@forjio/engine-auth 0.1.0

package/dist/__tests__/session.test.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const vitest_1 = require("vitest");
+const redis_mock_1 = require("./helpers/redis-mock");
+// Mock ioredis before importing session module
+const redisMock = new redis_mock_1.RedisMock();
+vitest_1.vi.mock('ioredis', () => ({
+    default: vitest_1.vi.fn(() => redisMock),
+}));
+// Import after mock is set up
+const session_1 = require("../session");
+const TEST_SESSION = {
+    userId: 'user-456',
+    email: 'session@example.com',
+    role: 'user',
+    productSlug: 'portal',
+    expiresAt: Date.now() + 3600_000, // 1 hour from now
+};
+(0, vitest_1.describe)('session store', () => {
+    let store;
+    (0, vitest_1.beforeEach)(() => {
+        redisMock.clear();
+        store = (0, session_1.createSessionStore)('redis://localhost:6379');
+    });
+    (0, vitest_1.describe)('create', () => {
+        (0, vitest_1.it)('should create session and return session ID', async () => {
+            const sessionId = await store.create(TEST_SESSION);
+            (0, vitest_1.expect)(sessionId).toBeDefined();
+            (0, vitest_1.expect)(typeof sessionId).toBe('string');
+            (0, vitest_1.expect)(sessionId.length).toBeGreaterThan(0);
+        });
+        (0, vitest_1.it)('should store session data retrievable by ID', async () => {
+            const sessionId = await store.create(TEST_SESSION);
+            const retrieved = await store.get(sessionId);
+            (0, vitest_1.expect)(retrieved).not.toBeNull();
+            (0, vitest_1.expect)(retrieved.userId).toBe('user-456');
+            (0, vitest_1.expect)(retrieved.email).toBe('session@example.com');
+            (0, vitest_1.expect)(retrieved.role).toBe('user');
+        });
+    });
+    (0, vitest_1.describe)('get', () => {
+        (0, vitest_1.it)('should return session data for valid ID', async () => {
+            const sessionId = await store.create(TEST_SESSION);
+            const session = await store.get(sessionId);
+            (0, vitest_1.expect)(session).not.toBeNull();
+            (0, vitest_1.expect)(session.userId).toBe(TEST_SESSION.userId);
+            (0, vitest_1.expect)(session.productSlug).toBe(TEST_SESSION.productSlug);
+        });
+        (0, vitest_1.it)('should return null for non-existent ID', async () => {
+            const session = await store.get('non-existent-id');
+            (0, vitest_1.expect)(session).toBeNull();
+        });
+        (0, vitest_1.it)('should return null for logically expired session', async () => {
+            const expiredSession = {
+                ...TEST_SESSION,
+                expiresAt: Date.now() - 1000, // already expired
+            };
+            const sessionId = await store.create(expiredSession);
+            const session = await store.get(sessionId);
+            (0, vitest_1.expect)(session).toBeNull();
+        });
+    });
+    (0, vitest_1.describe)('destroy', () => {
+        (0, vitest_1.it)('should remove session', async () => {
+            const sessionId = await store.create(TEST_SESSION);
+            // Verify it exists first
+            (0, vitest_1.expect)(await store.get(sessionId)).not.toBeNull();
+            await store.destroy(sessionId);
+            (0, vitest_1.expect)(await store.get(sessionId)).toBeNull();
+        });
+    });
+    (0, vitest_1.describe)('destroyAllForUser', () => {
+        (0, vitest_1.it)('should remove all sessions for a user', async () => {
+            const id1 = await store.create(TEST_SESSION);
+            const id2 = await store.create({ ...TEST_SESSION, productSlug: 'other' });
+            // Both should exist
+            (0, vitest_1.expect)(await store.get(id1)).not.toBeNull();
+            (0, vitest_1.expect)(await store.get(id2)).not.toBeNull();
+            await store.destroyAllForUser(TEST_SESSION.userId);
+            (0, vitest_1.expect)(await store.get(id1)).toBeNull();
+            (0, vitest_1.expect)(await store.get(id2)).toBeNull();
+        });
+        (0, vitest_1.it)('should not affect other users sessions', async () => {
+            const id1 = await store.create(TEST_SESSION);
+            const otherSession = {
+                ...TEST_SESSION,
+                userId: 'other-user',
+            };
+            const id2 = await store.create(otherSession);
+            await store.destroyAllForUser(TEST_SESSION.userId);
+            (0, vitest_1.expect)(await store.get(id1)).toBeNull();
+            (0, vitest_1.expect)(await store.get(id2)).not.toBeNull();
+        });
+    });
+});
+//# sourceMappingURL=session.test.js.map

package/dist/__tests__/session.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.test.js","sourceRoot":"","sources":["../../src/__tests__/session.test.ts"],"names":[],"mappings":";;AAAA,mCAA8D;AAC9D,qDAAiD;AAGjD,+CAA+C;AAC/C,MAAM,SAAS,GAAG,IAAI,sBAAS,EAAE,CAAC;AAClC,WAAE,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;IACxB,OAAO,EAAE,WAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;CAChC,CAAC,CAAC,CAAC;AAEJ,8BAA8B;AAC9B,wCAA8D;AAE9D,MAAM,YAAY,GAAgB;IAChC,MAAM,EAAE,UAAU;IAClB,KAAK,EAAE,qBAAqB;IAC5B,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,QAAQ;IACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,kBAAkB;CACrD,CAAC;AAEF,IAAA,iBAAQ,EAAC,eAAe,EAAE,GAAG,EAAE;IAC7B,IAAI,KAAmB,CAAC;IAExB,IAAA,mBAAU,EAAC,GAAG,EAAE;QACd,SAAS,CAAC,KAAK,EAAE,CAAC;QAClB,KAAK,GAAG,IAAA,4BAAkB,EAAC,wBAAwB,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,QAAQ,EAAE,GAAG,EAAE;QACtB,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAEnD,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;YAChC,IAAA,eAAM,EAAC,OAAO,SAAS,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACxC,IAAA,eAAM,EAAC,SAAS,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,6CAA6C,EAAE,KAAK,IAAI,EAAE;YAC3D,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACnD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE7C,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YACjC,IAAA,eAAM,EAAC,SAAU,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC3C,IAAA,eAAM,EAAC,SAAU,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACrD,IAAA,eAAM,EAAC,SAAU,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,KAAK,EAAE,GAAG,EAAE;QACnB,IAAA,WAAE,EAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;YACvD,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YACnD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE3C,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC/B,IAAA,eAAM,EAAC,OAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAClD,IAAA,eAAM,EAAC,OAAQ,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;YACnD,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;YAChE,MAAM,cAAc,GAAgB;gBAClC,GAAG,YAAY;gBACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,kBAAkB;aACjD,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAE3C,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7B,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,SAAS,EAAE,GAAG,EAAE;QACvB,IAAA,WAAE,EAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;YACrC,MAAM,SAAS,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAEnD,yBAAyB;YACzB,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAElD,MAAM,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAE/B,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAChD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAA,iBAAQ,EAAC,mBAAmB,EAAE,GAAG,EAAE;QACjC,IAAA,WAAE,EAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACrD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC7C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,EAAE,GAAG,YAAY,EAAE,WAAW,EAAE,OAAO,EAAE,CAAC,CAAC;YAE1E,oBAAoB;YACpB,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC5C,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAE5C,MAAM,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACxC,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;QAEH,IAAA,WAAE,EAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC7C,MAAM,YAAY,GAAgB;gBAChC,GAAG,YAAY;gBACf,MAAM,EAAE,YAAY;aACrB,CAAC;YACF,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAE7C,MAAM,KAAK,CAAC,iBAAiB,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YACxC,IAAA,eAAM,EAAC,MAAM,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/api-keys.d.ts

@@ -0,0 +1,29 @@
+export interface CreateApiKeyInput {
+    userId: string;
+    productSlug: string;
+    scopes: string[];
+    expiresAt?: Date | null;
+}
+export interface ApiKeyWithHash {
+    plainKey: string;
+    hashedKey: string;
+}
+/**
+ * Generates a new API key with the `ek_` prefix.
+ * Optionally accepts a custom prefix that replaces the default.
+ */
+export declare function generateApiKey(prefix?: string): string;
+/**
+ * Creates a SHA-256 hash of an API key for secure storage.
+ * Only the hash should be persisted — never store the plain key.
+ */
+export declare function hashApiKey(key: string): string;
+/**
+ * Validates that a key matches the expected `ek_` format and length.
+ */
+export declare function validateApiKeyFormat(key: string): boolean;
+/**
+ * Generates a new API key and returns both the plain key and its hash.
+ */
+export declare function createApiKeyPair(prefix?: string): ApiKeyWithHash;
+//# sourceMappingURL=api-keys.d.ts.map

package/dist/api-keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.d.ts","sourceRoot":"","sources":["../src/api-keys.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;CACzB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAItD;AAED;;;GAGG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAE9C;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAOzD;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,cAAc,CAIhE"}

package/dist/api-keys.js

@@ -0,0 +1,50 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateApiKey = generateApiKey;
+exports.hashApiKey = hashApiKey;
+exports.validateApiKeyFormat = validateApiKeyFormat;
+exports.createApiKeyPair = createApiKeyPair;
+const crypto_1 = __importDefault(require("crypto"));
+const API_KEY_PREFIX = 'ek_';
+const API_KEY_BYTES = 32;
+const EXPECTED_KEY_LENGTH = API_KEY_PREFIX.length + API_KEY_BYTES * 2; // hex encoding
+/**
+ * Generates a new API key with the `ek_` prefix.
+ * Optionally accepts a custom prefix that replaces the default.
+ */
+function generateApiKey(prefix) {
+    const keyPrefix = prefix || API_KEY_PREFIX;
+    const randomPart = crypto_1.default.randomBytes(API_KEY_BYTES).toString('hex');
+    return `${keyPrefix}${randomPart}`;
+}
+/**
+ * Creates a SHA-256 hash of an API key for secure storage.
+ * Only the hash should be persisted — never store the plain key.
+ */
+function hashApiKey(key) {
+    return crypto_1.default.createHash('sha256').update(key).digest('hex');
+}
+/**
+ * Validates that a key matches the expected `ek_` format and length.
+ */
+function validateApiKeyFormat(key) {
+    if (!key.startsWith(API_KEY_PREFIX))
+        return false;
+    if (key.length !== EXPECTED_KEY_LENGTH)
+        return false;
+    // Verify the hex portion is valid
+    const hexPart = key.slice(API_KEY_PREFIX.length);
+    return /^[a-f0-9]+$/.test(hexPart);
+}
+/**
+ * Generates a new API key and returns both the plain key and its hash.
+ */
+function createApiKeyPair(prefix) {
+    const plainKey = generateApiKey(prefix);
+    const hashedKey = hashApiKey(plainKey);
+    return { plainKey, hashedKey };
+}
+//# sourceMappingURL=api-keys.js.map

package/dist/api-keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../src/api-keys.ts"],"names":[],"mappings":";;;;;AAsBA,wCAIC;AAMD,gCAEC;AAKD,oDAOC;AAKD,4CAIC;AAvDD,oDAA4B;AAE5B,MAAM,cAAc,GAAG,KAAK,CAAC;AAC7B,MAAM,aAAa,GAAG,EAAE,CAAC;AACzB,MAAM,mBAAmB,GAAG,cAAc,CAAC,MAAM,GAAG,aAAa,GAAG,CAAC,CAAC,CAAC,eAAe;AActF;;;GAGG;AACH,SAAgB,cAAc,CAAC,MAAe;IAC5C,MAAM,SAAS,GAAG,MAAM,IAAI,cAAc,CAAC;IAC3C,MAAM,UAAU,GAAG,gBAAM,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrE,OAAO,GAAG,SAAS,GAAG,UAAU,EAAE,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,SAAgB,UAAU,CAAC,GAAW;IACpC,OAAO,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC/D,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,GAAW;IAC9C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;QAAE,OAAO,KAAK,CAAC;IAClD,IAAI,GAAG,CAAC,MAAM,KAAK,mBAAmB;QAAE,OAAO,KAAK,CAAC;IAErD,kCAAkC;IAClC,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AACrC,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,MAAe;IAC9C,MAAM,QAAQ,GAAG,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACvC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+export type { EngineUser, ApiKey, SessionData, JwtPayload, AuthConfig, } from './types';
+export { signAccessToken, signRefreshToken, signRememberMeToken, verifyAccessToken, verifyRefreshToken, } from './jwt';
+export { createSessionStore } from './session';
+export type { SessionStore } from './session';
+export { generateApiKey, hashApiKey, validateApiKeyFormat, createApiKeyPair, } from './api-keys';
+export type { CreateApiKeyInput, ApiKeyWithHash } from './api-keys';
+export { configureGoogleStrategy, configureGithubStrategy, setupOAuth, } from './oauth';
+export type { OAuthProfile, FindOrCreateUser } from './oauth';
+export { authenticateToken, requireApiKey, requireProduct, requireRole, } from './middleware';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,UAAU,EACV,MAAM,EACN,WAAW,EACX,UAAU,EACV,UAAU,GACX,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,OAAO,CAAC;AAGf,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAC/C,YAAY,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAG9C,OAAO,EACL,cAAc,EACd,UAAU,EACV,oBAAoB,EACpB,gBAAgB,GACjB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,iBAAiB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAGpE,OAAO,EACL,uBAAuB,EACvB,uBAAuB,EACvB,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,YAAY,EAAE,YAAY,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAG9D,OAAO,EACL,iBAAiB,EACjB,aAAa,EACb,cAAc,EACd,WAAW,GACZ,MAAM,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireRole = exports.requireProduct = exports.requireApiKey = exports.authenticateToken = exports.setupOAuth = exports.configureGithubStrategy = exports.configureGoogleStrategy = exports.createApiKeyPair = exports.validateApiKeyFormat = exports.hashApiKey = exports.generateApiKey = exports.createSessionStore = exports.verifyRefreshToken = exports.verifyAccessToken = exports.signRememberMeToken = exports.signRefreshToken = exports.signAccessToken = void 0;
+// JWT utilities
+var jwt_1 = require("./jwt");
+Object.defineProperty(exports, "signAccessToken", { enumerable: true, get: function () { return jwt_1.signAccessToken; } });
+Object.defineProperty(exports, "signRefreshToken", { enumerable: true, get: function () { return jwt_1.signRefreshToken; } });
+Object.defineProperty(exports, "signRememberMeToken", { enumerable: true, get: function () { return jwt_1.signRememberMeToken; } });
+Object.defineProperty(exports, "verifyAccessToken", { enumerable: true, get: function () { return jwt_1.verifyAccessToken; } });
+Object.defineProperty(exports, "verifyRefreshToken", { enumerable: true, get: function () { return jwt_1.verifyRefreshToken; } });
+// Session store
+var session_1 = require("./session");
+Object.defineProperty(exports, "createSessionStore", { enumerable: true, get: function () { return session_1.createSessionStore; } });
+// API key utilities
+var api_keys_1 = require("./api-keys");
+Object.defineProperty(exports, "generateApiKey", { enumerable: true, get: function () { return api_keys_1.generateApiKey; } });
+Object.defineProperty(exports, "hashApiKey", { enumerable: true, get: function () { return api_keys_1.hashApiKey; } });
+Object.defineProperty(exports, "validateApiKeyFormat", { enumerable: true, get: function () { return api_keys_1.validateApiKeyFormat; } });
+Object.defineProperty(exports, "createApiKeyPair", { enumerable: true, get: function () { return api_keys_1.createApiKeyPair; } });
+// OAuth strategies
+var oauth_1 = require("./oauth");
+Object.defineProperty(exports, "configureGoogleStrategy", { enumerable: true, get: function () { return oauth_1.configureGoogleStrategy; } });
+Object.defineProperty(exports, "configureGithubStrategy", { enumerable: true, get: function () { return oauth_1.configureGithubStrategy; } });
+Object.defineProperty(exports, "setupOAuth", { enumerable: true, get: function () { return oauth_1.setupOAuth; } });
+// Express middleware
+var middleware_1 = require("./middleware");
+Object.defineProperty(exports, "authenticateToken", { enumerable: true, get: function () { return middleware_1.authenticateToken; } });
+Object.defineProperty(exports, "requireApiKey", { enumerable: true, get: function () { return middleware_1.requireApiKey; } });
+Object.defineProperty(exports, "requireProduct", { enumerable: true, get: function () { return middleware_1.requireProduct; } });
+Object.defineProperty(exports, "requireRole", { enumerable: true, get: function () { return middleware_1.requireRole; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AASA,gBAAgB;AAChB,6BAMe;AALb,sGAAA,eAAe,OAAA;AACf,uGAAA,gBAAgB,OAAA;AAChB,0GAAA,mBAAmB,OAAA;AACnB,wGAAA,iBAAiB,OAAA;AACjB,yGAAA,kBAAkB,OAAA;AAGpB,gBAAgB;AAChB,qCAA+C;AAAtC,6GAAA,kBAAkB,OAAA;AAG3B,oBAAoB;AACpB,uCAKoB;AAJlB,0GAAA,cAAc,OAAA;AACd,sGAAA,UAAU,OAAA;AACV,gHAAA,oBAAoB,OAAA;AACpB,4GAAA,gBAAgB,OAAA;AAIlB,mBAAmB;AACnB,iCAIiB;AAHf,gHAAA,uBAAuB,OAAA;AACvB,gHAAA,uBAAuB,OAAA;AACvB,mGAAA,UAAU,OAAA;AAIZ,qBAAqB;AACrB,2CAKsB;AAJpB,+GAAA,iBAAiB,OAAA;AACjB,2GAAA,aAAa,OAAA;AACb,4GAAA,cAAc,OAAA;AACd,yGAAA,WAAW,OAAA"}

package/dist/jwt.d.ts

@@ -0,0 +1,7 @@
+import { JwtPayload, AuthConfig } from './types';
+export declare function signAccessToken(payload: JwtPayload, config: AuthConfig): string;
+export declare function signRefreshToken(payload: JwtPayload, config: AuthConfig): string;
+export declare function signRememberMeToken(payload: JwtPayload, config: AuthConfig): string;
+export declare function verifyAccessToken(token: string, config: AuthConfig): JwtPayload;
+export declare function verifyRefreshToken(token: string, config: AuthConfig): JwtPayload;
+//# sourceMappingURL=jwt.d.ts.map

package/dist/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAuBjD,wBAAgB,eAAe,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,MAAM,CAI/E;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,MAAM,CAIhF;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,MAAM,CAInF;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAQ/E;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,UAAU,CAQhF"}

package/dist/jwt.js

@@ -0,0 +1,66 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signAccessToken = signAccessToken;
+exports.signRefreshToken = signRefreshToken;
+exports.signRememberMeToken = signRememberMeToken;
+exports.verifyAccessToken = verifyAccessToken;
+exports.verifyRefreshToken = verifyRefreshToken;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+// Expiry values in seconds to satisfy jsonwebtoken's type requirements
+const DEFAULT_ACCESS_EXPIRY = 15 * 60; // 15 minutes
+const DEFAULT_REFRESH_EXPIRY = 7 * 24 * 60 * 60; // 7 days
+const REMEMBER_ME_EXPIRY = 30 * 24 * 60 * 60; // 30 days
+function parseExpiry(value, fallback) {
+    if (!value)
+        return fallback;
+    // Parse simple duration strings: "15m", "7d", "30d", "1h"
+    const match = value.match(/^(\d+)(s|m|h|d)$/);
+    if (!match)
+        return fallback;
+    const num = parseInt(match[1], 10);
+    const unit = match[2];
+    switch (unit) {
+        case 's': return num;
+        case 'm': return num * 60;
+        case 'h': return num * 3600;
+        case 'd': return num * 86400;
+        default: return fallback;
+    }
+}
+function signAccessToken(payload, config) {
+    return jsonwebtoken_1.default.sign(payload, config.jwtSecret, {
+        expiresIn: parseExpiry(config.jwtExpiresIn, DEFAULT_ACCESS_EXPIRY),
+    });
+}
+function signRefreshToken(payload, config) {
+    return jsonwebtoken_1.default.sign(payload, config.jwtRefreshSecret, {
+        expiresIn: parseExpiry(config.jwtRefreshExpiresIn, DEFAULT_REFRESH_EXPIRY),
+    });
+}
+function signRememberMeToken(payload, config) {
+    return jsonwebtoken_1.default.sign(payload, config.jwtRefreshSecret, {
+        expiresIn: REMEMBER_ME_EXPIRY,
+    });
+}
+function verifyAccessToken(token, config) {
+    const decoded = jsonwebtoken_1.default.verify(token, config.jwtSecret);
+    return {
+        userId: decoded.userId,
+        email: decoded.email,
+        role: decoded.role,
+        subscriptionTier: decoded.subscriptionTier,
+    };
+}
+function verifyRefreshToken(token, config) {
+    const decoded = jsonwebtoken_1.default.verify(token, config.jwtRefreshSecret);
+    return {
+        userId: decoded.userId,
+        email: decoded.email,
+        role: decoded.role,
+        subscriptionTier: decoded.subscriptionTier,
+    };
+}
+//# sourceMappingURL=jwt.js.map

package/dist/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../src/jwt.ts"],"names":[],"mappings":";;;;;AAwBA,0CAIC;AAED,4CAIC;AAED,kDAIC;AAED,8CAQC;AAED,gDAQC;AA5DD,gEAA+B;AAG/B,uEAAuE;AACvE,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,aAAa;AACpD,MAAM,sBAAsB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,SAAS;AAC1D,MAAM,kBAAkB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,UAAU;AAExD,SAAS,WAAW,CAAC,KAAyB,EAAE,QAAgB;IAC9D,IAAI,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAC5B,0DAA0D;IAC1D,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;IAC9C,IAAI,CAAC,KAAK;QAAE,OAAO,QAAQ,CAAC;IAC5B,MAAM,GAAG,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACtB,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,CAAC;QACrB,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC;QAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,GAAG,IAAI,CAAC;QAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,GAAG,KAAK,CAAC;QAC7B,OAAO,CAAC,CAAC,OAAO,QAAQ,CAAC;IAC3B,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAAC,OAAmB,EAAE,MAAkB;IACrE,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,EAAE;QACzC,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,YAAY,EAAE,qBAAqB,CAAC;KACnE,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,gBAAgB,CAAC,OAAmB,EAAE,MAAkB;IACtE,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,gBAAgB,EAAE;QAChD,SAAS,EAAE,WAAW,CAAC,MAAM,CAAC,mBAAmB,EAAE,sBAAsB,CAAC;KAC3E,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAmB,EAAE,MAAkB;IACzE,OAAO,sBAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,gBAAgB,EAAE;QAChD,SAAS,EAAE,kBAAkB;KAC9B,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,iBAAiB,CAAC,KAAa,EAAE,MAAkB;IACjE,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,SAAS,CAAgC,CAAC;IACnF,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;KAC3C,CAAC;AACJ,CAAC;AAED,SAAgB,kBAAkB,CAAC,KAAa,EAAE,MAAkB;IAClE,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,gBAAgB,CAAgC,CAAC;IAC1F,OAAO;QACL,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;KAC3C,CAAC;AACJ,CAAC"}

package/dist/middleware.d.ts

@@ -0,0 +1,29 @@
+import { Request, Response, NextFunction } from 'express';
+import { AuthConfig, JwtPayload, ApiKey } from './types';
+declare module 'express-serve-static-core' {
+    interface Request {
+        authUser?: JwtPayload;
+        apiKey?: ApiKey;
+    }
+}
+/**
+ * Middleware that validates a Bearer token from the Authorization header.
+ * On success, attaches the decoded JwtPayload to `req.user`.
+ */
+export declare function authenticateToken(config: AuthConfig): (req: Request, res: Response, next: NextFunction) => void;
+/**
+ * Middleware that validates an API key from the X-API-Key header.
+ * The `validateKey` callback should look up the hashed key in your DB.
+ */
+export declare function requireApiKey(validateKey: (key: string) => Promise<ApiKey | null>): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+/**
+ * Middleware that ensures the API key is scoped to a specific product.
+ * Must be used after `requireApiKey`.
+ */
+export declare function requireProduct(productSlug: string): (req: Request, res: Response, next: NextFunction) => void;
+/**
+ * Middleware that restricts access to specific user roles.
+ * Must be used after `authenticateToken`.
+ */
+export declare function requireRole(...roles: string[]): (req: Request, res: Response, next: NextFunction) => void;
+//# sourceMappingURL=middleware.d.ts.map

package/dist/middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE1D,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGzD,OAAO,QAAQ,2BAA2B,CAAC;IACzC,UAAU,OAAO;QACf,QAAQ,CAAC,EAAE,UAAU,CAAC;QACtB,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB;CACF;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,UAAU,IAC1C,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAkB/D;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAC3B,WAAW,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,IAEtC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CA4B9E;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,WAAW,EAAE,MAAM,IACxC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAa/D;AAED;;;GAGG;AACH,wBAAgB,WAAW,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,IACpC,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAa/D"}

package/dist/middleware.js

@@ -0,0 +1,94 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authenticateToken = authenticateToken;
+exports.requireApiKey = requireApiKey;
+exports.requireProduct = requireProduct;
+exports.requireRole = requireRole;
+const jwt_1 = require("./jwt");
+/**
+ * Middleware that validates a Bearer token from the Authorization header.
+ * On success, attaches the decoded JwtPayload to `req.user`.
+ */
+function authenticateToken(config) {
+    return (req, res, next) => {
+        const authHeader = req.headers.authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            res.status(401).json({ error: 'Missing or invalid Authorization header' });
+            return;
+        }
+        const token = authHeader.slice(7);
+        try {
+            const payload = (0, jwt_1.verifyAccessToken)(token, config);
+            req.authUser = payload;
+            next();
+        }
+        catch {
+            res.status(401).json({ error: 'Invalid or expired token' });
+        }
+    };
+}
+/**
+ * Middleware that validates an API key from the X-API-Key header.
+ * The `validateKey` callback should look up the hashed key in your DB.
+ */
+function requireApiKey(validateKey) {
+    return async (req, res, next) => {
+        const apiKey = req.headers['x-api-key'];
+        if (!apiKey) {
+            res.status(401).json({ error: 'Missing X-API-Key header' });
+            return;
+        }
+        try {
+            const keyRecord = await validateKey(apiKey);
+            if (!keyRecord) {
+                res.status(401).json({ error: 'Invalid API key' });
+                return;
+            }
+            // Check expiration
+            if (keyRecord.expiresAt && new Date(keyRecord.expiresAt) < new Date()) {
+                res.status(401).json({ error: 'API key has expired' });
+                return;
+            }
+            req.apiKey = keyRecord;
+            next();
+        }
+        catch {
+            res.status(500).json({ error: 'Failed to validate API key' });
+        }
+    };
+}
+/**
+ * Middleware that ensures the API key is scoped to a specific product.
+ * Must be used after `requireApiKey`.
+ */
+function requireProduct(productSlug) {
+    return (req, res, next) => {
+        if (!req.apiKey) {
+            res.status(401).json({ error: 'No API key context' });
+            return;
+        }
+        if (req.apiKey.productSlug !== productSlug) {
+            res.status(403).json({ error: `API key not authorized for product: ${productSlug}` });
+            return;
+        }
+        next();
+    };
+}
+/**
+ * Middleware that restricts access to specific user roles.
+ * Must be used after `authenticateToken`.
+ */
+function requireRole(...roles) {
+    return (req, res, next) => {
+        if (!req.authUser) {
+            res.status(401).json({ error: 'Not authenticated' });
+            return;
+        }
+        if (!roles.includes(req.authUser.role)) {
+            res.status(403).json({ error: 'Insufficient permissions' });
+            return;
+        }
+        next();
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/dist/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../src/middleware.ts"],"names":[],"mappings":";;AAgBA,8CAmBC;AAMD,sCA+BC;AAMD,wCAcC;AAMD,kCAcC;AA/GD,+BAA0C;AAW1C;;;GAGG;AACH,SAAgB,iBAAiB,CAAC,MAAkB;IAClD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;QAE7C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC,CAAC;YAC3E,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAElC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAA,uBAAiB,EAAC,KAAK,EAAE,MAAM,CAAC,CAAC;YACjD,GAAG,CAAC,QAAQ,GAAG,OAAO,CAAC;YACvB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAC3B,WAAoD;IAEpD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAuB,CAAC;QAE9D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;YAE5C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,mBAAmB;YACnB,IAAI,SAAS,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBACtE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,EAAE,CAAC,CAAC;gBACvD,OAAO;YACT,CAAC;YAED,GAAG,CAAC,MAAM,GAAG,SAAS,CAAC;YACvB,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,WAAmB;IAChD,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;YACtD,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YAC3C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uCAAuC,WAAW,EAAE,EAAE,CAAC,CAAC;YACtF,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW,CAAC,GAAG,KAAe;IAC5C,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;YACrD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YAC5D,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}

package/dist/oauth.d.ts

@@ -0,0 +1,16 @@
+import { AuthConfig } from './types';
+export interface OAuthProfile {
+    provider: 'google' | 'github';
+    providerId: string;
+    email: string;
+    name: string | null;
+    avatarUrl: string | null;
+}
+export type FindOrCreateUser = (profile: OAuthProfile) => Promise<{
+    id: string;
+    email: string;
+}>;
+export declare function configureGoogleStrategy(config: AuthConfig, findOrCreateUser: FindOrCreateUser): void;
+export declare function configureGithubStrategy(config: AuthConfig, findOrCreateUser: FindOrCreateUser): void;
+export declare function setupOAuth(config: AuthConfig, findOrCreateUser: FindOrCreateUser): void;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,MAAM,gBAAgB,GAAG,CAC7B,OAAO,EAAE,YAAY,KAClB,OAAO,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAE5C,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,UAAU,EAClB,gBAAgB,EAAE,gBAAgB,GACjC,IAAI,CAkCN;AAED,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,UAAU,EAClB,gBAAgB,EAAE,gBAAgB,GACjC,IAAI,CAuCN;AAED,wBAAgB,UAAU,CACxB,MAAM,EAAE,UAAU,EAClB,gBAAgB,EAAE,gBAAgB,GACjC,IAAI,CAON"}

package/dist/oauth.js

@@ -0,0 +1,78 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureGoogleStrategy = configureGoogleStrategy;
+exports.configureGithubStrategy = configureGithubStrategy;
+exports.setupOAuth = setupOAuth;
+const passport_1 = __importDefault(require("passport"));
+const passport_google_oauth20_1 = require("passport-google-oauth20");
+const passport_github2_1 = require("passport-github2");
+function configureGoogleStrategy(config, findOrCreateUser) {
+    if (!config.google)
+        return;
+    passport_1.default.use(new passport_google_oauth20_1.Strategy({
+        clientID: config.google.clientId,
+        clientSecret: config.google.clientSecret,
+        callbackURL: config.google.callbackUrl,
+        scope: ['profile', 'email'],
+    }, async (_accessToken, _refreshToken, profile, done) => {
+        try {
+            const email = profile.emails?.[0]?.value;
+            if (!email) {
+                return done(new Error('No email found in Google profile'));
+            }
+            const oauthProfile = {
+                provider: 'google',
+                providerId: profile.id,
+                email,
+                name: profile.displayName || null,
+                avatarUrl: profile.photos?.[0]?.value || null,
+            };
+            const user = await findOrCreateUser(oauthProfile);
+            return done(null, user);
+        }
+        catch (err) {
+            return done(err);
+        }
+    }));
+}
+function configureGithubStrategy(config, findOrCreateUser) {
+    if (!config.github)
+        return;
+    passport_1.default.use(new passport_github2_1.Strategy({
+        clientID: config.github.clientId,
+        clientSecret: config.github.clientSecret,
+        callbackURL: config.github.callbackUrl,
+        scope: ['user:email'],
+    }, async (_accessToken, _refreshToken, profile, done) => {
+        try {
+            const email = profile.emails?.[0]?.value;
+            if (!email) {
+                return done(new Error('No email found in GitHub profile'));
+            }
+            const oauthProfile = {
+                provider: 'github',
+                providerId: profile.id,
+                email,
+                name: profile.displayName || null,
+                avatarUrl: profile.photos?.[0]?.value || null,
+            };
+            const user = await findOrCreateUser(oauthProfile);
+            return done(null, user);
+        }
+        catch (err) {
+            return done(err);
+        }
+    }));
+}
+function setupOAuth(config, findOrCreateUser) {
+    if (config.google) {
+        configureGoogleStrategy(config, findOrCreateUser);
+    }
+    if (config.github) {
+        configureGithubStrategy(config, findOrCreateUser);
+    }
+}
+//# sourceMappingURL=oauth.js.map

package/dist/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":";;;;;AAiBA,0DAqCC;AAED,0DA0CC;AAED,gCAUC;AA9GD,wDAAgC;AAChC,qEAA+F;AAC/F,uDAA8D;AAe9D,SAAgB,uBAAuB,CACrC,MAAkB,EAClB,gBAAkC;IAElC,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,OAAO;IAE3B,kBAAQ,CAAC,GAAG,CACV,IAAI,kCAAc,CAChB;QACE,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;QAChC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY;QACxC,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW;QACtC,KAAK,EAAE,CAAC,SAAS,EAAE,OAAO,CAAC;KAC5B,EACD,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,OAAsB,EAAE,IAAI,EAAE,EAAE;QAClE,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;YACzC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,YAAY,GAAiB;gBACjC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,OAAO,CAAC,EAAE;gBACtB,KAAK;gBACL,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;gBACjC,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,IAAI;aAC9C,CAAC;YAEF,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAY,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CACF,CACF,CAAC;AACJ,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAkB,EAClB,gBAAkC;IAElC,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,OAAO;IAE3B,kBAAQ,CAAC,GAAG,CACV,IAAI,2BAAc,CAChB;QACE,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ;QAChC,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC,YAAY;QACxC,WAAW,EAAE,MAAM,CAAC,MAAM,CAAC,WAAW;QACtC,KAAK,EAAE,CAAC,YAAY,CAAC;KACtB,EACD,KAAK,EACH,YAAoB,EACpB,aAAqB,EACrB,OAAmH,EACnH,IAAuE,EACvE,EAAE;QACF,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;YACzC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,IAAI,CAAC,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC,CAAC;YAC7D,CAAC;YAED,MAAM,YAAY,GAAiB;gBACjC,QAAQ,EAAE,QAAQ;gBAClB,UAAU,EAAE,OAAO,CAAC,EAAE;gBACtB,KAAK;gBACL,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,IAAI;gBACjC,SAAS,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,IAAI,IAAI;aAC9C,CAAC;YAEF,MAAM,IAAI,GAAG,MAAM,gBAAgB,CAAC,YAAY,CAAC,CAAC;YAClD,OAAO,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC1B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,GAAY,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC,CACF,CACF,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CACxB,MAAkB,EAClB,gBAAkC;IAElC,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,uBAAuB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACpD,CAAC;IACD,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QAClB,uBAAuB,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACpD,CAAC;AACH,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,9 @@
+import { SessionData } from './types';
+export interface SessionStore {
+    create(sessionData: SessionData): Promise<string>;
+    get(sessionId: string): Promise<SessionData | null>;
+    destroy(sessionId: string): Promise<void>;
+    destroyAllForUser(userId: string): Promise<void>;
+}
+export declare function createSessionStore(redisUrl: string): SessionStore;
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAMtC,MAAM,WAAW,YAAY;IAC3B,MAAM,CAAC,WAAW,EAAE,WAAW,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IACpD,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAClD;AAED,wBAAgB,kBAAkB,CAAC,QAAQ,EAAE,MAAM,GAAG,YAAY,CA8DjE"}