@factiii/auth 0.5.4 → 0.5.6

package/dist/index.mjs

@@ -1,5 +1,4 @@
 import {
-  __require,
   biometricVerifySchema,
   changePasswordSchema,
   checkPasswordResetSchema,
@@ -18,27 +17,28 @@ import {
   twoFaResetVerifySchema,
   twoFaVerifySchema,
   verifyEmailSchema
-} from "./chunk-KUYH4DBN.mjs";
+} from "./chunk-EHI4P63M.mjs";
 
 // src/middleware/authGuard.ts
 import { TRPCError } from "@trpc/server";
 
 // src/adapters/prismaAdapter.ts
 function createPrismaAdapter(prisma) {
+  const db = prisma;
   return {
     user: {
       async findByEmailInsensitive(email) {
-        return prisma.user.findFirst({
+        return db.user.findFirst({
           where: { email: { equals: email, mode: "insensitive" } }
         });
       },
       async findByUsernameInsensitive(username) {
-        return prisma.user.findFirst({
+        return db.user.findFirst({
           where: { username: { equals: username, mode: "insensitive" } }
         });
       },
       async findByEmailOrUsernameInsensitive(identifier) {
-        return prisma.user.findFirst({
+        return db.user.findFirst({
           where: {
             OR: [
               { email: { equals: identifier, mode: "insensitive" } },
@@ -48,7 +48,7 @@ function createPrismaAdapter(prisma) {
         });
       },
       async findByEmailOrOAuthId(email, oauthId) {
-        return prisma.user.findFirst({
+        return db.user.findFirst({
           where: {
             OR: [
               { email: { equals: email, mode: "insensitive" } },
@@ -58,23 +58,23 @@ function createPrismaAdapter(prisma) {
         });
       },
       async findById(id) {
-        return prisma.user.findUnique({ where: { id } });
+        return db.user.findUnique({ where: { id } });
       },
       async findActiveById(id) {
-        return prisma.user.findUnique({
+        return db.user.findUnique({
           where: { id, status: "ACTIVE" }
         });
       },
       async create(data) {
-        return prisma.user.create({ data });
+        return db.user.create({ data });
       },
       async update(id, data) {
-        return prisma.user.update({ where: { id }, data });
+        return db.user.update({ where: { id }, data });
       }
     },
     session: {
       async findById(id) {
-        const session = await prisma.session.findUnique({
+        const session = await db.session.findUnique({
           where: { id },
           select: {
             id: true,
@@ -92,13 +92,13 @@ function createPrismaAdapter(prisma) {
         return session;
       },
       async create(data) {
-        return prisma.session.create({ data });
+        return db.session.create({ data });
       },
       async update(id, data) {
-        return prisma.session.update({ where: { id }, data });
+        return db.session.update({ where: { id }, data });
       },
       async updateLastUsed(id) {
-        const session = await prisma.session.update({
+        const session = await db.session.update({
           where: { id },
           data: { lastUsed: /* @__PURE__ */ new Date() },
           select: {
@@ -117,13 +117,13 @@ function createPrismaAdapter(prisma) {
         return session;
       },
       async revoke(id) {
-        await prisma.session.update({
+        await db.session.update({
           where: { id },
           data: { revokedAt: /* @__PURE__ */ new Date() }
         });
       },
       async findActiveByUserId(userId, excludeSessionId) {
-        return prisma.session.findMany({
+        return db.session.findMany({
           where: {
             userId,
             revokedAt: null,
@@ -133,7 +133,7 @@ function createPrismaAdapter(prisma) {
         });
       },
       async revokeAllByUserId(userId, excludeSessionId) {
-        await prisma.session.updateMany({
+        await db.session.updateMany({
           where: {
             userId,
             revokedAt: null,
@@ -143,13 +143,13 @@ function createPrismaAdapter(prisma) {
         });
       },
       async findTwoFaSecretsByUserId(userId) {
-        return prisma.session.findMany({
+        return db.session.findMany({
           where: { userId, twoFaSecret: { not: null } },
           select: { twoFaSecret: true }
         });
       },
       async clearTwoFaSecrets(userId, excludeSessionId) {
-        await prisma.session.updateMany({
+        await db.session.updateMany({
           where: {
             userId,
             ...excludeSessionId ? { NOT: { id: excludeSessionId } } : {}
@@ -158,7 +158,7 @@ function createPrismaAdapter(prisma) {
         });
       },
       async findByIdWithDevice(id, userId) {
-        const session = await prisma.session.findUnique({
+        const session = await db.session.findUnique({
           where: { id, userId },
           select: {
             twoFaSecret: true,
@@ -169,7 +169,7 @@ function createPrismaAdapter(prisma) {
         return session;
       },
       async revokeByDevicePushToken(userId, pushToken, excludeSessionId) {
-        await prisma.session.updateMany({
+        await db.session.updateMany({
           where: {
             userId,
             id: { not: excludeSessionId },
@@ -180,7 +180,7 @@ function createPrismaAdapter(prisma) {
         });
       },
       async clearDeviceId(userId, deviceId) {
-        await prisma.session.updateMany({
+        await db.session.updateMany({
           where: { userId, deviceId },
           data: { deviceId: null }
         });
@@ -188,39 +188,39 @@ function createPrismaAdapter(prisma) {
     },
     otp: {
       async findValidByUserAndCode(userId, code) {
-        return prisma.oTP.findFirst({
+        return db.oTP.findFirst({
           where: { userId, code, expiresAt: { gte: /* @__PURE__ */ new Date() } }
         });
       },
       async create(data) {
-        return prisma.oTP.create({ data });
+        return db.oTP.create({ data });
       },
       async delete(id) {
-        await prisma.oTP.delete({ where: { id } });
+        await db.oTP.delete({ where: { id } });
       }
     },
     passwordReset: {
       async findById(id) {
-        return prisma.passwordReset.findUnique({
+        return db.passwordReset.findUnique({
           where: { id },
           select: { id: true, createdAt: true, userId: true }
         });
       },
       async create(userId) {
-        return prisma.passwordReset.create({
+        return db.passwordReset.create({
           data: { userId }
         });
       },
       async delete(id) {
-        await prisma.passwordReset.delete({ where: { id } });
+        await db.passwordReset.delete({ where: { id } });
       },
       async deleteAllByUserId(userId) {
-        await prisma.passwordReset.deleteMany({ where: { userId } });
+        await db.passwordReset.deleteMany({ where: { userId } });
       }
     },
     device: {
       async findByTokenSessionAndUser(pushToken, sessionId, userId) {
-        return prisma.device.findFirst({
+        return db.device.findFirst({
           where: {
             pushToken,
             sessions: { some: { id: sessionId } },
@@ -230,7 +230,7 @@ function createPrismaAdapter(prisma) {
         });
       },
       async upsertByPushToken(pushToken, sessionId, userId) {
-        await prisma.device.upsert({
+        await db.device.upsert({
           where: { pushToken },
           create: {
             pushToken,
@@ -244,31 +244,31 @@ function createPrismaAdapter(prisma) {
         });
       },
       async findByUserAndToken(userId, pushToken) {
-        return prisma.device.findFirst({
+        return db.device.findFirst({
           where: { users: { some: { id: userId } }, pushToken },
           select: { id: true }
         });
       },
       async disconnectUser(deviceId, userId) {
-        await prisma.device.update({
+        await db.device.update({
           where: { id: deviceId },
           data: { users: { disconnect: { id: userId } } }
         });
       },
       async hasRemainingUsers(deviceId) {
-        const result = await prisma.device.findUnique({
+        const result = await db.device.findUnique({
           where: { id: deviceId },
           select: { users: { select: { id: true }, take: 1 } }
         });
         return (result?.users.length ?? 0) > 0;
       },
       async delete(id) {
-        await prisma.device.delete({ where: { id } });
+        await db.device.delete({ where: { id } });
       }
     },
     admin: {
       async findByUserId(userId) {
-        return prisma.admin.findFirst({
+        return db.admin.findFirst({
           where: { userId },
           select: { ip: true }
         });
@@ -330,295 +330,10 @@ function createConsoleEmailAdapter() {
   };
 }
 
-// src/adapters/drizzleAdapter.ts
-function createDrizzleAdapter(db, tables) {
-  const {
-    eq,
-    and,
-    or,
-    isNull,
-    isNotNull,
-    gte,
-    ne,
-    sql
-  } = __require("drizzle-orm");
-  const { users, sessions, otps, passwordResets, devices, admins } = tables;
-  return {
-    user: {
-      async findByEmailInsensitive(email) {
-        const rows = await db.select().from(users).where(sql`lower(${users.email}) = lower(${email})`).limit(1);
-        return rows[0] ?? null;
-      },
-      async findByUsernameInsensitive(username) {
-        const rows = await db.select().from(users).where(sql`lower(${users.username}) = lower(${username})`).limit(1);
-        return rows[0] ?? null;
-      },
-      async findByEmailOrUsernameInsensitive(identifier) {
-        const rows = await db.select().from(users).where(
-          or(
-            sql`lower(${users.email}) = lower(${identifier})`,
-            sql`lower(${users.username}) = lower(${identifier})`
-          )
-        ).limit(1);
-        return rows[0] ?? null;
-      },
-      async findByEmailOrOAuthId(email, oauthId) {
-        const rows = await db.select().from(users).where(
-          or(
-            sql`lower(${users.email}) = lower(${email})`,
-            eq(users.oauthId, oauthId)
-          )
-        ).limit(1);
-        return rows[0] ?? null;
-      },
-      async findById(id) {
-        const rows = await db.select().from(users).where(eq(users.id, id)).limit(1);
-        return rows[0] ?? null;
-      },
-      async findActiveById(id) {
-        const rows = await db.select().from(users).where(and(eq(users.id, id), eq(users.status, "ACTIVE"))).limit(1);
-        return rows[0] ?? null;
-      },
-      async create(data) {
-        const rows = await db.insert(users).values(data).returning();
-        return rows[0];
-      },
-      async update(id, data) {
-        const rows = await db.update(users).set(data).where(eq(users.id, id)).returning();
-        return rows[0];
-      }
-    },
-    session: {
-      async findById(id) {
-        const rows = await db.select({
-          id: sessions.id,
-          userId: sessions.userId,
-          socketId: sessions.socketId,
-          twoFaSecret: sessions.twoFaSecret,
-          browserName: sessions.browserName,
-          issuedAt: sessions.issuedAt,
-          lastUsed: sessions.lastUsed,
-          revokedAt: sessions.revokedAt,
-          deviceId: sessions.deviceId,
-          user: {
-            status: users.status,
-            verifiedHumanAt: users.verifiedHumanAt
-          }
-        }).from(sessions).innerJoin(users, eq(sessions.userId, users.id)).where(eq(sessions.id, id)).limit(1);
-        return rows[0] ?? null;
-      },
-      async create(data) {
-        const rows = await db.insert(sessions).values(data).returning();
-        return rows[0];
-      },
-      async update(id, data) {
-        const rows = await db.update(sessions).set(data).where(eq(sessions.id, id)).returning();
-        return rows[0];
-      },
-      async updateLastUsed(id) {
-        await db.update(sessions).set({ lastUsed: /* @__PURE__ */ new Date() }).where(eq(sessions.id, id));
-        const rows = await db.select({
-          id: sessions.id,
-          userId: sessions.userId,
-          socketId: sessions.socketId,
-          twoFaSecret: sessions.twoFaSecret,
-          browserName: sessions.browserName,
-          issuedAt: sessions.issuedAt,
-          lastUsed: sessions.lastUsed,
-          revokedAt: sessions.revokedAt,
-          deviceId: sessions.deviceId,
-          user: {
-            verifiedHumanAt: users.verifiedHumanAt
-          }
-        }).from(sessions).innerJoin(users, eq(sessions.userId, users.id)).where(eq(sessions.id, id)).limit(1);
-        return rows[0];
-      },
-      async revoke(id) {
-        await db.update(sessions).set({ revokedAt: /* @__PURE__ */ new Date() }).where(eq(sessions.id, id));
-      },
-      async findActiveByUserId(userId, excludeSessionId) {
-        const conditions = [eq(sessions.userId, userId), isNull(sessions.revokedAt)];
-        if (excludeSessionId !== void 0) {
-          conditions.push(ne(sessions.id, excludeSessionId));
-        }
-        return db.select({
-          id: sessions.id,
-          socketId: sessions.socketId,
-          userId: sessions.userId
-        }).from(sessions).where(and(...conditions));
-      },
-      async revokeAllByUserId(userId, excludeSessionId) {
-        const conditions = [eq(sessions.userId, userId), isNull(sessions.revokedAt)];
-        if (excludeSessionId !== void 0) {
-          conditions.push(ne(sessions.id, excludeSessionId));
-        }
-        await db.update(sessions).set({ revokedAt: /* @__PURE__ */ new Date() }).where(and(...conditions));
-      },
-      async findTwoFaSecretsByUserId(userId) {
-        return db.select({ twoFaSecret: sessions.twoFaSecret }).from(sessions).where(and(eq(sessions.userId, userId), isNotNull(sessions.twoFaSecret)));
-      },
-      async clearTwoFaSecrets(userId, excludeSessionId) {
-        const conditions = [eq(sessions.userId, userId)];
-        if (excludeSessionId !== void 0) {
-          conditions.push(ne(sessions.id, excludeSessionId));
-        }
-        await db.update(sessions).set({ twoFaSecret: null }).where(and(...conditions));
-      },
-      async findByIdWithDevice(id, userId) {
-        const rows = await db.select({
-          twoFaSecret: sessions.twoFaSecret,
-          deviceId: sessions.deviceId,
-          device: {
-            pushToken: devices.pushToken
-          }
-        }).from(sessions).leftJoin(devices, eq(sessions.deviceId, devices.id)).where(and(eq(sessions.id, id), eq(sessions.userId, userId))).limit(1);
-        if (!rows[0]) return null;
-        const row = rows[0];
-        return {
-          twoFaSecret: row.twoFaSecret,
-          deviceId: row.deviceId,
-          device: row.device?.pushToken ? { pushToken: row.device.pushToken } : null
-        };
-      },
-      async revokeByDevicePushToken(userId, pushToken, excludeSessionId) {
-        const deviceRows = await db.select({ id: devices.id }).from(devices).where(eq(devices.pushToken, pushToken)).limit(1);
-        if (!deviceRows[0]) return;
-        await db.update(sessions).set({ revokedAt: /* @__PURE__ */ new Date() }).where(
-          and(
-            eq(sessions.userId, userId),
-            ne(sessions.id, excludeSessionId),
-            isNull(sessions.revokedAt),
-            eq(sessions.deviceId, deviceRows[0].id)
-          )
-        );
-      },
-      async clearDeviceId(userId, deviceId) {
-        await db.update(sessions).set({ deviceId: null }).where(and(eq(sessions.userId, userId), eq(sessions.deviceId, deviceId)));
-      }
-    },
-    otp: {
-      async findValidByUserAndCode(userId, code) {
-        const rows = await db.select().from(otps).where(
-          and(eq(otps.userId, userId), eq(otps.code, code), gte(otps.expiresAt, /* @__PURE__ */ new Date()))
-        ).limit(1);
-        return rows[0] ?? null;
-      },
-      async create(data) {
-        const rows = await db.insert(otps).values(data).returning();
-        return rows[0];
-      },
-      async delete(id) {
-        await db.delete(otps).where(eq(otps.id, id));
-      }
-    },
-    passwordReset: {
-      async findById(id) {
-        const rows = await db.select({
-          id: passwordResets.id,
-          createdAt: passwordResets.createdAt,
-          userId: passwordResets.userId
-        }).from(passwordResets).where(eq(passwordResets.id, id)).limit(1);
-        return rows[0] ?? null;
-      },
-      async create(userId) {
-        const rows = await db.insert(passwordResets).values({ userId }).returning();
-        return rows[0];
-      },
-      async delete(id) {
-        await db.delete(passwordResets).where(eq(passwordResets.id, id));
-      },
-      async deleteAllByUserId(userId) {
-        await db.delete(passwordResets).where(eq(passwordResets.userId, userId));
-      }
-    },
-    device: {
-      async findByTokenSessionAndUser(pushToken, sessionId, userId) {
-        const rows = await db.select({ id: devices.id }).from(devices).where(eq(devices.pushToken, pushToken)).limit(1);
-        if (!rows[0]) return null;
-        if (tables.devicesToSessions && tables.devicesToUsers) {
-          const sessionLink = await db.select().from(tables.devicesToSessions).where(
-            and(
-              eq(tables.devicesToSessions.deviceId, rows[0].id),
-              eq(tables.devicesToSessions.sessionId, sessionId)
-            )
-          ).limit(1);
-          const userLink = await db.select().from(tables.devicesToUsers).where(
-            and(
-              eq(tables.devicesToUsers.deviceId, rows[0].id),
-              eq(tables.devicesToUsers.userId, userId)
-            )
-          ).limit(1);
-          if (!sessionLink[0] || !userLink[0]) return null;
-        }
-        return { id: rows[0].id };
-      },
-      async upsertByPushToken(pushToken, sessionId, userId) {
-        const existing = await db.select({ id: devices.id }).from(devices).where(eq(devices.pushToken, pushToken)).limit(1);
-        let deviceId;
-        if (existing[0]) {
-          deviceId = existing[0].id;
-        } else {
-          const rows = await db.insert(devices).values({ pushToken }).returning({ id: devices.id });
-          deviceId = rows[0].id;
-        }
-        if (tables.devicesToSessions) {
-          await db.insert(tables.devicesToSessions).values({ deviceId, sessionId }).onConflictDoNothing();
-        }
-        if (tables.devicesToUsers) {
-          await db.insert(tables.devicesToUsers).values({ deviceId, userId }).onConflictDoNothing();
-        }
-        await db.update(sessions).set({ deviceId }).where(eq(sessions.id, sessionId));
-      },
-      async findByUserAndToken(userId, pushToken) {
-        if (tables.devicesToUsers) {
-          const rows2 = await db.select({ id: devices.id }).from(devices).innerJoin(
-            tables.devicesToUsers,
-            eq(devices.id, tables.devicesToUsers.deviceId)
-          ).where(
-            and(
-              eq(devices.pushToken, pushToken),
-              eq(tables.devicesToUsers.userId, userId)
-            )
-          ).limit(1);
-          return rows2[0] ? { id: rows2[0].id } : null;
-        }
-        const rows = await db.select({ id: devices.id }).from(devices).where(eq(devices.pushToken, pushToken)).limit(1);
-        return rows[0] ? { id: rows[0].id } : null;
-      },
-      async disconnectUser(deviceId, userId) {
-        if (tables.devicesToUsers) {
-          await db.delete(tables.devicesToUsers).where(
-            and(
-              eq(tables.devicesToUsers.deviceId, deviceId),
-              eq(tables.devicesToUsers.userId, userId)
-            )
-          );
-        }
-      },
-      async hasRemainingUsers(deviceId) {
-        if (tables.devicesToUsers) {
-          const rows = await db.select({ userId: tables.devicesToUsers.userId }).from(tables.devicesToUsers).where(eq(tables.devicesToUsers.deviceId, deviceId)).limit(1);
-          return rows.length > 0;
-        }
-        return false;
-      },
-      async delete(id) {
-        await db.delete(devices).where(eq(devices.id, id));
-      }
-    },
-    admin: {
-      async findByUserId(userId) {
-        const rows = await db.select({ ip: admins.ip }).from(admins).where(eq(admins.userId, userId)).limit(1);
-        return rows[0] ?? null;
-      }
-    }
-  };
-}
-
 // src/utilities/config.ts
 var defaultTokenSettings = {
-  jwtExpiry: 30 * 24 * 60 * 60,
-  // 30 days in seconds
+  jwtExpiry: 365 * 24 * 60 * 60,
+  // 1 year in seconds
   passwordResetExpiryMs: 60 * 60 * 1e3,
   // 1 hour
   otpValidityMs: 15 * 60 * 1e3
@@ -629,8 +344,8 @@ var defaultCookieSettings = {
   sameSite: "Strict",
   httpOnly: false,
   path: "/",
-  maxAge: 30 * 24 * 60 * 60
-  // 30 days in seconds
+  maxAge: 365 * 24 * 60 * 60
+  // 1 year in seconds (matches jwtExpiry)
 };
 var defaultStorageKeys = {
   authToken: "auth-token"
@@ -1080,6 +795,36 @@ function validatePasswordStrength(password, minLength = 6) {
   return { valid: true };
 }
 
+// src/utilities/session.ts
+async function createSessionWithToken(config, params) {
+  const { userId, browserName, socketId, deviceId, extraSessionData } = params;
+  const session = await config.database.session.create({
+    userId,
+    browserName,
+    socketId,
+    ...deviceId != null ? { deviceId } : {},
+    ...extraSessionData
+  });
+  const user = await config.database.user.findById(userId);
+  const accessToken = createAuthToken(
+    {
+      id: session.id,
+      userId: session.userId,
+      verifiedHumanAt: user?.verifiedHumanAt ?? null
+    },
+    {
+      secret: config.secrets.jwt,
+      expiresIn: config.tokenSettings.jwtExpiry
+    }
+  );
+  return { accessToken, sessionId: session.id };
+}
+async function createSessionWithTokenAndCookie(config, params, res) {
+  const result = await createSessionWithToken(config, params);
+  setAuthCookie(res, result.accessToken, config.cookieSettings, config.storageKeys);
+  return result;
+}
+
 // src/utilities/totp.ts
 import crypto from "crypto";
 import { TOTP } from "totp-generator";
@@ -1963,13 +1708,15 @@ var TwoFaProcedureFactory = class {
 import { initTRPC } from "@trpc/server";
 import SuperJSON from "superjson";
 import { ZodError } from "zod";
+function hasStringProp(obj, key) {
+  return typeof obj === "object" && obj !== null && key in obj && typeof obj[key] === "string";
+}
 function isPrismaConnectionError(error) {
   if (!error || typeof error !== "object") {
     return false;
   }
-  const errorCode = error.code;
-  if (errorCode && typeof errorCode === "string") {
-    const codeMatch = errorCode.match(/^P(\d+)$/);
+  if (hasStringProp(error, "code")) {
+    const codeMatch = error.code.match(/^P(\d+)$/);
     if (codeMatch) {
       const codeNum = parseInt(codeMatch[1], 10);
       if (codeNum >= 1e3 && codeNum <= 1003) {
@@ -1979,14 +1726,13 @@ function isPrismaConnectionError(error) {
   }
   const constructorName = error.constructor?.name || "";
   if (constructorName.includes("Prisma")) {
-    const errorMessage = error.message?.toLowerCase() || "";
+    const errorMessage = hasStringProp(error, "message") ? error.message.toLowerCase() : "";
     if (errorMessage.includes("can't reach database") || errorMessage.includes("authentication failed") || errorMessage.includes("database server") || errorMessage.includes("timeout") || errorMessage.includes("connection")) {
       return true;
     }
   }
-  const cause = error.cause;
-  if (cause) {
-    return isPrismaConnectionError(cause);
+  if ("cause" in error) {
+    return isPrismaConnectionError(error.cause);
   }
   return false;
 }
@@ -2032,8 +1778,9 @@ function createBaseProcedure(t, authGuard) {
 }
 function getClientIp(req) {
   const forwarded = req.headers["x-forwarded-for"];
-  if (forwarded) {
-    return forwarded.split(",")[0]?.trim();
+  const forwardedStr = Array.isArray(forwarded) ? forwarded[0] : forwarded;
+  if (forwardedStr) {
+    return forwardedStr.split(",")[0]?.trim();
   }
   return req.socket.remoteAddress || void 0;
 }
@@ -2051,7 +1798,7 @@ var AuthRouterFactory = class {
   constructor(userConfig) {
     this.userConfig = userConfig;
     this.config = createAuthConfig(this.userConfig);
-    this.schemas = createSchemas(this.config.schemaExtensions);
+    this.schemas = createSchemas(this.userConfig.schemaExtensions);
     this.t = createTrpcBuilder(this.config);
     this.authGuard = createAuthGuard(this.config, this.t);
     this.procedure = createBaseProcedure(this.t, this.authGuard);
@@ -2108,10 +1855,11 @@ export {
   createAuthRouter,
   createAuthToken,
   createConsoleEmailAdapter,
-  createDrizzleAdapter,
   createNoopEmailAdapter,
   createOAuthVerifier,
   createPrismaAdapter,
+  createSessionWithToken,
+  createSessionWithTokenAndCookie,
   decodeToken,
   defaultAuthConfig,
   defaultCookieSettings,

package/dist/validators.mjs

@@ -17,7 +17,7 @@ import {
   twoFaResetVerifySchema,
   twoFaVerifySchema,
   verifyEmailSchema
-} from "./chunk-KUYH4DBN.mjs";
+} from "./chunk-EHI4P63M.mjs";
 export {
   biometricVerifySchema,
   changePasswordSchema,