@dbsc-toolkit/better-auth 0.1.2 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +68 -13
- package/dist/express.d.ts +17 -4
- package/dist/express.d.ts.map +1 -1
- package/dist/express.js +6 -2
- package/dist/express.js.map +1 -1
- package/dist/index.d.ts +3 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -6
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -20,7 +20,9 @@ npm install @dbsc-toolkit/better-auth dbsc-toolkit
|
|
|
20
20
|
|
|
21
21
|
## Setup
|
|
22
22
|
|
|
23
|
-
|
|
23
|
+
One line in `auth.ts`, one line in `server.ts`. That's the whole integration.
|
|
24
|
+
|
|
25
|
+
It's split across the two files you already have for a reason, not for ceremony. `dbsc()` declares the database schema and the post-login hook — and Better Auth only accepts those at `betterAuth()` construction time, so it has to live in `auth.ts`. `dbscExpress()` mounts the protocol routes and the route guard, which need the Express `app` object, so it has to live in `server.ts`. Neither can do the other's job; together they're two lines.
|
|
24
26
|
|
|
25
27
|
### auth.ts
|
|
26
28
|
|
|
@@ -131,25 +133,78 @@ Every session row carries a `tier`:
|
|
|
131
133
|
|
|
132
134
|
## Options
|
|
133
135
|
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
})
|
|
136
|
+
The plugin splits across two factories. `dbsc()` goes in `auth.ts` and owns
|
|
137
|
+
the after-hook + schema. `dbscExpress()` goes in `server.ts` and owns the
|
|
138
|
+
protocol routes + the route guard.
|
|
139
|
+
|
|
140
|
+
### `dbsc()` — the plugin factory
|
|
141
|
+
|
|
142
|
+
| Option | Type | Default | What it does |
|
|
143
|
+
|---|---|---|---|
|
|
144
|
+
| `basePath` | `string` | `"/api/auth"` | Must match `betterAuth({ basePath })`. The registration header points Chrome at `${basePath}/dbsc/registration`. |
|
|
145
|
+
| `cookieScope` | `"host" \| "site"` | `"host"` | `host` → `__Host-` cookies, no Domain. `site` → `__Secure-` + Domain. |
|
|
146
|
+
| `cookieDomain` | `string` | — | Required when `cookieScope` is `"site"`. |
|
|
147
|
+
| `cookieTtl` | `number` | `600_000` | Max-Age (ms) for the cookies the after-hook writes. |
|
|
148
|
+
| `onEvent` | `(e) => void` | — | Telemetry hook for registration / refresh / failures. |
|
|
149
|
+
|
|
150
|
+
`sessionTtl` here is a deprecated alias for `cookieTtl` — it still works, removed in 0.3.0. (Unrelated to `dbscExpress`'s `sessionTtl` below, which is the storage session lifetime — same name, different layer, an artifact of the underlying `dbsc-toolkit` naming.)
|
|
151
|
+
|
|
152
|
+
### `dbscExpress()` — the Express kit
|
|
153
|
+
|
|
154
|
+
| Option | Type | Default | What it does |
|
|
155
|
+
|---|---|---|---|
|
|
156
|
+
| `basePath` | `string` | `"/api/auth"` | Must match the `dbsc({ basePath })` above. |
|
|
157
|
+
| `secure` | `boolean` | `true` | `__Host-`/`__Secure-` prefixes + Secure flag. Set `false` on bare-http localhost. |
|
|
158
|
+
| `clientPath` | `string \| false` | `"/dbsc-client"` | Where the polyfill SDK + init shim mount. `false` skips serving. |
|
|
159
|
+
| `cookieScope` | `"host" \| "site"` | `"host"` | Same as the plugin's. |
|
|
160
|
+
| `cookieDomain` | `string` | — | Required when `cookieScope` is `"site"`. |
|
|
161
|
+
| `boundCookieTtl` | `number` | `600_000` | Bound cookie lifetime — how often the session re-signs a refresh. The knob you reach for most. |
|
|
162
|
+
| `refreshGraceMs` | `number` | `30_000` | Grace after the bound cookie expires before the tier drops to `none`. |
|
|
163
|
+
| `sessionTtl` | `number` | `24h` | Lifetime of the session **row** in storage (its `expiresAt`). Not a cookie. |
|
|
164
|
+
| `registrationCookieTtl` | `number` | `24h` | TTL of the short-lived `__Host-dbsc-reg` cookie used only during registration. |
|
|
165
|
+
| `trustProxy` | `boolean` | `true` | Whether `install()` sets Express `trust proxy`. |
|
|
166
|
+
| `replayCache` | `ProofReplayCache` | no-op | Rejects a replayed proof (v2.8+). |
|
|
167
|
+
| `rateLimiter` | `RateLimiter` | no-op | Guards the `/dbsc/*` routes. |
|
|
168
|
+
| `onEvent` | `(e) => void` | — | Telemetry hook. |
|
|
143
169
|
|
|
170
|
+
```ts
|
|
144
171
|
// server.ts
|
|
145
|
-
dbscExpress(auth, {
|
|
172
|
+
const dbsc = dbscExpress(auth, {
|
|
146
173
|
basePath: "/api/auth",
|
|
147
|
-
|
|
148
|
-
|
|
174
|
+
boundCookieTtl: 60_000,
|
|
175
|
+
refreshGraceMs: 30_000,
|
|
149
176
|
replayCache: new RedisReplayCache(redis),
|
|
150
177
|
})
|
|
151
178
|
```
|
|
152
179
|
|
|
180
|
+
The six protocol paths (`/dbsc/registration`, `/dbsc/refresh`, the four
|
|
181
|
+
`/dbsc-bound/*` routes) are derived from `basePath` and intentionally not
|
|
182
|
+
configurable — they have to match what the after-hook advertises, or Chrome's
|
|
183
|
+
registration POST 404s.
|
|
184
|
+
|
|
185
|
+
### Per-route proof tuning
|
|
186
|
+
|
|
187
|
+
`dbsc.requireProof()` takes the same options the core guard takes, so you can
|
|
188
|
+
vary strictness per route:
|
|
189
|
+
|
|
190
|
+
```ts
|
|
191
|
+
// Tighten the freshness window on a payment.
|
|
192
|
+
app.post("/api/payment",
|
|
193
|
+
express.raw({ type: "*/*" }),
|
|
194
|
+
dbsc.requireProof({ timestampWindowMs: 30_000 }),
|
|
195
|
+
payHandler,
|
|
196
|
+
)
|
|
197
|
+
|
|
198
|
+
// Relax on a low-risk read where a bound cookie is enough.
|
|
199
|
+
app.get("/api/feed",
|
|
200
|
+
dbsc.requireProof({ allowDbscWithoutProof: true }),
|
|
201
|
+
feedHandler,
|
|
202
|
+
)
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
Options: `timestampWindowMs` (default 5 min), `allowDbscWithoutProof` (default
|
|
206
|
+
`false`), `signBody`, and a per-route `replayCache` override.
|
|
207
|
+
|
|
153
208
|
## Database
|
|
154
209
|
|
|
155
210
|
Two new tables, both added through Better Auth's `schema` field so they get migrated with everything else:
|
package/dist/express.d.ts
CHANGED
|
@@ -14,7 +14,7 @@
|
|
|
14
14
|
* at module-evaluation time.
|
|
15
15
|
*/
|
|
16
16
|
import type { Express, RequestHandler } from "express";
|
|
17
|
-
import { type AnyTelemetryEvent, type ProofReplayCache, type RateLimiter } from "dbsc-toolkit";
|
|
17
|
+
import { type AnyTelemetryEvent, type ProofReplayCache, type RateLimiter, type RequireProofOptions } from "dbsc-toolkit";
|
|
18
18
|
export interface AuthLike {
|
|
19
19
|
$context: Promise<{
|
|
20
20
|
adapter: any;
|
|
@@ -32,8 +32,16 @@ export interface DbscExpressOptions {
|
|
|
32
32
|
cookieDomain?: string;
|
|
33
33
|
/** Use `Secure` cookies + `__Host-`/`__Secure-` prefixes. Default true. Set false on bare-http localhost. */
|
|
34
34
|
secure?: boolean;
|
|
35
|
-
/**
|
|
35
|
+
/** Lifetime (ms) of the session row in storage — its `expiresAt`. Default 24h. */
|
|
36
36
|
sessionTtl?: number;
|
|
37
|
+
/** Bound cookie lifetime / refresh cadence (ms). Default 600_000 (10 min). */
|
|
38
|
+
boundCookieTtl?: number;
|
|
39
|
+
/** Grace window after the bound cookie expires before the tier drops to none (ms). Default 30_000. */
|
|
40
|
+
refreshGraceMs?: number;
|
|
41
|
+
/** TTL (ms) of the `__Host-dbsc-reg` cookie used during registration. Default 24h. */
|
|
42
|
+
registrationCookieTtl?: number;
|
|
43
|
+
/** Let install() set Express `trust proxy`. Default true. */
|
|
44
|
+
trustProxy?: boolean;
|
|
37
45
|
/** Replay cache for per-request proofs. Default no-op. */
|
|
38
46
|
replayCache?: ProofReplayCache;
|
|
39
47
|
/** Rate limiter for /dbsc/* routes. Default no-op. */
|
|
@@ -46,8 +54,13 @@ export interface DbscExpressKit {
|
|
|
46
54
|
install(app: Express): Express;
|
|
47
55
|
/** Raw middleware for manual mounting (skips install()'s static SDK + init shim). */
|
|
48
56
|
middleware(): RequestHandler;
|
|
49
|
-
/**
|
|
50
|
-
|
|
57
|
+
/**
|
|
58
|
+
* Route guard that verifies the X-Dbsc-Bound-Proof header. 403 on
|
|
59
|
+
* missing/invalid. Accepts per-route overrides: `timestampWindowMs`
|
|
60
|
+
* (tighten the freshness window), `allowDbscWithoutProof` (relax the
|
|
61
|
+
* proof requirement on a low-risk route), `signBody`, `replayCache`.
|
|
62
|
+
*/
|
|
63
|
+
requireProof(opts?: RequireProofOptions): RequestHandler;
|
|
51
64
|
}
|
|
52
65
|
/**
|
|
53
66
|
* Build a DBSC kit for an Express + Better Auth app.
|
package/dist/express.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAmC,MAAM,SAAS,CAAC;AAExF,OAAO,EAML,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,WAAW,
|
|
1
|
+
{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,cAAc,EAAmC,MAAM,SAAS,CAAC;AAExF,OAAO,EAML,KAAK,iBAAiB,EACtB,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,mBAAmB,EACzB,MAAM,cAAc,CAAC;AAKtB,MAAM,WAAW,QAAQ;IACvB,QAAQ,EAAE,OAAO,CAAC;QAChB,OAAO,EAAE,GAAG,CAAC;QACb,eAAe,EAAE,GAAG,CAAC;KACtB,CAAC,CAAC;CACJ;AAED,MAAM,WAAW,kBAAkB;IACjC,iHAAiH;IACjH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,sGAAsG;IACtG,UAAU,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAC5B,oCAAoC;IACpC,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC9B,2CAA2C;IAC3C,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,6GAA6G;IAC7G,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,kFAAkF;IAClF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,8EAA8E;IAC9E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sGAAsG;IACtG,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sFAAsF;IACtF,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,OAAO,CAAC;IACrB,0DAA0D;IAC1D,WAAW,CAAC,EAAE,gBAAgB,CAAC;IAC/B,sDAAsD;IACtD,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,+DAA+D;IAC/D,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9D;AAuDD,MAAM,WAAW,cAAc;IAC7B,uFAAuF;IACvF,OAAO,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC;IAC/B,qFAAqF;IACrF,UAAU,IAAI,cAAc,CAAC;IAC7B;;;;;OAKG;IACH,YAAY,CAAC,IAAI,CAAC,EAAE,mBAAmB,GAAG,cAAc,CAAC;CAC1D;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,GAAE,kBAAuB,GAAG,cAAc,CAiEzF"}
|
package/dist/express.js
CHANGED
|
@@ -92,6 +92,10 @@ export function dbscExpress(auth, opts = {}) {
|
|
|
92
92
|
...(opts.cookieScope !== undefined && { cookieScope: opts.cookieScope }),
|
|
93
93
|
...(opts.cookieDomain !== undefined && { cookieDomain: opts.cookieDomain }),
|
|
94
94
|
...(opts.sessionTtl !== undefined && { sessionTtl: opts.sessionTtl }),
|
|
95
|
+
...(opts.boundCookieTtl !== undefined && { boundCookieTtl: opts.boundCookieTtl }),
|
|
96
|
+
...(opts.refreshGraceMs !== undefined && { refreshGraceMs: opts.refreshGraceMs }),
|
|
97
|
+
...(opts.registrationCookieTtl !== undefined && { registrationCookieTtl: opts.registrationCookieTtl }),
|
|
98
|
+
...(opts.trustProxy !== undefined && { trustProxy: opts.trustProxy }),
|
|
95
99
|
...(opts.replayCache !== undefined && { replayCache: opts.replayCache }),
|
|
96
100
|
...(opts.rateLimiter !== undefined && { rateLimiter: opts.rateLimiter }),
|
|
97
101
|
...(opts.onEvent !== undefined && { onEvent: opts.onEvent }),
|
|
@@ -116,8 +120,8 @@ export function dbscExpress(auth, opts = {}) {
|
|
|
116
120
|
return {
|
|
117
121
|
install,
|
|
118
122
|
middleware: kit.middleware,
|
|
119
|
-
requireProof() {
|
|
120
|
-
return kit.requireProof();
|
|
123
|
+
requireProof(proofOpts) {
|
|
124
|
+
return kit.requireProof(proofOpts);
|
|
121
125
|
},
|
|
122
126
|
};
|
|
123
127
|
}
|
package/dist/express.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"express.js","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,UAAU,EAAgB,MAAM,sBAAsB,CAAC;
|
|
1
|
+
{"version":3,"file":"express.js","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,UAAU,EAAgB,MAAM,sBAAsB,CAAC;AAahE,OAAO,EAAE,8BAA8B,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAsCnD,MAAM,iBAAiB,GAAG,WAAW,CAAC;AACtC,MAAM,mBAAmB,GAAG,cAAc,CAAC;AAE3C;;;;;GAKG;AACH,SAAS,WAAW,CAAC,OAAsC;IACzD,IAAI,MAAkC,CAAC;IACvC,MAAM,GAAG,GAAG,KAAK,IAA6B,EAAE;QAC9C,IAAI,CAAC,MAAM;YAAE,MAAM,GAAG,MAAM,OAAO,EAAE,CAAC;QACtC,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IAEF,OAAO;QACL,KAAK,CAAC,UAAU,CAAC,EAAU;YACzB,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,KAAK,CAAC,UAAU,CAAC,OAAgB;YAC/B,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,EAAU;YAC5B,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,SAAiB,EAAE,IAAmB;YACtD,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,CAAC,WAAW,CAAC,GAAa;YAC7B,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACxC,CAAC;QACD,KAAK,CAAC,cAAc,CAAC,SAAiB,EAAE,IAAmB;YACzD,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACvD,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,GAAW;YAC5B,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,CAAC,YAAY,CAAC,SAAoB;YACrC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QAC/C,CAAC;QACD,KAAK,CAAC,gBAAgB,CAAC,GAAW;YAChC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,CAAC;QAC7C,CAAC;QACD,KAAK,CAAC,aAAa,CAAC,SAAiB;YACnC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAChD,CAAC;QACD,KAAK,CAAC,gBAAgB,CAAC,MAAc;YACnC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC;AAgBD;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,WAAW,CAAC,IAAc,EAAE,OAA2B,EAAE;IACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,iBAAiB,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAC1D,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;IAEnC,MAAM,OAAO,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QACrC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC;QAChC,OAAO,8BAA8B,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,eAAe,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,gBAAgB,GAAG,GAAG,QAAQ,oBAAoB,CAAC;IACzD,MAAM,WAAW,GAAG,GAAG,QAAQ,eAAe,CAAC;IAC/C,MAAM,cAAc,GAAG,GAAG,QAAQ,mBAAmB,CAAC;IACtD,MAAM,kBAAkB,GAAG,GAAG,QAAQ,uBAAuB,CAAC;IAC9D,MAAM,qBAAqB,GAAG,GAAG,QAAQ,0BAA0B,CAAC;IACpE,MAAM,gBAAgB,GAAG,GAAG,QAAQ,qBAAqB,CAAC;IAE1D,MAAM,GAAG,GAAY,UAAU,CAAC;QAC9B,OAAO;QACP,MAAM;QACN,gBAAgB;QAChB,WAAW;QACX,cAAc;QACd,kBAAkB;QAClB,qBAAqB;QACrB,gBAAgB;QAChB,UAAU,EAAE,UAAU,KAAK,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU;QACrD,GAAG,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;QACxE,GAAG,CAAC,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,EAAE,YAAY,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;QAC3E,GAAG,CAAC,IAAI,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;QACrE,GAAG,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;QACjF,GAAG,CAAC,IAAI,CAAC,cAAc,KAAK,SAAS,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,CAAC;QACjF,GAAG,CAAC,IAAI,CAAC,qBAAqB,KAAK,SAAS,IAAI,EAAE,qBAAqB,EAAE,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACtG,GAAG,CAAC,IAAI,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC;QACrE,GAAG,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;QACxE,GAAG,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC;QACxE,GAAG,CAAC,IAAI,CAAC,OAAO,KAAK,SAAS,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;KAC7D,CAAC,CAAC;IAEH,SAAS,OAAO,CAAC,GAAY;QAC3B,0EAA0E;QAC1E,qEAAqE;QACrE,4BAA4B;QAC5B,IAAI,UAAU,KAAK,KAAK,EAAE,CAAC;YACzB,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC,CAAC;YACzD,MAAM,SAAS,GAAG,GAAG,UAAU,UAAU,CAAC;YAC1C,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;gBAClD,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,uCAAuC,CAAC,CAAC;gBACvE,GAAG,CAAC,SAAS,CAAC,eAAe,EAAE,qBAAqB,CAAC,CAAC;gBACtD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnB,CAAC,CAAC,CAAC;QACL,CAAC;QACD,uEAAuE;QACvE,kEAAkE;QAClE,OAAO,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,OAAO;QACL,OAAO;QACP,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,YAAY,CAAC,SAA+B;YAC1C,OAAO,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -24,7 +24,9 @@ export interface DbscPluginOptions {
|
|
|
24
24
|
cookieScope?: "host" | "site";
|
|
25
25
|
/** Required when cookieScope is "site". E.g. "example.com" */
|
|
26
26
|
cookieDomain?: string;
|
|
27
|
-
/**
|
|
27
|
+
/** Max-Age (ms) for the cookies the after-hook writes. Default: 600_000 (10 min). */
|
|
28
|
+
cookieTtl?: number;
|
|
29
|
+
/** @deprecated alias for cookieTtl — removed in 0.3.0 */
|
|
28
30
|
sessionTtl?: number;
|
|
29
31
|
/** Telemetry hook */
|
|
30
32
|
onEvent?: (event: AnyTelemetryEvent) => void | Promise<void>;
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAOL,KAAK,iBAAiB,EACvB,MAAM,cAAc,CAAC;AAKtB,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC9B,8DAA8D;IAC9D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EAOL,KAAK,iBAAiB,EACvB,MAAM,cAAc,CAAC;AAKtB,MAAM,WAAW,iBAAiB;IAChC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC9B,8DAA8D;IAC9D,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qFAAqF;IACrF,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,yDAAyD;IACzD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,qBAAqB;IACrB,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9D;AAMD,wBAAgB,IAAI,CAAC,IAAI,GAAE,iBAAsB,GAAG,MAAM,CA4IzD"}
|
package/dist/index.js
CHANGED
|
@@ -17,10 +17,12 @@ import { issueChallenge, buildRegistrationHeader, REGISTRATION_HEADER, LEGACY_RE
|
|
|
17
17
|
import { createBetterAuthStorageAdapter } from "./adapter.js";
|
|
18
18
|
import { dbscSchema } from "./schema.js";
|
|
19
19
|
const REGISTRATION_PATH = "/dbsc/registration";
|
|
20
|
-
const
|
|
20
|
+
const DEFAULT_COOKIE_TTL = 600_000;
|
|
21
21
|
const DEFAULT_BASE_PATH = "/api/auth";
|
|
22
22
|
export function dbsc(opts = {}) {
|
|
23
|
-
const { basePath = DEFAULT_BASE_PATH, cookieScope = "host", cookieDomain,
|
|
23
|
+
const { basePath = DEFAULT_BASE_PATH, cookieScope = "host", cookieDomain, } = opts;
|
|
24
|
+
// cookieTtl is the canonical name; sessionTtl is a deprecated alias.
|
|
25
|
+
const cookieTtl = opts.cookieTtl ?? opts.sessionTtl ?? DEFAULT_COOKIE_TTL;
|
|
24
26
|
const secure = true;
|
|
25
27
|
const scopeOpts = cookieDomain
|
|
26
28
|
? { secure, cookieScope, cookieDomain }
|
|
@@ -32,7 +34,7 @@ export function dbsc(opts = {}) {
|
|
|
32
34
|
"HttpOnly",
|
|
33
35
|
"Path=/",
|
|
34
36
|
"SameSite=Lax",
|
|
35
|
-
`Max-Age=${Math.floor(
|
|
37
|
+
`Max-Age=${Math.floor(cookieTtl / 1000)}`,
|
|
36
38
|
...(secure ? ["Secure"] : []),
|
|
37
39
|
...(cookieDomain ? [`Domain=${cookieDomain}`] : []),
|
|
38
40
|
].join("; ");
|
|
@@ -43,7 +45,7 @@ export function dbsc(opts = {}) {
|
|
|
43
45
|
"HttpOnly",
|
|
44
46
|
"Path=/",
|
|
45
47
|
"SameSite=Lax",
|
|
46
|
-
`Max-Age=${Math.floor(
|
|
48
|
+
`Max-Age=${Math.floor(cookieTtl / 1000)}`,
|
|
47
49
|
...(secure ? ["Secure"] : []),
|
|
48
50
|
...(cookieDomain ? [`Domain=${cookieDomain}`] : []),
|
|
49
51
|
].join("; ");
|
|
@@ -107,11 +109,11 @@ export function dbsc(opts = {}) {
|
|
|
107
109
|
userId,
|
|
108
110
|
tier: "none",
|
|
109
111
|
createdAt: now,
|
|
110
|
-
expiresAt: now +
|
|
112
|
+
expiresAt: now + cookieTtl,
|
|
111
113
|
lastRefreshAt: now,
|
|
112
114
|
});
|
|
113
115
|
}
|
|
114
|
-
const { jti } = await issueChallenge(sessionId, store,
|
|
116
|
+
const { jti } = await issueChallenge(sessionId, store, cookieTtl);
|
|
115
117
|
const regHeader = buildRegistrationHeader({
|
|
116
118
|
registrationPath: `${basePath}${REGISTRATION_PATH}`,
|
|
117
119
|
challenge: jti,
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EACL,cAAc,EACd,uBAAuB,EACvB,mBAAmB,EACnB,0BAA0B,EAC1B,kBAAkB,GAGnB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,8BAA8B,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,OAAO,EACL,cAAc,EACd,uBAAuB,EACvB,mBAAmB,EACnB,0BAA0B,EAC1B,kBAAkB,GAGnB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,8BAA8B,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAoBzC,MAAM,iBAAiB,GAAG,oBAAoB,CAAC;AAC/C,MAAM,kBAAkB,GAAG,OAAO,CAAC;AACnC,MAAM,iBAAiB,GAAG,WAAW,CAAC;AAEtC,MAAM,UAAU,IAAI,CAAC,OAA0B,EAAE;IAC/C,MAAM,EACJ,QAAQ,GAAG,iBAAiB,EAC5B,WAAW,GAAG,MAAM,EACpB,YAAY,GACb,GAAG,IAAI,CAAC;IACT,qEAAqE;IACrE,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,IAAI,CAAC,UAAU,IAAI,kBAAkB,CAAC;IAE1E,MAAM,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,SAAS,GAAG,YAAY;QAC5B,CAAC,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE;QACvC,CAAC,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAE5C,SAAS,eAAe,CAAC,SAAiB;QACxC,OAAO;YACL,GAAG,KAAK,CAAC,GAAG,IAAI,SAAS,EAAE;YAC3B,UAAU;YACV,QAAQ;YACR,cAAc;YACd,WAAW,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,EAAE;YACzC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,UAAU,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,SAAS,mBAAmB,CAAC,SAAiB;QAC5C,OAAO;YACL,GAAG,KAAK,CAAC,KAAK,IAAI,SAAS,EAAE;YAC7B,UAAU;YACV,QAAQ;YACR,cAAc;YACd,WAAW,IAAI,CAAC,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,EAAE;YACzC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,UAAU,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,SAAS,qBAAqB,CAAC,GAAW;QACxC,OAAO;YACL,GAAG,KAAK,CAAC,SAAS,IAAI,GAAG,EAAE;YAC3B,UAAU;YACV,QAAQ;YACR,cAAc;YACd,aAAa;YACb,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC7B,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,UAAU,YAAY,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SACpD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,OAAO;QACL,EAAE,EAAE,cAAc;QAElB,MAAM,EAAE,UAAU;QAElB,yEAAyE;QACzE,sEAAsE;QACtE,sEAAsE;QACtE,mEAAmE;QAEnE,KAAK,EAAE;YACL,KAAK,EAAE;gBACL;oBACE,sEAAsE;oBACtE,oEAAoE;oBACpE,uCAAuC;oBACvC,OAAO,EAAE,CAAC,GAAQ,EAAE,EAAE;wBACpB,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,QAA+C,CAAC;wBAC9E,MAAM,KAAK,GAAG,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC;wBAClC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;oBACvD,CAAC;oBACD,OAAO,EAAE,KAAK,EAAE,GAAQ,EAAiC,EAAE;wBACzD,MAAM,KAAK,GAAG,EAAE,OAAO,EAAE,IAAI,OAAO,EAAE,EAAE,CAAC;wBACzC,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,EAAE,QAA+C,CAAC;wBAC9E,MAAM,KAAK,GAAG,QAAQ,EAAE,KAA2B,CAAC;wBACpD,IAAI,CAAC,KAAK;4BAAE,OAAO,KAAK,CAAC;wBAEzB,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC;wBACrD,IAAI,CAAC,eAAe,EAAE,WAAW;4BAAE,OAAO,KAAK,CAAC;wBAEhD,IAAI,SAA6B,CAAC;wBAClC,IAAI,MAA0B,CAAC;wBAE/B,IAAI,CAAC;4BACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,WAAW,CAAC,KAAK,CAE9C,CAAC;4BACT,SAAS,GAAG,MAAM,EAAE,OAAO,EAAE,EAAE,CAAC;4BAChC,MAAM,GAAG,MAAM,EAAE,OAAO,EAAE,MAAM,IAAI,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC;wBACvD,CAAC;wBAAC,MAAM,CAAC;4BACP,OAAO,KAAK,CAAC;wBACf,CAAC;wBAED,IAAI,CAAC,SAAS,IAAI,CAAC,MAAM;4BAAE,OAAO,KAAK,CAAC;wBAExC,MAAM,KAAK,GAAG,8BAA8B,CAC1C,GAAG,CAAC,OAAO,CAAC,OAAO,EACnB,GAAG,CAAC,OAAO,CAAC,eAAe,CAC5B,CAAC;wBACF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;wBAEvB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;wBACnD,IAAI,CAAC,QAAQ,EAAE,CAAC;4BACd,MAAM,KAAK,CAAC,UAAU,CAAC;gCACrB,EAAE,EAAE,SAAS;gCACb,MAAM;gCACN,IAAI,EAAE,MAAM;gCACZ,SAAS,EAAE,GAAG;gCACd,SAAS,EAAE,GAAG,GAAG,SAAS;gCAC1B,aAAa,EAAE,GAAG;6BACnB,CAAC,CAAC;wBACL,CAAC;wBAED,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;wBAElE,MAAM,SAAS,GAAG,uBAAuB,CAAC;4BACxC,gBAAgB,EAAE,GAAG,QAAQ,GAAG,iBAAiB,EAAE;4BACnD,SAAS,EAAE,GAAG;4BACd,UAAU,EAAE,KAAK,CAAC,KAAK;yBACxB,CAAC,CAAC;wBAEH,+DAA+D;wBAC/D,iBAAiB;wBACjB,uDAAuD;wBACvD,+DAA+D;wBAC/D,+DAA+D;wBAC/D,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;wBAC9B,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,SAAS,CAAC,CAAC;wBAC5C,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,SAAS,CAAC,CAAC;wBACnD,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAmB,CAAC,SAAS,CAAC,CAAC,CAAC;wBAC7D,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC,CAAC;wBACzD,OAAO,CAAC,MAAM,CAAC,YAAY,EAAE,qBAAqB,CAAC,GAAG,CAAC,CAAC,CAAC;wBAEzD,OAAO,EAAE,OAAO,EAAE,CAAC;oBACrB,CAAC;iBACF;aACF;SACF;KACe,CAAC;AACrB,CAAC"}
|
package/package.json
CHANGED