npm - @lastshotlabs/bunshot - Versions diffs - 0.0.9 → 0.0.10 - Mend

@lastshotlabs/bunshot 0.0.9 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/README.md +70 -3
package/dist/adapters/memoryAuth.d.ts +5 -0
package/dist/adapters/memoryAuth.js +23 -0
package/dist/adapters/sqliteAuth.d.ts +5 -0
package/dist/adapters/sqliteAuth.js +18 -0
package/dist/app.d.ts +18 -2
package/dist/app.js +18 -5
package/dist/entrypoints/mongo.d.ts +3 -0
package/dist/entrypoints/mongo.js +3 -0
package/dist/entrypoints/queue.d.ts +2 -0
package/dist/entrypoints/queue.js +1 -0
package/dist/entrypoints/redis.d.ts +1 -0
package/dist/entrypoints/redis.js +1 -0
package/dist/index.d.ts +4 -7
package/dist/index.js +4 -5
package/dist/lib/appConfig.d.ts +9 -0
package/dist/lib/appConfig.js +5 -0
package/dist/lib/emailVerification.js +11 -10
package/dist/lib/mongo.d.ts +9 -4
package/dist/lib/mongo.js +61 -10
package/dist/lib/oauth.js +11 -10
package/dist/lib/queue.d.ts +3 -4
package/dist/lib/queue.js +18 -3
package/dist/lib/redis.d.ts +3 -8
package/dist/lib/redis.js +19 -8
package/dist/lib/resetPassword.d.ts +12 -0
package/dist/lib/resetPassword.js +95 -0
package/dist/lib/session.js +12 -12
package/dist/middleware/cacheResponse.js +10 -9
package/dist/models/AuthUser.d.ts +14 -106
package/dist/models/AuthUser.js +31 -14
package/dist/routes/auth.d.ts +3 -2
package/dist/routes/auth.js +76 -1
package/package.json +38 -8

package/README.md CHANGED Viewed

@@ -60,6 +60,48 @@ bun add @lastshotlabs/bunshot
 ---
+## Peer Dependencies
+Bunshot declares the following as peer dependencies so you control their versions and avoid duplicate installs in your app.
+### Required
+These must be installed in every consuming app:
+```bash
+bun add hono zod
+```
+| Package | Required version |
+|---|---|
+| `hono` | `>=4.12 <5` |
+| `zod` | `>=4.0 <5` |
+### Optional
+Install only what your app actually uses:
+```bash
+# MongoDB auth / sessions / cache
+bun add mongoose
+# Redis sessions, cache, rate limiting, or BullMQ
+bun add ioredis
+# Background job queues
+bun add bullmq
+```
+| Package | Required version | When you need it |
+|---|---|---|
+| `mongoose` | `>=9.0 <10` | `db.auth: "mongo"`, `db.sessions: "mongo"`, or `db.cache: "mongo"` |
+| `ioredis` | `>=5.0 <6` | `db.redis: true` (the default), or any store set to `"redis"` |
+| `bullmq` | `>=5.0 <6` | Workers / queues |
+If you're running fully on SQLite or memory (no Redis, no MongoDB), none of the optional peers are needed.
+---
 ## Quick Start
 ```ts
@@ -85,6 +127,8 @@ That's it. Your app gets:
 | `DELETE /auth/sessions/:sessionId` | Revoke a specific session by ID (requires login) |
 | `POST /auth/verify-email` | Verify email with token (when `emailVerification` is configured) |
 | `POST /auth/resend-verification` | Resend verification email (requires login, when `emailVerification` is configured) |
+| `POST /auth/forgot-password` | Request a password reset email (when `passwordReset` is configured) |
+| `POST /auth/reset-password` | Reset password using a token from the reset email (when `passwordReset` is configured) |
 | `GET /health` | Health check |
 | `GET /docs` | Scalar API docs UI |
 | `GET /openapi.json` | OpenAPI spec |
@@ -197,18 +241,31 @@ await createServer({
 Import `appConnection` and register models on it. This ensures your models use the correct connection whether you're on a single DB or a separate tenant DB.
+`appConnection` is a lazy proxy — calling `.model()` at the top level works fine even before `connectMongo()` has been called. Mongoose buffers any queries until the connection is established.
 ```ts
 // src/models/Product.ts
-import { appConnection, mongoose } from "@lastshotlabs/bunshot";
+import { appConnection } from "@lastshotlabs/bunshot";
+import { Schema } from "mongoose";
+import type { HydratedDocument } from "mongoose";
-const ProductSchema = new mongoose.Schema({
+interface IProduct {
+  name: string;
+  price: number;
+}
+export type ProductDocument = HydratedDocument<IProduct>;
+const ProductSchema = new Schema<IProduct>({
   name: { type: String, required: true },
   price: { type: Number, required: true },
 }, { timestamps: true });
-export const Product = appConnection.model("Product", ProductSchema);
+export const Product = appConnection.model<IProduct>("Product", ProductSchema);
 ```
+> **Note:** Import types (`HydratedDocument`, `Schema`, etc.) directly from `"mongoose"` — the `appConnection` and `mongoose` exports from bunshot are runtime proxies and cannot be used as TypeScript namespaces.
 ---
 ## Jobs (BullMQ)
@@ -724,11 +781,19 @@ await createServer({
         await resend.emails.send({ to: email, subject: "Verify your email", text: `Token: ${token}` });
       },
     },
+    passwordReset: {                        // optional — only active when primaryField is "email"
+      tokenExpiry: 60 * 60,                 // default: 3600 (1 hour) — token TTL in seconds
+      onSend: async (email, token) => {     // called by POST /auth/forgot-password — use any email provider
+        await resend.emails.send({ to: email, subject: "Reset your password", text: `Token: ${token}` });
+      },
+    },
     rateLimit: {                            // optional — built-in auth endpoint rate limiting
       login:              { windowMs: 15 * 60 * 1000, max: 10 }, // default: 10 failures / 15 min
       register:           { windowMs: 60 * 60 * 1000, max: 5  }, // default: 5 attempts / hour (per IP)
       verifyEmail:        { windowMs: 15 * 60 * 1000, max: 10 }, // default: 10 attempts / 15 min (per IP)
       resendVerification: { windowMs: 60 * 60 * 1000, max: 3  }, // default: 3 attempts / hour (per user)
+      forgotPassword:     { windowMs: 15 * 60 * 1000, max: 5  }, // default: 5 attempts / 15 min (per IP)
+      resetPassword:      { windowMs: 15 * 60 * 1000, max: 10 }, // default: 10 attempts / 15 min (per IP)
       store: "redis",                       // default: "redis" when Redis is enabled, else "memory"
     },
     sessionPolicy: {                        // optional — session concurrency and metadata
@@ -994,6 +1059,8 @@ All built-in auth endpoints are rate-limited out of the box with sensible defaul
 | `POST /auth/register` | IP address | Every attempt | 5 / hour |
 | `POST /auth/verify-email` | IP address | Every attempt | 10 / 15 min |
 | `POST /auth/resend-verification` | User ID (authenticated) | Every attempt | 3 / hour |
+| `POST /auth/forgot-password` | IP address | Every attempt | 5 / 15 min |
+| `POST /auth/reset-password` | IP address | Every attempt | 10 / 15 min |
 Login is keyed by the **identifier being targeted** — an attacker rotating IPs to brute-force `alice@example.com` is blocked regardless of source IP. A successful login resets the counter so legitimate users aren't locked out.

package/dist/adapters/memoryAuth.d.ts CHANGED Viewed

@@ -25,3 +25,8 @@ export declare const memoryGetVerificationToken: (token: string) => {
     email: string;
 } | null;
 export declare const memoryDeleteVerificationToken: (token: string) => void;
+export declare const memoryCreateResetToken: (token: string, userId: string, email: string, ttlSeconds: number) => void;
+export declare const memoryConsumeResetToken: (hash: string) => {
+    userId: string;
+    email: string;
+} | null;

package/dist/adapters/memoryAuth.js CHANGED Viewed

@@ -7,6 +7,7 @@ const _userSessionIds = new Map(); // userId → Set<sessionId>
 const _oauthStates = new Map();
 const _cache = new Map();
 const _verificationTokens = new Map();
+const _resetTokens = new Map();
 /** Reset all in-memory state. Useful for test isolation. */
 export const clearMemoryStore = () => {
     _users.clear();
@@ -16,6 +17,7 @@ export const clearMemoryStore = () => {
     _oauthStates.clear();
     _cache.clear();
     _verificationTokens.clear();
+    _resetTokens.clear();
 };
 // ---------------------------------------------------------------------------
 // Auth adapter
@@ -290,3 +292,24 @@ export const memoryGetVerificationToken = (token) => {
 export const memoryDeleteVerificationToken = (token) => {
     _verificationTokens.delete(token);
 };
+// ---------------------------------------------------------------------------
+// Password reset token helpers (used by src/lib/resetPassword.ts)
+// ---------------------------------------------------------------------------
+export const memoryCreateResetToken = (token, userId, email, ttlSeconds) => {
+    const now = Date.now();
+    // Opportunistically purge expired entries to prevent unbounded memory growth
+    for (const [k, v] of _resetTokens) {
+        if (v.expiresAt <= now)
+            _resetTokens.delete(k);
+    }
+    _resetTokens.set(token, { userId, email, expiresAt: now + ttlSeconds * 1000 });
+};
+export const memoryConsumeResetToken = (hash) => {
+    const entry = _resetTokens.get(hash);
+    if (!entry || entry.expiresAt <= Date.now()) {
+        _resetTokens.delete(hash);
+        return null;
+    }
+    _resetTokens.delete(hash);
+    return { userId: entry.userId, email: entry.email };
+};

package/dist/adapters/sqliteAuth.d.ts CHANGED Viewed

@@ -25,4 +25,9 @@ export declare const sqliteGetVerificationToken: (token: string) => {
     email: string;
 } | null;
 export declare const sqliteDeleteVerificationToken: (token: string) => void;
+export declare const sqliteCreateResetToken: (token: string, userId: string, email: string, ttlSeconds: number) => void;
+export declare const sqliteConsumeResetToken: (hash: string) => {
+    userId: string;
+    email: string;
+} | null;
 export declare const startSqliteCleanup: (intervalMs?: number) => ReturnType<typeof setInterval>;

package/dist/adapters/sqliteAuth.js CHANGED Viewed

@@ -65,6 +65,12 @@ function initSchema(db) {
     email     TEXT NOT NULL,
     expiresAt INTEGER NOT NULL
   )`);
+    db.run(`CREATE TABLE IF NOT EXISTS password_resets (
+    token     TEXT PRIMARY KEY,
+    userId    TEXT NOT NULL,
+    email     TEXT NOT NULL,
+    expiresAt INTEGER NOT NULL
+  )`);
 }
 // ---------------------------------------------------------------------------
 // Auth adapter
@@ -282,6 +288,17 @@ export const sqliteDeleteVerificationToken = (token) => {
     getDb().run("DELETE FROM email_verifications WHERE token = ?", [token]);
 };
 // ---------------------------------------------------------------------------
+// Password reset token helpers (used by src/lib/resetPassword.ts)
+// ---------------------------------------------------------------------------
+export const sqliteCreateResetToken = (token, userId, email, ttlSeconds) => {
+    const expiresAt = Date.now() + ttlSeconds * 1000;
+    getDb().run("INSERT INTO password_resets (token, userId, email, expiresAt) VALUES (?, ?, ?, ?)", [token, userId, email, expiresAt]);
+};
+export const sqliteConsumeResetToken = (hash) => {
+    const row = getDb().query("DELETE FROM password_resets WHERE token = ? AND expiresAt > ? RETURNING userId, email").get(hash, Date.now());
+    return row ?? null;
+};
+// ---------------------------------------------------------------------------
 // Optional periodic cleanup of expired rows
 // ---------------------------------------------------------------------------
 export const startSqliteCleanup = (intervalMs = 3_600_000) => {
@@ -298,5 +315,6 @@ export const startSqliteCleanup = (intervalMs = 3_600_000) => {
         db.run("DELETE FROM oauth_states WHERE expiresAt <= ?", [now]);
         db.run("DELETE FROM cache_entries WHERE expiresAt IS NOT NULL AND expiresAt <= ?", [now]);
         db.run("DELETE FROM email_verifications WHERE expiresAt <= ?", [now]);
+        db.run("DELETE FROM password_resets WHERE expiresAt <= ?", [now]);
     }, intervalMs);
 };

package/dist/app.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { OpenAPIHono } from "@hono/zod-openapi";
 import type { MiddlewareHandler } from "hono";
 import type { AppEnv } from "./lib/context";
-import type { PrimaryField, EmailVerificationConfig } from "./lib/appConfig";
+import type { PrimaryField, EmailVerificationConfig, PasswordResetConfig } from "./lib/appConfig";
 import type { AuthAdapter } from "./lib/authAdapter";
 import type { OAuthProviderConfig } from "./lib/oauth";
 type StoreType = "redis" | "mongo" | "sqlite" | "memory";
@@ -82,6 +82,16 @@ export interface AuthRateLimitConfig {
         windowMs?: number;
         max?: number;
     };
+    /** Max forgot-password requests per IP per window. Default: 5 per 15 min. */
+    forgotPassword?: {
+        windowMs?: number;
+        max?: number;
+    };
+    /** Max reset-password attempts per IP per window. Default: 10 per 15 min. */
+    resetPassword?: {
+        windowMs?: number;
+        max?: number;
+    };
     /**
      * Store backend for auth rate limit counters.
      * Defaults to "redis" when Redis is enabled, otherwise "memory".
@@ -116,6 +126,12 @@ export interface AuthConfig {
      * Provide an onSend callback to send the verification email via any provider (Resend, SendGrid, etc.).
      */
     emailVerification?: EmailVerificationConfig;
+    /**
+     * Password reset configuration. Only active when primaryField is "email".
+     * Provide an onSend callback to send the reset email via any provider (Resend, SendGrid, etc.).
+     * Mounts POST /auth/forgot-password and POST /auth/reset-password.
+     */
+    passwordReset?: PasswordResetConfig;
     /** Rate limit configuration for built-in auth endpoints. */
     rateLimit?: AuthRateLimitConfig;
     /** Session concurrency and metadata persistence policy. */
@@ -140,7 +156,7 @@ export interface AuthSessionPolicyConfig {
      */
     trackLastActive?: boolean;
 }
-export type { PrimaryField, EmailVerificationConfig };
+export type { PrimaryField, EmailVerificationConfig, PasswordResetConfig };
 export interface BotProtectionConfig {
     /**
      * List of IPv4 CIDRs (e.g. "198.51.100.0/24"), IPv4 addresses, or IPv6 addresses to block outright.

package/dist/app.js CHANGED Viewed

@@ -8,8 +8,9 @@ import { rateLimit } from "./middleware/rateLimit";
 import { bearerAuth } from "./middleware/bearerAuth";
 import { identify } from "./middleware/identify";
 import { HEADER_USER_TOKEN } from "./lib/constants";
-import { setAppName, setAppRoles, setDefaultRole, setPrimaryField, setEmailVerificationConfig, setMaxSessions, setPersistSessionMetadata, setIncludeInactiveSessions, setTrackLastActive } from "./lib/appConfig";
+import { setAppName, setAppRoles, setDefaultRole, setPrimaryField, setEmailVerificationConfig, setPasswordResetConfig, setMaxSessions, setPersistSessionMetadata, setIncludeInactiveSessions, setTrackLastActive } from "./lib/appConfig";
 import { setEmailVerificationStore } from "./lib/emailVerification";
+import { setPasswordResetStore } from "./lib/resetPassword";
 import { setAuthRateLimitStore } from "./lib/authRateLimit";
 import { setAuthAdapter } from "./lib/authAdapter";
 import { mongoAuthAdapter } from "./adapters/mongoAuth";
@@ -39,6 +40,7 @@ export const createApp = async (config) => {
     const defaultRole = authConfig.defaultRole;
     const primaryField = authConfig.primaryField ?? "email";
     const emailVerification = authConfig.emailVerification;
+    const passwordReset = authConfig.passwordReset;
     const authRateLimit = authConfig.rateLimit;
     const sessionPolicy = authConfig.sessionPolicy ?? {};
     const { sqlite, mongo = "single", redis: enableRedis = true } = db;
@@ -82,20 +84,31 @@ export const createApp = async (config) => {
     else {
         authAdapter = mongoAuthAdapter;
     }
+    if (defaultRole && !authAdapter.setRoles) {
+        throw new Error(`createApp: "defaultRole" is set to "${defaultRole}" but the auth adapter does not implement setRoles. Add setRoles to your adapter or remove defaultRole.`);
+    }
+    if (emailVerification && primaryField !== "email") {
+        throw new Error(`createApp: "emailVerification" is only supported when primaryField is "email". Either set primaryField to "email" or remove emailVerification.`);
+    }
+    if (passwordReset && primaryField !== "email") {
+        throw new Error(`createApp: "passwordReset" is only supported when primaryField is "email". Either set primaryField to "email" or remove passwordReset.`);
+    }
+    if (passwordReset && !authAdapter.setPassword) {
+        throw new Error(`createApp: "passwordReset" is configured but the auth adapter does not implement setPassword. Add setPassword to your adapter or remove passwordReset.`);
+    }
     setAuthAdapter(authAdapter);
     setAppRoles(roles);
     setDefaultRole(defaultRole ?? null);
     setPrimaryField(primaryField);
     setEmailVerificationConfig(emailVerification ?? null);
     setEmailVerificationStore(sessions);
+    setPasswordResetConfig(passwordReset ?? null);
+    setPasswordResetStore(sessions);
     setAuthRateLimitStore(authRateLimit?.store ?? (enableRedis ? "redis" : "memory"));
     setMaxSessions(sessionPolicy.maxSessions ?? 6);
     setPersistSessionMetadata(sessionPolicy.persistSessionMetadata ?? true);
     setIncludeInactiveSessions(sessionPolicy.includeInactiveSessions ?? false);
     setTrackLastActive(sessionPolicy.trackLastActive ?? false);
-    if (defaultRole && !authAdapter.setRoles) {
-        throw new Error(`createApp: "defaultRole" is set to "${defaultRole}" but the auth adapter does not implement setRoles. Add setRoles to your adapter or remove defaultRole.`);
-    }
     if (oauthProviders)
         initOAuthProviders(oauthProviders);
     const configuredOAuth = getConfiguredOAuthProviders();
@@ -144,7 +157,7 @@ export const createApp = async (config) => {
     }
     if (enableAuthRoutes) {
         const { createAuthRouter } = await import(`${coreRoutesDir}/auth`);
-        app.route("/", createAuthRouter({ primaryField, emailVerification, rateLimit: authRateLimit }));
+        app.route("/", createAuthRouter({ primaryField, emailVerification, passwordReset, rateLimit: authRateLimit }));
     }
     if (configuredOAuth.length > 0) {
         app.route("/", createOAuthRouter(configuredOAuth, postOAuthRedirect));

package/dist/entrypoints/mongo.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
+export { mongoAuthAdapter } from "../adapters/mongoAuth";
+export { AuthUser } from "../models/AuthUser";

package/dist/entrypoints/mongo.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "../lib/mongo";
+export { mongoAuthAdapter } from "../adapters/mongoAuth";
+export { AuthUser } from "../models/AuthUser";

package/dist/entrypoints/queue.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { createQueue, createWorker } from "../lib/queue";
2	+ export type { Job } from "../lib/queue";

package/dist/entrypoints/queue.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { createQueue, createWorker } from "../lib/queue";

package/dist/entrypoints/redis.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { connectRedis, disconnectRedis, getRedis } from "../lib/redis";

package/dist/entrypoints/redis.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { connectRedis, disconnectRedis, getRedis } from "../lib/redis";

package/dist/index.d.ts CHANGED Viewed

@@ -1,7 +1,9 @@
 export { createApp } from "./app";
 export { createServer } from "./server";
-export type { CreateAppConfig, DbConfig, AppMeta, AuthConfig, AuthRateLimitConfig, OAuthConfig, SecurityConfig, BotProtectionConfig, PrimaryField, EmailVerificationConfig } from "./app";
+export type { CreateAppConfig, DbConfig, AppMeta, AuthConfig, AuthRateLimitConfig, OAuthConfig, SecurityConfig, BotProtectionConfig, PrimaryField, EmailVerificationConfig, PasswordResetConfig } from "./app";
 export type { CreateServerConfig, WsConfig } from "./server";
+export { appConnection, authConnection, mongoose, connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo } from "./lib/mongo";
+export { connectRedis, disconnectRedis, getRedis } from "./lib/redis";
 export { getAppRoles } from "./lib/appConfig";
 export { HttpError } from "./lib/HttpError";
 export { COOKIE_TOKEN, HEADER_USER_TOKEN } from "./lib/constants";
@@ -9,10 +11,7 @@ export { createRouter } from "./lib/context";
 export type { AppEnv, AppVariables } from "./lib/context";
 export { signToken, verifyToken } from "./lib/jwt";
 export { log } from "./lib/logger";
-export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "./lib/mongo";
-export { connectRedis, disconnectRedis, getRedis } from "./lib/redis";
-export { createQueue, createWorker } from "./lib/queue";
-export type { Job } from "./lib/queue";
+export { createResetToken, consumeResetToken, setPasswordResetStore } from "./lib/resetPassword";
 export { createSession, getSession, deleteSession, getUserSessions, getActiveSessionCount, evictOldestSession, updateSessionLastActive, setSessionStore } from "./lib/session";
 export type { SessionMetadata, SessionInfo } from "./lib/session";
 export { createVerificationToken, getVerificationToken, deleteVerificationToken } from "./lib/emailVerification";
@@ -30,8 +29,6 @@ export { requireRole } from "./middleware/requireRole";
 export { requireVerifiedEmail } from "./middleware/requireVerifiedEmail";
 export { cacheResponse, bustCache, bustCachePattern, setCacheStore } from "./middleware/cacheResponse";
 export { buildFingerprint } from "./lib/fingerprint";
-export { AuthUser } from "./models/AuthUser";
-export { mongoAuthAdapter } from "./adapters/mongoAuth";
 export { sqliteAuthAdapter, setSqliteDb, startSqliteCleanup } from "./adapters/sqliteAuth";
 export { memoryAuthAdapter, clearMemoryStore } from "./adapters/memoryAuth";
 export { setUserRoles, addUserRole, removeUserRole } from "./lib/roles";

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,9 @@
 // App factory
 export { createApp } from "./app";
 export { createServer } from "./server";
+// Database
+export { appConnection, authConnection, mongoose, connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo } from "./lib/mongo";
+export { connectRedis, disconnectRedis, getRedis } from "./lib/redis";
 // Lib utilities
 export { getAppRoles } from "./lib/appConfig";
 export { HttpError } from "./lib/HttpError";
@@ -8,9 +11,7 @@ export { COOKIE_TOKEN, HEADER_USER_TOKEN } from "./lib/constants";
 export { createRouter } from "./lib/context";
 export { signToken, verifyToken } from "./lib/jwt";
 export { log } from "./lib/logger";
-export { connectMongo, connectAuthMongo, connectAppMongo, disconnectMongo, authConnection, appConnection, mongoose } from "./lib/mongo";
-export { connectRedis, disconnectRedis, getRedis } from "./lib/redis";
-export { createQueue, createWorker } from "./lib/queue";
+export { createResetToken, consumeResetToken, setPasswordResetStore } from "./lib/resetPassword";
 export { createSession, getSession, deleteSession, getUserSessions, getActiveSessionCount, evictOldestSession, updateSessionLastActive, setSessionStore } from "./lib/session";
 export { createVerificationToken, getVerificationToken, deleteVerificationToken } from "./lib/emailVerification";
 export { bustAuthLimit, trackAttempt, isLimited } from "./lib/authRateLimit";
@@ -27,8 +28,6 @@ export { cacheResponse, bustCache, bustCachePattern, setCacheStore } from "./mid
 // Lib utilities (bot protection)
 export { buildFingerprint } from "./lib/fingerprint";
 // Models
-export { AuthUser } from "./models/AuthUser";
-export { mongoAuthAdapter } from "./adapters/mongoAuth";
 export { sqliteAuthAdapter, setSqliteDb, startSqliteCleanup } from "./adapters/sqliteAuth";
 export { memoryAuthAdapter, clearMemoryStore } from "./adapters/memoryAuth";
 export { setUserRoles, addUserRole, removeUserRole } from "./lib/roles";

package/dist/lib/appConfig.d.ts CHANGED Viewed

@@ -7,6 +7,12 @@ export interface EmailVerificationConfig {
     /** Called after registration with the identifier and verification token. Use to send the email. */
     onSend: (email: string, token: string) => Promise<void>;
 }
+export interface PasswordResetConfig {
+    /** Token time-to-live in seconds. Defaults to 3 600 (1 hour). */
+    tokenExpiry?: number;
+    /** Called with the user's email and the reset token. Use to send the reset email. */
+    onSend: (email: string, token: string) => Promise<void>;
+}
 export declare const setAppName: (name: string) => void;
 export declare const getAppName: () => string;
 export declare const setAppRoles: (roles: string[]) => void;
@@ -18,6 +24,9 @@ export declare const getPrimaryField: () => PrimaryField;
 export declare const setEmailVerificationConfig: (config: EmailVerificationConfig | null) => void;
 export declare const getEmailVerificationConfig: () => EmailVerificationConfig | null;
 export declare const getTokenExpiry: () => number;
+export declare const setPasswordResetConfig: (config: PasswordResetConfig | null) => void;
+export declare const getPasswordResetConfig: () => PasswordResetConfig | null;
+export declare const getResetTokenExpiry: () => number;
 export declare const setMaxSessions: (n: number) => void;
 export declare const getMaxSessions: () => number;
 export declare const setPersistSessionMetadata: (v: boolean) => void;

package/dist/lib/appConfig.js CHANGED Viewed

@@ -3,6 +3,7 @@ let appRoles = [];
 let defaultRole = null;
 let _primaryField = "email";
 let _emailVerificationConfig = null;
+let _passwordResetConfig = null;
 export const setAppName = (name) => { appName = name; };
 export const getAppName = () => appName;
 export const setAppRoles = (roles) => { appRoles = roles; };
@@ -15,6 +16,10 @@ export const setEmailVerificationConfig = (config) => { _emailVerificationConfig
 export const getEmailVerificationConfig = () => _emailVerificationConfig;
 const DEFAULT_TOKEN_EXPIRY = 60 * 60 * 24; // 24 hours
 export const getTokenExpiry = () => _emailVerificationConfig?.tokenExpiry ?? DEFAULT_TOKEN_EXPIRY;
+export const setPasswordResetConfig = (config) => { _passwordResetConfig = config; };
+export const getPasswordResetConfig = () => _passwordResetConfig;
+const DEFAULT_RESET_TOKEN_EXPIRY = 60 * 60; // 1 hour
+export const getResetTokenExpiry = () => _passwordResetConfig?.tokenExpiry ?? DEFAULT_RESET_TOKEN_EXPIRY;
 // ---------------------------------------------------------------------------
 // Session policy
 // ---------------------------------------------------------------------------

package/dist/lib/emailVerification.js CHANGED Viewed

@@ -1,18 +1,19 @@
 import { getRedis } from "./redis";
-import { appConnection } from "./mongo";
+import { appConnection, mongoose } from "./mongo";
 import { getAppName, getTokenExpiry } from "./appConfig";
-import { Schema } from "mongoose";
 import { sqliteCreateVerificationToken, sqliteGetVerificationToken, sqliteDeleteVerificationToken, } from "../adapters/sqliteAuth";
 import { memoryCreateVerificationToken, memoryGetVerificationToken, memoryDeleteVerificationToken, } from "../adapters/memoryAuth";
-const verificationSchema = new Schema({
-    token: { type: String, required: true, unique: true },
-    userId: { type: String, required: true },
-    email: { type: String, required: true },
-    expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
-}, { collection: "email_verifications" });
 function getVerificationModel() {
-    return appConnection.models["EmailVerification"] ??
-        appConnection.model("EmailVerification", verificationSchema);
+    if (appConnection.models["EmailVerification"])
+        return appConnection.models["EmailVerification"];
+    const { Schema } = mongoose;
+    const verificationSchema = new Schema({
+        token: { type: String, required: true, unique: true },
+        userId: { type: String, required: true },
+        email: { type: String, required: true },
+        expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
+    }, { collection: "email_verifications" });
+    return appConnection.model("EmailVerification", verificationSchema);
 }
 let _store = "redis";
 export const setEmailVerificationStore = (store) => { _store = store; };

package/dist/lib/mongo.d.ts CHANGED Viewed

@@ -1,15 +1,20 @@
-import mongoose from "mongoose";
+import type { Connection, Mongoose } from "mongoose";
+type MongooseModule = Mongoose;
 /**
  * Named connection used exclusively for auth data (AuthUser model).
  * Connected via connectAuthMongo() or connectMongo() (backward compat).
  */
-export declare const authConnection: mongoose.Connection;
+export declare const authConnection: Connection;
 /**
  * Named connection for app/tenant data.
  * Connected via connectAppMongo() or connectMongo() (backward compat).
  * Use this when registering your own models: appConnection.model("Product", schema).
  */
-export declare const appConnection: mongoose.Connection;
+export declare const appConnection: Connection;
+/**
+ * The mongoose instance. Available after connectMongo() / connectAuthMongo() is called.
+ */
+export declare const mongoose: MongooseModule;
 /**
  * Connect the auth connection to its dedicated MongoDB server.
  * Uses MONGO_AUTH_USER_*, MONGO_AUTH_PW_*, MONGO_AUTH_HOST_*, MONGO_AUTH_DB_* env vars.
@@ -31,4 +36,4 @@ export declare const connectMongo: () => Promise<void>;
  * Useful for one-off scripts that need a clean exit.
  */
 export declare const disconnectMongo: () => Promise<void>;
-export { mongoose };
+export {};