npm - @glw907/cairn-cms - Versions diffs - 0.3.1 → 0.5.0 - Mend

@glw907/cairn-cms 0.3.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/README.md +17 -9
package/dist/adapter.d.ts +10 -1
package/dist/adapter.d.ts.map +1 -1
package/dist/auth/admins.d.ts +33 -0
package/dist/auth/admins.d.ts.map +1 -0
package/dist/auth/admins.js +90 -0
package/dist/auth/config.d.ts +2097 -0
package/dist/auth/config.d.ts.map +1 -0
package/dist/auth/config.js +78 -0
package/dist/auth/guard.d.ts +34 -0
package/dist/auth/guard.d.ts.map +1 -0
package/dist/auth/guard.js +47 -0
package/dist/auth/index.d.ts +4 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +6 -0
package/dist/auth/schema.d.ts +750 -0
package/dist/auth/schema.d.ts.map +1 -0
package/dist/auth/schema.js +93 -0
package/dist/carta.d.ts +1 -1
package/dist/carta.d.ts.map +1 -1
package/dist/components/AdminLayout.svelte +9 -9
package/dist/components/AdminLayout.svelte.d.ts +2 -2
package/dist/components/AdminLayout.svelte.d.ts.map +1 -1
package/dist/components/AdminList.svelte +1 -1
package/dist/components/ConfirmPage.svelte +31 -0
package/dist/components/ConfirmPage.svelte.d.ts +11 -0
package/dist/components/ConfirmPage.svelte.d.ts.map +1 -0
package/dist/components/EditPage.svelte +5 -5
package/dist/components/LoginPage.svelte +35 -18
package/dist/components/LoginPage.svelte.d.ts +0 -2
package/dist/components/LoginPage.svelte.d.ts.map +1 -1
package/dist/components/ManageAdmins.svelte +1 -1
package/dist/components/ManageAdmins.svelte.d.ts +1 -1
package/dist/components/ManageAdmins.svelte.d.ts.map +1 -1
package/dist/components/index.d.ts +1 -0
package/dist/components/index.d.ts.map +1 -1
package/dist/components/index.js +1 -0
package/dist/email.d.ts.map +1 -1
package/dist/email.js +19 -11
package/dist/github.d.ts +22 -2
package/dist/github.d.ts.map +1 -1
package/dist/github.js +40 -5
package/dist/index.d.ts +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/index.js +3 -2
package/dist/render/glyph.d.ts +6 -0
package/dist/render/glyph.d.ts.map +1 -0
package/dist/render/glyph.js +5 -0
package/dist/render/index.d.ts +6 -0
package/dist/render/index.d.ts.map +1 -0
package/dist/render/index.js +8 -0
package/dist/render/pipeline.d.ts +16 -0
package/dist/render/pipeline.d.ts.map +1 -0
package/dist/render/pipeline.js +29 -0
package/dist/render/registry.d.ts +28 -0
package/dist/render/registry.d.ts.map +1 -0
package/dist/render/registry.js +11 -0
package/dist/render/rehype-dispatch.d.ts +24 -0
package/dist/render/rehype-dispatch.d.ts.map +1 -0
package/dist/render/rehype-dispatch.js +86 -0
package/dist/render/remark-directives.d.ts +4 -0
package/dist/render/remark-directives.d.ts.map +1 -0
package/dist/render/remark-directives.js +74 -0
package/dist/sveltekit/index.d.ts +20 -58
package/dist/sveltekit/index.d.ts.map +1 -1
package/dist/sveltekit/index.js +35 -152
package/dist/utils.d.ts +1 -1
package/dist/utils.d.ts.map +1 -1
package/dist/utils.js +2 -2
package/package.json +48 -6
package/src/lib/adapter.ts +12 -3
package/src/lib/auth/admins.ts +106 -0
package/src/lib/auth/config.ts +108 -0
package/src/lib/auth/guard.ts +60 -0
package/src/lib/auth/index.ts +6 -0
package/src/lib/auth/schema.ts +112 -0
package/src/lib/carta.ts +2 -2
package/src/lib/components/AdminLayout.svelte +9 -9
package/src/lib/components/AdminList.svelte +1 -1
package/src/lib/components/ConfirmPage.svelte +31 -0
package/src/lib/components/EditPage.svelte +5 -5
package/src/lib/components/LoginPage.svelte +35 -18
package/src/lib/components/ManageAdmins.svelte +1 -1
package/src/lib/components/index.ts +1 -0
package/src/lib/email.ts +18 -11
package/src/lib/github.ts +38 -6
package/src/lib/index.ts +3 -2
package/src/lib/render/glyph.ts +14 -0
package/src/lib/render/index.ts +8 -0
package/src/lib/render/pipeline.ts +37 -0
package/src/lib/render/registry.ts +36 -0
package/src/lib/render/rehype-dispatch.ts +97 -0
package/src/lib/render/remark-directives.ts +71 -0
package/src/lib/sveltekit/index.ts +59 -227
package/src/lib/utils.ts +2 -2
package/dist/auth.d.ts +0 -25
package/dist/auth.d.ts.map +0 -1
package/dist/auth.js +0 -132
package/src/lib/auth.ts +0 -185

package/dist/auth/config.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/lib/auth/config.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAK9D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAC5D,OAAO,EAAiB,KAAK,WAAW,EAAE,MAAM,UAAU,CAAC;AAU3D,2FAA2F;AAC3F,MAAM,WAAW,OAAO;IACtB,OAAO,CAAC,EAAE,UAAU,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yEAAyE;IACzE,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4FAA4F;IAC5F,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,qFAAqF;AACrF,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,+DAA+D;IAC/D,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,0FAA0F;AAC1F,KAAK,SAAS,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC;AAEtD;;;;;;;;GAQG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE;IAC9B,QAAQ,EAAE,SAAS,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;IAC3B,QAAQ,EAAE,YAAY,CAAC;IACvB,QAAQ,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAmD0S,CAAC;;;;;;;;;6BAAsN,CAAC;6BAA8C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;qCA5Fxe,CAAC;;;;;;;;;yCASpE,CAAC;;;;;;;;;;;;;;;yCAUF,CAAA;yCAAoD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCA2BtC,CAAC;qCAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAgCJ,CAAF;qCAEE,CAAD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAUu4E,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAsmC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAg3F,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA28C,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA20C,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAkvC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAo6B,CAAC;6BAA8C,CAAC;;;;;;;;;;;;;;;6BAAqY,CAAC;6BAA8C,CAAC;;;;;;;;;yBAA0O,CAAC;;;;;;;;;;;;;;;;;;qCAA2nB,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA0vC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAyuC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAwxC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA1Bz1hB;AAED;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;yBAkB4O,CAAC;;;;;;;;;6BAAsN,CAAC;6BAA8C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;qCA5Fxe,CAAC;;;;;;;;;yCASpE,CAAC;;;;;;;;;;;;;;;yCAUF,CAAA;yCAAoD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCA2BtC,CAAC;qCAEf,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAgCJ,CAAF;qCAEE,CAAD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAUu4E,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAsmC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAg3F,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA28C,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA20C,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAkvC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BAAo6B,CAAC;6BAA8C,CAAC;;;;;;;;;;;;;;;6BAAqY,CAAC;6BAA8C,CAAC;;;;;;;;;yBAA0O,CAAC;;;;;;;;;;;;;;;;;;qCAA2nB,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAA0vC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAyuC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAAwxC,CAAC;qCAAkD,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAHz1hB;AAED,MAAM,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAC"}

package/dist/auth/config.js ADDED Viewed

@@ -0,0 +1,78 @@
+// cairn-core: the better-auth instance. Auth is engine code (engine-fat rule), so the whole
+// config lives here: Drizzle/D1 adapter, magic-link (POST-confirm-shaped send), admin roles.
+// Instantiated PER REQUEST in hooks.server.ts (the D1 binding is request-scoped); the factory
+// is cheap (no I/O at construction).
+import { betterAuth } from 'better-auth';
+import { drizzleAdapter } from 'better-auth/adapters/drizzle';
+import { drizzle } from 'drizzle-orm/d1';
+import { magicLink, admin } from 'better-auth/plugins';
+import { createAccessControl } from 'better-auth/plugins/access';
+import { defaultStatements } from 'better-auth/plugins/admin/access';
+import { sendMagicLink } from '../email';
+import * as schema from './schema';
+// Two-tier roles on the admin plugin's access-control system: `owner` holds every admin
+// statement (manage editors, revoke sessions); `editor` holds none (content-only). `adminRoles`
+// must name a role defined here, so owner (not the plugin's built-in `admin`) is the gate.
+const ac = createAccessControl(defaultStatements);
+const owner = ac.newRole(defaultStatements);
+const editor = ac.newRole({});
+/**
+ * The shared better-auth config. Kept separate from `createAuth` so the test harness can run
+ * the EXACT plugin set (allowlist semantics, expiry, POST-confirm send) over an in-memory
+ * SQLite instead of D1. `disableSignUp:true` makes the `user` table the editor allowlist:
+ * magic-link never auto-creates, so the only way in is the owner-gated admin `createUser`
+ * (see auth/admins.ts). `adminRoles:['owner']` lets owners (not the default `admin` role)
+ * drive the admin API. Tokens are stored hashed and consumed atomically on first verify
+ * (better-auth GHSA-hc7v-rggr-4hvx), single-use by construction (C1).
+ */
+export function buildAuth(opts) {
+    return betterAuth({
+        appName: opts.branding.siteName,
+        secret: opts.secret,
+        baseURL: opts.baseURL,
+        trustedOrigins: [opts.baseURL],
+        database: opts.database,
+        plugins: [
+            magicLink({
+                disableSignUp: true,
+                expiresIn: 600,
+                storeToken: 'hashed',
+                sendMagicLink: async ({ email, token }, ctx) => {
+                    // Allowlist gate: better-auth always fires this callback (even for unknown emails, to
+                    // avoid enumeration) and only blocks user creation at verify. So gate the actual send
+                    // here. Never email a non-editor. The login UI shows neutral copy either way, so this
+                    // leaks nothing; it just stops strangers receiving a dead link.
+                    const existing = await ctx?.context.internalAdapter.findUserByEmail(email);
+                    if (!existing?.user)
+                        return;
+                    await opts.sendLink(email, token);
+                },
+            }),
+            admin({ ac, roles: { owner, editor }, defaultRole: 'editor', adminRoles: ['owner'] }),
+        ],
+    });
+}
+/**
+ * Build the per-request better-auth instance over the site's D1 binding. The magic-link email
+ * points at OUR confirm page carrying only the token; consumption happens when the user clicks
+ * "Confirm sign-in" there (a POST), never on a scanner GET (C2 / POST-confirm). The origin is
+ * config-derived (`PUBLIC_ORIGIN`/`BETTER_AUTH_URL`), never request-derived (H3).
+ */
+export function createAuth(env, branding) {
+    if (!env.AUTH_DB)
+        throw new Error('AUTH_DB (D1) binding is required');
+    const origin = env.PUBLIC_ORIGIN || env.BETTER_AUTH_URL || 'http://localhost';
+    const db = drizzle(env.AUTH_DB, { schema });
+    return buildAuth({
+        database: drizzleAdapter(db, { provider: 'sqlite', schema }),
+        baseURL: origin,
+        secret: env.AUTH_SECRET,
+        branding,
+        sendLink: async (email, token) => {
+            if (!env.EMAIL)
+                throw new Error('EMAIL binding is required to send magic links');
+            const link = `${origin}/admin/auth/confirm?token=${encodeURIComponent(token)}`;
+            await sendMagicLink(env.EMAIL, email, link, branding.siteName, branding.sender);
+        },
+    });
+}

package/dist/auth/guard.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+import type { Auth } from './config';
+/** The session shape the whole admin reads: layout, guards, content fns, manage-editors. */
+export interface CairnUser {
+    id: string;
+    email: string;
+    name: string;
+    role: 'owner' | 'editor';
+}
+/** Read the better-auth session into a cairn user (or null). */
+export declare function loadSession(auth: Auth, request: Request): Promise<CairnUser | null>;
+export declare function requireSession(user: CairnUser | null): CairnUser;
+type ConfirmEvent = {
+    request: Request;
+    locals: {
+        auth: Auth;
+    };
+    url: URL;
+};
+/**
+ * POST-confirm verification (C2). Invoked from the confirm page's POST action: proxies the
+ * token to better-auth's GET verify endpoint via the per-request handler, then forwards the
+ * resulting Set-Cookie(s) onto a 303 to /admin. Scanners GET the confirm *page* (nothing is
+ * consumed); only this explicit POST consumes the token.
+ */
+export declare function confirmSignIn(event: ConfirmEvent): Promise<Response>;
+/** Sign out via better-auth, forwarding the session-clearing cookies, then 303 to login. */
+export declare function signOut(event: {
+    request: Request;
+    locals: {
+        auth: Auth;
+    };
+}): Promise<Response>;
+export {};
+//# sourceMappingURL=guard.d.ts.map

package/dist/auth/guard.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"guard.d.ts","sourceRoot":"","sources":["../../src/lib/auth/guard.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,UAAU,CAAC;AAErC,4FAA4F;AAC5F,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,OAAO,GAAG,QAAQ,CAAC;CAC1B;AAED,gEAAgE;AAChE,wBAAsB,WAAW,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAKzF;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,SAAS,GAAG,IAAI,GAAG,SAAS,CAGhE;AAED,KAAK,YAAY,GAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE;QAAE,IAAI,EAAE,IAAI,CAAA;KAAE,CAAC;IAAC,GAAG,EAAE,GAAG,CAAA;CAAE,CAAC;AAE3E;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,QAAQ,CAAC,CAa1E;AAED,4FAA4F;AAC5F,wBAAsB,OAAO,CAAC,KAAK,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE;QAAE,IAAI,EAAE,IAAI,CAAA;KAAE,CAAA;CAAE,GAAG,OAAO,CAAC,QAAQ,CAAC,CAQpG"}

package/dist/auth/guard.js ADDED Viewed

@@ -0,0 +1,47 @@
+// cairn-core: server-side auth helpers the site route shims delegate to. Each takes the
+// SvelteKit event, typed structurally so the package never depends on a site's generated
+// `App.*` ambient types, plus the per-request `Auth` from `locals`.
+import { redirect } from '@sveltejs/kit';
+/** Read the better-auth session into a cairn user (or null). */
+export async function loadSession(auth, request) {
+    const session = await auth.api.getSession({ headers: request.headers });
+    if (!session?.user)
+        return null;
+    const u = session.user;
+    return { id: u.id, email: u.email, name: u.name, role: u.role === 'owner' ? 'owner' : 'editor' };
+}
+export function requireSession(user) {
+    if (!user)
+        throw redirect(303, '/admin/login');
+    return user;
+}
+/**
+ * POST-confirm verification (C2). Invoked from the confirm page's POST action: proxies the
+ * token to better-auth's GET verify endpoint via the per-request handler, then forwards the
+ * resulting Set-Cookie(s) onto a 303 to /admin. Scanners GET the confirm *page* (nothing is
+ * consumed); only this explicit POST consumes the token.
+ */
+export async function confirmSignIn(event) {
+    const form = await event.request.formData();
+    const token = String(form.get('token') ?? '');
+    if (!token)
+        throw redirect(303, '/admin/login?error=expired');
+    const verifyUrl = `${event.url.origin}/api/auth/magic-link/verify?token=${encodeURIComponent(token)}&callbackURL=/admin`;
+    const res = await event.locals.auth.handler(new Request(verifyUrl, { headers: event.request.headers }));
+    const cookies = res.headers.getSetCookie();
+    if (cookies.length === 0)
+        throw redirect(303, '/admin/login?error=expired');
+    const headers = new Headers({ location: '/admin' });
+    for (const cookie of cookies)
+        headers.append('set-cookie', cookie);
+    return new Response(null, { status: 303, headers });
+}
+/** Sign out via better-auth, forwarding the session-clearing cookies, then 303 to login. */
+export async function signOut(event) {
+    const origin = new URL(event.request.url).origin;
+    const res = await event.locals.auth.handler(new Request(`${origin}/api/auth/sign-out`, { method: 'POST', headers: event.request.headers }));
+    const headers = new Headers({ location: '/admin/login' });
+    for (const cookie of res.headers.getSetCookie())
+        headers.append('set-cookie', cookie);
+    return new Response(null, { status: 303, headers });
+}

package/dist/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export { createAuth, type Auth, type AuthEnv, type AuthBranding } from './config';
+export { loadSession, requireSession, confirmSignIn, signOut, type CairnUser } from './guard';
+export { adminsLoad, addAdmin, removeAdmin, setAdminRole, requireOwner, type AdminsData } from './admins';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/auth/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,UAAU,EAAE,KAAK,IAAI,EAAE,KAAK,OAAO,EAAE,KAAK,YAAY,EAAE,MAAM,UAAU,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,SAAS,CAAC;AAC9F,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,KAAK,UAAU,EAAE,MAAM,UAAU,CAAC"}

package/dist/auth/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+// Public surface of `@glw907/cairn-cms/auth`: the per-request factory + server-side helpers
+// the site route shims and hooks delegate to. The browser client is intentionally NOT here
+// (it lives component-local in LoginPage to keep better-auth's deep client types out of dist).
+export { createAuth } from './config';
+export { loadSession, requireSession, confirmSignIn, signOut } from './guard';
+export { adminsLoad, addAdmin, removeAdmin, setAdminRole, requireOwner } from './admins';