@fnd-platform/cognito-auth 1.0.0-alpha.1

package/lib/middleware/auth.js

@@ -0,0 +1,148 @@
+"use strict";
+/**
+ * Cognito authentication middleware with real JWT validation.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.withCognitoAuth = withCognitoAuth;
+const jwt_js_1 = require("../jwt.js");
+/**
+ * Creates an unauthorized response.
+ *
+ * @param message - Error message
+ * @returns API Gateway response with 401 status
+ */
+function unauthorized(message) {
+    return {
+        statusCode: 401,
+        headers: {
+            'Content-Type': 'application/json',
+            'Access-Control-Allow-Origin': '*',
+        },
+        body: JSON.stringify({
+            success: false,
+            error: {
+                code: 'UNAUTHORIZED',
+                message,
+            },
+        }),
+    };
+}
+/**
+ * Creates a forbidden response.
+ *
+ * @param message - Error message
+ * @returns API Gateway response with 403 status
+ */
+function forbidden(message) {
+    return {
+        statusCode: 403,
+        headers: {
+            'Content-Type': 'application/json',
+            'Access-Control-Allow-Origin': '*',
+        },
+        body: JSON.stringify({
+            success: false,
+            error: {
+                code: 'FORBIDDEN',
+                message,
+            },
+        }),
+    };
+}
+/**
+ * Extracts bearer token from Authorization header.
+ *
+ * @param event - API Gateway event
+ * @returns Token string or null if not found
+ */
+function extractBearerToken(event) {
+    const authHeader = event.headers?.Authorization ?? event.headers?.authorization;
+    if (!authHeader?.startsWith('Bearer ')) {
+        return null;
+    }
+    return authHeader.slice(7);
+}
+/**
+ * Middleware that validates JWT tokens from Cognito.
+ *
+ * Unlike the API package's withAuth (which expects API Gateway to validate),
+ * this middleware performs actual JWT verification using aws-jwt-verify.
+ *
+ * @param options - Authentication configuration
+ * @returns Middleware that validates tokens and adds auth info to event
+ *
+ * @example
+ * ```typescript
+ * // Basic auth - validates token
+ * const handler = withCognitoAuth()(async (event) => {
+ *   const userId = event.auth.userId;
+ *   return { statusCode: 200, body: JSON.stringify({ userId }) };
+ * });
+ *
+ * // With role requirement
+ * const adminHandler = withCognitoAuth({ roles: ['admin'] })(async (event) => {
+ *   return { statusCode: 200, body: 'Admin access granted' };
+ * });
+ *
+ * // Skip auth for certain paths
+ * const handler = withCognitoAuth({ skipPaths: ['/health'] })(async (event) => {
+ *   return { statusCode: 200, body: 'OK' };
+ * });
+ * ```
+ */
+function withCognitoAuth(options = {}) {
+    const { userPoolId = process.env.COGNITO_USER_POOL_ID, clientId = process.env.COGNITO_CLIENT_ID, roles, skipPaths = [], tokenUse = 'access', } = options;
+    return (handler) => async (event, context) => {
+        // Skip auth for specified paths
+        if (skipPaths.some((path) => event.path?.includes(path))) {
+            // Pass through without auth info for skipped paths
+            return handler(event, context);
+        }
+        // Validate configuration
+        if (!userPoolId || !clientId) {
+            console.error('Missing COGNITO_USER_POOL_ID or COGNITO_CLIENT_ID');
+            return unauthorized('Authentication not configured');
+        }
+        // Extract token
+        const token = extractBearerToken(event);
+        if (!token) {
+            return unauthorized('Missing or invalid Authorization header');
+        }
+        try {
+            // Verify token
+            const authResult = await (0, jwt_js_1.verifyAndExtract)(token, {
+                userPoolId,
+                clientId,
+                tokenUse,
+            });
+            // Check roles if specified
+            if (roles && roles.length > 0) {
+                const hasRole = roles.some((role) => authResult.groups.includes(role));
+                if (!hasRole) {
+                    return forbidden(`Required role: ${roles.join(' or ')}`);
+                }
+            }
+            // Add auth info to event
+            const authenticatedEvent = {
+                ...event,
+                auth: authResult,
+            };
+            return handler(authenticatedEvent, context);
+        }
+        catch (error) {
+            console.error('Token verification failed:', error);
+            // Provide specific error messages for common cases
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            if (errorMessage.includes('expired')) {
+                return unauthorized('Token has expired');
+            }
+            if (errorMessage.includes('invalid')) {
+                return unauthorized('Invalid token');
+            }
+            return unauthorized('Token verification failed');
+        }
+    };
+}
+//# sourceMappingURL=auth.js.map

package/lib/middleware/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;AAuHH,0CAoEC;AAxLD,sCAA6C;AA0B7C;;;;;GAKG;AACH,SAAS,YAAY,CAAC,OAAe;IACnC,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,6BAA6B,EAAE,GAAG;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE;gBACL,IAAI,EAAE,cAAc;gBACpB,OAAO;aACR;SACF,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,6BAA6B,EAAE,GAAG;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE;gBACL,IAAI,EAAE,WAAW;gBACjB,OAAO;aACR;SACF,CAAC;KACH,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,SAAS,kBAAkB,CAAC,KAA2B;IACrD,MAAM,UAAU,GAAG,KAAK,CAAC,OAAO,EAAE,aAAa,IAAI,KAAK,CAAC,OAAO,EAAE,aAAa,CAAC;IAEhF,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAC7B,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,SAAgB,eAAe,CAC7B,UAA8B,EAAE;IAEhC,MAAM,EACJ,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAC7C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,EACxC,KAAK,EACL,SAAS,GAAG,EAAE,EACd,QAAQ,GAAG,QAAQ,GACpB,GAAG,OAAO,CAAC;IAEZ,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC3C,gCAAgC;QAChC,IAAI,SAAS,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACzD,mDAAmD;YACnD,OAAO,OAAO,CAAC,KAAkC,EAAE,OAAO,CAAC,CAAC;QAC9D,CAAC;QAED,yBAAyB;QACzB,IAAI,CAAC,UAAU,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC7B,OAAO,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACnE,OAAO,YAAY,CAAC,+BAA+B,CAAC,CAAC;QACvD,CAAC;QAED,gBAAgB;QAChB,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,YAAY,CAAC,yCAAyC,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,CAAC;YACH,eAAe;YACf,MAAM,UAAU,GAAG,MAAM,IAAA,yBAAgB,EAAC,KAAK,EAAE;gBAC/C,UAAU;gBACV,QAAQ;gBACR,QAAQ;aACT,CAAC,CAAC;YAEH,2BAA2B;YAC3B,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;gBACvE,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,SAAS,CAAC,kBAAkB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC3D,CAAC;YACH,CAAC;YAED,yBAAyB;YACzB,MAAM,kBAAkB,GAA8B;gBACpD,GAAG,KAAK;gBACR,IAAI,EAAE,UAAU;aACjB,CAAC;YAEF,OAAO,OAAO,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;YAEnD,mDAAmD;YACnD,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,OAAO,YAAY,CAAC,mBAAmB,CAAC,CAAC;YAC3C,CAAC;YACD,IAAI,YAAY,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACrC,OAAO,YAAY,CAAC,eAAe,CAAC,CAAC;YACvC,CAAC;YAED,OAAO,YAAY,CAAC,2BAA2B,CAAC,CAAC;QACnD,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/lib/middleware/index.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Middleware exports.
+ *
+ * @packageDocumentation
+ */
+export {
+  withCognitoAuth,
+  type CognitoAuthenticatedEvent,
+  type Middleware,
+  type MiddlewareHandler,
+} from './auth.js';
+//# sourceMappingURL=index.d.ts.map

package/lib/middleware/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,eAAe,EACf,KAAK,yBAAyB,EAC9B,KAAK,UAAU,EACf,KAAK,iBAAiB,GACvB,MAAM,WAAW,CAAC"}

package/lib/middleware/index.js

@@ -0,0 +1,16 @@
+'use strict';
+/**
+ * Middleware exports.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.withCognitoAuth = void 0;
+var auth_js_1 = require('./auth.js');
+Object.defineProperty(exports, 'withCognitoAuth', {
+  enumerable: true,
+  get: function () {
+    return auth_js_1.withCognitoAuth;
+  },
+});
+//# sourceMappingURL=index.js.map

package/lib/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/middleware/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,qCAKmB;AAJjB,0GAAA,eAAe,OAAA"}

package/lib/remix/admin.server.d.ts

@@ -0,0 +1,105 @@
+/**
+ * Admin and role-based access utilities for Remix.
+ *
+ * Provides utilities for requiring specific roles in Remix loaders and actions.
+ *
+ * @packageDocumentation
+ */
+import type { SessionStorage } from '@remix-run/node';
+/**
+ * Requires admin role for accessing a route.
+ *
+ * First checks if the user is authenticated, then verifies they have
+ * the 'admin' group in their Cognito session.
+ *
+ * @param request - Remix request object
+ * @param storage - Optional custom session storage
+ * @returns User ID if authorized
+ * @throws Redirect to /login if not authenticated
+ * @throws 403 JSON response if not admin
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const userId = await requireAdmin(request);
+ *   // User is admin, load admin data
+ *   return json({ adminData: await getAdminData() });
+ * }
+ * ```
+ */
+export declare function requireAdmin(request: Request, storage?: SessionStorage): Promise<string>;
+/**
+ * Requires any of the specified roles for accessing a route.
+ *
+ * First checks if the user is authenticated, then verifies they have
+ * at least one of the required roles.
+ *
+ * @param request - Remix request object
+ * @param roles - Array of required roles (user must have at least one)
+ * @param storage - Optional custom session storage
+ * @returns User ID if authorized
+ * @throws Redirect to /login if not authenticated
+ * @throws 403 JSON response if missing required role
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   // Require admin or editor role
+ *   const userId = await requireRole(request, ['admin', 'editor']);
+ *   return json({ content: await getContent() });
+ * }
+ * ```
+ */
+export declare function requireRole(
+  request: Request,
+  roles: string[],
+  storage?: SessionStorage
+): Promise<string>;
+/**
+ * Checks if the user has a specific role.
+ *
+ * Does not throw errors or redirect. Returns false for unauthenticated users.
+ *
+ * @param request - Remix request object
+ * @param role - Role to check
+ * @param storage - Optional custom session storage
+ * @returns True if user has role, false otherwise
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const isAdmin = await hasRole(request, 'admin');
+ *   const canEdit = await hasRole(request, 'editor');
+ *   return json({ isAdmin, canEdit });
+ * }
+ * ```
+ */
+export declare function hasRole(
+  request: Request,
+  role: string,
+  storage?: SessionStorage
+): Promise<boolean>;
+/**
+ * Checks if the user has any of the specified roles.
+ *
+ * Does not throw errors or redirect. Returns false for unauthenticated users.
+ *
+ * @param request - Remix request object
+ * @param roles - Roles to check
+ * @param storage - Optional custom session storage
+ * @returns True if user has any role, false otherwise
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const canManageContent = await hasAnyRole(request, ['admin', 'editor']);
+ *   return json({ canManageContent });
+ * }
+ * ```
+ */
+export declare function hasAnyRole(
+  request: Request,
+  roles: string[],
+  storage?: SessionStorage
+): Promise<boolean>;
+//# sourceMappingURL=admin.server.d.ts.map

package/lib/remix/admin.server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.server.d.ts","sourceRoot":"","sources":["../../src/remix/admin.server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAGH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGtD;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,CAE9F;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EAAE,EACf,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,MAAM,CAAC,CAwBjB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAsB,OAAO,CAC3B,OAAO,EAAE,OAAO,EAChB,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,OAAO,CAAC,CAclB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,UAAU,CAC9B,OAAO,EAAE,OAAO,EAChB,KAAK,EAAE,MAAM,EAAE,EACf,OAAO,CAAC,EAAE,cAAc,GACvB,OAAO,CAAC,OAAO,CAAC,CAclB"}

package/lib/remix/admin.server.js

@@ -0,0 +1,146 @@
+'use strict';
+/**
+ * Admin and role-based access utilities for Remix.
+ *
+ * Provides utilities for requiring specific roles in Remix loaders and actions.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.requireAdmin = requireAdmin;
+exports.requireRole = requireRole;
+exports.hasRole = hasRole;
+exports.hasAnyRole = hasAnyRole;
+const node_1 = require('@remix-run/node');
+const session_server_js_1 = require('./session.server.js');
+/**
+ * Requires admin role for accessing a route.
+ *
+ * First checks if the user is authenticated, then verifies they have
+ * the 'admin' group in their Cognito session.
+ *
+ * @param request - Remix request object
+ * @param storage - Optional custom session storage
+ * @returns User ID if authorized
+ * @throws Redirect to /login if not authenticated
+ * @throws 403 JSON response if not admin
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const userId = await requireAdmin(request);
+ *   // User is admin, load admin data
+ *   return json({ adminData: await getAdminData() });
+ * }
+ * ```
+ */
+async function requireAdmin(request, storage) {
+  return requireRole(request, ['admin'], storage);
+}
+/**
+ * Requires any of the specified roles for accessing a route.
+ *
+ * First checks if the user is authenticated, then verifies they have
+ * at least one of the required roles.
+ *
+ * @param request - Remix request object
+ * @param roles - Array of required roles (user must have at least one)
+ * @param storage - Optional custom session storage
+ * @returns User ID if authorized
+ * @throws Redirect to /login if not authenticated
+ * @throws 403 JSON response if missing required role
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   // Require admin or editor role
+ *   const userId = await requireRole(request, ['admin', 'editor']);
+ *   return json({ content: await getContent() });
+ * }
+ * ```
+ */
+async function requireRole(request, roles, storage) {
+  // First ensure user is authenticated
+  const userId = await (0, session_server_js_1.requireAuth)(request, '/login', storage);
+  // Get user's groups from session
+  const session = await (0, session_server_js_1.getSession)(request, storage);
+  const userGroups = session.get('groups') ?? [];
+  // Check if user has at least one required role
+  const hasRequiredRole = roles.some((role) => userGroups.includes(role));
+  if (!hasRequiredRole) {
+    throw (0, node_1.json)(
+      {
+        error: {
+          code: 'FORBIDDEN',
+          message: `Required role: ${roles.join(' or ')}`,
+        },
+      },
+      { status: 403 }
+    );
+  }
+  return userId;
+}
+/**
+ * Checks if the user has a specific role.
+ *
+ * Does not throw errors or redirect. Returns false for unauthenticated users.
+ *
+ * @param request - Remix request object
+ * @param role - Role to check
+ * @param storage - Optional custom session storage
+ * @returns True if user has role, false otherwise
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const isAdmin = await hasRole(request, 'admin');
+ *   const canEdit = await hasRole(request, 'editor');
+ *   return json({ isAdmin, canEdit });
+ * }
+ * ```
+ */
+async function hasRole(request, role, storage) {
+  try {
+    const session = await (0, session_server_js_1.getSession)(request, storage);
+    const userId = session.get('userId');
+    if (!userId) {
+      return false;
+    }
+    const userGroups = session.get('groups') ?? [];
+    return userGroups.includes(role);
+  } catch {
+    return false;
+  }
+}
+/**
+ * Checks if the user has any of the specified roles.
+ *
+ * Does not throw errors or redirect. Returns false for unauthenticated users.
+ *
+ * @param request - Remix request object
+ * @param roles - Roles to check
+ * @param storage - Optional custom session storage
+ * @returns True if user has any role, false otherwise
+ *
+ * @example
+ * ```typescript
+ * export async function loader({ request }: LoaderFunctionArgs) {
+ *   const canManageContent = await hasAnyRole(request, ['admin', 'editor']);
+ *   return json({ canManageContent });
+ * }
+ * ```
+ */
+async function hasAnyRole(request, roles, storage) {
+  try {
+    const session = await (0, session_server_js_1.getSession)(request, storage);
+    const userId = session.get('userId');
+    if (!userId) {
+      return false;
+    }
+    const userGroups = session.get('groups') ?? [];
+    return roles.some((role) => userGroups.includes(role));
+  } catch {
+    return false;
+  }
+}
+//# sourceMappingURL=admin.server.js.map

package/lib/remix/admin.server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin.server.js","sourceRoot":"","sources":["../../src/remix/admin.server.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;AA2BH,oCAEC;AAwBD,kCA4BC;AAqBD,0BAkBC;AAoBD,gCAkBC;AA5JD,0CAAuC;AAEvC,2DAA8D;AAE9D;;;;;;;;;;;;;;;;;;;;GAoBG;AACI,KAAK,UAAU,YAAY,CAAC,OAAgB,EAAE,OAAwB;IAC3E,OAAO,WAAW,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,WAAW,CAC/B,OAAgB,EAChB,KAAe,EACf,OAAwB;IAExB,qCAAqC;IACrC,MAAM,MAAM,GAAG,MAAM,IAAA,+BAAW,EAAC,OAAO,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAE7D,iCAAiC;IACjC,MAAM,OAAO,GAAG,MAAM,IAAA,8BAAU,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,MAAM,UAAU,GAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE,CAAC;IAE7D,+CAA+C;IAC/C,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAExE,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,MAAM,IAAA,WAAI,EACR;YACE,KAAK,EAAE;gBACL,IAAI,EAAE,WAAW;gBACjB,OAAO,EAAE,kBAAkB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE;aAChD;SACF,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACI,KAAK,UAAU,OAAO,CAC3B,OAAgB,EAChB,IAAY,EACZ,OAAwB;IAExB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,8BAAU,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;QAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE,CAAC;QAC7D,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACI,KAAK,UAAU,UAAU,CAC9B,OAAgB,EAChB,KAAe,EACf,OAAwB;IAExB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,IAAA,8BAAU,EAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAuB,CAAC;QAE3D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAc,IAAI,EAAE,CAAC;QAC7D,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/lib/remix/index.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Remix authentication utilities exports.
+ *
+ * @packageDocumentation
+ */
+export {
+  createSessionStorage,
+  getSession,
+  createUserSession,
+  requireAuth,
+  getOptionalUser,
+  getUserSession,
+  logout,
+  resetDefaultStorage,
+} from './session.server.js';
+export { requireAdmin, requireRole, hasRole, hasAnyRole } from './admin.server.js';
+//# sourceMappingURL=index.d.ts.map

package/lib/remix/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/remix/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,oBAAoB,EACpB,UAAU,EACV,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,cAAc,EACd,MAAM,EACN,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC"}

package/lib/remix/index.js

@@ -0,0 +1,95 @@
+'use strict';
+/**
+ * Remix authentication utilities exports.
+ *
+ * @packageDocumentation
+ */
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.hasAnyRole =
+  exports.hasRole =
+  exports.requireRole =
+  exports.requireAdmin =
+  exports.resetDefaultStorage =
+  exports.logout =
+  exports.getUserSession =
+  exports.getOptionalUser =
+  exports.requireAuth =
+  exports.createUserSession =
+  exports.getSession =
+  exports.createSessionStorage =
+    void 0;
+var session_server_js_1 = require('./session.server.js');
+Object.defineProperty(exports, 'createSessionStorage', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.createSessionStorage;
+  },
+});
+Object.defineProperty(exports, 'getSession', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.getSession;
+  },
+});
+Object.defineProperty(exports, 'createUserSession', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.createUserSession;
+  },
+});
+Object.defineProperty(exports, 'requireAuth', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.requireAuth;
+  },
+});
+Object.defineProperty(exports, 'getOptionalUser', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.getOptionalUser;
+  },
+});
+Object.defineProperty(exports, 'getUserSession', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.getUserSession;
+  },
+});
+Object.defineProperty(exports, 'logout', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.logout;
+  },
+});
+Object.defineProperty(exports, 'resetDefaultStorage', {
+  enumerable: true,
+  get: function () {
+    return session_server_js_1.resetDefaultStorage;
+  },
+});
+var admin_server_js_1 = require('./admin.server.js');
+Object.defineProperty(exports, 'requireAdmin', {
+  enumerable: true,
+  get: function () {
+    return admin_server_js_1.requireAdmin;
+  },
+});
+Object.defineProperty(exports, 'requireRole', {
+  enumerable: true,
+  get: function () {
+    return admin_server_js_1.requireRole;
+  },
+});
+Object.defineProperty(exports, 'hasRole', {
+  enumerable: true,
+  get: function () {
+    return admin_server_js_1.hasRole;
+  },
+});
+Object.defineProperty(exports, 'hasAnyRole', {
+  enumerable: true,
+  get: function () {
+    return admin_server_js_1.hasAnyRole;
+  },
+});
+//# sourceMappingURL=index.js.map

package/lib/remix/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/remix/index.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;AAEH,yDAS6B;AAR3B,yHAAA,oBAAoB,OAAA;AACpB,+GAAA,UAAU,OAAA;AACV,sHAAA,iBAAiB,OAAA;AACjB,gHAAA,WAAW,OAAA;AACX,oHAAA,eAAe,OAAA;AACf,mHAAA,cAAc,OAAA;AACd,2GAAA,MAAM,OAAA;AACN,wHAAA,mBAAmB,OAAA;AAGrB,qDAAmF;AAA1E,+GAAA,YAAY,OAAA;AAAE,8GAAA,WAAW,OAAA;AAAE,0GAAA,OAAO,OAAA;AAAE,6GAAA,UAAU,OAAA"}