@mateosuarezdev/brpc 1.0.71 → 1.0.73
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/index.d.ts +3 -3
- package/dist/auth/index.js +2 -2
- package/dist/auth/service.d.ts +1 -1
- package/dist/auth/types.d.ts +5 -3
- package/package.json +3 -3
package/dist/auth/index.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
1
|
+
export * from "./service";
|
|
2
|
+
export * from "./cookies";
|
|
3
|
+
export * from "./types";
|
package/dist/auth/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
// @bun
|
|
2
|
-
export{r as setAuthCookies,d as parseCookies,n as createAuth,p as clearAuthCookies,s as COOKIE_NAMES,t as AuthService};
|
|
2
|
+
import*as v from"jsonwebtoken";import{RecordId as L,DateTime as I,Table as q,eq as y,or as u,surql as W}from"surrealdb";import*as X from"bcryptjs";import c from"node-cron";import a from"crypto";class Q extends Error{code;clientCode;httpStatus;data;cause;static STATUS_MAP={BAD_REQUEST:400,UNAUTHORIZED:401,FORBIDDEN:403,NOT_FOUND:404,METHOD_NOT_SUPPORTED:405,TIMEOUT:408,CONFLICT:409,PRECONDITION_FAILED:412,PAYLOAD_TOO_LARGE:413,UNPROCESSABLE_CONTENT:422,TOO_MANY_REQUESTS:429,CLIENT_CLOSED_REQUEST:499,INTERNAL_SERVER_ERROR:500,NOT_IMPLEMENTED:501,BAD_GATEWAY:502,SERVICE_UNAVAILABLE:503,GATEWAY_TIMEOUT:504};constructor($){super($.message);if(this.name="BRPCError",this.code=$.code,this.clientCode=$.clientCode,this.httpStatus=Q.STATUS_MAP[$.code],this.data=$.data,this.cause=$.cause,Error.captureStackTrace)Error.captureStackTrace(this,Q)}toJSON(){return{name:this.name,code:this.code,clientCode:this.clientCode,message:this.message,data:this.data,httpStatus:this.httpStatus}}static badRequest($,K,j){return new Q({code:"BAD_REQUEST",message:$,clientCode:K,data:j})}static unauthorized($="Unauthorized",K,j){return new Q({code:"UNAUTHORIZED",message:$,clientCode:K,data:j})}static forbidden($="Forbidden",K,j){return new Q({code:"FORBIDDEN",message:$,clientCode:K,data:j})}static notFound($="Not Found",K,j){return new Q({code:"NOT_FOUND",message:$,clientCode:K,data:j})}static preconditionFailed($="Precondition failed",K,j){return new Q({code:"NOT_FOUND",message:$,clientCode:K,data:j})}static conflict($,K,j){return new Q({code:"CONFLICT",message:$,clientCode:K,data:j})}static unprocessableContent($,K,j){return new Q({code:"UNPROCESSABLE_CONTENT",message:$,clientCode:K,data:j})}static tooManyRequests($="Too many requests",K,j){return new Q({code:"TOO_MANY_REQUESTS",message:$,clientCode:K,data:j})}static internalServerError($="Internal Server Error",K,j){return new Q({code:"INTERNAL_SERVER_ERROR",message:$,clientCode:K,data:j})}static timeout($="Request timeout",K,j){return new Q({code:"TIMEOUT",message:$,clientCode:K,data:j})}}var O={ACCESS_TOKEN:"access_token",REFRESH_TOKEN:"refresh_token",SESSION_ID:"session_id"},P={httpOnly:!0,sameSite:"Lax",path:"/",maxAge:1209600};function w($){return Object.entries($).map(([K,j])=>{if(j===void 0||j===null)return"";switch(K){case"maxAge":return`Max-Age=${j}`;case"httpOnly":return j?"HttpOnly":"";case"secure":return j?"Secure":"";case"sameSite":return`SameSite=${j}`;case"domain":return`Domain=${j}`;case"path":return`Path=${j}`;default:return`${K}=${j}`}}).filter(Boolean).join("; ")}function o($,K,j){let F={...P,secure:j};[`${O.ACCESS_TOKEN}=${K.accessToken}; ${w(F)}`,`${O.REFRESH_TOKEN}=${K.refreshToken}; ${w(F)}`,`${O.SESSION_ID}=${K.sessionId}; ${w({...F,maxAge:86400})}`].forEach((G)=>$.append("Set-Cookie",G))}function r($,K){let j={...P,secure:K,maxAge:0};[O.ACCESS_TOKEN,O.REFRESH_TOKEN,O.SESSION_ID].forEach((F)=>$.append("Set-Cookie",`${F}=; ${w(j)}`))}function T($){if(!$)return{};return $.split(";").reduce((K,j)=>{let F=j.trim().split("="),G=F[0],J=F.slice(1).join("=");if(G&&J)K[G]=J;return K},{})}var n=10,i=3,g=15,t=3,s=["cf-connecting-ip","x-real-ip","x-client-ip","x-forwarded","forwarded-for","x-forwarded-host"],b=new q("users"),U=new q("user_identities"),D=new q("sessions"),C=new q("otp_codes");function Y($){return`${$.table}:${$.id}`}function N($=new Date){return new I($)}class E{db;defaultSignupRoles;constructor($,K){this.db=$;this.defaultSignupRoles=K}async findByEmail($){let[K]=await this.db.select(b).where(y("email",$)).limit(1);return K}async findByPhone($){let[K]=await this.db.select(b).where(y("phone",$)).limit(1);return K}async findByContact($){if(!$.email&&!$.phone)return;let K=[];if($.email)K.push(y("email",$.email));if($.phone)K.push(y("phone",$.phone));let[j]=await this.db.select(b).where(u(...K)).limit(1);return j}async findById($){let[K,j]=$.split(":");return await this.db.select(new L(K,j))??void 0}async create({email:$,phone:K,options:j,ctx:F=this.db}){let[G]=await F.create(b).content({email:$??null,phone:K??null,app_metadata:{...j?.appMetadata,roles:this.defaultSignupRoles},last_sign_in_at:null});if(!G)throw Q.internalServerError("Failed to create user","USER_CREATE_FAILED");return G}async updateAppMetadata($,K){let j=await this.findById($);if(!j)throw Q.notFound("User not found","USER_NOT_FOUND");await this.db.update(j.id).merge({app_metadata:K})}async updateUserMetadata($,K){let j=await this.findById($);if(!j)throw Q.notFound("User not found","USER_NOT_FOUND");await this.db.update(j.id).merge({user_metadata:K})}async updateLastSignIn($,K=this.db){let[j,F]=$.split(":");await K.update(new L(j,F)).merge({last_sign_in_at:N()})}}class S{db;constructor($){this.db=$}async findByProvider($,K){let[j]=await this.db.query(W`SELECT * FROM type::table(${U}) WHERE provider = ${$} AND provider_id = ${K} LIMIT 1`);return j?.[0]}async findByUserId($){let[K,j]=$.split(":"),F=new L(K,j),[G]=await this.db.query(W`SELECT * FROM type::table(${U}) WHERE user_id = ${F}`);return G??[]}async findPasswordIdentity($){let[K,j]=$.split(":"),F=new L(K,j),[G]=await this.db.query(W`SELECT * FROM type::table(${U}) WHERE user_id = ${F} AND identity_data.password_hash != NONE LIMIT 1`);return G?.[0]}async create({userId:$,provider:K,providerId:j,identityData:F={},ctx:G=this.db}){let[J]=await G.create(U).content({user_id:$,provider:K,provider_id:j,identity_data:F});if(!J)throw Q.internalServerError("Failed to create identity","IDENTITY_CREATE_FAILED");return J}async updateData($,K){await this.db.update($).merge({identity_data:K})}}class m{db;debug;constructor($,K){this.db=$;this.debug=K}async create({userId:$,req:K,ctx:j=this.db}){let F=this.getClientIP(K),G=K.headers.get("user-agent"),[J,V]=$.split(":"),A=new L(J,V),[Z]=await j.create(D).content({user_id:A,ip_address:F,user_agent:G,invalidated_at:null});if(!Z)throw Q.internalServerError("Failed to create session","SESSION_CREATE_FAILED");return k(Z)}async get($){let[K,j]=$.split(":"),F=await this.db.select(new L(K,j));if(!F||F.invalidated_at)return;return k(F)}async getUserSessions($){let[K,j]=$.split(":"),F=new L(K,j),[G]=await this.db.query(W`SELECT * FROM type::table(${D}) WHERE user_id = ${F} AND invalidated_at = null`);return(G??[]).map((J)=>({id:Y(J.id),ipAddress:J.ip_address,userAgent:J.user_agent,invalidatedAt:J.invalidated_at}))}async invalidate($){let[K,j]=$.split(":");await this.db.update(new L(K,j)).merge({invalidated_at:N()})}async invalidateAllForUser($){let[K,j]=$.split(":"),F=new L(K,j);await this.db.query(W`UPDATE type::table(${D}) SET invalidated_at = time::now() WHERE user_id = ${F} AND invalidated_at = null`)}async invalidateAllExceptCurrent($,K){let[j,F]=$.split(":"),[G,J]=K.split(":"),V=new L(j,F),A=new L(G,J);await this.db.query(W`UPDATE type::table(${D}) SET invalidated_at = time::now() WHERE user_id = ${V} AND id != ${A} AND invalidated_at = null`)}async cleanup(){let[$]=await this.db.query(W`DELETE type::table(${D}) WHERE invalidated_at != NONE AND invalidated_at != null RETURN BEFORE`);return $?.length??0}getClientIP($){let K=$.headers.get("x-forwarded-for");if(K)return K.split(",")[0].trim();for(let j of s){let F=$.headers.get(j);if(F)return F.trim()}return this.debug?"127.0.0.1":null}}class h{db;otpProvider;constructor($,K){this.db=$;this.otpProvider=K}async checkRateLimit($){let K=new Date;K.setMinutes(K.getMinutes()-g);let j=[];if($.email)j.push(W`email = ${$.email}`);if($.phone)j.push(W`phone = ${$.phone}`);let F=j.length===1?j[0]:W`(${j[0]} OR ${j[1]})`,[G]=await this.db.query(W`SELECT * FROM type::table(${C}) WHERE (${F}) AND created_at >= ${N(K)}`);if((G?.length??0)>=t)throw Q.tooManyRequests(`Too many OTP requests. Please wait ${g} minutes.`,"OTP_RATE_LIMIT")}async generate({user:$,type:K,signupOptions:j}){await this.checkRateLimit({email:$.email,phone:$.phone});let F=a.randomInt(1e5,999999).toString(),G=await X.hash(F,10),J=new Date;J.setMinutes(J.getMinutes()+n);let V=$.id?(()=>{let[Z,_]=$.id.split(":");return new L(Z,_)})():null,[A]=await this.db.create(C).content({user_id:V,email:$.email??null,phone:$.phone??null,code:F,hashed_code:G,type:K,signup_options:j??null,expires_at:N(J),attempts:0,verified_at:null});if(!A)throw Q.internalServerError("Failed to create OTP record","OTP_CREATE_FAILED");try{await this.sendOTP({email:$.email,phone:$.phone,code:F})}catch{throw await this.db.delete(A.id),Q.internalServerError("Failed to send OTP","OTP_SEND_FAILED")}return{otpId:Y(A.id),expiresAt:J.toISOString(),message:`OTP sent to ${$.email?"email":"phone"}`}}async verify($,K){let[j,F]=$.split(":"),G=await this.db.select(new L(j,F));if(!G)throw Q.notFound("Invalid OTP","INVALID_OTP");if(new Date>new Date(G.expires_at))throw Q.badRequest("OTP has expired","OTP_EXPIRED");if(G.verified_at)throw Q.badRequest("OTP already used","OTP_ALREADY_USED");if(G.attempts>=i)throw Q.badRequest("Too many failed attempts","OTP_MAX_ATTEMPTS");if(!await X.compare(K,G.hashed_code))throw await this.db.update(G.id).merge({attempts:G.attempts+1}),Q.badRequest("Invalid OTP code","INVALID_OTP_CODE");return await this.db.update(G.id).merge({verified_at:N()}),G}async cleanup(){let $=N(),[K]=await this.db.query(W`DELETE type::table(${C}) WHERE expires_at < ${$} OR verified_at != NONE RETURN BEFORE`);return K?.length??0}async sendOTP({email:$,phone:K,code:j}){if($&&this.otpProvider?.sendEmailOTP)await this.otpProvider.sendEmailOTP({email:$,code:j});if(K&&this.otpProvider?.sendSMSOTP)await this.otpProvider.sendSMSOTP({phone:K,code:j})}}class R{jwtSecret;jwtRefreshSecret;accessTokenExpiry;constructor($,K,j){this.jwtSecret=$;this.jwtRefreshSecret=K;this.accessTokenExpiry=j}generateAccessToken($){return v.sign($,this.jwtSecret,{expiresIn:this.accessTokenExpiry})}generateRefreshToken($,K){return v.sign({sub:$,sessionId:K},this.jwtRefreshSecret)}verifyAccessToken($){return v.verify($,this.jwtSecret)}verifyRefreshToken($){return v.verify($,this.jwtRefreshSecret)}}function f($){return{id:Y($.id),email:$.email,phone:$.phone,appMetadata:$.app_metadata,userMetadata:$.user_metadata}}function k($){return{id:Y($.id),userId:Y($.user_id),ipAddress:$.ip_address,userAgent:$.user_agent,invalidatedAt:$.invalidated_at}}class p{userManager;identityManager;sessionManager;otpManager;tokenManager;cache;config;constructor($){this.config=$,this.userManager=new E($.db,$.defaultSignupRoles),this.identityManager=new S($.db),this.sessionManager=new m($.db,$.debug??!1),this.otpManager=new h($.db,$.otpProvider),this.tokenManager=new R($.secrets.jwt,$.secrets.jwtRefresh,$.accessTokenExpiry??"24h"),this.cache=$.cache?new $.cache({ttl:900000,maxSize:500,cleanupInterval:300000}):null}async initialize(){if(!this.config.disableCleanupCron)this.initializeCleanup()}async signUp($,K){this.validateSignUpMethod($);let{provider:j,providerId:F}=this.extractIdentityKey($);if(await this.identityManager.findByProvider(j,F))throw Q.conflict("User already exists","USER_ALREADY_EXISTS");let J=this.extractContact($);if($.passwordless||!$.password)return this.startPasswordlessSignUp(J,$.options);return this.completePasswordSignUp(j,F,J,$.password,K,$.options)}async signIn($,K){this.validateSignInMethod($);let{provider:j,providerId:F}=this.extractIdentityKey($),G=await this.identityManager.findByProvider(j,F);if(!G)throw Q.notFound(`No account found with this ${$.type}`,"USER_NOT_FOUND");if($.passwordless||!$.password)return this.startPasswordlessSignIn(G);return this.completePasswordSignIn(G,$.password,K)}async verifyOTP($,K,j){let F=await this.otpManager.verify($,K);if(F.type==="signup")return this.completePasswordlessSignUp(F,j);if(F.type==="signin")return this.completePasswordlessSignIn(F,j);throw Q.badRequest("Invalid OTP type","INVALID_OTP_TYPE")}async signOut($){await this.sessionManager.invalidate($)}async signOutAll($){await this.sessionManager.invalidateAllForUser($)}async signOutAllExcept($,K){await this.sessionManager.invalidateAllExceptCurrent($,K)}async getUserSessions($){return this.sessionManager.getUserSessions($)}async refreshTokens($){let K=this.tokenManager.verifyRefreshToken($),j=await this.sessionManager.get(K.sessionId);if(!j)throw Q.notFound("Session not found","SESSION_NOT_FOUND");if(j.userId!==K.sub)throw Q.conflict("Session mismatch","SESSION_USER_MISMATCH");let F=await this.userManager.findById(K.sub);if(!F)throw Q.notFound("User not found","USER_NOT_FOUND");let G=this.tokenManager.generateAccessToken({sub:Y(F.id),sessionId:j.id,appMetadata:F.app_metadata,userMetadata:F.user_metadata}),J=this.tokenManager.generateRefreshToken(Y(F.id),j.id);return{accessToken:G,refreshToken:J,sessionId:j.id,user:f(F)}}async verifyToken($){try{if(!$||!$.startsWith("Bearer "))return null;let K=$.split(" ")[1],j=this.tokenManager.verifyAccessToken(K),F=await this.sessionManager.get(j.sessionId);if(!F||F.userId!==j.sub)return null;let G=await this.userManager.findById(j.sub);if(!G)return null;return{sub:j.sub,sessionId:j.sessionId,appMetadata:G.app_metadata,userMetadata:G.user_metadata,exp:j.exp}}catch{return null}}async fastVerifyToken($){try{if(!$||!$.startsWith("Bearer "))return null;let K=$.split(" ")[1];return this.tokenManager.verifyAccessToken(K)}catch{return null}}async verifyTokenFromCookie($){if(!$)return null;let j=T($)[O.ACCESS_TOKEN];if(!j)return null;return this.verifyToken(`Bearer ${j}`)}async refreshTokenFromCookie($){if(!$)return null;let j=T($)[O.REFRESH_TOKEN];if(!j)return null;try{return await this.refreshTokens(j)}catch{return null}}async getUserById($){return this.userManager.findById($)}async getUserByContact($){return this.userManager.findByContact($)}async getUserIdentities($){return this.identityManager.findByUserId($)}async updateUserPassword($,K){let j=await this.identityManager.findPasswordIdentity($);if(!j)throw Q.notFound("No password identity found","NO_PASSWORD_SET");let F=await X.hash(K,10);await this.identityManager.updateData(j.id,{password_hash:F})}async updateAppMetadata($,K){return this.userManager.updateAppMetadata($,K)}async updateUserMetadata($,K){return this.userManager.updateUserMetadata($,K)}async changePassword($,K,j){let F=await this.identityManager.findPasswordIdentity($);if(!F)throw Q.badRequest("User has no password set","NO_PASSWORD_SET");if(!await X.compare(K,F.identity_data.password_hash))throw Q.badRequest("Current password is incorrect","INVALID_PASSWORD");let J=await X.hash(j,10);await this.identityManager.updateData(F.id,{password_hash:J})}async requestPasswordReset($){let K=$.email?"email":"phone",j=$.email??$.phone,F=await this.identityManager.findByProvider(K,j);if(!F)throw Q.notFound("User not found","USER_NOT_FOUND");let G=Y(F.user_id);return this.otpManager.generate({user:{id:G,email:$.email,phone:$.phone},type:"password_reset"})}async resetPassword($,K,j){let F=await this.otpManager.verify($,K);if(F.type!=="password_reset")throw Q.badRequest("Invalid OTP type for password reset","INVALID_OTP_TYPE");if(!F.user_id)throw Q.internalServerError("Invalid OTP record","INVALID_OTP_RECORD");let G=F.email?"email":"phone",J=F.email??F.phone,V=await this.identityManager.findByProvider(G,J);if(!V)throw Q.internalServerError("Identity not found","IDENTITY_NOT_FOUND");let A=await X.hash(j,10);await this.identityManager.updateData(V.id,{password_hash:A});let Z=Y(F.user_id);return await this.sessionManager.invalidateAllForUser(Z),{success:!0}}async adminCreateUser({email:$,phone:K,password:j,options:F}){let G=j?await X.hash(j,10):null,J=await this.config.db.beginTransaction();try{let[V]=await J.create(b).content({email:$??null,phone:K??null,app_metadata:{...F?.appMetadata,roles:this.config.defaultSignupRoles},last_sign_in_at:null});if(!V)throw Error("Failed to create user");if($||K){let A=$?"email":"phone",Z=$??K;await J.create(U).content({user_id:V.id,provider:A,provider_id:Z,identity_data:G?{password_hash:G}:{}})}return await J.commit(),f(V)}catch(V){throw await J.cancel(),V}}cacheSession($,K){this.cache?.set($,K)}getCachedSession($){return this.cache?.get($)??null}invalidateCachedSession($){return this.cache?.delete($)??!1}getCacheStats(){return this.cache?.stats()??null}clearCache(){this.cache?.clear()}isTokenNearExpiry($){return $-Math.floor(Date.now()/1000)<300}async testCreateUserWithSession({email:$,phone:K,password:j,options:F,req:G}){let J=j?await X.hash(j,10):null,V=this.sessionManager.getClientIP(G),A=await this.config.db.beginTransaction();try{let[Z]=await A.create(b).content({email:$??null,phone:K??null,app_metadata:{...F?.appMetadata,roles:this.config.defaultSignupRoles},last_sign_in_at:N()});if(!Z)throw Error("Failed to create user");if($||K){let B=$?"email":"phone",l=$??K;await A.create(U).content({user_id:Z.id,provider:B,provider_id:l,identity_data:J?{password_hash:J}:{}})}let[_]=await A.create(D).content({user_id:Z.id,ip_address:V,user_agent:G.headers.get("user-agent"),invalidated_at:null});if(!_)throw Error("Failed to create session");let H=Y(Z.id),z=Y(_.id),x=this.tokenManager.generateAccessToken({sub:H,sessionId:z,appMetadata:Z.app_metadata,userMetadata:Z.user_metadata}),M=this.tokenManager.generateRefreshToken(H,z);return await A.commit(),{user:f(Z),session:k(_),accessToken:x,refreshToken:M}}catch(Z){throw await A.cancel(),Z}}async startPasswordlessSignUp($,K){return this.otpManager.generate({user:{id:void 0,email:$.email,phone:$.phone},type:"signup",signupOptions:K})}async startPasswordlessSignIn($){let K=Y($.user_id),j=$.provider==="email"?$.provider_id:void 0,F=$.provider==="phone"?$.provider_id:void 0;return this.otpManager.generate({user:{id:K,email:j,phone:F},type:"signin"})}async completePasswordSignUp($,K,j,F,G,J){let V=await X.hash(F,10),A=await this.config.db.beginTransaction();try{let[Z]=await A.create(b).content({email:j.email??null,phone:j.phone??null,app_metadata:{...J?.appMetadata,roles:this.config.defaultSignupRoles},last_sign_in_at:N()});if(!Z)throw Error("Failed to create user");let[_]=await A.create(U).content({user_id:Z.id,provider:$,provider_id:K,identity_data:{password_hash:V}});if(!_)throw Error("Failed to create identity");let H=this.sessionManager.getClientIP(G),[z]=await A.create(D).content({user_id:Z.id,ip_address:H,user_agent:G.headers.get("user-agent"),invalidated_at:null});if(!z)throw Error("Failed to create session");let x=Y(Z.id),M=Y(z.id),B=this.tokenManager.generateAccessToken({sub:x,sessionId:M,appMetadata:Z.app_metadata,userMetadata:Z.user_metadata}),l=this.tokenManager.generateRefreshToken(x,M);return await A.commit(),{user:f(Z),session:k(z),accessToken:B,refreshToken:l}}catch(Z){throw await A.cancel(),Z}}async completePasswordSignIn($,K,j){let{password_hash:F}=$.identity_data;if(!F)throw Q.conflict("This account has no password. Use OTP to sign in.","NO_PASSWORD_SET");if(!await X.compare(K,F))throw Q.conflict("Invalid credentials","INVALID_CREDENTIALS");let J=Y($.user_id),V=await this.userManager.findById(J);if(!V)throw Q.notFound("User not found","USER_NOT_FOUND");return this.createAuthSession(V,j)}async completePasswordlessSignUp($,K){let j=$.email?"email":"phone",F=$.email??$.phone,G=$.signup_options,J=await this.config.db.beginTransaction();try{let[V]=await J.create(b).content({email:$.email??null,phone:$.phone??null,app_metadata:{...G?.appMetadata,roles:this.config.defaultSignupRoles},last_sign_in_at:N()});if(!V)throw Error("Failed to create user");let[A]=await J.create(U).content({user_id:V.id,provider:j,provider_id:F,identity_data:{}});if(!A)throw Error("Failed to create identity");let Z=this.sessionManager.getClientIP(K),[_]=await J.create(D).content({user_id:V.id,ip_address:Z,user_agent:K.headers.get("user-agent"),invalidated_at:null});if(!_)throw Error("Failed to create session");let H=Y(V.id),z=Y(_.id),x=this.tokenManager.generateAccessToken({sub:H,sessionId:z,appMetadata:V.app_metadata,userMetadata:V.user_metadata}),M=this.tokenManager.generateRefreshToken(H,z);return await J.commit(),{user:f(V),session:k(_),accessToken:x,refreshToken:M}}catch(V){throw await J.cancel(),V}}async completePasswordlessSignIn($,K){if(!$.user_id)throw Q.internalServerError("Invalid OTP record","INVALID_OTP_RECORD");let j=Y($.user_id),F=await this.userManager.findById(j);if(!F)throw Q.notFound("User not found","USER_NOT_FOUND");return this.createAuthSession(F,K)}async createAuthSession($,K){let j=await this.config.db.beginTransaction();try{let F=this.sessionManager.getClientIP(K),[G]=await j.create(D).content({user_id:$.id,ip_address:F,user_agent:K.headers.get("user-agent"),invalidated_at:null});if(!G)throw Error("Failed to create session");await j.update($.id).merge({last_sign_in_at:N()});let J=Y($.id),V=Y(G.id),A=this.tokenManager.generateAccessToken({sub:J,sessionId:V,appMetadata:$.app_metadata,userMetadata:$.user_metadata}),Z=this.tokenManager.generateRefreshToken(J,V);return await j.commit(),{user:f($),session:k(G),accessToken:A,refreshToken:Z}}catch(F){throw await j.cancel(),F}}validateSignUpMethod($){if($.type==="email")this.validateEmail($.email);else $.phone=this.normalizePhoneNumber($.phone)}validateSignInMethod($){if($.type==="email")this.validateEmail($.email);else $.phone=this.normalizePhoneNumber($.phone)}validateEmail($){if(!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test($))throw Q.badRequest("Invalid email format","INVALID_EMAIL")}normalizePhoneNumber($){let K=$.replace(/\D/g,"");if(K.length===10)return`+1${K}`;if(K.length===11&&K.startsWith("1"))return`+${K}`;if(!K.startsWith("+"))return`+${K}`;return K}extractContact($){return $.type==="email"?{email:$.email}:{phone:$.phone}}extractIdentityKey($){return $.type==="email"?{provider:"email",providerId:$.email}:{provider:"phone",providerId:$.phone}}initializeCleanup(){Promise.all([this.sessionManager.cleanup(),this.otpManager.cleanup()]).catch(()=>{}),c.schedule("0 2 * * *",async()=>{await Promise.all([this.sessionManager.cleanup(),this.otpManager.cleanup()]).catch(()=>{})})}}function Q$($){return new p($)}export{o as setAuthCookies,T as parseCookies,Q$ as createAuth,r as clearAuthCookies,O as COOKIE_NAMES,p as AuthService};
|
|
3
3
|
|
|
4
|
-
//# debugId=
|
|
4
|
+
//# debugId=16FC8A4D37BA05A064756E2164756E21
|
package/dist/auth/service.d.ts
CHANGED
|
@@ -61,7 +61,7 @@ export declare class AuthService<TAppMetadata extends AppMetadata = AppMetadata,
|
|
|
61
61
|
expiresIn: number | null;
|
|
62
62
|
age: number;
|
|
63
63
|
}[];
|
|
64
|
-
};
|
|
64
|
+
} | null;
|
|
65
65
|
clearCache(): void;
|
|
66
66
|
isTokenNearExpiry(exp: number): boolean;
|
|
67
67
|
testCreateUserWithSession({ email, phone, password, options, req, }: {
|
package/dist/auth/types.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { RecordId, Surreal } from "surrealdb";
|
|
2
|
+
import type { CacheService } from "../cache";
|
|
2
3
|
export type AppMetadata = {
|
|
3
4
|
roles: string[];
|
|
4
5
|
[key: string]: unknown;
|
|
@@ -125,15 +126,15 @@ export type PhoneSignIn = {
|
|
|
125
126
|
export type SignUpMethod<TAppMetadata extends AppMetadata = AppMetadata, TUserMetadata extends UserMetadata = UserMetadata> = EmailSignUp<TAppMetadata, TUserMetadata> | PhoneSignUp<TAppMetadata, TUserMetadata>;
|
|
126
127
|
export type SignInMethod = EmailSignIn | PhoneSignIn;
|
|
127
128
|
export interface OTPProvider {
|
|
128
|
-
sendEmailOTP(params: {
|
|
129
|
+
sendEmailOTP?(params: {
|
|
129
130
|
email: string;
|
|
130
131
|
code: string;
|
|
131
132
|
}): Promise<any>;
|
|
132
|
-
sendSMSOTP(params: {
|
|
133
|
+
sendSMSOTP?(params: {
|
|
133
134
|
phone: string;
|
|
134
135
|
code: string;
|
|
135
136
|
}): Promise<any>;
|
|
136
|
-
sendWhatsAppOTP(params: {
|
|
137
|
+
sendWhatsAppOTP?(params: {
|
|
137
138
|
phone: string;
|
|
138
139
|
code: string;
|
|
139
140
|
}): Promise<any>;
|
|
@@ -145,6 +146,7 @@ export type AuthConfig<TAppMetadata extends AppMetadata = AppMetadata> = {
|
|
|
145
146
|
jwtRefresh: string;
|
|
146
147
|
};
|
|
147
148
|
defaultSignupRoles: TAppMetadata["roles"];
|
|
149
|
+
cache?: typeof CacheService;
|
|
148
150
|
otpProvider?: OTPProvider;
|
|
149
151
|
accessTokenExpiry?: string;
|
|
150
152
|
isProd?: boolean;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@mateosuarezdev/brpc",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.73",
|
|
4
4
|
"description": "A Type-Safe, Flexible Web application framework for Bun",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -45,9 +45,9 @@
|
|
|
45
45
|
],
|
|
46
46
|
"sideEffects": false,
|
|
47
47
|
"scripts": {
|
|
48
|
-
"build": "yarn clean && bun run build.ts && tsc --emitDeclarationOnly",
|
|
49
48
|
"typecheck": "tsc --noEmit",
|
|
50
49
|
"clean": "rimraf dist",
|
|
50
|
+
"build": "yarn clean && bun run build.ts && tsc --emitDeclarationOnly",
|
|
51
51
|
"prepublish": "yarn typecheck && yarn build",
|
|
52
52
|
"rel": "npm publish --access public",
|
|
53
53
|
"rel:patch": "yarn run prepublish && yarn version patch && npm publish --access public",
|
|
@@ -125,7 +125,7 @@
|
|
|
125
125
|
"node-cron": "^3.0.0",
|
|
126
126
|
"rimraf": "^6.0.1",
|
|
127
127
|
"sharp": "^0.34.4",
|
|
128
|
-
"surrealdb": "^2.0.
|
|
128
|
+
"surrealdb": "^2.0.3",
|
|
129
129
|
"typescript": "^5.9.3",
|
|
130
130
|
"zod": "^3.23.8"
|
|
131
131
|
},
|