@draftlab/auth 0.0.1

package/dist/storage/turso.js

@@ -0,0 +1,117 @@
+import { joinKey, splitKey } from "../storage-BEaqEPNQ.js";
+
+//#region src/storage/turso.ts
+/**
+* Creates a Turso storage adapter using the provided LibSQL client.
+* Automatically initializes the required database table and implements
+* the StorageAdapter interface with efficient SQL operations.
+*
+* @param client - Configured LibSQL client for database operations
+* @returns Storage adapter implementing the StorageAdapter interface
+*
+* @example
+* ```ts
+* import { createClient } from "@libsql/client"
+*
+* const client = createClient({
+*   url: process.env.TURSO_DATABASE_URL,
+*   authToken: process.env.TURSO_AUTH_TOKEN
+* })
+*
+* const storage = TursoStorage(client)
+*
+* // Now ready to use with Draft Auth
+* const app = issuer({ storage, ... })
+* ```
+*/
+const TursoStorage = (client) => {
+	const TABLE_NAME = "__draftauth__kv_storage";
+	client.execute(`
+		CREATE TABLE IF NOT EXISTS ${TABLE_NAME} (
+			key TEXT PRIMARY KEY, 
+			value TEXT NOT NULL, 
+			expiry INTEGER
+		)
+	`);
+	client.execute(`
+		CREATE INDEX IF NOT EXISTS idx_${TABLE_NAME}_key_prefix 
+		ON ${TABLE_NAME} (key)
+	`);
+	client.execute(`
+		CREATE INDEX IF NOT EXISTS idx_${TABLE_NAME}_expiry 
+		ON ${TABLE_NAME} (expiry) 
+		WHERE expiry IS NOT NULL
+	`);
+	return {
+		async get(key) {
+			const joinedKey = joinKey(key);
+			const { rows } = await client.execute({
+				sql: `SELECT value, expiry FROM ${TABLE_NAME} WHERE key = ?`,
+				args: [joinedKey]
+			});
+			const row = rows[0];
+			if (!row) return;
+			if (row.expiry && row.expiry < Date.now()) {
+				await client.execute({
+					sql: `DELETE FROM ${TABLE_NAME} WHERE key = ?`,
+					args: [joinedKey]
+				});
+				return;
+			}
+			try {
+				return JSON.parse(row.value);
+			} catch {
+				return;
+			}
+		},
+		async set(key, value, expiry) {
+			const joinedKey = joinKey(key);
+			const expiryTimestamp = expiry?.getTime() ?? null;
+			try {
+				const serializedValue = JSON.stringify(value);
+				await client.execute({
+					sql: `INSERT OR REPLACE INTO ${TABLE_NAME} (key, value, expiry) VALUES (?, ?, ?)`,
+					args: [
+						joinedKey,
+						serializedValue,
+						expiryTimestamp
+					]
+				});
+			} catch {
+				throw new Error("Storage operation failed");
+			}
+		},
+		async remove(key) {
+			const joinedKey = joinKey(key);
+			await client.execute({
+				sql: `DELETE FROM ${TABLE_NAME} WHERE key = ?`,
+				args: [joinedKey]
+			});
+		},
+		async *scan(prefix) {
+			const joinedPrefix = joinKey(prefix);
+			const now = Date.now();
+			const { rows } = await client.execute({
+				sql: `
+					SELECT key, value, expiry 
+					FROM ${TABLE_NAME} 
+					WHERE key LIKE ? 
+					AND (expiry IS NULL OR expiry >= ?)
+					ORDER BY key
+				`,
+				args: [`${joinedPrefix}%`, now]
+			});
+			for (const row of rows) try {
+				const parsedValue = JSON.parse(row.value);
+				yield [splitKey(row.key), parsedValue];
+			} catch {}
+			client.execute({
+				sql: `DELETE FROM ${TABLE_NAME} WHERE expiry IS NOT NULL AND expiry < ?`,
+				args: [now]
+			}).catch(() => {});
+		}
+	};
+};
+
+//#endregion
+export { TursoStorage };

package/dist/storage/unstorage.d.ts

@@ -0,0 +1,38 @@
+import { StorageAdapter } from "../storage-CxKerLlc.js";
+import { Driver } from "unstorage";
+
+//#region src/storage/unstorage.d.ts
+
+/**
+ * Creates a Draft Auth storage adapter using Unstorage drivers.
+ * Supports automatic expiration, error handling, and any Unstorage driver.
+ *
+ * @param options - Configuration options
+ * @param options.driver - Optional Unstorage driver (defaults to memory)
+ * @returns Storage adapter compatible with Draft Auth
+ *
+ * @example
+ * ```ts
+ * import { UnStorage } from "@draftauth/core/storage/unstorage"
+ * import redisDriver from "unstorage/drivers/redis"
+ *
+ * // Using Redis driver
+ * const storage = UnStorage({
+ *   driver: redisDriver({
+ *     host: process.env.REDIS_HOST,
+ *     port: parseInt(process.env.REDIS_PORT || "6379"),
+ *     password: process.env.REDIS_PASSWORD
+ *   })
+ * })
+ *
+ * // Using default memory driver (development only)
+ * const memoryStorage = UnStorage()
+ * ```
+ */
+declare const UnStorage: ({
+  driver
+}?: {
+  driver?: Driver;
+}) => StorageAdapter;
+//#endregion
+export { UnStorage };

package/dist/storage/unstorage.js

@@ -0,0 +1,97 @@
+import { joinKey, splitKey } from "../storage-BEaqEPNQ.js";
+import { createStorage } from "unstorage";
+
+//#region src/storage/unstorage.ts
+/**
+* Creates a Draft Auth storage adapter using Unstorage drivers.
+* Supports automatic expiration, error handling, and any Unstorage driver.
+*
+* @param options - Configuration options
+* @param options.driver - Optional Unstorage driver (defaults to memory)
+* @returns Storage adapter compatible with Draft Auth
+*
+* @example
+* ```ts
+* import { UnStorage } from "@draftauth/core/storage/unstorage"
+* import redisDriver from "unstorage/drivers/redis"
+*
+* // Using Redis driver
+* const storage = UnStorage({
+*   driver: redisDriver({
+*     host: process.env.REDIS_HOST,
+*     port: parseInt(process.env.REDIS_PORT || "6379"),
+*     password: process.env.REDIS_PASSWORD
+*   })
+* })
+*
+* // Using default memory driver (development only)
+* const memoryStorage = UnStorage()
+* ```
+*/
+const UnStorage = ({ driver } = {}) => {
+	const store = createStorage({ driver });
+	return {
+		async get(key) {
+			try {
+				const keyPath = joinKey(key);
+				const entry = await store.getItem(keyPath);
+				if (!entry) return void 0;
+				if (entry.expiry && Date.now() >= entry.expiry) {
+					store.removeItem(keyPath).catch(() => {});
+					return void 0;
+				}
+				return entry.value;
+			} catch (error) {
+				console.error("UnStorage get error:", error);
+				return void 0;
+			}
+		},
+		async set(key, value, expiry) {
+			try {
+				const keyPath = joinKey(key);
+				const entry = {
+					value,
+					expiry: expiry ? expiry.getTime() : void 0
+				};
+				await store.setItem(keyPath, entry);
+			} catch (error) {
+				console.error("UnStorage set error:", error);
+				throw error;
+			}
+		},
+		async remove(key) {
+			try {
+				const keyPath = joinKey(key);
+				await store.removeItem(keyPath);
+			} catch (error) {
+				console.error("UnStorage remove error:", error);
+			}
+		},
+		async *scan(prefix) {
+			try {
+				const now = Date.now();
+				const prefixPath = joinKey(prefix);
+				let keys = await store.getKeys(prefixPath);
+				if (keys.length === 0) {
+					const allKeys = await store.getKeys();
+					if (allKeys.length > 0) keys = allKeys.filter((key) => key.startsWith(prefixPath));
+				}
+				const limitedKeys = keys.slice(0, 1e3);
+				for (const keyPath of limitedKeys) try {
+					const entry = await store.getItem(keyPath);
+					if (!entry || !entry.value) continue;
+					if (entry.expiry && now >= entry.expiry) {
+						store.removeItem(keyPath).catch(() => {});
+						continue;
+					}
+					yield [splitKey(keyPath), entry.value];
+				} catch {}
+			} catch (error) {
+				console.error("UnStorage scan error:", error);
+			}
+		}
+	};
+};
+
+//#endregion
+export { UnStorage };

package/dist/storage-BEaqEPNQ.js

@@ -0,0 +1,62 @@
+//#region src/storage/storage.ts
+/**
+* ASCII unit separator character used to join key segments.
+* Using a control character ensures it won't conflict with user data.
+*/
+const SEPARATOR = String.fromCharCode(31);
+/**
+* Joins an array of key segments into a single string using the separator.
+*
+* @param key - Array of key segments to join
+* @returns Single string representing the full key path
+*
+* @example
+* ```ts
+* joinKey(['user', 'session', '123'])
+* // Returns: "user\x1fsession\x1f123"
+* ```
+*/
+const joinKey = (key) => {
+	return key.join(SEPARATOR);
+};
+/**
+* Splits a joined key string back into its component segments.
+*
+* @param key - Joined key string to split
+* @returns Array of individual key segments
+*
+* @example
+* ```ts
+* splitKey("user\x1fsession\x1f123")
+* // Returns: ['user', 'session', '123']
+* ```
+*/
+const splitKey = (key) => {
+	return key.split(SEPARATOR);
+};
+/**
+* High-level storage operations with key encoding and type safety.
+* Provides a convenient interface over storage adapters with additional features
+* like TTL conversion and key sanitization.
+*/
+const Storage = {
+	encode: (key) => {
+		return key.map((segment) => segment.replaceAll(SEPARATOR, ""));
+	},
+	get: (adapter, key) => {
+		return adapter.get(Storage.encode(key));
+	},
+	set: (adapter, key, value, ttlSeconds) => {
+		const expiry = ttlSeconds ? new Date(Date.now() + ttlSeconds * 1e3) : void 0;
+		return adapter.set(Storage.encode(key), value, expiry);
+	},
+	remove: (adapter, key) => {
+		return adapter.remove(Storage.encode(key));
+	},
+	scan: (adapter, prefix) => {
+		return adapter.scan(Storage.encode(prefix));
+	}
+};
+
+//#endregion
+export { Storage, joinKey, splitKey };

package/dist/storage-CxKerLlc.d.ts

@@ -0,0 +1,162 @@
+//#region src/storage/storage.d.ts
+/**
+ * Storage abstraction layer for Draft Auth persistence operations.
+ * Provides a unified interface for different storage backends with key encoding,
+ * TTL support, and type-safe operations.
+ */
+/**
+ * Abstract storage adapter interface that must be implemented by all storage backends.
+ * Defines the core operations needed for OAuth data persistence.
+ */
+interface StorageAdapter {
+  /**
+   * Retrieves a value by its key path.
+   *
+   * @param key - Array of key segments forming the storage path
+   * @returns Promise resolving to the stored value or undefined if not found
+   */
+  get(key: string[]): Promise<Record<string, unknown> | undefined>;
+  /**
+   * Removes a value by its key path.
+   *
+   * @param key - Array of key segments forming the storage path
+   * @returns Promise that resolves when removal is complete
+   */
+  remove(key: string[]): Promise<void>;
+  /**
+   * Stores a value with an optional expiration date.
+   *
+   * @param key - Array of key segments forming the storage path
+   * @param value - The value to store
+   * @param expiry - Optional expiration date for automatic cleanup
+   * @returns Promise that resolves when storage is complete
+   */
+  set(key: string[], value: unknown, expiry?: Date): Promise<void>;
+  /**
+   * Scans for keys matching a prefix pattern.
+   *
+   * @param prefix - Array of key segments to use as prefix filter
+   * @returns Async iterable of key-value pairs matching the prefix
+   */
+  scan(prefix: string[]): AsyncIterable<readonly [string[], unknown]>;
+}
+/**
+ * Joins an array of key segments into a single string using the separator.
+ *
+ * @param key - Array of key segments to join
+ * @returns Single string representing the full key path
+ *
+ * @example
+ * ```ts
+ * joinKey(['user', 'session', '123'])
+ * // Returns: "user\x1fsession\x1f123"
+ * ```
+ */
+declare const joinKey: (key: string[]) => string;
+/**
+ * Splits a joined key string back into its component segments.
+ *
+ * @param key - Joined key string to split
+ * @returns Array of individual key segments
+ *
+ * @example
+ * ```ts
+ * splitKey("user\x1fsession\x1f123")
+ * // Returns: ['user', 'session', '123']
+ * ```
+ */
+declare const splitKey: (key: string) => string[];
+/**
+ * High-level storage operations with key encoding and type safety.
+ * Provides a convenient interface over storage adapters with additional features
+ * like TTL conversion and key sanitization.
+ */
+declare const Storage: {
+  /**
+   * Encodes key segments by removing any separator characters to prevent conflicts.
+   * Ensures storage keys don't contain characters that could break key parsing.
+   *
+   * @param key - Array of key segments to encode
+   * @returns Array of sanitized key segments
+   *
+   * @example
+   * ```ts
+   * Storage.encode(['user', 'data\x1fwith\x1fseparators'])
+   * // Returns: ['user', 'datawithseparators']
+   * ```
+   */
+  readonly encode: (key: string[]) => string[];
+  /**
+   * Retrieves a typed value from storage.
+   *
+   * @template T - Expected type of the stored value
+   * @param adapter - Storage adapter to use
+   * @param key - Array of key segments identifying the value
+   * @returns Promise resolving to the typed value or null if not found
+   *
+   * @example
+   * ```ts
+   * interface UserSession {
+   *   userId: string
+   *   expiresAt: number
+   * }
+   *
+   * const session = await Storage.get<UserSession>(adapter, ['sessions', sessionId])
+   * if (session) {
+   *   // Fully typed: session.userId
+   * }
+   * ```
+   */
+  readonly get: <T = Record<string, unknown>>(adapter: StorageAdapter, key: string[]) => Promise<T | null>;
+  /**
+   * Stores a value with optional time-to-live in seconds.
+   *
+   * @param adapter - Storage adapter to use
+   * @param key - Array of key segments identifying where to store
+   * @param value - The value to store
+   * @param ttlSeconds - Optional TTL in seconds for automatic expiration
+   * @returns Promise that resolves when storage is complete
+   *
+   * @example
+   * ```ts
+   * // Store with 1 hour TTL
+   * await Storage.set(adapter, ['sessions', sessionId], sessionData, 3600)
+   *
+   * // Store permanently
+   * await Storage.set(adapter, ['users', userId], userData)
+   * ```
+   */
+  readonly set: (adapter: StorageAdapter, key: string[], value: unknown, ttlSeconds?: number) => Promise<void>;
+  /**
+   * Removes a value from storage.
+   *
+   * @param adapter - Storage adapter to use
+   * @param key - Array of key segments identifying the value to remove
+   * @returns Promise that resolves when removal is complete
+   *
+   * @example
+   * ```ts
+   * await Storage.remove(adapter, ['sessions', expiredSessionId])
+   * ```
+   */
+  readonly remove: (adapter: StorageAdapter, key: string[]) => Promise<void>;
+  /**
+   * Scans for entries matching a key prefix with type safety.
+   *
+   * @template T - Expected type of the stored values
+   * @param adapter - Storage adapter to use
+   * @param prefix - Array of key segments to use as prefix filter
+   * @returns Async iterable of typed key-value pairs
+   *
+   * @example
+   * ```ts
+   * // Find all user sessions
+   * for await (const [key, session] of Storage.scan<UserSession>(adapter, ['sessions'])) {
+   *   // Session: `${key.join('/')} expires at ${session.expiresAt}`
+   * }
+   * ```
+   */
+  readonly scan: <T = Record<string, unknown>>(adapter: StorageAdapter, prefix: string[]) => AsyncIterable<readonly [string[], T]>;
+};
+//#endregion
+export { Storage, StorageAdapter, joinKey, splitKey };

package/dist/subject-DiQdRWGt.d.ts

@@ -0,0 +1,62 @@
+import { Prettify } from "./util-ChlgVqPN.js";
+import { StandardSchemaV1 } from "@standard-schema/spec";
+
+//#region src/subject.d.ts
+
+/**
+ * Schema definition for subjects, mapping subject type names to their validation schemas.
+ * Each key represents a subject type, and each value is a schema that validates
+ * the properties for that subject type.
+ *
+ * @example
+ * ```ts
+ * const schema: SubjectSchema = {
+ *   user: object({ userID: string() }),
+ *   admin: object({ userID: string(), workspaceID: string() })
+ * }
+ * ```
+ */
+type SubjectSchema = Record<string, StandardSchemaV1>;
+/**
+ * Internal type that transforms a SubjectSchema into a union of subject payload objects.
+ * Each payload contains the subject type and its validated properties.
+ *
+ * @template T - The subject schema to transform
+ * @internal
+ */
+type SubjectPayload<T extends SubjectSchema> = Prettify<{ [K in keyof T & string]: {
+  type: K;
+  properties: StandardSchemaV1.InferOutput<T[K]>;
+} }[keyof T & string]>;
+/**
+ * Creates a strongly-typed subject schema that can be used throughout your application.
+ * The returned schema maintains type information for excellent IDE support and runtime validation.
+ *
+ * @template Schema - The subject schema type being created
+ * @param types - Object mapping subject type names to their validation schemas
+ * @returns The same schema object with preserved type information
+ *
+ * @example
+ * ```ts
+ * import { object, string, number } from "valibot"
+ *
+ * const subjects = createSubjects({
+ *   user: object({
+ *     userID: string(),
+ *     createdAt: number()
+ *   }),
+ *   admin: object({
+ *     userID: string(),
+ *     workspaceID: string(),
+ *     permissions: array(string())
+ *   }),
+ *   service: object({
+ *     serviceID: string(),
+ *     apiVersion: string()
+ *   })
+ * })
+ * ```
+ */
+declare const createSubjects: <Schema extends SubjectSchema>(types: Schema) => Schema;
+//#endregion
+export { SubjectPayload, SubjectSchema, createSubjects };

package/dist/subject.d.ts

@@ -0,0 +1,3 @@
+import "./util-ChlgVqPN.js";
+import { SubjectPayload, SubjectSchema, createSubjects } from "./subject-DiQdRWGt.js";
+export { SubjectPayload, SubjectSchema, createSubjects };

package/dist/subject.js

@@ -0,0 +1,36 @@
+//#region src/subject.ts
+/**
+* Creates a strongly-typed subject schema that can be used throughout your application.
+* The returned schema maintains type information for excellent IDE support and runtime validation.
+*
+* @template Schema - The subject schema type being created
+* @param types - Object mapping subject type names to their validation schemas
+* @returns The same schema object with preserved type information
+*
+* @example
+* ```ts
+* import { object, string, number } from "valibot"
+*
+* const subjects = createSubjects({
+*   user: object({
+*     userID: string(),
+*     createdAt: number()
+*   }),
+*   admin: object({
+*     userID: string(),
+*     workspaceID: string(),
+*     permissions: array(string())
+*   }),
+*   service: object({
+*     serviceID: string(),
+*     apiVersion: string()
+*   })
+* })
+* ```
+*/
+const createSubjects = (types) => {
+	return { ...types };
+};
+
+//#endregion
+export { createSubjects };