@factiii/auth 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Factiii
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,120 @@
+# @factiii/auth
+
+Drop-in authentication for tRPC. JWT sessions, OAuth, 2FA—all type-safe.
+
+## Install
+
+```bash
+npm install @factiii/auth @prisma/client
+```
+
+## Setup
+
+**1. Add Prisma models:**
+
+```bash
+npx @factiii/auth init
+npx prisma generate && npx prisma db push
+npx @factiii/auth doctor  # Verify setup
+```
+
+**2. Create auth router:**
+
+```typescript
+import { createAuthRouter } from '@factiii/auth';
+import { prisma } from './prisma';
+
+export const { router, authProcedure, createContext } = createAuthRouter({
+  prisma,
+  secrets: { jwt: process.env.JWT_SECRET! },
+});
+```
+
+**3. Use protected routes:**
+
+```typescript
+const protectedRouter = router({
+  getProfile: authProcedure.query(({ ctx }) => {
+    return { userId: ctx.userId };
+  }),
+});
+```
+
+## Config
+
+```typescript
+createAuthRouter({
+  prisma,
+  secrets: { jwt: 'your-secret' },
+
+  // Optional
+  features: {
+    emailVerification: true,
+    twoFa: true,
+    oauth: { google: true, apple: true },
+    biometric: false,
+  },
+  oauthKeys: {
+    google: { clientId: '...' },
+    apple: { clientId: '...' },
+  },
+  emailService: {
+    sendVerificationEmail: async (email, code) => {},
+    sendPasswordResetEmail: async (email, token) => {},
+    sendOTPEmail: async (email, otp) => {},
+  },
+  hooks: {
+    onUserCreated: async (userId) => {},
+    onUserLogin: async (userId, sessionId) => {},
+    // ... 15+ lifecycle hooks
+  },
+  tokenSettings: {
+    accessTokenExpiry: '5m',           // JWT expiry (default: 5 minutes)
+    passwordResetExpiryMs: 3600000,    // Reset token expiry (default: 1 hour)
+    otpValidityMs: 900000,             // OTP validity window (default: 15 minutes)
+  },
+});
+```
+
+## Procedures
+
+Auth procedures: `register`, `login`, `logout`, `refresh`, `changePassword`, `resetPassword`, `oAuthLogin`, `enableTwofa`, `disableTwofa`, `sendVerificationEmail`, `verifyEmail`, and more.
+
+## Lifecycle Hooks
+
+```typescript
+interface AuthHooks {
+  // Registration & Login
+  beforeRegister?: (input) => Promise<void>;
+  beforeLogin?: (input) => Promise<void>;
+  onUserCreated?: (userId, input) => Promise<void>;
+  onUserLogin?: (userId, sessionId) => Promise<void>;
+
+  // Sessions
+  onSessionCreated?: (sessionId) => Promise<void>;
+  onSessionRevoked?: (sessionId, socketId, reason) => Promise<void>;
+  afterLogout?: (userId, sessionId, socketId) => Promise<void>;
+  onRefresh?: (userId) => Promise<void>;
+
+  // Security
+  onPasswordChanged?: (userId) => Promise<void>;
+  onEmailVerified?: (userId) => Promise<void>;
+  onTwoFaStatusChanged?: (userId, enabled) => Promise<void>;
+  onOAuthLinked?: (userId, provider) => Promise<void>;
+  onBiometricVerified?: (userId) => Promise<void>;
+  getBiometricTimeout?: () => Promise<number | null>;
+}
+```
+
+## CLI
+
+```bash
+npx @factiii/auth init     # Copy Prisma schema to your project
+npx @factiii/auth schema   # Print schema path for manual copying
+npx @factiii/auth doctor   # Check setup for common issues
+npx @factiii/auth help     # Show help
+```
+
+## License
+
+MIT

package/bin/init.mjs

@@ -0,0 +1,315 @@
+#!/usr/bin/env node
+
+import { copyFileSync, existsSync, mkdirSync, readFileSync, readdirSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const schemaSource = join(__dirname, '..', 'prisma', 'schema.prisma');
+const targetDir = resolve(process.cwd(), 'prisma');
+const targetFile = join(targetDir, 'auth-schema.prisma');
+
+const args = process.argv.slice(2);
+const command = args[0];
+
+function printHelp() {
+  console.log(`
+@factiii/auth CLI
+
+Usage:
+  npx @factiii/auth <command>
+
+Commands:
+  init     Copy the reference Prisma schema to your project
+  schema   Print the schema path (for manual copying)
+  doctor   Check your project setup for common issues
+  help     Show this help message
+
+Examples:
+  npx @factiii/auth init
+  npx @factiii/auth doctor
+`);
+}
+
+function init() {
+  // Ensure prisma directory exists
+  if (!existsSync(targetDir)) {
+    mkdirSync(targetDir, { recursive: true });
+    console.log('Created prisma/ directory');
+  }
+
+  // Check if file already exists
+  if (existsSync(targetFile)) {
+    console.log(`⚠️  ${targetFile} already exists`);
+    console.log('   To overwrite, delete it first and run again.');
+    process.exit(1);
+  }
+
+  // Copy schema
+  try {
+    copyFileSync(schemaSource, targetFile);
+    console.log(`✓ Copied schema to ${targetFile}`);
+    console.log('');
+    console.log('Next steps:');
+    console.log('  1. Review and customize the schema for your database provider');
+    console.log('  2. Merge models into your existing schema.prisma (if you have one)');
+    console.log('  3. Run: npx prisma generate');
+    console.log('  4. Run: npx prisma db push (or prisma migrate dev)');
+  } catch (err) {
+    console.error('Failed to copy schema:', err.message);
+    process.exit(1);
+  }
+}
+
+function printSchemaPath() {
+  console.log('Schema location:');
+  console.log(`  ${schemaSource}`);
+  console.log('');
+  console.log('Copy manually:');
+  console.log(`  cp "${schemaSource}" ./prisma/auth-schema.prisma`);
+}
+
+// ANSI color codes
+const colors = {
+  reset: '\x1b[0m',
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  cyan: '\x1b[36m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m'
+};
+
+const ok = (msg) => console.log(`${colors.green}✓${colors.reset} ${msg}`);
+const fail = (msg) => console.log(`${colors.red}✗${colors.reset} ${msg}`);
+const warn = (msg) => console.log(`${colors.yellow}⚠${colors.reset} ${msg}`);
+const hint = (msg) => console.log(`${colors.dim}  ${msg}${colors.reset}`);
+
+/**
+ * Recursively find all .prisma files in a directory
+ * @param {string} dir - Directory to search
+ * @param {string[]} files - Accumulator for found files
+ * @returns {string[]} Array of file paths
+ */
+function findPrismaFiles(dir, files = []) {
+  if (!existsSync(dir)) return files;
+
+  try {
+    const entries = readdirSync(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = join(dir, entry.name);
+      if (entry.isDirectory() && entry.name !== 'migrations') {
+        findPrismaFiles(fullPath, files);
+      } else if (entry.isFile() && entry.name.endsWith('.prisma')) {
+        files.push(fullPath);
+      }
+    }
+  } catch (e) {
+    // Directory read failed
+  }
+
+  return files;
+}
+
+/**
+ * Find and read all Prisma schema files (supports single file and modularized schemas)
+ * Patterns supported:
+ *   - prisma/schema.prisma (single file)
+ *   - prisma/schema/*.prisma (modularized in schema dir)
+ *   - prisma/schema.prisma + prisma/models/*.prisma (hybrid)
+ *   - prisma/*.prisma (multiple files in prisma dir)
+ * @returns {{ found: boolean, schemaContent: string, location: string }}
+ */
+function findPrismaSchema() {
+  const prismaDir = resolve(process.cwd(), 'prisma');
+
+  if (!existsSync(prismaDir)) {
+    return { found: false, schemaContent: '', location: '' };
+  }
+
+  // Find all .prisma files recursively (excluding migrations)
+  const allFiles = findPrismaFiles(prismaDir);
+
+  if (allFiles.length === 0) {
+    return { found: false, schemaContent: '', location: '' };
+  }
+
+  // Read and combine all schema files
+  const combinedSchema = allFiles
+    .map(f => readFileSync(f, 'utf-8'))
+    .join('\n');
+
+  // Build location description
+  let location;
+  if (allFiles.length === 1 && allFiles[0] === join(prismaDir, 'schema.prisma')) {
+    location = 'prisma/schema.prisma';
+  } else {
+    // Get unique directories
+    const dirs = [...new Set(allFiles.map(f => dirname(f).replace(prismaDir, 'prisma')))];
+    location = `${dirs.join(', ')} (${allFiles.length} files)`;
+  }
+
+  return {
+    found: true,
+    schemaContent: combinedSchema,
+    location
+  };
+}
+
+function parseReferenceSchema() {
+  const schema = readFileSync(schemaSource, 'utf-8');
+
+  // Extract model names
+  const models = [...schema.matchAll(/model\s+(\w+)\s*\{/g)].map(m => m[1]);
+
+  // Extract enum names
+  const enums = [...schema.matchAll(/enum\s+(\w+)\s*\{/g)].map(m => m[1]);
+
+  // Extract fields for each model
+  const modelFields = {};
+  for (const model of models) {
+    const modelMatch = schema.match(new RegExp(`model\\s+${model}\\s*\\{([^}]+)\\}`, 'm'));
+    if (modelMatch) {
+      const block = modelMatch[1];
+      // Match field names (first word on lines that aren't comments or @@)
+      const fields = [...block.matchAll(/^\s*(\w+)\s+\w+/gm)]
+        .map(m => m[1])
+        .filter(f => !f.startsWith('@@'));
+      modelFields[model] = fields;
+    }
+  }
+
+  return { models, enums, modelFields };
+}
+
+function doctor() {
+  console.log(`${colors.bold}${colors.cyan}Running diagnostics...${colors.reset}\n`);
+
+  let issues = 0;
+  let warnings = 0;
+
+  // Parse reference schema to get required models/enums/fields
+  let reference;
+  try {
+    reference = parseReferenceSchema();
+  } catch (e) {
+    fail('Could not read reference schema from package');
+    process.exit(1);
+  }
+
+  // Check 1: package.json exists
+  const packageJsonPath = resolve(process.cwd(), 'package.json');
+  if (!existsSync(packageJsonPath)) {
+    fail('No package.json found in current directory');
+    issues++;
+  } else {
+    ok('package.json found');
+
+    // Check for @prisma/client dependency
+    try {
+      const pkg = JSON.parse(readFileSync(packageJsonPath, 'utf-8'));
+      const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+      if (deps['@prisma/client']) {
+        ok('@prisma/client is installed');
+      } else {
+        fail('@prisma/client not found in dependencies');
+        hint('Run: npm install @prisma/client');
+        issues++;
+      }
+    } catch (e) {
+      warn('Could not parse package.json');
+      warnings++;
+    }
+  }
+
+  // Check 2: Prisma schema exists (supports single file and modularized schemas)
+  const { found: schemaFound, schemaContent: schema, location: schemaLocation } = findPrismaSchema();
+  if (!schemaFound) {
+    fail('No Prisma schema found');
+    hint('Checked: prisma/schema.prisma, prisma/schema/*.prisma, prisma/*.prisma');
+    hint('Run: npx @factiii/auth init');
+    issues++;
+  } else {
+    ok(`Prisma schema found (${schemaLocation})`);
+
+    // Parse user's schema
+    try {
+      // Check models
+      for (const model of reference.models) {
+        const regex = new RegExp(`model\\s+${model}\\s*\\{`, 'm');
+        if (regex.test(schema)) {
+          ok(`Model ${colors.cyan}${model}${colors.reset} found`);
+        } else {
+          fail(`Model ${colors.cyan}${model}${colors.reset} not found in schema`);
+          issues++;
+        }
+      }
+
+      // Check enums
+      for (const enumName of reference.enums) {
+        const regex = new RegExp(`enum\\s+${enumName}\\s*\\{`, 'm');
+        if (regex.test(schema)) {
+          ok(`Enum ${colors.cyan}${enumName}${colors.reset} found`);
+        } else {
+          fail(`Enum ${colors.cyan}${enumName}${colors.reset} not found in schema`);
+          issues++;
+        }
+      }
+
+      // Check fields for each model
+      for (const [model, fields] of Object.entries(reference.modelFields)) {
+        const modelMatch = schema.match(new RegExp(`model\\s+${model}\\s*\\{([^}]+)\\}`, 'm'));
+        if (modelMatch) {
+          const block = modelMatch[1];
+          for (const field of fields) {
+            const fieldRegex = new RegExp(`\\b${field}\\b`, 'm');
+            if (!fieldRegex.test(block)) {
+              warn(`${model}.${colors.cyan}${field}${colors.reset} field not found`);
+              warnings++;
+            }
+          }
+        }
+      }
+    } catch (e) {
+      warn('Could not parse Prisma schema');
+      warnings++;
+    }
+  }
+
+  // Summary
+  console.log(`\n${colors.bold}--- Summary ---${colors.reset}`);
+  if (issues === 0 && warnings === 0) {
+    console.log(`${colors.green}${colors.bold}✓ All checks passed!${colors.reset} Your setup looks good.`);
+  } else {
+    if (issues > 0) {
+      console.log(`${colors.red}${colors.bold}✗ ${issues} issue(s) found${colors.reset}`);
+    }
+    if (warnings > 0) {
+      console.log(`${colors.yellow}${colors.bold}⚠ ${warnings} warning(s) found${colors.reset}`);
+    }
+  }
+
+  process.exit(issues > 0 ? 1 : 0);
+}
+
+switch (command) {
+  case 'init':
+    init();
+    break;
+  case 'schema':
+    printSchemaPath();
+    break;
+  case 'doctor':
+    doctor();
+    break;
+  case 'help':
+  case '--help':
+  case '-h':
+  case undefined:
+    printHelp();
+    break;
+  default:
+    console.error(`Unknown command: ${command}`);
+    printHelp();
+    process.exit(1);
+}

package/dist/chunk-CLHDX2R2.mjs

@@ -0,0 +1,118 @@
+// src/validators.ts
+import { z } from "zod";
+var usernameValidationRegex = /^[a-zA-Z0-9_]+$/;
+var signupSchema = z.object({
+  username: z.string().min(1, { message: "Username is required" }).max(30, { message: "Username must be 30 characters or less" }).regex(usernameValidationRegex, {
+    message: "Username can only contain letters, numbers, and underscores"
+  }),
+  email: z.string().email({ message: "Invalid email address" }),
+  password: z.string().min(6, { message: "Password must contain at least 6 characters" })
+});
+var loginSchema = z.object({
+  username: z.string().min(1, { message: "Username or email is required" }),
+  password: z.string().min(1, { message: "Password is required" }),
+  code: z.string().optional()
+  // 2FA code
+});
+var oAuthLoginSchema = z.object({
+  idToken: z.string(),
+  user: z.object({
+    email: z.string().email().optional()
+  }).optional(),
+  provider: z.enum(["GOOGLE", "APPLE"])
+});
+var requestPasswordResetSchema = z.object({
+  email: z.string().email({ message: "Invalid email address" })
+});
+var resetPasswordSchema = z.object({
+  token: z.string().min(1, { message: "Reset token is required" }),
+  password: z.string().min(6, { message: "Password must contain at least 6 characters" })
+});
+var checkPasswordResetSchema = z.object({
+  token: z.string().min(1, { message: "Reset token is required" })
+});
+var changePasswordSchema = z.object({
+  currentPassword: z.string().min(1, { message: "Current password is required" }),
+  newPassword: z.string().min(6, { message: "New password must contain at least 6 characters" })
+});
+var twoFaVerifySchema = z.object({
+  code: z.string().min(6, { message: "Verification code is required" }),
+  sessionId: z.number().optional()
+});
+var twoFaSetupSchema = z.object({
+  code: z.string().min(6, { message: "Verification code is required" })
+});
+var twoFaResetSchema = z.object({
+  username: z.string().min(1),
+  password: z.string().min(1)
+});
+var twoFaResetVerifySchema = z.object({
+  code: z.number().min(1e5).max(999999),
+  username: z.string().min(1)
+});
+var verifyEmailSchema = z.object({
+  code: z.string().min(1, { message: "Verification code is required" })
+});
+var resendVerificationSchema = z.object({
+  email: z.string().email().optional()
+});
+var biometricVerifySchema = z.object({});
+var registerPushTokenSchema = z.object({
+  pushToken: z.string().min(1, { message: "Push token is required" })
+});
+var deregisterPushTokenSchema = z.object({
+  pushToken: z.string().min(1, { message: "Push token is required" })
+});
+var getTwofaSecretSchema = z.object({
+  pushCode: z.string().min(6, { message: "Push code is required" })
+});
+var disableTwofaSchema = z.object({
+  password: z.string().min(1, { message: "Password is required" })
+});
+var logoutSchema = z.object({
+  allDevices: z.boolean().optional().default(false)
+});
+var endAllSessionsSchema = z.object({
+  skipCurrentSession: z.boolean().optional().default(true)
+});
+var otpLoginRequestSchema = z.object({
+  email: z.string().email({ message: "Invalid email address" })
+});
+var otpLoginVerifySchema = z.object({
+  email: z.string().email(),
+  code: z.number().min(1e5).max(999999)
+});
+function createSchemas(extensions) {
+  return {
+    signup: extensions?.signup ? signupSchema.merge(extensions.signup) : signupSchema,
+    login: extensions?.login ? loginSchema.merge(extensions.login) : loginSchema,
+    oauth: extensions?.oauth ? oAuthLoginSchema.merge(extensions.oauth) : oAuthLoginSchema
+  };
+}
+
+export {
+  signupSchema,
+  loginSchema,
+  oAuthLoginSchema,
+  requestPasswordResetSchema,
+  resetPasswordSchema,
+  checkPasswordResetSchema,
+  changePasswordSchema,
+  twoFaVerifySchema,
+  twoFaSetupSchema,
+  twoFaResetSchema,
+  twoFaResetVerifySchema,
+  verifyEmailSchema,
+  resendVerificationSchema,
+  biometricVerifySchema,
+  registerPushTokenSchema,
+  deregisterPushTokenSchema,
+  getTwofaSecretSchema,
+  disableTwofaSchema,
+  logoutSchema,
+  endAllSessionsSchema,
+  otpLoginRequestSchema,
+  otpLoginVerifySchema,
+  createSchemas
+};
+//# sourceMappingURL=chunk-CLHDX2R2.mjs.map

package/dist/chunk-CLHDX2R2.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/validators.ts"],"sourcesContent":["import { z, type AnyZodObject } from 'zod';\n\nimport type { SchemaExtensions } from './types/hooks';\n\n/**\n * Username validation regex - allows letters, numbers, and underscores\n */\nconst usernameValidationRegex = /^[a-zA-Z0-9_]+$/;\n\n/**\n * Schema for user registration\n */\nexport const signupSchema = z.object({\n  username: z\n    .string()\n    .min(1, { message: 'Username is required' })\n    .max(30, { message: 'Username must be 30 characters or less' })\n    .regex(usernameValidationRegex, {\n      message: 'Username can only contain letters, numbers, and underscores'\n    }),\n  email: z.string().email({ message: 'Invalid email address' }),\n  password: z\n    .string()\n    .min(6, { message: 'Password must contain at least 6 characters' })\n});\n\n/**\n * Schema for user login\n */\nexport const loginSchema = z.object({\n  username: z.string().min(1, { message: 'Username or email is required' }),\n  password: z.string().min(1, { message: 'Password is required' }),\n  code: z.string().optional() // 2FA code\n});\n\n/**\n * Schema for OAuth login\n */\nexport const oAuthLoginSchema = z.object({\n  idToken: z.string(),\n  user: z\n    .object({\n      email: z.string().email().optional()\n    })\n    .optional(),\n  provider: z.enum(['GOOGLE', 'APPLE'])\n});\n\n/**\n * Schema for password reset request\n */\nexport const requestPasswordResetSchema = z.object({\n  email: z.string().email({ message: 'Invalid email address' })\n});\n\n/**\n * Schema for password reset confirmation\n */\nexport const resetPasswordSchema = z.object({\n  token: z.string().min(1, { message: 'Reset token is required' }),\n  password: z\n    .string()\n    .min(6, { message: 'Password must contain at least 6 characters' })\n});\n\n/**\n * Schema for checking password reset token\n */\nexport const checkPasswordResetSchema = z.object({\n  token: z.string().min(1, { message: 'Reset token is required' })\n});\n\n/**\n * Schema for changing password (authenticated)\n */\nexport const changePasswordSchema = z.object({\n  currentPassword: z\n    .string()\n    .min(1, { message: 'Current password is required' }),\n  newPassword: z\n    .string()\n    .min(6, { message: 'New password must contain at least 6 characters' })\n});\n\n/**\n * Schema for 2FA verification\n */\nexport const twoFaVerifySchema = z.object({\n  code: z.string().min(6, { message: 'Verification code is required' }),\n  sessionId: z.number().optional()\n});\n\n/**\n * Schema for 2FA setup\n */\nexport const twoFaSetupSchema = z.object({\n  code: z.string().min(6, { message: 'Verification code is required' })\n});\n\n/**\n * Schema for 2FA reset request\n */\nexport const twoFaResetSchema = z.object({\n  username: z.string().min(1),\n  password: z.string().min(1)\n});\n\n/**\n * Schema for 2FA reset verification\n */\nexport const twoFaResetVerifySchema = z.object({\n  code: z.number().min(100000).max(999999),\n  username: z.string().min(1)\n});\n\n/**\n * Schema for email verification\n */\nexport const verifyEmailSchema = z.object({\n  code: z.string().min(1, { message: 'Verification code is required' })\n});\n\n/**\n * Schema for resending verification email\n */\nexport const resendVerificationSchema = z.object({\n  email: z.string().email().optional()\n});\n\n/**\n * Schema for biometric verification\n */\nexport const biometricVerifySchema = z.object({});\n\n/**\n * Schema for push token registration\n */\nexport const registerPushTokenSchema = z.object({\n  pushToken: z.string().min(1, { message: 'Push token is required' })\n});\n\n/**\n * Schema for push token deregistration\n */\nexport const deregisterPushTokenSchema = z.object({\n  pushToken: z.string().min(1, { message: 'Push token is required' })\n});\n\n/**\n * Schema for getting 2FA secret\n */\nexport const getTwofaSecretSchema = z.object({\n  pushCode: z.string().min(6, { message: 'Push code is required' })\n});\n\n/**\n * Schema for disabling 2FA\n */\nexport const disableTwofaSchema = z.object({\n  password: z.string().min(1, { message: 'Password is required' })\n});\n\n/**\n * Schema for logout\n */\nexport const logoutSchema = z.object({\n  allDevices: z.boolean().optional().default(false)\n});\n\n/**\n * Schema for ending all sessions\n */\nexport const endAllSessionsSchema = z.object({\n  skipCurrentSession: z.boolean().optional().default(true)\n});\n\n/**\n * Schema for OTP-based login request\n */\nexport const otpLoginRequestSchema = z.object({\n  email: z.string().email({ message: 'Invalid email address' })\n});\n\n/**\n * Schema for OTP-based login verification\n */\nexport const otpLoginVerifySchema = z.object({\n  email: z.string().email(),\n  code: z.number().min(100000).max(999999)\n});\n\nexport type SignupInput = z.infer<typeof signupSchema>;\nexport type LoginInput = z.infer<typeof loginSchema>;\nexport type OAuthLoginInput = z.infer<typeof oAuthLoginSchema>;\nexport type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;\nexport type ChangePasswordInput = z.infer<typeof changePasswordSchema>;\nexport type TwoFaVerifyInput = z.infer<typeof twoFaVerifySchema>;\nexport type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;\nexport type LogoutInput = z.infer<typeof logoutSchema>;\n\n/** Schemas used by auth procedures */\nexport interface AuthSchemas {\n  signup: AnyZodObject;\n  login: AnyZodObject;\n  oauth: AnyZodObject;\n}\n\n\n/**\n * Compute merged ZodObject type.\n * When TExt is defined, produces a schema with both base and extension shapes.\n * When TExt is undefined, produces the base schema.\n */\ntype MergedSchema<TBase extends AnyZodObject, TExt extends AnyZodObject | undefined> =\n  [TExt] extends [AnyZodObject]\n    ? z.ZodObject<TBase['shape'] & TExt['shape'], 'strip', z.ZodTypeAny>\n    : TBase;\n\n/** Result type from createSchemas - preserves concrete schema types */\nexport type CreatedSchemas<TExtensions extends SchemaExtensions = {}> = {\n  signup: MergedSchema<typeof signupSchema, TExtensions['signup']>;\n  login: MergedSchema<typeof loginSchema, TExtensions['login']>;\n  oauth: MergedSchema<typeof oAuthLoginSchema, TExtensions['oauth']>;\n};\n\nexport type SignupSchemaInput<TExtensions extends SchemaExtensions = {}> =\n  SignupInput & (TExtensions['signup'] extends AnyZodObject ? z.infer<TExtensions['signup']> : {});\n\nexport type LoginSchemaInput<TExtensions extends SchemaExtensions = {}> =\n  LoginInput & (TExtensions['login'] extends AnyZodObject ? z.infer<TExtensions['login']> : {});\n\nexport type OAuthSchemaInput<TExtensions extends SchemaExtensions = {}> =\n  OAuthLoginInput & (TExtensions['oauth'] extends AnyZodObject ? z.infer<TExtensions['oauth']> : {});\n\n/** Create schemas with optional extensions merged in */\nexport function createSchemas<TExtensions extends SchemaExtensions = {}>(\n  extensions?: TExtensions\n): CreatedSchemas<TExtensions> {\n  return {\n    signup: extensions?.signup\n      ? signupSchema.merge(extensions.signup)\n      : signupSchema,\n    login: extensions?.login\n      ? loginSchema.merge(extensions.login)\n      : loginSchema,\n    oauth: extensions?.oauth\n      ? oAuthLoginSchema.merge(extensions.oauth)\n      : oAuthLoginSchema\n  } as CreatedSchemas<TExtensions>;\n}\n"],"mappings":";AAAA,SAAS,SAA4B;AAOrC,IAAM,0BAA0B;AAKzB,IAAM,eAAe,EAAE,OAAO;AAAA,EACnC,UAAU,EACP,OAAO,EACP,IAAI,GAAG,EAAE,SAAS,uBAAuB,CAAC,EAC1C,IAAI,IAAI,EAAE,SAAS,yCAAyC,CAAC,EAC7D,MAAM,yBAAyB;AAAA,IAC9B,SAAS;AAAA,EACX,CAAC;AAAA,EACH,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,wBAAwB,CAAC;AAAA,EAC5D,UAAU,EACP,OAAO,EACP,IAAI,GAAG,EAAE,SAAS,8CAA8C,CAAC;AACtE,CAAC;AAKM,IAAM,cAAc,EAAE,OAAO;AAAA,EAClC,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,gCAAgC,CAAC;AAAA,EACxE,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,uBAAuB,CAAC;AAAA,EAC/D,MAAM,EAAE,OAAO,EAAE,SAAS;AAAA;AAC5B,CAAC;AAKM,IAAM,mBAAmB,EAAE,OAAO;AAAA,EACvC,SAAS,EAAE,OAAO;AAAA,EAClB,MAAM,EACH,OAAO;AAAA,IACN,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AAAA,EACrC,CAAC,EACA,SAAS;AAAA,EACZ,UAAU,EAAE,KAAK,CAAC,UAAU,OAAO,CAAC;AACtC,CAAC;AAKM,IAAM,6BAA6B,EAAE,OAAO;AAAA,EACjD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,wBAAwB,CAAC;AAC9D,CAAC;AAKM,IAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,0BAA0B,CAAC;AAAA,EAC/D,UAAU,EACP,OAAO,EACP,IAAI,GAAG,EAAE,SAAS,8CAA8C,CAAC;AACtE,CAAC;AAKM,IAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,OAAO,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,0BAA0B,CAAC;AACjE,CAAC;AAKM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,iBAAiB,EACd,OAAO,EACP,IAAI,GAAG,EAAE,SAAS,+BAA+B,CAAC;AAAA,EACrD,aAAa,EACV,OAAO,EACP,IAAI,GAAG,EAAE,SAAS,kDAAkD,CAAC;AAC1E,CAAC;AAKM,IAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,gCAAgC,CAAC;AAAA,EACpE,WAAW,EAAE,OAAO,EAAE,SAAS;AACjC,CAAC;AAKM,IAAM,mBAAmB,EAAE,OAAO;AAAA,EACvC,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,gCAAgC,CAAC;AACtE,CAAC;AAKM,IAAM,mBAAmB,EAAE,OAAO;AAAA,EACvC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAAA,EAC1B,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAC5B,CAAC;AAKM,IAAM,yBAAyB,EAAE,OAAO;AAAA,EAC7C,MAAM,EAAE,OAAO,EAAE,IAAI,GAAM,EAAE,IAAI,MAAM;AAAA,EACvC,UAAU,EAAE,OAAO,EAAE,IAAI,CAAC;AAC5B,CAAC;AAKM,IAAM,oBAAoB,EAAE,OAAO;AAAA,EACxC,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,gCAAgC,CAAC;AACtE,CAAC;AAKM,IAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;AACrC,CAAC;AAKM,IAAM,wBAAwB,EAAE,OAAO,CAAC,CAAC;AAKzC,IAAM,0BAA0B,EAAE,OAAO;AAAA,EAC9C,WAAW,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,yBAAyB,CAAC;AACpE,CAAC;AAKM,IAAM,4BAA4B,EAAE,OAAO;AAAA,EAChD,WAAW,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,yBAAyB,CAAC;AACpE,CAAC;AAKM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,wBAAwB,CAAC;AAClE,CAAC;AAKM,IAAM,qBAAqB,EAAE,OAAO;AAAA,EACzC,UAAU,EAAE,OAAO,EAAE,IAAI,GAAG,EAAE,SAAS,uBAAuB,CAAC;AACjE,CAAC;AAKM,IAAM,eAAe,EAAE,OAAO;AAAA,EACnC,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,KAAK;AAClD,CAAC;AAKM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,oBAAoB,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AACzD,CAAC;AAKM,IAAM,wBAAwB,EAAE,OAAO;AAAA,EAC5C,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,wBAAwB,CAAC;AAC9D,CAAC;AAKM,IAAM,uBAAuB,EAAE,OAAO;AAAA,EAC3C,OAAO,EAAE,OAAO,EAAE,MAAM;AAAA,EACxB,MAAM,EAAE,OAAO,EAAE,IAAI,GAAM,EAAE,IAAI,MAAM;AACzC,CAAC;AA8CM,SAAS,cACd,YAC6B;AAC7B,SAAO;AAAA,IACL,QAAQ,YAAY,SAChB,aAAa,MAAM,WAAW,MAAM,IACpC;AAAA,IACJ,OAAO,YAAY,QACf,YAAY,MAAM,WAAW,KAAK,IAClC;AAAA,IACJ,OAAO,YAAY,QACf,iBAAiB,MAAM,WAAW,KAAK,IACvC;AAAA,EACN;AACF;","names":[]}