npm - @cauth/core - Versions diffs - 0.0.1 - Mend

@cauth/core 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,141 @@
+# @cauth/core
+Core authentication library for Node.js applications with TypeScript support.
+## Features
+- **Type-Safe Authentication**: Built with TypeScript and Zod validation
+- **JWT-Based Authentication**: Access and refresh token management
+- **Role-Based Access Control**: Flexible role management system
+- **Multi-Factor Authentication**: OTP-based two-factor authentication
+- **Phone Number Support**: E.164 format validation using libphonenumber-js
+- **Error Handling**: Comprehensive error types and handling
+- **Modular Design**: Pluggable database and route contractors
+## Installation
+```bash
+npm install @cauth/core
+# or
+yarn add @cauth/core
+# or
+pnpm add @cauth/core
+```
+## Quick Start
+```typescript
+import { CAuth } from '@cauth/core';
+import { PrismaProvider } from '@cauth/prisma';
+import { ExpressContractor } from '@cauth/express';
+// Initialize authentication system
+const auth = CAuth({
+  roles: ['USER', 'ADMIN'],
+  dbContractor: new PrismaProvider(prismaClient),
+  routeContractor: new ExpressContractor(),
+  jwtConfig: {
+    accessTokenSecret: process.env.ACCESS_TOKEN_SECRET!,
+    refreshTokenSecret: process.env.REFRESH_TOKEN_SECRET!,
+    accessTokenLifeSpan: '15m',
+    refreshTokenLifeSpan: '7d',
+  },
+  otpConfig: {
+    expiresIn: 300000, // 5 minutes
+    length: 6, // 6-digit OTP codes
+  },
+});
+// Use authentication functions
+const result = await auth.FN.Login({
+  email: 'user@example.com',
+  //or phoneNumber: '+2659900000'
+  password: 'securepassword123',
+});
+if (result.success) {
+  console.log('Login successful:', result.value);
+} else {
+  console.log('Login failed:', result.errors); // FNErrors[]
+}
+```
+## Core Components
+### Authentication Functions
+The `FN` namespace provides these authentication functions:
+```typescript
+auth.FN.Login({ email?: string, phoneNumber?: string, password: string })
+auth.FN.Register({ email?: string, phoneNumber?: string, password: string, role: string })
+auth.FN.Logout({ refreshToken: string })
+auth.FN.Refresh({ refreshToken: string })
+auth.FN.ChangePassword({ oldPassword: string, newPassword: string })
+auth.FN.RequestOTPCode({ email?: string, phoneNumber?: string, otpPurpose: OtpPurpose })
+auth.FN.LoginWithOTP({ email?: string, phoneNumber?: string, code: string })
+auth.FN.VerifyOTP({ id: string, code: string, otpPurpose: OtpPurpose })
+```
+### Token Management
+The `Tokens` namespace provides these utilities:
+```typescript
+auth.Tokens.GenerateAccessToken(payload: any): Promise<string>
+auth.Tokens.GenerateRefreshToken(payload: any): Promise<string>
+auth.Tokens.GenerateTokenPairs(payload: any): Promise<{ accessToken: string, refreshToken: string }>
+auth.Tokens.VerifyAccessToken<T>(token: string): Promise<T | null>
+auth.Tokens.VerifyRefreshToken<T>(token: string): Promise<T | null>
+```
+## Configuration
+The `CAuthOptions` interface defines the configuration:
+```typescript
+interface CAuthOptions {
+  dbContractor: DatabaseContract;
+  routeContractor: RoutesContract;
+  roles: string[];
+  jwtConfig: {
+    refreshTokenSecret: string;
+    accessTokenSecret: string;
+    accessTokenLifeSpan?: string | number; // ms string or number
+    refreshTokenLifeSpan?: string | number; // ms string or number
+  };
+  otpConfig?: {
+    expiresIn?: number; // milliseconds, default: 300000 (5 minutes)
+    length?: number; // 4-8 digits, default: 6
+  };
+}
+```
+## Error Types
+The library provides these error types:
+- `CredentialMismatchError`: Invalid login credentials
+- `InvalidDataError`: Validation failures
+- `AccountNotFoundError`: Account not found
+- `InvalidRoleError`: Invalid role assignment
+- `InvalidRefreshTokenError`: Invalid/expired refresh token
+- `DuplicateAccountError`: Account already exists
+- `InvalidOTPCode`: Invalid/expired OTP code
+## Development
+### Prerequisites
+- Node.js >= 18
+- TypeScript >= 5.9
+## License
+MIT License - see LICENSE file for details.
+## Support
+For issues and feature requests, please visit the [GitHub repository](https://github.com/jonace-mpelule/cauth).

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1 @@

+ var e=Object.create,t=Object.defineProperty,n=Object.getOwnPropertyDescriptor,r=Object.getOwnPropertyNames,i=Object.getPrototypeOf,a=Object.prototype.hasOwnProperty,o=(e,i,o,s)=>{if(i&&typeof i==`object`||typeof i==`function`)for(var c=r(i),l=0,u=c.length,d;l<u;l++)d=c[l],!a.call(e,d)&&d!==o&&t(e,d,{get:(e=>i[e]).bind(null,d),enumerable:!(s=n(i,d))||s.enumerable});return e},s=(n,r,a)=>(a=n==null?{}:e(i(n)),o(r||!n||!n.__esModule?t(a,`default`,{value:n,enumerable:!0}):a,n));let c=require(`zod`);c=s(c);let l=require(`libphonenumber-js`);l=s(l);let u=require(`bcrypt`);u=s(u);let d=require(`jsonwebtoken`);d=s(d);var f=class{static ValidationError=`validation-error`;static CredentialError=`credential-error`;static UnKnownError=`unknown-error`;static InvalidDataError=`invalid-data-error`},p=class{static ServerError=`internal-server-error`;static ServerErrorMessage=`Internal server error. We are working to fix this, please try again later`;static InvalidToken=`invalid-token`;static InvalidTokenMessage=`Invalid Token`;static ForbiddenResource=`forbidden-resource`;static ForbiddenResourceMessage=`You don't have sufficient permission for this action`;static InvalidOtp=`invalid-otp`;static InvalidOtpMessage=`Invalid Otp. Please check and try again`;static CredentialMismatch=`credential-mismatch`;static CredentialMismatchMessage=`Credential mismatch. Please check your credentials and try again.`;static InvalidData=`invalid-data`;static InvalidDataMessage=e=>`Invalid Body: ${e}`;static AccountNotFound=`account-not-found`;static AccountNotFoundMessage=`Account not found`;static InvalidRole=`invalid-role`;static InvalidRoleMessage=e=>`Role is invalid, please use one of the following roles: ${e.join(`, `)}`;static InvalidRefreshToken=`invalid-refresh-token`;static InvalidRefreshTokenMessage=`Invalid refresh token`;static DuplicateAccount=`account-already-exists`;static DuplicateAccountMessage=`Account with this credentials already exists`},m=class extends Error{code;static type=f.CredentialError;constructor(){super(p.CredentialMismatchMessage),this.code=p.CredentialMismatch,this.name=`CredentialMismatch`}},h=class extends Error{code;static type=f.ValidationError;constructor(e){super(p.InvalidDataMessage(e)),this.code=p.InvalidData,this.name=`InvalidDataError`}},g=class extends Error{code;static type=f.InvalidDataError;constructor(){super(p.AccountNotFoundMessage),this.code=p.AccountNotFound,this.name=`AccountNotFoundError`}},_=class extends Error{code;static type=f.ValidationError;constructor(e){super(p.InvalidRoleMessage(e)),this.code=p.InvalidRole,this.name=`InvalidRoleError`}},v=class extends Error{code;static type=f.ValidationError;constructor(){super(p.InvalidRefreshTokenMessage),this.code=p.InvalidRefreshToken,this.name=`InvalidRefreshTokenError`}},y=class extends Error{code;static type=f.ValidationError;constructor(){super(p.DuplicateAccountMessage),this.code=p.DuplicateAccount,this.name=`DuplicateAccountError`}},b=class extends Error{code;static type=f.ValidationError;constructor(){super(p.InvalidOtpMessage),this.code=p.InvalidOtp,this.name=`InvalidOTPCode`}},x=class{static LoginPurpose=`LOGIN`;static ResetPasswordPurpose=`RESET_PASSWORD`;static ActionPurpose=`ACTION`};const S=c.z.string().trim().refine(e=>{let t=(0,l.parsePhoneNumberFromString)(e);return!!t&&t.isValid()},{message:`Invalid phone number`}).transform(e=>(0,l.parsePhoneNumberFromString)(e)?.format(`E.164`)??e),C=c.z.object({email:c.z.email(),phoneNumber:c.z.never().optional(),password:c.z.string().min(6)}),w=c.z.object({phoneNumber:S,email:c.z.never().optional(),password:c.z.string().min(6)}),T=c.z.union([C,w]).superRefine((e,t)=>{e.email&&e.phoneNumber&&t.addIssue({code:c.z.ZodIssueCode.custom,message:`Provide either email or phoneNumber`,path:[`email`,`phoneNumber`]})}),E=c.z.object({phoneNumber:S.optional(),email:c.z.email().optional(),role:c.z.string(),password:c.z.string()}),D=E.superRefine((e,t)=>{!e.email&&!e.phoneNumber&&t.addIssue({code:c.z.ZodIssueCode.custom,message:`Provide either email or phoneNumber`,path:[`email`,`phoneNumber`]})}),O=c.z.object({refreshToken:c.z.string()}),k=c.z.object({refreshToken:c.z.string()}),A=c.z.object({accountId:c.z.string(),oldPassword:c.z.string(),newPassword:c.z.string()});function j(e){return`${e?.error?.issues[0].path}: ${e?.error?.issues[0].message}`}function M(e){return{success:!0,value:e}}function N(...e){return{success:!1,errors:e}}async function P({config:e},{...t}){let n=T.safeParse({email:t.email,phoneNumber:t.phoneNumber,password:``});if(!n.success)return N({type:h.type,error:new h(j(n))});let r=await e.dbContractor.findAccountWithCredential({phoneNumber:t.phoneNumber,email:t.email});if(!r||t.usePassword&&!await u.default.compare(String(t.password),String(r?.passwordHash)))return N({type:m.type,error:new m});let i=await e.dbContractor.createOTP({config:e},{id:r.id,purpose:t.otpPurpose});return M({id:r.id,code:i.code})}async function F({config:e,tokens:t},{...n}){let r=T.safeParse({email:n.email,phoneNumber:n.phoneNumber,password:``});if(!r.success)return N({type:h.type,error:new h(j(r))});let i=await e.dbContractor.findAccountWithCredential({email:n.email,phoneNumber:n.phoneNumber});if(!i)return N({type:m.type,error:new m});if(!(await e.dbContractor.verifyOTP({id:i.id,code:n.code,purpose:x.LoginPurpose})).isValid)return N({type:b.type,error:new b});let a=await t.GenerateTokenPairs({id:i.id,role:i.role});return await e.dbContractor.updateAccountLogin({id:i.id,refreshToken:a.refreshToken}),delete i.passwordHash,delete i.refreshTokens,M({account:i,tokens:a})}async function I({config:e},{...t}){return await e.dbContractor.verifyOTP({id:t.id,code:t.code,purpose:t.otpPurpose})}async function L({config:e},{...t}){let n=A.safeParse(t);if(!n.success)return N({type:h.type,error:new h(j(n))});let r=await e.dbContractor.findAccountById({id:t.accountId});if(!r)return N({type:g.type,error:new g});if(!u.default.compare(t.oldPassword,String(r.passwordHash)))return N({type:m.type,error:new m});let i=await u.default.hash(t.newPassword,10);return await e.dbContractor.updateAccount({id:r.id,data:{passwordHash:i}}),M({})}async function R({config:e,tokens:t},{...n}){let r=T.safeParse(n);if(!r.success)return N({type:h.type,error:new h(j(r))});let i=await e.dbContractor.findAccountWithCredential({email:n.email,phoneNumber:n.phoneNumber});if(!i||!await u.default.compare(String(n.password),String(i?.passwordHash)))return N({type:m.type,error:new m});let a=await t.GenerateTokenPairs({id:i.id,role:i.role});return await e.dbContractor.updateAccountLogin({id:i.id,refreshToken:a.refreshToken}),delete i.passwordHash,delete i.refreshTokens,M({account:i,tokens:a})}async function z(e){try{return{data:await e,error:null}}catch(e){return{data:null,error:e}}}async function B({config:e,tokens:t},{...n}){let r=k.safeParse(n);if(!r.success)return N({type:h.type,error:new h(j(r))});let i=await z(t.VerifyRefreshToken(n.refreshToken));return i.error||!i?N({type:v.type,error:new v}):(await e.dbContractor.removeAndAddRefreshToken({id:String(i.data?.id),refreshToken:n.refreshToken}),M({}))}async function V({config:e,tokens:t},{...n}){let r=O.safeParse(n);if(!r.success)return N({type:h.type,error:new h(j(r))});let i=await z(t.VerifyRefreshToken(n.refreshToken));if(i.error)return N({type:v.type,error:new v});let a=await e.dbContractor.findAccountById({id:String(i.data?.id)});if(!a)return N({type:g.type,error:new g});if(!a?.refreshTokens?.includes(n.refreshToken))return N({type:v.type,error:new v});let o=await t.GenerateTokenPairs({id:a.id,role:a.role});return await e.dbContractor.removeAndAddRefreshToken({id:a.id,refreshToken:n.refreshToken,newRefreshToken:o.refreshToken}),delete a.refreshTokens,delete a.passwordHash,M({account:a,tokens:o})}async function H({config:e,tokens:t},{...n}){let r=D.safeParse(n);if(!r.success)return N({type:h.type,error:new h(j(r))});if(!e.roles?.includes(n.role))return N({type:_.type,error:new _(e.roles)});if(await e.dbContractor.findAccountWithCredential({email:n.email,phoneNumber:n.phoneNumber}))return N({type:y.type,error:new y});let i=await u.default.hash(n.password,10),a=await e.dbContractor.createAccount({data:{email:n.email,phoneNumber:n.phoneNumber,passwordHash:i,role:n.role,lastLogin:new Date}}),o=await t.GenerateTokenPairs({id:a.id,role:a.role});return await e.dbContractor.updateAccountLogin({id:a.id,refreshToken:o.refreshToken}),M({account:a,tokens:o})}async function U({...e}){return d.default.sign(e.payload,e.config.jwtConfig.accessTokenSecret,{expiresIn:e.config.jwtConfig?.accessTokenLifeSpan??`15m`})}async function W({...e}){return d.default.sign(e.payload,e.config.jwtConfig.refreshTokenSecret,{expiresIn:e.config.jwtConfig?.refreshTokenLifeSpan??`30d`})}async function G({...e}){return{accessToken:d.default.sign(e.payload,e.config.jwtConfig.accessTokenSecret,{expiresIn:e.config.jwtConfig?.accessTokenLifeSpan??`15m`}),refreshToken:d.default.sign(e.payload,e.config.jwtConfig.refreshTokenSecret,{expiresIn:e.config.jwtConfig?.refreshTokenLifeSpan??`30d`})}}async function K({...e}){let t=d.default.verify(e.token,e.config.jwtConfig.refreshTokenSecret);return t instanceof String?null:t}async function q({...e}){let t=d.default.verify(e.token,e.config.jwtConfig.accessTokenSecret);return t instanceof String?null:t}const J=c.default.custom(()=>!0,{message:`Invalid dbContractor: must implement Database Contract interface`}),Y=c.default.custom(()=>!0,{message:`Invalid routeContractor: must implement RoutesContract interface`}),X=c.default.custom(),Z=c.default.object({dbContractor:J,routeContractor:Y,roles:c.default.array(c.default.string()).min(1),jwtConfig:c.default.object({refreshTokenSecret:c.default.string(),accessTokenSecret:c.default.string(),accessTokenLifeSpan:X.optional(),refreshTokenLifeSpan:X.optional()}),otpConfig:c.default.object({expiresIn:c.default.number().optional(),length:c.default.number().min(4).max(8).optional()})});var Q=class{#config;constructor(e){if(!Z.safeParse(e).success)throw Error(`❌ Failed to initiate CAuth. You provided an invalid config!`);this.#config=e}get RoleType(){return null}Guard=e=>this.#config.routeContractor.Guard({config:this.#config,tokens:this.Tokens,roles:e});Routes={Register:()=>this.#config.routeContractor.Register({config:this.#config,tokens:this.Tokens}),Login:()=>this.#config.routeContractor.Login({config:this.#config,tokens:this.Tokens}),Logout:()=>this.#config.routeContractor.Logout({config:this.#config,tokens:this.Tokens}),Refresh:()=>this.#config.routeContractor.Refresh({config:this.#config,tokens:this.Tokens}),ChangePassword:e=>this.#config.routeContractor.ChangePassword({config:this.#config,tokens:this.Tokens,userId:e})};FN={Login:({...e})=>R({config:this.#config,tokens:this.Tokens},e),Register:({...e})=>H({config:this.#config,tokens:this.Tokens},e),Logout:({...e})=>B({config:this.#config,tokens:this.Tokens},e),Refresh:({...e})=>V({config:this.#config,tokens:this.Tokens},e),ChangePassword:({...e})=>L({config:this.#config,tokens:this.Tokens},e),RequestOTPCode:({...e})=>P({config:this.#config,tokens:this.Tokens},e),LoginWithOTP:({...e})=>F({config:this.#config,tokens:this.Tokens},{...e}),VerifyOTP:({...e})=>I({config:this.#config,tokens:this.Tokens},e)};Tokens={GenerateRefreshToken:e=>W({payload:e,config:this.#config}),GenerateAccessToken:e=>U({payload:e,config:this.#config}),GenerateTokenPairs:e=>G({payload:e,config:this.#config}),VerifyRefreshToken:e=>K({token:e,config:this.#config}),VerifyAccessToken:e=>q({token:e,config:this.#config})}};function $(e){return new Q(e)}exports.AccountNotFoundError=g,exports.CAuth=$,exports.CredentialMismatchError=m,exports.DuplicateAccountError=y,exports.InvalidDataError=h,exports.InvalidOTPCode=b,exports.InvalidRefreshTokenError=v,exports.InvalidRoleError=_;

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,361 @@
+import z$1, { z } from "zod";
+import ms from "ms";
+//#region src/errors/errors.d.ts
+declare class CError {
+  static type: string;
+  code: string;
+}
+/**
+ * @description Error thrown when the credentials provided do not match.
+ */
+declare class CredentialMismatchError extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor();
+}
+/**
+ * @description Error thrown when the data provided is invalid.
+ */
+declare class InvalidDataError extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor(reason: string);
+}
+/**
+ * @description Error thrown when the account is not found.
+ */
+declare class AccountNotFoundError extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor();
+}
+/**
+ * @description Error thrown when the role provided is invalid.
+ */
+declare class InvalidRoleError extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor(roles: string[]);
+}
+/**
+ * @description Error thrown when an invalid or expired refresh token is provided
+ */
+declare class InvalidRefreshTokenError extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor();
+}
+/**
+ * @description Error thrown when trying to create an account that already exists
+ */
+declare class DuplicateAccountError extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor();
+}
+/**
+ * @description Error thrown when an invalid or expired OTP is provided
+ */
+declare class InvalidOTPCode extends Error implements CError {
+  code: string;
+  static type: string;
+  constructor();
+}
+//#endregion
+//#region src/types/auth.t.d.ts
+type Account = {
+  id: string;
+  phoneNumber: string;
+  email: string;
+  role: string;
+  lastLogin: Date;
+  createdAt: Date;
+  updatedAt: Date;
+};
+type Tokens = {
+  accessToken: string;
+  refreshToken: string;
+};
+declare const AuthModelSchema: z$1.ZodObject<{
+  id: z$1.ZodString;
+  phoneNumber: z$1.ZodString;
+  email: z$1.ZodString;
+  passwordHash: z$1.ZodOptional<z$1.ZodString>;
+  role: z$1.ZodString;
+  lastLogin: z$1.ZodDate;
+  refreshTokens: z$1.ZodOptional<z$1.ZodArray<z$1.ZodString>>;
+  createdAt: z$1.ZodDate;
+  updatedAt: z$1.ZodDate;
+}, z$1.z.core.$strip>;
+type AuthModel = z$1.infer<typeof AuthModelSchema>;
+//#endregion
+//#region src/types/result.t.d.ts
+type FNError = {
+  type: string;
+  error: Error;
+};
+/**
+ * @description Core Result type.
+ * @template T - The type of the value.
+ * @template E - The type of the errors, which must extend { type: string; error: Error }.
+ */
+type Result$1<T, E extends FNError = FNError> = {
+  success: true;
+  value: T;
+} | {
+  success: false;
+  errors: E[];
+};
+//#endregion
+//#region src/types/otp-purpose.t.d.ts
+type OtpPurpose = 'LOGIN' | 'RESET_PASSWORD' | 'ACTION';
+//#endregion
+//#region src/types/database.contract.d.ts
+interface DatabaseContract {
+  findAccountById<T = AuthModel>({
+    ...args
+  }: {
+    id: string;
+    select?: any;
+  }): Promise<T | undefined>;
+  findAccountWithCredential<T = AuthModel>({
+    ...args
+  }: {
+    email?: string | undefined;
+    phoneNumber?: string | undefined;
+    select?: any;
+  }): Promise<T | undefined>;
+  createAccount<T = AuthModel>({
+    ...args
+  }: {
+    data: any;
+    select?: any;
+  }): Promise<T>;
+  updateAccount<T = AuthModel>({
+    ...args
+  }: {
+    id: string;
+    data: any;
+    select?: any;
+  }): Promise<T>;
+  updateAccountLogin<T = AuthModel>({
+    ...args
+  }: {
+    id: string;
+    refreshToken: string;
+    select?: any;
+  }): Promise<T>;
+  removeAndAddRefreshToken({
+    ...args
+  }: {
+    id: string;
+    refreshToken: string;
+    newRefreshToken?: string;
+    select?: any;
+  }): Promise<any>;
+  deleteAccount({
+    ...args
+  }: {
+    id: string;
+  }): Promise<void>;
+  createOTP<T = {
+    code: string;
+    purpose: string;
+    expiresAt: Date;
+  }>({
+    config
+  }: {
+    config: CAuthOptions;
+  }, {
+    ...args
+  }: {
+    id: string;
+    purpose: OtpPurpose;
+  }): Promise<T>;
+  verifyOTP<T = {
+    isValid: boolean;
+  }>({
+    ...args
+  }: {
+    id: string;
+    code: string;
+    purpose: OtpPurpose;
+  }): Promise<T>;
+}
+//#endregion
+//#region src/types/routes.contract.t.d.ts
+type RouteDeps = {
+  config: CAuthOptions;
+  tokens: _CAuth<any>['Tokens'];
+};
+type AuthGuardDeps = {
+  config: CAuthOptions;
+  tokens: _CAuth<any>['Tokens'];
+  roles?: Array<string>;
+};
+interface RoutesContract {
+  Login({
+    ...config
+  }: RouteDeps): any;
+  Register({
+    ...config
+  }: RouteDeps): any;
+  Logout({
+    ...config
+  }: RouteDeps): any;
+  Guard({
+    ...config
+  }: AuthGuardDeps): any;
+  Refresh({
+    ...config
+  }: AuthGuardDeps): any;
+  ChangePassword({
+    ...config
+  }: RouteDeps & {
+    userId: string;
+  }): any;
+}
+//#endregion
+//#region src/types/config.t.d.ts
+declare const CAuthOptionsSchema: z$1.ZodObject<{
+  dbContractor: z$1.ZodCustom<DatabaseContract, DatabaseContract>;
+  routeContractor: z$1.ZodCustom<RoutesContract, RoutesContract>;
+  roles: z$1.ZodArray<z$1.ZodString>;
+  jwtConfig: z$1.ZodObject<{
+    refreshTokenSecret: z$1.ZodString;
+    accessTokenSecret: z$1.ZodString;
+    accessTokenLifeSpan: z$1.ZodOptional<z$1.ZodCustom<ms.StringValue, ms.StringValue>>;
+    refreshTokenLifeSpan: z$1.ZodOptional<z$1.ZodCustom<ms.StringValue, ms.StringValue>>;
+  }, z$1.z.core.$strip>;
+  otpConfig: z$1.ZodObject<{
+    expiresIn: z$1.ZodOptional<z$1.ZodNumber>;
+    length: z$1.ZodOptional<z$1.ZodNumber>;
+  }, z$1.z.core.$strip>;
+}, z$1.z.core.$strip>;
+type CAuthOptions = z$1.infer<typeof CAuthOptionsSchema>;
+//#endregion
+//#region src/types/dto-schemas.t.d.ts
+declare const LoginSchema: z.ZodUnion<readonly [z.ZodObject<{
+  email: z.ZodEmail;
+  phoneNumber: z.ZodOptional<z.ZodNever>;
+  password: z.ZodString;
+}, z.core.$strip>, z.ZodObject<{
+  phoneNumber: z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>;
+  email: z.ZodOptional<z.ZodNever>;
+  password: z.ZodString;
+}, z.core.$strip>]>;
+type LoginSchemaType = z.infer<typeof LoginSchema>;
+declare const RegisterSchema: z.ZodObject<{
+  phoneNumber: z.ZodOptional<z.ZodPipe<z.ZodString, z.ZodTransform<string, string>>>;
+  email: z.ZodOptional<z.ZodEmail>;
+  role: z.ZodString;
+  password: z.ZodString;
+}, z.core.$strip>;
+type RegisterSchemaType = z.infer<typeof RegisterSchema>;
+declare const RefreshTokenSchema: z.ZodObject<{
+  refreshToken: z.ZodString;
+}, z.core.$strip>;
+type RefreshTokenSchemaType = z.infer<typeof RefreshTokenSchema>;
+declare const LogoutSchema: z.ZodObject<{
+  refreshToken: z.ZodString;
+}, z.core.$strip>;
+type LogoutSchemaType = z.infer<typeof LogoutSchema>;
+declare const ChangePasswordSchema: z.ZodObject<{
+  accountId: z.ZodString;
+  oldPassword: z.ZodString;
+  newPassword: z.ZodString;
+}, z.core.$strip>;
+type ChangePasswordSchemaType = z.infer<typeof ChangePasswordSchema>;
+//#endregion
+//#region src/cauth.d.ts
+declare class _CAuth<T extends string[]> {
+  #private;
+  constructor(config: Omit<CAuthOptions, 'roles'> & {
+    roles: T;
+  });
+  get RoleType(): T[number];
+  /**
+   * @description Authentication Guard Middleware. Include 'roles' for a custom auth guard.
+   *
+   * If 'roles' is empty it allows all authenticated users, without respecting specific role
+   *
+   * @default undefined
+   */
+  Guard: (roles?: Array<T[number]>) => any;
+  Routes: {
+    Register: () => any;
+    Login: () => any;
+    Logout: () => any;
+    Refresh: () => any;
+    ChangePassword: (userId: string) => any;
+  };
+  FN: {
+    Login: ({
+      ...args
+    }: LoginSchemaType) => Promise<Result$1<{
+      account: Account;
+      tokens: Tokens;
+    }>>;
+    Register: ({
+      ...args
+    }: RegisterSchemaType) => Promise<Result<{
+      account: Account;
+      tokens: Tokens;
+    }>>;
+    Logout: ({
+      ...args
+    }: LogoutSchemaType) => Promise<Result<any>>;
+    Refresh: ({
+      ...args
+    }: RefreshTokenSchemaType) => Promise<Result$1<{
+      account: Account;
+      tokens: Tokens;
+    }>>;
+    ChangePassword: ({
+      ...args
+    }: ChangePasswordSchemaType) => Promise<Result<unknown>>;
+    RequestOTPCode: ({
+      ...args
+    }: Omit<LoginSchemaType, "password"> & {
+      password?: string;
+      usePassword?: boolean;
+      otpPurpose: OtpPurpose;
+    }) => Promise<Result<{
+      id: string;
+      code: string;
+    }>>;
+    LoginWithOTP: ({
+      ...args
+    }: Omit<LoginSchemaType, "password"> & {
+      code: string;
+    }) => Promise<Result<{
+      account: Account;
+      tokens: Tokens;
+    }>>;
+    VerifyOTP: ({
+      ...args
+    }: {
+      id: string;
+      code: string;
+      otpPurpose: OtpPurpose;
+    }) => Promise<{
+      isValid: boolean;
+    }>;
+  };
+  Tokens: {
+    GenerateRefreshToken: (payload: any) => Promise<string>;
+    GenerateAccessToken: (payload: any) => Promise<string>;
+    GenerateTokenPairs: (payload: any) => Promise<{
+      accessToken: string;
+      refreshToken: string;
+    }>;
+    VerifyRefreshToken: <T_1>(token: any) => Promise<T_1 | null>;
+    VerifyAccessToken: <T_1>(token: any) => Promise<T_1 | null>;
+  };
+}
+declare function CAuth<const T extends string[]>(options: Omit<CAuthOptions, 'roles'> & {
+  roles: T;
+}): _CAuth<T>;
+//#endregion
+export { AccountNotFoundError, CAuth, type CAuthOptions, CredentialMismatchError, type DatabaseContract, DuplicateAccountError, InvalidDataError, InvalidOTPCode, InvalidRefreshTokenError, InvalidRoleError, type RoutesContract };

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+  "name": "@cauth/core",
+  "version": "0.0.1",
+  "description": "",
+  "main": "./dist/index.cjs",
+  "types": "./dist/index.d.cts",
+  "type": "module",
+  "scripts": {
+    "build": "tsdown",
+    "patch": "npm version patch",
+    "minor": "npm version minor",
+    "major": "npm version major",
+    "publish": "npm publish"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "package.json"
+  ],
+  "keywords": [
+    "authentication",
+    "node-auth",
+    "express auth",
+    "easy-auth"
+  ],
+  "author": "Jonace Mpelule <jonacempelule123@gmail.com> (https://github.com/jonace-mpelule)",
+  "license": "MIT",
+  "packageManager": "pnpm@10.13.1",
+  "devDependencies": {
+    "@types/bcrypt": "^6.0.0",
+    "@types/jsonwebtoken": "^9.0.10",
+    "@types/ms": "^2.1.0",
+    "tsdown": "^0.15.6",
+    "typescript": "^5.9.3"
+  },
+  "dependencies": {
+    "bcrypt": "^6.0.0",
+    "jsonwebtoken": "^9.0.2",
+    "libphonenumber-js": "^1.12.23",
+    "ms": "^2.1.3",
+    "zod": "^4.1.12"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}