npm - @lastshotlabs/bunshot - Versions diffs - 0.0.25 → 0.0.28 - Mend

@lastshotlabs/bunshot 0.0.25 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (725) hide show

package/.oclif.manifest.json +39 -0
package/README.md +8282 -2147
package/dist/cli/commands/init.js +690 -0
package/dist/cli/index.js +6 -0
package/dist/cli.js +4 -4
package/dist/packages/bunshot-admin/src/index.d.ts +15 -0
package/dist/packages/bunshot-admin/src/index.js +11 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.d.ts +8 -0
package/dist/packages/bunshot-admin/src/lib/resourceTypes.js +33 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.d.ts +14 -0
package/dist/packages/bunshot-admin/src/lib/typedRoute.js +17 -0
package/dist/packages/bunshot-admin/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-admin/src/plugin.js +46 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.d.ts +6 -0
package/dist/packages/bunshot-admin/src/providers/auth0Access.js +32 -0
package/dist/packages/bunshot-admin/src/routes/admin.d.ts +10 -0
package/dist/packages/bunshot-admin/src/routes/admin.js +923 -0
package/dist/packages/bunshot-admin/src/routes/mail.d.ts +6 -0
package/dist/packages/bunshot-admin/src/routes/mail.js +114 -0
package/dist/packages/bunshot-admin/src/routes/permissions.d.ts +8 -0
package/dist/packages/bunshot-admin/src/routes/permissions.js +315 -0
package/dist/packages/bunshot-admin/src/types/config.d.ts +16 -0
package/dist/packages/bunshot-admin/src/types/config.js +37 -0
package/dist/packages/bunshot-admin/src/types/env.d.ts +14 -0
package/dist/packages/bunshot-admin/src/types/provider.d.ts +1 -0
package/dist/packages/bunshot-admin/src/types/provider.js +4 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.d.ts +66 -0
package/dist/packages/bunshot-auth/src/adapters/memoryAuth.js +1063 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts +2 -0
package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js +536 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts +88 -0
package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.js +1366 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.d.ts +2 -0
package/dist/packages/bunshot-auth/src/admin/bunshotAccess.js +23 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.d.ts +5 -0
package/dist/packages/bunshot-auth/src/admin/bunshotUsers.js +131 -0
package/dist/packages/bunshot-auth/src/bootstrap.d.ts +38 -0
package/dist/packages/bunshot-auth/src/bootstrap.js +384 -0
package/dist/packages/bunshot-auth/src/config/appConfig.d.ts +3 -0
package/dist/packages/bunshot-auth/src/config/appConfig.js +4 -0
package/dist/packages/bunshot-auth/src/config/authConfig.d.ts +478 -0
package/dist/packages/bunshot-auth/src/config/authConfig.js +46 -0
package/dist/packages/bunshot-auth/src/config/configLock.d.ts +2 -0
package/dist/packages/bunshot-auth/src/config/configLock.js +10 -0
package/dist/packages/bunshot-auth/src/index.d.ts +25 -0
package/dist/packages/bunshot-auth/src/index.js +23 -0
package/dist/packages/bunshot-auth/src/infra/mongo.d.ts +15 -0
package/dist/packages/bunshot-auth/src/infra/mongo.js +44 -0
package/dist/packages/bunshot-auth/src/infra/queue.d.ts +14 -0
package/dist/packages/bunshot-auth/src/infra/queue.js +27 -0
package/dist/packages/bunshot-auth/src/infra/redis.d.ts +5 -0
package/dist/packages/bunshot-auth/src/infra/redis.js +15 -0
package/dist/packages/bunshot-auth/src/infra/signing.d.ts +7 -0
package/dist/packages/bunshot-auth/src/infra/signing.js +8 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.d.ts +34 -0
package/dist/packages/bunshot-auth/src/lib/accountLockout.js +244 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/adapterTiers.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/authAdapter.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authContext.d.ts +15 -0
package/dist/packages/bunshot-auth/src/lib/authContext.js +1 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.d.ts +4 -0
package/dist/packages/bunshot-auth/src/lib/authEventBus.js +15 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/authRateLimit.js +205 -0
package/dist/packages/bunshot-auth/src/lib/breachedPassword.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/breachedPassword.js +61 -0
package/dist/packages/bunshot-auth/src/lib/cache.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/cache.js +120 -0
package/dist/packages/bunshot-auth/src/lib/clientIp.d.ts +4 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/clientIp.js +14 -7
package/dist/packages/bunshot-auth/src/lib/cookieOptions.d.ts +27 -0
package/dist/packages/bunshot-auth/src/lib/cookieOptions.js +33 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.d.ts +40 -0
package/dist/packages/bunshot-auth/src/lib/credentialStuffing.js +221 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/deletionCancelToken.js +148 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.d.ts +23 -0
package/dist/packages/bunshot-auth/src/lib/emailTemplates.js +265 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/emailVerification.js +200 -0
package/dist/packages/bunshot-auth/src/lib/env.d.ts +1 -0
package/dist/packages/bunshot-auth/src/lib/env.js +3 -0
package/dist/packages/bunshot-auth/src/lib/fingerprint.js +36 -0
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts +15 -16
package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js +22 -34
package/dist/packages/bunshot-auth/src/lib/jwks.d.ts +28 -0
package/dist/packages/bunshot-auth/src/lib/jwks.js +79 -0
package/dist/packages/bunshot-auth/src/lib/jwt.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/jwt.js +86 -0
package/dist/packages/bunshot-auth/src/lib/logger.d.ts +3 -0
package/dist/packages/bunshot-auth/src/lib/logger.js +13 -0
package/dist/packages/bunshot-auth/src/lib/m2m.d.ts +30 -0
package/dist/packages/bunshot-auth/src/lib/m2m.js +44 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/magicLink.js +145 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.d.ts +60 -0
package/dist/packages/bunshot-auth/src/lib/mfaChallenge.js +419 -0
package/dist/packages/bunshot-auth/src/lib/oauth.d.ts +82 -0
package/dist/packages/bunshot-auth/src/lib/oauth.js +177 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthCode.js +182 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.d.ts +19 -0
package/dist/packages/bunshot-auth/src/lib/oauthReauth.js +255 -0
package/dist/packages/bunshot-auth/src/lib/organization.d.ts +66 -0
package/dist/packages/bunshot-auth/src/lib/organization.js +225 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.d.ts +12 -0
package/dist/packages/bunshot-auth/src/lib/passwordHistory.js +31 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.d.ts +20 -0
package/dist/packages/bunshot-auth/src/lib/resetPassword.js +148 -0
package/dist/packages/bunshot-auth/src/lib/roles.d.ts +9 -0
package/dist/packages/bunshot-auth/src/lib/roles.js +93 -0
package/dist/packages/bunshot-auth/src/lib/saml.d.ts +29 -0
package/dist/packages/bunshot-auth/src/lib/saml.js +73 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.d.ts +13 -0
package/dist/packages/bunshot-auth/src/lib/samlRequestId.js +129 -0
package/dist/packages/bunshot-auth/src/lib/scim.d.ts +44 -0
package/dist/packages/bunshot-auth/src/lib/scim.js +56 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.d.ts +22 -0
package/dist/packages/bunshot-auth/src/lib/securityEventWiring.js +65 -0
package/dist/packages/bunshot-auth/src/lib/session.d.ts +45 -0
package/dist/packages/bunshot-auth/src/lib/session.js +1211 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.d.ts +26 -0
package/dist/packages/bunshot-auth/src/lib/storeInfra.js +18 -0
package/dist/packages/bunshot-auth/src/lib/suspension.d.ts +14 -0
package/dist/packages/bunshot-auth/src/lib/suspension.js +20 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.d.ts +16 -0
package/dist/packages/bunshot-auth/src/lib/validateAdapter.js +161 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/middleware/bearerAuth.js +58 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/csrf.d.ts +5 -4
package/dist/packages/bunshot-auth/src/middleware/csrf.js +138 -0
package/dist/packages/bunshot-auth/src/middleware/identify.d.ts +4 -0
package/dist/packages/bunshot-auth/src/middleware/identify.js +124 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireMfaSetup.js +10 -7
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireRole.js +20 -16
package/dist/packages/bunshot-auth/src/middleware/requireScope.d.ts +10 -0
package/dist/packages/bunshot-auth/src/middleware/requireScope.js +25 -0
package/dist/packages/bunshot-auth/src/middleware/requireStepUp.d.ts +18 -0
package/dist/packages/bunshot-auth/src/middleware/requireStepUp.js +30 -0
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.d.ts +2 -2
package/dist/{middleware → packages/bunshot-auth/src/middleware}/requireVerifiedEmail.js +7 -6
package/dist/packages/bunshot-auth/src/middleware/scimAuth.d.ts +8 -0
package/dist/packages/bunshot-auth/src/middleware/scimAuth.js +29 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/middleware/userAuth.js +6 -0
package/dist/{models → packages/bunshot-auth/src/models}/AuthUser.d.ts +19 -8
package/dist/packages/bunshot-auth/src/models/AuthUser.js +53 -0
package/dist/packages/bunshot-auth/src/models/Group.d.ts +19 -0
package/dist/packages/bunshot-auth/src/models/Group.js +22 -0
package/dist/{models → packages/bunshot-auth/src/models}/GroupMembership.d.ts +6 -8
package/dist/packages/bunshot-auth/src/models/GroupMembership.js +19 -0
package/dist/packages/bunshot-auth/src/models/M2MClient.d.ts +18 -0
package/dist/packages/bunshot-auth/src/models/M2MClient.js +18 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.d.ts +13 -0
package/dist/packages/bunshot-auth/src/models/TenantRole.js +17 -0
package/dist/packages/bunshot-auth/src/plugin.d.ts +4 -0
package/dist/packages/bunshot-auth/src/plugin.js +274 -0
package/dist/packages/bunshot-auth/src/routes/auth.d.ts +15 -0
package/dist/packages/bunshot-auth/src/routes/auth.js +1624 -0
package/dist/packages/bunshot-auth/src/routes/groups.d.ts +4 -0
package/dist/packages/bunshot-auth/src/routes/groups.js +481 -0
package/dist/packages/bunshot-auth/src/routes/m2m.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/m2m.js +145 -0
package/dist/packages/bunshot-auth/src/routes/mfa.d.ts +6 -0
package/dist/packages/bunshot-auth/src/routes/mfa.js +991 -0
package/dist/packages/bunshot-auth/src/routes/oauth.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/oauth.js +1727 -0
package/dist/packages/bunshot-auth/src/routes/oidc.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/oidc.js +84 -0
package/dist/packages/bunshot-auth/src/routes/organizations.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/organizations.js +741 -0
package/dist/packages/bunshot-auth/src/routes/passkey.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/passkey.js +199 -0
package/dist/packages/bunshot-auth/src/routes/saml.d.ts +2 -0
package/dist/packages/bunshot-auth/src/routes/saml.js +226 -0
package/dist/packages/bunshot-auth/src/routes/scim.d.ts +3 -0
package/dist/packages/bunshot-auth/src/routes/scim.js +588 -0
package/dist/packages/bunshot-auth/src/runtime.d.ts +52 -0
package/dist/packages/bunshot-auth/src/runtime.js +11 -0
package/dist/{schemas → packages/bunshot-auth/src/schemas}/auth.d.ts +4 -5
package/dist/packages/bunshot-auth/src/schemas/auth.js +24 -0
package/dist/packages/bunshot-auth/src/schemas/error.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/error.js +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.d.ts +10 -0
package/dist/packages/bunshot-auth/src/schemas/success.js +10 -0
package/dist/packages/bunshot-auth/src/services/auth.d.ts +39 -0
package/dist/packages/bunshot-auth/src/services/auth.js +378 -0
package/dist/{services → packages/bunshot-auth/src/services}/mfa.d.ts +41 -17
package/dist/{services → packages/bunshot-auth/src/services}/mfa.js +259 -183
package/dist/packages/bunshot-auth/src/testing.d.ts +31 -0
package/dist/packages/bunshot-auth/src/testing.js +23 -0
package/dist/packages/bunshot-auth/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/adapter.js +1 -0
package/dist/packages/bunshot-auth/src/types/config.d.ts +152 -0
package/dist/packages/bunshot-auth/src/types/config.js +179 -0
package/dist/{routes → packages/bunshot-auth/src/types}/groups.d.ts +2 -3
package/dist/packages/bunshot-auth/src/types/groups.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.d.ts +6 -0
package/dist/packages/bunshot-auth/src/types/oauthCode.js +1 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.d.ts +13 -0
package/dist/packages/bunshot-auth/src/types/oauthReauth.js +1 -0
package/dist/packages/bunshot-auth/src/types/redis.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/redis.js +1 -0
package/dist/packages/bunshot-auth/src/types/saml.d.ts +10 -0
package/dist/packages/bunshot-auth/src/types/saml.js +1 -0
package/dist/packages/bunshot-auth/src/types/session.d.ts +18 -0
package/dist/packages/bunshot-auth/src/types/session.js +1 -0
package/dist/packages/bunshot-auth/src/types/store.d.ts +1 -0
package/dist/packages/bunshot-auth/src/types/store.js +1 -0
package/dist/packages/bunshot-core/src/adminProvider.d.ts +95 -0
package/dist/packages/bunshot-core/src/adminProvider.js +1 -0
package/dist/packages/bunshot-core/src/auditLog.d.ts +34 -0
package/dist/packages/bunshot-core/src/auditLog.js +1 -0
package/dist/packages/bunshot-core/src/auth-adapter.d.ts +227 -0
package/dist/packages/bunshot-core/src/auth-adapter.js +4 -0
package/dist/packages/bunshot-core/src/authVariables.d.ts +14 -0
package/dist/packages/bunshot-core/src/authVariables.js +4 -0
package/dist/packages/bunshot-core/src/cache.d.ts +12 -0
package/dist/packages/bunshot-core/src/cache.js +21 -0
package/dist/packages/bunshot-core/src/captcha.d.ts +16 -0
package/dist/packages/bunshot-core/src/captcha.js +1 -0
package/dist/packages/bunshot-core/src/clearRegistry.d.ts +6 -0
package/dist/packages/bunshot-core/src/clearRegistry.js +17 -0
package/dist/packages/bunshot-core/src/clientIp.d.ts +3 -0
package/dist/packages/bunshot-core/src/clientIp.js +45 -0
package/dist/packages/bunshot-core/src/configLock.d.ts +4 -0
package/dist/packages/bunshot-core/src/configLock.js +7 -0
package/dist/packages/bunshot-core/src/configValidation.d.ts +22 -0
package/dist/packages/bunshot-core/src/configValidation.js +39 -0
package/dist/packages/bunshot-core/src/constants.js +10 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.d.ts +232 -0
package/dist/packages/bunshot-core/src/context/bunshotContext.js +1 -0
package/dist/packages/bunshot-core/src/context/contextAccess.d.ts +3 -0
package/dist/packages/bunshot-core/src/context/contextAccess.js +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.d.ts +16 -0
package/dist/packages/bunshot-core/src/context/contextStore.js +31 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.d.ts +38 -0
package/dist/packages/bunshot-core/src/context/frameworkConfig.js +1 -0
package/dist/packages/bunshot-core/src/context/index.d.ts +4 -0
package/dist/packages/bunshot-core/src/context/index.js +2 -0
package/dist/packages/bunshot-core/src/context.d.ts +40 -0
package/dist/packages/bunshot-core/src/context.js +35 -0
package/dist/packages/bunshot-core/src/coreContracts.d.ts +47 -0
package/dist/packages/bunshot-core/src/coreContracts.js +1 -0
package/dist/packages/bunshot-core/src/coreRegistrar.d.ts +6 -0
package/dist/packages/bunshot-core/src/coreRegistrar.js +42 -0
package/dist/{lib → packages/bunshot-core/src}/createRoute.d.ts +4 -30
package/dist/{lib → packages/bunshot-core/src}/createRoute.js +39 -88
package/dist/packages/bunshot-core/src/cronRegistry.d.ts +11 -0
package/dist/packages/bunshot-core/src/cronRegistry.js +1 -0
package/dist/packages/bunshot-core/src/crypto.d.ts +43 -0
package/dist/packages/bunshot-core/src/crypto.js +74 -0
package/dist/packages/bunshot-core/src/csrf.d.ts +8 -0
package/dist/packages/bunshot-core/src/csrf.js +1 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.d.ts +7 -0
package/dist/packages/bunshot-core/src/defaults/defaultFingerprint.js +19 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryCacheAdapter.js +40 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.d.ts +6 -0
package/dist/packages/bunshot-core/src/defaults/memoryRateLimit.js +24 -0
package/dist/packages/bunshot-core/src/emailTemplates.d.ts +5 -0
package/dist/packages/bunshot-core/src/emailTemplates.js +10 -0
package/dist/packages/bunshot-core/src/errors.d.ts +13 -0
package/dist/packages/bunshot-core/src/errors.js +22 -0
package/dist/packages/bunshot-core/src/eventBus.d.ts +270 -0
package/dist/packages/bunshot-core/src/eventBus.js +143 -0
package/dist/packages/bunshot-core/src/idempotency.d.ts +18 -0
package/dist/packages/bunshot-core/src/idempotency.js +1 -0
package/dist/packages/bunshot-core/src/index.d.ts +60 -0
package/dist/packages/bunshot-core/src/index.js +34 -0
package/dist/packages/bunshot-core/src/mail.d.ts +14 -0
package/dist/packages/bunshot-core/src/mail.js +8 -0
package/dist/packages/bunshot-core/src/memoryEviction.d.ts +24 -0
package/dist/packages/bunshot-core/src/memoryEviction.js +52 -0
package/dist/packages/bunshot-core/src/pagination.d.ts +45 -0
package/dist/packages/bunshot-core/src/pagination.js +61 -0
package/dist/packages/bunshot-core/src/permissions.d.ts +64 -0
package/dist/packages/bunshot-core/src/permissions.js +27 -0
package/dist/packages/bunshot-core/src/plugin.d.ts +44 -0
package/dist/packages/bunshot-core/src/plugin.js +1 -0
package/dist/packages/bunshot-core/src/rateLimit.d.ts +5 -0
package/dist/packages/bunshot-core/src/rateLimit.js +18 -0
package/dist/packages/bunshot-core/src/redis.d.ts +21 -0
package/dist/packages/bunshot-core/src/redis.js +1 -0
package/dist/packages/bunshot-core/src/routeAuth.d.ts +5 -0
package/dist/packages/bunshot-core/src/routeAuth.js +11 -0
package/dist/packages/bunshot-core/src/routeOverrides.d.ts +24 -0
package/dist/packages/bunshot-core/src/routeOverrides.js +25 -0
package/dist/packages/bunshot-core/src/routerAdapter.d.ts +6 -0
package/dist/packages/bunshot-core/src/routerAdapter.js +56 -0
package/dist/packages/bunshot-core/src/secrets.d.ts +48 -0
package/dist/packages/bunshot-core/src/secrets.js +8 -0
package/dist/packages/bunshot-core/src/signing.d.ts +41 -0
package/dist/packages/bunshot-core/src/signing.js +1 -0
package/dist/packages/bunshot-core/src/sse.d.ts +36 -0
package/dist/packages/bunshot-core/src/sse.js +1 -0
package/dist/packages/bunshot-core/src/storageAdapter.js +1 -0
package/dist/packages/bunshot-core/src/storeInfra.d.ts +44 -0
package/dist/packages/bunshot-core/src/storeInfra.js +18 -0
package/dist/packages/bunshot-core/src/storeType.d.ts +7 -0
package/dist/packages/bunshot-core/src/storeType.js +1 -0
package/dist/packages/bunshot-core/src/testing.d.ts +1 -0
package/dist/packages/bunshot-core/src/testing.js +1 -0
package/dist/packages/bunshot-core/src/uploadRegistry.d.ts +23 -0
package/dist/packages/bunshot-core/src/uploadRegistry.js +4 -0
package/dist/packages/bunshot-core/src/userResolver.d.ts +5 -0
package/dist/packages/bunshot-core/src/userResolver.js +14 -0
package/dist/packages/bunshot-core/src/wsMessages.d.ts +42 -0
package/dist/packages/bunshot-core/src/wsMessages.js +4 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/adapters/memory.js +73 -0
package/dist/packages/bunshot-permissions/src/index.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/index.js +5 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.d.ts +7 -0
package/dist/packages/bunshot-permissions/src/lib/bootstrap.js +12 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.d.ts +10 -0
package/dist/packages/bunshot-permissions/src/lib/evaluator.js +165 -0
package/dist/packages/bunshot-permissions/src/lib/registry.d.ts +2 -0
package/dist/packages/bunshot-permissions/src/lib/registry.js +31 -0
package/dist/packages/bunshot-permissions/src/lib/validation.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/lib/validation.js +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/adapter.js +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/evaluator.js +1 -0
package/dist/packages/bunshot-permissions/src/types/models.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/models.js +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.d.ts +1 -0
package/dist/packages/bunshot-permissions/src/types/registry.js +1 -0
package/dist/packages/bunshot-postgres/src/adapter.d.ts +6 -0
package/dist/packages/bunshot-postgres/src/adapter.js +794 -0
package/dist/packages/bunshot-postgres/src/connection.d.ts +15 -0
package/dist/packages/bunshot-postgres/src/connection.js +16 -0
package/dist/packages/bunshot-postgres/src/index.d.ts +4 -0
package/dist/packages/bunshot-postgres/src/index.js +2 -0
package/dist/packages/bunshot-postgres/src/schema.d.ts +997 -0
package/dist/packages/bunshot-postgres/src/schema.js +105 -0
package/dist/src/app.d.ts +230 -0
package/dist/src/app.js +182 -0
package/dist/src/cli/commands/init.d.ts +10 -0
package/dist/src/cli/commands/init.js +709 -0
package/dist/src/cli/index.d.ts +1 -0
package/dist/src/cli/index.js +3 -0
package/dist/src/entrypoints/mongo.d.ts +6 -0
package/dist/src/entrypoints/mongo.js +4 -0
package/dist/src/entrypoints/queue.d.ts +2 -0
package/dist/src/entrypoints/queue.js +1 -0
package/dist/src/entrypoints/redis.d.ts +1 -0
package/dist/src/entrypoints/redis.js +1 -0
package/dist/{adapters → src/framework/adapters}/localStorage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/localStorage.js +23 -8
package/dist/src/framework/adapters/memoryStorage.d.ts +2 -0
package/dist/src/framework/adapters/memoryStorage.js +45 -0
package/dist/{adapters → src/framework/adapters}/s3Storage.d.ts +1 -1
package/dist/{adapters → src/framework/adapters}/s3Storage.js +12 -12
package/dist/src/framework/admin/bunshotAccess.d.ts +2 -0
package/dist/src/framework/admin/bunshotAccess.js +23 -0
package/dist/src/framework/admin/bunshotUsers.d.ts +2 -0
package/dist/src/framework/admin/bunshotUsers.js +103 -0
package/dist/src/framework/admin/index.d.ts +7 -0
package/dist/src/framework/admin/index.js +21 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.d.ts +13 -0
package/dist/src/framework/boundaryAdapters/cacheFactories.js +86 -0
package/dist/src/framework/boundaryAdapters/index.d.ts +2 -0
package/dist/src/framework/boundaryAdapters/index.js +1 -0
package/dist/src/framework/boundaryAdapters.d.ts +17 -0
package/dist/src/framework/boundaryAdapters.js +62 -0
package/dist/src/framework/buildContext.d.ts +33 -0
package/dist/src/framework/buildContext.js +119 -0
package/dist/src/framework/config/schema.d.ts +447 -0
package/dist/src/framework/config/schema.js +528 -0
package/dist/src/framework/createInfrastructure.d.ts +76 -0
package/dist/src/framework/createInfrastructure.js +221 -0
package/dist/src/framework/lib/auditLog.d.ts +23 -0
package/dist/src/framework/lib/auditLog.js +416 -0
package/dist/src/framework/lib/captcha.d.ts +11 -0
package/dist/src/framework/lib/captcha.js +40 -0
package/dist/{lib → src/framework/lib}/createDtoMapper.js +4 -4
package/dist/src/framework/lib/createRoute.d.ts +1 -0
package/dist/src/framework/lib/createRoute.js +2 -0
package/dist/{lib → src/framework/lib}/idempotency.d.ts +2 -6
package/dist/src/framework/lib/idempotency.js +74 -0
package/dist/src/framework/lib/logger.d.ts +3 -0
package/dist/src/framework/lib/logger.js +14 -0
package/dist/src/framework/lib/metrics.d.ts +34 -0
package/dist/{lib → src/framework/lib}/metrics.js +49 -57
package/dist/src/framework/lib/pagination.d.ts +42 -0
package/dist/src/framework/lib/pagination.js +51 -0
package/dist/src/framework/lib/redisTransport.d.ts +38 -0
package/dist/src/framework/lib/redisTransport.js +107 -0
package/dist/src/framework/lib/resolveUserId.d.ts +2 -0
package/dist/src/framework/lib/resolveUserId.js +5 -0
package/dist/src/framework/lib/sseCollision.d.ts +6 -0
package/dist/src/framework/lib/sseCollision.js +26 -0
package/dist/src/framework/lib/storageAdapter.d.ts +1 -0
package/dist/src/framework/lib/storageAdapter.js +1 -0
package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.js +4 -4
package/dist/src/framework/lib/tenant.d.ts +21 -0
package/dist/src/framework/lib/tenant.js +70 -0
package/dist/{lib → src/framework/lib}/upload.d.ts +14 -9
package/dist/src/framework/lib/upload.js +132 -0
package/dist/src/framework/lib/uploadRegistry.d.ts +23 -0
package/dist/src/framework/lib/uploadRegistry.js +34 -0
package/dist/{lib → src/framework/lib}/validate.d.ts +1 -1
package/dist/{lib → src/framework/lib}/validate.js +2 -2
package/dist/src/framework/lib/ws.d.ts +19 -0
package/dist/src/framework/lib/ws.js +130 -0
package/dist/src/framework/lib/wsHeartbeat.d.ts +12 -0
package/dist/src/framework/lib/wsHeartbeat.js +53 -0
package/dist/src/framework/lib/wsMessages.d.ts +25 -0
package/dist/src/framework/lib/wsMessages.js +45 -0
package/dist/src/framework/lib/wsNamespace.d.ts +17 -0
package/dist/src/framework/lib/wsNamespace.js +19 -0
package/dist/src/framework/lib/wsPresence.d.ts +17 -0
package/dist/src/framework/lib/wsPresence.js +84 -0
package/dist/src/framework/lib/wsTransport.d.ts +38 -0
package/dist/src/framework/lib/wsTransport.js +9 -0
package/dist/{lib → src/framework/lib}/zodToMongoose.d.ts +1 -1
package/dist/{lib → src/framework/lib}/zodToMongoose.js +11 -11
package/dist/{middleware → src/framework/middleware}/auditLog.d.ts +4 -3
package/dist/src/framework/middleware/auditLog.js +42 -0
package/dist/{middleware → src/framework/middleware}/botProtection.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/botProtection.js +8 -9
package/dist/src/framework/middleware/cacheResponse.d.ts +35 -0
package/dist/src/framework/middleware/cacheResponse.js +126 -0
package/dist/src/framework/middleware/captcha.d.ts +9 -0
package/dist/src/framework/middleware/captcha.js +37 -0
package/dist/{middleware → src/framework/middleware}/errorHandler.d.ts +1 -1
package/dist/src/framework/middleware/errorHandler.js +16 -0
package/dist/src/framework/middleware/index.js +1 -0
package/dist/{middleware → src/framework/middleware}/logger.d.ts +1 -1
package/dist/src/framework/middleware/metrics.d.ts +12 -0
package/dist/src/framework/middleware/metrics.js +26 -0
package/dist/{middleware → src/framework/middleware}/rateLimit.d.ts +2 -2
package/dist/src/framework/middleware/rateLimit.js +22 -0
package/dist/src/framework/middleware/requestId.d.ts +3 -0
package/dist/{middleware → src/framework/middleware}/requestId.js +2 -2
package/dist/{middleware → src/framework/middleware}/requestLogger.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/requestLogger.js +17 -12
package/dist/{middleware → src/framework/middleware}/requestSigning.d.ts +2 -2
package/dist/{middleware → src/framework/middleware}/requestSigning.js +18 -19
package/dist/src/framework/middleware/tenant.d.ts +14 -0
package/dist/{middleware → src/framework/middleware}/tenant.js +31 -27
package/dist/src/framework/middleware/upload.d.ts +5 -0
package/dist/{middleware → src/framework/middleware}/upload.js +4 -4
package/dist/{middleware → src/framework/middleware}/webhookAuth.d.ts +3 -3
package/dist/{middleware → src/framework/middleware}/webhookAuth.js +11 -11
package/dist/src/framework/models/AuditLog.d.ts +21 -0
package/dist/src/framework/models/AuditLog.js +31 -0
package/dist/src/framework/mountMiddleware.d.ts +91 -0
package/dist/src/framework/mountMiddleware.js +128 -0
package/dist/src/framework/mountOptionalEndpoints.d.ts +103 -0
package/dist/src/framework/mountOptionalEndpoints.js +47 -0
package/dist/src/framework/mountRoutes.d.ts +21 -0
package/dist/src/framework/mountRoutes.js +144 -0
package/dist/src/framework/persistence/cronRegistry.d.ts +28 -0
package/dist/src/framework/persistence/cronRegistry.js +139 -0
package/dist/src/framework/persistence/idempotency.d.ts +26 -0
package/dist/src/framework/persistence/idempotency.js +178 -0
package/dist/src/framework/persistence/index.d.ts +6 -0
package/dist/src/framework/persistence/index.js +8 -0
package/dist/src/framework/persistence/storeInfra.d.ts +9 -0
package/dist/src/framework/persistence/storeInfra.js +1 -0
package/dist/src/framework/persistence/uploadRegistry.d.ts +35 -0
package/dist/src/framework/persistence/uploadRegistry.js +235 -0
package/dist/src/framework/persistence/wsMessages.d.ts +22 -0
package/dist/src/framework/persistence/wsMessages.js +296 -0
package/dist/src/framework/preloadSchemas.d.ts +24 -0
package/dist/src/framework/preloadSchemas.js +42 -0
package/dist/src/framework/registerBoundaryAdapters.d.ts +23 -0
package/dist/src/framework/registerBoundaryAdapters.js +46 -0
package/dist/src/framework/routes/admin.d.ts +9 -0
package/dist/src/framework/routes/admin.js +361 -0
package/dist/src/framework/routes/health.d.ts +1 -0
package/dist/src/framework/routes/health.js +21 -0
package/dist/src/framework/routes/home.d.ts +1 -0
package/dist/src/framework/routes/home.js +18 -0
package/dist/src/framework/routes/jobs.d.ts +3 -0
package/dist/src/framework/routes/jobs.js +315 -0
package/dist/src/framework/routes/metrics.d.ts +10 -0
package/dist/src/framework/routes/metrics.js +57 -0
package/dist/src/framework/routes/uploads.d.ts +14 -0
package/dist/src/framework/routes/uploads.js +262 -0
package/dist/src/framework/runPluginLifecycle.d.ts +27 -0
package/dist/src/framework/runPluginLifecycle.js +121 -0
package/dist/src/framework/secrets/frameworkSecretSchema.d.ts +58 -0
package/dist/src/framework/secrets/frameworkSecretSchema.js +20 -0
package/dist/src/framework/secrets/index.d.ts +9 -0
package/dist/src/framework/secrets/index.js +7 -0
package/dist/src/framework/secrets/providers/envProvider.d.ts +15 -0
package/dist/src/framework/secrets/providers/envProvider.js +18 -0
package/dist/src/framework/secrets/providers/fileProvider.d.ts +8 -0
package/dist/src/framework/secrets/providers/fileProvider.js +82 -0
package/dist/src/framework/secrets/providers/ssmProvider.d.ts +20 -0
package/dist/src/framework/secrets/providers/ssmProvider.js +127 -0
package/dist/src/framework/secrets/resolveSecretBundle.d.ts +53 -0
package/dist/src/framework/secrets/resolveSecretBundle.js +84 -0
package/dist/src/framework/secrets/resolveSecrets.d.ts +18 -0
package/dist/src/framework/secrets/resolveSecrets.js +34 -0
package/dist/src/framework/sse/index.d.ts +21 -0
package/dist/src/framework/sse/index.js +109 -0
package/dist/src/framework/ws/index.d.ts +11 -0
package/dist/src/framework/ws/index.js +8 -0
package/dist/src/index.d.ts +87 -0
package/dist/src/index.js +58 -0
package/dist/src/lib/appConfig.d.ts +7 -0
package/dist/src/lib/appConfig.js +27 -0
package/dist/src/lib/appMeta.d.ts +7 -0
package/dist/src/lib/appMeta.js +3 -0
package/dist/src/lib/authConfig.d.ts +532 -0
package/dist/src/lib/authConfig.js +179 -0
package/dist/{lib → src/lib}/context.d.ts +6 -7
package/dist/{lib → src/lib}/context.js +5 -5
package/dist/src/lib/logger.d.ts +1 -0
package/dist/src/lib/logger.js +1 -0
package/dist/src/lib/mongo.d.ts +58 -0
package/dist/src/lib/mongo.js +96 -0
package/dist/src/lib/queue.d.ts +72 -0
package/dist/src/lib/queue.js +152 -0
package/dist/src/lib/redis.d.ts +28 -0
package/dist/src/lib/redis.js +72 -0
package/dist/{lib → src/lib}/signing.d.ts +2 -2
package/dist/src/lib/signing.js +210 -0
package/dist/src/lib/signingConfig.d.ts +40 -0
package/dist/src/lib/signingConfig.js +28 -0
package/dist/src/server.d.ts +146 -0
package/dist/src/server.js +469 -0
package/dist/src/shared/lib/HttpError.d.ts +1 -0
package/dist/src/shared/lib/HttpError.js +2 -0
package/dist/src/shared/lib/constants.d.ts +10 -0
package/dist/src/shared/lib/crypto.d.ts +43 -0
package/dist/src/shared/lib/crypto.js +74 -0
package/dist/src/shared/lib/signing.d.ts +52 -0
package/dist/{lib → src/shared/lib}/signing.js +40 -10
package/dist/src/testing.d.ts +34 -0
package/dist/src/testing.js +93 -0
package/package.json +62 -25
package/dist/adapters/memoryAuth.d.ts +0 -46
package/dist/adapters/memoryAuth.js +0 -634
package/dist/adapters/memoryStorage.d.ts +0 -3
package/dist/adapters/memoryStorage.js +0 -44
package/dist/adapters/mongoAuth.d.ts +0 -2
package/dist/adapters/mongoAuth.js +0 -307
package/dist/adapters/sqliteAuth.d.ts +0 -49
package/dist/adapters/sqliteAuth.js +0 -707
package/dist/app.d.ts +0 -456
package/dist/app.js +0 -548
package/dist/entrypoints/mongo.d.ts +0 -5
package/dist/entrypoints/mongo.js +0 -4
package/dist/entrypoints/queue.d.ts +0 -2
package/dist/entrypoints/queue.js +0 -1
package/dist/entrypoints/redis.d.ts +0 -1
package/dist/entrypoints/redis.js +0 -1
package/dist/index.d.ts +0 -98
package/dist/index.js +0 -77
package/dist/lib/HttpError.d.ts +0 -9
package/dist/lib/HttpError.js +0 -14
package/dist/lib/appConfig.d.ts +0 -162
package/dist/lib/appConfig.js +0 -83
package/dist/lib/auditLog.d.ts +0 -52
package/dist/lib/auditLog.js +0 -201
package/dist/lib/authAdapter.d.ts +0 -176
package/dist/lib/authAdapter.js +0 -7
package/dist/lib/authRateLimit.d.ts +0 -13
package/dist/lib/authRateLimit.js +0 -81
package/dist/lib/clientIp.d.ts +0 -14
package/dist/lib/crypto.d.ts +0 -11
package/dist/lib/crypto.js +0 -22
package/dist/lib/deletionCancelToken.d.ts +0 -12
package/dist/lib/deletionCancelToken.js +0 -88
package/dist/lib/emailVerification.d.ts +0 -13
package/dist/lib/emailVerification.js +0 -86
package/dist/lib/fingerprint.js +0 -36
package/dist/lib/idempotency.js +0 -182
package/dist/lib/jwt.d.ts +0 -2
package/dist/lib/jwt.js +0 -24
package/dist/lib/logger.d.ts +0 -1
package/dist/lib/logger.js +0 -7
package/dist/lib/metrics.d.ts +0 -14
package/dist/lib/mfaChallenge.d.ts +0 -42
package/dist/lib/mfaChallenge.js +0 -293
package/dist/lib/mongo.d.ts +0 -39
package/dist/lib/mongo.js +0 -124
package/dist/lib/oauth.d.ts +0 -40
package/dist/lib/oauth.js +0 -101
package/dist/lib/oauthCode.d.ts +0 -15
package/dist/lib/oauthCode.js +0 -90
package/dist/lib/pagination.d.ts +0 -119
package/dist/lib/pagination.js +0 -166
package/dist/lib/queue.d.ts +0 -37
package/dist/lib/queue.js +0 -117
package/dist/lib/redis.d.ts +0 -9
package/dist/lib/redis.js +0 -61
package/dist/lib/resetPassword.d.ts +0 -12
package/dist/lib/resetPassword.js +0 -91
package/dist/lib/roles.d.ts +0 -7
package/dist/lib/roles.js +0 -49
package/dist/lib/session.d.ts +0 -39
package/dist/lib/session.js +0 -535
package/dist/lib/tenant.d.ts +0 -15
package/dist/lib/tenant.js +0 -65
package/dist/lib/upload.js +0 -87
package/dist/lib/ws.d.ts +0 -22
package/dist/lib/ws.js +0 -89
package/dist/lib/wsHeartbeat.d.ts +0 -12
package/dist/lib/wsHeartbeat.js +0 -57
package/dist/lib/wsMessages.d.ts +0 -40
package/dist/lib/wsMessages.js +0 -330
package/dist/lib/wsPresence.d.ts +0 -25
package/dist/lib/wsPresence.js +0 -99
package/dist/middleware/auditLog.js +0 -39
package/dist/middleware/bearerAuth.d.ts +0 -2
package/dist/middleware/bearerAuth.js +0 -11
package/dist/middleware/cacheResponse.d.ts +0 -15
package/dist/middleware/cacheResponse.js +0 -178
package/dist/middleware/csrf.js +0 -125
package/dist/middleware/errorHandler.js +0 -13
package/dist/middleware/identify.d.ts +0 -3
package/dist/middleware/identify.js +0 -95
package/dist/middleware/index.js +0 -1
package/dist/middleware/metrics.d.ts +0 -9
package/dist/middleware/metrics.js +0 -26
package/dist/middleware/rateLimit.js +0 -22
package/dist/middleware/requestId.d.ts +0 -3
package/dist/middleware/tenant.d.ts +0 -5
package/dist/middleware/upload.d.ts +0 -5
package/dist/middleware/userAuth.d.ts +0 -3
package/dist/middleware/userAuth.js +0 -6
package/dist/models/AuditLog.d.ts +0 -30
package/dist/models/AuditLog.js +0 -39
package/dist/models/AuthUser.js +0 -48
package/dist/models/Group.d.ts +0 -21
package/dist/models/Group.js +0 -28
package/dist/models/GroupMembership.js +0 -25
package/dist/models/TenantRole.d.ts +0 -15
package/dist/models/TenantRole.js +0 -23
package/dist/routes/auth.d.ts +0 -11
package/dist/routes/auth.js +0 -605
package/dist/routes/groups.js +0 -346
package/dist/routes/health.d.ts +0 -1
package/dist/routes/health.js +0 -22
package/dist/routes/home.d.ts +0 -1
package/dist/routes/home.js +0 -16
package/dist/routes/jobs.d.ts +0 -2
package/dist/routes/jobs.js +0 -272
package/dist/routes/metrics.d.ts +0 -7
package/dist/routes/metrics.js +0 -52
package/dist/routes/mfa.d.ts +0 -5
package/dist/routes/mfa.js +0 -620
package/dist/routes/oauth.d.ts +0 -2
package/dist/routes/oauth.js +0 -514
package/dist/routes/uploads.d.ts +0 -2
package/dist/routes/uploads.js +0 -135
package/dist/schemas/auth.js +0 -30
package/dist/server.d.ts +0 -57
package/dist/server.js +0 -112
package/dist/services/auth.d.ts +0 -27
package/dist/services/auth.js +0 -159
package/dist/ws/index.d.ts +0 -10
package/dist/ws/index.js +0 -38
package/docs/sections/adding-middleware/full.md +0 -35
package/docs/sections/adding-models/full.md +0 -125
package/docs/sections/adding-models/overview.md +0 -13
package/docs/sections/adding-routes/full.md +0 -182
package/docs/sections/adding-routes/overview.md +0 -23
package/docs/sections/auth-flow/full.md +0 -779
package/docs/sections/auth-flow/overview.md +0 -10
package/docs/sections/auth-security-examples/full.md +0 -365
package/docs/sections/authentication/full.md +0 -130
package/docs/sections/authentication/overview.md +0 -5
package/docs/sections/cli/full.md +0 -42
package/docs/sections/configuration/full.md +0 -172
package/docs/sections/configuration/overview.md +0 -18
package/docs/sections/configuration-example/full.md +0 -117
package/docs/sections/configuration-example/overview.md +0 -30
package/docs/sections/documentation/full.md +0 -171
package/docs/sections/environment-variables/full.md +0 -55
package/docs/sections/exports/full.md +0 -123
package/docs/sections/extending-context/full.md +0 -59
package/docs/sections/header.md +0 -3
package/docs/sections/installation/full.md +0 -6
package/docs/sections/jobs/full.md +0 -140
package/docs/sections/jobs/overview.md +0 -15
package/docs/sections/logging/full.md +0 -83
package/docs/sections/metrics/full.md +0 -127
package/docs/sections/mongodb-connections/full.md +0 -45
package/docs/sections/mongodb-connections/overview.md +0 -7
package/docs/sections/multi-tenancy/full.md +0 -66
package/docs/sections/multi-tenancy/overview.md +0 -15
package/docs/sections/oauth/full.md +0 -189
package/docs/sections/oauth/overview.md +0 -16
package/docs/sections/package-development/full.md +0 -7
package/docs/sections/pagination/full.md +0 -93
package/docs/sections/peer-dependencies/full.md +0 -47
package/docs/sections/quick-start/full.md +0 -43
package/docs/sections/response-caching/full.md +0 -117
package/docs/sections/response-caching/overview.md +0 -13
package/docs/sections/roles/full.md +0 -225
package/docs/sections/roles/overview.md +0 -14
package/docs/sections/running-without-redis/full.md +0 -16
package/docs/sections/running-without-redis-or-mongodb/full.md +0 -60
package/docs/sections/signing/full.md +0 -203
package/docs/sections/stack/full.md +0 -10
package/docs/sections/uploads/full.md +0 -199
package/docs/sections/versioning/full.md +0 -85
package/docs/sections/webhook-auth/full.md +0 -100
package/docs/sections/websocket/full.md +0 -184
package/docs/sections/websocket/overview.md +0 -5
package/docs/sections/websocket-rooms/full.md +0 -102
package/docs/sections/websocket-rooms/overview.md +0 -5
/package/dist/{lib/storageAdapter.js → packages/bunshot-admin/src/types/env.js} +0 -0
/package/dist/{lib → packages/bunshot-auth/src/lib}/fingerprint.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/constants.d.ts +0 -0
/package/dist/{lib → packages/bunshot-core/src}/storageAdapter.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/createDtoMapper.d.ts +0 -0
/package/dist/{lib → src/framework/lib}/stripUnreferencedSchemas.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/cors.js +0 -0
/package/dist/{middleware → src/framework/middleware}/index.d.ts +0 -0
/package/dist/{middleware → src/framework/middleware}/logger.js +0 -0
/package/dist/{lib → src/shared/lib}/constants.js +0 -0

package/dist/packages/bunshot-auth/src/lib/fingerprint.js ADDED Viewed

@@ -0,0 +1,36 @@
+const BROWSER_HEADERS = [
+    'sec-fetch-site',
+    'sec-fetch-mode',
+    'sec-fetch-dest',
+    'sec-ch-ua',
+    'sec-ch-ua-mobile',
+    'sec-ch-ua-platform',
+    'origin',
+    'referer',
+    'x-requested-with',
+];
+const encoder = new TextEncoder();
+/**
+ * Builds a 12-hex-char fingerprint from stable HTTP headers.
+ * IP-independent: bots that rotate IPs but use the same HTTP client
+ * will produce the same fingerprint and share a rate-limit bucket.
+ */
+export async function buildFingerprint(req) {
+    const h = (name) => req.headers.get(name) ?? '';
+    // Encode which browser-only headers are present as a bitmask string.
+    // Real browsers send most of these; raw HTTP clients send none.
+    const bitmap = BROWSER_HEADERS.map(name => (req.headers.has(name) ? '1' : '0')).join('');
+    const raw = [
+        h('user-agent'),
+        h('accept'),
+        h('accept-language'),
+        h('accept-encoding'),
+        h('connection'),
+        bitmap,
+    ].join('|');
+    const buf = await crypto.subtle.digest('SHA-256', encoder.encode(raw));
+    const bytes = new Uint8Array(buf).slice(0, 6);
+    return Array.from(bytes)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}

package/dist/{lib → packages/bunshot-auth/src/lib}/groups.d.ts RENAMED Viewed

@@ -1,3 +1,4 @@
+import type { AuthAdapter } from './authAdapter';
 export interface GroupRecord {
     id: string;
     /** Machine-readable slug: /^[a-z0-9_-]+$/, unique within scope (app-wide or per-tenant). */
@@ -26,41 +27,39 @@ export interface GroupMembershipRecord {
 export interface PaginationOpts {
     /** Default: 50, max: 200 */
     limit?: number;
-    /** Default: 0 */
-    offset?: number;
+    /** Opaque pagination cursor from a previous response */
+    cursor?: string;
 }
 export interface PaginatedResult<T> {
     items: T[];
-    total: number;
-    limit: number;
-    offset: number;
+    nextCursor?: string;
 }
 /**
  * Create a new group. tenantId null = app-wide, string = tenant-scoped.
  * The group name must be a slug (/^[a-z0-9_-]+$/) and unique within its scope.
  * Returns the new group's id.
  */
-export declare const createGroup: (group: Omit<GroupRecord, "id" | "createdAt" | "updatedAt">) => Promise<{
+export declare const createGroup: (adapter: AuthAdapter, group: Omit<GroupRecord, "id" | "createdAt" | "updatedAt">) => Promise<{
     id: string;
 }>;
 /**
  * Delete a group by ID. All memberships are cascade-deleted by the adapter.
  */
-export declare const deleteGroup: (groupId: string) => Promise<void>;
+export declare const deleteGroup: (adapter: AuthAdapter, groupId: string) => Promise<void>;
 /**
  * Get a group by ID. Returns null if not found.
  */
-export declare const getGroup: (groupId: string) => Promise<GroupRecord | null>;
+export declare const getGroup: (adapter: AuthAdapter, groupId: string) => Promise<GroupRecord | null>;
 /**
  * List groups scoped to a tenant (tenantId string) or app-wide (tenantId null).
  * Results are paginated.
  */
-export declare const listGroups: (tenantId: string | null, opts?: PaginationOpts) => Promise<PaginatedResult<GroupRecord>>;
+export declare const listGroups: (adapter: AuthAdapter, tenantId: string | null, opts?: PaginationOpts) => Promise<PaginatedResult<GroupRecord>>;
 /**
  * Update a group's mutable fields: name, displayName, description, roles.
  * tenantId is NOT in the update type — it is immutable after creation.
  */
-export declare const updateGroup: (groupId: string, updates: Partial<Pick<GroupRecord, "roles" | "name" | "displayName" | "description">>) => Promise<void>;
+export declare const updateGroup: (adapter: AuthAdapter, groupId: string, updates: Partial<Pick<GroupRecord, "roles" | "name" | "displayName" | "description">>) => Promise<void>;
 /**
  * Add a user to a group. Optionally supply per-membership roles (extras on top of group.roles).
  *
@@ -68,20 +67,20 @@ export declare const updateGroup: (groupId: string, updates: Partial<Pick<GroupR
  * Use updateGroupMembership to change roles on an existing membership.
  * All adapters surface this as a thrown error, not a silent no-op.
  */
-export declare const addGroupMember: (groupId: string, userId: string, roles?: string[]) => Promise<void>;
+export declare const addGroupMember: (adapter: AuthAdapter, groupId: string, userId: string, roles?: string[]) => Promise<void>;
 /**
  * Update the per-membership roles for an existing member.
  * This replaces the member's roles[] entirely (not an additive operation).
  */
-export declare const updateGroupMembership: (groupId: string, userId: string, roles: string[]) => Promise<void>;
+export declare const updateGroupMembership: (adapter: AuthAdapter, groupId: string, userId: string, roles: string[]) => Promise<void>;
 /**
  * Remove a user from a group. No-op if the user is not a member.
  */
-export declare const removeGroupMember: (groupId: string, userId: string) => Promise<void>;
+export declare const removeGroupMember: (adapter: AuthAdapter, groupId: string, userId: string) => Promise<void>;
 /**
  * List members of a group, with their per-membership roles. Paginated.
  */
-export declare const getGroupMembers: (groupId: string, opts?: PaginationOpts) => Promise<PaginatedResult<{
+export declare const getGroupMembers: (adapter: AuthAdapter, groupId: string, opts?: PaginationOpts) => Promise<PaginatedResult<{
     userId: string;
     roles: string[];
 }>>;
@@ -89,7 +88,7 @@ export declare const getGroupMembers: (groupId: string, opts?: PaginationOpts) =
  * List all groups a user belongs to, with their per-membership roles.
  * Pass tenantId=null for app-wide groups, tenantId=string for tenant-scoped groups.
  */
-export declare const getUserGroups: (userId: string, tenantId: string | null) => Promise<Array<{
+export declare const getUserGroups: (adapter: AuthAdapter, userId: string, tenantId: string | null) => Promise<Array<{
     group: GroupRecord;
     membershipRoles: string[];
 }>>;
@@ -110,4 +109,4 @@ export declare const getUserGroups: (userId: string, tenantId: string | null) =>
  * Used internally by requireRole and requireRole.global. Also exported for use in
  * custom middleware, route handlers, or GET /auth/me enrichment.
  */
-export declare const getEffectiveRoles: (userId: string, tenantId: string | null) => Promise<string[]>;
+export declare const getEffectiveRoles: (adapter: AuthAdapter, userId: string, tenantId: string | null) => Promise<string[]>;

package/dist/{lib → packages/bunshot-auth/src/lib}/groups.js RENAMED Viewed

@@ -1,4 +1,3 @@
-import { getAuthAdapter } from "./authAdapter";
 // ---------------------------------------------------------------------------
 // Group CRUD
 // ---------------------------------------------------------------------------
@@ -7,48 +6,43 @@ import { getAuthAdapter } from "./authAdapter";
  * The group name must be a slug (/^[a-z0-9_-]+$/) and unique within its scope.
  * Returns the new group's id.
  */
-export const createGroup = async (group) => {
-    const adapter = getAuthAdapter();
+export const createGroup = async (adapter, group) => {
     if (!adapter.createGroup)
-        throw new Error("Auth adapter does not implement createGroup");
+        throw new Error('Auth adapter does not implement createGroup');
     return adapter.createGroup(group);
 };
 /**
  * Delete a group by ID. All memberships are cascade-deleted by the adapter.
  */
-export const deleteGroup = async (groupId) => {
-    const adapter = getAuthAdapter();
+export const deleteGroup = async (adapter, groupId) => {
     if (!adapter.deleteGroup)
-        throw new Error("Auth adapter does not implement deleteGroup");
+        throw new Error('Auth adapter does not implement deleteGroup');
     return adapter.deleteGroup(groupId);
 };
 /**
  * Get a group by ID. Returns null if not found.
  */
-export const getGroup = async (groupId) => {
-    const adapter = getAuthAdapter();
+export const getGroup = async (adapter, groupId) => {
     if (!adapter.getGroup)
-        throw new Error("Auth adapter does not implement getGroup");
+        throw new Error('Auth adapter does not implement getGroup');
     return adapter.getGroup(groupId);
 };
 /**
  * List groups scoped to a tenant (tenantId string) or app-wide (tenantId null).
  * Results are paginated.
  */
-export const listGroups = async (tenantId, opts) => {
-    const adapter = getAuthAdapter();
+export const listGroups = async (adapter, tenantId, opts) => {
     if (!adapter.listGroups)
-        throw new Error("Auth adapter does not implement listGroups");
+        throw new Error('Auth adapter does not implement listGroups');
     return adapter.listGroups(tenantId, opts);
 };
 /**
  * Update a group's mutable fields: name, displayName, description, roles.
  * tenantId is NOT in the update type — it is immutable after creation.
  */
-export const updateGroup = async (groupId, updates) => {
-    const adapter = getAuthAdapter();
+export const updateGroup = async (adapter, groupId, updates) => {
     if (!adapter.updateGroup)
-        throw new Error("Auth adapter does not implement updateGroup");
+        throw new Error('Auth adapter does not implement updateGroup');
     return adapter.updateGroup(groupId, updates);
 };
 // ---------------------------------------------------------------------------
@@ -61,48 +55,43 @@ export const updateGroup = async (groupId, updates) => {
  * Use updateGroupMembership to change roles on an existing membership.
  * All adapters surface this as a thrown error, not a silent no-op.
  */
-export const addGroupMember = async (groupId, userId, roles) => {
-    const adapter = getAuthAdapter();
+export const addGroupMember = async (adapter, groupId, userId, roles) => {
     if (!adapter.addGroupMember)
-        throw new Error("Auth adapter does not implement addGroupMember");
+        throw new Error('Auth adapter does not implement addGroupMember');
     return adapter.addGroupMember(groupId, userId, roles);
 };
 /**
  * Update the per-membership roles for an existing member.
  * This replaces the member's roles[] entirely (not an additive operation).
  */
-export const updateGroupMembership = async (groupId, userId, roles) => {
-    const adapter = getAuthAdapter();
+export const updateGroupMembership = async (adapter, groupId, userId, roles) => {
     if (!adapter.updateGroupMembership)
-        throw new Error("Auth adapter does not implement updateGroupMembership");
+        throw new Error('Auth adapter does not implement updateGroupMembership');
     return adapter.updateGroupMembership(groupId, userId, roles);
 };
 /**
  * Remove a user from a group. No-op if the user is not a member.
  */
-export const removeGroupMember = async (groupId, userId) => {
-    const adapter = getAuthAdapter();
+export const removeGroupMember = async (adapter, groupId, userId) => {
     if (!adapter.removeGroupMember)
-        throw new Error("Auth adapter does not implement removeGroupMember");
+        throw new Error('Auth adapter does not implement removeGroupMember');
     return adapter.removeGroupMember(groupId, userId);
 };
 /**
  * List members of a group, with their per-membership roles. Paginated.
  */
-export const getGroupMembers = async (groupId, opts) => {
-    const adapter = getAuthAdapter();
+export const getGroupMembers = async (adapter, groupId, opts) => {
     if (!adapter.getGroupMembers)
-        throw new Error("Auth adapter does not implement getGroupMembers");
+        throw new Error('Auth adapter does not implement getGroupMembers');
     return adapter.getGroupMembers(groupId, opts);
 };
 /**
  * List all groups a user belongs to, with their per-membership roles.
  * Pass tenantId=null for app-wide groups, tenantId=string for tenant-scoped groups.
  */
-export const getUserGroups = async (userId, tenantId) => {
-    const adapter = getAuthAdapter();
+export const getUserGroups = async (adapter, userId, tenantId) => {
     if (!adapter.getUserGroups)
-        throw new Error("Auth adapter does not implement getUserGroups");
+        throw new Error('Auth adapter does not implement getUserGroups');
     return adapter.getUserGroups(userId, tenantId);
 };
 // ---------------------------------------------------------------------------
@@ -125,9 +114,8 @@ export const getUserGroups = async (userId, tenantId) => {
  * Used internally by requireRole and requireRole.global. Also exported for use in
  * custom middleware, route handlers, or GET /auth/me enrichment.
  */
-export const getEffectiveRoles = async (userId, tenantId) => {
-    const adapter = getAuthAdapter();
+export const getEffectiveRoles = async (adapter, userId, tenantId) => {
     if (!adapter.getEffectiveRoles)
-        throw new Error("Auth adapter does not implement getEffectiveRoles");
+        throw new Error('Auth adapter does not implement getEffectiveRoles');
     return adapter.getEffectiveRoles(userId, tenantId);
 };

package/dist/packages/bunshot-auth/src/lib/jwks.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+import { type JWK } from 'jose';
+import type { AuthResolvedConfig, OidcConfig } from '../config/authConfig';
+export interface JwksKeyConfig {
+    privateKey: string;
+    publicKey: string;
+    kid?: string;
+}
+type KeyMaterial = CryptoKey;
+export type PublicJwk = JWK & {
+    kty: string;
+};
+export declare function loadJwksKey(oidc: OidcConfig, config: JwksKeyConfig): OidcConfig;
+export declare function loadPreviousKey(oidc: OidcConfig, config: {
+    publicKey: string;
+    kid?: string;
+}): OidcConfig;
+export declare function generateAndLoadKeyPair(oidc: OidcConfig): Promise<{
+    oidc: OidcConfig;
+    privateKey: string;
+    publicKey: string;
+}>;
+export declare function getSigningPrivateKey(config?: AuthResolvedConfig): Promise<KeyMaterial>;
+export declare function getVerifyPublicKeys(config?: AuthResolvedConfig): Promise<KeyMaterial[]>;
+export declare function getJwks(config?: AuthResolvedConfig): Promise<{
+    keys: PublicJwk[];
+}>;
+export declare function isJwksLoaded(config?: AuthResolvedConfig): boolean;
+export {};

package/dist/packages/bunshot-auth/src/lib/jwks.js ADDED Viewed

@@ -0,0 +1,79 @@
+import { exportJWK, generateKeyPair, importPKCS8, importSPKI } from 'jose';
+function requirePublicJwk(jwk, context) {
+    if (!jwk.kty) {
+        throw new Error(`[bunshot-auth] ${context} produced a JWK without kty`);
+    }
+    return jwk;
+}
+async function loadPrimaryKey(config) {
+    if (!config)
+        return null;
+    const kid = config.kid ?? 'key-1';
+    const privateKey = await importPKCS8(config.privateKey, 'RS256');
+    const publicKey = await importSPKI(config.publicKey, 'RS256');
+    const jwk = requirePublicJwk(await exportJWK(publicKey), 'Primary signing key');
+    return { privateKey, publicKey, jwk: { ...jwk, kid, alg: 'RS256', use: 'sig' }, kid };
+}
+async function loadPreviousKeys(configs) {
+    if (!configs?.length)
+        return [];
+    return Promise.all(configs.map(async (config, index) => {
+        const kid = config.kid ?? `key-prev-${index + 1}`;
+        const publicKey = await importSPKI(config.publicKey, 'RS256');
+        const jwk = requirePublicJwk(await exportJWK(publicKey), `Previous signing key ${kid}`);
+        return { publicKey, jwk: { ...jwk, kid, alg: 'RS256', use: 'sig' }, kid };
+    }));
+}
+export function loadJwksKey(oidc, config) {
+    return { ...oidc, signingKey: config };
+}
+export function loadPreviousKey(oidc, config) {
+    return {
+        ...oidc,
+        previousKeys: [...(oidc.previousKeys ?? []), config],
+    };
+}
+export async function generateAndLoadKeyPair(oidc) {
+    const { privateKey: pk, publicKey: pubk } = await generateKeyPair('RS256', {
+        modulusLength: 2048,
+        extractable: true,
+    });
+    const { exportSPKI, exportPKCS8 } = await import('jose');
+    const privatePem = await exportPKCS8(pk);
+    const publicPem = await exportSPKI(pubk);
+    return {
+        oidc: loadJwksKey(oidc, { privateKey: privatePem, publicKey: publicPem, kid: 'key-1' }),
+        privateKey: privatePem,
+        publicKey: publicPem,
+    };
+}
+export async function getSigningPrivateKey(config) {
+    const primary = await loadPrimaryKey(config?.oidc?.signingKey);
+    if (!primary?.privateKey) {
+        throw new Error('RS256 requires OIDC key configuration — call loadJwksKey() first');
+    }
+    return primary.privateKey;
+}
+export async function getVerifyPublicKeys(config) {
+    const oidc = config?.oidc;
+    const primary = await loadPrimaryKey(oidc?.signingKey);
+    const previous = await loadPreviousKeys(oidc?.previousKeys);
+    const keys = [];
+    if (primary)
+        keys.push(primary.publicKey);
+    keys.push(...previous.map(key => key.publicKey));
+    return keys;
+}
+export async function getJwks(config) {
+    const oidc = config?.oidc;
+    const primary = await loadPrimaryKey(oidc?.signingKey);
+    const previous = await loadPreviousKeys(oidc?.previousKeys);
+    const keys = [];
+    if (primary)
+        keys.push(primary.jwk);
+    keys.push(...previous.map(key => key.jwk));
+    return { keys };
+}
+export function isJwksLoaded(config) {
+    return !!config?.oidc?.signingKey;
+}

package/dist/packages/bunshot-auth/src/lib/jwt.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { JWTPayload } from 'jose';
+import type { SigningConfig } from '../../../bunshot-core/src/index.js';
+import type { AuthResolvedConfig } from '../config/authConfig';
+export declare function validateJwtSecrets(config: AuthResolvedConfig, signing?: SigningConfig | null): void;
+export type TokenClaims = {
+    sub: string;
+    sid?: string;
+    scope?: string;
+    [key: string]: unknown;
+};
+export declare function signToken(claims: TokenClaims, expirySeconds: number | undefined, config: AuthResolvedConfig, signing?: SigningConfig | null): Promise<string>;
+export declare const verifyToken: (token: string, config: AuthResolvedConfig, signing?: SigningConfig | null) => Promise<JWTPayload>;

package/dist/packages/bunshot-auth/src/lib/jwt.js ADDED Viewed

@@ -0,0 +1,86 @@
+import { getSigningPrivateKey, getVerifyPublicKeys, isJwksLoaded } from '../lib/jwks';
+import { SignJWT, jwtVerify } from 'jose';
+import { getSigningSecret } from '../infra/signing';
+function getSecret(signing) {
+    const raw = getSigningSecret(signing);
+    if (!raw) {
+        throw new Error(`[security] No JWT secret configured. Provide a signing config via createApp({ security: { signing: { secret: "..." } } }) or configure a ISecretRepository with JWT_SECRET.`);
+    }
+    const key = Array.isArray(raw) ? raw[0] : raw;
+    if (key.length < 32) {
+        throw new Error(`[security] JWT secret is too short (${key.length} chars). Must be at least 32 characters. ` +
+            `Generate one with: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"`);
+    }
+    return new TextEncoder().encode(key);
+}
+function getAlgorithm(config) {
+    return config?.jwt?.algorithm ?? 'HS256';
+}
+export function validateJwtSecrets(config, signing) {
+    if (getAlgorithm(config) !== 'RS256') {
+        getSecret(signing);
+    }
+}
+export async function signToken(claims, expirySeconds, config, signing) {
+    const expiry = expirySeconds;
+    const algorithm = getAlgorithm(config);
+    if (algorithm === 'RS256') {
+        if (!isJwksLoaded(config)) {
+            throw new Error('RS256 requires OIDC key configuration — call loadJwksKey() first');
+        }
+        const privateKey = await getSigningPrivateKey(config);
+        const jwt = new SignJWT(claims)
+            .setProtectedHeader({ alg: 'RS256', kid: 'key-1' })
+            .setIssuedAt()
+            .setExpirationTime(expiry ? `${expiry}s` : '1h');
+        const { issuer: rs256Issuer, audience: rs256Audience } = config.jwt ?? {};
+        if (rs256Issuer)
+            jwt.setIssuer(rs256Issuer);
+        if (rs256Audience)
+            jwt.setAudience(rs256Audience);
+        return jwt.sign(privateKey);
+    }
+    const jwt = new SignJWT(claims)
+        .setProtectedHeader({ alg: algorithm })
+        .setIssuedAt()
+        .setExpirationTime(expiry ? `${expiry}s` : '1h');
+    const { issuer, audience } = config.jwt ?? {};
+    if (issuer)
+        jwt.setIssuer(issuer);
+    if (audience)
+        jwt.setAudience(audience);
+    return jwt.sign(getSecret(signing));
+}
+export const verifyToken = async (token, config, signing) => {
+    const algorithm = getAlgorithm(config);
+    if (algorithm === 'RS256') {
+        if (!isJwksLoaded(config)) {
+            throw new Error('RS256 requires OIDC key configuration');
+        }
+        const publicKeys = await getVerifyPublicKeys(config);
+        const opts = { algorithms: ['RS256'] };
+        const { issuer: rs256VerifyIssuer, audience: rs256VerifyAudience } = config.jwt ?? {};
+        if (rs256VerifyIssuer)
+            opts.issuer = rs256VerifyIssuer;
+        if (rs256VerifyAudience)
+            opts.audience = rs256VerifyAudience;
+        for (const key of publicKeys) {
+            try {
+                const { payload } = await jwtVerify(token, key, opts);
+                return payload;
+            }
+            catch {
+                continue;
+            }
+        }
+        throw new Error('JWT verification failed with all available keys');
+    }
+    const { issuer: verifyIssuer, audience: verifyAudience } = config.jwt ?? {};
+    const opts = { algorithms: [algorithm] };
+    if (verifyIssuer)
+        opts.issuer = verifyIssuer;
+    if (verifyAudience)
+        opts.audience = verifyAudience;
+    const { payload } = await jwtVerify(token, getSecret(signing), opts);
+    return payload;
+};

package/dist/packages/bunshot-auth/src/lib/logger.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export declare const log: (...args: unknown[]) => void;
+/** Like log(), but also requires LOGGING_AUTH_TRACE=true. Use for lines that include user/session IDs. */
+export declare const authTrace: (...args: unknown[]) => void;

package/dist/packages/bunshot-auth/src/lib/logger.js ADDED Viewed

@@ -0,0 +1,13 @@
+const isDev = process.env.NODE_ENV !== 'production';
+const verboseEnv = process.env.LOGGING_VERBOSE;
+const verbose = verboseEnv !== undefined ? verboseEnv === 'true' : isDev;
+export const log = (...args) => {
+    if (verbose)
+        console.log(...args);
+};
+const authTraceEnabled = process.env.LOGGING_AUTH_TRACE === 'true';
+/** Like log(), but also requires LOGGING_AUTH_TRACE=true. Use for lines that include user/session IDs. */
+export const authTrace = (...args) => {
+    if (authTraceEnabled)
+        log(...args);
+};

package/dist/packages/bunshot-auth/src/lib/m2m.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+import type { AuthAdapter, M2MClientRecord } from '../lib/authAdapter';
+/**
+ * Look up an M2M client by clientId (active only).
+ * Returns the client record including clientSecretHash for verification.
+ */
+export declare function getM2MClient(adapter: AuthAdapter, clientId: string): Promise<(M2MClientRecord & {
+    clientSecretHash: string;
+}) | null>;
+/**
+ * Create a new M2M client. Returns the client ID and a plaintext secret (shown once).
+ * The secret is hashed with Bun.password before storage.
+ */
+export declare function createM2MClient(opts: {
+    clientId: string;
+    name: string;
+    scopes?: string[];
+    adapter: AuthAdapter;
+}): Promise<{
+    id: string;
+    clientId: string;
+    clientSecret: string;
+}>;
+/**
+ * Delete an M2M client by clientId.
+ */
+export declare function deleteM2MClient(adapter: AuthAdapter, clientId: string): Promise<void>;
+/**
+ * List all M2M clients (secrets not included).
+ */
+export declare function listM2MClients(adapter: AuthAdapter): Promise<M2MClientRecord[]>;

package/dist/packages/bunshot-auth/src/lib/m2m.js ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Look up an M2M client by clientId (active only).
+ * Returns the client record including clientSecretHash for verification.
+ */
+export async function getM2MClient(adapter, clientId) {
+    if (!adapter.getM2MClient)
+        return null;
+    return adapter.getM2MClient(clientId);
+}
+/**
+ * Create a new M2M client. Returns the client ID and a plaintext secret (shown once).
+ * The secret is hashed with Bun.password before storage.
+ */
+export async function createM2MClient(opts) {
+    const { adapter } = opts;
+    if (!adapter.createM2MClient) {
+        throw new Error('Auth adapter does not support M2M clients');
+    }
+    const clientSecret = crypto.randomUUID() + '-' + crypto.randomUUID();
+    const clientSecretHash = await Bun.password.hash(clientSecret);
+    const { id } = await adapter.createM2MClient({
+        clientId: opts.clientId,
+        clientSecretHash,
+        name: opts.name,
+        scopes: opts.scopes ?? [],
+    });
+    return { id, clientId: opts.clientId, clientSecret };
+}
+/**
+ * Delete an M2M client by clientId.
+ */
+export async function deleteM2MClient(adapter, clientId) {
+    if (adapter.deleteM2MClient) {
+        await adapter.deleteM2MClient(clientId);
+    }
+}
+/**
+ * List all M2M clients (secrets not included).
+ */
+export async function listM2MClients(adapter) {
+    if (!adapter.listM2MClients)
+        return [];
+    return adapter.listM2MClients();
+}

package/dist/packages/bunshot-auth/src/lib/magicLink.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { RepoFactories } from '../../../bunshot-core/src/index.js';
+import type { RedisLike } from '../types/redis';
+export interface IMagicLinkRepository {
+    store(hash: string, userId: string, ttl: number): Promise<void>;
+    consume(hash: string): Promise<string | null>;
+}
+export declare function createMemoryMagicLinkRepository(): IMagicLinkRepository;
+export declare function createSqliteMagicLinkRepository(db: import('bun:sqlite').Database): IMagicLinkRepository;
+export declare function createRedisMagicLinkRepository(getRedis: () => RedisLike, appName: string): IMagicLinkRepository;
+export declare function createMongoMagicLinkRepository(conn: import('mongoose').Connection, mg: typeof import('mongoose')): IMagicLinkRepository;
+export declare const magicLinkFactories: RepoFactories<IMagicLinkRepository>;
+export declare const createMagicLinkToken: (repo: IMagicLinkRepository, userId: string, ttlSeconds?: number) => Promise<string>;
+export declare const consumeMagicLinkToken: (repo: IMagicLinkRepository, token: string) => Promise<string | null>;