@crossauth/backend 0.0.2

package/dist/storage/ldapstorage.d.ts

@@ -0,0 +1,143 @@
+import { UserStorage, UserStorageGetOptions, UserStorageOptions } from '../storage';
+import { User, UserSecrets, UserInputFields, UserSecretsInputFields } from '@crossauth/common';
+
+/**
+ * A user returned by an LDAP server
+ */
+export interface LdapUser {
+    /** The user's dn in LDAP */
+    dn: string;
+    /** Optional additional fields from LDAP */
+    [key: string]: string | string[];
+}
+/**
+ * Optional parameters for {@link LdapUserStorage}.
+ */
+export interface LdapUserStorageOptions extends UserStorageOptions {
+    /** Utl running LDAP server. eg ldap://ldap.example.com or ldaps://ldap,example.com:1636
+     *  No default (required)
+     */
+    ldapUrls?: string[];
+    /** Search base, for user queries, eg  `ou=users,dc=example,dc=com`.  Default empty */
+    ldapUserSearchBase?: string;
+    /** Username attribute for searches.  Default "cn".
+     */
+    ldapUsernameAttribute?: string;
+    /** A function to create a user object given the entry in LDAP and additional fields.
+     * The additional fields might be useful for attributes that aren't in LDAP and the
+     * user needs to be prompted for, for example email address.
+     * The default function sets `username` to `uid` from `ldapUser`,
+     * `state` to `active` and takes every field for `user` (overriding `status`
+     * and `username` if present).
+     */
+    createUserFn?: (user: Partial<User>, ldapUser: LdapUser) => UserInputFields;
+}
+/**
+ * Wraps another user storage but with the authentication done in LDAP.
+ *
+ * This class still needs a user to be created in another database, with
+ * for example a user id that can be referenced in key storage, and a state
+ * variable.
+ *
+ * An admin account is not used.  Searches are done as the user, with the user's
+ * password.
+ */
+export declare class LdapUserStorage extends UserStorage {
+    private localStorage;
+    private ldapUrls;
+    private ldapUserSearchBase;
+    private ldapUsernameAttribute;
+    private createUserFn;
+    /**
+     * Constructor.
+     * @param localStorage the underlying storage where users are kept (without passwords)
+     * @param options see {@link LdapUserStorageOptions}
+     */
+    constructor(localStorage: UserStorage, options?: LdapUserStorageOptions);
+    /**
+     * Authenticates the user in LDAP and, if valid, creates a user in local
+     * storage.
+     *
+     * @param user passed to the default `createUserFn` to create the user object.  `username` field is used for LDAP authentication
+     * @param secrets `password` for LDAP expected to be set here.
+     * @returns the created user object, as it appears in local storage
+     */
+    createUser(user: UserInputFields, secrets?: UserSecretsInputFields): Promise<User>;
+    /**
+     * Gets a user from the local storage.  Does not check LDAP.
+     * @param username the username to fetch
+     * @param options passed to `localStorage`'s `getUserByUsername()`
+     * @returns the user
+     * @throws {@link @crossauth/common!CrossauthError} with {@link @crossauth/common!ErrorCode} `UsernameOrPasswordInvalid` or `Connection`
+     */
+    getUserByUsername(username: string, options?: UserStorageGetOptions): Promise<{
+        user: User;
+        secrets: UserSecrets;
+    }>;
+    /**
+     * Gets a user from the local storage.  Does not check LDAP.
+     * @param id the user id to fetch
+     * @param options passed to `localStorage`'s `getUserByUsername()`
+     * @returns the user
+     * @throws {@link @crossauth/common!CrossauthError} with {@link @crossauth/common!ErrorCode} `UsernameOrPasswordInvalid` or `Connection`
+     */
+    getUserById(id: string | number, options?: UserStorageGetOptions): Promise<{
+        user: User;
+        secrets: UserSecrets;
+    }>;
+    /**
+     * Gets a user from the local storage.  Does not check LDAP.
+     * @param email the email address to fetch user by
+     * @param options passed to `localStorage`'s `getUserByUsername()`
+     * @returns the user
+     * @throws {@link @crossauth/common!CrossauthError} with {@link @crossauth/common!ErrorCode} `UsernameOrPasswordInvalid` or `Connection`
+     */
+    getUserByEmail(email: string | number, options?: UserStorageGetOptions): Promise<{
+        user: User;
+        secrets: UserSecrets;
+    }>;
+    getUsers(skip?: number, take?: number): Promise<User[]>;
+    /**
+     * Updates a user in local storage.  Does not do an LDAP update.
+     * @param user new fields for the user, plus `id` to match the user by
+     * @param _secrets ignored as secrets cannot be updated
+     * @returns
+     */
+    updateUser(user: Partial<User>, _secrets?: Partial<UserSecrets>): Promise<void>;
+    /**
+     * Deletes a user from local storage (not from LDAP)
+     * @param username username to delete
+     */
+    deleteUserByUsername(username: string): Promise<void>;
+    /**
+     * Deletes a user from local storage (not from LDAP)
+     * @param id ID of the user to delete
+     */
+    deleteUserById(id: string | number): Promise<void>;
+    /**
+     * Gets the user from LDAP.  Does not check local storage.
+     *
+     * If the user doesn't exist or authentication fails, an exception is thrown
+     * @param username the username to fetch
+     * @param password the LDAP password
+     * @returns the matching {@link LdapUser}
+     * @throws {@link @crossauth/common!CrossauthError} with {@link @crossauth/common!ErrorCode} `UsernameOrPasswordInvalid` or `Connection`
+     */
+    getLdapUser(username: string, password: string): Promise<LdapUser>;
+    private ldapBind;
+    private searchUser;
+    private static searchResultToUser;
+    /**
+     * Sanitises an LDAP dn for passing to bind (escaping special characters)
+     * @param dn the dn to sanitise
+     * @returns a sanitized dn
+     */
+    static sanitizeLdapDn(dn: string): string;
+    /**
+     * Sanitises an LDAP dn for passing to searches (escaping special characters)
+     * @param dn the dn to sanitise
+     * @returns a sanitized dn
+     */
+    static sanitizeLdapDnForSerach(dn: string): string;
+}
+//# sourceMappingURL=ldapstorage.d.ts.map

package/dist/storage/ldapstorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ldapstorage.d.ts","sourceRoot":"","sources":["../../src/storage/ldapstorage.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,KAAK,qBAAqB,EAAE,KAAK,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAC9F,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,WAAW,EAAE,KAAK,eAAe,EAAE,KAAK,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAMnH;;GAEG;AACH,MAAM,WAAW,QAAQ;IAErB,4BAA4B;IAC5B,EAAE,EAAE,MAAM,CAAC;IAEX,2CAA2C;IAC3C,CAAE,GAAG,EAAG,MAAM,GAAK,MAAM,GAAC,MAAM,EAAE,CAAC;CACtC;AAED;;GAEG;AACH,MAAM,WAAW,sBAAuB,SAAQ,kBAAkB;IAE9D;;OAEG;IACH,QAAQ,CAAC,EAAG,MAAM,EAAE,CAAC;IAErB,sFAAsF;IACtF,kBAAkB,CAAC,EAAG,MAAM,CAAC;IAE7B;OACG;IACH,qBAAqB,CAAC,EAAG,MAAM,CAAC;IAEhC;;;;;;OAMG;IACH,YAAY,CAAC,EAAG,CAAC,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,QAAQ,KAAK,eAAe,CAAC;CAChF;AAQD;;;;;;;;;GASG;AACH,qBAAa,eAAgB,SAAQ,WAAW;IAC5C,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,QAAQ,CAAM;IACtB,OAAO,CAAC,kBAAkB,CAAO;IACjC,OAAO,CAAC,qBAAqB,CAAQ;IACrC,OAAO,CAAC,YAAY,CAAsF;IAE1G;;;;OAIG;gBACS,YAAY,EAAG,WAAW,EAAE,OAAO,GAAG,sBAA2B;IAS7E;;;;;;;OAOG;IACG,UAAU,CAAC,IAAI,EAAG,eAAe,EAAE,OAAO,CAAC,EAAG,sBAAsB,GACpE,OAAO,CAAC,IAAI,CAAC;IAOnB;;;;;;OAMG;IACG,iBAAiB,CACnB,QAAQ,EAAG,MAAM,EAChB,OAAO,CAAC,EAAG,qBAAqB,GAAI,OAAO,CAAC;QAAC,IAAI,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,CAAC;IAIpF;;;;;;OAMG;IACG,WAAW,CACb,EAAE,EAAG,MAAM,GAAC,MAAM,EACjB,OAAO,CAAC,EAAG,qBAAqB,GAAI,OAAO,CAAC;QAAC,IAAI,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,CAAC;IAIpF;;;;;;OAMG;IACG,cAAc,CAChB,KAAK,EAAG,MAAM,GAAG,MAAM,EACvB,OAAO,CAAC,EAAG,qBAAqB,GAAI,OAAO,CAAC;QAAC,IAAI,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,CAAC;IAI7E,QAAQ,CAAC,IAAI,CAAC,EAAG,MAAM,EAAE,IAAI,CAAC,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAIhE;;;;;OAKG;IACG,UAAU,CAAC,IAAI,EAAG,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,CAAC,EAAG,OAAO,CAAC,WAAW,CAAC,GAAI,OAAO,CAAC,IAAI,CAAC;IAIxF;;;OAGG;IACG,oBAAoB,CAAC,QAAQ,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAI7D;;;OAGG;IACG,cAAc,CAAC,EAAE,EAAG,MAAM,GAAC,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAIxD;;;;;;;;OAQG;IACG,WAAW,CAAC,QAAQ,EAAG,MAAM,EAAE,QAAQ,EAAG,MAAM,GAAI,OAAO,CAAC,QAAQ,CAAC;IAyB3E,OAAO,CAAC,QAAQ;YAkCF,UAAU;IAuCxB,OAAO,CAAC,MAAM,CAAC,kBAAkB;IASjC;;;;OAIG;IACH,MAAM,CAAC,cAAc,CAAC,EAAE,EAAG,MAAM,GAAI,MAAM;IAW3C;;;;OAIG;IACH,MAAM,CAAC,uBAAuB,CAAC,EAAE,EAAG,MAAM,GAAI,MAAM;CAMvD"}

package/dist/storage/postgresconnection.d.ts

@@ -0,0 +1,27 @@
+import { default as pg } from 'pg';
+import { DbPool, DbConnection, DbParameter } from './dbconnection';
+
+export declare class PostgresPool extends DbPool {
+    private pgPool;
+    constructor(pgPool: pg.Pool);
+    connect(): Promise<DbConnection>;
+    parameters(): DbParameter;
+}
+export declare class PostgresConnection extends DbConnection {
+    private pgClient;
+    constructor(pgClient: pg.PoolClient);
+    private crossauthErrorFromPostgresError;
+    execute(query: string, values?: any[]): Promise<{
+        [key: string]: any;
+    }[]>;
+    release(): void;
+    startTransaction(): Promise<void>;
+    commit(): Promise<void>;
+    rollback(): Promise<void>;
+}
+export declare class PostgresParameter extends DbParameter {
+    private nextParam;
+    constructor();
+    nextParameter(): string;
+}
+//# sourceMappingURL=postgresconnection.d.ts.map

package/dist/storage/postgresconnection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgresconnection.d.ts","sourceRoot":"","sources":["../../src/storage/postgresconnection.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAGnE,qBAAa,YAAa,SAAQ,MAAM;IACpC,OAAO,CAAC,MAAM,CAAW;gBAEb,MAAM,EAAG,EAAE,CAAC,IAAI;IAMtB,OAAO,IAAK,OAAO,CAAC,YAAY,CAAC;IAMvC,UAAU,IAAK,WAAW;CAI7B;AAED,qBAAa,kBAAmB,SAAQ,YAAY;IAChD,OAAO,CAAC,QAAQ,CAAiB;gBAErB,QAAQ,EAAG,EAAE,CAAC,UAAU;IAKpC,OAAO,CAAC,+BAA+B;IAmBjC,OAAO,CAAC,KAAK,EAAG,MAAM,EAAE,MAAM,GAAG,GAAG,EAAO,GAAI,OAAO,CAAC;QAAC,CAAC,GAAG,EAAC,MAAM,GAAE,GAAG,CAAA;KAAC,EAAE,CAAC;IAYlF,OAAO,IAAK,IAAI;IAMV,gBAAgB,IAAK,OAAO,CAAC,IAAI,CAAC;IAMlC,MAAM,IAAK,OAAO,CAAC,IAAI,CAAC;IAMxB,QAAQ,IAAK,OAAO,CAAC,IAAI,CAAC;CAKnC;AAGD,qBAAa,iBAAkB,SAAQ,WAAW;IAC9C,OAAO,CAAC,SAAS,CAAK;;IAMtB,aAAa,IAAK,MAAM;CAG3B"}

package/dist/storage/postgresstorage.d.ts

@@ -0,0 +1,83 @@
+import { default as pg } from 'pg';
+import { DbUserStorage, DbKeyStorage, DbOAuthClientStorage, DbOAuthAuthorizationStorage, DbUserStorageOptions, DbKeyStorageOptions, DbOAuthClientStorageOptions, DbOAuthAuthorizationStorageOptions } from './dbstorage';
+
+/**
+ * Optional parameters for {@link PostgresUserStorage}.
+ *
+ * See {@link PostgresUserStorage.constructor} for definitions.
+ */
+export interface PostgresUserStorageOptions extends DbUserStorageOptions {
+}
+/**
+ * Implementation of {@link UserStorage} where username and password is stored
+ * in two Postgres tables: one for non secret fields, one for secret fields.
+ *
+ * The `pg` package module is used to access the database.
+ *
+ */
+export declare class PostgresUserStorage extends DbUserStorage {
+    /**
+     * Creates a PostgresUserStorage object, optionally overriding defaults.
+     * @param pgPool the instance of the Posrgres client.
+     * @param options see {@link PostgresUserStorageOptions}.
+     */
+    constructor(pgPool: pg.Pool, options?: PostgresUserStorageOptions);
+}
+/**
+ * Optional parameters for {@link PostgresKeyStorage}.
+ *
+ * See {@link PostgresKeyStorage.constructor} for definitions.
+ */
+export interface PostgresKeyStorageOptions extends DbKeyStorageOptions {
+}
+/**
+ * Implementation of {@link KeyStorage } where keys stored in a
+ * Postgres database.
+ */
+export declare class PostgresKeyStorage extends DbKeyStorage {
+    /**
+     * Creates a PostgresKeyStorage object, optionally overriding defaults.
+     * @param pgPool the instance of the Posrgres client.
+     * @param options see {@link PostgresKeyStorageOptions}.
+     */
+    constructor(pgPool: pg.Pool, options?: PostgresKeyStorageOptions);
+}
+/**
+ * Optional parameters for {@link PostgresOAuthClientStorage}.
+ *
+ * See {@link PostgresOAuthClientStorage.constructor} for definitions.
+ */
+export interface PostgresOAuthClientStorageOptions extends DbOAuthClientStorageOptions {
+}
+/**
+ * Implementation of {@link OAuthClientStorage } where keys stored in a
+ * Postgres database.
+ */
+export declare class PostgresOAuthClientStorage extends DbOAuthClientStorage {
+    /**
+     * Creates a PostgresOAuthClientStorage object, optionally overriding defaults.
+     * @param pgPool the instance of the Posrgres client.
+     * @param options see {@link PostgresOAuthStorageOptions}.
+     */
+    constructor(pgPool: pg.Pool, options?: PostgresOAuthClientStorageOptions);
+}
+/**
+ * Optional parameters for {@link PostgresOAuthAuthorizationStorage}.
+ *
+ * See {@link PostgresOAuthClientStorage.constructor} for definitions.
+ */
+export interface PostgresOAuthAuthorizationStorageOptions extends DbOAuthAuthorizationStorageOptions {
+}
+/**
+ * Implementation of {@link OAuthAuthorizationStorage } where keys stored in a
+ * Postgres database.
+ */
+export declare class PostgresOAuthAuthorizationStorage extends DbOAuthAuthorizationStorage {
+    /**
+     * Creates a PostgresOAuthStorage object, optionally overriding defaults.
+     * @param pgPool the instance of the Posrgres client.
+     * @param options see {@link PostgresOAuthAuthorizationStorageOptions}.
+     */
+    constructor(pgPool: pg.Pool, options?: PostgresOAuthAuthorizationStorageOptions);
+}
+//# sourceMappingURL=postgresstorage.d.ts.map

package/dist/storage/postgresstorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgresstorage.d.ts","sourceRoot":"","sources":["../../src/storage/postgresstorage.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,IAAI,CAAC;AAEpB,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,MAAM,aAAa,CAAC;AAC7G,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,kCAAkC,EAAE,MAAM,aAAa,CAAC;AAM9I;;;;GAIG;AACH,MAAM,WAAW,0BAA2B,SAAQ,oBAAoB;CACvE;AAED;;;;;;GAMG;AACH,qBAAa,mBAAoB,SAAQ,aAAa;IAElD;;;;OAIG;gBACS,MAAM,EAAG,EAAE,CAAC,IAAI,EAAE,OAAO,GAAG,0BAA+B;CAG1E;AAKD;;;;GAIG;AACH,MAAM,WAAW,yBAA0B,SAAQ,mBAAmB;CACrE;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,YAAY;IAEhD;;;;OAIG;gBACS,MAAM,EAAG,EAAE,CAAC,IAAI,EAAE,OAAO,GAAG,yBAA8B;CAGzE;AAKD;;;;GAIG;AACH,MAAM,WAAW,iCAAkC,SAAQ,2BAA2B;CACrF;AAED;;;GAGG;AACH,qBAAa,0BAA2B,SAAQ,oBAAoB;IAEhE;;;;OAIG;gBACS,MAAM,EAAG,EAAE,CAAC,IAAI,EAAE,OAAO,GAAG,iCAAsC;CAGjF;AAKD;;;;GAIG;AACH,MAAM,WAAW,wCAAyC,SAAQ,kCAAkC;CACnG;AAED;;;GAGG;AACH,qBAAa,iCAAkC,SAAQ,2BAA2B;IAE9E;;;;OAIG;gBACS,MAAM,EAAG,EAAE,CAAC,IAAI,EAAE,OAAO,GAAG,wCAA6C;CAGxF"}

package/dist/storage/prismastorage.d.ts

@@ -0,0 +1,361 @@
+import { UserStorage, KeyStorage, UserStorageGetOptions, UserStorageOptions, OAuthClientStorage, OAuthClientStorageOptions, OAuthAuthorizationStorage } from '../storage';
+import { User, UserSecrets, UserInputFields, UserSecretsInputFields, Key, OAuthClient } from '@crossauth/common';
+
+/**
+ * Optional parameters for {@link PrismaUserStorage}.
+ *
+ * See {@link PrismaUserStorage.constructor} for definitions.
+ */
+export interface PrismaUserStorageOptions extends UserStorageOptions {
+    /** Name of user table (to Prisma, ie lowercase).  Default `user` */
+    userTable?: string;
+    /** Name of user secrets table (to Prisma, ie lowercase).  Default `userSecrets` */
+    userSecretsTable?: string;
+    /** Name of the id column in the user table.  Can be set to `username` if that is your primary key.
+     * Default `id`.
+     */
+    idColumn?: string;
+    /** Name of the user id column in the user secrets.
+     * Default `userid`.
+     */
+    useridForeignKeyColumn?: string;
+    /** The prisma client instanfce.  Leave this out to have Crossauth create a default one */
+    prismaClient?: any;
+    includes?: string[];
+    /**
+     * This works around a Fastify and Sveltekit limitation.  If the id passed to
+     * getUserById() is a string but is numeric, first try forcing it to
+     * a number before selecting.  If that fails, try it as the string,
+     * Default true.
+     */
+    forceIdToNumber?: boolean;
+}
+/**
+ * Implementation of {@link UserStorage} where username and password is stored in a database managed by
+ * the Prisma ORM.
+ *
+ * By default, the Prisma name (ie the lowercased version) is called `user`.  It must have at least these fields:
+ *    * `username String \@unique`
+ *    * `username_normalized String \@unique`
+ *    * `state String`
+ * It must also contain an ID column, which is either an `Int` or `String`, eg
+ *    * `id Int \@id \@unique \@default(autoincrement())
+ * Alternatively you can set it to `username` if you don't have a separate ID field.
+ *
+ * You can optionally check if the `state` field is set to `awaitingemailverification` when validating users.
+ *  If the username is not the email address,
+ *  it must contain these extra two fields:
+ *     * `email String \@unique`
+ *     * `email_normalized String \@unique`
+ *
+ * You can optionally check if a `passwordReset` field is set to `true` when validating users.  Enabling this requires
+ * the user table to also have a `passwordReset Boolean` field.  Use this if you want to require your user to change his/her password.
+ *
+ * If `normalizeUsername` is true, getting a user by username will match on normalized (converting dialetics)
+ * and lowercased username.  This is not true of matching by id, even if the id columns is the same as the username column.
+ *
+ * If `normalizeEmail` is true, getting a user by username will matched on normalized, lowercase username.
+*/
+export declare class PrismaUserStorage extends UserStorage {
+    private userTable;
+    private userSecretsTable;
+    private idColumn;
+    private useridForeignKeyColumn;
+    private prismaClient;
+    private includes;
+    private includesObject;
+    private forceIdToNumber;
+    /**
+     * Creates a PrismaUserStorage object, optionally overriding defaults.
+     * @param options see {@link PrismaUserStorageOptions}
+     */
+    constructor(options?: PrismaUserStorageOptions);
+    private getUser;
+    /**
+     * Returns a {@link @crossauth/common!User} and {@link @crossauth/common!UserSecrets} instance matching the given username, or throws an Exception.
+     * @param username the username to look up
+     * @returns a {@link @crossauth/common!User} and {@link @crossauth/common!UserSecrets} instance, ie including the password hash.
+     * @throws {@link @crossauth/common!CrossauthError } with {@link @crossauth/common!ErrorCode } set to either `UserNotExist` or `Connection`.
+     */
+    getUserByUsername(username: string, options?: UserStorageGetOptions): Promise<{
+        user: User;
+        secrets: UserSecrets;
+    }>;
+    /**
+     * Returns a {@link @crossauth/common!User} and {@link @crossauth/common!UserSecrets} instance matching the given email address, or throws an Exception.
+     *
+     * If there is no email field in the user, the username is assumed to contain the email
+     *
+     * @param email the email address to look up
+     * @returns a {@link @crossauth/common!User} and {@link @crossauth/common!UserSecrets} instance, ie including the password hash.
+     * @throws {@link @crossauth/common!CrossauthError } with {@link @crossauth/common!ErrorCode } set to either `UserNotExist` or `Connection`.
+     */
+    getUserByEmail(email: string, options?: UserStorageGetOptions): Promise<{
+        user: User;
+        secrets: UserSecrets;
+    }>;
+    /**
+     * Same as {@link getUserByUsername } but matching user ID,
+     * @param id the user ID to match
+     * @returns a {@link @crossauth/common!User} and {@link @crossauth/common!UserSecrets} instance, ie including the password hash.
+     * @throws {@link @crossauth/common!CrossauthError } with {@link @crossauth/common!ErrorCode } set to either `UserNotExist` or `Connection`.
+     */
+    getUserById(id: string | number, options?: UserStorageGetOptions): Promise<{
+        user: User;
+        secrets: UserSecrets;
+    }>;
+    /**
+     * If the given session key exist in the database, update it with the passed values.  If it doesn't
+     * exist, throw a CreossauthError with InvalidKey.
+     *
+     * Warning: the fields in `user` and `secrets` are not validated so, before calling this,
+     * you should check they are in `userEditableFields`.
+     *
+     * @param user the user to update.  The id to update is taken from this obkect, which must be present.  All other attributes are optional.
+     */
+    updateUser(user: Partial<User>, secrets?: Partial<UserSecrets>): Promise<void>;
+    /**
+     * Create a user
+     *
+     * Warning: the fields in `user` and `secrets` are not validated so, before calling this,
+     * you should check they are in `userEditableFields`.
+     *
+     * @param user
+     * @param secrets
+     */
+    createUser(user: UserInputFields, secrets?: UserSecretsInputFields): Promise<User>;
+    deleteUserByUsername(username: string): Promise<void>;
+    deleteUserById(id: string | number): Promise<void>;
+    private deleteUserById_internal;
+    getUsers(skip?: number, take?: number): Promise<User[]>;
+}
+/**
+ * Optional parameters for {@link PrismaKeyStorage}.
+ *
+ * See {@link PrismaKeyStorage.constructor} for definitions.
+ */
+export interface PrismaKeyStorageOptions {
+    keyTable?: string;
+    prismaClient?: any;
+    transactionTimeout?: number;
+    /** Name of the user id column in the user secrets.
+     * Default `userid`.
+     */
+    useridForeignKeyColumn?: string;
+}
+/**
+ * Implementation of {@link KeyStorage } where keys stored in a database managed by
+ * the Prisma ORM.
+ *
+ * By default, the Prisma name (ie the lowercased version) is called `key`.  It must have at least three fields:
+ *    * `value String \@unique`
+ *    * `userid String or Int`
+ *    * `created DateTime`
+ *    * `expires DateTime`
+ * `key` must have `\@unique`.  It may also contain an ID column, which is not used.  If in the schema,
+ * it must be autoincrement.  THe `userid` may be a `String` or `Int`.  If a database table is used for
+ * user storage (eg {@link PrismaUserStorage} this should be a foreign key to the user table), in which case there
+ * should also be a `user` field (see Prisma documentation on foreign keys).
+ */
+export declare class PrismaKeyStorage extends KeyStorage {
+    private keyTable;
+    private prismaClient;
+    private transactionTimeout;
+    private useridForeignKeyColumn;
+    /**
+     * Constructor with user storage object to use plus optional parameters.
+     *
+     * @param options See {@link PrismaKeyStorageOptions}
+     */
+    constructor(options?: PrismaKeyStorageOptions);
+    getKey(key: string): Promise<Key>;
+    /**
+     * Returns the matching Key record, or throws an exception if it doesn't exist
+     * @param key the session key to look up in the session storage.
+     * @returns the {@link User } object for the user with the given session key, with the password hash removed, as well as the expiry date/time of the key.
+     * @throws a {@link @crossauth/common!CrossauthError } instance with {@link @crossauth/common!ErrorCode} of `InvalidSession`, `UserNotExist` or `Connection`
+     */
+    private getKeyWithTransaction;
+    /**
+     * Saves a key in the session table.
+     *
+     * @param userid user ID to store with the session key.  See {@link PrismaUserStorage} for how this may differ from `username`.
+     * @param value the value of the key to store.
+     * @param created the date/time the key was created.
+     * @param expires the date/time the key expires.
+     * @param extraFields these will be stored in the key table row
+     * @throws {@link @crossauth/common!CrossauthError } if the key could not be stored.
+     */
+    saveKey(userid: string | number | undefined, value: string, created: Date, expires: Date | undefined, data?: string, extraFields?: {
+        [key: string]: any;
+    }): Promise<void>;
+    /**
+     *
+     * @param value the value of the key to delete
+     * @throws {@link @crossauth/common!CrossauthError } if the key could not be deleted.
+     */
+    deleteKey(value: string): Promise<void>;
+    /**
+     * Deletes all keys from storage for the given user ID
+     *
+     * @param userid : user ID to delete keys for
+     */
+    deleteAllForUser(userid: string | number | undefined, prefix: string, except?: string): Promise<void>;
+    deleteMatching(key: Partial<Key>): Promise<void>;
+    /**
+     * Deletes all keys with the given prefix
+     *
+     * @param userid : user ID to delete keys for
+     */
+    deleteWithPrefix(userid: string | number | undefined, prefix: string): Promise<void>;
+    getAllForUser(userid: string | number | undefined): Promise<Key[]>;
+    /**
+     * If the given session key exist in the database, update it with the passed values.  If it doesn't
+     * exist, throw a CreossauthError with InvalidKey.
+     * @param key the new values of the key.   `value` must be set and will not be updated.
+     *        any other fields set (not undefined) will be updated.
+     */
+    updateKey(key: Partial<Key>): Promise<void>;
+    private updateKeyWithTransaction;
+    /**
+     * See {@link KeyStorage}.
+     */
+    updateData(keyName: string, dataName: string, value: any | undefined): Promise<void>;
+    /**
+     * See {@link KeyStorage}.
+     */
+    updateManyData(keyName: string, dataArray: [{
+        dataName: string;
+        value: any | undefined;
+    }]): Promise<void>;
+    /**
+     * See {@link KeyStorage}.
+     */
+    deleteData(keyName: string, dataName: string): Promise<void>;
+}
+/**
+ * Optional parameters for {@link PrismaOAuthClientStorage}.
+ */
+export interface PrismaOAuthClientStorageOptions extends OAuthClientStorageOptions {
+    /** Prisma name of the OAuth Client table.  Default oAuthClient */
+    clientTable?: string;
+    /** Prisma name of the OAuth valid flows table.  Default oClientValidFlow */
+    validFlowTable?: string;
+    /** Prisma name of the OAuth Redirect Uri table.  Default oAuthClientRedirectUri */
+    redirectUriTable?: string;
+    /** A Prisma client to use.  If not provided, one will be created */
+    prismaClient?: any;
+    /** In milliseconds.. Default 5000 */
+    transactionTimeout?: number;
+    /**
+     * This is to work around a Prisma bug.  SQLite returns an error
+     * when updating a client if inside a transaction.
+     * - `Update` `OAuthClient` table is updated, `OAuthClientAuthorization`
+     *            and `OAuthValidFlow` are updated with a delete and insert.
+     *            Doesn't work with SQLite.
+     * - `DeleteAndInsert` updated to the `OAuthClient`,
+     *                     `OAuthClientAuthorization` and `OAuthValidFlow` are
+     *                     all done as a delete then an insert.  Works for
+     *                     SQLite but if you have cascading dependencies on
+     *                     the `OAuthClient` table, dependent rows will be
+     *                     deleted.
+     * Our recommendation is to use `DeleteAndInsert` for SQLite and
+     * `Update` otherwise.
+     *
+     * Default `DeleteAndInsert`
+     */
+    updateMode?: "Update" | "DeleteAndInsert";
+    /** Name of the user id column in the user secrets.
+     * Default `userid`.
+     */
+    useridForeignKeyColumn?: string;
+}
+/**
+ * Implementation of {@link OAuthClientStorage } where clients stored in a database managed by
+ * the Prisma ORM.
+ */
+export declare class PrismaOAuthClientStorage extends OAuthClientStorage {
+    private clientTable;
+    private redirectUriTable;
+    private validFlowTable;
+    private prismaClient;
+    private transactionTimeout;
+    private updateMode;
+    private useridForeignKeyColumn;
+    /**
+     * Constructor with user storage object to use plus optional parameters.
+     *
+     * @param options See {@link PrismaOAuthClientStorageOptions}
+     */
+    constructor(options?: PrismaOAuthClientStorageOptions);
+    getClientById(client_id: string): Promise<OAuthClient>;
+    getClientByName(name: string, userid?: string | number | null): Promise<OAuthClient[]>;
+    private getClientWithTransaction;
+    /**
+     * Saves a key in the session table.
+     *
+     * @param client fields for the client to create
+     * @throws {@link @crossauth/common!CrossauthError } if the client could not be stored.
+     */
+    createClient(client: OAuthClient): Promise<OAuthClient>;
+    private createClientWithTransaction;
+    /**
+     *
+     * @param client_id the client to delete
+     * @throws {@link @crossauth/common!CrossauthError } if the key could not be deleted.
+     */
+    deleteClient(client_id: string): Promise<void>;
+    private deleteClientWithTransaction;
+    /**
+     * If the given session key exist in the database, update it with the passed values.  If it doesn't
+     * exist, throw a CreossauthError with InvalidKey.
+     * @param client the client to update.  It will be searched on its client_id, which cannot be updated.
+     */
+    updateClient(client: Partial<OAuthClient>): Promise<void>;
+    private updateClientWithTransaction_update;
+    private updateClientWithTransaction_deleteAndInsert;
+    getClients(skip?: number, take?: number, userid?: string | number | null): Promise<OAuthClient[]>;
+}
+/**
+ * Optional parameters for {@link PrismaOAuthAuthorizationStorage}.
+ */
+export interface PrismaOAuthAuthorizationStorageOptions extends OAuthClientStorageOptions {
+    /** Prisma name of the OAuth Authorization table.  Default oAuthAuthorization */
+    authorizationTable?: string;
+    /** A Prisma client to use.  If not provided, one will be created */
+    prismaClient?: any;
+    transactionTimeout?: number;
+    /** Name of the user id column in the user secrets.
+     * Default `userid`.
+     */
+    useridForeignKeyColumn?: string;
+}
+/**
+ * Implementation of {@link OAuthAuthorizationStorage } where authorizations are stored in a database managed by
+ * the Prisma ORM.
+ */
+export declare class PrismaOAuthAuthorizationStorage extends OAuthAuthorizationStorage {
+    private authorizationTable;
+    private prismaClient;
+    private transactionTimeout;
+    private useridForeignKeyColumn;
+    /**
+     * Constructor with user storage object to use plus optional parameters.
+     *
+     * @param options See {@link PrismaOAuthClientStorageOptions}
+     */
+    constructor(options?: PrismaOAuthClientStorageOptions);
+    getAuthorizations(client_id: string, userid: string | number | undefined): Promise<(string | null)[]>;
+    updateAuthorizations(client_id: string, userid: string | number | null, scopes: string[]): Promise<void>;
+    /**
+     * Saves a key in the session table.
+     *
+     * @param client_id the client to update
+     * @param userid the user ID to associate with the client, or undefined
+     *        for a client not associated with a user
+     * @param scopes the scopes that are authorized (new plus existing)
+     * @throws {@link @crossauth/common!CrossauthError } if the client could not be stored.
+     */
+    private updateAuthorizationsWithTransaction;
+}
+//# sourceMappingURL=prismastorage.d.ts.map

package/dist/storage/prismastorage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prismastorage.d.ts","sourceRoot":"","sources":["../../src/storage/prismastorage.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK,qBAAqB,EAAE,KAAK,kBAAkB,EAAE,kBAAkB,EAAE,KAAK,yBAAyB,EAAE,yBAAyB,EAAE,MAAM,YAAY,CAAC;AACzL,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,WAAW,EAAE,KAAK,eAAe,EAAE,KAAK,sBAAsB,EAAE,KAAK,GAAG,EAAE,KAAK,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAK/I;;;;GAIG;AACH,MAAM,WAAW,wBAAyB,SAAQ,kBAAkB;IAEhE,oEAAoE;IACpE,SAAS,CAAC,EAAG,MAAM,CAAC;IAEpB,mFAAmF;IACnF,gBAAgB,CAAC,EAAG,MAAM,CAAC;IAE3B;;OAEG;IACH,QAAQ,CAAC,EAAG,MAAM,CAAC;IAEnB;;OAEG;IACH,sBAAsB,CAAC,EAAG,MAAM,CAAC;IAEjC,0FAA0F;IAC1F,YAAY,CAAC,EAAG,GAAG,CAAC;IAEpB,QAAQ,CAAC,EAAG,MAAM,EAAE,CAAC;IAErB;;;;;OAKG;IACH,eAAe,CAAC,EAAG,OAAO,CAAC;CAC9B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;EAyBE;AACF,qBAAa,iBAAkB,SAAQ,WAAW;IAC9C,OAAO,CAAC,SAAS,CAAmB;IACpC,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,sBAAsB,CAAqB;IACnD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,QAAQ,CAA0B;IAC1C,OAAO,CAAC,cAAc,CAA+B;IACrD,OAAO,CAAC,eAAe,CAAkB;IAEzC;;;OAGG;gBACS,OAAO,GAAG,wBAA6B;YAiBrC,OAAO;IAwDrB;;;;;OAKG;IACG,iBAAiB,CACnB,QAAQ,EAAG,MAAM,EACjB,OAAO,CAAC,EAAG,qBAAqB,GAAI,OAAO,CAAC;QAAC,IAAI,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,CAAC;IAKnF;;;;;;;;OAQG;IACG,cAAc,CAChB,KAAK,EAAG,MAAM,EACd,OAAO,CAAC,EAAG,qBAAqB,GAAI,OAAO,CAAC;QAAC,IAAI,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,CAAC;IAKnF;;;;;OAKG;IACG,WAAW,CAAC,EAAE,EAAG,MAAM,GAAG,MAAM,EAClC,OAAO,CAAC,EAAG,qBAAqB,GAAI,OAAO,CAAC;QAAC,IAAI,EAAE,IAAI,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,CAAC;IAiBnF;;;;;;;;OAQG;IACG,UAAU,CAAC,IAAI,EAAG,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,GAAI,OAAO,CAAC,IAAI,CAAC;IAkEtF;;;;;;;;OAQG;IACG,UAAU,CAAC,IAAI,EAAE,eAAe,EAAE,OAAO,CAAC,EAAG,sBAAsB,GAC5D,OAAO,CAAC,IAAI,CAAC;IAqDpB,oBAAoB,CAAC,QAAQ,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAiBxD,cAAc,CAAC,EAAE,EAAG,MAAM,GAAC,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;YAW1C,uBAAuB;IAiB9B,QAAQ,CAAC,IAAI,CAAC,EAAG,MAAM,EAAE,IAAI,CAAC,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,EAAE,CAAC;CAwBnE;AAKD;;;;GAIG;AACH,MAAM,WAAW,uBAAuB;IACpC,QAAQ,CAAC,EAAG,MAAM,CAAC;IACnB,YAAY,CAAC,EAAG,GAAG,CAAC;IACpB,kBAAkB,CAAC,EAAG,MAAM,CAAC;IAC7B;;OAEG;IACH,sBAAsB,CAAC,EAAG,MAAM,CAAC;CACpC;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,gBAAiB,SAAQ,UAAU;IAC5C,OAAO,CAAC,QAAQ,CAAkB;IAClC,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,sBAAsB,CAAqB;IAEnD;;;;OAIG;gBACS,OAAO,GAAG,uBAA4B;IAc5C,MAAM,CAAC,GAAG,EAAG,MAAM,GAAI,OAAO,CAAC,GAAG,CAAC;IAIzC;;;;;OAKG;YACW,qBAAqB;IA2BnC;;;;;;;;;OASG;IACG,OAAO,CAAC,MAAM,EAAG,MAAM,GAAG,MAAM,GAAG,SAAS,EAChC,KAAK,EAAG,MAAM,EAAE,OAAO,EAAG,IAAI,EAC9B,OAAO,EAAG,IAAI,GAAG,SAAS,EAC1B,IAAI,CAAC,EAAG,MAAM,EACd,WAAW,GAAG;QAAC,CAAC,GAAG,EAAG,MAAM,GAAG,GAAG,CAAA;KAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAoC3E;;;;OAIG;IACG,SAAS,CAAC,KAAK,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAgB/C;;;;OAIG;IACG,gBAAgB,CAAC,MAAM,EAAG,MAAM,GAAG,MAAM,GAAG,SAAS,EAAE,MAAM,EAAG,MAAM,EAAE,MAAM,CAAC,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAiCzG,cAAc,CAAC,GAAG,EAAG,OAAO,CAAC,GAAG,CAAC,GAAI,OAAO,CAAC,IAAI,CAAC;IAuBxD;;;;OAIG;IACG,gBAAgB,CAAC,MAAM,EAAG,MAAM,GAAG,MAAM,GAAG,SAAS,EAAE,MAAM,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;IAoBvF,aAAa,CAAC,MAAM,EAAG,MAAM,GAAC,MAAM,GAAC,SAAS,GAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IA2BtE;;;;;OAKG;IACG,SAAS,CAAC,GAAG,EAAG,OAAO,CAAC,GAAG,CAAC,GAAI,OAAO,CAAC,IAAI,CAAC;YAIrC,wBAAwB;IAuBtC;;OAEG;IACG,UAAU,CAAC,OAAO,EAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAC,SAAS,GAAI,OAAO,CAAC,IAAI,CAAC;IAI1F;;OAEG;IACG,cAAc,CAAC,OAAO,EAAG,MAAM,EAAE,SAAS,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,GAAG,GAAC,SAAS,CAAA;KAAC,CAAC,GAAI,OAAO,CAAC,IAAI,CAAC;IAkC7G;;OAEG;IACG,UAAU,CAAC,OAAO,EAAG,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;CA6BvE;AAKD;;GAEG;AACH,MAAM,WAAW,+BAAgC,SAAQ,yBAAyB;IAE9E,kEAAkE;IAClE,WAAW,CAAC,EAAG,MAAM,CAAC;IAEtB,4EAA4E;IAC5E,cAAc,CAAC,EAAG,MAAM,CAAC;IAEzB,mFAAmF;IACnF,gBAAgB,CAAC,EAAG,MAAM,CAAC;IAE3B,oEAAoE;IACpE,YAAY,CAAC,EAAG,GAAG,CAAC;IAEpB,qCAAqC;IACrC,kBAAkB,CAAC,EAAG,MAAM,CAAC;IAE7B;;;;;;;;;;;;;;;;OAgBG;IACH,UAAU,CAAC,EAAG,QAAQ,GAAG,iBAAiB,CAAC;IAE3C;;OAEG;IACH,sBAAsB,CAAC,EAAG,MAAM,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,wBAAyB,SAAQ,kBAAkB;IAC5D,OAAO,CAAC,WAAW,CAA0B;IAC7C,OAAO,CAAC,gBAAgB,CAAqC;IAC7D,OAAO,CAAC,cAAc,CAAmC;IACzD,OAAO,CAAC,YAAY,CAAO;IAC3B,OAAO,CAAC,kBAAkB,CAAS;IACnC,OAAO,CAAC,UAAU,CAAqB;IACvC,OAAO,CAAC,sBAAsB,CAAY;IAE1C;;;;OAIG;gBACS,OAAO,GAAG,+BAAoC;IAepD,aAAa,CAAC,SAAS,EAAG,MAAM,GAAI,OAAO,CAAC,WAAW,CAAC;IAIxD,eAAe,CAAC,IAAI,EAAG,MAAM,EAAE,MAAM,CAAC,EAAG,MAAM,GAAC,MAAM,GAAC,IAAI,GAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YAI7E,wBAAwB;IAoDtC;;;;;OAKG;IACG,YAAY,CAAC,MAAM,EAAG,WAAW,GAAI,OAAO,CAAC,WAAW,CAAC;YAkBjD,2BAA2B;IAyGzC;;;;OAIG;IACG,YAAY,CAAC,SAAS,EAAG,MAAM,GAAI,OAAO,CAAC,IAAI,CAAC;YAgBxC,2BAA2B;IAczC;;;;OAIG;IACG,YAAY,CAAC,MAAM,EAAG,OAAO,CAAC,WAAW,CAAC,GAAI,OAAO,CAAC,IAAI,CAAC;YAmBnD,kCAAkC;YAmHlC,2CAA2C;IAYnD,UAAU,CAAC,IAAI,CAAC,EAAG,MAAM,EAAE,IAAI,CAAC,EAAG,MAAM,EAAE,MAAM,CAAC,EAAG,MAAM,GAAC,MAAM,GAAC,IAAI,GAAI,OAAO,CAAC,WAAW,EAAE,CAAC;CA8C1G;AAKD;;GAEG;AACH,MAAM,WAAW,sCAAuC,SAAQ,yBAAyB;IAErF,gFAAgF;IAChF,kBAAkB,CAAC,EAAG,MAAM,CAAC;IAE7B,oEAAoE;IACpE,YAAY,CAAC,EAAG,GAAG,CAAC;IAEpB,kBAAkB,CAAC,EAAG,MAAM,CAAC;IAE7B;;OAEG;IACH,sBAAsB,CAAC,EAAG,MAAM,CAAC;CACpC;AAED;;;GAGG;AACH,qBAAa,+BAAgC,SAAQ,yBAAyB;IAC1E,OAAO,CAAC,kBAAkB,CAAiC;IAC3D,OAAO,CAAC,YAAY,CAAO;IAC3B,OAAO,CAAC,kBAAkB,CAAkB;IAC5C,OAAO,CAAC,sBAAsB,CAAY;IAE1C;;;;OAIG;gBACS,OAAO,GAAG,+BAAoC;IAYpD,iBAAiB,CAAC,SAAS,EAAG,MAAM,EAAE,MAAM,EAAG,MAAM,GAAC,MAAM,GAAC,SAAS,GAAI,OAAO,CAAC,CAAC,MAAM,GAAC,IAAI,CAAC,EAAE,CAAC;IAoBlG,oBAAoB,CAAC,SAAS,EAAG,MAAM,EAAE,MAAM,EAAG,MAAM,GAAC,MAAM,GAAC,IAAI,EAAE,MAAM,EAAG,MAAM,EAAE,GAAI,OAAO,CAAC,IAAI,CAAC;IAM9G;;;;;;;;OAQG;YACW,mCAAmC;CA8BpD"}