npm - @draftlab/auth - Versions diffs - 0.15.0 → 0.16.0 - Mend

@draftlab/auth 0.15.0 → 0.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/dist/esm/allow.js +26 -0
package/dist/esm/client.js +254 -0
package/dist/esm/core.js +597 -0
package/dist/esm/css.d.js +0 -0
package/dist/esm/error.js +88 -0
package/dist/esm/index.js +5 -0
package/dist/esm/keys.js +126 -0
package/dist/esm/mutex.js +53 -0
package/dist/esm/pkce.js +87 -0
package/dist/esm/provider/apple.js +15 -0
package/dist/esm/provider/code.js +62 -0
package/dist/esm/provider/discord.js +15 -0
package/dist/esm/provider/facebook.js +15 -0
package/dist/esm/provider/github.js +15 -0
package/dist/esm/provider/gitlab.js +15 -0
package/dist/esm/provider/google.js +16 -0
package/dist/esm/provider/linkedin.js +15 -0
package/dist/esm/provider/magiclink.js +83 -0
package/dist/esm/provider/microsoft.js +15 -0
package/dist/esm/provider/oauth2.js +130 -0
package/dist/esm/provider/password.js +331 -0
package/dist/esm/provider/provider.js +18 -0
package/dist/esm/provider/reddit.js +15 -0
package/dist/esm/provider/slack.js +15 -0
package/dist/esm/provider/spotify.js +15 -0
package/dist/esm/provider/twitch.js +15 -0
package/dist/esm/provider/vercel.js +17 -0
package/dist/esm/random.js +40 -0
package/dist/esm/revocation.js +27 -0
package/dist/esm/storage/memory.js +110 -0
package/dist/esm/storage/storage.js +56 -0
package/dist/esm/storage/turso.js +93 -0
package/dist/esm/storage/unstorage.js +78 -0
package/dist/esm/subject.js +7 -0
package/dist/esm/themes/theme.js +115 -0
package/dist/esm/toolkit/client.js +119 -0
package/dist/esm/toolkit/index.js +25 -0
package/dist/esm/toolkit/providers/facebook.js +11 -0
package/dist/esm/toolkit/providers/github.js +11 -0
package/dist/esm/toolkit/providers/google.js +11 -0
package/dist/esm/toolkit/providers/strategy.js +0 -0
package/dist/esm/toolkit/storage.js +81 -0
package/dist/esm/toolkit/utils.js +18 -0
package/dist/esm/types.js +0 -0
package/dist/esm/ui/base.js +478 -0
package/dist/esm/ui/code.js +186 -0
package/dist/esm/ui/form.js +46 -0
package/dist/esm/ui/icon.js +242 -0
package/dist/esm/ui/magiclink.js +158 -0
package/dist/esm/ui/password.js +435 -0
package/dist/esm/ui/select.js +102 -0
package/dist/esm/util.js +59 -0
package/dist/{allow.d.mts → types/allow.d.ts} +9 -11
package/dist/types/allow.d.ts.map +1 -0
package/dist/types/client.d.ts +462 -0
package/dist/types/client.d.ts.map +1 -0
package/dist/types/core.d.ts +113 -0
package/dist/types/core.d.ts.map +1 -0
package/dist/{error.d.mts → types/error.d.ts} +95 -97
package/dist/types/error.d.ts.map +1 -0
package/dist/types/index.d.ts +2 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/{keys.d.mts → types/keys.d.ts} +20 -24
package/dist/types/keys.d.ts.map +1 -0
package/dist/types/mutex.d.ts +42 -0
package/dist/types/mutex.d.ts.map +1 -0
package/dist/{pkce.d.mts → types/pkce.d.ts} +10 -11
package/dist/types/pkce.d.ts.map +1 -0
package/dist/types/provider/apple.d.ts +197 -0
package/dist/types/provider/apple.d.ts.map +1 -0
package/dist/types/provider/code.d.ts +288 -0
package/dist/types/provider/code.d.ts.map +1 -0
package/dist/types/provider/discord.d.ts +206 -0
package/dist/types/provider/discord.d.ts.map +1 -0
package/dist/types/provider/facebook.d.ts +200 -0
package/dist/types/provider/facebook.d.ts.map +1 -0
package/dist/types/provider/github.d.ts +220 -0
package/dist/types/provider/github.d.ts.map +1 -0
package/dist/types/provider/gitlab.d.ts +180 -0
package/dist/types/provider/gitlab.d.ts.map +1 -0
package/dist/types/provider/google.d.ts +158 -0
package/dist/types/provider/google.d.ts.map +1 -0
package/dist/types/provider/linkedin.d.ts +190 -0
package/dist/types/provider/linkedin.d.ts.map +1 -0
package/dist/types/provider/magiclink.d.ts +141 -0
package/dist/types/provider/magiclink.d.ts.map +1 -0
package/dist/types/provider/microsoft.d.ts +247 -0
package/dist/types/provider/microsoft.d.ts.map +1 -0
package/dist/types/provider/oauth2.d.ts +229 -0
package/dist/types/provider/oauth2.d.ts.map +1 -0
package/dist/types/provider/password.d.ts +408 -0
package/dist/types/provider/password.d.ts.map +1 -0
package/dist/types/provider/provider.d.ts +226 -0
package/dist/types/provider/provider.d.ts.map +1 -0
package/dist/types/provider/reddit.d.ts +159 -0
package/dist/types/provider/reddit.d.ts.map +1 -0
package/dist/types/provider/slack.d.ts +171 -0
package/dist/types/provider/slack.d.ts.map +1 -0
package/dist/types/provider/spotify.d.ts +168 -0
package/dist/types/provider/spotify.d.ts.map +1 -0
package/dist/types/provider/twitch.d.ts +163 -0
package/dist/types/provider/twitch.d.ts.map +1 -0
package/dist/types/provider/vercel.d.ts +294 -0
package/dist/types/provider/vercel.d.ts.map +1 -0
package/dist/{random.d.mts → types/random.d.ts} +4 -6
package/dist/types/random.d.ts.map +1 -0
package/dist/types/revocation.d.ts +76 -0
package/dist/types/revocation.d.ts.map +1 -0
package/dist/{storage/memory.d.mts → types/storage/memory.d.ts} +17 -21
package/dist/types/storage/memory.d.ts.map +1 -0
package/dist/types/storage/storage.d.ts +177 -0
package/dist/types/storage/storage.d.ts.map +1 -0
package/dist/{storage/turso.d.mts → types/storage/turso.d.ts} +4 -8
package/dist/types/storage/turso.d.ts.map +1 -0
package/dist/{storage/unstorage.d.mts → types/storage/unstorage.d.ts} +12 -11
package/dist/types/storage/unstorage.d.ts.map +1 -0
package/dist/types/subject.d.ts +115 -0
package/dist/types/subject.d.ts.map +1 -0
package/dist/types/themes/theme.d.ts +207 -0
package/dist/types/themes/theme.d.ts.map +1 -0
package/dist/types/toolkit/client.d.ts +235 -0
package/dist/types/toolkit/client.d.ts.map +1 -0
package/dist/types/toolkit/index.d.ts +45 -0
package/dist/types/toolkit/index.d.ts.map +1 -0
package/dist/types/toolkit/providers/facebook.d.ts +8 -0
package/dist/types/toolkit/providers/facebook.d.ts.map +1 -0
package/dist/types/toolkit/providers/github.d.ts +8 -0
package/dist/types/toolkit/providers/github.d.ts.map +1 -0
package/dist/types/toolkit/providers/google.d.ts +8 -0
package/dist/types/toolkit/providers/google.d.ts.map +1 -0
package/dist/types/toolkit/providers/strategy.d.ts +38 -0
package/dist/types/toolkit/providers/strategy.d.ts.map +1 -0
package/dist/{toolkit/storage.d.mts → types/toolkit/storage.d.ts} +37 -39
package/dist/types/toolkit/storage.d.ts.map +1 -0
package/dist/{toolkit/utils.d.mts → types/toolkit/utils.d.ts} +2 -4
package/dist/types/toolkit/utils.d.ts.map +1 -0
package/dist/types/types.d.ts +92 -0
package/dist/types/types.d.ts.map +1 -0
package/dist/types/ui/base.d.ts +18 -0
package/dist/types/ui/base.d.ts.map +1 -0
package/dist/types/ui/code.d.ts +43 -0
package/dist/types/ui/code.d.ts.map +1 -0
package/dist/types/ui/form.d.ts +24 -0
package/dist/types/ui/form.d.ts.map +1 -0
package/dist/types/ui/icon.d.ts +60 -0
package/dist/types/ui/icon.d.ts.map +1 -0
package/dist/types/ui/magiclink.d.ts +41 -0
package/dist/types/ui/magiclink.d.ts.map +1 -0
package/dist/types/ui/password.d.ts +43 -0
package/dist/types/ui/password.d.ts.map +1 -0
package/dist/types/ui/select.d.ts +33 -0
package/dist/types/ui/select.d.ts.map +1 -0
package/dist/{util.d.mts → types/util.d.ts} +11 -13
package/dist/types/util.d.ts.map +1 -0
package/package.json +10 -16
package/dist/adapters/node.d.mts +0 -18
package/dist/adapters/node.mjs +0 -69
package/dist/allow.mjs +0 -63
package/dist/client.d.mts +0 -456
package/dist/client.mjs +0 -283
package/dist/core.d.mts +0 -110
package/dist/core.mjs +0 -595
package/dist/error.mjs +0 -237
package/dist/index.d.mts +0 -2
package/dist/index.mjs +0 -3
package/dist/keys.mjs +0 -146
package/dist/mutex.d.mts +0 -44
package/dist/mutex.mjs +0 -110
package/dist/pkce.mjs +0 -157
package/dist/provider/apple.d.mts +0 -111
package/dist/provider/apple.mjs +0 -164
package/dist/provider/code.d.mts +0 -228
package/dist/provider/code.mjs +0 -246
package/dist/provider/discord.d.mts +0 -146
package/dist/provider/discord.mjs +0 -156
package/dist/provider/facebook.d.mts +0 -142
package/dist/provider/facebook.mjs +0 -150
package/dist/provider/github.d.mts +0 -140
package/dist/provider/github.mjs +0 -169
package/dist/provider/gitlab.d.mts +0 -106
package/dist/provider/gitlab.mjs +0 -147
package/dist/provider/google.d.mts +0 -112
package/dist/provider/google.mjs +0 -109
package/dist/provider/linkedin.d.mts +0 -132
package/dist/provider/linkedin.mjs +0 -142
package/dist/provider/magiclink.d.mts +0 -89
package/dist/provider/magiclink.mjs +0 -143
package/dist/provider/microsoft.d.mts +0 -178
package/dist/provider/microsoft.mjs +0 -177
package/dist/provider/oauth2.d.mts +0 -176
package/dist/provider/oauth2.mjs +0 -222
package/dist/provider/passkey.d.mts +0 -104
package/dist/provider/passkey.mjs +0 -320
package/dist/provider/password.d.mts +0 -412
package/dist/provider/password.mjs +0 -363
package/dist/provider/provider.d.mts +0 -227
package/dist/provider/provider.mjs +0 -44
package/dist/provider/reddit.d.mts +0 -107
package/dist/provider/reddit.mjs +0 -127
package/dist/provider/slack.d.mts +0 -114
package/dist/provider/slack.mjs +0 -138
package/dist/provider/spotify.d.mts +0 -113
package/dist/provider/spotify.mjs +0 -135
package/dist/provider/totp.d.mts +0 -112
package/dist/provider/totp.mjs +0 -191
package/dist/provider/twitch.d.mts +0 -108
package/dist/provider/twitch.mjs +0 -131
package/dist/provider/vercel.d.mts +0 -177
package/dist/provider/vercel.mjs +0 -230
package/dist/random.mjs +0 -86
package/dist/revocation.d.mts +0 -55
package/dist/revocation.mjs +0 -63
package/dist/router/context.d.mts +0 -21
package/dist/router/context.mjs +0 -193
package/dist/router/cookies.d.mts +0 -8
package/dist/router/cookies.mjs +0 -13
package/dist/router/index.d.mts +0 -21
package/dist/router/index.mjs +0 -107
package/dist/router/matcher.d.mts +0 -15
package/dist/router/matcher.mjs +0 -76
package/dist/router/middleware/cors.d.mts +0 -15
package/dist/router/middleware/cors.mjs +0 -114
package/dist/router/safe-request.d.mts +0 -52
package/dist/router/safe-request.mjs +0 -160
package/dist/router/types.d.mts +0 -67
package/dist/router/types.mjs +0 -1
package/dist/router/variables.d.mts +0 -12
package/dist/router/variables.mjs +0 -20
package/dist/storage/memory.mjs +0 -125
package/dist/storage/storage.d.mts +0 -179
package/dist/storage/storage.mjs +0 -104
package/dist/storage/turso.mjs +0 -117
package/dist/storage/unstorage.mjs +0 -103
package/dist/subject.d.mts +0 -62
package/dist/subject.mjs +0 -36
package/dist/themes/theme.d.mts +0 -209
package/dist/themes/theme.mjs +0 -120
package/dist/toolkit/client.d.mts +0 -169
package/dist/toolkit/client.mjs +0 -209
package/dist/toolkit/index.d.mts +0 -9
package/dist/toolkit/index.mjs +0 -9
package/dist/toolkit/providers/facebook.d.mts +0 -12
package/dist/toolkit/providers/facebook.mjs +0 -16
package/dist/toolkit/providers/github.d.mts +0 -12
package/dist/toolkit/providers/github.mjs +0 -16
package/dist/toolkit/providers/google.d.mts +0 -12
package/dist/toolkit/providers/google.mjs +0 -20
package/dist/toolkit/providers/strategy.d.mts +0 -40
package/dist/toolkit/providers/strategy.mjs +0 -1
package/dist/toolkit/storage.mjs +0 -157
package/dist/toolkit/utils.mjs +0 -30
package/dist/types.d.mts +0 -94
package/dist/types.mjs +0 -1
package/dist/ui/base.d.mts +0 -30
package/dist/ui/base.mjs +0 -407
package/dist/ui/code.d.mts +0 -43
package/dist/ui/code.mjs +0 -173
package/dist/ui/form.d.mts +0 -32
package/dist/ui/form.mjs +0 -49
package/dist/ui/icon.d.mts +0 -58
package/dist/ui/icon.mjs +0 -247
package/dist/ui/magiclink.d.mts +0 -41
package/dist/ui/magiclink.mjs +0 -152
package/dist/ui/passkey.d.mts +0 -27
package/dist/ui/passkey.mjs +0 -323
package/dist/ui/password.d.mts +0 -42
package/dist/ui/password.mjs +0 -402
package/dist/ui/select.d.mts +0 -34
package/dist/ui/select.mjs +0 -98
package/dist/ui/totp.d.mts +0 -34
package/dist/ui/totp.mjs +0 -270
package/dist/util.mjs +0 -128

package/dist/types/revocation.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+/**
+ * Token revocation management for Draft Auth.
+ * Handles blacklisting of revoked tokens to prevent their use.
+ *
+ * ## Overview
+ *
+ * Revocation allows users to invalidate specific tokens before their natural expiration.
+ * This is essential for logout functionality and security in case of token compromise.
+ *
+ * ## Storage Structure
+ *
+ * Revoked tokens are stored with their expiration time to allow automatic cleanup:
+ * ```
+ * revocation:token:{tokenHash} → { revokedAt: timestamp, expiresAt: timestamp }
+ * ```
+ *
+ * ## Security Considerations
+ *
+ * - Revoked tokens are checked on every use
+ * - Storage automatically cleans up expired revocations
+ * - Hash tokens for storage to reduce memory usage
+ * - Use constant-time comparison for hash verification
+ *
+ * @packageDocumentation
+ */
+import { type StorageAdapter } from "./storage/storage";
+/**
+ * Data stored for a revoked token.
+ * Tracks when the token was revoked and when it naturally expires.
+ */
+export interface RevocationRecord {
+    /** Timestamp when the token was revoked (milliseconds) */
+    revokedAt: number;
+    /** Timestamp when the token naturally expires (milliseconds) */
+    expiresAt: number;
+}
+/**
+ * Token revocation manager.
+ * Provides methods to revoke tokens and check if a token has been revoked.
+ */
+export declare const Revocation: {
+    /**
+     * Revokes a token, preventing it from being used even if not yet expired.
+     *
+     * @param storage - Storage adapter to use
+     * @param token - The token to revoke (access or refresh token)
+     * @param expiresAt - When the token naturally expires (milliseconds since epoch)
+     * @returns Promise that resolves when revocation is stored
+     *
+     * @example
+     * ```ts
+     * // Revoke a refresh token on logout
+     * await Revocation.revoke(storage, refreshToken, expiresAt)
+     * ```
+     */
+    readonly revoke: (storage: StorageAdapter, token: string, expiresAt: number) => Promise<void>;
+    /**
+     * Checks if a token has been revoked.
+     * Returns false if token is not in revocation list (never revoked or already expired).
+     *
+     * @param storage - Storage adapter to use
+     * @param token - The token to check
+     * @returns Promise resolving to true if token is revoked, false otherwise
+     *
+     * @example
+     * ```ts
+     * // Check if token was revoked before using it
+     * const isRevoked = await Revocation.isRevoked(storage, accessToken)
+     * if (isRevoked) {
+     *   throw new InvalidAccessTokenError()
+     * }
+     * ```
+     */
+    readonly isRevoked: (storage: StorageAdapter, token: string) => Promise<boolean>;
+};
+//# sourceMappingURL=revocation.d.ts.map

package/dist/types/revocation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"revocation.d.ts","sourceRoot":"","sources":["../../src/revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAGH,OAAO,EAAW,KAAK,cAAc,EAAE,MAAM,mBAAmB,CAAA;AAEhE;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAChC,0DAA0D;IAC1D,SAAS,EAAE,MAAM,CAAA;IACjB,gEAAgE;IAChE,SAAS,EAAE,MAAM,CAAA;CACjB;AAeD;;;GAGG;AACH,eAAO,MAAM,UAAU;IACtB;;;;;;;;;;;;;OAaG;+BACqB,cAAc,SAAS,MAAM,aAAa,MAAM,KAAG,OAAO,CAAC,IAAI,CAAC;IAgBxF;;;;;;;;;;;;;;;;OAgBG;kCACwB,cAAc,SAAS,MAAM,KAAG,OAAO,CAAC,OAAO,CAAC;CASlE,CAAA"}

package/dist/{storage/memory.d.mts → types/storage/memory.d.ts} RENAMED Viewed

@@ -1,7 +1,4 @@
-import { StorageAdapter } from "./storage.mjs";
-//#region src/storage/memory.d.ts
+import { type StorageAdapter } from "./storage";
 /**
  * In-memory storage adapter for Draft Auth with optional file persistence.
  *
@@ -38,20 +35,20 @@ import { StorageAdapter } from "./storage.mjs";
 /**
  * Configuration options for the memory storage adapter.
  */
-interface MemoryStorageOptions {
-  /**
-   * File path for persisting the in-memory store to disk.
-   * When specified, the store will be saved to this file on changes
-   * and loaded from it on startup if it exists.
-   *
-   * @example
-   * ```ts
-   * {
-   *   persist: "./data/auth-storage.json"
-   * }
-   * ```
-   */
-  readonly persist?: string;
+export interface MemoryStorageOptions {
+    /**
+     * File path for persisting the in-memory store to disk.
+     * When specified, the store will be saved to this file on changes
+     * and loaded from it on startup if it exists.
+     *
+     * @example
+     * ```ts
+     * {
+     *   persist: "./data/auth-storage.json"
+     * }
+     * ```
+     */
+    readonly persist?: string;
 }
 /**
  * Creates an in-memory storage adapter with optional file persistence.
@@ -77,6 +74,5 @@ interface MemoryStorageOptions {
  * })
  * ```
  */
-declare const MemoryStorage: (options?: MemoryStorageOptions) => StorageAdapter;
-//#endregion
-export { MemoryStorage, MemoryStorageOptions };
+export declare const MemoryStorage: (options?: MemoryStorageOptions) => StorageAdapter;
+//# sourceMappingURL=memory.d.ts.map

package/dist/types/storage/memory.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"memory.d.ts","sourceRoot":"","sources":["../../../src/storage/memory.ts"],"names":[],"mappings":"AAEA,OAAO,EAAW,KAAK,cAAc,EAAY,MAAM,WAAW,CAAA;AAElE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC;;;;;;;;;;;OAWG;IACH,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CACzB;AAaD;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,aAAa,GAAI,UAAU,oBAAoB,KAAG,cA2J9D,CAAA"}

package/dist/types/storage/storage.d.ts ADDED Viewed

@@ -0,0 +1,177 @@
+/**
+ * Storage abstraction layer for Draft Auth persistence operations.
+ * Provides a unified interface for different storage backends with key encoding,
+ * TTL support, and type-safe operations.
+ */
+/**
+ * Abstract storage adapter interface that must be implemented by all storage backends.
+ * Defines the core operations needed for OAuth data persistence.
+ */
+export interface StorageAdapter {
+    /**
+     * Retrieves a value by its key path.
+     *
+     * @param key - Array of key segments forming the storage path
+     * @returns Promise resolving to the stored value or undefined if not found
+     */
+    get(key: string[]): Promise<Record<string, unknown> | undefined>;
+    /**
+     * Removes a value by its key path.
+     *
+     * @param key - Array of key segments forming the storage path
+     * @returns Promise that resolves when removal is complete
+     */
+    remove(key: string[]): Promise<void>;
+    /**
+     * Stores a value with an optional expiration date.
+     *
+     * @param key - Array of key segments forming the storage path
+     * @param value - The value to store
+     * @param expiry - Optional expiration date for automatic cleanup
+     * @returns Promise that resolves when storage is complete
+     */
+    set(key: string[], value: unknown, expiry?: Date): Promise<void>;
+    /**
+     * Scans for keys matching a prefix pattern.
+     *
+     * @param prefix - Array of key segments to use as prefix filter
+     * @returns Async iterable of key-value pairs matching the prefix
+     */
+    scan(prefix: string[]): AsyncIterable<readonly [string[], unknown]>;
+}
+/**
+ * Joins an array of key segments into a single string using the separator.
+ * Segments are properly escaped to handle any input, including separators and escape characters.
+ *
+ * @param key - Array of key segments to join
+ * @returns Single string representing the full key path
+ *
+ * @example
+ * ```ts
+ * joinKey(['user', 'data\x1fwith\x1fseparators'])
+ * // Returns: "user\x1fdata\\x1fwith\\x1fseparators"
+ * ```
+ */
+export declare const joinKey: (key: string[]) => string;
+/**
+ * Splits a joined key string back into its component segments.
+ * Handles escaped characters properly.
+ *
+ * @param key - Joined key string to split
+ * @returns Array of individual key segments
+ *
+ * @example
+ * ```ts
+ * splitKey("user\x1fdata\\x1fwith\\x1fseparators")
+ * // Returns: ['user', 'data\x1fwith\x1fseparators']
+ * ```
+ */
+export declare const splitKey: (key: string) => string[];
+/**
+ * High-level storage operations with key encoding and type safety.
+ * Provides a convenient interface over storage adapters with additional features
+ * like TTL validation and secure key encoding to prevent collisions.
+ */
+export declare const Storage: {
+    /**
+     * Encodes key segments by escaping special characters.
+     * Ensures storage keys don't contain unescaped separator characters that could cause collisions.
+     *
+     * @param key - Array of key segments to encode
+     * @returns Array of properly escaped key segments
+     *
+     * @throws {Error} If any segment is empty or whitespace-only
+     *
+     * @example
+     * ```ts
+     * Storage.encode(['user', 'data\x1fwith\x1fseparators'])
+     * // Returns: ['user', 'data\\x1fwith\\x1fseparators']
+     * ```
+     */
+    readonly encode: (key: string[]) => string[];
+    /**
+     * Decodes key segments by unescaping special characters.
+     * Reverse operation of encode().
+     *
+     * @param key - Array of encoded key segments
+     * @returns Array of decoded key segments
+     *
+     * @internal
+     */
+    readonly decode: (key: string[]) => string[];
+    /**
+     * Retrieves a typed value from storage.
+     *
+     * @template T - Expected type of the stored value
+     * @param adapter - Storage adapter to use
+     * @param key - Array of key segments identifying the value
+     * @returns Promise resolving to the typed value or null if not found
+     *
+     * @example
+     * ```ts
+     * interface UserSession {
+     *   userId: string
+     *   expiresAt: number
+     * }
+     *
+     * const session = await Storage.get<UserSession>(adapter, ['sessions', sessionId])
+     * if (session) {
+     *   // Fully typed: session.userId
+     * }
+     * ```
+     */
+    readonly get: <T = Record<string, unknown>>(adapter: StorageAdapter, key: string[]) => Promise<T | null>;
+    /**
+     * Stores a value with optional time-to-live in seconds.
+     * Validates that TTL is a positive integer to prevent edge cases like negative or overflow values.
+     *
+     * @param adapter - Storage adapter to use
+     * @param key - Array of key segments identifying where to store
+     * @param value - The value to store
+     * @param ttlSeconds - Optional TTL in seconds for automatic expiration
+     * @returns Promise that resolves when storage is complete
+     *
+     * @throws {RangeError} If TTL is invalid (negative, non-integer, or exceeds maximum)
+     *
+     * @example
+     * ```ts
+     * // Store with 1 hour TTL
+     * await Storage.set(adapter, ['sessions', sessionId], sessionData, 3600)
+     *
+     * // Store permanently (no expiration)
+     * await Storage.set(adapter, ['users', userId], userData)
+     * ```
+     */
+    readonly set: (adapter: StorageAdapter, key: string[], value: unknown, ttlSeconds?: number) => Promise<void>;
+    /**
+     * Removes a value from storage.
+     *
+     * @param adapter - Storage adapter to use
+     * @param key - Array of key segments identifying the value to remove
+     * @returns Promise that resolves when removal is complete
+     *
+     * @example
+     * ```ts
+     * await Storage.remove(adapter, ['sessions', expiredSessionId])
+     * ```
+     */
+    readonly remove: (adapter: StorageAdapter, key: string[]) => Promise<void>;
+    /**
+     * Scans for entries matching a key prefix with type safety.
+     *
+     * @template T - Expected type of the stored values
+     * @param adapter - Storage adapter to use
+     * @param prefix - Array of key segments to use as prefix filter
+     * @returns Async iterable of typed key-value pairs
+     *
+     * @example
+     * ```ts
+     * // Find all user sessions
+     * for await (const [key, session] of Storage.scan<UserSession>(adapter, ['sessions'])) {
+     *   // Session: `${key.join('/')} expires at ${session.expiresAt}`
+     * }
+     * ```
+     */
+    readonly scan: <T = Record<string, unknown>>(adapter: StorageAdapter, prefix: string[]) => AsyncIterable<readonly [string[], T]>;
+};
+//# sourceMappingURL=storage.d.ts.map

package/dist/types/storage/storage.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../src/storage/storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC9B;;;;;OAKG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,SAAS,CAAC,CAAA;IAEhE;;;;;OAKG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEpC;;;;;;;OAOG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;IAEhE;;;;;OAKG;IACH,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,aAAa,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,OAAO,CAAC,CAAC,CAAA;CACnE;AAcD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,OAAO,GAAI,KAAK,MAAM,EAAE,KAAG,MAEvC,CAAA;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,QAAQ,GAAI,KAAK,MAAM,KAAG,MAAM,EAE5C,CAAA;AAsCD;;;;GAIG;AACH,eAAO,MAAM,OAAO;IACnB;;;;;;;;;;;;;;OAcG;2BACW,MAAM,EAAE,KAAG,MAAM,EAAE;IAIjC;;;;;;;;OAQG;2BACW,MAAM,EAAE,KAAG,MAAM,EAAE;IAIjC;;;;;;;;;;;;;;;;;;;;OAoBG;mBACG,CAAC,qCACG,cAAc,OAClB,MAAM,EAAE,KACX,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC;IAIpB;;;;;;;;;;;;;;;;;;;;OAoBG;4BAEO,cAAc,OAClB,MAAM,EAAE,SACN,OAAO,eACD,MAAM,KACjB,OAAO,CAAC,IAAI,CAAC;IAwBhB;;;;;;;;;;;OAWG;+BACe,cAAc,OAAO,MAAM,EAAE,KAAG,OAAO,CAAC,IAAI,CAAC;IAI/D;;;;;;;;;;;;;;;OAeG;oBACI,CAAC,qCACE,cAAc,UACf,MAAM,EAAE,KACd,aAAa,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;CAG/B,CAAA"}

package/dist/{storage/turso.d.mts → types/storage/turso.d.ts} RENAMED Viewed

@@ -1,8 +1,5 @@
-import { StorageAdapter } from "./storage.mjs";
-import { Client } from "@libsql/client";
-//#region src/storage/turso.d.ts
+import type { Client } from "@libsql/client";
+import { type StorageAdapter } from "./storage";
 /**
  * Creates a Turso storage adapter using the provided LibSQL client.
  * Automatically initializes the required database table and implements
@@ -26,6 +23,5 @@ import { Client } from "@libsql/client";
  * const app = issuer({ storage, ... })
  * ```
  */
-declare const TursoStorage: (client: Client) => StorageAdapter;
-//#endregion
-export { TursoStorage };
+export declare const TursoStorage: (client: Client) => StorageAdapter;
+//# sourceMappingURL=turso.d.ts.map

package/dist/types/storage/turso.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"turso.d.ts","sourceRoot":"","sources":["../../../src/storage/turso.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,gBAAgB,CAAA;AAC5C,OAAO,EAAW,KAAK,cAAc,EAAY,MAAM,WAAW,CAAA;AAyClE;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,KAAG,cA2H7C,CAAA"}

package/dist/{storage/unstorage.d.mts → types/storage/unstorage.d.ts} RENAMED Viewed

@@ -1,8 +1,12 @@
-import { StorageAdapter } from "./storage.mjs";
-import { Driver } from "unstorage";
-//#region src/storage/unstorage.d.ts
+/**
+ * Universal storage adapter for Draft Auth using Unstorage drivers.
+ * Provides seamless integration with any Unstorage-compatible backend including
+ * Redis, Cloudflare KV, Vercel KV, and more.
+ *
+ * @packageDocumentation
+ */
+import { type Driver as UnstorageDriver } from "unstorage";
+import { type StorageAdapter } from "./storage";
 /**
  * Creates a Draft Auth storage adapter using Unstorage drivers.
  * Supports automatic expiration, error handling, and any Unstorage driver.
@@ -29,10 +33,7 @@ import { Driver } from "unstorage";
  * const memoryStorage = UnStorage()
  * ```
  */
-declare const UnStorage: ({
-  driver
-}?: {
-  driver?: Driver;
+export declare const UnStorage: ({ driver }?: {
+    driver?: UnstorageDriver;
 }) => StorageAdapter;
-//#endregion
-export { UnStorage };
+//# sourceMappingURL=unstorage.d.ts.map

package/dist/types/storage/unstorage.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"unstorage.d.ts","sourceRoot":"","sources":["../../../src/storage/unstorage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAiB,KAAK,MAAM,IAAI,eAAe,EAAE,MAAM,WAAW,CAAA;AACzE,OAAO,EAAW,KAAK,cAAc,EAAY,MAAM,WAAW,CAAA;AAalE;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,SAAS,GAAI,aAAY;IAAE,MAAM,CAAC,EAAE,eAAe,CAAA;CAAO,KAAG,cA6GzE,CAAA"}

package/dist/types/subject.d.ts ADDED Viewed

@@ -0,0 +1,115 @@
+/**
+ * Subjects define the structure of data stored in access tokens after successful authentication.
+ * They represent the different types of entities that can be authenticated (users, admins, etc.)
+ * and are encoded as JWT claims in the resulting access tokens.
+ *
+ * ## Quick Start
+ *
+ * ### 1. Define your subjects
+ * ```ts title="subjects.ts"
+ * import { object, string } from "valibot"
+ * import { createSubjects } from "@draftlab/auth/subject"
+ *
+ * export const subjects = createSubjects({
+ *   user: object({
+ *     userID: string()
+ *   }),
+ *   admin: object({
+ *     userID: string(),
+ *     workspaceID: string()
+ *   })
+ * })
+ * ```
+ *
+ * ### 2. Use in your issuer
+ * ```ts title="issuer.ts"
+ * import { subjects } from "./subjects"
+ *
+ * const app = issuer({
+ *   { ... }
+ *   subjects,
+ *   async success(ctx, value) {
+ *     const userID = await lookupUser(value.email)
+ *     return ctx.subject("user", { userID })
+ *   }
+ * })
+ * ```
+ *
+ * ### 3. Verify tokens in your app
+ * ```ts title="middleware.ts"
+ * import { subjects } from "./subjects"
+ *
+ * const verified = await client.verify(subjects, accessToken)
+ * if (verified.success) {
+ *  // Fully typed: verified.data.subject.properties.userID
+ * }
+ * ```
+ *
+ * ## Important Notes
+ *
+ * - Only store data that doesn't change frequently (avoid usernames, emails that might change)
+ * - Keep payload small as it's embedded in every access token
+ * - Use any validation library compatible with standard-schema specification
+ *
+ * @packageDocumentation
+ */
+import type { StandardSchemaV1 } from "@standard-schema/spec";
+import type { Prettify } from "./util";
+/**
+ * Schema definition for subjects, mapping subject type names to their validation schemas.
+ * Each key represents a subject type, and each value is a schema that validates
+ * the properties for that subject type.
+ *
+ * @example
+ * ```ts
+ * const schema: SubjectSchema = {
+ *   user: object({ userID: string() }),
+ *   admin: object({ userID: string(), workspaceID: string() })
+ * }
+ * ```
+ */
+export type SubjectSchema = Record<string, StandardSchemaV1>;
+/**
+ * Internal type that transforms a SubjectSchema into a union of subject payload objects.
+ * Each payload contains the subject type and its validated properties.
+ *
+ * @template T - The subject schema to transform
+ * @internal
+ */
+export type SubjectPayload<T extends SubjectSchema> = Prettify<{
+    [K in keyof T & string]: {
+        type: K;
+        properties: StandardSchemaV1.InferOutput<T[K]>;
+    };
+}[keyof T & string]>;
+/**
+ * Creates a strongly-typed subject schema that can be used throughout your application.
+ * The returned schema maintains type information for excellent IDE support and runtime validation.
+ *
+ * @template Schema - The subject schema type being created
+ * @param types - Object mapping subject type names to their validation schemas
+ * @returns The same schema object with preserved type information
+ *
+ * @example
+ * ```ts
+ * import { object, string, number } from "valibot"
+ *
+ * const subjects = createSubjects({
+ *   user: object({
+ *     userID: string(),
+ *     createdAt: number()
+ *   }),
+ *   admin: object({
+ *     userID: string(),
+ *     workspaceID: string(),
+ *     permissions: array(string())
+ *   }),
+ *   service: object({
+ *     serviceID: string(),
+ *     apiVersion: string()
+ *   })
+ * })
+ * ```
+ */
+export declare const createSubjects: <Schema extends SubjectSchema>(types: Schema) => Schema;
+//# sourceMappingURL=subject.d.ts.map

package/dist/types/subject.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"subject.d.ts","sourceRoot":"","sources":["../../src/subject.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AAC7D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAA;AAEtC;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAA;AAE5D;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,CAAC,CAAC,SAAS,aAAa,IAAI,QAAQ,CAC7D;KACE,CAAC,IAAI,MAAM,CAAC,GAAG,MAAM,GAAG;QACxB,IAAI,EAAE,CAAC,CAAA;QACP,UAAU,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;KAC9C;CACD,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,CACnB,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,eAAO,MAAM,cAAc,GAAI,MAAM,SAAS,aAAa,EAAE,OAAO,MAAM,KAAG,MAE5E,CAAA"}