, RouteHandler, Middleware } from "src/interfaces/RunnerInterface";
+export declare class Be5_Runner implements IBe5_Runner {
+    private routes;
+    private globalMiddlewares;
+    addEndpoint(method: string, path: string, handler: RouteHandler, middlewares?: Middleware[]): void;
+    use(middleware: Middleware): void;
+    group(prefix: string, callback: (runner: IBe5_Runner) => void, middlewares?: Middleware[]): void;
+    get(path: string, handler: RouteHandler, middlewares?: Middleware[]): void;
+    post(path: string, handler: RouteHandler, middlewares?: Middleware[]): void;
+    patch(path: string, handler: RouteHandler, middlewares?: Middleware[]): void;
+    delete(path: string, handler: RouteHandler, middlewares?: Middleware[]): void;
+    put(path: string, handler: RouteHandler, middlewares?: Middleware[]): void;
+    start(port?: number): void;
+    private matchPath;
+}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export * from "./default/AuthenticationProvider/Authentication";
+export * from "./default/AuthenticationProvider/interfaces/default-provider/AuthRepositoryProvider";
+export * from "./default/AuthenticationProvider/interfaces/repository/AuthRepository";
+export * from "./default/RunnerProvider";
+export * from "./default/MailerProvider/ConsoleMailerProvider";
+export * from "./default/MailerProvider/SmtpMailerProvider";
+export * from "./interfaces/RunnerInterface";
+export * from "./interfaces/AuthInterface";
+export * from "./interfaces/MailerInterface";