@eaccess/auth 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +605 -522
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +262 -56
  4. package/dist/index.d.ts +262 -56
  5. package/dist/index.js +607 -523
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -263,7 +263,6 @@ declare global {
263
263
  namespace Express {
264
264
  interface Request {
265
265
  auth: AuthManager$1;
266
- authAdmin: AuthAdminManager;
267
266
  }
268
267
  }
269
268
  }
@@ -290,6 +289,55 @@ interface AuthManager$1 {
290
289
  verifyPassword(password: string): Promise<boolean>;
291
290
  logoutEverywhere(): Promise<void>;
292
291
  logoutEverywhereElse(): Promise<void>;
292
+ createUser(credentials: {
293
+ email: string;
294
+ password: string;
295
+ }, userId?: string | number, callback?: TokenCallback): Promise<AuthAccount>;
296
+ deleteUserBy(identifier: {
297
+ accountId?: number;
298
+ email?: string;
299
+ userId?: string;
300
+ }): Promise<void>;
301
+ addRoleForUserBy(identifier: {
302
+ accountId?: number;
303
+ email?: string;
304
+ userId?: string;
305
+ }, role: number): Promise<void>;
306
+ removeRoleForUserBy(identifier: {
307
+ accountId?: number;
308
+ email?: string;
309
+ userId?: string;
310
+ }, role: number): Promise<void>;
311
+ hasRoleForUserBy(identifier: {
312
+ accountId?: number;
313
+ email?: string;
314
+ userId?: string;
315
+ }, role: number): Promise<boolean>;
316
+ changePasswordForUserBy(identifier: {
317
+ accountId?: number;
318
+ email?: string;
319
+ userId?: string;
320
+ }, password: string): Promise<void>;
321
+ setStatusForUserBy(identifier: {
322
+ accountId?: number;
323
+ email?: string;
324
+ userId?: string;
325
+ }, status: number): Promise<void>;
326
+ initiatePasswordResetForUserBy(identifier: {
327
+ accountId?: number;
328
+ email?: string;
329
+ userId?: string;
330
+ }, expiresAfter?: string | number | null, callback?: TokenCallback): Promise<void>;
331
+ forceLogoutForUserBy(identifier: {
332
+ accountId?: number;
333
+ email?: string;
334
+ userId?: string;
335
+ }): Promise<void>;
336
+ loginAsUserBy(identifier: {
337
+ accountId?: number;
338
+ email?: string;
339
+ userId?: string;
340
+ }): Promise<void>;
293
341
  providers: {
294
342
  github?: OAuthProvider;
295
343
  google?: OAuthProvider;
@@ -460,93 +508,194 @@ interface TwoFactorManager$1 {
460
508
  */
461
509
  getContact(mechanism: TwoFactorMechanism.EMAIL | TwoFactorMechanism.SMS): Promise<string | null>;
462
510
  }
463
- interface AuthAdminManager {
464
- createUser(credentials: {
511
+
512
+ declare function createAuthMiddleware(config: AuthConfig): (req: Request, res: Response, next: NextFunction) => Promise<void>;
513
+
514
+ declare function createAuthTables(config: AuthConfig): Promise<void>;
515
+ declare function dropAuthTables(config: AuthConfig): Promise<void>;
516
+ declare function cleanupExpiredTokens(config: AuthConfig): Promise<void>;
517
+ declare function getAuthTableStats(config: AuthConfig): Promise<{
518
+ accounts: number;
519
+ providers: number;
520
+ confirmations: number;
521
+ remembers: number;
522
+ resets: number;
523
+ twoFactorMethods: number;
524
+ twoFactorTokens: number;
525
+ expiredConfirmations: number;
526
+ expiredRemembers: number;
527
+ expiredResets: number;
528
+ expiredTwoFactorTokens: number;
529
+ }>;
530
+
531
+ interface AuthContext {
532
+ createUser: (credentials: {
465
533
  email: string;
466
534
  password: string;
467
- }, userId?: string | number, callback?: TokenCallback): Promise<AuthAccount>;
468
- loginAsUserBy(identifier: {
535
+ }, userId?: string | number, callback?: TokenCallback) => Promise<AuthAccount>;
536
+ register: (email: string, password: string, userId?: string | number, callback?: TokenCallback) => Promise<AuthAccount>;
537
+ deleteUserBy: (identifier: {
469
538
  accountId?: number;
470
539
  email?: string;
471
540
  userId?: string;
472
- }): Promise<void>;
473
- deleteUserBy(identifier: {
541
+ }) => Promise<void>;
542
+ addRoleForUserBy: (identifier: {
474
543
  accountId?: number;
475
544
  email?: string;
476
545
  userId?: string;
477
- }): Promise<void>;
478
- addRoleForUserBy(identifier: {
546
+ }, role: number) => Promise<void>;
547
+ removeRoleForUserBy: (identifier: {
479
548
  accountId?: number;
480
549
  email?: string;
481
550
  userId?: string;
482
- }, role: number): Promise<void>;
483
- removeRoleForUserBy(identifier: {
551
+ }, role: number) => Promise<void>;
552
+ hasRoleForUserBy: (identifier: {
484
553
  accountId?: number;
485
554
  email?: string;
486
555
  userId?: string;
487
- }, role: number): Promise<void>;
488
- hasRoleForUserBy(identifier: {
556
+ }, role: number) => Promise<boolean>;
557
+ changePasswordForUserBy: (identifier: {
489
558
  accountId?: number;
490
559
  email?: string;
491
560
  userId?: string;
492
- }, role: number): Promise<boolean>;
493
- changePasswordForUserBy(identifier: {
561
+ }, password: string) => Promise<void>;
562
+ setStatusForUserBy: (identifier: {
494
563
  accountId?: number;
495
564
  email?: string;
496
565
  userId?: string;
497
- }, password: string): Promise<void>;
498
- setStatusForUserBy(identifier: {
566
+ }, status: number) => Promise<void>;
567
+ initiatePasswordResetForUserBy: (identifier: {
499
568
  accountId?: number;
500
569
  email?: string;
501
570
  userId?: string;
502
- }, status: number): Promise<void>;
503
- initiatePasswordResetForUserBy(identifier: {
504
- accountId?: number;
505
- email?: string;
506
- userId?: string;
507
- }, expiresAfter?: string | number | null, callback?: TokenCallback): Promise<void>;
508
- forceLogoutForUserBy(identifier: {
571
+ }, expiresAfter?: string | number | null, callback?: TokenCallback) => Promise<void>;
572
+ resetPassword: (email: string, expiresAfter?: string | number | null, maxOpenRequests?: number | null, callback?: TokenCallback) => Promise<void>;
573
+ confirmResetPassword: (token: string, password: string) => Promise<{
574
+ accountId: number;
575
+ email: string;
576
+ }>;
577
+ forceLogoutForUserBy: (identifier: {
509
578
  accountId?: number;
510
579
  email?: string;
511
580
  userId?: string;
512
- }): Promise<void>;
581
+ }) => Promise<{
582
+ accountId: number;
583
+ }>;
513
584
  }
585
+ declare function createAuthContext(config: AuthConfig): AuthContext;
514
586
 
515
- declare function createAuthMiddleware(config: AuthConfig): (req: Request, res: Response, next: NextFunction) => Promise<void>;
516
-
517
- declare function createAuthTables(config: AuthConfig): Promise<void>;
518
- declare function dropAuthTables(config: AuthConfig): Promise<void>;
519
- declare function cleanupExpiredTokens(config: AuthConfig): Promise<void>;
520
- declare function getAuthTableStats(config: AuthConfig): Promise<{
521
- accounts: number;
522
- providers: number;
523
- confirmations: number;
524
- remembers: number;
525
- resets: number;
526
- twoFactorMethods: number;
527
- twoFactorTokens: number;
528
- expiredConfirmations: number;
529
- expiredRemembers: number;
530
- expiredResets: number;
531
- expiredTwoFactorTokens: number;
587
+ declare function createUser(config: AuthConfig, credentials: {
588
+ email: string;
589
+ password: string;
590
+ }, userId?: string | number, callback?: TokenCallback): Promise<AuthAccount>;
591
+ declare function register(config: AuthConfig, email: string, password: string, userId?: string | number, callback?: TokenCallback): Promise<AuthAccount>;
592
+ declare function deleteUserBy(config: AuthConfig, identifier: {
593
+ accountId?: number;
594
+ email?: string;
595
+ userId?: string;
596
+ }): Promise<void>;
597
+ declare function addRoleForUserBy(config: AuthConfig, identifier: {
598
+ accountId?: number;
599
+ email?: string;
600
+ userId?: string;
601
+ }, role: number): Promise<void>;
602
+ declare function removeRoleForUserBy(config: AuthConfig, identifier: {
603
+ accountId?: number;
604
+ email?: string;
605
+ userId?: string;
606
+ }, role: number): Promise<void>;
607
+ declare function hasRoleForUserBy(config: AuthConfig, identifier: {
608
+ accountId?: number;
609
+ email?: string;
610
+ userId?: string;
611
+ }, role: number): Promise<boolean>;
612
+ declare function changePasswordForUserBy(config: AuthConfig, identifier: {
613
+ accountId?: number;
614
+ email?: string;
615
+ userId?: string;
616
+ }, password: string): Promise<void>;
617
+ declare function setStatusForUserBy(config: AuthConfig, identifier: {
618
+ accountId?: number;
619
+ email?: string;
620
+ userId?: string;
621
+ }, status: number): Promise<void>;
622
+ declare function initiatePasswordResetForUserBy(config: AuthConfig, identifier: {
623
+ accountId?: number;
624
+ email?: string;
625
+ userId?: string;
626
+ }, expiresAfter?: string | number | null, callback?: TokenCallback): Promise<void>;
627
+ declare function resetPassword(config: AuthConfig, email: string, expiresAfter?: string | number | null, maxOpenRequests?: number | null, callback?: TokenCallback): Promise<void>;
628
+ declare function confirmResetPassword(config: AuthConfig, token: string, password: string): Promise<{
629
+ accountId: number;
630
+ email: string;
631
+ }>;
632
+ declare function forceLogoutForUserBy(config: AuthConfig, identifier: {
633
+ accountId?: number;
634
+ email?: string;
635
+ userId?: string;
636
+ }): Promise<{
637
+ accountId: number;
532
638
  }>;
533
639
 
640
+ declare const authFunctions_addRoleForUserBy: typeof addRoleForUserBy;
641
+ declare const authFunctions_changePasswordForUserBy: typeof changePasswordForUserBy;
642
+ declare const authFunctions_confirmResetPassword: typeof confirmResetPassword;
643
+ declare const authFunctions_createUser: typeof createUser;
644
+ declare const authFunctions_deleteUserBy: typeof deleteUserBy;
645
+ declare const authFunctions_forceLogoutForUserBy: typeof forceLogoutForUserBy;
646
+ declare const authFunctions_hasRoleForUserBy: typeof hasRoleForUserBy;
647
+ declare const authFunctions_initiatePasswordResetForUserBy: typeof initiatePasswordResetForUserBy;
648
+ declare const authFunctions_register: typeof register;
649
+ declare const authFunctions_removeRoleForUserBy: typeof removeRoleForUserBy;
650
+ declare const authFunctions_resetPassword: typeof resetPassword;
651
+ declare const authFunctions_setStatusForUserBy: typeof setStatusForUserBy;
652
+ declare namespace authFunctions {
653
+ export { authFunctions_addRoleForUserBy as addRoleForUserBy, authFunctions_changePasswordForUserBy as changePasswordForUserBy, authFunctions_confirmResetPassword as confirmResetPassword, authFunctions_createUser as createUser, authFunctions_deleteUserBy as deleteUserBy, authFunctions_forceLogoutForUserBy as forceLogoutForUserBy, authFunctions_hasRoleForUserBy as hasRoleForUserBy, authFunctions_initiatePasswordResetForUserBy as initiatePasswordResetForUserBy, authFunctions_register as register, authFunctions_removeRoleForUserBy as removeRoleForUserBy, authFunctions_resetPassword as resetPassword, authFunctions_setStatusForUserBy as setStatusForUserBy };
654
+ }
655
+
656
+ type UserIdentifier = {
657
+ accountId?: number;
658
+ email?: string;
659
+ userId?: string;
660
+ };
534
661
  /**
535
- * Create a new user account without requiring Express request/response objects.
536
- * This function is suitable for use in seeders, CLI tools, and other standalone contexts.
662
+ * Add a role to a user's account.
663
+ * Uses bitwise OR to add role to existing rolemask.
537
664
  *
538
- * @param config - Auth configuration containing database connection and settings
539
- * @param credentials - Email and password for new account
540
- * @param userId - Optional user ID to link this auth account to. If not provided, a UUID will be generated automatically.
541
- * @param callback - If provided, account is created unverified and callback receives confirmation token. Create a URL like /confirm/{token} and call confirmEmail() in that handler. If omitted, account is immediately verified.
542
- * @returns The created account record
543
- * @throws {EmailTakenError} Email is already registered
544
- * @throws {InvalidPasswordError} Password doesn't meet length requirements
665
+ * @param config - Auth configuration containing database connection
666
+ * @param identifier - Find user by accountId, email, or userId
667
+ * @param role - Role bitmask to add (e.g., AuthRole.Admin)
668
+ * @throws {UserNotFoundError} No account matches the identifier
545
669
  */
546
- declare function createUser(config: AuthConfig, credentials: {
547
- email: string;
548
- password: string;
549
- }, userId?: string | number, callback?: TokenCallback): Promise<AuthAccount>;
670
+ declare function addRoleToUser(config: AuthConfig, identifier: UserIdentifier, role: number): Promise<void>;
671
+ /**
672
+ * Remove a role from a user's account.
673
+ * Uses bitwise operations to remove role from rolemask.
674
+ *
675
+ * @param config - Auth configuration containing database connection
676
+ * @param identifier - Find user by accountId, email, or userId
677
+ * @param role - Role bitmask to remove (e.g., AuthRole.Admin)
678
+ * @throws {UserNotFoundError} No account matches the identifier
679
+ */
680
+ declare function removeRoleFromUser(config: AuthConfig, identifier: UserIdentifier, role: number): Promise<void>;
681
+ /**
682
+ * Set a user's complete role mask, replacing any existing roles.
683
+ *
684
+ * @param config - Auth configuration containing database connection
685
+ * @param identifier - Find user by accountId, email, or userId
686
+ * @param rolemask - Complete role bitmask to set
687
+ * @throws {UserNotFoundError} No account matches the identifier
688
+ */
689
+ declare function setUserRoles(config: AuthConfig, identifier: UserIdentifier, rolemask: number): Promise<void>;
690
+ /**
691
+ * Get a user's current role mask.
692
+ *
693
+ * @param config - Auth configuration containing database connection
694
+ * @param identifier - Find user by accountId, email, or userId
695
+ * @returns The user's current role bitmask
696
+ * @throws {UserNotFoundError} No account matches the identifier
697
+ */
698
+ declare function getUserRoles(config: AuthConfig, identifier: UserIdentifier): Promise<number>;
550
699
 
551
700
  declare class AuthError extends Error {
552
701
  constructor(message: string);
@@ -924,6 +1073,63 @@ declare class AuthManager implements AuthManager$1 {
924
1073
  * Logs out everywhere else, then logs out current session.
925
1074
  */
926
1075
  logoutEverywhere(): Promise<void>;
1076
+ private findAccountByIdentifier;
1077
+ createUser(credentials: {
1078
+ email: string;
1079
+ password: string;
1080
+ }, userId?: string | number, callback?: TokenCallback): Promise<AuthAccount>;
1081
+ deleteUserBy(identifier: {
1082
+ accountId?: number;
1083
+ email?: string;
1084
+ userId?: string;
1085
+ }): Promise<void>;
1086
+ addRoleForUserBy(identifier: {
1087
+ accountId?: number;
1088
+ email?: string;
1089
+ userId?: string;
1090
+ }, role: number): Promise<void>;
1091
+ removeRoleForUserBy(identifier: {
1092
+ accountId?: number;
1093
+ email?: string;
1094
+ userId?: string;
1095
+ }, role: number): Promise<void>;
1096
+ hasRoleForUserBy(identifier: {
1097
+ accountId?: number;
1098
+ email?: string;
1099
+ userId?: string;
1100
+ }, role: number): Promise<boolean>;
1101
+ changePasswordForUserBy(identifier: {
1102
+ accountId?: number;
1103
+ email?: string;
1104
+ userId?: string;
1105
+ }, password: string): Promise<void>;
1106
+ setStatusForUserBy(identifier: {
1107
+ accountId?: number;
1108
+ email?: string;
1109
+ userId?: string;
1110
+ }, status: number): Promise<void>;
1111
+ initiatePasswordResetForUserBy(identifier: {
1112
+ accountId?: number;
1113
+ email?: string;
1114
+ userId?: string;
1115
+ }, expiresAfter?: string | number | null, callback?: TokenCallback): Promise<void>;
1116
+ forceLogoutForUserBy(identifier: {
1117
+ accountId?: number;
1118
+ email?: string;
1119
+ userId?: string;
1120
+ }): Promise<void>;
1121
+ /**
1122
+ * Log in as another user (admin function).
1123
+ * Creates a new session as the target user without requiring their password.
1124
+ *
1125
+ * @param identifier - Find user by accountId, email, or userId
1126
+ * @throws {UserNotFoundError} No account matches the identifier
1127
+ */
1128
+ loginAsUserBy(identifier: {
1129
+ accountId?: number;
1130
+ email?: string;
1131
+ userId?: string;
1132
+ }): Promise<void>;
927
1133
  }
928
1134
 
929
1135
  declare abstract class BaseOAuthProvider implements OAuthProvider {
@@ -962,4 +1168,4 @@ declare class AzureProvider extends BaseOAuthProvider {
962
1168
  protected exchangeCodeForToken(code: string, tokenUrl: string): Promise<string>;
963
1169
  }
964
1170
 
965
- export { ActivityLogger, type AuthAccount, type AuthActivity, AuthActivityAction, type AuthActivityActionType, type AuthAdminManager, type AuthConfig, type AuthConfirmation, AuthError, type AuthManager$1 as AuthManager, type AuthProvider, type AuthRemember, type AuthReset, AuthRole, type AuthSession, AuthStatus, AzureProvider, type AzureProviderConfig, BaseOAuthProvider, ConfirmationExpiredError, ConfirmationNotFoundError, EmailNotVerifiedError, EmailTakenError, GitHubProvider, type GitHubProviderConfig, GoogleProvider, type GoogleProviderConfig, InvalidBackupCodeError, InvalidEmailError, InvalidPasswordError, InvalidTokenError, InvalidTwoFactorCodeError, type OAuthProvider, type OAuthProviderConfig, type OAuthUserData, OtpProvider, ResetDisabledError, ResetExpiredError, ResetNotFoundError, SecondFactorRequiredError, type TokenCallback, TooManyResetsError, TotpProvider, TwoFactorAlreadyEnabledError, type TwoFactorChallenge, TwoFactorExpiredError, TwoFactorManager, TwoFactorMechanism, type TwoFactorMethod, TwoFactorNotSetupError, TwoFactorSetupIncompleteError, type TwoFactorSetupResult, type TwoFactorToken, UserInactiveError, UserNotFoundError, UserNotLoggedInError, cleanupExpiredTokens, createAuthMiddleware, createAuthTables, createUser, dropAuthTables, getAuthTableStats, isValidEmail, validateEmail };
1171
+ export { ActivityLogger, type AuthAccount, type AuthActivity, AuthActivityAction, type AuthActivityActionType, type AuthConfig, type AuthConfirmation, type AuthContext, AuthError, type AuthManager$1 as AuthManager, type AuthProvider, type AuthRemember, type AuthReset, AuthRole, type AuthSession, AuthStatus, AzureProvider, type AzureProviderConfig, BaseOAuthProvider, ConfirmationExpiredError, ConfirmationNotFoundError, EmailNotVerifiedError, EmailTakenError, GitHubProvider, type GitHubProviderConfig, GoogleProvider, type GoogleProviderConfig, InvalidBackupCodeError, InvalidEmailError, InvalidPasswordError, InvalidTokenError, InvalidTwoFactorCodeError, type OAuthProvider, type OAuthProviderConfig, type OAuthUserData, OtpProvider, ResetDisabledError, ResetExpiredError, ResetNotFoundError, SecondFactorRequiredError, type TokenCallback, TooManyResetsError, TotpProvider, TwoFactorAlreadyEnabledError, type TwoFactorChallenge, TwoFactorExpiredError, TwoFactorManager, TwoFactorMechanism, type TwoFactorMethod, TwoFactorNotSetupError, TwoFactorSetupIncompleteError, type TwoFactorSetupResult, type TwoFactorToken, type UserIdentifier, UserInactiveError, UserNotFoundError, UserNotLoggedInError, addRoleToUser, authFunctions, cleanupExpiredTokens, createAuthContext, createAuthMiddleware, createAuthTables, dropAuthTables, getAuthTableStats, getUserRoles, isValidEmail, removeRoleFromUser, setUserRoles, validateEmail };