@draftlab/auth 0.0.3 → 0.1.0

package/dist/random.js

@@ -1,3 +1,87 @@
-import { generateSecureToken, generateUnbiasedDigits, timingSafeCompare } from "./random-SXMYlaVr.js";
+import { timingSafeEqual } from "node:crypto";
 
+//#region src/random.ts
+/**
+* Cryptographic utilities for secure random generation and comparison operations.
+* These functions are designed to prevent timing attacks and provide unbiased randomness.
+*/
+/**
+* Generates a cryptographically secure token with enhanced entropy.
+* Uses Web Crypto API and provides 256 bits of entropy
+*
+* @param length - Length of random data in bytes (default: 32 for 256-bit security)
+* @returns Base64url-encoded secure token
+*
+* @example
+* ```ts
+* const authCode = generateSecureToken()
+* // Returns: "7B8kJ9mN3pQ2rS5tU8vW0xY1zA3bC6dE9fG2hI5jK8lM" (example)
+*
+* const refreshToken = generateSecureToken(24) // 192-bit token
+* // Returns: "4A7bC9dF2gH5iJ8kL1mN4pQ7rS0tU" (example)
+* ```
+*/
+const generateSecureToken = (length = 32) => {
+	if (length <= 0 || !Number.isInteger(length)) throw new RangeError("Token length must be a positive integer");
+	const randomBytes$1 = new Uint8Array(length);
+	crypto.getRandomValues(randomBytes$1);
+	const base64 = btoa(String.fromCharCode.apply(null, Array.from(randomBytes$1)));
+	return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+};
+/**
+* Generates a cryptographically secure string of random digits without modulo bias.
+* Uses rejection sampling to ensure each digit (0-9) has an equal probability of being selected.
+*
+* @param length - Number of digits to generate (must be positive)
+* @returns String containing exactly the specified number of random digits
+*
+* @example
+* ```ts
+* const pinCode = generateUnbiasedDigits(6)
+* // Returns: "492847" (example - actual result is random)
+*
+* const shortCode = generateUnbiasedDigits(4)
+* // Returns: "7291" (example - actual result is random)
+* ```
+*
+* @throws {RangeError} If length is not a positive number
+*/
+const generateUnbiasedDigits = (length) => {
+	if (length <= 0 || !Number.isInteger(length)) throw new RangeError("Length must be a positive integer");
+	const result = [];
+	while (result.length < length) {
+		const buffer = crypto.getRandomValues(new Uint8Array(length * 2));
+		for (const byte of buffer) if (byte < 250 && result.length < length) result.push(byte % 10);
+	}
+	return result.join("");
+};
+/**
+* Performs a timing-safe comparison of two strings to prevent timing attacks.
+* Always takes the same amount of time regardless of where the strings differ,
+* making it safe for comparing sensitive values like tokens or passwords.
+*
+* @param a - First string to compare
+* @param b - Second string to compare
+* @returns True if strings are identical, false otherwise
+*
+* @example
+* ```ts
+* // Safe for comparing sensitive values
+* const isValidToken = timingSafeCompare(userToken, expectedToken)
+*
+* // Safe for password verification
+* const isValidPassword = timingSafeCompare(hashedInput, storedHash)
+*
+* // Returns false for different types or lengths
+* timingSafeCompare("abc", 123 as any) // false
+* timingSafeCompare("abc", "abcd") // false
+* ```
+*/
+const timingSafeCompare = (a, b) => {
+	if (typeof a !== "string" || typeof b !== "string") return false;
+	if (a.length !== b.length) return false;
+	return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+};
+
+//#endregion
 export { generateSecureToken, generateUnbiasedDigits, timingSafeCompare };

package/dist/storage/memory.d.ts

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "../storage-CxKerLlc.js";
+import { StorageAdapter } from "./storage.js";
 
 //#region src/storage/memory.d.ts
 
@@ -9,7 +9,7 @@ import { StorageAdapter } from "../storage-CxKerLlc.js";
  *
  * ### Basic in-memory storage (development only)
  * ```ts
- * import { MemoryStorage } from "@draftauth/core/storage/memory"
+ * import { MemoryStorage } from "@draftlab/auth/storage/memory"
  *
  * const storage = MemoryStorage()
  *

package/dist/storage/memory.js

@@ -1,4 +1,4 @@
-import { joinKey, splitKey } from "../storage-BEaqEPNQ.js";
+import { joinKey, splitKey } from "./storage.js";
 import { existsSync, readFileSync } from "node:fs";
 import { writeFile } from "node:fs/promises";
 

package/dist/storage/storage.d.ts

@@ -1,2 +1,162 @@
-import { Storage, StorageAdapter, joinKey, splitKey } from "../storage-CxKerLlc.js";
+//#region src/storage/storage.d.ts
+/**
+ * Storage abstraction layer for Draft Auth persistence operations.
+ * Provides a unified interface for different storage backends with key encoding,
+ * TTL support, and type-safe operations.
+ */
+/**
+ * Abstract storage adapter interface that must be implemented by all storage backends.
+ * Defines the core operations needed for OAuth data persistence.
+ */
+interface StorageAdapter {
+  /**
+   * Retrieves a value by its key path.
+   *
+   * @param key - Array of key segments forming the storage path
+   * @returns Promise resolving to the stored value or undefined if not found
+   */
+  get(key: string[]): Promise<Record<string, unknown> | undefined>;
+  /**
+   * Removes a value by its key path.
+   *
+   * @param key - Array of key segments forming the storage path
+   * @returns Promise that resolves when removal is complete
+   */
+  remove(key: string[]): Promise<void>;
+  /**
+   * Stores a value with an optional expiration date.
+   *
+   * @param key - Array of key segments forming the storage path
+   * @param value - The value to store
+   * @param expiry - Optional expiration date for automatic cleanup
+   * @returns Promise that resolves when storage is complete
+   */
+  set(key: string[], value: unknown, expiry?: Date): Promise<void>;
+  /**
+   * Scans for keys matching a prefix pattern.
+   *
+   * @param prefix - Array of key segments to use as prefix filter
+   * @returns Async iterable of key-value pairs matching the prefix
+   */
+  scan(prefix: string[]): AsyncIterable<readonly [string[], unknown]>;
+}
+/**
+ * Joins an array of key segments into a single string using the separator.
+ *
+ * @param key - Array of key segments to join
+ * @returns Single string representing the full key path
+ *
+ * @example
+ * ```ts
+ * joinKey(['user', 'session', '123'])
+ * // Returns: "user\x1fsession\x1f123"
+ * ```
+ */
+declare const joinKey: (key: string[]) => string;
+/**
+ * Splits a joined key string back into its component segments.
+ *
+ * @param key - Joined key string to split
+ * @returns Array of individual key segments
+ *
+ * @example
+ * ```ts
+ * splitKey("user\x1fsession\x1f123")
+ * // Returns: ['user', 'session', '123']
+ * ```
+ */
+declare const splitKey: (key: string) => string[];
+/**
+ * High-level storage operations with key encoding and type safety.
+ * Provides a convenient interface over storage adapters with additional features
+ * like TTL conversion and key sanitization.
+ */
+declare const Storage: {
+  /**
+   * Encodes key segments by removing any separator characters to prevent conflicts.
+   * Ensures storage keys don't contain characters that could break key parsing.
+   *
+   * @param key - Array of key segments to encode
+   * @returns Array of sanitized key segments
+   *
+   * @example
+   * ```ts
+   * Storage.encode(['user', 'data\x1fwith\x1fseparators'])
+   * // Returns: ['user', 'datawithseparators']
+   * ```
+   */
+  readonly encode: (key: string[]) => string[];
+  /**
+   * Retrieves a typed value from storage.
+   *
+   * @template T - Expected type of the stored value
+   * @param adapter - Storage adapter to use
+   * @param key - Array of key segments identifying the value
+   * @returns Promise resolving to the typed value or null if not found
+   *
+   * @example
+   * ```ts
+   * interface UserSession {
+   *   userId: string
+   *   expiresAt: number
+   * }
+   *
+   * const session = await Storage.get<UserSession>(adapter, ['sessions', sessionId])
+   * if (session) {
+   *   // Fully typed: session.userId
+   * }
+   * ```
+   */
+  readonly get: <T = Record<string, unknown>>(adapter: StorageAdapter, key: string[]) => Promise<T | null>;
+  /**
+   * Stores a value with optional time-to-live in seconds.
+   *
+   * @param adapter - Storage adapter to use
+   * @param key - Array of key segments identifying where to store
+   * @param value - The value to store
+   * @param ttlSeconds - Optional TTL in seconds for automatic expiration
+   * @returns Promise that resolves when storage is complete
+   *
+   * @example
+   * ```ts
+   * // Store with 1 hour TTL
+   * await Storage.set(adapter, ['sessions', sessionId], sessionData, 3600)
+   *
+   * // Store permanently
+   * await Storage.set(adapter, ['users', userId], userData)
+   * ```
+   */
+  readonly set: (adapter: StorageAdapter, key: string[], value: unknown, ttlSeconds?: number) => Promise<void>;
+  /**
+   * Removes a value from storage.
+   *
+   * @param adapter - Storage adapter to use
+   * @param key - Array of key segments identifying the value to remove
+   * @returns Promise that resolves when removal is complete
+   *
+   * @example
+   * ```ts
+   * await Storage.remove(adapter, ['sessions', expiredSessionId])
+   * ```
+   */
+  readonly remove: (adapter: StorageAdapter, key: string[]) => Promise<void>;
+  /**
+   * Scans for entries matching a key prefix with type safety.
+   *
+   * @template T - Expected type of the stored values
+   * @param adapter - Storage adapter to use
+   * @param prefix - Array of key segments to use as prefix filter
+   * @returns Async iterable of typed key-value pairs
+   *
+   * @example
+   * ```ts
+   * // Find all user sessions
+   * for await (const [key, session] of Storage.scan<UserSession>(adapter, ['sessions'])) {
+   *   // Session: `${key.join('/')} expires at ${session.expiresAt}`
+   * }
+   * ```
+   */
+  readonly scan: <T = Record<string, unknown>>(adapter: StorageAdapter, prefix: string[]) => AsyncIterable<readonly [string[], T]>;
+};
+//#endregion
 export { Storage, StorageAdapter, joinKey, splitKey };

package/dist/storage/storage.js

@@ -1,3 +1,62 @@
-import { Storage, joinKey, splitKey } from "../storage-BEaqEPNQ.js";
+//#region src/storage/storage.ts
+/**
+* ASCII unit separator character used to join key segments.
+* Using a control character ensures it won't conflict with user data.
+*/
+const SEPARATOR = String.fromCharCode(31);
+/**
+* Joins an array of key segments into a single string using the separator.
+*
+* @param key - Array of key segments to join
+* @returns Single string representing the full key path
+*
+* @example
+* ```ts
+* joinKey(['user', 'session', '123'])
+* // Returns: "user\x1fsession\x1f123"
+* ```
+*/
+const joinKey = (key) => {
+	return key.join(SEPARATOR);
+};
+/**
+* Splits a joined key string back into its component segments.
+*
+* @param key - Joined key string to split
+* @returns Array of individual key segments
+*
+* @example
+* ```ts
+* splitKey("user\x1fsession\x1f123")
+* // Returns: ['user', 'session', '123']
+* ```
+*/
+const splitKey = (key) => {
+	return key.split(SEPARATOR);
+};
+/**
+* High-level storage operations with key encoding and type safety.
+* Provides a convenient interface over storage adapters with additional features
+* like TTL conversion and key sanitization.
+*/
+const Storage = {
+	encode: (key) => {
+		return key.map((segment) => segment.replaceAll(SEPARATOR, ""));
+	},
+	get: (adapter, key) => {
+		return adapter.get(Storage.encode(key));
+	},
+	set: (adapter, key, value, ttlSeconds) => {
+		const expiry = ttlSeconds ? new Date(Date.now() + ttlSeconds * 1e3) : void 0;
+		return adapter.set(Storage.encode(key), value, expiry);
+	},
+	remove: (adapter, key) => {
+		return adapter.remove(Storage.encode(key));
+	},
+	scan: (adapter, prefix) => {
+		return adapter.scan(Storage.encode(prefix));
+	}
+};
 
+//#endregion
 export { Storage, joinKey, splitKey };

package/dist/storage/turso.d.ts

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "../storage-CxKerLlc.js";
+import { StorageAdapter } from "./storage.js";
 import { Client } from "@libsql/client";
 
 //#region src/storage/turso.d.ts

package/dist/storage/turso.js

@@ -1,4 +1,4 @@
-import { joinKey, splitKey } from "../storage-BEaqEPNQ.js";
+import { joinKey, splitKey } from "./storage.js";
 
 //#region src/storage/turso.ts
 /**

package/dist/storage/unstorage.d.ts

@@ -1,4 +1,4 @@
-import { StorageAdapter } from "../storage-CxKerLlc.js";
+import { StorageAdapter } from "./storage.js";
 import { Driver } from "unstorage";
 
 //#region src/storage/unstorage.d.ts
@@ -13,7 +13,7 @@ import { Driver } from "unstorage";
  *
  * @example
  * ```ts
- * import { UnStorage } from "@draftauth/core/storage/unstorage"
+ * import { UnStorage } from "@draftlab/auth/storage/unstorage"
  * import redisDriver from "unstorage/drivers/redis"
  *
  * // Using Redis driver

package/dist/storage/unstorage.js

@@ -1,4 +1,4 @@
-import { joinKey, splitKey } from "../storage-BEaqEPNQ.js";
+import { joinKey, splitKey } from "./storage.js";
 import { createStorage } from "unstorage";
 
 //#region src/storage/unstorage.ts
@@ -12,7 +12,7 @@ import { createStorage } from "unstorage";
 *
 * @example
 * ```ts
-* import { UnStorage } from "@draftauth/core/storage/unstorage"
+* import { UnStorage } from "@draftlab/auth/storage/unstorage"
 * import redisDriver from "unstorage/drivers/redis"
 *
 * // Using Redis driver

package/dist/subject.d.ts

@@ -1,3 +1,62 @@
-import "./util-DbSKG1Xm.js";
-import { SubjectPayload, SubjectSchema, createSubjects } from "./subject-DMIMVtaT.js";
+import { Prettify } from "./util.js";
+import { StandardSchemaV1 } from "@standard-schema/spec";
+
+//#region src/subject.d.ts
+
+/**
+ * Schema definition for subjects, mapping subject type names to their validation schemas.
+ * Each key represents a subject type, and each value is a schema that validates
+ * the properties for that subject type.
+ *
+ * @example
+ * ```ts
+ * const schema: SubjectSchema = {
+ *   user: object({ userID: string() }),
+ *   admin: object({ userID: string(), workspaceID: string() })
+ * }
+ * ```
+ */
+type SubjectSchema = Record<string, StandardSchemaV1>;
+/**
+ * Internal type that transforms a SubjectSchema into a union of subject payload objects.
+ * Each payload contains the subject type and its validated properties.
+ *
+ * @template T - The subject schema to transform
+ * @internal
+ */
+type SubjectPayload<T extends SubjectSchema> = Prettify<{ [K in keyof T & string]: {
+  type: K;
+  properties: StandardSchemaV1.InferOutput<T[K]>;
+} }[keyof T & string]>;
+/**
+ * Creates a strongly-typed subject schema that can be used throughout your application.
+ * The returned schema maintains type information for excellent IDE support and runtime validation.
+ *
+ * @template Schema - The subject schema type being created
+ * @param types - Object mapping subject type names to their validation schemas
+ * @returns The same schema object with preserved type information
+ *
+ * @example
+ * ```ts
+ * import { object, string, number } from "valibot"
+ *
+ * const subjects = createSubjects({
+ *   user: object({
+ *     userID: string(),
+ *     createdAt: number()
+ *   }),
+ *   admin: object({
+ *     userID: string(),
+ *     workspaceID: string(),
+ *     permissions: array(string())
+ *   }),
+ *   service: object({
+ *     serviceID: string(),
+ *     apiVersion: string()
+ *   })
+ * })
+ * ```
+ */
+declare const createSubjects: <Schema extends SubjectSchema>(types: Schema) => Schema;
+//#endregion
 export { SubjectPayload, SubjectSchema, createSubjects };

package/dist/themes/theme.d.ts

@@ -1,2 +1,209 @@
-import { ColorScheme, THEME_DRAFTAUTH, THEME_SST, THEME_SUPABASE, THEME_TERMINAL, THEME_VERCEL, Theme, getTheme, setTheme } from "../theme-C9by7VXf.js";
+//#region src/themes/theme.d.ts
+/**
+ * Use one of the built-in themes.
+ *
+ * @example
+ *
+ * ```ts
+ * import { THEME_SST } from "@draftlab/auth/themes/theme"
+ *
+ * export default issuer({
+ *   theme: THEME_SST,
+ *   // ...
+ * })
+ * ```
+ *
+ * Or define your own.
+ *
+ * ```ts
+ * import type { Theme } from "@draftlab/auth/themes/theme"
+ *
+ * const MY_THEME: Theme = {
+ *   title: "Acne",
+ *   radius: "none",
+ *   favicon: "https://www.example.com/favicon.svg",
+ *   // ...
+ * }
+ *
+ * export default issuer({
+ *   theme: MY_THEME,
+ *   // ...
+ * })
+ * ```
+ *
+ * @packageDocumentation
+ */
+/**
+ * A type to define values for light and dark mode.
+ *
+ * @example
+ * ```ts
+ * {
+ *   light: "#FFF",
+ *   dark: "#000"
+ * }
+ * ```
+ */
+interface ColorScheme {
+  /**
+   * The value for dark mode.
+   */
+  dark: string;
+  /**
+   * The value for light mode.
+   */
+  light: string;
+}
+/**
+ * A type to define your custom theme.
+ */
+interface Theme {
+  /**
+   * The name of your app. Also used as the title of the page.
+   *
+   * @example
+   * ```ts
+   * {
+   *   title: "Acne"
+   * }
+   * ```
+   */
+  title?: string;
+  /**
+   * A URL to the favicon of your app.
+   *
+   * @example
+   * ```ts
+   * {
+   *   favicon: "https://www.example.com/favicon.svg"
+   * }
+   * ```
+   */
+  favicon?: string;
+  /**
+   * The border radius of the UI elements.
+   *
+   * @example
+   * ```ts
+   * {
+   *   radius: "none"
+   * }
+   * ```
+   */
+  radius?: "none" | "sm" | "md" | "lg" | "full";
+  /**
+   * The primary color of the theme.
+   *
+   * Takes a color or both light and dark colors.
+   *
+   * @example
+   * ```ts
+   * {
+   *   primary: "#FF5E00"
+   * }
+   * ```
+   */
+  primary: string | ColorScheme;
+  /**
+   * The background color of the theme.
+   *
+   * Takes a color or both light and dark colors.
+   *
+   * @example
+   * ```ts
+   * {
+   *   background: "#FFF"
+   * }
+   * ```
+   */
+  background?: string | ColorScheme;
+  /**
+   * A URL to the logo of your app.
+   *
+   * Takes a single image or both light and dark mode versions.
+   *
+   * @example
+   * ```ts
+   * {
+   *   logo: "https://www.example.com/logo.svg"
+   * }
+   * ```
+   */
+  logo?: string | ColorScheme;
+  /**
+   * The font family and scale of the theme.
+   */
+  font?: {
+    /**
+     * The font family of the theme.
+     *
+     * @example
+     * ```ts
+     * {
+     *   font: {
+     *     family: "Geist Mono, monospace"
+     *   }
+     * }
+     * ```
+     */
+    family?: string;
+    /**
+     * The font scale of the theme. Can be used to increase or decrease the font sizes across
+     * the UI.
+     *
+     * @default "1"
+     * @example
+     * ```ts
+     * {
+     *   font: {
+     *     scale: "1.25"
+     *   }
+     * }
+     * ```
+     */
+    scale?: string;
+  };
+  /**
+   * Custom CSS that's added to the page in a `<style>` tag.
+   *
+   * This can be used to import custom fonts.
+   *
+   * @example
+   * ```ts
+   * {
+   *   css: `@import url('https://fonts.googleapis.com/css2?family=Rubik:wght@100;200;300;400;500;600;700;800;900&display=swap');`
+   * }
+   * ```
+   */
+  css?: string;
+}
+/**
+ * Built-in default Draft Auth theme.
+ */
+declare const THEME_DRAFTAUTH: Theme;
+/**
+ * Built-in theme based on [Terminal](https://terminal.shop).
+ */
+declare const THEME_TERMINAL: Theme;
+/**
+ * Built-in theme based on [SST](https://sst.dev).
+ */
+declare const THEME_SST: Theme;
+/**
+ * Built-in theme based on [Supabase](https://supabase.com).
+ */
+declare const THEME_SUPABASE: Theme;
+/**
+ * Built-in theme based on [Vercel](https://vercel.com).
+ */
+declare const THEME_VERCEL: Theme;
+/**
+ * @internal
+ */
+declare const setTheme: (value: Theme) => void;
+/**
+ * @internal
+ */
+declare const getTheme: () => any;
+//#endregion
 export { ColorScheme, THEME_DRAFTAUTH, THEME_SST, THEME_SUPABASE, THEME_TERMINAL, THEME_VERCEL, Theme, getTheme, setTheme };