@joethebigbuddy/auth 0.0.1

package/README.md

@@ -0,0 +1,97 @@
+# @joethebigbuddy/auth
+
+TypeScript authentication and authorization module for Node.js applications.
+
+This repo contains a thin auth core plus optional adapters for common application integration paths. The current implementation is Express-first, but the core stays framework-neutral.
+
+## What It Provides
+
+- login and refresh flows
+- JWT access and refresh token issuance and verification
+- session lifecycle management
+- role and permission authorization
+- explicit typed auth errors
+- Express adapter for request authentication and authorization
+- logging adapter for `@joethebigbuddy/logging`
+- memory, Postgres, and Redis-backed auth storage adapters
+
+## Package Exports
+
+- `@joethebigbuddy/auth`
+- `@joethebigbuddy/auth/express`
+- `@joethebigbuddy/auth/logging`
+- `@joethebigbuddy/auth/memory`
+- `@joethebigbuddy/auth/postgres`
+- `@joethebigbuddy/auth/redis`
+
+## Design Shape
+
+The module is built around a few core concepts:
+
+- `IdentityProvider`
+  verifies credentials and loads subjects
+- `SessionStore`
+  persists session records
+- `RefreshTokenStore`
+  persists refresh token records
+- `createAuthModule(...)`
+  assembles the auth core from config and injected ports
+
+This keeps application-specific user persistence outside the package while letting apps choose their own storage backend.
+
+## Storage Modes
+
+Available today:
+
+- memory
+- Postgres
+- Redis
+
+Memory mode is the simplest path for tests and local smoke runs.
+
+Postgres and Redis adapters are available as concrete stores. Whether you want a combined Postgres-plus-Redis production topology is still an application-level choice rather than a required package mode.
+
+## Example
+
+```ts
+import { createAuthModule, createDefaultAuthConfig } from '@joethebigbuddy/auth';
+import { createExpressAuthAdapter } from '@joethebigbuddy/auth/express';
+import { MemoryRefreshTokenStore, MemorySessionStore } from '@joethebigbuddy/auth/memory';
+
+const auth = createAuthModule(
+  createDefaultAuthConfig({
+    issuer: '@joethebigbuddy/auth',
+    audience: 'my-app',
+    signing: {
+      algorithm: 'HS256',
+      secret: process.env.AUTH_SECRET!,
+    },
+  }),
+  {
+    identityProvider,
+    sessionStore: new MemorySessionStore(),
+    refreshTokenStore: new MemoryRefreshTokenStore(),
+  },
+);
+
+const expressAuth = createExpressAuthAdapter(auth, {
+  tokenSources: ['authorization-header', 'cookie'],
+});
+```
+
+## Local Verification
+
+Main package checks:
+
+```bash
+npm run typecheck
+npm test
+npm run test:coverage
+```
+
+For real application-flow verification, use the external sandbox app:
+
+- auth module repo: `/Users/jojo/ws/ts/auth`
+- sandbox app repo: `/Users/jojo/ws/ts/auth-sandbox-app`
+
+The sandbox app README documents how to run memory, Postgres, and Redis-backed smoke checks against this package.

package/dist/express.d.ts

@@ -0,0 +1,2 @@
+export * from './lib/adapters/express/express-auth-adapter.js';
+//# sourceMappingURL=express.d.ts.map

package/dist/express.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":"AAAA,cAAc,gDAAgD,CAAC"}

package/dist/express.js

@@ -0,0 +1,2 @@
+export * from './lib/adapters/express/express-auth-adapter.js';
+//# sourceMappingURL=express.js.map

package/dist/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../src/express.ts"],"names":[],"mappings":"AAAA,cAAc,gDAAgD,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export * from './lib/errors.js';
+export * from './lib/ports.js';
+export * from './lib/types.js';
+export * from './lib/core/defaults.js';
+export * from './lib/core/authorization-service.js';
+export * from './lib/core/session-service.js';
+export * from './lib/core/token-service.js';
+export * from './lib/core/create-auth-module.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,wBAAwB,CAAC;AACvC,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC"}

package/dist/index.js

@@ -0,0 +1,9 @@
+export * from './lib/errors.js';
+export * from './lib/ports.js';
+export * from './lib/types.js';
+export * from './lib/core/defaults.js';
+export * from './lib/core/authorization-service.js';
+export * from './lib/core/session-service.js';
+export * from './lib/core/token-service.js';
+export * from './lib/core/create-auth-module.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,wBAAwB,CAAC;AACvC,cAAc,qCAAqC,CAAC;AACpD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC"}

package/dist/lib/adapters/express/express-auth-adapter.d.ts

@@ -0,0 +1,48 @@
+import type { CookieOptions, NextFunction, Request, Response } from 'express';
+import type { LoggerPort } from '../../ports.js';
+import type { AuthModule, AuthPrincipal, AuthorizationRequirement, SessionRecord } from '../../types.js';
+export interface ExpressAuthContext {
+    principal: AuthPrincipal;
+    session: SessionRecord | null;
+    accessToken: string;
+}
+export interface AuthenticatedRequest extends Request {
+    auth?: ExpressAuthContext;
+}
+export interface ExpressAuthAdapterOptions {
+    tokenSources?: Array<'authorization-header' | 'cookie'>;
+    getRequestId?: (req: Request) => string | undefined;
+    logger?: LoggerPort;
+    cookie?: {
+        accessTokenName: string;
+        refreshTokenName: string;
+        secure?: boolean;
+        httpOnly?: boolean;
+        sameSite?: CookieOptions['sameSite'];
+        path?: string;
+        domain?: string;
+    };
+}
+export declare class ExpressAuthAdapter {
+    private readonly auth;
+    private readonly tokenSources;
+    private readonly getRequestId?;
+    private readonly logger?;
+    private readonly cookie?;
+    constructor(auth: AuthModule, options?: ExpressAuthAdapterOptions);
+    authenticate: (req: AuthenticatedRequest, res: Response, next: NextFunction) => Promise<void>;
+    optionalAuthenticate: (req: AuthenticatedRequest, _res: Response, next: NextFunction) => Promise<void>;
+    requirePermissions: (permissions: string[], mode?: "all" | "any") => (req: AuthenticatedRequest, res: Response, next: NextFunction) => Promise<void>;
+    requireRoles: (roles: string[]) => (req: AuthenticatedRequest, res: Response, next: NextFunction) => Promise<void>;
+    requireAuthorization: (requirement: AuthorizationRequirement) => (req: AuthenticatedRequest, res: Response, next: NextFunction) => Promise<void>;
+    writeAuthCookies(res: Response, tokens: {
+        accessToken: string;
+        refreshToken: string;
+    }): void;
+    clearAuthCookies(res: Response): void;
+    extractAccessToken(req: Request): string | null;
+    extractRefreshToken(req: Request): string | null;
+    private toCookieOptions;
+}
+export declare function createExpressAuthAdapter(auth: AuthModule, options?: ExpressAuthAdapterOptions): ExpressAuthAdapter;
+//# sourceMappingURL=express-auth-adapter.d.ts.map

package/dist/lib/adapters/express/express-auth-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express-auth-adapter.d.ts","sourceRoot":"","sources":["../../../../src/lib/adapters/express/express-auth-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAE9E,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,KAAK,EACV,UAAU,EACV,aAAa,EACb,wBAAwB,EACxB,aAAa,EACd,MAAM,gBAAgB,CAAC;AAExB,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,aAAa,CAAC;IACzB,OAAO,EAAE,aAAa,GAAG,IAAI,CAAC;IAC9B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,oBAAqB,SAAQ,OAAO;IACnD,IAAI,CAAC,EAAE,kBAAkB,CAAC;CAC3B;AAED,MAAM,WAAW,yBAAyB;IACxC,YAAY,CAAC,EAAE,KAAK,CAAC,sBAAsB,GAAG,QAAQ,CAAC,CAAC;IACxD,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,GAAG,SAAS,CAAC;IACpD,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,MAAM,CAAC,EAAE;QACP,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,QAAQ,CAAC,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QACrC,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAuCD,qBAAa,kBAAkB;IAO3B,OAAO,CAAC,QAAQ,CAAC,IAAI;IANvB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAA2C;IACxE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAuC;IACrE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAa;IACrC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsC;gBAG3C,IAAI,EAAE,UAAU,EACjC,OAAO,GAAE,yBAA8B;IAQzC,YAAY,GAAU,KAAK,oBAAoB,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAoBhG;IAEF,oBAAoB,GAAU,KAAK,oBAAoB,EAAE,MAAM,QAAQ,EAAE,MAAM,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAezG;IAEF,kBAAkB,GAChB,aAAa,MAAM,EAAE,EACrB,OAAM,KAAK,GAAG,KAAa,WAYR,oBAAoB,OAAO,QAAQ,QAAQ,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAL1F;IAEF,YAAY,GAAI,OAAO,MAAM,EAAE,WAGV,oBAAoB,OAAO,QAAQ,QAAQ,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAHnB;IAEzE,oBAAoB,GAAI,aAAa,wBAAwB,MAC7C,KAAK,oBAAoB,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,OAAO,CAAC,IAAI,CAAC,CAgB1F;IAEF,gBAAgB,CAAC,GAAG,EAAE,QAAQ,EAAE,MAAM,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAS5F,gBAAgB,CAAC,GAAG,EAAE,QAAQ,GAAG,IAAI;IAUrC,kBAAkB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI;IAqB/C,mBAAmB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI;IAShD,OAAO,CAAC,eAAe;CASxB;AAED,wBAAgB,wBAAwB,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,GAAE,yBAA8B,GAAG,kBAAkB,CAEtH"}

package/dist/lib/adapters/express/express-auth-adapter.js

@@ -0,0 +1,161 @@
+import { AuthError, AuthenticationError, AuthorizationError } from '../../errors.js';
+function parseCookieHeader(header) {
+    if (!header) {
+        return {};
+    }
+    return header.split(';').reduce((cookies, part) => {
+        const [name, ...rest] = part.trim().split('=');
+        if (!name) {
+            return cookies;
+        }
+        cookies[name] = decodeURIComponent(rest.join('='));
+        return cookies;
+    }, {});
+}
+function sendError(res, error) {
+    if (error instanceof AuthError) {
+        res.status(error.statusCode).json({
+            ok: false,
+            error: {
+                code: error.code,
+                message: error.message,
+            },
+        });
+        return;
+    }
+    res.status(500).json({
+        ok: false,
+        error: {
+            code: 'INTERNAL_ERROR',
+            message: 'Unexpected authentication error',
+        },
+    });
+}
+export class ExpressAuthAdapter {
+    auth;
+    tokenSources;
+    getRequestId;
+    logger;
+    cookie;
+    constructor(auth, options = {}) {
+        this.auth = auth;
+        this.tokenSources = options.tokenSources ?? ['authorization-header'];
+        this.getRequestId = options.getRequestId;
+        this.logger = options.logger;
+        this.cookie = options.cookie;
+    }
+    authenticate = async (req, res, next) => {
+        try {
+            const accessToken = this.extractAccessToken(req);
+            if (!accessToken) {
+                throw new AuthenticationError('Missing access token', 'MISSING_ACCESS_TOKEN');
+            }
+            const principal = await this.auth.authenticateAccessToken(accessToken);
+            const session = await this.auth.getSession(principal.sessionId);
+            req.auth = { principal, session, accessToken };
+            next();
+        }
+        catch (error) {
+            this.logger?.warn('Express authenticate failed', {
+                requestId: this.getRequestId?.(req),
+                path: req.path,
+                method: req.method,
+                err: error,
+            });
+            sendError(res, error);
+        }
+    };
+    optionalAuthenticate = async (req, _res, next) => {
+        try {
+            const accessToken = this.extractAccessToken(req);
+            if (!accessToken) {
+                next();
+                return;
+            }
+            const principal = await this.auth.authenticateAccessToken(accessToken);
+            const session = await this.auth.getSession(principal.sessionId);
+            req.auth = { principal, session, accessToken };
+            next();
+        }
+        catch {
+            next();
+        }
+    };
+    requirePermissions = (permissions, mode = 'all') => {
+        const requirement = mode === 'all'
+            ? { allOf: permissions }
+            : { anyOf: permissions };
+        return this.requireAuthorization(requirement);
+    };
+    requireRoles = (roles) => this.requireAuthorization({ roles });
+    requireAuthorization = (requirement) => {
+        return async (req, res, next) => {
+            try {
+                if (!req.auth) {
+                    throw new AuthenticationError('Authentication required', 'AUTHENTICATION_REQUIRED');
+                }
+                const decision = await this.auth.authorize(req.auth.principal, requirement);
+                if (!decision.allowed) {
+                    throw new AuthorizationError('Forbidden', 'FORBIDDEN');
+                }
+                next();
+            }
+            catch (error) {
+                sendError(res, error);
+            }
+        };
+    };
+    writeAuthCookies(res, tokens) {
+        if (!this.cookie) {
+            return;
+        }
+        res.cookie(this.cookie.accessTokenName, tokens.accessToken, this.toCookieOptions());
+        res.cookie(this.cookie.refreshTokenName, tokens.refreshToken, this.toCookieOptions());
+    }
+    clearAuthCookies(res) {
+        if (!this.cookie) {
+            return;
+        }
+        const cookieOptions = this.toCookieOptions();
+        res.clearCookie(this.cookie.accessTokenName, cookieOptions);
+        res.clearCookie(this.cookie.refreshTokenName, cookieOptions);
+    }
+    extractAccessToken(req) {
+        for (const source of this.tokenSources) {
+            if (source === 'authorization-header') {
+                const header = req.headers.authorization;
+                if (header?.startsWith('Bearer ')) {
+                    return header.slice('Bearer '.length).trim();
+                }
+            }
+            if (source === 'cookie' && this.cookie) {
+                const cookies = parseCookieHeader(req.headers.cookie);
+                const token = cookies[this.cookie.accessTokenName];
+                if (token) {
+                    return token;
+                }
+            }
+        }
+        return null;
+    }
+    extractRefreshToken(req) {
+        if (!this.cookie) {
+            return null;
+        }
+        const cookies = parseCookieHeader(req.headers.cookie);
+        return cookies[this.cookie.refreshTokenName] ?? null;
+    }
+    toCookieOptions() {
+        return {
+            httpOnly: this.cookie?.httpOnly ?? true,
+            secure: this.cookie?.secure ?? true,
+            sameSite: this.cookie?.sameSite ?? 'lax',
+            path: this.cookie?.path ?? '/',
+            domain: this.cookie?.domain,
+        };
+    }
+}
+export function createExpressAuthAdapter(auth, options = {}) {
+    return new ExpressAuthAdapter(auth, options);
+}
+//# sourceMappingURL=express-auth-adapter.js.map

package/dist/lib/adapters/express/express-auth-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express-auth-adapter.js","sourceRoot":"","sources":["../../../../src/lib/adapters/express/express-auth-adapter.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAkCrF,SAAS,iBAAiB,CAAC,MAA0B;IACnD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,OAAO,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAyB,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE;QACxE,MAAM,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,OAAO,CAAC;QACjB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QACnD,OAAO,OAAO,CAAC;IACjB,CAAC,EAAE,EAAE,CAAC,CAAC;AACT,CAAC;AAED,SAAS,SAAS,CAAC,GAAa,EAAE,KAAc;IAC9C,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QAC/B,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC;YAChC,EAAE,EAAE,KAAK;YACT,KAAK,EAAE;gBACL,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;aACvB;SACF,CAAC,CAAC;QACH,OAAO;IACT,CAAC;IAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,EAAE,EAAE,KAAK;QACT,KAAK,EAAE;YACL,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,iCAAiC;SAC3C;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,OAAO,kBAAkB;IAOV;IANF,YAAY,CAA2C;IACvD,YAAY,CAAwC;IACpD,MAAM,CAAc;IACpB,MAAM,CAAuC;IAE9D,YACmB,IAAgB,EACjC,UAAqC,EAAE;QADtB,SAAI,GAAJ,IAAI,CAAY;QAGjC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,CAAC,sBAAsB,CAAC,CAAC;QACrE,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;QACzC,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC/B,CAAC;IAED,YAAY,GAAG,KAAK,EAAE,GAAyB,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QACnG,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YACjD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,IAAI,mBAAmB,CAAC,sBAAsB,EAAE,sBAAsB,CAAC,CAAC;YAChF,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC;YACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAChE,GAAG,CAAC,IAAI,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YAC/C,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,6BAA6B,EAAE;gBAC/C,SAAS,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,GAAG,CAAC;gBACnC,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,GAAG,EAAE,KAAK;aACX,CAAC,CAAC;YACH,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACxB,CAAC;IACH,CAAC,CAAC;IAEF,oBAAoB,GAAG,KAAK,EAAE,GAAyB,EAAE,IAAc,EAAE,IAAkB,EAAiB,EAAE;QAC5G,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;YACjD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC;YACvE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YAChE,GAAG,CAAC,IAAI,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;YAC/C,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,EAAE,CAAC;QACT,CAAC;IACH,CAAC,CAAC;IAEF,kBAAkB,GAAG,CACnB,WAAqB,EACrB,OAAsB,KAAK,EAC3B,EAAE;QACF,MAAM,WAAW,GAA6B,IAAI,KAAK,KAAK;YAC1D,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE;YACxB,CAAC,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC;QAE3B,OAAO,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;IAChD,CAAC,CAAC;IAEF,YAAY,GAAG,CAAC,KAAe,EAAE,EAAE,CAAC,IAAI,CAAC,oBAAoB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IAEzE,oBAAoB,GAAG,CAAC,WAAqC,EAAE,EAAE;QAC/D,OAAO,KAAK,EAAE,GAAyB,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;YAC3F,IAAI,CAAC;gBACH,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC;oBACd,MAAM,IAAI,mBAAmB,CAAC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC;gBACtF,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;gBAC5E,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;oBACtB,MAAM,IAAI,kBAAkB,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;gBACzD,CAAC;gBAED,IAAI,EAAE,CAAC;YACT,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YACxB,CAAC;QACH,CAAC,CAAC;IACJ,CAAC,CAAC;IAEF,gBAAgB,CAAC,GAAa,EAAE,MAAqD;QACnF,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QACpF,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,YAAY,EAAE,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,gBAAgB,CAAC,GAAa;QAC5B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAC7C,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,aAAa,CAAC,CAAC;QAC5D,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;IAC/D,CAAC;IAED,kBAAkB,CAAC,GAAY;QAC7B,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACvC,IAAI,MAAM,KAAK,sBAAsB,EAAE,CAAC;gBACtC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;gBACzC,IAAI,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;oBAClC,OAAO,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC/C,CAAC;YACH,CAAC;YAED,IAAI,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBACtD,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;gBACnD,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO,KAAK,CAAC;gBACf,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mBAAmB,CAAC,GAAY;QAC9B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtD,OAAO,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,IAAI,CAAC;IACvD,CAAC;IAEO,eAAe;QACrB,OAAO;YACL,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,IAAI,IAAI;YACvC,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM,IAAI,IAAI;YACnC,QAAQ,EAAE,IAAI,CAAC,MAAM,EAAE,QAAQ,IAAI,KAAK;YACxC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE,IAAI,IAAI,GAAG;YAC9B,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,MAAM;SAC5B,CAAC;IACJ,CAAC;CACF;AAED,MAAM,UAAU,wBAAwB,CAAC,IAAgB,EAAE,UAAqC,EAAE;IAChG,OAAO,IAAI,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC"}

package/dist/lib/adapters/logging/create-logging-adapter.d.ts

@@ -0,0 +1,4 @@
+import type { Logger } from '@joethebigbuddy/logging';
+import type { LoggerPort } from '../../ports.js';
+export declare function createLoggingAdapter(logger: Logger): LoggerPort;
+//# sourceMappingURL=create-logging-adapter.d.ts.map

package/dist/lib/adapters/logging/create-logging-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-logging-adapter.d.ts","sourceRoot":"","sources":["../../../../src/lib/adapters/logging/create-logging-adapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAEjD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAkB/D"}

package/dist/lib/adapters/logging/create-logging-adapter.js

@@ -0,0 +1,20 @@
+export function createLoggingAdapter(logger) {
+    return {
+        debug(message, fields) {
+            logger.debug(message, fields);
+        },
+        info(message, fields) {
+            logger.info(message, fields);
+        },
+        warn(message, fields) {
+            logger.warn(message, fields);
+        },
+        error(message, fields) {
+            logger.error(message, fields);
+        },
+        child(fields) {
+            return createLoggingAdapter(logger.child(fields));
+        },
+    };
+}
+//# sourceMappingURL=create-logging-adapter.js.map

package/dist/lib/adapters/logging/create-logging-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-logging-adapter.js","sourceRoot":"","sources":["../../../../src/lib/adapters/logging/create-logging-adapter.ts"],"names":[],"mappings":"AAGA,MAAM,UAAU,oBAAoB,CAAC,MAAc;IACjD,OAAO;QACL,KAAK,CAAC,OAAO,EAAE,MAAM;YACnB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,MAAM;YAClB,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC;QACD,IAAI,CAAC,OAAO,EAAE,MAAM;YAClB,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC/B,CAAC;QACD,KAAK,CAAC,OAAO,EAAE,MAAM;YACnB,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,KAAK,CAAC,MAAM;YACV,OAAO,oBAAoB,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACpD,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/lib/adapters/memory/memory-refresh-token-store.d.ts

@@ -0,0 +1,10 @@
+import type { RefreshTokenStore } from '../../ports.js';
+import type { RefreshTokenRecord } from '../../types.js';
+export declare class MemoryRefreshTokenStore implements RefreshTokenStore {
+    private readonly records;
+    save(record: RefreshTokenRecord): Promise<void>;
+    get(tokenId: string): Promise<RefreshTokenRecord | null>;
+    revoke(tokenId: string): Promise<void>;
+    revokeBySession(sessionId: string): Promise<number>;
+}
+//# sourceMappingURL=memory-refresh-token-store.d.ts.map

package/dist/lib/adapters/memory/memory-refresh-token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-refresh-token-store.d.ts","sourceRoot":"","sources":["../../../../src/lib/adapters/memory/memory-refresh-token-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEzD,qBAAa,uBAAwB,YAAW,iBAAiB;IAC/D,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAyC;IAE3D,IAAI,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAI/C,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IAKxD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAYtC,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAa1D"}

package/dist/lib/adapters/memory/memory-refresh-token-store.js

@@ -0,0 +1,34 @@
+export class MemoryRefreshTokenStore {
+    records = new Map();
+    async save(record) {
+        this.records.set(record.tokenId, { ...record });
+    }
+    async get(tokenId) {
+        const record = this.records.get(tokenId);
+        return record ? { ...record } : null;
+    }
+    async revoke(tokenId) {
+        const record = this.records.get(tokenId);
+        if (!record) {
+            return;
+        }
+        this.records.set(tokenId, {
+            ...record,
+            revokedAt: new Date(),
+        });
+    }
+    async revokeBySession(sessionId) {
+        let count = 0;
+        for (const [tokenId, record] of this.records.entries()) {
+            if (record.sessionId === sessionId && !record.revokedAt) {
+                this.records.set(tokenId, {
+                    ...record,
+                    revokedAt: new Date(),
+                });
+                count += 1;
+            }
+        }
+        return count;
+    }
+}
+//# sourceMappingURL=memory-refresh-token-store.js.map

package/dist/lib/adapters/memory/memory-refresh-token-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-refresh-token-store.js","sourceRoot":"","sources":["../../../../src/lib/adapters/memory/memory-refresh-token-store.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,uBAAuB;IACjB,OAAO,GAAG,IAAI,GAAG,EAA8B,CAAC;IAEjE,KAAK,CAAC,IAAI,CAAC,MAA0B;QACnC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAe;QACvB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACzC,OAAO,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAe;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACxB,GAAG,MAAM;YACT,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBACxD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;oBACxB,GAAG,MAAM;oBACT,SAAS,EAAE,IAAI,IAAI,EAAE;iBACtB,CAAC,CAAC;gBACH,KAAK,IAAI,CAAC,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF"}

package/dist/lib/adapters/memory/memory-session-store.d.ts

@@ -0,0 +1,12 @@
+import type { SessionStore } from '../../ports.js';
+import type { SessionRecord } from '../../types.js';
+export declare class MemorySessionStore implements SessionStore {
+    private readonly sessions;
+    create(session: SessionRecord): Promise<void>;
+    get(sessionId: string): Promise<SessionRecord | null>;
+    update(session: SessionRecord): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    deleteBySubject(subjectId: string): Promise<number>;
+    listBySubject(subjectId: string): Promise<SessionRecord[]>;
+}
+//# sourceMappingURL=memory-session-store.d.ts.map

package/dist/lib/adapters/memory/memory-session-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-session-store.d.ts","sourceRoot":"","sources":["../../../../src/lib/adapters/memory/memory-session-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAEpD,qBAAa,kBAAmB,YAAW,YAAY;IACrD,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAoC;IAEvD,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAKrD,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC;IAI7C,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWnD,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;CAKjE"}

package/dist/lib/adapters/memory/memory-session-store.js

@@ -0,0 +1,32 @@
+export class MemorySessionStore {
+    sessions = new Map();
+    async create(session) {
+        this.sessions.set(session.id, { ...session });
+    }
+    async get(sessionId) {
+        const session = this.sessions.get(sessionId);
+        return session ? { ...session } : null;
+    }
+    async update(session) {
+        this.sessions.set(session.id, { ...session });
+    }
+    async delete(sessionId) {
+        this.sessions.delete(sessionId);
+    }
+    async deleteBySubject(subjectId) {
+        let deleted = 0;
+        for (const [sessionId, session] of this.sessions.entries()) {
+            if (session.subjectId === subjectId) {
+                this.sessions.delete(sessionId);
+                deleted += 1;
+            }
+        }
+        return deleted;
+    }
+    async listBySubject(subjectId) {
+        return Array.from(this.sessions.values())
+            .filter((session) => session.subjectId === subjectId)
+            .map((session) => ({ ...session }));
+    }
+}
+//# sourceMappingURL=memory-session-store.js.map

package/dist/lib/adapters/memory/memory-session-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"memory-session-store.js","sourceRoot":"","sources":["../../../../src/lib/adapters/memory/memory-session-store.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,kBAAkB;IACZ,QAAQ,GAAG,IAAI,GAAG,EAAyB,CAAC;IAE7D,KAAK,CAAC,MAAM,CAAC,OAAsB;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IACzC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAsB;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,SAAiB;QACrC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACpC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAChC,OAAO,IAAI,CAAC,CAAC;YACf,CAAC;QACH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;aACtC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC;aACpD,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC,CAAC;IACxC,CAAC;CACF"}

package/dist/lib/adapters/postgres/create-postgres-auth-storage.d.ts

@@ -0,0 +1,16 @@
+import { Pool, type PoolConfig } from 'pg';
+import { PostgresRefreshTokenStore } from './postgres-refresh-token-store.js';
+import { PostgresSessionStore } from './postgres-session-store.js';
+import { type PostgresAuthTablesOptions } from './shared.js';
+export interface CreatePostgresAuthStorageOptions extends PostgresAuthTablesOptions {
+    connectionString: string;
+    pool?: PoolConfig;
+}
+export declare function createPostgresAuthStorage(options: CreatePostgresAuthStorageOptions): {
+    pool: Pool;
+    sessionStore: PostgresSessionStore;
+    refreshTokenStore: PostgresRefreshTokenStore;
+    ensureSchema: () => Promise<void>;
+    close: () => Promise<void>;
+};
+//# sourceMappingURL=create-postgres-auth-storage.d.ts.map

package/dist/lib/adapters/postgres/create-postgres-auth-storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-postgres-auth-storage.d.ts","sourceRoot":"","sources":["../../../../src/lib/adapters/postgres/create-postgres-auth-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,KAAK,UAAU,EAAE,MAAM,IAAI,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAA4B,KAAK,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAEvF,MAAM,WAAW,gCAAiC,SAAQ,yBAAyB;IACjF,gBAAgB,EAAE,MAAM,CAAC;IACzB,IAAI,CAAC,EAAE,UAAU,CAAC;CACnB;AAED,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,gCAAgC;;;;;;EAalF"}

package/dist/lib/adapters/postgres/create-postgres-auth-storage.js

@@ -0,0 +1,18 @@
+import { Pool } from 'pg';
+import { PostgresRefreshTokenStore } from './postgres-refresh-token-store.js';
+import { PostgresSessionStore } from './postgres-session-store.js';
+import { ensurePostgresAuthTables } from './shared.js';
+export function createPostgresAuthStorage(options) {
+    const pool = new Pool({
+        connectionString: options.connectionString,
+        ...options.pool,
+    });
+    return {
+        pool,
+        sessionStore: new PostgresSessionStore(pool, options),
+        refreshTokenStore: new PostgresRefreshTokenStore(pool, options),
+        ensureSchema: () => ensurePostgresAuthTables(pool, options),
+        close: () => pool.end(),
+    };
+}
+//# sourceMappingURL=create-postgres-auth-storage.js.map

package/dist/lib/adapters/postgres/create-postgres-auth-storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-postgres-auth-storage.js","sourceRoot":"","sources":["../../../../src/lib/adapters/postgres/create-postgres-auth-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAmB,MAAM,IAAI,CAAC;AAC3C,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,wBAAwB,EAAkC,MAAM,aAAa,CAAC;AAOvF,MAAM,UAAU,yBAAyB,CAAC,OAAyC;IACjF,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC;QACpB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;QAC1C,GAAG,OAAO,CAAC,IAAI;KAChB,CAAC,CAAC;IAEH,OAAO;QACL,IAAI;QACJ,YAAY,EAAE,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC;QACrD,iBAAiB,EAAE,IAAI,yBAAyB,CAAC,IAAI,EAAE,OAAO,CAAC;QAC/D,YAAY,EAAE,GAAG,EAAE,CAAC,wBAAwB,CAAC,IAAI,EAAE,OAAO,CAAC;QAC3D,KAAK,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;KACxB,CAAC;AACJ,CAAC"}

package/dist/lib/adapters/postgres/postgres-refresh-token-store.d.ts

@@ -0,0 +1,13 @@
+import type { RefreshTokenStore } from '../../ports.js';
+import type { RefreshTokenRecord } from '../../types.js';
+import { type PostgresAuthTablesOptions, type PostgresQueryable } from './shared.js';
+export declare class PostgresRefreshTokenStore implements RefreshTokenStore {
+    private readonly client;
+    private readonly tableName;
+    constructor(client: PostgresQueryable, options?: PostgresAuthTablesOptions);
+    save(record: RefreshTokenRecord): Promise<void>;
+    get(tokenId: string): Promise<RefreshTokenRecord | null>;
+    revoke(tokenId: string): Promise<void>;
+    revokeBySession(sessionId: string): Promise<number>;
+}
+//# sourceMappingURL=postgres-refresh-token-store.d.ts.map

package/dist/lib/adapters/postgres/postgres-refresh-token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"postgres-refresh-token-store.d.ts","sourceRoot":"","sources":["../../../../src/lib/adapters/postgres/postgres-refresh-token-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AACzD,OAAO,EAGL,KAAK,yBAAyB,EAC9B,KAAK,iBAAiB,EAEvB,MAAM,aAAa,CAAC;AAErB,qBAAa,yBAA0B,YAAW,iBAAiB;IAI/D,OAAO,CAAC,QAAQ,CAAC,MAAM;IAHzB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAGhB,MAAM,EAAE,iBAAiB,EAC1C,OAAO,GAAE,yBAA8B;IAKnC,IAAI,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,IAAI,CAAC;IAsC/C,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC;IASxD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAWtC,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;CAY1D"}

package/dist/lib/adapters/postgres/postgres-refresh-token-store.js

@@ -0,0 +1,63 @@
+import { mapPostgresRefreshTokenRow, resolvePostgresAuthTables, } from './shared.js';
+export class PostgresRefreshTokenStore {
+    client;
+    tableName;
+    constructor(client, options = {}) {
+        this.client = client;
+        this.tableName = resolvePostgresAuthTables(options).refreshTokensTableName;
+    }
+    async save(record) {
+        await this.client.query(`
+        insert into ${this.tableName} (
+          token_id,
+          session_id,
+          subject_id,
+          token,
+          issued_at,
+          expires_at,
+          consumed_at,
+          revoked_at,
+          replaced_by_token_id
+        ) values ($1, $2, $3, $4, $5, $6, $7, $8, $9)
+        on conflict (token_id) do update set
+          session_id = excluded.session_id,
+          subject_id = excluded.subject_id,
+          token = excluded.token,
+          issued_at = excluded.issued_at,
+          expires_at = excluded.expires_at,
+          consumed_at = excluded.consumed_at,
+          revoked_at = excluded.revoked_at,
+          replaced_by_token_id = excluded.replaced_by_token_id
+      `, [
+            record.tokenId,
+            record.sessionId,
+            record.subjectId,
+            record.token,
+            record.issuedAt,
+            record.expiresAt,
+            record.consumedAt ?? null,
+            record.revokedAt ?? null,
+            record.replacedByTokenId ?? null,
+        ]);
+    }
+    async get(tokenId) {
+        const result = await this.client.query(`select * from ${this.tableName} where token_id = $1 limit 1`, [tokenId]);
+        return result.rows[0] ? mapPostgresRefreshTokenRow(result.rows[0]) : null;
+    }
+    async revoke(tokenId) {
+        await this.client.query(`
+        update ${this.tableName}
+        set revoked_at = coalesce(revoked_at, $2)
+        where token_id = $1
+      `, [tokenId, new Date()]);
+    }
+    async revokeBySession(sessionId) {
+        const result = await this.client.query(`
+        update ${this.tableName}
+        set revoked_at = coalesce(revoked_at, $2)
+        where session_id = $1 and revoked_at is null
+      `, [sessionId, new Date()]);
+        return result.rowCount ?? 0;
+    }
+}
+//# sourceMappingURL=postgres-refresh-token-store.js.map