@moriajs/auth 0.1.1

package/.turbo/turbo-build.log

@@ -0,0 +1,4 @@
+
+> @moriajs/auth@0.1.1 build C:\Codes\node\2026\github\moriajs\packages\auth
+> tsc
+

package/.turbo/turbo-typecheck.log

@@ -0,0 +1,4 @@
+
+> @moriajs/auth@0.0.1 typecheck C:\Codes\node\2026\github\moriajs\packages\auth
+> tsc --noEmit
+

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Guntur D
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/index.d.ts

@@ -0,0 +1,84 @@
+/**
+ * @moriajs/auth
+ *
+ * Pluggable authentication system for MoriaJS.
+ * Default: JWT + httpOnly cookies.
+ * Architecture: Provider-based for future OAuth, sessions, etc.
+ */
+import type { FastifyRequest, FastifyReply } from 'fastify';
+/**
+ * User payload stored in JWT token.
+ * Extend this via TypeScript module augmentation in your app.
+ */
+export interface AuthUser {
+    id: string | number;
+    email?: string;
+    role?: string;
+    [key: string]: unknown;
+}
+/**
+ * Configuration for the auth plugin.
+ */
+export interface AuthConfig {
+    /** JWT secret key (required) */
+    secret: string;
+    /** Token expiration (default: '7d') */
+    expiresIn?: string;
+    /** Cookie name for JWT storage (default: 'moria_token') */
+    cookieName?: string;
+    /** Use secure cookies (default: true in production) */
+    secureCookies?: boolean;
+    /** Cookie path (default: '/') */
+    cookiePath?: string;
+    /** SameSite cookie attribute (default: 'lax') */
+    sameSite?: 'strict' | 'lax' | 'none';
+}
+/**
+ * Auth provider interface for pluggable authentication strategies.
+ */
+export interface AuthProvider {
+    /** Provider name (e.g., 'jwt', 'session', 'oauth-google') */
+    name: string;
+    /** Verify a request and return the authenticated user, or null */
+    verify: (request: FastifyRequest) => Promise<AuthUser | null>;
+    /** Create a token/session for a user */
+    sign: (user: AuthUser, reply: FastifyReply) => Promise<string>;
+    /** Invalidate a token/session */
+    revoke?: (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
+}
+/**
+ * Create the JWT auth plugin for MoriaJS.
+ *
+ * @example
+ * ```ts
+ * import { createApp } from '@moriajs/core';
+ * import { createAuthPlugin } from '@moriajs/auth';
+ *
+ * const app = await createApp();
+ * await app.use(createAuthPlugin({
+ *   secret: process.env.JWT_SECRET!,
+ *   expiresIn: '24h',
+ * }));
+ * ```
+ */
+export declare function createAuthPlugin(config: AuthConfig): {
+    name: string;
+    register({ server }: {
+        server: any;
+    }): Promise<void>;
+};
+/**
+ * Route-level authentication guard.
+ * Use as a Fastify preHandler hook.
+ *
+ * @example
+ * ```ts
+ * server.get('/protected', { preHandler: [requireAuth()] }, async (req) => {
+ *   return { user: req.user };
+ * });
+ * ```
+ */
+export declare function requireAuth(options?: {
+    role?: string;
+}): (request: FastifyRequest, reply: FastifyReply) => Promise<undefined>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAmB,cAAc,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE7E;;;GAGG;AACH,MAAM,WAAW,QAAQ;IACrB,EAAE,EAAE,MAAM,GAAG,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACvB,gCAAgC;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,uCAAuC;IACvC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,iCAAiC;IACjC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iDAAiD;IACjD,QAAQ,CAAC,EAAE,QAAQ,GAAG,KAAK,GAAG,MAAM,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IACzB,6DAA6D;IAC7D,IAAI,EAAE,MAAM,CAAC;IACb,kEAAkE;IAClE,MAAM,EAAE,CAAC,OAAO,EAAE,cAAc,KAAK,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IAC9D,wCAAwC;IACxC,IAAI,EAAE,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/D,iCAAiC;IACjC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5E;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,UAAU;;yBAIhB;QAAE,MAAM,EAAE,GAAG,CAAA;KAAE;EAoCjD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,OAAO,CAAC,EAAE;IAAE,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,IACrC,SAAS,cAAc,EAAE,OAAO,YAAY,wBAe7D"}

package/dist/index.js

@@ -0,0 +1,78 @@
+/**
+ * @moriajs/auth
+ *
+ * Pluggable authentication system for MoriaJS.
+ * Default: JWT + httpOnly cookies.
+ * Architecture: Provider-based for future OAuth, sessions, etc.
+ */
+/**
+ * Create the JWT auth plugin for MoriaJS.
+ *
+ * @example
+ * ```ts
+ * import { createApp } from '@moriajs/core';
+ * import { createAuthPlugin } from '@moriajs/auth';
+ *
+ * const app = await createApp();
+ * await app.use(createAuthPlugin({
+ *   secret: process.env.JWT_SECRET!,
+ *   expiresIn: '24h',
+ * }));
+ * ```
+ */
+export function createAuthPlugin(config) {
+    return {
+        name: '@moriajs/auth',
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        async register({ server }) {
+            const jwt = await import('@fastify/jwt');
+            await server.register(jwt.default, {
+                secret: config.secret,
+                cookie: {
+                    cookieName: config.cookieName ?? 'moria_token',
+                    signed: false,
+                },
+            });
+            // Auth utility: sign JWT and set cookie
+            server.decorate('signIn', async (user, reply) => {
+                const token = server.jwt.sign({ ...user }, { expiresIn: config.expiresIn ?? '7d' });
+                reply.header('Set-Cookie', `${config.cookieName ?? 'moria_token'}=${token}; HttpOnly; Path=${config.cookiePath ?? '/'}; SameSite=${config.sameSite ?? 'Lax'}${(config.secureCookies ?? process.env.NODE_ENV === 'production') ? '; Secure' : ''}`);
+                return token;
+            });
+            // Auth utility: sign out (clear cookie)
+            server.decorate('signOut', async (_request, reply) => {
+                reply.header('Set-Cookie', `${config.cookieName ?? 'moria_token'}=; HttpOnly; Path=${config.cookiePath ?? '/'}; Max-Age=0`);
+            });
+            server.log.info('@moriajs/auth: JWT auth plugin registered');
+        },
+    };
+}
+/**
+ * Route-level authentication guard.
+ * Use as a Fastify preHandler hook.
+ *
+ * @example
+ * ```ts
+ * server.get('/protected', { preHandler: [requireAuth()] }, async (req) => {
+ *   return { user: req.user };
+ * });
+ * ```
+ */
+export function requireAuth(options) {
+    return async (request, reply) => {
+        try {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            await request.jwtVerify();
+            if (options?.role) {
+                const user = request.user;
+                if (user.role !== options.role) {
+                    return reply.status(403).send({ error: 'Forbidden' });
+                }
+            }
+        }
+        catch {
+            return reply.status(401).send({ error: 'Unauthorized' });
+        }
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AA+CH;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAkB;IAC/C,OAAO;QACH,IAAI,EAAE,eAAe;QACrB,8DAA8D;QAC9D,KAAK,CAAC,QAAQ,CAAC,EAAE,MAAM,EAAmB;YACtC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;YAEzC,MAAO,MAA0B,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE;gBACpD,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,MAAM,EAAE;oBACJ,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,aAAa;oBAC9C,MAAM,EAAE,KAAK;iBAChB;aACJ,CAAC,CAAC;YAEH,wCAAwC;YACxC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAc,EAAE,KAAmB,EAAE,EAAE;gBACpE,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CACzB,EAAE,GAAG,IAAI,EAAE,EACX,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,IAAI,EAAE,CAC1C,CAAC;gBAEF,KAAK,CAAC,MAAM,CAAC,YAAY,EACrB,GAAG,MAAM,CAAC,UAAU,IAAI,aAAa,IAAI,KAAK,oBAAoB,MAAM,CAAC,UAAU,IAAI,GAAG,cAAc,MAAM,CAAC,QAAQ,IAAI,KAAK,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAClN,EAAE,CACL,CAAC;gBAEF,OAAO,KAAK,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,wCAAwC;YACxC,MAAM,CAAC,QAAQ,CAAC,SAAS,EAAE,KAAK,EAAE,QAAwB,EAAE,KAAmB,EAAE,EAAE;gBAC/E,KAAK,CAAC,MAAM,CAAC,YAAY,EACrB,GAAG,MAAM,CAAC,UAAU,IAAI,aAAa,qBAAqB,MAAM,CAAC,UAAU,IAAI,GAAG,aAAa,CAClG,CAAC;YACN,CAAC,CAAC,CAAC;YAEF,MAA0B,CAAC,GAAG,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;QACtF,CAAC;KACJ,CAAC;AACN,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAAC,OAA2B;IACnD,OAAO,KAAK,EAAE,OAAuB,EAAE,KAAmB,EAAE,EAAE;QAC1D,IAAI,CAAC;YACD,8DAA8D;YAC9D,MAAO,OAAe,CAAC,SAAS,EAAE,CAAC;YAEnC,IAAI,OAAO,EAAE,IAAI,EAAE,CAAC;gBAChB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAgB,CAAC;gBACtC,IAAI,IAAI,CAAC,IAAI,KAAK,OAAO,CAAC,IAAI,EAAE,CAAC;oBAC7B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC1D,CAAC;YACL,CAAC;QACL,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAC7D,CAAC;IACL,CAAC,CAAC;AACN,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@moriajs/auth",
+  "version": "0.1.1",
+  "type": "module",
+  "description": "MoriaJS auth — JWT + httpOnly cookies, pluggable auth system",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "dependencies": {
+    "@fastify/jwt": "^10.0.0",
+    "@fastify/cookie": "^11.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.0",
+    "rimraf": "^6.0.0",
+    "@types/node": "^22.0.0",
+    "fastify": "^5.2.0"
+  },
+  "peerDependencies": {
+    "@moriajs/core": "0.1.1"
+  },
+  "license": "MIT",
+  "author": "Guntur-D <guntur.d.npm@gmail.com>",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/guntur-d/moriajs.git",
+    "directory": "packages/auth"
+  },
+  "homepage": "https://github.com/guntur-d/moriajs/tree/main/packages/auth#readme",
+  "bugs": {
+    "url": "https://github.com/guntur-d/moriajs/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "typecheck": "tsc --noEmit",
+    "clean": "rimraf dist .turbo"
+  }
+}

package/src/index.ts

@@ -0,0 +1,138 @@
+/**
+ * @moriajs/auth
+ *
+ * Pluggable authentication system for MoriaJS.
+ * Default: JWT + httpOnly cookies.
+ * Architecture: Provider-based for future OAuth, sessions, etc.
+ */
+
+import type { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
+
+/**
+ * User payload stored in JWT token.
+ * Extend this via TypeScript module augmentation in your app.
+ */
+export interface AuthUser {
+    id: string | number;
+    email?: string;
+    role?: string;
+    [key: string]: unknown;
+}
+
+/**
+ * Configuration for the auth plugin.
+ */
+export interface AuthConfig {
+    /** JWT secret key (required) */
+    secret: string;
+    /** Token expiration (default: '7d') */
+    expiresIn?: string;
+    /** Cookie name for JWT storage (default: 'moria_token') */
+    cookieName?: string;
+    /** Use secure cookies (default: true in production) */
+    secureCookies?: boolean;
+    /** Cookie path (default: '/') */
+    cookiePath?: string;
+    /** SameSite cookie attribute (default: 'lax') */
+    sameSite?: 'strict' | 'lax' | 'none';
+}
+
+/**
+ * Auth provider interface for pluggable authentication strategies.
+ */
+export interface AuthProvider {
+    /** Provider name (e.g., 'jwt', 'session', 'oauth-google') */
+    name: string;
+    /** Verify a request and return the authenticated user, or null */
+    verify: (request: FastifyRequest) => Promise<AuthUser | null>;
+    /** Create a token/session for a user */
+    sign: (user: AuthUser, reply: FastifyReply) => Promise<string>;
+    /** Invalidate a token/session */
+    revoke?: (request: FastifyRequest, reply: FastifyReply) => Promise<void>;
+}
+
+/**
+ * Create the JWT auth plugin for MoriaJS.
+ *
+ * @example
+ * ```ts
+ * import { createApp } from '@moriajs/core';
+ * import { createAuthPlugin } from '@moriajs/auth';
+ *
+ * const app = await createApp();
+ * await app.use(createAuthPlugin({
+ *   secret: process.env.JWT_SECRET!,
+ *   expiresIn: '24h',
+ * }));
+ * ```
+ */
+export function createAuthPlugin(config: AuthConfig) {
+    return {
+        name: '@moriajs/auth',
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        async register({ server }: { server: any }) {
+            const jwt = await import('@fastify/jwt');
+
+            await (server as FastifyInstance).register(jwt.default, {
+                secret: config.secret,
+                cookie: {
+                    cookieName: config.cookieName ?? 'moria_token',
+                    signed: false,
+                },
+            });
+
+            // Auth utility: sign JWT and set cookie
+            server.decorate('signIn', async (user: AuthUser, reply: FastifyReply) => {
+                const token = server.jwt.sign(
+                    { ...user },
+                    { expiresIn: config.expiresIn ?? '7d' }
+                );
+
+                reply.header('Set-Cookie',
+                    `${config.cookieName ?? 'moria_token'}=${token}; HttpOnly; Path=${config.cookiePath ?? '/'}; SameSite=${config.sameSite ?? 'Lax'}${(config.secureCookies ?? process.env.NODE_ENV === 'production') ? '; Secure' : ''
+                    }`
+                );
+
+                return token;
+            });
+
+            // Auth utility: sign out (clear cookie)
+            server.decorate('signOut', async (_request: FastifyRequest, reply: FastifyReply) => {
+                reply.header('Set-Cookie',
+                    `${config.cookieName ?? 'moria_token'}=; HttpOnly; Path=${config.cookiePath ?? '/'}; Max-Age=0`
+                );
+            });
+
+            (server as FastifyInstance).log.info('@moriajs/auth: JWT auth plugin registered');
+        },
+    };
+}
+
+/**
+ * Route-level authentication guard.
+ * Use as a Fastify preHandler hook.
+ *
+ * @example
+ * ```ts
+ * server.get('/protected', { preHandler: [requireAuth()] }, async (req) => {
+ *   return { user: req.user };
+ * });
+ * ```
+ */
+export function requireAuth(options?: { role?: string }) {
+    return async (request: FastifyRequest, reply: FastifyReply) => {
+        try {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            await (request as any).jwtVerify();
+
+            if (options?.role) {
+                const user = request.user as AuthUser;
+                if (user.role !== options.role) {
+                    return reply.status(403).send({ error: 'Forbidden' });
+                }
+            }
+        } catch {
+            return reply.status(401).send({ error: 'Unauthorized' });
+        }
+    };
+}

package/tsconfig.json

@@ -0,0 +1,10 @@
+{
+    "extends": "../../tsconfig.base.json",
+    "compilerOptions": {
+        "outDir": "dist",
+        "rootDir": "src"
+    },
+    "include": [
+        "src"
+    ]
+}