@cfast/auth 0.0.1

package/dist/client.js

@@ -0,0 +1,226 @@
+// src/client/auth-provider.tsx
+import { createContext, useContext } from "react";
+import { jsx } from "react/jsx-runtime";
+var AuthContext = createContext(null);
+function AuthProvider({
+  user,
+  loginPath = "/login",
+  children
+}) {
+  return /* @__PURE__ */ jsx(AuthContext.Provider, { value: { user, loginPath }, children });
+}
+function useAuthContext(hookName) {
+  const ctx = useContext(AuthContext);
+  if (ctx === null) {
+    throw new Error(`${hookName} must be used within an <AuthProvider>`);
+  }
+  return ctx;
+}
+function useCurrentUser() {
+  return useAuthContext("useCurrentUser").user;
+}
+function useLoginPath() {
+  return useAuthContext("useLoginPath").loginPath;
+}
+
+// src/client/auth-guard.tsx
+import { jsx as jsx2 } from "react/jsx-runtime";
+function AuthGuard({ user, children }) {
+  return /* @__PURE__ */ jsx2(AuthProvider, { user, children });
+}
+
+// src/client/auth-client-provider.tsx
+import { createContext as createContext2, useContext as useContext2 } from "react";
+import { jsx as jsx3 } from "react/jsx-runtime";
+var AuthClientContext = createContext2(null);
+function AuthClientProvider({
+  authClient,
+  children
+}) {
+  return /* @__PURE__ */ jsx3(AuthClientContext.Provider, { value: authClient, children });
+}
+function useAuth() {
+  const authClient = useContext2(AuthClientContext);
+  if (authClient === null) {
+    throw new Error("useAuth must be used within an <AuthClientProvider>");
+  }
+  return {
+    signOut: async () => {
+      await authClient.signOut();
+    },
+    registerPasskey: async () => {
+      if (!authClient.passkey) {
+        throw new Error("Passkey plugin not configured on auth client");
+      }
+      return authClient.passkey.addPasskey();
+    },
+    deletePasskey: async (id) => {
+      if (!authClient.passkey) {
+        throw new Error("Passkey plugin not configured on auth client");
+      }
+      return authClient.passkey.deletePasskey({ id });
+    },
+    stopImpersonating: async () => {
+      if (!authClient.admin) {
+        throw new Error("Admin plugin not configured on auth client");
+      }
+      await authClient.admin.stopImpersonating();
+    },
+    authClient
+  };
+}
+
+// src/client/login-page.tsx
+import { useState } from "react";
+import { jsx as jsx4, jsxs } from "react/jsx-runtime";
+function DefaultLayout({ children }) {
+  return /* @__PURE__ */ jsx4(
+    "div",
+    {
+      style: {
+        display: "flex",
+        justifyContent: "center",
+        alignItems: "center",
+        minHeight: "100vh"
+      },
+      children: /* @__PURE__ */ jsx4("div", { style: { maxWidth: 400, width: "100%", padding: 32 }, children })
+    }
+  );
+}
+function DefaultEmailInput({
+  value,
+  onChange
+}) {
+  return /* @__PURE__ */ jsx4(
+    "input",
+    {
+      type: "email",
+      placeholder: "you@example.com",
+      value,
+      onChange: (e) => onChange(e.target.value),
+      required: true,
+      style: { width: "100%", padding: 8, boxSizing: "border-box" }
+    }
+  );
+}
+function DefaultMagicLinkButton({
+  onClick,
+  loading
+}) {
+  return /* @__PURE__ */ jsx4(
+    "button",
+    {
+      type: "button",
+      onClick,
+      disabled: loading,
+      style: { width: "100%", padding: 8 },
+      children: loading ? "Sending..." : "Send Magic Link"
+    }
+  );
+}
+function DefaultPasskeyButton({
+  onClick,
+  loading
+}) {
+  return /* @__PURE__ */ jsx4(
+    "button",
+    {
+      type: "button",
+      onClick,
+      disabled: loading,
+      style: { width: "100%", padding: 8 },
+      children: loading ? "Verifying..." : "Sign in with Passkey"
+    }
+  );
+}
+function DefaultSuccessMessage({ email }) {
+  return /* @__PURE__ */ jsxs("div", { role: "status", children: [
+    "Check your email (",
+    email,
+    ") for a magic link to sign in."
+  ] });
+}
+function DefaultErrorMessage({ error }) {
+  return /* @__PURE__ */ jsx4("div", { role: "alert", style: { color: "red" }, children: error });
+}
+function LoginPage({
+  authClient,
+  components = {},
+  title = "Sign In",
+  subtitle,
+  onSuccess
+}) {
+  const Layout = components.Layout ?? DefaultLayout;
+  const EmailInput = components.EmailInput ?? DefaultEmailInput;
+  const MagicLinkBtn = components.MagicLinkButton ?? DefaultMagicLinkButton;
+  const PasskeyBtn = components.PasskeyButton ?? DefaultPasskeyButton;
+  const SuccessMsg = components.SuccessMessage ?? DefaultSuccessMessage;
+  const ErrorMsg = components.ErrorMessage ?? DefaultErrorMessage;
+  const [email, setEmail] = useState("");
+  const [sent, setSent] = useState(false);
+  const [loading, setLoading] = useState(false);
+  const [error, setError] = useState(null);
+  const [passkeyLoading, setPasskeyLoading] = useState(false);
+  async function handleMagicLink() {
+    if (!email.trim()) {
+      setError("Please enter your email address.");
+      return;
+    }
+    setLoading(true);
+    setError(null);
+    try {
+      const result = await authClient.signIn.magicLink({ email });
+      if (result.error) {
+        setError(result.error.message ?? "Failed to send magic link.");
+      } else {
+        setSent(true);
+        onSuccess?.();
+      }
+    } catch {
+      setError("An unexpected error occurred. Please try again.");
+    } finally {
+      setLoading(false);
+    }
+  }
+  async function handlePasskey() {
+    setPasskeyLoading(true);
+    setError(null);
+    try {
+      const result = await authClient.signIn.passkey?.();
+      if (result?.error) {
+        setError(result.error.message ?? "Passkey sign-in failed.");
+      } else {
+        onSuccess?.();
+      }
+    } catch {
+      setError("Passkey sign-in failed. Please try again.");
+    } finally {
+      setPasskeyLoading(false);
+    }
+  }
+  return /* @__PURE__ */ jsxs(Layout, { children: [
+    /* @__PURE__ */ jsx4("h2", { children: title }),
+    subtitle && /* @__PURE__ */ jsx4("p", { children: subtitle }),
+    error && /* @__PURE__ */ jsx4(ErrorMsg, { error }),
+    sent ? /* @__PURE__ */ jsx4(SuccessMsg, { email }) : /* @__PURE__ */ jsxs("div", { children: [
+      /* @__PURE__ */ jsx4(EmailInput, { value: email, onChange: setEmail }),
+      /* @__PURE__ */ jsx4("div", { style: { marginTop: 8 }, children: /* @__PURE__ */ jsx4(MagicLinkBtn, { onClick: handleMagicLink, loading }) }),
+      authClient?.signIn?.passkey && /* @__PURE__ */ jsx4("div", { style: { marginTop: 8 }, children: /* @__PURE__ */ jsx4(PasskeyBtn, { onClick: handlePasskey, loading: passkeyLoading }) })
+    ] })
+  ] });
+}
+
+// src/client/create-auth-client.ts
+import { createAuthClient } from "better-auth/react";
+import { magicLinkClient } from "better-auth/client/plugins";
+export {
+  AuthClientProvider,
+  AuthGuard,
+  AuthProvider,
+  LoginPage,
+  createAuthClient,
+  magicLinkClient,
+  useAuth,
+  useCurrentUser,
+  useLoginPath
+};

package/dist/index.d.ts

@@ -0,0 +1,167 @@
+import { a as AuthConfig, b as AuthEnvConfig, c as AuthInstance } from './types-ghXti5CW.js';
+export { d as AuthContext, A as AuthUser, e as AuthenticatedContext } from './types-ghXti5CW.js';
+import '@cfast/permissions';
+
+/**
+ * Creates a pre-configured auth factory for Cloudflare Workers.
+ *
+ * Returns an `initAuth()` function that accepts per-request environment bindings
+ * ({@link AuthEnvConfig}) and produces a fully initialized {@link AuthInstance}
+ * with session management, role assignment, impersonation, and magic link support.
+ *
+ * @param config - The auth configuration including permissions, authentication methods, and role rules.
+ * @returns A factory function `(env: AuthEnvConfig) => AuthInstance` to call per-request.
+ *
+ * @example
+ * ```ts
+ * import { createAuth } from "@cfast/auth";
+ * import { permissions } from "./permissions";
+ *
+ * export const initAuth = createAuth({
+ *   permissions,
+ *   magicLink: {
+ *     sendMagicLink: async ({ email, url }) => {
+ *       await sendEmail({ to: email, html: `<a href="${url}">Sign in</a>` });
+ *     },
+ *   },
+ *   redirects: { afterLogin: "/", loginPath: "/login" },
+ * });
+ *
+ * // Per-request initialization:
+ * const auth = initAuth({ d1: env.DB, appUrl: "https://myapp.com" });
+ * const ctx = await auth.requireUser(request);
+ * ```
+ */
+declare function createAuth(config: AuthConfig): (env: AuthEnvConfig) => AuthInstance;
+
+/**
+ * Options for configuring the role manager's storage and authorization rules.
+ */
+type RoleManagerOptions = {
+    /** Custom table name for role storage. Defaults to `"roles"`. */
+    tableName?: string;
+    /** Maps each role to the roles it is allowed to assign. Used to enforce role grant rules. */
+    roleGrants?: Record<string, string[]>;
+};
+/** Options identifying the caller for role grant authorization checks. */
+type CallerOptions = {
+    /** The roles of the user attempting the role assignment. */
+    callerRoles?: string[];
+};
+/**
+ * Creates a role manager backed by a Cloudflare D1 database.
+ *
+ * Provides methods to query, assign, replace, and remove user roles.
+ * When `roleGrants` is configured, assignment methods enforce authorization
+ * rules so that, for example, an editor cannot promote someone to admin.
+ *
+ * @param d1 - The Cloudflare D1 database binding.
+ * @param options - Optional configuration for table name and role grant rules.
+ * @returns An object with `getRoles`, `setRole`, `setRoles`, and `removeRole` methods.
+ *
+ * @example
+ * ```ts
+ * import { createRoleManager } from "@cfast/auth";
+ *
+ * const roles = createRoleManager(env.DB, {
+ *   roleGrants: {
+ *     admin: ["admin", "editor", "user"],
+ *     editor: ["user"],
+ *   },
+ * });
+ *
+ * const userRoles = await roles.getRoles(userId);
+ * await roles.setRole(userId, "editor", { callerRoles: ["admin"] });
+ * ```
+ */
+declare function createRoleManager(d1: D1Database, options?: RoleManagerOptions): {
+    getRoles(userId: string): Promise<string[]>;
+    setRole(userId: string, role: string, caller?: CallerOptions): Promise<void>;
+    setRoles(userId: string, roles: string[], caller?: CallerOptions): Promise<void>;
+    removeRole(userId: string, role: string): Promise<void>;
+};
+
+/**
+ * Options for customizing the impersonation manager's D1 table and column names.
+ */
+type ImpersonationManagerOptions = {
+    /** Custom table name for impersonation logs. Defaults to `"impersonation_logs"`. */
+    tableName?: string;
+    /** Column name for the admin user ID. Defaults to `"admin_id"`. */
+    adminIdColumn?: string;
+    /** Column name for the target (impersonated) user ID. Defaults to `"target_user_id"`. */
+    targetUserIdColumn?: string;
+};
+/**
+ * Creates an impersonation manager backed by a Cloudflare D1 database.
+ *
+ * Manages an audit trail of impersonation sessions, allowing admins to
+ * temporarily act as another user for debugging and support. Each session
+ * is logged with start and end timestamps.
+ *
+ * @param d1 - The Cloudflare D1 database binding.
+ * @param options - Optional configuration for table and column names.
+ * @returns An object with `impersonate`, `stopImpersonating`, and `getActiveImpersonation` methods.
+ *
+ * @example
+ * ```ts
+ * import { createImpersonationManager } from "@cfast/auth";
+ *
+ * const impersonation = createImpersonationManager(env.DB);
+ *
+ * // Start impersonating a user
+ * await impersonation.impersonate(adminUserId, targetUserId);
+ *
+ * // Check if admin is currently impersonating someone
+ * const active = await impersonation.getActiveImpersonation(adminUserId);
+ * // active?.targetUserId
+ *
+ * // Stop impersonating
+ * await impersonation.stopImpersonating(adminUserId);
+ * ```
+ */
+declare function createImpersonationManager(d1: D1Database, options?: ImpersonationManagerOptions): {
+    impersonate(adminUserId: string, targetUserId: string): Promise<void>;
+    stopImpersonating(adminUserId: string): Promise<void>;
+    getActiveImpersonation(adminUserId: string): Promise<{
+        targetUserId: string;
+    } | null>;
+};
+
+/**
+ * Creates `loader` and `action` handlers for a React Router auth catch-all route.
+ *
+ * The returned handlers forward all requests to the Better Auth handler via
+ * the {@link AuthInstance} obtained from the `getAuth` callback. Use this in
+ * a splat route (e.g., `routes/auth.$.tsx`) to handle magic link callbacks,
+ * passkey endpoints, and other Better Auth API routes.
+ *
+ * @param getAuth - A factory function that returns a fully initialized {@link AuthInstance}.
+ *   Called on every request so that the instance uses the correct per-request D1 binding.
+ * @returns An object with `loader` and `action` functions compatible with React Router route modules.
+ *
+ * @example
+ * ```ts
+ * // routes/auth.$.tsx
+ * import { createAuthRouteHandlers } from "@cfast/auth";
+ * import { initAuth } from "~/auth.setup.server";
+ * import { env } from "~/env";
+ *
+ * const { loader, action } = createAuthRouteHandlers(() => {
+ *   const e = env.get();
+ *   return initAuth({ d1: e.DB, appUrl: e.APP_URL });
+ * });
+ *
+ * export { loader, action };
+ * ```
+ */
+declare function createAuthRouteHandlers(getAuth: () => AuthInstance): {
+    loader: ({ request }: {
+        request: Request;
+    }) => Promise<Response>;
+    action: ({ request }: {
+        request: Request;
+    }) => Promise<Response>;
+};
+
+export { AuthConfig, AuthEnvConfig, AuthInstance, createAuth, createAuthRouteHandlers, createImpersonationManager, createRoleManager };

package/dist/index.js

@@ -0,0 +1,260 @@
+// src/create-auth.ts
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { magicLink } from "better-auth/plugins/magic-link";
+import { drizzle } from "drizzle-orm/d1";
+import { resolveGrants } from "@cfast/permissions";
+
+// src/roles.ts
+function checkRoleGrants(roleGrants, callerRoles, targetRole) {
+  const allowed = callerRoles.some((callerRole) => {
+    const permitted = roleGrants[callerRole];
+    return permitted !== void 0 && permitted.includes(targetRole);
+  });
+  if (!allowed) {
+    throw new Error(
+      `Not authorized to assign role "${targetRole}"`
+    );
+  }
+}
+function createRoleManager(d1, options) {
+  const table = options?.tableName ?? "roles";
+  const roleGrants = options?.roleGrants;
+  return {
+    async getRoles(userId) {
+      const stmt = d1.prepare(
+        `SELECT role FROM ${table} WHERE user_id = ?`
+      );
+      const result = await stmt.bind(userId).all();
+      return result.results.map((r) => r.role);
+    },
+    async setRole(userId, role, caller) {
+      if (roleGrants && caller?.callerRoles) {
+        checkRoleGrants(roleGrants, caller.callerRoles, role);
+      }
+      const stmt = d1.prepare(
+        `INSERT OR IGNORE INTO ${table} (user_id, role) VALUES (?, ?)`
+      );
+      await stmt.bind(userId, role).run();
+    },
+    async setRoles(userId, roles, caller) {
+      if (roleGrants && caller?.callerRoles) {
+        for (const role of roles) {
+          checkRoleGrants(roleGrants, caller.callerRoles, role);
+        }
+      }
+      const deleteStmt = d1.prepare(`DELETE FROM ${table} WHERE user_id = ?`).bind(userId);
+      if (roles.length === 0) {
+        await deleteStmt.run();
+        return;
+      }
+      const insertStmts = roles.map(
+        (role) => d1.prepare(`INSERT INTO ${table} (user_id, role) VALUES (?, ?)`).bind(userId, role)
+      );
+      await d1.batch([deleteStmt, ...insertStmts]);
+    },
+    async removeRole(userId, role) {
+      const stmt = d1.prepare(
+        `DELETE FROM ${table} WHERE user_id = ? AND role = ?`
+      );
+      await stmt.bind(userId, role).run();
+    }
+  };
+}
+
+// src/impersonation.ts
+function createImpersonationManager(d1, options) {
+  const table = options?.tableName ?? "impersonation_logs";
+  const adminCol = options?.adminIdColumn ?? "admin_id";
+  const targetCol = options?.targetUserIdColumn ?? "target_user_id";
+  return {
+    async impersonate(adminUserId, targetUserId) {
+      const id = crypto.randomUUID();
+      const now = Date.now();
+      await d1.prepare(
+        `INSERT INTO ${table} (id, ${adminCol}, ${targetCol}, started_at) VALUES (?, ?, ?, ?)`
+      ).bind(id, adminUserId, targetUserId, now).run();
+    },
+    async stopImpersonating(adminUserId) {
+      const now = Date.now();
+      await d1.prepare(
+        `UPDATE ${table} SET ended_at = ? WHERE ${adminCol} = ? AND ended_at IS NULL`
+      ).bind(now, adminUserId).run();
+    },
+    async getActiveImpersonation(adminUserId) {
+      const result = await d1.prepare(
+        `SELECT ${targetCol} as target_user_id FROM ${table} WHERE ${adminCol} = ? AND ended_at IS NULL LIMIT 1`
+      ).bind(adminUserId).first();
+      return result ? { targetUserId: result.target_user_id } : null;
+    }
+  };
+}
+
+// src/create-auth.ts
+function parseExpiresIn(value) {
+  const match = value.match(/^(\d+)(s|m|h|d)$/);
+  if (!match) return 60 * 60 * 24 * 30;
+  const num = parseInt(match[1], 10);
+  switch (match[2]) {
+    case "s":
+      return num;
+    case "m":
+      return num * 60;
+    case "h":
+      return num * 3600;
+    case "d":
+      return num * 86400;
+    default:
+      return num;
+  }
+}
+function createAuth(config) {
+  const anonymousRoles = config.anonymousRoles ?? [];
+  const anonymousGrants = resolveGrants(
+    config.permissions,
+    anonymousRoles
+  );
+  const loginPath = config.redirects?.loginPath ?? "/login";
+  return function initAuth(env) {
+    const roleManager = createRoleManager(env.d1, {
+      tableName: config.roleTableName,
+      roleGrants: config.roleGrants
+    });
+    const impersonationManager = createImpersonationManager(env.d1);
+    const plugins = [];
+    if (config.magicLink) {
+      plugins.push(
+        magicLink({ sendMagicLink: config.magicLink.sendMagicLink })
+      );
+    }
+    const expiresIn = config.session?.expiresIn ? parseExpiresIn(config.session.expiresIn) : void 0;
+    const auth = betterAuth({
+      baseURL: env.appUrl,
+      database: drizzleAdapter(drizzle(env.d1), {
+        provider: "sqlite",
+        usePlural: true,
+        ...config.schema ? { schema: config.schema } : {}
+      }),
+      emailAndPassword: { enabled: true },
+      plugins,
+      ...expiresIn !== void 0 ? { session: { expiresIn } } : {}
+    });
+    async function createContext(request) {
+      try {
+        const sessionResult = await auth.api.getSession({
+          headers: request.headers
+        });
+        if (!sessionResult) {
+          return { user: null, grants: anonymousGrants };
+        }
+        const { user, session: _session } = sessionResult;
+        const impersonation = await impersonationManager.getActiveImpersonation(user.id);
+        if (impersonation) {
+          let targetRoles = await roleManager.getRoles(
+            impersonation.targetUserId
+          );
+          if (targetRoles.length === 0) {
+            targetRoles = config.defaultRoles ?? ["reader"];
+          }
+          const grants2 = resolveGrants(config.permissions, targetRoles);
+          return {
+            user: {
+              id: impersonation.targetUserId,
+              email: user.email,
+              name: user.name ?? "",
+              avatarUrl: user.image ?? null,
+              roles: targetRoles,
+              isImpersonating: true,
+              realUser: { id: user.id, name: user.name ?? "" }
+            },
+            grants: grants2
+          };
+        }
+        let roles = await roleManager.getRoles(user.id);
+        if (roles.length === 0) {
+          roles = config.defaultRoles ?? ["reader"];
+        }
+        const grants = resolveGrants(config.permissions, roles);
+        return {
+          user: {
+            id: user.id,
+            email: user.email,
+            name: user.name ?? "",
+            avatarUrl: user.image ?? null,
+            roles
+          },
+          grants
+        };
+      } catch (err) {
+        console.error("[cfast/auth] createContext error:", err);
+        return { user: null, grants: anonymousGrants };
+      }
+    }
+    async function requireUser(request) {
+      const ctx = await createContext(request);
+      if (ctx.user === null) {
+        const redirectTo = new URL(request.url).pathname;
+        const headers = new Headers();
+        headers.set("Location", loginPath);
+        headers.set(
+          "Set-Cookie",
+          `cfast_redirect_to=${encodeURIComponent(redirectTo)}; HttpOnly; Secure; SameSite=Lax; Max-Age=600; Path=/`
+        );
+        throw new Response(null, { status: 302, headers });
+      }
+      const { user, grants } = ctx;
+      return { user, grants };
+    }
+    const allowedImpersonationRoles = config.impersonation?.allowedRoles ?? ["admin"];
+    return {
+      createContext,
+      requireUser,
+      getRoles: roleManager.getRoles,
+      setRole: roleManager.setRole,
+      setRoles: roleManager.setRoles,
+      removeRole: roleManager.removeRole,
+      impersonate: async (adminUserId, targetUserId) => {
+        const adminRoles = await roleManager.getRoles(adminUserId);
+        const canImpersonate = adminRoles.some(
+          (r) => allowedImpersonationRoles.includes(r)
+        );
+        if (!canImpersonate) {
+          throw new Error("Not authorized to impersonate");
+        }
+        await impersonationManager.impersonate(adminUserId, targetUserId);
+      },
+      stopImpersonating: impersonationManager.stopImpersonating,
+      sendMagicLink: async (params) => {
+        if (!config.magicLink) {
+          throw new Error(
+            "Magic link plugin not configured. Add magicLink to createAuth config."
+          );
+        }
+        const magicLinkApi = auth.api;
+        await magicLinkApi.signInMagicLink({
+          body: {
+            email: params.email,
+            callbackURL: params.callbackURL ?? config.redirects?.afterLogin ?? "/"
+          },
+          headers: new Headers()
+        });
+      },
+      handler: (request) => auth.handler(request),
+      api: auth
+    };
+  };
+}
+
+// src/route-handlers.ts
+function createAuthRouteHandlers(getAuth) {
+  function handleRequest({ request }) {
+    return getAuth().handler(request);
+  }
+  return { loader: handleRequest, action: handleRequest };
+}
+export {
+  createAuth,
+  createAuthRouteHandlers,
+  createImpersonationManager,
+  createRoleManager
+};

package/dist/plugin.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Route helper for React Router v7's routes.ts.
+ *
+ * Generates a catch-all route entry for Better Auth's API endpoints.
+ * The consumer must create a handler file that uses `createAuthRouteHandlers`.
+ *
+ * Usage in `app/routes.ts`:
+ * ```ts
+ * import type { RouteConfig } from "@react-router/dev/routes";
+ * import { authRoutes } from "@cfast/auth/plugin";
+ *
+ * export default [
+ *   ...authRoutes({ handlerFile: "routes/auth.$.tsx" }),
+ *   // ... other routes
+ * ] satisfies RouteConfig;
+ * ```
+ *
+ * The handler file (`routes/auth.$.tsx`):
+ * ```ts
+ * import { createAuthRouteHandlers } from "@cfast/auth";
+ * const { loader, action } = createAuthRouteHandlers(() => getAuth());
+ * export { loader, action };
+ * ```
+ */
+type RouteConfigEntry = {
+    id?: string;
+    path?: string;
+    index?: boolean;
+    caseSensitive?: boolean;
+    file: string;
+    children?: RouteConfigEntry[];
+};
+type AuthRoutesOptions = {
+    /** Path to the auth handler file, relative to appDirectory */
+    handlerFile: string;
+    /** Base path for auth routes. Default: "auth" */
+    basePath?: string;
+};
+declare function authRoutes(options: AuthRoutesOptions): RouteConfigEntry[];
+
+export { authRoutes };