@lastshotlabs/bunshot 0.0.9 → 0.0.10

package/dist/lib/mongo.js

@@ -1,32 +1,74 @@
-import mongoose from "mongoose";
 import { log } from "./logger";
 const isProd = process.env.NODE_ENV === "production";
+function requireMongoose() {
+    try {
+        // Bun supports require() in ESM; this defers the import to call time
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const mod = require("mongoose");
+        return mod.default ?? mod;
+    }
+    catch {
+        throw new Error("mongoose is not installed. Run: bun add mongoose");
+    }
+}
 function buildUri(user, password, host, db) {
     const [hostPart, queryPart] = host.split("?");
     return `mongodb+srv://${user}:${password}@${hostPart.replace(/\/$/, "")}/${db}${queryPart ? `?${queryPart}` : ""}`;
 }
+// Internal mutable references — set inside connect functions
+let _authConn = null;
+let _appConn = null;
+let _mongoose = null;
+function makeConnectionProxy(label, getConn, setConn) {
+    return new Proxy({}, {
+        get(_, prop) {
+            let conn = getConn();
+            if (!conn) {
+                // Lazily create a disconnected connection so appConnection.model() works at module
+                // load time. Mongoose buffers queries until openUri() is called by connectMongo().
+                conn = requireMongoose().createConnection();
+                setConn(conn);
+            }
+            const val = conn[prop];
+            return typeof val === "function" ? val.bind(conn) : val;
+        },
+    });
+}
 /**
  * Named connection used exclusively for auth data (AuthUser model).
  * Connected via connectAuthMongo() or connectMongo() (backward compat).
  */
-export const authConnection = mongoose.createConnection();
+export const authConnection = makeConnectionProxy("auth", () => _authConn, (c) => { _authConn = c; });
 /**
  * Named connection for app/tenant data.
  * Connected via connectAppMongo() or connectMongo() (backward compat).
  * Use this when registering your own models: appConnection.model("Product", schema).
  */
-export const appConnection = mongoose.createConnection();
+export const appConnection = makeConnectionProxy("app", () => _appConn, (c) => { _appConn = c; });
+/**
+ * The mongoose instance. Available after connectMongo() / connectAuthMongo() is called.
+ */
+export const mongoose = new Proxy({}, {
+    get(_, prop) {
+        const mg = _mongoose ?? requireMongoose();
+        return mg[prop];
+    },
+});
 /**
  * Connect the auth connection to its dedicated MongoDB server.
  * Uses MONGO_AUTH_USER_*, MONGO_AUTH_PW_*, MONGO_AUTH_HOST_*, MONGO_AUTH_DB_* env vars.
  */
 export const connectAuthMongo = async () => {
+    const mg = requireMongoose();
+    _mongoose = mg;
+    if (!_authConn)
+        _authConn = mg.createConnection();
     const user = isProd ? process.env.MONGO_AUTH_USER_PROD : process.env.MONGO_AUTH_USER_DEV;
     const password = isProd ? process.env.MONGO_AUTH_PW_PROD : process.env.MONGO_AUTH_PW_DEV;
     const host = isProd ? process.env.MONGO_AUTH_HOST_PROD : process.env.MONGO_AUTH_HOST_DEV;
     const db = isProd ? process.env.MONGO_AUTH_DB_PROD : process.env.MONGO_AUTH_DB_DEV;
     const uri = buildUri(user, password, host, db);
-    await authConnection.openUri(uri);
+    await _authConn.openUri(uri);
     log(`[mongo] auth connected to ${host} as ${user}`);
 };
 /**
@@ -34,12 +76,16 @@ export const connectAuthMongo = async () => {
  * Uses MONGO_USER_*, MONGO_PW_*, MONGO_HOST_*, MONGO_DB_* env vars.
  */
 export const connectAppMongo = async () => {
+    const mg = requireMongoose();
+    _mongoose = mg;
+    if (!_appConn)
+        _appConn = mg.createConnection();
     const user = isProd ? process.env.MONGO_USER_PROD : process.env.MONGO_USER_DEV;
     const password = isProd ? process.env.MONGO_PW_PROD : process.env.MONGO_PW_DEV;
     const host = isProd ? process.env.MONGO_HOST_PROD : process.env.MONGO_HOST_DEV;
     const db = isProd ? process.env.MONGO_DB_PROD : process.env.MONGO_DB_DEV;
     const uri = buildUri(user, password, host, db);
-    await appConnection.openUri(uri);
+    await _appConn.openUri(uri);
     log(`[mongo] app connected to ${host} as ${user}`);
 };
 /**
@@ -48,14 +94,20 @@ export const connectAppMongo = async () => {
  * Uses MONGO_USER_*, MONGO_PW_*, MONGO_HOST_*, MONGO_DB_* env vars.
  */
 export const connectMongo = async () => {
+    const mg = requireMongoose();
+    _mongoose = mg;
+    if (!_authConn)
+        _authConn = mg.createConnection();
+    if (!_appConn)
+        _appConn = mg.createConnection();
     const user = isProd ? process.env.MONGO_USER_PROD : process.env.MONGO_USER_DEV;
     const password = isProd ? process.env.MONGO_PW_PROD : process.env.MONGO_PW_DEV;
     const host = isProd ? process.env.MONGO_HOST_PROD : process.env.MONGO_HOST_DEV;
     const db = isProd ? process.env.MONGO_DB_PROD : process.env.MONGO_DB_DEV;
     const uri = buildUri(user, password, host, db);
     await Promise.all([
-        authConnection.openUri(uri),
-        appConnection.openUri(uri),
+        _authConn.openUri(uri),
+        _appConn.openUri(uri),
     ]);
     log(`[mongo] connected to ${host} as ${user}`);
 };
@@ -65,9 +117,8 @@ export const connectMongo = async () => {
  */
 export const disconnectMongo = async () => {
     await Promise.all([
-        authConnection.readyState !== 0 ? authConnection.close() : Promise.resolve(),
-        appConnection.readyState !== 0 ? appConnection.close() : Promise.resolve(),
+        _authConn && _authConn.readyState !== 0 ? _authConn.close() : Promise.resolve(),
+        _appConn && _appConn.readyState !== 0 ? _appConn.close() : Promise.resolve(),
     ]);
     log("[mongo] disconnected");
 };
-export { mongoose };

package/dist/lib/oauth.js

@@ -1,8 +1,7 @@
 import { Google, Apple, generateState, generateCodeVerifier } from "arctic";
 import { getRedis } from "./redis";
-import { appConnection } from "./mongo";
+import { appConnection, mongoose } from "./mongo";
 import { getAppName } from "./appConfig";
-import { Schema } from "mongoose";
 import { sqliteStoreOAuthState, sqliteConsumeOAuthState } from "../adapters/sqliteAuth";
 import { memoryStoreOAuthState, memoryConsumeOAuthState } from "../adapters/memoryAuth";
 let _providers = {};
@@ -29,15 +28,17 @@ export const getApple = () => {
 export const getConfiguredOAuthProviders = () => Object.entries(_providers)
     .filter(([, v]) => v != null)
     .map(([k]) => k);
-const oauthStateSchema = new Schema({
-    state: { type: String, required: true, unique: true },
-    codeVerifier: { type: String },
-    linkUserId: { type: String },
-    expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
-}, { collection: "oauth_states" });
 function getOAuthStateModel() {
-    return appConnection.models["OAuthState"] ??
-        appConnection.model("OAuthState", oauthStateSchema);
+    if (appConnection.models["OAuthState"])
+        return appConnection.models["OAuthState"];
+    const { Schema } = mongoose;
+    const oauthStateSchema = new Schema({
+        state: { type: String, required: true, unique: true },
+        codeVerifier: { type: String },
+        linkUserId: { type: String },
+        expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
+    }, { collection: "oauth_states" });
+    return appConnection.model("OAuthState", oauthStateSchema);
 }
 let _oauthStore = "redis";
 export const setOAuthStateStore = (store) => { _oauthStore = store; };

package/dist/lib/queue.d.ts

@@ -1,5 +1,4 @@
-import { Queue, Worker } from "bullmq";
-import type { Processor, QueueOptions, WorkerOptions, Job } from "bullmq";
-export declare const createQueue: <T = unknown, R = unknown>(name: string, options?: Omit<QueueOptions, "connection">) => Queue<T, R>;
-export declare const createWorker: <T = unknown, R = unknown>(name: string, processor: Processor<T, R>, options?: Omit<WorkerOptions, "connection">) => Worker<T, R>;
+import type { Queue as QueueType, Worker as WorkerType, Processor, QueueOptions, WorkerOptions, Job } from "bullmq";
+export declare const createQueue: <T = unknown, R = unknown>(name: string, options?: Omit<QueueOptions, "connection">) => QueueType<T, R>;
+export declare const createWorker: <T = unknown, R = unknown>(name: string, processor: Processor<T, R>, options?: Omit<WorkerOptions, "connection">) => WorkerType<T, R>;
 export type { Job };

package/dist/lib/queue.js

@@ -1,4 +1,19 @@
-import { Queue, Worker } from "bullmq";
 import { getRedisConnectionOptions } from "./redis";
-export const createQueue = (name, options) => new Queue(name, { connection: getRedisConnectionOptions(), ...options });
-export const createWorker = (name, processor, options) => new Worker(name, processor, { connection: getRedisConnectionOptions(), ...options });
+function requireBullMQ() {
+    try {
+        // Bun supports require() in ESM; this defers the import to call time
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        return require("bullmq");
+    }
+    catch {
+        throw new Error("bullmq is not installed. Run: bun add bullmq");
+    }
+}
+export const createQueue = (name, options) => {
+    const { Queue } = requireBullMQ();
+    return new Queue(name, { connection: getRedisConnectionOptions(), ...options });
+};
+export const createWorker = (name, processor, options) => {
+    const { Worker } = requireBullMQ();
+    return new Worker(name, processor, { connection: getRedisConnectionOptions(), ...options });
+};

package/dist/lib/redis.d.ts

@@ -1,14 +1,9 @@
-import Redis from "ioredis";
-export declare const getRedisConnectionOptions: () => {
-    password?: string | undefined;
-    username?: string | undefined;
-    host: string;
-    port: number;
-};
+import type { default as RedisClass, RedisOptions } from "ioredis";
+export declare const getRedisConnectionOptions: () => RedisOptions;
 export declare const connectRedis: () => Promise<void>;
 /**
  * Gracefully close the Redis connection.
  * Useful for one-off scripts that need a clean exit.
  */
 export declare const disconnectRedis: () => Promise<void>;
-export declare const getRedis: () => Redis;
+export declare const getRedis: () => RedisClass;

package/dist/lib/redis.js

@@ -1,6 +1,16 @@
-import Redis from "ioredis";
 import { log } from "./logger";
 const isProd = process.env.NODE_ENV === "production";
+function requireIoredis() {
+    try {
+        // Bun supports require() in ESM; this defers the import to call time
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const mod = require("ioredis");
+        return mod.default ?? mod;
+    }
+    catch {
+        throw new Error("ioredis is not installed. Run: bun add ioredis");
+    }
+}
 export const getRedisConnectionOptions = () => {
     const host_port = isProd ? process.env.REDIS_HOST_PROD : process.env.REDIS_HOST_DEV;
     if (!host_port)
@@ -18,17 +28,18 @@ export const getRedisConnectionOptions = () => {
     };
 };
 let client = null;
-const createClient = () => {
-    const redis = new Redis(getRedisConnectionOptions());
-    redis.on("error", (err) => log(`[redis] error: ${err.message}`));
-    return redis;
-};
 export const connectRedis = () => {
     if (client)
         return Promise.resolve();
-    client = createClient();
+    const Redis = requireIoredis();
+    client = new Redis(getRedisConnectionOptions());
+    client.on("error", (err) => log(`[redis] error: ${err.message}`));
     return new Promise((resolve, reject) => {
-        client.once("ready", () => { log(`[redis] connected to ${getRedisConnectionOptions().host}:${getRedisConnectionOptions().port} as ${getRedisConnectionOptions().username || "default user"}`); resolve(); });
+        client.once("ready", () => {
+            const opts = getRedisConnectionOptions();
+            log(`[redis] connected to ${opts.host}:${opts.port} as ${opts.username || "default user"}`);
+            resolve();
+        });
         client.once("error", reject);
     });
 };

package/dist/lib/resetPassword.d.ts

@@ -0,0 +1,12 @@
+type ResetStore = "redis" | "mongo" | "sqlite" | "memory";
+export declare const setPasswordResetStore: (store: ResetStore) => void;
+/** Create a reset token. Returns the raw token (to embed in the email link).
+ *  Only the SHA-256 hash is persisted in the store. */
+export declare const createResetToken: (userId: string, email: string) => Promise<string>;
+/** Atomically consume a reset token — returns its payload and deletes it in one operation.
+ *  Returns null if the token is invalid, expired, or already used. */
+export declare const consumeResetToken: (token: string) => Promise<{
+    userId: string;
+    email: string;
+} | null>;
+export {};

package/dist/lib/resetPassword.js

@@ -0,0 +1,95 @@
+import { createHash } from "crypto";
+import { getRedis } from "./redis";
+import { appConnection } from "./mongo";
+import { getAppName, getResetTokenExpiry } from "./appConfig";
+import { Schema } from "mongoose";
+import { sqliteCreateResetToken, sqliteConsumeResetToken, } from "../adapters/sqliteAuth";
+import { memoryCreateResetToken, memoryConsumeResetToken, } from "../adapters/memoryAuth";
+// ---------------------------------------------------------------------------
+// Token hashing — store SHA-256(token); raw token is only in the email link.
+// If the store is ever leaked, outstanding tokens cannot be replayed directly.
+// ---------------------------------------------------------------------------
+const hashToken = (token) => createHash("sha256").update(token).digest("hex");
+const resetSchema = new Schema({
+    token: { type: String, required: true, unique: true },
+    userId: { type: String, required: true },
+    email: { type: String, required: true },
+    expiresAt: { type: Date, required: true, index: { expireAfterSeconds: 0 } },
+}, { collection: "password_resets" });
+function getResetModel() {
+    return appConnection.models["PasswordReset"] ??
+        appConnection.model("PasswordReset", resetSchema);
+}
+// ---------------------------------------------------------------------------
+// Redis helpers
+// ---------------------------------------------------------------------------
+/** Atomically GET+DEL a key. Uses native GETDEL (Redis >= 6.2) with a Lua fallback. */
+async function redisGetDel(key) {
+    const redis = getRedis();
+    if (typeof redis.getdel === "function") {
+        try {
+            return await redis.getdel(key);
+        }
+        catch (err) {
+            const msg = err?.message ?? "";
+            if (!/unknown command|ERR unknown command/i.test(msg))
+                throw err;
+            // Fall through to Lua on "unknown command"
+        }
+    }
+    const result = await redis.eval("local v = redis.call('GET', KEYS[1])\nif v then redis.call('DEL', KEYS[1]) end\nreturn v", 1, key);
+    return result ?? null;
+}
+let _store = "redis";
+export const setPasswordResetStore = (store) => { _store = store; };
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/** Create a reset token. Returns the raw token (to embed in the email link).
+ *  Only the SHA-256 hash is persisted in the store. */
+export const createResetToken = async (userId, email) => {
+    const token = crypto.randomUUID();
+    const hash = hashToken(token);
+    const ttl = getResetTokenExpiry();
+    if (_store === "memory") {
+        memoryCreateResetToken(hash, userId, email, ttl);
+        return token;
+    }
+    if (_store === "sqlite") {
+        sqliteCreateResetToken(hash, userId, email, ttl);
+        return token;
+    }
+    if (_store === "mongo") {
+        await getResetModel().create({
+            token: hash,
+            userId,
+            email,
+            expiresAt: new Date(Date.now() + ttl * 1000),
+        });
+        return token;
+    }
+    await getRedis().set(`reset:${getAppName()}:${hash}`, JSON.stringify({ userId, email }), "EX", ttl);
+    return token;
+};
+/** Atomically consume a reset token — returns its payload and deletes it in one operation.
+ *  Returns null if the token is invalid, expired, or already used. */
+export const consumeResetToken = async (token) => {
+    const hash = hashToken(token);
+    if (_store === "memory")
+        return memoryConsumeResetToken(hash);
+    if (_store === "sqlite")
+        return sqliteConsumeResetToken(hash);
+    if (_store === "mongo") {
+        const doc = await getResetModel()
+            .findOneAndDelete({ token: hash, expiresAt: { $gt: new Date() } })
+            .lean();
+        if (!doc)
+            return null;
+        return { userId: doc.userId, email: doc.email };
+    }
+    // Redis: atomically return and remove the key (GETDEL or Lua fallback)
+    const raw = await redisGetDel(`reset:${getAppName()}:${hash}`);
+    if (!raw)
+        return null;
+    return JSON.parse(raw);
+};

package/dist/lib/session.js

@@ -1,22 +1,22 @@
 import { getRedis } from "./redis";
-import { appConnection } from "./mongo";
+import { appConnection, mongoose } from "./mongo";
 import { getAppName, getPersistSessionMetadata, getIncludeInactiveSessions } from "./appConfig";
-import { Schema } from "mongoose";
 import { sqliteCreateSession, sqliteGetSession, sqliteDeleteSession, sqliteGetUserSessions, sqliteGetActiveSessionCount, sqliteEvictOldestSession, sqliteUpdateSessionLastActive, } from "../adapters/sqliteAuth";
 import { memoryCreateSession, memoryGetSession, memoryDeleteSession, memoryGetUserSessions, memoryGetActiveSessionCount, memoryEvictOldestSession, memoryUpdateSessionLastActive, } from "../adapters/memoryAuth";
-const sessionSchema = new Schema({
-    sessionId: { type: String, required: true, unique: true },
-    userId: { type: String, required: true, index: true },
-    token: { type: String, default: null },
-    createdAt: { type: Date, required: true },
-    lastActiveAt: { type: Date, required: true },
-    expiresAt: { type: Date, required: true },
-    ipAddress: { type: String },
-    userAgent: { type: String },
-}, { collection: "sessions", timestamps: false });
 function getSessionModel() {
     if (appConnection.models["Session"])
         return appConnection.models["Session"];
+    const { Schema } = mongoose;
+    const sessionSchema = new Schema({
+        sessionId: { type: String, required: true, unique: true },
+        userId: { type: String, required: true, index: true },
+        token: { type: String, default: null },
+        createdAt: { type: Date, required: true },
+        lastActiveAt: { type: Date, required: true },
+        expiresAt: { type: Date, required: true },
+        ipAddress: { type: String },
+        userAgent: { type: String },
+    }, { collection: "sessions", timestamps: false });
     // Add TTL index only when metadata is not persisted — docs auto-delete at expiresAt.
     // When persisting, token is nulled (soft-delete) but the row is kept indefinitely.
     if (!getPersistSessionMetadata()) {

package/dist/middleware/cacheResponse.js

@@ -1,17 +1,18 @@
 import { getRedis } from "../lib/redis";
 import { getAppName } from "../lib/appConfig";
-import { appConnection } from "../lib/mongo";
-import { Schema } from "mongoose";
+import { appConnection, mongoose } from "../lib/mongo";
 import { isSqliteReady, sqliteGetCache, sqliteSetCache, sqliteDelCache, sqliteDelCachePattern } from "../adapters/sqliteAuth";
 import { memoryGetCache, memorySetCache, memoryDelCache, memoryDelCachePattern } from "../adapters/memoryAuth";
-const cacheSchema = new Schema({
-    key: { type: String, required: true, unique: true },
-    value: { type: String, required: true },
-    expiresAt: { type: Date, index: { expireAfterSeconds: 0 } },
-}, { collection: "cache_entries" });
 function getCacheModel() {
-    return appConnection.models["CacheEntry"] ??
-        appConnection.model("CacheEntry", cacheSchema);
+    if (appConnection.models["CacheEntry"])
+        return appConnection.models["CacheEntry"];
+    const { Schema } = mongoose;
+    const cacheSchema = new Schema({
+        key: { type: String, required: true, unique: true },
+        value: { type: String, required: true },
+        expiresAt: { type: Date, index: { expireAfterSeconds: 0 } },
+    }, { collection: "cache_entries" });
+    return appConnection.model("CacheEntry", cacheSchema);
 }
 function isMongoReady() {
     return appConnection.readyState === 1;

package/dist/models/AuthUser.d.ts

@@ -1,112 +1,20 @@
-import mongoose from "mongoose";
-export declare const AuthUser: mongoose.Model<{
+import type { Document, Model } from "mongoose";
+interface IAuthUser {
+    email?: string | null;
+    password?: string | null;
+    /** Compound provider keys: ["google:123456", "apple:000111"] */
     providerIds: string[];
-    emailVerified: boolean;
+    /** App-defined roles assigned to this user: ["admin", "editor", ...] */
     roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-} & mongoose.DefaultTimestampProps, {}, {}, {
-    id: string;
-}, mongoose.Document<unknown, {}, {
-    providerIds: string[];
+    /** Whether the user's email address has been verified. */
     emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-} & mongoose.DefaultTimestampProps, {
-    id: string;
-}, {
-    timestamps: true;
-}> & Omit<{
-    providerIds: string[];
-    emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-} & mongoose.DefaultTimestampProps & {
-    _id: mongoose.Types.ObjectId;
-} & {
+}
+type AuthUserDocument = IAuthUser & Document;
+export declare const AuthUser: Model<AuthUserDocument, {}, {}, {}, Document<unknown, {}, AuthUserDocument, {}, import("mongoose").DefaultSchemaOptions> & IAuthUser & Document<import("mongoose").Types.ObjectId, any, any, Record<string, any>, {}> & Required<{
+    _id: import("mongoose").Types.ObjectId;
+}> & {
     __v: number;
-}, "id"> & {
-    id: string;
-}, mongoose.Schema<any, mongoose.Model<any, any, any, any, any, any, any>, {}, {}, {}, {}, {
-    timestamps: true;
-}, {
-    providerIds: string[];
-    emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-} & mongoose.DefaultTimestampProps, mongoose.Document<unknown, {}, {
-    providerIds: string[];
-    emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-} & mongoose.DefaultTimestampProps, {
-    id: string;
-}, mongoose.MergeType<mongoose.DefaultSchemaOptions, {
-    timestamps: true;
-}>> & Omit<{
-    providerIds: string[];
-    emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-} & mongoose.DefaultTimestampProps & {
-    _id: mongoose.Types.ObjectId;
 } & {
-    __v: number;
-}, "id"> & {
     id: string;
-}, {
-    [path: string]: mongoose.SchemaDefinitionProperty<undefined, any, any>;
-} | {
-    [x: string]: mongoose.SchemaDefinitionProperty<any, any, mongoose.Document<unknown, {}, {
-        providerIds: string[];
-        emailVerified: boolean;
-        roles: string[];
-        email?: string | null | undefined;
-        password?: string | null | undefined;
-    } & mongoose.DefaultTimestampProps, {
-        id: string;
-    }, mongoose.MergeType<mongoose.DefaultSchemaOptions, {
-        timestamps: true;
-    }>> & Omit<{
-        providerIds: string[];
-        emailVerified: boolean;
-        roles: string[];
-        email?: string | null | undefined;
-        password?: string | null | undefined;
-    } & mongoose.DefaultTimestampProps & {
-        _id: mongoose.Types.ObjectId;
-    } & {
-        __v: number;
-    }, "id"> & {
-        id: string;
-    }> | undefined;
-}, {
-    providerIds: string[];
-    emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-    createdAt: NativeDate;
-    updatedAt: NativeDate;
-} & {
-    _id: mongoose.Types.ObjectId;
-} & {
-    __v: number;
-}>, {
-    providerIds: string[];
-    emailVerified: boolean;
-    roles: string[];
-    email?: string | null | undefined;
-    password?: string | null | undefined;
-    createdAt: NativeDate;
-    updatedAt: NativeDate;
-} & {
-    _id: mongoose.Types.ObjectId;
-} & {
-    __v: number;
-}>;
+}, any, AuthUserDocument>;
+export {};

package/dist/models/AuthUser.js

@@ -1,14 +1,31 @@
-import mongoose from "mongoose";
-import { authConnection } from "../lib/mongo";
-const AuthUserSchema = new mongoose.Schema({
-    email: { type: String, unique: true, sparse: true, lowercase: true },
-    password: { type: String },
-    /** Compound provider keys: ["google:123456", "apple:000111"] */
-    providerIds: [{ type: String }],
-    /** App-defined roles assigned to this user: ["admin", "editor", ...] */
-    roles: [{ type: String }],
-    /** Whether the user's email address has been verified. */
-    emailVerified: { type: Boolean, default: false },
-}, { timestamps: true });
-AuthUserSchema.index({ providerIds: 1 });
-export const AuthUser = authConnection.model("AuthUser", AuthUserSchema);
+import { authConnection, mongoose } from "../lib/mongo";
+// Lazily register the model — authConnection and mongoose are proxies that
+// resolve once connectAuthMongo() / connectMongo() has been called.
+let _AuthUser = null;
+function getAuthUser() {
+    if (!_AuthUser) {
+        const { Schema } = mongoose;
+        const schema = new Schema({
+            email: { type: String, unique: true, sparse: true, lowercase: true },
+            password: { type: String },
+            /** Compound provider keys: ["google:123456", "apple:000111"] */
+            providerIds: [{ type: String }],
+            /** App-defined roles assigned to this user: ["admin", "editor", ...] */
+            roles: [{ type: String }],
+            /** Whether the user's email address has been verified. */
+            emailVerified: { type: Boolean, default: false },
+        }, { timestamps: true });
+        schema.index({ providerIds: 1 });
+        _AuthUser = authConnection.model("AuthUser", schema);
+    }
+    return _AuthUser;
+}
+// Export a Proxy so callers can use AuthUser.findOne() etc. at any time after
+// connectAuthMongo() / connectMongo() has been called.
+export const AuthUser = new Proxy({}, {
+    get(_, prop) {
+        const model = getAuthUser();
+        const val = model[prop];
+        return typeof val === "function" ? val.bind(model) : val;
+    },
+});

package/dist/routes/auth.d.ts

@@ -1,8 +1,9 @@
-import type { PrimaryField, EmailVerificationConfig } from "../lib/appConfig";
+import type { PrimaryField, EmailVerificationConfig, PasswordResetConfig } from "../lib/appConfig";
 import type { AuthRateLimitConfig } from "../app";
 export interface AuthRouterOptions {
     primaryField: PrimaryField;
     emailVerification?: EmailVerificationConfig;
+    passwordReset?: PasswordResetConfig;
     rateLimit?: AuthRateLimitConfig;
 }
-export declare const createAuthRouter: ({ primaryField, emailVerification, rateLimit }: AuthRouterOptions) => import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;
+export declare const createAuthRouter: ({ primaryField, emailVerification, passwordReset, rateLimit }: AuthRouterOptions) => import("@hono/zod-openapi").OpenAPIHono<import("../lib/context").AppEnv, {}, "/">;