@lastshotlabs/bunshot 0.0.25 → 0.0.28

package/dist/packages/bunshot-auth/src/adapters/mongoAuth.d.ts

@@ -0,0 +1,2 @@
+import type { AuthAdapter } from '../lib/authAdapter';
+export declare function createMongoAuthAdapter(conn: import('mongoose').Connection, mg: typeof import('mongoose')): AuthAdapter;

package/dist/packages/bunshot-auth/src/adapters/mongoAuth.js

@@ -0,0 +1,536 @@
+import { createAuthUserModel } from '../models/AuthUser';
+import { createGroupModel } from '../models/Group';
+import { createGroupMembershipModel } from '../models/GroupMembership';
+import { createTenantRoleModel } from '../models/TenantRole';
+import { HttpError } from '../../../bunshot-core/src/index.js';
+function encodeMongoCursor(createdAt, id) {
+    return btoa(JSON.stringify({ createdAt, id }));
+}
+function decodeMongoCursor(cursor) {
+    try {
+        return JSON.parse(atob(cursor));
+    }
+    catch {
+        return null;
+    }
+}
+function mongoGroupToRecord(doc) {
+    return {
+        id: String(doc._id),
+        name: doc.name,
+        displayName: doc.displayName,
+        description: doc.description,
+        roles: doc.roles ?? [],
+        tenantId: doc.tenantId ?? null,
+        createdAt: doc.createdAt instanceof Date ? doc.createdAt.getTime() : doc.createdAt,
+        updatedAt: doc.updatedAt instanceof Date ? doc.updatedAt.getTime() : doc.updatedAt,
+    };
+}
+export function createMongoAuthAdapter(conn, mg) {
+    const AuthUser = createAuthUserModel(conn, mg);
+    const TenantRole = createTenantRoleModel(conn, mg);
+    const Group = createGroupModel(conn, mg);
+    const GroupMembership = createGroupMembershipModel(conn, mg);
+    // M2M uses a lazy proxy pattern — import it directly
+    const { M2MClient } = require('../models/M2MClient');
+    return {
+        async findByEmail(email) {
+            const user = await AuthUser.findOne({ email });
+            if (!user)
+                return null;
+            return { id: String(user._id), passwordHash: user.password };
+        },
+        async create(email, passwordHash) {
+            try {
+                const normalized = email.toLowerCase();
+                const user = await AuthUser.create({
+                    email: normalized,
+                    identifier: normalized,
+                    password: passwordHash,
+                });
+                return { id: String(user._id) };
+            }
+            catch (err) {
+                if (err?.code === 11000)
+                    throw new HttpError(409, 'Email already registered');
+                throw err;
+            }
+        },
+        async verifyPassword(userId, password) {
+            const user = (await AuthUser.findById(userId)
+                .select('password')
+                .lean());
+            if (!user?.password)
+                return false;
+            return Bun.password.verify(password, user.password);
+        },
+        async getIdentifier(userId) {
+            const user = (await AuthUser.findById(userId)
+                .select('identifier email')
+                .lean());
+            return user?.identifier ?? user?.email ?? '';
+        },
+        async setPassword(userId, passwordHash) {
+            await AuthUser.findByIdAndUpdate(userId, { password: passwordHash });
+        },
+        async findOrCreateByProvider(provider, providerId, profile) {
+            const key = `${provider}:${providerId}`;
+            let user = await AuthUser.findOne({ providerIds: key });
+            if (user)
+                return { id: String(user._id), created: false };
+            if (profile.email) {
+                const existing = await AuthUser.findOne({ email: profile.email });
+                if (existing)
+                    throw new HttpError(409, 'An account with this email already exists. Sign in with your credentials, then link Google from your account settings.');
+            }
+            const normalizedEmail = profile.email ? profile.email.toLowerCase() : undefined;
+            user = await AuthUser.create({
+                email: normalizedEmail,
+                identifier: normalizedEmail,
+                providerIds: [key],
+            });
+            return { id: String(user._id), created: true };
+        },
+        async linkProvider(userId, provider, providerId) {
+            const key = `${provider}:${providerId}`;
+            const user = await AuthUser.findById(userId);
+            if (!user)
+                throw new HttpError(404, 'User not found');
+            if (!user.providerIds.includes(key)) {
+                user.providerIds = [...user.providerIds, key];
+                await user.save();
+            }
+        },
+        async getRoles(userId) {
+            const user = await AuthUser.findById(userId, 'roles').lean();
+            return user?.roles ?? [];
+        },
+        async setRoles(userId, roles) {
+            await AuthUser.findByIdAndUpdate(userId, { roles });
+        },
+        async addRole(userId, role) {
+            await AuthUser.findByIdAndUpdate(userId, { $addToSet: { roles: role } });
+        },
+        async removeRole(userId, role) {
+            await AuthUser.findByIdAndUpdate(userId, { $pull: { roles: role } });
+        },
+        async getUser(userId) {
+            const user = (await AuthUser.findById(userId, 'email providerIds emailVerified displayName firstName lastName externalId suspended suspendedReason userMetadata appMetadata').lean());
+            if (!user)
+                return null;
+            return {
+                email: user.email,
+                providerIds: user.providerIds,
+                emailVerified: user.emailVerified ?? false,
+                displayName: user.displayName,
+                firstName: user.firstName,
+                lastName: user.lastName,
+                externalId: user.externalId,
+                suspended: user.suspended ?? false,
+                suspendedReason: user.suspendedReason,
+                userMetadata: user.userMetadata,
+                appMetadata: user.appMetadata,
+            };
+        },
+        async unlinkProvider(userId, provider) {
+            const user = await AuthUser.findById(userId);
+            if (!user)
+                throw new HttpError(404, 'User not found');
+            user.providerIds = user.providerIds.filter(id => !id.startsWith(`${provider}:`));
+            await user.save();
+        },
+        async findByIdentifier(identifier) {
+            const normalized = identifier.toLowerCase();
+            const user = await AuthUser.findOne({
+                $or: [{ identifier: normalized }, { email: normalized }],
+            })
+                .select('_id password')
+                .lean();
+            if (!user)
+                return null;
+            return { id: String(user._id), passwordHash: user.password ?? '' };
+        },
+        async setEmailVerified(userId, verified) {
+            await AuthUser.findByIdAndUpdate(userId, { emailVerified: verified });
+        },
+        async getEmailVerified(userId) {
+            const user = await AuthUser.findById(userId, 'emailVerified').lean();
+            return user?.emailVerified ?? false;
+        },
+        async deleteUser(userId) {
+            await AuthUser.findByIdAndDelete(userId);
+            await TenantRole.deleteMany({ userId });
+            await GroupMembership.deleteMany({ userId });
+        },
+        async hasPassword(userId) {
+            const user = await AuthUser.findById(userId, 'password').lean();
+            return !!user?.password;
+        },
+        async setMfaSecret(userId, secret) {
+            await AuthUser.findByIdAndUpdate(userId, { mfaSecret: secret });
+        },
+        async getMfaSecret(userId) {
+            const user = await AuthUser.findById(userId, 'mfaSecret').lean();
+            return user?.mfaSecret ?? null;
+        },
+        async isMfaEnabled(userId) {
+            const user = await AuthUser.findById(userId, 'mfaEnabled').lean();
+            return user?.mfaEnabled ?? false;
+        },
+        async setMfaEnabled(userId, enabled) {
+            await AuthUser.findByIdAndUpdate(userId, { mfaEnabled: enabled });
+        },
+        async setRecoveryCodes(userId, codes) {
+            await AuthUser.findByIdAndUpdate(userId, { recoveryCodes: codes });
+        },
+        async getRecoveryCodes(userId) {
+            const user = await AuthUser.findById(userId, 'recoveryCodes').lean();
+            return user?.recoveryCodes ?? [];
+        },
+        async removeRecoveryCode(userId, code) {
+            await AuthUser.findByIdAndUpdate(userId, { $pull: { recoveryCodes: code } });
+        },
+        async consumeRecoveryCode(userId, hashedCode) {
+            const result = await AuthUser.findOneAndUpdate({ _id: userId, recoveryCodes: hashedCode }, { $pull: { recoveryCodes: hashedCode } }, { new: false }).lean();
+            return result !== null;
+        },
+        async getMfaMethods(userId) {
+            const user = (await AuthUser.findById(userId, 'mfaMethods mfaEnabled').lean());
+            if (!user)
+                return [];
+            if (user.mfaMethods && user.mfaMethods.length > 0)
+                return user.mfaMethods;
+            if (user.mfaEnabled)
+                return ['totp'];
+            return [];
+        },
+        async setMfaMethods(userId, methods) {
+            await AuthUser.findByIdAndUpdate(userId, { mfaMethods: methods });
+        },
+        async getWebAuthnCredentials(userId) {
+            const user = (await AuthUser.findById(userId, 'webauthnCredentials').lean());
+            const creds = user?.webauthnCredentials ?? [];
+            return creds.map(c => ({
+                credentialId: c.credentialId,
+                publicKey: c.publicKey,
+                signCount: c.signCount,
+                transports: c.transports,
+                name: c.name,
+                createdAt: c.createdAt instanceof Date ? c.createdAt.getTime() : c.createdAt,
+            }));
+        },
+        async addWebAuthnCredential(userId, credential) {
+            await AuthUser.findByIdAndUpdate(userId, {
+                $push: {
+                    webauthnCredentials: {
+                        credentialId: credential.credentialId,
+                        publicKey: credential.publicKey,
+                        signCount: credential.signCount,
+                        transports: credential.transports,
+                        name: credential.name,
+                        createdAt: new Date(credential.createdAt),
+                    },
+                },
+            });
+        },
+        async removeWebAuthnCredential(userId, credentialId) {
+            await AuthUser.findByIdAndUpdate(userId, {
+                $pull: { webauthnCredentials: { credentialId } },
+            });
+        },
+        async updateWebAuthnCredentialSignCount(userId, credentialId, signCount) {
+            await AuthUser.findOneAndUpdate({ _id: userId, 'webauthnCredentials.credentialId': credentialId }, { $set: { 'webauthnCredentials.$.signCount': signCount } });
+        },
+        async findUserByWebAuthnCredentialId(credentialId) {
+            const user = await AuthUser.findOne({ 'webauthnCredentials.credentialId': credentialId }, '_id').lean();
+            return user ? String(user._id) : null;
+        },
+        async getTenantRoles(userId, tenantId) {
+            const doc = await TenantRole.findOne({ userId, tenantId }, 'roles').lean();
+            return doc?.roles ?? [];
+        },
+        async setTenantRoles(userId, tenantId, roles) {
+            await TenantRole.findOneAndUpdate({ userId, tenantId }, { $set: { roles } }, { upsert: true });
+        },
+        async addTenantRole(userId, tenantId, role) {
+            await TenantRole.findOneAndUpdate({ userId, tenantId }, { $addToSet: { roles: role } }, { upsert: true });
+        },
+        async removeTenantRole(userId, tenantId, role) {
+            await TenantRole.findOneAndUpdate({ userId, tenantId }, { $pull: { roles: role } });
+        },
+        async setSuspended(userId, suspended, reason) {
+            const update = { suspended };
+            if (suspended) {
+                update.suspendedAt = new Date();
+                update.suspendedReason = reason ?? null;
+            }
+            else {
+                update.suspendedAt = null;
+                update.suspendedReason = null;
+            }
+            await AuthUser.updateOne({ _id: userId }, { $set: update });
+        },
+        async getSuspended(userId) {
+            const user = (await AuthUser.findById(userId, {
+                suspended: 1,
+                suspendedReason: 1,
+            }).lean());
+            if (!user)
+                return null;
+            return {
+                suspended: user.suspended ?? false,
+                suspendedReason: user.suspendedReason ?? undefined,
+            };
+        },
+        async updateProfile(userId, fields) {
+            await AuthUser.updateOne({ _id: userId }, { $set: fields });
+        },
+        async getUserMetadata(userId) {
+            const user = (await AuthUser.findById(userId, 'userMetadata appMetadata').lean());
+            if (!user)
+                return {};
+            return {
+                userMetadata: user.userMetadata,
+                appMetadata: user.appMetadata,
+            };
+        },
+        async setUserMetadata(userId, data) {
+            await AuthUser.updateOne({ _id: userId }, { $set: { userMetadata: data } });
+        },
+        async setAppMetadata(userId, data) {
+            await AuthUser.updateOne({ _id: userId }, { $set: { appMetadata: data } });
+        },
+        async listUsers(query) {
+            const filter = {};
+            if (query.email !== undefined)
+                filter.email = query.email;
+            if (query.externalId !== undefined)
+                filter.externalId = query.externalId;
+            if (query.suspended !== undefined)
+                filter.suspended = query.suspended;
+            const startIndex = query.startIndex ?? 0;
+            const count = query.count ?? 100;
+            const [users, totalResults] = await Promise.all([
+                AuthUser.find(filter, {
+                    _id: 1,
+                    email: 1,
+                    displayName: 1,
+                    firstName: 1,
+                    lastName: 1,
+                    externalId: 1,
+                    suspended: 1,
+                    suspendedAt: 1,
+                    suspendedReason: 1,
+                    emailVerified: 1,
+                    providerIds: 1,
+                })
+                    .skip(startIndex)
+                    .limit(count)
+                    .lean(),
+                AuthUser.countDocuments(filter),
+            ]);
+            return {
+                users: users.map(u => ({
+                    id: String(u._id),
+                    email: u.email ?? undefined,
+                    displayName: u.displayName ?? undefined,
+                    firstName: u.firstName ?? undefined,
+                    lastName: u.lastName ?? undefined,
+                    externalId: u.externalId ?? undefined,
+                    suspended: u.suspended ?? false,
+                    suspendedAt: u.suspendedAt ?? undefined,
+                    suspendedReason: u.suspendedReason ?? undefined,
+                    emailVerified: u.emailVerified ?? undefined,
+                    providerIds: u.providerIds ?? undefined,
+                })),
+                totalResults,
+            };
+        },
+        // ---------------------------------------------------------------------------
+        // Groups
+        // ---------------------------------------------------------------------------
+        async createGroup(group) {
+            try {
+                const doc = await Group.create(group);
+                return { id: String(doc._id) };
+            }
+            catch (err) {
+                if (err?.code === 11000)
+                    throw new HttpError(409, 'A group with this name already exists in this scope');
+                throw err;
+            }
+        },
+        async deleteGroup(groupId) {
+            await Group.findByIdAndDelete(groupId);
+            await GroupMembership.deleteMany({ groupId });
+        },
+        async getGroup(groupId) {
+            const doc = (await Group.findById(groupId).lean());
+            if (!doc)
+                return null;
+            return mongoGroupToRecord(doc);
+        },
+        async listGroups(tenantId, opts) {
+            const limit = Math.min(opts?.limit ?? 50, 200);
+            const filter = { tenantId: tenantId ?? null };
+            if (opts?.cursor) {
+                const c = decodeMongoCursor(opts.cursor);
+                if (c) {
+                    filter.$or = [
+                        { createdAt: { $gt: new Date(c.createdAt) } },
+                        { createdAt: new Date(c.createdAt), _id: { $gt: c.id } },
+                    ];
+                }
+            }
+            const docs = (await Group.find(filter)
+                .sort({ createdAt: 1, _id: 1 })
+                .limit(limit + 1)
+                .lean());
+            const hasMore = docs.length > limit;
+            const page = hasMore ? docs.slice(0, limit) : docs;
+            const lastGroup = page[page.length - 1];
+            const lastTs = lastGroup?.createdAt;
+            const nextCursor = hasMore && lastGroup
+                ? encodeMongoCursor(lastTs instanceof Date ? lastTs.getTime() : lastTs, String(lastGroup._id))
+                : undefined;
+            return { items: page.map(mongoGroupToRecord), nextCursor };
+        },
+        async updateGroup(groupId, updates) {
+            await Group.findByIdAndUpdate(groupId, { $set: updates });
+        },
+        async addGroupMember(groupId, userId, roles = []) {
+            const group = (await Group.findById(groupId, 'tenantId').lean());
+            if (!group)
+                throw new HttpError(404, 'Group not found');
+            try {
+                await GroupMembership.create({ groupId, userId, roles, tenantId: group.tenantId ?? null });
+            }
+            catch (err) {
+                if (err?.code === 11000)
+                    throw new HttpError(409, 'User is already a member of this group');
+                throw err;
+            }
+        },
+        async updateGroupMembership(groupId, userId, roles) {
+            await GroupMembership.findOneAndUpdate({ groupId, userId }, { $set: { roles } });
+        },
+        async removeGroupMember(groupId, userId) {
+            await GroupMembership.deleteOne({ groupId, userId });
+        },
+        async getGroupMembers(groupId, opts) {
+            const limit = Math.min(opts?.limit ?? 50, 200);
+            const filter = { groupId };
+            if (opts?.cursor) {
+                const c = decodeMongoCursor(opts.cursor);
+                if (c) {
+                    filter.$or = [
+                        { createdAt: { $gt: new Date(c.createdAt) } },
+                        { createdAt: new Date(c.createdAt), _id: { $gt: c.id } },
+                    ];
+                }
+            }
+            const docs = (await GroupMembership.find(filter, 'userId roles createdAt')
+                .sort({ createdAt: 1, _id: 1 })
+                .limit(limit + 1)
+                .lean());
+            const hasMore = docs.length > limit;
+            const page = hasMore ? docs.slice(0, limit) : docs;
+            const last = page[page.length - 1];
+            const nextCursor = hasMore && last?.createdAt
+                ? encodeMongoCursor(last.createdAt.getTime(), String(last._id))
+                : undefined;
+            return {
+                items: page.map(d => ({ userId: d.userId, roles: d.roles ?? [] })),
+                nextCursor,
+            };
+        },
+        async getUserGroups(userId, tenantId) {
+            const memberships = (await GroupMembership.find({ userId, tenantId: tenantId ?? null }, 'groupId roles').lean());
+            if (memberships.length === 0)
+                return [];
+            const groupIds = memberships.map(m => m.groupId);
+            const groups = (await Group.find({
+                _id: { $in: groupIds },
+            }).lean());
+            const groupMap = new Map(groups.map(g => [String(g._id), g]));
+            return memberships
+                .map((m) => ({
+                group: mongoGroupToRecord(groupMap.get(m.groupId)),
+                membershipRoles: m.roles ?? [],
+            }))
+                .filter(r => r.group);
+        },
+        async getEffectiveRoles(userId, tenantId) {
+            let direct = [];
+            if (tenantId) {
+                const doc = await TenantRole.findOne({ userId, tenantId }, 'roles').lean();
+                direct = doc?.roles ?? [];
+            }
+            else {
+                const user = await AuthUser.findById(userId, 'roles').lean();
+                direct = user?.roles ?? [];
+            }
+            const memberships = (await GroupMembership.find({ userId, tenantId: tenantId ?? null }, 'groupId roles').lean());
+            if (memberships.length === 0)
+                return [...new Set(direct)];
+            const groupIds = memberships.map(m => m.groupId);
+            const groups = (await Group.find({ _id: { $in: groupIds } }, 'roles').lean());
+            const groupMap = new Map(groups.map(g => [String(g._id), g.roles ?? []]));
+            const groupRoles = memberships.flatMap(m => [
+                ...(groupMap.get(m.groupId) ?? []),
+                ...(m.roles ?? []),
+            ]);
+            return [...new Set([...direct, ...groupRoles])];
+        },
+        // ---------------------------------------------------------------------------
+        // Password history
+        // ---------------------------------------------------------------------------
+        async getPasswordHistory(userId) {
+            const user = (await AuthUser.findById(userId, 'passwordHistory').lean());
+            return user?.passwordHistory ?? [];
+        },
+        async addPasswordToHistory(userId, hash, maxCount) {
+            await AuthUser.findByIdAndUpdate(userId, {
+                $push: {
+                    passwordHistory: {
+                        $each: [hash],
+                        $slice: -maxCount,
+                    },
+                },
+            });
+        },
+        // ---------------------------------------------------------------------------
+        // M2M client credentials
+        // ---------------------------------------------------------------------------
+        async getM2MClient(clientId) {
+            const client = await M2MClient.findOne({ clientId, active: true }).lean();
+            if (!client)
+                return null;
+            return {
+                id: String(client._id),
+                clientId: client.clientId,
+                name: client.name,
+                scopes: client.scopes,
+                active: client.active,
+                clientSecretHash: client.clientSecretHash,
+            };
+        },
+        async createM2MClient(data) {
+            const client = await M2MClient.create(data);
+            return { id: String(client._id) };
+        },
+        async deleteM2MClient(clientId) {
+            await M2MClient.deleteOne({ clientId });
+        },
+        async listM2MClients() {
+            const clients = (await M2MClient.find({}).lean());
+            return clients.map(c => ({
+                id: String(c._id),
+                clientId: c.clientId,
+                name: c.name,
+                scopes: c.scopes,
+                active: c.active,
+            }));
+        },
+    };
+}

package/dist/packages/bunshot-auth/src/adapters/sqliteAuth.d.ts

@@ -0,0 +1,88 @@
+import type { AuthAdapter } from '../lib/authAdapter';
+import { Database } from 'bun:sqlite';
+import type { AuthResolvedConfig } from '../config/authConfig';
+import type { OAuthCodePayload } from '../types/oauthCode';
+import type { OAuthReauthConfirmation, OAuthReauthState } from '../types/oauthReauth';
+import type { SessionInfo, SessionMetadata } from '../types/session';
+import type { RefreshResult } from '../types/session';
+export interface SqliteAuthResult {
+    db: Database;
+    adapter: AuthAdapter;
+    cleanupInterval: ReturnType<typeof setInterval> | null;
+    atomicCreateSession: (userId: string, token: string, sessionId: string, maxSessions: number, getConfig: () => AuthResolvedConfig, metadata?: SessionMetadata) => void;
+    createSession: (userId: string, token: string, sessionId: string, getConfig: () => AuthResolvedConfig, metadata?: SessionMetadata) => void;
+    getSession: (sessionId: string) => string | null;
+    getSessionRecord: (sessionId: string) => {
+        token: string;
+        lastActiveAt: number;
+    } | null;
+    deleteSession: (sessionId: string, getConfig: () => AuthResolvedConfig) => void;
+    getUserSessions: (userId: string, getConfig: () => AuthResolvedConfig) => SessionInfo[];
+    getActiveSessionCount: (userId: string) => number;
+    evictOldestSession: (userId: string, getConfig: () => AuthResolvedConfig) => void;
+    updateSessionLastActive: (sessionId: string) => void;
+    setRefreshToken: (sessionId: string, refreshToken: string) => void;
+    getSessionByRefreshToken: (refreshToken: string, getConfig: () => AuthResolvedConfig) => RefreshResult | null;
+    rotateRefreshToken: (sessionId: string, newRefreshToken: string, newAccessToken: string, getConfig: () => AuthResolvedConfig) => void;
+    getSessionFingerprint: (sessionId: string) => string | null;
+    setSessionFingerprint: (sessionId: string, fingerprint: string) => void;
+    getMfaVerifiedAt: (sessionId: string) => number | null;
+    setMfaVerifiedAt: (sessionId: string, ts: number) => void;
+    storeOAuthState: (state: string, codeVerifier?: string, linkUserId?: string) => void;
+    consumeOAuthState: (state: string) => {
+        codeVerifier?: string;
+        linkUserId?: string;
+    } | null;
+    getCache: (key: string) => string | null;
+    setCache: (key: string, value: string, ttlSeconds?: number) => void;
+    delCache: (key: string) => void;
+    delCachePattern: (pattern: string) => void;
+    createVerificationToken: (token: string, userId: string, email: string, ttlSeconds: number) => void;
+    getVerificationToken: (token: string) => {
+        userId: string;
+        email: string;
+    } | null;
+    deleteVerificationToken: (token: string) => void;
+    consumeVerificationToken: (token: string) => {
+        userId: string;
+        email: string;
+    } | null;
+    createResetToken: (token: string, userId: string, email: string, ttlSeconds: number) => void;
+    consumeResetToken: (hash: string) => {
+        userId: string;
+        email: string;
+    } | null;
+    createDeletionCancelToken: (token: string, userId: string, jobId: string, ttlSeconds: number) => void;
+    consumeDeletionCancelToken: (hash: string) => {
+        userId: string;
+        jobId: string;
+    } | null;
+    storeOAuthCode: (hash: string, payload: OAuthCodePayload, ttlSeconds: number) => void;
+    consumeOAuthCode: (hash: string) => OAuthCodePayload | null;
+    storeOAuthReauth: (hash: string, data: OAuthReauthState, ttlSeconds: number) => void;
+    consumeOAuthReauth: (hash: string) => OAuthReauthState | null;
+    storeOAuthReauthConfirmation: (hash: string, data: OAuthReauthConfirmation, ttlSeconds: number) => void;
+    consumeOAuthReauthConfirmation: (hash: string) => OAuthReauthConfirmation | null;
+    registerUpload: (record: {
+        key: string;
+        ownerUserId?: string;
+        tenantId?: string;
+        mimeType?: string;
+        bucket?: string;
+        createdAt: number;
+    }) => void;
+    getUploadRecord: (key: string) => {
+        key: string;
+        ownerUserId?: string;
+        tenantId?: string;
+        mimeType?: string;
+        bucket?: string;
+        createdAt: number;
+    } | null;
+    deleteUploadRecord: (key: string) => boolean;
+    createMagicLinkToken: (token: string, userId: string, ttlSeconds: number) => void;
+    consumeMagicLinkToken: (hash: string) => string | null;
+    startCleanup: (getConfig: () => AuthResolvedConfig, intervalMs?: number) => ReturnType<typeof setInterval>;
+    stopCleanup: () => void;
+}
+export declare function createSqliteAuthAdapter(path: string): SqliteAuthResult;