@lastshotlabs/bunshot 0.0.27 → 0.0.28

package/dist/lib/session.js

@@ -1,597 +0,0 @@
-import { getRedis } from "./redis";
-import { appConnection, mongoose } from "./mongo";
-import { getAppName, getPersistSessionMetadata, getIncludeInactiveSessions, getRotationGraceSeconds, getRefreshTokenExpiry } from "./appConfig";
-import { timingSafeEqual } from "./crypto";
-import { sqliteCreateSession, sqliteGetSession, sqliteDeleteSession, sqliteGetUserSessions, sqliteGetActiveSessionCount, sqliteEvictOldestSession, sqliteUpdateSessionLastActive, sqliteSetRefreshToken, sqliteGetSessionByRefreshToken, sqliteRotateRefreshToken, sqliteGetSessionFingerprint, sqliteSetSessionFingerprint, sqliteGetMfaVerifiedAt, sqliteSetMfaVerifiedAt, } from "../adapters/sqliteAuth";
-import { memoryCreateSession, memoryGetSession, memoryDeleteSession, memoryGetUserSessions, memoryGetActiveSessionCount, memoryEvictOldestSession, memoryUpdateSessionLastActive, memorySetRefreshToken, memoryGetSessionByRefreshToken, memoryRotateRefreshToken, memoryGetSessionFingerprint, memorySetSessionFingerprint, memoryGetMfaVerifiedAt, memorySetMfaVerifiedAt, } from "../adapters/memoryAuth";
-function getSessionModel() {
-    if (appConnection.models["Session"])
-        return appConnection.models["Session"];
-    const { Schema } = mongoose;
-    const sessionSchema = new Schema({
-        sessionId: { type: String, required: true, unique: true },
-        userId: { type: String, required: true, index: true },
-        token: { type: String, default: null },
-        createdAt: { type: Date, required: true },
-        lastActiveAt: { type: Date, required: true },
-        expiresAt: { type: Date, required: true },
-        ipAddress: { type: String },
-        userAgent: { type: String },
-        refreshToken: { type: String, default: null },
-        prevRefreshToken: { type: String, default: null },
-        prevTokenExpiresAt: { type: Date, default: null },
-        fingerprint: { type: String, default: null },
-        mfaVerifiedAt: { type: Number, default: null },
-    }, { collection: "sessions", timestamps: false });
-    sessionSchema.index({ refreshToken: 1 }, { unique: true, partialFilterExpression: { refreshToken: { $type: "string" } } });
-    // Add TTL index only when metadata is not persisted — docs auto-delete at expiresAt.
-    // When persisting, token is nulled (soft-delete) but the row is kept indefinitely.
-    if (!getPersistSessionMetadata()) {
-        sessionSchema.index({ expiresAt: 1 }, { expireAfterSeconds: 0 });
-    }
-    return appConnection.model("Session", sessionSchema);
-}
-let _store = "redis";
-export const setSessionStore = (store) => { _store = store; };
-// ---------------------------------------------------------------------------
-// TTL
-// ---------------------------------------------------------------------------
-const TTL_SECONDS = 60 * 60 * 24 * 7; // 7 days
-const TTL_MS = TTL_SECONDS * 1000;
-// ---------------------------------------------------------------------------
-// Redis helpers
-// ---------------------------------------------------------------------------
-function redisSessionKey(sessionId) {
-    return `session:${getAppName()}:${sessionId}`;
-}
-function redisUserSessionsKey(userId) {
-    return `usersessions:${getAppName()}:${userId}`;
-}
-function redisRefreshTokenKey(refreshToken) {
-    return `refreshtoken:${getAppName()}:${refreshToken}`;
-}
-async function redisCreateSession(userId, token, sessionId, metadata) {
-    const now = Date.now();
-    const expiresAt = now + TTL_MS;
-    const record = JSON.stringify({
-        sessionId, userId, token,
-        createdAt: now, lastActiveAt: now, expiresAt,
-        ipAddress: metadata?.ipAddress,
-        userAgent: metadata?.userAgent,
-    });
-    const redis = getRedis();
-    const persist = getPersistSessionMetadata();
-    if (persist) {
-        await redis.set(redisSessionKey(sessionId), record);
-    }
-    else {
-        await redis.set(redisSessionKey(sessionId), record, "EX", TTL_SECONDS);
-    }
-    // Sorted set: score = createdAt (oldest first)
-    await redis.zadd(redisUserSessionsKey(userId), now, sessionId);
-}
-async function redisGetSession(sessionId) {
-    const raw = await getRedis().get(redisSessionKey(sessionId));
-    if (!raw)
-        return null;
-    const rec = JSON.parse(raw);
-    if (!rec.token)
-        return null;
-    if (rec.expiresAt <= Date.now())
-        return null;
-    return rec.token;
-}
-async function redisDeleteSession(sessionId) {
-    const redis = getRedis();
-    const raw = await redis.get(redisSessionKey(sessionId));
-    if (!raw)
-        return;
-    const rec = JSON.parse(raw);
-    const persist = getPersistSessionMetadata();
-    // Clean up refresh token reverse-lookup keys
-    if (rec.refreshToken)
-        await redis.del(redisRefreshTokenKey(rec.refreshToken));
-    if (rec.prevRefreshToken)
-        await redis.del(redisRefreshTokenKey(rec.prevRefreshToken));
-    if (persist) {
-        const updated = { ...rec, token: null, refreshToken: null, prevRefreshToken: null, prevTokenExpiresAt: null };
-        await redis.set(redisSessionKey(sessionId), JSON.stringify(updated));
-    }
-    else {
-        await redis.del(redisSessionKey(sessionId));
-    }
-    if (!persist) {
-        await redis.zrem(redisUserSessionsKey(rec.userId), sessionId);
-    }
-}
-async function redisGetUserSessions(userId) {
-    const redis = getRedis();
-    const sessionIds = await redis.zrange(redisUserSessionsKey(userId), 0, -1);
-    if (!sessionIds.length)
-        return [];
-    const now = Date.now();
-    const raws = await redis.mget(...sessionIds.map(redisSessionKey));
-    const results = [];
-    const toRemove = [];
-    for (let i = 0; i < sessionIds.length; i++) {
-        const raw = raws[i];
-        if (!raw) {
-            toRemove.push(sessionIds[i]);
-            continue;
-        }
-        const rec = JSON.parse(raw);
-        const isActive = !!rec.token && rec.expiresAt > now;
-        if (!isActive && !getPersistSessionMetadata()) {
-            toRemove.push(sessionIds[i]);
-            continue;
-        }
-        if (!isActive && !getIncludeInactiveSessions())
-            continue;
-        results.push({
-            sessionId: rec.sessionId,
-            createdAt: Number(rec.createdAt),
-            lastActiveAt: Number(rec.lastActiveAt),
-            expiresAt: Number(rec.expiresAt),
-            ipAddress: rec.ipAddress,
-            userAgent: rec.userAgent,
-            isActive,
-        });
-    }
-    if (toRemove.length) {
-        await redis.zrem(redisUserSessionsKey(userId), ...toRemove);
-    }
-    return results;
-}
-async function redisGetActiveSessionCount(userId) {
-    const sessions = await redisGetUserSessions(userId);
-    return sessions.filter((s) => s.isActive).length;
-}
-async function redisEvictOldestSession(userId) {
-    const redis = getRedis();
-    // Sorted set is ordered oldest-first (score = createdAt)
-    const sessionIds = await redis.zrange(redisUserSessionsKey(userId), 0, -1);
-    const now = Date.now();
-    for (const sessionId of sessionIds) {
-        const raw = await redis.get(redisSessionKey(sessionId));
-        if (!raw) {
-            await redis.zrem(redisUserSessionsKey(userId), sessionId);
-            continue;
-        }
-        const rec = JSON.parse(raw);
-        if (rec.token && rec.expiresAt > now) {
-            await redisDeleteSession(sessionId);
-            return;
-        }
-    }
-}
-async function redisUpdateSessionLastActive(sessionId) {
-    const redis = getRedis();
-    const raw = await redis.get(redisSessionKey(sessionId));
-    if (!raw)
-        return;
-    const rec = JSON.parse(raw);
-    rec.lastActiveAt = Date.now();
-    if (getPersistSessionMetadata()) {
-        await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
-    }
-    else {
-        const now = Date.now();
-        if (rec.expiresAt <= now) {
-            await redisDeleteSession(sessionId);
-            return;
-        }
-        const ttlRemaining = Math.max(1, Math.ceil((rec.expiresAt - now) / 1000));
-        await redis.set(redisSessionKey(sessionId), JSON.stringify(rec), "EX", ttlRemaining);
-    }
-}
-async function redisSetRefreshToken(sessionId, refreshToken) {
-    const redis = getRedis();
-    const raw = await redis.get(redisSessionKey(sessionId));
-    if (!raw)
-        return;
-    const rec = JSON.parse(raw);
-    rec.refreshToken = refreshToken;
-    const refreshExpiry = getRefreshTokenExpiry();
-    await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
-    await redis.set(redisRefreshTokenKey(refreshToken), sessionId, "EX", refreshExpiry);
-}
-async function redisGetSessionByRefreshToken(refreshToken) {
-    const redis = getRedis();
-    const sessionId = await redis.get(redisRefreshTokenKey(refreshToken));
-    if (!sessionId)
-        return null;
-    const raw = await redis.get(redisSessionKey(sessionId));
-    if (!raw)
-        return null;
-    const rec = JSON.parse(raw);
-    // Current refresh token matches
-    if (timingSafeEqual(rec.refreshToken ?? "", refreshToken)) {
-        return { sessionId: rec.sessionId, userId: rec.userId, newRefreshToken: refreshToken };
-    }
-    // Check grace window: old token used within grace period
-    if (timingSafeEqual(rec.prevRefreshToken ?? "", refreshToken) && rec.prevTokenExpiresAt && rec.prevTokenExpiresAt > Date.now()) {
-        // Return current refresh token — client missed the rotation response
-        return { sessionId: rec.sessionId, userId: rec.userId, newRefreshToken: rec.refreshToken };
-    }
-    // Old token used after grace window — token family theft detected, invalidate session
-    if (timingSafeEqual(rec.prevRefreshToken ?? "", refreshToken)) {
-        await redisDeleteSession(sessionId);
-        return null;
-    }
-    return null;
-}
-async function redisRotateRefreshToken(sessionId, newRefreshToken, newAccessToken) {
-    const redis = getRedis();
-    const raw = await redis.get(redisSessionKey(sessionId));
-    if (!raw)
-        return;
-    const rec = JSON.parse(raw);
-    const graceSeconds = getRotationGraceSeconds();
-    const refreshExpiry = getRefreshTokenExpiry();
-    // Move current to prev with grace window
-    const oldRefreshToken = rec.refreshToken;
-    rec.prevRefreshToken = oldRefreshToken;
-    rec.prevTokenExpiresAt = Date.now() + graceSeconds * 1000;
-    rec.refreshToken = newRefreshToken;
-    rec.token = newAccessToken;
-    await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
-    // Set new reverse-lookup with full refresh expiry
-    await redis.set(redisRefreshTokenKey(newRefreshToken), sessionId, "EX", refreshExpiry);
-    // Update old reverse-lookup to expire after grace window.
-    // Use a minimum TTL of 60s so that theft detection still works when grace is 0.
-    if (oldRefreshToken) {
-        const oldKeyTtl = Math.max(graceSeconds, 60);
-        await redis.expire(redisRefreshTokenKey(oldRefreshToken), oldKeyTtl);
-    }
-}
-// ---------------------------------------------------------------------------
-// Mongo helpers
-// ---------------------------------------------------------------------------
-async function mongoGetUserSessions(userId) {
-    const now = new Date();
-    const includeInactive = getIncludeInactiveSessions();
-    const persist = getPersistSessionMetadata();
-    const query = { userId };
-    if (!includeInactive) {
-        query.token = { $ne: null };
-        query.expiresAt = { $gt: now };
-    }
-    const docs = await getSessionModel().find(query).lean();
-    const results = [];
-    for (const doc of docs) {
-        const isActive = !!doc.token && doc.expiresAt > now;
-        if (!isActive && !persist)
-            continue;
-        if (!isActive && !includeInactive)
-            continue;
-        results.push({
-            sessionId: doc.sessionId,
-            createdAt: doc.createdAt.getTime(),
-            lastActiveAt: doc.lastActiveAt.getTime(),
-            expiresAt: doc.expiresAt.getTime(),
-            ipAddress: doc.ipAddress,
-            userAgent: doc.userAgent,
-            isActive,
-        });
-    }
-    return results;
-}
-async function mongoSetRefreshToken(sessionId, refreshToken) {
-    await getSessionModel().updateOne({ sessionId }, { $set: { refreshToken } });
-}
-async function mongoGetSessionByRefreshToken(refreshToken) {
-    const Session = getSessionModel();
-    // Check current refresh token
-    let doc = await Session.findOne({ refreshToken }).lean();
-    if (doc) {
-        return { sessionId: doc.sessionId, userId: doc.userId, newRefreshToken: refreshToken };
-    }
-    // Check previous refresh token (grace window)
-    doc = await Session.findOne({ prevRefreshToken: refreshToken }).lean();
-    if (!doc)
-        return null;
-    if (doc.prevTokenExpiresAt && doc.prevTokenExpiresAt > new Date()) {
-        // Within grace window — return current refresh token
-        return { sessionId: doc.sessionId, userId: doc.userId, newRefreshToken: doc.refreshToken };
-    }
-    // Grace window expired — token family theft detected, invalidate session
-    if (getPersistSessionMetadata()) {
-        await Session.updateOne({ sessionId: doc.sessionId }, { $set: { token: null, refreshToken: null, prevRefreshToken: null, prevTokenExpiresAt: null } });
-    }
-    else {
-        await Session.deleteOne({ sessionId: doc.sessionId });
-    }
-    return null;
-}
-async function mongoRotateRefreshToken(sessionId, newRefreshToken, newAccessToken) {
-    const graceSeconds = getRotationGraceSeconds();
-    const Session = getSessionModel();
-    const doc = await Session.findOne({ sessionId });
-    if (!doc)
-        return;
-    doc.prevRefreshToken = doc.refreshToken;
-    doc.prevTokenExpiresAt = new Date(Date.now() + graceSeconds * 1000);
-    doc.refreshToken = newRefreshToken;
-    doc.token = newAccessToken;
-    await doc.save();
-}
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-export const createSession = async (userId, token, sessionId, metadata) => {
-    if (_store === "memory") {
-        memoryCreateSession(userId, token, sessionId, metadata);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteCreateSession(userId, token, sessionId, metadata);
-        return;
-    }
-    if (_store === "redis") {
-        await redisCreateSession(userId, token, sessionId, metadata);
-        return;
-    }
-    // mongo
-    const now = new Date();
-    const expiresAt = new Date(Date.now() + TTL_MS);
-    await getSessionModel().create({
-        sessionId, userId, token,
-        createdAt: now, lastActiveAt: now, expiresAt,
-        ipAddress: metadata?.ipAddress,
-        userAgent: metadata?.userAgent,
-    });
-};
-export const getSession = async (sessionId) => {
-    if (_store === "memory")
-        return memoryGetSession(sessionId);
-    if (_store === "sqlite")
-        return sqliteGetSession(sessionId);
-    if (_store === "redis")
-        return redisGetSession(sessionId);
-    // mongo
-    const doc = await getSessionModel()
-        .findOne({ sessionId, expiresAt: { $gt: new Date() } }, "token")
-        .lean();
-    return doc?.token ?? null;
-};
-export const deleteSession = async (sessionId) => {
-    if (_store === "memory") {
-        memoryDeleteSession(sessionId);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteDeleteSession(sessionId);
-        return;
-    }
-    if (_store === "redis") {
-        await redisDeleteSession(sessionId);
-        return;
-    }
-    // mongo
-    if (getPersistSessionMetadata()) {
-        await getSessionModel().updateOne({ sessionId }, { $set: { token: null, refreshToken: null, prevRefreshToken: null, prevTokenExpiresAt: null } });
-    }
-    else {
-        await getSessionModel().deleteOne({ sessionId });
-    }
-};
-export const getUserSessions = async (userId) => {
-    if (_store === "memory")
-        return memoryGetUserSessions(userId);
-    if (_store === "sqlite")
-        return sqliteGetUserSessions(userId);
-    if (_store === "redis")
-        return redisGetUserSessions(userId);
-    return mongoGetUserSessions(userId);
-};
-export const getActiveSessionCount = async (userId) => {
-    if (_store === "memory")
-        return memoryGetActiveSessionCount(userId);
-    if (_store === "sqlite")
-        return sqliteGetActiveSessionCount(userId);
-    if (_store === "redis")
-        return redisGetActiveSessionCount(userId);
-    // mongo
-    const now = new Date();
-    return getSessionModel().countDocuments({ userId, token: { $ne: null }, expiresAt: { $gt: now } });
-};
-export const evictOldestSession = async (userId) => {
-    if (_store === "memory") {
-        memoryEvictOldestSession(userId);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteEvictOldestSession(userId);
-        return;
-    }
-    if (_store === "redis") {
-        await redisEvictOldestSession(userId);
-        return;
-    }
-    // mongo — oldest active session by createdAt
-    const now = new Date();
-    const oldest = await getSessionModel()
-        .findOne({ userId, token: { $ne: null }, expiresAt: { $gt: now } }, "sessionId")
-        .sort({ createdAt: 1 })
-        .lean();
-    if (oldest)
-        await deleteSession(oldest.sessionId);
-};
-export const deleteUserSessions = async (userId) => {
-    const sessions = await getUserSessions(userId);
-    await Promise.all(sessions.map((s) => deleteSession(s.sessionId)));
-};
-export const updateSessionLastActive = async (sessionId) => {
-    if (_store === "memory") {
-        memoryUpdateSessionLastActive(sessionId);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteUpdateSessionLastActive(sessionId);
-        return;
-    }
-    if (_store === "redis") {
-        await redisUpdateSessionLastActive(sessionId);
-        return;
-    }
-    // mongo
-    await getSessionModel().updateOne({ sessionId }, { $set: { lastActiveAt: new Date() } });
-};
-// ---------------------------------------------------------------------------
-// Refresh token API
-// ---------------------------------------------------------------------------
-/** Store a refresh token on an existing session (called after session creation). */
-export const setRefreshToken = async (sessionId, refreshToken) => {
-    if (_store === "memory") {
-        memorySetRefreshToken(sessionId, refreshToken);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteSetRefreshToken(sessionId, refreshToken);
-        return;
-    }
-    if (_store === "redis") {
-        await redisSetRefreshToken(sessionId, refreshToken);
-        return;
-    }
-    await mongoSetRefreshToken(sessionId, refreshToken);
-};
-/** Look up a session by refresh token. Handles grace window and theft detection. */
-export const getSessionByRefreshToken = async (refreshToken) => {
-    if (_store === "memory")
-        return memoryGetSessionByRefreshToken(refreshToken);
-    if (_store === "sqlite")
-        return sqliteGetSessionByRefreshToken(refreshToken);
-    if (_store === "redis")
-        return redisGetSessionByRefreshToken(refreshToken);
-    return mongoGetSessionByRefreshToken(refreshToken);
-};
-/** Rotate the refresh token: move current to prev with grace window, set new token + access token. */
-export const rotateRefreshToken = async (sessionId, newRefreshToken, newAccessToken) => {
-    if (_store === "memory") {
-        memoryRotateRefreshToken(sessionId, newRefreshToken, newAccessToken);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteRotateRefreshToken(sessionId, newRefreshToken, newAccessToken);
-        return;
-    }
-    if (_store === "redis") {
-        await redisRotateRefreshToken(sessionId, newRefreshToken, newAccessToken);
-        return;
-    }
-    await mongoRotateRefreshToken(sessionId, newRefreshToken, newAccessToken);
-};
-// ---------------------------------------------------------------------------
-// Session fingerprint API (session binding feature)
-// ---------------------------------------------------------------------------
-/** Read the stored fingerprint for a session. Returns null if not yet set. */
-export const getSessionFingerprint = async (sessionId) => {
-    if (_store === "memory")
-        return memoryGetSessionFingerprint(sessionId);
-    if (_store === "sqlite")
-        return sqliteGetSessionFingerprint(sessionId);
-    if (_store === "redis") {
-        const redis = getRedis();
-        const raw = await redis.get(redisSessionKey(sessionId));
-        if (!raw)
-            return null;
-        const rec = JSON.parse(raw);
-        return rec.fingerprint ?? null;
-    }
-    // mongo
-    const doc = await getSessionModel().findOne({ sessionId }, "fingerprint").lean();
-    return doc?.fingerprint ?? null;
-};
-/** Store a fingerprint on an existing session. No-op if the session does not exist. */
-export const setSessionFingerprint = async (sessionId, fingerprint) => {
-    if (_store === "memory") {
-        memorySetSessionFingerprint(sessionId, fingerprint);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteSetSessionFingerprint(sessionId, fingerprint);
-        return;
-    }
-    if (_store === "redis") {
-        const redis = getRedis();
-        const raw = await redis.get(redisSessionKey(sessionId));
-        if (!raw)
-            return;
-        const rec = JSON.parse(raw);
-        rec.fingerprint = fingerprint;
-        if (getPersistSessionMetadata()) {
-            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
-        }
-        else {
-            const now = Date.now();
-            if (rec.expiresAt <= now)
-                return;
-            const ttlRemaining = Math.max(1, Math.ceil((rec.expiresAt - now) / 1000));
-            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec), "EX", ttlRemaining);
-        }
-        return;
-    }
-    // mongo
-    await getSessionModel().updateOne({ sessionId }, { $set: { fingerprint } });
-};
-// ---------------------------------------------------------------------------
-// Step-up MFA API (mfaVerifiedAt)
-// ---------------------------------------------------------------------------
-/**
- * Store the timestamp when MFA was last verified in the session metadata.
- * Used by requireStepUp middleware.
- */
-export const setMfaVerifiedAt = async (sessionId) => {
-    const now = Math.floor(Date.now() / 1000);
-    if (_store === "memory") {
-        memorySetMfaVerifiedAt(sessionId, now);
-        return;
-    }
-    if (_store === "sqlite") {
-        sqliteSetMfaVerifiedAt(sessionId, now);
-        return;
-    }
-    if (_store === "redis") {
-        const redis = getRedis();
-        const raw = await redis.get(redisSessionKey(sessionId));
-        if (!raw)
-            return;
-        const rec = JSON.parse(raw);
-        rec.mfaVerifiedAt = now;
-        if (getPersistSessionMetadata()) {
-            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec));
-        }
-        else {
-            const nowMs = Date.now();
-            if (rec.expiresAt <= nowMs)
-                return;
-            const ttlRemaining = Math.max(1, Math.ceil((rec.expiresAt - nowMs) / 1000));
-            await redis.set(redisSessionKey(sessionId), JSON.stringify(rec), "EX", ttlRemaining);
-        }
-        return;
-    }
-    // mongo
-    await getSessionModel().updateOne({ sessionId }, { $set: { mfaVerifiedAt: now } });
-};
-/**
- * Get the Unix timestamp (seconds) when MFA was last verified for this session.
- * Returns null if MFA has never been verified or session not found.
- */
-export const getMfaVerifiedAt = async (sessionId) => {
-    if (_store === "memory")
-        return memoryGetMfaVerifiedAt(sessionId);
-    if (_store === "sqlite")
-        return sqliteGetMfaVerifiedAt(sessionId);
-    if (_store === "redis") {
-        const redis = getRedis();
-        const raw = await redis.get(redisSessionKey(sessionId));
-        if (!raw)
-            return null;
-        const rec = JSON.parse(raw);
-        return rec.mfaVerifiedAt ?? null;
-    }
-    // mongo
-    const doc = await getSessionModel().findOne({ sessionId }, "mfaVerifiedAt").lean();
-    return doc?.mfaVerifiedAt ?? null;
-};

package/dist/lib/tenant.d.ts

@@ -1,15 +0,0 @@
-export interface TenantInfo {
-    tenantId: string;
-    displayName?: string;
-    config?: Record<string, unknown>;
-    createdAt: Date;
-    deletedAt?: Date | null;
-}
-export interface CreateTenantOptions {
-    displayName?: string;
-    config?: Record<string, unknown>;
-}
-export declare const createTenant: (tenantId: string, options?: CreateTenantOptions) => Promise<void>;
-export declare const deleteTenant: (tenantId: string) => Promise<void>;
-export declare const getTenant: (tenantId: string) => Promise<TenantInfo | null>;
-export declare const listTenants: () => Promise<TenantInfo[]>;

package/dist/lib/tenant.js

@@ -1,65 +0,0 @@
-import { authConnection, mongoose } from "./mongo";
-let _TenantModel = null;
-function getTenantModel() {
-    if (!_TenantModel) {
-        const { Schema } = mongoose;
-        const schema = new Schema({
-            tenantId: { type: String, required: true, unique: true },
-            displayName: { type: String },
-            config: { type: Schema.Types.Mixed },
-            deletedAt: { type: Date, default: null },
-        }, { timestamps: true });
-        _TenantModel = authConnection.model("Tenant", schema);
-    }
-    return _TenantModel;
-}
-// Proxy for lazy model resolution (same pattern as AuthUser)
-const Tenant = new Proxy({}, {
-    get(_, prop) {
-        const model = getTenantModel();
-        const val = model[prop];
-        return typeof val === "function" ? val.bind(model) : val;
-    },
-});
-export const createTenant = async (tenantId, options) => {
-    const existing = await Tenant.findOne({ tenantId }).lean();
-    if (existing && !existing.deletedAt) {
-        throw new Error(`Tenant "${tenantId}" already exists`);
-    }
-    if (existing && existing.deletedAt) {
-        // Reactivate soft-deleted tenant
-        await Tenant.findOneAndUpdate({ tenantId }, { $set: { deletedAt: null, displayName: options?.displayName, config: options?.config } });
-        return;
-    }
-    await Tenant.create({
-        tenantId,
-        displayName: options?.displayName,
-        config: options?.config,
-    });
-};
-export const deleteTenant = async (tenantId) => {
-    const { invalidateTenantCache } = await import("../middleware/tenant");
-    // Soft-delete
-    await Tenant.findOneAndUpdate({ tenantId }, { $set: { deletedAt: new Date() } });
-    invalidateTenantCache(tenantId);
-};
-export const getTenant = async (tenantId) => {
-    const doc = await Tenant.findOne({ tenantId, deletedAt: null }).lean();
-    if (!doc)
-        return null;
-    return {
-        tenantId: doc.tenantId,
-        displayName: doc.displayName,
-        config: doc.config,
-        createdAt: doc.createdAt,
-    };
-};
-export const listTenants = async () => {
-    const docs = await Tenant.find({ deletedAt: null }).lean();
-    return docs.map((doc) => ({
-        tenantId: doc.tenantId,
-        displayName: doc.displayName,
-        config: doc.config,
-        createdAt: doc.createdAt,
-    }));
-};