@dailyautomations/auth 1.0.0

package/dist/hooks/useUser.js

@@ -0,0 +1,40 @@
+"use strict";
+/**
+ * @daily/auth useUser Hook
+ * Simplified user access hook
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useUser = useUser;
+exports.useRequiredUser = useRequiredUser;
+const useAuth_js_1 = require("./useAuth.js");
+/**
+ * Simplified hook for accessing current user info
+ * Use this when you only need user data, not auth actions
+ */
+function useUser() {
+    const { user, workspace, isLoading, isAuthenticated } = (0, useAuth_js_1.useAuth)();
+    return {
+        user,
+        workspace,
+        email: user?.email || null,
+        displayName: user?.user_metadata?.displayName || null,
+        avatarUrl: user?.user_metadata?.avatarUrl || null,
+        isLoading,
+        isAuthenticated,
+    };
+}
+/**
+ * Hook that throws if user is not authenticated
+ * Use in components that require authentication
+ */
+function useRequiredUser() {
+    const data = useUser();
+    if (!data.isAuthenticated || !data.user) {
+        throw new Error('User must be authenticated to access this component');
+    }
+    if (!data.workspace) {
+        throw new Error('User must have a workspace to access this component');
+    }
+    return data;
+}
+//# sourceMappingURL=useUser.js.map

package/dist/hooks/useUser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useUser.js","sourceRoot":"","sources":["../../src/hooks/useUser.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AA2BH,0BAYC;AAMD,0CAkBC;AA7DD,6CAAuC;AAqBvC;;;GAGG;AACH,SAAgB,OAAO;IACrB,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,eAAe,EAAE,GAAG,IAAA,oBAAO,GAAE,CAAC;IAElE,OAAO;QACL,IAAI;QACJ,SAAS;QACT,KAAK,EAAE,IAAI,EAAE,KAAK,IAAI,IAAI;QAC1B,WAAW,EAAG,IAAI,EAAE,aAAa,EAAE,WAAsB,IAAI,IAAI;QACjE,SAAS,EAAG,IAAI,EAAE,aAAa,EAAE,SAAoB,IAAI,IAAI;QAC7D,SAAS;QACT,eAAe;KAChB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe;IAI7B,MAAM,IAAI,GAAG,OAAO,EAAE,CAAC;IAEvB,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACxC,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,IAGN,CAAC;AACJ,CAAC"}

package/dist/identity.d.ts

@@ -0,0 +1,42 @@
+/**
+ * @daily/auth Identity Service
+ * Cross-app identity resolution and management
+ */
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { IdentityCheckResult, IdentityInfo, AppSlug } from './types.js';
+export declare class IdentityService {
+    private supabase;
+    constructor(supabase: SupabaseClient);
+    /**
+     * Check if an email exists in the system
+     * Returns identity info if found
+     */
+    checkEmail(email: string): Promise<IdentityCheckResult>;
+    /**
+     * Get full identity info for a user
+     * Includes workspaces, app access, and linked providers
+     */
+    getIdentityInfo(userId: string): Promise<IdentityInfo | undefined>;
+    /**
+     * Get all workspaces a user belongs to
+     */
+    private getUserWorkspaces;
+    /**
+     * Get all apps user has registered for
+     */
+    private getUserAppAccess;
+    /**
+     * Extract OAuth providers from Supabase metadata
+     */
+    private extractProviders;
+    /**
+     * Check if user has access to a specific app
+     */
+    hasAppAccess(userId: string, appSlug: AppSlug): Promise<boolean>;
+    /**
+     * Merge settings from user's other apps
+     * Used when provisioning for a new app
+     */
+    getMergedUserSettings(userId: string): Promise<Record<string, unknown>>;
+}
+//# sourceMappingURL=identity.d.ts.map

package/dist/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EACV,mBAAmB,EACnB,YAAY,EAGZ,OAAO,EACR,MAAM,YAAY,CAAC;AAEpB,qBAAa,eAAe;IACd,OAAO,CAAC,QAAQ;gBAAR,QAAQ,EAAE,cAAc;IAE5C;;;OAGG;IACG,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAsB7D;;;OAGG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IA+BxE;;OAEG;YACW,iBAAiB;IAmC/B;;OAEG;YACW,gBAAgB;IA6B9B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAsBxB;;OAEG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;IAKtE;;;OAGG;IACG,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAyB9E"}

package/dist/identity.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * @daily/auth Identity Service
+ * Cross-app identity resolution and management
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IdentityService = void 0;
+class IdentityService {
+    supabase;
+    constructor(supabase) {
+        this.supabase = supabase;
+    }
+    /**
+     * Check if an email exists in the system
+     * Returns identity info if found
+     */
+    async checkEmail(email) {
+        // Query auth.users for email
+        const { data: users, error } = await this.supabase
+            .from('auth.users')
+            .select('id, email, created_at, raw_app_meta_data')
+            .eq('email', email.toLowerCase())
+            .limit(1);
+        if (error || !users || users.length === 0) {
+            return { exists: false };
+        }
+        const user = users[0];
+        const identity = await this.getIdentityInfo(user.id);
+        return {
+            exists: true,
+            identity,
+            linkedProviders: identity?.providers,
+        };
+    }
+    /**
+     * Get full identity info for a user
+     * Includes workspaces, app access, and linked providers
+     */
+    async getIdentityInfo(userId) {
+        // Get user info
+        const { data: user, error: userError } = await this.supabase
+            .from('auth.users')
+            .select('id, email, created_at, raw_app_meta_data')
+            .eq('id', userId)
+            .single();
+        if (userError || !user) {
+            return undefined;
+        }
+        // Get workspaces
+        const workspaces = await this.getUserWorkspaces(userId);
+        // Get app access
+        const appAccess = await this.getUserAppAccess(userId);
+        // Extract linked providers from metadata
+        const providers = this.extractProviders(user.raw_app_meta_data);
+        return {
+            userId: user.id,
+            email: user.email,
+            providers,
+            workspaces,
+            appAccess,
+            createdAt: new Date(user.created_at),
+        };
+    }
+    /**
+     * Get all workspaces a user belongs to
+     */
+    async getUserWorkspaces(userId) {
+        // Get memberships
+        const { data: memberships, error: memberError } = await this.supabase
+            .from('daily_core.workspace_members')
+            .select('workspace_id, role')
+            .eq('user_id', userId);
+        if (memberError || !memberships || memberships.length === 0) {
+            return [];
+        }
+        const workspaceIds = memberships.map((m) => m.workspace_id);
+        // Get workspace details
+        const { data: workspaces, error: wsError } = await this.supabase
+            .from('daily_core.workspaces')
+            .select('id, name, slug')
+            .in('id', workspaceIds);
+        if (wsError || !workspaces) {
+            return [];
+        }
+        // Combine data
+        return workspaces.map((ws) => {
+            const membership = memberships.find((m) => m.workspace_id === ws.id);
+            return {
+                id: ws.id,
+                name: ws.name,
+                slug: ws.slug,
+                role: (membership?.role || 'member'),
+            };
+        });
+    }
+    /**
+     * Get all apps user has registered for
+     */
+    async getUserAppAccess(userId) {
+        // Get user's workspaces first
+        const { data: memberships, error: memberError } = await this.supabase
+            .from('daily_core.workspace_members')
+            .select('workspace_id')
+            .eq('user_id', userId);
+        if (memberError || !memberships || memberships.length === 0) {
+            return [];
+        }
+        const workspaceIds = memberships.map((m) => m.workspace_id);
+        // Get app registrations for those workspaces
+        const { data: registrations, error: regError } = await this.supabase
+            .from('daily_core.app_registrations')
+            .select('app_slug')
+            .in('workspace_id', workspaceIds)
+            .eq('enabled', true);
+        if (regError || !registrations) {
+            return [];
+        }
+        // Return unique app slugs
+        const apps = new Set(registrations.map((r) => r.app_slug));
+        return Array.from(apps);
+    }
+    /**
+     * Extract OAuth providers from Supabase metadata
+     */
+    extractProviders(metadata) {
+        if (!metadata)
+            return [];
+        const providers = [];
+        // Supabase stores provider info in various places
+        if (metadata.provider) {
+            providers.push(metadata.provider);
+        }
+        if (Array.isArray(metadata.providers)) {
+            providers.push(...metadata.providers);
+        }
+        // Check for specific provider flags
+        if (metadata.google_id)
+            providers.push('google');
+        if (metadata.github_id)
+            providers.push('github');
+        if (metadata.azure_id)
+            providers.push('azure');
+        return [...new Set(providers)];
+    }
+    /**
+     * Check if user has access to a specific app
+     */
+    async hasAppAccess(userId, appSlug) {
+        const apps = await this.getUserAppAccess(userId);
+        return apps.includes(appSlug);
+    }
+    /**
+     * Merge settings from user's other apps
+     * Used when provisioning for a new app
+     */
+    async getMergedUserSettings(userId) {
+        // Get user's first workspace
+        const { data: memberships, error: memberError } = await this.supabase
+            .from('daily_core.workspace_members')
+            .select('workspace_id')
+            .eq('user_id', userId)
+            .limit(1);
+        if (memberError || !memberships || memberships.length === 0) {
+            return {};
+        }
+        // Get workspace settings
+        const { data: workspace, error: wsError } = await this.supabase
+            .from('daily_core.workspaces')
+            .select('settings')
+            .eq('id', memberships[0].workspace_id)
+            .single();
+        if (wsError || !workspace) {
+            return {};
+        }
+        return workspace.settings || {};
+    }
+}
+exports.IdentityService = IdentityService;
+//# sourceMappingURL=identity.js.map

package/dist/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../src/identity.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAWH,MAAa,eAAe;IACN;IAApB,YAAoB,QAAwB;QAAxB,aAAQ,GAAR,QAAQ,CAAgB;IAAG,CAAC;IAEhD;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,KAAa;QAC5B,6BAA6B;QAC7B,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aAC/C,IAAI,CAAC,YAAY,CAAC;aAClB,MAAM,CAAC,0CAA0C,CAAC;aAClD,EAAE,CAAC,OAAO,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;aAChC,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,KAAK,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1C,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAErD,OAAO;YACL,MAAM,EAAE,IAAI;YACZ,QAAQ;YACR,eAAe,EAAE,QAAQ,EAAE,SAAS;SACrC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,gBAAgB;QAChB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aACzD,IAAI,CAAC,YAAY,CAAC;aAClB,MAAM,CAAC,0CAA0C,CAAC;aAClD,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;aAChB,MAAM,EAAE,CAAC;QAEZ,IAAI,SAAS,IAAI,CAAC,IAAI,EAAE,CAAC;YACvB,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,iBAAiB;QACjB,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAExD,iBAAiB;QACjB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEtD,yCAAyC;QACzC,MAAM,SAAS,GAAG,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,iBAAmD,CAAC,CAAC;QAElG,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS;YACT,UAAU;YACV,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;SACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAAC,MAAc;QAC5C,kBAAkB;QAClB,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aAClE,IAAI,CAAC,8BAA8B,CAAC;aACpC,MAAM,CAAC,oBAAoB,CAAC;aAC5B,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAEzB,IAAI,WAAW,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAE5D,wBAAwB;QACxB,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aAC7D,IAAI,CAAC,uBAAuB,CAAC;aAC7B,MAAM,CAAC,gBAAgB,CAAC;aACxB,EAAE,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;QAE1B,IAAI,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;YAC3B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,eAAe;QACf,OAAO,UAAU,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;YAC3B,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,KAAK,EAAE,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO;gBACL,EAAE,EAAE,EAAE,CAAC,EAAE;gBACT,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,IAAI,EAAE,EAAE,CAAC,IAAI;gBACb,IAAI,EAAE,CAAC,UAAU,EAAE,IAAI,IAAI,QAAQ,CAA0B;aAC9D,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAAC,MAAc;QAC3C,8BAA8B;QAC9B,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aAClE,IAAI,CAAC,8BAA8B,CAAC;aACpC,MAAM,CAAC,cAAc,CAAC;aACtB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAEzB,IAAI,WAAW,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;QAE5D,6CAA6C;QAC7C,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aACjE,IAAI,CAAC,8BAA8B,CAAC;aACpC,MAAM,CAAC,UAAU,CAAC;aAClB,EAAE,CAAC,cAAc,EAAE,YAAY,CAAC;aAChC,EAAE,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAEvB,IAAI,QAAQ,IAAI,CAAC,aAAa,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,0BAA0B;QAC1B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAmB,CAAC,CAAC,CAAC;QACtE,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,QAAwC;QAC/D,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,CAAC;QAEzB,MAAM,SAAS,GAAoB,EAAE,CAAC;QAEtC,kDAAkD;QAClD,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YACtB,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAyB,CAAC,CAAC;QACrD,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YACtC,SAAS,CAAC,IAAI,CAAC,GAAI,QAAQ,CAAC,SAA6B,CAAC,CAAC;QAC7D,CAAC;QAED,oCAAoC;QACpC,IAAI,QAAQ,CAAC,SAAS;YAAE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,SAAS;YAAE,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,QAAQ;YAAE,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE/C,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,OAAgB;QACjD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACjD,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,qBAAqB,CAAC,MAAc;QACxC,6BAA6B;QAC7B,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aAClE,IAAI,CAAC,8BAA8B,CAAC;aACpC,MAAM,CAAC,cAAc,CAAC;aACtB,EAAE,CAAC,SAAS,EAAE,MAAM,CAAC;aACrB,KAAK,CAAC,CAAC,CAAC,CAAC;QAEZ,IAAI,WAAW,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5D,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,yBAAyB;QACzB,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ;aAC5D,IAAI,CAAC,uBAAuB,CAAC;aAC7B,MAAM,CAAC,UAAU,CAAC;aAClB,EAAE,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;aACrC,MAAM,EAAE,CAAC;QAEZ,IAAI,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,OAAQ,SAAS,CAAC,QAAoC,IAAI,EAAE,CAAC;IAC/D,CAAC;CACF;AApMD,0CAoMC"}

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * @daily/auth
+ * Standard auth toolkit for Daily applications
+ *
+ * @package @daily/auth
+ * @version 1.0.0
+ */
+export { DailyAuth } from './client.js';
+export { WorkspaceService } from './workspace.js';
+export { createAuthMiddleware, expressAuthMiddleware, fastifyAuthMiddleware, validateAuthToken, type MiddlewareContext, } from './middleware.js';
+export { DailyAuthError } from './errors.js';
+export type { WorkspaceRole, OAuthProvider, DailyAuthOptions, SignUpParams, SignInParams, OAuthParams, ResetPasswordParams, AuthResult, WorkspaceInfo, AuthErrorInfo, AuthErrorCode, JWTPayload, AuthMiddlewareOptions, AuthenticatedRequest, AuthState, AuthActions, UseAuthReturn, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,OAAO,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AAGlD,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,iBAAiB,EACjB,KAAK,iBAAiB,GACvB,MAAM,iBAAiB,CAAC;AAGzB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAG7C,YAAY,EAEV,aAAa,EACb,aAAa,EACb,gBAAgB,EAEhB,YAAY,EACZ,YAAY,EACZ,WAAW,EACX,mBAAmB,EAEnB,UAAU,EACV,aAAa,EACb,aAAa,EACb,aAAa,EAEb,UAAU,EACV,qBAAqB,EACrB,oBAAoB,EAEpB,SAAS,EACT,WAAW,EACX,aAAa,GACd,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,28 @@
+"use strict";
+/**
+ * @daily/auth
+ * Standard auth toolkit for Daily applications
+ *
+ * @package @daily/auth
+ * @version 1.0.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DailyAuthError = exports.validateAuthToken = exports.fastifyAuthMiddleware = exports.expressAuthMiddleware = exports.createAuthMiddleware = exports.WorkspaceService = exports.DailyAuth = void 0;
+// Core client
+var client_js_1 = require("./client.js");
+Object.defineProperty(exports, "DailyAuth", { enumerable: true, get: function () { return client_js_1.DailyAuth; } });
+// Services
+var workspace_js_1 = require("./workspace.js");
+Object.defineProperty(exports, "WorkspaceService", { enumerable: true, get: function () { return workspace_js_1.WorkspaceService; } });
+// Middleware
+var middleware_js_1 = require("./middleware.js");
+Object.defineProperty(exports, "createAuthMiddleware", { enumerable: true, get: function () { return middleware_js_1.createAuthMiddleware; } });
+Object.defineProperty(exports, "expressAuthMiddleware", { enumerable: true, get: function () { return middleware_js_1.expressAuthMiddleware; } });
+Object.defineProperty(exports, "fastifyAuthMiddleware", { enumerable: true, get: function () { return middleware_js_1.fastifyAuthMiddleware; } });
+Object.defineProperty(exports, "validateAuthToken", { enumerable: true, get: function () { return middleware_js_1.validateAuthToken; } });
+// Errors
+var errors_js_1 = require("./errors.js");
+Object.defineProperty(exports, "DailyAuthError", { enumerable: true, get: function () { return errors_js_1.DailyAuthError; } });
+// React hooks available via '@daily/auth/react'
+// import { AuthProvider, useAuth, useUser, useAuthClient } from '@daily/auth/react';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAEH,cAAc;AACd,yCAAwC;AAA/B,sGAAA,SAAS,OAAA;AAElB,WAAW;AACX,+CAAkD;AAAzC,gHAAA,gBAAgB,OAAA;AAEzB,aAAa;AACb,iDAMyB;AALvB,qHAAA,oBAAoB,OAAA;AACpB,sHAAA,qBAAqB,OAAA;AACrB,sHAAA,qBAAqB,OAAA;AACrB,kHAAA,iBAAiB,OAAA;AAInB,SAAS;AACT,yCAA6C;AAApC,2GAAA,cAAc,OAAA;AA4BvB,gDAAgD;AAChD,qFAAqF"}

package/dist/middleware.d.ts

@@ -0,0 +1,49 @@
+/**
+ * @daily/auth Middleware
+ * Server-side JWT validation
+ */
+import { type User } from '@supabase/supabase-js';
+import type { AuthMiddlewareOptions, WorkspaceInfo } from './types.js';
+export interface MiddlewareContext {
+    user: User;
+    workspaces: WorkspaceInfo[];
+}
+/**
+ * Create auth middleware for Express/Fastify/etc.
+ */
+export declare function createAuthMiddleware(options: AuthMiddlewareOptions): (req: {
+    headers: Record<string, string | undefined>;
+    path?: string;
+    url?: string;
+}, res: {
+    status?: (code: number) => {
+        json: (body: unknown) => void;
+    };
+}, next?: () => void | Promise<void>) => Promise<MiddlewareContext | null>;
+/**
+ * Express-style middleware wrapper
+ */
+export declare function expressAuthMiddleware(options: AuthMiddlewareOptions): (req: {
+    headers: Record<string, string | undefined>;
+    path: string;
+}, res: {
+    status: (code: number) => {
+        json: (body: unknown) => void;
+    };
+}, next: (err?: Error) => void) => Promise<void>;
+/**
+ * Fastify-style middleware wrapper
+ */
+export declare function fastifyAuthMiddleware(options: AuthMiddlewareOptions): (request: {
+    headers: Record<string, string | undefined>;
+    url: string;
+}, reply: {
+    code: (code: number) => {
+        send: (body: unknown) => void;
+    };
+}) => Promise<void>;
+/**
+ * Standalone token validation
+ */
+export declare function validateAuthToken(token: string, options: Pick<AuthMiddlewareOptions, 'supabaseUrl' | 'supabaseServiceKey'>): Promise<User | null>;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAqC,KAAK,IAAI,EAAE,MAAM,uBAAuB,CAAC;AACrF,OAAO,KAAK,EAAE,qBAAqB,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGvE,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,IAAI,CAAC;IACX,UAAU,EAAE,aAAa,EAAE,CAAC;CAC7B;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,qBAAqB,IAoC/D,KAAK;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,EACjF,KAAK;IAAE,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK;QAAE,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAA;KAAE,CAAA;CAAE,EACrE,OAAO,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAChC,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAoCrC;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,qBAAqB,IAIhE,KAAK;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,EAClE,KAAK;IAAE,MAAM,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK;QAAE,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAA;KAAE,CAAA;CAAE,EACpE,MAAM,CAAC,GAAG,CAAC,EAAE,KAAK,KAAK,IAAI,mBAQ9B;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,qBAAqB,IAIhE,SAAS;IAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,EACrE,OAAO;IAAE,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK;QAAE,IAAI,EAAE,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAA;KAAE,CAAA;CAAE,mBAUvE;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,IAAI,CAAC,qBAAqB,EAAE,aAAa,GAAG,oBAAoB,CAAC,GACzE,OAAO,CAAC,IAAI,GAAG,IAAI,CAAC,CAUtB"}

package/dist/middleware.js

@@ -0,0 +1,116 @@
+"use strict";
+/**
+ * @daily/auth Middleware
+ * Server-side JWT validation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthMiddleware = createAuthMiddleware;
+exports.expressAuthMiddleware = expressAuthMiddleware;
+exports.fastifyAuthMiddleware = fastifyAuthMiddleware;
+exports.validateAuthToken = validateAuthToken;
+const supabase_js_1 = require("@supabase/supabase-js");
+const workspace_js_1 = require("./workspace.js");
+/**
+ * Create auth middleware for Express/Fastify/etc.
+ */
+function createAuthMiddleware(options) {
+    const { supabaseUrl, supabaseServiceKey, publicPaths = [] } = options;
+    const supabase = (0, supabase_js_1.createClient)(supabaseUrl, supabaseServiceKey, {
+        auth: { autoRefreshToken: false, persistSession: false },
+    });
+    const workspace = new workspace_js_1.WorkspaceService(supabase);
+    const isPublicPath = (path) => {
+        return publicPaths.some((p) => {
+            if (p.endsWith('*')) {
+                return path.startsWith(p.slice(0, -1));
+            }
+            return path === p;
+        });
+    };
+    const extractToken = (authHeader) => {
+        if (!authHeader)
+            return null;
+        const parts = authHeader.split(' ');
+        if (parts.length !== 2 || parts[0].toLowerCase() !== 'bearer') {
+            return null;
+        }
+        return parts[1];
+    };
+    const validateToken = async (token) => {
+        const { data, error } = await supabase.auth.getUser(token);
+        if (error || !data.user) {
+            return null;
+        }
+        return data.user;
+    };
+    return async function authMiddleware(req, res, next) {
+        const path = req.path || req.url || '';
+        if (isPublicPath(path)) {
+            if (next)
+                await next();
+            return null;
+        }
+        const token = extractToken(req.headers.authorization || req.headers.Authorization);
+        if (!token) {
+            if (res.status) {
+                res.status(401).json({ error: 'Missing authorization header' });
+            }
+            return null;
+        }
+        const user = await validateToken(token);
+        if (!user) {
+            if (res.status) {
+                res.status(401).json({ error: 'Invalid or expired token' });
+            }
+            return null;
+        }
+        const workspaces = await workspace.getForUser(user.id);
+        const context = { user, workspaces };
+        req.auth = context;
+        if (next)
+            await next();
+        return context;
+    };
+}
+/**
+ * Express-style middleware wrapper
+ */
+function expressAuthMiddleware(options) {
+    const middleware = createAuthMiddleware(options);
+    return async (req, res, next) => {
+        try {
+            await middleware(req, res, () => next());
+        }
+        catch (err) {
+            next(err);
+        }
+    };
+}
+/**
+ * Fastify-style middleware wrapper
+ */
+function fastifyAuthMiddleware(options) {
+    const middleware = createAuthMiddleware(options);
+    return async (request, reply) => {
+        const res = {
+            status: (code) => ({
+                json: (body) => reply.code(code).send(body),
+            }),
+        };
+        await middleware({ headers: request.headers, path: request.url }, res, undefined);
+    };
+}
+/**
+ * Standalone token validation
+ */
+async function validateAuthToken(token, options) {
+    const supabase = (0, supabase_js_1.createClient)(options.supabaseUrl, options.supabaseServiceKey, {
+        auth: { autoRefreshToken: false, persistSession: false },
+    });
+    const { data, error } = await supabase.auth.getUser(token);
+    if (error || !data.user) {
+        return null;
+    }
+    return data.user;
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAcH,oDA2EC;AAKD,sDAcC;AAKD,sDAeC;AAKD,8CAaC;AAhJD,uDAAqF;AAErF,iDAAkD;AAOlD;;GAEG;AACH,SAAgB,oBAAoB,CAAC,OAA8B;IACjE,MAAM,EAAE,WAAW,EAAE,kBAAkB,EAAE,WAAW,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAEtE,MAAM,QAAQ,GAAG,IAAA,0BAAY,EAAC,WAAW,EAAE,kBAAkB,EAAE;QAC7D,IAAI,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACzD,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,+BAAgB,CAAC,QAAQ,CAAC,CAAC;IAEjD,MAAM,YAAY,GAAG,CAAC,IAAY,EAAW,EAAE;QAC7C,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;YAC5B,IAAI,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,CAAC;YACD,OAAO,IAAI,KAAK,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;IAEF,MAAM,YAAY,GAAG,CAAC,UAAmB,EAAiB,EAAE;QAC1D,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,QAAQ,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC;IAEF,MAAM,aAAa,GAAG,KAAK,EAAE,KAAa,EAAwB,EAAE;QAClE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAC3D,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC,CAAC;IAEF,OAAO,KAAK,UAAU,cAAc,CAClC,GAAiF,EACjF,GAAqE,EACrE,IAAiC;QAEjC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;QAEvC,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,IAAI,IAAI;gBAAE,MAAM,IAAI,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,IAAI,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;QAEnF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAClE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,CAAC;QAExC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAEvD,MAAM,OAAO,GAAsB,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;QAEvD,GAA8C,CAAC,IAAI,GAAG,OAAO,CAAC;QAE/D,IAAI,IAAI;YAAE,MAAM,IAAI,EAAE,CAAC;QAEvB,OAAO,OAAO,CAAC;IACjB,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,OAA8B;IAClE,MAAM,UAAU,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEjD,OAAO,KAAK,EACV,GAAkE,EAClE,GAAoE,EACpE,IAA2B,EAC3B,EAAE;QACF,IAAI,CAAC;YACH,MAAM,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAY,CAAC,CAAC;QACrB,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,OAA8B;IAClE,MAAM,UAAU,GAAG,oBAAoB,CAAC,OAAO,CAAC,CAAC;IAEjD,OAAO,KAAK,EACV,OAAqE,EACrE,KAAoE,EACpE,EAAE;QACF,MAAM,GAAG,GAAG;YACV,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,CAAC;gBACzB,IAAI,EAAE,CAAC,IAAa,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;aACrD,CAAC;SACH,CAAC;QAEF,MAAM,UAAU,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IACpF,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,iBAAiB,CACrC,KAAa,EACb,OAA0E;IAE1E,MAAM,QAAQ,GAAG,IAAA,0BAAY,EAAC,OAAO,CAAC,WAAW,EAAE,OAAO,CAAC,kBAAkB,EAAE;QAC7E,IAAI,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACzD,CAAC,CAAC;IAEH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC3D,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC"}

package/dist/provisioning.d.ts

@@ -0,0 +1,41 @@
+/**
+ * @daily/auth Provisioning Service
+ * Auto-provision workspaces and app registrations for users
+ */
+import type { SupabaseClient } from '@supabase/supabase-js';
+import type { AppSlug, WorkspaceInfo, AppRegistrationInfo, ProvisioningResult, ProvisioningOptions } from './types.js';
+export declare class ProvisioningService {
+    private supabase;
+    private appSlug;
+    constructor(supabase: SupabaseClient, appSlug: AppSlug);
+    /**
+     * Provision a new user with workspace and app registration
+     * Called on signup
+     */
+    provisionNewUser(userId: string, email: string, options?: ProvisioningOptions): Promise<ProvisioningResult>;
+    /**
+     * Ensure user has access to current app
+     * Creates app_registration if missing (first time on this app)
+     */
+    ensureAppAccess(userId: string): Promise<{
+        workspace?: WorkspaceInfo;
+        appRegistration?: AppRegistrationInfo;
+    }>;
+    /**
+     * Get all workspaces for a user
+     */
+    getUserWorkspaces(userId: string): Promise<WorkspaceInfo[]>;
+    /**
+     * Check if app registration exists for workspace
+     */
+    getAppRegistration(workspaceId: string): Promise<AppRegistrationInfo | null>;
+    /**
+     * Generate workspace name from email
+     */
+    private generateWorkspaceName;
+    /**
+     * Generate URL-safe slug from name
+     */
+    private generateSlug;
+}
+//# sourceMappingURL=provisioning.d.ts.map

package/dist/provisioning.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provisioning.d.ts","sourceRoot":"","sources":["../src/provisioning.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAC5D,OAAO,KAAK,EACV,OAAO,EACP,aAAa,EACb,mBAAmB,EACnB,kBAAkB,EAClB,mBAAmB,EAEpB,MAAM,YAAY,CAAC;AAGpB,qBAAa,mBAAmB;IAE5B,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,OAAO;gBADP,QAAQ,EAAE,cAAc,EACxB,OAAO,EAAE,OAAO;IAG1B;;;OAGG;IACG,gBAAgB,CACpB,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,mBAAmB,GAC5B,OAAO,CAAC,kBAAkB,CAAC;IAwF9B;;;OAGG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAC7C,SAAS,CAAC,EAAE,aAAa,CAAC;QAC1B,eAAe,CAAC,EAAE,mBAAmB,CAAC;KACvC,CAAC;IA6DF;;OAEG;IACG,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAmCjE;;OAEG;IACG,kBAAkB,CACtB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC;IAoBtC;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAS7B;;OAEG;IACH,OAAO,CAAC,YAAY;CAWrB"}