@meridianjs/auth 1.31.0 → 2.1.0

package/dist/index.d.mts

@@ -94,6 +94,12 @@ declare class AuthModuleService extends AuthModuleService_base {
     resetPassword(token: string, newPassword: string): Promise<void>;
     /** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
     verifyToken(token: string, secret: string): JwtPayload;
+    /**
+     * Issue a fresh JWT for a user by reading their current state from the DB.
+     * Uses `retrieveUserFresh` to bypass the identity map cache.
+     * Useful after updating a user's role or app_role_id outside the auth flow.
+     */
+    issueToken(userId: string): Promise<AuthResult>;
     /** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
     private resolvePermissions;
     private signToken;

package/dist/index.d.ts

@@ -94,6 +94,12 @@ declare class AuthModuleService extends AuthModuleService_base {
     resetPassword(token: string, newPassword: string): Promise<void>;
     /** Verify a JWT and return its decoded payload. Throws if invalid or expired. */
     verifyToken(token: string, secret: string): JwtPayload;
+    /**
+     * Issue a fresh JWT for a user by reading their current state from the DB.
+     * Uses `retrieveUserFresh` to bypass the identity map cache.
+     * Useful after updating a user's role or app_role_id outside the auth flow.
+     */
+    issueToken(userId: string): Promise<AuthResult>;
     /** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
     private resolvePermissions;
     private signToken;

package/dist/index.js

@@ -49,7 +49,6 @@ var import_crypto = require("crypto");
 var BCRYPT_ROUNDS = 12;
 var JWT_EXPIRES_IN = "7d";
 var JWT_EXPIRES_MS = 7 * 24 * 60 * 60 * 1e3;
-var RESET_TOKEN_EXPIRES_MS = 30 * 60 * 1e3;
 var AuthModuleService = class extends (0, import_framework_utils.MeridianService)({}) {
   container;
   constructor(container) {
@@ -299,6 +298,32 @@ var AuthModuleService = class extends (0, import_framework_utils.MeridianService
   verifyToken(token, secret) {
     return import_jsonwebtoken.default.verify(token, secret, { algorithms: ["HS256"] });
   }
+  /**
+   * Issue a fresh JWT for a user by reading their current state from the DB.
+   * Uses `retrieveUserFresh` to bypass the identity map cache.
+   * Useful after updating a user's role or app_role_id outside the auth flow.
+   */
+  async issueToken(userId) {
+    const userService = this.container.resolve("userModuleService");
+    const config = this.container.resolve("config");
+    const user = await userService.retrieveUserFresh(userId);
+    if (!user) {
+      throw Object.assign(new Error("User not found"), { status: 404 });
+    }
+    const permissions = await this.resolvePermissions(user.app_role_id);
+    const { token, jti, expiresAt } = this.signToken(user.id, null, [user.role ?? "member"], permissions, config.projectConfig.jwtSecret);
+    await userService.createSession(jti, user.id, expiresAt).catch(() => {
+    });
+    return {
+      user: {
+        id: user.id,
+        email: user.email,
+        first_name: user.first_name ?? null,
+        last_name: user.last_name ?? null
+      },
+      token
+    };
+  }
   /** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
   async resolvePermissions(appRoleId) {
     if (!appRoleId) return [];

package/dist/index.mjs

@@ -9,7 +9,6 @@ import { randomBytes, randomUUID } from "crypto";
 var BCRYPT_ROUNDS = 12;
 var JWT_EXPIRES_IN = "7d";
 var JWT_EXPIRES_MS = 7 * 24 * 60 * 60 * 1e3;
-var RESET_TOKEN_EXPIRES_MS = 30 * 60 * 1e3;
 var AuthModuleService = class extends MeridianService({}) {
   container;
   constructor(container) {
@@ -259,6 +258,32 @@ var AuthModuleService = class extends MeridianService({}) {
   verifyToken(token, secret) {
     return jwt.verify(token, secret, { algorithms: ["HS256"] });
   }
+  /**
+   * Issue a fresh JWT for a user by reading their current state from the DB.
+   * Uses `retrieveUserFresh` to bypass the identity map cache.
+   * Useful after updating a user's role or app_role_id outside the auth flow.
+   */
+  async issueToken(userId) {
+    const userService = this.container.resolve("userModuleService");
+    const config = this.container.resolve("config");
+    const user = await userService.retrieveUserFresh(userId);
+    if (!user) {
+      throw Object.assign(new Error("User not found"), { status: 404 });
+    }
+    const permissions = await this.resolvePermissions(user.app_role_id);
+    const { token, jti, expiresAt } = this.signToken(user.id, null, [user.role ?? "member"], permissions, config.projectConfig.jwtSecret);
+    await userService.createSession(jti, user.id, expiresAt).catch(() => {
+    });
+    return {
+      user: {
+        id: user.id,
+        email: user.email,
+        first_name: user.first_name ?? null,
+        last_name: user.last_name ?? null
+      },
+      token
+    };
+  }
   /** Resolve permissions for a given app_role_id — gracefully degrades if module not loaded. */
   async resolvePermissions(appRoleId) {
     if (!appRoleId) return [];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@meridianjs/auth",
-  "version": "1.31.0",
+  "version": "2.1.0",
   "description": "Meridian auth module — JWT authentication and middleware",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -26,8 +26,8 @@
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "@meridianjs/types": "^1.31.0",
-    "@meridianjs/framework-utils": "^1.31.0",
+    "@meridianjs/types": "^2.1.0",
+    "@meridianjs/framework-utils": "^2.1.0",
     "jsonwebtoken": "^9.0.2",
     "bcrypt": "^5.1.1"
   },