@betterportal/auth-default 0.0.1

package/README.md

@@ -0,0 +1,12 @@
+# BetterPortal Auth Plugin for Node.js
+
+Default BetterPortal v10 auth plugin package.
+
+This package defines the initial JWT-oriented auth contract for:
+
+- runtime identity
+- control-plane identity
+- refresh flows
+- user-management-adjacent APIs
+
+It depends on the BetterPortal framework contracts and keeps auth as a plugin category rather than core behavior.

package/bsb-plugin.json

@@ -0,0 +1,23 @@
+{
+  "nodejs": [
+    {
+      "id": "service-betterportal-auth-default",
+      "name": "service-betterportal-auth-default",
+      "basePath": "./",
+      "description": "Default BetterPortal v10 auth service: JWKS, login/logout/refresh, bcrypt user store",
+      "tags": [
+        "betterportal",
+        "auth",
+        "jwt",
+        "jwks"
+      ],
+      "documentation": [
+        "./README.md"
+      ],
+      "pluginPath": "src/plugins/service-betterportal-auth-default/",
+      "links": {
+        "github": "git+https://github.com/BetterCorp/BetterPortal.git"
+      }
+    }
+  ]
+}

package/bsb-tests.json

@@ -0,0 +1,14 @@
+{
+  "nodejs": [
+    {
+      "id": "service-betterportal-auth-default",
+      "skip": true,
+      "default": {
+        "config": {},
+        "setup": null,
+        "dispose": null
+      },
+      "tests": []
+    }
+  ]
+}

package/lib/defaultAuthManifest.d.ts

@@ -0,0 +1,41 @@
+import * as av from "anyvali";
+import type { Infer } from "anyvali";
+import { AdminApiDescriptor, AuthAudienceRule, PluginManifest, ViewPermissionDefinition } from "@betterportal/framework";
+export declare const RuntimeTokenConfigSchema: av.ObjectSchema<{
+    accessTokenSeconds: av.IntSchema;
+    refreshTokenSeconds: av.IntSchema;
+    runtimeAudiences: av.ArraySchema<av.StringSchema>;
+    controlPlaneAudiences: av.ArraySchema<av.StringSchema>;
+}>;
+export type RuntimeTokenConfig = Infer<typeof RuntimeTokenConfigSchema>;
+export declare const DefaultRuntimeAudienceRules: readonly AuthAudienceRule[];
+export declare const DefaultAuthPermissions: readonly ViewPermissionDefinition[];
+export declare const DefaultAuthAdminApis: readonly AdminApiDescriptor[];
+export declare const DefaultAuthManifest: PluginManifest;
+export declare const RuntimeJwtClaimsContract: av.ObjectSchema<{
+    iss: av.StringSchema;
+    aud: av.UnionSchema<[av.StringSchema, av.ArraySchema<av.StringSchema>]>;
+    sub: av.StringSchema;
+    exp: av.IntSchema;
+    iat: av.IntSchema;
+    nbf: av.OptionalSchema<av.IntSchema>;
+    jti: av.StringSchema;
+    realm: av.EnumSchema<readonly ["runtime", "control-plane"]>;
+    tenantId: av.StringSchema;
+    appId: av.StringSchema;
+    roles: av.ArraySchema<av.StringSchema>;
+    tokenType: av.EnumSchema<readonly ["access", "refresh", "cp-envelope", "setup", "install"]>;
+    authProvider: av.OptionalSchema<av.StringSchema>;
+    providerSubject: av.OptionalSchema<av.StringSchema>;
+    provider: av.OptionalSchema<av.ObjectSchema<{
+        username: av.OptionalSchema<av.StringSchema>;
+        profileUrl: av.OptionalSchema<av.StringSchema>;
+        accountId: av.OptionalSchema<av.UnionSchema<[av.StringSchema, av.NumberSchema]>>;
+        nodeId: av.OptionalSchema<av.StringSchema>;
+        scope: av.OptionalSchema<av.StringSchema>;
+    }>>;
+    name: av.OptionalSchema<av.StringSchema>;
+    email: av.OptionalSchema<av.StringSchema>;
+    picture: av.OptionalSchema<av.StringSchema>;
+}>;
+//# sourceMappingURL=defaultAuthManifest.d.ts.map

package/lib/defaultAuthManifest.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaultAuthManifest.d.ts","sourceRoot":"","sources":["../src/defaultAuthManifest.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EACL,kBAAkB,EAClB,gBAAgB,EAGhB,cAAc,EACd,wBAAwB,EACzB,MAAM,yBAAyB,CAAC;AAEjC,eAAO,MAAM,wBAAwB;;;;;EAKT,CAAC;AAC7B,MAAM,MAAM,kBAAkB,GAAG,KAAK,CAAC,OAAO,wBAAwB,CAAC,CAAC;AAExE,eAAO,MAAM,2BAA2B,EAAE,SAAS,gBAAgB,EASlE,CAAC;AAEF,eAAO,MAAM,sBAAsB,EAAE,SAAS,wBAAwB,EAarE,CAAC;AAEF,eAAO,MAAM,oBAAoB,EAAE,SAAS,kBAAkB,EAS7D,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,cAsBhC,CAAC;AAEH,eAAO,MAAM,wBAAwB;;;;;;;;;;;;;;;;;;;;;;;;;EAAkB,CAAC"}

package/lib/defaultAuthManifest.js

@@ -0,0 +1,67 @@
+import * as av from "anyvali";
+import { createPluginManifest, JwtClaimsSchema } from "@betterportal/framework";
+export const RuntimeTokenConfigSchema = av.object({
+    accessTokenSeconds: av.int().min(1).default(60 * 15),
+    refreshTokenSeconds: av.int().min(1).default(60 * 60 * 24 * 7),
+    runtimeAudiences: av.array(av.string().minLength(1)).minItems(1),
+    controlPlaneAudiences: av.array(av.string().minLength(1)).minItems(1)
+}, { unknownKeys: "strip" });
+export const DefaultRuntimeAudienceRules = [
+    {
+        realm: "runtime",
+        audiences: ["betterportal-runtime"]
+    },
+    {
+        realm: "control-plane",
+        audiences: ["betterportal-control-plane"]
+    }
+];
+export const DefaultAuthPermissions = [
+    {
+        id: "auth.user.read",
+        title: "Read authenticated user profile",
+        description: "Allows reading runtime user profile information.",
+        defaultRoles: ["user", "admin"]
+    },
+    {
+        id: "auth.user.manage",
+        title: "Manage users",
+        description: "Allows control-plane user administration.",
+        defaultRoles: ["admin"]
+    }
+];
+export const DefaultAuthAdminApis = [
+    {
+        id: "auth-token-config",
+        title: "Auth token configuration",
+        description: "Manage auth token lifetimes and allowed audiences.",
+        path: "/admin/auth/token-config",
+        methods: ["GET", "PUT"],
+        supportsCustomUi: true
+    }
+];
+export const DefaultAuthManifest = createPluginManifest({
+    pluginId: "auth.betterportal.default",
+    title: "BetterPortal Default Auth",
+    description: "JWT issuing auth plugin for BetterPortal v10 runtime and control-plane flows.",
+    version: "1.0.0",
+    category: "auth",
+    deploymentModes: ["bp-hosted", "customer-hosted", "self-hosted", "saas-managed"],
+    capabilities: [
+        "auth.jwt",
+        "auth.refresh-token",
+        "auth.runtime-identity",
+        "auth.control-plane-identity"
+    ],
+    supportedThemes: [],
+    supportedRenderModes: [],
+    views: [],
+    configSchemas: [],
+    permissions: [...DefaultAuthPermissions],
+    adminApis: [...DefaultAuthAdminApis],
+    cacheHints: {
+        metadataTtlSeconds: 1800
+    }
+});
+export const RuntimeJwtClaimsContract = JwtClaimsSchema;
+//# sourceMappingURL=defaultAuthManifest.js.map

package/lib/defaultAuthManifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"defaultAuthManifest.js","sourceRoot":"","sources":["../src/defaultAuthManifest.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAE9B,OAAO,EAGL,oBAAoB,EACpB,eAAe,EAGhB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,CAAC,MAAM,wBAAwB,GAAG,EAAE,CAAC,MAAM,CAAC;IAChD,kBAAkB,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,CAAC;IACpD,mBAAmB,EAAE,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;IAC9D,gBAAgB,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IAChE,qBAAqB,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;CACtE,EAAE,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;AAG7B,MAAM,CAAC,MAAM,2BAA2B,GAAgC;IACtE;QACE,KAAK,EAAE,SAAS;QAChB,SAAS,EAAE,CAAC,sBAAsB,CAAC;KACpC;IACD;QACE,KAAK,EAAE,eAAe;QACtB,SAAS,EAAE,CAAC,4BAA4B,CAAC;KAC1C;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,sBAAsB,GAAwC;IACzE;QACE,EAAE,EAAE,gBAAgB;QACpB,KAAK,EAAE,iCAAiC;QACxC,WAAW,EAAE,kDAAkD;QAC/D,YAAY,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC;KAChC;IACD;QACE,EAAE,EAAE,kBAAkB;QACtB,KAAK,EAAE,cAAc;QACrB,WAAW,EAAE,2CAA2C;QACxD,YAAY,EAAE,CAAC,OAAO,CAAC;KACxB;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,oBAAoB,GAAkC;IACjE;QACE,EAAE,EAAE,mBAAmB;QACvB,KAAK,EAAE,0BAA0B;QACjC,WAAW,EAAE,oDAAoD;QACjE,IAAI,EAAE,0BAA0B;QAChC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC;QACvB,gBAAgB,EAAE,IAAI;KACvB;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAAmB,oBAAoB,CAAC;IACtE,QAAQ,EAAE,2BAA2B;IACrC,KAAK,EAAE,2BAA2B;IAClC,WAAW,EAAE,+EAA+E;IAC5F,OAAO,EAAE,OAAO;IAChB,QAAQ,EAAE,MAAM;IAChB,eAAe,EAAE,CAAC,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,cAAc,CAAC;IAChF,YAAY,EAAE;QACZ,UAAU;QACV,oBAAoB;QACpB,uBAAuB;QACvB,6BAA6B;KAC9B;IACD,eAAe,EAAE,EAAE;IACnB,oBAAoB,EAAE,EAAE;IACxB,KAAK,EAAE,EAAE;IACT,aAAa,EAAE,EAAE;IACjB,WAAW,EAAE,CAAC,GAAG,sBAAsB,CAAC;IACxC,SAAS,EAAE,CAAC,GAAG,oBAAoB,CAAC;IACpC,UAAU,EAAE;QACV,kBAAkB,EAAE,IAAI;KACzB;CACF,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,eAAe,CAAC"}

package/lib/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./defaultAuthManifest.js";
+export * from "./userStore.js";
+export * from "./plugins/service-betterportal-auth-default/index.js";
+//# sourceMappingURL=index.d.ts.map

package/lib/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAC;AACzC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sDAAsD,CAAC"}

package/lib/index.js

@@ -0,0 +1,4 @@
+export * from "./defaultAuthManifest.js";
+export * from "./userStore.js";
+export * from "./plugins/service-betterportal-auth-default/index.js";
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAC;AACzC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,sDAAsD,CAAC"}

package/lib/plugins/service-betterportal-auth-default/.bp-generated/registry.d.ts

@@ -0,0 +1,3 @@
+import type { BetterPortalRegistry } from "@betterportal/framework";
+export declare const registry: BetterPortalRegistry;
+//# sourceMappingURL=registry.d.ts.map

package/lib/plugins/service-betterportal-auth-default/.bp-generated/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../../../../src/plugins/service-betterportal-auth-default/.bp-generated/registry.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AAEpE,eAAO,MAAM,QAAQ,EAAE,oBA8GtB,CAAC"}

package/lib/plugins/service-betterportal-auth-default/.bp-generated/registry.js

@@ -0,0 +1,122 @@
+// AUTO-GENERATED by BetterPortal codegen - DO NOT EDIT
+import * as loginRoute from "../bp-routes/login/index.js";
+import * as loginBootstrap1Page from "../bp-routes/login/_theme.bootstrap1/index.js";
+import * as loginBootstrap1NavProfile from "../bp-routes/login/_theme.bootstrap1/_nav.profile.js";
+import * as logoutRoute from "../bp-routes/logout/index.js";
+import * as logoutBootstrap1Page from "../bp-routes/logout/_theme.bootstrap1/index.js";
+import * as refreshRoute from "../bp-routes/refresh/index.js";
+import * as registerRoute from "../bp-routes/register/index.js";
+import * as registerBootstrap1PageS400 from "../bp-routes/register/_theme.bootstrap1/index.400.js";
+import * as registerBootstrap1Page from "../bp-routes/register/_theme.bootstrap1/index.js";
+export const registry = {
+    routes: [
+        {
+            viewId: "login.index",
+            path: "/login",
+            methods: ["GET", "POST"],
+            paramNames: [],
+            schemas: {
+                response: loginRoute.ResponseSchema,
+                query: loginRoute.QuerySchema,
+                headers: loginRoute.HeadersSchema,
+                request: loginRoute.RequestSchema
+            },
+            handlers: { GET: loginRoute.handleGet, POST: loginRoute.handlePost },
+            title: loginRoute.title,
+            description: loginRoute.description,
+            auth: loginRoute.auth,
+            role: loginRoute.role,
+            dependencies: loginRoute.dependencies,
+            chrome: loginRoute.chrome,
+            cacheHints: loginRoute.cacheHints,
+            demoScenarios: [],
+            themeRenderers: {
+                "bootstrap1": {
+                    pages: [{ rendererId: "default", type: "page", render: loginBootstrap1Page.render }],
+                    components: [],
+                    fragments: [{ rendererId: "nav.profile", type: "fragment", fragmentLocation: "nav", fragmentId: "profile", render: loginBootstrap1NavProfile.render }]
+                }
+            }
+        },
+        {
+            viewId: "logout.index",
+            path: "/logout",
+            methods: ["POST", "GET"],
+            paramNames: [],
+            schemas: {
+                response: logoutRoute.ResponseSchema,
+                query: logoutRoute.QuerySchema,
+                headers: logoutRoute.HeadersSchema,
+                request: logoutRoute.RequestSchema
+            },
+            handlers: { POST: logoutRoute.handlePost, GET: logoutRoute.handleGet },
+            title: logoutRoute.title,
+            description: logoutRoute.description,
+            auth: logoutRoute.auth,
+            role: logoutRoute.role,
+            cacheHints: logoutRoute.cacheHints,
+            demoScenarios: [],
+            themeRenderers: {
+                "bootstrap1": {
+                    pages: [{ rendererId: "default", type: "page", render: logoutBootstrap1Page.render }],
+                    components: [],
+                    fragments: []
+                }
+            }
+        },
+        {
+            viewId: "refresh.index",
+            path: "/refresh",
+            methods: ["POST"],
+            paramNames: [],
+            schemas: {
+                response: refreshRoute.ResponseSchema,
+                query: refreshRoute.QuerySchema,
+                headers: refreshRoute.HeadersSchema,
+                request: refreshRoute.RequestSchema
+            },
+            handlers: { POST: refreshRoute.handlePost },
+            title: refreshRoute.title,
+            description: refreshRoute.description,
+            auth: refreshRoute.auth,
+            role: refreshRoute.role,
+            cacheHints: refreshRoute.cacheHints,
+            demoScenarios: [],
+            themeRenderers: {}
+        },
+        {
+            viewId: "register.index",
+            path: "/register",
+            methods: ["GET", "POST"],
+            paramNames: [],
+            schemas: {
+                response: registerRoute.ResponseSchema,
+                query: registerRoute.QuerySchema,
+                headers: registerRoute.HeadersSchema,
+                request: registerRoute.RequestSchema
+            },
+            handlers: { GET: registerRoute.handleGet, POST: registerRoute.handlePost },
+            title: registerRoute.title,
+            description: registerRoute.description,
+            auth: registerRoute.auth,
+            role: registerRoute.role,
+            dependencies: registerRoute.dependencies,
+            chrome: registerRoute.chrome,
+            cacheHints: registerRoute.cacheHints,
+            demoScenarios: [],
+            themeRenderers: {
+                "bootstrap1": {
+                    pages: [{ rendererId: "default", type: "page", render: registerBootstrap1Page.render }],
+                    components: [],
+                    fragments: []
+                }
+            },
+            statusRenderers: {
+                "bootstrap1": {
+                    400: { page: { rendererId: "default", type: "page", render: registerBootstrap1PageS400.render } }
+                }
+            }
+        }
+    ]
+};
+//# sourceMappingURL=registry.js.map

package/lib/plugins/service-betterportal-auth-default/.bp-generated/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../../../src/plugins/service-betterportal-auth-default/.bp-generated/registry.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,OAAO,KAAK,UAAU,MAAM,6BAA6B,CAAC;AAC1D,OAAO,KAAK,mBAAmB,MAAM,+CAA+C,CAAC;AACrF,OAAO,KAAK,yBAAyB,MAAM,sDAAsD,CAAC;AAClG,OAAO,KAAK,WAAW,MAAM,8BAA8B,CAAC;AAC5D,OAAO,KAAK,oBAAoB,MAAM,gDAAgD,CAAC;AACvF,OAAO,KAAK,YAAY,MAAM,+BAA+B,CAAC;AAC9D,OAAO,KAAK,aAAa,MAAM,gCAAgC,CAAC;AAChE,OAAO,KAAK,0BAA0B,MAAM,sDAAsD,CAAC;AACnG,OAAO,KAAK,sBAAsB,MAAM,kDAAkD,CAAC;AAG3F,MAAM,CAAC,MAAM,QAAQ,GAAyB;IAC5C,MAAM,EAAE;QACN;YACE,MAAM,EAAE,aAAa;YACrB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,CAAC,KAAK,EAAC,MAAM,CAAC;YACvB,UAAU,EAAE,EAAE;YACd,OAAO,EAAE;gBACP,QAAQ,EAAE,UAAU,CAAC,cAAc;gBACnC,KAAK,EAAE,UAAU,CAAC,WAAW;gBAC7B,OAAO,EAAE,UAAU,CAAC,aAAa;gBACjC,OAAO,EAAE,UAAU,CAAC,aAAa;aAClC;YACD,QAAQ,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,SAAS,EAAE,IAAI,EAAE,UAAU,CAAC,UAAU,EAAE;YACpE,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,WAAW,EAAE,UAAU,CAAC,WAAW;YACnC,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,YAAY,EAAE,UAAU,CAAC,YAAY;YACrC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,aAAa,EAAE,EAAE;YACjB,cAAc,EAAE;gBACd,YAAY,EAAE;oBACZ,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,CAAC,MAAM,EAAE,CAAC;oBACpF,UAAU,EAAE,EAAE;oBACd,SAAS,EAAE,CAAC,EAAE,UAAU,EAAE,aAAa,EAAE,IAAI,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,yBAAyB,CAAC,MAAM,EAAE,CAAC;iBACvJ;aACF;SACF;QACD;YACE,MAAM,EAAE,cAAc;YACtB,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,CAAC,MAAM,EAAC,KAAK,CAAC;YACvB,UAAU,EAAE,EAAE;YACd,OAAO,EAAE;gBACP,QAAQ,EAAE,WAAW,CAAC,cAAc;gBACpC,KAAK,EAAE,WAAW,CAAC,WAAW;gBAC9B,OAAO,EAAE,WAAW,CAAC,aAAa;gBAClC,OAAO,EAAE,WAAW,CAAC,aAAa;aACnC;YACD,QAAQ,EAAE,EAAE,IAAI,EAAE,WAAW,CAAC,UAAU,EAAE,GAAG,EAAE,WAAW,CAAC,SAAS,EAAE;YACtE,KAAK,EAAE,WAAW,CAAC,KAAK;YACxB,WAAW,EAAE,WAAW,CAAC,WAAW;YACpC,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,IAAI,EAAE,WAAW,CAAC,IAAI;YACtB,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,aAAa,EAAE,EAAE;YACjB,cAAc,EAAE;gBACd,YAAY,EAAE;oBACZ,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,CAAC,MAAM,EAAE,CAAC;oBACrF,UAAU,EAAE,EAAE;oBACd,SAAS,EAAE,EAAE;iBACd;aACF;SACF;QACD;YACE,MAAM,EAAE,eAAe;YACvB,IAAI,EAAE,UAAU;YAChB,OAAO,EAAE,CAAC,MAAM,CAAC;YACjB,UAAU,EAAE,EAAE;YACd,OAAO,EAAE;gBACP,QAAQ,EAAE,YAAY,CAAC,cAAc;gBACrC,KAAK,EAAE,YAAY,CAAC,WAAW;gBAC/B,OAAO,EAAE,YAAY,CAAC,aAAa;gBACnC,OAAO,EAAE,YAAY,CAAC,aAAa;aACpC;YACD,QAAQ,EAAE,EAAE,IAAI,EAAE,YAAY,CAAC,UAAU,EAAE;YAC3C,KAAK,EAAE,YAAY,CAAC,KAAK;YACzB,WAAW,EAAE,YAAY,CAAC,WAAW;YACrC,IAAI,EAAE,YAAY,CAAC,IAAI;YACvB,IAAI,EAAE,YAAY,CAAC,IAAI;YACvB,UAAU,EAAE,YAAY,CAAC,UAAU;YACnC,aAAa,EAAE,EAAE;YACjB,cAAc,EAAE,EAAE;SACnB;QACD;YACE,MAAM,EAAE,gBAAgB;YACxB,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,CAAC,KAAK,EAAC,MAAM,CAAC;YACvB,UAAU,EAAE,EAAE;YACd,OAAO,EAAE;gBACP,QAAQ,EAAE,aAAa,CAAC,cAAc;gBACtC,KAAK,EAAE,aAAa,CAAC,WAAW;gBAChC,OAAO,EAAE,aAAa,CAAC,aAAa;gBACpC,OAAO,EAAE,aAAa,CAAC,aAAa;aACrC;YACD,QAAQ,EAAE,EAAE,GAAG,EAAE,aAAa,CAAC,SAAS,EAAE,IAAI,EAAE,aAAa,CAAC,UAAU,EAAE;YAC1E,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,WAAW,EAAE,aAAa,CAAC,WAAW;YACtC,IAAI,EAAE,aAAa,CAAC,IAAI;YACxB,IAAI,EAAE,aAAa,CAAC,IAAI;YACxB,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,MAAM,EAAE,aAAa,CAAC,MAAM;YAC5B,UAAU,EAAE,aAAa,CAAC,UAAU;YACpC,aAAa,EAAE,EAAE;YACjB,cAAc,EAAE;gBACd,YAAY,EAAE;oBACZ,KAAK,EAAE,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,sBAAsB,CAAC,MAAM,EAAE,CAAC;oBACvF,UAAU,EAAE,EAAE;oBACd,SAAS,EAAE,EAAE;iBACd;aACF;YACD,eAAe,EAAE;gBACf,YAAY,EAAE;oBACZ,GAAG,EAAE,EAAE,IAAI,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,CAAC,MAAM,EAAE,EAAE;iBAClG;aACF;SACF;KACF;CACF,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/_nav.profile.d.ts

@@ -0,0 +1,5 @@
+/** @jsxImportSource jsx-htmx */
+import type { HtmlRenderable } from "@betterportal/framework";
+import type { ResponseData } from "../index.js";
+export declare function render(data: ResponseData): HtmlRenderable;
+//# sourceMappingURL=_nav.profile.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/_nav.profile.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"_nav.profile.d.ts","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/_nav.profile.tsx"],"names":[],"mappings":"AAAA,gCAAgC;AAChC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEhD,wBAAgB,MAAM,CAAC,IAAI,EAAE,YAAY,GAAG,cAAc,CA4BzD"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/_nav.profile.js

@@ -0,0 +1,10 @@
+import { jsx as _jsx, jsxs as _jsxs } from "jsx-htmx/jsx-runtime";
+export function render(data) {
+    if (!data.alreadyLoggedIn || !data.user) {
+        return (_jsx("a", { class: "btn btn-sm btn-primary", href: "/login", children: "Sign in" }));
+    }
+    const displayName = data.user.name || data.user.username || data.user.email || "Account";
+    const detail = data.user.email || data.user.username || displayName;
+    return (_jsxs("div", { class: "dropdown", children: [_jsx("button", { class: "btn btn-sm btn-light dropdown-toggle", type: "button", "data-bs-toggle": "dropdown", "aria-expanded": "false", children: displayName }), _jsxs("ul", { class: "dropdown-menu dropdown-menu-end", children: [_jsx("li", { children: _jsx("h6", { class: "dropdown-header", children: detail }) }), _jsx("li", { children: _jsx("hr", { class: "dropdown-divider" }) }), _jsx("li", { children: _jsx("a", { class: "dropdown-item", href: "/login?action=logout", children: "Logout" }) })] })] }));
+}
+//# sourceMappingURL=_nav.profile.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/_nav.profile.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"_nav.profile.js","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/_nav.profile.tsx"],"names":[],"mappings":";AAIA,MAAM,UAAU,MAAM,CAAC,IAAkB;IACvC,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACxC,OAAO,CACL,YAAG,KAAK,EAAC,wBAAwB,EAAC,IAAI,EAAC,QAAQ,wBAE3C,CACL,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC;IACzF,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,WAAW,CAAC;IAEpE,OAAO,CACL,eAAK,KAAK,EAAC,UAAU,aACnB,iBAAQ,KAAK,EAAC,sCAAsC,EAAC,IAAI,EAAC,QAAQ,oBAAgB,UAAU,mBAAe,OAAO,YAC/G,WAAW,GACL,EACT,cAAI,KAAK,EAAC,iCAAiC,aACzC,uBAAI,aAAI,KAAK,EAAC,iBAAiB,YAAE,MAAM,GAAM,GAAK,EAClD,uBAAI,aAAI,KAAK,EAAC,kBAAkB,GAAG,GAAK,EACxC,uBACI,YAAG,KAAK,EAAC,eAAe,EAAC,IAAI,EAAC,sBAAsB,uBAEhD,GACH,IACF,IACD,CACP,CAAC;AACJ,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/index.d.ts

@@ -0,0 +1,4 @@
+import type { HtmlRenderable } from "@betterportal/framework";
+import type { ResponseData } from "../index.js";
+export declare function render(data: ResponseData): HtmlRenderable;
+//# sourceMappingURL=index.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/index.tsx"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAgDhD,wBAAgB,MAAM,CAAC,IAAI,EAAE,YAAY,GAAG,cAAc,CAgHzD"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/index.js

@@ -0,0 +1,81 @@
+import { jsx as _jsx, jsxs as _jsxs } from "jsx-htmx/jsx-runtime";
+/** @jsxImportSource jsx-htmx */
+import { js } from "jsx-htmx";
+function loginScript() {
+    // IIFE - htmx executes swapped <script> content as a plain script, where a
+    // top-level `return` inside a bare block is a SyntaxError.
+    return js(`(() => {
+    const form = document.getElementById("bp-login-form");
+    if (!form) return;
+    // Capture ?next= from URL into the hidden input so the server returns
+    // the correct HX-Location post-login.
+    const nextInput = form.querySelector('input[name="next"]');
+    if (nextInput) {
+      nextInput.value = new URLSearchParams(window.location.search).get("next") || "";
+    }
+    form.addEventListener("htmx:beforeRequest", () => {
+      const errEl = document.getElementById("bp-login-error");
+      if (errEl) errEl.classList.add("d-none");
+    });
+    form.addEventListener("htmx:responseError", (ev) => {
+      const xhr = ev.detail.xhr;
+      let body = null;
+      try { body = JSON.parse(xhr.responseText); } catch { /* non-JSON */ }
+      const errEl = document.getElementById("bp-login-error");
+      if (errEl) {
+        errEl.textContent = (body && body.message) || ("Login failed (HTTP " + xhr.status + ")");
+        errEl.classList.remove("d-none");
+      }
+    });
+    form.addEventListener("htmx:afterRequest", (ev) => {
+      const xhr = ev.detail.xhr;
+      let body = null;
+      try { body = JSON.parse(xhr.responseText); } catch { /* non-JSON */ }
+      const errEl = document.getElementById("bp-login-error");
+      if (!xhr.status || xhr.status >= 400 || !body || body.status !== "ok") {
+        if (errEl) {
+          errEl.textContent = (body && body.message) || ("Login failed (HTTP " + xhr.status + ")");
+          errEl.classList.remove("d-none");
+        }
+        return;
+      }
+      // Token storage happens via BP-SetHeader directives (shell shim) - writing
+      // bp.headers here too would stamp the wrong lock owner and block the
+      // server's later BP-RemoveHeader / refresh overwrites.
+      // Server sets HX-Location: next - htmx soft-navigates automatically. No reload.
+    });
+  })()`);
+}
+export function render(data) {
+    if (data.loggedOut) {
+        const next = data.nextUrl || "/";
+        return (_jsx("div", { class: "container py-5", style: "max-width: 420px;", children: _jsx("div", { class: "card border-0 shadow-sm", children: _jsxs("div", { class: "card-body text-center", children: [_jsx("h3", { class: "card-title mb-1", children: "Signed out" }), _jsx("p", { class: "text-secondary small mb-4", children: "You have been signed out." }), _jsx("a", { class: "btn btn-primary w-100", href: next, children: "Continue" })] }) }) }));
+    }
+    // Zero users -> this deployment still needs its first admin. Soft-redirect to
+    // the register view in-shell; URL bar follows via hx-push-url.
+    if (data.requiresFirstAdmin && data.firstAdminUrl) {
+        return (_jsx("div", { "hx-get": data.firstAdminUrl, "hx-trigger": "load", "hx-target": "#bp-main", "hx-swap": "innerHTML", "hx-push-url": "/register", children: _jsx("div", { class: "d-flex justify-content-center py-5", children: _jsx("div", { class: "spinner-border", role: "status", children: _jsx("span", { class: "visually-hidden", children: "Redirecting to first-admin setup..." }) }) }) }));
+    }
+    // Already signed in with an explicit destination - go there immediately,
+    // no interstitial. The shell maps the tenant path to its owning service.
+    if (data.alreadyLoggedIn && data.nextUrl) {
+        const next = data.nextUrl;
+        return (_jsxs("div", { class: "d-flex justify-content-center py-5", children: [_jsx("div", { class: "spinner-border", role: "status", children: _jsx("span", { class: "visually-hidden", children: "Redirecting..." }) }), _jsx("script", { children: js(`window.htmx.ajax("GET", ${JSON.stringify(next)}, { target: "#bp-main", swap: "innerHTML", push: ${JSON.stringify(next)} })`) })] }));
+    }
+    // Request already carried a valid token - show the signed-in state with a
+    // way out (logout path from app config) instead of a pointless login form.
+    if (data.alreadyLoggedIn) {
+        const displayName = data.user?.name || data.user?.username || data.user?.email || "your account";
+        return (_jsxs("div", { class: "container py-5", style: "max-width: 420px;", children: [_jsx("div", { class: "card border-0 shadow-sm", children: _jsxs("div", { class: "card-body text-center", children: [_jsx("h3", { class: "card-title mb-1", children: "Already signed in" }), _jsxs("p", { class: "text-secondary small mb-4", children: ["You are signed in as ", _jsx("strong", { children: displayName }), "."] }), _jsx("button", { id: "bp-login-continue", class: "btn btn-primary w-100 mb-2", children: "Continue" }), _jsx("button", { class: "btn btn-outline-secondary w-100", "hx-get": data.logoutUrl || "/login?action=logout", "hx-target": "#bp-main", "hx-swap": "innerHTML", "hx-push-url": "/login?action=logout", children: "Sign out" })] }) }), _jsx("script", { children: js(`(() => {
+          // Honour ?next= the same way the login form does, and soft-navigate
+          // inside the shell. The shell's config_request hook maps the tenant
+          // path to its owning service origin.
+          const next = new URLSearchParams(window.location.search).get("next") || "/";
+          document.getElementById("bp-login-continue")?.addEventListener("click", () => {
+            window.htmx.ajax("GET", next, { target: "#bp-main", swap: "innerHTML", push: next });
+          });
+        })()`) })] }));
+    }
+    return (_jsxs("div", { class: "container py-5", style: "max-width: 420px;", children: [_jsx("div", { class: "card border-0 shadow-sm", children: _jsxs("div", { class: "card-body", children: [_jsx("h3", { class: "card-title mb-1 text-center", children: "Sign in" }), _jsx("p", { class: "text-secondary text-center small mb-4", children: "BetterPortal admin" }), _jsxs("form", { id: "bp-login-form", "hx-post": "this", "hx-headers": '{"Accept":"application/json"}', "hx-swap": "none", onsubmit: "return window.bpLoginSubmit ? window.bpLoginSubmit(event) : false", "hx-on::response-error": "const xhr=event.detail.xhr;let body=null;try{body=JSON.parse(xhr.responseText)}catch(e){};const errEl=document.getElementById('bp-login-error');if(errEl){errEl.textContent=(body&&body.message)||('Login failed (HTTP '+xhr.status+')');errEl.classList.remove('d-none')}", children: [_jsxs("div", { class: "mb-3", children: [_jsx("label", { class: "form-label", children: "Username *" }), _jsx("input", { type: "text", class: "form-control", name: "username", autocomplete: "username", required: true, autofocus: true })] }), _jsxs("div", { class: "mb-3", children: [_jsx("label", { class: "form-label", children: "Password *" }), _jsx("input", { type: "password", class: "form-control", name: "password", autocomplete: "current-password", required: true })] }), _jsx("input", { type: "hidden", name: "next", value: "" }), _jsx("div", { class: "alert alert-danger d-none", id: "bp-login-error" }), _jsx("button", { type: "submit", class: "btn btn-primary w-100", children: "Sign in" })] })] }) }), _jsx("script", { children: loginScript() })] }));
+}
+//# sourceMappingURL=index.js.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../../src/plugins/service-betterportal-auth-default/bp-routes/login/_theme.bootstrap1/index.tsx"],"names":[],"mappings":";AAAA,gCAAgC;AAChC,OAAO,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAI9B,SAAS,WAAW;IAClB,2EAA2E;IAC3E,2DAA2D;IAC3D,OAAO,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAwCL,CAAC,CAAC;AACT,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,IAAkB;IACvC,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,IAAI,GAAG,CAAC;QACjC,OAAO,CACL,cAAK,KAAK,EAAC,gBAAgB,EAAC,KAAK,EAAC,mBAAmB,YACnD,cAAK,KAAK,EAAC,yBAAyB,YAClC,eAAK,KAAK,EAAC,uBAAuB,aAChC,aAAI,KAAK,EAAC,iBAAiB,2BAAgB,EAC3C,YAAG,KAAK,EAAC,2BAA2B,0CAA8B,EAClE,YAAG,KAAK,EAAC,uBAAuB,EAAC,IAAI,EAAE,IAAI,yBAAc,IACrD,GACF,GACF,CACP,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,+DAA+D;IAC/D,IAAI,IAAI,CAAC,kBAAkB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;QAClD,OAAO,CACL,wBACU,IAAI,CAAC,aAAa,gBACf,MAAM,eACP,UAAU,aACZ,WAAW,iBACP,WAAW,YAEvB,cAAK,KAAK,EAAC,oCAAoC,YAC7C,cAAK,KAAK,EAAC,gBAAgB,EAAC,IAAI,EAAC,QAAQ,YAAC,eAAM,KAAK,EAAC,iBAAiB,oDAA2C,GAAM,GACpH,GACF,CACP,CAAC;IACJ,CAAC;IAED,yEAAyE;IACzE,yEAAyE;IACzE,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC;QAC1B,OAAO,CACL,eAAK,KAAK,EAAC,oCAAoC,aAC7C,cAAK,KAAK,EAAC,gBAAgB,EAAC,IAAI,EAAC,QAAQ,YAAC,eAAM,KAAK,EAAC,iBAAiB,+BAAsB,GAAM,EACnG,2BAAS,EAAE,CAAC,2BAA2B,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,oDAAoD,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,GAAU,IAC/I,CACP,CAAC;IACJ,CAAC;IAED,0EAA0E;IAC1E,2EAA2E;IAC3E,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QACzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,cAAc,CAAC;QACjG,OAAO,CACL,eAAK,KAAK,EAAC,gBAAgB,EAAC,KAAK,EAAC,mBAAmB,aACnD,cAAK,KAAK,EAAC,yBAAyB,YAClC,eAAK,KAAK,EAAC,uBAAuB,aAChC,aAAI,KAAK,EAAC,iBAAiB,kCAAuB,EAClD,aAAG,KAAK,EAAC,2BAA2B,sCAAsB,2BAAS,WAAW,GAAU,SAAK,EAC7F,iBAAQ,EAAE,EAAC,mBAAmB,EAAC,KAAK,EAAC,4BAA4B,yBAAkB,EACnF,iBACE,KAAK,EAAC,iCAAiC,YAC/B,IAAI,CAAC,SAAS,IAAI,sBAAsB,eACtC,UAAU,aACZ,WAAW,iBACP,sBAAsB,yBAClB,IACd,GACF,EACN,2BAAS,EAAE,CAAC;;;;;;;;aAQP,CAAC,GAAU,IACZ,CACP,CAAC;IACJ,CAAC;IAED,OAAO,CACL,eAAK,KAAK,EAAC,gBAAgB,EAAC,KAAK,EAAC,mBAAmB,aACnD,cAAK,KAAK,EAAC,yBAAyB,YAClC,eAAK,KAAK,EAAC,WAAW,aACpB,aAAI,KAAK,EAAC,6BAA6B,wBAAa,EACpD,YAAG,KAAK,EAAC,uCAAuC,mCAAuB,EACvE,gBACE,EAAE,EAAC,eAAe,aACV,MAAM,gBACH,+BAA+B,aAClC,MAAM,EACd,QAAQ,EAAC,mEAAmE,EAE1E,uBAAuB,EAAE,4QAA4Q,aAGvS,eAAK,KAAK,EAAC,MAAM,aACf,gBAAO,KAAK,EAAC,YAAY,2BAAmB,EAC5C,gBAAO,IAAI,EAAC,MAAM,EAAC,KAAK,EAAC,cAAc,EAAC,IAAI,EAAC,UAAU,EAAC,YAAY,EAAC,UAAU,EAAC,QAAQ,QAAC,SAAS,SAAG,IACjG,EACN,eAAK,KAAK,EAAC,MAAM,aACf,gBAAO,KAAK,EAAC,YAAY,2BAAmB,EAC5C,gBAAO,IAAI,EAAC,UAAU,EAAC,KAAK,EAAC,cAAc,EAAC,IAAI,EAAC,UAAU,EAAC,YAAY,EAAC,kBAAkB,EAAC,QAAQ,SAAG,IACnG,EACN,gBAAO,IAAI,EAAC,QAAQ,EAAC,IAAI,EAAC,MAAM,EAAC,KAAK,EAAC,EAAE,GAAG,EAC5C,cAAK,KAAK,EAAC,2BAA2B,EAAC,EAAE,EAAC,gBAAgB,GAAO,EACjE,iBAAQ,IAAI,EAAC,QAAQ,EAAC,KAAK,EAAC,uBAAuB,wBAAiB,IAC/D,IACH,GACF,EACN,2BAAS,WAAW,EAAE,GAAU,IAC5B,CACP,CAAC;AACJ,CAAC"}

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/index.d.ts

@@ -0,0 +1,89 @@
+import * as av from "anyvali";
+import type { Infer } from "anyvali";
+import { type ApiAuthRequirement, type CacheHints, type BetterPortalRouteChrome } from "@betterportal/framework";
+export declare const QuerySchema: av.ObjectSchema<{
+    action: av.OptionalSchema<av.StringSchema>;
+    next: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const HeadersSchema: av.ObjectSchema<{}>;
+export declare const RequestSchema: av.ObjectSchema<{
+    username: av.StringSchema;
+    password: av.StringSchema;
+    next: av.OptionalSchema<av.StringSchema>;
+}>;
+export declare const ResponseSchema: av.ObjectSchema<{
+    status: av.EnumSchema<readonly ["ok", "error"]>;
+    message: av.OptionalSchema<av.StringSchema>;
+    accessToken: av.OptionalSchema<av.StringSchema>;
+    refreshToken: av.OptionalSchema<av.StringSchema>;
+    expiresInSeconds: av.OptionalSchema<av.IntSchema>;
+    user: av.OptionalSchema<av.ObjectSchema<{
+        id: av.StringSchema;
+        username: av.StringSchema;
+        email: av.OptionalSchema<av.StringSchema>;
+        name: av.OptionalSchema<av.StringSchema>;
+    }>>;
+    requiresFirstAdmin: av.OptionalSchema<av.BoolSchema>;
+    firstAdminUrl: av.OptionalSchema<av.StringSchema>;
+    alreadyLoggedIn: av.OptionalSchema<av.BoolSchema>;
+    loggedOut: av.OptionalSchema<av.BoolSchema>;
+    logoutUrl: av.OptionalSchema<av.StringSchema>;
+    nextUrl: av.OptionalSchema<av.StringSchema>;
+}>;
+export type ResponseData = Infer<typeof ResponseSchema>;
+export declare const title = "Login";
+export declare const description = "Authenticate with username and password to receive a JWT.";
+export declare const role = "auth.login";
+export declare const dependencies: string[];
+export declare const chrome: BetterPortalRouteChrome;
+export declare const auth: ApiAuthRequirement;
+export declare const cacheHints: CacheHints;
+export declare const handleGet: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    action?: string | undefined;
+    next?: string | undefined;
+}, Record<string, string>, Record<string, unknown>, {
+    status: "ok" | "error";
+    message?: string | undefined;
+    accessToken?: string | undefined;
+    refreshToken?: string | undefined;
+    expiresInSeconds?: number | undefined;
+    user?: {
+        id: string;
+        username: string;
+        email?: string | undefined;
+        name?: string | undefined;
+    } | undefined;
+    requiresFirstAdmin?: boolean | undefined;
+    firstAdminUrl?: string | undefined;
+    alreadyLoggedIn?: boolean | undefined;
+    loggedOut?: boolean | undefined;
+    logoutUrl?: string | undefined;
+    nextUrl?: string | undefined;
+}, unknown, Record<string, unknown>>;
+export declare const handlePost: import("@betterportal/framework").RouteHandler<Record<string, string>, {
+    action?: string | undefined;
+    next?: string | undefined;
+}, Record<string, string>, {
+    username: string;
+    password: string;
+    next?: string | undefined;
+}, {
+    status: "ok" | "error";
+    message?: string | undefined;
+    accessToken?: string | undefined;
+    refreshToken?: string | undefined;
+    expiresInSeconds?: number | undefined;
+    user?: {
+        id: string;
+        username: string;
+        email?: string | undefined;
+        name?: string | undefined;
+    } | undefined;
+    requiresFirstAdmin?: boolean | undefined;
+    firstAdminUrl?: string | undefined;
+    alreadyLoggedIn?: boolean | undefined;
+    loggedOut?: boolean | undefined;
+    logoutUrl?: string | undefined;
+    nextUrl?: string | undefined;
+}, unknown, Record<string, unknown>>;
+//# sourceMappingURL=index.d.ts.map

package/lib/plugins/service-betterportal-auth-default/bp-routes/login/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/service-betterportal-auth-default/bp-routes/login/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAEL,KAAK,kBAAkB,EACvB,KAAK,UAAU,EACf,KAAK,uBAAuB,EAC7B,MAAM,yBAAyB,CAAC;AAIjC,eAAO,MAAM,WAAW;;;EAGI,CAAC;AAE7B,eAAO,MAAM,aAAa,qBAA0C,CAAC;AAErE,eAAO,MAAM,aAAa;;;;EAIE,CAAC;AAE7B,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;EA2BC,CAAC;AAC7B,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAExD,eAAO,MAAM,KAAK,UAAU,CAAC;AAC7B,eAAO,MAAM,WAAW,8DAA8D,CAAC;AACvF,eAAO,MAAM,IAAI,eAAe,CAAC;AACjC,eAAO,MAAM,YAAY,UAAsD,CAAC;AAChF,eAAO,MAAM,MAAM,EAAE,uBAA8C,CAAC;AAEpE,eAAO,MAAM,IAAI,EAAE,kBAGlB,CAAC;AAEF,eAAO,MAAM,UAAU,EAAE,UAGxB,CAAC;AAeF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;oCAuDrB,CAAC;AAEF,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;oCA6EtB,CAAC"}