@morojs/moro 1.0.3 → 1.2.0

package/dist/core/middleware/built-in/auth-helpers.js

@@ -0,0 +1,338 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sessionHelpers = exports.authResponses = exports.authUtils = void 0;
+exports.requireAuth = requireAuth;
+exports.requireRole = requireRole;
+exports.requirePermission = requirePermission;
+exports.requireAdmin = requireAdmin;
+exports.guestOnly = guestOnly;
+exports.optionalAuth = optionalAuth;
+exports.withAuth = withAuth;
+exports.protectedRoute = protectedRoute;
+/**
+ * Auth Guard Middleware - Protects routes with authentication and authorization
+ */
+function requireAuth(options = {}) {
+    return async (req, res, next) => {
+        const auth = req.auth;
+        if (!auth) {
+            throw new Error('Auth middleware must be installed before using requireAuth');
+        }
+        // Check if already authenticated and should redirect
+        if (auth.isAuthenticated && options.redirectOnAuth) {
+            return res.redirect(options.redirectOnAuth);
+        }
+        // Check authentication requirement
+        if (!options.allowUnauthenticated && !auth.isAuthenticated) {
+            if (options.onUnauthorized) {
+                return options.onUnauthorized(req, res);
+            }
+            if (options.redirectTo) {
+                return res.redirect(`${options.redirectTo}?callbackUrl=${encodeURIComponent(req.url)}`);
+            }
+            return res.status(401).json({
+                error: 'Authentication required',
+                message: 'You must be logged in to access this resource',
+                signInUrl: '/api/auth/signin',
+            });
+        }
+        // Skip further checks if not authenticated but allowed
+        if (!auth.isAuthenticated && options.allowUnauthenticated) {
+            return next();
+        }
+        const user = auth.user;
+        // Check roles if specified
+        if (options.roles && options.roles.length > 0) {
+            const userRoles = user?.roles || [];
+            const hasRole = options.roles.some(role => userRoles.includes(role));
+            if (!hasRole) {
+                if (options.onForbidden) {
+                    return options.onForbidden(req, res);
+                }
+                return res.status(403).json({
+                    error: 'Insufficient permissions',
+                    message: `Required roles: ${options.roles.join(', ')}`,
+                    userRoles,
+                });
+            }
+        }
+        // Check permissions if specified
+        if (options.permissions && options.permissions.length > 0) {
+            const userPermissions = user?.permissions || [];
+            const hasPermission = options.permissions.every(permission => userPermissions.includes(permission));
+            if (!hasPermission) {
+                if (options.onForbidden) {
+                    return options.onForbidden(req, res);
+                }
+                return res.status(403).json({
+                    error: 'Insufficient permissions',
+                    message: `Required permissions: ${options.permissions.join(', ')}`,
+                    userPermissions,
+                });
+            }
+        }
+        // Custom authorization function
+        if (options.authorize) {
+            try {
+                const authorized = await options.authorize(user);
+                if (!authorized) {
+                    if (options.onForbidden) {
+                        return options.onForbidden(req, res);
+                    }
+                    return res.status(403).json({
+                        error: 'Access denied',
+                        message: 'Custom authorization check failed',
+                    });
+                }
+            }
+            catch (error) {
+                return res.status(500).json({
+                    error: 'Authorization error',
+                    message: 'Failed to verify authorization',
+                });
+            }
+        }
+        // All checks passed
+        next();
+    };
+}
+/**
+ * Role-based access control middleware
+ */
+function requireRole(role, options = {}) {
+    const roles = Array.isArray(role) ? role : [role];
+    return requireAuth({ ...options, roles });
+}
+/**
+ * Permission-based access control middleware
+ */
+function requirePermission(permission, options = {}) {
+    const permissions = Array.isArray(permission) ? permission : [permission];
+    return requireAuth({ ...options, permissions });
+}
+/**
+ * Admin-only access middleware
+ */
+function requireAdmin(options = {}) {
+    return requireRole('admin', options);
+}
+/**
+ * Guest-only middleware (redirect if authenticated)
+ */
+function guestOnly(redirectTo = '/dashboard') {
+    return requireAuth({
+        allowUnauthenticated: true,
+        redirectOnAuth: redirectTo,
+    });
+}
+/**
+ * Optional auth middleware (allows both authenticated and unauthenticated)
+ */
+function optionalAuth() {
+    return requireAuth({
+        allowUnauthenticated: true,
+    });
+}
+/**
+ * Route-level auth decorator
+ */
+function withAuth(options = {}) {
+    return function (target, propertyKey, descriptor) {
+        const originalMethod = descriptor.value;
+        descriptor.value = async function (req, res, next) {
+            if (options.requireAuth !== false) {
+                const authMiddleware = requireAuth({
+                    roles: options.roles,
+                    redirectTo: options.redirectTo,
+                });
+                await new Promise((resolve, reject) => {
+                    authMiddleware(req, res, (error) => {
+                        if (error)
+                            reject(error);
+                        else
+                            resolve();
+                    });
+                });
+            }
+            return originalMethod.call(this, req, res, next);
+        };
+        return descriptor;
+    };
+}
+/**
+ * Auth utilities for manual checks in route handlers
+ */
+exports.authUtils = {
+    /**
+     * Check if user is authenticated
+     */
+    isAuthenticated(req) {
+        return req.auth?.isAuthenticated || false;
+    },
+    /**
+     * Get current user
+     */
+    getUser(req) {
+        return req.auth?.user || null;
+    },
+    /**
+     * Check if user has role
+     */
+    hasRole(req, role) {
+        const user = this.getUser(req);
+        if (!user?.roles)
+            return false;
+        const roles = Array.isArray(role) ? role : [role];
+        return roles.some(r => user.roles.includes(r));
+    },
+    /**
+     * Check if user has permission
+     */
+    hasPermission(req, permission) {
+        const user = this.getUser(req);
+        if (!user?.permissions)
+            return false;
+        const permissions = Array.isArray(permission) ? permission : [permission];
+        return permissions.every(p => user.permissions.includes(p));
+    },
+    /**
+     * Check if user is admin
+     */
+    isAdmin(req) {
+        return this.hasRole(req, 'admin');
+    },
+    /**
+     * Get user ID
+     */
+    getUserId(req) {
+        return this.getUser(req)?.id || null;
+    },
+    /**
+     * Force authentication check and redirect if needed
+     */
+    ensureAuth(req, res, redirectTo = '/api/auth/signin') {
+        if (!this.isAuthenticated(req)) {
+            res.redirect(`${redirectTo}?callbackUrl=${encodeURIComponent(req.url)}`);
+            return false;
+        }
+        return true;
+    },
+    /**
+     * Create auth response for API endpoints
+     */
+    createAuthResponse(req) {
+        const auth = req.auth;
+        return {
+            isAuthenticated: auth?.isAuthenticated || false,
+            user: auth?.user || null,
+            session: auth?.session || null,
+            timestamp: new Date().toISOString(),
+        };
+    },
+};
+/**
+ * API Response helpers for auth endpoints
+ */
+exports.authResponses = {
+    unauthorized: (res, message = 'Authentication required') => {
+        return res.status(401).json({
+            error: 'Unauthorized',
+            message,
+            code: 'AUTH_REQUIRED',
+            signInUrl: '/api/auth/signin',
+        });
+    },
+    forbidden: (res, message = 'Insufficient permissions') => {
+        return res.status(403).json({
+            error: 'Forbidden',
+            message,
+            code: 'INSUFFICIENT_PERMISSIONS',
+        });
+    },
+    authSuccess: (res, user, message = 'Authentication successful') => {
+        return res.json({
+            success: true,
+            message,
+            user: {
+                id: user.id,
+                name: user.name,
+                email: user.email,
+                roles: user.roles || [],
+                permissions: user.permissions || [],
+            },
+        });
+    },
+    authError: (res, error, message = 'Authentication failed') => {
+        return res.status(400).json({
+            error,
+            message,
+            code: 'AUTH_ERROR',
+        });
+    },
+};
+/**
+ * Higher-order function to create protected route handlers
+ */
+function protectedRoute(handler, options = {}) {
+    return async (req, res, next) => {
+        const authMiddleware = requireAuth(options);
+        return new Promise((resolve, reject) => {
+            authMiddleware(req, res, (error) => {
+                if (error) {
+                    reject(error);
+                }
+                else {
+                    Promise.resolve(handler(req, res, next))
+                        .then(() => resolve())
+                        .catch(reject);
+                }
+            });
+        });
+    };
+}
+/**
+ * Session management helpers
+ */
+exports.sessionHelpers = {
+    /**
+     * Store data in session
+     */
+    async setSessionData(req, key, value) {
+        if (req.session) {
+            req.session[key] = value;
+            await req.session.save();
+        }
+    },
+    /**
+     * Get data from session
+     */
+    getSessionData(req, key) {
+        return req.session?.[key] || null;
+    },
+    /**
+     * Remove data from session
+     */
+    async removeSessionData(req, key) {
+        if (req.session && key in req.session.data) {
+            delete req.session.data[key];
+            await req.session.save();
+        }
+    },
+    /**
+     * Clear entire session
+     */
+    async clearSession(req) {
+        if (req.session) {
+            await req.session.destroy();
+        }
+    },
+    /**
+     * Regenerate session ID
+     */
+    async regenerateSession(req) {
+        if (req.session) {
+            return await req.session.regenerate();
+        }
+    },
+};
+//# sourceMappingURL=auth-helpers.js.map

package/dist/core/middleware/built-in/auth-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-helpers.js","sourceRoot":"","sources":["../../../../src/core/middleware/built-in/auth-helpers.ts"],"names":[],"mappings":";;;AAwBA,kCAqGC;AAKD,kCAMC;AAKD,8CAMC;AAKD,oCAEC;AAKD,8BAKC;AAKD,oCAIC;AAKD,4BAwBC;AAiID,wCAmBC;AAzUD;;GAEG;AACH,SAAgB,WAAW,CAAC,UAA4B,EAAE;IACxD,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;QAC7C,MAAM,IAAI,GAAgB,GAAG,CAAC,IAAI,CAAC;QAEnC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,qDAAqD;QACrD,IAAI,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;YACnD,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;QAC9C,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,OAAO,CAAC,oBAAoB,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3D,IAAI,OAAO,CAAC,cAAc,EAAE,CAAC;gBAC3B,OAAO,OAAO,CAAC,cAAc,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC1C,CAAC;YAED,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,OAAO,GAAG,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,UAAU,gBAAgB,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAC1F,CAAC;YAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC1B,KAAK,EAAE,yBAAyB;gBAChC,OAAO,EAAE,+CAA+C;gBACxD,SAAS,EAAE,kBAAkB;aAC9B,CAAC,CAAC;QACL,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,IAAI,CAAC,eAAe,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;YAC1D,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;QAEvB,2BAA2B;QAC3B,IAAI,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,MAAM,SAAS,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;YACpC,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;YAErE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;oBACxB,OAAO,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvC,CAAC;gBAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,KAAK,EAAE,0BAA0B;oBACjC,OAAO,EAAE,mBAAmB,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBACtD,SAAS;iBACV,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,iCAAiC;QACjC,IAAI,OAAO,CAAC,WAAW,IAAI,OAAO,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC1D,MAAM,eAAe,GAAG,IAAI,EAAE,WAAW,IAAI,EAAE,CAAC;YAChD,MAAM,aAAa,GAAG,OAAO,CAAC,WAAW,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAC3D,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,CACrC,CAAC;YAEF,IAAI,CAAC,aAAa,EAAE,CAAC;gBACnB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;oBACxB,OAAO,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;gBACvC,CAAC;gBAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,KAAK,EAAE,0BAA0B;oBACjC,OAAO,EAAE,yBAAyB,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAClE,eAAe;iBAChB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,gCAAgC;QAChC,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;gBAEjD,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;wBACxB,OAAO,OAAO,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;oBACvC,CAAC;oBAED,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;wBAC1B,KAAK,EAAE,eAAe;wBACtB,OAAO,EAAE,mCAAmC;qBAC7C,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBAC1B,KAAK,EAAE,qBAAqB;oBAC5B,OAAO,EAAE,gCAAgC;iBAC1C,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CACzB,IAAuB,EACvB,UAA2C,EAAE;IAE7C,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAClD,OAAO,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAC/B,UAA6B,EAC7B,UAAiD,EAAE;IAEnD,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IAC1E,OAAO,WAAW,CAAC,EAAE,GAAG,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,UAA2C,EAAE;IACxE,OAAO,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACvC,CAAC;AAED;;GAEG;AACH,SAAgB,SAAS,CAAC,UAAU,GAAG,YAAY;IACjD,OAAO,WAAW,CAAC;QACjB,oBAAoB,EAAE,IAAI;QAC1B,cAAc,EAAE,UAAU;KAC3B,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY;IAC1B,OAAO,WAAW,CAAC;QACjB,oBAAoB,EAAE,IAAI;KAC3B,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAgB,QAAQ,CAAC,UAA4B,EAAE;IACrD,OAAO,UAAU,MAAW,EAAE,WAAmB,EAAE,UAA8B;QAC/E,MAAM,cAAc,GAAG,UAAU,CAAC,KAAK,CAAC;QAExC,UAAU,CAAC,KAAK,GAAG,KAAK,WAAW,GAAQ,EAAE,GAAQ,EAAE,IAAS;YAC9D,IAAI,OAAO,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;gBAClC,MAAM,cAAc,GAAG,WAAW,CAAC;oBACjC,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,UAAU,EAAE,OAAO,CAAC,UAAU;iBAC/B,CAAC,CAAC;gBAEH,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;oBAC1C,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,KAAU,EAAE,EAAE;wBACtC,IAAI,KAAK;4BAAE,MAAM,CAAC,KAAK,CAAC,CAAC;;4BACpB,OAAO,EAAE,CAAC;oBACjB,CAAC,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;YACL,CAAC;YAED,OAAO,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC,CAAC;QAEF,OAAO,UAAU,CAAC;IACpB,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACU,QAAA,SAAS,GAAG;IACvB;;OAEG;IACH,eAAe,CAAC,GAAQ;QACtB,OAAO,GAAG,CAAC,IAAI,EAAE,eAAe,IAAI,KAAK,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,GAAQ;QACd,OAAO,GAAG,CAAC,IAAI,EAAE,IAAI,IAAI,IAAI,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,GAAQ,EAAE,IAAuB;QACvC,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,EAAE,KAAK;YAAE,OAAO,KAAK,CAAC;QAE/B,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAClD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,GAAQ,EAAE,UAA6B;QACnD,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,CAAC,IAAI,EAAE,WAAW;YAAE,OAAO,KAAK,CAAC;QAErC,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QAC1E,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,GAAQ;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,SAAS,CAAC,GAAQ;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,IAAI,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,GAAQ,EAAE,GAAQ,EAAE,UAAU,GAAG,kBAAkB;QAC5D,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/B,GAAG,CAAC,QAAQ,CAAC,GAAG,UAAU,gBAAgB,kBAAkB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACzE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,kBAAkB,CAAC,GAAQ;QACzB,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QAEtB,OAAO;YACL,eAAe,EAAE,IAAI,EAAE,eAAe,IAAI,KAAK;YAC/C,IAAI,EAAE,IAAI,EAAE,IAAI,IAAI,IAAI;YACxB,OAAO,EAAE,IAAI,EAAE,OAAO,IAAI,IAAI;YAC9B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;IACJ,CAAC;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,aAAa,GAAG;IAC3B,YAAY,EAAE,CAAC,GAAQ,EAAE,OAAO,GAAG,yBAAyB,EAAE,EAAE;QAC9D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,KAAK,EAAE,cAAc;YACrB,OAAO;YACP,IAAI,EAAE,eAAe;YACrB,SAAS,EAAE,kBAAkB;SAC9B,CAAC,CAAC;IACL,CAAC;IAED,SAAS,EAAE,CAAC,GAAQ,EAAE,OAAO,GAAG,0BAA0B,EAAE,EAAE;QAC5D,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,KAAK,EAAE,WAAW;YAClB,OAAO;YACP,IAAI,EAAE,0BAA0B;SACjC,CAAC,CAAC;IACL,CAAC;IAED,WAAW,EAAE,CAAC,GAAQ,EAAE,IAAS,EAAE,OAAO,GAAG,2BAA2B,EAAE,EAAE;QAC1E,OAAO,GAAG,CAAC,IAAI,CAAC;YACd,OAAO,EAAE,IAAI;YACb,OAAO;YACP,IAAI,EAAE;gBACJ,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;gBACvB,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;aACpC;SACF,CAAC,CAAC;IACL,CAAC;IAED,SAAS,EAAE,CAAC,GAAQ,EAAE,KAAa,EAAE,OAAO,GAAG,uBAAuB,EAAE,EAAE;QACxE,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,KAAK;YACL,OAAO;YACP,IAAI,EAAE,YAAY;SACnB,CAAC,CAAC;IACL,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,SAAgB,cAAc,CAC5B,OAAgD,EAChD,UAA4B,EAAE;IAE9B,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;QAC7C,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAE5C,OAAO,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3C,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,KAAU,EAAE,EAAE;gBACtC,IAAI,KAAK,EAAE,CAAC;oBACV,MAAM,CAAC,KAAK,CAAC,CAAC;gBAChB,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;yBACrC,IAAI,CAAC,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;yBACrB,KAAK,CAAC,MAAM,CAAC,CAAC;gBACnB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACU,QAAA,cAAc,GAAG;IAC5B;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,GAAQ,EAAE,GAAW,EAAE,KAAU;QACpD,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACzB,MAAM,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,GAAQ,EAAE,GAAW;QAClC,OAAO,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,GAAQ,EAAE,GAAW;QAC3C,IAAI,GAAG,CAAC,OAAO,IAAI,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YAC3C,OAAO,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC7B,MAAM,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY,CAAC,GAAQ;QACzB,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,iBAAiB,CAAC,GAAQ;QAC9B,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;YAChB,OAAO,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACxC,CAAC;IACH,CAAC;CACF,CAAC"}

package/dist/core/middleware/built-in/auth-providers.d.ts

@@ -0,0 +1,125 @@
+import { AuthProvider } from '../../../types/auth';
+/**
+ * Popular OAuth Providers for Auth.js
+ * These extend the basic providers with more options and popular services
+ */
+export declare const extendedProviders: {
+    github: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+        allowSignup?: boolean;
+    }) => AuthProvider;
+    google: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+        hostedDomain?: string;
+    }) => AuthProvider;
+    microsoft: (options: {
+        clientId: string;
+        clientSecret: string;
+        tenant?: string;
+        scope?: string;
+    }) => AuthProvider;
+    apple: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+    }) => AuthProvider;
+    linkedin: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+    }) => AuthProvider;
+    facebook: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+    }) => AuthProvider;
+    twitter: (options: {
+        clientId: string;
+        clientSecret: string;
+        version?: "1.0a" | "2.0";
+    }) => AuthProvider;
+    slack: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+    }) => AuthProvider;
+    gitlab: (options: {
+        clientId: string;
+        clientSecret: string;
+        domain?: string;
+        scope?: string;
+    }) => AuthProvider;
+    spotify: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+    }) => AuthProvider;
+    twitch: (options: {
+        clientId: string;
+        clientSecret: string;
+        scope?: string;
+    }) => AuthProvider;
+    notion: (options: {
+        clientId: string;
+        clientSecret: string;
+    }) => AuthProvider;
+};
+/**
+ * Enterprise/SAML providers
+ */
+export declare const enterpriseProviders: {
+    saml: (options: {
+        name: string;
+        entryPoint: string;
+        issuer: string;
+        cert: string;
+        callbackUrl?: string;
+    }) => AuthProvider;
+    okta: (options: {
+        clientId: string;
+        clientSecret: string;
+        domain: string;
+        authorizationServerId?: string;
+    }) => AuthProvider;
+    auth0: (options: {
+        clientId: string;
+        clientSecret: string;
+        domain: string;
+        audience?: string;
+    }) => AuthProvider;
+    cognito: (options: {
+        clientId: string;
+        clientSecret: string;
+        domain: string;
+        region?: string;
+    }) => AuthProvider;
+};
+/**
+ * Helper function to create custom OAuth provider
+ */
+export declare function createCustomOAuthProvider(config: {
+    id: string;
+    name: string;
+    clientId: string;
+    clientSecret: string;
+    authorizationUrl: string;
+    tokenUrl: string;
+    userinfoUrl: string;
+    scope?: string;
+    profileMapper?: (profile: any) => any;
+}): AuthProvider;
+/**
+ * Helper function to create custom OIDC provider
+ */
+export declare function createCustomOIDCProvider(config: {
+    id: string;
+    name: string;
+    clientId: string;
+    clientSecret: string;
+    issuer: string;
+    profileMapper?: (profile: any) => any;
+}): AuthProvider;