@fragno-dev/auth 0.0.14

package/dist/node/index.js

@@ -0,0 +1,677 @@
+import { defineFragment, defineRoute, defineRoutes, instantiate } from "@fragno-dev/core";
+import { createClientBuilder } from "@fragno-dev/core/client";
+import { withDatabase } from "@fragno-dev/db";
+import { column, idColumn, referenceColumn, schema } from "@fragno-dev/db/schema";
+import { z } from "zod";
+import { decodeCursor } from "@fragno-dev/db/cursor";
+
+//#region src/schema.ts
+const authSchema = schema("auth", (s) => {
+	return s.addTable("user", (t) => {
+		return t.addColumn("id", idColumn()).addColumn("email", column("string")).addColumn("passwordHash", column("string")).addColumn("role", column("string").defaultTo("user")).addColumn("createdAt", column("timestamp").defaultTo((b) => b.now())).createIndex("idx_user_email", ["email"]).createIndex("idx_user_id", ["id"], { unique: true });
+	}).addTable("session", (t) => {
+		return t.addColumn("id", idColumn()).addColumn("userId", referenceColumn()).addColumn("expiresAt", column("timestamp")).addColumn("createdAt", column("timestamp").defaultTo((b) => b.now())).createIndex("idx_session_user", ["userId"]);
+	}).addReference("sessionOwner", {
+		from: {
+			table: "session",
+			column: "userId"
+		},
+		to: {
+			table: "user",
+			column: "id"
+		},
+		type: "one"
+	}).alterTable("user", (t) => {
+		return t.createIndex("idx_user_createdAt", ["createdAt"]);
+	});
+});
+
+//#endregion
+//#region src/user/password.ts
+async function hashPassword(password) {
+	const encoder = new TextEncoder();
+	const salt = crypto.getRandomValues(new Uint8Array(16));
+	const iterations = 1e5;
+	const keyMaterial = await crypto.subtle.importKey("raw", encoder.encode(password), "PBKDF2", false, ["deriveBits"]);
+	const hashBuffer = await crypto.subtle.deriveBits({
+		name: "PBKDF2",
+		salt,
+		iterations,
+		hash: "SHA-256"
+	}, keyMaterial, 256);
+	const hashArray = Array.from(new Uint8Array(hashBuffer));
+	const saltArray = Array.from(salt);
+	return `${saltArray.map((b) => b.toString(16).padStart(2, "0")).join("")}:${iterations}:${hashArray.map((b) => b.toString(16).padStart(2, "0")).join("")}`;
+}
+async function verifyPassword(password, storedHash) {
+	const parts = storedHash.split(":");
+	if (parts.length !== 3) return false;
+	const [saltHex, iterationsStr, hashHex] = parts;
+	const iterations = Number.parseInt(iterationsStr, 10);
+	const isHex = (value) => /^[0-9a-f]+$/i.test(value) && value.length % 2 === 0;
+	if (!saltHex || !hashHex || !isHex(saltHex) || !isHex(hashHex)) return false;
+	if (!Number.isFinite(iterations) || iterations <= 0) return false;
+	const saltPairs = saltHex.match(/.{1,2}/g);
+	const hashPairs = hashHex.match(/.{1,2}/g);
+	if (!saltPairs || !hashPairs) return false;
+	const salt = new Uint8Array(saltPairs.map((byte) => Number.parseInt(byte, 16)));
+	const storedHashBytes = new Uint8Array(hashPairs.map((byte) => Number.parseInt(byte, 16)));
+	const encoder = new TextEncoder();
+	const keyMaterial = await crypto.subtle.importKey("raw", encoder.encode(password), "PBKDF2", false, ["deriveBits"]);
+	const hashBuffer = await crypto.subtle.deriveBits({
+		name: "PBKDF2",
+		salt,
+		iterations,
+		hash: "SHA-256"
+	}, keyMaterial, 256);
+	const hashArray = new Uint8Array(hashBuffer);
+	if (hashArray.length !== storedHashBytes.length) return false;
+	let isEqual = true;
+	for (let i = 0; i < hashArray.length; i++) if (hashArray[i] !== storedHashBytes[i]) isEqual = false;
+	return isEqual;
+}
+
+//#endregion
+//#region src/utils/cookie.ts
+/**
+* Cookie utilities for session management
+*/
+const COOKIE_NAME = "sessionid";
+const MAX_AGE = 2592e3;
+/**
+* Parse cookies from a Cookie header string
+*/
+function parseCookies(cookieHeader) {
+	if (!cookieHeader) return {};
+	const cookies = {};
+	const pairs = cookieHeader.split(";");
+	for (const pair of pairs) {
+		const [key, ...valueParts] = pair.split("=");
+		const trimmedKey = key?.trim();
+		const value = valueParts.join("=").trim();
+		if (trimmedKey) cookies[trimmedKey] = decodeURIComponent(value);
+	}
+	return cookies;
+}
+/**
+* Build a Set-Cookie header string with security attributes
+*/
+function buildSetCookieHeader(value, options = {}) {
+	const { httpOnly = true, secure = true, sameSite = "Strict", maxAge = MAX_AGE, path = "/" } = options;
+	const effectiveSecure = sameSite === "None" ? true : secure;
+	const parts = [
+		`${COOKIE_NAME}=${encodeURIComponent(value)}`,
+		`Max-Age=${maxAge}`,
+		`Path=${path}`
+	];
+	if (httpOnly) parts.push("HttpOnly");
+	if (effectiveSecure) parts.push("Secure");
+	if (sameSite) parts.push(`SameSite=${sameSite}`);
+	return parts.join("; ");
+}
+/**
+* Build a Set-Cookie header to clear the session cookie
+*/
+function buildClearCookieHeader(options = {}) {
+	return buildSetCookieHeader("", {
+		...options,
+		maxAge: 0
+	});
+}
+/**
+* Extract session ID from headers, checking cookies first, then query/body
+*/
+function extractSessionId(headers, queryParam, bodySessionId) {
+	const cookieHeader = headers.get("Cookie");
+	const cookies = parseCookies(cookieHeader);
+	const sessionIdFromCookie = cookies[COOKIE_NAME];
+	if (sessionIdFromCookie) return sessionIdFromCookie;
+	if (queryParam) return queryParam;
+	if (bodySessionId) return bodySessionId;
+	return null;
+}
+
+//#endregion
+//#region src/user/user-actions.ts
+function createUserServices() {
+	return {
+		createUser: function(email, passwordHash, role = "user") {
+			return this.serviceTx(authSchema).mutate(({ uow }) => {
+				const id = uow.create("user", {
+					email,
+					passwordHash,
+					role
+				});
+				return {
+					id: id.valueOf(),
+					email,
+					role
+				};
+			}).build();
+		},
+		getUserByEmail: function(email) {
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("user", (b) => b.whereIndex("idx_user_email", (eb) => eb("email", "=", email)))).transformRetrieve(([user]) => user ? {
+				id: user.id.valueOf(),
+				email: user.email,
+				passwordHash: user.passwordHash,
+				role: user.role
+			} : null).build();
+		},
+		updateUserRole: function(userId, role) {
+			return this.serviceTx(authSchema).mutate(({ uow }) => {
+				uow.update("user", userId, (b) => b.set({ role }));
+				return { success: true };
+			}).build();
+		},
+		updateUserPassword: function(userId, passwordHash) {
+			return this.serviceTx(authSchema).mutate(({ uow }) => {
+				uow.update("user", userId, (b) => b.set({ passwordHash }));
+				return { success: true };
+			}).build();
+		},
+		signUpWithSession: function(email, passwordHash) {
+			const expiresAt = new Date();
+			expiresAt.setDate(expiresAt.getDate() + 30);
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("user", (b) => b.whereIndex("idx_user_email", (eb) => eb("email", "=", email)))).mutate(({ uow, retrieveResult: [existingUser] }) => {
+				if (existingUser) return {
+					ok: false,
+					code: "email_already_exists"
+				};
+				const userId = uow.create("user", {
+					email,
+					passwordHash,
+					role: "user"
+				});
+				const sessionId = uow.create("session", {
+					userId,
+					expiresAt
+				});
+				return {
+					ok: true,
+					sessionId: sessionId.valueOf(),
+					userId: userId.valueOf(),
+					email,
+					role: "user"
+				};
+			}).build();
+		},
+		updateUserRoleWithSession: function(sessionId, userId, role) {
+			const now = new Date();
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("session", (b) => b.whereIndex("primary", (eb) => eb("id", "=", sessionId)).join((j) => j.sessionOwner((b$1) => b$1.select([
+				"id",
+				"email",
+				"role"
+			]))))).mutate(({ uow, retrieveResult: [session] }) => {
+				if (!session || !session.sessionOwner) return {
+					ok: false,
+					code: "session_invalid"
+				};
+				if (session.expiresAt < now) {
+					uow.delete("session", session.id, (b) => b.check());
+					return {
+						ok: false,
+						code: "session_invalid"
+					};
+				}
+				if (session.sessionOwner.role !== "admin") return {
+					ok: false,
+					code: "permission_denied"
+				};
+				uow.update("user", userId, (b) => b.set({ role }));
+				return { ok: true };
+			}).build();
+		},
+		changePasswordWithSession: function(sessionId, passwordHash) {
+			const now = new Date();
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("session", (b) => b.whereIndex("primary", (eb) => eb("id", "=", sessionId)).join((j) => j.sessionOwner((b$1) => b$1.select([
+				"id",
+				"email",
+				"role"
+			]))))).mutate(({ uow, retrieveResult: [session] }) => {
+				if (!session || !session.sessionOwner) return {
+					ok: false,
+					code: "session_invalid"
+				};
+				if (session.expiresAt < now) {
+					uow.delete("session", session.id, (b) => b.check());
+					return {
+						ok: false,
+						code: "session_invalid"
+					};
+				}
+				uow.update("user", session.sessionOwner.id, (b) => b.set({ passwordHash }).check());
+				return { ok: true };
+			}).build();
+		}
+	};
+}
+const userActionsRoutesFactory = defineRoutes().create(({ services, config }) => {
+	return [
+		defineRoute({
+			method: "PATCH",
+			path: "/users/:userId/role",
+			inputSchema: z.object({ role: z.enum(["user", "admin"]) }),
+			outputSchema: z.object({ success: z.boolean() }),
+			errorCodes: [
+				"invalid_input",
+				"session_invalid",
+				"permission_denied"
+			],
+			handler: async function({ input, pathParams, headers, query }, { json, error }) {
+				const { role } = await input.valid();
+				const { userId } = pathParams;
+				const sessionId = extractSessionId(headers, query.get("sessionId"));
+				if (!sessionId) return error({
+					message: "Session ID required",
+					code: "session_invalid"
+				}, 400);
+				const [result] = await this.handlerTx().withServiceCalls(() => [services.updateUserRoleWithSession(sessionId, userId, role)]).execute();
+				if (!result.ok) {
+					if (result.code === "permission_denied") return error({
+						message: "Unauthorized",
+						code: "permission_denied"
+					}, 401);
+					return error({
+						message: "Invalid session",
+						code: "session_invalid"
+					}, 401);
+				}
+				return json({ success: true });
+			}
+		}),
+		defineRoute({
+			method: "POST",
+			path: "/sign-up",
+			inputSchema: z.object({
+				email: z.email(),
+				password: z.string().min(8).max(100)
+			}),
+			outputSchema: z.object({
+				sessionId: z.string(),
+				userId: z.string(),
+				email: z.string(),
+				role: z.enum(["user", "admin"])
+			}),
+			errorCodes: ["email_already_exists", "invalid_input"],
+			handler: async function({ input }, { json, error }) {
+				const { email, password } = await input.valid();
+				const passwordHash = await hashPassword(password);
+				const [result] = await this.handlerTx().withServiceCalls(() => [services.signUpWithSession(email, passwordHash)]).execute();
+				if (!result.ok) return error({
+					message: "Email already exists",
+					code: "email_already_exists"
+				}, 400);
+				const setCookieHeader = buildSetCookieHeader(result.sessionId, config.cookieOptions);
+				return json({
+					sessionId: result.sessionId,
+					userId: result.userId,
+					email: result.email,
+					role: result.role
+				}, { headers: { "Set-Cookie": setCookieHeader } });
+			}
+		}),
+		defineRoute({
+			method: "POST",
+			path: "/sign-in",
+			inputSchema: z.object({
+				email: z.email(),
+				password: z.string().min(8).max(100)
+			}),
+			outputSchema: z.object({
+				sessionId: z.string(),
+				userId: z.string(),
+				email: z.string(),
+				role: z.enum(["user", "admin"])
+			}),
+			errorCodes: ["invalid_credentials"],
+			handler: async function({ input }, { json, error }) {
+				const { email, password } = await input.valid();
+				const [user] = await this.handlerTx().withServiceCalls(() => [services.getUserByEmail(email)]).execute();
+				if (!user) return error({
+					message: "Invalid credentials",
+					code: "invalid_credentials"
+				}, 401);
+				const isValid = await verifyPassword(password, user.passwordHash);
+				if (!isValid) return error({
+					message: "Invalid credentials",
+					code: "invalid_credentials"
+				}, 401);
+				const [session] = await this.handlerTx().withServiceCalls(() => [services.createSession(user.id)]).execute();
+				const setCookieHeader = buildSetCookieHeader(session.id, config.cookieOptions);
+				return json({
+					sessionId: session.id,
+					userId: user.id,
+					email: user.email,
+					role: user.role
+				}, { headers: { "Set-Cookie": setCookieHeader } });
+			}
+		}),
+		defineRoute({
+			method: "POST",
+			path: "/change-password",
+			inputSchema: z.object({ newPassword: z.string().min(8).max(100) }),
+			outputSchema: z.object({ success: z.boolean() }),
+			errorCodes: ["session_invalid"],
+			handler: async function({ input, headers, query }, { json, error }) {
+				const { newPassword } = await input.valid();
+				const sessionId = extractSessionId(headers, query.get("sessionId"));
+				if (!sessionId) return error({
+					message: "Session ID required",
+					code: "session_invalid"
+				}, 400);
+				const passwordHash = await hashPassword(newPassword);
+				const [result] = await this.handlerTx().withServiceCalls(() => [services.changePasswordWithSession(sessionId, passwordHash)]).execute();
+				if (!result.ok) return error({
+					message: "Invalid session",
+					code: "session_invalid"
+				}, 401);
+				return json({ success: true });
+			}
+		})
+	];
+});
+
+//#endregion
+//#region src/session/session.ts
+function createSessionServices(cookieOptions) {
+	const services = {
+		buildSessionCookie: function(sessionId) {
+			return buildSetCookieHeader(sessionId, cookieOptions);
+		},
+		createSession: function(userId) {
+			const expiresAt = new Date();
+			expiresAt.setDate(expiresAt.getDate() + 30);
+			return this.serviceTx(authSchema).mutate(({ uow }) => {
+				const id = uow.create("session", {
+					userId,
+					expiresAt
+				});
+				return {
+					id: id.valueOf(),
+					userId,
+					expiresAt
+				};
+			}).build();
+		},
+		validateSession: function(sessionId) {
+			const now = new Date();
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("session", (b) => b.whereIndex("primary", (eb) => eb("id", "=", sessionId)).join((j) => j.sessionOwner((b$1) => b$1.select([
+				"id",
+				"email",
+				"role"
+			]))))).mutate(({ uow, retrieveResult: [session] }) => {
+				if (!session) return null;
+				if (session.expiresAt < now) {
+					uow.delete("session", session.id, (b) => b.check());
+					return null;
+				}
+				if (!session.sessionOwner) return null;
+				return {
+					id: session.id.valueOf(),
+					userId: session.userId,
+					user: {
+						id: session.sessionOwner.id.valueOf(),
+						email: session.sessionOwner.email,
+						role: session.sessionOwner.role
+					}
+				};
+			}).build();
+		},
+		invalidateSession: function(sessionId) {
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("session", (b) => b.whereIndex("primary", (eb) => eb("id", "=", sessionId)))).mutate(({ uow, retrieveResult: [session] }) => {
+				if (!session) return false;
+				uow.delete("session", session.id, (b) => b.check());
+				return true;
+			}).build();
+		},
+		getSession: function(headers) {
+			const sessionId = extractSessionId(headers);
+			const now = new Date();
+			return this.serviceTx(authSchema).retrieve((uow) => uow.findFirst("session", (b) => b.whereIndex("primary", (eb) => eb("id", "=", sessionId ?? "")).join((j) => j.sessionOwner((b$1) => b$1.select([
+				"id",
+				"email",
+				"role"
+			]))))).mutate(({ uow, retrieveResult: [session] }) => {
+				if (!session || !sessionId) return void 0;
+				if (session.expiresAt < now) {
+					uow.delete("session", session.id, (b) => b.check());
+					return void 0;
+				}
+				if (!session.sessionOwner) return void 0;
+				return {
+					userId: session.sessionOwner.id.valueOf(),
+					email: session.sessionOwner.email
+				};
+			}).build();
+		}
+	};
+	return services;
+}
+const sessionRoutesFactory = defineRoutes().create(({ services, config }) => {
+	return [defineRoute({
+		method: "POST",
+		path: "/sign-out",
+		inputSchema: z.object({ sessionId: z.string().optional() }).optional(),
+		outputSchema: z.object({ success: z.boolean() }),
+		errorCodes: ["session_not_found"],
+		handler: async function({ input, headers }, { json, error }) {
+			const body = await input.valid();
+			const sessionId = extractSessionId(headers, null, body?.sessionId);
+			if (!sessionId) return error({
+				message: "Session ID required",
+				code: "session_not_found"
+			}, 400);
+			const [success] = await this.handlerTx().withServiceCalls(() => [services.invalidateSession(sessionId)]).execute();
+			const clearCookieHeader = buildClearCookieHeader(config.cookieOptions ?? {});
+			if (!success) return json({ success: false }, { headers: { "Set-Cookie": clearCookieHeader } });
+			return json({ success: true }, { headers: { "Set-Cookie": clearCookieHeader } });
+		}
+	}), defineRoute({
+		method: "GET",
+		path: "/me",
+		queryParameters: ["sessionId"],
+		outputSchema: z.object({
+			userId: z.string(),
+			email: z.string(),
+			role: z.enum(["user", "admin"])
+		}),
+		errorCodes: ["session_invalid"],
+		handler: async function({ query, headers }, { json, error }) {
+			const sessionId = extractSessionId(headers, query.get("sessionId"));
+			if (!sessionId) return error({
+				message: "Session ID required",
+				code: "session_invalid"
+			}, 400);
+			const [session] = await this.handlerTx().withServiceCalls(() => [services.validateSession(sessionId)]).execute();
+			if (!session) return error({
+				message: "Invalid session",
+				code: "session_invalid"
+			}, 401);
+			return json({
+				userId: session.user.id,
+				email: session.user.email,
+				role: session.user.role
+			});
+		}
+	})];
+});
+
+//#endregion
+//#region src/user/user-overview.ts
+function createUserOverviewServices() {
+	const mapUser = (user) => ({
+		id: String(user.id),
+		email: user.email,
+		role: user.role,
+		createdAt: user.createdAt
+	});
+	return { getUsersWithCursor: function(params) {
+		const { search, sortBy, sortOrder, pageSize, cursor } = params;
+		const effectiveSortBy = search ? "email" : sortBy;
+		const indexName = effectiveSortBy === "email" ? "idx_user_email" : "idx_user_createdAt";
+		const effectiveSortOrder = cursor ? cursor.orderDirection : sortOrder;
+		const effectivePageSize = cursor ? cursor.pageSize : pageSize;
+		return this.serviceTx(authSchema).retrieve((uow) => uow.findWithCursor("user", (b) => {
+			if (search) {
+				const query$1 = b.whereIndex("idx_user_email", (eb) => eb("email", "contains", search)).orderByIndex("idx_user_email", effectiveSortOrder).pageSize(effectivePageSize);
+				return cursor ? query$1.after(cursor) : query$1;
+			}
+			const query = b.whereIndex(indexName).orderByIndex(indexName, effectiveSortOrder).pageSize(effectivePageSize);
+			return cursor ? query.after(cursor) : query;
+		})).transformRetrieve(([result]) => ({
+			users: result.items.map(mapUser),
+			cursor: result.cursor,
+			hasNextPage: result.hasNextPage
+		})).build();
+	} };
+}
+const sortBySchema = z.enum(["email", "createdAt"]);
+const sortOrderSchema = z.enum(["asc", "desc"]);
+const userOverviewRoutesFactory = defineRoutes().create(({ services }) => {
+	const querySchema = z.object({
+		search: z.string().optional(),
+		sortBy: sortBySchema.default("createdAt"),
+		sortOrder: sortOrderSchema.default("desc"),
+		pageSize: z.coerce.number().int().min(1).max(100).default(20)
+	});
+	const parseCursor = (cursorParam) => {
+		if (!cursorParam) return void 0;
+		try {
+			return decodeCursor(cursorParam);
+		} catch {
+			return void 0;
+		}
+	};
+	return [defineRoute({
+		method: "GET",
+		path: "/users",
+		queryParameters: [
+			"search",
+			"sortBy",
+			"sortOrder",
+			"pageSize",
+			"cursor"
+		],
+		outputSchema: z.object({
+			users: z.array(z.object({
+				id: z.string(),
+				email: z.string(),
+				role: z.enum(["user", "admin"]),
+				createdAt: z.string()
+			})),
+			cursor: z.string().optional(),
+			hasNextPage: z.boolean(),
+			sortBy: sortBySchema
+		}),
+		errorCodes: ["invalid_input"],
+		handler: async function({ query }, { json, error }) {
+			const parsed = querySchema.safeParse(Object.fromEntries(query.entries()));
+			if (!parsed.success) return error({
+				message: "Invalid query parameters",
+				code: "invalid_input"
+			}, 400);
+			const rawSearch = parsed.data.search?.trim();
+			const search = rawSearch ? rawSearch : void 0;
+			const sortBy = search ? "email" : parsed.data.sortBy;
+			const params = {
+				search,
+				sortBy,
+				sortOrder: parsed.data.sortOrder,
+				pageSize: parsed.data.pageSize
+			};
+			const cursor = parseCursor(query.get("cursor"));
+			const [result] = await this.handlerTx().withServiceCalls(() => [services.getUsersWithCursor({
+				...params,
+				cursor
+			})]).execute();
+			return json({
+				users: result.users.map((user) => ({
+					id: user.id,
+					email: user.email,
+					role: user.role,
+					createdAt: user.createdAt.toISOString()
+				})),
+				cursor: result.cursor?.encode(),
+				hasNextPage: result.hasNextPage,
+				sortBy: params.sortBy
+			});
+		}
+	})];
+});
+
+//#endregion
+//#region src/index.ts
+const authFragmentDefinition = defineFragment("auth").extend(withDatabase(authSchema)).providesBaseService(({ defineService, config }) => {
+	return defineService({
+		...createUserServices(),
+		...createSessionServices(config.cookieOptions),
+		...createUserOverviewServices()
+	});
+}).build();
+function createAuthFragment(config = {}, fragnoConfig) {
+	const options = {
+		...fragnoConfig,
+		databaseNamespace: fragnoConfig.databaseNamespace !== void 0 ? fragnoConfig.databaseNamespace : "simple-auth-db"
+	};
+	return instantiate(authFragmentDefinition).withConfig(config).withOptions(options).withRoutes([
+		userActionsRoutesFactory,
+		sessionRoutesFactory,
+		userOverviewRoutesFactory
+	]).build();
+}
+function createAuthFragmentClients(fragnoConfig) {
+	const config = { ...fragnoConfig };
+	const b = createClientBuilder(authFragmentDefinition, config, [
+		userActionsRoutesFactory,
+		sessionRoutesFactory,
+		userOverviewRoutesFactory
+	], {
+		type: "options",
+		options: { credentials: "include" }
+	});
+	const useMe = b.createHook("/me");
+	const useSignUp = b.createMutator("POST", "/sign-up");
+	const useSignIn = b.createMutator("POST", "/sign-in");
+	const useSignOut = b.createMutator("POST", "/sign-out", (invalidate) => {
+		invalidate("GET", "/me", {});
+		invalidate("GET", "/users", {});
+	});
+	const useUsers = b.createHook("/users");
+	const useUpdateUserRole = b.createMutator("PATCH", "/users/:userId/role", (invalidate) => {
+		invalidate("GET", "/users", {});
+		invalidate("GET", "/me", {});
+	});
+	const useChangePassword = b.createMutator("POST", "/change-password");
+	return {
+		useSignUp,
+		useSignIn,
+		useSignOut,
+		useMe,
+		useUsers,
+		useUpdateUserRole,
+		useChangePassword,
+		signIn: { email: async ({ email, password, rememberMe: _rememberMe }) => {
+			return useSignIn.mutateQuery({ body: {
+				email,
+				password
+			} });
+		} },
+		signUp: { email: async ({ email, password }) => {
+			return useSignUp.mutateQuery({ body: {
+				email,
+				password
+			} });
+		} },
+		signOut: (params) => {
+			return useSignOut.mutateQuery({ body: params?.sessionId ? { sessionId: params.sessionId } : {} });
+		},
+		me: async (params) => {
+			if (params?.sessionId) return useMe.query({ query: { sessionId: params.sessionId } });
+			return useMe.query();
+		}
+	};
+}
+
+//#endregion
+export { authFragmentDefinition, createAuthFragment, createAuthFragmentClients };
+//# sourceMappingURL=index.js.map