@factiii/auth 0.3.0 → 0.4.0

package/README.md

@@ -69,13 +69,17 @@ createAuthRouter({
     // ... 15+ lifecycle hooks
   },
   tokenSettings: {
-    accessTokenExpiry: '5m',           // JWT expiry (default: 5 minutes)
+    jwtExpiry: 2592000,                  // JWT expiry in seconds (default: 30 days)
     passwordResetExpiryMs: 3600000,    // Reset token expiry (default: 1 hour)
     otpValidityMs: 900000,             // OTP validity window (default: 15 minutes)
   },
 });
 ```
 
+## Auth Approach
+
+Rolling-window JWT. A single token is stored in an HTTP cookie. Calling `refresh` re-issues it with a fresh expiry (default: 30 days), sliding the session forward for active users.
+
 ## Procedures
 
 Auth procedures: `register`, `login`, `logout`, `refresh`, `changePassword`, `resetPassword`, `oAuthLogin`, `enableTwofa`, `disableTwofa`, `sendVerificationEmail`, `verifyEmail`, and more.

package/dist/{chunk-PYVDWODF.mjs → chunk-EHI4P63M.mjs}

@@ -41,9 +41,6 @@ var twoFaVerifySchema = z.object({
   code: z.string().min(6, { message: "Verification code is required" }),
   sessionId: z.number().optional()
 });
-var twoFaSetupSchema = z.object({
-  code: z.string().min(6, { message: "Verification code is required" })
-});
 var twoFaResetSchema = z.object({
   username: z.string().min(1),
   password: z.string().min(1)
@@ -55,9 +52,6 @@ var twoFaResetVerifySchema = z.object({
 var verifyEmailSchema = z.object({
   code: z.string().min(1, { message: "Verification code is required" })
 });
-var resendVerificationSchema = z.object({
-  email: z.string().email().optional()
-});
 var biometricVerifySchema = z.object({});
 var registerPushTokenSchema = z.object({
   pushToken: z.string().min(1, { message: "Push token is required" })
@@ -71,19 +65,9 @@ var getTwofaSecretSchema = z.object({
 var disableTwofaSchema = z.object({
   password: z.string().min(1, { message: "Password is required" })
 });
-var logoutSchema = z.object({
-  allDevices: z.boolean().optional().default(false)
-});
 var endAllSessionsSchema = z.object({
   skipCurrentSession: z.boolean().optional().default(true)
 });
-var otpLoginRequestSchema = z.object({
-  email: z.string().email({ message: "Invalid email address" })
-});
-var otpLoginVerifySchema = z.object({
-  email: z.string().email(),
-  code: z.number().min(1e5).max(999999)
-});
 function createSchemas(extensions) {
   return {
     signup: extensions?.signup ? signupSchema.merge(extensions.signup) : signupSchema,
@@ -101,19 +85,14 @@ export {
   checkPasswordResetSchema,
   changePasswordSchema,
   twoFaVerifySchema,
-  twoFaSetupSchema,
   twoFaResetSchema,
   twoFaResetVerifySchema,
   verifyEmailSchema,
-  resendVerificationSchema,
   biometricVerifySchema,
   registerPushTokenSchema,
   deregisterPushTokenSchema,
   getTwofaSecretSchema,
   disableTwofaSchema,
-  logoutSchema,
   endAllSessionsSchema,
-  otpLoginRequestSchema,
-  otpLoginVerifySchema,
   createSchemas
 };

package/dist/{hooks-B41uikq7.d.mts → hooks-BXNxNK4S.d.mts}

@@ -117,16 +117,6 @@ declare const twoFaVerifySchema: z.ZodObject<{
     code: string;
     sessionId?: number | undefined;
 }>;
-/**
- * Schema for 2FA setup
- */
-declare const twoFaSetupSchema: z.ZodObject<{
-    code: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    code: string;
-}, {
-    code: string;
-}>;
 /**
  * Schema for 2FA reset request
  */
@@ -163,16 +153,6 @@ declare const verifyEmailSchema: z.ZodObject<{
 }, {
     code: string;
 }>;
-/**
- * Schema for resending verification email
- */
-declare const resendVerificationSchema: z.ZodObject<{
-    email: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    email?: string | undefined;
-}, {
-    email?: string | undefined;
-}>;
 /**
  * Schema for biometric verification
  */
@@ -217,16 +197,6 @@ declare const disableTwofaSchema: z.ZodObject<{
 }, {
     password: string;
 }>;
-/**
- * Schema for logout
- */
-declare const logoutSchema: z.ZodObject<{
-    allDevices: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-}, "strip", z.ZodTypeAny, {
-    allDevices: boolean;
-}, {
-    allDevices?: boolean | undefined;
-}>;
 /**
  * Schema for ending all sessions
  */
@@ -237,29 +207,6 @@ declare const endAllSessionsSchema: z.ZodObject<{
 }, {
     skipCurrentSession?: boolean | undefined;
 }>;
-/**
- * Schema for OTP-based login request
- */
-declare const otpLoginRequestSchema: z.ZodObject<{
-    email: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    email: string;
-}, {
-    email: string;
-}>;
-/**
- * Schema for OTP-based login verification
- */
-declare const otpLoginVerifySchema: z.ZodObject<{
-    email: z.ZodString;
-    code: z.ZodNumber;
-}, "strip", z.ZodTypeAny, {
-    email: string;
-    code: number;
-}, {
-    email: string;
-    code: number;
-}>;
 type SignupInput = z.infer<typeof signupSchema>;
 type LoginInput = z.infer<typeof loginSchema>;
 type OAuthLoginInput = z.infer<typeof oAuthLoginSchema>;
@@ -267,7 +214,6 @@ type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;
 type ChangePasswordInput = z.infer<typeof changePasswordSchema>;
 type TwoFaVerifyInput = z.infer<typeof twoFaVerifySchema>;
 type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;
-type LogoutInput = z.infer<typeof logoutSchema>;
 /** Schemas used by auth procedures */
 interface AuthSchemas {
     signup: AnyZodObject;
@@ -397,4 +343,4 @@ interface AuthHooks<TExtensions extends SchemaExtensions = {}> {
     } | null>;
 }
 
-export { type AuthHooks as A, getTwofaSecretSchema as B, type ChangePasswordInput as C, registerPushTokenSchema as D, resendVerificationSchema as E, twoFaResetVerifySchema as F, type LoginInput as L, type OAuthLoginInput as O, type ResetPasswordInput as R, type SchemaExtensions as S, type TwoFaVerifyInput as T, type VerifyEmailInput as V, type LogoutInput as a, type SignupInput as b, biometricVerifySchema as c, changePasswordSchema as d, endAllSessionsSchema as e, logoutSchema as f, otpLoginRequestSchema as g, otpLoginVerifySchema as h, resetPasswordSchema as i, twoFaSetupSchema as j, twoFaVerifySchema as k, loginSchema as l, type AuthSchemas as m, type CreatedSchemas as n, oAuthLoginSchema as o, type LoginSchemaInput as p, type OAuthSchemaInput as q, requestPasswordResetSchema as r, signupSchema as s, twoFaResetSchema as t, type SignupSchemaInput as u, verifyEmailSchema as v, checkPasswordResetSchema as w, createSchemas as x, deregisterPushTokenSchema as y, disableTwofaSchema as z };
+export { type AuthHooks as A, type ChangePasswordInput as C, type LoginInput as L, type OAuthLoginInput as O, type ResetPasswordInput as R, type SchemaExtensions as S, type TwoFaVerifyInput as T, type VerifyEmailInput as V, type SignupInput as a, biometricVerifySchema as b, changePasswordSchema as c, resetPasswordSchema as d, endAllSessionsSchema as e, twoFaVerifySchema as f, type AuthSchemas as g, type CreatedSchemas as h, type LoginSchemaInput as i, type OAuthSchemaInput as j, type SignupSchemaInput as k, loginSchema as l, checkPasswordResetSchema as m, createSchemas as n, oAuthLoginSchema as o, deregisterPushTokenSchema as p, disableTwofaSchema as q, requestPasswordResetSchema as r, signupSchema as s, twoFaResetSchema as t, getTwofaSecretSchema as u, verifyEmailSchema as v, registerPushTokenSchema as w, twoFaResetVerifySchema as x };

package/dist/{hooks-B41uikq7.d.ts → hooks-BXNxNK4S.d.ts}

@@ -117,16 +117,6 @@ declare const twoFaVerifySchema: z.ZodObject<{
     code: string;
     sessionId?: number | undefined;
 }>;
-/**
- * Schema for 2FA setup
- */
-declare const twoFaSetupSchema: z.ZodObject<{
-    code: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    code: string;
-}, {
-    code: string;
-}>;
 /**
  * Schema for 2FA reset request
  */
@@ -163,16 +153,6 @@ declare const verifyEmailSchema: z.ZodObject<{
 }, {
     code: string;
 }>;
-/**
- * Schema for resending verification email
- */
-declare const resendVerificationSchema: z.ZodObject<{
-    email: z.ZodOptional<z.ZodString>;
-}, "strip", z.ZodTypeAny, {
-    email?: string | undefined;
-}, {
-    email?: string | undefined;
-}>;
 /**
  * Schema for biometric verification
  */
@@ -217,16 +197,6 @@ declare const disableTwofaSchema: z.ZodObject<{
 }, {
     password: string;
 }>;
-/**
- * Schema for logout
- */
-declare const logoutSchema: z.ZodObject<{
-    allDevices: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
-}, "strip", z.ZodTypeAny, {
-    allDevices: boolean;
-}, {
-    allDevices?: boolean | undefined;
-}>;
 /**
  * Schema for ending all sessions
  */
@@ -237,29 +207,6 @@ declare const endAllSessionsSchema: z.ZodObject<{
 }, {
     skipCurrentSession?: boolean | undefined;
 }>;
-/**
- * Schema for OTP-based login request
- */
-declare const otpLoginRequestSchema: z.ZodObject<{
-    email: z.ZodString;
-}, "strip", z.ZodTypeAny, {
-    email: string;
-}, {
-    email: string;
-}>;
-/**
- * Schema for OTP-based login verification
- */
-declare const otpLoginVerifySchema: z.ZodObject<{
-    email: z.ZodString;
-    code: z.ZodNumber;
-}, "strip", z.ZodTypeAny, {
-    email: string;
-    code: number;
-}, {
-    email: string;
-    code: number;
-}>;
 type SignupInput = z.infer<typeof signupSchema>;
 type LoginInput = z.infer<typeof loginSchema>;
 type OAuthLoginInput = z.infer<typeof oAuthLoginSchema>;
@@ -267,7 +214,6 @@ type ResetPasswordInput = z.infer<typeof resetPasswordSchema>;
 type ChangePasswordInput = z.infer<typeof changePasswordSchema>;
 type TwoFaVerifyInput = z.infer<typeof twoFaVerifySchema>;
 type VerifyEmailInput = z.infer<typeof verifyEmailSchema>;
-type LogoutInput = z.infer<typeof logoutSchema>;
 /** Schemas used by auth procedures */
 interface AuthSchemas {
     signup: AnyZodObject;
@@ -397,4 +343,4 @@ interface AuthHooks<TExtensions extends SchemaExtensions = {}> {
     } | null>;
 }
 
-export { type AuthHooks as A, getTwofaSecretSchema as B, type ChangePasswordInput as C, registerPushTokenSchema as D, resendVerificationSchema as E, twoFaResetVerifySchema as F, type LoginInput as L, type OAuthLoginInput as O, type ResetPasswordInput as R, type SchemaExtensions as S, type TwoFaVerifyInput as T, type VerifyEmailInput as V, type LogoutInput as a, type SignupInput as b, biometricVerifySchema as c, changePasswordSchema as d, endAllSessionsSchema as e, logoutSchema as f, otpLoginRequestSchema as g, otpLoginVerifySchema as h, resetPasswordSchema as i, twoFaSetupSchema as j, twoFaVerifySchema as k, loginSchema as l, type AuthSchemas as m, type CreatedSchemas as n, oAuthLoginSchema as o, type LoginSchemaInput as p, type OAuthSchemaInput as q, requestPasswordResetSchema as r, signupSchema as s, twoFaResetSchema as t, type SignupSchemaInput as u, verifyEmailSchema as v, checkPasswordResetSchema as w, createSchemas as x, deregisterPushTokenSchema as y, disableTwofaSchema as z };
+export { type AuthHooks as A, type ChangePasswordInput as C, type LoginInput as L, type OAuthLoginInput as O, type ResetPasswordInput as R, type SchemaExtensions as S, type TwoFaVerifyInput as T, type VerifyEmailInput as V, type SignupInput as a, biometricVerifySchema as b, changePasswordSchema as c, resetPasswordSchema as d, endAllSessionsSchema as e, twoFaVerifySchema as f, type AuthSchemas as g, type CreatedSchemas as h, type LoginSchemaInput as i, type OAuthSchemaInput as j, type SignupSchemaInput as k, loginSchema as l, checkPasswordResetSchema as m, createSchemas as n, oAuthLoginSchema as o, deregisterPushTokenSchema as p, disableTwofaSchema as q, requestPasswordResetSchema as r, signupSchema as s, twoFaResetSchema as t, getTwofaSecretSchema as u, verifyEmailSchema as v, registerPushTokenSchema as w, twoFaResetVerifySchema as x };

package/dist/index.d.mts

@@ -6,9 +6,8 @@ import { PrismaClient } from '@prisma/client';
 import * as _trpc_server from '@trpc/server';
 import * as zod from 'zod';
 import { CreateHTTPContextOptions } from '@trpc/server/adapters/standalone';
-import { S as SchemaExtensions, A as AuthHooks } from './hooks-B41uikq7.mjs';
-export { C as ChangePasswordInput, L as LoginInput, a as LogoutInput, O as OAuthLoginInput, R as ResetPasswordInput, b as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, c as biometricVerifySchema, d as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, f as logoutSchema, o as oAuthLoginSchema, g as otpLoginRequestSchema, h as otpLoginVerifySchema, r as requestPasswordResetSchema, i as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, j as twoFaSetupSchema, k as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-B41uikq7.mjs';
-import { SignOptions } from 'jsonwebtoken';
+import { S as SchemaExtensions, A as AuthHooks } from './hooks-BXNxNK4S.mjs';
+export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-BXNxNK4S.mjs';
 
 //# sourceMappingURL=TRPCError.d.ts.map
 //#endregion
@@ -160,13 +159,6 @@ interface JwtPayload {
     exp?: number;
     iat?: number;
 }
-/**
- * Credentials returned after successful authentication
- */
-interface AuthCredentials {
-    accessToken: string;
-    refreshToken: string;
-}
 /**
  * Cookie settings for auth tokens
  */
@@ -175,8 +167,7 @@ interface CookieSettings {
     sameSite: 'Strict' | 'Lax' | 'None';
     domain?: string;
     httpOnly: boolean;
-    accessTokenPath: string;
-    refreshTokenPath: string;
+    path: string;
     maxAge: number;
 }
 
@@ -219,8 +210,8 @@ declare function createOAuthVerifier(keys: OAuthKeys): (provider: OAuthProvider,
  * Token and OTP expiry settings
  */
 interface TokenSettings {
-    /** Access token expiry (e.g., '5m', '1h') */
-    accessTokenExpiry: string;
+    /** JWT expiry in seconds (default: 30 days) */
+    jwtExpiry: number;
     /** Password reset token expiry in ms (default: 1 hour) */
     passwordResetExpiryMs: number;
     /** OTP validity window in ms (default: 15 minutes) */
@@ -294,8 +285,7 @@ interface AuthConfig<TExtensions extends SchemaExtensions = {}> {
      * Cookie storage keys
      */
     storageKeys?: {
-        accessToken: string;
-        refreshToken: string;
+        authToken: string;
     };
     /**
      * Schema extensions for adding custom fields to auth inputs
@@ -309,7 +299,6 @@ declare function createAuthGuard(config: AuthConfig, t: TrpcBuilder): _trpc_serv
     userId: number;
     socketId: string | null;
     sessionId: number;
-    refreshToken: string | undefined;
     headers: http.IncomingHttpHeaders;
     res: http.ServerResponse<http.IncomingMessage>;
     ip: string | undefined;
@@ -327,8 +316,7 @@ declare const defaultCookieSettings: CookieSettings;
  * Default storage keys
  */
 declare const defaultStorageKeys: {
-    accessToken: string;
-    refreshToken: string;
+    authToken: string;
 };
 /**
  * Create a fully resolved auth config with defaults applied
@@ -343,8 +331,7 @@ declare const defaultAuthConfig: {
     tokenSettings: TokenSettings;
     cookieSettings: CookieSettings;
     storageKeys: {
-        accessToken: string;
-        refreshToken: string;
+        authToken: string;
     };
 };
 
@@ -392,7 +379,6 @@ type Meta = {
 interface TrpcContext {
     userId: number | null;
     sessionId: number | null;
-    refreshToken: string | null;
     socketId: string | null;
     headers: CreateHTTPContextOptions['req']['headers'];
     res: CreateHTTPContextOptions['res'];
@@ -877,7 +863,6 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
     procedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
         sessionId: number;
         userId: number;
-        refreshToken: string | undefined;
         socketId: string | null;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
@@ -886,7 +871,6 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
     authProcedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
         sessionId: number;
         userId: number;
-        refreshToken: string | undefined;
         socketId: string | null;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
@@ -916,76 +900,71 @@ declare function isMobileDevice(userAgent: string): boolean;
 declare function isNativeApp(userAgent: string): boolean;
 
 /**
- * Default storage keys for auth cookies
+ * Default storage key for auth cookie
  */
 declare const DEFAULT_STORAGE_KEYS: {
-    ACCESS_TOKEN: string;
-    REFRESH_TOKEN: string;
+    AUTH_TOKEN: string;
 };
 /**
- * Parse auth tokens from cookie header
+ * Parse auth token from cookie header
  * @param cookieHeader - Raw cookie header string
  * @param storageKeys - Custom storage keys (optional)
- * @returns Parsed tokens
+ * @returns Parsed auth token
  */
-declare function parseAuthCookies(cookieHeader: string | undefined, storageKeys?: {
-    accessToken: string;
-    refreshToken: string;
+declare function parseAuthCookie(cookieHeader: string | undefined, storageKeys?: {
+    authToken: string;
 }): {
-    accessToken?: string;
-    refreshToken?: string;
+    authToken?: string;
 };
 /**
- * Set auth cookies on response
+ * Set auth cookie on response
  * @param res - HTTP response object
- * @param credentials - Access and refresh tokens
+ * @param authToken - Auth JWT token
  * @param settings - Cookie settings
  * @param storageKeys - Storage key names
  */
-declare function setAuthCookies(res: CreateHTTPContextOptions['res'], credentials: Partial<AuthCredentials>, settings: Partial<CookieSettings>, storageKeys?: {
-    accessToken: string;
-    refreshToken: string;
+declare function setAuthCookie(res: CreateHTTPContextOptions['res'], authToken: string, settings: Partial<CookieSettings>, storageKeys?: {
+    authToken: string;
 }): void;
 /**
- * Clear auth cookies (for logout)
+ * Clear auth cookie (for logout)
  * @param res - HTTP response object
  * @param settings - Cookie settings
  * @param storageKeys - Storage key names
  */
-declare function clearAuthCookies(res: CreateHTTPContextOptions['res'], settings: Partial<CookieSettings>, storageKeys?: {
-    accessToken: string;
-    refreshToken: string;
+declare function clearAuthCookie(res: CreateHTTPContextOptions['res'], settings: Partial<CookieSettings>, storageKeys?: {
+    authToken: string;
 }): void;
 
 /**
- * Options for creating access tokens
+ * Options for creating auth tokens
  */
 interface CreateTokenOptions {
     secret: string;
-    expiresIn: SignOptions['expiresIn'];
+    expiresIn: number;
 }
 /**
- * Options for verifying access tokens
+ * Options for verifying auth tokens
  */
 interface VerifyTokenOptions {
     secret: string;
     ignoreExpiration?: boolean;
 }
 /**
- * Create a JWT access token
+ * Create a JWT auth token
  * @param payload - Token payload containing session and user info
  * @param options - Token creation options
  * @returns Signed JWT token
  */
-declare function createAccessToken(payload: Omit<JwtPayload, 'exp' | 'iat'>, options: CreateTokenOptions): string;
+declare function createAuthToken(payload: Omit<JwtPayload, 'exp' | 'iat'>, options: CreateTokenOptions): string;
 /**
- * Verify and decode a JWT access token
+ * Verify and decode a JWT auth token
  * @param token - JWT token to verify
  * @param options - Verification options
  * @returns Decoded token payload
  * @throws Error if token is invalid or expired
  */
-declare function verifyAccessToken(token: string, options: VerifyTokenOptions): JwtPayload;
+declare function verifyAuthToken(token: string, options: VerifyTokenOptions): JwtPayload;
 /**
  * Decode a JWT token without verification
  * @param token - JWT token to decode
@@ -1060,4 +1039,4 @@ declare function verifyTotp(code: string, secret: string): Promise<boolean>;
  */
 declare function generateOtp(min?: number, max?: number): number;
 
-export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, DEFAULT_STORAGE_KEYS, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookies, comparePassword, createAccessToken, createAuthConfig, createAuthGuard, createAuthRouter, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookies, setAuthCookies, validatePasswordStrength, verifyAccessToken, verifyTotp };
+export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, DEFAULT_STORAGE_KEYS, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };