@bivola/refresh-auth 1.0.0

package/README.md

@@ -0,0 +1,218 @@
+# Payload Plugin Template
+
+A template repo to create a [Payload CMS](https://payloadcms.com) plugin.
+
+Payload is built with a robust infrastructure intended to support Plugins with ease. This provides a simple, modular, and reusable way for developers to extend the core capabilities of Payload.
+
+To build your own Payload plugin, all you need is:
+
+- An understanding of the basic Payload concepts
+- And some JavaScript/Typescript experience
+
+## Background
+
+Here is a short recap on how to integrate plugins with Payload, to learn more visit the [plugin overview page](https://payloadcms.com/docs/plugins/overview).
+
+### How to install a plugin
+
+To install any plugin, simply add it to your payload.config() in the Plugin array.
+
+```ts
+import myPlugin from 'my-plugin'
+
+export const config = buildConfig({
+  plugins: [
+    // You can pass options to the plugin
+    myPlugin({
+      enabled: true,
+    }),
+  ],
+})
+```
+
+### Initialization
+
+The initialization process goes in the following order:
+
+1. Incoming config is validated
+2. **Plugins execute**
+3. Default options are integrated
+4. Sanitization cleans and validates data
+5. Final config gets initialized
+
+## Building the Plugin
+
+When you build a plugin, you are purely building a feature for your project and then abstracting it outside of the project.
+
+### Template Files
+
+In the Payload [plugin template](https://github.com/payloadcms/payload/tree/main/templates/plugin), you will see a common file structure that is used across all plugins:
+
+1. root folder
+2. /src folder
+3. /dev folder
+
+#### Root
+
+In the root folder, you will see various files that relate to the configuration of the plugin. We set up our environment in a similar manner in Payload core and across other projects, so hopefully these will look familiar:
+
+- **README**.md\* - This contains instructions on how to use the template. When you are ready, update this to contain instructions on how to use your Plugin.
+- **package**.json\* - Contains necessary scripts and dependencies. Overwrite the metadata in this file to describe your Plugin.
+- .**eslint**.config.js - Eslint configuration for reporting on problematic patterns.
+- .**gitignore** - List specific untracked files to omit from Git.
+- .**prettierrc**.json - Configuration for Prettier code formatting.
+- **tsconfig**.json - Configures the compiler options for TypeScript
+- .**swcrc** - Configuration for SWC, a fast compiler that transpiles and bundles TypeScript.
+- **vitest**.config.js - Config file for Vitest, defining how tests are run and how modules are resolved
+
+**IMPORTANT\***: You will need to modify these files.
+
+#### Dev
+
+In the dev folder, you’ll find a basic payload project, created with `npx create-payload-app` and the blank template.
+
+**IMPORTANT**: Make a copy of the `.env.example` file and rename it to `.env`. Update the `DATABASE_URL` to match the database you are using and your plugin name. Update `PAYLOAD_SECRET` to a unique string.
+**You will not be able to run `pnpm/yarn dev` until you have created this `.env` file.**
+
+`myPlugin` has already been added to the `payload.config()` file in this project.
+
+```ts
+plugins: [
+  myPlugin({
+    collections: {
+      posts: true,
+    },
+  }),
+]
+```
+
+Later when you rename the plugin or add additional options, **make sure to update it here**.
+
+You may wish to add collections or expand the test project depending on the purpose of your plugin. Just make sure to keep this dev environment as simplified as possible - users should be able to install your plugin without additional configuration required.
+
+When you’re ready to start development, initiate the project with `pnpm/npm/yarn dev` and pull up [http://localhost:3000](http://localhost:3000) in your browser.
+
+#### Src
+
+Now that we have our environment setup and we have a dev project ready to - it’s time to build the plugin!
+
+**index.ts**
+
+The essence of a Payload plugin is simply to extend the payload config - and that is exactly what we are doing in this file.
+
+```ts
+export const myPlugin =
+  (pluginOptions: MyPluginConfig) =>
+  (config: Config): Config => {
+    // do cool stuff with the config here
+
+    return config
+  }
+```
+
+First, we receive the existing payload config along with any plugin options.
+
+From here, you can extend the config as you wish.
+
+Finally, you return the config and that is it!
+
+##### Spread Syntax
+
+Spread syntax (or the spread operator) is a feature in JavaScript that uses the dot notation **(...)** to spread elements from arrays, strings, or objects into various contexts.
+
+We are going to use spread syntax to allow us to add data to existing arrays without losing the existing data. It is crucial to spread the existing data correctly – else this can cause adverse behavior and conflicts with Payload config and other plugins.
+
+Let’s say you want to build a plugin that adds a new collection:
+
+```ts
+config.collections = [
+  ...(config.collections || []),
+  // Add additional collections here
+]
+```
+
+First we spread the `config.collections` to ensure that we don’t lose the existing collections, then you can add any additional collections just as you would in a regular payload config.
+
+This same logic is applied to other properties like admin, hooks, globals:
+
+```ts
+config.globals = [
+  ...(config.globals || []),
+  // Add additional globals here
+]
+
+config.hooks = {
+  ...(incomingConfig.hooks || {}),
+  // Add additional hooks here
+}
+```
+
+Some properties will be slightly different to extend, for instance the onInit property:
+
+```ts
+import { onInitExtension } from './onInitExtension' // example file
+
+config.onInit = async (payload) => {
+  if (incomingConfig.onInit) await incomingConfig.onInit(payload)
+  // Add additional onInit code by defining an onInitExtension function
+  onInitExtension(pluginOptions, payload)
+}
+```
+
+If you wish to add to the onInit, you must include the **async/await**. We don’t use spread syntax in this case, instead you must await the existing `onInit` before running additional functionality.
+
+In the template, we have stubbed out some addition `onInit` actions that seeds in a document to the `plugin-collection`, you can use this as a base point to add more actions - and if not needed, feel free to delete it.
+
+##### Types.ts
+
+If your plugin has options, you should define and provide types for these options.
+
+```ts
+export type MyPluginConfig = {
+  /**
+   * List of collections to add a custom field
+   */
+  collections?: Partial<Record<CollectionSlug, true>>
+  /**
+   * Disable the plugin
+   */
+  disabled?: boolean
+}
+```
+
+If possible, include JSDoc comments to describe the options and their types. This allows a developer to see details about the options in their editor.
+
+##### Testing
+
+Having a test suite for your plugin is essential to ensure quality and stability. **Vitest** is a fast, modern testing framework that works seamlessly with Vite and supports TypeScript out of the box.
+
+Vitest organizes tests into test suites and cases, similar to other testing frameworks. We recommend creating individual tests based on the expected behavior of your plugin from start to finish.
+
+Writing tests with Vitest is very straightforward, and you can learn more about how it works in the [Vitest documentation.](https://vitest.dev/)
+
+For this template, we stubbed out `int.spec.ts` in the `dev` folder where you can write your tests.
+
+```ts
+describe('Plugin tests', () => {
+  // Create tests to ensure expected behavior from the plugin
+  it('some condition that must be met', () => {
+   // Write your test logic here
+   expect(...)
+  })
+})
+```
+
+## Best practices
+
+With this tutorial and the plugin template, you should have everything you need to start building your own plugin.
+In addition to the setup, here are other best practices aim we follow:
+
+- **Providing an enable / disable option:** For a better user experience, provide a way to disable the plugin without uninstalling it. This is especially important if your plugin adds additional webpack aliases, this will allow you to still let the webpack run to prevent errors.
+- **Include tests in your GitHub CI workflow**: If you’ve configured tests for your package, integrate them into your workflow to run the tests each time you commit to the plugin repository. Learn more about [how to configure tests into your GitHub CI workflow.](https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-nodejs)
+- **Publish your finished plugin to NPM**: The best way to share and allow others to use your plugin once it is complete is to publish an NPM package. This process is straightforward and well documented, find out more [creating and publishing a NPM package here.](https://docs.npmjs.com/creating-and-publishing-scoped-public-packages/).
+- **Add payload-plugin topic tag**: Apply the tag **payload-plugin **to your GitHub repository. This will boost the visibility of your plugin and ensure it gets listed with [existing payload plugins](https://github.com/topics/payload-plugin).
+- **Use [Semantic Versioning](https://semver.org/) (SemVar)** - With the SemVar system you release version numbers that reflect the nature of changes (major, minor, patch). Ensure all major versions reference their Payload compatibility.
+
+# Questions
+
+Please contact [Payload](mailto:dev@payloadcms.com) with any questions about using this plugin template.

package/dist/collections/refreshTokens.d.ts

@@ -0,0 +1,10 @@
+import type { CollectionConfig } from 'payload';
+import type { AuthRefreshPluginOptions } from '../index';
+type RefreshTokensOptions = Pick<AuthRefreshPluginOptions, 'entity_slug'>;
+export declare enum RevocationReason {
+    SuspiciousActivity = "suspicious_activity",
+    TokenRotation = "token_rotation",
+    UserLogout = "user_logout"
+}
+export declare const RefreshTokens: (options: RefreshTokensOptions) => CollectionConfig;
+export {};

package/dist/collections/refreshTokens.js

@@ -0,0 +1,67 @@
+export var RevocationReason = /*#__PURE__*/ function(RevocationReason) {
+    RevocationReason["SuspiciousActivity"] = "suspicious_activity";
+    RevocationReason["TokenRotation"] = "token_rotation";
+    RevocationReason["UserLogout"] = "user_logout";
+    return RevocationReason;
+}({});
+export const RefreshTokens = (options)=>({
+        slug: 'refresh-tokens',
+        admin: {
+            hidden: true
+        },
+        fields: [
+            {
+                name: 'entity',
+                type: 'relationship',
+                relationTo: options.entity_slug,
+                required: true
+            },
+            {
+                name: 'tokenHash',
+                type: 'text',
+                index: true,
+                required: true,
+                unique: true
+            },
+            {
+                name: 'expiresAt',
+                type: 'date',
+                required: true
+            },
+            {
+                name: 'lastUsedAt',
+                type: 'date'
+            },
+            {
+                name: 'rotatedAt',
+                type: 'date'
+            },
+            {
+                name: 'revokedAt',
+                type: 'date'
+            },
+            {
+                name: 'deviceId',
+                type: 'text',
+                required: true
+            },
+            {
+                name: 'userAgent',
+                type: 'text'
+            },
+            {
+                name: 'ipAddress',
+                type: 'text'
+            },
+            {
+                name: 'revocationReason',
+                type: 'select',
+                options: Object.entries(RevocationReason).map(([key, value])=>({
+                        label: key,
+                        value
+                    }))
+            }
+        ]
+    });
+
+//# sourceMappingURL=refreshTokens.js.map

package/dist/collections/refreshTokens.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/collections/refreshTokens.ts"],"sourcesContent":["import type { CollectionConfig } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\ntype RefreshTokensOptions = Pick<AuthRefreshPluginOptions, 'entity_slug'>\n\nexport enum RevocationReason {\n  SuspiciousActivity = 'suspicious_activity',\n  TokenRotation = 'token_rotation',\n  UserLogout = 'user_logout',\n}\n\nexport const RefreshTokens = (options: RefreshTokensOptions): CollectionConfig => ({\n  slug: 'refresh-tokens',\n  admin: {\n    hidden: true,\n  },\n  fields: [\n    {\n      name: 'entity',\n      type: 'relationship',\n      relationTo: options.entity_slug,\n      required: true,\n    },\n    {\n      name: 'tokenHash',\n      type: 'text',\n      index: true,\n      required: true,\n      unique: true,\n    },\n    {\n      name: 'expiresAt',\n      type: 'date',\n      required: true,\n    },\n    {\n      name: 'lastUsedAt',\n      type: 'date',\n    },\n    {\n      name: 'rotatedAt',\n      type: 'date',\n    },\n    {\n      name: 'revokedAt',\n      type: 'date',\n    },\n    {\n      name: 'deviceId',\n      type: 'text',\n      required: true,\n    },\n    {\n      name: 'userAgent',\n      type: 'text',\n    },\n    {\n      name: 'ipAddress',\n      type: 'text',\n    },\n    {\n      name: 'revocationReason',\n      type: 'select',\n      options: Object.entries(RevocationReason).map(([key, value]) => ({\n        label: key,\n        value,\n      })),\n    },\n  ],\n})\n"],"names":["RevocationReason","RefreshTokens","options","slug","admin","hidden","fields","name","type","relationTo","entity_slug","required","index","unique","Object","entries","map","key","value","label"],"mappings":"AAMA,OAAO,IAAA,AAAKA,0CAAAA;;;;WAAAA;MAIX;AAED,OAAO,MAAMC,gBAAgB,CAACC,UAAqD,CAAA;QACjFC,MAAM;QACNC,OAAO;YACLC,QAAQ;QACV;QACAC,QAAQ;YACN;gBACEC,MAAM;gBACNC,MAAM;gBACNC,YAAYP,QAAQQ,WAAW;gBAC/BC,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;gBACNI,OAAO;gBACPD,UAAU;gBACVE,QAAQ;YACV;YACA;gBACEN,MAAM;gBACNC,MAAM;gBACNG,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNG,UAAU;YACZ;YACA;gBACEJ,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;YACR;YACA;gBACED,MAAM;gBACNC,MAAM;gBACNN,SAASY,OAAOC,OAAO,CAACf,kBAAkBgB,GAAG,CAAC,CAAC,CAACC,KAAKC,MAAM,GAAM,CAAA;wBAC/DC,OAAOF;wBACPC;oBACF,CAAA;YACF;SACD;IACH,CAAA,EAAE"}

package/dist/endpoints/login.d.ts

@@ -0,0 +1,5 @@
+import type { Endpoint } from 'payload';
+import type { AuthRefreshPluginOptions } from '../index';
+type LoginEndpointOptions = Pick<AuthRefreshPluginOptions, 'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'>;
+export declare const loginEndpoint: (options: LoginEndpointOptions) => Endpoint;
+export {};

package/dist/endpoints/login.js

@@ -0,0 +1,42 @@
+import { createRefreshToken } from 'src/utils/crypto';
+import { getRequestMeta } from '../utils/getRequestMeta';
+export const loginEndpoint = (options)=>({
+        handler: async (req)=>{
+            const { deviceId, identifier, password } = await req.json?.() || {};
+            if (!identifier || !password) {
+                return Response.json({
+                    message: 'Identifier and password are required.'
+                }, {
+                    status: 400
+                });
+            }
+            const login = await req.payload.login({
+                collection: options.entity_slug,
+                data: {
+                    [options.identifier_field]: identifier,
+                    password
+                }
+            });
+            const { token, tokenHash } = createRefreshToken(options.pepper);
+            await req.payload.create({
+                collection: 'refresh-tokens',
+                data: {
+                    deviceId,
+                    entity: login.user.id,
+                    expiresAt: new Date(Date.now() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),
+                    lastUsedAt: new Date(),
+                    tokenHash,
+                    ...getRequestMeta(req)
+                }
+            });
+            return Response.json({
+                access_token: login.token,
+                refresh_token: token,
+                user: login.user
+            });
+        },
+        method: 'post',
+        path: `${options.entity_slug}/auth/login`
+    });
+
+//# sourceMappingURL=login.js.map

package/dist/endpoints/login.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/endpoints/login.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport { createRefreshToken } from 'src/utils/crypto'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { getRequestMeta } from '../utils/getRequestMeta'\n\ntype LoginEndpointOptions = Pick<\n  AuthRefreshPluginOptions,\n  'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'\n>\n\nexport const loginEndpoint = (options: LoginEndpointOptions): Endpoint => ({\n  handler: async (req) => {\n    const { deviceId, identifier, password } = (await req.json?.()) || {}\n\n    if (!identifier || !password) {\n      return Response.json({ message: 'Identifier and password are required.' }, { status: 400 })\n    }\n\n    const login = await req.payload.login({\n      collection: options.entity_slug,\n      data: {\n        [options.identifier_field]: identifier,\n        password,\n      } as any,\n    })\n\n    const { token, tokenHash } = createRefreshToken(options.pepper)\n\n    await req.payload.create({\n      collection: 'refresh-tokens',\n      data: {\n        deviceId,\n        entity: login.user.id,\n        expiresAt: new Date(Date.now() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),\n        lastUsedAt: new Date(),\n        tokenHash,\n        ...getRequestMeta(req),\n      },\n    })\n\n    return Response.json({\n      access_token: login.token,\n      refresh_token: token,\n      user: login.user,\n    })\n  },\n  method: 'post',\n  path: `${options.entity_slug}/auth/login`,\n})\n"],"names":["createRefreshToken","getRequestMeta","loginEndpoint","options","handler","req","deviceId","identifier","password","json","Response","message","status","login","payload","collection","entity_slug","data","identifier_field","token","tokenHash","pepper","create","entity","user","id","expiresAt","Date","now","refreshTokenTTL","lastUsedAt","access_token","refresh_token","method","path"],"mappings":"AAEA,SAASA,kBAAkB,QAAQ,mBAAkB;AAIrD,SAASC,cAAc,QAAQ,0BAAyB;AAOxD,OAAO,MAAMC,gBAAgB,CAACC,UAA6C,CAAA;QACzEC,SAAS,OAAOC;YACd,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAEC,QAAQ,EAAE,GAAG,AAAC,MAAMH,IAAII,IAAI,QAAS,CAAC;YAEpE,IAAI,CAACF,cAAc,CAACC,UAAU;gBAC5B,OAAOE,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAwC,GAAG;oBAAEC,QAAQ;gBAAI;YAC3F;YAEA,MAAMC,QAAQ,MAAMR,IAAIS,OAAO,CAACD,KAAK,CAAC;gBACpCE,YAAYZ,QAAQa,WAAW;gBAC/BC,MAAM;oBACJ,CAACd,QAAQe,gBAAgB,CAAC,EAAEX;oBAC5BC;gBACF;YACF;YAEA,MAAM,EAAEW,KAAK,EAAEC,SAAS,EAAE,GAAGpB,mBAAmBG,QAAQkB,MAAM;YAE9D,MAAMhB,IAAIS,OAAO,CAACQ,MAAM,CAAC;gBACvBP,YAAY;gBACZE,MAAM;oBACJX;oBACAiB,QAAQV,MAAMW,IAAI,CAACC,EAAE;oBACrBC,WAAW,IAAIC,KAAKA,KAAKC,GAAG,KAAKzB,QAAQ0B,eAAe,GAAG,KAAK,KAAK,KAAK;oBAC1EC,YAAY,IAAIH;oBAChBP;oBACA,GAAGnB,eAAeI,IAAI;gBACxB;YACF;YAEA,OAAOK,SAASD,IAAI,CAAC;gBACnBsB,cAAclB,MAAMM,KAAK;gBACzBa,eAAeb;gBACfK,MAAMX,MAAMW,IAAI;YAClB;QACF;QACAS,QAAQ;QACRC,MAAM,GAAG/B,QAAQa,WAAW,CAAC,WAAW,CAAC;IAC3C,CAAA,EAAE"}

package/dist/endpoints/logout.d.ts

@@ -0,0 +1,5 @@
+import type { Endpoint } from 'payload';
+import type { AuthRefreshPluginOptions } from '../index';
+type LogoutEndpointOptions = Pick<AuthRefreshPluginOptions, 'pepper'>;
+export declare const logoutEndpoint: (options: LogoutEndpointOptions) => Endpoint;
+export {};

package/dist/endpoints/logout.js

@@ -0,0 +1,44 @@
+import { RevocationReason } from '../collections/refreshTokens';
+import { hashToken } from '../utils/crypto';
+export const logoutEndpoint = (options)=>({
+        handler: async (req)=>{
+            const { refresh_token } = await req.json?.() || {};
+            if (!refresh_token) {
+                return Response.json({
+                    message: 'refreshToken is required to logout.'
+                }, {
+                    status: 400
+                });
+            }
+            const tokenHash = hashToken(refresh_token, options.pepper);
+            const result = await req.payload.find({
+                collection: 'refresh-tokens',
+                where: {
+                    tokenHash: {
+                        equals: tokenHash
+                    }
+                }
+            });
+            if (!result?.docs?.length) {
+                return new Response(null, {
+                    status: 204
+                });
+            }
+            const session = result.docs[0];
+            await req.payload.update({
+                id: session.id,
+                collection: 'refresh-tokens',
+                data: {
+                    revocationReason: RevocationReason.UserLogout,
+                    revokedAt: new Date()
+                }
+            });
+            return new Response(null, {
+                status: 204
+            });
+        },
+        method: 'post',
+        path: '/auth/logout'
+    });
+
+//# sourceMappingURL=logout.js.map

package/dist/endpoints/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/endpoints/logout.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { hashToken } from '../utils/crypto'\n\ntype LogoutEndpointOptions = Pick<AuthRefreshPluginOptions, 'pepper'>\n\nexport const logoutEndpoint = (options: LogoutEndpointOptions): Endpoint => ({\n  handler: async (req) => {\n    const { refresh_token } = (await req.json?.()) || {}\n\n    if (!refresh_token) {\n      return Response.json({ message: 'refreshToken is required to logout.' }, { status: 400 })\n    }\n\n    const tokenHash = hashToken(refresh_token, options.pepper)\n    const result = await req.payload.find({\n      collection: 'refresh-tokens',\n      where: { tokenHash: { equals: tokenHash } },\n    })\n\n    if (!result?.docs?.length) {\n      return new Response(null, { status: 204 })\n    }\n\n    const session = result.docs[0]\n\n    await req.payload.update({\n      id: session.id,\n      collection: 'refresh-tokens',\n      data: {\n        revocationReason: RevocationReason.UserLogout,\n        revokedAt: new Date(),\n      },\n    })\n\n    return new Response(null, { status: 204 })\n  },\n  method: 'post',\n  path: '/auth/logout',\n})\n"],"names":["RevocationReason","hashToken","logoutEndpoint","options","handler","req","refresh_token","json","Response","message","status","tokenHash","pepper","result","payload","find","collection","where","equals","docs","length","session","update","id","data","revocationReason","UserLogout","revokedAt","Date","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,SAAS,QAAQ,kBAAiB;AAI3C,OAAO,MAAMC,iBAAiB,CAACC,UAA8C,CAAA;QAC3EC,SAAS,OAAOC;YACd,MAAM,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMD,IAAIE,IAAI,QAAS,CAAC;YAEnD,IAAI,CAACD,eAAe;gBAClB,OAAOE,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAsC,GAAG;oBAAEC,QAAQ;gBAAI;YACzF;YAEA,MAAMC,YAAYV,UAAUK,eAAeH,QAAQS,MAAM;YACzD,MAAMC,SAAS,MAAMR,IAAIS,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBAAEN,WAAW;wBAAEO,QAAQP;oBAAU;gBAAE;YAC5C;YAEA,IAAI,CAACE,QAAQM,MAAMC,QAAQ;gBACzB,OAAO,IAAIZ,SAAS,MAAM;oBAAEE,QAAQ;gBAAI;YAC1C;YAEA,MAAMW,UAAUR,OAAOM,IAAI,CAAC,EAAE;YAE9B,MAAMd,IAAIS,OAAO,CAACQ,MAAM,CAAC;gBACvBC,IAAIF,QAAQE,EAAE;gBACdP,YAAY;gBACZQ,MAAM;oBACJC,kBAAkBzB,iBAAiB0B,UAAU;oBAC7CC,WAAW,IAAIC;gBACjB;YACF;YAEA,OAAO,IAAIpB,SAAS,MAAM;gBAAEE,QAAQ;YAAI;QAC1C;QACAmB,QAAQ;QACRC,MAAM;IACR,CAAA,EAAE"}

package/dist/endpoints/refresh.d.ts

@@ -0,0 +1,5 @@
+import type { Endpoint } from 'payload';
+import type { AuthRefreshPluginOptions } from '../index';
+type RefreshEndpointOptions = Pick<AuthRefreshPluginOptions, 'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'>;
+export declare const refreshEndpoint: (options: RefreshEndpointOptions) => Endpoint;
+export {};

package/dist/endpoints/refresh.js

@@ -0,0 +1,92 @@
+import { RevocationReason } from '../collections/refreshTokens';
+import { createRefreshToken, hashToken } from '../utils/crypto';
+import { getRequestMeta } from '../utils/getRequestMeta';
+import { signJWT } from '../utils/jwt';
+export const refreshEndpoint = (options)=>({
+        handler: async (req)=>{
+            const { deviceId, refresh_token } = await req.json?.() || {};
+            if (!refresh_token || !deviceId) {
+                return Response.json({
+                    message: 'Refresh token and device ID are required.'
+                }, {
+                    status: 400
+                });
+            }
+            const result = await req.payload.find({
+                collection: 'refresh-tokens',
+                where: {
+                    tokenHash: {
+                        equals: hashToken(refresh_token, options.pepper)
+                    }
+                }
+            });
+            if (!result?.docs?.length) {
+                return Response.json({
+                    message: 'Unauthorized.'
+                }, {
+                    status: 401
+                });
+            }
+            const session = result.docs[0];
+            if (session.deviceId !== deviceId || session.expiresAt < new Date() || session.revokedAt) {
+                return Response.json({
+                    message: 'Unauthorized.'
+                }, {
+                    status: 401
+                });
+            }
+            if (session.rotatedAt) {
+                await req.payload.update({
+                    id: session.id,
+                    collection: 'refresh-tokens',
+                    data: {
+                        revocationReason: RevocationReason.SuspiciousActivity,
+                        revokedAt: new Date()
+                    }
+                });
+                return Response.json({
+                    message: 'Unauthorized.'
+                }, {
+                    status: 401
+                });
+            }
+            const { token, tokenHash } = createRefreshToken(options.pepper);
+            const now = new Date();
+            const newSession = await req.payload.create({
+                collection: 'refresh-tokens',
+                data: {
+                    deviceId,
+                    entity: session.user,
+                    expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),
+                    lastUsedAt: now,
+                    tokenHash,
+                    ...getRequestMeta(req)
+                }
+            });
+            await req.payload.update({
+                id: session.id,
+                collection: 'refresh-tokens',
+                data: {
+                    lastUsedAt: now,
+                    replacedBy: newSession.id,
+                    revocationReason: RevocationReason.TokenRotation,
+                    rotatedAt: now
+                }
+            });
+            const accessJWT = signJWT({
+                collectionId: session.user,
+                collectionSlug: options.entity_slug,
+                expiresIn: '15m',
+                rawSecret: req.payload.secret
+            });
+            return Response.json({
+                access_token: accessJWT,
+                refresh_token: token,
+                user: session.user
+            });
+        },
+        method: 'post',
+        path: `${options.entity_slug}/auth/refresh`
+    });
+
+//# sourceMappingURL=refresh.js.map

package/dist/endpoints/refresh.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/endpoints/refresh.ts"],"sourcesContent":["import type { Endpoint } from 'payload'\n\nimport type { AuthRefreshPluginOptions } from '../index'\n\nimport { RevocationReason } from '../collections/refreshTokens'\nimport { createRefreshToken, hashToken } from '../utils/crypto'\nimport { getRequestMeta } from '../utils/getRequestMeta'\nimport { signJWT } from '../utils/jwt'\n\ntype RefreshEndpointOptions = Pick<\n  AuthRefreshPluginOptions,\n  'entity_slug' | 'identifier_field' | 'pepper' | 'refreshTokenTTL'\n>\n\nexport const refreshEndpoint = (options: RefreshEndpointOptions): Endpoint => ({\n  handler: async (req) => {\n    const { deviceId, refresh_token } = (await req.json?.()) || {}\n\n    if (!refresh_token || !deviceId) {\n      return Response.json(\n        { message: 'Refresh token and device ID are required.' },\n        { status: 400 },\n      )\n    }\n\n    const result = await req.payload.find({\n      collection: 'refresh-tokens',\n      where: {\n        tokenHash: {\n          equals: hashToken(refresh_token, options.pepper),\n        },\n      },\n    })\n\n    if (!result?.docs?.length) {\n      return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n    }\n\n    const session = result.docs[0]\n\n    if (session.deviceId !== deviceId || session.expiresAt < new Date() || session.revokedAt) {\n      return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n    }\n\n    if (session.rotatedAt) {\n      await req.payload.update({\n        id: session.id,\n        collection: 'refresh-tokens',\n        data: { revocationReason: RevocationReason.SuspiciousActivity, revokedAt: new Date() },\n      })\n      return Response.json({ message: 'Unauthorized.' }, { status: 401 })\n    }\n\n    const { token, tokenHash } = createRefreshToken(options.pepper)\n    const now = new Date()\n\n    const newSession = await req.payload.create({\n      collection: 'refresh-tokens',\n      data: {\n        deviceId,\n        entity: session.user,\n        expiresAt: new Date(now.getTime() + options.refreshTokenTTL * 24 * 60 * 60 * 1000),\n        lastUsedAt: now,\n        tokenHash,\n        ...getRequestMeta(req),\n      },\n    })\n\n    await req.payload.update({\n      id: session.id,\n      collection: 'refresh-tokens',\n      data: {\n        lastUsedAt: now,\n        replacedBy: newSession.id,\n        revocationReason: RevocationReason.TokenRotation,\n        rotatedAt: now,\n      },\n    })\n\n    const accessJWT = signJWT({\n      collectionId: session.user,\n      collectionSlug: options.entity_slug,\n      expiresIn: '15m',\n      rawSecret: req.payload.secret,\n    })\n\n    return Response.json({\n      access_token: accessJWT,\n      refresh_token: token,\n      user: session.user,\n    })\n  },\n  method: 'post',\n  path: `${options.entity_slug}/auth/refresh`,\n})\n"],"names":["RevocationReason","createRefreshToken","hashToken","getRequestMeta","signJWT","refreshEndpoint","options","handler","req","deviceId","refresh_token","json","Response","message","status","result","payload","find","collection","where","tokenHash","equals","pepper","docs","length","session","expiresAt","Date","revokedAt","rotatedAt","update","id","data","revocationReason","SuspiciousActivity","token","now","newSession","create","entity","user","getTime","refreshTokenTTL","lastUsedAt","replacedBy","TokenRotation","accessJWT","collectionId","collectionSlug","entity_slug","expiresIn","rawSecret","secret","access_token","method","path"],"mappings":"AAIA,SAASA,gBAAgB,QAAQ,+BAA8B;AAC/D,SAASC,kBAAkB,EAAEC,SAAS,QAAQ,kBAAiB;AAC/D,SAASC,cAAc,QAAQ,0BAAyB;AACxD,SAASC,OAAO,QAAQ,eAAc;AAOtC,OAAO,MAAMC,kBAAkB,CAACC,UAA+C,CAAA;QAC7EC,SAAS,OAAOC;YACd,MAAM,EAAEC,QAAQ,EAAEC,aAAa,EAAE,GAAG,AAAC,MAAMF,IAAIG,IAAI,QAAS,CAAC;YAE7D,IAAI,CAACD,iBAAiB,CAACD,UAAU;gBAC/B,OAAOG,SAASD,IAAI,CAClB;oBAAEE,SAAS;gBAA4C,GACvD;oBAAEC,QAAQ;gBAAI;YAElB;YAEA,MAAMC,SAAS,MAAMP,IAAIQ,OAAO,CAACC,IAAI,CAAC;gBACpCC,YAAY;gBACZC,OAAO;oBACLC,WAAW;wBACTC,QAAQnB,UAAUQ,eAAeJ,QAAQgB,MAAM;oBACjD;gBACF;YACF;YAEA,IAAI,CAACP,QAAQQ,MAAMC,QAAQ;gBACzB,OAAOZ,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAMW,UAAUV,OAAOQ,IAAI,CAAC,EAAE;YAE9B,IAAIE,QAAQhB,QAAQ,KAAKA,YAAYgB,QAAQC,SAAS,GAAG,IAAIC,UAAUF,QAAQG,SAAS,EAAE;gBACxF,OAAOhB,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,IAAIW,QAAQI,SAAS,EAAE;gBACrB,MAAMrB,IAAIQ,OAAO,CAACc,MAAM,CAAC;oBACvBC,IAAIN,QAAQM,EAAE;oBACdb,YAAY;oBACZc,MAAM;wBAAEC,kBAAkBjC,iBAAiBkC,kBAAkB;wBAAEN,WAAW,IAAID;oBAAO;gBACvF;gBACA,OAAOf,SAASD,IAAI,CAAC;oBAAEE,SAAS;gBAAgB,GAAG;oBAAEC,QAAQ;gBAAI;YACnE;YAEA,MAAM,EAAEqB,KAAK,EAAEf,SAAS,EAAE,GAAGnB,mBAAmBK,QAAQgB,MAAM;YAC9D,MAAMc,MAAM,IAAIT;YAEhB,MAAMU,aAAa,MAAM7B,IAAIQ,OAAO,CAACsB,MAAM,CAAC;gBAC1CpB,YAAY;gBACZc,MAAM;oBACJvB;oBACA8B,QAAQd,QAAQe,IAAI;oBACpBd,WAAW,IAAIC,KAAKS,IAAIK,OAAO,KAAKnC,QAAQoC,eAAe,GAAG,KAAK,KAAK,KAAK;oBAC7EC,YAAYP;oBACZhB;oBACA,GAAGjB,eAAeK,IAAI;gBACxB;YACF;YAEA,MAAMA,IAAIQ,OAAO,CAACc,MAAM,CAAC;gBACvBC,IAAIN,QAAQM,EAAE;gBACdb,YAAY;gBACZc,MAAM;oBACJW,YAAYP;oBACZQ,YAAYP,WAAWN,EAAE;oBACzBE,kBAAkBjC,iBAAiB6C,aAAa;oBAChDhB,WAAWO;gBACb;YACF;YAEA,MAAMU,YAAY1C,QAAQ;gBACxB2C,cAActB,QAAQe,IAAI;gBAC1BQ,gBAAgB1C,QAAQ2C,WAAW;gBACnCC,WAAW;gBACXC,WAAW3C,IAAIQ,OAAO,CAACoC,MAAM;YAC/B;YAEA,OAAOxC,SAASD,IAAI,CAAC;gBACnB0C,cAAcP;gBACdpC,eAAeyB;gBACfK,MAAMf,QAAQe,IAAI;YACpB;QACF;QACAc,QAAQ;QACRC,MAAM,GAAGjD,QAAQ2C,WAAW,CAAC,aAAa,CAAC;IAC7C,CAAA,EAAE"}

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+import type { Config } from 'payload';
+export type AuthRefreshPluginOptions = {
+    entity_slug: string;
+    identifier_field: string;
+    pepper: string;
+    refreshTokenTTL: number;
+};
+export declare const authRefreshPlugin: ({ entity_slug, identifier_field, pepper, refreshTokenTTL, }: AuthRefreshPluginOptions) => ((config: Config) => Config);

package/dist/index.js

@@ -0,0 +1,35 @@
+import { RefreshTokens } from './collections/refreshTokens';
+import { loginEndpoint } from './endpoints/login';
+import { logoutEndpoint } from './endpoints/logout';
+import { refreshEndpoint } from './endpoints/refresh';
+export const authRefreshPlugin = ({ entity_slug = 'users', identifier_field = 'email', pepper = 'default-pepper', refreshTokenTTL = 30 })=>(config)=>{
+        return {
+            ...config,
+            collections: [
+                ...config.collections || [],
+                RefreshTokens({
+                    entity_slug
+                })
+            ],
+            endpoints: [
+                ...config.endpoints || [],
+                loginEndpoint({
+                    entity_slug,
+                    identifier_field,
+                    pepper,
+                    refreshTokenTTL
+                }),
+                refreshEndpoint({
+                    entity_slug,
+                    identifier_field,
+                    pepper,
+                    refreshTokenTTL
+                }),
+                logoutEndpoint({
+                    pepper
+                })
+            ]
+        };
+    };
+
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"sourcesContent":["import type { Config } from 'payload'\n\nimport { RefreshTokens } from './collections/refreshTokens'\nimport { loginEndpoint } from './endpoints/login'\nimport { logoutEndpoint } from './endpoints/logout'\nimport { refreshEndpoint } from './endpoints/refresh'\n\nexport type AuthRefreshPluginOptions = {\n  entity_slug: string\n  identifier_field: string\n  pepper: string\n  refreshTokenTTL: number\n}\n\nexport const authRefreshPlugin =\n  ({\n    entity_slug = 'users',\n    identifier_field = 'email',\n    pepper = 'default-pepper',\n    refreshTokenTTL = 30,\n  }: AuthRefreshPluginOptions): ((config: Config) => Config) =>\n  (config) => {\n    return {\n      ...config,\n      collections: [...(config.collections || []), RefreshTokens({ entity_slug })],\n      endpoints: [\n        ...(config.endpoints || []),\n        loginEndpoint({ entity_slug, identifier_field, pepper, refreshTokenTTL }),\n        refreshEndpoint({ entity_slug, identifier_field, pepper, refreshTokenTTL }),\n        logoutEndpoint({ pepper }),\n      ],\n    }\n  }\n"],"names":["RefreshTokens","loginEndpoint","logoutEndpoint","refreshEndpoint","authRefreshPlugin","entity_slug","identifier_field","pepper","refreshTokenTTL","config","collections","endpoints"],"mappings":"AAEA,SAASA,aAAa,QAAQ,8BAA6B;AAC3D,SAASC,aAAa,QAAQ,oBAAmB;AACjD,SAASC,cAAc,QAAQ,qBAAoB;AACnD,SAASC,eAAe,QAAQ,sBAAqB;AASrD,OAAO,MAAMC,oBACX,CAAC,EACCC,cAAc,OAAO,EACrBC,mBAAmB,OAAO,EAC1BC,SAAS,gBAAgB,EACzBC,kBAAkB,EAAE,EACK,GAC3B,CAACC;QACC,OAAO;YACL,GAAGA,MAAM;YACTC,aAAa;mBAAKD,OAAOC,WAAW,IAAI,EAAE;gBAAGV,cAAc;oBAAEK;gBAAY;aAAG;YAC5EM,WAAW;mBACLF,OAAOE,SAAS,IAAI,EAAE;gBAC1BV,cAAc;oBAAEI;oBAAaC;oBAAkBC;oBAAQC;gBAAgB;gBACvEL,gBAAgB;oBAAEE;oBAAaC;oBAAkBC;oBAAQC;gBAAgB;gBACzEN,eAAe;oBAAEK;gBAAO;aACzB;QACH;IACF,EAAC"}

package/dist/utils/crypto.d.ts

@@ -0,0 +1,5 @@
+export declare const createRefreshToken: (pepper: string) => {
+    token: string;
+    tokenHash: string;
+};
+export declare const hashToken: (token: string, pepper: string) => string;

package/dist/utils/crypto.js

@@ -0,0 +1,14 @@
+import crypto from 'crypto';
+export const createRefreshToken = (pepper)=>{
+    const token = crypto.randomBytes(32).toString('base64url');
+    const tokenHash = hashToken(token, pepper);
+    return {
+        token,
+        tokenHash
+    };
+};
+export const hashToken = (token, pepper)=>{
+    return crypto.createHmac('sha256', pepper).update(token).digest('base64');
+};
+
+//# sourceMappingURL=crypto.js.map

package/dist/utils/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/crypto.ts"],"sourcesContent":["import crypto from 'crypto'\n\nexport const createRefreshToken = (pepper: string) => {\n  const token = crypto.randomBytes(32).toString('base64url')\n  const tokenHash = hashToken(token, pepper)\n\n  return { token, tokenHash }\n}\n\nexport const hashToken = (token: string, pepper: string) => {\n  return crypto.createHmac('sha256', pepper).update(token).digest('base64')\n}\n"],"names":["crypto","createRefreshToken","pepper","token","randomBytes","toString","tokenHash","hashToken","createHmac","update","digest"],"mappings":"AAAA,OAAOA,YAAY,SAAQ;AAE3B,OAAO,MAAMC,qBAAqB,CAACC;IACjC,MAAMC,QAAQH,OAAOI,WAAW,CAAC,IAAIC,QAAQ,CAAC;IAC9C,MAAMC,YAAYC,UAAUJ,OAAOD;IAEnC,OAAO;QAAEC;QAAOG;IAAU;AAC5B,EAAC;AAED,OAAO,MAAMC,YAAY,CAACJ,OAAeD;IACvC,OAAOF,OAAOQ,UAAU,CAAC,UAAUN,QAAQO,MAAM,CAACN,OAAOO,MAAM,CAAC;AAClE,EAAC"}

package/dist/utils/getRequestMeta.d.ts

@@ -0,0 +1,4 @@
+import type { PayloadRequest } from 'payload';
+export declare const getRequestMeta: (req: PayloadRequest) => {
+    userAgent: string | undefined;
+};

package/dist/utils/getRequestMeta.js

@@ -0,0 +1,8 @@
+export const getRequestMeta = (req)=>{
+    const userAgent = req.headers.get('user-agent') || undefined;
+    return {
+        userAgent
+    };
+};
+
+//# sourceMappingURL=getRequestMeta.js.map

package/dist/utils/getRequestMeta.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/getRequestMeta.ts"],"sourcesContent":["import type { PayloadRequest } from 'payload'\n\nexport const getRequestMeta = (req: PayloadRequest) => {\n  const userAgent = req.headers.get('user-agent') || undefined\n\n  return { userAgent }\n}\n"],"names":["getRequestMeta","req","userAgent","headers","get","undefined"],"mappings":"AAEA,OAAO,MAAMA,iBAAiB,CAACC;IAC7B,MAAMC,YAAYD,IAAIE,OAAO,CAACC,GAAG,CAAC,iBAAiBC;IAEnD,OAAO;QAAEH;IAAU;AACrB,EAAC"}

package/dist/utils/jwt.d.ts

@@ -0,0 +1,8 @@
+type SignJWTOptions = {
+    collectionId: string;
+    collectionSlug: string;
+    expiresIn: number | string;
+    rawSecret: string;
+};
+export declare const signJWT: ({ collectionId, collectionSlug, expiresIn, rawSecret }: SignJWTOptions) => string;
+export {};

package/dist/utils/jwt.js

@@ -0,0 +1,18 @@
+import crypto from 'crypto';
+import jwt from 'jsonwebtoken';
+const derivePayloadJWTSecret = (secret)=>{
+    const hash = crypto.createHash('sha256').update(secret).digest('hex');
+    return hash.slice(0, 32);
+};
+export const signJWT = ({ collectionId, collectionSlug, expiresIn, rawSecret })=>{
+    const signingKey = derivePayloadJWTSecret(rawSecret);
+    const token = jwt.sign({
+        id: collectionId,
+        collection: collectionSlug
+    }, signingKey, {
+        expiresIn
+    });
+    return token;
+};
+
+//# sourceMappingURL=jwt.js.map

package/dist/utils/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/jwt.ts"],"sourcesContent":["import type { Secret, SignOptions } from 'jsonwebtoken'\n\nimport crypto from 'crypto'\nimport jwt from 'jsonwebtoken'\n\nconst derivePayloadJWTSecret = (secret: string) => {\n  const hash = crypto.createHash('sha256').update(secret).digest('hex')\n  return hash.slice(0, 32)\n}\n\ntype SignJWTOptions = {\n  collectionId: string\n  collectionSlug: string\n  expiresIn: number | string\n  rawSecret: string\n}\n\nexport const signJWT = ({ collectionId, collectionSlug, expiresIn, rawSecret }: SignJWTOptions) => {\n  const signingKey = derivePayloadJWTSecret(rawSecret)\n\n  const token = jwt.sign(\n    {\n      id: collectionId,\n      collection: collectionSlug,\n    },\n    signingKey as Secret,\n    { expiresIn } as SignOptions,\n  )\n\n  return token\n}\n"],"names":["crypto","jwt","derivePayloadJWTSecret","secret","hash","createHash","update","digest","slice","signJWT","collectionId","collectionSlug","expiresIn","rawSecret","signingKey","token","sign","id","collection"],"mappings":"AAEA,OAAOA,YAAY,SAAQ;AAC3B,OAAOC,SAAS,eAAc;AAE9B,MAAMC,yBAAyB,CAACC;IAC9B,MAAMC,OAAOJ,OAAOK,UAAU,CAAC,UAAUC,MAAM,CAACH,QAAQI,MAAM,CAAC;IAC/D,OAAOH,KAAKI,KAAK,CAAC,GAAG;AACvB;AASA,OAAO,MAAMC,UAAU,CAAC,EAAEC,YAAY,EAAEC,cAAc,EAAEC,SAAS,EAAEC,SAAS,EAAkB;IAC5F,MAAMC,aAAaZ,uBAAuBW;IAE1C,MAAME,QAAQd,IAAIe,IAAI,CACpB;QACEC,IAAIP;QACJQ,YAAYP;IACd,GACAG,YACA;QAAEF;IAAU;IAGd,OAAOG;AACT,EAAC"}

package/package.json

@@ -0,0 +1,96 @@
+{
+  "name": "@bivola/refresh-auth",
+  "version": "1.0.0",
+  "description": "A blank template to get started with Payload 3.0",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "pnpm copyfiles && pnpm build:types && pnpm build:swc",
+    "build:swc": "swc ./src -d ./dist --config-file .swcrc --strip-leading-paths",
+    "build:types": "tsc --outDir dist --rootDir ./src",
+    "clean": "rimraf {dist,*.tsbuildinfo}",
+    "copyfiles": "copyfiles -u 1 \"src/**/*.{html,css,scss,ttf,woff,woff2,eot,svg,jpg,png,json}\" dist/",
+    "dev": "next dev dev --turbo",
+    "dev:generate-importmap": "pnpm dev:payload generate:importmap",
+    "dev:generate-types": "pnpm dev:payload generate:types",
+    "dev:payload": "cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload",
+    "generate:importmap": "pnpm dev:generate-importmap",
+    "generate:types": "pnpm dev:generate-types",
+    "lint": "eslint",
+    "lint:fix": "eslint ./src --fix",
+    "test": "pnpm test:int && pnpm test:e2e",
+    "test:e2e": "playwright test",
+    "test:int": "vitest"
+  },
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.2.0",
+    "@payloadcms/eslint-config": "3.9.0",
+    "@payloadcms/next": "3.37.0",
+    "@payloadcms/richtext-lexical": "3.37.0",
+    "@payloadcms/ui": "3.37.0",
+    "@playwright/test": "1.58.2",
+    "@swc-node/register": "1.10.9",
+    "@swc/cli": "0.6.0",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/node": "22.19.9",
+    "@types/react": "19.2.9",
+    "@types/react-dom": "19.2.3",
+    "copyfiles": "2.4.1",
+    "cross-env": "^7.0.3",
+    "eslint": "^9.23.0",
+    "eslint-config-next": "15.4.11",
+    "graphql": "^16.8.1",
+    "jsonwebtoken": "^9.0.3",
+    "next": "15.4.11",
+    "open": "^10.1.0",
+    "payload": "3.37.0",
+    "prettier": "^3.4.2",
+    "qs-esm": "7.0.2",
+    "react": "19.2.1",
+    "react-dom": "19.2.1",
+    "rimraf": "3.0.2",
+    "sharp": "0.34.2",
+    "sort-package-json": "^2.10.0",
+    "typescript": "5.7.3",
+    "vite-tsconfig-paths": "6.0.5",
+    "vitest": "4.0.18"
+  },
+  "peerDependencies": {
+    "payload": "^3.37.0"
+  },
+  "engines": {
+    "node": "^18.20.2 || >=20.9.0",
+    "pnpm": "^9 || ^10"
+  },
+  "publishConfig": {
+    "exports": {
+      ".": {
+        "import": "./dist/index.js",
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    },
+    "main": "./dist/index.js",
+    "types": "./dist/index.d.ts"
+  },
+  "pnpm": {
+    "onlyBuiltDependencies": [
+      "sharp",
+      "esbuild",
+      "unrs-resolver"
+    ]
+  },
+  "registry": "https://registry.npmjs.org/"
+}