@draftlab/auth 0.2.0 → 0.2.2

package/dist/core.d.ts

@@ -3,6 +3,7 @@ import { UnknownStateError } from "./error.js";
 import { Prettify } from "./util.js";
 import { SubjectPayload, SubjectSchema } from "./subject.js";
 import { StorageAdapter } from "./storage/storage.js";
+import { Plugin } from "./plugin/types.js";
 import { Provider } from "./provider/provider.js";
 import { Theme } from "./themes/theme.js";
 import { Router } from "@draftlab/auth-router";
@@ -79,6 +80,8 @@ interface IssuerInput<Providers extends Record<string, Provider<unknown>>, Subje
   error?(error: UnknownStateError, req: Request): Promise<Response>;
   /** Client authorization check function */
   allow?(input: AllowCheckInput, req: Request): Promise<boolean>;
+  /** Plugin configuration */
+  plugins?: readonly Plugin[];
   /**
    * Refresh callback for updating user claims.
    *

package/dist/core.js

@@ -5,6 +5,7 @@ import { validatePKCE } from "./pkce.js";
 import { generateSecureToken } from "./random.js";
 import { Storage } from "./storage/storage.js";
 import { encryptionKeys, signingKeys } from "./keys.js";
+import { PluginManager } from "./plugin/manager.js";
 import { setTheme } from "./themes/theme.js";
 import { Select } from "./ui/select.js";
 import { CompactEncrypt, SignJWT, compactDecrypt } from "jose";
@@ -40,8 +41,8 @@ const issuer = (input) => {
 			headers: { "Content-Type": "text/plain" }
 		});
 	});
-	const ttlAccess = input.ttl?.access ?? 60 * 60 * 24 * 30;
-	const ttlRefresh = input.ttl?.refresh ?? 60 * 60 * 24 * 365;
+	const ttlAccess = input.ttl?.access ?? 3600 * 24 * 30;
+	const ttlRefresh = input.ttl?.refresh ?? 3600 * 24 * 365;
 	const ttlRefreshReuse = input.ttl?.reuse ?? 60;
 	const ttlRefreshRetention = input.ttl?.retention ?? 0;
 	if (input.theme) setTheme(input.theme);
@@ -255,6 +256,11 @@ const issuer = (input) => {
 		storage
 	};
 	const app = new Router({ basePath: input.basePath });
+	if (input.plugins && input.plugins.length > 0) {
+		const manager = new PluginManager(input.storage);
+		for (const plugin of input.plugins) manager.register(plugin);
+		manager.setupRoutes(app);
+	}
 	for (const [name, value] of Object.entries(input.providers)) {
 		const route = new Router();
 		route.use(async (c, next) => {
@@ -466,7 +472,7 @@ const issuer = (input) => {
 			redirectURI: redirect_uri,
 			audience
 		}, c.request)) throw new UnauthorizedClientError(client_id, redirect_uri);
-		await auth.set(c, "authorization", 60 * 60 * 24, authorization);
+		await auth.set(c, "authorization", 3600 * 24, authorization);
 		if (provider) return c.redirect(`${provider}/authorize`);
 		const availableProviders = Object.keys(input.providers);
 		if (availableProviders.length === 1) return c.redirect(`${availableProviders[0]}/authorize`);

package/dist/plugin/builder.d.ts

@@ -0,0 +1,10 @@
+import { PluginBuilder } from "./plugin.js";
+
+//#region src/plugin/builder.d.ts
+
+/**
+ * Create a new plugin
+ */
+declare const plugin: (id: string) => PluginBuilder;
+//#endregion
+export { plugin };

package/dist/plugin/builder.js

@@ -0,0 +1,35 @@
+//#region src/plugin/builder.ts
+/**
+* Create a new plugin
+*/
+const plugin = (id) => {
+	const routes = [];
+	const builder = {
+		get(path, handler) {
+			routes.push({
+				method: "GET",
+				path,
+				handler
+			});
+			return builder;
+		},
+		post(path, handler) {
+			routes.push({
+				method: "POST",
+				path,
+				handler
+			});
+			return builder;
+		},
+		build() {
+			return {
+				id,
+				routes
+			};
+		}
+	};
+	return builder;
+};
+
+//#endregion
+export { plugin };

package/dist/plugin/manager.d.ts

@@ -0,0 +1,21 @@
+import { StorageAdapter } from "../storage/storage.js";
+import { Plugin } from "./types.js";
+import { Router } from "@draftlab/auth-router";
+
+//#region src/plugin/manager.d.ts
+
+declare class PluginManager {
+  private readonly plugins;
+  private readonly storage;
+  constructor(storage: StorageAdapter);
+  /**
+   * Register a plugin
+   */
+  register(plugin: Plugin): void;
+  /**
+   * Setup plugin routes on a router
+   */
+  setupRoutes(router: Router): void;
+}
+//#endregion
+export { PluginManager };

package/dist/plugin/manager.js

@@ -0,0 +1,48 @@
+import { PluginError } from "./types.js";
+
+//#region src/plugin/manager.ts
+var PluginManager = class {
+	plugins = /* @__PURE__ */ new Map();
+	storage;
+	constructor(storage) {
+		this.storage = storage;
+	}
+	/**
+	* Register a plugin
+	*/
+	register(plugin) {
+		if (this.plugins.has(plugin.id)) throw new PluginError(`Plugin already registered`, plugin.id);
+		this.plugins.set(plugin.id, plugin);
+	}
+	/**
+	* Setup plugin routes on a router
+	*/
+	setupRoutes(router) {
+		for (const plugin of this.plugins.values()) {
+			if (!plugin.routes) continue;
+			for (const route of plugin.routes) switch (route.method) {
+				case "GET":
+					router.get(route.path, async (ctx) => {
+						const pluginCtx = {
+							...ctx,
+							storage: this.storage
+						};
+						return await route.handler(pluginCtx);
+					});
+					break;
+				case "POST":
+					router.post(route.path, async (ctx) => {
+						const pluginCtx = {
+							...ctx,
+							storage: this.storage
+						};
+						return await route.handler(pluginCtx);
+					});
+					break;
+			}
+		}
+	}
+};
+
+//#endregion
+export { PluginManager };

package/dist/plugin/plugin.d.ts

@@ -0,0 +1,17 @@
+import { Plugin, PluginRouteHandler } from "./types.js";
+
+//#region src/plugin/plugin.d.ts
+
+/**
+ * Plugin builder interface for fluent API
+ */
+interface PluginBuilder {
+  /** Add GET route */
+  get(path: string, handler: PluginRouteHandler): PluginBuilder;
+  /** Add POST route */
+  post(path: string, handler: PluginRouteHandler): PluginBuilder;
+  /** Build the plugin */
+  build(): Plugin;
+}
+//#endregion
+export { PluginBuilder };

package/dist/plugin/types.d.ts

@@ -0,0 +1,40 @@
+import { StorageAdapter } from "../storage/storage.js";
+import { RouterContext } from "@draftlab/auth-router/types";
+
+//#region src/plugin/types.d.ts
+
+interface PluginContext extends RouterContext {
+  storage: StorageAdapter;
+}
+/**
+ * Plugin route handler function
+ */
+type PluginRouteHandler = (context: PluginContext) => Promise<Response>;
+/**
+ * Plugin route definition
+ */
+interface PluginRoute {
+  /** Route path (e.g., "/admin", "/stats") */
+  readonly path: string;
+  /** HTTP method */
+  readonly method: "GET" | "POST";
+  /** Route handler function */
+  readonly handler: PluginRouteHandler;
+}
+/**
+ * Main plugin interface
+ */
+interface Plugin {
+  /** Unique plugin identifier */
+  readonly id: string;
+  /** Custom routes added by this plugin */
+  readonly routes?: readonly PluginRoute[];
+}
+/**
+ * Plugin error types
+ */
+declare class PluginError extends Error {
+  constructor(message: string, pluginId: string);
+}
+//#endregion
+export { Plugin, PluginContext, PluginError, PluginRoute, PluginRouteHandler };

package/dist/plugin/types.js

@@ -0,0 +1,13 @@
+//#region src/plugin/types.ts
+/**
+* Plugin error types
+*/
+var PluginError = class extends Error {
+	constructor(message, pluginId) {
+		super(`[Plugin: ${pluginId}] ${message}`);
+		this.name = "PluginError";
+	}
+};
+
+//#endregion
+export { PluginError };

package/dist/provider/code.js

@@ -111,7 +111,7 @@ const CodeProvider = (config) => {
 			* Transitions between authentication states and renders the appropriate UI.
 			*/
 			const transition = async (c, nextState, formData, error) => {
-				await ctx.set(c, "provider", 60 * 60 * 24, nextState);
+				await ctx.set(c, "provider", 3600 * 24, nextState);
 				const response = await config.request(c.request, nextState, formData, error);
 				return ctx.forward(c, response);
 			};

package/dist/provider/oauth2.js

@@ -102,7 +102,7 @@ const Oauth2Provider = (config) => {
 			routes.get("/authorize", async (c) => {
 				const state = generateSecureToken();
 				const pkce = config.pkce ? await generatePKCE() : void 0;
-				await ctx.set(c, "provider", 60 * 10, {
+				await ctx.set(c, "provider", 600, {
 					state,
 					redirect: getRelativeUrl(c, "./callback"),
 					codeVerifier: pkce?.verifier

package/dist/provider/passkey.js

@@ -88,7 +88,7 @@ const PasskeyProvider = (config) => {
 	return {
 		type: "passkey",
 		init(routes, ctx) {
-			const { rpName, authenticatorSelection, attestationType = "none", timeout = 5 * 60 * 1e3 } = config;
+			const { rpName, authenticatorSelection, attestationType = "none", timeout = 300 * 1e3 } = config;
 			const getStoredUserById = async (userId) => {
 				return await Storage.get(ctx.storage, userKey(userId));
 			};

package/dist/provider/password.js

@@ -80,7 +80,7 @@ const PasswordProvider = (config) => {
 			*/
 			routes.get("/register", async (c) => {
 				const state = { type: "start" };
-				await ctx.set(c, "provider", 60 * 60 * 24, state);
+				await ctx.set(c, "provider", 3600 * 24, state);
 				return ctx.forward(c, await config.register(c.request, state));
 			});
 			/**
@@ -93,12 +93,12 @@ const PasswordProvider = (config) => {
 				let provider = await ctx.get(c, "provider");
 				if (!provider) {
 					const state = { type: "start" };
-					await ctx.set(c, "provider", 60 * 60 * 24, state);
+					await ctx.set(c, "provider", 3600 * 24, state);
 					if (action === "register") provider = state;
 					else return ctx.forward(c, await config.register(c.request, state));
 				}
 				const transition = async (next, err) => {
-					await ctx.set(c, "provider", 60 * 60 * 24, next);
+					await ctx.set(c, "provider", 3600 * 24, next);
 					return ctx.forward(c, await config.register(c.request, next, formData, err));
 				};
 				if (action === "register" && provider.type === "start") {
@@ -175,7 +175,7 @@ const PasswordProvider = (config) => {
 					type: "start",
 					redirect
 				};
-				await ctx.set(c, "provider", 60 * 60 * 24, state);
+				await ctx.set(c, "provider", 3600 * 24, state);
 				return ctx.forward(c, await config.change(c.request, state));
 			});
 			/**
@@ -187,7 +187,7 @@ const PasswordProvider = (config) => {
 				const provider = await ctx.get(c, "provider");
 				if (!provider) throw new UnknownStateError();
 				const transition = async (next, err) => {
-					await ctx.set(c, "provider", 60 * 60 * 24, next);
+					await ctx.set(c, "provider", 3600 * 24, next);
 					return ctx.forward(c, await config.change(c.request, next, formData, err));
 				};
 				if (action === "code") {

package/dist/ui/code.js

@@ -139,13 +139,17 @@ const CodeUI = (options) => {
 					type: "hidden",
 					value: contact
 				}),
-				/* @__PURE__ */ jsxs("div", {
+				/* @__PURE__ */ jsx("div", {
 					"data-component": "form-footer",
-					children: [/* @__PURE__ */ jsx("span", { children: copy.code_didnt_get }), /* @__PURE__ */ jsx("button", {
-						"data-component": "button",
-						type: "submit",
-						children: copy.code_resend
-					})]
+					children: /* @__PURE__ */ jsxs("span", { children: [
+						copy.code_didnt_get,
+						" ",
+						/* @__PURE__ */ jsx("button", {
+							type: "submit",
+							"data-component": "link",
+							children: copy.code_resend
+						})
+					] })
 				})
 			]
 		})] });

package/dist/ui/passkey.d.ts

@@ -6,17 +6,12 @@ import { PasskeyProviderConfig } from "../provider/passkey.js";
  * Strongly typed copy text configuration for passkey UI
  */
 interface PasskeyUICopy {
-  readonly authorize_title: string;
-  readonly authorize_description: string;
-  readonly register_title: string;
-  readonly register_description: string;
   readonly register: string;
-  readonly register_with_passkey: string;
+  readonly button_continue: string;
   readonly register_other_device: string;
   readonly register_prompt: string;
   readonly login_prompt: string;
   readonly login: string;
-  readonly login_with_passkey: string;
   readonly change_prompt: string;
   readonly code_resend: string;
   readonly code_return: string;

package/dist/ui/passkey.js

@@ -4,17 +4,12 @@ import { jsx, jsxs } from "preact/jsx-runtime";
 
 //#region src/ui/passkey.tsx
 const DEFAULT_COPY = {
-	authorize_title: "Sign in with Passkey",
-	authorize_description: "Passkeys are a simple and more secure alternative to passwords. With passkeys, you can log in with your PIN, biometric sensor, or hardware security key.",
-	register_title: "Create a Passkey",
-	register_description: "Create a passkey to enable secure, passwordless authentication for your account.",
 	register: "Register",
-	register_with_passkey: "Register With Passkey",
 	register_other_device: "Use another device",
 	register_prompt: "Don't have an account?",
 	login_prompt: "Already have an account?",
 	login: "Login",
-	login_with_passkey: "Login With Passkey",
+	button_continue: "Continue",
 	change_prompt: "Forgot password?",
 	code_resend: "Resend code",
 	code_return: "Back to",
@@ -103,14 +98,6 @@ const PasskeyUI = (options) => {
 									});
 								});
 							` } }),
-				/* @__PURE__ */ jsx("h1", {
-					"data-component": "title",
-					children: copy.authorize_title
-				}),
-				/* @__PURE__ */ jsx("p", {
-					"data-component": "description",
-					children: copy.authorize_description
-				}),
 				/* @__PURE__ */ jsxs("form", {
 					id: "authorizeForm",
 					"data-component": "form",
@@ -131,7 +118,7 @@ const PasskeyUI = (options) => {
 							type: "submit",
 							id: "btnLogin",
 							"data-component": "button",
-							children: copy.login_with_passkey
+							children: copy.button_continue
 						}),
 						/* @__PURE__ */ jsx("div", {
 							"data-component": "form-footer",
@@ -247,14 +234,6 @@ const PasskeyUI = (options) => {
 									});
 								});
 							` } }),
-				/* @__PURE__ */ jsx("h1", {
-					"data-component": "title",
-					children: copy.register_title
-				}),
-				/* @__PURE__ */ jsx("p", {
-					"data-component": "description",
-					children: copy.register_description
-				}),
 				/* @__PURE__ */ jsxs("form", {
 					id: "registerForm",
 					"data-component": "form",
@@ -275,7 +254,7 @@ const PasskeyUI = (options) => {
 							"data-component": "button",
 							type: "submit",
 							id: "btnRegister",
-							children: copy.register_with_passkey
+							children: copy.button_continue
 						}),
 						/* @__PURE__ */ jsx("button", {
 							"data-component": "button",

package/dist/ui/password.js

@@ -333,7 +333,7 @@ const PasswordUI = (options) => {
 						" ",
 						/* @__PURE__ */ jsx(Link, {
 							href: "./authorize",
-							children: copy.login.toLowerCase()
+							children: copy.login
 						})
 					] }), /* @__PURE__ */ jsx(Button, {
 						type: "submit",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@draftlab/auth",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "type": "module",
   "description": "Core implementation for @draftlab/auth",
   "author": "Matheus Pergoli",
@@ -37,7 +37,7 @@
   ],
   "license": "MIT",
   "devDependencies": {
-    "@types/node": "^24.0.14",
+    "@types/node": "^24.0.15",
     "tsdown": "^0.12.9",
     "typescript": "^5.8.3",
     "@draftlab/tsconfig": "0.1.0"