npm - @factiii/auth - Versions diffs - 0.5.3 → 0.5.5 - Mend

@factiii/auth 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/bin/init.mjs +449 -64
package/dist/{chunk-EHI4P63M.mjs → chunk-KUYH4DBN.mjs} +8 -0
package/dist/index.d.mts +285 -19
package/dist/index.d.ts +285 -19
package/dist/index.js +726 -390
package/dist/index.mjs +724 -391
package/dist/validators.d.mts +1 -1
package/dist/validators.d.ts +1 -1
package/dist/validators.mjs +1 -1
package/package.json +29 -21
package/dist/{hooks-BXNxNK4S.d.mts → hooks-yHGJ7C6_.d.mts} +2 -2
package/dist/{hooks-BXNxNK4S.d.ts → hooks-yHGJ7C6_.d.ts} +2 -2

package/dist/index.d.ts CHANGED Viewed

@@ -1,13 +1,12 @@
 import * as http from 'http';
 import * as SuperJSON from 'superjson';
 import SuperJSON__default from 'superjson';
-import * as _prisma_client from '@prisma/client';
-import { PrismaClient } from '@prisma/client';
 import * as _trpc_server from '@trpc/server';
 import * as zod from 'zod';
 import { CreateHTTPContextOptions } from '@trpc/server/adapters/standalone';
-import { S as SchemaExtensions, A as AuthHooks } from './hooks-BXNxNK4S.js';
-export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-BXNxNK4S.js';
+import { S as SchemaExtensions, A as AuthHooks } from './hooks-yHGJ7C6_.js';
+export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-yHGJ7C6_.js';
+import { AnyPgTable, PgColumn, PgDatabase, PgQueryResultHKT } from 'drizzle-orm/pg-core';
 //# sourceMappingURL=TRPCError.d.ts.map
 //#endregion
@@ -149,6 +148,215 @@ declare function createNoopEmailAdapter(): EmailAdapter;
  */
 declare function createConsoleEmailAdapter(): EmailAdapter;
+/**
+ * ORM-agnostic database adapter interface for @factiii/auth.
+ * Implement this interface to use any database/ORM with the auth library.
+ */
+interface AuthUser {
+    id: number;
+    status: string;
+    email: string;
+    username: string;
+    password: string | null;
+    twoFaEnabled: boolean;
+    oauthProvider: string | null;
+    oauthId: string | null;
+    tag: string;
+    verifiedHumanAt: Date | null;
+    emailVerificationStatus: string;
+    otpForEmailVerification: string | null;
+    isActive: boolean;
+}
+interface AuthSession {
+    id: number;
+    userId: number;
+    socketId: string | null;
+    twoFaSecret: string | null;
+    browserName: string;
+    issuedAt: Date;
+    lastUsed: Date;
+    revokedAt: Date | null;
+    deviceId: number | null;
+}
+interface AuthOTP {
+    id: number;
+    code: number;
+    expiresAt: Date;
+    userId: number;
+}
+interface AuthPasswordReset {
+    id: string;
+    createdAt: Date;
+    userId: number;
+}
+interface CreateUserData {
+    username: string;
+    email: string;
+    password: string | null;
+    status: string;
+    tag: string;
+    twoFaEnabled: boolean;
+    emailVerificationStatus: string;
+    verifiedHumanAt: Date | null;
+    oauthProvider?: string;
+    oauthId?: string;
+}
+interface CreateSessionData {
+    userId: number;
+    browserName: string;
+    socketId: string | null;
+    [key: string]: unknown;
+}
+type SessionWithUser = AuthSession & {
+    user: {
+        status: string;
+        verifiedHumanAt: Date | null;
+    };
+};
+type SessionWithDevice = {
+    twoFaSecret: string | null;
+    deviceId: number | null;
+    device: {
+        pushToken: string;
+    } | null;
+};
+interface DatabaseAdapter {
+    user: {
+        findByEmailInsensitive(email: string): Promise<AuthUser | null>;
+        findByUsernameInsensitive(username: string): Promise<AuthUser | null>;
+        findByEmailOrUsernameInsensitive(identifier: string): Promise<AuthUser | null>;
+        findByEmailOrOAuthId(email: string, oauthId: string): Promise<AuthUser | null>;
+        findById(id: number): Promise<AuthUser | null>;
+        findActiveById(id: number): Promise<AuthUser | null>;
+        create(data: CreateUserData): Promise<AuthUser>;
+        update(id: number, data: Partial<Omit<AuthUser, 'id'>>): Promise<AuthUser>;
+    };
+    session: {
+        /** Find session by ID with user status and verifiedHumanAt joined. */
+        findById(id: number): Promise<SessionWithUser | null>;
+        create(data: CreateSessionData): Promise<AuthSession>;
+        update(id: number, data: Partial<Pick<AuthSession, 'revokedAt' | 'lastUsed' | 'twoFaSecret' | 'deviceId'>>): Promise<AuthSession>;
+        /** Update lastUsed and return session with user's verifiedHumanAt. */
+        updateLastUsed(id: number): Promise<AuthSession & {
+            user: {
+                verifiedHumanAt: Date | null;
+            };
+        }>;
+        /** Set revokedAt on a single session. */
+        revoke(id: number): Promise<void>;
+        /** Find active (non-revoked) sessions for a user, optionally excluding one. */
+        findActiveByUserId(userId: number, excludeSessionId?: number): Promise<Pick<AuthSession, 'id' | 'socketId' | 'userId'>[]>;
+        /** Revoke all active sessions for a user, optionally excluding one. */
+        revokeAllByUserId(userId: number, excludeSessionId?: number): Promise<void>;
+        /** Get twoFaSecret from all sessions that have one for a user. */
+        findTwoFaSecretsByUserId(userId: number): Promise<{
+            twoFaSecret: string | null;
+        }[]>;
+        /** Clear twoFaSecret on sessions for a user, optionally excluding one. */
+        clearTwoFaSecrets(userId: number, excludeSessionId?: number): Promise<void>;
+        /** Find session with device relation for TOTP verification. */
+        findByIdWithDevice(id: number, userId: number): Promise<SessionWithDevice | null>;
+        /** Revoke other sessions that share a device push token. */
+        revokeByDevicePushToken(userId: number, pushToken: string, excludeSessionId: number): Promise<void>;
+        /** Clear deviceId on all sessions for a user+device pair. */
+        clearDeviceId(userId: number, deviceId: number): Promise<void>;
+    };
+    otp: {
+        findValidByUserAndCode(userId: number, code: number): Promise<AuthOTP | null>;
+        create(data: {
+            userId: number;
+            code: number;
+            expiresAt: Date;
+        }): Promise<AuthOTP>;
+        delete(id: number): Promise<void>;
+    };
+    passwordReset: {
+        findById(id: string): Promise<AuthPasswordReset | null>;
+        create(userId: number): Promise<AuthPasswordReset>;
+        delete(id: string): Promise<void>;
+        deleteAllByUserId(userId: number): Promise<void>;
+    };
+    device: {
+        findByTokenSessionAndUser(pushToken: string, sessionId: number, userId: number): Promise<{
+            id: number;
+        } | null>;
+        upsertByPushToken(pushToken: string, sessionId: number, userId: number): Promise<void>;
+        findByUserAndToken(userId: number, pushToken: string): Promise<{
+            id: number;
+        } | null>;
+        disconnectUser(deviceId: number, userId: number): Promise<void>;
+        hasRemainingUsers(deviceId: number): Promise<boolean>;
+        delete(id: number): Promise<void>;
+    };
+    admin: {
+        findByUserId(userId: number): Promise<{
+            ip: string;
+        } | null>;
+    };
+}
+/**
+ * Creates a DatabaseAdapter backed by Prisma.
+ * Pass your generated PrismaClient instance — its full types are preserved at the call site.
+ */
+declare function createPrismaAdapter(prisma: unknown): DatabaseAdapter;
+/**
+ * A Postgres Drizzle table with column properties accessible by name.
+ * `AnyPgTable` is Drizzle's base Postgres table type; intersecting with
+ * `Record<string, Column>` exposes the column descriptors for index access.
+ */
+type DrizzleTable = AnyPgTable & Record<string, PgColumn>;
+/**
+ * Drizzle table references required by the adapter.
+ * Consumers pass their Drizzle Postgres table objects so the adapter
+ * can build queries without knowing the schema file location.
+ *
+ * **Note:** This adapter only supports PostgreSQL via `drizzle-orm/pg-core`.
+ */
+interface DrizzleAdapterTables {
+    users: DrizzleTable;
+    sessions: DrizzleTable;
+    otps: DrizzleTable;
+    passwordResets: DrizzleTable;
+    devices: DrizzleTable;
+    admins: DrizzleTable;
+    /** Join table for many-to-many device↔user relation (if applicable). */
+    devicesToUsers?: DrizzleTable;
+    /** Join table for many-to-many device↔session relation (if applicable). */
+    devicesToSessions?: DrizzleTable;
+}
+/**
+ * Any `PgDatabase` instance, regardless of the underlying driver
+ * (node-postgres, postgres.js, Neon, PGLite, etc.).
+ */
+type AnyPgDatabase = PgDatabase<PgQueryResultHKT, Record<string, unknown>>;
+/**
+ * Creates a DatabaseAdapter backed by Drizzle ORM.
+ *
+ * Usage:
+ * ```ts
+ * import { drizzle } from 'drizzle-orm/node-postgres';
+ * import { createDrizzleAdapter } from '@factiii/auth';
+ * import * as schema from './schema';
+ *
+ * const db = drizzle(pool, { schema });
+ * const adapter = createDrizzleAdapter(db, {
+ *   users: schema.users,
+ *   sessions: schema.sessions,
+ *   otps: schema.otps,
+ *   passwordResets: schema.passwordResets,
+ *   devices: schema.devices,
+ *   admins: schema.admins,
+ * });
+ * ```
+ *
+ * **Important:** This adapter uses Drizzle's relational query API (`db.query.*`)
+ * for joins and `db.insert/update/delete` for mutations. Make sure your Drizzle
+ * instance is created with `{ schema }` so relational queries work.
+ */
+declare function createDrizzleAdapter(db: AnyPgDatabase, tables: DrizzleAdapterTables): DatabaseAdapter;
 /**
  * JWT payload structure
  */
@@ -241,9 +449,15 @@ interface AuthFeatures {
 }
 interface AuthConfig<TExtensions extends SchemaExtensions = {}> {
     /**
-     * Prisma client instance with required models
+     * Database adapter (use createPrismaAdapter or implement your own).
+     * If omitted but `prisma` is provided, a PrismaAdapter is created automatically.
+     */
+    database?: DatabaseAdapter;
+    /**
+     * @deprecated Use `database` with createPrismaAdapter() instead.
+     * Prisma client instance — kept for backwards compatibility.
      */
-    prisma: PrismaClient;
+    prisma?: unknown;
     /**
      * Secret keys for JWT signing
      */
@@ -299,9 +513,9 @@ declare function createAuthGuard(config: AuthConfig, t: TrpcBuilder): _trpc_serv
     userId: number;
     socketId: string | null;
     sessionId: number;
+    ip: string | undefined;
     headers: http.IncomingHttpHeaders;
     res: http.ServerResponse<http.IncomingMessage>;
-    ip: string | undefined;
 }, unknown>;
 /**
@@ -318,13 +532,17 @@ declare const defaultCookieSettings: CookieSettings;
 declare const defaultStorageKeys: {
     authToken: string;
 };
+/** Resolved config type with database adapter guaranteed. */
+type ResolvedAuthConfig = Required<Omit<AuthConfig, 'hooks' | 'oauthKeys' | 'schemaExtensions' | 'prisma'>> & AuthConfig & {
+    database: DatabaseAdapter;
+};
 /**
- * Create a fully resolved auth config with defaults applied
+ * Create a fully resolved auth config with defaults applied.
+ * Accepts either `database` (adapter) or `prisma` (auto-wrapped).
  */
-declare function createAuthConfig(config: AuthConfig): Required<Omit<AuthConfig, 'hooks' | 'oauthKeys' | 'schemaExtensions'>> & AuthConfig;
-type ResolvedAuthConfig = ReturnType<typeof createAuthConfig>;
+declare function createAuthConfig(config: AuthConfig): ResolvedAuthConfig;
 /**
- * Default auth config (requires prisma and secrets to be provided)
+ * Default auth config (requires database/prisma and secrets to be provided)
  */
 declare const defaultAuthConfig: {
     features: AuthFeatures;
@@ -438,7 +656,7 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                 input: void;
                 output: {
                     email: string;
-                    status: _prisma_client.$Enums.EmailVerificationStatus;
+                    status: string;
                     isVerified: boolean;
                 };
                 meta: Meta;
@@ -659,12 +877,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }>>["in"] extends infer T_7 ? T_7 extends inferParser<[TExtensions["signup"]] extends [zod.AnyZodObject] ? zod.ZodObject<{
                     username: zod.ZodString;
@@ -683,12 +901,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }, {
-                    email: string;
                     username: string;
+                    email: string;
                     password: string;
                 }>>["in"] ? T_7 extends _trpc_server.TRPCUnsetMarker ? void : T_7 : never : never;
                 output: {
@@ -871,17 +1089,17 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
         sessionId: number;
         userId: number;
         socketId: string | null;
+        ip: string | undefined;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
-        ip: string | undefined;
     }, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, false>;
     authProcedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
         sessionId: number;
         userId: number;
         socketId: string | null;
+        ip: string | undefined;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
-        ip: string | undefined;
     }, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, false>;
     createContext: ({ req, res }: CreateHTTPContextOptions) => TrpcContext;
 };
@@ -1012,6 +1230,54 @@ declare function validatePasswordStrength(password: string, minLength?: number):
     error?: string;
 };
+/**
+ * Parameters for creating a session with a signed JWT token.
+ */
+interface CreateSessionWithTokenParams {
+    /** User ID to create the session for */
+    userId: number;
+    /** Browser name (from user-agent) */
+    browserName: string;
+    /** Socket ID for real-time connections */
+    socketId: string | null;
+    /** Device ID for push notifications */
+    deviceId?: number;
+    /** Extra fields to include in the session record (e.g., instanceId) */
+    extraSessionData?: Record<string, unknown>;
+}
+/**
+ * Result of creating a session with a token.
+ */
+interface SessionWithTokenResult {
+    /** Signed JWT access token */
+    accessToken: string;
+    /** Created session ID */
+    sessionId: number;
+}
+/**
+ * Create a session and sign a JWT token.
+ *
+ * Use this for programmatic auth flows (magic links, auto-login, test helpers)
+ * where you need a token without going through the full login procedure.
+ *
+ * @param config - Resolved auth config (from createAuthConfig)
+ * @param params - Session creation parameters
+ * @returns Signed JWT and session ID
+ */
+declare function createSessionWithToken(config: ResolvedAuthConfig, params: CreateSessionWithTokenParams): Promise<SessionWithTokenResult>;
+/**
+ * Create a session, sign a JWT token, and set the auth cookie on the response.
+ *
+ * Convenience wrapper around {@link createSessionWithToken} for HTTP handlers
+ * that need to set the cookie immediately.
+ *
+ * @param config - Resolved auth config (from createAuthConfig)
+ * @param params - Session creation parameters
+ * @param res - HTTP response to set the cookie on
+ * @returns Signed JWT and session ID
+ */
+declare function createSessionWithTokenAndCookie(config: ResolvedAuthConfig, params: CreateSessionWithTokenParams, res: CreateHTTPContextOptions['res']): Promise<SessionWithTokenResult>;
 /**
  * Generate a random TOTP secret
  * @param length - Length of the secret (default: 16)
@@ -1046,4 +1312,4 @@ declare function verifyTotp(code: string, secret: string): Promise<boolean>;
  */
 declare function generateOtp(min?: number, max?: number): number;
-export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, DEFAULT_STORAGE_KEYS, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, SchemaExtensions, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };
+export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthOTP, type AuthPasswordReset, type AuthRouter, type AuthSession, type AuthUser, type CreateSessionData, type CreateSessionWithTokenParams, type CreateUserData, DEFAULT_STORAGE_KEYS, type DatabaseAdapter, type DrizzleAdapterTables, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, type ResolvedAuthConfig, SchemaExtensions, type SessionWithDevice, type SessionWithTokenResult, type SessionWithUser, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createDrizzleAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, createSessionWithToken, createSessionWithTokenAndCookie, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };