@draftlab/auth 0.14.0 → 0.15.1

package/dist/provider/provider.d.mts

@@ -1,9 +1,8 @@
+import { RouterContext } from "../router/types.mjs";
+import { Router } from "../router/index.mjs";
 import { StorageAdapter } from "../storage/storage.mjs";
-import { Router } from "@draftlab/auth-router";
-import { RouterContext } from "@draftlab/auth-router/types";
 
 //#region src/provider/provider.d.ts
-
 /**
  * OAuth provider system for Draft Auth.
  * Defines the interfaces and utilities for implementing authentication providers
@@ -54,35 +53,35 @@ type ProviderRoute = Router;
  */
 interface Provider<Properties = Record<string, unknown>> {
   /**
-   * Unique identifier for this provider type.
-   * Used in URLs and provider selection UI.
-   *
-   * @example "github", "google", "steam"
-   */
+       * Unique identifier for this provider type.
+       * Used in URLs and provider selection UI.
+       *
+       * @example "github", "google", "steam"
+       */
   readonly type: string;
   /**
-   * Initializes the provider by registering required routes.
-   * Called during issuer setup to configure authorization and callback endpoints.
-   *
-   * @param route - Router instance for registering provider endpoints
-   * @param options - Provider utilities and configuration
-   *
-   * @example
-   * ```ts
-   * init(routes, ctx) {
-   *   routes.get("/authorize", async (c) => {
-   *     // Redirect to OAuth provider
-   *     return c.redirect(buildAuthUrl())
-   *   })
-   *
-   *   routes.get("/callback", async (c) => {
-   *     // Process callback and return user data
-   *     const userData = await handleCallback(c)
-   *     return await ctx.success(c, userData)
-   *   })
-   * }
-   * ```
-   */
+       * Initializes the provider by registering required routes.
+       * Called during issuer setup to configure authorization and callback endpoints.
+       *
+       * @param route - Router instance for registering provider endpoints
+       * @param options - Provider utilities and configuration
+       *
+       * @example
+       * ```ts
+       * init(routes, ctx) {
+       *   routes.get("/authorize", async (c) => {
+       *     // Redirect to OAuth provider
+       *     return c.redirect(buildAuthUrl())
+       *   })
+       *
+       *   routes.get("/callback", async (c) => {
+       *     // Process callback and return user data
+       *     const userData = await handleCallback(c)
+       *     return await ctx.success(c, userData)
+       *   })
+       * }
+       * ```
+       */
   init: (route: ProviderRoute, options: ProviderOptions<Properties>) => void;
 }
 /**
@@ -93,100 +92,99 @@ interface Provider<Properties = Record<string, unknown>> {
  */
 interface ProviderOptions<Properties> {
   /**
-   * Name of the provider instance as configured in the issuer.
-   * Corresponds to the key used in the providers object.
-   */
+       * Name of the provider instance as configured in the issuer.
+       * Corresponds to the key used in the providers object.
+       */
   readonly name: string;
   /**
-   * Completes the authentication flow with user data.
-   * Called when the provider successfully authenticates a user.
-   *
-   * @param ctx - Router request context
-   * @param properties - User data extracted from the provider
-   * @param opts - Optional utilities for session management
-   * @returns Response that completes the OAuth flow
-   *
-   * @example
-   * ```ts
-   * const userData = { userId: "123", email: "user@example.com" }
-   * return await ctx.success(c, userData)
-   * ```
-   */
+       * Completes the authentication flow with user data.
+       * Called when the provider successfully authenticates a user.
+       *
+       * @param ctx - Router request context
+       * @param properties - User data extracted from the provider
+       * @param opts - Optional utilities for session management
+       * @returns Response that completes the OAuth flow
+       *
+       * @example
+       * ```ts
+       * const userData = { userId: "123", email: "user@example.com" }
+       * return await ctx.success(c, userData)
+       * ```
+       */
   success: (ctx: RouterContext, properties: Properties, opts?: {
-    /** Function to invalidate existing user sessions */
-    readonly invalidate?: (subject: string) => Promise<void>;
+    /** Function to invalidate existing user sessions */readonly invalidate?: (subject: string) => Promise<void>;
   }) => Promise<Response>;
   /**
-   * Forwards a response through the provider context.
-   * Used for redirects and custom responses within the OAuth flow.
-   *
-   * @param ctx - Router request context
-   * @param response - Response to forward
-   * @returns Forwarded response
-   */
+       * Forwards a response through the provider context.
+       * Used for redirects and custom responses within the OAuth flow.
+       *
+       * @param ctx - Router request context
+       * @param response - Response to forward
+       * @returns Forwarded response
+       */
   forward: (ctx: RouterContext, response: Response) => Response;
   /**
-   * Stores a temporary value with expiration for the current session.
-   * Useful for storing OAuth state, PKCE verifiers, and other temporary data.
-   *
-   * @param ctx - Router request context
-   * @param key - Storage key identifier
-   * @param maxAge - TTL in seconds
-   * @param value - Value to store
-   *
-   * @example
-   * ```ts
-   * // Store OAuth state for 10 minutes
-   * await ctx.set(c, "oauth_state", 600, { state, redirectUri })
-   * ```
-   */
+       * Stores a temporary value with expiration for the current session.
+       * Useful for storing OAuth state, PKCE verifiers, and other temporary data.
+       *
+       * @param ctx - Router request context
+       * @param key - Storage key identifier
+       * @param maxAge - TTL in seconds
+       * @param value - Value to store
+       *
+       * @example
+       * ```ts
+       * // Store OAuth state for 10 minutes
+       * await ctx.set(c, "oauth_state", 600, { state, redirectUri })
+       * ```
+       */
   set: <T>(ctx: RouterContext, key: string, maxAge: number, value: T) => Promise<void>;
   /**
-   * Retrieves a previously stored temporary value.
-   *
-   * @param ctx - Router request context
-   * @param key - Storage key identifier
-   * @returns Promise resolving to the stored value or undefined if not found/expired
-   *
-   * @example
-   * ```ts
-   * const oauthState = await ctx.get<OAuthState>(c, "oauth_state")
-   * if (!oauthState) {
-   *   throw new Error("OAuth state expired")
-   * }
-   * ```
-   */
+       * Retrieves a previously stored temporary value.
+       *
+       * @param ctx - Router request context
+       * @param key - Storage key identifier
+       * @returns Promise resolving to the stored value or undefined if not found/expired
+       *
+       * @example
+       * ```ts
+       * const oauthState = await ctx.get<OAuthState>(c, "oauth_state")
+       * if (!oauthState) {
+       *   throw new Error("OAuth state expired")
+       * }
+       * ```
+       */
   get: <T>(ctx: RouterContext, key: string) => Promise<T | undefined>;
   /**
-   * Removes a stored temporary value.
-   *
-   * @param ctx - Router request context
-   * @param key - Storage key identifier
-   *
-   * @example
-   * ```ts
-   * // Clean up OAuth state after use
-   * await ctx.unset(c, "oauth_state")
-   * ```
-   */
+       * Removes a stored temporary value.
+       *
+       * @param ctx - Router request context
+       * @param key - Storage key identifier
+       *
+       * @example
+       * ```ts
+       * // Clean up OAuth state after use
+       * await ctx.unset(c, "oauth_state")
+       * ```
+       */
   unset: (ctx: RouterContext, key: string) => Promise<void>;
   /**
-   * Invalidates all sessions for a given subject (user).
-   * Forces logout across all devices and applications.
-   *
-   * @param subject - Subject identifier to invalidate
-   *
-   * @example
-   * ```ts
-   * // Force logout on password change
-   * await ctx.invalidate(userId)
-   * ```
-   */
+       * Invalidates all sessions for a given subject (user).
+       * Forces logout across all devices and applications.
+       *
+       * @param subject - Subject identifier to invalidate
+       *
+       * @example
+       * ```ts
+       * // Force logout on password change
+       * await ctx.invalidate(userId)
+       * ```
+       */
   invalidate: (subject: string) => Promise<void>;
   /**
-   * Storage adapter for persistent data operations.
-   * Provides access to the configured storage backend.
-   */
+       * Storage adapter for persistent data operations.
+       * Provides access to the configured storage backend.
+       */
   readonly storage: StorageAdapter;
 }
 /**

package/dist/provider/reddit.d.mts

@@ -2,50 +2,49 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/reddit.d.ts
-
 /**
  * Configuration options for Reddit OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with Reddit-specific documentation.
  */
 interface RedditConfig extends Oauth2WrappedConfig {
   /**
-   * Reddit app client ID.
-   * Get this from your Reddit application preferences at https://www.reddit.com/prefs/apps
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "abcdef123456"
-   * }
-   * ```
-   */
+       * Reddit app client ID.
+       * Get this from your Reddit application preferences at https://www.reddit.com/prefs/apps
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "abcdef123456"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Reddit app client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.REDDIT_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Reddit app client secret.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.REDDIT_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * Reddit OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "identity",           // Access user identity
-   *     "read"                // Read private data
-   *   ]
-   * }
-   * ```
-   */
+       * Reddit OAuth scopes to request access for.
+       * Determines what data and actions your app can access.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "identity",           // Access user identity
+       *     "read"                // Read private data
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
 }
 /**

package/dist/provider/slack.d.mts

@@ -2,51 +2,50 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/slack.d.ts
-
 /**
  * Configuration options for Slack OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with Slack-specific documentation.
  */
 interface SlackConfig extends Oauth2WrappedConfig {
   /**
-   * Slack app client ID.
-   * Get this from your Slack App settings at https://api.slack.com/apps
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "123456789.1234567890"
-   * }
-   * ```
-   */
+       * Slack app client ID.
+       * Get this from your Slack App settings at https://api.slack.com/apps
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "123456789.1234567890"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Slack app client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.SLACK_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Slack app client secret.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.SLACK_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * Slack OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "users:read",           // Access to user profiles
-   *     "users:read.email",     // Access user emails
-   *     "team:read"             // Access team information
-   *   ]
-   * }
-   * ```
-   */
+       * Slack OAuth scopes to request access for.
+       * Determines what data and actions your app can access.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "users:read",           // Access to user profiles
+       *     "users:read.email",     // Access user emails
+       *     "team:read"             // Access team information
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
 }
 /**

package/dist/provider/spotify.d.mts

@@ -2,51 +2,50 @@ import { Provider } from "./provider.mjs";
 import { Oauth2UserData, Oauth2WrappedConfig } from "./oauth2.mjs";
 
 //#region src/provider/spotify.d.ts
-
 /**
  * Configuration options for Spotify OAuth 2.0 provider.
  * Extends the base OAuth 2.0 configuration with Spotify-specific documentation.
  */
 interface SpotifyConfig extends Oauth2WrappedConfig {
   /**
-   * Spotify app client ID.
-   * Get this from your Spotify App at https://developer.spotify.com/dashboard
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientID: "abcdef123456"
-   * }
-   * ```
-   */
+       * Spotify app client ID.
+       * Get this from your Spotify App at https://developer.spotify.com/dashboard
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientID: "abcdef123456"
+       * }
+       * ```
+       */
   readonly clientID: string;
   /**
-   * Spotify app client secret.
-   * Keep this secure and never expose it to client-side code.
-   *
-   * @example
-   * ```ts
-   * {
-   *   clientSecret: process.env.SPOTIFY_CLIENT_SECRET
-   * }
-   * ```
-   */
+       * Spotify app client secret.
+       * Keep this secure and never expose it to client-side code.
+       *
+       * @example
+       * ```ts
+       * {
+       *   clientSecret: process.env.SPOTIFY_CLIENT_SECRET
+       * }
+       * ```
+       */
   readonly clientSecret: string;
   /**
-   * Spotify OAuth scopes to request access for.
-   * Determines what data and actions your app can access.
-   *
-   * @example
-   * ```ts
-   * {
-   *   scopes: [
-   *     "user-read-private",   // Access private user data
-   *     "user-read-email",     // Access user email
-   *     "user-top-read"        // Read top artists and tracks
-   *   ]
-   * }
-   * ```
-   */
+       * Spotify OAuth scopes to request access for.
+       * Determines what data and actions your app can access.
+       *
+       * @example
+       * ```ts
+       * {
+       *   scopes: [
+       *     "user-read-private",   // Access private user data
+       *     "user-read-email",     // Access user email
+       *     "user-top-read"        // Read top artists and tracks
+       *   ]
+       * }
+       * ```
+       */
   readonly scopes: string[];
 }
 /**

package/dist/provider/totp.d.mts

@@ -1,7 +1,6 @@
 import { Provider } from "./provider.mjs";
 
 //#region src/provider/totp.d.ts
-
 /**
  * TOTP data model stored in the database.
  * Contains the user's TOTP configuration and backup codes.
@@ -24,69 +23,69 @@ interface TOTPModel {
  */
 interface TOTPProviderConfig {
   /**
-   * The human-readable name of the issuer (your application).
-   * This appears in authenticator apps next to the TOTP entry.
-   */
+       * The human-readable name of the issuer (your application).
+       * This appears in authenticator apps next to the TOTP entry.
+       */
   issuer: string;
   /**
-   * Custom authorize handler that generates the UI for TOTP login.
-   * Called when user wants to login with TOTP (main page).
-   *
-   * @param req - The HTTP request object
-   * @param error - Optional error message to display
-   */
+       * Custom authorize handler that generates the UI for TOTP login.
+       * Called when user wants to login with TOTP (main page).
+       *
+       * @param req - The HTTP request object
+       * @param error - Optional error message to display
+       */
   authorize: (req: Request, error?: string) => Promise<Response>;
   /**
-   * Custom register handler that generates the UI for TOTP setup.
-   * Called when user is setting up TOTP for the first time.
-   *
-   * @param req - The HTTP request object
-   * @param qrCodeUrl - The otpauth:// URL for QR code generation
-   * @param secret - The raw secret (for manual entry)
-   * @param backupCodes - Array of backup/recovery codes
-   * @param error - Optional error message to display
-   */
+       * Custom register handler that generates the UI for TOTP setup.
+       * Called when user is setting up TOTP for the first time.
+       *
+       * @param req - The HTTP request object
+       * @param qrCodeUrl - The otpauth:// URL for QR code generation
+       * @param secret - The raw secret (for manual entry)
+       * @param backupCodes - Array of backup/recovery codes
+       * @param error - Optional error message to display
+       */
   register: (req: Request, qrCodeUrl: string, secret: string, backupCodes: string[], error?: string, email?: string) => Promise<Response>;
   /**
-   * Custom recovery handler that generates the UI for backup code entry.
-   * Called when user wants to use a recovery code instead of TOTP.
-   *
-   * @param req - The HTTP request object
-   * @param error - Optional error message to display
-   */
+       * Custom recovery handler that generates the UI for backup code entry.
+       * Called when user wants to use a recovery code instead of TOTP.
+       *
+       * @param req - The HTTP request object
+       * @param error - Optional error message to display
+       */
   recovery: (req: Request, error?: string) => Promise<Response>;
   /**
-   * Optional TOTP algorithm. Defaults to SHA1 for maximum compatibility.
-   * Most authenticator apps support SHA1, fewer support SHA256/SHA512.
-   */
+       * Optional TOTP algorithm. Defaults to SHA1 for maximum compatibility.
+       * Most authenticator apps support SHA1, fewer support SHA256/SHA512.
+       */
   algorithm?: "SHA1" | "SHA256" | "SHA512";
   /**
-   * Optional number of digits in TOTP codes. Defaults to 6.
-   * Some apps support 8 digits for increased security.
-   */
+       * Optional number of digits in TOTP codes. Defaults to 6.
+       * Some apps support 8 digits for increased security.
+       */
   digits?: 6 | 8;
   /**
-   * Optional validity period for TOTP codes in seconds. Defaults to 30.
-   * Standard is 30 seconds, some high-security apps use 60.
-   */
+       * Optional validity period for TOTP codes in seconds. Defaults to 30.
+       * Standard is 30 seconds, some high-security apps use 60.
+       */
   period?: number;
   /**
-   * Optional time window tolerance for clock drift. Defaults to 1.
-   * Allows tokens from previous/next time window to be valid.
-   */
+       * Optional time window tolerance for clock drift. Defaults to 1.
+       * Allows tokens from previous/next time window to be valid.
+       */
   window?: number;
   /**
-   * Optional number of backup codes to generate. Defaults to 10.
-   */
+       * Optional number of backup codes to generate. Defaults to 10.
+       */
   backupCodesCount?: number;
   /**
-   * Optional function to check if a user is allowed to set up TOTP.
-   */
+       * Optional function to check if a user is allowed to set up TOTP.
+       */
   userCanSetupTOTP?: (userId: string, req: Request) => Promise<boolean>;
   /**
-   * Optional custom label generator for TOTP entries.
-   * Defaults to using the userId as the label.
-   */
+       * Optional custom label generator for TOTP entries.
+       * Defaults to using the userId as the label.
+       */
   generateLabel?: (userId: string) => Promise<string>;
 }
 /**