@mostajs/auth 1.0.0 → 1.0.2

package/dist/components/PermissionGuard.js

@@ -1,23 +1,20 @@
-"use strict";
 // @mosta/auth — PermissionGuard component
 // Author: Dr Hamid MADANI drmdh@msn.com
 'use client';
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = PermissionGuard;
-const jsx_runtime_1 = require("react/jsx-runtime");
-const usePermissions_1 = require("../hooks/usePermissions");
+import { Fragment as _Fragment, jsx as _jsx } from "react/jsx-runtime";
+import { usePermissions } from '../hooks/usePermissions';
 /**
  * Conditionally renders children based on user permissions.
  * Admin users bypass all permission checks.
  */
-function PermissionGuard({ permissions, requireAll = false, children, fallback = null, adminRole = 'admin', }) {
-    const { hasPermission, hasAnyPermission, isAdmin } = (0, usePermissions_1.usePermissions)(adminRole);
+export default function PermissionGuard({ permissions, requireAll = false, children, fallback = null, adminRole = 'admin', }) {
+    const { hasPermission, hasAnyPermission, isAdmin } = usePermissions(adminRole);
     if (isAdmin())
-        return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+        return _jsx(_Fragment, { children: children });
     const hasAccess = requireAll
         ? permissions.every((p) => hasPermission(p))
         : hasAnyPermission(permissions);
     if (!hasAccess)
-        return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: fallback });
-    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+        return _jsx(_Fragment, { children: fallback });
+    return _jsx(_Fragment, { children: children });
 }

package/dist/components/SessionProvider.js

@@ -1,11 +1,8 @@
-"use strict";
 // @mosta/auth — NextAuth SessionProvider wrapper
 // Author: Dr Hamid MADANI drmdh@msn.com
 'use client';
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.default = SessionProvider;
-const jsx_runtime_1 = require("react/jsx-runtime");
-const react_1 = require("next-auth/react");
-function SessionProvider({ children }) {
-    return (0, jsx_runtime_1.jsx)(react_1.SessionProvider, { children: children });
+import { jsx as _jsx } from "react/jsx-runtime";
+import { SessionProvider as NextAuthSessionProvider } from 'next-auth/react';
+export default function SessionProvider({ children }) {
+    return _jsx(NextAuthSessionProvider, { children: children });
 }

package/dist/hooks/usePermissions.d.ts

@@ -7,6 +7,7 @@
 export declare function usePermissions(adminRole?: string): {
     permissions: string[];
     role: string;
+    roles: string[];
     hasPermission: (permission: string) => boolean;
     hasAnyPermission: (permissions: string[]) => boolean;
     hasRole: (role: string) => boolean;

package/dist/hooks/usePermissions.js

@@ -1,20 +1,18 @@
-"use strict";
 // @mosta/auth — usePermissions hook (client-side)
 // Author: Dr Hamid MADANI drmdh@msn.com
 'use client';
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.usePermissions = usePermissions;
-const react_1 = require("next-auth/react");
+import { useSession } from 'next-auth/react';
 /**
  * Client-side hook for permission checking.
  * Reads permissions from the NextAuth session.
  *
  * @param adminRole - The role name considered as admin (default: 'admin')
  */
-function usePermissions(adminRole = 'admin') {
-    const { data: session } = (0, react_1.useSession)();
+export function usePermissions(adminRole = 'admin') {
+    const { data: session } = useSession();
     const userPermissions = session?.user?.permissions || [];
     const userRole = session?.user?.role || '';
+    const userRoles = session?.user?.roles || [];
     function hasPermission(permission) {
         if (!userPermissions || userPermissions.length === 0)
             return false;
@@ -26,10 +24,10 @@ function usePermissions(adminRole = 'admin') {
         return permissions.some((p) => hasPermission(p));
     }
     function hasRole(role) {
-        return userRole === role;
+        return userRoles.includes(role) || userRole === role;
     }
     function isAdmin() {
-        return userRole === adminRole;
+        return userRoles.includes(adminRole) || userRole === adminRole;
     }
     function canAccess(permission) {
         if (isAdmin())
@@ -39,6 +37,7 @@ function usePermissions(adminRole = 'admin') {
     return {
         permissions: userPermissions,
         role: userRole,
+        roles: userRoles,
         hasPermission,
         hasAnyPermission,
         hasRole,

package/dist/index.d.ts

@@ -1,6 +1,7 @@
 export { createAuthHandlers } from './lib/auth';
 export { createAuthChecks } from './lib/auth-check';
 export { createAuthMiddleware } from './middleware/auth-middleware';
+export type { AuthMiddlewareOptions } from './middleware/auth-middleware';
 export { hashPassword, comparePassword } from './lib/password';
 export { hasPermission, getPermissionsForRole } from './lib/permissions';
 export { getPermissionsForRoleFromDB } from './lib/permissions-server';
@@ -17,4 +18,4 @@ export { PermissionCategoryRepository } from './repositories/permission-category
 export { usePermissions } from './hooks/usePermissions';
 export { default as PermissionGuard } from './components/PermissionGuard';
 export { default as SessionProvider } from './components/SessionProvider';
-export type { MostaAuthConfig, PermissionDefinition, RoleDefinition, CategoryDefinition, UserDTO, RoleDTO, PermissionDTO, PermissionCategoryDTO, } from './types';
+export type { MostaAuthConfig, PermissionDefinition, RoleDefinition, CategoryDefinition, UserDTO, RoleDTO, PermissionDTO, PermissionCategoryDTO, } from './types/index';

package/dist/index.js

@@ -1,55 +1,29 @@
-"use strict";
 // @mosta/auth — Barrel exports
 // Author: Dr Hamid MADANI drmdh@msn.com
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SessionProvider = exports.PermissionGuard = exports.usePermissions = exports.PermissionCategoryRepository = exports.PermissionRepository = exports.RoleRepository = exports.UserRepository = exports.PermissionCategorySchema = exports.PermissionSchema = exports.RoleSchema = exports.UserSchema = exports.seedRBAC = exports.getPermissionsForRoleFromDB = exports.getPermissionsForRole = exports.hasPermission = exports.comparePassword = exports.hashPassword = exports.createAuthMiddleware = exports.createAuthChecks = exports.createAuthHandlers = void 0;
 // Auth factory
-var auth_1 = require("./lib/auth");
-Object.defineProperty(exports, "createAuthHandlers", { enumerable: true, get: function () { return auth_1.createAuthHandlers; } });
-var auth_check_1 = require("./lib/auth-check");
-Object.defineProperty(exports, "createAuthChecks", { enumerable: true, get: function () { return auth_check_1.createAuthChecks; } });
-var auth_middleware_1 = require("./middleware/auth-middleware");
-Object.defineProperty(exports, "createAuthMiddleware", { enumerable: true, get: function () { return auth_middleware_1.createAuthMiddleware; } });
+export { createAuthHandlers } from './lib/auth';
+export { createAuthChecks } from './lib/auth-check';
+export { createAuthMiddleware } from './middleware/auth-middleware';
 // Password utils
-var password_1 = require("./lib/password");
-Object.defineProperty(exports, "hashPassword", { enumerable: true, get: function () { return password_1.hashPassword; } });
-Object.defineProperty(exports, "comparePassword", { enumerable: true, get: function () { return password_1.comparePassword; } });
+export { hashPassword, comparePassword } from './lib/password';
 // Permission helpers (client-safe)
-var permissions_1 = require("./lib/permissions");
-Object.defineProperty(exports, "hasPermission", { enumerable: true, get: function () { return permissions_1.hasPermission; } });
-Object.defineProperty(exports, "getPermissionsForRole", { enumerable: true, get: function () { return permissions_1.getPermissionsForRole; } });
+export { hasPermission, getPermissionsForRole } from './lib/permissions';
 // Server-side permission DB lookup
-var permissions_server_1 = require("./lib/permissions-server");
-Object.defineProperty(exports, "getPermissionsForRoleFromDB", { enumerable: true, get: function () { return permissions_server_1.getPermissionsForRoleFromDB; } });
+export { getPermissionsForRoleFromDB } from './lib/permissions-server';
 // RBAC seed
-var rbac_seed_1 = require("./lib/rbac-seed");
-Object.defineProperty(exports, "seedRBAC", { enumerable: true, get: function () { return rbac_seed_1.seedRBAC; } });
+export { seedRBAC } from './lib/rbac-seed';
 // Schemas
-var user_schema_1 = require("./schemas/user.schema");
-Object.defineProperty(exports, "UserSchema", { enumerable: true, get: function () { return user_schema_1.UserSchema; } });
-var role_schema_1 = require("./schemas/role.schema");
-Object.defineProperty(exports, "RoleSchema", { enumerable: true, get: function () { return role_schema_1.RoleSchema; } });
-var permission_schema_1 = require("./schemas/permission.schema");
-Object.defineProperty(exports, "PermissionSchema", { enumerable: true, get: function () { return permission_schema_1.PermissionSchema; } });
-var permission_category_schema_1 = require("./schemas/permission-category.schema");
-Object.defineProperty(exports, "PermissionCategorySchema", { enumerable: true, get: function () { return permission_category_schema_1.PermissionCategorySchema; } });
+export { UserSchema } from './schemas/user.schema';
+export { RoleSchema } from './schemas/role.schema';
+export { PermissionSchema } from './schemas/permission.schema';
+export { PermissionCategorySchema } from './schemas/permission-category.schema';
 // Repositories
-var user_repository_1 = require("./repositories/user.repository");
-Object.defineProperty(exports, "UserRepository", { enumerable: true, get: function () { return user_repository_1.UserRepository; } });
-var role_repository_1 = require("./repositories/role.repository");
-Object.defineProperty(exports, "RoleRepository", { enumerable: true, get: function () { return role_repository_1.RoleRepository; } });
-var permission_repository_1 = require("./repositories/permission.repository");
-Object.defineProperty(exports, "PermissionRepository", { enumerable: true, get: function () { return permission_repository_1.PermissionRepository; } });
-var permission_category_repository_1 = require("./repositories/permission-category.repository");
-Object.defineProperty(exports, "PermissionCategoryRepository", { enumerable: true, get: function () { return permission_category_repository_1.PermissionCategoryRepository; } });
+export { UserRepository } from './repositories/user.repository';
+export { RoleRepository } from './repositories/role.repository';
+export { PermissionRepository } from './repositories/permission.repository';
+export { PermissionCategoryRepository } from './repositories/permission-category.repository';
 // Hooks
-var usePermissions_1 = require("./hooks/usePermissions");
-Object.defineProperty(exports, "usePermissions", { enumerable: true, get: function () { return usePermissions_1.usePermissions; } });
+export { usePermissions } from './hooks/usePermissions';
 // Components
-var PermissionGuard_1 = require("./components/PermissionGuard");
-Object.defineProperty(exports, "PermissionGuard", { enumerable: true, get: function () { return __importDefault(PermissionGuard_1).default; } });
-var SessionProvider_1 = require("./components/SessionProvider");
-Object.defineProperty(exports, "SessionProvider", { enumerable: true, get: function () { return __importDefault(SessionProvider_1).default; } });
+export { default as PermissionGuard } from './components/PermissionGuard';
+export { default as SessionProvider } from './components/SessionProvider';

package/dist/lib/auth-check.js

@@ -1,23 +1,20 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAuthChecks = createAuthChecks;
 // @mosta/auth — Server-side auth guards
 // Author: Dr Hamid MADANI drmdh@msn.com
-const server_1 = require("next/server");
-const permissions_1 = require("./permissions");
-const permissions_server_1 = require("./permissions-server");
+import { NextResponse } from 'next/server';
+import { hasPermission } from './permissions';
+import { getPermissionsForRoleFromDB } from './permissions-server';
 /**
  * Create server-side guard functions bound to your auth() instance.
  *
  * Usage:
  *   const { checkAuth, checkPermission, getUserFromSession } = createAuthChecks(auth)
  */
-function createAuthChecks(auth, fallbackMap) {
+export function createAuthChecks(auth, fallbackMap) {
     async function checkAuth() {
         const session = await auth();
         if (!session?.user) {
             return {
-                error: server_1.NextResponse.json({ error: { code: 'UNAUTHORIZED', message: 'Non authentifié' } }, { status: 401 }),
+                error: NextResponse.json({ error: { code: 'UNAUTHORIZED', message: 'Non authentifié' } }, { status: 401 }),
                 session: null,
             };
         }
@@ -29,14 +26,20 @@ function createAuthChecks(auth, fallbackMap) {
             return { error, session: null };
         let userPermissions = session.user.permissions || [];
         if (userPermissions.length === 0) {
-            const role = session.user.role;
-            if (role) {
-                userPermissions = await (0, permissions_server_1.getPermissionsForRoleFromDB)(role, fallbackMap);
+            const roles = session.user.roles || [];
+            const singleRole = session.user.role;
+            const rolesToCheck = roles.length > 0 ? roles : singleRole ? [singleRole] : [];
+            for (const role of rolesToCheck) {
+                const perms = await getPermissionsForRoleFromDB(role, fallbackMap);
+                for (const p of perms) {
+                    if (!userPermissions.includes(p))
+                        userPermissions.push(p);
+                }
             }
         }
-        if (!(0, permissions_1.hasPermission)(userPermissions, requiredPermission)) {
+        if (!hasPermission(userPermissions, requiredPermission)) {
             return {
-                error: server_1.NextResponse.json({ error: { code: 'FORBIDDEN', message: 'Permission insuffisante' } }, { status: 403 }),
+                error: NextResponse.json({ error: { code: 'FORBIDDEN', message: 'Permission insuffisante' } }, { status: 403 }),
                 session: null,
             };
         }

package/dist/lib/auth.d.ts

@@ -1,4 +1,4 @@
-import type { MostaAuthConfig } from '../types';
+import type { MostaAuthConfig } from '../types/index';
 /**
  * Create NextAuth handlers configured for MostaAuth RBAC.
  *

package/dist/lib/auth.js

@@ -1,25 +1,26 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAuthHandlers = createAuthHandlers;
 // @mosta/auth — NextAuth configuration factory
 // Author: Dr Hamid MADANI drmdh@msn.com
-const next_auth_1 = __importDefault(require("next-auth"));
-const credentials_1 = __importDefault(require("next-auth/providers/credentials"));
-const orm_1 = require("@mostajs/orm");
-const user_repository_1 = require("../repositories/user.repository");
-const role_repository_1 = require("../repositories/role.repository");
-const password_1 = require("./password");
+import NextAuth from 'next-auth';
+import CredentialsProvider from 'next-auth/providers/credentials';
+import { getDialect, registerSchemas } from '@mostajs/orm';
+import { UserRepository } from '../repositories/user.repository';
+import { RoleRepository } from '../repositories/role.repository';
+import { comparePassword } from './password';
+import { UserSchema } from '../schemas/user.schema';
+import { RoleSchema } from '../schemas/role.schema';
+import { PermissionSchema } from '../schemas/permission.schema';
+import { PermissionCategorySchema } from '../schemas/permission-category.schema';
+// Auto-register auth schemas into ORM registry (idempotent)
+// Must run before getDialect() to ensure relations are resolvable
+registerSchemas([UserSchema, RoleSchema, PermissionSchema, PermissionCategorySchema]);
 /**
  * Create NextAuth handlers configured for MostaAuth RBAC.
  *
  * @param rolePermissions - Static role→permissions map (used as fallback)
  * @param config - Optional MostaAuthConfig overrides
  */
-function createAuthHandlers(rolePermissions, config) {
-    const { handlers, auth, signIn, signOut } = (0, next_auth_1.default)({
+export function createAuthHandlers(rolePermissions, config) {
+    const { handlers, auth, signIn, signOut } = NextAuth({
         secret: process.env.AUTH_SECRET || process.env.NEXTAUTH_SECRET,
         trustHost: true,
         debug: false,
@@ -31,7 +32,7 @@ function createAuthHandlers(rolePermissions, config) {
             },
         },
         providers: [
-            (0, credentials_1.default)({
+            CredentialsProvider({
                 name: 'credentials',
                 credentials: {
                     email: { label: 'Email', type: 'email' },
@@ -40,13 +41,13 @@ function createAuthHandlers(rolePermissions, config) {
                 async authorize(credentials) {
                     if (!credentials?.email || !credentials?.password)
                         return null;
-                    const uRepo = new user_repository_1.UserRepository(await (0, orm_1.getDialect)());
+                    const uRepo = new UserRepository(await getDialect());
                     const user = await uRepo.findByEmail(credentials.email);
                     if (!user)
                         return null;
                     if (user.status !== 'active')
                         return null;
-                    const valid = await (0, password_1.comparePassword)(credentials.password, user.password);
+                    const valid = await comparePassword(credentials.password, user.password);
                     if (!valid)
                         return null;
                     await uRepo.updateLastLogin(user.id);
@@ -70,8 +71,15 @@ function createAuthHandlers(rolePermissions, config) {
                     token.roles = user.roles;
                     token.permissions = user.permissions;
                 }
-                if (token.role && (!token.permissions || token.permissions.length === 0)) {
-                    token.permissions = rolePermissions[token.role] || [];
+                if ((!token.permissions || token.permissions.length === 0) && token.roles) {
+                    const allPerms = [];
+                    for (const r of token.roles) {
+                        for (const p of rolePermissions[r] || []) {
+                            if (!allPerms.includes(p))
+                                allPerms.push(p);
+                        }
+                    }
+                    token.permissions = allPerms;
                 }
                 return token;
             },
@@ -95,8 +103,8 @@ function createAuthHandlers(rolePermissions, config) {
 // ─── Internal: resolve user→roles→permissions ─────────────────
 async function resolveUserPermissions(userId, fallbackMap) {
     try {
-        const uRepo = new user_repository_1.UserRepository(await (0, orm_1.getDialect)());
-        const rRepo = new role_repository_1.RoleRepository(await (0, orm_1.getDialect)());
+        const uRepo = new UserRepository(await getDialect());
+        const rRepo = new RoleRepository(await getDialect());
         const userWithRoles = await uRepo.findByIdWithRoles(userId);
         if (userWithRoles?.roles?.length) {
             const roleNames = [];

package/dist/lib/password.js

@@ -1,17 +1,10 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.hashPassword = hashPassword;
-exports.comparePassword = comparePassword;
 // @mosta/auth — Password hashing wrapper
 // Author: Dr Hamid MADANI drmdh@msn.com
-const bcryptjs_1 = __importDefault(require("bcryptjs"));
+import bcrypt from 'bcryptjs';
 const DEFAULT_ROUNDS = 12;
-async function hashPassword(plain, rounds = DEFAULT_ROUNDS) {
-    return bcryptjs_1.default.hash(plain, rounds);
+export async function hashPassword(plain, rounds = DEFAULT_ROUNDS) {
+    return bcrypt.hash(plain, rounds);
 }
-async function comparePassword(plain, hashed) {
-    return bcryptjs_1.default.compare(plain, hashed);
+export async function comparePassword(plain, hashed) {
+    return bcrypt.compare(plain, hashed);
 }

package/dist/lib/permissions-server.js

@@ -1,17 +1,14 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getPermissionsForRoleFromDB = getPermissionsForRoleFromDB;
 // @mosta/auth — Server-side permission lookup (DO NOT import client-side)
 // Author: Dr Hamid MADANI drmdh@msn.com
-const orm_1 = require("@mostajs/orm");
-const role_repository_1 = require("../repositories/role.repository");
+import { getDialect } from '@mostajs/orm';
+import { RoleRepository } from '../repositories/role.repository';
 /**
  * Resolve permissions for a role by querying the database.
  * Falls back to the provided static map if DB lookup fails.
  */
-async function getPermissionsForRoleFromDB(role, fallbackMap) {
+export async function getPermissionsForRoleFromDB(role, fallbackMap) {
     try {
-        const repo = new role_repository_1.RoleRepository(await (0, orm_1.getDialect)());
+        const repo = new RoleRepository(await getDialect());
         const dbRole = await repo.findByName(role);
         if (dbRole) {
             const roleWithPerms = await repo.findByIdWithPermissions(dbRole.id);

package/dist/lib/permissions.js

@@ -1,14 +1,10 @@
-"use strict";
 // @mosta/auth — Permission helpers (client-safe)
 // Author: Dr Hamid MADANI drmdh@msn.com
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.hasPermission = hasPermission;
-exports.getPermissionsForRole = getPermissionsForRole;
 /**
  * Check if a user has a specific permission.
  * Supports wildcard '*' for full access.
  */
-function hasPermission(userPermissions, requiredPermission) {
+export function hasPermission(userPermissions, requiredPermission) {
     if (!userPermissions || userPermissions.length === 0)
         return false;
     if (userPermissions.includes('*'))
@@ -18,6 +14,6 @@ function hasPermission(userPermissions, requiredPermission) {
 /**
  * Get permissions for a role from a static map.
  */
-function getPermissionsForRole(rolePermissions, role) {
+export function getPermissionsForRole(rolePermissions, role) {
     return rolePermissions[role] || [];
 }

package/dist/lib/rbac-seed.d.ts

@@ -1,4 +1,4 @@
-import type { CategoryDefinition, PermissionDefinition, RoleDefinition } from '../types';
+import type { CategoryDefinition, PermissionDefinition, RoleDefinition } from '../types/index';
 export interface SeedRBACOptions {
     categories: CategoryDefinition[];
     permissions: PermissionDefinition[];

package/dist/lib/rbac-seed.js

@@ -1,21 +1,18 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.seedRBAC = seedRBAC;
 // @mosta/auth — RBAC Seed function
 // Author: Dr Hamid MADANI drmdh@msn.com
-const orm_1 = require("@mostajs/orm");
-const permission_category_repository_1 = require("../repositories/permission-category.repository");
-const permission_repository_1 = require("../repositories/permission.repository");
-const role_repository_1 = require("../repositories/role.repository");
+import { getDialect } from '@mostajs/orm';
+import { PermissionCategoryRepository } from '../repositories/permission-category.repository';
+import { PermissionRepository } from '../repositories/permission.repository';
+import { RoleRepository } from '../repositories/role.repository';
 /**
  * Idempotent seed of categories, permissions and roles.
  * Uses upsert — safe to call multiple times.
  */
-async function seedRBAC(options) {
-    const dialect = await (0, orm_1.getDialect)();
-    const catRepo = new permission_category_repository_1.PermissionCategoryRepository(dialect);
-    const permRepo = new permission_repository_1.PermissionRepository(dialect);
-    const roleRepo = new role_repository_1.RoleRepository(dialect);
+export async function seedRBAC(options) {
+    const dialect = await getDialect();
+    const catRepo = new PermissionCategoryRepository(dialect);
+    const permRepo = new PermissionRepository(dialect);
+    const roleRepo = new RoleRepository(dialect);
     // 1. Upsert categories
     for (const cat of options.categories) {
         await catRepo.upsert({ name: cat.name }, cat);

package/dist/middleware/auth-middleware.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAuthMiddleware = createAuthMiddleware;
 // @mosta/auth — Configurable authentication middleware for Next.js
 // Author: Dr Hamid MADANI drmdh@msn.com
-const server_1 = require("next/server");
+import { NextResponse } from 'next/server';
 /**
  * Create a Next.js middleware that protects routes based on session cookie.
  */
-function createAuthMiddleware(options) {
+export function createAuthMiddleware(options) {
     const publicPaths = options?.publicPaths ?? ['/login', '/api/auth', '/setup', '/api/setup'];
     const protectedPrefixes = options?.protectedPrefixes ?? ['/dashboard', '/admin', '/agent'];
     const loginPath = options?.loginPath ?? '/login';
@@ -15,19 +12,21 @@ function createAuthMiddleware(options) {
         const { pathname } = req.nextUrl;
         // Allow public paths
         if (publicPaths.some((p) => pathname.startsWith(p))) {
-            return server_1.NextResponse.next();
+            return NextResponse.next();
         }
-        // Allow static files
-        if (pathname.startsWith('/_next') || pathname.startsWith('/favicon') || pathname.includes('.')) {
-            return server_1.NextResponse.next();
+        // Allow static files (only known static extensions, not any path with a dot)
+        if (pathname.startsWith('/_next') ||
+            pathname.startsWith('/favicon') ||
+            /\.(?:ico|png|jpg|jpeg|gif|svg|webp|css|js|map|woff2?|ttf|eot|json|webmanifest)$/i.test(pathname)) {
+            return NextResponse.next();
         }
         // Check for session token
         const token = req.cookies.get('authjs.session-token')?.value ||
             req.cookies.get('__Secure-authjs.session-token')?.value;
         // Redirect protected routes to login if no session
         if (!token && protectedPrefixes.some((p) => pathname.startsWith(p))) {
-            return server_1.NextResponse.redirect(new URL(loginPath, req.url));
+            return NextResponse.redirect(new URL(loginPath, req.url));
         }
-        return server_1.NextResponse.next();
+        return NextResponse.next();
     };
 }

package/dist/repositories/permission-category.repository.d.ts

@@ -1,6 +1,6 @@
 import { BaseRepository } from '@mostajs/orm';
 import type { IDialect } from '@mostajs/orm';
-import type { PermissionCategoryDTO } from '../types';
+import type { PermissionCategoryDTO } from '../types/index';
 export declare class PermissionCategoryRepository extends BaseRepository<PermissionCategoryDTO> {
     constructor(dialect: IDialect);
     /** Find all sorted by order then name */

package/dist/repositories/permission-category.repository.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermissionCategoryRepository = void 0;
 // @mosta/auth — PermissionCategoryRepository
 // Author: Dr Hamid MADANI drmdh@msn.com
-const orm_1 = require("@mostajs/orm");
-const permission_category_schema_1 = require("../schemas/permission-category.schema");
-class PermissionCategoryRepository extends orm_1.BaseRepository {
+import { BaseRepository } from '@mostajs/orm';
+import { PermissionCategorySchema } from '../schemas/permission-category.schema';
+export class PermissionCategoryRepository extends BaseRepository {
     constructor(dialect) {
-        super(permission_category_schema_1.PermissionCategorySchema, dialect);
+        super(PermissionCategorySchema, dialect);
     }
     /** Find all sorted by order then name */
     async findAllOrdered() {
@@ -18,4 +15,3 @@ class PermissionCategoryRepository extends orm_1.BaseRepository {
         return this.findOne({ name });
     }
 }
-exports.PermissionCategoryRepository = PermissionCategoryRepository;

package/dist/repositories/permission.repository.d.ts

@@ -1,6 +1,6 @@
 import { BaseRepository } from '@mostajs/orm';
 import type { IDialect } from '@mostajs/orm';
-import type { PermissionDTO } from '../types';
+import type { PermissionDTO } from '../types/index';
 export declare class PermissionRepository extends BaseRepository<PermissionDTO> {
     constructor(dialect: IDialect);
     /** Find all sorted by category then name */

package/dist/repositories/permission.repository.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermissionRepository = void 0;
 // @mosta/auth — PermissionRepository
 // Author: Dr Hamid MADANI drmdh@msn.com
-const orm_1 = require("@mostajs/orm");
-const permission_schema_1 = require("../schemas/permission.schema");
-class PermissionRepository extends orm_1.BaseRepository {
+import { BaseRepository } from '@mostajs/orm';
+import { PermissionSchema } from '../schemas/permission.schema';
+export class PermissionRepository extends BaseRepository {
     constructor(dialect) {
-        super(permission_schema_1.PermissionSchema, dialect);
+        super(PermissionSchema, dialect);
     }
     /** Find all sorted by category then name */
     async findAllSorted() {
@@ -22,4 +19,3 @@ class PermissionRepository extends orm_1.BaseRepository {
         return this.count({ category });
     }
 }
-exports.PermissionRepository = PermissionRepository;

package/dist/repositories/role.repository.d.ts

@@ -1,6 +1,6 @@
 import { BaseRepository } from '@mostajs/orm';
 import type { IDialect } from '@mostajs/orm';
-import type { RoleDTO } from '../types';
+import type { RoleDTO } from '../types/index';
 export declare class RoleRepository extends BaseRepository<RoleDTO> {
     constructor(dialect: IDialect);
     /** Find all roles with permissions populated */

package/dist/repositories/role.repository.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RoleRepository = void 0;
 // @mosta/auth — RoleRepository
 // Author: Dr Hamid MADANI drmdh@msn.com
-const orm_1 = require("@mostajs/orm");
-const role_schema_1 = require("../schemas/role.schema");
-class RoleRepository extends orm_1.BaseRepository {
+import { BaseRepository } from '@mostajs/orm';
+import { RoleSchema } from '../schemas/role.schema';
+export class RoleRepository extends BaseRepository {
     constructor(dialect) {
-        super(role_schema_1.RoleSchema, dialect);
+        super(RoleSchema, dialect);
     }
     /** Find all roles with permissions populated */
     async findAllWithPermissions() {
@@ -34,4 +31,3 @@ class RoleRepository extends orm_1.BaseRepository {
         return this.updateMany({ permissions: permissionId }, { $pull: { permissions: permissionId } });
     }
 }
-exports.RoleRepository = RoleRepository;

package/dist/repositories/user.repository.d.ts

@@ -1,6 +1,6 @@
 import { BaseRepository } from '@mostajs/orm';
 import type { IDialect, FilterQuery, QueryOptions } from '@mostajs/orm';
-import type { UserDTO } from '../types';
+import type { UserDTO } from '../types/index';
 export declare class UserRepository extends BaseRepository<UserDTO> {
     constructor(dialect: IDialect);
     /** List users without password field */

package/dist/repositories/user.repository.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserRepository = void 0;
 // @mosta/auth — UserRepository
 // Author: Dr Hamid MADANI drmdh@msn.com
-const orm_1 = require("@mostajs/orm");
-const user_schema_1 = require("../schemas/user.schema");
-class UserRepository extends orm_1.BaseRepository {
+import { BaseRepository } from '@mostajs/orm';
+import { UserSchema } from '../schemas/user.schema';
+export class UserRepository extends BaseRepository {
     constructor(dialect) {
-        super(user_schema_1.UserSchema, dialect);
+        super(UserSchema, dialect);
     }
     /** List users without password field */
     async findAllSafe(filter = {}, options) {
@@ -46,4 +43,3 @@ class UserRepository extends orm_1.BaseRepository {
         return this.pull(userId, 'roles', roleId);
     }
 }
-exports.UserRepository = UserRepository;

package/dist/schemas/permission-category.schema.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermissionCategorySchema = void 0;
-exports.PermissionCategorySchema = {
+export const PermissionCategorySchema = {
     name: 'PermissionCategory',
     collection: 'permission_categories',
     timestamps: true,

package/dist/schemas/permission.schema.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PermissionSchema = void 0;
-exports.PermissionSchema = {
+export const PermissionSchema = {
     name: 'Permission',
     collection: 'permissions',
     timestamps: true,

package/dist/schemas/role.schema.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RoleSchema = void 0;
-exports.RoleSchema = {
+export const RoleSchema = {
     name: 'Role',
     collection: 'roles',
     timestamps: true,

package/dist/schemas/user.schema.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.UserSchema = void 0;
-exports.UserSchema = {
+export const UserSchema = {
     name: 'User',
     collection: 'users',
     timestamps: true,

package/dist/types/index.d.ts

@@ -7,8 +7,6 @@ export interface MostaAuthConfig {
     defaultPermissions?: PermissionDefinition[];
     /** Default permission categories to seed */
     defaultCategories?: CategoryDefinition[];
-    /** bcrypt salt rounds (default: 12) */
-    bcryptRounds?: number;
     /** NextAuth pages */
     pages?: {
         signIn?: string;

package/dist/types/index.js

@@ -1,4 +1,3 @@
-"use strict";
 // @mosta/auth — Types
 // Author: Dr Hamid MADANI drmdh@msn.com
-Object.defineProperty(exports, "__esModule", { value: true });
+export {};

package/package.json

@@ -1,35 +1,67 @@
 {
   "name": "@mostajs/auth",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Reusable authentication and RBAC module — NextAuth + Users + Roles + Permissions",
   "author": "Dr Hamid MADANI <drmdh@msn.com>",
   "license": "MIT",
+  "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
-      "require": "./dist/index.js",
       "default": "./dist/index.js"
     },
     "./components/SessionProvider": {
       "types": "./dist/components/SessionProvider.d.ts",
       "import": "./dist/components/SessionProvider.js",
-      "require": "./dist/components/SessionProvider.js",
       "default": "./dist/components/SessionProvider.js"
     },
     "./components/PermissionGuard": {
       "types": "./dist/components/PermissionGuard.d.ts",
       "import": "./dist/components/PermissionGuard.js",
-      "require": "./dist/components/PermissionGuard.js",
       "default": "./dist/components/PermissionGuard.js"
     },
     "./hooks/usePermissions": {
       "types": "./dist/hooks/usePermissions.d.ts",
       "import": "./dist/hooks/usePermissions.js",
-      "require": "./dist/hooks/usePermissions.js",
       "default": "./dist/hooks/usePermissions.js"
+    },
+    "./lib/auth": {
+      "types": "./dist/lib/auth.d.ts",
+      "import": "./dist/lib/auth.js",
+      "default": "./dist/lib/auth.js"
+    },
+    "./lib/auth-check": {
+      "types": "./dist/lib/auth-check.d.ts",
+      "import": "./dist/lib/auth-check.js",
+      "default": "./dist/lib/auth-check.js"
+    },
+    "./lib/permissions": {
+      "types": "./dist/lib/permissions.d.ts",
+      "import": "./dist/lib/permissions.js",
+      "default": "./dist/lib/permissions.js"
+    },
+    "./lib/permissions-server": {
+      "types": "./dist/lib/permissions-server.d.ts",
+      "import": "./dist/lib/permissions-server.js",
+      "default": "./dist/lib/permissions-server.js"
+    },
+    "./lib/password": {
+      "types": "./dist/lib/password.d.ts",
+      "import": "./dist/lib/password.js",
+      "default": "./dist/lib/password.js"
+    },
+    "./lib/rbac-seed": {
+      "types": "./dist/lib/rbac-seed.d.ts",
+      "import": "./dist/lib/rbac-seed.js",
+      "default": "./dist/lib/rbac-seed.js"
+    },
+    "./middleware/auth-middleware": {
+      "types": "./dist/middleware/auth-middleware.d.ts",
+      "import": "./dist/middleware/auth-middleware.js",
+      "default": "./dist/middleware/auth-middleware.js"
     }
   },
   "files": [
@@ -61,11 +93,11 @@
   },
   "dependencies": {
     "@mostajs/orm": "^1.0.0",
-    "bcryptjs": "^2.4.3",
-    "next-auth": "5.0.0-beta.25"
+    "bcryptjs": "^2.4.3"
   },
   "peerDependencies": {
     "next": ">=14",
+    "next-auth": ">=5.0.0-beta.25",
     "react": ">=18"
   },
   "devDependencies": {