@factiii/auth 0.5.5 → 0.5.7

package/dist/index.d.mts

@@ -4,9 +4,10 @@ import SuperJSON__default from 'superjson';
 import * as _trpc_server from '@trpc/server';
 import * as zod from 'zod';
 import { CreateHTTPContextOptions } from '@trpc/server/adapters/standalone';
-import { S as SchemaExtensions, A as AuthHooks } from './hooks-yHGJ7C6_.mjs';
-export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-yHGJ7C6_.mjs';
-import { AnyPgTable, PgColumn, PgDatabase, PgQueryResultHKT } from 'drizzle-orm/pg-core';
+import { D as DatabaseAdapter } from './database-CqnmD1HM.mjs';
+export { A as AuthOTP, a as AuthPasswordReset, b as AuthSession, c as AuthUser, C as CreateSessionData, d as CreateUserData, S as SessionWithDevice, e as SessionWithUser } from './database-CqnmD1HM.mjs';
+import { S as SchemaExtensions, A as AuthHooks } from './hooks-BXNxNK4S.mjs';
+export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-BXNxNK4S.mjs';
 
 //# sourceMappingURL=TRPCError.d.ts.map
 //#endregion
@@ -148,215 +149,12 @@ declare function createNoopEmailAdapter(): EmailAdapter;
  */
 declare function createConsoleEmailAdapter(): EmailAdapter;
 
-/**
- * ORM-agnostic database adapter interface for @factiii/auth.
- * Implement this interface to use any database/ORM with the auth library.
- */
-interface AuthUser {
-    id: number;
-    status: string;
-    email: string;
-    username: string;
-    password: string | null;
-    twoFaEnabled: boolean;
-    oauthProvider: string | null;
-    oauthId: string | null;
-    tag: string;
-    verifiedHumanAt: Date | null;
-    emailVerificationStatus: string;
-    otpForEmailVerification: string | null;
-    isActive: boolean;
-}
-interface AuthSession {
-    id: number;
-    userId: number;
-    socketId: string | null;
-    twoFaSecret: string | null;
-    browserName: string;
-    issuedAt: Date;
-    lastUsed: Date;
-    revokedAt: Date | null;
-    deviceId: number | null;
-}
-interface AuthOTP {
-    id: number;
-    code: number;
-    expiresAt: Date;
-    userId: number;
-}
-interface AuthPasswordReset {
-    id: string;
-    createdAt: Date;
-    userId: number;
-}
-interface CreateUserData {
-    username: string;
-    email: string;
-    password: string | null;
-    status: string;
-    tag: string;
-    twoFaEnabled: boolean;
-    emailVerificationStatus: string;
-    verifiedHumanAt: Date | null;
-    oauthProvider?: string;
-    oauthId?: string;
-}
-interface CreateSessionData {
-    userId: number;
-    browserName: string;
-    socketId: string | null;
-    [key: string]: unknown;
-}
-type SessionWithUser = AuthSession & {
-    user: {
-        status: string;
-        verifiedHumanAt: Date | null;
-    };
-};
-type SessionWithDevice = {
-    twoFaSecret: string | null;
-    deviceId: number | null;
-    device: {
-        pushToken: string;
-    } | null;
-};
-interface DatabaseAdapter {
-    user: {
-        findByEmailInsensitive(email: string): Promise<AuthUser | null>;
-        findByUsernameInsensitive(username: string): Promise<AuthUser | null>;
-        findByEmailOrUsernameInsensitive(identifier: string): Promise<AuthUser | null>;
-        findByEmailOrOAuthId(email: string, oauthId: string): Promise<AuthUser | null>;
-        findById(id: number): Promise<AuthUser | null>;
-        findActiveById(id: number): Promise<AuthUser | null>;
-        create(data: CreateUserData): Promise<AuthUser>;
-        update(id: number, data: Partial<Omit<AuthUser, 'id'>>): Promise<AuthUser>;
-    };
-    session: {
-        /** Find session by ID with user status and verifiedHumanAt joined. */
-        findById(id: number): Promise<SessionWithUser | null>;
-        create(data: CreateSessionData): Promise<AuthSession>;
-        update(id: number, data: Partial<Pick<AuthSession, 'revokedAt' | 'lastUsed' | 'twoFaSecret' | 'deviceId'>>): Promise<AuthSession>;
-        /** Update lastUsed and return session with user's verifiedHumanAt. */
-        updateLastUsed(id: number): Promise<AuthSession & {
-            user: {
-                verifiedHumanAt: Date | null;
-            };
-        }>;
-        /** Set revokedAt on a single session. */
-        revoke(id: number): Promise<void>;
-        /** Find active (non-revoked) sessions for a user, optionally excluding one. */
-        findActiveByUserId(userId: number, excludeSessionId?: number): Promise<Pick<AuthSession, 'id' | 'socketId' | 'userId'>[]>;
-        /** Revoke all active sessions for a user, optionally excluding one. */
-        revokeAllByUserId(userId: number, excludeSessionId?: number): Promise<void>;
-        /** Get twoFaSecret from all sessions that have one for a user. */
-        findTwoFaSecretsByUserId(userId: number): Promise<{
-            twoFaSecret: string | null;
-        }[]>;
-        /** Clear twoFaSecret on sessions for a user, optionally excluding one. */
-        clearTwoFaSecrets(userId: number, excludeSessionId?: number): Promise<void>;
-        /** Find session with device relation for TOTP verification. */
-        findByIdWithDevice(id: number, userId: number): Promise<SessionWithDevice | null>;
-        /** Revoke other sessions that share a device push token. */
-        revokeByDevicePushToken(userId: number, pushToken: string, excludeSessionId: number): Promise<void>;
-        /** Clear deviceId on all sessions for a user+device pair. */
-        clearDeviceId(userId: number, deviceId: number): Promise<void>;
-    };
-    otp: {
-        findValidByUserAndCode(userId: number, code: number): Promise<AuthOTP | null>;
-        create(data: {
-            userId: number;
-            code: number;
-            expiresAt: Date;
-        }): Promise<AuthOTP>;
-        delete(id: number): Promise<void>;
-    };
-    passwordReset: {
-        findById(id: string): Promise<AuthPasswordReset | null>;
-        create(userId: number): Promise<AuthPasswordReset>;
-        delete(id: string): Promise<void>;
-        deleteAllByUserId(userId: number): Promise<void>;
-    };
-    device: {
-        findByTokenSessionAndUser(pushToken: string, sessionId: number, userId: number): Promise<{
-            id: number;
-        } | null>;
-        upsertByPushToken(pushToken: string, sessionId: number, userId: number): Promise<void>;
-        findByUserAndToken(userId: number, pushToken: string): Promise<{
-            id: number;
-        } | null>;
-        disconnectUser(deviceId: number, userId: number): Promise<void>;
-        hasRemainingUsers(deviceId: number): Promise<boolean>;
-        delete(id: number): Promise<void>;
-    };
-    admin: {
-        findByUserId(userId: number): Promise<{
-            ip: string;
-        } | null>;
-    };
-}
-
 /**
  * Creates a DatabaseAdapter backed by Prisma.
  * Pass your generated PrismaClient instance — its full types are preserved at the call site.
  */
 declare function createPrismaAdapter(prisma: unknown): DatabaseAdapter;
 
-/**
- * A Postgres Drizzle table with column properties accessible by name.
- * `AnyPgTable` is Drizzle's base Postgres table type; intersecting with
- * `Record<string, Column>` exposes the column descriptors for index access.
- */
-type DrizzleTable = AnyPgTable & Record<string, PgColumn>;
-/**
- * Drizzle table references required by the adapter.
- * Consumers pass their Drizzle Postgres table objects so the adapter
- * can build queries without knowing the schema file location.
- *
- * **Note:** This adapter only supports PostgreSQL via `drizzle-orm/pg-core`.
- */
-interface DrizzleAdapterTables {
-    users: DrizzleTable;
-    sessions: DrizzleTable;
-    otps: DrizzleTable;
-    passwordResets: DrizzleTable;
-    devices: DrizzleTable;
-    admins: DrizzleTable;
-    /** Join table for many-to-many device↔user relation (if applicable). */
-    devicesToUsers?: DrizzleTable;
-    /** Join table for many-to-many device↔session relation (if applicable). */
-    devicesToSessions?: DrizzleTable;
-}
-/**
- * Any `PgDatabase` instance, regardless of the underlying driver
- * (node-postgres, postgres.js, Neon, PGLite, etc.).
- */
-type AnyPgDatabase = PgDatabase<PgQueryResultHKT, Record<string, unknown>>;
-/**
- * Creates a DatabaseAdapter backed by Drizzle ORM.
- *
- * Usage:
- * ```ts
- * import { drizzle } from 'drizzle-orm/node-postgres';
- * import { createDrizzleAdapter } from '@factiii/auth';
- * import * as schema from './schema';
- *
- * const db = drizzle(pool, { schema });
- * const adapter = createDrizzleAdapter(db, {
- *   users: schema.users,
- *   sessions: schema.sessions,
- *   otps: schema.otps,
- *   passwordResets: schema.passwordResets,
- *   devices: schema.devices,
- *   admins: schema.admins,
- * });
- * ```
- *
- * **Important:** This adapter uses Drizzle's relational query API (`db.query.*`)
- * for joins and `db.insert/update/delete` for mutations. Make sure your Drizzle
- * instance is created with `{ schema }` so relational queries work.
- */
-declare function createDrizzleAdapter(db: AnyPgDatabase, tables: DrizzleAdapterTables): DatabaseAdapter;
-
 /**
  * JWT payload structure
  */
@@ -513,9 +311,9 @@ declare function createAuthGuard(config: AuthConfig, t: TrpcBuilder): _trpc_serv
     userId: number;
     socketId: string | null;
     sessionId: number;
-    ip: string | undefined;
     headers: http.IncomingHttpHeaders;
     res: http.ServerResponse<http.IncomingMessage>;
+    ip: string | undefined;
 }, unknown>;
 
 /**
@@ -877,12 +675,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }>>["in"] extends infer T_7 ? T_7 extends inferParser<[TExtensions["signup"]] extends [zod.AnyZodObject] ? zod.ZodObject<{
                     username: zod.ZodString;
@@ -901,12 +699,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }>>["in"] ? T_7 extends _trpc_server.TRPCUnsetMarker ? void : T_7 : never : never;
                 output: {
@@ -1086,20 +884,20 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
         transformer: true;
     }>;
     procedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
-        sessionId: number;
         userId: number;
         socketId: string | null;
-        ip: string | undefined;
+        sessionId: number;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
+        ip: string | undefined;
     }, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, false>;
     authProcedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
-        sessionId: number;
         userId: number;
         socketId: string | null;
-        ip: string | undefined;
+        sessionId: number;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
+        ip: string | undefined;
     }, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, false>;
     createContext: ({ req, res }: CreateHTTPContextOptions) => TrpcContext;
 };
@@ -1312,4 +1110,4 @@ declare function verifyTotp(code: string, secret: string): Promise<boolean>;
  */
 declare function generateOtp(min?: number, max?: number): number;
 
-export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthOTP, type AuthPasswordReset, type AuthRouter, type AuthSession, type AuthUser, type CreateSessionData, type CreateSessionWithTokenParams, type CreateUserData, DEFAULT_STORAGE_KEYS, type DatabaseAdapter, type DrizzleAdapterTables, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, type ResolvedAuthConfig, SchemaExtensions, type SessionWithDevice, type SessionWithTokenResult, type SessionWithUser, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createDrizzleAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, createSessionWithToken, createSessionWithTokenAndCookie, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };
+export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, type CreateSessionWithTokenParams, DEFAULT_STORAGE_KEYS, DatabaseAdapter, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, type ResolvedAuthConfig, SchemaExtensions, type SessionWithTokenResult, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, createSessionWithToken, createSessionWithTokenAndCookie, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };

package/dist/index.d.ts

@@ -4,9 +4,10 @@ import SuperJSON__default from 'superjson';
 import * as _trpc_server from '@trpc/server';
 import * as zod from 'zod';
 import { CreateHTTPContextOptions } from '@trpc/server/adapters/standalone';
-import { S as SchemaExtensions, A as AuthHooks } from './hooks-yHGJ7C6_.js';
-export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-yHGJ7C6_.js';
-import { AnyPgTable, PgColumn, PgDatabase, PgQueryResultHKT } from 'drizzle-orm/pg-core';
+import { D as DatabaseAdapter } from './database-CqnmD1HM.js';
+export { A as AuthOTP, a as AuthPasswordReset, b as AuthSession, c as AuthUser, C as CreateSessionData, d as CreateUserData, S as SessionWithDevice, e as SessionWithUser } from './database-CqnmD1HM.js';
+import { S as SchemaExtensions, A as AuthHooks } from './hooks-BXNxNK4S.js';
+export { C as ChangePasswordInput, L as LoginInput, O as OAuthLoginInput, R as ResetPasswordInput, a as SignupInput, T as TwoFaVerifyInput, V as VerifyEmailInput, b as biometricVerifySchema, c as changePasswordSchema, e as endAllSessionsSchema, l as loginSchema, o as oAuthLoginSchema, r as requestPasswordResetSchema, d as resetPasswordSchema, s as signupSchema, t as twoFaResetSchema, f as twoFaVerifySchema, v as verifyEmailSchema } from './hooks-BXNxNK4S.js';
 
 //# sourceMappingURL=TRPCError.d.ts.map
 //#endregion
@@ -148,215 +149,12 @@ declare function createNoopEmailAdapter(): EmailAdapter;
  */
 declare function createConsoleEmailAdapter(): EmailAdapter;
 
-/**
- * ORM-agnostic database adapter interface for @factiii/auth.
- * Implement this interface to use any database/ORM with the auth library.
- */
-interface AuthUser {
-    id: number;
-    status: string;
-    email: string;
-    username: string;
-    password: string | null;
-    twoFaEnabled: boolean;
-    oauthProvider: string | null;
-    oauthId: string | null;
-    tag: string;
-    verifiedHumanAt: Date | null;
-    emailVerificationStatus: string;
-    otpForEmailVerification: string | null;
-    isActive: boolean;
-}
-interface AuthSession {
-    id: number;
-    userId: number;
-    socketId: string | null;
-    twoFaSecret: string | null;
-    browserName: string;
-    issuedAt: Date;
-    lastUsed: Date;
-    revokedAt: Date | null;
-    deviceId: number | null;
-}
-interface AuthOTP {
-    id: number;
-    code: number;
-    expiresAt: Date;
-    userId: number;
-}
-interface AuthPasswordReset {
-    id: string;
-    createdAt: Date;
-    userId: number;
-}
-interface CreateUserData {
-    username: string;
-    email: string;
-    password: string | null;
-    status: string;
-    tag: string;
-    twoFaEnabled: boolean;
-    emailVerificationStatus: string;
-    verifiedHumanAt: Date | null;
-    oauthProvider?: string;
-    oauthId?: string;
-}
-interface CreateSessionData {
-    userId: number;
-    browserName: string;
-    socketId: string | null;
-    [key: string]: unknown;
-}
-type SessionWithUser = AuthSession & {
-    user: {
-        status: string;
-        verifiedHumanAt: Date | null;
-    };
-};
-type SessionWithDevice = {
-    twoFaSecret: string | null;
-    deviceId: number | null;
-    device: {
-        pushToken: string;
-    } | null;
-};
-interface DatabaseAdapter {
-    user: {
-        findByEmailInsensitive(email: string): Promise<AuthUser | null>;
-        findByUsernameInsensitive(username: string): Promise<AuthUser | null>;
-        findByEmailOrUsernameInsensitive(identifier: string): Promise<AuthUser | null>;
-        findByEmailOrOAuthId(email: string, oauthId: string): Promise<AuthUser | null>;
-        findById(id: number): Promise<AuthUser | null>;
-        findActiveById(id: number): Promise<AuthUser | null>;
-        create(data: CreateUserData): Promise<AuthUser>;
-        update(id: number, data: Partial<Omit<AuthUser, 'id'>>): Promise<AuthUser>;
-    };
-    session: {
-        /** Find session by ID with user status and verifiedHumanAt joined. */
-        findById(id: number): Promise<SessionWithUser | null>;
-        create(data: CreateSessionData): Promise<AuthSession>;
-        update(id: number, data: Partial<Pick<AuthSession, 'revokedAt' | 'lastUsed' | 'twoFaSecret' | 'deviceId'>>): Promise<AuthSession>;
-        /** Update lastUsed and return session with user's verifiedHumanAt. */
-        updateLastUsed(id: number): Promise<AuthSession & {
-            user: {
-                verifiedHumanAt: Date | null;
-            };
-        }>;
-        /** Set revokedAt on a single session. */
-        revoke(id: number): Promise<void>;
-        /** Find active (non-revoked) sessions for a user, optionally excluding one. */
-        findActiveByUserId(userId: number, excludeSessionId?: number): Promise<Pick<AuthSession, 'id' | 'socketId' | 'userId'>[]>;
-        /** Revoke all active sessions for a user, optionally excluding one. */
-        revokeAllByUserId(userId: number, excludeSessionId?: number): Promise<void>;
-        /** Get twoFaSecret from all sessions that have one for a user. */
-        findTwoFaSecretsByUserId(userId: number): Promise<{
-            twoFaSecret: string | null;
-        }[]>;
-        /** Clear twoFaSecret on sessions for a user, optionally excluding one. */
-        clearTwoFaSecrets(userId: number, excludeSessionId?: number): Promise<void>;
-        /** Find session with device relation for TOTP verification. */
-        findByIdWithDevice(id: number, userId: number): Promise<SessionWithDevice | null>;
-        /** Revoke other sessions that share a device push token. */
-        revokeByDevicePushToken(userId: number, pushToken: string, excludeSessionId: number): Promise<void>;
-        /** Clear deviceId on all sessions for a user+device pair. */
-        clearDeviceId(userId: number, deviceId: number): Promise<void>;
-    };
-    otp: {
-        findValidByUserAndCode(userId: number, code: number): Promise<AuthOTP | null>;
-        create(data: {
-            userId: number;
-            code: number;
-            expiresAt: Date;
-        }): Promise<AuthOTP>;
-        delete(id: number): Promise<void>;
-    };
-    passwordReset: {
-        findById(id: string): Promise<AuthPasswordReset | null>;
-        create(userId: number): Promise<AuthPasswordReset>;
-        delete(id: string): Promise<void>;
-        deleteAllByUserId(userId: number): Promise<void>;
-    };
-    device: {
-        findByTokenSessionAndUser(pushToken: string, sessionId: number, userId: number): Promise<{
-            id: number;
-        } | null>;
-        upsertByPushToken(pushToken: string, sessionId: number, userId: number): Promise<void>;
-        findByUserAndToken(userId: number, pushToken: string): Promise<{
-            id: number;
-        } | null>;
-        disconnectUser(deviceId: number, userId: number): Promise<void>;
-        hasRemainingUsers(deviceId: number): Promise<boolean>;
-        delete(id: number): Promise<void>;
-    };
-    admin: {
-        findByUserId(userId: number): Promise<{
-            ip: string;
-        } | null>;
-    };
-}
-
 /**
  * Creates a DatabaseAdapter backed by Prisma.
  * Pass your generated PrismaClient instance — its full types are preserved at the call site.
  */
 declare function createPrismaAdapter(prisma: unknown): DatabaseAdapter;
 
-/**
- * A Postgres Drizzle table with column properties accessible by name.
- * `AnyPgTable` is Drizzle's base Postgres table type; intersecting with
- * `Record<string, Column>` exposes the column descriptors for index access.
- */
-type DrizzleTable = AnyPgTable & Record<string, PgColumn>;
-/**
- * Drizzle table references required by the adapter.
- * Consumers pass their Drizzle Postgres table objects so the adapter
- * can build queries without knowing the schema file location.
- *
- * **Note:** This adapter only supports PostgreSQL via `drizzle-orm/pg-core`.
- */
-interface DrizzleAdapterTables {
-    users: DrizzleTable;
-    sessions: DrizzleTable;
-    otps: DrizzleTable;
-    passwordResets: DrizzleTable;
-    devices: DrizzleTable;
-    admins: DrizzleTable;
-    /** Join table for many-to-many device↔user relation (if applicable). */
-    devicesToUsers?: DrizzleTable;
-    /** Join table for many-to-many device↔session relation (if applicable). */
-    devicesToSessions?: DrizzleTable;
-}
-/**
- * Any `PgDatabase` instance, regardless of the underlying driver
- * (node-postgres, postgres.js, Neon, PGLite, etc.).
- */
-type AnyPgDatabase = PgDatabase<PgQueryResultHKT, Record<string, unknown>>;
-/**
- * Creates a DatabaseAdapter backed by Drizzle ORM.
- *
- * Usage:
- * ```ts
- * import { drizzle } from 'drizzle-orm/node-postgres';
- * import { createDrizzleAdapter } from '@factiii/auth';
- * import * as schema from './schema';
- *
- * const db = drizzle(pool, { schema });
- * const adapter = createDrizzleAdapter(db, {
- *   users: schema.users,
- *   sessions: schema.sessions,
- *   otps: schema.otps,
- *   passwordResets: schema.passwordResets,
- *   devices: schema.devices,
- *   admins: schema.admins,
- * });
- * ```
- *
- * **Important:** This adapter uses Drizzle's relational query API (`db.query.*`)
- * for joins and `db.insert/update/delete` for mutations. Make sure your Drizzle
- * instance is created with `{ schema }` so relational queries work.
- */
-declare function createDrizzleAdapter(db: AnyPgDatabase, tables: DrizzleAdapterTables): DatabaseAdapter;
-
 /**
  * JWT payload structure
  */
@@ -513,9 +311,9 @@ declare function createAuthGuard(config: AuthConfig, t: TrpcBuilder): _trpc_serv
     userId: number;
     socketId: string | null;
     sessionId: number;
-    ip: string | undefined;
     headers: http.IncomingHttpHeaders;
     res: http.ServerResponse<http.IncomingMessage>;
+    ip: string | undefined;
 }, unknown>;
 
 /**
@@ -877,12 +675,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }>>["in"] extends infer T_7 ? T_7 extends inferParser<[TExtensions["signup"]] extends [zod.AnyZodObject] ? zod.ZodObject<{
                     username: zod.ZodString;
@@ -901,12 +699,12 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
                     email: zod.ZodString;
                     password: zod.ZodEffects<zod.ZodString, string, string>;
                 }, "strip", zod.ZodTypeAny, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }, {
-                    username: string;
                     email: string;
+                    username: string;
                     password: string;
                 }>>["in"] ? T_7 extends _trpc_server.TRPCUnsetMarker ? void : T_7 : never : never;
                 output: {
@@ -1086,20 +884,20 @@ declare function createAuthRouter<TExtensions extends SchemaExtensions = {}>(con
         transformer: true;
     }>;
     procedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
-        sessionId: number;
         userId: number;
         socketId: string | null;
-        ip: string | undefined;
+        sessionId: number;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
+        ip: string | undefined;
     }, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, false>;
     authProcedure: _trpc_server.TRPCProcedureBuilder<TrpcContext, Meta, {
-        sessionId: number;
         userId: number;
         socketId: string | null;
-        ip: string | undefined;
+        sessionId: number;
         headers: http.IncomingHttpHeaders;
         res: http.ServerResponse<http.IncomingMessage>;
+        ip: string | undefined;
     }, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, _trpc_server.TRPCUnsetMarker, false>;
     createContext: ({ req, res }: CreateHTTPContextOptions) => TrpcContext;
 };
@@ -1312,4 +1110,4 @@ declare function verifyTotp(code: string, secret: string): Promise<boolean>;
  */
 declare function generateOtp(min?: number, max?: number): number;
 
-export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthOTP, type AuthPasswordReset, type AuthRouter, type AuthSession, type AuthUser, type CreateSessionData, type CreateSessionWithTokenParams, type CreateUserData, DEFAULT_STORAGE_KEYS, type DatabaseAdapter, type DrizzleAdapterTables, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, type ResolvedAuthConfig, SchemaExtensions, type SessionWithDevice, type SessionWithTokenResult, type SessionWithUser, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createDrizzleAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, createSessionWithToken, createSessionWithTokenAndCookie, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };
+export { type AuthConfig, type AuthFeatures, AuthHooks, type AuthRouter, type CreateSessionWithTokenParams, DEFAULT_STORAGE_KEYS, DatabaseAdapter, type EmailAdapter, type OAuthKeys, type OAuthProvider, type OAuthResult, OAuthVerificationError, type ResolvedAuthConfig, SchemaExtensions, type SessionWithTokenResult, type TokenSettings, type TrpcContext, cleanBase32String, clearAuthCookie, comparePassword, createAuthConfig, createAuthGuard, createAuthRouter, createAuthToken, createConsoleEmailAdapter, createNoopEmailAdapter, createOAuthVerifier, createPrismaAdapter, createSessionWithToken, createSessionWithTokenAndCookie, decodeToken, defaultAuthConfig, defaultCookieSettings, defaultStorageKeys, defaultTokenSettings, detectBrowser, generateOtp, generateTotpCode, generateTotpSecret, hashPassword, isMobileDevice, isNativeApp, isTokenExpiredError, isTokenInvalidError, parseAuthCookie, setAuthCookie, validatePasswordStrength, verifyAuthToken, verifyTotp };