@mostajs/auth 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Dr Hamid MADANI <drmdh@msn.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,87 @@
+# @mostajs/auth
+
+> Reusable authentication and RBAC module — NextAuth + Users + Roles + Permissions.
+
+[![npm version](https://img.shields.io/npm/v/@mostajs/auth.svg)](https://www.npmjs.com/package/@mostajs/auth)
+[![license](https://img.shields.io/npm/l/@mostajs/auth.svg)](LICENSE)
+
+Part of the [@mosta suite](https://mostajs.dev).
+
+---
+
+## Installation
+
+```bash
+npm install @mostajs/auth @mostajs/orm bcryptjs next-auth@beta
+```
+
+## Quick Start
+
+### 1. Register schemas
+
+```typescript
+import { registerSchemas } from '@mostajs/orm'
+import { UserSchema, RoleSchema, PermissionSchema, PermissionCategorySchema } from '@mostajs/auth'
+
+registerSchemas([UserSchema, RoleSchema, PermissionSchema, PermissionCategorySchema])
+```
+
+### 2. Create auth handlers
+
+```typescript
+import { createAuthHandlers, createAuthChecks } from '@mostajs/auth'
+
+const ROLE_PERMISSIONS = {
+  admin: ['*'],
+  editor: ['dashboard:view', 'user:view'],
+}
+
+const { handlers, auth, signIn, signOut } = createAuthHandlers(ROLE_PERMISSIONS)
+const { checkAuth, checkPermission } = createAuthChecks(auth, ROLE_PERMISSIONS)
+
+export { handlers, auth, checkAuth, checkPermission }
+```
+
+### 3. Protect API routes
+
+```typescript
+export async function GET(req: Request) {
+  const { error, session } = await checkPermission('user:view')
+  if (error) return error
+  // ...
+}
+```
+
+### 4. Client-side permission guard
+
+```tsx
+import PermissionGuard from '@mostajs/auth/components/PermissionGuard'
+
+<PermissionGuard permissions={['user:delete']}>
+  <DeleteButton />
+</PermissionGuard>
+```
+
+## API Reference
+
+| Export | Description |
+|--------|-------------|
+| `createAuthHandlers()` | NextAuth configuration factory |
+| `createAuthChecks()` | Server-side `checkAuth()` / `checkPermission()` |
+| `createAuthMiddleware()` | Next.js middleware for route protection |
+| `seedRBAC()` | Idempotent seed of categories, permissions, roles |
+| `hashPassword()` / `comparePassword()` | bcryptjs wrappers |
+| `hasPermission()` / `getPermissionsForRole()` | Client-safe permission helpers |
+| `usePermissions()` | React hook for permission checking |
+| `PermissionGuard` | Conditional render component |
+| `SessionProvider` | NextAuth session wrapper |
+| `UserRepository` / `RoleRepository` / `PermissionRepository` | Database repositories |
+
+## Related Packages
+
+- [@mostajs/orm](https://www.npmjs.com/package/@mostajs/orm) — Multi-dialect ORM (required)
+- [@mostajs/audit](https://www.npmjs.com/package/@mostajs/audit) — Audit logging
+
+## License
+
+MIT — © 2025 Dr Hamid MADANI <drmdh@msn.com>

package/dist/components/PermissionGuard.d.ts

@@ -0,0 +1,19 @@
+import React from 'react';
+interface PermissionGuardProps {
+    /** Required permissions */
+    permissions: string[];
+    /** Require ALL permissions (AND) vs any (OR). Default: false (OR). */
+    requireAll?: boolean;
+    /** Content shown if authorized */
+    children: React.ReactNode;
+    /** Content shown if unauthorized (default: null) */
+    fallback?: React.ReactNode;
+    /** Admin role name for bypass (default: 'admin') */
+    adminRole?: string;
+}
+/**
+ * Conditionally renders children based on user permissions.
+ * Admin users bypass all permission checks.
+ */
+export default function PermissionGuard({ permissions, requireAll, children, fallback, adminRole, }: PermissionGuardProps): import("react/jsx-runtime").JSX.Element;
+export {};

package/dist/components/PermissionGuard.js

@@ -0,0 +1,23 @@
+"use strict";
+// @mosta/auth — PermissionGuard component
+// Author: Dr Hamid MADANI drmdh@msn.com
+'use client';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = PermissionGuard;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const usePermissions_1 = require("../hooks/usePermissions");
+/**
+ * Conditionally renders children based on user permissions.
+ * Admin users bypass all permission checks.
+ */
+function PermissionGuard({ permissions, requireAll = false, children, fallback = null, adminRole = 'admin', }) {
+    const { hasPermission, hasAnyPermission, isAdmin } = (0, usePermissions_1.usePermissions)(adminRole);
+    if (isAdmin())
+        return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+    const hasAccess = requireAll
+        ? permissions.every((p) => hasPermission(p))
+        : hasAnyPermission(permissions);
+    if (!hasAccess)
+        return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: fallback });
+    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+}

package/dist/components/SessionProvider.d.ts

@@ -0,0 +1,4 @@
+import React from 'react';
+export default function SessionProvider({ children }: {
+    children: React.ReactNode;
+}): import("react/jsx-runtime").JSX.Element;

package/dist/components/SessionProvider.js

@@ -0,0 +1,11 @@
+"use strict";
+// @mosta/auth — NextAuth SessionProvider wrapper
+// Author: Dr Hamid MADANI drmdh@msn.com
+'use client';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = SessionProvider;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const react_1 = require("next-auth/react");
+function SessionProvider({ children }) {
+    return (0, jsx_runtime_1.jsx)(react_1.SessionProvider, { children: children });
+}

package/dist/hooks/usePermissions.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Client-side hook for permission checking.
+ * Reads permissions from the NextAuth session.
+ *
+ * @param adminRole - The role name considered as admin (default: 'admin')
+ */
+export declare function usePermissions(adminRole?: string): {
+    permissions: string[];
+    role: string;
+    hasPermission: (permission: string) => boolean;
+    hasAnyPermission: (permissions: string[]) => boolean;
+    hasRole: (role: string) => boolean;
+    isAdmin: () => boolean;
+    canAccess: (permission: string) => boolean;
+};

package/dist/hooks/usePermissions.js

@@ -0,0 +1,48 @@
+"use strict";
+// @mosta/auth — usePermissions hook (client-side)
+// Author: Dr Hamid MADANI drmdh@msn.com
+'use client';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.usePermissions = usePermissions;
+const react_1 = require("next-auth/react");
+/**
+ * Client-side hook for permission checking.
+ * Reads permissions from the NextAuth session.
+ *
+ * @param adminRole - The role name considered as admin (default: 'admin')
+ */
+function usePermissions(adminRole = 'admin') {
+    const { data: session } = (0, react_1.useSession)();
+    const userPermissions = session?.user?.permissions || [];
+    const userRole = session?.user?.role || '';
+    function hasPermission(permission) {
+        if (!userPermissions || userPermissions.length === 0)
+            return false;
+        if (userPermissions.includes('*'))
+            return true;
+        return userPermissions.includes(permission);
+    }
+    function hasAnyPermission(permissions) {
+        return permissions.some((p) => hasPermission(p));
+    }
+    function hasRole(role) {
+        return userRole === role;
+    }
+    function isAdmin() {
+        return userRole === adminRole;
+    }
+    function canAccess(permission) {
+        if (isAdmin())
+            return true;
+        return hasPermission(permission);
+    }
+    return {
+        permissions: userPermissions,
+        role: userRole,
+        hasPermission,
+        hasAnyPermission,
+        hasRole,
+        isAdmin,
+        canAccess,
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,20 @@
+export { createAuthHandlers } from './lib/auth';
+export { createAuthChecks } from './lib/auth-check';
+export { createAuthMiddleware } from './middleware/auth-middleware';
+export { hashPassword, comparePassword } from './lib/password';
+export { hasPermission, getPermissionsForRole } from './lib/permissions';
+export { getPermissionsForRoleFromDB } from './lib/permissions-server';
+export { seedRBAC } from './lib/rbac-seed';
+export type { SeedRBACOptions } from './lib/rbac-seed';
+export { UserSchema } from './schemas/user.schema';
+export { RoleSchema } from './schemas/role.schema';
+export { PermissionSchema } from './schemas/permission.schema';
+export { PermissionCategorySchema } from './schemas/permission-category.schema';
+export { UserRepository } from './repositories/user.repository';
+export { RoleRepository } from './repositories/role.repository';
+export { PermissionRepository } from './repositories/permission.repository';
+export { PermissionCategoryRepository } from './repositories/permission-category.repository';
+export { usePermissions } from './hooks/usePermissions';
+export { default as PermissionGuard } from './components/PermissionGuard';
+export { default as SessionProvider } from './components/SessionProvider';
+export type { MostaAuthConfig, PermissionDefinition, RoleDefinition, CategoryDefinition, UserDTO, RoleDTO, PermissionDTO, PermissionCategoryDTO, } from './types';

package/dist/index.js

@@ -0,0 +1,55 @@
+"use strict";
+// @mosta/auth — Barrel exports
+// Author: Dr Hamid MADANI drmdh@msn.com
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionProvider = exports.PermissionGuard = exports.usePermissions = exports.PermissionCategoryRepository = exports.PermissionRepository = exports.RoleRepository = exports.UserRepository = exports.PermissionCategorySchema = exports.PermissionSchema = exports.RoleSchema = exports.UserSchema = exports.seedRBAC = exports.getPermissionsForRoleFromDB = exports.getPermissionsForRole = exports.hasPermission = exports.comparePassword = exports.hashPassword = exports.createAuthMiddleware = exports.createAuthChecks = exports.createAuthHandlers = void 0;
+// Auth factory
+var auth_1 = require("./lib/auth");
+Object.defineProperty(exports, "createAuthHandlers", { enumerable: true, get: function () { return auth_1.createAuthHandlers; } });
+var auth_check_1 = require("./lib/auth-check");
+Object.defineProperty(exports, "createAuthChecks", { enumerable: true, get: function () { return auth_check_1.createAuthChecks; } });
+var auth_middleware_1 = require("./middleware/auth-middleware");
+Object.defineProperty(exports, "createAuthMiddleware", { enumerable: true, get: function () { return auth_middleware_1.createAuthMiddleware; } });
+// Password utils
+var password_1 = require("./lib/password");
+Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return password_1.hashPassword; } });
+Object.defineProperty(exports, "comparePassword", { enumerable: true, get: function () { return password_1.comparePassword; } });
+// Permission helpers (client-safe)
+var permissions_1 = require("./lib/permissions");
+Object.defineProperty(exports, "hasPermission", { enumerable: true, get: function () { return permissions_1.hasPermission; } });
+Object.defineProperty(exports, "getPermissionsForRole", { enumerable: true, get: function () { return permissions_1.getPermissionsForRole; } });
+// Server-side permission DB lookup
+var permissions_server_1 = require("./lib/permissions-server");
+Object.defineProperty(exports, "getPermissionsForRoleFromDB", { enumerable: true, get: function () { return permissions_server_1.getPermissionsForRoleFromDB; } });
+// RBAC seed
+var rbac_seed_1 = require("./lib/rbac-seed");
+Object.defineProperty(exports, "seedRBAC", { enumerable: true, get: function () { return rbac_seed_1.seedRBAC; } });
+// Schemas
+var user_schema_1 = require("./schemas/user.schema");
+Object.defineProperty(exports, "UserSchema", { enumerable: true, get: function () { return user_schema_1.UserSchema; } });
+var role_schema_1 = require("./schemas/role.schema");
+Object.defineProperty(exports, "RoleSchema", { enumerable: true, get: function () { return role_schema_1.RoleSchema; } });
+var permission_schema_1 = require("./schemas/permission.schema");
+Object.defineProperty(exports, "PermissionSchema", { enumerable: true, get: function () { return permission_schema_1.PermissionSchema; } });
+var permission_category_schema_1 = require("./schemas/permission-category.schema");
+Object.defineProperty(exports, "PermissionCategorySchema", { enumerable: true, get: function () { return permission_category_schema_1.PermissionCategorySchema; } });
+// Repositories
+var user_repository_1 = require("./repositories/user.repository");
+Object.defineProperty(exports, "UserRepository", { enumerable: true, get: function () { return user_repository_1.UserRepository; } });
+var role_repository_1 = require("./repositories/role.repository");
+Object.defineProperty(exports, "RoleRepository", { enumerable: true, get: function () { return role_repository_1.RoleRepository; } });
+var permission_repository_1 = require("./repositories/permission.repository");
+Object.defineProperty(exports, "PermissionRepository", { enumerable: true, get: function () { return permission_repository_1.PermissionRepository; } });
+var permission_category_repository_1 = require("./repositories/permission-category.repository");
+Object.defineProperty(exports, "PermissionCategoryRepository", { enumerable: true, get: function () { return permission_category_repository_1.PermissionCategoryRepository; } });
+// Hooks
+var usePermissions_1 = require("./hooks/usePermissions");
+Object.defineProperty(exports, "usePermissions", { enumerable: true, get: function () { return usePermissions_1.usePermissions; } });
+// Components
+var PermissionGuard_1 = require("./components/PermissionGuard");
+Object.defineProperty(exports, "PermissionGuard", { enumerable: true, get: function () { return __importDefault(PermissionGuard_1).default; } });
+var SessionProvider_1 = require("./components/SessionProvider");
+Object.defineProperty(exports, "SessionProvider", { enumerable: true, get: function () { return __importDefault(SessionProvider_1).default; } });

package/dist/lib/auth-check.d.ts

@@ -0,0 +1,42 @@
+import { NextResponse } from 'next/server';
+type AuthFn = () => Promise<any>;
+/**
+ * Create server-side guard functions bound to your auth() instance.
+ *
+ * Usage:
+ *   const { checkAuth, checkPermission, getUserFromSession } = createAuthChecks(auth)
+ */
+export declare function createAuthChecks(auth: AuthFn, fallbackMap?: Record<string, string[]>): {
+    checkAuth: () => Promise<{
+        error: NextResponse<{
+            error: {
+                code: string;
+                message: string;
+            };
+        }>;
+        session: null;
+    } | {
+        error: null;
+        session: any;
+    }>;
+    checkPermission: (requiredPermission: string) => Promise<{
+        error: NextResponse<{
+            error: {
+                code: string;
+                message: string;
+            };
+        }>;
+        session: null;
+    } | {
+        error: null;
+        session: any;
+    }>;
+    getUserFromSession: (session: any) => {
+        id: any;
+        email: any;
+        name: any;
+        role: any;
+        permissions: any;
+    };
+};
+export {};

package/dist/lib/auth-check.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthChecks = createAuthChecks;
+// @mosta/auth — Server-side auth guards
+// Author: Dr Hamid MADANI drmdh@msn.com
+const server_1 = require("next/server");
+const permissions_1 = require("./permissions");
+const permissions_server_1 = require("./permissions-server");
+/**
+ * Create server-side guard functions bound to your auth() instance.
+ *
+ * Usage:
+ *   const { checkAuth, checkPermission, getUserFromSession } = createAuthChecks(auth)
+ */
+function createAuthChecks(auth, fallbackMap) {
+    async function checkAuth() {
+        const session = await auth();
+        if (!session?.user) {
+            return {
+                error: server_1.NextResponse.json({ error: { code: 'UNAUTHORIZED', message: 'Non authentifié' } }, { status: 401 }),
+                session: null,
+            };
+        }
+        return { error: null, session };
+    }
+    async function checkPermission(requiredPermission) {
+        const { error, session } = await checkAuth();
+        if (error)
+            return { error, session: null };
+        let userPermissions = session.user.permissions || [];
+        if (userPermissions.length === 0) {
+            const role = session.user.role;
+            if (role) {
+                userPermissions = await (0, permissions_server_1.getPermissionsForRoleFromDB)(role, fallbackMap);
+            }
+        }
+        if (!(0, permissions_1.hasPermission)(userPermissions, requiredPermission)) {
+            return {
+                error: server_1.NextResponse.json({ error: { code: 'FORBIDDEN', message: 'Permission insuffisante' } }, { status: 403 }),
+                session: null,
+            };
+        }
+        return { error: null, session: session };
+    }
+    function getUserFromSession(session) {
+        return {
+            id: session.user.id,
+            email: session.user.email,
+            name: session.user.name,
+            role: session.user.role,
+            permissions: session.user.permissions || [],
+        };
+    }
+    return { checkAuth, checkPermission, getUserFromSession };
+}

package/dist/lib/auth.d.ts

@@ -0,0 +1,14 @@
+import type { MostaAuthConfig } from '../types';
+/**
+ * Create NextAuth handlers configured for MostaAuth RBAC.
+ *
+ * @param rolePermissions - Static role→permissions map (used as fallback)
+ * @param config - Optional MostaAuthConfig overrides
+ */
+export declare function createAuthHandlers(rolePermissions: Record<string, string[]>, config?: MostaAuthConfig): {
+    handlers: any;
+    auth: any;
+    signIn: any;
+    signOut: any;
+    getServerSession: any;
+};

package/dist/lib/auth.js

@@ -0,0 +1,139 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthHandlers = createAuthHandlers;
+// @mosta/auth — NextAuth configuration factory
+// Author: Dr Hamid MADANI drmdh@msn.com
+const next_auth_1 = __importDefault(require("next-auth"));
+const credentials_1 = __importDefault(require("next-auth/providers/credentials"));
+const orm_1 = require("@mostajs/orm");
+const user_repository_1 = require("../repositories/user.repository");
+const role_repository_1 = require("../repositories/role.repository");
+const password_1 = require("./password");
+/**
+ * Create NextAuth handlers configured for MostaAuth RBAC.
+ *
+ * @param rolePermissions - Static role→permissions map (used as fallback)
+ * @param config - Optional MostaAuthConfig overrides
+ */
+function createAuthHandlers(rolePermissions, config) {
+    const { handlers, auth, signIn, signOut } = (0, next_auth_1.default)({
+        secret: process.env.AUTH_SECRET || process.env.NEXTAUTH_SECRET,
+        trustHost: true,
+        debug: false,
+        useSecureCookies: false,
+        cookies: {
+            sessionToken: {
+                name: 'authjs.session-token',
+                options: { httpOnly: true, sameSite: 'lax', path: '/', secure: false },
+            },
+        },
+        providers: [
+            (0, credentials_1.default)({
+                name: 'credentials',
+                credentials: {
+                    email: { label: 'Email', type: 'email' },
+                    password: { label: 'Password', type: 'password' },
+                },
+                async authorize(credentials) {
+                    if (!credentials?.email || !credentials?.password)
+                        return null;
+                    const uRepo = new user_repository_1.UserRepository(await (0, orm_1.getDialect)());
+                    const user = await uRepo.findByEmail(credentials.email);
+                    if (!user)
+                        return null;
+                    if (user.status !== 'active')
+                        return null;
+                    const valid = await (0, password_1.comparePassword)(credentials.password, user.password);
+                    if (!valid)
+                        return null;
+                    await uRepo.updateLastLogin(user.id);
+                    const { roleNames, permissions } = await resolveUserPermissions(user.id, rolePermissions);
+                    return {
+                        id: user.id,
+                        email: user.email,
+                        name: `${user.firstName} ${user.lastName}`,
+                        role: roleNames[0] || '',
+                        roles: roleNames,
+                        permissions,
+                    };
+                },
+            }),
+        ],
+        session: { strategy: 'jwt' },
+        callbacks: {
+            async jwt({ token, user }) {
+                if (user) {
+                    token.role = user.role;
+                    token.roles = user.roles;
+                    token.permissions = user.permissions;
+                }
+                if (token.role && (!token.permissions || token.permissions.length === 0)) {
+                    token.permissions = rolePermissions[token.role] || [];
+                }
+                return token;
+            },
+            async session({ session, token }) {
+                if (token && session.user) {
+                    session.user.id = token.sub;
+                    session.user.role = token.role;
+                    session.user.roles = token.roles;
+                    session.user.permissions = token.permissions;
+                }
+                return session;
+            },
+        },
+        pages: {
+            signIn: config?.pages?.signIn || '/login',
+            error: config?.pages?.error || '/login',
+        },
+    });
+    return { handlers, auth, signIn, signOut, getServerSession: auth };
+}
+// ─── Internal: resolve user→roles→permissions ─────────────────
+async function resolveUserPermissions(userId, fallbackMap) {
+    try {
+        const uRepo = new user_repository_1.UserRepository(await (0, orm_1.getDialect)());
+        const rRepo = new role_repository_1.RoleRepository(await (0, orm_1.getDialect)());
+        const userWithRoles = await uRepo.findByIdWithRoles(userId);
+        if (userWithRoles?.roles?.length) {
+            const roleNames = [];
+            const permissions = [];
+            for (const roleObj of userWithRoles.roles) {
+                const roleName = typeof roleObj === 'string' ? roleObj : roleObj?.name;
+                const roleId = typeof roleObj === 'string' ? roleObj : roleObj?.id;
+                if (roleName)
+                    roleNames.push(roleName);
+                if (roleId) {
+                    const roleWithPerms = await rRepo.findByIdWithPermissions(roleId);
+                    if (roleWithPerms?.permissions) {
+                        for (const perm of roleWithPerms.permissions) {
+                            const permName = typeof perm === 'string' ? perm : perm?.name;
+                            if (permName && !permissions.includes(permName))
+                                permissions.push(permName);
+                        }
+                    }
+                }
+                else if (roleName) {
+                    for (const p of fallbackMap[roleName] || []) {
+                        if (!permissions.includes(p))
+                            permissions.push(p);
+                    }
+                }
+            }
+            if (roleNames.length > 0)
+                return { roleNames, permissions };
+        }
+        // Legacy: user.role = string
+        const raw = userWithRoles;
+        if (raw?.role && typeof raw.role === 'string') {
+            return { roleNames: [raw.role], permissions: fallbackMap[raw.role] || [] };
+        }
+    }
+    catch (err) {
+        console.error('[MostaAuth] Error resolving permissions:', err);
+    }
+    return { roleNames: [], permissions: [] };
+}

package/dist/lib/password.d.ts

@@ -0,0 +1,2 @@
+export declare function hashPassword(plain: string, rounds?: number): Promise<string>;
+export declare function comparePassword(plain: string, hashed: string): Promise<boolean>;

package/dist/lib/password.js

@@ -0,0 +1,17 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashPassword = hashPassword;
+exports.comparePassword = comparePassword;
+// @mosta/auth — Password hashing wrapper
+// Author: Dr Hamid MADANI drmdh@msn.com
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const DEFAULT_ROUNDS = 12;
+async function hashPassword(plain, rounds = DEFAULT_ROUNDS) {
+    return bcryptjs_1.default.hash(plain, rounds);
+}
+async function comparePassword(plain, hashed) {
+    return bcryptjs_1.default.compare(plain, hashed);
+}

package/dist/lib/permissions-server.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Resolve permissions for a role by querying the database.
+ * Falls back to the provided static map if DB lookup fails.
+ */
+export declare function getPermissionsForRoleFromDB(role: string, fallbackMap?: Record<string, string[]>): Promise<string[]>;

package/dist/lib/permissions-server.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPermissionsForRoleFromDB = getPermissionsForRoleFromDB;
+// @mosta/auth — Server-side permission lookup (DO NOT import client-side)
+// Author: Dr Hamid MADANI drmdh@msn.com
+const orm_1 = require("@mostajs/orm");
+const role_repository_1 = require("../repositories/role.repository");
+/**
+ * Resolve permissions for a role by querying the database.
+ * Falls back to the provided static map if DB lookup fails.
+ */
+async function getPermissionsForRoleFromDB(role, fallbackMap) {
+    try {
+        const repo = new role_repository_1.RoleRepository(await (0, orm_1.getDialect)());
+        const dbRole = await repo.findByName(role);
+        if (dbRole) {
+            const roleWithPerms = await repo.findByIdWithPermissions(dbRole.id);
+            if (roleWithPerms?.permissions && roleWithPerms.permissions.length > 0) {
+                return roleWithPerms.permissions.map((p) => typeof p === 'string' ? p : p.name || p);
+            }
+        }
+    }
+    catch (err) {
+        console.error('[MostaAuth] DB permission lookup failed, using fallback:', err);
+    }
+    return fallbackMap?.[role] || [];
+}

package/dist/lib/permissions.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Check if a user has a specific permission.
+ * Supports wildcard '*' for full access.
+ */
+export declare function hasPermission(userPermissions: string[], requiredPermission: string): boolean;
+/**
+ * Get permissions for a role from a static map.
+ */
+export declare function getPermissionsForRole(rolePermissions: Record<string, string[]>, role: string): string[];

package/dist/lib/permissions.js

@@ -0,0 +1,23 @@
+"use strict";
+// @mosta/auth — Permission helpers (client-safe)
+// Author: Dr Hamid MADANI drmdh@msn.com
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hasPermission = hasPermission;
+exports.getPermissionsForRole = getPermissionsForRole;
+/**
+ * Check if a user has a specific permission.
+ * Supports wildcard '*' for full access.
+ */
+function hasPermission(userPermissions, requiredPermission) {
+    if (!userPermissions || userPermissions.length === 0)
+        return false;
+    if (userPermissions.includes('*'))
+        return true;
+    return userPermissions.includes(requiredPermission);
+}
+/**
+ * Get permissions for a role from a static map.
+ */
+function getPermissionsForRole(rolePermissions, role) {
+    return rolePermissions[role] || [];
+}

package/dist/lib/rbac-seed.d.ts

@@ -0,0 +1,15 @@
+import type { CategoryDefinition, PermissionDefinition, RoleDefinition } from '../types';
+export interface SeedRBACOptions {
+    categories: CategoryDefinition[];
+    permissions: PermissionDefinition[];
+    roles: Record<string, RoleDefinition>;
+}
+/**
+ * Idempotent seed of categories, permissions and roles.
+ * Uses upsert — safe to call multiple times.
+ */
+export declare function seedRBAC(options: SeedRBACOptions): Promise<{
+    categoryCount: number;
+    permissionCount: number;
+    roleCount: number;
+}>;

package/dist/lib/rbac-seed.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.seedRBAC = seedRBAC;
+// @mosta/auth — RBAC Seed function
+// Author: Dr Hamid MADANI drmdh@msn.com
+const orm_1 = require("@mostajs/orm");
+const permission_category_repository_1 = require("../repositories/permission-category.repository");
+const permission_repository_1 = require("../repositories/permission.repository");
+const role_repository_1 = require("../repositories/role.repository");
+/**
+ * Idempotent seed of categories, permissions and roles.
+ * Uses upsert — safe to call multiple times.
+ */
+async function seedRBAC(options) {
+    const dialect = await (0, orm_1.getDialect)();
+    const catRepo = new permission_category_repository_1.PermissionCategoryRepository(dialect);
+    const permRepo = new permission_repository_1.PermissionRepository(dialect);
+    const roleRepo = new role_repository_1.RoleRepository(dialect);
+    // 1. Upsert categories
+    for (const cat of options.categories) {
+        await catRepo.upsert({ name: cat.name }, cat);
+    }
+    // 2. Upsert permissions — build code→id map
+    const permissionMap = {};
+    for (const pDef of options.permissions) {
+        const perm = await permRepo.upsert({ name: pDef.name }, { name: pDef.name, description: pDef.description, category: pDef.category });
+        permissionMap[pDef.code] = perm.id;
+    }
+    // 3. Upsert roles with permission IDs
+    for (const [, roleDef] of Object.entries(options.roles)) {
+        const permissionIds = roleDef.permissions
+            .map((code) => permissionMap[code])
+            .filter(Boolean);
+        await roleRepo.upsert({ name: roleDef.name }, { name: roleDef.name, description: roleDef.description, permissions: permissionIds });
+    }
+    return {
+        categoryCount: options.categories.length,
+        permissionCount: options.permissions.length,
+        roleCount: Object.keys(options.roles).length,
+    };
+}

package/dist/middleware/auth-middleware.d.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from 'next/server';
+export interface AuthMiddlewareOptions {
+    /** Paths that don't require authentication (default: ['/login', '/api/auth', '/setup', '/api/setup']) */
+    publicPaths?: string[];
+    /** Path prefixes that require authentication (default: ['/dashboard', '/admin', '/agent']) */
+    protectedPrefixes?: string[];
+    /** Redirect path when unauthenticated (default: '/login') */
+    loginPath?: string;
+}
+/**
+ * Create a Next.js middleware that protects routes based on session cookie.
+ */
+export declare function createAuthMiddleware(options?: AuthMiddlewareOptions): (req: NextRequest) => NextResponse<unknown>;

package/dist/middleware/auth-middleware.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthMiddleware = createAuthMiddleware;
+// @mosta/auth — Configurable authentication middleware for Next.js
+// Author: Dr Hamid MADANI drmdh@msn.com
+const server_1 = require("next/server");
+/**
+ * Create a Next.js middleware that protects routes based on session cookie.
+ */
+function createAuthMiddleware(options) {
+    const publicPaths = options?.publicPaths ?? ['/login', '/api/auth', '/setup', '/api/setup'];
+    const protectedPrefixes = options?.protectedPrefixes ?? ['/dashboard', '/admin', '/agent'];
+    const loginPath = options?.loginPath ?? '/login';
+    return function middleware(req) {
+        const { pathname } = req.nextUrl;
+        // Allow public paths
+        if (publicPaths.some((p) => pathname.startsWith(p))) {
+            return server_1.NextResponse.next();
+        }
+        // Allow static files
+        if (pathname.startsWith('/_next') || pathname.startsWith('/favicon') || pathname.includes('.')) {
+            return server_1.NextResponse.next();
+        }
+        // Check for session token
+        const token = req.cookies.get('authjs.session-token')?.value ||
+            req.cookies.get('__Secure-authjs.session-token')?.value;
+        // Redirect protected routes to login if no session
+        if (!token && protectedPrefixes.some((p) => pathname.startsWith(p))) {
+            return server_1.NextResponse.redirect(new URL(loginPath, req.url));
+        }
+        return server_1.NextResponse.next();
+    };
+}

package/dist/repositories/permission-category.repository.d.ts

@@ -0,0 +1,10 @@
+import { BaseRepository } from '@mostajs/orm';
+import type { IDialect } from '@mostajs/orm';
+import type { PermissionCategoryDTO } from '../types';
+export declare class PermissionCategoryRepository extends BaseRepository<PermissionCategoryDTO> {
+    constructor(dialect: IDialect);
+    /** Find all sorted by order then name */
+    findAllOrdered(): Promise<PermissionCategoryDTO[]>;
+    /** Find by name (unique) */
+    findByName(name: string): Promise<PermissionCategoryDTO | null>;
+}

package/dist/repositories/permission-category.repository.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionCategoryRepository = void 0;
+// @mosta/auth — PermissionCategoryRepository
+// Author: Dr Hamid MADANI drmdh@msn.com
+const orm_1 = require("@mostajs/orm");
+const permission_category_schema_1 = require("../schemas/permission-category.schema");
+class PermissionCategoryRepository extends orm_1.BaseRepository {
+    constructor(dialect) {
+        super(permission_category_schema_1.PermissionCategorySchema, dialect);
+    }
+    /** Find all sorted by order then name */
+    async findAllOrdered() {
+        return this.findAll({}, { sort: { order: 1, name: 1 } });
+    }
+    /** Find by name (unique) */
+    async findByName(name) {
+        return this.findOne({ name });
+    }
+}
+exports.PermissionCategoryRepository = PermissionCategoryRepository;

package/dist/repositories/permission.repository.d.ts

@@ -0,0 +1,12 @@
+import { BaseRepository } from '@mostajs/orm';
+import type { IDialect } from '@mostajs/orm';
+import type { PermissionDTO } from '../types';
+export declare class PermissionRepository extends BaseRepository<PermissionDTO> {
+    constructor(dialect: IDialect);
+    /** Find all sorted by category then name */
+    findAllSorted(): Promise<PermissionDTO[]>;
+    /** Find by name (unique) */
+    findByName(name: string): Promise<PermissionDTO | null>;
+    /** Count permissions in a category */
+    countByCategory(category: string): Promise<number>;
+}

package/dist/repositories/permission.repository.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionRepository = void 0;
+// @mosta/auth — PermissionRepository
+// Author: Dr Hamid MADANI drmdh@msn.com
+const orm_1 = require("@mostajs/orm");
+const permission_schema_1 = require("../schemas/permission.schema");
+class PermissionRepository extends orm_1.BaseRepository {
+    constructor(dialect) {
+        super(permission_schema_1.PermissionSchema, dialect);
+    }
+    /** Find all sorted by category then name */
+    async findAllSorted() {
+        return this.findAll({}, { sort: { category: 1, name: 1 } });
+    }
+    /** Find by name (unique) */
+    async findByName(name) {
+        return this.findOne({ name });
+    }
+    /** Count permissions in a category */
+    async countByCategory(category) {
+        return this.count({ category });
+    }
+}
+exports.PermissionRepository = PermissionRepository;

package/dist/repositories/role.repository.d.ts

@@ -0,0 +1,18 @@
+import { BaseRepository } from '@mostajs/orm';
+import type { IDialect } from '@mostajs/orm';
+import type { RoleDTO } from '../types';
+export declare class RoleRepository extends BaseRepository<RoleDTO> {
+    constructor(dialect: IDialect);
+    /** Find all roles with permissions populated */
+    findAllWithPermissions(): Promise<RoleDTO[]>;
+    /** Find a role by name */
+    findByName(name: string): Promise<RoleDTO | null>;
+    /** Find role by ID with permissions populated */
+    findByIdWithPermissions(id: string): Promise<RoleDTO | null>;
+    /** Add a permission to a role */
+    addPermission(roleId: string, permissionId: string): Promise<RoleDTO | null>;
+    /** Remove a permission from a role */
+    removePermission(roleId: string, permissionId: string): Promise<RoleDTO | null>;
+    /** Remove a permission from ALL roles (cascade) */
+    removePermissionFromAll(permissionId: string): Promise<number>;
+}

package/dist/repositories/role.repository.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleRepository = void 0;
+// @mosta/auth — RoleRepository
+// Author: Dr Hamid MADANI drmdh@msn.com
+const orm_1 = require("@mostajs/orm");
+const role_schema_1 = require("../schemas/role.schema");
+class RoleRepository extends orm_1.BaseRepository {
+    constructor(dialect) {
+        super(role_schema_1.RoleSchema, dialect);
+    }
+    /** Find all roles with permissions populated */
+    async findAllWithPermissions() {
+        return this.findWithRelations({}, ['permissions']);
+    }
+    /** Find a role by name */
+    async findByName(name) {
+        return this.findOne({ name });
+    }
+    /** Find role by ID with permissions populated */
+    async findByIdWithPermissions(id) {
+        return this.findByIdWithRelations(id, ['permissions']);
+    }
+    /** Add a permission to a role */
+    async addPermission(roleId, permissionId) {
+        return this.addToSet(roleId, 'permissions', permissionId);
+    }
+    /** Remove a permission from a role */
+    async removePermission(roleId, permissionId) {
+        return this.pull(roleId, 'permissions', permissionId);
+    }
+    /** Remove a permission from ALL roles (cascade) */
+    async removePermissionFromAll(permissionId) {
+        return this.updateMany({ permissions: permissionId }, { $pull: { permissions: permissionId } });
+    }
+}
+exports.RoleRepository = RoleRepository;

package/dist/repositories/user.repository.d.ts

@@ -0,0 +1,24 @@
+import { BaseRepository } from '@mostajs/orm';
+import type { IDialect, FilterQuery, QueryOptions } from '@mostajs/orm';
+import type { UserDTO } from '../types';
+export declare class UserRepository extends BaseRepository<UserDTO> {
+    constructor(dialect: IDialect);
+    /** List users without password field */
+    findAllSafe(filter?: FilterQuery, options?: QueryOptions): Promise<UserDTO[]>;
+    /** Find a single user by ID without password */
+    findByIdSafe(id: string): Promise<UserDTO | null>;
+    /** Find user by email (for authentication) */
+    findByEmail(email: string): Promise<UserDTO | null>;
+    /** Update lastLoginAt timestamp */
+    updateLastLogin(id: string): Promise<void>;
+    /** Find user by ID with roles populated */
+    findByIdWithRoles(id: string): Promise<UserDTO | null>;
+    /** Find all users with roles populated (no password) */
+    findAllWithRoles(filter?: FilterQuery, options?: QueryOptions): Promise<UserDTO[]>;
+    /** Count users having a specific role */
+    countByRole(roleId: string): Promise<number>;
+    /** Add a role to a user */
+    addRole(userId: string, roleId: string): Promise<UserDTO | null>;
+    /** Remove a role from a user */
+    removeRole(userId: string, roleId: string): Promise<UserDTO | null>;
+}

package/dist/repositories/user.repository.js

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserRepository = void 0;
+// @mosta/auth — UserRepository
+// Author: Dr Hamid MADANI drmdh@msn.com
+const orm_1 = require("@mostajs/orm");
+const user_schema_1 = require("../schemas/user.schema");
+class UserRepository extends orm_1.BaseRepository {
+    constructor(dialect) {
+        super(user_schema_1.UserSchema, dialect);
+    }
+    /** List users without password field */
+    async findAllSafe(filter = {}, options) {
+        return this.findAll(filter, { ...options, exclude: ['password'] });
+    }
+    /** Find a single user by ID without password */
+    async findByIdSafe(id) {
+        return this.findById(id, { exclude: ['password'] });
+    }
+    /** Find user by email (for authentication) */
+    async findByEmail(email) {
+        return this.findOne({ email: email.toLowerCase() });
+    }
+    /** Update lastLoginAt timestamp */
+    async updateLastLogin(id) {
+        await this.update(id, { lastLoginAt: new Date() });
+    }
+    /** Find user by ID with roles populated */
+    async findByIdWithRoles(id) {
+        return this.findByIdWithRelations(id, ['roles']);
+    }
+    /** Find all users with roles populated (no password) */
+    async findAllWithRoles(filter = {}, options) {
+        return this.findWithRelations(filter, ['roles'], { ...options, exclude: ['password'] });
+    }
+    /** Count users having a specific role */
+    async countByRole(roleId) {
+        return this.count({ roles: roleId });
+    }
+    /** Add a role to a user */
+    async addRole(userId, roleId) {
+        return this.addToSet(userId, 'roles', roleId);
+    }
+    /** Remove a role from a user */
+    async removeRole(userId, roleId) {
+        return this.pull(userId, 'roles', roleId);
+    }
+}
+exports.UserRepository = UserRepository;

package/dist/schemas/permission-category.schema.d.ts

@@ -0,0 +1,2 @@
+import type { EntitySchema } from '@mostajs/orm';
+export declare const PermissionCategorySchema: EntitySchema;

package/dist/schemas/permission-category.schema.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionCategorySchema = void 0;
+exports.PermissionCategorySchema = {
+    name: 'PermissionCategory',
+    collection: 'permission_categories',
+    timestamps: true,
+    fields: {
+        name: { type: 'string', required: true, unique: true, lowercase: true, trim: true },
+        label: { type: 'string', required: true, trim: true },
+        description: { type: 'string' },
+        icon: { type: 'string' },
+        order: { type: 'number', default: 0 },
+        system: { type: 'boolean', default: false },
+    },
+    relations: {},
+    indexes: [
+        { fields: { order: 'asc', name: 'asc' } },
+    ],
+};

package/dist/schemas/permission.schema.d.ts

@@ -0,0 +1,2 @@
+import type { EntitySchema } from '@mostajs/orm';
+export declare const PermissionSchema: EntitySchema;

package/dist/schemas/permission.schema.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PermissionSchema = void 0;
+exports.PermissionSchema = {
+    name: 'Permission',
+    collection: 'permissions',
+    timestamps: true,
+    fields: {
+        name: { type: 'string', required: true, unique: true },
+        description: { type: 'string' },
+        category: { type: 'string' },
+    },
+    relations: {},
+    indexes: [],
+};

package/dist/schemas/role.schema.d.ts

@@ -0,0 +1,2 @@
+import type { EntitySchema } from '@mostajs/orm';
+export declare const RoleSchema: EntitySchema;

package/dist/schemas/role.schema.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleSchema = void 0;
+exports.RoleSchema = {
+    name: 'Role',
+    collection: 'roles',
+    timestamps: true,
+    fields: {
+        name: { type: 'string', required: true, unique: true },
+        description: { type: 'string' },
+    },
+    relations: {
+        permissions: { target: 'Permission', type: 'many-to-many', through: 'role_permissions' },
+    },
+    indexes: [],
+};

package/dist/schemas/user.schema.d.ts

@@ -0,0 +1,2 @@
+import type { EntitySchema } from '@mostajs/orm';
+export declare const UserSchema: EntitySchema;

package/dist/schemas/user.schema.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserSchema = void 0;
+exports.UserSchema = {
+    name: 'User',
+    collection: 'users',
+    timestamps: true,
+    fields: {
+        email: { type: 'string', required: true, unique: true, lowercase: true, trim: true },
+        password: { type: 'string', required: true },
+        firstName: { type: 'string', required: true, trim: true },
+        lastName: { type: 'string', required: true, trim: true },
+        phone: { type: 'string', trim: true },
+        status: { type: 'string', enum: ['active', 'locked', 'disabled'], default: 'active' },
+        lastLoginAt: { type: 'date' },
+    },
+    relations: {
+        roles: { target: 'Role', type: 'many-to-many', through: 'user_roles' },
+    },
+    indexes: [
+        { fields: { status: 'asc' } },
+    ],
+};

package/dist/types/index.d.ts

@@ -0,0 +1,81 @@
+export interface MostaAuthConfig {
+    /** Extra fields to add to the User schema */
+    extraUserFields?: Record<string, any>;
+    /** Default roles to seed */
+    defaultRoles?: Record<string, RoleDefinition>;
+    /** Default permissions to seed */
+    defaultPermissions?: PermissionDefinition[];
+    /** Default permission categories to seed */
+    defaultCategories?: CategoryDefinition[];
+    /** bcrypt salt rounds (default: 12) */
+    bcryptRounds?: number;
+    /** NextAuth pages */
+    pages?: {
+        signIn?: string;
+        error?: string;
+    };
+    /** Public paths (not requiring auth) */
+    publicPaths?: string[];
+    /** Protected path prefixes (redirect to login if no session) */
+    protectedPrefixes?: string[];
+}
+export interface PermissionDefinition {
+    code: string;
+    name: string;
+    description: string;
+    category: string;
+}
+export interface RoleDefinition {
+    name: string;
+    description: string;
+    system: boolean;
+    permissions: string[];
+}
+export interface CategoryDefinition {
+    name: string;
+    label: string;
+    description: string;
+    icon: string;
+    order: number;
+    system: boolean;
+}
+export interface UserDTO {
+    id: string;
+    email: string;
+    password?: string;
+    firstName: string;
+    lastName: string;
+    phone?: string;
+    roles: any[];
+    status: 'active' | 'locked' | 'disabled';
+    lastLoginAt?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface RoleDTO {
+    id: string;
+    name: string;
+    description?: string;
+    permissions: any[];
+    createdAt: string;
+    updatedAt: string;
+}
+export interface PermissionDTO {
+    id: string;
+    name: string;
+    description?: string;
+    category?: string;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface PermissionCategoryDTO {
+    id: string;
+    name: string;
+    label: string;
+    description?: string;
+    icon?: string;
+    order: number;
+    system: boolean;
+    createdAt: string;
+    updatedAt: string;
+}

package/dist/types/index.js

@@ -0,0 +1,4 @@
+"use strict";
+// @mosta/auth — Types
+// Author: Dr Hamid MADANI drmdh@msn.com
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,79 @@
+{
+  "name": "@mostajs/auth",
+  "version": "1.0.0",
+  "description": "Reusable authentication and RBAC module — NextAuth + Users + Roles + Permissions",
+  "author": "Dr Hamid MADANI <drmdh@msn.com>",
+  "license": "MIT",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.js",
+      "default": "./dist/index.js"
+    },
+    "./components/SessionProvider": {
+      "types": "./dist/components/SessionProvider.d.ts",
+      "import": "./dist/components/SessionProvider.js",
+      "require": "./dist/components/SessionProvider.js",
+      "default": "./dist/components/SessionProvider.js"
+    },
+    "./components/PermissionGuard": {
+      "types": "./dist/components/PermissionGuard.d.ts",
+      "import": "./dist/components/PermissionGuard.js",
+      "require": "./dist/components/PermissionGuard.js",
+      "default": "./dist/components/PermissionGuard.js"
+    },
+    "./hooks/usePermissions": {
+      "types": "./dist/hooks/usePermissions.d.ts",
+      "import": "./dist/hooks/usePermissions.js",
+      "require": "./dist/hooks/usePermissions.js",
+      "default": "./dist/hooks/usePermissions.js"
+    }
+  },
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "keywords": [
+    "authentication",
+    "authorization",
+    "rbac",
+    "nextauth",
+    "permissions",
+    "roles",
+    "nextjs",
+    "mosta"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/apolocine/mosta-auth"
+  },
+  "homepage": "https://mostajs.dev/packages/auth",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "@mostajs/orm": "^1.0.0",
+    "bcryptjs": "^2.4.3",
+    "next-auth": "5.0.0-beta.25"
+  },
+  "peerDependencies": {
+    "next": ">=14",
+    "react": ">=18"
+  },
+  "devDependencies": {
+    "@types/bcryptjs": "^2.4.0",
+    "@types/node": "^25.3.3",
+    "@types/react": "^19.0.0",
+    "next": "^15.0.0",
+    "react": "^19.0.0",
+    "typescript": "^5.6.0"
+  }
+}